From f049ff3bc04daead8c3bb9f06e89e71e2054c82a Mon Sep 17 00:00:00 2001 From: Eric Rizzi Date: Mon, 16 Feb 2015 13:16:12 -0500 Subject: Added factory method for Arrays + hid constructors from outside calls The way that Arrays were handled in the past led to the possibility of aliasing issues. This occured whenever a new branch discovered an array for the first time. Each branch would create a new instance of the same array without seeing if it had been created before. Therefore, should a new branch encounter the same state as some previous branch, the previous branch's solution wouldn't satisfy the new state since they didn't recognize they were referencing the same array. By creating an array factory that creates a single symbolic array, that problem is handled. Note: Concrete arrays should not be created by the factory method since their values are never shared between branches. The factory works by seeing if an array with a similar hash has been created before (the hash is based on the name and size of array). If there has been it then searches through all of the arrays with the same hash (stored in a vector) to see if there is one with an exact match. If there is one, the address of this previously created equivalent array is returned. Otherwise, the newly created array is unique, it is added to the map, and it's address is returned. This aliasing issue can be seen by comparing the output of the Dogfood/ImmutableSet.cpp test cases with and with out this commit. Both act correctly, but the number of queries making it to the solver in the previous version is much greater 244 vs 211. This is because the UBTree in the CexCachingSolver and the cache in the CachingSolver do not recognize queries whose solutions were previously calculated because it doesn't think the arrays in the two queries are the same. While this does not cause an error, it does mean that extra calls are made. --- lib/Core/Executor.cpp | 4 ++-- lib/Core/Memory.cpp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/Core') diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index cdd6ba54..8631061f 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -2924,7 +2924,7 @@ ref Executor::replaceReadWithSymbolic(ExecutionState &state, // and return it. static unsigned id; - const Array *array = new Array("rrws_arr" + llvm::utostr(++id), + const Array *array = Array::CreateArray("rrws_arr" + llvm::utostr(++id), Expr::getMinBytesForWidth(e->getWidth())); ref res = Expr::createTempRead(array, e->getWidth()); ref eq = NotOptimizedExpr::create(EqExpr::create(e, res)); @@ -3263,7 +3263,7 @@ void Executor::executeMakeSymbolic(ExecutionState &state, while (!state.arrayNames.insert(uniqueName).second) { uniqueName = name + "_" + llvm::utostr(++id); } - const Array *array = new Array(uniqueName, mo->size); + const Array *array = Array::CreateArray(uniqueName, mo->size); bindObjectInState(state, mo, false, array); state.addSymbolic(mo, array); diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index b6f225d1..b9f6afd0 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -113,7 +113,7 @@ ObjectState::ObjectState(const MemoryObject *mo) if (!UseConstantArrays) { // FIXME: Leaked. static unsigned id = 0; - const Array *array = new Array("tmp_arr" + llvm::utostr(++id), size); + const Array *array = Array::CreateArray("tmp_arr" + llvm::utostr(++id), size); updates = UpdateList(array, 0); } memset(concreteStore, 0, size); @@ -222,7 +222,7 @@ const UpdateList &ObjectState::getUpdates() const { // Start a new update list. // FIXME: Leaked. static unsigned id = 0; - const Array *array = new Array("const_arr" + llvm::utostr(++id), size, + const Array *array = Array::CreateArray("const_arr" + llvm::utostr(++id), size, &Contents[0], &Contents[0] + Contents.size()); updates = UpdateList(array, 0); -- cgit 1.4.1