// fill in the body of loophead. points in the body are those which // are reachable from loophead over non-backedges, and which themselves // reach a backedge for loophead. note that in the case of loop nesting, // a point may be contained in the body of multiple loops. // if any irreducible edges are found (edges incoming to a body point // other than loophead whose source is not in the body), those edges // are added to irreducible_edges void GetLoopBody(BlockCFG *cfg, PPoint loophead, Vector<PEdge*> *irreducible_edges) { Vector<PPoint> *body_list = body_list_table->Lookup(loophead, true); Assert(body_list->Empty()); // worklist items are points which reach a loop backedge but whose // incoming edges have not yet been examined. Vector<PPoint> worklist; const Vector<PEdge*> &head_incoming = cfg->GetIncomingEdges(loophead); for (size_t iind = 0; iind < head_incoming.Size(); iind++) { PEdge *edge = head_incoming[iind]; PPoint source = edge->GetSource(); if (backedge_table->Lookup(edge)) { Assert(reach_table->Lookup(PPointPair(loophead, source))); if (!body_table->Insert(PPointPair(loophead, source))) { body_list->PushBack(source); worklist.PushBack(source); } } } // this should only be called on loops that have actual backedges Assert(!worklist.Empty()); while (!worklist.Empty()) { PPoint back = worklist.Back(); worklist.PopBack(); if (back == loophead) continue; const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(back); for (size_t iind = 0; iind < incoming.Size(); iind++) { PEdge *edge = incoming[iind]; PPoint source = edge->GetSource(); if (reach_table->Lookup(PPointPair(loophead, source))) { if (!body_table->Insert(PPointPair(loophead, source))) { body_list->PushBack(source); worklist.PushBack(source); } } else if (entry_reach_table->Lookup(source)) { // the source is not reachable from the loophead. // this is an irreducible edge. irreducible_edges->PushBack(edge); } } } }
void BlockSummary::GetAssumedBits(BlockMemory *mcfg, PPoint end_point, Vector<AssumeInfo> *assume_list) { BlockId *id = mcfg->GetId(); BlockCFG *cfg = mcfg->GetCFG(); BlockSummary *sum = GetBlockSummary(id); const Vector<Bit*> *assumes = sum->GetAssumes(); size_t assume_count = VectorSize<Bit*>(assumes); // pull in assumptions from the summary for mcfg. in some cases these // assumptions won't be useful, e.g. describing the state at exit // for functions. for now we're just adding all of them though. TODO: fix. for (size_t ind = 0; ind < assume_count; ind++) { Bit *bit = assumes->At(ind); bit->IncRef(assume_list); AssumeInfo info; info.bit = bit; assume_list->PushBack(info); } sum->DecRef(); Vector<BlockCFG*> *annot_list = BodyAnnotCache.Lookup(id->Function()); // add assumes at function entry for any preconditions. if (id->Kind() == B_Function) { for (size_t ind = 0; annot_list && ind < annot_list->Size(); ind++) { BlockCFG *annot_cfg = annot_list->At(ind); if (annot_cfg->GetAnnotationKind() != AK_Precondition && annot_cfg->GetAnnotationKind() != AK_PreconditionAssume) continue; Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg); if (!bit) continue; annot_cfg->IncRef(assume_list); bit->IncRef(assume_list); AssumeInfo info; info.annot = annot_cfg; info.bit = bit; assume_list->PushBack(info); } } // add assumptions from points within the block. for (size_t pind = 0; pind < cfg->GetPointAnnotationCount(); pind++) { PointAnnotation pann = cfg->GetPointAnnotation(pind); if (end_point && pann.point >= end_point) continue; BlockCFG *annot_cfg = GetAnnotationCFG(pann.annot); if (!annot_cfg) continue; Assert(annot_cfg->GetAnnotationKind() != AK_AssertRuntime); if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) { // get the annotation bit in terms of block entry. Bit *point_bit = NULL; mcfg->TranslateBit(TRK_Point, pann.point, bit, &point_bit); point_bit->MoveRef(&point_bit, assume_list); annot_cfg->IncRef(assume_list); AssumeInfo info; info.annot = annot_cfg; info.point = pann.point; info.bit = point_bit; assume_list->PushBack(info); } annot_cfg->DecRef(); } // add assumptions from annotation edges within the block, invariants // on values accessed by the block, and from the summaries of any callees. for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) { PEdge *edge = cfg->GetEdge(eind); PPoint point = edge->GetSource(); if (end_point && point >= end_point) continue; InvariantAssumeVisitor visitor(mcfg, point, assume_list); edge->DoVisit(&visitor); if (PEdgeAnnotation *nedge = edge->IfAnnotation()) { // add an assumption for this annotation. BlockCFG *annot_cfg = GetAnnotationCFG(nedge->GetAnnotationId()); if (!annot_cfg) continue; Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg); // don't incorporate AssertRuntimes, these are not assumed. if (bit && annot_cfg->GetAnnotationKind() != AK_AssertRuntime) { // get the annotation bit in terms of block entry. Bit *point_bit = NULL; mcfg->TranslateBit(TRK_Point, point, bit, &point_bit); point_bit->MoveRef(&point_bit, assume_list); annot_cfg->IncRef(assume_list); AssumeInfo info; info.annot = annot_cfg; info.point = point; info.bit = point_bit; assume_list->PushBack(info); } annot_cfg->DecRef(); } if (BlockId *callee = edge->GetDirectCallee()) { GetCallAssumedBits(mcfg, edge, callee, false, assume_list); callee->DecRef(); } else if (edge->IsCall()) { // add conditional assumes for the indirect targets of the call. // this is most useful for baked information and annotations, where // we sometimes need to attach information at indirect calls. CallEdgeSet *callees = CalleeCache.Lookup(id->BaseVar()); size_t old_count = assume_list->Size(); if (callees) { for (size_t cind = 0; cind < callees->GetEdgeCount(); cind++) { const CallEdge &cedge = callees->GetEdge(cind); if (cedge.where.id == id && cedge.where.point == point) { cedge.callee->IncRef(); BlockId *callee = BlockId::Make(B_Function, cedge.callee); GetCallAssumedBits(mcfg, edge, callee, true, assume_list); callee->DecRef(); } } } if (assume_list->Size() != old_count) { // we managed to do something at this indirect call site. // add another assumption restricting the possible callees to // only those identified by our callgraph. GuardExpVector receiver_list; mcfg->TranslateReceiver(point, &receiver_list); for (size_t rind = 0; rind < receiver_list.Size(); rind++) { const GuardExp &gs = receiver_list[rind]; gs.guard->IncRef(); // make a bit: !when || rcv == callee0 || rcv == callee1 || ... Bit *extra_bit = Bit::MakeNot(gs.guard); for (size_t cind = 0; cind < callees->GetEdgeCount(); cind++) { const CallEdge &cedge = callees->GetEdge(cind); if (cedge.where.id == id && cedge.where.point == point) { Variable *callee_var = cedge.callee; callee_var->IncRef(); Exp *callee_exp = Exp::MakeVar(callee_var); gs.exp->IncRef(); Bit *equal = Exp::MakeCompareBit(B_Equal, callee_exp, gs.exp); extra_bit = Bit::MakeOr(extra_bit, equal); } } extra_bit->MoveRef(NULL, assume_list); AssumeInfo info; info.bit = extra_bit; assume_list->PushBack(info); } } CalleeCache.Release(id->BaseVar()); } } BodyAnnotCache.Release(id->Function()); // add assumptions from heap invariants describing values mentioned // in added assumptions. we could keep doing this transitively but don't, // to ensure termination. size_t count = assume_list->Size(); for (size_t ind = 0; ind < count; ind++) { InvariantAssumeVisitor visitor(NULL, 0, assume_list); assume_list->At(ind).bit->DoVisit(&visitor); } CombineAssumeList(assume_list); }
void TopoSortCFG(BlockCFG *cfg) { // can't topo sort a CFG that might have loops. Assert(cfg->GetLoopHeadCount() == 0); // map from old CFG points to the new points in the topo order. we can only // add a new point once we've added all its predecessors. PPointListHash remapping; // points in the remappping, in the order to add them to the CFG. Vector<Location*> new_points; // map from new points back to original CFG points. Vector<PPoint> old_points; // worklist items are the points where the sources of incoming edges have // already been added to the remapping, the point itself has not. Vector<PPoint> worklist; PPoint entry_point = cfg->GetEntryPoint(); PPoint exit_point = cfg->GetExitPoint(); // seed the worklist. worklist.PushBack(entry_point); while (!worklist.Empty()) { // pick the point from the worklist with the minimum line number. // if there is code like: // if (x) // a; // else // b; // we could add either a or b to the remapping first, but we want to add // a first. the ordering of points is used for naming loops, and we want // this ordering to be deterministic and map back to the code predictably. size_t best_index = 0; size_t best_line = cfg->GetPointLocation(worklist[0])->Line(); for (size_t ind = 1; ind < worklist.Size(); ind++) { size_t new_line = cfg->GetPointLocation(worklist[ind])->Line(); if (new_line < best_line) { best_index = ind; best_line = new_line; } } PPoint point = worklist[best_index]; worklist[best_index] = worklist.Back(); worklist.PopBack(); Assert(!remapping.Lookup(point, false)); Location *loc = cfg->GetPointLocation(point); loc->IncRef(); new_points.PushBack(loc); old_points.PushBack(point); remapping.Insert(point, new_points.Size()); const Vector<PEdge*> &outgoing = cfg->GetOutgoingEdges(point); for (size_t oind = 0; oind < outgoing.Size(); oind++) { PEdge *edge = outgoing[oind]; PPoint target = edge->GetTarget(); // this can happen if there are multiple edges from the worklist point // to the target, e.g. 'if (x) {}'. not going to happen much. if (worklist.Contains(target)) continue; Assert(!remapping.Lookup(target, false)); // we can add the target to the worklist if it has no incoming edges // from points not in the remapping. bool missing_incoming = false; const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(target); for (size_t iind = 0; iind < incoming.Size(); iind++) { PEdge *edge = incoming[iind]; PPoint source = edge->GetSource(); if (!remapping.Lookup(source, false)) { missing_incoming = true; break; } } if (!missing_incoming) worklist.PushBack(target); } } // this assert will fail if either the CFG contains cycles, or if there are // nodes unreachable from the start. neither of these cases should be // possible here. Assert(new_points.Size() == cfg->GetPointCount()); Assert(old_points.Size() == cfg->GetPointCount()); // remap all the edges. this is also done so that the edges will be // in topological order according to their source points. Vector<PEdge*> new_edges; for (size_t pind = 0; pind < old_points.Size(); pind++) { const Vector<PEdge*> &edges = cfg->GetOutgoingEdges(old_points[pind]); for (size_t eind = 0; eind < edges.Size(); eind++) { PEdge *edge = edges[eind]; PPoint new_source = remapping.LookupSingle(edge->GetSource()); PPoint new_target = remapping.LookupSingle(edge->GetTarget()); PEdge *new_edge = PEdge::ChangeEdge(edge, new_source, new_target); new_edges.PushBack(new_edge); } } // clear out the initial CFG. cfg->ClearBody(); // add the new points, edges, annotations. for (size_t pind = 0; pind < new_points.Size(); pind++) cfg->AddPoint(new_points[pind]); for (size_t eind = 0; eind < new_edges.Size(); eind++) cfg->AddEdge(new_edges[eind]); // set the new entry point. this had better be the first point in the order. PPoint new_entry_point = remapping.LookupSingle(entry_point); Assert(new_entry_point == 1); cfg->SetEntryPoint(new_entry_point); if (exit_point) { // set the new exit point. this had better be the last point in the order. PPoint new_exit_point = remapping.LookupSingle(exit_point); Assert(new_exit_point == new_points.Size()); cfg->SetExitPoint(new_exit_point); } }
void TrimUnreachable(BlockCFG *cfg, bool flatten_skips) { // can't flatten skips if there might be loops in the CFG. Assert(!flatten_skips || cfg->GetLoopHeadCount() == 0); // receives the locations of the new points and edges of the CFG. we will // fill these in, then replace wholesale the old points/edges on the CFG. Vector<Location*> new_points; Vector<PEdge*> new_edges; Vector<LoopHead> new_loop_heads; Vector<PPoint> worklist; // get the set of points reachable from CFG entry. // worklist items are points in entry_reachable whose outgoing edges // have not been examined. PPointHash entry_reachable; PPoint entry = cfg->GetEntryPoint(); entry_reachable.Insert(entry); worklist.PushBack(entry); while (!worklist.Empty()) { PPoint back = worklist.Back(); worklist.PopBack(); const Vector<PEdge*> &outgoing = cfg->GetOutgoingEdges(back); for (size_t oind = 0; oind < outgoing.Size(); oind++) { PEdge *edge = outgoing[oind]; PPoint next = edge->GetTarget(); if (!entry_reachable.Lookup(next)) { entry_reachable.Insert(next); worklist.PushBack(next); } } } // get the set of points which reach the CFG exit. // worklist items are points in exit_reaches whose incoming edges // have not been examined. PPointHash exit_reaches; PPoint exit = cfg->GetExitPoint(); exit_reaches.Insert(exit); worklist.PushBack(exit); while (!worklist.Empty()) { PPoint back = worklist.Back(); worklist.PopBack(); const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(back); for (size_t iind = 0; iind < incoming.Size(); iind++) { PEdge *edge = incoming[iind]; PPoint prev = edge->GetSource(); if (!exit_reaches.Lookup(prev)) { exit_reaches.Insert(prev); worklist.PushBack(prev); } } } // make sure we include the entry regardless of whether the function // has a path from entry to exit. exit_reaches.Insert(entry); if (flatten_skips) exit_reaches.Insert(FollowSkipEdges(cfg, entry)); // map from old points to corresponding new points. only defined for // points that are in both entry_reachable and exit_reaches, // and that do not have outgoing skip edges (if flatten_skips is set). PPointListHash remapping; // map from some old p0 to another old p1 where p0 connects to p1 by // skip edges and p1 has no outgoing skips. empty if flatten_skips is // not set. only defined if remapping is defined for p1. PPointListHash skip_remapping; for (PPoint point = 1; point <= cfg->GetPointCount(); point++) { if (entry_reachable.Lookup(point) && exit_reaches.Lookup(point)) { // if this is just the source of some skip edges flatten them out. // the target of the skips will be defined by remapping since // there can be only one outgoing skip edge from a point and // thus all paths from point pass through target_point; if point // reaches the exit then so does target_point. if (flatten_skips) { PPoint target_point = FollowSkipEdges(cfg, point); if (target_point != point) { skip_remapping.Insert(point, target_point); // don't add anything to remapping for point continue; } } Location *loc = cfg->GetPointLocation(point); loc->IncRef(); new_points.PushBack(loc); PPoint new_point = new_points.Size(); remapping.Insert(point, new_point); } } for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) { PEdge *edge = cfg->GetEdge(eind); PPoint source = edge->GetSource(); PPoint target = edge->GetTarget(); if (skip_remapping.Lookup(source, false)) continue; // flatten any skips after the target point Vector<PPoint> *skip_target_list = skip_remapping.Lookup(target, false); if (skip_target_list) { Assert(skip_target_list->Size() == 1); target = skip_target_list->At(0); } Vector<PPoint> *new_source_list = remapping.Lookup(source, false); Vector<PPoint> *new_target_list = remapping.Lookup(target, false); if (new_source_list && new_target_list) { Assert(new_source_list->Size() == 1); Assert(new_target_list->Size() == 1); PPoint new_source = new_source_list->At(0); PPoint new_target = new_target_list->At(0); PEdge *new_edge = PEdge::ChangeEdge(edge, new_source, new_target); new_edges.PushBack(new_edge); } } for (size_t lind = 0; lind < cfg->GetLoopHeadCount(); lind++) { const LoopHead &head = cfg->GetLoopHead(lind); // don't check skip_remapping because we don't allow skip flattening // when the CFG still has loops in it Vector<PPoint> *new_point_list = remapping.Lookup(head.point, false); if (new_point_list) { Assert(new_point_list->Size() == 1); LoopHead new_head(new_point_list->At(0), head.end_location); if (head.end_location) head.end_location->IncRef(); new_loop_heads.PushBack(new_head); } } // clear out the initial CFG. cfg->ClearBody(); // add the new points, edges, loop heads. for (size_t pind = 0; pind < new_points.Size(); pind++) cfg->AddPoint(new_points[pind]); for (size_t eind = 0; eind < new_edges.Size(); eind++) cfg->AddEdge(new_edges[eind]); for (size_t lind = 0; lind < new_loop_heads.Size(); lind++) cfg->AddLoopHead(new_loop_heads[lind].point, new_loop_heads[lind].end_location); // set the new entry and exit points of the CFG. // the entry may be connected to skip edges Vector<PPoint> *skip_entry_list = skip_remapping.Lookup(entry, false); if (skip_entry_list) { Assert(skip_entry_list->Size() == 1); entry = skip_entry_list->At(0); } PPoint new_entry = remapping.LookupSingle(entry); PPoint new_exit = 0; Vector<PPoint> *new_exit_list = remapping.Lookup(exit, false); if (new_exit_list) { Assert(new_exit_list->Size() == 1); new_exit = new_exit_list->At(0); } cfg->SetEntryPoint(new_entry); cfg->SetExitPoint(new_exit); }
// clone a loop body, mapping each point in the body of loophead // to a new point in receive_cfg. receive_cfg will receive new points // for the cloned body, and new edges for any non-backedge whose source // and target are both in loophead's body. for other edges involving loophead, // old_entry/exit/backedge_indexes will be filled in with indexes into // the edges list of base_cfg. it may be that base_cfg == receive_cfg. void CloneLoopBody(BlockCFG *base_cfg, PPoint loophead, PPointListHash *remapping, BlockCFG *receive_cfg, Vector<size_t> *old_entry_indexes, Vector<size_t> *old_exit_indexes, Vector<size_t> *old_back_indexes) { Assert(remapping->IsEmpty()); Vector<PPoint> *body_list = body_list_table->Lookup(loophead, true); Assert(!body_list->Empty()); // allow for base_cfg == receive_cfg, so keep track of how many points and // edges were originally in base_cfg before modifying receive_cfg. size_t init_points_size = base_cfg->GetPointCount(); size_t init_edges_size = base_cfg->GetEdgeCount(); // copy all points in the loop body to the new CFG. for (size_t bind = 0; bind < body_list->Size(); bind++) { PPoint body_point = body_list->At(bind); Assert(remapping->Lookup(body_point, false) == NULL); Assert(0 < body_point && body_point <= init_points_size); Location *loc = base_cfg->GetPointLocation(body_point); loc->IncRef(); PPoint new_point = receive_cfg->AddPoint(loc); remapping->Insert(body_point, new_point); } // copy all edges between points in the body to the new CFG. for (size_t eind = 0; eind < init_edges_size; eind++) { PEdge *edge = base_cfg->GetEdge(eind); PPoint source = edge->GetSource(); PPoint target = edge->GetTarget(); if (!entry_reach_table->Lookup(source)) continue; PPoint new_source = 0; if (body_table->Lookup(PPointPair(loophead, source))) new_source = remapping->LookupSingle(source); PPoint new_target = 0; if (body_table->Lookup(PPointPair(loophead, target))) new_target = remapping->LookupSingle(target); if (!new_source && !new_target) { // edge is not involved with this loop. leave it alone } else if (!new_source && new_target) { // entry edge. leave it alone old_entry_indexes->PushBack(eind); } else if (new_source && !new_target) { // exit edge. leave it alone old_exit_indexes->PushBack(eind); } else { Assert(new_source && new_target); if (target == loophead) { // back edge. leave it alone Assert(backedge_table->Lookup(edge)); old_back_indexes->PushBack(eind); } else { // inner edge. clone the edge for the new source and target PEdge *new_edge = PEdge::ChangeEdge(edge, new_source, new_target); receive_cfg->AddEdge(new_edge); } } } }
// determine whether loophead is a reducible loop with backedges in cfg. // fill in dominate_table with the points dominated by loophead, // and add as backedges any edge going to loophead which is itself // dominated by loophead. return true if any backedges were found. bool GetLoopBackedges(BlockCFG *cfg, PPoint loophead) { // compute the nodes reachable from the entry point other than // through start. the dominated points are the dual of this set. // points reachable from the start according to the above criteria PPointHash reachable; // worklist items are points in reachable whose outgoing edges have // not been examined Vector<PPoint> worklist; if (!entry_reach_table->Lookup(loophead)) return false; PPoint entry = cfg->GetEntryPoint(); reachable.Insert(entry); worklist.PushBack(entry); while (!worklist.Empty()) { PPoint back = worklist.Back(); worklist.PopBack(); const Vector<PEdge*>& outgoing = cfg->GetOutgoingEdges(back); for (size_t oind = 0; oind < outgoing.Size(); oind++) { PEdge *edge = outgoing[oind]; PPoint next = edge->GetTarget(); if (next == loophead) continue; // already did this target if (reachable.Lookup(next)) continue; reachable.Insert(next); worklist.PushBack(next); } } // compute the set of dominated points. this is the difference // between the points reachable from the CFG entry, and the points // in the reach table we just computed. for (PPoint point = 1; point <= cfg->GetPointCount(); point++) { if (!reachable.Lookup(point) && entry_reach_table->Lookup(point)) dominate_table->Insert(PPointPair(loophead, point)); } // backedges on the loophead are incoming edges whose source is // dominated by the loophead bool found_backedge = false; const Vector<PEdge*> &incoming = cfg->GetIncomingEdges(loophead); for (size_t eind = 0; eind < incoming.Size(); eind++) { PEdge *edge = incoming[eind]; if (dominate_table->Lookup(PPointPair(loophead, edge->GetSource()))) { backedge_table->Insert(edge); found_backedge = true; } } return found_backedge; }
void InferSummaries(const Vector<BlockSummary*> &summary_list) { static BaseTimer infer_timer("infer_summaries"); Timer _timer(&infer_timer); if (summary_list.Empty()) return; Variable *function = summary_list[0]->GetId()->BaseVar(); Vector<BlockCFG*> *annot_list = BodyAnnotCache.Lookup(function->GetName()); // all traces which might refer to the result of pointer arithmetic. Vector<Exp*> arithmetic_list; ArithmeticEscape escape(function, arithmetic_list); // initial pass over the CFGs to get traces used in pointer arithmetic. for (size_t ind = 0; ind < summary_list.Size(); ind++) { BlockSummary *sum = summary_list[ind]; BlockCFG *cfg = sum->GetMemory()->GetCFG(); for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) { PEdge *edge = cfg->GetEdge(eind); if (PEdgeAssign *assign_edge = edge->IfAssign()) { Exp *left = assign_edge->GetLeftSide(); Exp *right = assign_edge->GetRightSide(); ProcessArithmeticAssign(&escape, cfg->GetId(), left, right); } } } for (size_t ind = 0; ind < summary_list.Size(); ind++) { BlockSummary *sum = summary_list[ind]; BlockMemory *mcfg = sum->GetMemory(); BlockCFG *cfg = mcfg->GetCFG(); // accumulate all the assertions at points in the CFG. Vector<AssertInfo> asserts; // add assertions at function exit for any postconditions. if (cfg->GetId()->Kind() == B_Function) { for (size_t aind = 0; annot_list && aind < annot_list->Size(); aind++) { BlockCFG *annot_cfg = annot_list->At(aind); if (annot_cfg->GetAnnotationKind() != AK_Postcondition) continue; if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) { AssertInfo info; info.kind = ASK_Annotation; info.cls = ASC_Check; info.point = cfg->GetExitPoint(); info.bit = bit; asserts.PushBack(info); } } } // add assertions for any point annotations within the CFG. for (size_t pind = 0; pind < cfg->GetPointAnnotationCount(); pind++) { PointAnnotation pann = cfg->GetPointAnnotation(pind); BlockCFG *annot_cfg = GetAnnotationCFG(pann.annot); if (!annot_cfg) continue; if (annot_cfg->GetAnnotationKind() != AK_Assert) continue; if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) { AssertInfo info; info.kind = ASK_Annotation; info.cls = ASC_Check; info.point = pann.point; info.bit = bit; asserts.PushBack(info); } } for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) { PEdge *edge = cfg->GetEdge(eind); PPoint point = edge->GetSource(); if (PEdgeAnnotation *nedge = edge->IfAnnotation()) { // add an assertion for this annotation if it not an assume. BlockCFG *annot_cfg = GetAnnotationCFG(nedge->GetAnnotationId()); if (!annot_cfg) continue; if (annot_cfg->GetAnnotationKind() != AK_Assert && annot_cfg->GetAnnotationKind() != AK_AssertRuntime) { continue; } if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) { AssertInfo info; info.kind = (annot_cfg->GetAnnotationKind() == AK_Assert) ? ASK_Annotation : ASK_AnnotationRuntime; info.cls = ASC_Check; info.point = point; info.bit = bit; asserts.PushBack(info); } } // add assertions for any invariants affected by a write. Exp *left = NULL; if (PEdgeAssign *nedge = edge->IfAssign()) left = nedge->GetLeftSide(); if (PEdgeCall *nedge = edge->IfCall()) left = nedge->GetReturnValue(); // for now our detection of affected invariants is pretty crude; // writes to fields can affect type invariants on the field's type // which use that field, and writes to global variables can affect // invariants on that global. TODO: pin this down once we draw a // precise line between which invariants can and can't be checked. if (left && left->IsFld()) { ExpFld *nleft = left->AsFld(); String *csu_name = nleft->GetField()->GetCSUType()->GetCSUName(); Vector<BlockCFG*> *comp_annot_list = CompAnnotCache.Lookup(csu_name); for (size_t aind = 0; comp_annot_list && aind < comp_annot_list->Size(); aind++) { BlockCFG *annot_cfg = comp_annot_list->At(aind); if (annot_cfg->GetAnnotationKind() != AK_Invariant) continue; Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg); if (!bit) continue; Vector<Exp*> lval_list; LvalListVisitor visitor(&lval_list); bit->DoVisit(&visitor); bool uses_field = false; for (size_t ind = 0; ind < lval_list.Size(); ind++) { if (ExpFld *lval = lval_list[ind]->IfFld()) { if (lval->GetField() == nleft->GetField()) uses_field = true; } } if (uses_field) { // this is a type invariant which uses the field being written // as an lvalue. we need to assert this write preserves // the invariant. BlockId *id = annot_cfg->GetId(); Variable *this_var = Variable::Make(id, VK_This, NULL, 0, NULL); Exp *this_exp = Exp::MakeVar(this_var); Exp *this_drf = Exp::MakeDrf(this_exp); Bit *new_bit = BitReplaceExp(bit, this_drf, nleft->GetTarget()); AssertInfo info; info.kind = ASK_Invariant; info.cls = ASC_Check; info.point = point; info.bit = new_bit; asserts.PushBack(info); } } CompAnnotCache.Release(csu_name); } if (left && left->IsVar()) { Variable *var = left->AsVar()->GetVariable(); if (var->Kind() == VK_Glob) { Vector<BlockCFG*> *glob_annot_list = InitAnnotCache.Lookup(var->GetName()); for (size_t aind = 0; glob_annot_list && aind < glob_annot_list->Size(); aind++) { BlockCFG *annot_cfg = glob_annot_list->At(aind); Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg); if (!bit) continue; AssertInfo info; info.kind = ASK_Invariant; info.cls = ASC_Check; info.point = point; info.bit = bit; asserts.PushBack(info); } InitAnnotCache.Release(var->GetName()); } } if (PEdgeCall *nedge = edge->IfCall()) { // add assertions for any callee preconditions. // pull preconditions from both direct and indirect calls. Vector<Variable*> callee_names; if (Variable *callee = nedge->GetDirectFunction()) { callee_names.PushBack(callee); } else { CallEdgeSet *callees = CalleeCache.Lookup(function); if (callees) { for (size_t cind = 0; cind < callees->GetEdgeCount(); cind++) { const CallEdge &edge = callees->GetEdge(cind); if (edge.where.id == cfg->GetId() && edge.where.point == point) callee_names.PushBack(edge.callee); } } // CalleeCache release is below. } for (size_t cind = 0; cind < callee_names.Size(); cind++) { String *callee = callee_names[cind]->GetName(); Vector<BlockCFG*> *call_annot_list = BodyAnnotCache.Lookup(callee); for (size_t aind = 0; call_annot_list && aind < call_annot_list->Size(); aind++) { BlockCFG *annot_cfg = call_annot_list->At(aind); if (annot_cfg->GetAnnotationKind() != AK_Precondition) continue; if (Bit *bit = BlockMemory::GetAnnotationBit(annot_cfg)) { ConvertCallsiteMapper mapper(cfg, point, false); Bit *caller_bit = bit->DoMap(&mapper); if (!caller_bit) continue; AssertInfo info; info.kind = ASK_Annotation; info.cls = ASC_Check; info.point = point; info.bit = caller_bit; asserts.PushBack(info); } } BodyAnnotCache.Release(callee); } if (!nedge->GetDirectFunction()) CalleeCache.Release(function); } BufferScanVisitor write_visitor(asserts, arithmetic_list, point, true); BufferScanVisitor read_visitor(asserts, arithmetic_list, point, false); IntegerScanVisitor integer_visitor(asserts, point); GCScanVisitor gcsafe_visitor(asserts, point); // only look at the written lvalues for the write visitor. if (PEdgeAssign *assign = edge->IfAssign()) write_visitor.Visit(assign->GetLeftSide()); if (PEdgeCall *call = edge->IfCall()) { if (Exp *returned = call->GetReturnValue()) write_visitor.Visit(returned); } edge->DoVisit(&read_visitor); // disable integer overflow visitor for now. // edge->DoVisit(&integer_visitor); edge->DoVisit(&gcsafe_visitor); } if (cfg->GetId()->Kind() == B_Function) { BlockModset *modset = GetBlockModset(cfg->GetId()); if (modset->CanGC()) { AssertInfo info; info.kind = ASK_CanGC; info.cls = ASC_Check; info.point = cfg->GetExitPoint(); String *name = cfg->GetId()->BaseVar()->GetName(); Variable *var = Variable::Make(NULL, VK_Glob, name, 0, name); Exp *varexp = Exp::MakeVar(var); Exp *gcsafe = Exp::MakeGCSafe(varexp, false); info.bit = Bit::MakeVar(gcsafe); asserts.PushBack(info); } } MarkRedundantAssertions(mcfg, asserts); // move the finished assertion list into the summary. for (size_t ind = 0; ind < asserts.Size(); ind++) { const AssertInfo &info = asserts[ind]; sum->AddAssert(info.kind, info.cls, info.point, info.bit); } } // infer delta and termination invariants for all summaries. for (size_t ind = 0; ind < summary_list.Size(); ind++) InferInvariants(summary_list[ind], arithmetic_list); BodyAnnotCache.Release(function->GetName()); }
void BlockModset::ComputeModset(BlockMemory *mcfg, bool indirect) { static BaseTimer compute_timer("modset_compute"); Timer _timer(&compute_timer); // get any indirect callees for this function, provided they have been // computed and stored in the callee database (indirect is set). CallEdgeSet *indirect_callees = NULL; if (indirect) indirect_callees = CalleeCache.Lookup(m_id->BaseVar()); BlockCFG *cfg = mcfg->GetCFG(); for (size_t eind = 0; eind < cfg->GetEdgeCount(); eind++) { PEdge *edge = cfg->GetEdge(eind); PPoint point = edge->GetSource(); if (edge->IsAssign() || edge->IsCall()) { // process direct assignments along this edge. const Vector<GuardAssign>* assigns = mcfg->GetAssigns(point); if (assigns) { for (size_t aind = 0; aind < assigns->Size(); aind++) { const GuardAssign &gasn = assigns->At(aind); ProcessUpdatedLval(mcfg, gasn.left, NULL, true, false); Exp *use_lval = NULL; Exp *kind = mcfg->GetTerminateAssign(point, gasn.left, gasn.right, &use_lval); if (kind) { ProcessUpdatedLval(mcfg, use_lval, kind, false, false); kind->DecRef(); } } } } // pull in modsets from the direct and indirect callees of the edge. if (BlockId *callee = edge->GetDirectCallee()) { ComputeModsetCall(mcfg, edge, callee, NULL); callee->DecRef(); } else if (edge->IsCall() && indirect_callees) { for (size_t ind = 0; ind < indirect_callees->GetEdgeCount(); ind++) { const CallEdge &cedge = indirect_callees->GetEdge(ind); // when comparing watch out for the case that this is a temporary // modset and does not share the same block kind as the edge point. if (cedge.where.version == cfg->GetVersion() && cedge.where.point == point && cedge.where.id->Function() == m_id->Function() && cedge.where.id->Loop() == m_id->Loop()) { cedge.callee->IncRef(); BlockId *callee = BlockId::Make(B_Function, cedge.callee); ComputeModsetCall(mcfg, edge, callee, cedge.rfld_chain); callee->DecRef(); } } } } // sort the modset exps to ensure a consistent representation. if (m_modset_list) SortVector<PointValue,compare_PointValue>(m_modset_list); if (m_assign_list) SortVector<GuardAssign,compare_GuardAssign>(m_assign_list); if (indirect) CalleeCache.Release(m_id->BaseVar()); }