[depends: #1161, #1272] JSON expr and JSON trace #1271
Conversation
tautschnig
requested review from
peterschrammel,
smowton,
thk123,
mgudemann and
romainbrenguier
| /// Replaces in src, expressions of the form pointer_offset(constant) by that | ||
| /// constant. | ||
| /// \param src: an expression | ||
| void remove_pointer_offsets(exprt &src) |
There was a problem hiding this comment.
util/simplify_expr should be improved to do that.
src/util/json_expr.h
Outdated
| @@ -21,11 +22,13 @@ class namespacet; | |||
|
|
|||
| json_objectt json( | |||
| const exprt &, | |||
| const namespacet &); | |||
| const namespacet &, | |||
| const irep_idt &mode=ID_unknown); | |||
There was a problem hiding this comment.
Default arguments should be avoided.
|
|
||
| #include <langapi/mode.h> | ||
|
|
||
| static exprt simplify_json_expr( |
There was a problem hiding this comment.
util/simplify_expr should be improved to do that.
| if(src.id()==ID_pointer_offset && | ||
| src.op0().id()==ID_constant && | ||
| src.op0().op0().id()==ID_address_of && | ||
| src.op0().op0().op0().id()==ID_index) |
There was a problem hiding this comment.
@romainbrenguier Would you happen to know where you had seen such expressions? (This originally was f4fa778.) As far as I am aware, an expression with id ID_constant should not have any operands.
There was a problem hiding this comment.
These are symbolic pointer constants -- for example, constant(value -> 0x12345678, op0 -> &dynamic_object1), giving both the bitwise and the symbolic value. They only occur in traces AFAIK.
There was a problem hiding this comment.
Also I'd be quite surprised by a case where this worked, but the above more general function didn't.
There was a problem hiding this comment.
Thanks a lot, finally I do understand and should have done so all along as I happened to edit code recently... Quite possibly we should have a pointer_constant_exprt or the likes.
There was a problem hiding this comment.
I think the constant operands does not only happen in traces but in other places as well, I will try to find some example...
I agree how expressions deal with pointers is a bit messy at the moment but I'm not sure about pointer_constant_exprt, why not having simply a constant of type pointer?
There was a problem hiding this comment.
Actually it seems that constant operands is something coming from the solver: if I understand correctly calling get on an expression returns a constant with value corresponding to its actual value and an operand with the original expression.
One thing that confused me a bit is that expressions like &a[0] gets simplified by from_expr to a, but simplify_expr does not simplify it.
There was a problem hiding this comment.
One thing that confused me a bit is that expressions like
&a[0]gets simplified byfrom_exprtoa, butsimplify_exprdoes not simplify it.
That's because as much as they can be used interchangeably at source level, their types are different: with int a[1], a is of type int[1], while &a[0] is of type int*. Consequently the pretty printer can do this "simplification" at text level, but transforming expressions would not be valid.
There was a problem hiding this comment.
ok thanks, it makes more sense to me now
| } | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
is exceptions20 included deliberately?
There was a problem hiding this comment.
No, this is a merge error, I will review how this crept in.
There was a problem hiding this comment.
Hmm, no, not quite: this appears to be the regression test affiliated with d299ea2. Do you think this is not a good fit for this PR?
There was a problem hiding this comment.
ok, I forgot about that and wondered what is has to do with JSON. ok for inclusion then.
tautschnig
changed the title
|
I will need to debug why the "outputID" entry is missing from the test output (failing CI test). |
| if(src.id()==ID_pointer_offset && | ||
| src.op0().id()==ID_constant && | ||
| src.op0().op0().id()==ID_address_of && | ||
| src.op0().op0().op0().id()==ID_index) |
There was a problem hiding this comment.
These are symbolic pointer constants -- for example, constant(value -> 0x12345678, op0 -> &dynamic_object1), giving both the bitwise and the symbolic value. They only occur in traces AFAIK.
| if(src.id()==ID_pointer_offset && | ||
| src.op0().id()==ID_constant && | ||
| src.op0().op0().id()==ID_address_of && | ||
| src.op0().op0().op0().id()==ID_index) |
There was a problem hiding this comment.
Also I'd be quite surprised by a case where this worked, but the above more general function didn't.
| src.operands().size()==1 && | ||
| src.op0().id()!=ID_constant) | ||
| // try to simplify the constant pointer | ||
| return simplify_json_expr(src.op0(), ns); |
There was a problem hiding this comment.
Recommend improve this comment -- this is discarding the binary value of the pointer, keeping only the symbolic expression. It is not a simplification per se.
| src.op0()).get_component_name()).find("@")!=std::string::npos) | ||
| { | ||
| // simplify expressions of the form &member_expr(object, @class_identifier) | ||
| return simplify_json_expr(src.op0(), ns); |
There was a problem hiding this comment.
!!! This transforms ``&x.@xyzintox.@xyz`, changing its type!
| to_index_expr(src.op0()).index()).value_is_zero_string()) | ||
| { | ||
| // simplify expressions of the form &array[0] | ||
| return simplify_json_expr(to_index_expr(src.op0()).array(), ns); |
There was a problem hiding this comment.
! &arr[0] has type element* whereas arr has type element[...], might be important?
Are there tests or other bits of information that could be used for validation purposes? @romainbrenguier would you know more about this? You seem to have authored the original commits introducing those changes, unless I'm mistaken. If anyone else has input, please do contribute. |
|
The typical use case of these simplifications is |
|
Actually there is a regression test which was supposed to check the original changes in {
"assignmentType": "variable",
"hidden": true,
"internal": false,
"lhs": "tmp_object_factory$5",
"mode": "java",
"sourceLocation": {
"file": "test.java",
"function": "java::test.check:(Ljava/lang/String;)I",
"line": "5"
},
"stepType": "assignment",
"thread": 0,
"value": {
"name": "unknown"
}
},It seems the value reported as unknown is a |
tautschnig
force-pushed
the
json-trace
branch
from
a2de5e4 to
4d28bdd
Compare
tautschnig
changed the title
tautschnig
changed the title
tautschnig
changed the title
It's only called from within configt.
json() does not deal with nil expression and would just give "name" : "unknown". On the other hand nil expression should not make it to that stage so it would probably denotes an error.
This will delete language pointer created by get_language_from_mode when the object goes out of scope. This prevents memory leaks when using json output.
We simplifying these expression so that these pointers appear correctly in the trace in json. This is related to issue diffblue/test-gen#21 Includes improvements in json_expr.cpp following review of PR#922
We simplify expressions containing array accesses before producing a json representation of the trace. This commit also adds comments on the functions in the cpp files Includes improvements in json_goto_trace.cpp following review of PR#922
This previously stripped pointer_offset_exprt, which wasn't correct-- it should mask the pointer expression within it to give the offset between the operand address and the base of its allocation.
With the exception_value support, there is the possibility to have `nil` values assigned in the trace. These values are returned from `prop_conv.get(expr)`.
In particular, booleans are now printed as true/false instead of 0/1; NULL as null, and pointer types as their respective structs.
tautschnig
force-pushed
the
json-trace
branch
from
4d28bdd to
a6236ab
Compare
tautschnig
changed the title
|
All the discussion items seem to have been merged into develop, closing this as a transition to master will likely happen differently. |
None of this is my work - these are commits already merged into develop (test-gen-support).