pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3ddf77f0f1'
${ noResults }
infer_clone/infer/src/cost/boundMap.ml

98 lines
3.7 KiB
Raw Normal View History Unescape

[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
(*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*)
open! IStd
module L = Logging
module BasicCost = CostDomain.BasicCost
(* CFG modules used in several other modules *)
module InstrCFG = ProcCfg.NormalOneInstrPerNode
module NodeCFG = ProcCfg.Normal
module Node = ProcCfg.DefaultNode
let print_upper_bound_map bound_map =
L.(debug Analysis Medium)
"@\n\n******* Bound Map : [node -> bound] ITV **** @\n %a @\n"
(Node.IdMap.pp ~pp_value:BasicCost.pp)
bound_map ;
L.(debug Analysis Medium) "@\n******* END Bound Map ITV **** @\n\n"
let filter_loc vars_to_keep = function
[inferbo] Refactor domain constructors for field Summary: In inferbo's domain, `Loc.t` and `Symb.SymbolPath.partial` are defined with the same *field abstraction*. The depth of appended fields were limited in both of them exactly in the same way, e.g. `x.*.field`. Problem is that the implementation related to the field abstraction are duplicated in their code, which had been synchronized manually. This diff avoids the duplication by adding a `BufferOverrunField.t`. Reviewed By: ezgicicek Differential Revision: D21743728 fbshipit-source-id: 4b01d027c
5 years ago
| BufferOverrunField.Prim (AbsLoc.Loc.Var (Var.LogicalVar _)) ->
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
None
[inferbo] Refactor domain constructors for field Summary: In inferbo's domain, `Loc.t` and `Symb.SymbolPath.partial` are defined with the same *field abstraction*. The depth of appended fields were limited in both of them exactly in the same way, e.g. `x.*.field`. Problem is that the implementation related to the field abstraction are duplicated in their code, which had been synchronized manually. This diff avoids the duplication by adding a `BufferOverrunField.t`. Reviewed By: ezgicicek Differential Revision: D21743728 fbshipit-source-id: 4b01d027c
5 years ago
| BufferOverrunField.Prim (AbsLoc.Loc.Var var) ->
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
Control.ControlMap.find_opt var vars_to_keep
| _ ->
None
let compute_upperbound_map node_cfg inferbo_invariant_map control_invariant_map loop_inv_map =
let compute_node_upper_bound bound_map node =
let node_id = NodeCFG.Node.id node in
match Procdesc.Node.get_kind node with
| Procdesc.Node.Exit_node ->
Node.IdMap.add node_id BasicCost.one bound_map
| _ -> (
let exit_state_opt =
let instr_node_id = InstrCFG.last_of_underlying_node node |> InstrCFG.Node.id in
BufferOverrunAnalysis.extract_post instr_node_id inferbo_invariant_map
in
match exit_state_opt with
| Some entry_mem ->
(* compute control vars, i.e. set of variables that affect the execution count *)
let control_map =
Control.compute_control_vars control_invariant_map loop_inv_map node
in
L.(debug Analysis Medium)
"@\n>>> All dependencies for node = %a : %a @\n\n" Procdesc.Node.pp node
(Control.ControlMap.pp ~pp_value:Location.pp)
control_map ;
(* bound = env(v1) *... * env(vn) *)
let bound =
match entry_mem with
[inferbo] Distinguish unreachable and error status Summary: In Inferbo, the bottom memory is introduced when a node is unreachable by pruning, i.e. `[[e]] <= [0,0]` on `prune(e)`. This diff distinguishes whether `[[e]]` is `[0,0]` (unreachable) or bottom (it could not evaluate `e` by some unknown reasons). Reviewed By: ezgicicek Differential Revision: D19902046 fbshipit-source-id: 7706017d6
5 years ago
| Unreachable ->
[cost] Add traces for ZERO_* issues Summary: The issue type `ZERO_EXECUTION_TIME` actually corresponds to bottom state but has been mistakenly used to mean - unreachable nodes (program never reaching exit state) - having zero cost (e.g. for allocations). Note that, for execution costs, the latter doesn't make sense since we always incur a unit cost for the start node. Hence, a function with empty body will have unit cost. For allocations or IO however, we only incur costs for specific primitives, so a function with no allocations/IO could have a zero cost. However, there is no point reporting functions with zero cost as a specific issue type. Instead, what we want to track is the former, i.e. functions whose cost becomes 0 due to program never reaching exit state. This diff aims to split these cases into two by only reporting on the latter and adds traces to bottom/unreachable cost by creating a special category in polynomials. Next diff will rename `ZERO_XXX` to `XXX_UNREACHABLE_AT_EXIT`. Reviewed By: skcho Differential Revision: D20005774 fbshipit-source-id: 46b9abd5a
5 years ago
let node_loc = NodeCFG.Node.loc node in
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
L.debug Analysis Medium
"@\n\
[COST ANALYSIS INTERNAL WARNING:] No 'env' found. This location is \
unreachable returning cost 0 \n" ;
[cost] Add traces for ZERO_* issues Summary: The issue type `ZERO_EXECUTION_TIME` actually corresponds to bottom state but has been mistakenly used to mean - unreachable nodes (program never reaching exit state) - having zero cost (e.g. for allocations). Note that, for execution costs, the latter doesn't make sense since we always incur a unit cost for the start node. Hence, a function with empty body will have unit cost. For allocations or IO however, we only incur costs for specific primitives, so a function with no allocations/IO could have a zero cost. However, there is no point reporting functions with zero cost as a specific issue type. Instead, what we want to track is the former, i.e. functions whose cost becomes 0 due to program never reaching exit state. This diff aims to split these cases into two by only reporting on the latter and adds traces to bottom/unreachable cost by creating a special category in polynomials. Next diff will rename `ZERO_XXX` to `XXX_UNREACHABLE_AT_EXIT`. Reviewed By: skcho Differential Revision: D20005774 fbshipit-source-id: 46b9abd5a
5 years ago
BasicCost.of_unreachable node_loc
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
| ExcRaised ->
BasicCost.one
[inferbo] Distinguish unreachable and error status Summary: In Inferbo, the bottom memory is introduced when a node is unreachable by pruning, i.e. `[[e]] <= [0,0]` on `prune(e)`. This diff distinguishes whether `[[e]]` is `[0,0]` (unreachable) or bottom (it could not evaluate `e` by some unknown reasons). Reviewed By: ezgicicek Differential Revision: D19902046 fbshipit-source-id: 7706017d6
5 years ago
| Reachable mem ->
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
let cost =
BufferOverrunDomain.MemReach.range ~filter_loc:(filter_loc control_map) ~node_id
mem
in
[cost] Add traces for ZERO_* issues Summary: The issue type `ZERO_EXECUTION_TIME` actually corresponds to bottom state but has been mistakenly used to mean - unreachable nodes (program never reaching exit state) - having zero cost (e.g. for allocations). Note that, for execution costs, the latter doesn't make sense since we always incur a unit cost for the start node. Hence, a function with empty body will have unit cost. For allocations or IO however, we only incur costs for specific primitives, so a function with no allocations/IO could have a zero cost. However, there is no point reporting functions with zero cost as a specific issue type. Instead, what we want to track is the former, i.e. functions whose cost becomes 0 due to program never reaching exit state. This diff aims to split these cases into two by only reporting on the latter and adds traces to bottom/unreachable cost by creating a special category in polynomials. Next diff will rename `ZERO_XXX` to `XXX_UNREACHABLE_AT_EXIT`. Reviewed By: skcho Differential Revision: D20005774 fbshipit-source-id: 46b9abd5a
5 years ago
(* The zero number of executions for a node
(corresponding to getting the range of bottom
values) does not make sense especially when the
abstract memory is non-bottom. This is a source
of unsoundness in the analysis. *)
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
if BasicCost.is_zero cost then BasicCost.one else cost
in
L.(debug Analysis Medium)
"@\n>>>Setting bound for node = %a to %a@\n\n" Node.pp_id node_id BasicCost.pp bound ;
Node.IdMap.add node_id bound bound_map
| _ ->
Node.IdMap.add node_id BasicCost.zero bound_map )
in
let bound_map = NodeCFG.fold_nodes node_cfg ~f:compute_node_upper_bound ~init:Node.IdMap.empty in
[ocamlformat] Set break-sequences = true Summary: Add `break-sequences = true` to .ocamlformat and reformat. Reviewed By: jvillard Differential Revision: D21583901 fbshipit-source-id: eb4ec836c
5 years ago
print_upper_bound_map bound_map ;
bound_map
[cost] Move cost to its own realm and refactor Summary: `cost.ml` is huge. Let's split it to its logical parts (basically creating new files for the modules that were already in `cost.ml`) and move all cost related files into `\cost` directory. While we are at it, let's add `mli` files too. Reviewed By: jvillard Differential Revision: D19496263 fbshipit-source-id: 45096db4c
5 years ago
let lookup_upperbound bound_map nid =
match Node.IdMap.find_opt nid bound_map with
| Some bound ->
bound
| None ->
L.(debug Analysis Medium)
"@\n\n[WARNING] Bound not found for node %a, returning Top @\n" Node.pp_id nid ;
BasicCost.top