1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/* -*- indent-tabs-mode: nil; js-indent-level: 4 -*- */
// Utility code for traversing the JSON data structures produced by sixgill.
"use strict";
// Find all points (positions within the code) of the body given by the list of
// bodies and the blockId to match (which will specify an outer function or a
// loop within it), recursing into loops if needed.
function findAllPoints(bodies, blockId, limits)
{
var points = [];
var body;
for (var xbody of bodies) {
if (sameBlockId(xbody.BlockId, blockId)) {
assert(!body);
body = xbody;
}
}
assert(body);
if (!("PEdge" in body))
return;
for (var edge of body.PEdge) {
points.push([body, edge.Index[0], limits]);
if (edge.Kind == "Loop")
points.push(...findAllPoints(bodies, edge.BlockId, limits));
}
return points;
}
// Given the CFG for the constructor call of some RAII, return whether the
// given edge is the matching destructor call.
function isMatchingDestructor(constructor, edge)
{
if (edge.Kind != "Call")
return false;
var callee = edge.Exp[0];
if (callee.Kind != "Var")
return false;
var variable = callee.Variable;
assert(variable.Kind == "Func");
if (variable.Name[1].charAt(0) != '~')
return false;
// Note that in some situations, a regular function can begin with '~', so
// we don't necessarily have a destructor in hand. This is probably a
// sixgill artifact, but in js::wasm::ModuleGenerator::~ModuleGenerator, a
// templatized static inline EraseIf is invoked, and it gets named ~EraseIf
// for some reason.
if (!("PEdgeCallInstance" in edge))
return false;
var constructExp = constructor.PEdgeCallInstance.Exp;
assert(constructExp.Kind == "Var");
var destructExp = edge.PEdgeCallInstance.Exp;
if (destructExp.Kind != "Var")
return false;
return sameVariable(constructExp.Variable, destructExp.Variable);
}
// Return all calls within the RAII scope of any constructor matched by
// isConstructor(). (Note that this would be insufficient if you needed to
// treat each instance separately, such as when different regions of a function
// body were guarded by these constructors and you needed to do something
// different with each.)
function allRAIIGuardedCallPoints(typeInfo, bodies, body, isConstructor)
{
if (!("PEdge" in body))
return [];
var points = [];
for (var edge of body.PEdge) {
if (edge.Kind != "Call")
continue;
var callee = edge.Exp[0];
if (callee.Kind != "Var")
continue;
var variable = callee.Variable;
assert(variable.Kind == "Func");
const limits = isConstructor(typeInfo, edge.Type, variable.Name);
if (!limits)
continue;
if (!("PEdgeCallInstance" in edge))
continue;
if (edge.PEdgeCallInstance.Exp.Kind != "Var")
continue;
points.push(...pointsInRAIIScope(bodies, body, edge, limits));
}
return points;
}
// Test whether the given edge is the constructor corresponding to the given
// destructor edge.
function isMatchingConstructor(destructor, edge)
{
if (edge.Kind != "Call")
return false;
var callee = edge.Exp[0];
if (callee.Kind != "Var")
return false;
var variable = callee.Variable;
if (variable.Kind != "Func")
return false;
var name = readable(variable.Name[0]);
var destructorName = readable(destructor.Exp[0].Variable.Name[0]);
var match = destructorName.match(/^(.*?::)~(\w+)\(/);
if (!match) {
printErr("Unhandled destructor syntax: " + destructorName);
return false;
}
var constructorSubstring = match[1] + match[2];
if (name.indexOf(constructorSubstring) == -1)
return false;
var destructExp = destructor.PEdgeCallInstance.Exp;
if (destructExp.Kind != "Var")
return false;
var constructExp = edge.PEdgeCallInstance.Exp;
if (constructExp.Kind != "Var")
return false;
return sameVariable(constructExp.Variable, destructExp.Variable);
}
function findMatchingConstructor(destructorEdge, body, warnIfNotFound=true)
{
var worklist = [destructorEdge];
var predecessors = getPredecessors(body);
while(worklist.length > 0) {
var edge = worklist.pop();
if (isMatchingConstructor(destructorEdge, edge))
return edge;
if (edge.Index[0] in predecessors) {
for (var e of predecessors[edge.Index[0]])
worklist.push(e);
}
}
if (warnIfNotFound)
printErr("Could not find matching constructor!");
return undefined;
}
function pointsInRAIIScope(bodies, body, constructorEdge, limits) {
var seen = {};
var worklist = [constructorEdge.Index[1]];
var points = [];
while (worklist.length) {
var point = worklist.pop();
if (point in seen)
continue;
seen[point] = true;
points.push([body, point, limits]);
var successors = getSuccessors(body);
if (!(point in successors))
continue;
for (var nedge of successors[point]) {
if (isMatchingDestructor(constructorEdge, nedge))
continue;
if (nedge.Kind == "Loop")
points.push(...findAllPoints(bodies, nedge.BlockId, limits));
worklist.push(nedge.Index[1]);
}
}
return points;
}
|
