Deal with virtual function calls with no candidate targets

Owen Jones · Owen Jones · commit 397284cd0171 · 2018-04-18T10:16:01.000+01:00
During virtual method resolution, if a virtual function call has no
candidate targets then we add the class it was called on as an
instantiated class.
diff --git a/src/java_bytecode/ci_lazy_methods.cpp b/src/java_bytecode/ci_lazy_methods.cpp
@@ -122,46 +122,92 @@ bool ci_lazy_methodst::operator()(
   id_sett methods_already_populated;
   std::unordered_set<exprt, irep_hash> virtual_function_calls;
 
-  bool any_new_methods = true;
-  while(any_new_methods)
+  bool any_new_classes = true;
+  while(any_new_classes)
   {
-    any_new_methods=false;
-    while(!methods_to_convert_later.empty())
+    bool any_new_methods = true;
+    while(any_new_methods)
     {
-      id_sett methods_to_convert;
-      std::swap(methods_to_convert, methods_to_convert_later);
-      for(const auto &mname : methods_to_convert)
+      any_new_methods = false;
+      while(!methods_to_convert_later.empty())
       {
-        if(!methods_already_populated.insert(mname).second)
-          continue;
-        debug() << "CI lazy methods: elaborate " << mname << eom;
-        if(
-          method_converter(
-            mname,
-            // Note this wraps *references* to methods_to_convert_later &
-            // instantiated_classes
-            ci_lazy_methods_neededt(
-              methods_to_convert_later, instantiated_classes, symbol_table)))
+        id_sett methods_to_convert;
+        std::swap(methods_to_convert, methods_to_convert_later);
+        for(const auto &mname : methods_to_convert)
         {
-          // Couldn't convert this function
-          continue;
+          if(!methods_already_populated.insert(mname).second)
+            continue;
+          debug() << "CI lazy methods: elaborate " << mname << eom;
+          if(
+            method_converter(
+              mname,
+              // Note this wraps *references* to methods_to_convert_later &
+              // instantiated_classes
+              ci_lazy_methods_neededt(
+                methods_to_convert_later, instantiated_classes, symbol_table)))
+          {
+            // Couldn't convert this function
+            continue;
+          }
+          gather_virtual_callsites(
+            symbol_table.lookup_ref(mname).value, virtual_function_calls);
+          any_new_methods = true;
         }
-        gather_virtual_callsites(
-          symbol_table.lookup_ref(mname).value, virtual_function_calls);
-        any_new_methods=true;
       }
-    }
 
-    // Given the object types we now know may be created, populate more
-    // possible virtual function call targets:
+      // Given the object types we now know may be created, populate more
+      // possible virtual function call targets:
 
-    debug() << "CI lazy methods: add virtual method targets ("
-            << virtual_function_calls.size() << " callsites)" << eom;
+      debug() << "CI lazy methods: add virtual method targets ("
+              << virtual_function_calls.size() << " callsites)" << eom;
 
-    for(const exprt &function : virtual_function_calls)
+      for(const exprt &function : virtual_function_calls)
+      {
+        get_virtual_method_targets(
+          function,
+          instantiated_classes,
+          methods_to_convert_later,
+          symbol_table);
+      }
+    }
+
+    any_new_classes = false;
+
+    // Look for virtual callsites with no candidate targets. If we have
+    // invokevirtual A.f and we don't believe either A or any of its children
+    // may exist, we assume specifically A is somehow instantiated. Note this
+    // may result in an abstract class being classified as instantiated, which
+    // stands in for some unknown concrete subclass: in this case the called
+    // method will be a stub.
+    for(const exprt &virtual_function_call : virtual_function_calls)
     {
+      id_sett candidate_target_methods;
       get_virtual_method_targets(
-        function, instantiated_classes, methods_to_convert_later, symbol_table);
+        virtual_function_call,
+        instantiated_classes,
+        candidate_target_methods,
+        symbol_table);
+
+      if(candidate_target_methods.empty())
+      {
+        any_new_classes = true;
+
+        // Add the call class to instantiated_classes and assert that it
+        // didn't already exist
+        const irep_idt &call_class = virtual_function_call.get(ID_C_class);
+        auto ret_class = instantiated_classes.insert(call_class);
+        CHECK_RETURN(ret_class.second);
+
+        // Check that `get_virtual_method_target` returns a method now
+        const irep_idt &call_basename =
+          virtual_function_call.get(ID_component_name);
+        const irep_idt method_name = get_virtual_method_target(
+          instantiated_classes, call_basename, call_class, symbol_table);
+        CHECK_RETURN(!method_name.empty());
+
+        // Add what it returns to methods_to_convert_later
+        methods_to_convert_later.insert(method_name);
+      }
     }
   }
 
