pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f283336607'
${ noResults }
infer_clone/sledge/lib/llair.mli

204 lines
6.8 KiB
Raw Normal View History Unescape

Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
(*
[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3
6 years ago
* Copyright (c) Facebook, Inc. and its affiliates.
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*)
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
(** LLAIR (Low-Level Analysis Internal Representation) is an IR tailored for
static analysis using a low-level model of memory. *)
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** Instructions for memory manipulation or other non-control effects. *)
type inst = private
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
| Move of {reg_exps: (Reg.t * Exp.t) iarray; loc: Loc.t}
[sledge] Add Move instruction Reviewed By: jvillard Differential Revision: D16905896 fbshipit-source-id: 3d8b9a88a
5 years ago
(** Move each value [exp] into corresponding register [reg]. All of
the moves take effect simultaneously. *)
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
| Load of {reg: Reg.t; ptr: Exp.t; len: Exp.t; loc: Loc.t}
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
(** Read a [len]-byte value from the contents of memory at address
[ptr] into [reg]. *)
| Store of {ptr: Exp.t; exp: Exp.t; len: Exp.t; loc: Loc.t}
(** Write [len]-byte value [exp] into memory at address [ptr]. *)
[sledge] Refactor to clean up instruction ordering Summary: No functional change diff in prep for modeling changes. Reviewed By: ngorogiannis Differential Revision: D14403655 fbshipit-source-id: 22b6a87d8
6 years ago
| Memset of {dst: Exp.t; byt: Exp.t; len: Exp.t; loc: Loc.t}
(** Store byte [byt] into [len] memory addresses starting from [dst]. *)
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
| Memcpy of {dst: Exp.t; src: Exp.t; len: Exp.t; loc: Loc.t}
(** Copy [len] bytes starting from address [src] to [dst], undefined
if ranges overlap. *)
| Memmov of {dst: Exp.t; src: Exp.t; len: Exp.t; loc: Loc.t}
(** Copy [len] bytes starting from address [src] to [dst]. *)
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
| Alloc of {reg: Reg.t; num: Exp.t; len: Exp.t; loc: Loc.t}
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** Allocate a block of memory large enough to store [num] elements of
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
[len] bytes each and bind [reg] to the first address. *)
[sledge] Refactor to clean up instruction ordering Summary: No functional change diff in prep for modeling changes. Reviewed By: ngorogiannis Differential Revision: D14403655 fbshipit-source-id: 22b6a87d8
6 years ago
| Free of {ptr: Exp.t; loc: Loc.t}
(** Deallocate the previously allocated block at address [ptr]. *)
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
| Nondet of {reg: Reg.t option; msg: string; loc: Loc.t}
[sledge] Refactor to clean up instruction ordering Summary: No functional change diff in prep for modeling changes. Reviewed By: ngorogiannis Differential Revision: D14403655 fbshipit-source-id: 22b6a87d8
6 years ago
(** Bind [reg] to an arbitrary value, representing non-deterministic
approximation of behavior described by [msg]. *)
[sledge] Add abort instruction and use it for abort and llvm.trap Summary: There are two motivations for this: 1. Distinguish between `Unreachable`, which silently terminates execution a la `assume false`; and `Abort`, which vocally terminates execution a la `assert false`. 2. Distinguish between undefined functions, which have `Unreachable` bodies, and bomb functions such as: ``` define void bomb() { tail call void llvm.trap() unreachable } ``` Reviewed By: ngorogiannis Differential Revision: D15408246 fbshipit-source-id: b64354cdb
6 years ago
| Abort of {loc: Loc.t} (** Trigger abnormal program termination *)
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** A (straight-line) command is a sequence of instructions. *)
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
type cmnd = inst iarray
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** A label is a name of a block. *)
type label = string
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
(** A jump to a block. *)
type jump = {mutable dst: block; mutable retreating: bool}
(** A call to a function. *)
and 'a call =
{ callee: 'a
; typ: Typ.t (** Type of the callee. *)
[sledge][NFC] Rename args to actuals Summary: For consistency Reviewed By: ngorogiannis Differential Revision: D17801953 fbshipit-source-id: a797d2446
5 years ago
; actuals: Exp.t list (** Stack of arguments, first-arg-last. *)
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
; areturn: Reg.t option (** Register to receive return value. *)
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
; return: jump (** Return destination. *)
; throw: jump option (** Handler destination. *)
; mutable recursive: bool
(** Holds unless [callee] is definitely not recursive. *)
; loc: Loc.t }
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** Block terminators for function call/return or other control transfers. *)
and term = private
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
| Switch of {key: Exp.t; tbl: (Exp.t * jump) iarray; els: jump; loc: Loc.t}
[sledge] Change Switch cases from Z.t to Exp.t Summary: This avoids (repeatedly) creating integer expressions during analysis. Reviewed By: mbouaziz Differential Revision: D10488405 fbshipit-source-id: 04b7ac336
6 years ago
(** Invoke the [jump] in [tbl] associated with the integer expression
[case] which is equal to [key], if any, otherwise invoke [els]. *)
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
| Iswitch of {ptr: Exp.t; tbl: jump iarray; loc: Loc.t}
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** Invoke the [jump] in [tbl] whose [dst] is equal to [ptr]. *)
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
| Call of Exp.t call
(** Call function with arguments. A [global] for non-virtual call. *)
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
| Return of {exp: Exp.t option; loc: Loc.t}
(** Invoke [return] of the dynamically most recent [Call]. *)
| Throw of {exc: Exp.t; loc: Loc.t}
(** Invoke [throw] of the dynamically most recent [Call] with [throw]
not [None]. *)
| Unreachable
(** Halt as control is assumed to never reach [Unreachable]. *)
(** A block is a destination of a jump with arguments, contains code. *)
and block = private
{ lbl: label
; cmnd: cmnd
; term: term
; mutable parent: func
; mutable sort_index: int
(** Position in a topological order, ignoring [retreating] edges. *)
}
(** A function is a control-flow graph with distinguished entry block, whose
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
parameters are the function parameters. *)
[sledge] Add formal parameters to functions for return values Summary: This diff adds a formal parameter to each non-void-returning function to name the return value, and similarly a formal parameter for the thrown exception value. These are interpreted as call-by-reference parameters, so that they can be constrained in formulas to e.g. be equal to the return value, and are still in scope when the function returns, and so can be passed to the return block. Prior to summarizing functions, this means that these formals need to be tracked on the analyzer's control stack. This will be needed to express function specs/summaries in terms of formals, and fixes a bug where in some cases return values were not tracked correctly. Reviewed By: kren1 Differential Revision: D15738026 fbshipit-source-id: fff2d107c
6 years ago
and func = private
{ name: Global.t
[sledge][NFC] Rename params to formals Summary: For consistency Reviewed By: ngorogiannis Differential Revision: D17801926 fbshipit-source-id: 012b13561
5 years ago
; formals: Reg.t list (** Formal parameters, first-param-last stack *)
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
; freturn: Reg.t option
; fthrow: Reg.t
; locals: Reg.Set.t (** Local registers *)
[sledge] Do not represent function CFGs explicitly Summary: The CFG of a function is implicit in the blocks themselves, so it is possible to remove the explicit represention as a vector of blocks. The only uses are fold or iter, and since the cycles are detected during construction, these can be simple depth-first traversals. Reviewed By: bennostein Differential Revision: D17821845 fbshipit-source-id: fc7a02151
5 years ago
; entry: block }
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Optimize finding functions by name Summary: Replace the naive linear scan with a map lookup. Reviewed By: ngorogiannis Differential Revision: D15512746 fbshipit-source-id: d103ffdc7
6 years ago
type functions
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
type t = private
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
{ globals: Global.t iarray (** Global variable definitions. *)
[sledge] Optimize finding functions by name Summary: Replace the naive linear scan with a map lookup. Reviewed By: ngorogiannis Differential Revision: D15512746 fbshipit-source-id: d103ffdc7
6 years ago
; functions: functions (** (Global) function definitions. *) }
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val pp : t pp
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
include Invariant.S with type t := t
val mk : globals:Global.t list -> functions:func list -> t
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
module Inst : sig
type t = inst
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val pp : t pp
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
val move : reg_exps:(Reg.t * Exp.t) iarray -> loc:Loc.t -> inst
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
val load : reg:Reg.t -> ptr:Exp.t -> len:Exp.t -> loc:Loc.t -> inst
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val store : ptr:Exp.t -> exp:Exp.t -> len:Exp.t -> loc:Loc.t -> inst
[sledge] Refactor to clean up instruction ordering Summary: No functional change diff in prep for modeling changes. Reviewed By: ngorogiannis Differential Revision: D14403655 fbshipit-source-id: 22b6a87d8
6 years ago
val memset : dst:Exp.t -> byt:Exp.t -> len:Exp.t -> loc:Loc.t -> inst
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val memcpy : dst:Exp.t -> src:Exp.t -> len:Exp.t -> loc:Loc.t -> inst
val memmov : dst:Exp.t -> src:Exp.t -> len:Exp.t -> loc:Loc.t -> inst
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
val alloc : reg:Reg.t -> num:Exp.t -> len:Exp.t -> loc:Loc.t -> inst
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val free : ptr:Exp.t -> loc:Loc.t -> inst
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
val nondet : reg:Reg.t option -> msg:string -> loc:Loc.t -> inst
[sledge] Add abort instruction and use it for abort and llvm.trap Summary: There are two motivations for this: 1. Distinguish between `Unreachable`, which silently terminates execution a la `assume false`; and `Abort`, which vocally terminates execution a la `assert false`. 2. Distinguish between undefined functions, which have `Unreachable` bodies, and bomb functions such as: ``` define void bomb() { tail call void llvm.trap() unreachable } ``` Reviewed By: ngorogiannis Differential Revision: D15408246 fbshipit-source-id: b64354cdb
6 years ago
val abort : loc:Loc.t -> inst
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val loc : inst -> Loc.t
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
val locals : inst -> Reg.Set.t
[sledge] Add used-globals abstract domain and transfer functions Summary: Adds an abstract domain to track global variable usages, as well as supporting changes to the frontend, IR and CLI. This analysis will support optimizations to the main symbolic-heap analysis, but for now can be invoked independently through the `-domain` flag on `analyze` targets of the Sledge executable. Reviewed By: jberdine Differential Revision: D17422212 fbshipit-source-id: 74bed0a76
5 years ago
val fold_exps : inst -> init:'a -> f:('a -> Exp.t -> 'a) -> 'a
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
end
module Jump : sig
[sledge] Use ppx_compare to define equal functions Summary: With ppx_compare 0.12, `[@deriving equal]` now generates efficient `equal` functions. Reviewed By: mbouaziz Differential Revision: D14297866 fbshipit-source-id: a303090cb
6 years ago
type t = jump [@@deriving compare, equal, sexp_of]
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val pp : jump pp
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
val mk : string -> jump
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
end
module Term : sig
type t = term
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val pp : t pp
[sledge] Add Llair.Term.goto wrapper for Switch Summary: Just a convenience, but there are enough uses to make it worthwhile, and a readability improvement. Reviewed By: mbouaziz Differential Revision: D10488404 fbshipit-source-id: 30cca06d5
6 years ago
val goto : dst:jump -> loc:Loc.t -> term
(** Construct a [Switch] representing an unconditional branch. *)
[sledge] Add Llair.Term.branch wrapper for Switch Summary: The main motivation is to factor out the code that determines the test condition, e.g. to uniformly test `!= 0` vs `= 1`. Also a convenience, and there are enough uses to make it worthwhile and a readability improvement. Reviewed By: mbouaziz Differential Revision: D10488408 fbshipit-source-id: 520e843f3
6 years ago
val branch : key:Exp.t -> nzero:jump -> zero:jump -> loc:Loc.t -> term
(** Construct a [Switch] representing a conditional branch. *)
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val switch :
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
key:Exp.t -> tbl:(Exp.t * jump) iarray -> els:jump -> loc:Loc.t -> term
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
val iswitch : ptr:Exp.t -> tbl:jump iarray -> loc:Loc.t -> term
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val call :
[sledge][NFC] Rename Term.call's func arg to callee to match type Summary: Just for consistency Reviewed By: bennostein Differential Revision: D17821846 fbshipit-source-id: 778c61a56
5 years ago
callee:Exp.t
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
-> typ:Typ.t
[sledge][NFC] Rename args to actuals Summary: For consistency Reviewed By: ngorogiannis Differential Revision: D17801953 fbshipit-source-id: a797d2446
5 years ago
-> actuals:Exp.t list
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
-> areturn:Reg.t option
[ocamlformat] upgrade to ocamlformat 0.7 Reviewed By: mbouaziz Differential Revision: D9496601 fbshipit-source-id: 83c6fd241
6 years ago
-> return:jump
-> throw:jump option
-> loc:Loc.t
-> term
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val return : exp:Exp.t option -> loc:Loc.t -> term
val throw : exc:Exp.t -> loc:Loc.t -> term
val unreachable : term
[sledge] Improve debug tracing Reviewed By: mbouaziz Differential Revision: D10389475 fbshipit-source-id: 28df69903
6 years ago
val loc : term -> Loc.t
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
end
module Block : sig
[sledge] Use ppx_compare to define equal functions Summary: With ppx_compare 0.12, `[@deriving equal]` now generates efficient `equal` functions. Reviewed By: mbouaziz Differential Revision: D14297866 fbshipit-source-id: a303090cb
6 years ago
type t = block [@@deriving compare, equal, sexp_of]
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val pp : t pp
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
val mk : lbl:label -> cmnd:cmnd -> term:term -> block
[sledge] Do not use Base.Map Summary: The base containers have inconvenient interfaces due to lacking support for functors, which also leads to the representation of values of containers including closures for the comparison functions. This causes problems when `Marshal`ing these values. This diff is one step toward not using the base containers. Reviewed By: ngorogiannis Differential Revision: D20482763 fbshipit-source-id: f55f91bf2
5 years ago
module Map : Map.S with type key := t
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
end
module Func : sig
type t = func
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
val pp : t pp
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
include Invariant.S with type t := t
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
val mk :
name:Global.t
[sledge][NFC] Rename params to formals Summary: For consistency Reviewed By: ngorogiannis Differential Revision: D17801926 fbshipit-source-id: 012b13561
5 years ago
-> formals:Reg.t list
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
-> freturn:Reg.t option
-> fthrow:Reg.t
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
-> entry:block
[sledge] Rename vector to iarray Summary: The term "vector" evokes expectations of being automatically growable, and these are just immutable arrays. Reviewed By: ngorogiannis Differential Revision: D20482762 fbshipit-source-id: 0cd2c9c23
5 years ago
-> cfg:block iarray
[sledge] Eliminate SSA Summary: While SSA can be useful for code transformation purposes, it offers little for semantic static analyses. Essentially, such analyses explore the dynamic semantics of code, and the *static* single assignment property does not buy much. For example, once an execution visits a loop body that assigns a variable, there are multiple assignments that the analysis must deal with. This leads to the need to treat blocks as if they assign all their local variables, renaming to avoid name clashes a la Floyd's assignment axiom. That is fine, but it makes it much more involved to implement a version that is economical with respect to renaming only when necessary. Additionally the scoping constraints of SSA are cumbersome and significantly complicate interprocedural analysis (where there is a long history of incorrect proof rules for procedures, and SSA pushes the interprocedural analysis away from being able to use known-good ones). So this diff changes Llair from a functional SSA form to a traditional imperative language. Reviewed By: jvillard Differential Revision: D16905898 fbshipit-source-id: 0fd835220
5 years ago
-> func
[sledge] Move generation of formal return and throw parameters to frontend Summary: The generation of names for the function formal return and throw parameters is not central to LLAIR, but a detail of the frontend, since they are generated only because LLVM does not already have such names. Reviewed By: ngorogiannis Differential Revision: D17665240 fbshipit-source-id: 684cbae92
5 years ago
val mk_undefined :
name:Global.t
[sledge][NFC] Rename params to formals Summary: For consistency Reviewed By: ngorogiannis Differential Revision: D17801926 fbshipit-source-id: 012b13561
5 years ago
-> formals:Reg.t list
[sledge] Distinguish program expressions and formula terms Summary: There are a number if issues with using the same type for expressions in code and in formulas. One is that the type systems of the two should be different. Another is that conflating the two compromises the ability of Llair to correctly express aspects such as integer overflow, floating point rounding, etc. Also, it could be beneficial to have more source locations for program expressions than makes sense for terms. This diff simply unshares Exp, leading to a copy named Term. Likewise, Reg is now a copy of Var. Simplifications to come. Reviewed By: bennostein Differential Revision: D17665250 fbshipit-source-id: 4359a80d5
5 years ago
-> freturn:Reg.t option
-> fthrow:Reg.t
[sledge] Move generation of formal return and throw parameters to frontend Summary: The generation of names for the function formal return and throw parameters is not central to LLAIR, but a detail of the frontend, since they are generated only because LLVM does not already have such names. Reviewed By: ngorogiannis Differential Revision: D17665240 fbshipit-source-id: 684cbae92
5 years ago
-> t
[sledge] Update llair Reviewed By: jvillard Differential Revision: D9846740 fbshipit-source-id: 16d039b04
6 years ago
[sledge] Change Llair representation of functions to a String map Summary: Using a type of keys richer than strings, which are the unique symbol names at the C/LLVM level, is unnecessary. Reviewed By: ngorogiannis Differential Revision: D17665262 fbshipit-source-id: 6b8c31146
5 years ago
val find : functions -> string -> func option
Add initial version of LLAIR and LLVM to LLAIR translation Reviewed By: mbouaziz Differential Revision: D6892016 fbshipit-source-id: 3720749
7 years ago
(** Look up a function of the given name in the given functions. *)
val is_undefined : func -> bool
(** Holds of functions that are declared but not defined. *)
end