klee
ArrayExprVisitor.cpp
Go to the documentation of this file.
1//===-- ArrayExprVisitor.cpp ----------------------------------------------===//
2//
3// The KLEE Symbolic Virtual Machine
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9
10#include "klee/Expr/ArrayExprVisitor.h"
11
12#include "klee/Support/ErrorHandling.h"
13
14#include <algorithm>
15
16using namespace klee;
17
18//------------------------------ HELPER FUNCTIONS ---------------------------//
19bool ArrayExprHelper::isReadExprAtOffset(ref<Expr> e, const ReadExpr *base,
20 ref<Expr> offset) {
21 const ReadExpr *re = dyn_cast<ReadExpr>(e.get());
22 if (!re || (re->getWidth() != Expr::Int8))
23 return false;
24 return SubExpr::create(re->index, base->index) == offset;
25}
26
27ReadExpr *ArrayExprHelper::hasOrderedReads(const ConcatExpr &ce) {
28 const ReadExpr *base = dyn_cast<ReadExpr>(ce.getKid(0));
29
30 // right now, all Reads are byte reads but some
31 // transformations might change this
32 if (!base || base->getWidth() != Expr::Int8)
33 return nullptr;
34
35 // Get stride expr in proper index width.
36 Expr::Width idxWidth = base->index->getWidth();
37 ref<Expr> strideExpr = ConstantExpr::alloc(-1, idxWidth);
38 ref<Expr> offset = ConstantExpr::create(0, idxWidth);
39
40 ref<Expr> e = ce.getKid(1);
41
42 // concat chains are unbalanced to the right
43 while (e->getKind() == Expr::Concat) {
44 offset = AddExpr::create(offset, strideExpr);
45 if (!isReadExprAtOffset(e->getKid(0), base, offset))
46 return nullptr;
47 e = e->getKid(1);
48 }
49
50 offset = AddExpr::create(offset, strideExpr);
51 if (!isReadExprAtOffset(e, base, offset))
52 return nullptr;
53
54 return cast<ReadExpr>(e.get());
55}
56
57//--------------------------- INDEX-BASED OPTIMIZATION-----------------------//
58ExprVisitor::Action
59ConstantArrayExprVisitor::visitConcat(const ConcatExpr &ce) {
60 ReadExpr *base = ArrayExprHelper::hasOrderedReads(ce);
61 if (base) {
62 // It is an interesting ReadExpr if it contains a concrete array
63 // that is read at a symbolic index
64 if (base->updates.root->isConstantArray() &&
65 !isa<ConstantExpr>(base->index)) {
66 for (const auto *un = base->updates.head.get(); un; un = un->next.get()) {
67 if (!isa<ConstantExpr>(un->index) || !isa<ConstantExpr>(un->value)) {
68 incompatible = true;
69 return Action::skipChildren();
70 }
71 }
72 IndexCompatibilityExprVisitor compatible;
73 compatible.visit(base->index);
74 if (compatible.isCompatible() &&
75 addedIndexes.find(base->index.get()->hash()) == addedIndexes.end()) {
76 if (arrays.find(base->updates.root) == arrays.end()) {
77 arrays.insert(
78 std::make_pair(base->updates.root, std::vector<ref<Expr> >()));
79 } else {
80 // Another possible index to resolve, currently unsupported
81 incompatible = true;
82 return Action::skipChildren();
83 }
84 arrays.find(base->updates.root)->second.push_back(base->index);
85 addedIndexes.insert(base->index.get()->hash());
86 } else if (compatible.hasInnerReads()) {
87 // This Read has an inner Read, we want to optimize the inner one
88 // to create a cascading effect during assignment evaluation
89 return Action::doChildren();
90 }
91 return Action::skipChildren();
92 }
93 }
94 return Action::doChildren();
95}
96ExprVisitor::Action ConstantArrayExprVisitor::visitRead(const ReadExpr &re) {
97 // It is an interesting ReadExpr if it contains a concrete array
98 // that is read at a symbolic index
99 if (re.updates.root->isConstantArray() && !isa<ConstantExpr>(re.index)) {
100 for (const auto *un = re.updates.head.get(); un; un = un->next.get()) {
101 if (!isa<ConstantExpr>(un->index) || !isa<ConstantExpr>(un->value)) {
102 incompatible = true;
103 return Action::skipChildren();
104 }
105 }
106 IndexCompatibilityExprVisitor compatible;
107 compatible.visit(re.index);
108 if (compatible.isCompatible() &&
109 addedIndexes.find(re.index.get()->hash()) == addedIndexes.end()) {
110 if (arrays.find(re.updates.root) == arrays.end()) {
111 arrays.insert(
112 std::make_pair(re.updates.root, std::vector<ref<Expr> >()));
113 } else {
114 // Another possible index to resolve, currently unsupported
115 incompatible = true;
116 return Action::skipChildren();
117 }
118 arrays.find(re.updates.root)->second.push_back(re.index);
119 addedIndexes.insert(re.index.get()->hash());
120 } else if (compatible.hasInnerReads()) {
121 // This Read has an inner Read, we want to optimize the inner one
122 // to create a cascading effect during assignment evaluation
123 return Action::doChildren();
124 }
125 return Action::skipChildren();
126 } else if (re.updates.root->isSymbolicArray()) {
127 incompatible = true;
128 }
129
130 return Action::doChildren();
131}
132
133ExprVisitor::Action
134IndexCompatibilityExprVisitor::visitRead(const ReadExpr &re) {
135 if (re.updates.head) {
136 compatible = false;
137 return Action::skipChildren();
138 } else if (re.updates.root->isConstantArray() &&
139 !isa<ConstantExpr>(re.index)) {
140 compatible = false;
141 inner = true;
142 return Action::skipChildren();
143 }
144 return Action::doChildren();
145}
146ExprVisitor::Action IndexCompatibilityExprVisitor::visitURem(const URemExpr &) {
147 compatible = false;
148 return Action::skipChildren();
149}
150ExprVisitor::Action IndexCompatibilityExprVisitor::visitSRem(const SRemExpr &) {
151 compatible = false;
152 return Action::skipChildren();
153}
154ExprVisitor::Action IndexCompatibilityExprVisitor::visitOr(const OrExpr &) {
155 compatible = false;
156 return Action::skipChildren();
157}
158
159ExprVisitor::Action
160IndexTransformationExprVisitor::visitConcat(const ConcatExpr &ce) {
161 if (ReadExpr *re = dyn_cast<ReadExpr>(ce.getKid(0))) {
162 if (re->updates.root->hash() == array->hash() && width < ce.getWidth()) {
163 if (width == Expr::InvalidWidth)
164 width = ce.getWidth();
165 }
166 } else if (ReadExpr *re = dyn_cast<ReadExpr>(ce.getKid(1))) {
167 if (re->updates.root->hash() == array->hash() && width < ce.getWidth()) {
168 if (width == Expr::InvalidWidth)
169 width = ce.getWidth();
170 }
171 }
172 return Action::doChildren();
173}
174ExprVisitor::Action IndexTransformationExprVisitor::visitMul(const MulExpr &e) {
175 if (isa<ConstantExpr>(e.getKid(0)))
176 mul = e.getKid(0);
177 else if (isa<ConstantExpr>(e.getKid(0)))
178 mul = e.getKid(1);
179 return Action::doChildren();
180}
181
182//-------------------------- VALUE-BASED OPTIMIZATION------------------------//
183ExprVisitor::Action ArrayReadExprVisitor::visitConcat(const ConcatExpr &ce) {
184 ReadExpr *base = ArrayExprHelper::hasOrderedReads(ce);
185 if (base) {
186 return inspectRead(const_cast<ConcatExpr *>(&ce), ce.getWidth(), *base);
187 }
188 return Action::doChildren();
189}
190ExprVisitor::Action ArrayReadExprVisitor::visitRead(const ReadExpr &re) {
191 return inspectRead(const_cast<ReadExpr *>(&re), re.getWidth(), re);
192}
193// This method is a mess because I want to avoid looping over the UpdateList
194// values twice
195ExprVisitor::Action ArrayReadExprVisitor::inspectRead(ref<Expr> hash,
196 Expr::Width width,
197 const ReadExpr &re) {
198 // pre(*): index is symbolic
199 if (!isa<ConstantExpr>(re.index)) {
200 if (readInfo.find(&re) == readInfo.end()) {
201 if (re.updates.root->isSymbolicArray() && !re.updates.head) {
202 return Action::doChildren();
203 }
204 if (re.updates.head) {
205 // Check preconditions on UpdateList nodes
206 bool hasConcreteValues = false;
207 for (const auto *un = re.updates.head.get(); un; un = un->next.get()) {
208 // Symbolic case - \inv(update): index is concrete
209 if (!isa<ConstantExpr>(un->index)) {
210 incompatible = true;
211 break;
212 } else if (!isa<ConstantExpr>(un->value)) {
213 // We tell the optimization that there is a symbolic value,
214 // otherwise we rely on the concrete optimization procedure
215 symbolic = true;
216 } else if (re.updates.root->isSymbolicArray() &&
217 isa<ConstantExpr>(un->value)) {
218 // We can optimize symbolic array, but only if they have
219 // at least one concrete value
220 hasConcreteValues = true;
221 }
222 }
223 // Symbolic case - if array is symbolic, then we need at least one
224 // concrete value
225 if (re.updates.root->isSymbolicArray()) {
226 if (hasConcreteValues)
227 symbolic = true;
228 else
229 incompatible = true;
230 }
231
232 if (incompatible)
233 return Action::skipChildren();
234 }
235 symbolic |= re.updates.root->isSymbolicArray();
236 reads.push_back(&re);
237 readInfo.emplace(&re, std::make_pair(hash, width));
238 }
239 return Action::skipChildren();
240 }
241 return Action::doChildren();
242}
243
244ExprVisitor::Action
245ArrayValueOptReplaceVisitor::visitConcat(const ConcatExpr &ce) {
246 auto found = optimized.find(const_cast<ConcatExpr *>(&ce));
247 if (found != optimized.end()) {
248 return Action::changeTo((*found).second.get());
249 }
250 return Action::doChildren();
251}
252ExprVisitor::Action ArrayValueOptReplaceVisitor::visitRead(const ReadExpr &re) {
253 auto found = optimized.find(const_cast<ReadExpr *>(&re));
254 if (found != optimized.end()) {
255 return Action::changeTo((*found).second.get());
256 }
257 return Action::doChildren();
258}
klee::ArrayExprHelper::isReadExprAtOffset
static bool isReadExprAtOffset(ref< Expr > e, const ReadExpr *base, ref< Expr > offset)
Definition: ArrayExprVisitor.cpp:19
klee::ArrayExprHelper::hasOrderedReads
static ReadExpr * hasOrderedReads(const ConcatExpr &ce)
Definition: ArrayExprVisitor.cpp:27
klee::ArrayReadExprVisitor::readInfo
std::map< const ReadExpr *, std::pair< ref< Expr >, Expr::Width > > & readInfo
Definition: ArrayExprVisitor.h:94
klee::ArrayReadExprVisitor::visitConcat
Action visitConcat(const ConcatExpr &) override
Definition: ArrayExprVisitor.cpp:183
klee::ArrayReadExprVisitor::inspectRead
Action inspectRead(ref< Expr > hash, Expr::Width width, const ReadExpr &)
Definition: ArrayExprVisitor.cpp:195
klee::ArrayReadExprVisitor::reads
std::vector< const ReadExpr * > & reads
Definition: ArrayExprVisitor.h:93
klee::ArrayReadExprVisitor::visitRead
Action visitRead(const ReadExpr &) override
Definition: ArrayExprVisitor.cpp:190
klee::ArrayValueOptReplaceVisitor::visitConcat
Action visitConcat(const ConcatExpr &) override
Definition: ArrayExprVisitor.cpp:245
klee::ArrayValueOptReplaceVisitor::visitRead
Action visitRead(const ReadExpr &re) override
Definition: ArrayExprVisitor.cpp:252
klee::ArrayValueOptReplaceVisitor::optimized
ExprHashMap< ref< Expr > > optimized
Definition: ArrayExprVisitor.h:116
klee::Array::isConstantArray
bool isConstantArray() const
Definition: Expr.h:525
klee::Array::isSymbolicArray
bool isSymbolicArray() const
Definition: Expr.h:524
klee::Array::hash
unsigned hash() const
Definition: Expr.h:534
klee::ConcatExpr::getKid
ref< Expr > getKid(unsigned i) const
Definition: Expr.h:697
klee::ConcatExpr::getWidth
Width getWidth() const
Definition: Expr.h:691
klee::ConstantArrayExprVisitor::visitConcat
Action visitConcat(const ConcatExpr &) override
Definition: ArrayExprVisitor.cpp:59
klee::ConstantArrayExprVisitor::visitRead
Action visitRead(const ReadExpr &) override
Definition: ArrayExprVisitor.cpp:96
klee::ConstantArrayExprVisitor::addedIndexes
std::unordered_set< unsigned > addedIndexes
Definition: ArrayExprVisitor.h:39
klee::ConstantExpr::create
static ref< ConstantExpr > create(uint64_t v, Width w)
Definition: Expr.h:1079
klee::ConstantExpr::alloc
static ref< ConstantExpr > alloc(const llvm::APInt &v)
Definition: Expr.h:1065
klee::ExprVisitor::Action::changeTo
static Action changeTo(const ref< Expr > &expr)
Definition: ExprVisitor.h:36
klee::ExprVisitor::Action::doChildren
static Action doChildren()
Definition: ExprVisitor.h:39
klee::ExprVisitor::Action::skipChildren
static Action skipChildren()
Definition: ExprVisitor.h:40
klee::ExprVisitor::visit
ref< Expr > visit(const ref< Expr > &e)
Definition: ExprVisitor.cpp:26
klee::Expr::InvalidWidth
static const Width InvalidWidth
Definition: Expr.h:99
klee::Expr::getKind
virtual Kind getKind() const =0
klee::Expr::hash
virtual unsigned hash() const
Returns the pre-computed hash of the current expression.
Definition: Expr.h:222
klee::Expr::getWidth
virtual Width getWidth() const =0
klee::Expr::Concat
@ Concat
Definition: Expr.h:125
klee::Expr::Width
unsigned Width
The type of an expression is simply its width, in bits.
Definition: Expr.h:97
klee::Expr::getKid
virtual ref< Expr > getKid(unsigned i) const =0
klee::Expr::Int8
static const Width Int8
Definition: Expr.h:101
klee::IndexCompatibilityExprVisitor::visitRead
Action visitRead(const ReadExpr &) override
Definition: ArrayExprVisitor.cpp:134
klee::IndexCompatibilityExprVisitor::visitURem
Action visitURem(const URemExpr &) override
Definition: ArrayExprVisitor.cpp:146
klee::IndexCompatibilityExprVisitor::visitOr
Action visitOr(const OrExpr &) override
Definition: ArrayExprVisitor.cpp:154
klee::IndexCompatibilityExprVisitor::visitSRem
Action visitSRem(const SRemExpr &) override
Definition: ArrayExprVisitor.cpp:150
klee::IndexTransformationExprVisitor::visitConcat
Action visitConcat(const ConcatExpr &) override
Definition: ArrayExprVisitor.cpp:160
klee::IndexTransformationExprVisitor::visitMul
Action visitMul(const MulExpr &) override
Definition: ArrayExprVisitor.cpp:174
klee::ReadExpr
Class representing a one byte read from an array.
Definition: Expr.h:565
klee::ReadExpr::index
ref< Expr > index
Definition: Expr.h:572
klee::ReadExpr::getWidth
Width getWidth() const
Definition: Expr.h:583
klee::ReadExpr::updates
UpdateList updates
Definition: Expr.h:571
klee::UpdateList::head
ref< UpdateNode > head
pointer to the most recent update node
Definition: Expr.h:546
klee::UpdateList::root
const Array * root
Definition: Expr.h:543
klee::ref::get
T * get() const
Definition: Ref.h:129
klee
Definition: main.cpp:291