feat(inter-analysis): integreate dsa info into callsite information #54
Conversation
| domains::callsite_info<variable_t> callsite {cs.get_func_name(), cs.get_args(), cs.get_lhs(), | ||
| fdecl.get_inputs(), fdecl.get_outputs()}; | ||
| std::vector<std::vector<variable_t>> formal_cls, actual_cls; | ||
| group_regions_by_dsa_intrinsics(callee_cfg, cs.get_args(), |
There was a problem hiding this comment.
This should be computed only once. We should compute it before the whole analysis starts, cache it and then just use it at each call. It should be cached in m_ctx similar to get_widening_set().
| intrinsic_stmts.reserve(entry_bb.size()); | ||
| for (auto const &stmt : entry_bb) { | ||
| if (stmt.is_intrinsic()) { | ||
| auto intrinsic_stmt = dynamic_cast<const intrinsic_statement_t &>(stmt); |
There was a problem hiding this comment.
should be static_cast since we know it cannot fail and we don't want to rely on RTTI
| @@ -1032,6 +1032,104 @@ class top_down_inter_transformer final | |||
| // crab::CrabStats::count("Interprocedural.num_calling_contexts"); | |||
| } | |||
|
|
|||
| /// @brief group regions variables in parameter lists based on target's dsa | |||
There was a problem hiding this comment.
What do source and target mean? Is it source = caller and target = callee ? If yes, use plese caller/callee
| // is the same as the output list in the dsa intrinsic | ||
| // The worst case of the following loop is O(m * n) where m is the number of | ||
| // parameters and n is the number of dsa intrinsic statements | ||
| unsigned int index = 0, param_lst_sz = src_params.size(); |
There was a problem hiding this comment.
if this is just executed once (before the analysis starts) performance might not be an issue but the current algorithm is far from ideal. As you mention, for each argument we go over all intrinsics. This is completely unnecessary. I would process the intrinsics only once and put them in some sort of union-find. Then, for each argument in the caller you get the argument in the callee and then you can query the union-find to see all the elements in the equivalence class. Note that you don't a super fancy union-find implementation. You don't even need to write a separate union-find class. Just have an internal map from a variable to its parent and do standard path-compression when you do the queries.
LinerSu
force-pushed
the
dev
branch
2 times, most recently
from
4f5e903
to
b4ff421
Compare
include/crab/domains/inter_abstract_operations_callsite_info.hpp
Outdated
Show resolved
Hide resolved
The decoupled domain allows crab to use two different domains during the two different phases of the analysis. In the descending (narrowing) phase it is possible to use an abstract domain which is more precise than the domain used in the ascending (widening) phase. The decoupled domains require two new abstract operations is_asc_phase() and set_phase() in order to manage ascending and descending phases. By default, start in *descending* (i.e., more precise) phase. The interleaved fixpoint iterator has been also modified to notify the underlying domains when there is change of (ascending or descending) phase. Implemented by Greta Dolcetti and Enea Zaffanella.
We minimize string allocation and copies. Also, we add some macros that allow each domain to turn on or off statistics collection which adds a counter and a timer per operation. If stats collection is off then no string allocation or string copy should take place. For instance, the region domain enables stats by adding #define REGION_DOMAIN_SCOPED_STATS(NAME) CRAB_DOMAIN_SCOPED_STATS(NAME, 1) And the interval domain disables stats by adding #define INTERVALS_DOMAIN_SCOPED_STATS(NAME) CRAB_DOMAIN_SCOPED_STATS(NAME, 0) The macro CRAB_DOMAIN_SCOPED_STATS is defined in crab/domains/abstract_domain_macros.def In spite of all optimizations, the most efficient thing is to disable stats collection. By default, only the fixpoint solver and the region domain turn on stats. This is okay because stats gathering is a feature intended only for developers. If needed then the developer can turn on more stats timers and counters and recompile the code.
Giving a method to group region variables passed/returned between caller and callee based on dsa intrinsics. The information is precomputed before the analysis and stored into callsite_info class for further abstract operations of calls.
caballa
force-pushed
the
dev
branch
4 times, most recently
from
66d4f73
to
a49b164
Compare
caballa
force-pushed
the
dev
branch
2 times, most recently
from
bbe2f9e
to
4b05236
Compare
caballa
force-pushed
the
dev
branch
3 times, most recently
from
0c2fb25
to
300f711
Compare
Giving a method to group region variables passed/returned between caller and callee based on the DSA intrinsics.
The information is stored in the
callsite_infoclass for further abstract operations of calls.For instance, from caller to callee
(a, b, V1, V2, V3, V4, V5)(c, d, V7, V8, V9, V10, V11)The information to group region variables is
{{V1, V2, V3}, {V4, V5}}for the caller's inputs and{{V7, V8, V9}, {V10, V11}}for the callee's inputs.