Analysis has tracking set, params are a list

Author: Ronald Judin

src/analyses/base.ml

@@ -2760,33 +2760,8 @@ struct
         | _ -> st
       end
     (* TODO: Rethink OCamlParam's placement *)
-    | OCamlParam {param1; param2; param3; param4; param5}, _ ->
-      begin match param1 with
-        | Some p1 ->
-          let _ = eval_rv ~man st p1 in
-          begin match param2 with
-            | Some p2 ->
-              let _ = eval_rv ~man st p2 in
-              begin match param3 with
-                | Some p3 ->
-                  let _ = eval_rv ~man st p3 in
-                  begin match param4 with
-                    | Some p4 ->
-                      let _ = eval_rv ~man st p4 in
-                      begin match param5 with
-                        | Some p5 ->
-                          let _ = eval_rv ~man st p5 in
-                          st
-                        | _ -> st
-                      end
-                    | _ -> st
-                  end
-                | _ -> st
-              end
-            | _ -> st
-          end
-        | _ -> st
-      end
+    | OCamlParam params, _ ->
+      List.fold_left (fun acc param -> let _ = eval_rv ~man acc param in acc) st params
     | Calloc { count = n; size }, _ ->
       begin match lv with
         | Some lv -> (* array length is set to one, as num*size is done when turning into `Calloc *)

src/analyses/ocaml.ml

@@ -27,32 +27,42 @@ struct
   let name () = "ocaml"
   module D =
   struct
-    (* The first set contains variables of type value that are definitely in order. The second contains definitely registered variables. *)
-    module P = Lattice.Prod (VarinfoSet) (VarinfoSet)
+    (* The first set contains variables of type value that are definitely in order. The second contains definitely registered variables. The third contains variables the analysis tracks. *)
+    module P = Lattice.Prod3 (VarinfoSet) (VarinfoSet) (VarinfoSet)
     include P
 
-    let empty () = (VarinfoSet.empty (), VarinfoSet.empty ())
+    let empty () = (VarinfoSet.empty (), VarinfoSet.empty (), VarinfoSet.empty ())
 
     (* After garbage collection, the second set is written to the first set *)
-    let after_gc (accounted, registered) = (registered, registered)
+    let after_gc (accounted, registered, tracked) = (registered, registered, tracked)
 
-    let mem_a v (accounted, registered) =
+    (* Untracked variables are always fine. *)
+    let mem_a v (accounted, registered, tracked) =
       VarinfoSet.mem v accounted
 
-    let mem_r v (accounted, registered) =
+    let mem_r v (accounted, registered, tracked) =
       VarinfoSet.mem v registered
 
-    let add_a v (accounted, registered) =
-      (VarinfoSet.add v accounted, registered)
+    let mem_t v (accounted, registered, tracked) =
+      VarinfoSet.mem v tracked
 
-    let add_r v (accounted, registered) =
-      (accounted, VarinfoSet.add v registered)
+    let add_a v (accounted, registered, tracked) =
+      (VarinfoSet.add v accounted, registered, tracked)
 
-    let remove_a v (accounted, registered) =
-      (VarinfoSet.remove v accounted, registered)
+    let add_r v (accounted, registered, tracked) =
+      (accounted, VarinfoSet.add v registered, tracked)
 
-    let remove_r v (accounted, registered) =
-      (accounted, VarinfoSet.remove v registered)
+    let add_t v (accounted, registered, tracked) =
+      (accounted, registered, VarinfoSet.add v tracked)
+
+    let remove_a v (accounted, registered, tracked) =
+      (VarinfoSet.remove v accounted, registered, tracked)
+
+    let remove_r v (accounted, registered, tracked) =
+      (accounted, VarinfoSet.remove v registered, tracked)
+
+    let remove_t v (accounted, registered, tracked) =
+      (accounted, registered, VarinfoSet.remove v tracked)
   end
   module C = Printable.Unit
 
@@ -79,11 +89,33 @@ struct
   and lval_accounted_for state = function
     | (Var v, _) ->
       (* Checks whether variable v is accounted for *) (*false*)
-      if D.mem_a v state then true else let _ = M.warn "Value %a might be garbage collected" CilType.Varinfo.pretty v in false
+      if D.mem_a v state || not (D.mem_t v state) then true else let _ = M.warn "Value %a might be garbage collected" CilType.Varinfo.pretty v in false
     | _ ->
       (* The Gemara asks: is using an offset safe for the expression? The Gemara answers: by default, no. We assume our language has no pointers *)
       false
 
+  (** Determines whether an expression [e] has parts in the OCaml heap, given a [state]. *)
+  let rec exp_tracked (state:D.t) (e:Cil.exp) = match e with
+    (* Recurse over the structure in the expression, returning true if some varinfo appearing in the expression is tracked *)
+    | AddrOf v
+    | StartOf v
+    | Lval v -> lval_tracked state v
+    | BinOp (_,e1,e2,_) -> exp_tracked state e1 || exp_tracked state e2
+    | Real e
+    | Imag e
+    | SizeOfE e
+    | AlignOfE e
+    | CastE (_,e)
+    | UnOp (_,e,_) -> exp_tracked state e
+    | SizeOf _ | SizeOfStr _ | Const _  | AlignOf _ | AddrOfLabel _ -> false
+    | Question (b, t, f, _) -> exp_tracked state b || exp_tracked state t || exp_tracked state f
+  and lval_tracked state = function
+    | (Var v, _) ->
+      (* Checks whether variable v is tracked *)
+      D.mem_t v state
+    | _ ->
+      false
+
   (* transfer functions *)
 
   (** Handles assignment of [rval] to [lval]. *)
@@ -92,8 +124,10 @@ struct
     match lval with
     | Var v,_ ->
       (* If lval is of type value, checks whether rval is accounted for, handles assignment to v accordingly *) (* state *)
-      if exp_accounted_for state rval then D.add_a v state
-      else D.remove_a v state
+      if exp_accounted_for state rval then
+        if exp_tracked state rval then D.add_a v (D.add_t v state)
+        else D.add_a v (D.remove_t v state)
+      else let _ = M.info "The above is being assigned" in D.remove_a v (D.add_t v state)
     | _ -> state
 
   (** Handles conditional branching yielding truth value [tv]. *)
@@ -104,9 +138,9 @@ struct
   (** Handles going from start node of function [f] into the function body of [f].
       Meant to handle e.g. initializiation of local variables. *)
   let body ctx (f:fundec) : D.t =
-    (* The (non-formals) locals are initially accounted for *)
+    (* The (non-formals) locals are tracked and initially accounted for *)
     let state = ctx.local in
-    List.fold_left (fun st v -> D.add_a v st) state f.sformals
+    List.fold_left (fun st v -> D.add_a v (D.add_t v st)) state f.sformals
 
   (** Handles the [return] statement, i.e. "return exp" or "return", in function [f]. *)
   let return ctx (exp:exp option) (f:fundec) : D.t =
@@ -115,6 +149,7 @@ struct
     | Some e ->
       (* Checks that value returned is accounted for. *)
       (* Return_varinfo is used in place of a "real" variable. *)
+      (* TODO: Consider how the return_varinfo needs to be tracked. *)
       (* state *)
       if exp_accounted_for state e then D.add_a return_varinfo state
       else let _ = M.warn "Value returned might be garbage collected" in D.remove_a return_varinfo state
@@ -155,6 +190,7 @@ struct
   let combine_assign ctx (lval:lval option) fexp (f:fundec) (args:exp list) fc (callee_local:D.t) (f_ask: Queries.ask): D.t =
     let caller_state = ctx.local in
     (* Records whether lval was accounted for. *) (* caller_state *)
+    (* TODO: Consider how the return_varinfo needs to be tracked. *)
     match lval with (* The variable returned is played by return_varinfo *)
     | Some (Var v, _) -> if D.mem_a return_varinfo callee_local then D.add_a v caller_state
       else let _ = M.warn "Returned value may be garbage-collected" in D.remove_a v caller_state
@@ -170,54 +206,14 @@ struct
     (* caller_state *)
     let desc = LibraryFunctions.find f in
     match desc.special arglist with
+    (* Variables are registered with a Param macro. *)
     | OCamlParam params ->
-      (* Variables are registered with a Param macro. *)
-      (* TODO: Which pattern below do the params in fact match? Does it vary? *)
-      (* The function extract_varinfo is from AI - the code can be shortened when we know what the params are. *)
-      let rec extract_varinfo (e: Cil.exp): varinfo option = match e with
-        (* Direct variable lvalue *)
-        | Lval (Var v, _) -> Some v
-        (* Dereferenced pointer - try to extract from inner expression *)
-        | Lval (Mem inner, _) -> extract_varinfo inner
-        (* Address of variable *)
-        | AddrOf (Var v, _) -> Some v (* TODO: Maybe this is the only thing a param can be. *)
-        (* Address of dereferenced - try to extract from inner *)
-        | AddrOf (Mem inner, _) -> extract_varinfo inner
-        (* Array start of variable *)
-        | StartOf (Var v, _) -> Some v
-        (* Array start of dereferenced *)
-        | StartOf (Mem inner, _) -> extract_varinfo inner
-        (* Type cast - extract from inner expression *)
-        | CastE (_, inner) -> extract_varinfo inner
-        (* Unary operations - extract from operand *)
-        | UnOp (_, inner, _) -> extract_varinfo inner
-        (* Real/imaginary parts *)
-        | Real inner | Imag inner -> extract_varinfo inner
-        (* Binary operations - try both operands *)
-        | BinOp (_, e1, e2, _) ->
-          (match extract_varinfo e1 with
-           | Some v -> Some v
-           | None -> extract_varinfo e2)
-        (* Size and alignment - may contain var info in the type *)
-        | SizeOfE inner | AlignOfE inner -> extract_varinfo inner
-        (* Constants, SizeOf, AlignOf, SizeOfStr, AddrOfLabel - no varinfo *)
-        | Const _ | SizeOf _ | AlignOf _ | SizeOfStr _ | AddrOfLabel _ -> None
-        (* Question conditional *)
-        | Question (cond, e1, e2, _) ->
-          (match extract_varinfo cond with
-           | Some v -> Some v
-           | None ->
-             (match extract_varinfo e1 with
-              | Some v -> Some v
-              | None -> extract_varinfo e2))
-      in
-      List.fold_left (fun state param -> 
-          match param with
-          | Some e -> 
-            (match extract_varinfo e with
-             | Some v -> D.add_r v state
-             | None -> state)
-          | None -> state) caller_state [params.param1; params.param2; params.param3; params.param4; params.param5]
+      List.fold_left (fun state param -> let _ = M.info "We reach here" in
+                       match param with
+                       | AddrOf (Var v, _) -> let _ = M.info "Address of" in
+                         D.add_r v state
+                       | _ -> state
+                     ) caller_state params
     | OCamlAlloc size_exp ->
       (* Garbage collection may trigger here and overwrite unregistered variables *)
       let _ = M.debug "Garbage collection triggers" in (match lval with

src/util/library/libraryDesc.ml

@@ -48,8 +48,8 @@ type special =
   | Alloca of Cil.exp
   | Malloc of Cil.exp
   | OCamlAlloc of Cil.exp
-  (* TODO: Rethink OCamlParam's placement and make the params a list. *)
-  | OCamlParam of { param1: Cil.exp option; param2: Cil.exp option; param3: Cil.exp option; param4: Cil.exp option; param5: Cil.exp option; }
+  (* TODO: Rethink OCamlParam's placement. *)
+  | OCamlParam of Cil.exp list
   | Calloc of { count: Cil.exp; size: Cil.exp; }
   | Realloc of { ptr: Cil.exp; size: Cil.exp; }
   | Free of Cil.exp

src/util/library/libraryFunctions.ml

@@ -162,6 +162,7 @@ let c_descs_list: (string * LibraryDesc.t) list = LibraryDsl.[
     ("longjmp", special [__ "env" [r]; __ "value" []] @@ fun env value -> Longjmp { env; value });
     ("atexit", unknown [drop "function" [if_ (fun () -> not (get_bool "sem.atexit.ignore")) s]]);
     ("atoi", unknown [drop "nptr" [r]]);
+    ("atof", unknown [drop "nptr" [r]]); (* TODO: Rethink atof's position in this list. *)
     ("atol", unknown [drop "nptr" [r]]);
     ("atoll", unknown [drop "nptr" [r]]);
     ("setlocale", unknown [drop "category" []; drop "locale" [r]]);
@@ -1246,12 +1247,12 @@ let ocaml_descs_list: (string * LibraryDesc.t) list = LibraryDsl.[
     ("caml_copy_double", special [drop "nptr" []] (OCamlAlloc (GoblintCil.integer 1)));
     (* Eeskuju: ("malloc", special [__ "size" []] @@ fun size -> Malloc size); *)
     ("caml_alloc_small", special [__ "wosize" []; __ "tag" []] @@ fun wosize tag -> OCamlAlloc wosize);
-    ("__goblint_caml_param0", special [] @@ OCamlParam {param1 = None; param2 = None; param3 = None; param4 = None; param5 = None});
-    ("__goblint_caml_param1", special [__ "param" []] @@ fun param -> OCamlParam {param1 = Some param; param2 = None; param3 = None; param4 = None; param5 = None});
-    ("__goblint_caml_param2", special [__ "param1" []; __ "param2" []] @@ fun param1 param2 -> OCamlParam {param1 = Some param1; param2 = Some param2; param3 = None; param4 = None; param5 = None});
-    ("__goblint_caml_param3", special [__ "param1" []; __ "param2" []; __ "param3" []] @@ fun param1 param2 param3 -> OCamlParam {param1 = Some param1; param2 = Some param2; param3 = Some param3; param4 = None; param5 = None});
-    ("__goblint_caml_param4", special [__ "param1" []; __ "param2" []; __ "param3" []; __ "param4" []] @@ fun param1 param2 param3 param4 -> OCamlParam {param1 = Some param1; param2 = Some param2; param3 = Some param3; param4 = Some param4; param5 = None});
-    ("__goblint_caml_param5", special [__ "param1" []; __ "param2" []; __ "param3" []; __ "param4" []; __ "param5" []] @@ fun param1 param2 param3 param4 param5 -> OCamlParam {param1 = Some param1; param2 = Some param2; param3 = Some param3; param4 = Some param4; param5 = Some param5});
+    ("__goblint_caml_param0", special [] @@ OCamlParam []);
+    ("__goblint_caml_param1", special [__ "param" []] @@ fun param -> OCamlParam [param]);
+    ("__goblint_caml_param2", special [__ "param1" []; __ "param2" []] @@ fun param1 param2 -> OCamlParam [param1; param2]);
+    ("__goblint_caml_param3", special [__ "param1" []; __ "param2" []; __ "param3" []] @@ fun param1 param2 param3 -> OCamlParam [param1; param2; param3]);
+    ("__goblint_caml_param4", special [__ "param1" []; __ "param2" []; __ "param3" []; __ "param4" []] @@ fun param1 param2 param3 param4 -> OCamlParam [param1; param2; param3; param4]);
+    ("__goblint_caml_param5", special [__ "param1" []; __ "param2" []; __ "param3" []; __ "param4" []; __ "param5" []] @@ fun param1 param2 param3 param4 param5 -> OCamlParam [param1; param2; param3; param4; param5]);
   ]
 [@@coverage off]
 

tests/regression/90-ocaml/02-floatops.c

@@ -1,4 +1,4 @@
-// PARAM: --set "ana.activated[+]" ocaml --set "mainfun[+]" "UNARY_OP" --set "mainfun[+]" "BINARY_OP" --set "mainfun[+]" "atof_double" --set "mainfun[+]" "atof_float" --set "mainfun[+]" "max_float" --set "mainfun[+]" "smallest_float" --set "mainfun[+]" "pi_float" --disable warn.imprecise --set "exp.extraspecials[+]" printInt
+// PARAM: --set "ana.activated[+]" ocaml --set "mainfun[+]" "sqrt_double" --set "mainfun[+]" "sqrt_float" --set "mainfun[+]" "acos_double" --set "mainfun[+]" "acos_float" --set "mainfun[+]" "asin_double" --set "mainfun[+]" "asin_float" --set "mainfun[+]" "atan_double" --set "mainfun[+]" "atan_float" --set "mainfun[+]" "cos_double" --set "mainfun[+]" "cos_float" --set "mainfun[+]" "sin_double" --set "mainfun[+]" "sin_float" --set "mainfun[+]" "tan_double" --set "mainfun[+]" "tan_float" --set "mainfun[+]" "add_double" --set "mainfun[+]" "add_float" --set "mainfun[+]" "sub_double" --set "mainfun[+]" "sub_float" --set "mainfun[+]" "mul_double" --set "mainfun[+]" "mul_float" --set "mainfun[+]" "div_double" --set "mainfun[+]" "div_float" --set "mainfun[+]" "atof_double" --set "mainfun[+]" "atof_float" --set "mainfun[+]" "max_float" --set "mainfun[+]" "smallest_float" --set "mainfun[+]" "pi_float" --disable warn.imprecise --set "exp.extraspecials[+]" printInt
 
 // Code from stubs.c in src/common/cdomains/floatOps that should be correct despite missing CAMLparam, as discussed in https://github.com/goblint/analyzer/issues/1371.
 
@@ -69,20 +69,20 @@ static void change_round_mode(int mode)
         /* No need to use CAMLreturn because we don't use CAMLparam. */ \
     }
 
-UNARY_OP(sqrt, double, sqrt);
-UNARY_OP(sqrt, float, sqrtf);
-UNARY_OP(acos, double, acos);
-UNARY_OP(acos, float, acosf);
-UNARY_OP(asin, double, asin);
-UNARY_OP(asin, float, asinf);
-UNARY_OP(atan, double, atan);
-UNARY_OP(atan, float, atanf);
-UNARY_OP(cos, double, cos);
-UNARY_OP(cos, float, cosf);
-UNARY_OP(sin, double, sin);
-UNARY_OP(sin, float, sinf);
-UNARY_OP(tan, double, tan);
-UNARY_OP(tan, float, tanf);
+UNARY_OP(sqrt, double, sqrt); // NOWARN
+UNARY_OP(sqrt, float, sqrtf); // NOWARN
+UNARY_OP(acos, double, acos); // NOWARN
+UNARY_OP(acos, float, acosf); // NOWARN
+UNARY_OP(asin, double, asin); // NOWARN
+UNARY_OP(asin, float, asinf); // NOWARN
+UNARY_OP(atan, double, atan); // NOWARN
+UNARY_OP(atan, float, atanf); // NOWARN
+UNARY_OP(cos, double, cos); // NOWARN
+UNARY_OP(cos, float, cosf); // NOWARN
+UNARY_OP(sin, double, sin); // NOWARN
+UNARY_OP(sin, float, sinf); // NOWARN
+UNARY_OP(tan, double, tan); // NOWARN
+UNARY_OP(tan, float, tanf); // NOWARN
 
 #define BINARY_OP(name, type, op)                                \
     CAMLprim value name##_##type(value mode, value x, value y)   \
@@ -99,14 +99,14 @@ UNARY_OP(tan, float, tanf);
         /* No need to use CAMLreturn because we don't use CAMLparam. */ \
     }
 
-BINARY_OP(add, double, +);
-BINARY_OP(add, float, +);
-BINARY_OP(sub, double, -);
-BINARY_OP(sub, float, -);
-BINARY_OP(mul, double, *);
-BINARY_OP(mul, float, *);
-BINARY_OP(div, double, /);
-BINARY_OP(div, float, /);
+BINARY_OP(add, double, +); // NOWARN
+BINARY_OP(add, float, +); // NOWARN
+BINARY_OP(sub, double, -); // NOWARN
+BINARY_OP(sub, float, -); // NOWARN
+BINARY_OP(mul, double, *); // NOWARN
+BINARY_OP(mul, float, *); // NOWARN
+BINARY_OP(div, double, /); // NOWARN
+BINARY_OP(div, float, /); // NOWARN
 
 CAMLprim value atof_double(value mode, value str)
 {
@@ -115,7 +115,7 @@ CAMLprim value atof_double(value mode, value str)
     // We have already read their values by then.
     const char *s = String_val(str);
     volatile double r;
-    int old_roundingmode = fegetround();
+    int old_roundingmode = fegetround(); // NOWARN
     change_round_mode(Int_val(mode));
     r = atof(s);
     fesetround(old_roundingmode);

tests/regression/90-ocaml/03-demimarie.c

@@ -2,19 +2,24 @@
 
 // OCaml code fixed by Demi Marie Obenour in https://github.com/ocaml/ocaml/pull/13370, before and after the fix.
 
+#include <caml/mlvalues.h>
+#include <caml/alloc.h>
+
 /* Minimal macros to mimic expected behaviour */
 #define Wsizeof(ty) ((sizeof(ty) + sizeof(value) - 1) / sizeof(value))
 #define LXM_val(v) ((struct LXM_state *) Data_abstract_val(v))
 
 #define CAMLparam0() __goblint_caml_param0()
 #define CAMLparam1(x) __goblint_caml_param1(&x)
+#define CAMLlocal1(x) __goblint_caml_param1(&x) // The local and param functions behave the same for our purposes, registering variables.
+#define CAMLlocal3(x, y, z) __goblint_caml_param3(&x, &y, &z)
 #define CAMLreturn(x) return (x) // From AI - CAMLreturn needs some variable named caml__frame, which is not available in our mock CAMLparam1, so we mock the return as well.
 
 
 CAMLprim value caml_gc_counters(value v)
 {
-  CAMLparam0 ();   /* v is ignored */
-  CAMLlocal1 (res);
+  CAMLparam0();   /* v is ignored */
+  CAMLlocal1(res);
 
   /* get a copy of these before allocating anything... */
   double minwords = caml_gc_minor_words_unboxed();
@@ -23,16 +28,16 @@ CAMLprim value caml_gc_counters(value v)
                     (double) Caml_state->allocated_words;
 
   res = caml_alloc_3(0,
-    caml_copy_double (minwords),
-    caml_copy_double (prowords),
-    caml_copy_double (majwords)); // WARN
-  CAMLreturn (res);
+    caml_copy_double(minwords),
+    caml_copy_double(prowords),
+    caml_copy_double(majwords)); // WARN
+  CAMLreturn(res);
 }
 
 CAMLprim value caml_gc_counters_correct(value v)
 {
-  CAMLparam0 (); /* v is ignored */
-  CAMLlocal3 (minwords_, prowords_, majwords_);
+  CAMLparam0(); /* v is ignored */
+  CAMLlocal3(minwords_, prowords_, majwords_);
 
   /* get a copy of these before allocating anything... */
   double minwords = caml_gc_minor_words_unboxed();