#include <stdio.h>#include <string.h>#include <stdlib.h>#include "genC.h"#include "linear.h"#include "ri.h"#include "effects.h"#include "ri-util.h"#include "prettyprint.h"#include "effects-util.h"#include "text-util.h"#include "misc.h"#include "properties.h"
Include dependency graph for points_to.c:
Go to the source code of this file.
Functions | |
| cell | make_anywhere_points_to_cell (type t) |
| Function storing points to information attached to a statement. More... | |
| bool | formal_parameter_points_to_cell_p (cell c) |
| bool | stub_points_to_cell_p (cell c) |
| bool | points_to_cell_in_list_p (cell c, list L) |
| list | merge_points_to_cell_lists (list l1, list l2) |
| Add in "l1" elements of "l2" that are not yet in "l1". More... | |
| bool | related_points_to_cell_in_list_p (cell c, list L) |
| Two cells are related if they are based on the same entity. More... | |
| bool | related_points_to_cells_p (cell c1, cell c2) |
| void | fprint_points_to_cell (FILE *f __attribute__((unused)), cell c) |
| Debug: print a cell list for points-to. More... | |
| void | print_points_to_cell (cell c) |
| Debug: use stderr. More... | |
| void | print_points_to_cells (list cl) |
| Debug. More... | |
| bool | field_reference_expression_p (expression e) |
| Check if expression "e" is a reference to a struct field. More... | |
| int | points_to_reference_to_final_dimension (reference r) |
| Compute the number of array subscript at the end of a points_to_reference. More... | |
| void | points_to_reference_update_final_subscripts (reference r, list nsl) |
| Substitute the subscripts "sl" in points-to reference "r" just after the last field subscript by "nsl". More... | |
| list | points_to_reference_to_typed_index (reference r, type t) |
| Look for the index in "r" that corresponds to a pointer of type "t" and return the corresponding element list. More... | |
| bool | atomic_points_to_cell_p (cell c) |
| Is it a unique concrete memory location? More... | |
| bool | generic_atomic_points_to_cell_p (cell c, bool strict_p) |
| Is it a unique concrete memory location? More... | |
| bool | generic_atomic_points_to_reference_p (reference r, bool strict_p) |
| Is it a unique concrete memory location? More... | |
| bool | atomic_points_to_reference_p (reference r) |
| bool | points_to_cells_intersect_p (cell lc, cell rc) |
| points-to cells use abstract addresses, hence the proper comparison is an intersection. More... | |
| cell | points_to_cells_minimal_upper_bound (list cl __attribute__((unused))) |
| Allocate a cell that is the minimal upper bound of the cells in list "cl" according to the points-to cell lattice... More... | |
| entity | points_to_cells_minimal_module_upper_bound (list cl __attribute__((unused))) |
| type | points_to_cells_minimal_type_upper_bound (list cl __attribute__((unused))) |
| reference | points_to_cells_minimal_reference_upper_bound (entity m __attribute__((unused)), type t __attribute__((unused)), list cl __attribute__((unused))) |
| bool | points_to_array_reference_p (reference r) |
| Is this a reference to an array or a reference to a pointer? This is not linked to the type of the reference, as a reference may be a pointer, such as "a[10]" when "a" is declared int "a[10][20]". More... | |
| type | points_to_array_reference_to_type (reference r) |
| If this is an array reference, what is the type of the underlying array type? More... | |
| void | complete_points_to_reference_with_fixed_subscripts (reference r, bool zero_p) |
| Add a set of zero subscripts to a constant memory path reference "r" by side effect. More... | |
| void | complete_points_to_reference_with_zero_subscripts (reference r) |
| bool | cells_must_point_to_null_p (list cl) |
| bool | cells_may_not_point_to_null_p (list cl) |
| bool | cell_points_to_non_null_sink_in_set_p (cell source, set pts) |
| A set of functions called cell_points_to_xxxx(cell s, set pts) where set pts is a points-to relation set. More... | |
| bool | cell_points_to_nowhere_sink_in_set_p (cell source, set pts) |
| bool | cell_must_point_to_nowhere_sink_in_set_p (cell source, set pts) |
| How are array handled in pts? do we have arcs "a->a"? More... | |
| bool | cell_points_to_null_sink_in_set_p (cell source, set pts) |
| bool | points_to_cell_equal_p (cell c1, cell c2) |
| bool | similar_arc_in_points_to_set_p (points_to spt, set in, approximation *pa) |
| See if an arc like "spt" exists in set "in", regardless of its approximation. More... | |
| list | points_to_cell_to_upper_bound_points_to_cells (cell c) |
| Return a list of cells that are larger than cell "c" in the points-to cell lattice. More... | |
| list | points_to_cells_to_upper_bound_points_to_cells (list cl) |
| Add to list "l" cells that are upper bound cells of the cells already in list "l" and return list "l". More... | |
| bool | exact_points_to_subscript_list_p (list sl) |
| See if the subscript list sl is precise, i.e. More... | |
| bool | compatible_points_to_subscripts_p (expression s1, expression s2) |
| Two subscript are compatible if they are equal or if one of them is unbounded. More... | |
| points_to | points_to_with_stripped_sink (points_to pt, int(*line_number_func)(void)) |
| The value of the source can often be expressed with different subscript lists. More... | |
| bool | recursive_store_independent_points_to_reference_p (type t, list sl) |
| bool | store_independent_points_to_reference_p (reference r) |
| Functions for points-to references, the kind of references used in points-to cells. More... | |
| bool | constant_points_to_indices_p (list sl) |
| check that the subscript list il is either empty or made of integers or fields. More... | |
| bool | store_independent_points_to_indices_p (list sl) |
| check that the subscript list il is either empty or made of integers or fields or unbounded entity "*". More... | |
Function Documentation
◆ atomic_points_to_cell_p()
Is it a unique concrete memory location?
Plus NULL? No doubt about the value of the pointer...
Plus undefined? No doubt about the indeterminate value of the pointer according to C standard...
Definition at line 423 of file points_to.c.
References atomic_points_to_reference_p(), cell_any_reference(), nowhere_cell_p(), and null_cell_p().
Referenced by atomic_effect_p(), compute_points_to_gen_set(), compute_points_to_kill_set(), equal_condition_to_points_to(), freed_list_to_points_to(), non_equal_condition_to_points_to(), null_equal_condition_to_points_to(), and points_to_function_projection().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ atomic_points_to_reference_p()
Definition at line 519 of file points_to.c.
References generic_atomic_points_to_reference_p().
Referenced by atomic_points_to_cell_p(), and substitute_stubs_in_transformer().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cell_must_point_to_nowhere_sink_in_set_p()
How are array handled in pts? do we have arcs "a->a"?
- Parameters
-
source ource pts ts
Definition at line 870 of file points_to.c.
References approximation_exact_p, approximation_must_p, array_type_p(), cell_equal_p(), nowhere_cell_p(), null_cell_p(), pips_assert, pointer_type_p(), points_to_approximation, points_to_cell_to_concrete_type(), points_to_sink, points_to_source, and SET_FOREACH.
Referenced by recursive_filter_formal_context_according_to_actual_context().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cell_points_to_non_null_sink_in_set_p()
A set of functions called cell_points_to_xxxx(cell s, set pts) where set pts is a points-to relation set.
The definition domain of these functions is key to their use:
- if the type of the source s is not a pointer type, should we return false or abort because s is not in the definition domain?
- if source s does not appear at all in pts, should we return false or abort because s is not in the definition domain?
If both conditions are selected, the resulting definition domain is the definition domain of the mapping pts.
If a more relaxed definition domain is sometimes useful, then strict and non-strict versions of these functions should be provided, with a clear semantics for their true and false results.
Because cell s may point to one or many cells in pts, which is a relation and not a mapping, the caller may be interested in a may or must point. The information may be convened directly by using distinct function names, cell_must_points_to_xxxx or cell_may_points_to_xxxx, or by adding a pointer to a boolean, exact_p, in the function profiles, which may save time by not looping twice on pts arcs.
This can be implemented using the approximation information of the arcs in pts... if it is trusted. Or recomputed from the arcs in pts.
Flexibility is also introduced by the use of cell_equivalent_p() instead of cell_equal_p(). If the former is used, cells derived from cell s are considered when s if not a pointer. This leads to weird behaviors. For instance, if the source s is a struct, s.f1 and s.f2 will be considered. If s.f1 points to some concrete location and s.f2 points to nowhere (undefined pointer), what result should be returned? The advantage is that the caller does not have to generate s.f1 and s.f2 which are simply found in set pts. Does cell "source" points toward a non null fully defined cell in points-to set pts?
The function name is not well chosen. Something like cell_points_to_defined_cell_p()/
- Parameters
-
source ource pts ts
Definition at line 822 of file points_to.c.
References array_type_p(), cell_equal_p(), nowhere_cell_p(), null_cell_p(), pips_assert, pointer_type_p(), points_to_cell_to_concrete_type(), points_to_sink, points_to_source, and SET_FOREACH.
Referenced by filter_formal_context_according_to_actual_context(), new_filter_formal_context_according_to_actual_context(), and recursive_filter_formal_context_according_to_actual_context().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cell_points_to_nowhere_sink_in_set_p()
- Parameters
-
source ource pts ts
Definition at line 845 of file points_to.c.
References array_type_p(), cell_equal_p(), nowhere_cell_p(), null_cell_p(), pips_assert, pointer_type_p(), points_to_cell_to_concrete_type(), points_to_sink, points_to_source, and SET_FOREACH.
Referenced by recursive_filter_formal_context_according_to_actual_context().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cell_points_to_null_sink_in_set_p()
- Parameters
-
source ource pts ts
Definition at line 898 of file points_to.c.
References array_type_p(), cell_equal_p(), null_cell_p(), pips_assert, pointer_type_p(), points_to_cell_to_concrete_type(), points_to_sink, points_to_source, and SET_FOREACH.
Referenced by recursive_filter_formal_context_according_to_actual_context().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cells_may_not_point_to_null_p()
- Parameters
-
cl l
Definition at line 763 of file points_to.c.
References CELL, ENDP, FOREACH, nowhere_cell_p(), null_cell_p(), and pips_assert.
Referenced by intrinsic_call_condition_to_points_to().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cells_must_point_to_null_p()
- Parameters
-
cl l
Definition at line 750 of file points_to.c.
References CELL, ENDP, FOREACH, null_cell_p(), and pips_assert.
Referenced by intrinsic_call_condition_to_points_to().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ compatible_points_to_subscripts_p()
| bool compatible_points_to_subscripts_p | ( | expression | s1, |
| expression | s2 | ||
| ) |
Two subscript are compatible if they are equal or if one of them is unbounded.
In the ponts-to context s1 and s2 should be either integer constants or field references.
- Parameters
-
s1 1 s2 2
Definition at line 1041 of file points_to.c.
References expression_equal_p(), s1, and unbounded_expression_p().
Referenced by points_to_cell_translation().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ complete_points_to_reference_with_fixed_subscripts()
Add a set of zero subscripts to a constant memory path reference "r" by side effect.
Used when a partial array reference must be converted into a reference to the first array element (zero_p==true) or to any element (zero_p==false).
The difficulty lies with field subscripts...
Find the current number of effective subscripts: is there a field subscript somewhere?
FI: this may happen when reference "r" is not a constant memory path
- Parameters
-
zero_p ero_p
Definition at line 696 of file points_to.c.
References CONS, entity_basic_concrete_type(), EXPRESSION, expression_reference(), f(), field_expression_p(), FOREACH, gen_length(), gen_nconc(), gen_nreverse(), int, int_to_expression(), make_unbounded_expression(), NIL, pips_assert, reference_indices, reference_variable, type_undefined, type_variable, and variable_dimensions.
Referenced by complete_points_to_reference_with_zero_subscripts().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ complete_points_to_reference_with_zero_subscripts()
| void complete_points_to_reference_with_zero_subscripts | ( | reference | r | ) |
Definition at line 745 of file points_to.c.
References complete_points_to_reference_with_fixed_subscripts().
Referenced by dereferencing_subscript_to_points_to(), process_casted_sinks(), process_casted_sources(), and subscript_to_points_to_sinks().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ constant_points_to_indices_p()
check that the subscript list il is either empty or made of integers or fields.
- Parameters
-
sl l
Definition at line 1272 of file points_to.c.
References constant_p(), entity_field_p(), EXPRESSION, expression_syntax, extended_integer_constant_expression_p(), f(), FOREACH, reference_variable, syntax_reference, and syntax_reference_p.
Here is the call graph for this function:
◆ exact_points_to_subscript_list_p()
See if the subscript list sl is precise, i.e.
if is does not contain any unbounded expression.
It is assumed that it is a points-to subscript list. Each subscript is either an integer constant, or a field reference or an unbounded expression.
This function may have been defined several times...
- Parameters
-
sl l
Definition at line 1027 of file points_to.c.
References EXPRESSION, FOREACH, and unbounded_expression_p().
Here is the call graph for this function:
◆ field_reference_expression_p()
| bool field_reference_expression_p | ( | expression | e | ) |
Check if expression "e" is a reference to a struct field.
Definition at line 224 of file points_to.c.
References entity_field_p(), expression_syntax, f(), reference_variable, syntax_reference, and syntax_reference_p.
Referenced by points_to_array_reference_p(), points_to_array_reference_to_type(), points_to_reference_to_final_dimension(), points_to_reference_update_final_subscripts(), and reduce_cell_to_pointer_type().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ formal_parameter_points_to_cell_p()
Definition at line 99 of file points_to.c.
References cell_any_reference(), formal_parameter_p(), and reference_variable.
Referenced by points_to_to_context_points_to().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ fprint_points_to_cell()
Debug: print a cell list for points-to.
Parameter f is not useful in a debugging context.
Definition at line 178 of file points_to.c.
References cell_any_reference(), cell_domain, cell_domain_number, cell_undefined_p, fprintf(), and print_reference().
Referenced by print_points_to_cell().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ generic_atomic_points_to_cell_p()
Is it a unique concrete memory location?
If strict_p, stubs are not considered atomic, as is the case in an interprocedural setting since they can be associated to several cells in the caller frame.
Else, stubs are not considered non atomic per se.
- Parameters
-
strict_p trict_p
Definition at line 452 of file points_to.c.
References cell_any_reference(), generic_atomic_points_to_reference_p(), and null_cell_p().
Referenced by add_implicitly_killed_arcs_to_kill_set(), freed_list_to_points_to(), list_assignment_to_points_to(), and upgrade_approximations_in_points_to_set().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ generic_atomic_points_to_reference_p()
Is it a unique concrete memory location?
No, if it is a reference to an abstract location.
No, if the subscripts include an unbounded expression.
Very preliminary version. One of the keys to Amira Mensi's work.
More about stubs: a stub is not NULL but there is no information to know if they represent one address or a set of addresses. Unless the intraprocedural points-to analysis is performed for each combination of atomic/non-atomic stub, safety implies that stub-based references are not atomic (strict_p=true). In some other cases, you know that a stub does represent a unique location (strict_p=false).
Note: it is assumed that the reference is a points-to reference. All subscripts are constants, field references or unbounded expressions.
Note: FI, I have a probleme when calling this function from a proper effects environment. In that case, stubs might be assumed to be unique memory locations. The exactness information can be derived from the numer of targets in the matching list.
Note 2: FI, I do not understand why the type of the reference is not taken into account.
- Parameters
-
strict_p trict_p
Definition at line 489 of file points_to.c.
References entity_anywhere_locations_p(), entity_heap_location_p(), entity_null_locations_p(), entity_stub_sink_p(), entity_typed_anywhere_locations_p(), entity_typed_nowhere_locations_p(), EXPRESSION, expression_range_p(), FOREACH, reference_indices, reference_variable, and unbounded_expression_p().
Referenced by analyzed_reference_p(), atomic_points_to_reference_p(), create_values_for_simple_effect(), generic_atomic_points_to_cell_p(), generic_transform_sink_cells_from_matching_list(), and substitute_stubs_in_transformer_with_translation_binding().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ make_anywhere_points_to_cell()
Function storing points to information attached to a statement.
Generate a global variable holding a statement_points_to, a mapping from statements to lists of points-to arcs. The variable is called "pt_to_list_object".
The macro also generates a set of functions used to deal with this global variables.
The functions are defined in newgen_generic_function.h:
set_pt_to_list(o)
store_pt_to_list(k, v)
update_pt_to_list(k, v)
load_pt_to_list(k)
delete_pt_to_list(k)
bound_pt_to_list_p(k)
store_or_update_pt_to_list(k, v) Functions specific to points-to analysis
Definition at line 87 of file points_to.c.
References ANYWHERE_LOCATION, entity_all_locations(), entity_all_xxx_locations_typed(), entity_undefined, get_bool_property(), make_cell_reference(), make_reference(), and NIL.
Referenced by anywhere_source_to_sinks(), assignment_to_points_to(), gen_may_set(), gen_must_set(), list_assignment_to_points_to(), points_to_cells_minimal_upper_bound(), process_casted_sinks(), process_casted_sources(), semantics_expression_to_points_to_sinks(), and source_to_sinks().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ merge_points_to_cell_lists()
Add in "l1" elements of "l2" that are not yet in "l1".
List "l2" is then destroyed.
This is a set union.
- Parameters
-
l1 1 l2 2
Definition at line 134 of file points_to.c.
References CELL, CONS, FOREACH, gen_free_list(), gen_nconc(), gen_nreverse(), NIL, and points_to_cell_in_list_p().
Referenced by dereferencing_to_sinks().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_array_reference_p()
Is this a reference to an array or a reference to a pointer? This is not linked to the type of the reference, as a reference may be a pointer, such as "a[10]" when "a" is declared int "a[10][20]".
Look for the last field among the subscript
Definition at line 599 of file points_to.c.
References array_type_p(), ENDP, entity_basic_concrete_type(), EXPRESSION, expression_reference(), f(), field_reference_expression_p(), FOREACH, gen_length(), gen_nreverse(), int, reference_indices, reference_variable, type_undefined, type_undefined_p, type_variable, and variable_dimensions.
Referenced by points_to_cell_add_fixed_subscripts(), and subscript_to_points_to_sinks().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_array_reference_to_type()
If this is an array reference, what is the type of the underlying array type?
This information cannot be obtained by direct type information because subarrays are typed as pointers to even smaller arrays.
If it is not an array reference, the returned type is undefined.
No new type is allocated.
Look for the last field among the subscript
Definition at line 657 of file points_to.c.
References ENDP, entity_basic_concrete_type(), EXPRESSION, expression_reference(), f(), field_reference_expression_p(), FOREACH, gen_nreverse(), reference_indices, reference_variable, type_undefined, and type_undefined_p.
Referenced by points_to_cell_add_fixed_subscripts().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_cell_equal_p()
- Parameters
-
c1 1 c2 2
Definition at line 916 of file points_to.c.
References cell_any_reference(), and reference_equal_p().
Referenced by add_implicitly_killed_arcs_to_kill_set(), compute_points_to_kill_set(), dereferencing_subscript_to_points_to(), expand_points_to_domain(), freed_list_to_points_to(), fuse_points_to_sink_cells(), memory_leak_to_more_memory_leaks(), non_equal_condition_to_points_to(), potential_to_effective_memory_leaks(), remove_points_to_cell(), similar_arc_in_points_to_set_p(), update_points_to_graph_with_arc(), and user_call_to_points_to_fast_interprocedural().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_cell_in_list_p()
Definition at line 117 of file points_to.c.
References CELL, cell_equal_p(), and FOREACH.
Referenced by add_implicitly_killed_arcs_to_kill_set(), compute_points_to_gen_set(), filter_formal_out_context_according_to_formal_in_context(), freed_list_to_points_to(), generic_points_to_set_to_stub_cell_list(), generic_points_to_source_to_sinks(), lower_points_to_approximations_according_to_write_effects(), merge_points_to_cell_lists(), points_to_cell_list_and(), recursive_filter_formal_context_according_to_actual_context(), reference_to_points_to_translations(), and translation_transitive_closure().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_cell_to_upper_bound_points_to_cells()
Return a list of cells that are larger than cell "c" in the points-to cell lattice.
This goal is quite open because a[1][2] is dominated by both a[*][2] and a[1][*], then by a[*][*]. Assuming "a" is variable of function "foo", then we have "foo:*STACK*_b0", "*ANYMODULE*:*STACK*_b0", "foo:*ANYWHERE*_b0", "*ANYMODULE*:*ANYWHERE*_b0", "*ANYMODULE*:*ANYWHERE*".
They would all be useful to guarantee the consistency of the points-to information wrt the points-to cell lattice, but we'd rather maintain a partially consistent points-to graph and rely on functions using it to add the necessary points-to arcs.
A lattice-consistent points-to graph would contain too many arcs as x->y implies x'->y' for all x' bigger than x and y' bigger then y...
For the time being, we only need to convert a[i][j][k] into a[*][*][*] when i, j and k are real subscript expressions, not fields.
We return an empty list when cell "c" does not need any upper bound, as is the case with a, a[f] where f is a field, a[*] and all the abstract locations.
So, for the time being, this function returns a list with one or zero elements.
Definition at line 973 of file points_to.c.
References CELL, cell_any_reference(), CONS, copy_expression(), entity_abstract_location_p(), EXPRESSION, expression_undefined, FOREACH, gen_full_free_list(), gen_nreverse(), integer_expression_p(), make_cell_reference(), make_reference(), make_unbounded_expression(), NIL, reference_indices, and reference_variable.
Referenced by points_to_cells_to_upper_bound_points_to_cells().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_cells_intersect_p()
points-to cells use abstract addresses, hence the proper comparison is an intersection.
simple references are considered to be singleton.
Assume no aliasing between variables and within data structures.
It is safe to assume intersection...
- Parameters
-
lc c rc c
Definition at line 532 of file points_to.c.
References cell_any_reference(), cell_equal_p(), entities_may_conflict_p(), and reference_variable.
Referenced by equal_condition_to_points_to().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_cells_minimal_module_upper_bound()
Definition at line 578 of file points_to.c.
References entity_undefined.
Referenced by points_to_cells_minimal_upper_bound().
Here is the caller graph for this function:
◆ points_to_cells_minimal_reference_upper_bound()
| reference points_to_cells_minimal_reference_upper_bound | ( | entity m | __attribute__(unused), |
| type t | __attribute__(unused), | ||
| list cl | __attribute__(unused) | ||
| ) |
Definition at line 590 of file points_to.c.
References reference_undefined.
Referenced by points_to_cells_minimal_upper_bound().
Here is the caller graph for this function:
◆ points_to_cells_minimal_type_upper_bound()
Definition at line 584 of file points_to.c.
References type_undefined.
Referenced by points_to_cells_minimal_upper_bound().
Here is the caller graph for this function:
◆ points_to_cells_minimal_upper_bound()
Allocate a cell that is the minimal upper bound of the cells in list "cl" according to the points-to cell lattice...
An over-approximation is always safe. So, an anywhere cell, typed or not, can be returned in a first drat implementation.
The points-to cell lattice is the product of three lattices, the module lattice, the type lattice and the abstracct reference lattice...
Definition at line 565 of file points_to.c.
References make_anywhere_points_to_cell(), make_cell_reference(), make_scalar_overloaded_type(), points_to_cells_minimal_module_upper_bound(), points_to_cells_minimal_reference_upper_bound(), and points_to_cells_minimal_type_upper_bound().
Here is the call graph for this function:
◆ points_to_cells_to_upper_bound_points_to_cells()
Add to list "l" cells that are upper bound cells of the cells already in list "l" and return list "l".
- Parameters
-
cl l
Definition at line 1007 of file points_to.c.
References CELL, FOREACH, gen_nconc(), NIL, and points_to_cell_to_upper_bound_points_to_cells().
Here is the call graph for this function:
◆ points_to_reference_to_final_dimension()
Compute the number of array subscript at the end of a points_to_reference.
Look for the last field subscript and count the number of subscripts after it. If no field susbcript is found, then all subscripts are final array subscripts.
To make thinks easier, the subscript list is reversed.
Definition at line 244 of file points_to.c.
References EXPRESSION, field_reference_expression_p(), FOREACH, gen_nreverse(), and reference_indices.
Here is the call graph for this function:
◆ points_to_reference_to_typed_index()
Look for the index in "r" that corresponds to a pointer of type "t" and return the corresponding element list.
In other words, the type of "&r" is "t".
It is done in a very inefficient way
Definition at line 361 of file points_to.c.
References array_pointer_type_equal_p(), C_pointer_type_p(), C_type_to_pointed_type(), CONS, copy_expression(), entity_heap_location_p(), entity_local_name(), EXPRESSION, free_reference(), free_type(), gen_last(), gen_length(), gen_nconc(), gen_nth(), gen_nthcdr(), int, list_undefined, make_reference(), NIL, pips_assert, pips_internal_error, pips_user_error, points_to_reference_to_type(), reference_indices, and reference_variable.
Referenced by offset_array_reference().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_reference_update_final_subscripts()
Substitute the subscripts "sl" in points-to reference "r" just after the last field subscript by "nsl".
"sl" must be broken into three parts, possibly empty:
- The first part that ends up at the last field reference. It may be empty when no field is referenced.
- The second part that starts just after the last field reference and that counts at most as many elements as the new subscript list, "nsl". This part must be substituted.
- The third part that is left unchanged after substitution.
Issue: how do you know that the initial array subscript must be preserved because it is an implicit dimension added for pointer arithmetics?
build sl1
- Parameters
-
nsl sl
Definition at line 278 of file points_to.c.
References CONS, ENDP, EXPRESSION, expression_to_type(), field_reference_expression_p(), FOREACH, free_expression(), free_type(), gen_free_list(), gen_length(), gen_nconc(), gen_nreverse(), int, NIL, pips_internal_error, pointer_type_p(), and reference_indices.
Referenced by subscript_to_points_to_sinks().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ points_to_with_stripped_sink()
The value of the source can often be expressed with different subscript lists.
For instance, a, a[0], a[0][0] have different types but the same value if a is a 2-D array.
This function allocated a new points-to object whose sink has a minimal number of indices.
FI: I have added this function to deal with pointers to arrays. It is called from generic_reference_to_points_to_matching_list() to try to adapt the points-to information to the undefined requirements of Beatrice's functions for regions_with_points_to. I do not think the function below is correct when structs are involved... The stripping may be useful, but it should be much more careful.
adapt_reference_to_type() might be better here to adjust the subscripts in sink.
Add the implicit dimension
Dealing with the special case of a constant p -> "foo"
The other option would be to accept "foo"[0] as a valid reference... Extending references to constant functions is a first step...
- Parameters
-
pt t
Definition at line 1074 of file points_to.c.
References adapt_reference_to_type(), anywhere_cell_p(), CAR, cell_any_reference(), cell_typed_anywhere_locations_p(), cell_undefined, char_star_constant_function_type_p(), char_type_p(), CONS, copy_approximation(), copy_cell(), copy_expression(), ENDP, EXPRESSION, gen_nreverse(), get_bool_property(), heap_cell_p(), list_undefined, make_cell_reference(), make_descriptor_none(), make_points_to(), make_reference(), NIL, nowhere_cell_p(), null_cell_p(), pips_internal_error, pointer_type_p(), points_to_approximation, points_to_cell_to_concrete_type(), points_to_reference_to_concrete_type(), points_to_sink, points_to_source, POP, reference_indices, reference_variable, safe_type_to_string(), and type_to_pointed_type().
Referenced by generic_reference_to_points_to_matching_list().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_points_to_cell()
| void print_points_to_cell | ( | cell | c | ) |
Debug: use stderr.
Definition at line 196 of file points_to.c.
References fprint_points_to_cell().
Referenced by print_points_to_cells().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_points_to_cells()
| void print_points_to_cells | ( | list | cl | ) |
Debug.
- Parameters
-
cl l
Definition at line 202 of file points_to.c.
References CDR, CELL, cell_any_reference(), ENDP, entity_local_name(), entity_module_name(), entity_undefined_p, FOREACH, fprintf(), get_current_module_entity(), module_name_to_entity(), MODULE_SEP_STRING, print_points_to_cell(), and reference_variable.
Here is the call graph for this function:
◆ recursive_store_independent_points_to_reference_p()
- Parameters
-
t any type, but here initial reference type sl remaining subscript list, all subscripts are supposed to be store independent
- Returns
- true none of the subsequence subscript implies a dereferencing
Reduce the length of the subscript list
There are indices because of the first test on the number of subscripts
- Parameters
-
sl l
Definition at line 1169 of file points_to.c.
References array_type_dimension(), array_type_p(), array_type_to_element_type(), CAR, CDR, ENDP, entity_basic_concrete_type(), EXPRESSION, expression_reference(), f(), gen_length(), pips_internal_error, pointer_type_p(), recursive_store_independent_points_to_reference_p(), reference_variable, and struct_type_p().
Referenced by recursive_store_independent_points_to_reference_p(), and store_independent_points_to_reference_p().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ related_points_to_cell_in_list_p()
Two cells are related if they are based on the same entity.
Definition at line 149 of file points_to.c.
References CELL, cell_any_reference(), FOREACH, and reference_variable.
Referenced by filter_formal_context_according_to_actual_context(), freed_list_to_points_to(), new_filter_formal_context_according_to_actual_context(), and recursive_filter_formal_context_according_to_actual_context().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ related_points_to_cells_p()
- Parameters
-
c1 1 c2 2
Definition at line 165 of file points_to.c.
References cell_any_reference(), and reference_variable.
Referenced by sink_to_sources(), and unreachable_points_to_cell_p().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ similar_arc_in_points_to_set_p()
| bool similar_arc_in_points_to_set_p | ( | points_to | spt, |
| set | in, | ||
| approximation * | pa | ||
| ) |
See if an arc like "spt" exists in set "in", regardless of its approximation.
If yes, returns the approximation of the arc found in "in".
See also arc_in_points_to_set_p(), which requires full identity
- Parameters
-
spt pt in n pa a
Definition at line 929 of file points_to.c.
References points_to_approximation, points_to_cell_equal_p(), points_to_sink, points_to_source, and SET_FOREACH.
Referenced by filter_formal_out_context_according_to_formal_in_context().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ store_independent_points_to_indices_p()
check that the subscript list il is either empty or made of integers or fields or unbounded entity "*".
What would you do with a constant range ?
- Parameters
-
sl l
Definition at line 1301 of file points_to.c.
References call_function, constant_p(), entity_field_p(), EXPRESSION, expression_syntax, extended_integer_constant_expression_p(), f(), FOREACH, reference_variable, syntax_call, syntax_call_p, syntax_reference, syntax_reference_p, and unbounded_entity_p().
Referenced by store_independent_points_to_reference_p().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ store_independent_points_to_reference_p()
Functions for points-to references, the kind of references used in points-to cells.
Does this points-to reference define the same set of memory locations regardless of the current (environment and) memory state?
The reference indices can be used to encode fields in data structures and can be applied to pointers as offset.
The types associated to the reference and to prefixes of the index list change. So a pointer dereferencing can be hidden anywhere. For instance, a[i][2] can be:
- a 2-D array element,
- a[i]+2 if a[i] is a 1-D array of pointers,
- a.i[2], the second element of a 1-D array embedded as field i in struct a,
- a.i+2, if field i is a pointer embedded as field i in struct a,
- &a[i][2][0]... if a is an array of dimension 3 or more
Remember that *p is equivalent and encoded as p[0].
To guarantee store independence, either
- the list of indices is empty, which covers abstract locations such as anywhere, null, etc.
or
- the list of indices is a list of integer constants and fields and none of the intermediate types that are still indexed are pointers unless a multidimensional array is used...
Beware of named types...
Definition at line 1247 of file points_to.c.
References ENDP, entity_basic_concrete_type(), recursive_store_independent_points_to_reference_p(), reference_indices, reference_variable, store_independent_points_to_indices_p(), and type_functional_p.
Referenced by analyzed_reference_p(), assign_rhs_to_reflhs_to_transformer(), consistent_points_to_arc_p(), and reference_to_address_entity().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ stub_points_to_cell_p()
Definition at line 108 of file points_to.c.
References cell_any_reference(), entity_stub_sink_p(), and reference_variable.
Referenced by freeable_points_to_cells(), freed_list_to_points_to(), freed_pointer_to_points_to(), null_equal_condition_to_points_to(), and points_to_to_context_points_to().
Here is the call graph for this function:
Here is the caller graph for this function:
