// Copyright (c) 2016 Daniel Grunwald
//
// Permission is hereby granted, free of charge, to any person obtaining a copy of this
// software and associated documentation files (the "Software"), to deal in the Software
// without restriction, including without limitation the rights to use, copy, modify, merge,
// publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
// to whom the Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all copies or
// substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
// FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.Diagnostics;
using ICSharpCode.Decompiler.IL;
namespace ICSharpCode.Decompiler.FlowAnalysis
{
///
/// Interface for use with DataFlowVisitor.
///
/// A mutable container for the state tracked by the data flow analysis.
///
///
/// States must form a join-semilattice: https://en.wikipedia.org/wiki/Semilattice
///
/// To handle try{} finally{} properly, states should implement MeetWith() as well,
/// and thus should form a lattice.
///
public interface IDataFlowState where Self: IDataFlowState
{
///
/// Gets whether this state is "less than" (or equal to) another state.
/// This is the partial order of the semi-lattice.
///
///
/// The exact meaning of this relation is up to the concrete implementation,
/// but usually "less than" means "has less information than".
/// A given position in the code starts at the "unreachable state" (=no information)
/// and then adds more information as the analysis progresses.
/// After each change to the state, the old state must be less than the new state,
/// so that the analysis does not run into an infinite loop.
/// The partially ordered set must also have finite height (no infinite ascending chains s1 < s2 < ...),
/// to ensure the analysis terminates.
///
///
/// The simplest possible state, bool isReachable, would implement LessThanOrEqual as:
/// (this.isReachable ? 1 : 0) <= (otherState.isReachable ? 1 : 0)
/// Which can be simpified to:
/// !this.isReachable || otherState.isReachable
///
bool LessThanOrEqual(Self otherState);
///
/// Creates a new object with a copy of the state.
///
Self Clone();
///
/// Replace the contents of this state object with a copy of those in .
///
///
/// x = x.Clone(); x.ReplaceWith(newContent);
/// is equivalent to
/// x = newContent.Clone();
///
/// ReplaceWith() is used to avoid allocating new state objects where possible.
///
void ReplaceWith(Self newContent);
///
/// Join the incomingState into this state.
///
///
/// Postcondition: old(this).LessThanOrEqual(this) && incomingState.LessThanOrEqual(this)
/// This method generally sets this to the smallest state that is greater than (or equal to)
/// both input states.
///
///
/// The simplest possible state, bool isReachable, would implement JoinWith as:
/// this.isReachable |= incomingState.isReachable;
///
void JoinWith(Self incomingState);
///
/// The meet operation.
///
/// If possible, this method sets this to the greatest state that is smaller than (or equal to)
/// both input states.
/// At a minimum, meeting with an unreachable state must result in an unreachable state.
///
///
/// MeetWith() is used when control flow passes out of a try-finally construct: the endpoint of the try-finally
/// is reachable only if both the endpoint of the try and the endpoint of the finally blocks are reachable.
///
///
/// The simplest possible state, bool isReachable, would implement MeetWith as:
/// this.isReachable &= incomingState.isReachable;
///
void MeetWith(Self incomingState);
///
/// Gets whether this is the "unreachable" state.
/// The unreachable state represents that the data flow analysis has not yet
/// found a code path from the entry point to this state's position.
///
///
/// The unreachable state is the bottom element in the semi-lattice:
/// the unreachable state is "less than" all other states.
///
bool IsUnreachable { get; }
///
/// Equivalent to this.ReplaceWith(unreachableState), but may be more efficient.
///
void MarkUnreachable();
}
///
/// Generic base class for forward data flow analyses.
///
///
/// The state type used for the data flow analysis. See for details.
///
/// DataFlowVisitor expects the state to behave like a mutable reference type.
/// It might still be a good idea to use a struct to implement it so that .NET uses static dispatch for
/// method calls on the type parameter, but that struct must consist only of a readonly field
/// referencing some mutable object, to ensure the type parameter behaves as it if was a mutable reference type.
///
public abstract class DataFlowVisitor : ILVisitor
where State : IDataFlowState
{
// The data flow analysis tracks a 'state'.
// There are many states (one per source code position, i.e. ILInstruction), but we don't store all of them.
// We only keep track of:
// a) the current state in the RDVisitor
// This state corresponds to the instruction currently being visited,
// and gets mutated as we traverse the ILAst.
// b) the input state for each control flow node
// This also gets mutated as the analysis learns about new control flow edges.
///
/// The unreachable state.
/// Must not be mutated.
///
readonly State unreachableState;
///
/// Combined state of all possible exceptional control flow paths in the current try block.
/// Serves as input state for catch blocks.
///
/// Within a try block, currentStateOnException == stateOnException[tryBlock.Parent].
///
State currentStateOnException;
///
/// Current state.
/// Gets mutated as the visitor traverses the ILAst.
///
protected State state;
///
/// Creates a new DataFlowVisitor.
///
/// The initial state at the entry point of the analysis.
protected DataFlowVisitor(State initialState)
{
this.state = initialState.Clone();
this.unreachableState = initialState.Clone();
this.unreachableState.MarkUnreachable();
Debug.Assert(unreachableState.IsUnreachable);
this.currentStateOnException = unreachableState.Clone();
}
#if DEBUG
// For debugging, capture the input + output state at every instruction.
readonly Dictionary debugInputState = new Dictionary();
readonly Dictionary debugOutputState = new Dictionary();
void DebugPoint(Dictionary debugDict, ILInstruction inst)
{
#if DEBUG
State previousOutputState;
if (debugDict.TryGetValue(inst, out previousOutputState)) {
Debug.Assert(previousOutputState.LessThanOrEqual(state));
} else {
// limit the number of tracked instructions to make memory usage in debug builds less horrible
if (debugDict.Count < 1000) {
debugDict.Add(inst, state.Clone());
}
}
#endif
}
#endif
[Conditional("DEBUG")]
void DebugStartPoint(ILInstruction inst)
{
#if DEBUG
DebugPoint(debugInputState, inst);
#endif
}
[Conditional("DEBUG")]
void DebugEndPoint(ILInstruction inst)
{
#if DEBUG
DebugPoint(debugOutputState, inst);
#endif
}
protected sealed override void Default(ILInstruction inst)
{
DebugStartPoint(inst);
// This method assumes normal control flow and no branches.
if ((inst.DirectFlags & (InstructionFlags.ControlFlow | InstructionFlags.MayBranch | InstructionFlags.EndPointUnreachable)) != 0) {
throw new NotImplementedException("RDVisitor is missing implementation for " + inst.GetType().Name);
}
// Since this instruction has normal control flow, we can evaluate our children left-to-right.
foreach (var child in inst.Children) {
child.AcceptVisitor(this);
Debug.Assert(state.IsUnreachable || !child.HasFlag(InstructionFlags.EndPointUnreachable));
}
// If this instruction can throw an exception, handle the exceptional control flow edge.
if ((inst.DirectFlags & InstructionFlags.MayThrow) != 0) {
MayThrow();
}
DebugEndPoint(inst);
}
///
/// Handle control flow when the current instruction throws an exception:
/// joins the current state into the "exception state" of the current try block.
///
protected void MayThrow()
{
currentStateOnException.JoinWith(state);
}
///
/// Holds the state for incoming branches.
///
///
/// Only used for blocks in block containers; not for inline blocks.
///
readonly Dictionary stateOnBranch = new Dictionary();
///
/// Holds the state at the block container end-point. (=state for incoming 'leave' instructions)
///
readonly Dictionary stateOnLeave = new Dictionary();
State GetBlockInputState(Block block)
{
State s;
if (stateOnBranch.TryGetValue(block, out s)) {
return s;
} else {
s = unreachableState.Clone();
stateOnBranch.Add(block, s);
return s;
}
}
///
/// For each block container, stores the set of blocks (via Block.ChildIndex)
/// that had their incoming state changed and were not processed yet.
///
readonly Dictionary> workLists = new Dictionary>();
protected internal override void VisitBlockContainer(BlockContainer container)
{
DebugStartPoint(container);
SortedSet worklist = new SortedSet();
// register work list so that branches within this container can add to it
workLists.Add(container, worklist);
var stateOnEntry = GetBlockInputState(container.EntryPoint);
if (!state.LessThanOrEqual(stateOnEntry)) {
// If we have new information for the container's entry point,
// add the container entry point to the work list.
stateOnEntry.JoinWith(state);
worklist.Add(0);
}
// To handle loops, we need to analyze the loop body before we can know the state for the loop backedge,
// but we need to know the input state for the loop body (to which the backedge state contributes)
// before we can analyze the loop body.
// Solution: we repeat the analysis of the loop body multiple times, until the state no longer changes.
// To make it terminate reasonably quickly, we need to process the control flow nodes in the correct order:
// reverse post-order. We use a SortedSet for this, and assume that the block indices used in the SortedSet
// are ordered appropriately. The caller can use BlockContainer.SortBlocks() for this.
while (worklist.Count > 0) {
int blockIndex = worklist.Min;
worklist.Remove(blockIndex);
Block block = container.Blocks[blockIndex];
state.ReplaceWith(stateOnBranch[block]);
block.AcceptVisitor(this);
}
State stateOnExit;
if (stateOnLeave.TryGetValue(container, out stateOnExit)) {
state.ReplaceWith(stateOnExit);
} else {
state.MarkUnreachable();
}
DebugEndPoint(container);
workLists.Remove(container);
}
protected internal override void VisitBranch(Branch inst)
{
var targetBlock = inst.TargetBlock;
var targetState = GetBlockInputState(targetBlock);
if (!state.LessThanOrEqual(targetState)) {
targetState.JoinWith(state);
BlockContainer container = (BlockContainer)targetBlock.Parent;
workLists[container].Add(targetBlock.ChildIndex);
}
state.MarkUnreachable();
}
protected internal override void VisitLeave(Leave inst)
{
State targetState;
if (stateOnLeave.TryGetValue(inst.TargetContainer, out targetState)) {
targetState.JoinWith(state);
} else {
stateOnLeave.Add(inst.TargetContainer, state.Clone());
}
// Note: We don't have to put the block container onto the work queue,
// because it's an ancestor of the Leave instruction, and hence
// we are currently somewhere within the VisitBlockContainer() call.
state.MarkUnreachable();
}
protected internal override void VisitReturn(Return inst)
{
if (inst.ReturnValue != null)
inst.ReturnValue.AcceptVisitor(this);
state.MarkUnreachable();
}
protected internal override void VisitThrow(Throw inst)
{
inst.Argument.AcceptVisitor(this);
MayThrow();
state.MarkUnreachable();
}
protected internal override void VisitRethrow(Rethrow inst)
{
MayThrow();
state.MarkUnreachable();
}
///
/// Stores the stateOnException per try instruction.
///
readonly Dictionary stateOnException = new Dictionary();
///
/// Visits the TryBlock.
///
/// Returns a new State object representing the exceptional control flow transfer out of the try block.
///
protected State HandleTryBlock(TryInstruction inst)
{
State oldStateOnException = currentStateOnException;
State newStateOnException;
if (!stateOnException.TryGetValue(inst, out newStateOnException)) {
newStateOnException = unreachableState.Clone();
stateOnException.Add(inst, newStateOnException);
}
currentStateOnException = newStateOnException;
inst.TryBlock.AcceptVisitor(this);
currentStateOnException = oldStateOnException;
return newStateOnException;
}
protected internal override void VisitTryCatch(TryCatch inst)
{
DebugStartPoint(inst);
State onException = HandleTryBlock(inst);
State endpoint = state.Clone();
// The exception might get propagated if no handler matches the type:
currentStateOnException.JoinWith(onException);
foreach (var handler in inst.Handlers) {
state.ReplaceWith(onException);
BeginTryCatchHandler(handler);
handler.Filter.AcceptVisitor(this);
// if the filter return false, any mutations done by the filter
// will be visible by the remaining handlers
// (but it's also possible that the filter didn't get executed at all
// because the exception type doesn't match)
onException.JoinWith(state);
handler.Body.AcceptVisitor(this);
endpoint.JoinWith(state);
}
state = endpoint;
DebugEndPoint(inst);
}
protected virtual void BeginTryCatchHandler(TryCatchHandler inst)
{
}
///
/// TryCatchHandler is handled directly in VisitTryCatch
///
protected internal override sealed void VisitTryCatchHandler(TryCatchHandler inst)
{
throw new NotImplementedException();
}
protected internal override void VisitTryFinally(TryFinally inst)
{
DebugStartPoint(inst);
// At first, handle 'try { .. } finally { .. }' like 'try { .. } catch {} .. if (?) rethrow; }'
State onException = HandleTryBlock(inst);
State onSuccess = state.Clone();
state.JoinWith(onException);
inst.FinallyBlock.AcceptVisitor(this);
MayThrow();
// Use MeetWith() to ensure points after the try-finally are reachable only if both the
// try and the finally endpoints are reachable.
state.MeetWith(onSuccess);
DebugEndPoint(inst);
}
protected internal override void VisitTryFault(TryFault inst)
{
DebugStartPoint(inst);
// try-fault executes fault block if an exception occurs in try,
// and always rethrows the exception at the end.
State onException = HandleTryBlock(inst);
State onSuccess = state;
state = onException;
inst.FaultBlock.AcceptVisitor(this);
MayThrow(); // rethrow the exception after the fault block
// try-fault exits normally only if no exception occurred
state = onSuccess;
DebugEndPoint(inst);
}
protected internal override void VisitIfInstruction(IfInstruction inst)
{
DebugStartPoint(inst);
inst.Condition.AcceptVisitor(this);
State branchState = state.Clone();
inst.TrueInst.AcceptVisitor(this);
State afterTrueState = state;
state = branchState;
inst.FalseInst.AcceptVisitor(this);
state.JoinWith(afterTrueState);
DebugEndPoint(inst);
}
protected internal override void VisitSwitchInstruction(SwitchInstruction inst)
{
DebugStartPoint(inst);
inst.Value.AcceptVisitor(this);
State beforeSections = state.Clone();
State afterSections = unreachableState.Clone();
foreach (var section in inst.Sections) {
state.ReplaceWith(beforeSections);
section.AcceptVisitor(this);
afterSections.JoinWith(state);
}
state = afterSections;
DebugEndPoint(inst);
}
}
}