// fill in the body of loophead. points in the body are those which
// are reachable from loophead over non-backedges, and which themselves
// reach a backedge for loophead. note that in the case of loop nesting,
// a point may be contained in the body of multiple loops.
// if any irreducible edges are found (edges incoming to a body point
// other than loophead whose source is not in the body), those edges
// are added to irreducible_edges
void GetLoopBody(BlockCFG *cfg, PPoint loophead,
Vector<PEdge*> *irreducible_edges)
{
Vector<PPoint> *body_list = body_list_table->Lookup(loophead, true);
Assert(body_list->Empty());
// worklist items are points which reach a loop backedge but whose
// incoming edges have not yet been examined.
Vector<PPoint> worklist;
const Vector<PEdge*> &head_incoming = cfg->GetIncomingEdges(loophead);
for (size_t iind = 0; iind < head_incoming.Size(); iind++) {
PEdge *edge = head_incoming[iind];
PPoint source = edge->GetSource();
if (backedge_table->Lookup(edge)) {
Assert(reach_table->Lookup(PPointPair(loophead, source)));
if (!body_table->Insert(PPointPair(loophead, source))) {
body_list->PushBack(source);
worklist.PushBack(source);
}
}
}
// this should only be called on loops that have actual backedges
Assert(!worklist.Empty());
while (!worklist.Empty()) {
PPoint back = worklist.Back();
worklist.PopBack();
if (back == loophead)
continue;
const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(back);
for (size_t iind = 0; iind < incoming.Size(); iind++) {
PEdge *edge = incoming[iind];
PPoint source = edge->GetSource();
if (reach_table->Lookup(PPointPair(loophead, source))) {
if (!body_table->Insert(PPointPair(loophead, source))) {
body_list->PushBack(source);
worklist.PushBack(source);
}
}
else if (entry_reach_table->Lookup(source)) {
// the source is not reachable from the loophead.
// this is an irreducible edge.
irreducible_edges->PushBack(edge);
}
}
}
}
void BlockSummary::GetAssumedBits(BlockMemory *mcfg, PPoint end_point,
Vector<AssumeInfo> *assume_list)
{
BlockId *id = mcfg->GetId();
BlockCFG *cfg = mcfg->GetCFG();
BlockSummary *sum = GetBlockSummary(id);
const Vector<Bit*> *assumes = sum->GetAssumes();
size_t assume_count = VectorSize<Bit*>(assumes);
// pull in assumptions from the summary for mcfg. in some cases these
// assumptions won't be useful, e.g. describing the state at exit
// for functions. for now we're just adding all of them though. TODO: fix.
for (size_t ind = 0; ind < assume_count; ind++) {
Bit *bit = assumes->At(ind);
bit->IncRef(assume_list);
AssumeInfo info;
info.bit = bit;
assume_list->PushBack(info);
}
sum->DecRef();
Vector<BlockCFG*> *annot_list = BodyAnnotCache.Lookup(id->Function());
// add assumes at function entry for any preconditions.
if (id->Kind() == B_Function) {
for (size_t ind = 0; annot_list && ind < annot_list->Size(); ind++) {
BlockCFG *annot_cfg = annot_list->At(ind);
if (annot_cfg->GetAnnotationKind() != AK_Precondition &&
annot_cfg->GetAnnotationKind() != AK_PreconditionAssume)
continue;
Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg);
if (!bit) continue;
annot_cfg->IncRef(assume_list);
bit->IncRef(assume_list);
AssumeInfo info;
info.annot = annot_cfg;
info.bit = bit;
assume_list->PushBack(info);
}
}
// add assumptions from points within the block.
for (size_t pind = 0; pind < cfg->GetPointAnnotationCount(); pind++) {
PointAnnotation pann = cfg->GetPointAnnotation(pind);
if (end_point && pann.point >= end_point)
continue;
BlockCFG *annot_cfg = GetAnnotationCFG(pann.annot);
if (!annot_cfg) continue;
Assert(annot_cfg->GetAnnotationKind() != AK_AssertRuntime);
if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) {
// get the annotation bit in terms of block entry.
Bit *point_bit = NULL;
mcfg->TranslateBit(TRK_Point, pann.point, bit, &point_bit);
point_bit->MoveRef(&point_bit, assume_list);
annot_cfg->IncRef(assume_list);
AssumeInfo info;
info.annot = annot_cfg;
info.point = pann.point;
info.bit = point_bit;
assume_list->PushBack(info);
}
annot_cfg->DecRef();
}
// add assumptions from annotation edges within the block, invariants
// on values accessed by the block, and from the summaries of any callees.
for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) {
PEdge *edge = cfg->GetEdge(eind);
PPoint point = edge->GetSource();
if (end_point && point >= end_point)
continue;
InvariantAssumeVisitor visitor(mcfg, point, assume_list);
edge->DoVisit(&visitor);
if (PEdgeAnnotation *nedge = edge->IfAnnotation()) {
// add an assumption for this annotation.
BlockCFG *annot_cfg = GetAnnotationCFG(nedge->GetAnnotationId());
if (!annot_cfg) continue;
Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg);
// don't incorporate AssertRuntimes, these are not assumed.
if (bit && annot_cfg->GetAnnotationKind() != AK_AssertRuntime) {
// get the annotation bit in terms of block entry.
Bit *point_bit = NULL;
mcfg->TranslateBit(TRK_Point, point, bit, &point_bit);
point_bit->MoveRef(&point_bit, assume_list);
annot_cfg->IncRef(assume_list);
AssumeInfo info;
info.annot = annot_cfg;
info.point = point;
info.bit = point_bit;
assume_list->PushBack(info);
}
annot_cfg->DecRef();
}
if (BlockId *callee = edge->GetDirectCallee()) {
GetCallAssumedBits(mcfg, edge, callee, false, assume_list);
callee->DecRef();
}
else if (edge->IsCall()) {
// add conditional assumes for the indirect targets of the call.
// this is most useful for baked information and annotations, where
// we sometimes need to attach information at indirect calls.
CallEdgeSet *callees = CalleeCache.Lookup(id->BaseVar());
size_t old_count = assume_list->Size();
if (callees) {
for (size_t cind = 0; cind < callees->GetEdgeCount(); cind++) {
const CallEdge &cedge = callees->GetEdge(cind);
if (cedge.where.id == id && cedge.where.point == point) {
cedge.callee->IncRef();
BlockId *callee = BlockId::Make(B_Function, cedge.callee);
GetCallAssumedBits(mcfg, edge, callee, true, assume_list);
callee->DecRef();
}
}
}
if (assume_list->Size() != old_count) {
// we managed to do something at this indirect call site.
// add another assumption restricting the possible callees to
// only those identified by our callgraph.
GuardExpVector receiver_list;
mcfg->TranslateReceiver(point, &receiver_list);
for (size_t rind = 0; rind < receiver_list.Size(); rind++) {
const GuardExp &gs = receiver_list[rind];
gs.guard->IncRef();
// make a bit: !when || rcv == callee0 || rcv == callee1 || ...
Bit *extra_bit = Bit::MakeNot(gs.guard);
for (size_t cind = 0; cind < callees->GetEdgeCount(); cind++) {
const CallEdge &cedge = callees->GetEdge(cind);
if (cedge.where.id == id && cedge.where.point == point) {
Variable *callee_var = cedge.callee;
callee_var->IncRef();
Exp *callee_exp = Exp::MakeVar(callee_var);
gs.exp->IncRef();
Bit *equal = Exp::MakeCompareBit(B_Equal, callee_exp, gs.exp);
extra_bit = Bit::MakeOr(extra_bit, equal);
}
}
extra_bit->MoveRef(NULL, assume_list);
AssumeInfo info;
info.bit = extra_bit;
assume_list->PushBack(info);
}
}
CalleeCache.Release(id->BaseVar());
}
}
BodyAnnotCache.Release(id->Function());
// add assumptions from heap invariants describing values mentioned
// in added assumptions. we could keep doing this transitively but don't,
// to ensure termination.
size_t count = assume_list->Size();
for (size_t ind = 0; ind < count; ind++) {
InvariantAssumeVisitor visitor(NULL, 0, assume_list);
assume_list->At(ind).bit->DoVisit(&visitor);
}
CombineAssumeList(assume_list);
}
void TopoSortCFG(BlockCFG *cfg)
{
// can't topo sort a CFG that might have loops.
Assert(cfg->GetLoopHeadCount() == 0);
// map from old CFG points to the new points in the topo order. we can only
// add a new point once we've added all its predecessors.
PPointListHash remapping;
// points in the remappping, in the order to add them to the CFG.
Vector<Location*> new_points;
// map from new points back to original CFG points.
Vector<PPoint> old_points;
// worklist items are the points where the sources of incoming edges have
// already been added to the remapping, the point itself has not.
Vector<PPoint> worklist;
PPoint entry_point = cfg->GetEntryPoint();
PPoint exit_point = cfg->GetExitPoint();
// seed the worklist.
worklist.PushBack(entry_point);
while (!worklist.Empty()) {
// pick the point from the worklist with the minimum line number.
// if there is code like:
// if (x)
// a;
// else
// b;
// we could add either a or b to the remapping first, but we want to add
// a first. the ordering of points is used for naming loops, and we want
// this ordering to be deterministic and map back to the code predictably.
size_t best_index = 0;
size_t best_line = cfg->GetPointLocation(worklist[0])->Line();
for (size_t ind = 1; ind < worklist.Size(); ind++) {
size_t new_line = cfg->GetPointLocation(worklist[ind])->Line();
if (new_line < best_line) {
best_index = ind;
best_line = new_line;
}
}
PPoint point = worklist[best_index];
worklist[best_index] = worklist.Back();
worklist.PopBack();
Assert(!remapping.Lookup(point, false));
Location *loc = cfg->GetPointLocation(point);
loc->IncRef();
new_points.PushBack(loc);
old_points.PushBack(point);
remapping.Insert(point, new_points.Size());
const Vector<PEdge*> &outgoing = cfg->GetOutgoingEdges(point);
for (size_t oind = 0; oind < outgoing.Size(); oind++) {
PEdge *edge = outgoing[oind];
PPoint target = edge->GetTarget();
// this can happen if there are multiple edges from the worklist point
// to the target, e.g. 'if (x) {}'. not going to happen much.
if (worklist.Contains(target))
continue;
Assert(!remapping.Lookup(target, false));
// we can add the target to the worklist if it has no incoming edges
// from points not in the remapping.
bool missing_incoming = false;
const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(target);
for (size_t iind = 0; iind < incoming.Size(); iind++) {
PEdge *edge = incoming[iind];
PPoint source = edge->GetSource();
if (!remapping.Lookup(source, false)) {
missing_incoming = true;
break;
}
}
if (!missing_incoming)
worklist.PushBack(target);
}
}
// this assert will fail if either the CFG contains cycles, or if there are
// nodes unreachable from the start. neither of these cases should be
// possible here.
Assert(new_points.Size() == cfg->GetPointCount());
Assert(old_points.Size() == cfg->GetPointCount());
// remap all the edges. this is also done so that the edges will be
// in topological order according to their source points.
Vector<PEdge*> new_edges;
for (size_t pind = 0; pind < old_points.Size(); pind++) {
const Vector<PEdge*> &edges = cfg->GetOutgoingEdges(old_points[pind]);
for (size_t eind = 0; eind < edges.Size(); eind++) {
PEdge *edge = edges[eind];
PPoint new_source = remapping.LookupSingle(edge->GetSource());
PPoint new_target = remapping.LookupSingle(edge->GetTarget());
PEdge *new_edge = PEdge::ChangeEdge(edge, new_source, new_target);
new_edges.PushBack(new_edge);
}
}
// clear out the initial CFG.
cfg->ClearBody();
// add the new points, edges, annotations.
for (size_t pind = 0; pind < new_points.Size(); pind++)
cfg->AddPoint(new_points[pind]);
for (size_t eind = 0; eind < new_edges.Size(); eind++)
cfg->AddEdge(new_edges[eind]);
// set the new entry point. this had better be the first point in the order.
PPoint new_entry_point = remapping.LookupSingle(entry_point);
Assert(new_entry_point == 1);
cfg->SetEntryPoint(new_entry_point);
if (exit_point) {
// set the new exit point. this had better be the last point in the order.
PPoint new_exit_point = remapping.LookupSingle(exit_point);
Assert(new_exit_point == new_points.Size());
cfg->SetExitPoint(new_exit_point);
}
}
void TrimUnreachable(BlockCFG *cfg, bool flatten_skips)
{
// can't flatten skips if there might be loops in the CFG.
Assert(!flatten_skips || cfg->GetLoopHeadCount() == 0);
// receives the locations of the new points and edges of the CFG. we will
// fill these in, then replace wholesale the old points/edges on the CFG.
Vector<Location*> new_points;
Vector<PEdge*> new_edges;
Vector<LoopHead> new_loop_heads;
Vector<PPoint> worklist;
// get the set of points reachable from CFG entry.
// worklist items are points in entry_reachable whose outgoing edges
// have not been examined.
PPointHash entry_reachable;
PPoint entry = cfg->GetEntryPoint();
entry_reachable.Insert(entry);
worklist.PushBack(entry);
while (!worklist.Empty()) {
PPoint back = worklist.Back();
worklist.PopBack();
const Vector<PEdge*> &outgoing = cfg->GetOutgoingEdges(back);
for (size_t oind = 0; oind < outgoing.Size(); oind++) {
PEdge *edge = outgoing[oind];
PPoint next = edge->GetTarget();
if (!entry_reachable.Lookup(next)) {
entry_reachable.Insert(next);
worklist.PushBack(next);
}
}
}
// get the set of points which reach the CFG exit.
// worklist items are points in exit_reaches whose incoming edges
// have not been examined.
PPointHash exit_reaches;
PPoint exit = cfg->GetExitPoint();
exit_reaches.Insert(exit);
worklist.PushBack(exit);
while (!worklist.Empty()) {
PPoint back = worklist.Back();
worklist.PopBack();
const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(back);
for (size_t iind = 0; iind < incoming.Size(); iind++) {
PEdge *edge = incoming[iind];
PPoint prev = edge->GetSource();
if (!exit_reaches.Lookup(prev)) {
exit_reaches.Insert(prev);
worklist.PushBack(prev);
}
}
}
// make sure we include the entry regardless of whether the function
// has a path from entry to exit.
exit_reaches.Insert(entry);
if (flatten_skips)
exit_reaches.Insert(FollowSkipEdges(cfg, entry));
// map from old points to corresponding new points. only defined for
// points that are in both entry_reachable and exit_reaches,
// and that do not have outgoing skip edges (if flatten_skips is set).
PPointListHash remapping;
// map from some old p0 to another old p1 where p0 connects to p1 by
// skip edges and p1 has no outgoing skips. empty if flatten_skips is
// not set. only defined if remapping is defined for p1.
PPointListHash skip_remapping;
for (PPoint point = 1; point <= cfg->GetPointCount(); point++) {
if (entry_reachable.Lookup(point) && exit_reaches.Lookup(point)) {
// if this is just the source of some skip edges flatten them out.
// the target of the skips will be defined by remapping since
// there can be only one outgoing skip edge from a point and
// thus all paths from point pass through target_point; if point
// reaches the exit then so does target_point.
if (flatten_skips) {
PPoint target_point = FollowSkipEdges(cfg, point);
if (target_point != point) {
skip_remapping.Insert(point, target_point);
// don't add anything to remapping for point
continue;
}
}
Location *loc = cfg->GetPointLocation(point);
loc->IncRef();
new_points.PushBack(loc);
PPoint new_point = new_points.Size();
remapping.Insert(point, new_point);
}
}
for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) {
PEdge *edge = cfg->GetEdge(eind);
PPoint source = edge->GetSource();
PPoint target = edge->GetTarget();
if (skip_remapping.Lookup(source, false))
continue;
// flatten any skips after the target point
Vector<PPoint> *skip_target_list = skip_remapping.Lookup(target, false);
if (skip_target_list) {
Assert(skip_target_list->Size() == 1);
target = skip_target_list->At(0);
}
Vector<PPoint> *new_source_list = remapping.Lookup(source, false);
Vector<PPoint> *new_target_list = remapping.Lookup(target, false);
if (new_source_list && new_target_list) {
Assert(new_source_list->Size() == 1);
Assert(new_target_list->Size() == 1);
PPoint new_source = new_source_list->At(0);
PPoint new_target = new_target_list->At(0);
PEdge *new_edge = PEdge::ChangeEdge(edge, new_source, new_target);
new_edges.PushBack(new_edge);
}
}
for (size_t lind = 0; lind < cfg->GetLoopHeadCount(); lind++) {
const LoopHead &head = cfg->GetLoopHead(lind);
// don't check skip_remapping because we don't allow skip flattening
// when the CFG still has loops in it
Vector<PPoint> *new_point_list = remapping.Lookup(head.point, false);
if (new_point_list) {
Assert(new_point_list->Size() == 1);
LoopHead new_head(new_point_list->At(0), head.end_location);
if (head.end_location)
head.end_location->IncRef();
new_loop_heads.PushBack(new_head);
}
}
// clear out the initial CFG.
cfg->ClearBody();
// add the new points, edges, loop heads.
for (size_t pind = 0; pind < new_points.Size(); pind++)
cfg->AddPoint(new_points[pind]);
for (size_t eind = 0; eind < new_edges.Size(); eind++)
cfg->AddEdge(new_edges[eind]);
for (size_t lind = 0; lind < new_loop_heads.Size(); lind++)
cfg->AddLoopHead(new_loop_heads[lind].point,
new_loop_heads[lind].end_location);
// set the new entry and exit points of the CFG.
// the entry may be connected to skip edges
Vector<PPoint> *skip_entry_list = skip_remapping.Lookup(entry, false);
if (skip_entry_list) {
Assert(skip_entry_list->Size() == 1);
entry = skip_entry_list->At(0);
}
PPoint new_entry = remapping.LookupSingle(entry);
PPoint new_exit = 0;
Vector<PPoint> *new_exit_list = remapping.Lookup(exit, false);
if (new_exit_list) {
Assert(new_exit_list->Size() == 1);
new_exit = new_exit_list->At(0);
}
cfg->SetEntryPoint(new_entry);
cfg->SetExitPoint(new_exit);
}
// clone a loop body, mapping each point in the body of loophead
// to a new point in receive_cfg. receive_cfg will receive new points
// for the cloned body, and new edges for any non-backedge whose source
// and target are both in loophead's body. for other edges involving loophead,
// old_entry/exit/backedge_indexes will be filled in with indexes into
// the edges list of base_cfg. it may be that base_cfg == receive_cfg.
void CloneLoopBody(BlockCFG *base_cfg, PPoint loophead,
PPointListHash *remapping,
BlockCFG *receive_cfg,
Vector<size_t> *old_entry_indexes,
Vector<size_t> *old_exit_indexes,
Vector<size_t> *old_back_indexes)
{
Assert(remapping->IsEmpty());
Vector<PPoint> *body_list = body_list_table->Lookup(loophead, true);
Assert(!body_list->Empty());
// allow for base_cfg == receive_cfg, so keep track of how many points and
// edges were originally in base_cfg before modifying receive_cfg.
size_t init_points_size = base_cfg->GetPointCount();
size_t init_edges_size = base_cfg->GetEdgeCount();
// copy all points in the loop body to the new CFG.
for (size_t bind = 0; bind < body_list->Size(); bind++) {
PPoint body_point = body_list->At(bind);
Assert(remapping->Lookup(body_point, false) == NULL);
Assert(0 < body_point && body_point <= init_points_size);
Location *loc = base_cfg->GetPointLocation(body_point);
loc->IncRef();
PPoint new_point = receive_cfg->AddPoint(loc);
remapping->Insert(body_point, new_point);
}
// copy all edges between points in the body to the new CFG.
for (size_t eind = 0; eind < init_edges_size; eind++) {
PEdge *edge = base_cfg->GetEdge(eind);
PPoint source = edge->GetSource();
PPoint target = edge->GetTarget();
if (!entry_reach_table->Lookup(source))
continue;
PPoint new_source = 0;
if (body_table->Lookup(PPointPair(loophead, source)))
new_source = remapping->LookupSingle(source);
PPoint new_target = 0;
if (body_table->Lookup(PPointPair(loophead, target)))
new_target = remapping->LookupSingle(target);
if (!new_source && !new_target) {
// edge is not involved with this loop. leave it alone
}
else if (!new_source && new_target) {
// entry edge. leave it alone
old_entry_indexes->PushBack(eind);
}
else if (new_source && !new_target) {
// exit edge. leave it alone
old_exit_indexes->PushBack(eind);
}
else {
Assert(new_source && new_target);
if (target == loophead) {
// back edge. leave it alone
Assert(backedge_table->Lookup(edge));
old_back_indexes->PushBack(eind);
}
else {
// inner edge. clone the edge for the new source and target
PEdge *new_edge = PEdge::ChangeEdge(edge, new_source, new_target);
receive_cfg->AddEdge(new_edge);
}
}
}
}
// determine whether loophead is a reducible loop with backedges in cfg.
// fill in dominate_table with the points dominated by loophead,
// and add as backedges any edge going to loophead which is itself
// dominated by loophead. return true if any backedges were found.
bool GetLoopBackedges(BlockCFG *cfg, PPoint loophead)
{
// compute the nodes reachable from the entry point other than
// through start. the dominated points are the dual of this set.
// points reachable from the start according to the above criteria
PPointHash reachable;
// worklist items are points in reachable whose outgoing edges have
// not been examined
Vector<PPoint> worklist;
if (!entry_reach_table->Lookup(loophead))
return false;
PPoint entry = cfg->GetEntryPoint();
reachable.Insert(entry);
worklist.PushBack(entry);
while (!worklist.Empty()) {
PPoint back = worklist.Back();
worklist.PopBack();
const Vector<PEdge*>& outgoing = cfg->GetOutgoingEdges(back);
for (size_t oind = 0; oind < outgoing.Size(); oind++) {
PEdge *edge = outgoing[oind];
PPoint next = edge->GetTarget();
if (next == loophead)
continue;
// already did this target
if (reachable.Lookup(next))
continue;
reachable.Insert(next);
worklist.PushBack(next);
}
}
// compute the set of dominated points. this is the difference
// between the points reachable from the CFG entry, and the points
// in the reach table we just computed.
for (PPoint point = 1; point <= cfg->GetPointCount(); point++) {
if (!reachable.Lookup(point) && entry_reach_table->Lookup(point))
dominate_table->Insert(PPointPair(loophead, point));
}
// backedges on the loophead are incoming edges whose source is
// dominated by the loophead
bool found_backedge = false;
const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(loophead);
for (size_t eind = 0; eind < incoming.Size(); eind++) {
PEdge *edge = incoming[eind];
if (dominate_table->Lookup(PPointPair(loophead, edge->GetSource()))) {
backedge_table->Insert(edge);
found_backedge = true;
}
}
return found_backedge;
}
void InferSummaries(const Vector<BlockSummary*> &summary_list)
{
static BaseTimer infer_timer("infer_summaries");
Timer _timer(&infer_timer);
if (summary_list.Empty())
return;
Variable *function = summary_list[0]->GetId()->BaseVar();
Vector<BlockCFG*> *annot_list = BodyAnnotCache.Lookup(function->GetName());
// all traces which might refer to the result of pointer arithmetic.
Vector<Exp*> arithmetic_list;
ArithmeticEscape escape(function, arithmetic_list);
// initial pass over the CFGs to get traces used in pointer arithmetic.
for (size_t ind = 0; ind < summary_list.Size(); ind++) {
BlockSummary *sum = summary_list[ind];
BlockCFG *cfg = sum->GetMemory()->GetCFG();
for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) {
PEdge *edge = cfg->GetEdge(eind);
if (PEdgeAssign *assign_edge = edge->IfAssign()) {
Exp *left = assign_edge->GetLeftSide();
Exp *right = assign_edge->GetRightSide();
ProcessArithmeticAssign(&escape, cfg->GetId(), left, right);
}
}
}
for (size_t ind = 0; ind < summary_list.Size(); ind++) {
BlockSummary *sum = summary_list[ind];
BlockMemory *mcfg = sum->GetMemory();
BlockCFG *cfg = mcfg->GetCFG();
// accumulate all the assertions at points in the CFG.
Vector<AssertInfo> asserts;
// add assertions at function exit for any postconditions.
if (cfg->GetId()->Kind() == B_Function) {
for (size_t aind = 0; annot_list && aind < annot_list->Size(); aind++) {
BlockCFG *annot_cfg = annot_list->At(aind);
if (annot_cfg->GetAnnotationKind() != AK_Postcondition)
continue;
if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) {
AssertInfo info;
info.kind = ASK_Annotation;
info.cls = ASC_Check;
info.point = cfg->GetExitPoint();
info.bit = bit;
asserts.PushBack(info);
}
}
}
// add assertions for any point annotations within the CFG.
for (size_t pind = 0; pind < cfg->GetPointAnnotationCount(); pind++) {
PointAnnotation pann = cfg->GetPointAnnotation(pind);
BlockCFG *annot_cfg = GetAnnotationCFG(pann.annot);
if (!annot_cfg) continue;
if (annot_cfg->GetAnnotationKind() != AK_Assert)
continue;
if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) {
AssertInfo info;
info.kind = ASK_Annotation;
info.cls = ASC_Check;
info.point = pann.point;
info.bit = bit;
asserts.PushBack(info);
}
}
for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) {
PEdge *edge = cfg->GetEdge(eind);
PPoint point = edge->GetSource();
if (PEdgeAnnotation *nedge = edge->IfAnnotation()) {
// add an assertion for this annotation if it not an assume.
BlockCFG *annot_cfg = GetAnnotationCFG(nedge->GetAnnotationId());
if (!annot_cfg) continue;
if (annot_cfg->GetAnnotationKind() != AK_Assert &&
annot_cfg->GetAnnotationKind() != AK_AssertRuntime) {
continue;
}
if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) {
AssertInfo info;
info.kind = (annot_cfg->GetAnnotationKind() == AK_Assert)
? ASK_Annotation : ASK_AnnotationRuntime;
info.cls = ASC_Check;
info.point = point;
info.bit = bit;
asserts.PushBack(info);
}
}
// add assertions for any invariants affected by a write.
Exp *left = NULL;
if (PEdgeAssign *nedge = edge->IfAssign())
left = nedge->GetLeftSide();
if (PEdgeCall *nedge = edge->IfCall())
left = nedge->GetReturnValue();
// for now our detection of affected invariants is pretty crude;
// writes to fields can affect type invariants on the field's type
// which use that field, and writes to global variables can affect
// invariants on that global. TODO: pin this down once we draw a
// precise line between which invariants can and can't be checked.
if (left && left->IsFld()) {
ExpFld *nleft = left->AsFld();
String *csu_name = nleft->GetField()->GetCSUType()->GetCSUName();
Vector<BlockCFG*> *comp_annot_list = CompAnnotCache.Lookup(csu_name);
for (size_t aind = 0; comp_annot_list &&
aind < comp_annot_list->Size(); aind++) {
BlockCFG *annot_cfg = comp_annot_list->At(aind);
if (annot_cfg->GetAnnotationKind() != AK_Invariant)
continue;
Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg);
if (!bit) continue;
Vector<Exp*> lval_list;
LvalListVisitor visitor(&lval_list);
bit->DoVisit(&visitor);
bool uses_field = false;
for (size_t ind = 0; ind < lval_list.Size(); ind++) {
if (ExpFld *lval = lval_list[ind]->IfFld()) {
if (lval->GetField() == nleft->GetField())
uses_field = true;
}
}
if (uses_field) {
// this is a type invariant which uses the field being written
// as an lvalue. we need to assert this write preserves
// the invariant.
BlockId *id = annot_cfg->GetId();
Variable *this_var = Variable::Make(id, VK_This, NULL, 0, NULL);
Exp *this_exp = Exp::MakeVar(this_var);
Exp *this_drf = Exp::MakeDrf(this_exp);
Bit *new_bit = BitReplaceExp(bit, this_drf, nleft->GetTarget());
AssertInfo info;
info.kind = ASK_Invariant;
info.cls = ASC_Check;
info.point = point;
info.bit = new_bit;
asserts.PushBack(info);
}
}
CompAnnotCache.Release(csu_name);
}
if (left && left->IsVar()) {
Variable *var = left->AsVar()->GetVariable();
if (var->Kind() == VK_Glob) {
Vector<BlockCFG*> *glob_annot_list =
InitAnnotCache.Lookup(var->GetName());
for (size_t aind = 0; glob_annot_list &&
aind < glob_annot_list->Size(); aind++) {
BlockCFG *annot_cfg = glob_annot_list->At(aind);
Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg);
if (!bit) continue;
AssertInfo info;
info.kind = ASK_Invariant;
info.cls = ASC_Check;
info.point = point;
info.bit = bit;
asserts.PushBack(info);
}
InitAnnotCache.Release(var->GetName());
}
}
if (PEdgeCall *nedge = edge->IfCall()) {
// add assertions for any callee preconditions.
// pull preconditions from both direct and indirect calls.
Vector<Variable*> callee_names;
if (Variable *callee = nedge->GetDirectFunction()) {
callee_names.PushBack(callee);
}
else {
CallEdgeSet *callees = CalleeCache.Lookup(function);
if (callees) {
for (size_t cind = 0; cind < callees->GetEdgeCount(); cind++) {
const CallEdge &edge = callees->GetEdge(cind);
if (edge.where.id == cfg->GetId() && edge.where.point == point)
callee_names.PushBack(edge.callee);
}
}
// CalleeCache release is below.
}
for (size_t cind = 0; cind < callee_names.Size(); cind++) {
String *callee = callee_names[cind]->GetName();
Vector<BlockCFG*> *call_annot_list = BodyAnnotCache.Lookup(callee);
for (size_t aind = 0;
call_annot_list && aind < call_annot_list->Size(); aind++) {
BlockCFG *annot_cfg = call_annot_list->At(aind);
if (annot_cfg->GetAnnotationKind() != AK_Precondition)
continue;
if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) {
ConvertCallsiteMapper mapper(cfg, point, false);
Bit *caller_bit = bit->DoMap(&mapper);
if (!caller_bit)
continue;
AssertInfo info;
info.kind = ASK_Annotation;
info.cls = ASC_Check;
info.point = point;
info.bit = caller_bit;
asserts.PushBack(info);
}
}
BodyAnnotCache.Release(callee);
}
if (!nedge->GetDirectFunction())
CalleeCache.Release(function);
}
BufferScanVisitor write_visitor(asserts, arithmetic_list, point, true);
BufferScanVisitor read_visitor(asserts, arithmetic_list, point, false);
IntegerScanVisitor integer_visitor(asserts, point);
GCScanVisitor gcsafe_visitor(asserts, point);
// only look at the written lvalues for the write visitor.
if (PEdgeAssign *assign = edge->IfAssign())
write_visitor.Visit(assign->GetLeftSide());
if (PEdgeCall *call = edge->IfCall()) {
if (Exp *returned = call->GetReturnValue())
write_visitor.Visit(returned);
}
edge->DoVisit(&read_visitor);
// disable integer overflow visitor for now.
// edge->DoVisit(&integer_visitor);
edge->DoVisit(&gcsafe_visitor);
}
if (cfg->GetId()->Kind() == B_Function) {
BlockModset *modset = GetBlockModset(cfg->GetId());
if (modset->CanGC()) {
AssertInfo info;
info.kind = ASK_CanGC;
info.cls = ASC_Check;
info.point = cfg->GetExitPoint();
String *name = cfg->GetId()->BaseVar()->GetName();
Variable *var = Variable::Make(NULL, VK_Glob, name, 0, name);
Exp *varexp = Exp::MakeVar(var);
Exp *gcsafe = Exp::MakeGCSafe(varexp, false);
info.bit = Bit::MakeVar(gcsafe);
asserts.PushBack(info);
}
}
MarkRedundantAssertions(mcfg, asserts);
// move the finished assertion list into the summary.
for (size_t ind = 0; ind < asserts.Size(); ind++) {
const AssertInfo &info = asserts[ind];
sum->AddAssert(info.kind, info.cls, info.point, info.bit);
}
}
// infer delta and termination invariants for all summaries.
for (size_t ind = 0; ind < summary_list.Size(); ind++)
InferInvariants(summary_list[ind], arithmetic_list);
BodyAnnotCache.Release(function->GetName());
}
void BlockModset::ComputeModset(BlockMemory *mcfg, bool indirect)
{
static BaseTimer compute_timer("modset_compute");
Timer _timer(&compute_timer);
// get any indirect callees for this function, provided they have been
// computed and stored in the callee database (indirect is set).
CallEdgeSet *indirect_callees = NULL;
if (indirect)
indirect_callees = CalleeCache.Lookup(m_id->BaseVar());
BlockCFG *cfg = mcfg->GetCFG();
for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) {
PEdge *edge = cfg->GetEdge(eind);
PPoint point = edge->GetSource();
if (edge->IsAssign() || edge->IsCall()) {
// process direct assignments along this edge.
const Vector<GuardAssign>* assigns = mcfg->GetAssigns(point);
if (assigns) {
for (size_t aind = 0; aind < assigns->Size(); aind++) {
const GuardAssign &gasn = assigns->At(aind);
ProcessUpdatedLval(mcfg, gasn.left, NULL, true, false);
Exp *use_lval = NULL;
Exp *kind = mcfg->GetTerminateAssign(point, gasn.left, gasn.right,
&use_lval);
if (kind) {
ProcessUpdatedLval(mcfg, use_lval, kind, false, false);
kind->DecRef();
}
}
}
}
// pull in modsets from the direct and indirect callees of the edge.
if (BlockId *callee = edge->GetDirectCallee()) {
ComputeModsetCall(mcfg, edge, callee, NULL);
callee->DecRef();
}
else if (edge->IsCall() && indirect_callees) {
for (size_t ind = 0; ind < indirect_callees->GetEdgeCount(); ind++) {
const CallEdge &cedge = indirect_callees->GetEdge(ind);
// when comparing watch out for the case that this is a temporary
// modset and does not share the same block kind as the edge point.
if (cedge.where.version == cfg->GetVersion() &&
cedge.where.point == point &&
cedge.where.id->Function() == m_id->Function() &&
cedge.where.id->Loop() == m_id->Loop()) {
cedge.callee->IncRef();
BlockId *callee = BlockId::Make(B_Function, cedge.callee);
ComputeModsetCall(mcfg, edge, callee, cedge.rfld_chain);
callee->DecRef();
}
}
}
}
// sort the modset exps to ensure a consistent representation.
if (m_modset_list)
SortVector<PointValue,compare_PointValue>(m_modset_list);
if (m_assign_list)
SortVector<GuardAssign,compare_GuardAssign>(m_assign_list);
if (indirect)
CalleeCache.Release(m_id->BaseVar());
}
