Merge pull request diffblue#143 from diffblue/marek/slicer_integration_PR

marek-trtik · web-flow · commit b949c680a25c · 2017-08-24T17:56:07.000+01:00
Slicer integration (C++ part).
diff --git a/src/taint-slicer/instrumenter.cpp b/src/taint-slicer/instrumenter.cpp
@@ -216,28 +216,40 @@ std::size_t taint_instrumentert::instrument_location(
       cond=and_exprt(cond,
                      symbol_exprt(from_tokens_to_vars.at(it->get_token_name()),
                      typet(ID_bool)));
-    instrumentation_code.add_instruction()->make_goto(
-      instrumention_tail_instruction, not_exprt(cond));
+    auto iit=instrumentation_code.add_instruction();
+    iit->make_goto(instrumention_tail_instruction, not_exprt(cond));
+    iit->function=loc.get_function_id();
   }
   // Now we instrument "turn on" assignments of state variables.
   for(const auto &arg_token : loc.get_turn_on())
-    instrumentation_code.add_instruction(ASSIGN)->code=code_assignt(
-      symbol_exprt(from_tokens_to_vars.at(arg_token.get_token_name()),
-                   typet(ID_bool)),
+  {
+    auto iit=instrumentation_code.add_instruction(ASSIGN);
+    iit->code=code_assignt(
+      symbol_exprt(
+        from_tokens_to_vars.at(arg_token.get_token_name()),
+        typet(ID_bool)),
       constant_exprt(ID_true, typet(ID_bool)));
-  // Now we instrument "turn of" assignments of state variables.
+    iit->function=loc.get_function_id();
+  }
+  // Now we instrument "turn off" assignments of state variables.
   for(const auto &arg_token : loc.get_turn_off())
-    instrumentation_code.add_instruction(ASSIGN)->code=code_assignt(
-      symbol_exprt(from_tokens_to_vars.at(arg_token.get_token_name()),
-                   typet(ID_bool)),
+  {
+    auto iit=instrumentation_code.add_instruction(ASSIGN);
+    iit->code=code_assignt(
+      symbol_exprt(
+        from_tokens_to_vars.at(arg_token.get_token_name()),
+        typet(ID_bool)),
       constant_exprt(ID_false, typet(ID_bool)));
+    iit->function=loc.get_function_id();
+  }
   if(props.get_sinks().count(lid))
   {
     // This instrumentation location a sink location -> we have to instrument
     // also assertion representing the taint issue (the condition is FALSE).
     auto instr_it=instrumentation_code.add_instruction();
     instr_it->make_assertion(constant_exprt(ID_false, typet(ID_bool)));
     instr_it->source_location=loc.get_instruction_id()->source_location;
+    instr_it->function=loc.get_function_id();
   }
   // Now we can move the prepared instrumentation code into the function.
   const std::size_t shift=instrumentation_code.instructions.size();
diff --git a/src/taint-slicer/slicing_tasks_builder.cpp b/src/taint-slicer/slicing_tasks_builder.cpp
@@ -31,6 +31,75 @@ the instrumenter.
 #include <util/msgstream.h>
 #include <summaries/summary_dump.h>
 #include <exception>
+#include <iostream>
+
+
+/*******************************************************************\
+
+Function: remove_calls_to_functions_without_bodies
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: The function remove all functions without bodies from the passed
+          goto_functions and symbol_table and also all call instructions
+          to those functions.
+
+\*******************************************************************/
+static void remove_calls_to_functions_without_bodies(
+  goto_functionst &goto_functions,
+  symbol_tablet &symbol_table)
+{
+  std::set<irep_idt> fns_without_bodies;
+  for(auto &fname_prog : goto_functions.function_map)
+  {
+    std::vector<goto_programt::targett> to_remove;
+    for(auto it=fname_prog.second.body.instructions.begin();
+        it!=fname_prog.second.body.instructions.end();
+        ++it)
+    {
+      if(it->type==FUNCTION_CALL)
+      {
+        auto fn_call=to_code_function_call(it->code);
+        if(fn_call.function().id()==ID_symbol)
+        {
+          auto s=to_symbol_expr(fn_call.function());
+          auto fit=goto_functions.function_map.find(s.get_identifier());
+          if(fit==goto_functions.function_map.end() ||
+             fit->second.body.instructions.empty())
+          {
+            fns_without_bodies.insert(s.get_identifier());
+            to_remove.push_back(it);
+            ++it;
+            if(it!=fname_prog.second.body.instructions.end() &&
+               it->type==ASSIGN)
+            {
+              auto asgn=to_code_assign(it->code);
+              if(asgn.lhs().id()==ID_symbol)
+              {
+                auto lhs=to_symbol_expr(asgn.lhs());
+                if(as_string(lhs.get_identifier())==
+                   as_string(s.get_identifier())+RETURN_VALUE_SUFFIX)
+                {
+                  to_remove.push_back(it);
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+    for(auto &tgt : to_remove)
+    {
+      assert(tgt->targets.empty());
+      tgt->make_skip();
+    }
+  }
+  for(const auto &fn_name : fns_without_bodies)
+    symbol_table.remove(fn_name);
+}
+
 
 /*******************************************************************\
 
@@ -55,6 +124,7 @@ Function: add_nondet_retval_assignments_after_calls
 \*******************************************************************/
 static void add_nondet_retval_assignments_after_calls(
   goto_programt &goto_program,
+  const irep_idt &caller_name,
   const std::string &callee_name,
   const typet &callee_ret_type)
 {
@@ -75,6 +145,7 @@ static void add_nondet_retval_assignments_after_calls(
           instr_it->code=code_assignt(
             symbol_exprt(callee_name+RETURN_VALUE_SUFFIX,callee_ret_type),
             side_effect_expr_nondett(callee_ret_type));
+          instr_it->function=caller_name;
         }
       }
     }
@@ -156,6 +227,7 @@ std::pair<taint_slicing_taskt,std::string> build_slicing_task(
           if(fid_fn.second.body_available())
             add_nondet_retval_assignments_after_calls(
               fid_fn.second.body,
+              fid_fn.first,
               fid,
               symbol_table.lookup(fid+RETURN_VALUE_SUFFIX).type);
     }
@@ -201,6 +273,11 @@ std::pair<taint_slicing_taskt,std::string> build_slicing_task(
       }
     }
 
+    // And we do the final clean-up: we remove all functions without bodies
+    // from the goto_functions and symbol_table and also all call instructions
+    // to those functions.
+    remove_calls_to_functions_without_bodies(goto_functions, symbol_table);
+
     // Finally, we have to "update" the GOTO program - mandatory step fixing
     // uniquenes of program locations, etc.
     goto_functions.update();
@@ -230,6 +307,23 @@ std::pair<taint_slicing_taskt,std::string> build_slicing_task(
         std::atoi(loc.get_line().c_str())});
     }
 
+    // Check for issues in the program w.r.t. requirements of the slicer
+    // and try to fix them.
+    for(auto &fname_prog : goto_functions.function_map)
+      for(auto &I : fname_prog.second.body.instructions)
+        if(I.function.empty())
+        {
+          logger->status()
+            << "WARNING: Instruction without 'function' reference:\n"
+            << "  loc.: " << I.location_number << "\n"
+            << "  func: " << fname_prog.first << "\n"
+            << "  code: ";
+          dump_instruction_code_in_html(
+            I, namespacet(symbol_table), logger->status());
+          logger->status() << "\n  Fixing the issue.\n";
+          I.function=fname_prog.first;
+        }
+
     // Finally save the constructed slicing task on the disc as GOTO program
     // binary.
     const bool fail=write_goto_binary(
