Data Structure Analysis #222
Conversation
|
I'm a bit confused by the commit history here - some of Yousif's commits that are not ready to merge in yet have been included, but then later reverted? Is there a neater way to do things than that? |
sadrabt
force-pushed
the
points-to-analysis-alternate-merge
branch
from
90eec8e
to
5cda0e9
Compare
|
It'll take some time to get across all the details of this, so detailed comments would really help to make it easier to understand. One thing that makes the code more difficult to follow at the moment is the widespread use of tuples - is it possible that replacing those with case classes would make sense? |
sadrabt
force-pushed
the
points-to-analysis-alternate-merge
branch
from
fbcb303
to
fe5b3e7
Compare
sadrabt
force-pushed
the
points-to-analysis-alternate-merge
branch
from
fe5b3e7
to
f600c66
Compare
| import specification.Specification | ||
| import util.{BASILConfig, BoogieGeneratorConfig, ILLoadingConfig, IRContext, RunUtils, StaticAnalysisConfig} | ||
|
|
||
| class LocalTest extends AnyFunSuite, TestUtil { |
There was a problem hiding this comment.
Rather than 'LocalTest' wouldn't the name DSATest be clearer for this file & class?
| ignore("local jumptable2_clang main") { | ||
| val results = RunUtils.loadAndTranslate( | ||
| BASILConfig( | ||
| loading = ILLoadingConfig( | ||
| inputFile = "examples/jumptable2/jumptable2_clang.adt", | ||
| relfFile = "examples/jumptable2/jumptable2_clang.relf", | ||
| specFile = None, | ||
| dumpIL = None, | ||
| ), | ||
| staticAnalysis = Some(StaticAnalysisConfig()), | ||
| boogieTranslation = BoogieGeneratorConfig(), | ||
| outputPrefix = "boogie_out", | ||
| ) | ||
| ) | ||
| val program = results.ir.program | ||
| val dsg = results.analysis.get.locals.get(program.mainProcedure) | ||
| // assert(dsg.pointTo.size == 7) | ||
| // assert(dsg.stackMapping.isEmpty) | ||
| // assert(dsg.pointTo(dsg.globalMapping(AddressRange(69680, 69684))._1.cells(0))._1.node.get.collapsed) | ||
| } | ||
|
|
||
|
|
||
|
|
||
|
|
||
| ignore("interproc unsafe pointer arithmetic") { | ||
| // test interproc unification with points-to that have internal offsets into cells | ||
| } |
There was a problem hiding this comment.
Are these needed for anything? Should they be removed?
| assert(dsg.pointTo.size == 9) | ||
| assert(dsg.stackMapping.isEmpty) | ||
| println(dsg.globalMapping(AddressRange(69648, 69652))._1.cells(0)) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69648, 69652))._1.cells(0))._1.node.get.collapsed) | ||
|
|
||
| // initial global mappings | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69600, 69608))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(2136, 2136 + 124))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69656, 69656 + 24))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(1948, 1948 + 36))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69624, 69632))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(69656, 69656 + 24))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69608, 69616))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(2056, 2056 + 76))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69608, 69616))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(2056, 2056 + 76))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69656, 69656 + 24))._1.cells(8))._1.equals(dsg.globalMapping(AddressRange(1984, 1984 + 36))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69560, 69568))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(2264, 2268))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69656, 69656 + 24))._1.cells(16))._1.equals(dsg.globalMapping(AddressRange(2020, 2020 + 36))._1.cells(0))) | ||
| assert(dsg.pointTo(dsg.globalMapping(AddressRange(69584, 69584 + 8))._1.cells(0))._1.equals(dsg.globalMapping(AddressRange(69648, 69648 + 4))._1.cells(0))) |
There was a problem hiding this comment.
It's a bit hard to follow exactly what any of these tests are actually testing - comments for each assertion would be extremely useful and it would help if the tuple accesses could be replaced with the name of the fields. Accessing case classes as if they are tuples is a very obscure feature of Scala and makes the code very difficult to follow.
| // determine if an address is a global and return the corresponding global if it is. | ||
| def isGlobal(address: BigInt): Option[(AddressRange, Field)] = | ||
| var global: Option[(AddressRange, Field)] = None |
There was a problem hiding this comment.
This is another case that would benefit from using a case class instead of a tuple
| IRconstPropResult = analysisResult.last.IRconstPropResult, | ||
| memoryRegionResult = analysisResult.last.memoryRegionResult, | ||
| vsaResult = analysisResult.last.vsaResult, | ||
| interLiveVarsResults = analysisResult.last.interLiveVarsResults, |
There was a problem hiding this comment.
I don't think this analysis is ever actually run so you may want to re-enable it where it makes sense to
Adapted version of DSA for BASIL
includes symbolic access analysis and a reaching definitions analysis that works slightly differently from the one already implemented. (registers changed by a procedure call are defined by the call instruction)