[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] Generating ACSL \assigns clauses with programs

To: <csmith-dev@flux.utah.edu>
Subject: Re: [csmith-dev] Generating ACSL \assigns clauses with programs
From: Robert Clausecker <robert.clausecker@fokus.fraunhofer.de>
Date: Fri, 27 Nov 2015 18:06:35 +0100
In-reply-to: <BY2PR0301MB0600C57A21F2554C0B560854DD170@BY2PR0301MB0600.namprd03.prod.outlook.com>
List-archive: </listarchives/csmith-dev>
List-help: <mailto:csmith-dev-request@flux.utah.edu?subject=help>
List-id: Csmith Development Mailing List <csmith-dev.flux.utah.edu>
List-post: <mailto:csmith-dev@flux.utah.edu>
List-subscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-dev>, <mailto:csmith-dev-request@flux.utah.edu?subject=subscribe>
List-unsubscribe: <http://www.flux.utah.edu/mailman/options/csmith-dev>, <mailto:csmith-dev-request@flux.utah.edu?subject=unsubscribe>
Organization: Fraunhofer FOKUS
References: <1446826375.2068.11.camel@sqc-linux-scd.fokus.fraunhofer.de> <563D29EC.2040305@cs.utah.edu> <BY2PR0301MB0600C57A21F2554C0B560854DD170@BY2PR0301MB0600.namprd03.prod.outlook.com>

Hello Xueyun,

> Take a look of FactMgr::map_stm_effect. I think it has the info you
needed.

I tried to use map_stm_effect to get the desired information, but it
doesn't seem to contain the information I need either. For example, for
a statement

    *param = expression;

where param is parameter to the current function, map_stm_effect
contains the object pointed to by param (as far as I understand). It
seems to not contain information of the form “pointee of param is
modified.”

> Csmith performs path-sensitive inter-procedural analysis. It is realized with the following steps:
> 
> 1) Caller (foo) to callee (bar) handover, where foo passes the knowledge, e.g., y is pointing to x, to bar;
> 2) Effect analysis in bar;
> 3) Callee (bar) to caller (foo) handover, where bar tells foo that x is modified.
> 
> For details, check FunctionInvocationUser::revisit.

I have tried to understand how this mechanism works and I feel like I
haven't understood it well enough to be able to make my own
modifications to the code.

For my application, I believe I need the exact opposite (i.e.
intra-functional path-insensitive analysis) of what the csmith code
does. While it seems like the information I need is available during the
analysis, it seems to be erased (i.e. replaced by contextual
information) by the time meta-data about the function is printed out.

How would you implement tracking context-insensitive data about
functions (i.e. data that is oblivious about where the function is
called)? Where would you add the corresponding code and what modules
have to be modified in order to get the desired result?

Thank you for your help.
Yours sincerely,
Robert Clausecker

Follow-Ups:
- Re: [csmith-dev] Generating ACSL \assigns clauses with programs
  - From: Xuejun Yang <xuyang@microsoft.com>

References:
- [csmith-dev] Generating ACSL \assigns clauses with programs
  - From: Robert Clausecker <robert.clausecker@fokus.fraunhofer.de>
- Re: [csmith-dev] Generating ACSL \assigns clauses with programs
  - From: John Regehr <regehr@cs.utah.edu>
- Re: [csmith-dev] Generating ACSL \assigns clauses with programs
  - From: Xuejun Yang <xuyang@microsoft.com>

Prev by Date: Re: [csmith-dev] vector<Variable*> and vector<const Variable*>
Next by Date: Re: [csmith-dev] Generating ACSL \assigns clauses with programs
Previous by thread: Re: [csmith-dev] Generating ACSL \assigns clauses with programs
Next by thread: Re: [csmith-dev] Generating ACSL \assigns clauses with programs
Index(es):
- Date
- Thread