Open jiachunpeng opened 2 years ago
Hi,
the SDG class is a replacement for DG class, but is not finished (nor used by any component of DG) yet. Is this problem present if you use llvm-dg-dump
?
Hi,
the SDG class is a replacement for DG class, but is not finished (nor used by any component of DG) yet. Is this problem present if you use
llvm-dg-dump
?
I still have some questions.
#include <stdlib.h>
void *mymalloc() {
void *ret = malloc(5);
return ret;
}
int main() {
void *a;
a = mymalloc();
free(a);
}
command
clang -emit-llvm -g test.c -S
~/work/dg/build/tools/llvm-dg-dump test.bc --no-cfg > test.dot
Should there has a data dependence edge from return ret
to a = mymalloc()
?
And why there has a control dependence edge form a = mymalloc()
to *ret = malloc(5)
?
return ret
does not modify anything, so it should have no data dependence edges. The control dep. edge between main:: call mymalloc
and OUT ARG malloc(5)
is there because the latter is an (output) actual argument of the former. In this case, these nodes are redundant as the memory allocated by malloc(5)
is not written to, but they are being created for a simpler generation of the graph.
return ret
does not modify anything, so it should have no data dependence edges. The control dep. edge betweenmain:: call mymalloc
andOUT ARG malloc(5)
is there because the latter is an (output) actual argument of the former. In this case, these nodes are redundant as the memory allocated bymalloc(5)
is not written to, but they are being created for a simpler generation of the graph.
Thanks for reply!
#include <stdlib.h>
void *mymalloc() {
void *ret = malloc(5);
return ret;
}
int main() {
void *a;
a = mymalloc();
free(a);
}
For the same code. the first is builded acording to Reps T . Program analysis via graph reachability[J]. Information & Software Technology, 1998, 40(11-12):701-726.
, the seconed is form llvm-dg-dump.
Is there any difference between the two methods?
Is there any difference between the two methods?
Probably? I do not know.
is it correct?
Correct in what sense? W.r.t the reachability analysis and backward slicing algorithms? Then yes, it is correct but not needed. These nodes have no influence on backward slicing and can be prune away. Again, they are present only to ease the building of DG.
why formal out of
mymalloc
is%2 = malloc(5)
instead ofret %3
Because the output nodes represent the memory written inside the call. ret %3
does not write to memory.
For this code
int getValue();
int doSomething(int i);
int fun() {
int v = 5;
int c = getValue();
c += 4;
v += 4;
return c;
}
int main() {
int a;
a = fun();
doSomething(a);
}
Using command
llvm-slicer test.bc -c doSomething --dump-dg-only
The result is
The result of slicing is correct. But why there is no dependency between
c = getValue()
and doSomething(a)
in graph.
There is a transitive dependency, otherwise the slice would not contain c = getValue()
. Or what kind of dependency you mean?
I mean the dependency edges in the graph dumped by the llvm-slicer. Or, the llvm-slicer does not dump some dependency edges using the default options ?
Looking at the graph, it seems that there is missing the edge from NODE0x55d4...720
to %2 = call i32 foo()
if that is what you mean.
It is in the graph, but it is not displayed for some reason.
envirment
command
code 1