Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQUEST] Pointer arithmetic #127

Open
lucaneg opened this issue Sep 27, 2021 · 0 comments
Open

[FEATURE REQUEST] Pointer arithmetic #127

lucaneg opened this issue Sep 27, 2021 · 0 comments
Assignees
@lucaneg
Labels
⁉ priority:p2 Priority planning - level 2 🔍 scope:analysis Work regarding abstract domains or fixpoint algorithms 🏨 scope:infrastructure Work regarding the general infrastructure and functioning of LiSA 🎆 type:feature New feature or request
Milestone
0.2

Comments

@lucaneg
Copy link
Member

lucaneg commented Sep 27, 2021
edited
Loading

Memory model

To add support for pointers, we first have to reshape the memory model. Instead of having only the heap, the memory is now partitioned in heap and stack.

HeapStack
h1h2h3h4s1s2s3s4
h5h6h7h8s5s6s7s8

Identifiers

To reflect this change, the hierarchy of the Identifier symbolic expression has to change:

  • Identifier
    • Variable: a real variable of the program
    • MemoryLocation: a generic location in the program memory (hn or sn)
      • StackElement: a location on the stack (sn)
      • HeapLocation: a location in the heap (hn)
    • MaskedIdentifier: a compound identifier referencing another one
      • Address: the address of another identifier
      • OutOfScopeIdentifier: an identifier that has been scoped by a call or similar construct, that the code cannot directly access

Memory Expressions

The HeapExpressions must now accommodate also operations on other parts of the memory:

  • MemoryExpression
    • Allocation: an expression that allocates a new memory region. Corresponds to new/malloc/.... Always rewrites to a MemoryLocation
      • HeapAllocation: an expression that allocates a new heap region. Always rewrites to a HeapLocation
      • StackAllocation: an expression that allocates a new stack region. Always rewrites to a StackElement
    • GetAddress(e): gets the address of an expression e. Corresponds to &e. Always rewrites to an Address. e can be an arbitrary expression.
    • Dereference(e): dereferences an address to get to the memory location. Corresponds to *e. e must be an Address. Always rewrites to an Identifier
    • Traverse(r, e): gets from one location to another one. Corresponds to r.e/r[e]/.... Always rewrites to a MemoryLocation. r must be an Address. e can be a string, a Global, or an arbitrary expression.

Having a generic expression in Traverse and GetAddress enables usage of pointer arithmetics and tracking of fields in dynamic objects. A MemoryDomain can use its SemanticOracle to evaluate the expression, obtaining an instance of Lattice that represents the location accessed.

Memory Domains

The current memory abstractions are Monolithic, ProgramPointBased, and FieldSensitiveProgramPointBased. Monolithic is fine as-is, since everything is the same locations. PogramPointBased does not distinguish between different sub-locations, so it does not require modifications for Traverse. Instead, for GetAddress the evaluation can be reduced to the evaluation of their root location (e.g., &(x+1) is the same of &x). FieldSensitiveProgramPointBased can instead track sub-locations, but at the current state can only track syntactic ones: x.f works if f is a field, but x[n] does not work if n is a variable. This can still be acceptable on some programs that only manipulate objects with statically known fields. While the obvious endgame is to implement a shape analysis, a middle-ground implementation can be this one, that is basically a field sensitive implementation of ProgramPointBased that uses lattice instances for fields.

Still to discuss

  • aliasing vs shallow copy: how do we distinguish?
  • by-ref vs by-val parameter passing
@lucaneg lucaneg added 🎆 type:feature New feature or request ❗ priority:p3 Priority planning - level 3 labels Sep 27, 2021
@lucaneg lucaneg added 🔍 scope:analysis Work regarding abstract domains or fixpoint algorithms 🏨 scope:infrastructure Work regarding the general infrastructure and functioning of LiSA labels Jan 21, 2022
@lucaneg lucaneg moved this to Todo in LiSA Nov 3, 2022
@lucaneg lucaneg added this to LiSA Nov 3, 2022
@lucaneg lucaneg moved this from Todo to Backlog in LiSA Nov 3, 2022
@lucaneg lucaneg added this to the 0.4 milestone Dec 12, 2022
@lucaneg lucaneg modified the milestones: 0.4, 0.2 Dec 13, 2023
@lucaneg lucaneg added ⁉ priority:p2 Priority planning - level 2 and removed ❗ priority:p3 Priority planning - level 3 labels Dec 13, 2023
@lucaneg lucaneg self-assigned this Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucaneg lucaneg

Labels
⁉ priority:p2 Priority planning - level 2 🔍 scope:analysis Work regarding abstract domains or fixpoint algorithms 🏨 scope:infrastructure Work regarding the general infrastructure and functioning of LiSA 🎆 type:feature New feature or request
Projects
LiSA
Status: Backlog
Milestone
0.2
Development

No branches or pull requests
1 participant
@lucaneg