MatCat.OpenSource/8sa1-gcc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
014b6dbcaa
8sa1-gcc/gcc/shortest-paths.h
David Malcolm 3857edb5d3 analyzer: new implementation of shortest feasible path [PR96374] 
The analyzer builds an exploded graph of (point,state) pairs and when
it finds a problem, records a diagnostic at the relevant exploded node.
Once it has finished exploring the graph, the analyzer needs to generate
the shortest feasible path through the graph to each diagnostic's node.
This is used:
- for rejecting diagnostics that are infeasible (due to impossible sets
  of constraints),
- for use in determining which diagnostic to use in each deduplication
  set (the one with the shortest path), and
- for building checker_paths for the "winning" diagnostics, giving a
  list of events

Prior to this patch the analyzer simply found the shortest path to the
node, and then checked it for feasibility, which could lead to falsely
rejecting diagnostics: "the shortest path, if feasible" is not the same
as "the shortest feasible path" (PR analyzer/96374).
An example is PR analyzer/93355, where this issue causes the analyzer
to fail to emit a leak warning for a missing fclose on an error-handling
path in intl/localealias.c.

This patch implements a new algorithm for finding the shortest feasible
path to an exploded node: instead of simply finding the shortest path,
the new algorithm uses a worklist to iteratively build a tree of path
prefixes, which are feasible paths by construction, until a path to the
target node is found.  The worklist is prioritized, so that the first
feasible path discovered is the shortest possible feasible path.  The
algorithm continues trying paths until the target node is reached or a
limit is exceeded, in which case the diagnostic is treated as being
infeasible (which could still be a false negative, but is much less
likely to happen than before).  Iteratively building a tree of paths
allows for work to be reused, and the tree can be dumped in .dot form
(via a new -fdump-analyzer-feasibility option), making it much easier to
debug compared to other approaches I tried.

Doing so fixes the missing leak warning for PR analyzer/93355 and
various other test cases.

Testing:
- I manually verified that the behavior is determistic using 50 builds
  of pr93355-localealias.c.  All dumps were identical.
- I manually verified that it still builds with --disable-analyzer.
- Lightly tested with valgrind; no additional issues.
- Lightly performance tested, showing a slight speed regression to the
  analyzer relative to before the patch, but correctness for this issue
  is more important than the slight performance hit for the analyzer.

gcc/ChangeLog:
	PR analyzer/96374
	* Makefile.in (ANALYZER_OBJS): Add analyzer/feasible-graph.o and
	analyzer/trimmed-graph.o.
	* doc/analyzer.texi (Analyzer Paths): Rewrite description of
	feasibility checking to reflect new implementation.
	* doc/invoke.texi (-fdump-analyzer-feasibility): Document new
	option.
	* shortest-paths.h (shortest_paths::get_shortest_distance): New.

gcc/analyzer/ChangeLog:
	PR analyzer/96374
	* analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
	(fdump-analyzer-feasibility): New flag.
	* diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
	"analyzer/feasible-graph.h".
	(epath_finder::epath_finder): Convert m_sep to a pointer and
	only create it if !flag_analyzer_feasibility.
	(epath_finder::~epath_finder): New.
	(epath_finder::m_sep): Convert to a pointer.
	(epath_finder::get_best_epath): Add param "diag_idx" and use it
	when logging.  Rather than finding the shortest path and then
	checking feasibility, instead use explore_feasible_paths unless
	!flag_analyzer_feasibility, in which case simply use the shortest
	path, and note if it is infeasible.  Update for m_sep becoming a
	pointer.
	(class feasible_worklist): New.
	(epath_finder::explore_feasible_paths): New.
	(epath_finder::process_worklist_item): New.
	(class dump_eg_with_shortest_path): New.
	(epath_finder::dump_trimmed_graph): New.
	(epath_finder::dump_feasible_graph): New.
	(saved_diagnostic::saved_diagnostic): Add "idx" param, using it
	on new field m_idx.
	(saved_diagnostic::to_json): Dump m_idx.
	(saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
	Remove assertion that m_problem was set when m_best_epath is NULL.
	(diagnostic_manager::add_diagnostic): Pass an index when created
	saved_diagnostic instances.
	* diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
	"idx" param.
	(saved_diagnostic::get_index): New accessor.
	(saved_diagnostic::m_idx): New field.
	* engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
	Move code to...
	(exploded_node::dump_processed_stmts): ...this new function and...
	(exploded_node::dump_saved_diagnostics): ...this new function.
	Add index of each diagnostic.
	(exploded_edge::dump_dot):  Move bulk of code to...
	(exploded_edge::dump_dot_label): ...this new function.
	* exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
	vfunc.
	(exploded_node::dump_processed_stmts): New decl.
	(exploded_node::dump_saved_diagnostics): New decl.
	(exploded_edge::dump_dot_label): New decl.
	* feasible-graph.cc: New file.
	* feasible-graph.h: New file.
	* trimmed-graph.cc: New file.
	* trimmed-graph.h: New file.

gcc/testsuite/ChangeLog:
	PR analyzer/96374
	* gcc.dg/analyzer/dot-output.c: Add -fdump-analyzer-feasibility
	to options.
	* gcc.dg/analyzer/feasibility-1.c (test_6): Remove xfail.
	(test_7): New.
	* gcc.dg/analyzer/pr93355-localealias-feasibility-2.c: Remove xfail.
	* gcc.dg/analyzer/pr93355-localealias-feasibility-3.c: Remove xfails.
	* gcc.dg/analyzer/pr93355-localealias-feasibility.c: Remove
	-fno-analyzer-feasibility from options.
	* gcc.dg/analyzer/pr93355-localealias.c: Likewise.
	* gcc.dg/analyzer/unknown-fns-4.c: Remove xfail.
2021-03-11 17:46:37 -05:00

216 lines
6.1 KiB
C++
Raw Blame History

/* Template class for Dijkstra's algorithm on directed graphs.
Copyright (C) 2019-2021 Free Software Foundation, Inc.
Contributed by David Malcolm <dmalcolm@redhat.com>.
This file is part of GCC.
GCC is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your option)
any later version.
GCC is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GCC; see the file COPYING3. If not see
<http://www.gnu.org/licenses/>. */
#ifndef GCC_SHORTEST_PATHS_H
#define GCC_SHORTEST_PATHS_H
#include "timevar.h"
enum shortest_path_sense
{
/* Find the shortest path from the given origin node to each
node in the graph. */
SPS_FROM_GIVEN_ORIGIN,
/* Find the shortest path from each node in the graph to the
given target node. */
SPS_TO_GIVEN_TARGET
};
/* A record of the shortest path for each node relative to a special
"given node", either:
SPS_FROM_GIVEN_ORIGIN:
from the given origin node to each node in a graph, or
SPS_TO_GIVEN_TARGET:
from each node in a graph to the given target node.
The constructor runs Dijkstra's algorithm, and the results are
stored in this class. */
template <typename GraphTraits, typename Path_t>
class shortest_paths
{
public:
typedef typename GraphTraits::graph_t graph_t;
typedef typename GraphTraits::node_t node_t;
typedef typename GraphTraits::edge_t edge_t;
typedef Path_t path_t;
shortest_paths (const graph_t &graph, const node_t *given_node,
enum shortest_path_sense sense);
path_t get_shortest_path (const node_t *other_node) const;
int get_shortest_distance (const node_t *other_node) const;
private:
const graph_t &m_graph;
enum shortest_path_sense m_sense;
/* For each node (by index), the minimal distance between that node
and the given node (with direction depending on m_sense). */
auto_vec<int> m_dist;
/* For each node (by index):
SPS_FROM_GIVEN_ORIGIN:
the previous edge in the shortest path from the origin,
SPS_TO_GIVEN_TARGET:
the next edge in the shortest path to the target. */
auto_vec<const edge_t *> m_best_edge;
};
/* shortest_paths's constructor.
Use Dijkstra's algorithm relative to GIVEN_NODE to populate m_dist and
m_best_edge with enough information to be able to generate Path_t instances
to give the shortest path...
SPS_FROM_GIVEN_ORIGIN: to each node in a graph from the origin node, or
SPS_TO_GIVEN_TARGET: from each node in a graph to the target node. */
template <typename GraphTraits, typename Path_t>
inline
shortest_paths<GraphTraits, Path_t>::
shortest_paths (const graph_t &graph,
const node_t *given_node,
enum shortest_path_sense sense)
: m_graph (graph),
m_sense (sense),
m_dist (graph.m_nodes.length ()),
m_best_edge (graph.m_nodes.length ())
{
auto_timevar tv (TV_ANALYZER_SHORTEST_PATHS);
auto_vec<int> queue (graph.m_nodes.length ());
for (unsigned i = 0; i < graph.m_nodes.length (); i++)
{
m_dist.quick_push (INT_MAX);
m_best_edge.quick_push (NULL);
queue.quick_push (i);
}
m_dist[given_node->m_index] = 0;
while (queue.length () > 0)
{
/* Get minimal distance in queue.
FIXME: this is O(N^2); replace with a priority queue. */
int idx_with_min_dist = -1;
int idx_in_queue_with_min_dist = -1;
int min_dist = INT_MAX;
for (unsigned i = 0; i < queue.length (); i++)
{
int idx = queue[i];
if (m_dist[queue[i]] < min_dist)
{
min_dist = m_dist[idx];
idx_with_min_dist = idx;
idx_in_queue_with_min_dist = i;
}
}
if (idx_with_min_dist == -1)
break;
gcc_assert (idx_in_queue_with_min_dist != -1);
// FIXME: this is confusing: there are two indices here
queue.unordered_remove (idx_in_queue_with_min_dist);
node_t *n
= static_cast <node_t *> (m_graph.m_nodes[idx_with_min_dist]);
if (m_sense == SPS_FROM_GIVEN_ORIGIN)
{
int i;
edge_t *succ;
FOR_EACH_VEC_ELT (n->m_succs, i, succ)
{
// TODO: only for dest still in queue
node_t *dest = succ->m_dest;
int alt = m_dist[n->m_index] + 1;
if (alt < m_dist[dest->m_index])
{
m_dist[dest->m_index] = alt;
m_best_edge[dest->m_index] = succ;
}
}
}
else
{
int i;
edge_t *pred;
FOR_EACH_VEC_ELT (n->m_preds, i, pred)
{
// TODO: only for dest still in queue
node_t *src = pred->m_src;
int alt = m_dist[n->m_index] + 1;
if (alt < m_dist[src->m_index])
{
m_dist[src->m_index] = alt;
m_best_edge[src->m_index] = pred;
}
}
}
}
}
/* Generate an Path_t instance giving the shortest path between OTHER_NODE
and the given node.
SPS_FROM_GIVEN_ORIGIN: shortest path from given origin node to OTHER_NODE
SPS_TO_GIVEN_TARGET: shortest path from OTHER_NODE to given target node.
If no such path exists, return an empty path. */
template <typename GraphTraits, typename Path_t>
inline Path_t
shortest_paths<GraphTraits, Path_t>::
get_shortest_path (const node_t *other_node) const
{
Path_t result;
while (m_best_edge[other_node->m_index])
{
result.m_edges.safe_push (m_best_edge[other_node->m_index]);
if (m_sense == SPS_FROM_GIVEN_ORIGIN)
other_node = m_best_edge[other_node->m_index]->m_src;
else
other_node = m_best_edge[other_node->m_index]->m_dest;
}
if (m_sense == SPS_FROM_GIVEN_ORIGIN)
result.m_edges.reverse ();
return result;
}
/* Get the shortest distance...
SPS_FROM_GIVEN_ORIGIN: ...from given origin node to OTHER_NODE
SPS_TO_GIVEN_TARGET: ...from OTHER_NODE to given target node. */
template <typename GraphTraits, typename Path_t>
inline int
shortest_paths<GraphTraits, Path_t>::
get_shortest_distance (const node_t *other_node) const
{
return m_dist[other_node->m_index];
}
#endif /* GCC_SHORTEST_PATHS_H */
Reference in New Issue View Git Blame Copy Permalink