You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

423 lines
13 KiB

(*
* Copyright (c) 2009-2013, Monoidics ltd.
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*)
(** The Smallfoot Intermediate Language: Expressions *)
open! IStd
module Hashtbl = Caml.Hashtbl
module F = Format
module L = Logging
(* reverse the natural order on Var *)
type ident_ = Ident.t
let compare_ident_ x y = Ident.compare y x
type closure = {name: Procname.t; captured_vars: (t * Pvar.t * Typ.t) list}
(** This records information about a [sizeof(typ)] expression.
[nbytes] represents the result of the evaluation of [sizeof(typ)] if it is statically known.
If [typ] is of the form [Tarray elt (Some static_length)], then [dynamic_length] is the number
of elements of type [elt] in the array. The [dynamic_length], tracked by symbolic execution, may
differ from the [static_length] obtained from the type definition, e.g. when an array is
over-allocated.
If [typ] is a struct type, the [dynamic_length] is that of the final extensible array, if any.*)
and sizeof_data = {typ: Typ.t; nbytes: int option; dynamic_length: t option; subtype: Subtype.t}
(** Program expressions. *)
and t =
| Var of ident_ (** Pure variable: it is not an lvalue *)
| UnOp of Unop.t * t * Typ.t option (** Unary operator with type of the result if known *)
| BinOp of Binop.t * t * t (** Binary operator *)
| Exn of t (** Exception *)
| Closure of closure (** Anonymous function *)
| Const of Const.t (** Constants *)
| Cast of Typ.t * t (** Type cast *)
| Lvar of Pvar.t (** The address of a program variable *)
| Lfield of t * Fieldname.t * Typ.t
(** A field offset, the type is the surrounding struct type *)
| Lindex of t * t (** An array index offset: [exp1\[exp2\]] *)
| Sizeof of sizeof_data
[@@deriving compare]
let equal = [%compare.equal: t]
let hash = Hashtbl.hash
module Set = Caml.Set.Make (struct
type nonrec t = t
let compare = compare
end)
module Map = Caml.Map.Make (struct
type nonrec t = t
let compare = compare
end)
module Hash = Hashtbl.Make (struct
type nonrec t = t
let equal = equal
let hash = hash
end)
let is_null_literal = function Const (Cint n) -> IntLit.isnull n | _ -> false
let is_this = function Lvar pvar -> Pvar.is_this pvar | _ -> false
let is_zero = function Const (Cint n) -> IntLit.iszero n | _ -> false
let rec is_const = function Const _ -> true | Cast (_, x) -> is_const x | _ -> false
(** {2 Utility Functions for Expressions} *)
(** Turn an expression representing a type into the type it represents If not a sizeof, return the
default type if given, otherwise raise an exception *)
let texp_to_typ default_opt = function
| Sizeof {typ} ->
typ
| _ ->
Typ.unsome "texp_to_typ" default_opt
(** Return the root of [lexp]. *)
let rec root_of_lexp lexp =
match (lexp : t) with
| Var _ ->
lexp
| Const _ ->
lexp
| Cast (_, e) ->
root_of_lexp e
| UnOp _ | BinOp _ | Exn _ | Closure _ ->
lexp
| Lvar _ ->
lexp
| Lfield (e, _, _) ->
root_of_lexp e
| Lindex (e, _) ->
root_of_lexp e
| Sizeof _ ->
lexp
(** Checks whether an expression denotes a location by pointer arithmetic. Currently, catches
array-indexing expressions such as a[i] only. *)
let rec pointer_arith = function
| Lfield (e, _, _) ->
pointer_arith e
| Lindex _ ->
true
| _ ->
false
let get_undefined footprint =
Var (Ident.create_fresh (if footprint then Ident.kfootprint else Ident.kprimed))
(** returns true if the express operates on address of local variable *)
let rec has_local_addr e =
match (e : t) with
| Lvar pv ->
Pvar.is_local pv
| UnOp (_, e', _) | Cast (_, e') | Lfield (e', _, _) ->
has_local_addr e'
| BinOp (_, e0, e1) | Lindex (e0, e1) ->
has_local_addr e0 || has_local_addr e1
| _ ->
false
(** Create integer constant *)
let int i = Const (Cint i)
(** Create float constant *)
let float v = Const (Cfloat v)
(** Integer constant 0 *)
let zero = int IntLit.zero
(** Null constant *)
let null = int IntLit.null
(** Integer constant 1 *)
let one = int IntLit.one
(** Integer constant -1 *)
let minus_one = int IntLit.minus_one
(** Create integer constant corresponding to the boolean value *)
let bool b = if b then one else zero
let and_2ary e1 e2 = BinOp (LAnd, e1, e2)
(** Create expression [e1 == e2] *)
let eq e1 e2 = BinOp (Eq, e1, e2)
(** Create expression [e1 != e2] *)
let ne e1 e2 = BinOp (Ne, e1, e2)
(** Create expression [e1 <= e2] *)
let le e1 e2 = BinOp (Le, e1, e2)
(** Create expression [e1 < e2] *)
let lt e1 e2 = BinOp (Lt, e1, e2)
let nary_of_2ary op_2ary zero es =
match es with [] -> zero | e :: es -> List.fold ~init:e ~f:op_2ary es
let and_nary = nary_of_2ary and_2ary one
let fold_captured ~f exp acc =
let rec fold_captured_ exp captured_acc =
match exp with
| Cast (_, e) | UnOp (_, e, _) | Lfield (e, _, _) | Exn e | Sizeof {dynamic_length= Some e} ->
fold_captured_ e captured_acc
| BinOp (_, e1, e2) | Lindex (e1, e2) ->
fold_captured_ e1 captured_acc |> fold_captured_ e2
| Closure {captured_vars} ->
List.fold captured_vars
~f:(fun acc (captured_exp, _, _) -> f acc captured_exp)
~init:captured_acc
| Const _ | Lvar _ | Var _ | Sizeof _ ->
captured_acc
in
fold_captured_ exp acc
(** Pretty print an expression. *)
let rec pp_ pe pp_t f e =
let pp_exp = pp_ pe pp_t in
let print_binop_stm_output e1 op e2 =
match (op : Binop.t) with
| Eq | Ne | PlusA _ | Mult _ ->
F.fprintf f "(%a %s %a)" pp_exp e2 (Binop.str pe op) pp_exp e1
| Lt ->
F.fprintf f "(%a %s %a)" pp_exp e2 (Binop.str pe Gt) pp_exp e1
| Gt ->
F.fprintf f "(%a %s %a)" pp_exp e2 (Binop.str pe Lt) pp_exp e1
| Le ->
F.fprintf f "(%a %s %a)" pp_exp e2 (Binop.str pe Ge) pp_exp e1
| Ge ->
F.fprintf f "(%a %s %a)" pp_exp e2 (Binop.str pe Le) pp_exp e1
| _ ->
F.fprintf f "(%a %s %a)" pp_exp e1 (Binop.str pe op) pp_exp e2
in
match (e : t) with
| Var id ->
Ident.pp f id
| Const c ->
(Const.pp pe) f c
| Cast (typ, e) ->
F.fprintf f "(%a)%a" pp_t typ pp_exp e
| UnOp (op, e, _) ->
F.fprintf f "%s%a" (Unop.to_string op) pp_exp e
| BinOp (op, Const c, e2) when Config.smt_output ->
print_binop_stm_output (Const c) op e2
| BinOp (op, e1, e2) ->
F.fprintf f "(%a %s %a)" pp_exp e1 (Binop.str pe op) pp_exp e2
| Exn e ->
F.fprintf f "EXN %a" pp_exp e
| Closure {name; captured_vars} ->
if List.is_empty captured_vars then F.fprintf f "(%a)" pp_exp (Const (Cfun name))
else
F.fprintf f "(%a,%a)" pp_exp (Const (Cfun name))
(Pp.comma_seq (pp_captured_var pe pp_t))
captured_vars
| Lvar pv ->
Pvar.pp pe f pv
| Lfield (e, fld, _) ->
F.fprintf f "%a.%a" pp_exp e Fieldname.pp fld
| Lindex (e1, e2) ->
F.fprintf f "%a[%a]" pp_exp e1 pp_exp e2
| Sizeof {typ; nbytes; dynamic_length; subtype} ->
let pp_len f l = Option.iter ~f:(F.fprintf f "[%a]" pp_exp) l in
let pp_size f size = Option.iter ~f:(Int.pp f) size in
let pp_if b pp label f v = if b then F.fprintf f ";%s=%a" label pp v in
let pp_if_some pp_opt label f opt = pp_if (Option.is_some opt) pp_opt label f opt in
let subt_s = F.asprintf "%a" Subtype.pp subtype in
F.fprintf f "sizeof(t=%a%a%a%a)" pp_t typ (pp_if_some pp_size "nbytes") nbytes
(pp_if_some pp_len "len") dynamic_length
(pp_if (not (String.equal "" subt_s)) Subtype.pp "sub_t")
subtype
and pp_captured_var pe pp_t f (exp, var, typ) =
match exp with
| Lvar evar when Pvar.equal var evar ->
(Pvar.pp pe) f var
| _ ->
F.fprintf f "(%a %a:%a)" (pp_ pe pp_t) exp (Pvar.pp pe) var (Typ.pp pe) typ
let pp_printenv ~print_types pe f e =
let pp_typ = if print_types then Typ.pp_full else Typ.pp in
pp_ pe (pp_typ pe) f e
let pp f e = pp_printenv ~print_types:false Pp.text f e
let to_string e = F.asprintf "%a" pp e
let color_wrapper ~f = if Config.print_using_diff then Pp.color_wrapper ~f else f
let pp_diff ?(print_types = false) =
color_wrapper ~f:(fun pe f e0 ->
let e =
match pe.Pp.obj_sub with
| Some sub ->
(* apply object substitution to expression *) Obj.obj (sub (Obj.repr e0))
| None ->
e0
in
if not (equal e0 e) then match e with Lvar pvar -> Pvar.pp_value f pvar | _ -> assert false
else pp_printenv ~print_types pe f e )
(** dump an expression. *)
let d_exp (e : t) = L.d_pp_with_pe pp_diff e
(** Pretty print a list of expressions. *)
let pp_list pe f expl = Pp.seq (pp_diff pe) f expl
(** dump a list of expressions. *)
let d_list (el : t list) = L.d_pp_with_pe pp_list el
let pp_texp pe f = function
| Sizeof {typ; nbytes; dynamic_length; subtype} ->
let pp_len f l = Option.iter ~f:(F.fprintf f "[%a]" (pp_diff pe)) l in
let pp_size f size = Option.iter ~f:(Int.pp f) size in
F.fprintf f "%a%a%a%a" (Typ.pp pe) typ pp_size nbytes pp_len dynamic_length Subtype.pp subtype
| e ->
pp_diff pe f e
(** Pretty print a type with all the details. *)
let pp_texp_full pe f = function
| Sizeof {typ; nbytes; dynamic_length; subtype} ->
let pp_len f l = Option.iter ~f:(F.fprintf f "[%a]" (pp_diff pe)) l in
let pp_size f size = Option.iter ~f:(Int.pp f) size in
F.fprintf f "%a%a%a%a" (Typ.pp_full pe) typ pp_size nbytes pp_len dynamic_length Subtype.pp
subtype
| e ->
pp_diff ~print_types:true pe f e
(** Dump a type expression with all the details. *)
let d_texp_full (te : t) = L.d_pp_with_pe pp_texp_full te
let is_objc_block_closure = function Closure {name} -> Procname.is_objc_block name | _ -> false
let rec gen_free_vars =
let open Sequence.Generator in
function
| Var id ->
yield id
| Cast (_, e) | Exn e | Lfield (e, _, _) | Sizeof {dynamic_length= Some e} | UnOp (_, e, _) ->
gen_free_vars e
| Closure {captured_vars} ->
ISequence.gen_sequence_list captured_vars ~f:(fun (e, _, _) -> gen_free_vars e)
| Const (Cint _ | Cfun _ | Cstr _ | Cfloat _ | Cclass _) | Lvar _ | Sizeof {dynamic_length= None}
->
return ()
| BinOp (_, e1, e2) | Lindex (e1, e2) ->
gen_free_vars e1 >>= fun () -> gen_free_vars e2
let free_vars e = Sequence.Generator.run (gen_free_vars e)
let ident_mem e id = free_vars e |> Sequence.exists ~f:(Ident.equal id)
let rec gen_program_vars =
let open Sequence.Generator in
function
| Lvar name ->
yield name
| Const _ | Var _ | Sizeof {dynamic_length= None} ->
return ()
| Cast (_, e) | Exn e | Lfield (e, _, _) | Sizeof {dynamic_length= Some e} | UnOp (_, e, _) ->
gen_program_vars e
| BinOp (_, e1, e2) | Lindex (e1, e2) ->
gen_program_vars e1 >>= fun () -> gen_program_vars e2
| Closure {captured_vars} ->
ISequence.gen_sequence_list captured_vars ~f:(fun (e, _, _) -> gen_program_vars e)
let program_vars e = Sequence.Generator.run (gen_program_vars e)
let rec rename_pvars ~(f : string -> string) : t -> t =
let re e = rename_pvars ~f e in
let rv v = Pvar.rename ~f v in
function
| UnOp (op, e, t) ->
UnOp (op, re e, t)
| BinOp (op, e1, e2) ->
BinOp (op, re e1, re e2)
| Exn e ->
Exn (re e)
| Closure {name; captured_vars} ->
let captured_vars = List.map ~f:(function e, v, t -> (re e, rv v, t)) captured_vars in
Closure {name; captured_vars}
| Cast (t, e) ->
Cast (t, re e)
| Lvar v ->
Lvar (rv v)
| Lfield (e, fld, t) ->
Lfield (re e, fld, t)
| Lindex (e1, e2) ->
Lindex (re e1, re e2)
| Sizeof {typ; nbytes; dynamic_length; subtype} ->
let dynamic_length = Option.map ~f:re dynamic_length in
Sizeof {typ; nbytes; dynamic_length; subtype}
| e (* Should have only cases without subexpressions. *) ->
e
let zero_of_type typ =
match typ.Typ.desc with
| Typ.Tint _ ->
Some (Const (Cint IntLit.zero))
| Typ.Tfloat _ ->
Some (Const (Cfloat 0.0))
| Typ.Tptr _ ->
Some (Const (Cint IntLit.null))
| _ ->
None
let zero_of_type_exn typ = Option.value_exn (zero_of_type typ)
let rec ignore_cast e = match e with Cast (_, e) -> ignore_cast e | _ -> e
let rec ignore_integer_cast e =
match e with Cast (t, e) when Typ.is_int t -> ignore_integer_cast e | _ -> e
let rec get_java_class_initializer tenv = function
| Lfield (Lvar pvar, fn, typ) when Pvar.is_global pvar -> (
match Struct.get_field_type_and_annotation ~lookup:(Tenv.lookup tenv) fn typ with
| Some (field_typ, annot) when Annot.Item.is_final annot ->
let java_class =
Typ.JavaClass (JavaClassName.from_string (Mangled.to_string_full (Pvar.get_name pvar)))
in
Some (Procname.Java (Procname.Java.get_class_initializer java_class), pvar, fn, field_typ)
| _ ->
None )
| Cast (_, e) | Lfield (e, _, _) ->
get_java_class_initializer tenv e
| Lvar _ | Var _ | UnOp _ | BinOp _ | Exn _ | Closure _ | Const _ | Lindex _ | Sizeof _ ->
None