SymHeapCore - the elementary representation of the state of program memory. More...
#include <symheap.hh>
Public Member Functions | |
| SymHeapCore (TStorRef, Trace::Node *) | |
| create an empty symbolic heap More... | |
| virtual | ~SymHeapCore () |
| destruction of the symbolic heap invalidates all IDs of its entities More... | |
| SymHeapCore (const SymHeapCore &) | |
| relatively cheap operation as long as SH_COPY_ON_WRITE is enabled More... | |
| SymHeapCore & | operator= (const SymHeapCore &) |
| relatively cheap operation as long as SH_COPY_ON_WRITE is enabled More... | |
| virtual void | swap (SymHeapCore &) |
| exchange the contents with the other heap (works in constant time) More... | |
| TStorRef | stor () const |
| each symbolic heap is associated with a CodeStorage model of code More... | |
| Trace::Node * | traceNode () const |
| each symbolic heap is associated with a trace graph node More... | |
| void | traceUpdate (Trace::Node *) |
| update the current trace graph node that the heap is associated with More... | |
| unsigned | lastId () const |
| the last assigned ID of a heap entity (not necessarily still valid) More... | |
| void | usedBy (FldList &dst, TValId val, bool liveOnly=false) const |
| collect all objects having the given value inside More... | |
| unsigned | usedByCount (TValId val) const |
| return how many objects have the value inside More... | |
| void | pointedBy (FldList &dst, TObjId) const |
| return all objects that point at/inside the given object More... | |
| unsigned | pointedByCount (TObjId) const |
| return how many objects point at/inside the given object More... | |
| void | writeUniformBlock (const TObjId obj, const UniformBlock &ub, TValSet *killedPtrs=0) |
| write an uninitialized or nullified block of memory More... | |
| void | copyBlockOfRawMemory (const TValId dst, const TValId src, const TSizeOf size, TValSet *killedPtrs=0) |
| copy 'size' bytes of raw memory from 'src' to 'dst' More... | |
| void | addNeq (TValId v1, TValId v2) |
| define an explicit Neq predicate More... | |
| void | delNeq (TValId v1, TValId v2) |
| remove an explicit Neq predicate if defined More... | |
| bool | chkNeq (TValId v1, TValId v2) const |
| true if there is an explicit Neq relation over the given values More... | |
| void | gatherRelatedValues (TValList &dst, TValId val) const |
| collect values connect with the given value via an extra predicate More... | |
| void | copyRelevantPreds (SymHeapCore &dst, const TValMap &valMap) const |
| transfer as many as possible extra heap predicates from this to dst More... | |
| bool | matchPreds (const SymHeapCore &ref, const TValMap &valMap, const bool nonZeroOnly=false) const |
| true if all Neq predicates can be mapped to Neq predicates in ref More... | |
| TValId | valByOffset (TValId, TOffset offset) |
| translate the given address by the given offset More... | |
| TValId | valByRange (TValId at, IR::Range range) |
| create (or recycle) a VT_RANGE value at the given allocated address More... | |
| TValId | valShift (TValId valToShift, TValId shiftBy) |
| translate the given value by the given offset More... | |
| EValueTarget | valTarget (TValId) const |
| classify the object the given value points to More... | |
| EValueOrigin | valOrigin (TValId) const |
| classify where the given value originates from More... | |
| ETargetSpecifier | targetSpec (TValId addr) const |
| return the target specifier of the given address More... | |
| TObjId | objByAddr (TValId addr) const |
| return the object that the given address points to More... | |
| EStorageClass | objStorClass (TObjId) const |
| classify the storage class of the given object More... | |
| TSizeRange | objSize (TObjId) const |
| return size (in bytes) of the given object More... | |
| virtual TValId | addrOfTarget (TObjId, ETargetSpecifier, TOffset off=0) |
| target address at the given object with target specifier and offset More... | |
| TValId | valRoot (TValId) const |
| return the address of the root which the given value is binded to More... | |
| TOffset | valOffset (TValId) const |
| return the relative placement from the root More... | |
| IR::Range | valOffsetRange (TValId) const |
| return the offset range associated with the given VT_RANGE value More... | |
| void | valRestrictRange (TValId, IR::Range win) |
| narrow down the offset range of the given VT_RANGE value More... | |
| TValId | diffPointers (const TValId v1, const TValId v2) |
| difference between two pointers (makes sense only for shared roots) More... | |
| TSizeRange | valSizeOfString (TValId) const |
| return count of bytes (including NULL) we can safely read as string More... | |
| TObjId | regionByVar (CVar, bool createIfNeeded) |
| return the region corresponding to the given program variable More... | |
| virtual TObjId | objClone (TObjId) |
| clone the given object, including the outgoing has-value edges More... | |
| virtual void | valReplace (TValId val, TValId replaceBy) |
| replace all occurrences of val by replaceBy More... | |
| void | gatherObjects (TObjList &dst, bool(*)(EStorageClass)=0) const |
| return the list of objects satisfying the given filtering predicate More... | |
| void | gatherLiveFields (FldList &dst, TObjId) const |
| list of live fields (including ptrs) inside the given object More... | |
| void | gatherLivePointers (FldList &dst, TObjId) const |
| list of live pointers inside the give object More... | |
| void | gatherUniformBlocks (TUniBlockMap &dst, TObjId) const |
| list of uninitialized and nullified uniform blocks of the given obj More... | |
| bool | findCoveringUniBlocks (TUniBlockMap *pCovered, const TObjId root, UniformBlock block) const |
| experimental optimization of joinUniBlocksCore() More... | |
| CVar | cVarByObject (TObjId) const |
| return program variable that the given object maps to More... | |
| TFldId | valGetComposite (TValId val) const |
| composite object given by val (applicable only on VT_COMPOSITE vals) More... | |
| TObjId | stackAlloc (const TSizeRange &size, const CallInst &from) |
| allocate a chunk of stack of known size from the select call stack More... | |
| void | clearAnonStackObjects (TObjList &dst, const CallInst &of) |
| clear the list of anonymous stack objects of the given call instance More... | |
| TObjId | heapAlloc (const TSizeRange &size) |
| allocate a chunk of heap of known size More... | |
| bool | isValid (TObjId) const |
| return true if the given object can be still accessed safely More... | |
| virtual void | objInvalidate (TObjId) |
| invalidate the given object More... | |
| void | objSetEstimatedType (TObjId obj, TObjType clt) |
| update the estimated type-info of the given object More... | |
| TObjType | objEstimatedType (TObjId obj) const |
| return the estimated type-info of the given object More... | |
| TValId | valCreate (EValueTarget code, EValueOrigin origin) |
| create a generic value, otherwise use addrOfTarget() More... | |
| TValId | valWrapCustom (CustomValue data) |
| wrap a custom value, such as integer literal, or code pointer More... | |
| const CustomValue & | valUnwrapCustom (TValId) const |
| unwrap a custom value, such as integer literal, or code pointer More... | |
| TProtoLevel | objProtoLevel (TObjId) const |
| prototype level of the given object (0 means not a prototype) More... | |
| void | objSetProtoLevel (TObjId obj, TProtoLevel level) |
| set prototype level of the given boject (0 means not a prototype) More... | |
Protected Member Functions | |
| TFldId | ptrLookup (TObjId obj, TOffset off) |
| return a data pointer inside the given object at the given offset More... | |
| TFldId | fldLookup (TObjId obj, TOffset off, TObjType clt) |
| return a field of the specified type at the specified offset in obj More... | |
| void | fldEnter (TFldId) |
| increment the external reference count of the given object More... | |
| void | fldLeave (TFldId) |
| decrement the external reference count (may trigger its destruction) More... | |
| TValId | valueOf (TFldId fld) |
| TValId | placedAt (TFldId fld) |
| TObjId | objByField (TFldId fld) const |
| TOffset | fieldOffset (TFldId fld) const |
| TObjType | fieldType (TFldId fld) const |
| void | setValOfField (TFldId fld, TValId val, TValSet *killedPtrs=0) |
Protected Attributes | |
| TStorRef | stor_ |
Private Attributes | |
| Private * | d |
Friends | |
| class | FldHandle |
| FldHandle takes care of external reference count. More... | |
| class | PtrHandle |
Detailed Description
SymHeapCore - the elementary representation of the state of program memory.
Definition at line 343 of file symheap.hh.
Constructor & Destructor Documentation
| SymHeapCore | ( | TStorRef | , |
| Trace::Node * | |||
| ) |
create an empty symbolic heap
|
virtual |
destruction of the symbolic heap invalidates all IDs of its entities
| SymHeapCore | ( | const SymHeapCore & | ) |
relatively cheap operation as long as SH_COPY_ON_WRITE is enabled
Member Function Documentation
|
virtual |
target address at the given object with target specifier and offset
Reimplemented in SymHeap.
true if there is an explicit Neq relation over the given values
clear the list of anonymous stack objects of the given call instance
| void copyBlockOfRawMemory | ( | const TValId | dst, |
| const TValId | src, | ||
| const TSizeOf | size, | ||
| TValSet * | killedPtrs = 0 |
||
| ) |
copy 'size' bytes of raw memory from 'src' to 'dst'
| void copyRelevantPreds | ( | SymHeapCore & | dst, |
| const TValMap & | valMap | ||
| ) | const |
transfer as many as possible extra heap predicates from this to dst
return program variable that the given object maps to
Referenced by gatherProgramVarsCore(), and traverseProgramVarsGeneric().
difference between two pointers (makes sense only for shared roots)
Referenced by FldHandle::offset().
Referenced by FldHandle::type().
| bool findCoveringUniBlocks | ( | TUniBlockMap * | pCovered, |
| const TObjId | root, | ||
| UniformBlock | block | ||
| ) | const |
experimental optimization of joinUniBlocksCore()
|
protected |
increment the external reference count of the given object
Referenced by FldHandle::FldHandle(), FldHandle::operator=(), and PtrHandle::PtrHandle().
|
protected |
decrement the external reference count (may trigger its destruction)
Referenced by FldHandle::operator=(), and FldHandle::~FldHandle().
return a field of the specified type at the specified offset in obj
list of live fields (including ptrs) inside the given object
Referenced by traverseLiveFields(), and traverseLiveFieldsGeneric().
list of live pointers inside the give object
Referenced by traverseLivePtrs().
| void gatherObjects | ( | TObjList & | dst, |
| bool(*)(EStorageClass) | = 0 |
||
| ) | const |
return the list of objects satisfying the given filtering predicate
Referenced by gatherProgramVarsCore(), and traverseProgramVarsGeneric().
collect values connect with the given value via an extra predicate
| void gatherUniformBlocks | ( | TUniBlockMap & | dst, |
| TObjId | |||
| ) | const |
list of uninitialized and nullified uniform blocks of the given obj
| TObjId heapAlloc | ( | const TSizeRange & | size | ) |
allocate a chunk of heap of known size
| bool isValid | ( | TObjId | ) | const |
return true if the given object can be still accessed safely
Referenced by isPossibleToDeref(), and objMinLength().
| unsigned lastId | ( | ) | const |
the last assigned ID of a heap entity (not necessarily still valid)
| bool matchPreds | ( | const SymHeapCore & | ref, |
| const TValMap & | valMap, | ||
| const bool | nonZeroOnly = false |
||
| ) | const |
true if all Neq predicates can be mapped to Neq predicates in ref
return the object that the given address points to
Referenced by LeakMonitor::collectJunkFrom(), isPossibleToDeref(), and nextObj().
Referenced by FldHandle::obj().
clone the given object, including the outgoing has-value edges
Reimplemented in SymHeap.
| TProtoLevel objProtoLevel | ( | TObjId | ) | const |
prototype level of the given object (0 means not a prototype)
update the estimated type-info of the given object
| void objSetProtoLevel | ( | TObjId | obj, |
| TProtoLevel | level | ||
| ) |
set prototype level of the given boject (0 means not a prototype)
| TSizeRange objSize | ( | TObjId | ) | const |
return size (in bytes) of the given object
Referenced by traverseProgramVarsGeneric().
| EStorageClass objStorClass | ( | TObjId | ) | const |
classify the storage class of the given object
| SymHeapCore& operator= | ( | const SymHeapCore & | ) |
relatively cheap operation as long as SH_COPY_ON_WRITE is enabled
Referenced by FldHandle::placedAt().
return all objects that point at/inside the given object
| unsigned pointedByCount | ( | TObjId | ) | const |
return how many objects point at/inside the given object
return a data pointer inside the given object at the given offset
return the region corresponding to the given program variable
Referenced by isVarAlive(), and traverseProgramVarsGeneric().
Referenced by FldHandle::setValue().
| TObjId stackAlloc | ( | const TSizeRange & | size, |
| const CallInst & | from | ||
| ) |
allocate a chunk of stack of known size from the select call stack
|
inline |
each symbolic heap is associated with a CodeStorage model of code
Definition at line 361 of file symheap.hh.
References stor_.
|
virtual |
exchange the contents with the other heap (works in constant time)
Reimplemented in SymHeap.
| ETargetSpecifier targetSpec | ( | TValId | addr | ) | const |
return the target specifier of the given address
| Trace::Node* traceNode | ( | ) | const |
each symbolic heap is associated with a trace graph node
| void traceUpdate | ( | Trace::Node * | ) |
update the current trace graph node that the heap is associated with
collect all objects having the given value inside
- Parameters
-
dst reference to a container to store the result to val ID of the value to look for liveOnly if true, exclude objects that are no longer alive
- Note
- The operation may return from 0 to n objects.
| unsigned usedByCount | ( | TValId | val | ) | const |
return how many objects have the value inside
create (or recycle) a VT_RANGE value at the given allocated address
| TValId valCreate | ( | EValueTarget | code, |
| EValueOrigin | origin | ||
| ) |
create a generic value, otherwise use addrOfTarget()
Referenced by traverseProgramVarsGeneric().
return the relative placement from the root
Referenced by areValProtosEqual().
return the offset range associated with the given VT_RANGE value
| EValueOrigin valOrigin | ( | TValId | ) | const |
classify where the given value originates from
Referenced by areValProtosEqual().
replace all occurrences of val by replaceBy
narrow down the offset range of the given VT_RANGE value
| TSizeRange valSizeOfString | ( | TValId | ) | const |
return count of bytes (including NULL) we can safely read as string
| EValueTarget valTarget | ( | TValId | ) | const |
classify the object the given value points to
Referenced by areValProtosEqual(), and isPossibleToDeref().
Referenced by FldHandle::value().
| const CustomValue& valUnwrapCustom | ( | TValId | ) | const |
unwrap a custom value, such as integer literal, or code pointer
| TValId valWrapCustom | ( | CustomValue | data | ) |
wrap a custom value, such as integer literal, or code pointer
| void writeUniformBlock | ( | const TObjId | obj, |
| const UniformBlock & | ub, | ||
| TValSet * | killedPtrs = 0 |
||
| ) |
write an uninitialized or nullified block of memory
Referenced by traverseProgramVarsGeneric().
Friends And Related Function Documentation
|
friend |
FldHandle takes care of external reference count.
Definition at line 567 of file symheap.hh.
|
friend |
Definition at line 568 of file symheap.hh.
Field Documentation
|
private |
Definition at line 583 of file symheap.hh.
|
protected |
Definition at line 580 of file symheap.hh.
Referenced by stor().
The documentation for this class was generated from the following file:
