Llair (infer.Llair)

module Loc : sig ... end

Source code debug locations

module Typ : sig ... end

Types

module Reg : sig ... end

Variables

module Exp : sig ... end

Expressions

module FuncName : sig ... end

Function names

module Global : sig ... end

Globals

module GlobalDefn : sig ... end

Global variables

val cct_schedule_points : bool Stdlib.ref

module Builtin : sig ... end

module Intrinsic : sig ... end

type inst = private

| Move of {
1. reg_exps : (Reg.t * Exp.t) NS.iarray;
2. loc : Loc.t;
}
(*
Move each value exp into corresponding register reg. All of the moves take effect simultaneously.
*)
| Load of {
1. reg : Reg.t;
2. ptr : Exp.t;
3. len : Exp.t;
4. loc : Loc.t;
}
(*
Read a len-byte value from the contents of memory at address ptr into reg.
*)
| Store of {
1. ptr : Exp.t;
2. exp : Exp.t;
3. len : Exp.t;
4. loc : Loc.t;
}
(*
Write len-byte value exp into memory at address ptr.
*)
| AtomicRMW of {
1. reg : Reg.t;
2. ptr : Exp.t;
3. exp : Exp.t;
4. len : Exp.t;
5. loc : Loc.t;
}
(*
Atomically load a len-byte value val from the contents of memory at address ptr, set reg to val, and store the len-byte value of (λreg. exp) val into memory at address ptr. Note that, unlike other instructions and arguments, occurrences of reg in exp refer to the new, not old, value.
*)
| AtomicCmpXchg of {
1. reg : Reg.t;
2. ptr : Exp.t;
3. cmp : Exp.t;
4. exp : Exp.t;
5. len : Exp.t;
6. len1 : Exp.t;
7. loc : Loc.t;
}
(*
Atomically load a len-byte value from the contents of memory at address ptr, compare the value to cmp, and if equal store len-byte value exp into memory at address ptr. Sets reg to the loaded value concatenated to a len1-byte value 1 if the store was performed, otherwise 0.
*)
| Alloc of {
1. reg : Reg.t;
2. num : Exp.t;
3. len : int;
4. loc : Loc.t;
}
(*
Allocate a block of memory large enough to store num elements of len bytes each and bind reg to the first address.
*)
| Free of {
1. ptr : Exp.t;
2. loc : Loc.t;
}
(*
Deallocate the previously allocated block at address ptr.
*)
| Nondet of {
1. reg : Reg.t option;
2. msg : string;
3. loc : Loc.t;
}
(*
Bind reg to an arbitrary value, representing non-deterministic approximation of behavior described by msg.
*)
| Builtin of {
1. reg : Reg.t option;
2. name : Builtin.t;
3. args : Exp.t NS.iarray;
4. loc : Loc.t;
}
(*
Bind reg to the value of applying builtin name to args.
*)

Instructions for memory manipulation or other non-control effects.

type cmnd = inst NS.iarray

A (straight-line) command is a sequence of instructions.

type label = string

A label is a name of a block.

type jump = private {

mutable dst : block;
mutable retreating : bool;

}

A jump to a block.

and call_target = {

mutable func : func;
mutable recursive : bool;
(*
Holds unless this call target is definitely not recursive
*)

}

and icall_target = {

ptr : Exp.t;
(*
Dynamically resolved function pointer.
*)
mutable candidates : call_target NS.iarray;
(*
Statically computed over-approximation of possible call targets.
*)

}

and callee =

| Direct of call_target
(*
Statically resolved function
*)
| Indirect of icall_target
(*
Dynamically resolved function
*)
| Intrinsic of Intrinsic.t
(*
Intrinsic implemented in analyzer rather than source code
*)

and 'a call = {

callee : 'a;
typ : Typ.t;
(*
Type of the callee.
*)
actuals : Exp.t NS.iarray;
(*
Actual arguments.
*)
areturn : Reg.t option;
(*
Register to receive return value.
*)
return : jump;
(*
Return destination.
*)
throw : jump option;
(*
Handler destination.
*)
loc : Loc.t;

}

A call to a function.

and term = private

| Switch of {
1. key : Exp.t;
2. tbl : (Exp.t * jump) NS.iarray;
3. els : jump;
4. loc : Loc.t;
}
(*
Invoke the jump in tbl associated with the integer expression case which is equal to key, if any, otherwise invoke els.
*)
| Iswitch of {
1. ptr : Exp.t;
2. tbl : jump NS.iarray;
3. loc : Loc.t;
}
(*
Invoke the jump in tbl whose dst is equal to ptr.
*)
| Call of callee call
(*
Call function with arguments.
*)
| Return of {
1. exp : Exp.t option;
2. loc : Loc.t;
}
(*
Invoke return of the dynamically most recent Call.
*)
| Throw of {
1. exc : Exp.t;
2. loc : Loc.t;
}
(*
Invoke throw of the dynamically most recent Call with throw not None.
*)
| Abort of {
1. loc : Loc.t;
}
(*
Trigger abnormal program termination
*)
| Unreachable
(*
Halt as control is assumed to never reach Unreachable.
*)

Block terminators for function call/return or other control transfers.

and block = private {

lbl : label;
cmnd : cmnd;
term : term;
mutable parent : func;
mutable sort_index : int;
(*
Position in a topological order, ignoring retreating edges.
*)
mutable goal_distance : int;
(*
An upper bound on the distance from this block to the end of the current goal trace, measured in blocks.
*)

}

A block is a destination of a jump with arguments, contains code.

and func = private {

name : FuncName.t;
formals : Reg.t NS.iarray;
(*
Formal parameters
*)
freturn : Reg.t option;
fthrow : Reg.t;
locals : Reg.Set.t;
(*
Local registers
*)
entry : block;
loc : Loc.t;

}

A function is a control-flow graph with distinguished entry block, whose parameters are the function parameters.

type ip

type functions = func FuncName.Map.t

type program = private {

globals : GlobalDefn.t NS.iarray;
(*
Global definitions.
*)
functions : functions;
(*
(Global) function definitions.
*)

}

module Inst : sig ... end

module Jump : sig ... end

module Term : sig ... end

module Block : sig ... end

module IP : sig ... end

module Func : sig ... end

module Program : sig ... end