cont evaluator part 2: memory

Author: Marc Rasi

include/swift/SIL/SILConstants.h

@@ -28,7 +28,9 @@ class SerializedSILLoader;
 
 struct APIntSymbolicValue;
 struct ArraySymbolicValue;
+struct DerivedAddressValue;
 struct EnumWithPayloadSymbolicValue;
+struct SymbolicValueMemoryObject;
 struct UnknownSymbolicValue;
 
 /// When we fail to constant fold a value, this captures a reason why,
@@ -65,6 +67,10 @@ enum class UnknownReason {
 class SymbolicValue {
 private:
   enum RepresentationKind {
+    /// This value is an alloc stack that is has not (yet) been initialized
+    /// by flow-sensitive analysis.
+    RK_UninitMemory,
+
     /// This symbolic value cannot be determined, carries multiple values
     /// (i.e., varies dynamically at the top level), or is of some type that
     /// we cannot analyze and propagate (e.g. NSObject).
@@ -88,6 +94,12 @@ class SymbolicValue {
     /// This value is an array, struct, or tuple of constants.  This is
     /// tracked by the "aggregate" member of the value union.
     RK_Aggregate,
+
+    /// This represents a direct reference to the address of a memory object.
+    RK_DirectAddress,
+
+    /// This represents an index *into* a memory object.
+    RK_DerivedAddress,
   };
 
   union {
@@ -111,6 +123,14 @@ class SymbolicValue {
     /// When this SymbolicValue is of "Aggregate" kind, this pointer stores
     /// information about the array elements and count.
     const SymbolicValue *aggregate;
+
+    /// When the representationKind is "DirectAddress", this pointer is the
+    /// memory object referenced.
+    SymbolicValueMemoryObject *directAddress;
+
+    /// When this SymbolicValue is of "DerivedAddress" kind, this pointer stores
+    /// information about the memory object and access path of the access.
+    DerivedAddressValue *derivedAddress;
   } value;
 
   RepresentationKind representationKind : 8;
@@ -146,6 +166,13 @@ class SymbolicValue {
 
     /// This can be an array, struct, tuple, etc.
     Aggregate,
+
+    /// This value represents the address of, or into, a memory object.
+    Address,
+
+    /// These values are generally only seen internally to the system, external
+    /// clients shouldn't have to deal with them.
+    UninitMemory
   };
 
   /// For constant values, return the type classification of this value.
@@ -154,7 +181,7 @@ class SymbolicValue {
   /// Return true if this represents a constant value.
   bool isConstant() const {
     auto kind = getKind();
-    return kind != Unknown;
+    return kind != Unknown && kind != UninitMemory;
   }
 
   static SymbolicValue getUnknown(SILNode *node, UnknownReason reason,
@@ -173,6 +200,12 @@ class SymbolicValue {
   /// Return the reason an unknown result was generated.
   UnknownReason getUnknownReason() const;
 
+  static SymbolicValue getUninitMemory() {
+    SymbolicValue result;
+    result.representationKind = RK_UninitMemory;
+    return result;
+  }
+
   static SymbolicValue getMetatype(CanType type) {
     SymbolicValue result;
     result.representationKind = RK_Metatype;
@@ -212,6 +245,25 @@ class SymbolicValue {
 
   ArrayRef<SymbolicValue> getAggregateValue() const;
 
+  /// Return a symbolic value that represents the address of a memory object.
+  static SymbolicValue getAddress(SymbolicValueMemoryObject *memoryObject) {
+    SymbolicValue result;
+    result.representationKind = RK_DirectAddress;
+    result.value.directAddress = memoryObject;
+    return result;
+  }
+
+  /// Return a symbolic value that represents the address of a memory object
+  /// indexed by a path.
+  static SymbolicValue getAddress(SymbolicValueMemoryObject *memoryObject,
+                                  ArrayRef<unsigned> indices,
+                                  llvm::BumpPtrAllocator &allocator);
+
+  /// Return the memory object of this reference along with any access path
+  /// indices involved.
+  SymbolicValueMemoryObject *
+  getAddressValue(SmallVectorImpl<unsigned> &accessPath) const;
+
   //===--------------------------------------------------------------------===//
   // Helpers
 
@@ -241,6 +293,29 @@ inline llvm::raw_ostream &operator<<(llvm::raw_ostream &os, SymbolicValue val) {
   return os;
 }
 
+/// This is a representation of a memory object referred to be an address.
+/// Memory objects may be mutated over their lifetime, but their overall type
+/// remains the same.
+struct SymbolicValueMemoryObject {
+  Type getType() const { return type; }
+
+  SymbolicValue getValue() const { return value; }
+  void setValue(SymbolicValue newValue) { value = newValue; }
+
+  /// Create a new memory object whose overall type is as specified.
+  static SymbolicValueMemoryObject *create(Type type, SymbolicValue value,
+                                           llvm::BumpPtrAllocator &allocator);
+
+private:
+  const Type type;
+  SymbolicValue value;
+
+  SymbolicValueMemoryObject(Type type, SymbolicValue value)
+      : type(type), value(value) {}
+  SymbolicValueMemoryObject(const SymbolicValueMemoryObject &) = delete;
+  void operator=(const SymbolicValueMemoryObject &) = delete;
+};
+
 } // end namespace swift
 
 #endif

lib/SIL/SILConstants.cpp

@@ -30,6 +30,9 @@ static InFlightDiagnostic diagnose(ASTContext &Context, SourceLoc loc,
 void SymbolicValue::print(llvm::raw_ostream &os, unsigned indent) const {
   os.indent(indent);
   switch (representationKind) {
+  case RK_UninitMemory:
+    os << "uninit\n";
+    return;
   case RK_Unknown: {
     os << "unknown(" << (int)getUnknownReason() << "): ";
     getUnknownNode()->dump();
@@ -69,6 +72,16 @@ void SymbolicValue::print(llvm::raw_ostream &os, unsigned indent) const {
       return;
     }
   }
+  case RK_DirectAddress:
+  case RK_DerivedAddress: {
+    SmallVector<unsigned, 4> accessPath;
+    SymbolicValueMemoryObject *memObject = getAddressValue(accessPath);
+    os << "Address[" << memObject->getType() << "] ";
+    interleave(accessPath.begin(), accessPath.end(),
+               [&](unsigned idx) { os << idx; }, [&]() { os << ", "; });
+    os << "\n";
+    break;
+  }
   }
 }
 
@@ -78,6 +91,8 @@ void SymbolicValue::dump() const { print(llvm::errs()); }
 /// multiple forms for efficiency, but provide a simpler interface to clients.
 SymbolicValue::Kind SymbolicValue::getKind() const {
   switch (representationKind) {
+  case RK_UninitMemory:
+    return UninitMemory;
   case RK_Unknown:
     return Unknown;
   case RK_Metatype:
@@ -89,6 +104,9 @@ SymbolicValue::Kind SymbolicValue::getKind() const {
   case RK_Integer:
   case RK_IntegerInline:
     return Integer;
+  case RK_DirectAddress:
+  case RK_DerivedAddress:
+    return Address;
   }
 }
 
@@ -98,6 +116,7 @@ SymbolicValue
 SymbolicValue::cloneInto(llvm::BumpPtrAllocator &allocator) const {
   auto thisRK = representationKind;
   switch (thisRK) {
+  case RK_UninitMemory:
   case RK_Unknown:
   case RK_Metatype:
   case RK_Function:
@@ -112,9 +131,29 @@ SymbolicValue::cloneInto(llvm::BumpPtrAllocator &allocator) const {
       results.push_back(elt.cloneInto(allocator));
     return getAggregate(results, allocator);
   }
+  case RK_DirectAddress:
+  case RK_DerivedAddress: {
+    SmallVector<unsigned, 4> accessPath;
+    auto *memObject = getAddressValue(accessPath);
+    auto *newMemObject = SymbolicValueMemoryObject::create(
+        memObject->getType(), memObject->getValue(), allocator);
+    return getAddress(newMemObject, accessPath, allocator);
+  }
   }
 }
 
+//===----------------------------------------------------------------------===//
+// SymbolicValueMemoryObject implementation
+//===----------------------------------------------------------------------===//
+
+SymbolicValueMemoryObject *
+SymbolicValueMemoryObject::create(Type type, SymbolicValue value,
+                                  llvm::BumpPtrAllocator &allocator) {
+  auto result = allocator.Allocate<SymbolicValueMemoryObject>();
+  new (result) SymbolicValueMemoryObject(type, value);
+  return result;
+}
+
 //===----------------------------------------------------------------------===//
 // Integers
 //===----------------------------------------------------------------------===//
@@ -269,6 +308,91 @@ UnknownReason SymbolicValue::getUnknownReason() const {
   return value.unknown->reason;
 }
 
+//===----------------------------------------------------------------------===//
+// Addresses
+//===----------------------------------------------------------------------===//
+
+namespace swift {
+
+/// This is the representation of a derived address.  A derived address refers
+/// to a memory object along with an access path that drills into it.
+struct DerivedAddressValue final
+    : private llvm::TrailingObjects<DerivedAddressValue, unsigned> {
+  friend class llvm::TrailingObjects<DerivedAddressValue, unsigned>;
+
+  SymbolicValueMemoryObject *memoryObject;
+
+  /// This is the number of indices in the derived address.
+  const unsigned numElements;
+
+  static DerivedAddressValue *create(SymbolicValueMemoryObject *memoryObject,
+                                     ArrayRef<unsigned> elements,
+                                     llvm::BumpPtrAllocator &allocator) {
+    auto byteSize =
+        DerivedAddressValue::totalSizeToAlloc<unsigned>(elements.size());
+    auto rawMem = allocator.Allocate(byteSize, alignof(DerivedAddressValue));
+
+    //  Placement initialize the object.
+    auto dav =
+        ::new (rawMem) DerivedAddressValue(memoryObject, elements.size());
+    std::uninitialized_copy(elements.begin(), elements.end(),
+                            dav->getTrailingObjects<unsigned>());
+    return dav;
+  }
+
+  /// Return the element constants for this aggregate constant.  These are
+  /// known to all be constants.
+  ArrayRef<unsigned> getElements() const {
+    return {getTrailingObjects<unsigned>(), numElements};
+  }
+
+  // This is used by the llvm::TrailingObjects base class.
+  size_t numTrailingObjects(OverloadToken<unsigned>) const {
+    return numElements;
+  }
+
+private:
+  DerivedAddressValue() = delete;
+  DerivedAddressValue(const DerivedAddressValue &) = delete;
+  DerivedAddressValue(SymbolicValueMemoryObject *memoryObject,
+                      unsigned numElements)
+      : memoryObject(memoryObject), numElements(numElements) {}
+};
+} // end namespace swift
+
+/// Return a symbolic value that represents the address of a memory object
+/// indexed by a path.
+SymbolicValue SymbolicValue::getAddress(SymbolicValueMemoryObject *memoryObject,
+                                        ArrayRef<unsigned> indices,
+                                        llvm::BumpPtrAllocator &allocator) {
+  if (indices.empty())
+    return getAddress(memoryObject);
+
+  auto dav = DerivedAddressValue::create(memoryObject, indices, allocator);
+  SymbolicValue result;
+  result.representationKind = RK_DerivedAddress;
+  result.value.derivedAddress = dav;
+  return result;
+}
+
+/// Return the memory object of this reference along with any access path
+/// indices involved.
+SymbolicValueMemoryObject *
+SymbolicValue::getAddressValue(SmallVectorImpl<unsigned> &accessPath) const {
+  assert(getKind() == Address);
+
+  accessPath.clear();
+  if (representationKind == RK_DirectAddress)
+    return value.directAddress;
+  assert(representationKind == RK_DerivedAddress);
+
+  auto *dav = value.derivedAddress;
+
+  // The first entry is the object ID, the rest are indices in the accessPath.
+  accessPath.assign(dav->getElements().begin(), dav->getElements().end());
+  return dav->memoryObject;
+}
+
 //===----------------------------------------------------------------------===//
 // Higher level code
 //===----------------------------------------------------------------------===//