iAI icon indicating copy to clipboard operation
iAI copied to clipboard
verified publisher icon aimuch

Why all esg data flow fact are empty?

Open wuxiaoqiang12 opened this issue 4 years ago • 4 comments

I write a simple example c++ file like that:

struct worker{
        int speed;
        int efficient;
};

int sum(struct worker* workers, int k) {
        int sum = 0;
        for (int i = 0; i < k; i++) {
                sum += workers[i].speed;
        }
        return sum;
}

int main()
{
        int speeds[] = {1, 2, 3, 3, 2, 1, 4, 5, 9, 8};
        int effici[] = {2, 1, 3, 2, 4, 6, 4, 3, 2, 1};
        worker workers[10];
        for (int i = 0; i < 10; i++) {
                workers[i].speed = speeds[i];
                workers[i].efficient = effici[i];
        }

        int speed_sum = sum(workers, 10);

        return speed_sum;
}

Compile with clang++ -S -emit-llvm main.cpp to generate main.ll, and using command phasar-llvm -m ./main.ll -D ifds-lca --emit-esg-as-dot > test.main.dot to get the esg dot file. But as the title said all data flow fact in that graph is empty, I can't upload img here, but I think you can get it. I don't know why it cannot get data fact from this code. Is it count struct in?

wuxiaoqiang12 avatar Apr 26 '21 09:04 wuxiaoqiang12

The IFDS LCA is not implemented. Try the IDE one. Analyzing your code precisely requires field-sensitivity. Without field-sensitivity the initializers get overapproximated and you only have BOTTOM. IDE LCA is not field-sensitive and hence you won't get a precise result for your code.

MMory avatar Apr 26 '21 11:04 MMory

The IFDS LCA is not implemented. Try the IDE one. Analyzing your code precisely requires field-sensitivity. Without field-sensitivity the initializers get overapproximated and you only have BOTTOM. IDE LCA is not field-sensitive and hence you won't get a precise result for your code.

Thanks for your replay. I would like to know which parameter should I use in this situation? I tried ifds-const ide-lca etc., but I didn't understand the esg dot different from them. Also I want to know does it effect generated esg using different parameter?

wuxiaoqiang12 avatar Apr 29 '21 02:04 wuxiaoqiang12

ide-lca would be the one to go. But again, your code that you intend to analyze cannot be analyzed by ide-lca precisely. ide-lca is field-insensitive, so the index accesses with [i] cannot be precisely distinguished - first point of overapproximation.

Then, in sum() you do sum += workers[i].speed, which really is sum = sum + workers[i].speed. This is not distributive, so the analysis needs to overapproximate again.

MMory avatar May 06 '22 14:05 MMory

You can see the overapproximation based on the value Bottom that is the resulting value in that case, it means "non-constant/don't know whether it's constant".

MMory avatar May 06 '22 14:05 MMory