Hi David, hi all,
I'm working on a plugin for the analyzer, and basically I've reached a
point where I need to compare svalues.
For the need of my analysis, I've modified the analyzer to be able to
track for region in some specific cases, so I modified the
implementation of the /sm_state_map/.
If anyone want to see my modifications, I would be glad to send it to
you (not yet on a public repository).
I'm trying to handle all the different (only defined behavior)
semantically correct ways to manipulate arrays.
To illustrate my words, here is an example:
int t[4] = 0;
t[2] = some_var; // valid and represented in GIMPLE by a single
gassign stmt with LHS being an ARRAY_REF
*(t+2) = some_var; // valid and represented in GIMPLE by two
distincts gassign stmt with LHS_1 being a SSA_NAME and LHS_2 being a
MEM_REF
int *y = t + 1;
*(y+1) = some_var; // valid and represented in GIMPLE by two
distincts gassign stmt with LHS_1 being a SSA_NAME and LHS_2 being a
MEM_REF
In this example, the same memory is modified and correspond to 't[2]'.
What I'm trying to do is to determine have a correlation between the
region 't[2]' and the svalue '&t + 2 * sizeof(element)'.
I've manage to pass from the tree '&t + 2 * sizeof(element)' to the
corresponding region 't[2]' using the
/ana::region_model_manager::get_element_region/ API.
So that if I have the region corresponding to 't[2]' in the
/sm_state_map/, it is correctly found within the inner /hash_map//<const
region *, reg_entry_t>/.
It gets weird when working from going to the tree 't[2]' to the
corresponding svalue '&t + 2 * sizeof(element)'.
Basically for now, I used several approaches:
- I tried building the correspond tree using /buildN/ GIMPLE API and
then the /ana::region_model::get_rvalue/ API, I did had a result
being dumped as exactly what I needed, but the lookup (through
/ana::sm_context::get_state/) within the inner /hash_map <const
svalue *, entry_t>/ of /sm_state_map/ was failing even though the
same svalue was present in the /hash_map.
/I tried to understand what was happening, and basically, it seems
that the two svalues does not have the same address, though the same
hash, leading to the lookup failure.
- Right now, I am doing exactly the same to obtain the corresponding
svalue, but instead of using /ana::sm_context::get_state/, I am
iterating over all the live_values obtained through
/ana::region_model::get_reachable_svalues/ until I find the same
svalue in terms of semantics. Though, this is failing because there
is currently no way to compare svalue's semantic.
So, basically I'm kind of stuck here and I have no idea how to properly
go from a tree representation to its svalue/region one.
To explicit as much as possible I'm trying to do this:
- Pass from 'tree t[2]' to 'svalue &t + 2 * sizeof(element)'; ->
that part does not work
- Pass from 'tree t + 2' to 'region t[2]'; -> that part is working
Would you have any idea about an API I would have missed or anything else?
I can definitely share my code if anyone want to have a look at it.
Thanks for reading,
Cheers,
Pierrick
