PIPS
|
#include <stdlib.h>
#include <stdio.h>
#include "genC.h"
#include "linear.h"
#include "ri-util.h"
#include "effects-util.h"
#include "misc.h"
#include "properties.h"
#include "ri.h"
#include "prettyprint.h"
#include "effects.h"
#include "transformer.h"
#include "semantics.h"
#include "points-to.h"
Go to the source code of this file.
Functions | |
pt_map | dereferencing_subscript_to_points_to (subscript sub, pt_map in) |
FI: As usual in dereferencing.c, it is not clear that this piece of code has not been implemented somewhere else because of the early restriction to pointer type only expressions. More... | |
pt_map | dereferencing_to_points_to (expression p, pt_map in) |
Make sure that expression p can be dereferenced in points-to graph "in". More... | |
bool | pointer_points_to_reference_p (reference r __attribute__((unused))) |
see if a points_to_reference includes a pointer dereferencing: this is impossible if the points-to reference is consistent. More... | |
void | pointer_reference_dereferencing_to_points_to (reference r, pt_map in) |
pt_map | reference_dereferencing_to_points_to (reference r, pt_map in, bool nowhere_dereferencing_p, bool null_dereferencing_p) |
Can we execute the reference r in points-to context "in" without segfaulting? More... | |
bool | expression_to_points_to_cell_p (expression e) |
Can expression e be reduced to a reference, without requiring an evaluation? More... | |
list | dereferencing_to_sinks (expression a, pt_map in, bool eval_p) |
Returns "sinks", the list of cells pointed to by expression "a" according to points-to graph "in". More... | |
FI: As usual in dereferencing.c, it is not clear that this piece of code has not been implemented somewhere else because of the early restriction to pointer type only expressions.
But all pointer values must be generated, whether they point to pointers or anything else.
This piece of code is designed to handle pointer19.c, and hence pointer14.c, where arrays of pointers toward arrays of pointers are used.
It generates too many arcs, useless arcs, when the subscript list is broken down into many subscript constructs by PIPS C parser. This shows in Pointers/pointer14, 15 and 19.
a cannot evaluate to null or undefined
FI: we may need a special case for stubs...
We have to take "sel" into account since only the base of the target array is pointed to.
We have to bother with the source if it is an array, not if it is simply a pointer dereferenced by some subscripts as in dereferencing18.c.
Look for points-to arcs that must be duplicated using the subscripts as offsets
We must generate a new source with the offset defined by sel, and a new sink, with or without a an offset
Update the source cell
Is the source cell already known in the points-to relation?
Update the sink cell if necessary
Build the new points-to arc
Do not update set "in" while you are enumerating its elements
Update sets "in" with the new arcs. The arc must pre-exist the reference for the effects to be able to translate a non-constant effect. Thus, it should pre-exist the call site.
FI: I am not sure this is useful...
sub | ub |
in | n |
Definition at line 71 of file dereferencing.c.
References adapt_reference_to_type(), add_arc_to_points_to_context(), add_arc_to_pt_map, add_arc_to_statement_points_to_context(), anywhere_cell_p(), array_type_p(), CELL, cell_any_reference(), cell_typed_anywhere_locations_p(), cell_undefined, cell_undefined_p, complete_points_to_reference_with_zero_subscripts(), CONS, copy_approximation(), copy_cell(), copy_points_to(), dereferencing_to_points_to(), entity_basic_concrete_type(), expression_to_points_to(), expression_to_points_to_sources(), expression_to_type(), expressions_to_points_to(), FOREACH, free_cell(), free_type(), gen_free_list(), gen_full_copy_list(), gen_nconc(), make_descriptor_none(), make_points_to(), NIL, null_cell_p(), pips_internal_error, POINTS_TO, points_to_approximation, points_to_cell_equal_p(), points_to_context_statement_line_number(), points_to_graph_set, points_to_sink, points_to_source, reference_indices, reference_variable, SET_FOREACH, source_in_pt_map_p, subscript_array, subscript_indices, and type_to_pointed_type().
Referenced by dereferencing_to_points_to().
pt_map dereferencing_to_points_to | ( | expression | p, |
pt_map | in | ||
) |
Make sure that expression p can be dereferenced in points-to graph "in".
Handling of NULL pointers according to property.
Handling of undefined pointers according to property.
"in" is modified by side effects. Arcs certainly incompatible with a dereferencing are removed. If dereferencing of p is no longer possible, return an empty points-to "in" as the expression cannot be evaluated.
This is conditional to two properties.
ut =
You must take care of s.tab, which is encoded by a call
EffectsWithPointsTo/struct08.c: ae = (e.champ)[i], fe = p
For side effects on "in"
in | n |
Definition at line 198 of file dereferencing.c.
References array_of_pointers_type_p(), array_of_struct_type_p(), call_arguments, call_function, call_to_points_to(), CAR, CDR, dereferencing_subscript_to_points_to(), entity_basic_concrete_type(), ENTITY_FIELD_P, EXPRESSION, expression_reference(), expression_reference_p(), expression_syntax, expression_to_points_to_sinks(), expressions_to_points_to(), f(), gen_free_list(), get_bool_property(), is_syntax_application, is_syntax_call, is_syntax_cast, is_syntax_range, is_syntax_reference, is_syntax_sizeofexpression, is_syntax_subscript, is_syntax_va_arg, NIL, pips_assert, pointer_type_p(), reference_dereferencing_to_points_to(), reference_variable, struct_type_p(), syntax_call, syntax_reference, syntax_subscript, and syntax_tag.
Referenced by dereferencing_subscript_to_points_to(), expression_to_points_to(), intrinsic_call_condition_to_points_to(), intrinsic_call_to_points_to(), and reference_to_points_to().
list dereferencing_to_sinks | ( | expression | a, |
pt_map | in, | ||
bool | eval_p | ||
) |
Returns "sinks", the list of cells pointed to by expression "a" according to points-to graph "in".
If eval_p is true, perform a second dereferencing on the cells obtained with the first dereferencing.
Manage NULL and undefined (nowhere) cells.
Possibly update the points-to graph when some arcs are incompatible with the request, assuming the analyzed code is correct.
Locate the pointer, no dereferencing yet... unless no pointer can be found as in *(p+2) in which case an evaluation occurs/might occur/used to occur in expression_to_points_to_sources().
lse
Finds what it is pointing to, memory(p)
Do we want to dereference c?
Do not create sharing between elements of "in" and elements of "sinks".
The sinks list is empty, whether eval_p is true or not...
FI: New cells have been allocated by source_to_sinks(): side-effects are OK. In theory... The source code of source_to_sinks() seems to show that fresh_p is not exploited in all situations.
in | n |
eval_p | val_p |
Definition at line 432 of file dereferencing.c.
References array_type_p(), CELL, cell_any_reference(), CONS, ENDP, entity_user_name(), expression_to_points_to_cell_p(), expression_to_points_to_sinks(), expression_to_points_to_sources(), FOREACH, free_type(), gen_free_list(), gen_full_copy_list(), gen_nconc(), get_bool_property(), merge_points_to_cell_lists(), NIL, nowhere_cell_p(), null_cell_p(), pips_internal_error, pips_user_warning, pointer_source_to_sinks(), pointer_type_p(), points_to_cell_to_type(), reference_to_string(), reference_variable, remove_impossible_arcs_to_null(), source_to_sinks(), struct_type_p(), and words_to_string().
Referenced by unary_intrinsic_call_to_points_to_sinks().
bool expression_to_points_to_cell_p | ( | expression | e | ) |
Can expression e be reduced to a reference, without requiring an evaluation?
For instance expression "p" can be reduced to reference "p".
Expression "p+i" cannot be reduced to a source reference, unless i==0.
Ad'hoc development for dereferencing_to_sinks.
Definition at line 406 of file dereferencing.c.
References call_function, ENTITY_PLUS_C_P, expression_syntax, f(), syntax_call, syntax_call_p, and syntax_reference_p.
Referenced by dereferencing_to_sinks(), and expression_to_points_to_sources().
see if a points_to_reference includes a pointer dereferencing: this is impossible if the points-to reference is consistent.
It must be a constant path.
Definition at line 313 of file dereferencing.c.
Referenced by reference_dereferencing_to_points_to().
in | n |
Definition at line 318 of file dereferencing.c.
References expression_to_points_to(), free_expression(), and pointer_reference_to_expression().
Referenced by reference_dereferencing_to_points_to().
pt_map reference_dereferencing_to_points_to | ( | reference | r, |
pt_map | in, | ||
bool | nowhere_dereferencing_p, | ||
bool | null_dereferencing_p | ||
) |
Can we execute the reference r in points-to context "in" without segfaulting?
Do not go down in subscript expressions.
See also reference_to_points_to_sinks(). Unfortunate cut-and-paste.
Does the reference implies some dereferencing itself?
C syntactic sugar: *a is equivalent to a[0] when a is an array. No real dereferencing needed.
Remove store-dependent indices
in | n |
nowhere_dereferencing_p | owhere_dereferencing_p |
null_dereferencing_p | ull_dereferencing_p |
Definition at line 333 of file dereferencing.c.
References array_of_pointers_type_p(), array_type_p(), CELL, clear_pt_map, copy_reference(), effect_reference_to_string(), ENDP, entity_basic_concrete_type(), FOREACH, gen_free_list(), gen_length(), int, make_cell_reference(), nowhere_cell_p(), null_cell_p(), pointer_points_to_reference_p(), pointer_reference_dereferencing_to_points_to(), pointer_type_p(), points_to_context_statement_line_number(), points_to_graph_bottom, reference_indices, reference_variable, remove_points_to_arcs(), semantics_user_warning, source_to_sinks(), statement_points_to_context_defined_p(), subscript_expressions_to_constant_subscript_expressions(), type_variable, and variable_dimension_number().
Referenced by dereferencing_to_points_to().