[ghost] Ghost CFG, no more references

0bc431da · Allan Blanchard · Virgile Prevosto · 2b0e4954 · 0bc431da
Commit 0bc431da authored 5 years ago by Allan Blanchard Committed by Virgile Prevosto 5 years ago
--- a/src/kernel_internals/typing/ghost_cfg.ml
+++ b/src/kernel_internals/typing/ghost_cfg.ml
@@ -54,89 +54,88 @@ let noGhostBlock b =
  end in
  (visitCilBlock (noGhostVisitor :> cilVisitor) b), (noGhostVisitor#getBehavior ())
-let isSkip stmt =
-  match stmt.skind with
-  (* We ignore blocks: their successors are their 1st stmt so we visit them *)
-  | Instr(Skip(_)) | Block(_) | Continue(_) | Break(_) -> true
-  | _ -> false
 type follower =
  (* For a stmt, an "Infinite" follower means that following skip instructions
     we just go back to this stmt. *)
  | Infinite | Exit | Stmt of stmt
-let rec skipSkip ?(visited=StmtSet.empty) s =
+let sync stmt =
-  if StmtSet.mem s visited then Infinite
+  match stmt.skind with
-  else match isSkip s with
+  (* We ignore blocks: their successors are their 1st stmt so we visit them *)
-    | false -> Stmt s
+  | Instr(Skip(_)) | Block(_) | Continue(_) | Break(_) -> false
-    | true when s.succs = [] -> Exit
+  | _ -> true
-    | _ ->
-      skipSkip ~visited:(StmtSet.add s visited) (Extlib.as_singleton s.succs)
+let nextSync stmt =
+  let rec aux visited s =
-let firstNonSkipNonGhosts stmt =
+    if StmtSet.mem s visited then Infinite
-  let rec do_find ~visited stmt =
+    else match sync s with
-    if List.mem stmt !visited then []
+      | true -> Stmt s
+      | false when s.succs = [] -> Exit
+      | _ ->
+        aux (StmtSet.add s visited) (Extlib.as_singleton s.succs)
+  in aux StmtSet.empty stmt
+let nextNonGhostSync stmt =
+  let rec do_find (res, visited) stmt =
+    if StmtSet.mem stmt visited then res, visited
    else begin
-      visited := stmt :: !visited ;
+      let visited = StmtSet.add stmt visited in
-      if isSkip stmt then do_find ~visited (Extlib.as_singleton stmt.succs)
+      if not (sync stmt) then
-      else if not (stmt.ghost) then [ stmt ]
+        do_find (res, visited) (Extlib.as_singleton stmt.succs)
-      else List.flatten (List.map (do_find ~visited) stmt.succs)
+      else if not (stmt.ghost) then StmtSet.add stmt res, visited
+      else List.fold_left do_find (res, visited) stmt.succs
    end
  in
-  do_find ~visited:(ref []) stmt
+  fst (do_find (StmtSet.empty, StmtSet.empty) stmt)
 let alteredCFG stmt =
  error ~source:(fst (Stmt.loc stmt)) "Ghost code breaks CFG starting at:@.%a"
    Cil_printer.pp_stmt stmt
-let rec checkGhostCFG bhv ?(visited=ref StmtSet.empty) withGhostStart noGhost =
+let checkGhostCFG bhv withGhostStart noGhost =
-  match (skipSkip withGhostStart), (skipSkip noGhost) with
+  let rec do_check visited withGhostStart noGhostStart =
-  | Stmt withGhost, Stmt noGhost -> begin
+    match (nextSync withGhostStart), (nextSync noGhostStart) with
-      if StmtSet.mem withGhost !visited then ()
+    | Stmt withGhost, Stmt _ when StmtSet.mem withGhost visited -> visited
-      else begin
+    | Stmt withGhost, Stmt noGhost ->
-        visited := StmtSet.add withGhost !visited ;
+      let visited = StmtSet.add withGhost visited in
-        let withGhost = List.sort_uniq Stmt.compare (firstNonSkipNonGhosts withGhost) in
+      let withGhost =
-        match withGhost, noGhost with
+        StmtSet.contains_single_elt (nextNonGhostSync withGhost)
-        | [ s1 ], s2 when not (Stmt.equal s1 (Get_orig.stmt bhv s2)) ->
+      in
-          alteredCFG withGhostStart
+      begin match withGhost, noGhost with
-        | [ { skind = If(_) } as s1 ], s2 ->
+        | Some s1, s2 when not (Stmt.equal s1 (Get_orig.stmt bhv s2)) ->
-          checkIf bhv ~visited s1 s2
+          alteredCFG withGhostStart ; visited
-        | [ { skind = Switch(_) } as s1 ], s2 ->
-          checkSwitch bhv ~visited s1 s2
+        | Some ({ skind = If(_) } as withGhost), noGhost ->
-        | [ { skind = Loop(_) } as s1 ], s2 ->
+          let wgThen, wgElse = Cil.separate_if_succs withGhost in
-          checkLoop bhv ~visited s1 s2
+          let ngThen, ngElse = Cil.separate_if_succs noGhost in
-        | [ { succs = [next_s1] } ], { succs = [next_s2] } ->
+          let visited = do_check visited wgThen ngThen in
-          checkGhostCFG bhv ~visited next_s1 next_s2
+          do_check visited wgElse ngElse
-        | [ { succs = [] } ], { succs = [] } -> ()
-        | _, _  ->
+        | Some ({ skind = Switch(_) } as withGhost), noGhost ->
-          alteredCFG withGhostStart
+          let ngSuccs, ngDef = Cil.separate_switch_succs noGhost in
+          let wgAllSuccs, wgDef = Cil.separate_switch_succs withGhost in
+          let wgSuccsG, wgSuccsNG =
+            List.partition (fun s -> s.ghost) wgAllSuccs
+          in
+          let mustDefault = wgDef :: wgSuccsG in
+          assert(List.length ngSuccs = List.length wgSuccsNG) ;
+          let visited = List.fold_left2 do_check visited wgSuccsNG ngSuccs in
+          List.fold_left (fun v s -> do_check v s ngDef) visited mustDefault
+        | Some ({ skind=Loop(_,wgb,_,_,_) }), { skind=Loop (_, ngb,_,_,_) } ->
+          begin match wgb.bstmts, ngb.bstmts with
+            | s1 :: _ , s2 :: _ -> do_check visited s1 s2
+            | _, _ -> visited
+          end
+        | Some { succs = [wg] }, { succs = [ng] } -> do_check visited wg ng
+        | Some { succs = [] }, { succs = [] } -> visited
+        | _, _  -> alteredCFG withGhostStart ; visited
      end
-    end ;
+    | Exit, Exit | Infinite, Infinite -> visited
-  | Exit, Exit | Infinite, Infinite -> ()
+    | _ , _ -> alteredCFG withGhostStart ; visited
-  | _ , _ -> alteredCFG withGhostStart
-and checkIf bhv ~visited withGhost noGhost =
-  let withGhostThen, withGhostElse = Cil.separate_if_succs withGhost in
-  let noGhostThen  , noGhostElse   = Cil.separate_if_succs noGhost in
-  checkGhostCFG bhv ~visited withGhostThen noGhostThen ;
-  checkGhostCFG bhv ~visited withGhostElse noGhostElse
-and checkLoop bhv ~visited withGhost noGhost =
-  let withGhostBlock, noGhostBlock = match withGhost.skind, noGhost.skind with
-    | Loop(_, b1, _, _, _), Loop(_, b2, _, _, _) -> b1, b2
-    | _ -> assert false
-  in
-  match withGhostBlock.bstmts, noGhostBlock.bstmts with
-  | s1 :: _ , s2 :: _ -> checkGhostCFG bhv ~visited s1 s2
-  | _, _ -> ()
-and checkSwitch bhv ~visited withGhost noGhost =
-  let noGhostSuccs, noGhostDef = Cil.separate_switch_succs noGhost in
-  let withGhostAllSuccs, withGhostDef = Cil.separate_switch_succs withGhost in
-  let withGhostSuccsGhost, withGhostSuccsNonGhost =
-    List.partition (fun s -> s.ghost) withGhostAllSuccs
  in
-  let mustDefault = withGhostDef :: withGhostSuccsGhost in
+  ignore (do_check StmtSet.empty withGhostStart noGhost)
-  assert(List.length noGhostSuccs = List.length withGhostSuccsNonGhost) ;
-  List.iter2 (checkGhostCFG bhv ~visited) withGhostSuccsNonGhost noGhostSuccs ;
-  List.iter (fun s -> checkGhostCFG bhv ~visited s noGhostDef) mustDefault
 let checkGhostCFGInFun (fd : fundec) =
  if fd.svar.vghost then ()
@@ -155,7 +154,9 @@ let checkGhostCFGInFun (fd : fundec) =
  end
 let checkGhostCFGInFile (f : file) =
-  Cil.iterGlobals f (function GFun(fd,_) -> checkGhostCFGInFun fd | _ -> ())
+  Cil.iterGlobals f (function
+      | GFun (fd, _) -> checkGhostCFGInFun fd
+      | _ -> ())
 let transform_category =
  File.register_code_transformation_category "Ghost CFG checking"