From 1f0e29b978c680206d7e6493cda2567788a378b7 Mon Sep 17 00:00:00 2001 From: jjenista Date: Thu, 24 Jun 2010 18:15:37 +0000 Subject: [PATCH] rblock in set vars get tainted on rblock enter and wiped at rblock exit, works nicely --- Robust/src/Analysis/Disjoint/Canonical.java | 26 +++++++ .../Analysis/Disjoint/DisjointAnalysis.java | 56 ++++++++++---- Robust/src/Analysis/Disjoint/ReachGraph.java | 74 ++++++++++++++----- .../src/Analysis/OoOJava/OoOJavaAnalysis.java | 6 +- Robust/src/Tests/disjoint/taintTest1/makefile | 4 +- .../src/Tests/disjoint/taintTest1/test.java | 42 +++++++---- 6 files changed, 153 insertions(+), 55 deletions(-) diff --git a/Robust/src/Analysis/Disjoint/Canonical.java b/Robust/src/Analysis/Disjoint/Canonical.java index bc693491..40bd77a1 100644 --- a/Robust/src/Analysis/Disjoint/Canonical.java +++ b/Robust/src/Analysis/Disjoint/Canonical.java @@ -1417,4 +1417,30 @@ abstract public class Canonical { return out; } + + // BOO, HISS! SESE (rblock) operand does NOT extend + // Canonical, so we can't cache this op by its + // canonical arguments--THINK ABOUT A BETTER WAY! + public static TaintSet removeTaintsBy( TaintSet ts, + FlatSESEEnterNode sese ) { + assert ts != null; + assert ts.isCanonical(); + assert sese != null; + + // NEVER a cached result... (cry) + TaintSet out = new TaintSet(); + + Iterator tItr = ts.iterator(); + while( tItr.hasNext() ) { + Taint t = tItr.next(); + + if( !t.getSESE().equals( sese ) ) { + out.taints.add( t ); + } + } + + out = (TaintSet) makeCanonical( out ); + //op2result.put( op, out ); CRY CRY + return out; + } } diff --git a/Robust/src/Analysis/Disjoint/DisjointAnalysis.java b/Robust/src/Analysis/Disjoint/DisjointAnalysis.java index 5595e5ca..03bfb6d4 100644 --- a/Robust/src/Analysis/Disjoint/DisjointAnalysis.java +++ b/Robust/src/Analysis/Disjoint/DisjointAnalysis.java @@ -336,6 +336,9 @@ public class DisjointAnalysis { public RBlockRelationAnalysis rblockRel; public TypeUtil typeUtil; public int allocationDepth; + + protected boolean doEffectsAnalysis = false; + // data structure for public interface private Hashtable< Descriptor, HashSet > @@ -473,8 +476,6 @@ public class DisjointAnalysis { private Hashtable fc2enclosing; - //protected RBlockRelationAnalysis rra; - // allocate various structures that are not local // to a single class method--should be done once @@ -577,6 +578,11 @@ public class DisjointAnalysis { this.liveness = liveness; this.arrayReferencees = arrayReferencees; this.rblockRel = rra; + + if( rblockRel != null ) { + doEffectsAnalysis = true; + } + this.allocationDepth = state.DISJOINTALLOCDEPTH; this.releaseMode = state.DISJOINTRELEASEMODE; this.determinismDesired = state.DISJOINTDETERMINISM; @@ -910,10 +916,6 @@ public class DisjointAnalysis { } } - //if(rra.isEndOfRegion(fn)){ - // rg.clearAccessibleVarSet(); - // also need to clear stall mapping - //} if( takeDebugSnapshots && d.getSymbol().equals( descSymbolDebug ) @@ -1005,6 +1007,13 @@ public class DisjointAnalysis { // nullified in the graph to reduce edges //rg.nullifyDeadVars( liveness.getLiveInTemps( fmContaining, fn ) ); + /* + if( doEffectsAnalysis && + rra.isEndOfRegion(fn)){ + rg.clearAccessibleVarSet(); + also need to clear stall mapping + } + */ TempDescriptor lhs; TempDescriptor rhs; @@ -1050,6 +1059,24 @@ public class DisjointAnalysis { lhs = fon.getDest(); rhs = fon.getLeft(); rg.assignTempXEqualToTempY( lhs, rhs ); + + /* + if( doEffectsAnalysis ) { + // current sese is top of stack at this program point + FlatSESEEnterNode sese = + rblockRel.getRBlockStacks( fmContaining, fn ).peek(); + + // if we are assigning to an out-set var, the taint + // on the out-set var edges should be TRUE (and propagate + // back to callers + + rg.taintTemp( sese, + null, + lhs, + ReachGraph.predsTrue + ); + } + */ } break; @@ -1131,19 +1158,20 @@ public class DisjointAnalysis { } break; - /* case FKind.FlatSESEEnterNode: - FlatSESEEnterNode sese = (FlatSESEEnterNode) fn; - rg.taintLiveTemps( sese, - liveness.getLiveInTemps( fmContaining, fn ) - ); + if( doEffectsAnalysis ) { + FlatSESEEnterNode sese = (FlatSESEEnterNode) fn; + rg.taintInSetVars( sese ); + } break; case FKind.FlatSESEExitNode: - FlatSESEExitNode fsexn = (FlatSESEExitNode) fn; - rg.removeInContextTaints( fsexn.getFlatEnter() ); + if( doEffectsAnalysis ) { + FlatSESEExitNode fsexn = (FlatSESEExitNode) fn; + rg.removeInContextTaints( fsexn.getFlatEnter() ); + } break; - */ + case FKind.FlatCall: { Descriptor mdCaller; diff --git a/Robust/src/Analysis/Disjoint/ReachGraph.java b/Robust/src/Analysis/Disjoint/ReachGraph.java index ec80db16..cfe73e39 100644 --- a/Robust/src/Analysis/Disjoint/ReachGraph.java +++ b/Robust/src/Analysis/Disjoint/ReachGraph.java @@ -21,9 +21,9 @@ public class ReachGraph { protected static final ReachSet rsetWithEmptyState = Canonical.makePredsTrue(ReachSet.factory( rstateEmpty )); // predicate constants - protected static final ExistPred predTrue = ExistPred.factory(); // if no args, true - protected static final ExistPredSet predsEmpty = ExistPredSet.factory(); - protected static final ExistPredSet predsTrue = ExistPredSet.factory( predTrue ); + public static final ExistPred predTrue = ExistPred.factory(); // if no args, true + public static final ExistPredSet predsEmpty = ExistPredSet.factory(); + public static final ExistPredSet predsTrue = ExistPredSet.factory( predTrue ); // from DisjointAnalysis for convenience @@ -1271,10 +1271,39 @@ public class ReachGraph { } - // either the sese or the callsite should be null! - public void taintTemp( FlatSESEEnterNode sese, - FlatNode stallSite, - TempDescriptor td + public void taintInSetVars( FlatSESEEnterNode sese ) { + Iterator isvItr = sese.getInVarSet().iterator() +; + while( isvItr.hasNext() ) { + TempDescriptor isv = isvItr.next(); + VariableNode vn = td2vn.get( isv ); + + Iterator reItr = vn.iteratorToReferencees(); + while( reItr.hasNext() ) { + RefEdge re = reItr.next(); + + // these in-set taints should have empty + // predicates so they never propagate + // out to callers + Taint t = Taint.factory( sese, + null, + isv, + re.getDst().getAllocSite(), + ExistPredSet.factory() + ); + + re.setTaints( Canonical.add( re.getTaints(), + t + ) + ); + } + } + } + + // this is useful for more general tainting + public void taintTemp( Taint taint, + TempDescriptor td, + ExistPredSet preds ) { VariableNode vn = td2vn.get( td ); @@ -1282,26 +1311,31 @@ public class ReachGraph { Iterator reItr = vn.iteratorToReferencees(); while( reItr.hasNext() ) { RefEdge re = reItr.next(); - - // these new taints should have empty - // predicates so they never propagate - // out to callers - Taint t = Taint.factory( sese, - stallSite, - td, - re.getDst().getAllocSite(), - ExistPredSet.factory() - ); - + re.setTaints( Canonical.add( re.getTaints(), - t + taint ) ); } } public void removeInContextTaints( FlatSESEEnterNode sese ) { - + Iterator meItr = id2hrn.entrySet().iterator(); + while( meItr.hasNext() ) { + Map.Entry me = (Map.Entry) meItr.next(); + Integer id = (Integer) me.getKey(); + HeapRegionNode hrn = (HeapRegionNode) me.getValue(); + + Iterator reItr = hrn.iteratorToReferencers(); + while( reItr.hasNext() ) { + RefEdge re = reItr.next(); + + re.setTaints( Canonical.removeTaintsBy( re.getTaints(), + sese + ) + ); + } + } } diff --git a/Robust/src/Analysis/OoOJava/OoOJavaAnalysis.java b/Robust/src/Analysis/OoOJava/OoOJavaAnalysis.java index 130c8f6d..a8dac553 100644 --- a/Robust/src/Analysis/OoOJava/OoOJavaAnalysis.java +++ b/Robust/src/Analysis/OoOJava/OoOJavaAnalysis.java @@ -108,8 +108,7 @@ public class OoOJavaAnalysis { // conflictGraphLockMap = new Hashtable>(); // 1st pass, find basic rblock relations - RBlockRelationAnalysis rblockRel = - new RBlockRelationAnalysis(state, typeUtil, callGraph); + rblockRel = new RBlockRelationAnalysis(state, typeUtil, callGraph); // 2nd pass, liveness, in-set out-set (no virtual reads yet!) Iterator rootItr = @@ -160,7 +159,8 @@ public class OoOJavaAnalysis { } // MORE PASSES? - + + } diff --git a/Robust/src/Tests/disjoint/taintTest1/makefile b/Robust/src/Tests/disjoint/taintTest1/makefile index 2224b405..56dcc005 100644 --- a/Robust/src/Tests/disjoint/taintTest1/makefile +++ b/Robust/src/Tests/disjoint/taintTest1/makefile @@ -4,8 +4,8 @@ SOURCE_FILES=$(PROGRAM).java BUILDSCRIPT=~/research/Robust/src/buildscript - -BSFLAGS= -mainclass Test -justanalyze -ooojava -disjoint -disjoint-k 2 -disjoint-write-dots final -enable-assertions +BSFLAGS= -mainclass Test -justanalyze -ooojava -disjoint -disjoint-k 1 -enable-assertions +DEBUGFLAGS= -disjoint-write-dots final -disjoint-debug-snap-method main 0 10 true all: $(PROGRAM).bin diff --git a/Robust/src/Tests/disjoint/taintTest1/test.java b/Robust/src/Tests/disjoint/taintTest1/test.java index ace7ac5e..748edf40 100644 --- a/Robust/src/Tests/disjoint/taintTest1/test.java +++ b/Robust/src/Tests/disjoint/taintTest1/test.java @@ -9,34 +9,44 @@ public class Test { static public void main( String[] args ) { Foo a = new Foo(); - doSomething( a ); - } + Foo b = new Foo(); - static void doSomething( Foo a ) { + if( false ) { + a = new Foo(); + } - a.f = new Foo(); - - rblock r1 { - Foo b = a.f; - b.f = new Foo(); + rblock p1 { + a.f = new Foo(); + a.g = new Foo(); + + Foo x = a.f; } - rblock r2 { - Foo c = a.f.f; - c.f = new Foo(); + rblock p2 { + a.f = new Foo(); + b.f = new Foo(); + + rblock c1 { + Foo d = a; + d.g = new Foo(); + Foo e = d.g; + } + + Foo y = a.f; } + + //doSomething( a ); + } + + static void doSomething( Foo a ) { + //Foo f = doStuff( a, c ); } static Foo doStuff( Foo m, Foo n ) { - m.f = new Foo(); - n.f = new Foo(); - - m.g = n.f; - return new Foo(); } } -- 2.34.1