int main(int argc, char** argv) {
SgProject* proj = frontend(argc,argv);
SgFunctionDeclaration* mainDecl = SageInterface::findMain(proj);
SgFunctionDefinition* mainDef = mainDecl->get_definition();
std::vector<SgNode*> ifExps;
ifExps = NodeQuery::querySubTree(mainDef, V_SgIfStmt);
for (int i = 0; i < ifExps.size(); i++) {
getIfConds(isSgIfStmt(ifExps[i]), isSgScopeStatement(mainDef));
}
std::vector<SgNode*> assignNodes = NodeQuery::querySubTree(mainDef, V_SgVariableDeclaration);
std::cout << assignNodes.size() << " nodes found" << std::endl;
std::vector<SgBinaryOp*> bin_ops;
std::vector<SgUnaryOp*> un_ops;
std::vector<SgNode*> other;
std::vector<SgExpression*> results;
for (std::vector<SgNode*>::iterator i = assignNodes.begin(); i != assignNodes.end(); i++) {
SgVariableDeclaration* vdecl = isSgVariableDeclaration(*i);
SgInitializedNamePtrList vlst = vdecl->get_variables();
SgInitializedName* initName = isSgInitializedName((*(vlst.begin())));
SgExpression* exp = isSgAssignInitializer(initName->get_initializer())->get_operand();
std::cout << exp->class_name() << std::endl;
if (!isSgFunctionCallExp(exp)) {
getExps(exp, isSgInitializedName(*i), results, 0);
std::cout << "prefixes" << std::endl;
for (int j = 0; j < prefixes.size(); j++) {
SgExprStatement* expSt = SageBuilder::buildExprStatement_nfi(prefixes[j]);
SageInterface::insertStatement(isSgVariableDeclaration(*i),expSt,true);
std::cout << prefixes[j]->class_name() << std::endl;
}
std::cout << "results" << std::endl;
for (int j = 0; j < results.size(); j++) {
std::cout << results[j]->class_name() << std::endl;
}
std::cout << "postfixes" << std::endl;
for (int j = 0; j < postfixes.size(); j++) {
SgExprStatement* expSt = SageBuilder::buildExprStatement_nfi(postfixes[j]);
SageInterface::insertStatement(isSgVariableDeclaration(*i),expSt,false);
std::cout << postfixes[j]->class_name() << std::endl;
}
replaceExps(exp,vdecl);
simplifyExps(exp);
}
}
backend(proj);
return 0;
}
/*!
* \brief Creates an assignment to "pack" a local variable back into
* an outlined-function parameter that has been passed as a pointer
* value.
*
* This routine takes the original "unpack" definition, of the form
*
* TYPE local_unpack_var = *outlined_func_arg;
* int i = *(int *)(__out_argv[1]); // parameter wrapping case
*
* and creates the "re-pack" assignment expression,
*
* *outlined_func_arg = local_unpack_var
* *(int *)(__out_argv[1]) =i; // parameter wrapping case
*
* C++ variables of reference types do not need this step.
*/
static
SgAssignOp *
createPackExpr (SgInitializedName* local_unpack_def)
{
if (!Outliner::temp_variable)
{
if (is_C_language()) //skip for pointer dereferencing used in C language
return NULL;
}
// reference types do not need copy the value back in any cases
if (isSgReferenceType (local_unpack_def->get_type ()))
return NULL;
if (local_unpack_def
&& !isReadOnlyType (local_unpack_def->get_type ()))
// && !isSgReferenceType (local_unpack_def->get_type ()))
{
SgName local_var_name (local_unpack_def->get_name ());
SgAssignInitializer* local_var_init =
isSgAssignInitializer (local_unpack_def->get_initializer ());
ROSE_ASSERT (local_var_init);
// Create the LHS, which derefs the function argument, by
// copying the original dereference expression.
//
SgPointerDerefExp* param_deref_unpack =
isSgPointerDerefExp (local_var_init->get_operand_i ());
if (param_deref_unpack == NULL)
{
cout<<"packing statement is:"<<local_unpack_def->get_declaration()->unparseToString()<<endl;
cout<<"local unpacking stmt's initializer's operand has non-pointer deferencing type:"<<local_var_init->get_operand_i ()->class_name()<<endl;
ROSE_ASSERT (param_deref_unpack);
}
SgPointerDerefExp* param_deref_pack = isSgPointerDerefExp (ASTtools::deepCopy (param_deref_unpack));
ROSE_ASSERT (param_deref_pack);
// Create the RHS, which references the local variable.
SgScopeStatement* scope = local_unpack_def->get_scope ();
ROSE_ASSERT (scope);
SgVariableSymbol* local_var_sym =
scope->lookup_var_symbol (local_var_name);
ROSE_ASSERT (local_var_sym);
SgVarRefExp* local_var_ref = SageBuilder::buildVarRefExp (local_var_sym);
ROSE_ASSERT (local_var_ref);
// Assemble the final assignment expression.
return SageBuilder::buildAssignOp (param_deref_pack, local_var_ref);
}
return 0;
}
void DataFlow<Annotation, Language, Runtime>::createContextFromLoopTree(
const LoopTrees<Annotation> & loop_trees,
context_t & context
) const {
assert(context.datas.empty());
assert(context.datas_in.empty());
assert(context.datas_out.empty());
assert(context.accesses_map.empty());
typename std::set<Data<Annotation> *>::iterator it_data;
const std::vector<Data<Annotation> *> & data_vect = loop_trees.getDatas();
context.datas.insert(data_vect.begin(), data_vect.end());
for (it_data = context.datas.begin(); it_data != context.datas.end(); it_data++) {
assert(*it_data != NULL);
if ((*it_data)->isFlowIn())
context.datas_in.insert(*it_data);
if ((*it_data)->isFlowOut())
context.datas_out.insert(*it_data);
}
const std::vector<typename LoopTrees<Annotation>::node_t *> & nodes = loop_trees.getNodes();
typename std::vector<typename LoopTrees<Annotation>::node_t *>::const_iterator it_node;
for (it_node = nodes.begin(); it_node != nodes.end(); it_node++) {
typename LoopTrees<Annotation>::cond_t * cond = dynamic_cast<typename LoopTrees<Annotation>::cond_t *>(*it_node);
typename LoopTrees<Annotation>::stmt_t * stmt = dynamic_cast<typename LoopTrees<Annotation>::stmt_t *>(*it_node);
if (cond == NULL && stmt == NULL) continue;
typename std::map<typename LoopTrees<Annotation>::node_t *, accesses_list_t>::iterator it_access =
context.accesses_map.insert(std::pair<typename LoopTrees<Annotation>::node_t *, accesses_list_t>(*it_node, accesses_list_t())).first;
std::vector<data_access_t> & read = it_access->second.reads;
std::vector<data_access_t> & write = it_access->second.writes;
if (cond != NULL) {
assert(false); /// \todo
}
else if (stmt != NULL) {
SgExprStatement * expr_stmt = isSgExprStatement(stmt->statement);
SgVariableDeclaration * var_decl = isSgVariableDeclaration(stmt->statement);
if (expr_stmt != NULL) {
SgExpression * exp = expr_stmt->get_expression();
assert(exp != NULL);
SgBinaryOp * bin_op = isSgBinaryOp(exp);
if (bin_op != NULL) {
SgExpression * lhs_exp = bin_op->get_lhs_operand_i();
SgExpression * rhs_exp = bin_op->get_rhs_operand_i();
assert(lhs_exp != NULL && rhs_exp != NULL);
SgAssignOp * assign_op = isSgAssignOp(exp);
SgCompoundAssignOp * compound_assign_op = isSgCompoundAssignOp(exp);
assert((assign_op != NULL) xor (compound_assign_op != NULL)); // FIXME expression statement are not always made of assignement
if (assign_op != NULL || compound_assign_op != NULL) {
append_access(lhs_exp, write, context); // add access in lhs to write set
append_access(rhs_exp, read, context); // add access in rhs to read set
}
if (compound_assign_op != NULL) {
append_access(lhs_exp, read, context); // add access in lhs to read set
}
}
else assert(false); // FIXME expression statement are not always made of binary op
}
else if (var_decl != NULL) {
assert(var_decl->get_variables().size() == 1);
SgInitializedName * init_name = isSgInitializedName(var_decl->get_variables()[0]);
assert(init_name != NULL);
SgInitializer * init = isSgInitializer(init_name->get_initptr());
if (init != NULL) {
SgAssignInitializer * assign_init = isSgAssignInitializer(init);
if (assign_init != NULL) {
SgExpression * exp = assign_init->get_operand_i();
assert(exp != NULL);
append_access(exp, read, context);
}
else assert(false);
}
}
else assert(false);
}
}
}
void
CompassAnalyses::VariableNameEqualsDatabaseName::Traversal::
visit(SgNode* node)
{
if( isSgAssignInitializer(node) != NULL )
assignExp = node;
if( isSgAssignOp(node) != NULL )
assignExp = node;
SgFunctionCallExp* funcCall = isSgFunctionCallExp(node);
// See if we have a dot expression or arrow expression which
// accesses the desired member function in the class we are looking for.
if ( funcCall != NULL )
{
SgExpression* funcExp = funcCall->get_function();
if ( ( isSgDotExp(funcExp) != NULL ) | ( isSgArrowExp(funcExp) != NULL ) )
{
SgBinaryOp* binOp = isSgBinaryOp(funcExp);
SgExpression* rhsOp = binOp->get_rhs_operand();
// SgExpression* lhsOp = binOp->get_lhs_operand();
if ( SgMemberFunctionRefExp* funcRef = isSgMemberFunctionRefExp(rhsOp) )
{
// std::cout << "c1\n" ;
SgMemberFunctionSymbol* funcSymbol = funcRef->get_symbol();
ROSE_ASSERT(funcSymbol->get_declaration() != NULL);
// DQ (1/16/2008): Note that the defining declaration need not exist (see test2001_11.C)
// ROSE_ASSERT(funcSymbol->get_declaration()->get_definingDeclaration() != NULL);
if (funcSymbol->get_declaration()->get_definingDeclaration() != NULL)
{
SgMemberFunctionDeclaration* funcDecl = isSgMemberFunctionDeclaration(funcSymbol->get_declaration()->get_definingDeclaration());
ROSE_ASSERT( funcDecl != NULL );
SgClassDefinition* clDef = isSgClassDefinition(funcDecl->get_scope());
SgClassDeclaration* clDecl = isSgClassDeclaration(clDef->get_declaration());
// SgClassDeclaration* clDecl = funcDecl->get_associatedClassDeclaration();
ROSE_ASSERT( clDecl != NULL );
std::string className = clDecl->get_name().getString();
ROSE_ASSERT(funcDecl != NULL);
std::string functionName = funcDecl->get_name().getString();
// If the class is the class we are looking for see if the member function
// access is to the member function we are interested in.
// std::cout << "className = " << className << std::endl;
// std::cout << "functionName = " << functionName << std::endl;
if ( (className == classToLookFor) && ( functionName == memberFunctionToLookFor ) )
{
SgExprListExp* actualArgs = funcCall->get_args();
SgExpressionPtrList& actualExpArgs = actualArgs->get_expressions ();
ROSE_ASSERT(actualExpArgs.size() == 1);
Rose_STL_Container<SgNode*> nodeLst = NodeQuery::querySubTree(*actualExpArgs.begin(), V_SgStringVal);
ROSE_ASSERT( nodeLst.size() > 0);
SgStringVal* actualArg = isSgStringVal(*nodeLst.begin());
ROSE_ASSERT(actualArg != NULL);
std::string stringArg = actualArg->get_value();
std::cout << "arg:" << stringArg << std::endl;
std::string varName;
// SgInitializedName* initName = NULL;
if ( SgAssignInitializer* assignInit = isSgAssignInitializer(assignExp) )
{
SgInitializedName* initName = isSgInitializedName(assignInit->get_parent());
ROSE_ASSERT(initName != NULL);
varName = initName->get_name().getString();
}
else
{
if ( SgAssignOp* assignOp = isSgAssignOp(assignExp) )
{
SgExpression* lhsOp = assignOp->get_lhs_operand();
SgVarRefExp* varRef = isSgVarRefExp(lhsOp);
ROSE_ASSERT(varRef!=NULL);
SgVariableSymbol* varSymbol = varRef->get_symbol();
ROSE_ASSERT(varSymbol != NULL);
SgInitializedName* initName = varSymbol->get_declaration();
varName = initName->get_name().getString();
}
}
if (varName != "")
{
// we are only interested in the part of the argument after the last ":"
// Database scopes in ALE3D are separated by ":"
size_t posCol = stringArg.find_last_of(':');
if (posCol != std::string::npos)
stringArg = stringArg.substr(posCol+1);
//Find violations to the rule
if ( stringArg != varName)
{
output->addOutput(new CheckerOutput(assignExp));
std::cout << "violation" << varName << std::endl;
}
else
{
std::cout << "non=violation" << varName << std::endl;
}
}
}
}
}
}
}
} // End of the visit function.
/**
* Const-qualify immutable objects
*
* \todo count assignments, if only one, report violation
*/
bool DCL00_C( const SgNode *node ) {
const SgInitializedName *varName = isSgInitializedName(node);
if (!varName)
return false;
/**
* Ignore variables generated by macros
*/
if ((varName->get_name().getString().substr(0,2) == "__")
|| isCompilerGeneratedNode(node))
return false;
/**
* Ignore global variables
*/
if (isGlobalVar(varName))
return false;
/**
* Ignore variables that are already const, are function pointers, or are
* declared inside of a struct, enum, or as an argument to a function
*/
SgType *varType = varName->get_type();
if (isConstType(varType)
|| isConstType(varType->dereference())
|| isConstType(varType->dereference()->dereference())
|| isSgFunctionType(varType)
|| isSgClassType(varType)
|| findParentOfType(varName, SgCtorInitializerList)
|| findParentOfType(varName, SgEnumDeclaration)
|| findParentOfType(varName, SgClassDeclaration))
return false;
/**
* DCL13-C is a subset of this rule, figure out which rule we are dealing
* with here
*/
std::string ruleStr;
std::string errStr;
if (findParentOfType(varName, SgFunctionParameterList)) {
/** ignore function prototypes, just worry about the definitions */
const SgFunctionDeclaration *fnDecl = findParentOfType(varName, SgFunctionDeclaration);
/**
* Disabling assertion due to C++ code
*/
if (!fnDecl)
return false;
// assert(fnDecl);
if (!fnDecl->get_definition())
return false;
if (isSgPointerType(varName->get_type())
|| isSgArrayType(varName->get_type())) {
ruleStr = "DCL13-C";
errStr = "Declare function parameters that are pointers to values not changed by the function as const: ";
} else {
return false;
}
} else {
ruleStr = "DCL00-C";
errStr = "Const-qualify immutable objects: ";
}
/**
* Ignore global variables or variables declared as extern
*/
const SgScopeStatement *varScope = varName->get_scope();
if (isSgGlobal(varScope) || isExternVar(varName))
return false;
FOREACH_SUBNODE(varScope, nodes, i, V_SgVarRefExp) {
const SgVarRefExp *iVar = isSgVarRefExp(*i);
assert(iVar);
if (getRefDecl(iVar) != varName)
continue;
const SgNode *parent = iVar->get_parent();
while(isSgCastExp(parent)) {
parent = parent->get_parent();
}
assert(parent);
/**
* If the variable is written to or it's address is taken, we can no
* longer be sure it should be const, if it's a struct and gets
* dereferenced, who knows what's getting written there :/
*/
if (varWrittenTo(iVar)
|| isSgArrowExp(parent)
|| findParentOfType(iVar, SgAddressOfOp))
return false;
/**
* If the variable is a pointer or array, and we pass it to a function
* or as an argument to pointer arithmetic, or assign it's value
* somewhere, we can longer be sure it should be const
*/
if ((isSgPointerType(varType) || isSgArrayType(varType))
&& (findParentOfType(iVar, SgFunctionCallExp)
|| isSgAddOp(parent)
|| isSgSubtractOp(parent)
|| isSgAssignOp(parent)
|| isSgPntrArrRefExp(parent)
|| isSgPointerDerefExp(parent)
|| isSgAssignInitializer(parent)))
return false;
}
const std::string msg = errStr + varName->get_name().getString();
print_error(node, ruleStr.c_str(), msg.c_str(), true);
return true;
}
void flattenScopes(SgFunctionDefinition * fDef)
{
// * 3.3: find all variables in the function,give them a unique name and move them to the bgeinning of the function, this is allowed because this is for C only!!!. This would not work for classes which must be constructed
// rename variables
list<SgNode*> varDeclList=NodeQuery::querySubTree(fDef,V_SgInitializedName);
for (list<SgNode*>::iterator varDecl=varDeclList.begin();varDecl!=varDeclList.end();varDecl++)
{
tring varName=isSgInitializedName(*varDecl)->get_name().getString();
char numberCString[255];
sprintf(numberCString,"%i",idNr);
string newVarName=string("PML")+string(numberCString)+string("_")+varName;
idNr++;
isSgInitializedName(*varDecl)->set_name(SgName(newVarName.c_str()));
}
list<SgNode*> newDeclList;
varDeclList.clear();
varDeclList=NodeQuery::querySubTree(procFuncVec[procNr],V_SgVariableDeclaration);
// the move the variable declaration to the function begin and replace the old declaration site with a definition
for (list<SgNode*>::iterator varDecl=varDeclList.begin();varDecl!=varDeclList.end();varDecl++)
{
SgVariableDeclaration * varDeclStmt=isSgVariableDeclaration(*varDecl);
SgVariableDefinition * varDef=varDeclStmt->get_definition();
SgInitializedName *iniName=isSgInitializedName(varDef->get_vardefn());
if (iniName->get_initializer () !=NULL)
{
// cout <<"VarDecl >"<<iniName->get_name().getString()<<"< has initilizer >"<<iniName->get_initializer ()->unparseToString()<<"<"<<endl;
// determine if it is safe to separate initializer from decl
// for now true
if (1)
{
Sg_File_Info * fi=Sg_File_Info::generateDefaultFileInfoForTransformationNode();
SgVarRefExp * varRef=new SgVarRefExp (Sg_File_Info::generateDefaultFileInfoForTransformationNode(),new SgVariableSymbol(iniName));
SgType * type=isSgAssignInitializer(iniName->get_initializer())->get_type ();
SgAssignInitializer * sai=isSgAssignInitializer(iniName->get_initializer());
if (sai==NULL)
{
cerr<<"isSgAssignInitializer(iniName->get_initializer())=NULL"<<endl;
exit(-1);
}
SgExpression *lhs,*rhs;
lhs=varRef;
rhs=sai->get_operand ();
if (lhs==NULL)
{
cerr<<"lhs=NULL"<<endl;
exit(-1);
}
if (rhs==NULL)
{
cerr<<"rhs=NULL"<<endl;
exit(-1);
}
SgAssignOp * assignment=new SgAssignOp(Sg_File_Info::generateDefaultFileInfoForTransformationNode(),lhs,rhs);
SgExprStatement * expr=new SgExprStatement(fi,assignment);
if (expr==NULL)
{
cerr<<"construction of expr failed"<<endl;
}
isSgAssignInitializer(iniName->get_initializer ())->set_operand(NULL);
free(iniName->get_initializer ());
iniName->set_initializer (NULL);
// put the iniName in the list
newDeclList.push_back(varDeclStmt);
if (isSgStatement(varDeclStmt)==NULL)
{
cerr<<"isSgStatement(varDeclStmt)==NULL"<<endl;
}
LowLevelRewrite::replace(isSgStatement(varDeclStmt),isSgStatement(expr));
}
}
else
{
cout <<"VarDecl >"<<iniName->get_name().getString()<<"> is uninitialized"<<endl;
newDeclList.push_back(varDeclStmt);
LowLevelRewrite::remove(isSgStatement(varDeclStmt));
}
}
for (list<SgNode*>::iterator varDecl=newDeclList.begin();varDecl!=newDeclList.end();varDecl++)
{
fDef->prepend_statement(isSgStatement(*varDecl));
}
return ;
}
bool
TaintAnalysis::transfer(const Function& func, const DataflowNode& node_, NodeState& state, const std::vector<Lattice*>& dfInfo) {
static size_t ncalls = 0;
if (debug) {
*debug <<"TaintAnalysis::transfer-" <<++ncalls <<"(func=" <<func.get_name() <<",\n"
<<" node={" <<StringUtility::makeOneLine(node_.toString()) <<"},\n"
<<" state={" <<state.str(this, " ") <<",\n"
<<" dfInfo[" <<dfInfo.size() <<"]={...})\n";
}
SgNode *node = node_.getNode();
assert(!dfInfo.empty());
FiniteVarsExprsProductLattice *prodLat = dynamic_cast<FiniteVarsExprsProductLattice*>(dfInfo.front());
bool modified = magic_tainted(node, prodLat); // some values are automatically tainted based on their name
// Process AST nodes that transfer taintedness. Most of these operations have one or more inputs from which a result
// is always calculated the same way. So we just gather up the inputs and do the calculation at the very end of this
// function. The other operations are handled individually within their "if" bodies.
TaintLattice *result = NULL; // result pointer into the taint lattice
std::vector<TaintLattice*> inputs; // input pointers into the taint lattice
if (isSgAssignInitializer(node)) {
// as in "int a = b"
SgAssignInitializer *xop = isSgAssignInitializer(node);
TaintLattice *in1 = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(SgExpr2Var(xop->get_operand())));
inputs.push_back(in1);
} else if (isSgAggregateInitializer(node)) {
// as in "int a[1] = {b}"
SgAggregateInitializer *xop = isSgAggregateInitializer(node);
const SgExpressionPtrList &exprs = xop->get_initializers()->get_expressions();
for (size_t i=0; i<exprs.size(); ++i) {
varID in_id = SgExpr2Var(exprs[i]);
TaintLattice *in = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(in_id));
inputs.push_back(in);
}
} else if (isSgInitializedName(node)) {
SgInitializedName *xop = isSgInitializedName(node);
if (xop->get_initializer()) {
varID in1_id = SgExpr2Var(xop->get_initializer());
TaintLattice *in1 = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(in1_id));
inputs.push_back(in1);
}
} else if (isSgValueExp(node)) {
// numeric and character constants
SgValueExp *xop = isSgValueExp(node);
result = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(SgExpr2Var(xop)));
if (result)
modified = result->set_vertex(TaintLattice::VERTEX_UNTAINTED);
} else if (isSgAddressOfOp(node)) {
// as in "&x". The result taintedness has nothing to do with the value in x.
/*void*/
} else if (isSgBinaryOp(node)) {
// as in "a + b"
SgBinaryOp *xop = isSgBinaryOp(node);
varID in1_id = SgExpr2Var(isSgExpression(xop->get_lhs_operand()));
TaintLattice *in1 = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(in1_id));
inputs.push_back(in1);
varID in2_id = SgExpr2Var(isSgExpression(xop->get_rhs_operand()));
TaintLattice *in2 = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(in2_id));
inputs.push_back(in2);
if (isSgAssignOp(node)) { // copy the rhs lattice to the lhs lattice (as well as the entire '=' expression result)
assert(in1 && in2);
modified = in1->meetUpdate(in2);
}
} else if (isSgUnaryOp(node)) {
// as in "-a"
SgUnaryOp *xop = isSgUnaryOp(node);
varID in1_id = SgExpr2Var(xop->get_operand());
TaintLattice *in1 = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(in1_id));
inputs.push_back(in1);
} else if (isSgReturnStmt(node)) {
// as in "return a". The result will always be dead, so we're just doing this to get some debugging output. Most
// of our test inputs are functions, and the test examines the function's returned taintedness.
SgReturnStmt *xop = isSgReturnStmt(node);
varID in1_id = SgExpr2Var(xop->get_expression());
TaintLattice *in1 = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(in1_id));
inputs.push_back(in1);
}
// Update the result lattice (unless dead) with the inputs (unless dead) by using the meedUpdate() method. All this
// means is that the new result will be the maximum of the old result and all inputs, where "maximum" is defined such
// that "tainted" is greater than "untainted" (and both of them are greater than bottom/unknown).
for (size_t i=0; i<inputs.size(); ++i)
if (debug)
*debug <<"TaintAnalysis::transfer: input " <<(i+1) <<" is " <<lattice_info(inputs[i]) <<"\n";
if (!result && varID::isValidVarExp(node)) {
varID result_id(node); // NOTE: constructor doesn't handle all SgExpression nodes, thus the next "if"
result = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(result_id));
}
if (!result && isSgExpression(node)) {
varID result_id = SgExpr2Var(isSgExpression(node));
result = dynamic_cast<TaintLattice*>(prodLat->getVarLattice(result_id));
}
if (result) {
for (size_t i=0; i<inputs.size(); ++i) {
if (inputs[i])
modified = result->meetUpdate(inputs[i]) || modified;
}
}
if (debug)
*debug <<"TaintAnalysis::transfer: result is " <<lattice_info(result) <<(modified?" (modified)":" (not modified)") <<"\n";
return modified;
}
void
ProcTraversal::visit(SgNode *node) {
if (isSgFunctionDeclaration(node)) {
SgFunctionDeclaration *decl = isSgFunctionDeclaration(node);
if (decl->get_definition() != NULL) {
/* collect statistics */
//AstNumberOfNodesStatistics anons;
//anons.traverse(decl, postorder);
//original_ast_nodes += anons.get_numberofnodes();
//original_ast_statements += anons.get_numberofstatements();
/* do the real work */
Procedure *proc = new Procedure();
proc->procnum = procnum++;
proc->decl = decl;
proc->funcsym
= isSgFunctionSymbol(decl->get_symbol_from_symbol_table());
if (proc->funcsym == NULL)
{
#if 0
std::cout
<< std::endl
<< "*** NULL function symbol for declaration "
<< decl->unparseToString()
<< std::endl
<< "symbol: "
<< (void *) decl->get_symbol_from_symbol_table()
<< (decl->get_symbol_from_symbol_table() != NULL ?
decl->get_symbol_from_symbol_table()->class_name()
: "")
<< std::endl
<< "first nondef decl: "
<< (void *) decl->get_firstNondefiningDeclaration()
<< " sym: "
<< (decl->get_firstNondefiningDeclaration() != NULL ?
(void *) decl->get_firstNondefiningDeclaration()
->get_symbol_from_symbol_table()
: (void *) NULL)
<< std::endl;
#endif
if (decl->get_firstNondefiningDeclaration() != NULL)
{
proc->funcsym = isSgFunctionSymbol(decl
->get_firstNondefiningDeclaration()
->get_symbol_from_symbol_table());
}
}
assert(proc->funcsym != NULL);
// GB (2008-05-14): We need two parameter lists: One for the names of the
// variables inside the function definition, which is
// decl->get_parameterList(), and one that contains any default arguments
// the function might have. The default arguments are supposedly
// associated with the first nondefining declaration.
proc->params = decl->get_parameterList();
SgDeclarationStatement *fndstmt = decl->get_firstNondefiningDeclaration();
SgFunctionDeclaration *fnd = isSgFunctionDeclaration(fndstmt);
if (fnd != NULL && fnd != decl)
proc->default_params = fnd->get_parameterList();
else
proc->default_params = proc->params;
SgMemberFunctionDeclaration *mdecl
= isSgMemberFunctionDeclaration(decl);
if (mdecl) {
proc->class_type = isSgClassDefinition(mdecl->get_scope());
std::string name = proc->class_type->get_mangled_name().str();
name += "::";
name += decl->get_name().str();
std::string mname = proc->class_type->get_mangled_name().str();
mname += "::";
mname += decl->get_mangled_name().str();
proc->memberf_name = name;
proc->mangled_memberf_name = mname;
proc->name = decl->get_name().str();
proc->mangled_name = decl->get_mangled_name().str();
// GB (2008-05-26): Computing a single this symbol for each
// procedure. Thus, this symbol can also be compared by pointer
// equality (as is the case for all other symbols). While we're at it,
// we also build a VarRefExp for this which can be used everywhere the
// this pointer occurs.
proc->this_type = Ir::createPointerType(
proc->class_type->get_declaration()->get_type());
proc->this_sym = Ir::createVariableSymbol("this", proc->this_type);
proc->this_exp = Ir::createVarRefExp(proc->this_sym);
} else {
proc->name = decl->get_name().str();
proc->mangled_name = decl->get_mangled_name().str();
proc->class_type = NULL;
proc->memberf_name = proc->mangled_memberf_name = "";
proc->this_type = NULL;
proc->this_sym = NULL;
proc->this_exp = NULL;
// GB (2008-07-01): Better resolution of calls to static functions.
// This only makes sense for non-member functions.
SgStorageModifier &sm =
(fnd != NULL ? fnd : decl)->get_declarationModifier().get_storageModifier();
proc->isStatic = sm.isStatic();
// Note that we query the first nondefining declaration for the
// static modifier, but we save the file of the *defining*
// declaration. This is because the first declaration might be in
// some header file, but for call resolution, the actual source
// file with the definition is relevant.
// Trace back to the enclosing file node. The definition might be
// included in foo.c from bar.c, in which case the Sg_File_Info
// would refer to bar.c; but for function call resolution, foo.c is
// the relevant file.
SgNode *p = decl->get_parent();
while (p != NULL && !isSgFile(p))
p = p->get_parent();
proc->containingFile = isSgFile(p);
}
proc_map.insert(std::make_pair(proc->name, proc));
mangled_proc_map.insert(std::make_pair(proc->mangled_name, proc));
std::vector<SgVariableSymbol* >* arglist
= new std::vector<SgVariableSymbol* >();
SgVariableSymbol *this_var = NULL, *this_temp_var = NULL;
if (mdecl
|| decl->get_parameterList() != NULL
&& !decl->get_parameterList()->get_args().empty()) {
proc->arg_block
= new BasicBlock(node_id, INNER, proc->procnum);
if (mdecl) {
// GB (2008-05-26): We now compute the this pointer right at the
// beginning of building the procedure.
// this_var = Ir::createVariableSymbol("this", this_type);
this_var = proc->this_sym;
// std::string varname
// = std::string("$") + proc->name + "$this";
// this_temp_var = Ir::createVariableSymbol(varname, proc->this_type);
this_temp_var = global_this_variable_symbol;
ParamAssignment* paramAssignment
= Ir::createParamAssignment(this_var, this_temp_var);
proc->arg_block->statements.push_back(paramAssignment);
arglist->push_back(this_var);
if (proc->name.find('~') != std::string::npos) {
arglist->push_back(this_temp_var);
}
}
SgInitializedNamePtrList params
= proc->params->get_args();
SgInitializedNamePtrList::const_iterator i;
#if 0
int parnum = 0;
for (i = params.begin(); i != params.end(); ++i) {
SgVariableSymbol *i_var = Ir::createVariableSymbol(*i);
std::stringstream varname;
// varname << "$" << proc->name << "$arg_" << parnum++;
SgVariableSymbol* var =
Ir::createVariableSymbol(varname.str(),(*i)->get_type());
proc->arg_block->statements.push_back(Ir::createParamAssignment(i_var, var));
arglist->push_back(i_var);
}
#else
// GB (2008-06-23): Trying to replace all procedure-specific argument
// variables by a global list of argument variables. This means that at
// this point, we do not necessarily need to build a complete list but
// only add to the CFG's argument list if it is not long enough.
size_t func_params = params.size();
size_t global_args = global_argument_variable_symbols.size();
std::stringstream varname;
while (global_args < func_params)
{
varname.str("");
varname << "$tmpvar$arg_" << global_args++;
SgVariableSymbol *var
= Ir::createVariableSymbol(varname.str(),
global_unknown_type);
program->global_map[varname.str()]
= std::make_pair(var, var->get_declaration());
global_argument_variable_symbols.push_back(var);
}
// now create the param assignments
size_t j = 0;
for (i = params.begin(); i != params.end(); ++i)
{
SgVariableSymbol *i_var = Ir::createVariableSymbol(params[j]);
SgVariableSymbol *var = global_argument_variable_symbols[j];
j++;
proc->arg_block->statements.push_back(
Ir::createParamAssignment(i_var, var));
arglist->push_back(i_var);
}
#if 0
// replace the arglist allocated above by the new one; this must be
// fixed for this pointers!
delete arglist;
arglist = &global_argument_variable_symbols;
#endif
#endif
} else {
proc->arg_block = NULL;
}
/* If this is a constructor, call default constructors
* of all base classes. If base class constructors are
* called manually, these calls will be removed later. */
if (mdecl
&& strcmp(mdecl->get_name().str(),
proc->class_type->get_declaration()->get_name().str()) == 0
&& proc->class_type != NULL) {
SgBaseClassPtrList::iterator base;
for (base = proc->class_type->get_inheritances().begin();
base != proc->class_type->get_inheritances().end();
++base) {
SgClassDeclaration* baseclass = (*base)->get_base_class();
SgVariableSymbol *lhs
= Ir::createVariableSymbol("$tmpvar$" + baseclass->get_name(),
baseclass->get_type());
program->global_map["$tmpvar$" + baseclass->get_name()]
= std::make_pair(lhs, lhs->get_declaration());
SgMemberFunctionDeclaration* fd=get_default_constructor(baseclass);
assert(fd);
SgType* basetype=baseclass->get_type();
assert(basetype);
SgConstructorInitializer *sci
= Ir::createConstructorInitializer(fd,basetype);
ArgumentAssignment* a
= Ir::createArgumentAssignment(lhs, sci);
proc->arg_block->statements.push_back(a);
// std::string this_called_varname
// = std::string("$") + baseclass->get_name() + "$this";
SgVariableSymbol *this_called_var
// = Ir::createVariableSymbol(this_called_varname,
// baseclass->get_type());
= global_this_variable_symbol;
ReturnAssignment* this_ass
= Ir::createReturnAssignment(this_var, this_called_var);
proc->arg_block->statements.push_back(this_ass);
}
}
if (mdecl && mdecl->get_CtorInitializerList() != NULL
&& !mdecl->get_CtorInitializerList()->get_ctors().empty()) {
SgInitializedNamePtrList cis
= mdecl->get_CtorInitializerList()->get_ctors();
SgInitializedNamePtrList::const_iterator i;
if (proc->arg_block == NULL) {
proc->arg_block = new BasicBlock(node_id, INNER, proc->procnum);
}
for (i = cis.begin(); i != cis.end(); ++i) {
SgVariableSymbol* lhs = Ir::createVariableSymbol(*i);
SgAssignInitializer *ai
= isSgAssignInitializer((*i)->get_initializer());
SgConstructorInitializer *ci
= isSgConstructorInitializer((*i)->get_initializer());
/* TODO: other types of initializers */
if (ai) {
SgClassDeclaration *class_decl
= proc->class_type->get_declaration();
// GB (2008-05-26): We now compute the this pointer right at the
// beginning of building the procedure.
// SgVarRefExp* this_ref
// = Ir::createVarRefExp("this",
// Ir::createPointerType(class_decl->get_type()));
SgVarRefExp* this_ref = proc->this_exp;
SgArrowExp* arrowExp
= Ir::createArrowExp(this_ref,Ir::createVarRefExp(lhs));
// GB (2008-03-17): We need to handle function calls in
// initializers. In order to be able to build an argument
// assignment, we need to know the function's return variable, so
// the expression labeler must be called on it. The expression
// number is irrelevant, however, as it does not appear in the
// return variable.
if (isSgFunctionCallExp(ai->get_operand_i())) {
#if 0
ExprLabeler el(0 /*expnum*/);
el.traverse(ai->get_operand_i(), preorder);
// expnum = el.get_expnum();
#endif
// GB (2008-06-25): There is now a single global return
// variable. This may or may not mean that we can simply ignore
// the code above. I don't quite understand why this labeling
// couldn't be done later on, and where its result was used.
}
ArgumentAssignment* argumentAssignment
= Ir::createArgumentAssignment(arrowExp,ai->get_operand_i());
proc->arg_block->statements.push_back(argumentAssignment);
} else if (ci) {
/* if this is a call to a base class's
* constructor, remove the call we generated
* before */
SgStatement* this_a = NULL;
SgClassDeclaration* cd = ci->get_class_decl();
std::deque<SgStatement *>::iterator i;
for (i = proc->arg_block->statements.begin();
i != proc->arg_block->statements.end();
++i) {
ArgumentAssignment* a
= dynamic_cast<ArgumentAssignment *>(*i);
if (a && isSgConstructorInitializer(a->get_rhs())) {
SgConstructorInitializer* c
= isSgConstructorInitializer(a->get_rhs());
std::string c_decl_name = c->get_class_decl()->get_name().str();
std::string cd_name = cd->get_name().str();
// if (c->get_class_decl()->get_name() == cd->get_name()) {
if (c_decl_name == cd_name) {
#if 0
// erase the following assignment
// of the this pointer as well
this_a = *proc->arg_block->statements.erase(i+1);
proc->arg_block->statements.erase(i);
#endif
// GB (2008-03-28): That's an interesting piece of code, but
// it might be very mean to iterators. At least it is hard to
// see whether it is correct. So let's try it like this:
// erase i; we get an iterator back, which refers to the next
// element. Save that element as this_a, and then erase.
std::deque<SgStatement *>::iterator this_pos;
this_pos = proc->arg_block->statements.erase(i);
this_a = *this_pos;
proc->arg_block->statements.erase(this_pos);
// Good. Looks like this fixed a very obscure bug.
break;
}
}
}
/* now add the initialization */
proc->arg_block->statements.push_back(Ir::createArgumentAssignment(lhs, ci));
if (this_a != NULL)
proc->arg_block->statements.push_back(this_a);
}
}
}
proc->entry = new CallBlock(node_id++, START, proc->procnum,
new std::vector<SgVariableSymbol *>(*arglist),
(proc->memberf_name != ""
? proc->memberf_name
: proc->name));
proc->exit = new CallBlock(node_id++, END, proc->procnum,
new std::vector<SgVariableSymbol *>(*arglist),
(proc->memberf_name != ""
? proc->memberf_name
: proc->name));
proc->entry->partner = proc->exit;
proc->exit->partner = proc->entry;
proc->entry->call_target = Ir::createFunctionRefExp(proc->funcsym);
proc->exit->call_target = Ir::createFunctionRefExp(proc->funcsym);
/* In constructors, insert an assignment $A$this = this
* at the end to make sure that the 'this' pointer can be
* passed back to the calling function uncobbled. */
proc->this_assignment = NULL;
if (mdecl) {
SgMemberFunctionDeclaration* cmdecl
= isSgMemberFunctionDeclaration(mdecl->get_firstNondefiningDeclaration());
// if (cmdecl && cmdecl->get_specialFunctionModifier().isConstructor()) {
proc->this_assignment
= new BasicBlock(node_id++, INNER, proc->procnum);
ReturnAssignment* returnAssignment
= Ir::createReturnAssignment(this_temp_var, this_var);
proc->this_assignment->statements.push_back(returnAssignment);
add_link(proc->this_assignment, proc->exit, NORMAL_EDGE);
// }
}
std::stringstream varname;
// varname << "$" << proc->name << "$return";
// proc->returnvar = Ir::createVariableSymbol(varname.str(),
// decl->get_type()->get_return_type());
proc->returnvar = global_return_variable_symbol;
procedures->push_back(proc);
if(getPrintCollectedFunctionNames()) {
std::cout << (proc->memberf_name != ""
? proc->memberf_name
: proc->name)
<< " " /*<< proc->decl << std::endl*/;
}
if (proc->arg_block != NULL)
{
proc->arg_block->call_target
= Ir::createFunctionRefExp(proc->funcsym);
}
// delete arglist;
}
}
}
std::string getSgInitializedName(SgInitializedName* initName) {
std::string exprStr;
SgSymbol* initNameSym = initName->search_for_symbol_from_symbol_table();
std::string varInit = initializeVariable(initName);
std::string retString;
if (initName->get_initptr() != NULL) {
SgInitializer* nameInitializer = initName->get_initializer();
VariantT var = nameInitializer->variantT();
switch (var) {
case V_SgAggregateInitializer:
{
SgAggregateInitializer* aggInit = isSgAggregateInitializer(nameInitializer);
if (!isSgArrayType(aggInit->get_type())) {
std::cout << "currently only arrays use aggregate initializers, you are using " << aggInit->class_name() << std::endl;
ROSE_ASSERT(false);
}
SgExprListExp* members = aggInit->get_initializers();
SgExpressionPtrList member_expressions = members->get_expressions();
std::string symName = SymbolToZ3[initNameSym];
ROSE_ASSERT(SymbolToInstances[initNameSym] == 0);
int arrmem = 0;
std::stringstream exprStream;
for (SgExpressionPtrList::iterator i = member_expressions.begin(); i != member_expressions.end(); i++) {
exprStream << "\n(assert (= (select " << symName << "_0 " << arrmem << ") " << getSgExpressionString((isSgAssignInitializer((*i))->get_operand())) << ")";
arrmem = arrmem+1;
}
retString = varInit + "\n" + exprStream.str();
#ifdef ARRAY_TEST
std::cout << "retString: " << retString << std::endl;
#endif
break;
}
case V_SgCompoundInitializer:
{
std::cout << "SgCompoundInitializer not yet supported" << std::endl;
ROSE_ASSERT(false);
break;
}
case V_SgConstructorInitializer:
{
std::cout << "SgConstructorInitializer is not yet supported" << std::endl;
ROSE_ASSERT(false);
break;
}
case V_SgDesignatedInitializer:
{
std::cout << "SgDesignatedInitializer is not yet supported" << std::endl;
ROSE_ASSERT(false);
break;
}
case V_SgAssignInitializer:
{
SgAssignInitializer* assignInit = isSgAssignInitializer(nameInitializer);
std::string symName = SymbolToZ3[initNameSym];
ROSE_ASSERT(SymbolToInstances[initNameSym] == 0);
exprStr = "(assert (= " + symName + "_0 " + getSgExpressionString(assignInit->get_operand()) + "))";
retString = varInit + "\n" + exprStr;
break;
}
default:
{
std::cout << "unknown initializer of type: " << nameInitializer->class_name() << std::endl;
ROSE_ASSERT(false);
break;
}
}
}
else {
retString = varInit;
}
return retString;
}
int
main( int argc, char* argv[] )
{
// Initialize and check compatibility. See rose::initialize
ROSE_INITIALIZE;
SgProject* project = frontend(argc,argv);
AstTests::runAllTests(project);
#if 0
// Output the graph so that we can see the whole AST graph, for debugging.
generateAstGraph(project, 4000);
#endif
#if 1
printf ("Generate the dot output of the SAGE III AST \n");
generateDOT ( *project );
printf ("DONE: Generate the dot output of the SAGE III AST \n");
#endif
// There are lots of way to write this, this is one simple approach; get all the function calls.
std::vector<SgNode*> functionCalls = NodeQuery::querySubTree (project,V_SgFunctionCallExp);
// Find the SgFunctionSymbol for snprintf so that we can reset references to "sprintf" to "snprintf" instead.
// SgGlobal* globalScope = (*project)[0]->get_globalScope();
SgSourceFile* sourceFile = isSgSourceFile(project->get_fileList()[0]);
ROSE_ASSERT(sourceFile != NULL);
SgGlobal* globalScope = sourceFile->get_globalScope();
SgFunctionSymbol* snprintf_functionSymbol = globalScope->lookup_function_symbol("snprintf");
ROSE_ASSERT(snprintf_functionSymbol != NULL);
// Iterate over the function calls to find the calls to "sprintf"
for (unsigned long i = 0; i < functionCalls.size(); i++)
{
SgFunctionCallExp* functionCallExp = isSgFunctionCallExp(functionCalls[i]);
ROSE_ASSERT(functionCallExp != NULL);
SgFunctionRefExp* functionRefExp = isSgFunctionRefExp(functionCallExp->get_function());
if (functionRefExp != NULL)
{
SgFunctionSymbol* functionSymbol = functionRefExp->get_symbol();
if (functionSymbol != NULL)
{
SgName functionName = functionSymbol->get_name();
// printf ("Function being called: %s \n",functionName.str());
if (functionName == "sprintf")
{
// Now we have something to do!
functionRefExp->set_symbol(snprintf_functionSymbol);
// Now add the "n" argument
SgExprListExp* functionArguments = functionCallExp->get_args();
SgExpressionPtrList & functionArgumentList = functionArguments->get_expressions();
// "sprintf" shuld have exactly 2 arguments (I guess the "..." don't count)
printf ("functionArgumentList.size() = %zu \n",functionArgumentList.size());
// ROSE_ASSERT(functionArgumentList.size() == 2);
SgExpressionPtrList::iterator i = functionArgumentList.begin();
// printf ("(*i) = %p = %s = %s \n",*i,(*i)->class_name().c_str(),SageInterface::get_name(*i).c_str());
SgVarRefExp* variableRefExp = isSgVarRefExp(*i);
ROSE_ASSERT(variableRefExp != NULL);
// printf ("variableRefExp->get_type() = %p = %s = %s \n",variableRefExp->get_type(),variableRefExp->get_type()->class_name().c_str(),SageInterface::get_name(variableRefExp->get_type()).c_str());
SgType* bufferType = variableRefExp->get_type();
SgExpression* bufferLengthExpression = NULL;
switch(bufferType->variantT())
{
case V_SgArrayType:
{
SgArrayType* arrayType = isSgArrayType(bufferType);
bufferLengthExpression = arrayType->get_index();
break;
}
case V_SgPointerType:
{
// SgPointerType* pointerType = isSgPointerType(bufferType);
SgInitializedName* variableDeclaration = variableRefExp->get_symbol()->get_declaration();
ROSE_ASSERT(variableDeclaration != NULL);
SgExpression* initializer = variableDeclaration->get_initializer();
if (initializer != NULL)
{
SgAssignInitializer* assignmentInitializer = isSgAssignInitializer(initializer);
ROSE_ASSERT(assignmentInitializer != NULL);
// This is the rhs of the initialization of the pointer (likely a malloc through a cast).
// This assumes: buffer = (char*) malloc(bufferLengthExpression);
SgExpression* initializationExpression = assignmentInitializer->get_operand();
ROSE_ASSERT(initializationExpression != NULL);
SgCastExp* castExp = isSgCastExp(initializationExpression);
ROSE_ASSERT(castExp != NULL);
SgFunctionCallExp* functionCall = isSgFunctionCallExp(castExp->get_operand());
ROSE_ASSERT(functionCall != NULL);
SgExprListExp* functionArguments = isSgExprListExp(functionCall->get_args());
bufferLengthExpression = functionArguments->get_expressions()[0];
ROSE_ASSERT(bufferLengthExpression != NULL);
}
else
{
printf ("Initializer not found, so no value for n in snprintf can be computed currently \n");
}
break;
}
default:
{
printf ("Error: default reached in evaluation of buffer type = %p = %s \n",bufferType,bufferType->class_name().c_str());
ROSE_ASSERT(false);
}
}
ROSE_ASSERT(bufferLengthExpression != NULL);
// printf ("bufferLengthExpression = %p = %s = %s \n",bufferLengthExpression,bufferLengthExpression->class_name().c_str(),SageInterface::get_name(bufferLengthExpression).c_str());
// Jump over the first argument, the "n" is defined to be the 2nd argument (the rest are shifted one position).
i++;
// Build a deep copy of the expression used to define the static buffer (could be any complex expression).
SgTreeCopy copy_help;
SgExpression* bufferLengthExpression_copy = isSgExpression(bufferLengthExpression->copy(copy_help));
// Insert the "n" for the parameter list to work with "snprintf" instead of "sprintf"
functionArgumentList.insert(i,bufferLengthExpression_copy);
}
}
}
}
return backend(project);
}
