This is an archive of the discontinued LLVM Phabricator instance.

Differential D123784

[clang][analyzer][ctu] Traverse the ctu CallEnter nodes in reverse order
AbandonedPublic

Authored by martong on Apr 14 2022, 5:00 AM.

Details

Reviewers
NoQ
steakhal
xazax.hun
Szelethus
Summary

This change reverses the traverse order of those nodes that had been added to
the ctu worklist during the first phase of the analysis. By reversing the order
of these nodes, we start in the ctu phase with the nodes that are closer to the
root node. Measurements show that this way the length of the bug-paths are
decreasing with roughly by 10%.

Diff Detail

Event Timeline

martong created this revision.Apr 14 2022, 5:00 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptApr 14 2022, 5:00 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: manas, ASDenysPetrov, gamesh411 and 8 others. · View Herald Transcript
martong requested review of this revision.Apr 14 2022, 5:00 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 14 2022, 5:00 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
martong added a parent revision: D123773: [clang][analyzer][ctu] Make CTU a two phase analysis.Apr 14 2022, 5:00 AM
Harbormaster completed remote builds in B159661: Diff 422820.Apr 14 2022, 5:01 AM
steakhal added inline comments.Apr 19 2022, 2:30 AM
clang/lib/StaticAnalyzer/Core/WorkList.cpp
204–207

Please leave a note there, of what the negative values are used for.

216–218

It seems like you are not exploiting the signedness of this variable. And a counter should never be negative anyway.

255

Raw enum would make it more convenient, and the scope is already private - thus it won't affect readability elsewhere.

xazax.hun added a comment.May 6 2022, 9:12 AM

This approach fixes the worklist for the second phase. Would it be possible to create a wrapper that reverses the order of any worklist instead of committing to one and hardcode that?

martong added a comment.May 6 2022, 1:29 PM
In D123784#3496981, @xazax.hun wrote:

This approach fixes the worklist for the second phase. Would it be possible to create a wrapper that reverses the order of any worklist instead of committing to one and hardcode that?

We don't want to reverse the worklist completely. We could reverse if we want to, by popping all elements and adding them to another queue which has the negated ordering function.

We'd like to have a reversed order only for those nodes that are added to the CTUWorklist during the first phase. In all other cases the normal ordering is the desired. Why? Because we'd like to keep the original algorithm once we are evaluating an inlined foreign function. The only thing we'd like to change is that which foreign function to choose for evaluation next. And we'd like that to be the one that is closer to the root node in the exploded graph (this way the overall path lengths can decrease).

Would it be possible to create a wrapper that reverses the order of any worklist instead of committing to one and hardcode that?

I don't think this is possible. I mean how could we reverse the DFS, would that be a BFS? The set of the visited nodes might change at the moment when we choose an other node as next. The only way it could work, if we first collect all the nodes that we want to visit. But the graph is being built as we do the visitation.

martong marked an inline comment as done.May 6 2022, 1:36 PM
martong added inline comments.
clang/lib/StaticAnalyzer/Core/WorkList.cpp
216–218

It is used in the descendant class.

martong mentioned this in D123773: [clang][analyzer][ctu] Make CTU a two phase analysis.May 17 2022, 6:15 AM
martong abandoned this revision.May 17 2022, 6:29 AM
martong marked an inline comment as done.

Abandoning because by using a bool in ctuBifurcate, the CTUWorklist will not have more than one elements during the first phase. Details: https://reviews.llvm.org/D123773?id=426037#inline-1206493

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Core/
PathSensitive/
1 line
lib/
StaticAnalyzer/
Core/
2 lines
49 lines

Diff 422820

clang/include/clang/StaticAnalyzer/Core/PathSensitive/WorkList.h

Show First 20 LinesShow All 79 Lines▼ Show 20 Linespublic:
BlockCounter getBlockCounter() const { return CurrentCounter; } BlockCounter getBlockCounter() const { return CurrentCounter; }
static std::unique_ptr<WorkList> makeDFS(); static std::unique_ptr<WorkList> makeDFS();
static std::unique_ptr<WorkList> makeBFS(); static std::unique_ptr<WorkList> makeBFS();
static std::unique_ptr<WorkList> makeBFSBlockDFSContents(); static std::unique_ptr<WorkList> makeBFSBlockDFSContents();
static std::unique_ptr<WorkList> makeUnexploredFirst(); static std::unique_ptr<WorkList> makeUnexploredFirst();
static std::unique_ptr<WorkList> makeUnexploredFirstPriorityQueue(); static std::unique_ptr<WorkList> makeUnexploredFirstPriorityQueue();
static std::unique_ptr<WorkList> makeUnexploredFirstPriorityLocationQueue(); static std::unique_ptr<WorkList> makeUnexploredFirstPriorityLocationQueue();
static std::unique_ptr<WorkList> makeCTUWorkList();
}; };
} // end ento namespace } // end ento namespace
} // end clang namespace } // end clang namespace
#endif #endif

clang/lib/StaticAnalyzer/Core/CoreEngine.cpp

Show First 20 LinesShow All 69 Lines▼ Show 20 Lines case ExplorationStrategyKind::UnexploredFirstLocationQueue:
return WorkList::makeUnexploredFirstPriorityLocationQueue(); return WorkList::makeUnexploredFirstPriorityLocationQueue();
} }
llvm_unreachable("Unknown AnalyzerOptions::ExplorationStrategyKind"); llvm_unreachable("Unknown AnalyzerOptions::ExplorationStrategyKind");
} }
CoreEngine::CoreEngine(ExprEngine &exprengine, FunctionSummariesTy *FS, CoreEngine::CoreEngine(ExprEngine &exprengine, FunctionSummariesTy *FS,
AnalyzerOptions &Opts) AnalyzerOptions &Opts)
: ExprEng(exprengine), WList(generateWorkList(Opts)), : ExprEng(exprengine), WList(generateWorkList(Opts)),
CTUWList(generateWorkList(Opts)), BCounterFactory(G.getAllocator()), CTUWList(WorkList::makeCTUWorkList()), BCounterFactory(G.getAllocator()),
FunctionSummaries(FS) {} FunctionSummaries(FS) {}
void CoreEngine::setBlockCounter(BlockCounter C) { void CoreEngine::setBlockCounter(BlockCounter C) {
WList->setBlockCounter(C); WList->setBlockCounter(C);
if (CTUWList) if (CTUWList)
CTUWList->setBlockCounter(C); CTUWList->setBlockCounter(C);
} }
▲ Show 20 LinesShow All 651 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/WorkList.cpp

Show First 20 LinesShow All 184 Lines▼ Show 20 Lines
} // namespace } // namespace
std::unique_ptr<WorkList> WorkList::makeUnexploredFirst() { std::unique_ptr<WorkList> WorkList::makeUnexploredFirst() {
return std::make_unique<UnexploredFirstStack>(); return std::make_unique<UnexploredFirstStack>();
} }
namespace { namespace {
class UnexploredFirstPriorityQueue : public WorkList { class UnexploredFirstPriorityQueue : public WorkList {
protected:
using BlockID = unsigned; using BlockID = unsigned;
using LocIdentifier = std::pair<BlockID, const StackFrameContext *>; using LocIdentifier = std::pair<BlockID, const StackFrameContext *>;
// How many times each location was visited. // How many times each location was visited.
// Is signed because we negate it later in order to have a reversed // Is signed because we negate it later in order to have a reversed
// comparison. // comparison.
using VisitedTimesMap = llvm::DenseMap<LocIdentifier, int>; using VisitedTimesMap = llvm::DenseMap<LocIdentifier, int>;
// Compare by number of times the location was visited first (negated // Compare by number of times the location was visited first (negated
// to prefer less often visited locations), then by insertion time (prefer // to prefer less often visited locations), then by insertion time (prefer
// expanding nodes inserted sooner first). // expanding nodes inserted sooner first).
using QueuePriority = std::pair<int, unsigned long>; using QueuePriority = std::pair<int, long>;
steakhalUnsubmitted
Not Done
ReplyInline Actions

Please leave a note there, of what the negative values are used for.

steakhal: Please leave a note there, of what the negative values are used for.
using QueueItem = std::pair<WorkListUnit, QueuePriority>; using QueueItem = std::pair<WorkListUnit, QueuePriority>;
struct ExplorationComparator { struct ExplorationComparator {
bool operator() (const QueueItem &LHS, const QueueItem &RHS) { bool operator() (const QueueItem &LHS, const QueueItem &RHS) {
return LHS.second < RHS.second; return LHS.second < RHS.second;
} }
}; };
// Number of inserted nodes, used to emulate DFS ordering in the priority // Number of inserted nodes, used to emulate DFS ordering in the priority
// queue when insertions are equal. // queue when insertions are equal.
unsigned long Counter = 0; long Counter = 0;
steakhalUnsubmitted
Done
ReplyInline Actions

It seems like you are not exploiting the signedness of this variable. And a counter should never be negative anyway.

steakhal: It seems like you are not exploiting the signedness of this variable. And a counter should…
martongAuthorUnsubmitted
Done
ReplyInline Actions

It is used in the descendant class.

martong: It is used in the descendant class.
// Number of times a current location was reached. // Number of times a current location was reached.
VisitedTimesMap NumReached; VisitedTimesMap NumReached;
// The top item is the largest one. // The top item is the largest one.
llvm::PriorityQueue<QueueItem, std::vector<QueueItem>, ExplorationComparator> llvm::PriorityQueue<QueueItem, std::vector<QueueItem>, ExplorationComparator>
queue; queue;
public: unsigned getNumVisited(const WorkListUnit &U) {
bool hasWork() const override {
return !queue.empty();
}
void enqueue(const WorkListUnit &U) override {
const ExplodedNode *N = U.getNode(); const ExplodedNode *N = U.getNode();
unsigned NumVisited = 0; unsigned NumVisited = 0;
if (auto BE = N->getLocation().getAs<BlockEntrance>()) { if (auto BE = N->getLocation().getAs<BlockEntrance>()) {
LocIdentifier LocId = std::make_pair( LocIdentifier LocId = std::make_pair(
BE->getBlock()->getBlockID(), BE->getBlock()->getBlockID(),
N->getLocationContext()->getStackFrame()); N->getLocationContext()->getStackFrame());
NumVisited = NumReached[LocId]++; NumVisited = NumReached[LocId]++;
} }
return NumVisited;
}
public:
bool hasWork() const override { return !queue.empty(); }
void enqueue(const WorkListUnit &U) override {
unsigned NumVisited = getNumVisited(U);
queue.push(std::make_pair(U, std::make_pair(-NumVisited, ++Counter))); queue.push(std::make_pair(U, std::make_pair(-NumVisited, ++Counter)));
} }
WorkListUnit dequeue() override { WorkListUnit dequeue() override {
QueueItem U = queue.top(); QueueItem U = queue.top();
queue.pop(); queue.pop();
return U.first; return U.first;
} }
}; };
class CTUWorkList : public UnexploredFirstPriorityQueue {
enum class SecondaryOrder { DFS = 1, ReverseDFS };
steakhalUnsubmitted
Not Done
ReplyInline Actions
class CTUWorkList : public UnexploredFirstPriorityQueue {
- enum class SecondaryOrder { DFS = 1, ReverseDFS };
+ enum SecondaryOrder { DFS, ReverseDFS };
SecondaryOrder ScndOrd = SecondaryOrder::ReverseDFS;

Raw enum would make it more convenient, and the scope is already private - thus it won't affect readability elsewhere.

steakhal: Raw enum would make it more convenient, and the scope is already private - thus it won't affect…
SecondaryOrder ScndOrd = SecondaryOrder::ReverseDFS;
long ReverseDFSCounter = 0;
public:
void enqueue(const WorkListUnit &U) override {
unsigned NumVisited = getNumVisited(U);
queue.push(std::make_pair(
U, std::make_pair(-NumVisited, ScndOrd == SecondaryOrder::DFS
? ++Counter
: --ReverseDFSCounter)));
}
WorkListUnit dequeue() override {
// During the first phase we never call dequeue(). Thus, the first call of
// dequeue() indicates the start of the second phase. We want to have the
// normal ordering during the second phase.
ScndOrd = SecondaryOrder::DFS;
return UnexploredFirstPriorityQueue::dequeue();
}
};
} // namespace } // namespace
std::unique_ptr<WorkList> WorkList::makeUnexploredFirstPriorityQueue() { std::unique_ptr<WorkList> WorkList::makeUnexploredFirstPriorityQueue() {
return std::make_unique<UnexploredFirstPriorityQueue>(); return std::make_unique<UnexploredFirstPriorityQueue>();
} }
std::unique_ptr<WorkList> WorkList::makeCTUWorkList() {
return std::make_unique<CTUWorkList>();
}
namespace { namespace {
class UnexploredFirstPriorityLocationQueue : public WorkList { class UnexploredFirstPriorityLocationQueue : public WorkList {
using LocIdentifier = const CFGBlock *; using LocIdentifier = const CFGBlock *;
// How many times each location was visited. // How many times each location was visited.
// Is signed because we negate it later in order to have a reversed // Is signed because we negate it later in order to have a reversed
// comparison. // comparison.
using VisitedTimesMap = llvm::DenseMap<LocIdentifier, int>; using VisitedTimesMap = llvm::DenseMap<LocIdentifier, int>;
▲ Show 20 LinesShow All 51 LinesShow Last 20 Lines