Merge pull request diffblue#221 from diffblue/issue193

Make variable-sensitivity dependence graph produce control dependencies

Author: chrisr-diffblue

src/analyses/variable-sensitivity/variable_sensitivity_dependence_graph.cpp

@@ -22,7 +22,7 @@
  * \param ns the namespace to use
  * \param deps the destination in which to accumlate data dependencies
  */
-void variable_sensitivity_dependence_grapht::eval_data_deps(
+void variable_sensitivity_dependence_domaint::eval_data_deps(
   const exprt &expr, const namespacet &ns, data_depst &deps) const
 {
   const auto res=
@@ -58,14 +58,64 @@ void variable_sensitivity_dependence_grapht::eval_data_deps(
  * \param ai the abstract interpreter
  * \param ns the namespace
  */
-void variable_sensitivity_dependence_grapht::transform(
+void variable_sensitivity_dependence_domaint::transform(
   locationt from,
   locationt to,
   ai_baset &ai,
    const namespacet &ns)
 {
   variable_sensitivity_domaint::transform(from, to, ai, ns);
 
+  variable_sensitivity_dependence_grapht *dep_graph=
+    dynamic_cast<variable_sensitivity_dependence_grapht*>(&ai);
+  assert(dep_graph!=nullptr);
+
+  // propagate control dependencies across function calls
+  if(from->is_function_call())
+  {
+    if(from->function == to->function)
+    {
+      control_dependencies(from, to, *dep_graph);
+    }
+    else
+    {
+      // edge to function entry point
+      const goto_programt::const_targett next = std::next(from);
+
+      variable_sensitivity_dependence_domaint *s=
+        dynamic_cast<variable_sensitivity_dependence_domaint*>
+          (&(dep_graph->get_state(next)));
+      assert(s!=nullptr);
+
+      if(s->has_values.is_false())
+      {
+        s->has_values=tvt::unknown();
+        s->has_changed=true;
+      }
+
+      // modify abstract state of return location
+      if(s->merge_control_dependencies(
+           control_deps,
+           control_dep_candidates))
+        s->has_changed=true;
+
+      control_deps.clear();
+      control_dep_candidates.clear();
+    }
+  }
+  else
+    control_dependencies(from, to, *dep_graph);
+
+  // Find all the data dependencies in the the 'to' expression
+  data_dependencies(from, to, *dep_graph, ns);
+}
+
+void variable_sensitivity_dependence_domaint::data_dependencies(
+  goto_programt::const_targett from,
+  goto_programt::const_targett to,
+  variable_sensitivity_dependence_grapht &dep_graph,
+  const namespacet &ns)
+{
   // Find all the data dependencies in the the 'to' expression
   domain_data_deps.clear();
   if(to->is_assign())
@@ -76,6 +126,165 @@ void variable_sensitivity_dependence_grapht::transform(
   }
 }
 
+void variable_sensitivity_dependence_domaint::control_dependencies(
+  goto_programt::const_targett from,
+  goto_programt::const_targett to,
+  variable_sensitivity_dependence_grapht &dep_graph)
+{
+  // Better Slicing of Programs with Jumps and Switches
+  // Kumar and Horwitz, FASE'02:
+  // "Node N is control dependent on node M iff N postdominates, in
+  // the CFG, one but not all of M's CFG successors."
+  //
+  // The "successor" above refers to an immediate successor of M.
+
+  // Candidates for M for "to" are "from" and all existing control
+  // dependencies on nodes. "from" is added if it is a goto or assume
+  // instruction
+
+  // Add new candidates
+
+  if(from->is_goto() || from->is_assume())
+    control_dep_candidates.insert(from);
+  else if(from->is_end_function())
+  {
+    control_dep_candidates.clear();
+    return;
+  }
+
+  if(control_dep_candidates.empty())
+    return;
+
+  // Compute postdominators if needed
+
+  const goto_functionst &goto_functions=dep_graph.goto_functions;
+
+  const irep_idt id=goto_programt::get_function_id(from);
+  cfg_post_dominatorst &pd_tmp=dep_graph.cfg_post_dominators()[id];
+
+  goto_functionst::function_mapt::const_iterator f_it=
+    goto_functions.function_map.find(id);
+
+  if(f_it==goto_functions.function_map.end())
+    return;
+
+  const goto_programt &goto_program=f_it->second.body;
+
+  if(pd_tmp.cfg.size()==0) // have we computed the dominators already?
+  {
+    pd_tmp(goto_program);
+  }
+
+  const cfg_post_dominatorst &pd=pd_tmp;
+
+  // Check all candidates
+
+  for(const auto &cd : control_dep_candidates)
+  {
+    // check all CFG successors of M
+    // special case: assumptions also introduce a control dependency
+    bool post_dom_all=!cd->is_assume();
+    bool post_dom_one=false;
+
+    // we could hard-code assume and goto handling here to improve
+    // performance
+    cfg_post_dominatorst::cfgt::entry_mapt::const_iterator e=
+      pd.cfg.entry_map.find(cd);
+
+    assert(e!=pd.cfg.entry_map.end());
+
+    const cfg_post_dominatorst::cfgt::nodet &m=
+      pd.cfg[e->second];
+
+    // successors of M
+    for(const auto &edge : m.out)
+    {
+      const cfg_post_dominatorst::cfgt::nodet &m_s=
+        pd.cfg[edge.first];
+
+      if(m_s.dominators.find(to)!=m_s.dominators.end())
+        post_dom_one=true;
+      else
+        post_dom_all=false;
+    }
+
+    if(post_dom_all || !post_dom_one)
+    {
+      control_deps.erase(cd);
+    }
+    else
+    {
+      tvt branch=tvt::unknown();
+
+      if(cd->is_goto() && !cd->is_backwards_goto())
+      {
+        goto_programt::const_targett t=cd->get_target();
+        branch=to->location_number>=t->location_number?tvt(false):tvt(true);
+      }
+
+      control_deps.insert(std::make_pair(cd, branch));
+    }
+  }
+
+  // add edges to the graph
+  for(const auto &c_dep : control_deps)
+    dep_graph.add_dep(vs_dep_edget::kindt::CTRL, c_dep.first, to);
+}
+
+bool variable_sensitivity_dependence_domaint::merge_control_dependencies(
+  const control_depst &other_control_deps,
+  const control_dep_candidatest &other_control_dep_candidates)
+{
+  bool changed=false;
+
+  // Merge control dependencies
+
+  control_depst::iterator it=control_deps.begin();
+
+  for(const auto &c_dep : other_control_deps)
+  {
+    // find position to insert
+    while(it!=control_deps.end() && it->first<c_dep.first)
+      ++it;
+
+    if(it==control_deps.end() || c_dep.first<it->first)
+    {
+      // hint points at position that will follow the new element
+      control_deps.insert(it, c_dep);
+      changed=true;
+    }
+    else
+    {
+      assert(it!=control_deps.end());
+      assert(!(it->first<c_dep.first));
+      assert(!(c_dep.first<it->first));
+
+      tvt &branch1=it->second;
+      const tvt &branch2=c_dep.second;
+
+      if(branch1!=branch2 && !branch1.is_unknown())
+      {
+        branch1=tvt::unknown();
+        changed=true;
+      }
+
+      ++it;
+    }
+  }
+
+  // Merge control dependency candidates
+
+  size_t n=control_dep_candidates.size();
+
+  control_dep_candidates.insert(
+      other_control_dep_candidates.begin(),
+      other_control_dep_candidates.end());
+
+  changed|=n!=control_dep_candidates.size();
+
+  return changed;
+}
+
 /**
  * Computes the join between "this" and "b"
  *
@@ -84,18 +293,21 @@ void variable_sensitivity_dependence_grapht::transform(
  * \param to the current location
  * \return true if something has changed in the merge
  */
-bool variable_sensitivity_dependence_grapht::merge(
+bool variable_sensitivity_dependence_domaint::merge(
     const variable_sensitivity_domaint &b,
     locationt from,
     locationt to)
 {
   bool changed = false;
 
   changed = variable_sensitivity_domaint::merge(b, from, to);
+  changed |= has_values.is_false() || has_changed;
 
-  const auto cast_b =
-    dynamic_cast<const variable_sensitivity_dependence_grapht&>(b);
+  // Handle data dependencies
+  const auto& cast_b =
+    dynamic_cast<const variable_sensitivity_dependence_domaint&>(b);
 
+  // Merge data dependencies
   for (auto bdep : cast_b.domain_data_deps)
   {
     for(exprt bexpr : bdep.second)
@@ -105,6 +317,13 @@ bool variable_sensitivity_dependence_grapht::merge(
     }
   }
 
+  changed |= merge_control_dependencies(
+    cast_b.control_deps,
+    cast_b.control_dep_candidates);
+
+  has_changed=false;
+  has_values=tvt::unknown();
+
   return changed;
 }
 
@@ -119,7 +338,7 @@ bool variable_sensitivity_dependence_grapht::merge(
  *   between here and this will be retained.
  * \param ns: The global namespace
  */
-void variable_sensitivity_dependence_grapht::merge_three_way_function_return(
+void variable_sensitivity_dependence_domaint::merge_three_way_function_return(
   const ai_domain_baset &function_call,
   const ai_domain_baset &function_start,
   const ai_domain_baset &function_end,
@@ -144,11 +363,30 @@ void variable_sensitivity_dependence_grapht::merge_three_way_function_return(
  * \param ai the abstract domain
  * \param ns the namespace
  */
-void variable_sensitivity_dependence_grapht::output(
+void variable_sensitivity_dependence_domaint::output(
    std::ostream &out,
    const ai_baset &ai,
    const namespacet &ns) const
 {
+  if(!control_deps.empty())
+  {
+    out << "Control dependencies: ";
+    for(control_depst::const_iterator
+        it=control_deps.begin();
+        it!=control_deps.end();
+        ++it)
+    {
+      if(it!=control_deps.begin())
+        out << ",";
+
+      const goto_programt::const_targett cd=it->first;
+      const tvt branch=it->second;
+
+      out << cd->location_number << " [" << branch << "]";
+    }
+    out << "\n";
+  }
+
   if(!domain_data_deps.empty())
   {
       out << "Data dependencies: ";
@@ -185,12 +423,26 @@ void variable_sensitivity_dependence_grapht::output(
  *
  * \return the domain, formatted as a JSON object.
  */
-jsont variable_sensitivity_dependence_grapht::output_json(
+jsont variable_sensitivity_dependence_domaint::output_json(
   const ai_baset &ai,
   const namespacet &ns) const
 {
   json_arrayt graph;
 
+  for(const auto &cd : control_deps)
+  {
+    const goto_programt::const_targett target=cd.first;
+    const tvt branch=cd.second;
+
+    json_objectt &link=graph.push_back().make_object();
+
+    link["locationNumber"]=
+      json_numbert(std::to_string(target->location_number));
+    link["sourceLocation"]=json(target->source_location);
+    link["type"]=json_stringt("control");
+    link["branch"]=json_stringt(branch.to_string());
+  }
+
   for(const auto &dep : domain_data_deps)
   {
     json_objectt &link=graph.push_back().make_object();
@@ -213,3 +465,33 @@ jsont variable_sensitivity_dependence_grapht::output_json(
 
   return graph;
 }
+
+void variable_sensitivity_dependence_domaint::populate_dep_graph(
+  variable_sensitivity_dependence_grapht &dep_graph,
+  goto_programt::const_targett this_loc) const
+{
+  for(const auto &c_dep : control_deps)
+    dep_graph.add_dep(vs_dep_edget::kindt::CTRL, c_dep.first, this_loc);
+
+  for(const auto &d_dep : domain_data_deps)
+    dep_graph.add_dep(vs_dep_edget::kindt::DATA, d_dep.first, this_loc);
+}
+
+void variable_sensitivity_dependence_grapht::add_dep(
+  vs_dep_edget::kindt kind,
+  goto_programt::const_targett from,
+  goto_programt::const_targett to)
+{
+  const node_indext n_from=state_map[from].get_node_id();
+  assert(n_from<size());
+  const node_indext n_to=state_map[to].get_node_id();
+  assert(n_to<size());
+
+  // add_edge is redundant as the subsequent operations also insert
+  // entries into the edge maps (implicitly)
+
+  // add_edge(n_from, n_to);
+
+  nodes[n_from].out[n_to].add(kind);
+  nodes[n_to].in[n_from].add(kind);
+}