SymHeapCore - the elementary representation of the state of program memory. More...
#include <symheap.hh>
Public Member Functions | |
| SymHeapCore (TStorRef, Trace::Node *) | |
| create an empty symbolic heap | |
| virtual | ~SymHeapCore () |
| destruction of the symbolic heap invalidates all IDs of its entities | |
| SymHeapCore (const SymHeapCore &) | |
| relatively cheap operation as long as SH_COPY_ON_WRITE is enabled | |
| SymHeapCore & | operator= (const SymHeapCore &) |
| relatively cheap operation as long as SH_COPY_ON_WRITE is enabled | |
| virtual void | swap (SymHeapCore &) |
| exchange the contents with the other heap (works in constant time) | |
| TStorRef | stor () const |
| each symbolic heap is associated with a CodeStorage model of code | |
| Trace::Node * | traceNode () const |
| each symbolic heap is associated with a trace graph node | |
| void | traceUpdate (Trace::Node *) |
| update the current trace graph node that the heap is associated with | |
| unsigned | lastId () const |
| the last assigned ID of a heap entity (not necessarily still valid) | |
| void | usedBy (FldList &dst, TValId val, bool liveOnly=false) const |
| collect all objects having the given value inside | |
| unsigned | usedByCount (TValId val) const |
| return how many objects have the value inside | |
| void | pointedBy (FldList &dst, TObjId) const |
| return all objects that point at/inside the given object | |
| unsigned | pointedByCount (TObjId) const |
| return how many objects point at/inside the given object | |
| void | writeUniformBlock (TObjId obj, const UniformBlock &ub, TValSet *killedPtrs=0) |
| write an uninitialized or nullified block of memory | |
| void | copyBlockOfRawMemory (TValId dst, TValId src, TSizeOf size, TValSet *killedPtrs=0) |
| copy 'size' bytes of raw memory from 'src' to 'dst' | |
| void | addNeq (TValId v1, TValId v2) |
| define an explicit Neq predicate | |
| void | delNeq (TValId v1, TValId v2) |
| remove an explicit Neq predicate if defined | |
| bool | chkNeq (TValId v1, TValId v2) const |
| true if there is an explicit Neq relation over the given values | |
| void | gatherRelatedValues (TValList &dst, TValId val) const |
| collect values connect with the given value via an extra predicate | |
| void | copyRelevantPreds (SymHeapCore &dst, const TValMap &valMap) const |
| transfer as many as possible extra heap predicates from this to dst | |
| bool | matchPreds (const SymHeapCore &ref, const TValMap &valMap, bool nonZeroOnly=false) const |
| true if all Neq predicates can be mapped to Neq predicates in ref | |
| TValId | valByOffset (TValId, TOffset offset) |
| translate the given address by the given offset | |
| TValId | valByRange (TValId at, IR::Range range) |
| create (or recycle) a VT_RANGE value at the given allocated address | |
| TValId | valShift (TValId valToShift, TValId shiftBy) |
| translate the given value by the given offset | |
| EValueTarget | valTarget (TValId) const |
| classify the object the given value points to | |
| EValueOrigin | valOrigin (TValId) const |
| classify where the given value originates from | |
| ETargetSpecifier | targetSpec (TValId addr) const |
| return the target specifier of the given address | |
| TObjId | objByAddr (TValId addr) const |
| return the object that the given address points to | |
| EStorageClass | objStorClass (TObjId) const |
| classify the storage class of the given object | |
| TSizeRange | objSize (TObjId) const |
| return size (in bytes) of the given object | |
| TValId | addrOfTarget (TObjId, ETargetSpecifier, TOffset off=0) |
| target address at the given object with target specifier and offset | |
| TValId | valRoot (TValId) const |
| return the address of the root which the given value is binded to | |
| TOffset | valOffset (TValId) const |
| return the relative placement from the root | |
| IR::Range | valOffsetRange (TValId) const |
| return the offset range associated with the given VT_RANGE value | |
| void | valRestrictRange (TValId, IR::Range win) |
| narrow down the offset range of the given VT_RANGE value | |
| TValId | diffPointers (TValId v1, TValId v2) |
| difference between two pointers (makes sense only for shared roots) | |
| TSizeRange | valSizeOfString (TValId) const |
| return count of bytes (including NULL) we can safely read as string | |
| TObjId | regionByVar (CVar, bool createIfNeeded) |
| return the region corresponding to the given program variable | |
| virtual TObjId | objClone (TObjId) |
| clone the given object, including the outgoing has-value edges | |
| virtual void | valReplace (TValId val, TValId replaceBy) |
| replace all occurrences of val by replaceBy | |
| void | gatherObjects (TObjList &dst, bool(*)(EStorageClass)=0) const |
| return the list of objects satisfying the given filtering predicate | |
| void | gatherLiveFields (FldList &dst, TObjId) const |
| list of live fields (including ptrs) inside the given object | |
| void | gatherUniformBlocks (TUniBlockMap &dst, TObjId) const |
| list of uninitialized and nullified uniform blocks of the given obj | |
| bool | findCoveringUniBlocks (TUniBlockMap *pCovered, TObjId root, UniformBlock block) const |
| experimental optimization of joinUniBlocksCore() | |
| CVar | cVarByObject (TObjId) const |
| return program variable that the given object maps to | |
| TFldId | valGetComposite (TValId val) const |
| composite object given by val (applicable only on VT_COMPOSITE vals) | |
| TObjId | stackAlloc (const TSizeRange &size, const CallInst &from) |
| allocate a chunk of stack of known size from the select call stack | |
| bool | isAnonStackObj (TObjId, CallInst *pFrom=0) |
| return true if the given object was allocated by stackAlloc() | |
| void | clearAnonStackObjects (TObjList &dst, const CallInst &of) |
| clear the list of anonymous stack objects of the given call instance | |
| TObjId | heapAlloc (const TSizeRange &size) |
| allocate a chunk of heap of known size | |
| bool | isValid (TObjId) const |
| return true if the given object can be still accessed safely | |
| virtual void | objInvalidate (TObjId) |
| invalidate the given object | |
| void | objSetEstimatedType (TObjId obj, TObjType clt) |
| update the estimated type-info of the given object | |
| TObjType | objEstimatedType (TObjId obj) const |
| return the estimated type-info of the given object | |
| TValId | valCreate (EValueTarget code, EValueOrigin origin) |
| create a generic value, otherwise use addrOfTarget() | |
| TValId | valWrapCustom (CustomValue data) |
| wrap a custom value, such as integer literal, or code pointer | |
| const CustomValue & | valUnwrapCustom (TValId) const |
| unwrap a custom value, such as integer literal, or code pointer | |
| TProtoLevel | objProtoLevel (TObjId) const |
| prototype level of the given object (0 means not a prototype) | |
| void | objSetProtoLevel (TObjId obj, TProtoLevel level) |
| set prototype level of the given boject (0 means not a prototype) | |
Protected Member Functions | |
| TFldId | ptrLookup (TObjId obj, TOffset off) |
| return a data pointer inside the given object at the given offset | |
| TFldId | fldLookup (TObjId obj, TOffset off, TObjType clt) |
| return a field of the specified type at the specified offset in obj | |
| void | fldEnter (TFldId) |
| increment the external reference count of the given object | |
| void | fldLeave (TFldId) |
| decrement the external reference count (may trigger its destruction) | |
| TValId | valueOf (TFldId fld) |
| TValId | placedAt (TFldId fld) |
| TObjId | objByField (TFldId fld) const |
| TOffset | fieldOffset (TFldId fld) const |
| TObjType | fieldType (TFldId fld) const |
| void | setValOfField (TFldId fld, TValId val, TValSet *killedPtrs=0) |
Protected Attributes | |
| TStorRef | stor_ |
Private Member Functions | |
| void | rewriteTargetOfBase (TValId addr, TObjId target) |
| experimental implementation helper of rejoinObj(), do not use! | |
Private Attributes | |
| Private * | d |
Friends | |
| class | FldHandle |
| FldHandle takes care of external reference count. | |
| class | PtrHandle |
| void | redirectAddrs (SymHeap &, TObjId, TObjId) |
Detailed Description
SymHeapCore - the elementary representation of the state of program memory.
Definition at line 357 of file symheap.hh.
Constructor & Destructor Documentation
| SymHeapCore | ( | TStorRef | , |
| Trace::Node * | |||
| ) |
create an empty symbolic heap
|
virtual |
destruction of the symbolic heap invalidates all IDs of its entities
| SymHeapCore | ( | const SymHeapCore & | ) |
relatively cheap operation as long as SH_COPY_ON_WRITE is enabled
Member Function Documentation
| TValId addrOfTarget | ( | TObjId | , |
| ETargetSpecifier | , | ||
| TOffset | off = 0 |
||
| ) |
target address at the given object with target specifier and offset
Referenced by segHeadAt().
true if there is an explicit Neq relation over the given values
clear the list of anonymous stack objects of the given call instance
copy 'size' bytes of raw memory from 'src' to 'dst'
| void copyRelevantPreds | ( | SymHeapCore & | dst, |
| const TValMap & | valMap | ||
| ) | const |
transfer as many as possible extra heap predicates from this to dst
return program variable that the given object maps to
Referenced by gatherProgramVarsCore(), and traverseProgramVarsGeneric().
difference between two pointers (makes sense only for shared roots)
Referenced by FldHandle::offset().
Referenced by FldHandle::type().
| bool findCoveringUniBlocks | ( | TUniBlockMap * | pCovered, |
| TObjId | root, | ||
| UniformBlock | block | ||
| ) | const |
experimental optimization of joinUniBlocksCore()
|
protected |
increment the external reference count of the given object
Referenced by FldHandle::FldHandle(), FldHandle::operator=(), and PtrHandle::PtrHandle().
|
protected |
decrement the external reference count (may trigger its destruction)
Referenced by FldHandle::operator=(), and FldHandle::~FldHandle().
return a field of the specified type at the specified offset in obj
list of live fields (including ptrs) inside the given object
Referenced by traverseLiveFieldsGeneric().
| void gatherObjects | ( | TObjList & | dst, |
| bool(*)(EStorageClass) | = 0 |
||
| ) | const |
return the list of objects satisfying the given filtering predicate
Referenced by gatherProgramVarsCore(), and traverseProgramVarsGeneric().
collect values connect with the given value via an extra predicate
| void gatherUniformBlocks | ( | TUniBlockMap & | dst, |
| TObjId | |||
| ) | const |
list of uninitialized and nullified uniform blocks of the given obj
| TObjId heapAlloc | ( | const TSizeRange & | size | ) |
allocate a chunk of heap of known size
return true if the given object was allocated by stackAlloc()
| bool isValid | ( | TObjId | ) | const |
return true if the given object can be still accessed safely
Referenced by isPossibleToDeref(), nextObj(), and objMinLength().
| unsigned lastId | ( | ) | const |
the last assigned ID of a heap entity (not necessarily still valid)
| bool matchPreds | ( | const SymHeapCore & | ref, |
| const TValMap & | valMap, | ||
| bool | nonZeroOnly = false |
||
| ) | const |
true if all Neq predicates can be mapped to Neq predicates in ref
return the object that the given address points to
Referenced by LeakMonitor::collectJunkFrom(), isPossibleToDeref(), and nextObj().
Referenced by FldHandle::obj().
clone the given object, including the outgoing has-value edges
Reimplemented in SymHeap.
| TProtoLevel objProtoLevel | ( | TObjId | ) | const |
prototype level of the given object (0 means not a prototype)
update the estimated type-info of the given object
| void objSetProtoLevel | ( | TObjId | obj, |
| TProtoLevel | level | ||
| ) |
set prototype level of the given boject (0 means not a prototype)
| TSizeRange objSize | ( | TObjId | ) | const |
return size (in bytes) of the given object
Referenced by traverseProgramVarsGeneric().
| EStorageClass objStorClass | ( | TObjId | ) | const |
classify the storage class of the given object
| SymHeapCore& operator= | ( | const SymHeapCore & | ) |
relatively cheap operation as long as SH_COPY_ON_WRITE is enabled
Referenced by FldHandle::placedAt().
return all objects that point at/inside the given object
| unsigned pointedByCount | ( | TObjId | ) | const |
return how many objects point at/inside the given object
return a data pointer inside the given object at the given offset
return the region corresponding to the given program variable
Referenced by isVarAlive(), and traverseProgramVarsGeneric().
experimental implementation helper of rejoinObj(), do not use!
Referenced by FldHandle::setValue().
| TObjId stackAlloc | ( | const TSizeRange & | size, |
| const CallInst & | from | ||
| ) |
allocate a chunk of stack of known size from the select call stack
|
inline |
each symbolic heap is associated with a CodeStorage model of code
Definition at line 375 of file symheap.hh.
References stor_.
|
virtual |
exchange the contents with the other heap (works in constant time)
Reimplemented in SymHeap.
| ETargetSpecifier targetSpec | ( | TValId | addr | ) | const |
return the target specifier of the given address
| Trace::Node* traceNode | ( | ) | const |
each symbolic heap is associated with a trace graph node
| void traceUpdate | ( | Trace::Node * | ) |
update the current trace graph node that the heap is associated with
collect all objects having the given value inside
- Parameters
-
dst reference to a container to store the result to val ID of the value to look for liveOnly if true, exclude objects that are no longer alive
- Note
- The operation may return from 0 to n objects.
| unsigned usedByCount | ( | TValId | val | ) | const |
return how many objects have the value inside
create (or recycle) a VT_RANGE value at the given allocated address
| TValId valCreate | ( | EValueTarget | code, |
| EValueOrigin | origin | ||
| ) |
create a generic value, otherwise use addrOfTarget()
Referenced by traverseProgramVarsGeneric().
return the relative placement from the root
Referenced by areValProtosEqual().
return the offset range associated with the given VT_RANGE value
| EValueOrigin valOrigin | ( | TValId | ) | const |
classify where the given value originates from
Referenced by areValProtosEqual().
replace all occurrences of val by replaceBy
narrow down the offset range of the given VT_RANGE value
| TSizeRange valSizeOfString | ( | TValId | ) | const |
return count of bytes (including NULL) we can safely read as string
| EValueTarget valTarget | ( | TValId | ) | const |
classify the object the given value points to
Referenced by areValProtosEqual(), and isPossibleToDeref().
Referenced by FldHandle::value().
| const CustomValue& valUnwrapCustom | ( | TValId | ) | const |
unwrap a custom value, such as integer literal, or code pointer
| TValId valWrapCustom | ( | CustomValue | data | ) |
wrap a custom value, such as integer literal, or code pointer
| void writeUniformBlock | ( | TObjId | obj, |
| const UniformBlock & | ub, | ||
| TValSet * | killedPtrs = 0 |
||
| ) |
write an uninitialized or nullified block of memory
Referenced by traverseProgramVarsGeneric().
Friends And Related Function Documentation
|
friend |
FldHandle takes care of external reference count.
Definition at line 586 of file symheap.hh.
|
friend |
Definition at line 587 of file symheap.hh.
Field Documentation
|
private |
Definition at line 602 of file symheap.hh.
|
protected |
Definition at line 599 of file symheap.hh.
Referenced by stor().
The documentation for this class was generated from the following file:
