Line data Source code
1 : /* Classes for managing a directed graph of <point, state> pairs.
2 : Copyright (C) 2019-2026 Free Software Foundation, Inc.
3 : Contributed by David Malcolm <dmalcolm@redhat.com>.
4 :
5 : This file is part of GCC.
6 :
7 : GCC is free software; you can redistribute it and/or modify it
8 : under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3, or (at your option)
10 : any later version.
11 :
12 : GCC is distributed in the hope that it will be useful, but
13 : WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 : General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with GCC; see the file COPYING3. If not see
19 : <http://www.gnu.org/licenses/>. */
20 :
21 : #ifndef GCC_ANALYZER_EXPLODED_GRAPH_H
22 : #define GCC_ANALYZER_EXPLODED_GRAPH_H
23 :
24 : #include "alloc-pool.h"
25 : #include "fibonacci_heap.h"
26 : #include "supergraph.h"
27 : #include "sbitmap.h"
28 : #include "shortest-paths.h"
29 : #include "analyzer/sm.h"
30 : #include "analyzer/program-state.h"
31 : #include "analyzer/diagnostic-manager.h"
32 : #include "analyzer/region-model.h"
33 :
34 : namespace ana {
35 :
36 : /* Concrete implementation of region_model_context, wiring it up to the
37 : rest of the analysis engine. */
38 :
39 1401867 : class impl_region_model_context : public region_model_context
40 : {
41 : public:
42 : impl_region_model_context (exploded_graph &eg,
43 : exploded_node *enode_for_diag,
44 :
45 : /* TODO: should we be getting the ECs from the
46 : old state, rather than the new? */
47 : const program_state *old_state,
48 : program_state *new_state,
49 : uncertainty_t *uncertainty,
50 : path_context *path_ctxt,
51 : const gimple *stmt = nullptr,
52 : bool *out_could_have_done_work = nullptr);
53 :
54 : impl_region_model_context (program_state *state,
55 : const extrinsic_state &ext_state,
56 : uncertainty_t *uncertainty,
57 : logger *logger = nullptr);
58 :
59 : bool
60 : warn_at (std::unique_ptr<pending_diagnostic> d,
61 : pending_location &&ploc) final override;
62 : void add_note (std::unique_ptr<pending_note> pn) final override;
63 : void add_event (std::unique_ptr<checker_event> event) final override;
64 : void on_svalue_leak (const svalue *) override;
65 : void on_liveness_change (const svalue_set &live_svalues,
66 : const region_model *model) final override;
67 769257 : logger *get_logger () final override
68 : {
69 5249 : return m_logger.get_logger ();
70 : }
71 :
72 : void on_state_leak (const state_machine &sm,
73 : const svalue *sval,
74 : state_machine::state_t state);
75 :
76 : void on_condition (const svalue *lhs,
77 : enum tree_code op,
78 : const svalue *rhs) final override;
79 :
80 : void on_bounded_ranges (const svalue &sval,
81 : const bounded_ranges &ranges) final override;
82 :
83 : void on_pop_frame (const frame_region *frame_reg) final override;
84 :
85 : void on_unknown_change (const svalue *sval, bool is_mutable) final override;
86 :
87 : void on_phi (const gphi *phi, tree rhs) final override;
88 :
89 : void on_unexpected_tree_code (tree t,
90 : const dump_location_t &loc) final override;
91 :
92 : void on_escaped_function (tree fndecl) final override;
93 :
94 : uncertainty_t *get_uncertainty () final override;
95 :
96 : void purge_state_involving (const svalue *sval) final override;
97 :
98 : void bifurcate (std::unique_ptr<custom_edge_info> info) final override;
99 : void terminate_path () final override;
100 1123163 : const extrinsic_state *get_ext_state () const final override
101 : {
102 1123163 : return &m_ext_state;
103 : }
104 : bool
105 : get_state_map_by_name (const char *name,
106 : sm_state_map **out_smap,
107 : const state_machine **out_sm,
108 : unsigned *out_sm_idx,
109 : std::unique_ptr<sm_context> *out_sm_context) override;
110 :
111 424198 : const gimple *get_stmt () const override { return m_stmt; }
112 0 : const exploded_graph *get_eg () const override { return m_eg; }
113 :
114 293 : const program_state *get_state () const override { return m_new_state; }
115 :
116 : void maybe_did_work () override;
117 52688 : bool checking_for_infinite_loop_p () const override { return false; }
118 0 : void on_unusable_in_infinite_loop () override {}
119 :
120 : pending_location
121 : get_pending_location_for_diag () const override;
122 :
123 : exploded_graph *m_eg;
124 : log_user m_logger;
125 : exploded_node *m_enode_for_diag;
126 : const program_state *m_old_state;
127 : program_state *m_new_state;
128 : const gimple *m_stmt;
129 : const extrinsic_state &m_ext_state;
130 : uncertainty_t *m_uncertainty;
131 : path_context *m_path_ctxt;
132 : bool *m_out_could_have_done_work;
133 : };
134 :
135 : /* A <program_point, program_state> pair, used internally by
136 : exploded_node as its immutable data, and as a key for identifying
137 : exploded_nodes we've already seen in the graph. */
138 :
139 832671 : class point_and_state
140 : {
141 : public:
142 420021 : point_and_state (const program_point &point,
143 : const program_state &state)
144 420021 : : m_point (point),
145 420021 : m_state (state),
146 420021 : m_hash (m_point.hash () ^ m_state.hash ())
147 : {
148 : /* We shouldn't be building point_and_states and thus exploded_nodes
149 : for states that aren't valid. */
150 420021 : gcc_assert (state.m_valid);
151 420021 : }
152 :
153 5858808 : hashval_t hash () const
154 : {
155 5858808 : return m_hash;
156 : }
157 5558876 : bool operator== (const point_and_state &other) const
158 : {
159 5600014 : return m_point == other.m_point && m_state == other.m_state;
160 : }
161 :
162 207222 : const program_point &get_point () const { return m_point; }
163 1834690 : const program_state &get_state () const { return m_state; }
164 :
165 27702 : void set_state (const program_state &state)
166 : {
167 27702 : m_state = state;
168 27702 : m_hash = m_point.hash () ^ m_state.hash ();
169 27702 : }
170 :
171 : void validate (const extrinsic_state &ext_state) const;
172 :
173 : private:
174 : program_point m_point;
175 : program_state m_state;
176 : hashval_t m_hash;
177 : };
178 :
179 : /* A traits class for exploded graphs and their nodes and edges. */
180 :
181 : struct eg_traits
182 : {
183 : typedef exploded_node node_t;
184 : typedef exploded_edge edge_t;
185 : typedef exploded_graph graph_t;
186 : struct dump_args_t
187 : {
188 12 : dump_args_t (const exploded_graph &eg) : m_eg (eg) {}
189 :
190 : bool show_enode_details_p (const exploded_node &enode) const;
191 :
192 : virtual void
193 433 : dump_extra_info (const exploded_node *, pretty_printer *) const {}
194 :
195 : const exploded_graph &m_eg;
196 : };
197 : typedef exploded_cluster cluster_t;
198 : };
199 :
200 : /* An exploded_node is a unique, immutable <point, state> pair within the
201 : exploded_graph.
202 : Each exploded_node has a unique index within the graph
203 : (for ease of debugging). */
204 :
205 : class exploded_node : public dnode<eg_traits>
206 : {
207 : public:
208 : /* Has this enode had exploded_graph::process_node called on it?
209 : This allows us to distinguish enodes that were merged during
210 : worklist-handling, and thus never had process_node called on them
211 : (in favor of processing the merged node). */
212 : enum class status
213 : {
214 : /* Node is in the worklist. */
215 : worklist,
216 :
217 : /* Node has had exploded_graph::process_node called on it. */
218 : processed,
219 :
220 : /* Node was excluded from worklist on creation.
221 : e.g. for handling exception-unwinding. */
222 : special,
223 :
224 : /* Node was left unprocessed due to merger; it won't have had
225 : exploded_graph::process_node called on it. */
226 : merger,
227 :
228 : /* Node was processed by maybe_process_run_of_enodes. */
229 : bulk_merged
230 : };
231 : static const char * status_to_str (enum status s);
232 :
233 : exploded_node (const point_and_state &ps, int index);
234 :
235 : hashval_t hash () const { return m_ps.hash (); }
236 :
237 : const char * get_dot_fillcolor () const;
238 : void dump_dot (graphviz_out *gv, const dump_args_t &args)
239 : const final override;
240 : void dump_dot_id (pretty_printer *pp) const;
241 :
242 : void dump_to_pp (pretty_printer *pp, const extrinsic_state &ext_state) const;
243 : void dump (FILE *fp, const extrinsic_state &ext_state) const;
244 : void dump (const extrinsic_state &ext_state) const;
245 :
246 : void dump_processed_stmts (pretty_printer *pp) const;
247 : void dump_saved_diagnostics (pretty_printer *pp) const;
248 :
249 : std::unique_ptr<json::object> to_json (const extrinsic_state &ext_state) const;
250 :
251 : void on_longjmp (exploded_graph &eg,
252 : const gcall &call,
253 : program_state *new_state,
254 : region_model_context *ctxt);
255 : void on_throw (exploded_graph &eg,
256 : const gcall &call,
257 : const program_point &after_throw_point,
258 : program_state *new_state,
259 : bool is_rethrow,
260 : region_model_context *ctxt);
261 :
262 : void detect_leaks (exploded_graph &eg);
263 :
264 3905805 : const program_point &get_point () const { return m_ps.get_point (); }
265 5126354 : const supernode *get_supernode () const
266 : {
267 1601298 : return get_point ().get_supernode ();
268 : }
269 395307 : location_t get_location () const
270 : {
271 787098 : return get_point ().get_location ();
272 : }
273 406472 : function *get_function () const
274 : {
275 807446 : return get_point ().get_function ();
276 : }
277 36937 : int get_stack_depth () const
278 : {
279 84832 : return get_point ().get_stack_depth ();
280 : }
281 :
282 1016343 : const program_state &get_state () const { return m_ps.get_state (); }
283 :
284 412650 : const point_and_state *get_ps_key () const { return &m_ps; }
285 : const program_point *get_point_key () const { return &m_ps.get_point (); }
286 :
287 : void dump_succs_and_preds (FILE *outf) const;
288 :
289 1357018 : enum status get_status () const { return m_status; }
290 411442 : void set_status (enum status s)
291 : {
292 411442 : gcc_assert (m_status == status::worklist);
293 411442 : m_status = s;
294 411442 : }
295 :
296 6642 : void add_diagnostic (const saved_diagnostic *sd)
297 : {
298 6642 : m_saved_diagnostics.safe_push (sd);
299 : }
300 437 : unsigned get_num_diagnostics () const
301 : {
302 437 : return m_saved_diagnostics.length ();
303 : }
304 4 : const saved_diagnostic *get_saved_diagnostic (unsigned idx) const
305 : {
306 4 : return m_saved_diagnostics[idx];
307 : }
308 :
309 : private:
310 : DISABLE_COPY_AND_ASSIGN (exploded_node);
311 :
312 : /* The <program_point, program_state> pair. This is const, as it
313 : is immutable once the exploded_node has been created. */
314 : const point_and_state m_ps;
315 :
316 : enum status m_status;
317 :
318 : /* The saved_diagnostics at this enode, borrowed from the
319 : diagnostic_manager. */
320 : auto_vec <const saved_diagnostic *> m_saved_diagnostics;
321 :
322 : public:
323 : /* The index of this exploded_node. */
324 : const int m_index;
325 : };
326 :
327 : /* An edge within the exploded graph.
328 : Some exploded_edges have an underlying superedge; others don't. */
329 :
330 : class exploded_edge : public dedge<eg_traits>
331 : {
332 : public:
333 : exploded_edge (exploded_node *src, exploded_node *dest,
334 : const superedge *sedge, bool could_do_work,
335 : std::unique_ptr<custom_edge_info> custom_info);
336 : void dump_dot (graphviz_out *gv, const dump_args_t &args)
337 : const final override;
338 : void dump_dot_label (pretty_printer *pp) const;
339 :
340 : std::unique_ptr<json::object> to_json () const;
341 :
342 : //private:
343 : const superedge *const m_sedge;
344 :
345 : /* nullptr for most edges; will be non-NULL for special cases
346 : such as an unwind from a longjmp to a setjmp, or when
347 : a signal is delivered to a signal-handler. */
348 : std::unique_ptr<custom_edge_info> m_custom_info;
349 :
350 59997 : bool could_do_work_p () const { return m_could_do_work_p; }
351 :
352 : const gimple *maybe_get_stmt () const;
353 : const operation *maybe_get_op () const;
354 :
355 : private:
356 : DISABLE_COPY_AND_ASSIGN (exploded_edge);
357 :
358 : /* For -Wanalyzer-infinite-loop.
359 : Set to true during processing if any of the activity along
360 : this edge is "externally-visible work" (and thus ruling this
361 : out as being part of an infinite loop.
362 :
363 : For example, given:
364 :
365 : while (1)
366 : do_something ();
367 :
368 : although it is an infinite loop, presumably the point of the
369 : program is the loop body, and thus reporting this as an infinite
370 : loop is likely to be unhelpful to the user. */
371 : bool m_could_do_work_p;
372 : };
373 :
374 : /* Extra data for an exploded_edge that represents an interprocedural
375 : call. */
376 :
377 : class interprocedural_call : public custom_edge_info
378 : {
379 : public:
380 8276 : interprocedural_call (const call_and_return_op &op,
381 : function &callee_fun)
382 8276 : : m_op (op),
383 8276 : m_callee_fun (callee_fun)
384 : {}
385 :
386 : void print (pretty_printer *pp) const final override;
387 :
388 : void get_dot_attrs (const char *&out_style,
389 : const char *&out_color) const final override;
390 :
391 : bool update_state (program_state *state,
392 : const exploded_edge *eedge,
393 : region_model_context *ctxt) const final override;
394 :
395 : bool update_model (region_model *model,
396 : const exploded_edge *eedge,
397 : region_model_context *ctxt) const final override;
398 :
399 : void add_events_to_path (checker_path *emission_path,
400 : const exploded_edge &eedge,
401 : pending_diagnostic &pd,
402 : const state_transition *state_trans) const final override;
403 :
404 : bool
405 : try_to_rewind_data_flow (rewind_context &) const final override;
406 :
407 : const gcall &get_gcall () const;
408 :
409 : private:
410 : const call_and_return_op &m_op;
411 : function &m_callee_fun;
412 : };
413 :
414 : /* Extra data for an exploded_edge that represents an interprocedural
415 : return. */
416 :
417 : class interprocedural_return : public custom_edge_info
418 : {
419 : public:
420 7344 : interprocedural_return (const gcall &call_stmt)
421 7344 : : m_call_stmt (call_stmt)
422 : {}
423 :
424 : void print (pretty_printer *pp) const final override;
425 :
426 : void get_dot_attrs (const char *&out_style,
427 : const char *&out_color) const final override;
428 :
429 : bool update_state (program_state *state,
430 : const exploded_edge *eedge,
431 : region_model_context *ctxt) const final override;
432 :
433 : bool update_model (region_model *model,
434 : const exploded_edge *eedge,
435 : region_model_context *ctxt) const final override;
436 :
437 : void add_events_to_path (checker_path *emission_path,
438 : const exploded_edge &eedge,
439 : pending_diagnostic &pd,
440 : const state_transition *state_trans) const final override;
441 :
442 : bool
443 : try_to_rewind_data_flow (rewind_context &) const final override;
444 :
445 : private:
446 : const gcall &m_call_stmt;
447 : };
448 :
449 : /* Extra data for an exploded_edge that represents a rewind from a
450 : longjmp to a setjmp (or from a siglongjmp to a sigsetjmp). */
451 :
452 25 : class rewind_info_t : public custom_edge_info
453 : {
454 : public:
455 45 : rewind_info_t (const setjmp_record &setjmp_record,
456 : const gcall &longjmp_call)
457 25 : : m_setjmp_record (setjmp_record),
458 25 : m_longjmp_call (longjmp_call)
459 : {}
460 :
461 0 : void print (pretty_printer *pp) const final override
462 : {
463 0 : pp_string (pp, "rewind");
464 0 : }
465 :
466 : bool update_model (region_model *model,
467 : const exploded_edge *eedge,
468 : region_model_context *ctxt) const final override;
469 :
470 : void add_events_to_path (checker_path *emission_path,
471 : const exploded_edge &eedge,
472 : pending_diagnostic &pd,
473 : const state_transition *state_trans) const final override;
474 :
475 : program_point
476 25 : get_point_before_setjmp () const
477 : {
478 25 : return get_enode_origin ()->get_point ();
479 : }
480 :
481 : program_point
482 25 : get_point_after_setjmp () const
483 : {
484 25 : const program_point &origin_point = get_enode_origin ()->get_point ();
485 25 : return program_point (m_setjmp_record.m_sedge->m_dest,
486 25 : origin_point.get_call_string ());
487 : }
488 :
489 68 : const gcall &get_setjmp_call () const
490 : {
491 46 : return *m_setjmp_record.m_setjmp_call;
492 : }
493 :
494 68 : const gcall &get_longjmp_call () const
495 : {
496 68 : return m_longjmp_call;
497 : }
498 :
499 40 : const exploded_node *get_enode_origin () const
500 : {
501 40 : return m_setjmp_record.m_enode;
502 : }
503 :
504 : private:
505 : setjmp_record m_setjmp_record;
506 : const gcall &m_longjmp_call;
507 : };
508 :
509 : /* Statistics about aspects of an exploded_graph. */
510 :
511 : struct stats
512 : {
513 : stats (int num_supernodes);
514 : void log (logger *logger) const;
515 : void dump (FILE *out) const;
516 :
517 : int get_total_enodes () const;
518 :
519 : int m_num_nodes;
520 : int m_node_reuse_count;
521 : int m_node_reuse_after_merge_count;
522 : int m_num_supernodes;
523 : };
524 :
525 : /* Traits class for ensuring uniqueness of point_and_state data within
526 : an exploded_graph. */
527 :
528 : struct eg_hash_map_traits
529 : {
530 : typedef const point_and_state *key_type;
531 : typedef exploded_node *value_type;
532 : typedef exploded_node *compare_type;
533 :
534 5858808 : static inline hashval_t hash (const key_type &k)
535 : {
536 5858808 : gcc_assert (k != nullptr);
537 5858808 : gcc_assert (k != reinterpret_cast<key_type> (1));
538 5858808 : return k->hash ();
539 : }
540 5558876 : static inline bool equal_keys (const key_type &k1, const key_type &k2)
541 : {
542 5558876 : gcc_assert (k1 != nullptr);
543 5558876 : gcc_assert (k2 != nullptr);
544 5558876 : gcc_assert (k1 != reinterpret_cast<key_type> (1));
545 5558876 : gcc_assert (k2 != reinterpret_cast<key_type> (1));
546 5558876 : if (k1 && k2)
547 5558876 : return *k1 == *k2;
548 : else
549 : /* Otherwise they must both be non-NULL. */
550 : return k1 == k2;
551 : }
552 : template <typename T>
553 : static inline void remove (T &)
554 : {
555 : /* empty; the nodes are handled elsewhere. */
556 : }
557 : template <typename T>
558 : static inline void mark_deleted (T &entry)
559 : {
560 : entry.m_key = reinterpret_cast<key_type> (1);
561 : }
562 : template <typename T>
563 1493209 : static inline void mark_empty (T &entry)
564 : {
565 1493209 : entry.m_key = nullptr;
566 : }
567 : template <typename T>
568 6646900 : static inline bool is_deleted (const T &entry)
569 : {
570 6646900 : return entry.m_key == reinterpret_cast<key_type> (1);
571 : }
572 : template <typename T>
573 21059662 : static inline bool is_empty (const T &entry)
574 : {
575 21059662 : return entry.m_key == nullptr;
576 : }
577 : static const bool empty_zero_p = false;
578 : };
579 :
580 : /* Per-program_point data for an exploded_graph. */
581 :
582 251383 : struct per_program_point_data
583 : {
584 251383 : per_program_point_data (const program_point &key)
585 251383 : : m_key (key), m_excess_enodes (0)
586 : {}
587 :
588 : const program_point m_key;
589 : auto_vec<exploded_node *> m_enodes;
590 : /* The number of attempts to create an enode for this point
591 : after exceeding --param=analyzer-max-enodes-per-program-point. */
592 : int m_excess_enodes;
593 : };
594 :
595 : /* Traits class for storing per-program_point data within
596 : an exploded_graph. */
597 :
598 : struct eg_point_hash_map_traits
599 : {
600 : typedef const program_point *key_type;
601 : typedef per_program_point_data *value_type;
602 : typedef per_program_point_data *compare_type;
603 :
604 4548998 : static inline hashval_t hash (const key_type &k)
605 : {
606 4548998 : gcc_assert (k != nullptr);
607 4548998 : gcc_assert (k != reinterpret_cast<key_type> (1));
608 4548998 : return k->hash ();
609 : }
610 4460910 : static inline bool equal_keys (const key_type &k1, const key_type &k2)
611 : {
612 4460910 : gcc_assert (k1 != nullptr);
613 4460910 : gcc_assert (k2 != nullptr);
614 4460910 : gcc_assert (k1 != reinterpret_cast<key_type> (1));
615 4460910 : gcc_assert (k2 != reinterpret_cast<key_type> (1));
616 4460910 : if (k1 && k2)
617 4460910 : return *k1 == *k2;
618 : else
619 : /* Otherwise they must both be non-NULL. */
620 : return k1 == k2;
621 : }
622 : template <typename T>
623 : static inline void remove (T &)
624 : {
625 : /* empty; the nodes are handled elsewhere. */
626 : }
627 : template <typename T>
628 : static inline void mark_deleted (T &entry)
629 : {
630 : entry.m_key = reinterpret_cast<key_type> (1);
631 : }
632 : template <typename T>
633 895868 : static inline void mark_empty (T &entry)
634 : {
635 895868 : entry.m_key = nullptr;
636 : }
637 : template <typename T>
638 5365576 : static inline bool is_deleted (const T &entry)
639 : {
640 5365576 : return entry.m_key == reinterpret_cast<key_type> (1);
641 : }
642 : template <typename T>
643 16392558 : static inline bool is_empty (const T &entry)
644 : {
645 16392558 : return entry.m_key == nullptr;
646 : }
647 : static const bool empty_zero_p = false;
648 : };
649 :
650 : /* Data about a particular call_string within an exploded_graph. */
651 :
652 : struct per_call_string_data
653 : {
654 9944 : per_call_string_data (const call_string &key, int num_supernodes)
655 9944 : : m_key (key), m_stats (num_supernodes)
656 : {}
657 :
658 : const call_string &m_key;
659 : stats m_stats;
660 : };
661 :
662 : /* Data about a particular function within an exploded_graph. */
663 :
664 : struct per_function_data
665 : {
666 367 : per_function_data () {}
667 : ~per_function_data ();
668 :
669 : void add_call_summary (exploded_node *node);
670 :
671 : auto_vec<call_summary *> m_summaries;
672 : };
673 :
674 : /* The strongly connected components of a supergraph.
675 : In particular, this allows us to compute a partial ordering
676 : of supernodes. */
677 :
678 : class strongly_connected_components
679 : {
680 : public:
681 : strongly_connected_components (const supergraph &sg, logger *logger);
682 :
683 3424954 : int get_scc_id (int node_index) const
684 : {
685 382 : return m_per_node[node_index].m_lowlink;
686 : }
687 :
688 : void dump () const;
689 :
690 : std::unique_ptr<json::array> to_json () const;
691 :
692 : private:
693 : struct per_node_data
694 : {
695 190885 : per_node_data ()
696 190885 : : m_id (-1), m_lowlink (-1), m_on_stack (false)
697 : {}
698 :
699 : int m_id;
700 : int m_lowlink;
701 : bool m_on_stack;
702 : };
703 :
704 : void strong_connect (unsigned index, logger *logger);
705 :
706 : const supergraph &m_sg;
707 : auto_vec<unsigned> m_stack;
708 : auto_vec<per_node_data> m_per_node;
709 : };
710 :
711 : /* The worklist of exploded_node instances that have been added to
712 : an exploded_graph, but that haven't yet been processed to find
713 : their successors (or warnings).
714 :
715 : The enodes are stored in a priority queue, ordered by a topological
716 : sort of the SCCs in the supergraph, so that enodes for the same
717 : program_point should appear at the front of the queue together.
718 : This allows for state-merging at CFG join-points, so that
719 : sufficiently-similar enodes can be merged into one. */
720 :
721 : class worklist
722 : {
723 : public:
724 : worklist (const exploded_graph &eg, const analysis_plan &plan);
725 : unsigned length () const;
726 : exploded_node *take_next ();
727 : exploded_node *peek_next ();
728 : void add_node (exploded_node *enode);
729 620 : int get_scc_id (const supernode &snode) const
730 : {
731 1240 : return m_scc.get_scc_id (snode.m_id);
732 : }
733 :
734 : std::unique_ptr<json::object> to_json () const;
735 :
736 : private:
737 : class key_t
738 : {
739 : public:
740 408669 : key_t (const worklist &w, exploded_node *enode)
741 408669 : : m_worklist (w), m_enode (enode)
742 : {}
743 :
744 1533513 : bool operator< (const key_t &other) const
745 : {
746 1533513 : return cmp (*this, other) < 0;
747 : }
748 :
749 436818 : bool operator== (const key_t &other) const
750 : {
751 436818 : return cmp (*this, other) == 0;
752 : }
753 :
754 436818 : bool operator> (const key_t &other) const
755 : {
756 873636 : return !(*this == other || *this < other);
757 : }
758 :
759 : private:
760 : static int cmp (const key_t &ka, const key_t &kb);
761 :
762 3434978 : int get_scc_id (const exploded_node *enode) const
763 : {
764 3434978 : const supernode *snode = enode->get_supernode ();
765 3434978 : if (snode == nullptr)
766 : return 0;
767 3424334 : return m_worklist.m_scc.get_scc_id (snode->m_id);
768 : }
769 :
770 : const worklist &m_worklist;
771 : exploded_node *m_enode;
772 : };
773 :
774 : /* The order is important here: m_scc needs to stick around
775 : until after m_queue has finished being cleaned up (the dtor
776 : calls the ordering fns). */
777 : strongly_connected_components m_scc;
778 : const analysis_plan &m_plan;
779 :
780 : /* Priority queue, backed by a fibonacci_heap. */
781 : typedef fibonacci_heap<key_t, exploded_node> queue_t;
782 : queue_t m_queue;
783 : };
784 :
785 : /* An exploded_graph is a directed graph of unique <point, state> pairs.
786 : It also has a worklist of nodes that are waiting for their successors
787 : to be added to the graph. */
788 :
789 : class exploded_graph : public digraph<eg_traits>
790 : {
791 : public:
792 : typedef hash_map <const call_string *,
793 : per_call_string_data *> call_string_data_map_t;
794 :
795 : exploded_graph (const supergraph &sg, logger *logger,
796 : const extrinsic_state &ext_state,
797 : const state_purge_map *purge_map,
798 : const analysis_plan &plan,
799 : int verbosity);
800 : ~exploded_graph ();
801 :
802 6724922 : logger *get_logger () const { return m_logger.get_logger (); }
803 :
804 68717 : const supergraph &get_supergraph () const { return m_sg; }
805 3916288 : const extrinsic_state &get_ext_state () const { return m_ext_state; }
806 6642 : engine *get_engine () const { return m_ext_state.get_engine (); }
807 416547 : const state_purge_map *get_purge_map () const { return m_purge_map; }
808 9027 : const analysis_plan &get_analysis_plan () const { return m_plan; }
809 :
810 6652 : exploded_node *get_origin () const { return m_origin; }
811 :
812 : exploded_node *add_function_entry (const function &fun);
813 :
814 : void build_initial_worklist ();
815 : void process_worklist ();
816 : bool maybe_process_run_of_enodes (exploded_node *node);
817 : void process_node (exploded_node *node);
818 :
819 : exploded_node *get_or_create_node (const program_point &point,
820 : const program_state &state,
821 : exploded_node *enode_for_diag,
822 : bool add_to_worklist = true);
823 : exploded_edge *add_edge (exploded_node *src, exploded_node *dest,
824 : const superedge *sedge, bool could_do_work,
825 : std::unique_ptr<custom_edge_info> custom = nullptr);
826 :
827 : per_program_point_data *
828 : get_or_create_per_program_point_data (const program_point &);
829 : per_program_point_data *
830 : get_per_program_point_data (const program_point &) const;
831 :
832 : per_call_string_data *
833 : get_or_create_per_call_string_data (const call_string &);
834 :
835 : per_function_data *
836 : get_or_create_per_function_data (function *);
837 : per_function_data *get_per_function_data (function *) const;
838 :
839 : void save_diagnostic (const state_machine &sm,
840 : const exploded_node *enode,
841 : const supernode *node, const gimple *stmt,
842 : tree var, state_machine::state_t state,
843 : pending_diagnostic *d);
844 :
845 14586 : diagnostic_manager &get_diagnostic_manager ()
846 : {
847 14606 : return m_diagnostic_manager;
848 : }
849 : const diagnostic_manager &get_diagnostic_manager () const
850 : {
851 : return m_diagnostic_manager;
852 : }
853 :
854 : stats *get_global_stats () { return &m_global_stats; }
855 : stats *get_or_create_function_stats (function *fn);
856 : void log_stats () const;
857 : void dump_stats (FILE *) const;
858 : void dump_exploded_nodes () const;
859 :
860 : std::unique_ptr<json::object> to_json () const;
861 :
862 : exploded_node *get_node_by_index (int idx) const;
863 :
864 : const call_string_data_map_t *get_per_call_string_data () const
865 : { return &m_per_call_string_data; }
866 :
867 620 : int get_scc_id (const supernode &node) const
868 : {
869 620 : return m_worklist.get_scc_id (node);
870 : }
871 :
872 : void on_escaped_function (tree fndecl);
873 :
874 : void unwind_from_exception (exploded_node &enode,
875 : const gimple *stmt,
876 : region_model_context *ctxt);
877 :
878 : /* In infinite-loop.cc */
879 : void detect_infinite_loops ();
880 :
881 : /* In infinite-recursion.cc */
882 : void detect_infinite_recursion (exploded_node *enode);
883 : exploded_node *find_previous_entry_to (function *top_of_stack_fun,
884 : exploded_node *enode) const;
885 :
886 : private:
887 : void print_bar_charts (pretty_printer *pp) const;
888 :
889 : DISABLE_COPY_AND_ASSIGN (exploded_graph);
890 :
891 : const supergraph &m_sg;
892 :
893 : log_user m_logger;
894 :
895 : /* Map from point/state to exploded node.
896 : To avoid duplication we store point_and_state
897 : *pointers* as keys, rather than point_and_state, using the
898 : instance from within the exploded_node, with a custom hasher. */
899 : typedef hash_map <const point_and_state *, exploded_node *,
900 : eg_hash_map_traits> map_t;
901 : map_t m_point_and_state_to_node;
902 :
903 : /* Map from program_point to per-program_point data. */
904 : typedef hash_map <const program_point *, per_program_point_data *,
905 : eg_point_hash_map_traits> point_map_t;
906 : point_map_t m_per_point_data;
907 :
908 : worklist m_worklist;
909 :
910 : exploded_node *m_origin;
911 :
912 : const extrinsic_state &m_ext_state;
913 :
914 : const state_purge_map *const m_purge_map;
915 :
916 : const analysis_plan &m_plan;
917 :
918 : typedef hash_map<function *, per_function_data *> per_function_data_t;
919 : per_function_data_t m_per_function_data;
920 :
921 : diagnostic_manager m_diagnostic_manager;
922 :
923 : /* Stats. */
924 : stats m_global_stats;
925 : typedef ordered_hash_map<function *, stats *> function_stat_map_t;
926 : function_stat_map_t m_per_function_stats;
927 : stats m_functionless_stats;
928 :
929 : call_string_data_map_t m_per_call_string_data;
930 :
931 : /* Functions with a top-level enode, to make add_function_entry
932 : be idempotent, for use in handling callbacks. */
933 : hash_set<function *> m_functions_with_enodes;
934 : };
935 :
936 : /* A reason why a particular exploded_path is infeasible. */
937 :
938 4 : class feasibility_problem
939 : {
940 : public:
941 4 : feasibility_problem (unsigned eedge_idx,
942 : const exploded_edge &eedge,
943 : std::unique_ptr<rejected_constraint> rc)
944 4 : : m_eedge_idx (eedge_idx), m_eedge (eedge),
945 4 : m_rc (std::move (rc))
946 : {}
947 :
948 : void dump_to_pp (pretty_printer *pp) const;
949 :
950 : unsigned m_eedge_idx;
951 : const exploded_edge &m_eedge;
952 : std::unique_ptr<rejected_constraint> m_rc;
953 : };
954 :
955 : /* A class for capturing the state of a node when checking a path
956 : through the exploded_graph for feasibility. */
957 :
958 : class feasibility_state
959 : {
960 : public:
961 : feasibility_state (region_model_manager *manager,
962 : const supergraph &sg);
963 : feasibility_state (const region_model &model,
964 : const supergraph &sg);
965 : feasibility_state (const feasibility_state &other);
966 :
967 : feasibility_state &operator= (const feasibility_state &other);
968 :
969 : bool maybe_update_for_edge (logger *logger,
970 : const exploded_edge *eedge,
971 : region_model_context *ctxt,
972 : std::unique_ptr<rejected_constraint> *out_rc);
973 :
974 201665 : region_model &get_model () { return m_model; }
975 1790 : const region_model &get_model () const { return m_model; }
976 : auto_sbitmap &get_snodes_visited () { return m_snodes_visited; }
977 : const auto_sbitmap &get_snodes_visited () const { return m_snodes_visited; }
978 :
979 : void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
980 :
981 : private:
982 : region_model m_model;
983 : auto_sbitmap m_snodes_visited;
984 : };
985 :
986 : // TODO: split the above up?
987 :
988 : } // namespace ana
989 :
990 : #endif /* GCC_ANALYZER_EXPLODED_GRAPH_H */
|
