Line data Source code
1 : /* Classes for managing a directed graph of <point, state> pairs.
2 : Copyright (C) 2019-2026 Free Software Foundation, Inc.
3 : Contributed by David Malcolm <dmalcolm@redhat.com>.
4 :
5 : This file is part of GCC.
6 :
7 : GCC is free software; you can redistribute it and/or modify it
8 : under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3, or (at your option)
10 : any later version.
11 :
12 : GCC is distributed in the hope that it will be useful, but
13 : WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 : General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with GCC; see the file COPYING3. If not see
19 : <http://www.gnu.org/licenses/>. */
20 :
21 : #ifndef GCC_ANALYZER_EXPLODED_GRAPH_H
22 : #define GCC_ANALYZER_EXPLODED_GRAPH_H
23 :
24 : #include "alloc-pool.h"
25 : #include "fibonacci_heap.h"
26 : #include "supergraph.h"
27 : #include "sbitmap.h"
28 : #include "shortest-paths.h"
29 : #include "analyzer/sm.h"
30 : #include "analyzer/program-state.h"
31 : #include "analyzer/diagnostic-manager.h"
32 : #include "analyzer/region-model.h"
33 :
34 : namespace ana {
35 :
36 : /* Concrete implementation of region_model_context, wiring it up to the
37 : rest of the analysis engine. */
38 :
39 1356344 : class impl_region_model_context : public region_model_context
40 : {
41 : public:
42 : impl_region_model_context (exploded_graph &eg,
43 : exploded_node *enode_for_diag,
44 :
45 : /* TODO: should we be getting the ECs from the
46 : old state, rather than the new? */
47 : const program_state *old_state,
48 : program_state *new_state,
49 : uncertainty_t *uncertainty,
50 : path_context *path_ctxt,
51 : const gimple *stmt = nullptr,
52 : bool *out_could_have_done_work = nullptr);
53 :
54 : impl_region_model_context (program_state *state,
55 : const extrinsic_state &ext_state,
56 : uncertainty_t *uncertainty,
57 : logger *logger = nullptr);
58 :
59 : bool
60 : warn_at (std::unique_ptr<pending_diagnostic> d,
61 : pending_location &&ploc) final override;
62 : void add_note (std::unique_ptr<pending_note> pn) final override;
63 : void add_event (std::unique_ptr<checker_event> event) final override;
64 : void on_svalue_leak (const svalue *) override;
65 : void on_liveness_change (const svalue_set &live_svalues,
66 : const region_model *model) final override;
67 739897 : logger *get_logger () final override
68 : {
69 5241 : return m_logger.get_logger ();
70 : }
71 :
72 : void on_state_leak (const state_machine &sm,
73 : const svalue *sval,
74 : state_machine::state_t state);
75 :
76 : void on_condition (const svalue *lhs,
77 : enum tree_code op,
78 : const svalue *rhs) final override;
79 :
80 : void on_bounded_ranges (const svalue &sval,
81 : const bounded_ranges &ranges) final override;
82 :
83 : void on_pop_frame (const frame_region *frame_reg) final override;
84 :
85 : void on_unknown_change (const svalue *sval, bool is_mutable) final override;
86 :
87 : void on_phi (const gphi *phi, tree rhs) final override;
88 :
89 : void on_unexpected_tree_code (tree t,
90 : const dump_location_t &loc) final override;
91 :
92 : void on_escaped_function (tree fndecl) final override;
93 :
94 : uncertainty_t *get_uncertainty () final override;
95 :
96 : void purge_state_involving (const svalue *sval) final override;
97 :
98 : void bifurcate (std::unique_ptr<custom_edge_info> info) final override;
99 : void terminate_path () final override;
100 1080218 : const extrinsic_state *get_ext_state () const final override
101 : {
102 1080218 : return &m_ext_state;
103 : }
104 : bool
105 : get_state_map_by_name (const char *name,
106 : sm_state_map **out_smap,
107 : const state_machine **out_sm,
108 : unsigned *out_sm_idx,
109 : std::unique_ptr<sm_context> *out_sm_context) override;
110 :
111 408095 : const gimple *get_stmt () const override { return m_stmt; }
112 0 : const exploded_graph *get_eg () const override { return m_eg; }
113 :
114 293 : const program_state *get_state () const override { return m_new_state; }
115 :
116 : void maybe_did_work () override;
117 51043 : bool checking_for_infinite_loop_p () const override { return false; }
118 0 : void on_unusable_in_infinite_loop () override {}
119 :
120 : pending_location
121 : get_pending_location_for_diag () const override;
122 :
123 : exploded_graph *m_eg;
124 : log_user m_logger;
125 : exploded_node *m_enode_for_diag;
126 : const program_state *m_old_state;
127 : program_state *m_new_state;
128 : const gimple *m_stmt;
129 : const extrinsic_state &m_ext_state;
130 : uncertainty_t *m_uncertainty;
131 : path_context *m_path_ctxt;
132 : bool *m_out_could_have_done_work;
133 : };
134 :
135 : /* A <program_point, program_state> pair, used internally by
136 : exploded_node as its immutable data, and as a key for identifying
137 : exploded_nodes we've already seen in the graph. */
138 :
139 792205 : class point_and_state
140 : {
141 : public:
142 399791 : point_and_state (const program_point &point,
143 : const program_state &state)
144 399791 : : m_point (point),
145 399791 : m_state (state),
146 399791 : m_hash (m_point.hash () ^ m_state.hash ())
147 : {
148 : /* We shouldn't be building point_and_states and thus exploded_nodes
149 : for states that aren't valid. */
150 399791 : gcc_assert (state.m_valid);
151 399791 : }
152 :
153 5568051 : hashval_t hash () const
154 : {
155 5568051 : return m_hash;
156 : }
157 5287341 : bool operator== (const point_and_state &other) const
158 : {
159 5328456 : return m_point == other.m_point && m_state == other.m_state;
160 : }
161 :
162 200556 : const program_point &get_point () const { return m_point; }
163 1769164 : const program_state &get_state () const { return m_state; }
164 :
165 27553 : void set_state (const program_state &state)
166 : {
167 27553 : m_state = state;
168 27553 : m_hash = m_point.hash () ^ m_state.hash ();
169 27553 : }
170 :
171 : void validate (const extrinsic_state &ext_state) const;
172 :
173 : private:
174 : program_point m_point;
175 : program_state m_state;
176 : hashval_t m_hash;
177 : };
178 :
179 : /* A traits class for exploded graphs and their nodes and edges. */
180 :
181 : struct eg_traits
182 : {
183 : typedef exploded_node node_t;
184 : typedef exploded_edge edge_t;
185 : typedef exploded_graph graph_t;
186 : struct dump_args_t
187 : {
188 12 : dump_args_t (const exploded_graph &eg) : m_eg (eg) {}
189 :
190 : bool show_enode_details_p (const exploded_node &enode) const;
191 :
192 : virtual void
193 433 : dump_extra_info (const exploded_node *, pretty_printer *) const {}
194 :
195 : const exploded_graph &m_eg;
196 : };
197 : typedef exploded_cluster cluster_t;
198 : };
199 :
200 : /* An exploded_node is a unique, immutable <point, state> pair within the
201 : exploded_graph.
202 : Each exploded_node has a unique index within the graph
203 : (for ease of debugging). */
204 :
205 : class exploded_node : public dnode<eg_traits>
206 : {
207 : public:
208 : /* Has this enode had exploded_graph::process_node called on it?
209 : This allows us to distinguish enodes that were merged during
210 : worklist-handling, and thus never had process_node called on them
211 : (in favor of processing the merged node). */
212 : enum class status
213 : {
214 : /* Node is in the worklist. */
215 : worklist,
216 :
217 : /* Node has had exploded_graph::process_node called on it. */
218 : processed,
219 :
220 : /* Node was excluded from worklist on creation.
221 : e.g. for handling exception-unwinding. */
222 : special,
223 :
224 : /* Node was left unprocessed due to merger; it won't have had
225 : exploded_graph::process_node called on it. */
226 : merger,
227 :
228 : /* Node was processed by maybe_process_run_of_enodes. */
229 : bulk_merged
230 : };
231 : static const char * status_to_str (enum status s);
232 :
233 : exploded_node (const point_and_state &ps, int index);
234 :
235 : hashval_t hash () const { return m_ps.hash (); }
236 :
237 : const char * get_dot_fillcolor () const;
238 : void dump_dot (graphviz_out *gv, const dump_args_t &args)
239 : const final override;
240 : void dump_dot_id (pretty_printer *pp) const;
241 :
242 : void dump_to_pp (pretty_printer *pp, const extrinsic_state &ext_state) const;
243 : void dump (FILE *fp, const extrinsic_state &ext_state) const;
244 : void dump (const extrinsic_state &ext_state) const;
245 :
246 : void dump_processed_stmts (pretty_printer *pp) const;
247 : void dump_saved_diagnostics (pretty_printer *pp) const;
248 :
249 : std::unique_ptr<json::object> to_json (const extrinsic_state &ext_state) const;
250 :
251 : void on_longjmp (exploded_graph &eg,
252 : const gcall &call,
253 : program_state *new_state,
254 : region_model_context *ctxt);
255 : void on_throw (exploded_graph &eg,
256 : const gcall &call,
257 : const program_point &after_throw_point,
258 : program_state *new_state,
259 : bool is_rethrow,
260 : region_model_context *ctxt);
261 :
262 : void detect_leaks (exploded_graph &eg);
263 :
264 3764529 : const program_point &get_point () const { return m_ps.get_point (); }
265 5006158 : const supernode *get_supernode () const
266 : {
267 1562657 : return get_point ().get_supernode ();
268 : }
269 375743 : location_t get_location () const
270 : {
271 748022 : return get_point ().get_location ();
272 : }
273 386559 : function *get_function () const
274 : {
275 766271 : return get_point ().get_function ();
276 : }
277 36562 : int get_stack_depth () const
278 : {
279 83981 : return get_point ().get_stack_depth ();
280 : }
281 :
282 981659 : const program_state &get_state () const { return m_ps.get_state (); }
283 :
284 392414 : const point_and_state *get_ps_key () const { return &m_ps; }
285 : const program_point *get_point_key () const { return &m_ps.get_point (); }
286 :
287 : void dump_succs_and_preds (FILE *outf) const;
288 :
289 1287285 : enum status get_status () const { return m_status; }
290 391199 : void set_status (enum status s)
291 : {
292 391199 : gcc_assert (m_status == status::worklist);
293 391199 : m_status = s;
294 391199 : }
295 :
296 6615 : void add_diagnostic (const saved_diagnostic *sd)
297 : {
298 6615 : m_saved_diagnostics.safe_push (sd);
299 : }
300 437 : unsigned get_num_diagnostics () const
301 : {
302 437 : return m_saved_diagnostics.length ();
303 : }
304 4 : const saved_diagnostic *get_saved_diagnostic (unsigned idx) const
305 : {
306 4 : return m_saved_diagnostics[idx];
307 : }
308 :
309 : private:
310 : DISABLE_COPY_AND_ASSIGN (exploded_node);
311 :
312 : /* The <program_point, program_state> pair. This is const, as it
313 : is immutable once the exploded_node has been created. */
314 : const point_and_state m_ps;
315 :
316 : enum status m_status;
317 :
318 : /* The saved_diagnostics at this enode, borrowed from the
319 : diagnostic_manager. */
320 : auto_vec <const saved_diagnostic *> m_saved_diagnostics;
321 :
322 : public:
323 : /* The index of this exploded_node. */
324 : const int m_index;
325 :
326 : /* The number of stmts that were processed when process_node was
327 : called on this enode. */
328 : unsigned m_num_processed_stmts;
329 : };
330 :
331 : /* An edge within the exploded graph.
332 : Some exploded_edges have an underlying superedge; others don't. */
333 :
334 : class exploded_edge : public dedge<eg_traits>
335 : {
336 : public:
337 : exploded_edge (exploded_node *src, exploded_node *dest,
338 : const superedge *sedge, bool could_do_work,
339 : std::unique_ptr<custom_edge_info> custom_info);
340 : void dump_dot (graphviz_out *gv, const dump_args_t &args)
341 : const final override;
342 : void dump_dot_label (pretty_printer *pp) const;
343 :
344 : std::unique_ptr<json::object> to_json () const;
345 :
346 : //private:
347 : const superedge *const m_sedge;
348 :
349 : /* nullptr for most edges; will be non-NULL for special cases
350 : such as an unwind from a longjmp to a setjmp, or when
351 : a signal is delivered to a signal-handler. */
352 : std::unique_ptr<custom_edge_info> m_custom_info;
353 :
354 59979 : bool could_do_work_p () const { return m_could_do_work_p; }
355 :
356 : const gimple *maybe_get_stmt () const;
357 : const operation *maybe_get_op () const;
358 :
359 : private:
360 : DISABLE_COPY_AND_ASSIGN (exploded_edge);
361 :
362 : /* For -Wanalyzer-infinite-loop.
363 : Set to true during processing if any of the activity along
364 : this edge is "externally-visible work" (and thus ruling this
365 : out as being part of an infinite loop.
366 :
367 : For example, given:
368 :
369 : while (1)
370 : do_something ();
371 :
372 : although it is an infinite loop, presumably the point of the
373 : program is the loop body, and thus reporting this as an infinite
374 : loop is likely to be unhelpful to the user. */
375 : bool m_could_do_work_p;
376 : };
377 :
378 : /* Extra data for an exploded_edge that represents an interprocedural
379 : call. */
380 :
381 : class interprocedural_call : public custom_edge_info
382 : {
383 : public:
384 6830 : interprocedural_call (const call_and_return_op &op,
385 : function &callee_fun)
386 6830 : : m_op (op),
387 6830 : m_callee_fun (callee_fun)
388 : {}
389 :
390 : void print (pretty_printer *pp) const final override;
391 :
392 : void get_dot_attrs (const char *&out_style,
393 : const char *&out_color) const final override;
394 :
395 : bool update_state (program_state *state,
396 : const exploded_edge *eedge,
397 : region_model_context *ctxt) const final override;
398 :
399 : bool update_model (region_model *model,
400 : const exploded_edge *eedge,
401 : region_model_context *ctxt) const final override;
402 :
403 : void add_events_to_path (checker_path *emission_path,
404 : const exploded_edge &eedge,
405 : pending_diagnostic &pd,
406 : const state_transition *state_trans) const final override;
407 :
408 : bool
409 : try_to_rewind_data_flow (rewind_context &) const final override;
410 :
411 : const gcall &get_gcall () const;
412 :
413 : private:
414 : const call_and_return_op &m_op;
415 : function &m_callee_fun;
416 : };
417 :
418 : /* Extra data for an exploded_edge that represents an interprocedural
419 : return. */
420 :
421 : class interprocedural_return : public custom_edge_info
422 : {
423 : public:
424 5816 : interprocedural_return (const gcall &call_stmt)
425 5816 : : m_call_stmt (call_stmt)
426 : {}
427 :
428 : void print (pretty_printer *pp) const final override;
429 :
430 : void get_dot_attrs (const char *&out_style,
431 : const char *&out_color) const final override;
432 :
433 : bool update_state (program_state *state,
434 : const exploded_edge *eedge,
435 : region_model_context *ctxt) const final override;
436 :
437 : bool update_model (region_model *model,
438 : const exploded_edge *eedge,
439 : region_model_context *ctxt) const final override;
440 :
441 : void add_events_to_path (checker_path *emission_path,
442 : const exploded_edge &eedge,
443 : pending_diagnostic &pd,
444 : const state_transition *state_trans) const final override;
445 :
446 : bool
447 : try_to_rewind_data_flow (rewind_context &) const final override;
448 :
449 : private:
450 : const gcall &m_call_stmt;
451 : };
452 :
453 : /* Extra data for an exploded_edge that represents a rewind from a
454 : longjmp to a setjmp (or from a siglongjmp to a sigsetjmp). */
455 :
456 25 : class rewind_info_t : public custom_edge_info
457 : {
458 : public:
459 45 : rewind_info_t (const setjmp_record &setjmp_record,
460 : const gcall &longjmp_call)
461 25 : : m_setjmp_record (setjmp_record),
462 25 : m_longjmp_call (longjmp_call)
463 : {}
464 :
465 0 : void print (pretty_printer *pp) const final override
466 : {
467 0 : pp_string (pp, "rewind");
468 0 : }
469 :
470 : bool update_model (region_model *model,
471 : const exploded_edge *eedge,
472 : region_model_context *ctxt) const final override;
473 :
474 : void add_events_to_path (checker_path *emission_path,
475 : const exploded_edge &eedge,
476 : pending_diagnostic &pd,
477 : const state_transition *state_trans) const final override;
478 :
479 : program_point
480 25 : get_point_before_setjmp () const
481 : {
482 25 : return get_enode_origin ()->get_point ();
483 : }
484 :
485 : program_point
486 25 : get_point_after_setjmp () const
487 : {
488 25 : const program_point &origin_point = get_enode_origin ()->get_point ();
489 25 : return program_point (m_setjmp_record.m_sedge->m_dest,
490 25 : origin_point.get_call_string ());
491 : }
492 :
493 68 : const gcall &get_setjmp_call () const
494 : {
495 46 : return *m_setjmp_record.m_setjmp_call;
496 : }
497 :
498 68 : const gcall &get_longjmp_call () const
499 : {
500 68 : return m_longjmp_call;
501 : }
502 :
503 40 : const exploded_node *get_enode_origin () const
504 : {
505 40 : return m_setjmp_record.m_enode;
506 : }
507 :
508 : private:
509 : setjmp_record m_setjmp_record;
510 : const gcall &m_longjmp_call;
511 : };
512 :
513 : /* Statistics about aspects of an exploded_graph. */
514 :
515 : struct stats
516 : {
517 : stats (int num_supernodes);
518 : void log (logger *logger) const;
519 : void dump (FILE *out) const;
520 :
521 : int get_total_enodes () const;
522 :
523 : int m_num_nodes;
524 : int m_node_reuse_count;
525 : int m_node_reuse_after_merge_count;
526 : int m_num_supernodes;
527 : };
528 :
529 : /* Traits class for ensuring uniqueness of point_and_state data within
530 : an exploded_graph. */
531 :
532 : struct eg_hash_map_traits
533 : {
534 : typedef const point_and_state *key_type;
535 : typedef exploded_node *value_type;
536 : typedef exploded_node *compare_type;
537 :
538 5568051 : static inline hashval_t hash (const key_type &k)
539 : {
540 5568051 : gcc_assert (k != nullptr);
541 5568051 : gcc_assert (k != reinterpret_cast<key_type> (1));
542 5568051 : return k->hash ();
543 : }
544 5287341 : static inline bool equal_keys (const key_type &k1, const key_type &k2)
545 : {
546 5287341 : gcc_assert (k1 != nullptr);
547 5287341 : gcc_assert (k2 != nullptr);
548 5287341 : gcc_assert (k1 != reinterpret_cast<key_type> (1));
549 5287341 : gcc_assert (k2 != reinterpret_cast<key_type> (1));
550 5287341 : if (k1 && k2)
551 5287341 : return *k1 == *k2;
552 : else
553 : /* Otherwise they must both be non-NULL. */
554 : return k1 == k2;
555 : }
556 : template <typename T>
557 : static inline void remove (T &)
558 : {
559 : /* empty; the nodes are handled elsewhere. */
560 : }
561 : template <typename T>
562 : static inline void mark_deleted (T &entry)
563 : {
564 : entry.m_key = reinterpret_cast<key_type> (1);
565 : }
566 : template <typename T>
567 1418261 : static inline void mark_empty (T &entry)
568 : {
569 1418261 : entry.m_key = nullptr;
570 : }
571 : template <typename T>
572 6319656 : static inline bool is_deleted (const T &entry)
573 : {
574 6319656 : return entry.m_key == reinterpret_cast<key_type> (1);
575 : }
576 : template <typename T>
577 20044976 : static inline bool is_empty (const T &entry)
578 : {
579 20044976 : return entry.m_key == nullptr;
580 : }
581 : static const bool empty_zero_p = false;
582 : };
583 :
584 : /* Per-program_point data for an exploded_graph. */
585 :
586 233409 : struct per_program_point_data
587 : {
588 233409 : per_program_point_data (const program_point &key)
589 233409 : : m_key (key), m_excess_enodes (0)
590 : {}
591 :
592 : const program_point m_key;
593 : auto_vec<exploded_node *> m_enodes;
594 : /* The number of attempts to create an enode for this point
595 : after exceeding --param=analyzer-max-enodes-per-program-point. */
596 : int m_excess_enodes;
597 : };
598 :
599 : /* Traits class for storing per-program_point data within
600 : an exploded_graph. */
601 :
602 : struct eg_point_hash_map_traits
603 : {
604 : typedef const program_point *key_type;
605 : typedef per_program_point_data *value_type;
606 : typedef per_program_point_data *compare_type;
607 :
608 4121270 : static inline hashval_t hash (const key_type &k)
609 : {
610 4121270 : gcc_assert (k != nullptr);
611 4121270 : gcc_assert (k != reinterpret_cast<key_type> (1));
612 4121270 : return k->hash ();
613 : }
614 4050526 : static inline bool equal_keys (const key_type &k1, const key_type &k2)
615 : {
616 4050526 : gcc_assert (k1 != nullptr);
617 4050526 : gcc_assert (k2 != nullptr);
618 4050526 : gcc_assert (k1 != reinterpret_cast<key_type> (1));
619 4050526 : gcc_assert (k2 != reinterpret_cast<key_type> (1));
620 4050526 : if (k1 && k2)
621 4050526 : return *k1 == *k2;
622 : else
623 : /* Otherwise they must both be non-NULL. */
624 : return k1 == k2;
625 : }
626 : template <typename T>
627 : static inline void remove (T &)
628 : {
629 : /* empty; the nodes are handled elsewhere. */
630 : }
631 : template <typename T>
632 : static inline void mark_deleted (T &entry)
633 : {
634 : entry.m_key = reinterpret_cast<key_type> (1);
635 : }
636 : template <typename T>
637 828312 : static inline void mark_empty (T &entry)
638 : {
639 828312 : entry.m_key = nullptr;
640 : }
641 : template <typename T>
642 4887966 : static inline bool is_deleted (const T &entry)
643 : {
644 4887966 : return entry.m_key == reinterpret_cast<key_type> (1);
645 : }
646 : template <typename T>
647 15243668 : static inline bool is_empty (const T &entry)
648 : {
649 15243668 : return entry.m_key == nullptr;
650 : }
651 : static const bool empty_zero_p = false;
652 : };
653 :
654 : /* Data about a particular call_string within an exploded_graph. */
655 :
656 : struct per_call_string_data
657 : {
658 8554 : per_call_string_data (const call_string &key, int num_supernodes)
659 8554 : : m_key (key), m_stats (num_supernodes)
660 : {}
661 :
662 : const call_string &m_key;
663 : stats m_stats;
664 : };
665 :
666 : /* Data about a particular function within an exploded_graph. */
667 :
668 : struct per_function_data
669 : {
670 367 : per_function_data () {}
671 : ~per_function_data ();
672 :
673 : void add_call_summary (exploded_node *node);
674 :
675 : auto_vec<call_summary *> m_summaries;
676 : };
677 :
678 : /* The strongly connected components of a supergraph.
679 : In particular, this allows us to compute a partial ordering
680 : of supernodes. */
681 :
682 : class strongly_connected_components
683 : {
684 : public:
685 : strongly_connected_components (const supergraph &sg, logger *logger);
686 :
687 3343299 : int get_scc_id (int node_index) const
688 : {
689 382 : return m_per_node[node_index].m_lowlink;
690 : }
691 :
692 : void dump () const;
693 :
694 : std::unique_ptr<json::array> to_json () const;
695 :
696 : private:
697 : struct per_node_data
698 : {
699 183978 : per_node_data ()
700 183978 : : m_id (-1), m_lowlink (-1), m_on_stack (false)
701 : {}
702 :
703 : int m_id;
704 : int m_lowlink;
705 : bool m_on_stack;
706 : };
707 :
708 : void strong_connect (unsigned index, logger *logger);
709 :
710 : const supergraph &m_sg;
711 : auto_vec<unsigned> m_stack;
712 : auto_vec<per_node_data> m_per_node;
713 : };
714 :
715 : /* The worklist of exploded_node instances that have been added to
716 : an exploded_graph, but that haven't yet been processed to find
717 : their successors (or warnings).
718 :
719 : The enodes are stored in a priority queue, ordered by a topological
720 : sort of the SCCs in the supergraph, so that enodes for the same
721 : program_point should appear at the front of the queue together.
722 : This allows for state-merging at CFG join-points, so that
723 : sufficiently-similar enodes can be merged into one. */
724 :
725 : class worklist
726 : {
727 : public:
728 : worklist (const exploded_graph &eg, const analysis_plan &plan);
729 : unsigned length () const;
730 : exploded_node *take_next ();
731 : exploded_node *peek_next ();
732 : void add_node (exploded_node *enode);
733 620 : int get_scc_id (const supernode &snode) const
734 : {
735 1240 : return m_scc.get_scc_id (snode.m_id);
736 : }
737 :
738 : std::unique_ptr<json::object> to_json () const;
739 :
740 : private:
741 : class key_t
742 : {
743 : public:
744 388649 : key_t (const worklist &w, exploded_node *enode)
745 388649 : : m_worklist (w), m_enode (enode)
746 : {}
747 :
748 1483602 : bool operator< (const key_t &other) const
749 : {
750 1483602 : return cmp (*this, other) < 0;
751 : }
752 :
753 424872 : bool operator== (const key_t &other) const
754 : {
755 424872 : return cmp (*this, other) == 0;
756 : }
757 :
758 424872 : bool operator> (const key_t &other) const
759 : {
760 849744 : return !(*this == other || *this < other);
761 : }
762 :
763 : private:
764 : static int cmp (const key_t &ka, const key_t &kb);
765 :
766 3352946 : int get_scc_id (const exploded_node *enode) const
767 : {
768 3352946 : const supernode *snode = enode->get_supernode ();
769 3352946 : if (snode == nullptr)
770 : return 0;
771 3342679 : return m_worklist.m_scc.get_scc_id (snode->m_id);
772 : }
773 :
774 : const worklist &m_worklist;
775 : exploded_node *m_enode;
776 : };
777 :
778 : /* The order is important here: m_scc needs to stick around
779 : until after m_queue has finished being cleaned up (the dtor
780 : calls the ordering fns). */
781 : strongly_connected_components m_scc;
782 : const analysis_plan &m_plan;
783 :
784 : /* Priority queue, backed by a fibonacci_heap. */
785 : typedef fibonacci_heap<key_t, exploded_node> queue_t;
786 : queue_t m_queue;
787 : };
788 :
789 : /* An exploded_graph is a directed graph of unique <point, state> pairs.
790 : It also has a worklist of nodes that are waiting for their successors
791 : to be added to the graph. */
792 :
793 : class exploded_graph : public digraph<eg_traits>
794 : {
795 : public:
796 : typedef hash_map <const call_string *,
797 : per_call_string_data *> call_string_data_map_t;
798 :
799 : exploded_graph (const supergraph &sg, logger *logger,
800 : const extrinsic_state &ext_state,
801 : const state_purge_map *purge_map,
802 : const analysis_plan &plan,
803 : int verbosity);
804 : ~exploded_graph ();
805 :
806 6471369 : logger *get_logger () const { return m_logger.get_logger (); }
807 :
808 66148 : const supergraph &get_supergraph () const { return m_sg; }
809 3778844 : const extrinsic_state &get_ext_state () const { return m_ext_state; }
810 6615 : engine *get_engine () const { return m_ext_state.get_engine (); }
811 396368 : const state_purge_map *get_purge_map () const { return m_purge_map; }
812 7579 : const analysis_plan &get_analysis_plan () const { return m_plan; }
813 :
814 6625 : exploded_node *get_origin () const { return m_origin; }
815 :
816 : exploded_node *add_function_entry (const function &fun);
817 :
818 : void build_initial_worklist ();
819 : void process_worklist ();
820 : bool maybe_process_run_of_enodes (exploded_node *node);
821 : void process_node (exploded_node *node);
822 :
823 : exploded_node *get_or_create_node (const program_point &point,
824 : const program_state &state,
825 : exploded_node *enode_for_diag,
826 : bool add_to_worklist = true);
827 : exploded_edge *add_edge (exploded_node *src, exploded_node *dest,
828 : const superedge *sedge, bool could_do_work,
829 : std::unique_ptr<custom_edge_info> custom = nullptr);
830 :
831 : per_program_point_data *
832 : get_or_create_per_program_point_data (const program_point &);
833 : per_program_point_data *
834 : get_per_program_point_data (const program_point &) const;
835 :
836 : per_call_string_data *
837 : get_or_create_per_call_string_data (const call_string &);
838 :
839 : per_function_data *
840 : get_or_create_per_function_data (function *);
841 : per_function_data *get_per_function_data (function *) const;
842 :
843 : void save_diagnostic (const state_machine &sm,
844 : const exploded_node *enode,
845 : const supernode *node, const gimple *stmt,
846 : tree var, state_machine::state_t state,
847 : pending_diagnostic *d);
848 :
849 14508 : diagnostic_manager &get_diagnostic_manager ()
850 : {
851 14528 : return m_diagnostic_manager;
852 : }
853 : const diagnostic_manager &get_diagnostic_manager () const
854 : {
855 : return m_diagnostic_manager;
856 : }
857 :
858 : stats *get_global_stats () { return &m_global_stats; }
859 : stats *get_or_create_function_stats (function *fn);
860 : void log_stats () const;
861 : void dump_stats (FILE *) const;
862 : void dump_exploded_nodes () const;
863 :
864 : std::unique_ptr<json::object> to_json () const;
865 :
866 : exploded_node *get_node_by_index (int idx) const;
867 :
868 : const call_string_data_map_t *get_per_call_string_data () const
869 : { return &m_per_call_string_data; }
870 :
871 620 : int get_scc_id (const supernode &node) const
872 : {
873 620 : return m_worklist.get_scc_id (node);
874 : }
875 :
876 : void on_escaped_function (tree fndecl);
877 :
878 : void unwind_from_exception (exploded_node &enode,
879 : const gimple *stmt,
880 : region_model_context *ctxt);
881 :
882 : /* In infinite-loop.cc */
883 : void detect_infinite_loops ();
884 :
885 : /* In infinite-recursion.cc */
886 : void detect_infinite_recursion (exploded_node *enode);
887 : exploded_node *find_previous_entry_to (function *top_of_stack_fun,
888 : exploded_node *enode) const;
889 :
890 : private:
891 : void print_bar_charts (pretty_printer *pp) const;
892 :
893 : DISABLE_COPY_AND_ASSIGN (exploded_graph);
894 :
895 : const supergraph &m_sg;
896 :
897 : log_user m_logger;
898 :
899 : /* Map from point/state to exploded node.
900 : To avoid duplication we store point_and_state
901 : *pointers* as keys, rather than point_and_state, using the
902 : instance from within the exploded_node, with a custom hasher. */
903 : typedef hash_map <const point_and_state *, exploded_node *,
904 : eg_hash_map_traits> map_t;
905 : map_t m_point_and_state_to_node;
906 :
907 : /* Map from program_point to per-program_point data. */
908 : typedef hash_map <const program_point *, per_program_point_data *,
909 : eg_point_hash_map_traits> point_map_t;
910 : point_map_t m_per_point_data;
911 :
912 : worklist m_worklist;
913 :
914 : exploded_node *m_origin;
915 :
916 : const extrinsic_state &m_ext_state;
917 :
918 : const state_purge_map *const m_purge_map;
919 :
920 : const analysis_plan &m_plan;
921 :
922 : typedef hash_map<function *, per_function_data *> per_function_data_t;
923 : per_function_data_t m_per_function_data;
924 :
925 : diagnostic_manager m_diagnostic_manager;
926 :
927 : /* Stats. */
928 : stats m_global_stats;
929 : typedef ordered_hash_map<function *, stats *> function_stat_map_t;
930 : function_stat_map_t m_per_function_stats;
931 : stats m_functionless_stats;
932 :
933 : call_string_data_map_t m_per_call_string_data;
934 :
935 : /* Functions with a top-level enode, to make add_function_entry
936 : be idempotent, for use in handling callbacks. */
937 : hash_set<function *> m_functions_with_enodes;
938 : };
939 :
940 : /* A reason why a particular exploded_path is infeasible. */
941 :
942 4 : class feasibility_problem
943 : {
944 : public:
945 4 : feasibility_problem (unsigned eedge_idx,
946 : const exploded_edge &eedge,
947 : std::unique_ptr<rejected_constraint> rc)
948 4 : : m_eedge_idx (eedge_idx), m_eedge (eedge),
949 4 : m_rc (std::move (rc))
950 : {}
951 :
952 : void dump_to_pp (pretty_printer *pp) const;
953 :
954 : unsigned m_eedge_idx;
955 : const exploded_edge &m_eedge;
956 : std::unique_ptr<rejected_constraint> m_rc;
957 : };
958 :
959 : /* A class for capturing the state of a node when checking a path
960 : through the exploded_graph for feasibility. */
961 :
962 : class feasibility_state
963 : {
964 : public:
965 : feasibility_state (region_model_manager *manager,
966 : const supergraph &sg);
967 : feasibility_state (const region_model &model,
968 : const supergraph &sg);
969 : feasibility_state (const feasibility_state &other);
970 :
971 : feasibility_state &operator= (const feasibility_state &other);
972 :
973 : bool maybe_update_for_edge (logger *logger,
974 : const exploded_edge *eedge,
975 : region_model_context *ctxt,
976 : std::unique_ptr<rejected_constraint> *out_rc);
977 :
978 200949 : region_model &get_model () { return m_model; }
979 1778 : const region_model &get_model () const { return m_model; }
980 : auto_sbitmap &get_snodes_visited () { return m_snodes_visited; }
981 : const auto_sbitmap &get_snodes_visited () const { return m_snodes_visited; }
982 :
983 : void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
984 :
985 : private:
986 : region_model m_model;
987 : auto_sbitmap m_snodes_visited;
988 : };
989 :
990 : // TODO: split the above up?
991 :
992 : } // namespace ana
993 :
994 : #endif /* GCC_ANALYZER_EXPLODED_GRAPH_H */
|
