/**********************************************************************
* once generated the loop body, verify whether some statement caused
* the analyzer to fail during the 2nd iteration of the loop body (in
* most case, a null/dead pointer dereference would do it), if so, delete
* the statement in which analyzer fails and all subsequent statemets
*
* also performs effect analysis
*********************************************************************/
void
Block::post_creation_analysis(CGContext& cg_context, const Effect& pre_effect)
{
int index;
FactMgr* fm = get_fact_mgr(&cg_context);
fm->map_visited[this] = true;
// compute accumulated effect
set_accumulated_effect(cg_context);
//fm->print_facts(fm->global_facts);
vector<const Fact*> post_facts = fm->global_facts;
FactMgr::update_facts_for_oos_vars(local_vars, fm->global_facts);
fm->remove_rv_facts(fm->global_facts);
fm->set_fact_out(this, fm->global_facts);
// find out if fixed-point-searching is required
bool is_loop_body = !must_break_or_return() && looping;
bool self_back_edge = false;
if (is_loop_body || need_revisit || has_edge_in(false, true)) {
if (is_loop_body && from_tail_to_head()) {
self_back_edge = true;
fm->create_cfg_edge(this, this, false, true);
}
vector<const Fact*> facts_copy = fm->map_facts_in[this];
// reset the accumulative effect
cg_context.reset_effect_accum(pre_effect);
while (!find_fixed_point(facts_copy, post_facts, cg_context, index, need_revisit)) {
size_t i, len;
len = stms.size();
for (i=index; i<len; i++) {
remove_stmt(stms[i]);
i = index-1;
len = stms.size();
}
// if we delete some statements, next visit must go through statements (no shortcut)
need_revisit = true;
// clean up in/out map from previous analysis that might include facts caused by deleted statements
fm->reset_stm_fact_maps(this);
// sometimes a loop would emerge after we delete the "return" statement in body
if (!self_back_edge && from_tail_to_head()) {
self_back_edge = true;
fm->create_cfg_edge(this, this, false, true);
}
// reset incoming effects
cg_context.reset_effect_accum(pre_effect);
}
fm->global_facts = fm->map_facts_out[this];
}
// make sure we add back return statement for blocks that require it and had such statement deleted
// only do this for top-level block of a function which requires a return statement
if (parent == 0 && func->need_return_stmt() && !must_return()) {
fm->global_facts = post_facts;
Statement* sr = append_return_stmt(cg_context);
fm->set_fact_out(this, fm->map_facts_out[sr]);
}
}
/***************************************************************************************
* for a given input env, abstract a given statement, generate an output env, and
* update both input/output env for this statement
*
* shortcut: if this input env matches previous input env, use previous output env directly
***************************************************************************************/
bool
Statement::validate_and_update_facts(vector<const Fact*>& inputs, CGContext& cg_context) const
{
FactMgr* fm = get_fact_mgr_for_func(func);
int shortcut = shortcut_analysis(inputs, cg_context);
if (shortcut==0) {
/* mark the goto statements inside this statement as visited
this is to fix scenario like the following:
lbl: s1
for (...) {
goto lbl;
}
where the "for" statement is bypassed, but the output from "goto lbl"
must be feed into s1 in order to achieve a fixed point */
for (size_t i=0; i<fm->cfg_edges.size(); i++) {
const Statement* s = fm->cfg_edges[i]->src;
if (s->eType == eGoto && contains_stmt(s)) {
fm->map_visited[s] = true;
}
}
return true;
}
if (shortcut==1) return false;
vector<const Fact*> inputs_copy = inputs;
if (!stm_visit_facts(inputs, cg_context)) {
return false;
}
fm->set_fact_in(this, inputs_copy);
fm->set_fact_out(this, inputs);
return true;
}
/****************************************************************************
* Entry point to pointer analysis and other DFA analysis for newly
* created statement. remember some analysis has already been done during the
* statement generation, some analysis work is only possible with a complete
* statement, we do it here
****************************************************************************/
void
Statement::post_creation_analysis(vector<const Fact*>& pre_facts, const Effect& pre_effect, CGContext& cg_context) const
{
FactMgr* fm = get_fact_mgr_for_func(func);
if (eType == eIfElse) {
((const StatementIf*)this)->combine_branch_facts(pre_facts);
} else {
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
}
// save the effect for this statement if this is a simple statement
// for compound statements, it's effect is saved in make_random
if (!is_compound(eType)) {
fm->map_stm_effect[this] = cg_context.get_effect_stm();
}
bool special_handled = false;
// special handling for non-looping statements in func_1, which we never re-visit to
// save run-time
if (cg_context.get_current_func()->name == "func_1" && !(cg_context.flags & IN_LOOP) ) {
if (has_uncertain_call_recursive()) {
FactVec outputs = pre_facts;
cg_context.reset_effect_accum(pre_effect);
//if (stm_id == 573)
/*if (this->eType == eAssign) {
((const StatementAssign*)this)->get_rhs()->indented_output(cout, 0);
}
cout << endl;
Output(cout, fm);*/
//}
if (!validate_and_update_facts(outputs, cg_context)) {
assert(0);
}
fm->global_facts = outputs;
special_handled = true;
}
}
if (!special_handled) {
// for if...else..., we don't want to walk through the true branch and false branch again
// compute the output with consideration of return statement(s) in both branches
if (eType == eAssign) {
const StatementAssign* sa = (const StatementAssign*)this;
// abstract fact for assignment itself. No analysis on function calls
// on RHS since they are already handled during statement generation
FactMgr::update_fact_for_assign(sa, fm->global_facts);
}
else if (eType == eReturn) {
const StatementReturn* sr = (const StatementReturn*)this;
FactMgr::update_fact_for_return(sr, fm->global_facts);
}
}
fm->remove_rv_facts(fm->global_facts);
fm->set_fact_in(this, pre_facts);
fm->set_fact_out(this, fm->global_facts);
fm->map_accum_effect[this] = *(cg_context.get_effect_accum());
fm->map_visited[this] = true;
}
/**************************************************************************************************
* DFA analysis for a block:
*
* we must considers all kinds of blocks: block for for-loops; block for if-true and if-false; block for
* function body; block that loops; block has jump destination insdie; block being a jump destination itself
* (in the case of "continue" in for-loops). All of them must be taken care in this function.
*
* params:
* inputs: the inputs env before entering block
* cg_context: code generation context
* fail_index: records which statement in this block caused analyzer to fail
* visit_one: when is true, the statements in this block must be visited at least once
****************************************************************************************************/
bool
Block::find_fixed_point(vector<const Fact*> inputs, vector<const Fact*>& post_facts, CGContext& cg_context, int& fail_index, bool visit_once) const
{
FactMgr* fm = get_fact_mgr(&cg_context);
// include outputs from all back edges leading to this block
size_t i;
static int g = 0;
vector<const CFGEdge*> edges;
int cnt = 0;
do {
// if we have never visited the block, force the visitor to go through all statements at least once
if (fm->map_visited[this]) {
if (cnt++ > 7) {
// takes too many iterations to reach a fixed point, must be something wrong
assert(0);
}
find_edges_in(edges, false, true);
for (i=0; i<edges.size(); i++) {
const Statement* src = edges[i]->src;
//assert(fm->map_visited[src]);
merge_facts(inputs, fm->map_facts_out[src]);
}
}
if (!visit_once) {
int shortcut = shortcut_analysis(inputs, cg_context);
if (shortcut == 0) return true;
}
//if (shortcut == 1) return false;
FactVec outputs = inputs;
// add facts for locals
for (i=0; i<local_vars.size(); i++) {
const Variable* v = local_vars[i];
FactMgr::add_new_var_fact(v, outputs);
}
// revisit statements with new inputs
for (i=0; i<stms.size(); i++) {
int h = g++;
if (h == 2585)
BREAK_NOP; // for debugging
if (!stms[i]->analyze_with_edges_in(outputs, cg_context)) {
fail_index = i;
return false;
}
}
fm->set_fact_in(this, inputs);
post_facts = outputs;
FactMgr::update_facts_for_oos_vars(local_vars, outputs);
fm->set_fact_out(this, outputs);
fm->map_visited[this] = true;
// compute accumulated effect
set_accumulated_effect(cg_context);
visit_once = false;
} while (true);
return true;
}
void
FactMgr::update_fact_for_return(const StatementReturn* sr, FactVec& inputs)
{
size_t i, j;
for (i=0; i<FactMgr::meta_facts.size(); i++) {
std::vector<const Fact*> facts = FactMgr::meta_facts[i]->abstract_fact_for_return(inputs, sr->get_var(), sr->func);
for (j=0; j<facts.size(); j++) {
// merge with other return statements
if (merge_fact(inputs, facts[j])) {
sr->func->fact_changed = true;
}
}
}
// incorporate current facts into return facts
FactMgr* fm = get_fact_mgr_for_func(sr->func);
fm->set_fact_out(sr, inputs);
}
Statement*
Block::append_return_stmt(CGContext& cg_context)
{
FactMgr* fm = get_fact_mgr_for_func(func);
FactVec pre_facts = fm->global_facts;
cg_context.get_effect_stm().clear();
Statement* sr = Statement::make_random(cg_context, eReturn);
ERROR_GUARD(NULL);
stms.push_back(sr);
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
assert(sr->visit_facts(fm->global_facts, cg_context));
fm->set_fact_in(sr, pre_facts);
fm->set_fact_out(sr, fm->global_facts);
fm->map_accum_effect[sr] = *(cg_context.get_effect_accum());
fm->map_visited[sr] = true;
//sr->post_creation_analysis(pre_facts, cg_context);
fm->map_accum_effect[this] = *(cg_context.get_effect_accum());
fm->map_stm_effect[this].add_effect(fm->map_stm_effect[sr]);
return sr;
}
Statement*
Block::append_nested_loop(CGContext& cg_context)
{
FactMgr* fm = get_fact_mgr_for_func(func);
FactVec pre_facts = fm->global_facts;
cg_context.get_effect_stm().clear();
Statement* sf = HYPOTHESIS_DRAW(Statement, cg_context, eFor);
ERROR_GUARD(NULL);
stms.push_back(sf);
fm->makeup_new_var_facts(pre_facts, fm->global_facts);
//assert(sf->visit_facts(fm->global_facts, cg_context));
fm->set_fact_in(sf, pre_facts);
fm->set_fact_out(sf, fm->global_facts);
fm->map_accum_effect[sf] = *(cg_context.get_effect_accum());
fm->map_visited[sf] = true;
//sf->post_creation_analysis(pre_facts, cg_context);
fm->map_accum_effect[this] = *(cg_context.get_effect_accum());
fm->map_stm_effect[this].add_effect(fm->map_stm_effect[sf]);
return sf;
}
