Merge pull request diffblue#577 from diffblue/feature/per-call-struct-cache

Store struct cache in a state object

Author: owen-jones-diffblue

trace-transformer/src/ParseLogFile.ts

@@ -3,136 +3,161 @@
 import { compare } from "./compare";
 import * as expressions from "./Expr";
 import * as log from "./LogFile";
+import NameMap from "./NameMap";
 import { TraceParseError } from "./TraceParseError";
 import * as type from "./Type";
 import { group } from "./utils";
 
-export function parseExpr(expr: log.Expr): expressions.Expr
-{
-  const exprType = parseType(expr.namedSub.type);
-  switch (expr.id) {
-    case "constant":
-      return new expressions.Constant(expr.namedSub.value.id, exprType);
-    case "symbol":
-      // Get base name
-      if (expr.comment === undefined)
-        throw new TraceParseError("No comment on symbol so can't get base_name");
-      return new expressions.Symbol(expr.namedSub.identifier.id, expr.comment["#base_name"].id, exprType);
-    case "member": {
-      // Get the object we're getting a member from
-      const objectExpr = parseExpr(expr.sub[0]);
-      const objectType = objectExpr.type;
-      // Get the name of the member
-      const memberName = expr.namedSub.component_name.id;
-      // Access the non-tainted primitive superclass
-      if (memberName === primitiveTaintWrapperMemberName) {
-        if (objectType.taintVariables.length === 0)
-          // Shouldn't look for primitive superclass in non-tainted type
-          throw new TraceParseError("Got a primitive taint wrapper parent member expression for something that wasn't a TaintedType");
-        return objectExpr;
-      }
-      // Access a taint variable
-      const taintToken = getTaintTokenName(memberName, exprType);
-      if (taintToken !== undefined) {
-        if (!objectType.taintVariables.some((taintVariable) => taintVariable === taintToken))
-          throw new TraceParseError("Found taint variable that doesn't exist on type");
-        return new expressions.Taint(objectExpr, taintToken, exprType);
+export default class LogFileParser {
+  public parseExpr(expr: log.Expr): expressions.Expr
+  {
+    const exprType = this.parseType(expr.namedSub.type);
+    switch (expr.id) {
+      case "constant":
+        return new expressions.Constant(expr.namedSub.value.id, exprType);
+      case "symbol":
+        // Get base name
+        if (expr.comment === undefined)
+          throw new TraceParseError("No comment on symbol so can't get base_name");
+        return new expressions.Symbol(expr.namedSub.identifier.id, expr.comment["#base_name"].id, exprType);
+      case "member": {
+        // Get the object we're getting a member from
+        const objectExpr = this.parseExpr(expr.sub[0]);
+        const objectType = objectExpr.type;
+        // Get the name of the member
+        const memberName = expr.namedSub.component_name.id;
+        // Access the non-tainted primitive superclass
+        if (memberName === primitiveTaintWrapperMemberName) {
+          if (objectType.taintVariables.length === 0)
+            // Shouldn't look for primitive superclass in non-tainted type
+            throw new TraceParseError("Got a primitive taint wrapper parent member expression for something that wasn't a TaintedType");
+          return objectExpr;
+        }
+        // Access a taint variable
+        const taintToken = getTaintTokenName(memberName, exprType);
+        if (taintToken !== undefined) {
+          if (!objectType.taintVariables.some((taintVariable) => taintVariable === taintToken))
+            throw new TraceParseError("Found taint variable that doesn't exist on type");
+          return new expressions.Taint(objectExpr, taintToken, exprType);
+        }
+        // Shouldn't look for members in non-struct
+        if (!(objectType instanceof type.Struct))
+          throw new TraceParseError("Got a member expression for something of non-struct type");
+        // Check if this is an access to a base class, i.e. the memberName matches the result type
+        const baseType = getBaseType(memberName, exprType);
+        if (baseType !== undefined) {
+          if (!objectType.bases.some((base) => base.compare(baseType) === 0))
+            throw new TraceParseError("Found base accessor for non-base");
+          return new expressions.Downcast(objectExpr, baseType);
+        }
+        return new expressions.Member(objectExpr, memberName, exprType);
       }
-      // Shouldn't look for members in non-struct
-      if (!(objectType instanceof type.Struct))
-        throw new TraceParseError("Got a member expression for something of non-struct type");
-      // Check if this is an access to a base class, i.e. the memberName matches the result type
-      const baseType = getBaseType(memberName, exprType);
-      if (baseType !== undefined) {
-        if (!objectType.bases.some((base) => base.compare(baseType) === 0))
-          throw new TraceParseError("Found base accessor for non-base");
-        return new expressions.Downcast(objectExpr, baseType);
+      case "index": {
+        return new expressions.Index(this.parseExpr(expr.sub[0]), this.parseExpr(expr.sub[1]), exprType);
       }
-      return new expressions.Member(objectExpr, memberName, exprType);
-    }
-    case "index": {
-      return new expressions.Index(parseExpr(expr.sub[0]), parseExpr(expr.sub[1]), exprType);
     }
   }
-}
 
-function parseType(logType: log.Type): type.Type {
-  switch (logType.id) {
-    case "bool": return type.booleanType;
-    case "c_bool": return type.cBoolean;
-    case "signedbv": return new type.Integer(parseInt(logType.namedSub.width.id, 10), true, []);
-    case "unsignedbv": return new type.Integer(parseInt(logType.namedSub.width.id, 10), false, []);
-    case "string": return type.stringType;
-    case "pointer": return new type.Pointer(parseType(logType.sub[0]), []);
-    case "struct": {
-      // Get bases, fields and taint variables
-      const members = group(
-        logType.namedSub.components.sub
-          .map((member) => new type.Field(member.namedSub.name.id, member.namedSub.pretty_name.id, parseType(member.namedSub.type))),
-        (field) => {
-          if (getTaintTokenName(field.name, field.type) !== undefined)
-            return "taint";
-          else if (getBaseType(field.name, field.type) !== undefined)
-            return "base";
-          else
-            return "field";
-        });
-      // Get bases
-      let bases = logType.namedSub.bases === undefined ? [] : logType.namedSub.bases.sub
-        .filter((base) => type.Struct.has(base.namedSub.type.namedSub.identifier.id))
-        .map((base) => type.Struct.get(base.namedSub.type.namedSub.identifier.id));
-      const baseMembers = members.get("base");
-      const extraBases = baseMembers === undefined ? []
-        : baseMembers
-          .map((field) => getBaseType(field.name, field.type) as type.Struct)
-          .filter((extraBase) => bases.findIndex((base) => compare(extraBase, base) === 0) === -1);
-      bases = bases.concat(extraBases);
-      // Get fields
-      const fieldMembers = members.get("field");
-      const fields = fieldMembers === undefined ? [] : fieldMembers;
-      // Get taint variables
-      const taintVariableMembers = members.get("taint");
-      const taintVariables = taintVariableMembers === undefined ? []
-        : taintVariableMembers.map((field) => getTaintTokenName(field.name, field.type) as string);
-      // Get struct name
-      const structName = getStructName(logType);
-      // Check for primitive type wrappers
-      if (isPrimitiveTaintWrapper(logType)) {
-        if (fields.length !== 1 || fields[0].name !== primitiveTaintWrapperMemberName)
-          throw new TraceParseError(primitiveTaintWrapperPrefix + "* type doesn't have a single field called " + primitiveTaintWrapperMemberName);
-        if (taintVariables.length === 0)
-          throw new TraceParseError("A struct that contains a " + primitiveTaintWrapperMemberName + " member has no taint variables");
-        const base = fields[0].type;
-        if (bases.length === 1) {
-          if (bases[0] !== base)
-            throw new TraceParseError("Type of taint wrapper super was not the base type");
-        } else if (bases.length !== 0)
-          throw new TraceParseError(primitiveTaintWrapperPrefix + "* type has more than one base");
-        if (base.taintVariables.length === 0)
-        base.taintVariables = taintVariables;
-        else if (compare(base.taintVariables, taintVariables) !== 0)
-          throw new TraceParseError("Found taint variables didn't match those on the base");
-        return base;
+  private parseType(logType: log.Type): type.Type {
+    switch (logType.id) {
+      case "bool": return type.booleanType;
+      case "c_bool": return type.cBoolean;
+      case "signedbv": return new type.Integer(parseInt(logType.namedSub.width.id, 10), true, []);
+      case "unsignedbv": return new type.Integer(parseInt(logType.namedSub.width.id, 10), false, []);
+      case "string": return type.stringType;
+      case "pointer": return new type.Pointer(this.parseType(logType.sub[0]), []);
+      case "struct": {
+        // Get bases, fields and taint variables
+        const members = group(
+          logType.namedSub.components.sub
+            .map((member) => new type.Field(member.namedSub.name.id, member.namedSub.pretty_name.id, this.parseType(member.namedSub.type))),
+          (field) => {
+            if (getTaintTokenName(field.name, field.type) !== undefined)
+              return "taint";
+            else if (getBaseType(field.name, field.type) !== undefined)
+              return "base";
+            else
+              return "field";
+          });
+        // Get bases
+        let bases = logType.namedSub.bases === undefined ? [] : logType.namedSub.bases.sub
+          .filter((base) => this.structExists(base.namedSub.type.namedSub.identifier.id))
+          .map((base) => this.getStruct(base.namedSub.type.namedSub.identifier.id));
+        const baseMembers = members.get("base");
+        const extraBases = baseMembers === undefined ? []
+          : baseMembers
+            .map((field) => getBaseType(field.name, field.type) as type.Struct)
+            .filter((extraBase) => bases.findIndex((base) => compare(extraBase, base) === 0) === -1);
+        bases = bases.concat(extraBases);
+        // Get fields
+        const fieldMembers = members.get("field");
+        const fields = fieldMembers === undefined ? [] : fieldMembers;
+        // Get taint variables
+        const taintVariableMembers = members.get("taint");
+        const taintVariables = taintVariableMembers === undefined ? []
+          : taintVariableMembers.map((field) => getTaintTokenName(field.name, field.type) as string);
+        // Get struct name
+        const structName = getStructName(logType);
+        // Check for primitive type wrappers
+        if (isPrimitiveTaintWrapper(logType)) {
+          if (fields.length !== 1 || fields[0].name !== primitiveTaintWrapperMemberName)
+            throw new TraceParseError(primitiveTaintWrapperPrefix + "* type doesn't have a single field called " + primitiveTaintWrapperMemberName);
+          if (taintVariables.length === 0)
+            throw new TraceParseError("A struct that contains a " + primitiveTaintWrapperMemberName + " member has no taint variables");
+          const base = fields[0].type;
+          if (bases.length === 1) {
+            if (bases[0] !== base)
+              throw new TraceParseError("Type of taint wrapper super was not the base type");
+          } else if (bases.length !== 0)
+            throw new TraceParseError(primitiveTaintWrapperPrefix + "* type has more than one base");
+          if (base.taintVariables.length === 0)
+          base.taintVariables = taintVariables;
+          else if (compare(base.taintVariables, taintVariables) !== 0)
+            throw new TraceParseError("Found taint variables didn't match those on the base");
+          return base;
+        }
+        // Get existing element from map and initialize
+        const struct = this.getStruct(structName.id);
+        struct.initialize(bases, fields, taintVariables);
+        // Check for primitive taint wrapper member field in non-taint structure
+        if (struct.fields.get(primitiveTaintWrapperMemberName) !== undefined)
+          throw new TraceParseError(struct.name + " contains a field called " + primitiveTaintWrapperMemberName);
+        // Return the struct, with taint if applicable
+        return struct;
       }
-      // Get existing element from map and initialize
-      const struct = type.Struct.get(structName.id);
-      struct.initialize(bases, fields, taintVariables);
-      // Check for primitive taint wrapper member field in non-taint structure
-      if (struct.fields.get(primitiveTaintWrapperMemberName) !== undefined)
-        throw new TraceParseError(struct.name + " contains a field called " + primitiveTaintWrapperMemberName);
-      // Return the struct, with taint if applicable
-      return struct;
+      case "symbol_type":
+        let name = logType.namedSub.identifier.id;
+        if (name.startsWith(primitiveTaintWrapperPrefix))
+          name = name.substr(primitiveTaintWrapperPrefix.length);
+        return this.getStruct(name);
+      // default:
+      //   throw new TraceParseError("Unexpected id on type: " + logType.id);
     }
-    case "symbol_type":
-      let name = logType.namedSub.identifier.id;
-      if (name.startsWith(primitiveTaintWrapperPrefix))
-        name = name.substr(primitiveTaintWrapperPrefix.length);
-      return type.Struct.get(name);
-    // default:
-    //   throw new TraceParseError("Unexpected id on type: " + logType.id);
   }
-}
 
+  private readonly structCache = new NameMap<type.Struct>();
+
+  public structExists(name: string): boolean {
+    return this.structCache.has(name);
+  }
+
+  public createStruct(name: string) {
+    const struct = new type.Struct(name);
+    this.structCache.add(struct);
+    return struct;
+  }
+
+  public getStruct(name: string): type.Struct {
+    const result = this.structCache.get(name);
+    if (result === undefined)
+      throw new Error("Request for missing struct: " + name);
+    return result;
+  }
+
+  public get allStructs(): Iterable<type.Struct> {
+    return this.structCache;
+  }
+}
 
 export const primitiveTaintWrapperPrefix = "@__CPROVER_primitive_taint_wrapper_";
 export function isPrimitiveTaintWrapper(logType: log.StructType) {

trace-transformer/src/TransformTrace.ts

@@ -3,11 +3,10 @@
 import IterableExt from "iterable-ext";
 import * as expressions from "./Expr";
 import * as log from "./LogFile";
-import {
+import LogFileParser, {
   getStructName,
   getTaintTokenName,
   isPrimitiveTaintWrapper,
-  parseExpr,
   primitiveTaintWrapperMemberName,
   primitiveTaintWrapperPrefix,
   taintFieldPrefix,
@@ -20,12 +19,13 @@ const symbolTypeMap = new Map<string, type.Type>();
 
 export default function transformTrace(trace: log.Step[], verbose: boolean) {
   // Get the struct names
-  trace.forEach(gatherStructs);
+  const logFileParser = new LogFileParser();
+  trace.forEach((step) => gatherStructs(step, logFileParser));
   // Transform the trace
-  trace = (<log.Step[]>[]).concat(...trace.map(transformStep));
+  trace = (<log.Step[]>[]).concat(...trace.map((step) => transformStep(step, logFileParser)));
   if (verbose) {
     // Output the structure map built up during transformations
-    console.log(IterableExt.fromIterable(type.Struct.all).map((struct) => struct.definitionString).join("\n"));
+    console.log(IterableExt.fromIterable(logFileParser.allStructs).map((struct) => struct.definitionString).join("\n"));
     // Output the symbol map built up during transformations
     console.log(IterableExt.fromIterable(symbolTypeMap)
       .map(([symbolName, type]) => symbolName + ": " + indentMultiLine(type.toString(), 1))
@@ -34,15 +34,15 @@ export default function transformTrace(trace: log.Step[], verbose: boolean) {
   return trace;
 }
 
-function gatherStructs(step: log.Step): void {
+function gatherStructs(step: log.Step, logFileParser: LogFileParser): void {
   if (step.stepType === "assignment") {
     if (step.rawLhs === undefined)
       throw new TraceParseError("Trace does not contain rawLhs - enable this option to use this tool");
-    gatherStructsFromType(step.rawLhs.namedSub.type);
+    gatherStructsFromType(step.rawLhs.namedSub.type, logFileParser);
   }
 }
 
-function gatherStructsFromType(logType: log.Type): void {
+function gatherStructsFromType(logType: log.Type, logFileParser: LogFileParser): void {
   switch (logType.id) {
     case "bool":
     case "c_bool":
@@ -52,28 +52,29 @@ function gatherStructsFromType(logType: log.Type): void {
     case "symbol_type":
       return;
     case "pointer":
-      gatherStructsFromType(logType.sub[0]);
+      gatherStructsFromType(logType.sub[0], logFileParser);
       return;
     case "struct": {
       // Check for structs in types of members
-      logType.namedSub.components.sub.forEach((member) => gatherStructsFromType(member.namedSub.type));
+      logType.namedSub.components.sub.forEach((member) => gatherStructsFromType(member.namedSub.type, logFileParser));
       // Add Struct to map if it doesn't already exist and isn't a primitive taint wrapper
       const structName = getStructName(logType);
       if (structName.id.startsWith(primitiveTaintWrapperPrefix) !== isPrimitiveTaintWrapper(logType))
         throw new TraceParseError("#is_taint_wrapper_type doesn't add up");
-      if (!isPrimitiveTaintWrapper(logType) && !type.Struct.has(structName.id))
-        new type.Struct(structName.id);
+      if (!isPrimitiveTaintWrapper(logType) && !logFileParser.structExists(structName.id)) {
+        logFileParser.createStruct(structName.id);
+      }
     }
   }
 }
 
-function transformStep(step: log.Step): log.Step[] {
+function transformStep(step: log.Step, logFileParser: LogFileParser): log.Step[] {
   const steps: log.Step[] = [];
   // Parse everything
   if (step.stepType === "assignment") {
     if (step.rawLhs === undefined)
       throw new TraceParseError("Trace does not contain rawLhs - enable the option that generates it to use this tool");
-    const lhs = parseExpr(step.rawLhs);
+    const lhs = logFileParser.parseExpr(step.rawLhs);
     // Create symbol type map
     if (step.rawLhs.id === "symbol")
       symbolTypeMap.set(step.rawLhs.namedSub.identifier.id, lhs.type);
@@ -102,7 +103,7 @@ function transformStep(step: log.Step): log.Step[] {
           // Separate out the taint variables
           const members = group(
             value.members,
-            (member) => member.name.startsWith(taintFieldPrefix) && member.value.name == "integer");
+            (member) => member.name.startsWith(taintFieldPrefix) && member.value.name === "integer");
           const taintVariables = members.get(true) || [];
           // Create extra steps to initialize taint variables based on the structure initialization
           const taintSteps = taintVariables.map((taintVariableMember) => (<log.TaintAssignmentStep>{