Introduce facilities for tracking dynamically allocated memory

petr-bauch · petr-bauch · commit 9037d4915ecf · 2019-05-08T08:49:21.000+01:00
memory_scopet keeps the starting point and allocated size for a malloc(ed) site.
We also include helper methods to query about dynamic allocation.
diff --git a/src/memory-analyzer/analyze_symbol.cpp b/src/memory-analyzer/analyze_symbol.cpp
@@ -7,6 +7,8 @@ Author: Malte Mues <mail.mues@gmail.com>
 
 \*******************************************************************/
 
+#include <cstdlib>
+
 #include "analyze_symbol.h"
 
 #include <util/c_types.h>
@@ -29,6 +31,66 @@ gdb_value_extractort::gdb_value_extractort(
 {
 }
 
+bool gdb_value_extractort::memory_scopet::contains(
+  const memory_addresst &point) const
+{
+  size_t begin_int = std::strtoul(begin.address_string.c_str(), NULL, 0);
+  size_t point_int = std::strtoul(point.address_string.c_str(), NULL, 0);
+  return point_int >= begin_int && (begin_int + byte_size) > point_int;
+}
+
+mp_integer gdb_value_extractort::memory_scopet::distance(
+  const memory_addresst &point,
+  mp_integer member_size) const
+{
+  CHECK_RETURN(contains(point));
+  size_t begin_int = std::strtoul(begin.address_string.c_str(), NULL, 0);
+  size_t point_int = std::strtoul(point.address_string.c_str(), NULL, 0);
+  return (point_int - begin_int) / member_size;
+}
+
+std::vector<gdb_value_extractort::memory_scopet>::iterator
+gdb_value_extractort::find_dynamic_allocation(irep_idt name)
+{
+  return std::find_if(
+    dynamically_allocated.begin(),
+    dynamically_allocated.end(),
+    [&name](const memory_scopet &scope) { return scope.name == name; });
+}
+
+std::vector<gdb_value_extractort::memory_scopet>::iterator
+gdb_value_extractort::find_dynamic_allocation(const memory_addresst &point)
+{
+  return std::find_if(
+    dynamically_allocated.begin(),
+    dynamically_allocated.end(),
+    [&point](const memory_scopet &memory_scope) {
+      return memory_scope.contains(point);
+    });
+}
+
+optionalt<mp_integer> gdb_value_extractort::get_malloc_size(irep_idt name)
+{
+  const auto scope_it = find_dynamic_allocation(name);
+  if(scope_it == dynamically_allocated.end())
+    return {};
+  else
+    return scope_it->byte_size;
+}
+
+optionalt<std::string> gdb_value_extractort::get_malloc_pointee(
+  const memory_addresst &point,
+  mp_integer member_size)
+{
+  const auto scope_it = find_dynamic_allocation(point);
+  if(scope_it == dynamically_allocated.end())
+    return {};
+
+  const auto pointer_distance = scope_it->distance(point, member_size);
+  return id2string(scope_it->name) +
+         (pointer_distance > 0 ? "+" + integer2string(pointer_distance) : "");
+}
+
 void gdb_value_extractort::analyze_symbols(
   const std::vector<std::string> &symbols)
 {
diff --git a/src/memory-analyzer/analyze_symbol.h b/src/memory-analyzer/analyze_symbol.h
@@ -91,6 +91,70 @@ class gdb_value_extractort
   ///   value of `symbol`.
   std::map<memory_addresst, exprt> values;
 
+  struct memory_scopet
+  {
+    memory_addresst begin;
+    mp_integer byte_size;
+    irep_idt name;
+
+    memory_scopet() = delete;
+    memory_scopet(
+      const memory_addresst &begin,
+      mp_integer byte_size,
+      irep_idt name)
+      : begin(begin), byte_size(byte_size), name(name)
+    {
+    }
+
+    /// Check if \p point points somewhere in this memory scope
+    /// \param point: memory address to be check for presence
+    /// \return true if \p point is inside *this
+    bool contains(const memory_addresst &point) const;
+
+    /// Compute the distance of \p point from the beginning of this scope
+    /// \param point: memory address to have the offset computed
+    /// \param member_size: size of one element of this scope in bytes
+    /// \return `n' such that \p point is the n-th element of this scope
+    mp_integer
+    distance(const memory_addresst &point, mp_integer member_size) const;
+  };
+
+  /// Keep track of the dynamically allocated memory
+  std::vector<memory_scopet> dynamically_allocated;
+
+  /// Keep track of the memory location for the analyzed symbols
+  std::map<std::string, pointer_valuet> memory_map;
+
+  /// Search for a memory scope allocated under \p name
+  /// \param name: name of the pointer used during allocation
+  /// \return iterator to the right memory scope
+  std::vector<memory_scopet>::iterator find_dynamic_allocation(irep_idt name);
+
+  /// Search for a memory scope allocated under \p name
+  /// \param point: potentially dynamically allocated memory address
+  /// \return iterator to the right memory scope
+  std::vector<memory_scopet>::iterator
+  find_dynamic_allocation(const memory_addresst &point);
+
+  /// Search for the size of the allocated memory for \p name
+  /// \param name: name of the pointer used during allocation
+  /// \return the size if have a record of \p name's allocation
+  optionalt<mp_integer> get_malloc_size(irep_idt name);
+
+  /// Build the pointee string for address \p point assuming it points to a
+  ///   dynamic allocation of `n' elements each of size \p member_size. E.g.:
+  ///
+  ///   int *p = (int*)malloc(sizeof(int)*4);
+  ///   int *q = &(p[2]);
+  ///
+  ///   get_malloc_pointee(get_memory(q), sizeof(int)) -> "p+8"
+  ///
+  /// \param point: potentially dynamically allocated memory address
+  /// \param member_size: size of each allocated element
+  /// \return pointee as a string if we have a record of the allocation
+  optionalt<std::string>
+  get_malloc_pointee(const memory_addresst &point, mp_integer member_size);
+
   /// Assign the gdb-extracted value for \p symbol_name to its symbol
   ///   expression and then process outstanding assignments that this
   ///   extraction introduced.
