void
StatementIf::combine_branch_facts(vector<const Fact*>& pre_facts) const
{
FactMgr* fm = get_fact_mgr_for_func(func);
FactVec& outputs = fm->global_facts;
fm->makeup_new_var_facts(pre_facts, fm->map_facts_out[&if_true]);
fm->makeup_new_var_facts(pre_facts, fm->map_facts_out[&if_false]);
bool true_must_return = if_true.must_return();
bool false_must_return = if_false.must_return();
// take return statement into consideration to achieve better precision
if (true_must_return && false_must_return) {
outputs = pre_facts;
}
else if (true_must_return) {
// since false branch is created after true branch, it's output should
// have all the variables created in true branch already
outputs = fm->map_facts_out[&if_false];
}
else if (false_must_return) {
outputs = fm->map_facts_out[&if_true];
// if skip the outcome from false branch, don't forget facts of those variables
// created in false branch
fm->makeup_new_var_facts(outputs, fm->map_facts_in[&if_false]);
}
else {
outputs = fm->map_facts_out[&if_true];
merge_facts(outputs, fm->map_facts_out[&if_false]);
}
}
/****************************************************************************
* Entry point to pointer analysis and other DFA analysis for newly
* created statement. remember some analysis has already been done during the
* statement generation, some analysis work is only possible with a complete
* statement, we do it here
****************************************************************************/
void
Statement::post_creation_analysis(vector<const Fact*>& pre_facts, const Effect& pre_effect, CGContext& cg_context) const
{
FactMgr* fm = get_fact_mgr_for_func(func);
if (eType == eIfElse) {
((const StatementIf*)this)->combine_branch_facts(pre_facts);
} else {
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
}
// save the effect for this statement if this is a simple statement
// for compound statements, it's effect is saved in make_random
if (!is_compound(eType)) {
fm->map_stm_effect[this] = cg_context.get_effect_stm();
}
bool special_handled = false;
// special handling for non-looping statements in func_1, which we never re-visit to
// save run-time
if (cg_context.get_current_func()->name == "func_1" && !(cg_context.flags & IN_LOOP) ) {
if (has_uncertain_call_recursive()) {
FactVec outputs = pre_facts;
cg_context.reset_effect_accum(pre_effect);
//if (stm_id == 573)
/*if (this->eType == eAssign) {
((const StatementAssign*)this)->get_rhs()->indented_output(cout, 0);
}
cout << endl;
Output(cout, fm);*/
//}
if (!validate_and_update_facts(outputs, cg_context)) {
assert(0);
}
fm->global_facts = outputs;
special_handled = true;
}
}
if (!special_handled) {
// for if...else..., we don't want to walk through the true branch and false branch again
// compute the output with consideration of return statement(s) in both branches
if (eType == eAssign) {
const StatementAssign* sa = (const StatementAssign*)this;
// abstract fact for assignment itself. No analysis on function calls
// on RHS since they are already handled during statement generation
FactMgr::update_fact_for_assign(sa, fm->global_facts);
}
else if (eType == eReturn) {
const StatementReturn* sr = (const StatementReturn*)this;
FactMgr::update_fact_for_return(sr, fm->global_facts);
}
}
fm->remove_rv_facts(fm->global_facts);
fm->set_fact_in(this, pre_facts);
fm->set_fact_out(this, fm->global_facts);
fm->map_accum_effect[this] = *(cg_context.get_effect_accum());
fm->map_visited[this] = true;
}
StatementIf *
StatementIf::make_random(CGContext &cg_context)
{
DEPTH_GUARD_BY_TYPE_RETURN(dtStatementIf, NULL);
FactMgr* fm = get_fact_mgr(&cg_context);
FactVec pre_facts;
Effect pre_effect;
// func_1 hacking, save the env in case we need to re-analyze
if (cg_context.get_current_func()->name == "func_1" && !(cg_context.flags & IN_LOOP)) {
pre_effect = cg_context.get_accum_effect();
pre_facts = fm->global_facts;
}
cg_context.get_effect_stm().clear();
Expression *expr = Expression::make_random(cg_context, get_int_type(), NULL, false, !CGOptions::const_as_condition());
ERROR_GUARD(NULL);
// func_1 hacking, re-analyze for multiple function calls
if (cg_context.get_current_func()->name == "func_1" && !(cg_context.flags & IN_LOOP)) {
if (expr->has_uncertain_call_recursive()) {
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
cg_context.reset_effect_accum(pre_effect);
cg_context.curr_blk = cg_context.get_current_block();
bool ok = expr->visit_facts(pre_facts, cg_context);
if (!ok) {
// print_facts(pre_facts);
// expr->indented_output(cout, 0);
}
assert(ok);
fm->global_facts = pre_facts;
}
}
Effect eff = cg_context.get_effect_stm();
// this will save global_facts to map_facts_in[if_true], and update
// facts for new variables created while generating if_true
Block *if_true = Block::make_random(cg_context);
ERROR_GUARD_AND_DEL1(NULL, expr);
// generate false branch with the same env as true branch
fm->global_facts = fm->map_facts_in[if_true];
Block *if_false = Block::make_random(cg_context);
ERROR_GUARD_AND_DEL2(NULL, expr, if_true);
StatementIf* si = new StatementIf(cg_context.get_current_block(), *expr, *if_true, *if_false);
// compute accumulated effect for this statement
si->set_accumulated_effect_after_block(eff, if_true, cg_context);
si->set_accumulated_effect_after_block(eff, if_false, cg_context);
return si;
}
Statement*
Block::append_return_stmt(CGContext& cg_context)
{
FactMgr* fm = get_fact_mgr_for_func(func);
FactVec pre_facts = fm->global_facts;
cg_context.get_effect_stm().clear();
Statement* sr = Statement::make_random(cg_context, eReturn);
ERROR_GUARD(NULL);
stms.push_back(sr);
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
assert(sr->visit_facts(fm->global_facts, cg_context));
fm->set_fact_in(sr, pre_facts);
fm->set_fact_out(sr, fm->global_facts);
fm->map_accum_effect[sr] = *(cg_context.get_effect_accum());
fm->map_visited[sr] = true;
//sr->post_creation_analysis(pre_facts, cg_context);
fm->map_accum_effect[this] = *(cg_context.get_effect_accum());
fm->map_stm_effect[this].add_effect(fm->map_stm_effect[sr]);
return sr;
}
Statement*
Block::append_nested_loop(CGContext& cg_context)
{
FactMgr* fm = get_fact_mgr_for_func(func);
FactVec pre_facts = fm->global_facts;
cg_context.get_effect_stm().clear();
Statement* sf = HYPOTHESIS_DRAW(Statement, cg_context, eFor);
ERROR_GUARD(NULL);
stms.push_back(sf);
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
//assert(sf->visit_facts(fm->global_facts, cg_context));
fm->set_fact_in(sf, pre_facts);
fm->set_fact_out(sf, fm->global_facts);
fm->map_accum_effect[sf] = *(cg_context.get_effect_accum());
fm->map_visited[sf] = true;
//sf->post_creation_analysis(pre_facts, cg_context);
fm->map_accum_effect[this] = *(cg_context.get_effect_accum());
fm->map_stm_effect[this].add_effect(fm->map_stm_effect[sf]);
return sf;
}
FunctionInvocation *
FunctionInvocation::make_random_binary(CGContext &cg_context, const Type* type)
{
DEPTH_GUARD_BY_TYPE_RETURN(dtFunctionInvocationRandomBinary, NULL);
if (rnd_flipcoin(10) && Type::has_pointer_type() && type->eType != eVector) {
ERROR_GUARD(NULL);
return make_random_binary_ptr_comparison(cg_context);
}
eBinaryOps op = (eBinaryOps)(rnd_upto(MAX_BINARY_OP, BINARY_OPS_PROB_FILTER));
ERROR_GUARD(NULL);
assert(type);
SafeOpFlags *flags = SafeOpFlags::make_random(sOpBinary, op);
assert(flags);
ERROR_GUARD(NULL);
// Special stuff for vectors.
if (type->eType == eVector) {
// Only signed type can use logicals. Also no div or mod.
// TODO: Instead of changing the op, flip the sign of the type.
if (!type->is_signed() && (
op==eCmpGt || op==eCmpLt || op==eCmpGe || op==eCmpLe ||
op==eCmpEq || op==eCmpNe || op==eAnd || op==eOr ||
op==eDiv || op==eMod)) {
op = eAdd;
}
// Only unsigned can use unsafe ops.
if (type->is_signed() && (
op==eAdd || op==eSub || op==eMul || op==eDiv ||
op==eMod || op==eRShift || op==eLShift)) {
op = eAnd;
}
delete flags;
flags = SafeOpFlags::make_dummy_flags();
}
FunctionInvocationBinary *fi = FunctionInvocationBinary::CreateFunctionInvocationBinary(cg_context, op, flags);
Effect lhs_eff_accum;
CGContext lhs_cg_context(cg_context, cg_context.get_effect_context(), &lhs_eff_accum);
// Generate an expression with the correct type required by safe math operands
const Type* lhs_type = flags->get_lhs_type();
const Type* rhs_type = flags->get_rhs_type();
// More special stuff for vectors.
if (type->eType == eVector) {
lhs_type = type;
rhs_type = type;
}
assert(lhs_type && rhs_type);
Expression *lhs = Expression::make_random(lhs_cg_context, lhs_type);
ERROR_GUARD_AND_DEL1(NULL, fi);
Expression *rhs = 0;
cg_context.merge_param_context(lhs_cg_context, true);
FactMgr* fm = get_fact_mgr(&cg_context);
vector<const Fact*> facts_copy = fm->global_facts;
#if 0
if (lhs->term_type == eVariable) {
lhs_eff_accum.read_deref_volatile((ExpressionVariable*)lhs);
}
#endif
// If we are guaranteed that the LHS will be evaluated before the RHS,
// or if the LHS is pure (not merely side-effect-free),
// then we can generate the RHS under the original effect context.
if (IsOrderedStandardFunc(op)) { // || lhs_eff_accum.is_pure()) { TODO: need more thoughts on the purity issue.
rhs = Expression::make_random(cg_context, rhs_type);
}
else {
// Otherwise, the RHS must be generated under the combined effect
// of the original effect and the LHS effect.
Effect rhs_eff_context(cg_context.get_effect_context());
rhs_eff_context.add_effect(lhs_eff_accum, true);
Effect rhs_eff_accum;
CGContext rhs_cg_context(cg_context, rhs_eff_context, &rhs_eff_accum);
if (op == eLShift || op == eRShift) {
eTermType tt = MAX_TERM_TYPES;
bool not_constant = rnd_flipcoin(ShiftByNonConstantProb);
// avoid shifting negative or too much
if (!not_constant) {
rhs = lhs_type->eType == eVector ?
dynamic_cast<Expression*>(CLSmith::ExpressionVector::make_constant(rhs_type, lhs_type->SizeInBytes() * 8)) :
dynamic_cast<Expression*>(Constant::make_random_upto(lhs_type->SizeInBytes() * 8));
} else {
rhs = Expression::make_random(rhs_cg_context, rhs_type, NULL, false, true, tt);
}
}
else {
rhs = Expression::make_random(rhs_cg_context, rhs_type);
// avoid divide by zero or possible zero (reached by pointer comparison)
if ((op == eMod || op == eDiv) && (rhs->equals(0) || rhs->is_0_or_1())) {
VectorFilter f;
f.add(eMod).add(eDiv).add(eLShift).add(eRShift);
op = (eBinaryOps)(rnd_upto(MAX_BINARY_OP, &f));
fi->set_operation(op);
}
}
cg_context.merge_param_context(rhs_cg_context, true);
}
ERROR_GUARD_AND_DEL2(NULL, fi, lhs);
if (CompatibleChecker::compatible_check(lhs, rhs)) {
Error::set_error(COMPATIBLE_CHECK_ERROR);
delete lhs;
delete rhs;
delete fi;
return NULL;
}
// ordered operators such as "||" or "&&" may skip the 2nd parameter
if (IsOrderedStandardFunc(op)) {
fm->makeup_new_var_facts(facts_copy, fm->global_facts);
merge_facts(fm->global_facts, facts_copy);
}
// TODO: fix `rhs' for eLShift and eRShift and ...
// Currently, the "fix" is handled in `FunctionInvocationBinary::Output'.
fi->param_value.push_back(lhs);
fi->param_value.push_back(rhs);
return fi;
}
