Sreekumar wrote:
Hi Dave,
I tried some of the scripts in the website on the code that I had sent
earlier. The following script (I refer this as script1.js) raised an
exception when I executed it on the code.
require({ after_gcc_pass: "cfg" });
include('gcc_util.js'); // for function_decl_cfg
include('gcc_print.js');
function process_tree(fn) {
print("function " + decl_name(fn)); // fn is a FUNCTION_DECL
let cfg = function_decl_cfg(fn);
for (let bb in cfg_bb_iterator(cfg)) {
print(" basic block " + bb_label(bb, cfg));
for (let isn in bb_isn_iterator(bb)) {
print(" " + isn_display(isn));
}
}
}
Should have known I couldn't get away without testing the example.
Please replace the corresponding line with
print(" basic block " + bb_label(cfg, bb));
Then it should work. I have updated the docs. Thanks for testing these
for me.
I also tried executing the following java script code
require({ after_gcc_pass: "einline" + (isGCC42 ? "" : "_ipa")});
include('gcc_util.js'); // for function_decl_cfg
function process_cgraph(cgraph) {
// cgraph is a GCC structure representing a group of functions
// within the call graph. Iterate over the functions like this.
for (let fn = cgraph; fn; fn = fn.next) {
if (DECL_STRUCT_FUNCTION(fn)) { // fn has a body
print(fn);
let cfg = function_decl_cfg(fn);
}
}
I fixed it again in the docs. The changes are a bit more extensive so
please just check there.
I had one another question. I think GIMPLE representation would be the
best place to start for the kind of analysis that I am thinking of.
The process_tree is the function is the one that I should use. I
dumped the gimple representation from gcc using -fdump-tree-cfg option
and I got the following for the if condition in the code:
D.30570 = s.a;
D.30571 = s.b;
if (D.30570 > D.30571) goto <L0>; else goto <L1>;
# SUCC: 3 (true) 4 (false)
# BLOCK 3
# PRED: 2 (true)
<L0>:;
s.c = 2;
goto <bb 5> (<L2>);
# SUCC: 5 (fallthru)
# BLOCK 4
# PRED: 2 (false)
<L1>:;
s.c = 3;
# SUCC: 5 (fallthru)
script1.js gave the output for the if condition as follows:
GIMPLE_MODIFY_STMT D_21125 := s.a
GIMPLE_MODIFY_STMT D_21126 := s.b
COND_EXPR if GT_EXPR
basic block BBundefined
GIMPLE_MODIFY_STMT s.c := 2
basic block BBundefined
GIMPLE_MODIFY_STMT s.c := 3
I noticed one thing. The output of script1.js does not mark the then-
block and else-block that is found in the gimple representation from
gcc.
Yes. My example code just prints out the basic blocks and not the edges
between them. See libs/unstable/esp.js lines 430-460 for an example of
iterating over the outgoing edges and determining the conditions on them.
Also the condition is represented as GT_EXPR and I could not find
a reference to GT_EXPR in the output.
isn_display is a function to print out GIMPLE statements, defined in
libs/gcc_print.js. It doesn't handle every TREE_CODE (statement type),
because there are a lot and so we just add them as needed. For statement
types it doesn't handle it just prints the TREE_CODE. If you look how
PLUS_EXPR is printed (in expr_display) it should give you a good idea
about how to handle GT_EXPR. Please send us the patches if you implement
any new cases.
_______________________________________________
dev-static-analysis mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-static-analysis
