Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect building sdg #424

Open
jiachunpeng opened this issue Feb 10, 2022 · 10 comments
Open

Incorrect building sdg #424

jiachunpeng opened this issue Feb 10, 2022 · 10 comments
Labels
question

Comments

@jiachunpeng
Copy link

jiachunpeng commented Feb 10, 2022
edited
Loading

envirment

clang version 10.0.0-4ubuntu1 
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Candidate multilib: .;@m64
Selected multilib: .;@m64

command

clang -emit-llvm -g test.c -S
~/work/dg/build/tools/llvm-sdg-dump test.bc

code 1

#include <stdlib.h>
void *mymalloc(void *c, int size) {
  c = malloc(size);
  return malloc(size);
}
int main() {
  void *a;
  void *c;
  int b = 5;
  a = mymalloc(c, b);
}

image
code 2

#include <stdlib.h>
void *mymalloc() {
  return malloc(1);
}
int main() {
  void *a;
  a = mymalloc();
}

image
@mchalupa
Copy link
Owner

Hi,

the SDG class is a replacement for DG class, but is not finished (nor used by any component of DG) yet. Is this problem present if you use llvm-dg-dump?

@jiachunpeng
Copy link
Author

jiachunpeng commented Feb 16, 2022
edited
Loading

Hi,

the SDG class is a replacement for DG class, but is not finished (nor used by any component of DG) yet. Is this problem present if you use llvm-dg-dump?

I still have some questions.

#include <stdlib.h>

void *mymalloc() { 
  void *ret = malloc(5);
  return ret; 
}

int main() {
  void *a;
  a = mymalloc();
  free(a);
}

command

clang -emit-llvm -g test.c -S
~/work/dg/build/tools/llvm-dg-dump test.bc --no-cfg > test.dot

image

Should there has a data dependence edge from return ret to a = mymalloc() ?
And why there has a control dependence edge form a = mymalloc() to *ret = malloc(5) ?

@mchalupa
Copy link
Owner

return ret does not modify anything, so it should have no data dependence edges. The control dep. edge between main:: call mymalloc and OUT ARG malloc(5) is there because the latter is an (output) actual argument of the former. In this case, these nodes are redundant as the memory allocated by malloc(5) is not written to, but they are being created for a simpler generation of the graph.

@jiachunpeng
Copy link
Author

return ret does not modify anything, so it should have no data dependence edges. The control dep. edge between main:: call mymalloc and OUT ARG malloc(5) is there because the latter is an (output) actual argument of the former. In this case, these nodes are redundant as the memory allocated by malloc(5) is not written to, but they are being created for a simpler generation of the graph.

Thanks for reply!

#include <stdlib.h>

void *mymalloc() { 
  void *ret = malloc(5);
  return ret; 
}

int main() {
  void *a;
  a = mymalloc();
  free(a);
}

For the same code. the first is builded acording to Reps T . Program analysis via graph reachability[J]. Information & Software Technology, 1998, 40(11-12):701-726., the seconed is form llvm-dg-dump.

Is there any difference between the two methods?
image

image

@mchalupa
Copy link
Owner

Is there any difference between the two methods?

Probably? I do not know.

is it correct?

Correct in what sense? W.r.t the reachability analysis and backward slicing algorithms? Then yes, it is correct but not needed. These nodes have no influence on backward slicing and can be prune away. Again, they are present only to ease the building of DG.

why formal out of mymalloc is %2 = malloc(5) instead of ret %3

Because the output nodes represent the memory written inside the call. ret %3 does not write to memory.

@jiachunpeng
Copy link
Author

For this code

int getValue();
int doSomething(int i);

int fun() {
  int v = 5;
  int c = getValue();
  c += 4;
  v += 4;
  return c;
}

int main() {
  int a;
  a = fun();
  doSomething(a);
}

Using command

llvm-slicer test.bc -c doSomething --dump-dg-only

The result is
image
The result of slicing is correct. But why there is no dependency between c = getValue() and doSomething(a) in graph.

@mchalupa
Copy link
Owner

There is a transitive dependency, otherwise the slice would not contain c = getValue(). Or what kind of dependency you mean?

@jiachunpeng
Copy link
Author

I mean the dependency edges in the graph dumped by the llvm-slicer. Or, the llvm-slicer does not dump some dependency edges using the default options ?

@mchalupa
Copy link
Owner

Looking at the graph, it seems that there is missing the edge from NODE0x55d4...720 to %2 = call i32 foo() if that is what you mean.

@mchalupa
Copy link
Owner

It is in the graph, but it is not displayed for some reason.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mchalupa @jiachunpeng