From: David Malcolm <dmalcolm@redhat.com>
To: Ankur Saini <arsenic.secondary@gmail.com>
Cc: gcc@gcc.gnu.org
Subject: Re: daily report on extending static analyzer project [GSoC]
Date: Mon, 28 Jun 2021 19:39:57 -0400 [thread overview]
Message-ID: <9e97b67cc5eb55a3a526b1c263a9980915556ce1.camel@redhat.com> (raw)
In-Reply-To: <BE75EFAB-B8B4-45DA-82F5-49BE3B826F27@gmail.com>
On Mon, 2021-06-28 at 20:23 +0530, Ankur Saini wrote:
>
>
> > On 28-Jun-2021, at 12:18 AM, David Malcolm <dmalcolm@redhat.com>
> > wrote:
> > >
> > > >
> > > > >
> > > > > Q. But even if we find out which function to call, how will
> > > > > the
> > > > > analyzer know which snode does that function belong ?
> > > >
> > > > Use this method of supergraph:
> > > > supernode *get_node_for_function_entry (function *fun) const;
> > > > to get the supernode for the entrypoint of a given function.
> > > >
> > > > You can get the function * from a fndecl via
> > > > DECL_STRUCT_FUNCTION.
> > >
> > > so once we get fndecl, it should be comparatively smooth sailing
> > > from
> > > there.
> > >
> > > My attempt to get the value of function pointer from the state :
> > > -
> > >
> > > - to access the region model of the state, I tried to access
> > > “m_region_model” of that state.
> > > - now I want to access cluster for a function pointer.
> > > - but when looking at the accessible functions to region model
> > > class,
> > > I couldn’t seem to find the fitting one. ( the closest I could
> > > find
> > > was “region_model::get_reachable_svalues()” to get a set of all
> > > the
> > > svalues reachable from that model )
> >
> > In general you can use:
> > region_model::get_rvalue
> > to go from a tree to a symbolic value for what the analyzer
> > "thinks"
> > the value of that tree is at that point along the path.
> >
> > If it "knows" that it's a specific function pointer, then IIRC this
> > will return a region_svalue where region_svalue::get_pointee ()
> > will
> > (hopefully) point at the function_region representing the memory
> > holding the code of the function. function_region::get_fndecl
> > should
> > then give you the tree for the specific FUNCTION_DECL, from which
> > you
> > can find the supergraph node etc.
> >
> > It looks like
> > region_model::get_fndecl_for_call
> > might already do most of what you need, but it looks like it bails
> > out
> > for the "NULL cgraph_node" case. Maybe that needs fixing, so that
> > it
> > returns the fndecl for that case? That already gets used in some
> > places, so maybe try putting a breakpoint on that and see if fixing
> > that gets you further?
>
> shouldn’t the fn_decl should still have a cgraph_node if the function
> is declared in the program itself ? it should just not have an edge
> representing the call.
That would make sense. I'd suggest verifying that in the debugger.
> Because I was able to find the super-graph node just with the help of
> the function itself.
Great.
>
> this is how the function looks "exploded_node::on_edge()" right now.
>
> File: {$SCR_DIR}/gcc/analyzer/engine.cc
> 1305: bool
> 1306: exploded_node::on_edge (exploded_graph &eg,
> 1307: const superedge *succ,
> 1308: program_point *next_point,
> 1309: program_state *next_state,
> 1310: uncertainty_t *uncertainty)
> 1311: {
> 1312: LOG_FUNC (eg.get_logger ());
> 1313:
> 1314: if (succ->m_kind == SUPEREDGE_INTRAPROCEDURAL_CALL)
> 1315: {
> 1316: const program_point *this_point = &this->get_point();
> 1317: const program_state *this_state = &this->get_state ();
> 1318: const gcall *call = this_point->get_supernode ()-
> >get_final_call ();
> 1319:
> 1320: impl_region_model_context ctxt (eg,
> 1321: this,
> 1322: this_state,
> 1323: next_state,
> 1324: uncertainty,
> 1325: this_point->get_stmt());
> 1326:
> 1327: region_model *model = this_state->m_region_model;
> 1328: tree fn_decl = model->get_fndecl_for_call(call,&ctxt);
> 1329: if(DECL_STRUCT_FUNCTION(fn_decl))
> 1330: {
> 1331: const supergraph *sg = &eg.get_supergraph();
> 1332: supernode * sn = sg->get_node_for_function_entry
> (DECL_STRUCT_FUNCTION(fn_decl));
> 1333: // create enode and eedge ?
> 1334: }
> 1335: }
> 1336:
> 1337: if (!next_point->on_edge (eg, succ))
> 1338: return false;
> 1339:
> 1340: if (!next_state->on_edge (eg, this, succ, uncertainty))
> 1341: return false;
> 1342:
> 1343: return true;
> 1344: }
Looks promising.
>
> for now, it is also detecting calls that already have call_sedge
> connecting them, so I think I also have to filter them out.
Right, I think so too.
Dave
next prev parent reply other threads:[~2021-06-28 23:52 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 14:29 Ankur Saini
2021-06-24 20:53 ` David Malcolm
2021-06-25 15:03 ` Ankur Saini
2021-06-25 15:34 ` David Malcolm
2021-06-26 15:20 ` Ankur Saini
2021-06-27 18:48 ` David Malcolm
2021-06-28 14:53 ` Ankur Saini
2021-06-28 23:39 ` David Malcolm [this message]
2021-06-29 16:34 ` Ankur Saini
2021-06-29 19:53 ` David Malcolm
[not found] ` <AD7A4C2F-1451-4317-BE53-99DE9E9853AE@gmail.com>
2021-06-30 17:17 ` David Malcolm
2021-07-02 14:18 ` Ankur Saini
2021-07-03 14:37 ` Ankur Saini
2021-07-05 16:15 ` Ankur Saini
2021-07-06 23:11 ` David Malcolm
2021-07-06 22:46 ` David Malcolm
2021-07-06 22:50 ` David Malcolm
2021-07-07 13:52 ` Ankur Saini
2021-07-07 14:37 ` David Malcolm
2021-07-10 15:57 ` Ankur Saini
2021-07-11 17:01 ` Ankur Saini
2021-07-11 18:01 ` David Malcolm
2021-07-11 17:49 ` David Malcolm
2021-07-12 16:37 ` Ankur Saini
2021-07-14 17:11 ` Ankur Saini
2021-07-14 23:23 ` David Malcolm
2021-07-16 15:34 ` Ankur Saini
2021-07-16 21:27 ` David Malcolm
2021-07-21 16:14 ` Ankur Saini
2021-07-22 17:10 ` Ankur Saini
2021-07-22 23:21 ` David Malcolm
2021-07-24 16:35 ` Ankur Saini
2021-07-27 15:05 ` Ankur Saini
2021-07-28 15:49 ` Ankur Saini
2021-07-29 12:50 ` Ankur Saini
2021-07-30 0:05 ` David Malcolm
[not found] ` <ACE21DBF-8163-4F28-B755-6B05FDA27A0E@gmail.com>
2021-07-30 14:48 ` David Malcolm
2021-08-03 16:12 ` Ankur Saini
2021-08-04 16:02 ` Ankur Saini
2021-08-04 23:26 ` David Malcolm
2021-08-05 14:57 ` Ankur Saini
2021-08-05 23:09 ` David Malcolm
2021-08-06 15:41 ` Ankur Saini
2021-07-22 23:07 ` David Malcolm
2021-07-14 23:07 ` David Malcolm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e97b67cc5eb55a3a526b1c263a9980915556ce1.camel@redhat.com \
--to=dmalcolm@redhat.com \
--cc=arsenic.secondary@gmail.com \
--cc=gcc@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).