mirror of
https://github.com/capstone-engine/llvm-capstone.git
synced 2025-02-04 00:06:50 +00:00
258e5e457a
This patch is a major part of my GSoC project, aimed to improve the bug reports of the analyzer. TL;DR: Help the analyzer understand that some conditions are important, and should be explained better. If an CFGBlock is a control dependency of a block where an expression value is tracked, explain the condition expression better by tracking it. if (A) // let's explain why we believe A to be true 10 / x; // division by zero This is an experimental feature, and can be enabled by the off-by-default analyzer configuration "track-conditions". In detail: This idea was inspired by the program slicing algorithm. Essentially, two things are used to produce a program slice (a subset of the program relevant to a (statement, variable) pair): data and control dependencies. The bug path (the linear path in the ExplodedGraph that leads from the beginning of the analysis to the error node) enables to analyzer to argue about data dependencies with relative ease. Control dependencies are a different slice of the cake entirely. Just because we reached a branch during symbolic execution, it doesn't mean that that particular branch has any effect on whether the bug would've occured. This means that we can't simply rely on the bug path to gather control dependencies. In previous patches, LLVM's IDFCalculator, which works on a control flow graph rather than the ExplodedGraph was generalized to solve this issue. We use this information to heuristically guess that the value of a tracked expression depends greatly on it's control dependencies, and start tracking them as well. After plenty of evaluations this was seen as great idea, but still lacking refinements (we should have different descriptions about a conditions value), hence it's off-by-default. Differential Revision: https://reviews.llvm.org/D62883 llvm-svn: 365207
The LLVM Compiler Infrastructure
This directory and its subdirectories contain source code for LLVM, a toolkit for the construction of highly optimized compilers, optimizers, and runtime environments.