// Copyright (c) 2016 Daniel Grunwald // // Permission is hereby granted, free of charge, to any person obtaining a copy of this // software and associated documentation files (the "Software"), to deal in the Software // without restriction, including without limitation the rights to use, copy, modify, merge, // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons // to whom the Software is furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in all copies or // substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER // DEALINGS IN THE SOFTWARE. using System; using System.Collections; using System.Collections.Generic; using System.Collections.Immutable; using System.Diagnostics; using System.Linq; using ICSharpCode.Decompiler.IL; namespace ICSharpCode.Decompiler.FlowAnalysis { ///

/// Implements the "reaching definitions" analysis. /// /// https://en.wikipedia.org/wiki/Reaching_definition /// /// By "definitions", we mean stores to local variables. ///

/// /// Possible "definitions" that store to a variable are: /// * StLoc /// * TryCatchHandler (for the exception variable) /// * ReachingDefinitions.UninitializedVariable for uninitialized variables. /// Note that we do not keep track of LdLoca/references/pointers. /// The analysis will likely be wrong/incomplete for variables with AddressCount != 0. /// public class ReachingDefinitions { #region State representation ///

/// The state during the reaching definitions analysis. ///

/// /// A state can either be reachable, or unreachable: /// 1) unreachable /// Note that during the analysis, "unreachable" just means we have not yet found a path /// from the entry point to the node. States transition from unreachable to reachable as /// the analysis processes more control flow paths. /// 2) reachable /// In this case, the state contains, for each variable, the set of stores that might have /// written to the variable before the control flow reached the state's source code position. /// This set does not include stores that were definitely overwritten by other stores to the /// same variable. /// During the analysis, the set of stores gets extended as the analysis processes more code paths. /// /// The reachable state could be represented as a `Dictionary{ILVariable, ISet{ILInstruction}}`. /// To consume less memory, we instead assign an integer index to all stores in the analyzed function ("store index"), /// and store the state as a `BitSet` instead. /// Each bit in the set corresponds to one store instruction, and is `true` iff the store is a reaching definition /// for the variable it is storing to. /// The `allStores` array has the same length as the bit sets and holds the corresponding `ILInstruction` objects (store instructions). /// All stores for a single variable occupy a contiguous segment of the `allStores` array (and thus also of the `state`), /// which allows us to efficient clear out all stores that get overwritten by a new store. /// [DebuggerDisplay("{bits}")] struct State : IDataFlowState { ///

/// bit 0: This state's position is reachable from the entry point. /// bit i+1: There is a code path from the entry point to this state's position /// that passes through through allStores[i] and does not pass through another /// store to allStores[i].Variable. ///

readonly internal BitSet bits; public State(BitSet bits) { this.bits = bits; } public bool LessThanOrEqual(State otherState) { return bits.IsSubsetOf(otherState.bits); } public State Clone() { return new State(bits.Clone()); } public void ReplaceWith(State newContent) { bits.ReplaceWith(newContent.bits); } public void JoinWith(State incomingState) { bits.UnionWith(incomingState.bits); } public void MeetWith(State incomingState) { bits.IntersectWith(incomingState.bits); } public void MarkUnreachable() { bits.ClearAll(); } public bool IsUnreachable { get { return !bits[ReachableBit]; } } } ///

/// To distinguish unreachable from reachable states, we use the first bit in the bitset to store the 'reachable bit'. /// If this bit is set, the state is reachable, and the remaining bits ///

const int ReachableBit = 0; ///

/// Because bit number 0 is the ReachableBit, we start counting store indices at 1. ///

const int FirstStoreIndex = 1; #endregion #region Documentation + member fields ///

/// A special Nop instruction that gets used as a fake store if the variable /// is possibly uninitialized. ///

public static readonly ILInstruction UninitializedVariable = new Nop(); ///

/// The function being analyzed. ///

readonly ILVariableScope scope; ///

/// All stores for all variables in the scope. /// /// state[storeIndex] is true iff allStores[storeIndex] is a reaching definition. /// Invariant: state.bits.Length == allStores.Length. ///

readonly ILInstruction[] allStores; ///

/// Maps instructions appearing in allStores to their index. /// /// Invariant: allStores[storeIndexMap[inst]] == inst /// /// Does not contain UninitializedVariable (as that special instruction has multiple store indices, one per variable) ///

readonly Dictionary storeIndexMap = new Dictionary(); ///

/// For all variables v: allStores[firstStoreIndexForVariable[v.IndexInScope]] is the UninitializedVariable entry for v. /// The next few stores (up to firstStoreIndexForVariable[v.IndexInScope + 1], exclusive) are the full list of stores for v. ///

/// /// Invariant: firstStoreIndexForVariable[scope.Variables.Count] == allStores.Length /// readonly int[] firstStoreIndexForVariable; ///

/// activeVariable[v.IndexInScope] is true iff RD analysis is enabled for the variable. ///

readonly BitSet activeVariables; #endregion #region Constructor ///

/// Run reaching definitions analysis for the specified variable scope. ///

public ReachingDefinitions(ILVariableScope scope, Predicate pred) : this(scope, GetActiveVariableBitSet(scope, pred)) { } static BitSet GetActiveVariableBitSet(ILVariableScope scope, Predicate pred) { if (scope == null) throw new ArgumentNullException("scope"); BitSet activeVariables = new BitSet(scope.Variables.Count); for (int vi = 0; vi < scope.Variables.Count; vi++) { activeVariables[vi] = pred(scope.Variables[vi]); } return activeVariables; } ///

/// Run reaching definitions analysis for the specified variable scope. ///

public ReachingDefinitions(ILVariableScope scope, BitSet activeVariables) { if (scope == null) throw new ArgumentNullException("scope"); if (activeVariables == null) throw new ArgumentNullException("activeVariables"); this.scope = scope; this.activeVariables = activeVariables; // Fill `allStores` and `storeIndexMap` and `firstStoreIndexForVariable`. var storesByVar = FindAllStoresByVariable(scope, activeVariables); allStores = new ILInstruction[FirstStoreIndex + storesByVar.Sum(l => l != null ? l.Count : 0)]; firstStoreIndexForVariable = new int[scope.Variables.Count + 1]; int si = FirstStoreIndex; for (int vi = 0; vi < storesByVar.Length; vi++) { firstStoreIndexForVariable[vi] = si; var stores = storesByVar[vi]; if (stores != null) { int expectedStoreCount = scope.Variables[vi].StoreCount; if (!scope.Variables[vi].HasInitialValue) { // Extra store for UninitializedVariable expectedStoreCount += 1; // Note that for variables with HasInitialValue=true, // this extra store is already accounted for in ILVariable.StoreCount. } Debug.Assert(stores.Count == expectedStoreCount); stores.CopyTo(allStores, si); // Add all stores except for UninitializedVariable to storeIndexMap. for (int i = 1; i < stores.Count; i++) { storeIndexMap.Add(stores[i], si + i); } si += stores.Count; } } firstStoreIndexForVariable[scope.Variables.Count] = si; Debug.Assert(si == allStores.Length); RDVisitor visitor = new RDVisitor(this); scope.Children.Single().AcceptVisitor(visitor); } ///

/// Fill allStores and storeIndexMap. ///

static List[] FindAllStoresByVariable(ILVariableScope scope, BitSet activeVariables) { // For each variable, find the list of ILInstructions storing to that variable List[] storesByVar = new List[scope.Variables.Count]; for (int vi = 0; vi < storesByVar.Length; vi++) { if (activeVariables[vi]) storesByVar[vi] = new List { UninitializedVariable }; } foreach (var inst in scope.Descendants) { ILVariable v; if (inst.MatchStLoc(out v) || inst.MatchTryCatchHandler(out v)) { if (v.Scope == scope && activeVariables[v.IndexInScope]) { storesByVar[v.IndexInScope].Add(inst); } } } return storesByVar; } #endregion #region CreateInitialState ///

/// Create the initial state (reachable + all variables uninitialized). ///

State CreateInitialState() { BitSet initialState = new BitSet(allStores.Length); initialState.Set(ReachableBit); for (int vi = 0; vi < scope.Variables.Count; vi++) { if (activeVariables[vi]) { Debug.Assert(allStores[firstStoreIndexForVariable[vi]] == UninitializedVariable); initialState.Set(firstStoreIndexForVariable[vi]); } } return new State(initialState); } #endregion ///

/// Visitor that traverses the ILInstruction tree. ///

class RDVisitor : DataFlowVisitor { readonly ReachingDefinitions rd; internal RDVisitor(ReachingDefinitions rd) : base(rd.CreateInitialState()) { this.rd = rd; } void HandleStore(ILInstruction inst, ILVariable v) { if (v.Scope == rd.scope && rd.activeVariables[v.IndexInScope] && !state.IsUnreachable) { // Clear the set of stores for this variable: state.bits.Clear(rd.firstStoreIndexForVariable[v.IndexInScope], rd.firstStoreIndexForVariable[v.IndexInScope + 1]); // And replace it with this store: state.bits.Set(rd.storeIndexMap[inst]); } } protected internal override void VisitStLoc(StLoc inst) { base.VisitStLoc(inst); HandleStore(inst, inst.Variable); } protected override void BeginTryCatchHandler(TryCatchHandler inst) { HandleStore(inst, inst.Variable); } } } }