ExplodedGraph.h revision 261991
117721Speter//=-- ExplodedGraph.h - Local, Path-Sens. "Exploded Graph" -*- C++ -*-------==// 2175280Sobrien// 354431Speter// The LLVM Compiler Infrastructure 4175280Sobrien// 5175280Sobrien// This file is distributed under the University of Illinois Open Source 6175280Sobrien// License. See LICENSE.TXT for details. 7175280Sobrien// 8175280Sobrien//===----------------------------------------------------------------------===// 9175280Sobrien// 1017721Speter// This file defines the template classes ExplodedNode and ExplodedGraph, 1132788Speter// which represent a path-sensitive, intra-procedural "exploded graph." 1254431Speter// See "Precise interprocedural dataflow analysis via graph reachability" 1317721Speter// by Reps, Horwitz, and Sagiv 1417721Speter// (http://portal.acm.org/citation.cfm?id=199462) for the definition of an 1517721Speter// exploded graph. 1654431Speter// 1717721Speter//===----------------------------------------------------------------------===// 1817721Speter 1954431Speter#ifndef LLVM_CLANG_GR_EXPLODEDGRAPH 2017721Speter#define LLVM_CLANG_GR_EXPLODEDGRAPH 2117721Speter 2254431Speter#include "clang/AST/Decl.h" 2317721Speter#include "clang/Analysis/AnalysisContext.h" 2417721Speter#include "clang/Analysis/ProgramPoint.h" 2554431Speter#include "clang/Analysis/Support/BumpVector.h" 2617721Speter#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 2717721Speter#include "llvm/ADT/DepthFirstIterator.h" 2817721Speter#include "llvm/ADT/FoldingSet.h" 2917721Speter#include "llvm/ADT/GraphTraits.h" 3017721Speter#include "llvm/ADT/OwningPtr.h" 3154431Speter#include "llvm/ADT/SmallPtrSet.h" 3217721Speter#include "llvm/ADT/SmallVector.h" 3317721Speter#include "llvm/Support/Allocator.h" 3454431Speter#include "llvm/Support/Casting.h" 3517721Speter#include <vector> 3617721Speter 3717721Speternamespace clang { 3817721Speter 3954431Speterclass CFG; 4054431Speter 4117721Speternamespace ento { 4217721Speter 4317721Speterclass ExplodedGraph; 44175280Sobrien 4525839Speter//===----------------------------------------------------------------------===// 4617721Speter// ExplodedGraph "implementation" classes. These classes are not typed to 47102843Speter// contain a specific kind of state. Typed-specialized versions are defined 4817721Speter// on top of these classes. 4917721Speter//===----------------------------------------------------------------------===// 5017721Speter 5117721Speter// ExplodedNode is not constified all over the engine because we need to add 5225839Speter// successors to it at any time after creating it. 5334467Speter 5434467Speterclass ExplodedNode : public llvm::FoldingSetNode { 5517721Speter friend class ExplodedGraph; 5625839Speter friend class CoreEngine; 5734467Speter friend class NodeBuilder; 5817721Speter friend class BranchNodeBuilder; 5934467Speter friend class IndirectGotoNodeBuilder; 6025839Speter friend class SwitchNodeBuilder; 6125839Speter friend class EndOfFunctionNodeBuilder; 6225839Speter 6325839Speter /// Efficiently stores a list of ExplodedNodes, or an optional flag. 6425839Speter /// 65128269Speter /// NodeGroup provides opaque storage for a list of ExplodedNodes, optimizing 6625839Speter /// for the case when there is only one node in the group. This is a fairly 6781407Speter /// common case in an ExplodedGraph, where most nodes have only one 68128269Speter /// predecessor and many have only one successor. It can also be used to 69128269Speter /// store a flag rather than a node list, which ExplodedNode uses to mark 70128269Speter /// whether a node is a sink. If the flag is set, the group is implicitly 71128269Speter /// empty and no nodes may be added. 72128269Speter class NodeGroup { 73128269Speter // Conceptually a discriminated union. If the low bit is set, the node is 7425839Speter // a sink. If the low bit is not set, the pointer refers to the storage 7525839Speter // for the nodes in the group. 7625839Speter // This is not a PointerIntPair in order to keep the storage type opaque. 77128269Speter uintptr_t P; 78128269Speter 79128269Speter public: 8034467Speter NodeGroup(bool Flag = false) : P(Flag) { 8134467Speter assert(getFlag() == Flag); 8234467Speter } 8325839Speter 8417721Speter ExplodedNode * const *begin() const; 8517721Speter 8617721Speter ExplodedNode * const *end() const; 8717721Speter 8825839Speter unsigned size() const; 8925839Speter 9025839Speter bool empty() const { return P == 0 || getFlag() != 0; } 9125839Speter 9225839Speter /// Adds a node to the list. 9325839Speter /// 9425839Speter /// The group must not have been created with its flag set. 9525839Speter void addNode(ExplodedNode *N, ExplodedGraph &G); 9625839Speter 9734467Speter /// Replaces the single node in this group with a new node. 9834467Speter /// 9934467Speter /// Note that this should only be used when you know the group was not 10034467Speter /// created with its flag set, and that the group is empty or contains 10117721Speter /// only a single node. 10217721Speter void replaceNode(ExplodedNode *node); 10317721Speter 10466528Speter /// Returns whether this group was created with its flag set. 10517721Speter bool getFlag() const { 10683496Sdillon return (P & 1); 10717721Speter } 10817721Speter }; 10917721Speter 11017721Speter /// Location - The program location (within a function body) associated 11117721Speter /// with this node. 11225839Speter const ProgramPoint Location; 11317721Speter 11417721Speter /// State - The state associated with this node. 11517721Speter ProgramStateRef State; 11617721Speter 11717721Speter /// Preds - The predecessors of this node. 11881407Speter NodeGroup Preds; 11917721Speter 12017721Speter /// Succs - The successors of this node. 12117721Speter NodeGroup Succs; 12266528Speter 12317721Speterpublic: 12417721Speter 12517721Speter explicit ExplodedNode(const ProgramPoint &loc, ProgramStateRef state, 12617721Speter bool IsSink) 12725839Speter : Location(loc), State(state), Succs(IsSink) { 12881407Speter assert(isSink() == IsSink); 12925839Speter } 13025839Speter 13117721Speter ~ExplodedNode() {} 13217721Speter 13317721Speter /// getLocation - Returns the edge associated with the given node. 13483496Sdillon ProgramPoint getLocation() const { return Location; } 13532788Speter 13617721Speter const LocationContext *getLocationContext() const { 13717721Speter return getLocation().getLocationContext(); 13817721Speter } 13917721Speter 14017721Speter const StackFrameContext *getStackFrame() const { 14117721Speter return getLocationContext()->getCurrentStackFrame(); 14217721Speter } 14317721Speter 14417721Speter const Decl &getCodeDecl() const { return *getLocationContext()->getDecl(); } 14517721Speter 14617721Speter CFG &getCFG() const { return *getLocationContext()->getCFG(); } 14717721Speter 14817721Speter ParentMap &getParentMap() const {return getLocationContext()->getParentMap();} 14917721Speter 15083496Sdillon template <typename T> 15117721Speter T &getAnalysis() const { 15217721Speter return *getLocationContext()->getAnalysis<T>(); 15317721Speter } 15417721Speter 15517721Speter const ProgramStateRef &getState() const { return State; } 15617721Speter 15717721Speter template <typename T> 15817721Speter Optional<T> getLocationAs() const LLVM_LVALUE_FUNCTION { 15926065Speter return Location.getAs<T>(); 16083496Sdillon } 16117721Speter 16217721Speter static void Profile(llvm::FoldingSetNodeID &ID, 16317721Speter const ProgramPoint &Loc, 16417721Speter const ProgramStateRef &state, 16517721Speter bool IsSink) { 16617721Speter ID.Add(Loc); 16766528Speter ID.AddPointer(state.getPtr()); 16866528Speter ID.AddBoolean(IsSink); 16966528Speter } 17017721Speter 17117721Speter void Profile(llvm::FoldingSetNodeID& ID) const { 17217721Speter // We avoid copy constructors by not using accessors. 17317721Speter Profile(ID, Location, State, isSink()); 17417721Speter } 17517721Speter 17617721Speter /// addPredeccessor - Adds a predecessor to the current node, and 17717721Speter /// in tandem add this node as a successor of the other node. 17817721Speter void addPredecessor(ExplodedNode *V, ExplodedGraph &G); 17917721Speter 18017721Speter unsigned succ_size() const { return Succs.size(); } 18117721Speter unsigned pred_size() const { return Preds.size(); } 18217721Speter bool succ_empty() const { return Succs.empty(); } 18317721Speter bool pred_empty() const { return Preds.empty(); } 18417721Speter 18517721Speter bool isSink() const { return Succs.getFlag(); } 18617721Speter 18717721Speter bool hasSinglePred() const { 18817721Speter return (pred_size() == 1); 18917721Speter } 19017721Speter 19117721Speter ExplodedNode *getFirstPred() { 19217721Speter return pred_empty() ? NULL : *(pred_begin()); 19317721Speter } 194128269Speter 19517721Speter const ExplodedNode *getFirstPred() const { 19683496Sdillon return const_cast<ExplodedNode*>(this)->getFirstPred(); 19783496Sdillon } 19883496Sdillon 19917721Speter const ExplodedNode *getFirstSucc() const { 20017721Speter return succ_empty() ? NULL : *(succ_begin()); 20117721Speter } 20217721Speter 20317721Speter // Iterators over successor and predecessor vertices. 20417721Speter typedef ExplodedNode* const * succ_iterator; 20517721Speter typedef const ExplodedNode* const * const_succ_iterator; 20617721Speter typedef ExplodedNode* const * pred_iterator; 20717721Speter typedef const ExplodedNode* const * const_pred_iterator; 20817721Speter 209175280Sobrien pred_iterator pred_begin() { return Preds.begin(); } 21017721Speter pred_iterator pred_end() { return Preds.end(); } 21117721Speter 21217721Speter const_pred_iterator pred_begin() const { 21317721Speter return const_cast<ExplodedNode*>(this)->pred_begin(); 21417721Speter } 21517721Speter const_pred_iterator pred_end() const { 21617721Speter return const_cast<ExplodedNode*>(this)->pred_end(); 21717721Speter } 21817721Speter 21917721Speter succ_iterator succ_begin() { return Succs.begin(); } 22017721Speter succ_iterator succ_end() { return Succs.end(); } 22117721Speter 22217721Speter const_succ_iterator succ_begin() const { 22317721Speter return const_cast<ExplodedNode*>(this)->succ_begin(); 22417721Speter } 22517721Speter const_succ_iterator succ_end() const { 22617721Speter return const_cast<ExplodedNode*>(this)->succ_end(); 22717721Speter } 22817721Speter 22917721Speter // For debugging. 23025839Speter 23117721Speterpublic: 23225839Speter 23325839Speter class Auditor { 23417721Speter public: 23517721Speter virtual ~Auditor(); 23617721Speter virtual void AddEdge(ExplodedNode *Src, ExplodedNode *Dst) = 0; 23717721Speter }; 23817721Speter 23917721Speter static void SetAuditor(Auditor* A); 24017721Speter 24117721Speterprivate: 24217721Speter void replaceSuccessor(ExplodedNode *node) { Succs.replaceNode(node); } 24317721Speter void replacePredecessor(ExplodedNode *node) { Preds.replaceNode(node); } 24417721Speter}; 24517721Speter 24617721Spetertypedef llvm::DenseMap<const ExplodedNode *, const ExplodedNode *> 24717721Speter InterExplodedGraphMap; 24881407Speter 24917721Speterclass ExplodedGraph { 25025839Speterprotected: 25125839Speter friend class CoreEngine; 25217721Speter 25317721Speter // Type definitions. 25417721Speter typedef std::vector<ExplodedNode *> NodeVector; 25525839Speter 25617721Speter /// The roots of the simulation graph. Usually there will be only 25717721Speter /// one, but clients are free to establish multiple subgraphs within a single 25817721Speter /// SimulGraph. Moreover, these subgraphs can often merge when paths from 25917721Speter /// different roots reach the same state at the same program location. 26017721Speter NodeVector Roots; 26117721Speter 26217721Speter /// The nodes in the simulation graph which have been 26317721Speter /// specially marked as the endpoint of an abstract simulation path. 26417721Speter NodeVector EndNodes; 26517721Speter 26617721Speter /// Nodes - The nodes in the graph. 26717721Speter llvm::FoldingSet<ExplodedNode> Nodes; 26817721Speter 26917721Speter /// BVC - Allocator and context for allocating nodes and their predecessor 27017721Speter /// and successor groups. 27117721Speter BumpVectorContext BVC; 27266528Speter 27366528Speter /// NumNodes - The number of nodes in the graph. 27417721Speter unsigned NumNodes; 27517721Speter 27617721Speter /// A list of recently allocated nodes that can potentially be recycled. 27717721Speter NodeVector ChangedNodes; 27825839Speter 27925839Speter /// A list of nodes that can be reused. 28017721Speter NodeVector FreeNodes; 28117721Speter 28217721Speter /// Determines how often nodes are reclaimed. 28317721Speter /// 28417721Speter /// If this is 0, nodes will never be reclaimed. 28517721Speter unsigned ReclaimNodeInterval; 28625839Speter 28717721Speter /// Counter to determine when to reclaim nodes. 28866528Speter unsigned ReclaimCounter; 28966528Speter 29066528Speterpublic: 29132788Speter 29266528Speter /// \brief Retrieve the node associated with a (Location,State) pair, 29366528Speter /// where the 'Location' is a ProgramPoint in the CFG. If no node for 29466528Speter /// this pair exists, it is created. IsNew is set to true if 29566528Speter /// the node was freshly created. 29666528Speter ExplodedNode *getNode(const ProgramPoint &L, ProgramStateRef State, 29766528Speter bool IsSink = false, 29866528Speter bool* IsNew = 0); 29966528Speter 30066528Speter ExplodedGraph* MakeEmptyGraph() const { 30166528Speter return new ExplodedGraph(); 30225839Speter } 30325839Speter 30417721Speter /// addRoot - Add an untyped node to the set of roots. 305107487Speter ExplodedNode *addRoot(ExplodedNode *V) { 306107487Speter Roots.push_back(V); 30766528Speter return V; 30866528Speter } 30966528Speter 31066528Speter /// addEndOfPath - Add an untyped node to the set of EOP nodes. 31166528Speter ExplodedNode *addEndOfPath(ExplodedNode *V) { 31266528Speter EndNodes.push_back(V); 31366528Speter return V; 31466528Speter } 31525839Speter 31625839Speter ExplodedGraph(); 31766528Speter 31866528Speter ~ExplodedGraph(); 31954431Speter 32017721Speter unsigned num_roots() const { return Roots.size(); } 32117721Speter unsigned num_eops() const { return EndNodes.size(); } 32217721Speter 32317721Speter bool empty() const { return NumNodes == 0; } 32417721Speter unsigned size() const { return NumNodes; } 32517721Speter 32617721Speter // Iterators. 32717721Speter typedef ExplodedNode NodeTy; 32825839Speter typedef llvm::FoldingSet<ExplodedNode> AllNodesTy; 32925839Speter typedef NodeVector::iterator roots_iterator; 33017721Speter typedef NodeVector::const_iterator const_roots_iterator; 33117721Speter typedef NodeVector::iterator eop_iterator; 33217721Speter typedef NodeVector::const_iterator const_eop_iterator; 33317721Speter typedef AllNodesTy::iterator node_iterator; 334107487Speter typedef AllNodesTy::const_iterator const_node_iterator; 335107487Speter 33617721Speter node_iterator nodes_begin() { return Nodes.begin(); } 33754431Speter 33854431Speter node_iterator nodes_end() { return Nodes.end(); } 33954431Speter 34054431Speter const_node_iterator nodes_begin() const { return Nodes.begin(); } 34117721Speter 34225839Speter const_node_iterator nodes_end() const { return Nodes.end(); } 34354431Speter 34466528Speter roots_iterator roots_begin() { return Roots.begin(); } 34517721Speter 34617721Speter roots_iterator roots_end() { return Roots.end(); } 34717721Speter 34817721Speter const_roots_iterator roots_begin() const { return Roots.begin(); } 34917721Speter 35025839Speter const_roots_iterator roots_end() const { return Roots.end(); } 35125839Speter 35225839Speter eop_iterator eop_begin() { return EndNodes.begin(); } 35325839Speter 35425839Speter eop_iterator eop_end() { return EndNodes.end(); } 35525839Speter 35625839Speter const_eop_iterator eop_begin() const { return EndNodes.begin(); } 35725839Speter 35825839Speter const_eop_iterator eop_end() const { return EndNodes.end(); } 35925839Speter 36025839Speter llvm::BumpPtrAllocator & getAllocator() { return BVC.getAllocator(); } 36125839Speter BumpVectorContext &getNodeAllocator() { return BVC; } 36225839Speter 36325839Speter typedef llvm::DenseMap<const ExplodedNode*, ExplodedNode*> NodeMap; 36425839Speter 36566528Speter /// Creates a trimmed version of the graph that only contains paths leading 36625839Speter /// to the given nodes. 36766528Speter /// 36866528Speter /// \param Nodes The nodes which must appear in the final graph. Presumably 36917721Speter /// these are end-of-path nodes (i.e. they have no successors). 37025839Speter /// \param[out] ForwardMap A optional map from nodes in this graph to nodes in 37117721Speter /// the returned graph. 37225839Speter /// \param[out] InverseMap An optional map from nodes in the returned graph to 37366528Speter /// nodes in this graph. 37417721Speter /// \returns The trimmed graph 37517721Speter ExplodedGraph *trim(ArrayRef<const NodeTy *> Nodes, 37617721Speter InterExplodedGraphMap *ForwardMap = 0, 37717721Speter InterExplodedGraphMap *InverseMap = 0) const; 37817721Speter 37917721Speter /// Enable tracking of recently allocated nodes for potential reclamation 38017721Speter /// when calling reclaimRecentlyAllocatedNodes(). 38125839Speter void enableNodeReclamation(unsigned Interval) { 38225839Speter ReclaimCounter = ReclaimNodeInterval = Interval; 38325839Speter } 38425839Speter 38517721Speter /// Reclaim "uninteresting" nodes created since the last time this method 38617721Speter /// was called. 38717721Speter void reclaimRecentlyAllocatedNodes(); 38817721Speter 38917721Speter /// \brief Returns true if nodes for the given expression kind are always 39017721Speter /// kept around. 39117721Speter static bool isInterestingLValueExpr(const Expr *Ex); 39217721Speter 39317721Speterprivate: 39417721Speter bool shouldCollect(const ExplodedNode *node); 39517721Speter void collectNode(ExplodedNode *node); 39617721Speter}; 39717721Speter 39817721Speterclass ExplodedNodeSet { 39966528Speter typedef llvm::SmallPtrSet<ExplodedNode*,5> ImplTy; 40066528Speter ImplTy Impl; 40166528Speter 40266528Speterpublic: 40366528Speter ExplodedNodeSet(ExplodedNode *N) { 40417721Speter assert (N && !static_cast<ExplodedNode*>(N)->isSink()); 40517721Speter Impl.insert(N); 40617721Speter } 40717721Speter 40817721Speter ExplodedNodeSet() {} 40917721Speter 41066528Speter inline void Add(ExplodedNode *N) { 41166528Speter if (N && !static_cast<ExplodedNode*>(N)->isSink()) Impl.insert(N); 41266528Speter } 41325839Speter 41425839Speter typedef ImplTy::iterator iterator; 41517721Speter typedef ImplTy::const_iterator const_iterator; 41617721Speter 41717721Speter unsigned size() const { return Impl.size(); } 41817721Speter bool empty() const { return Impl.empty(); } 41917721Speter bool erase(ExplodedNode *N) { return Impl.erase(N); } 42017721Speter 42117721Speter void clear() { Impl.clear(); } 42217721Speter void insert(const ExplodedNodeSet &S) { 42317721Speter assert(&S != this); 42417721Speter if (empty()) 42517721Speter Impl = S.Impl; 42617721Speter else 42717721Speter Impl.insert(S.begin(), S.end()); 42883496Sdillon } 429128269Speter 43017721Speter inline iterator begin() { return Impl.begin(); } 43117721Speter inline iterator end() { return Impl.end(); } 43217721Speter 43317721Speter inline const_iterator begin() const { return Impl.begin(); } 43417721Speter inline const_iterator end() const { return Impl.end(); } 435130307Speter}; 43617721Speter 43717721Speter} // end GR namespace 438130307Speter 439130307Speter} // end clang namespace 44017721Speter 44117721Speter// GraphTraits 44217721Speter 44317721Speternamespace llvm { 44417721Speter template<> struct GraphTraits<clang::ento::ExplodedNode*> { 44581407Speter typedef clang::ento::ExplodedNode NodeType; 446128269Speter typedef NodeType::succ_iterator ChildIteratorType; 44717721Speter typedef llvm::df_iterator<NodeType*> nodes_iterator; 44817721Speter 44917721Speter static inline NodeType* getEntryNode(NodeType* N) { 45017721Speter return N; 45117721Speter } 45217721Speter 45317721Speter static inline ChildIteratorType child_begin(NodeType* N) { 45417721Speter return N->succ_begin(); 45517721Speter } 45617721Speter 45717721Speter static inline ChildIteratorType child_end(NodeType* N) { 45817721Speter return N->succ_end(); 45917721Speter } 46017721Speter 46117721Speter static inline nodes_iterator nodes_begin(NodeType* N) { 46283496Sdillon return df_begin(N); 463128269Speter } 46417721Speter 46517721Speter static inline nodes_iterator nodes_end(NodeType* N) { 46617721Speter return df_end(N); 46717721Speter } 46817721Speter }; 46917721Speter 47017721Speter template<> struct GraphTraits<const clang::ento::ExplodedNode*> { 47117721Speter typedef const clang::ento::ExplodedNode NodeType; 47217721Speter typedef NodeType::const_succ_iterator ChildIteratorType; 47317721Speter typedef llvm::df_iterator<NodeType*> nodes_iterator; 47417721Speter 47517721Speter static inline NodeType* getEntryNode(NodeType* N) { 47617721Speter return N; 47783496Sdillon } 47817721Speter 47917721Speter static inline ChildIteratorType child_begin(NodeType* N) { 48017721Speter return N->succ_begin(); 48117721Speter } 48217721Speter 48317721Speter static inline ChildIteratorType child_end(NodeType* N) { 48417721Speter return N->succ_end(); 48517721Speter } 48617721Speter 48717721Speter static inline nodes_iterator nodes_begin(NodeType* N) { 48817721Speter return df_begin(N); 48917721Speter } 49017721Speter 49117721Speter static inline nodes_iterator nodes_end(NodeType* N) { 49217721Speter return df_end(N); 49317721Speter } 49417721Speter }; 49517721Speter 49617721Speter} // end llvm namespace 49734467Speter 49834467Speter#endif 49934467Speter