Add a caller_history argument to ai_historyt::step()

This is similar to a three-way merge in that it allows histories to
not only use their state and histories in the next location but also
to access the history at the call site.  Doing so makes it possible to
create "function local" history where all call-sites merge and drop
their previous history but it is picked back up on function return.
This is needed for managing scalability in some of the more involved
histories.

Author: martin

src/analyses/ai.cpp

@@ -303,8 +303,14 @@ bool ai_baset::visit(
       if(to_l == goto_program.instructions.end())
         continue;
 
-      new_data |=
-        visit_edge(function_id, p, function_id, to_l, ns, working_set);
+      new_data |= visit_edge(
+        function_id,
+        p,
+        function_id,
+        to_l,
+        ai_history_baset::no_caller_history,
+        ns,
+        working_set); // Local steps so no caller history needed
     }
   }
 
@@ -316,11 +322,13 @@ bool ai_baset::visit_edge(
   trace_ptrt p,
   const irep_idt &to_function_id,
   locationt to_l,
+  trace_ptrt caller_history,
   const namespacet &ns,
   working_sett &working_set)
 {
   // Has history taught us not to step here...
-  auto next = p->step(to_l, *(storage->abstract_traces_before(to_l)));
+  auto next =
+    p->step(to_l, *(storage->abstract_traces_before(to_l)), caller_history);
   if(next.first == ai_history_baset::step_statust::BLOCKED)
     return false;
   trace_ptrt to_p = next.second;
@@ -366,6 +374,8 @@ bool ai_baset::visit_edge_function_call(
     p_call,
     calling_function_id,
     l_return,
+    ai_history_baset::
+      no_caller_history, // Not needed as we are skipping the function call
     ns,
     working_set);
 }
@@ -439,6 +449,7 @@ bool ai_baset::visit_function_call(
     p_call,
     calling_function_id,
     l_return,
+    ai_history_baset::no_caller_history, // Would be the same as p_call...
     ns,
     working_set);
 }
@@ -480,6 +491,8 @@ bool ai_recursive_interproceduralt::visit_edge_function_call(
       p_call,
       callee_function_id,
       l_begin,
+      ai_history_baset::
+        no_caller_history, // Not needed as p_call already has the info
       ns,
       catch_working_set);
 
@@ -525,6 +538,7 @@ bool ai_recursive_interproceduralt::visit_edge_function_call(
           p_end,
           calling_function_id,
           l_return,
+          p_call, // To allow function-local history
           ns,
           working_set);
       }

src/analyses/ai.h

@@ -252,7 +252,11 @@ class ai_baset
 
     locationt n = std::next(l);
 
-    auto step_return = p->step(n, *(storage->abstract_traces_before(n)));
+    auto step_return = p->step(
+      n,
+      *(storage->abstract_traces_before(n)),
+      ai_history_baset::no_caller_history);
+    // Caller history not needed as this is a local step
 
     return storage->abstract_state_before(step_return.second, *domain_factory);
   }
@@ -469,6 +473,7 @@ class ai_baset
     trace_ptrt p,
     const irep_idt &to_function_id,
     locationt to_l,
+    trace_ptrt caller_history,
     const namespacet &ns,
     working_sett &working_set);
 

src/analyses/ai_history.cpp

@@ -27,3 +27,6 @@ xmlt ai_history_baset::output_xml(void) const
   xml.data = out.str();
   return xml;
 }
+
+const ai_history_baset::trace_ptrt ai_history_baset::no_caller_history =
+  nullptr;

src/analyses/ai_history.h

@@ -88,11 +88,16 @@ class ai_history_baset
   typedef std::pair<step_statust, trace_ptrt> step_returnt;
   /// Step creates a new history by advancing the current one to location "to"
   /// It is given the set of all other histories that have reached this point.
+  /// In the case of function call return it is also given the full history of
+  /// the caller.  This allows function-local histories as they can "pick up"
+  /// the state from before the call when computing the return edge.
   ///
   /// PRECONDITION(to.id_dereferenceable());
   /// PRECONDITION(to in goto_program.get_successors(current_location()) ||
   ///              current_location()->is_function_call() ||
   ///              current_location()->is_end_function());
+  /// PRECONDITION(caller_hist == no_caller_history ||
+  ///              current_location()->is_end_function);
   ///
   /// Step may do one of three things :
   ///  1. Create a new history object and return a pointer to it
@@ -108,7 +113,12 @@ class ai_history_baset
   ///     other than the call location) or undesireable (omitting some traces)
   ///     POSTCONDITION(IMPLIES(result.first == BLOCKED,
   ///                           result.second == nullptr()));
-  virtual step_returnt step(locationt to, const trace_sett &others) const = 0;
+  virtual step_returnt step(
+    locationt to,
+    const trace_sett &others,
+    trace_ptrt caller_hist) const = 0;
+
+  static const trace_ptrt no_caller_history;
 
   /// The order for history_sett
   virtual bool operator<(const ai_history_baset &op) const = 0;
@@ -157,7 +167,10 @@ class ahistoricalt : public ai_history_baset
   {
   }
 
-  step_returnt step(locationt to, const trace_sett &others) const override
+  step_returnt step(
+    locationt to,
+    const trace_sett &others,
+    trace_ptrt caller_hist) const override
   {
     trace_ptrt next(new ahistoricalt(to));
 

src/analyses/call_stack_history.cpp

@@ -11,8 +11,10 @@ Author: Martin Brain, martin.brain@cs.ox.ac.uk
 
 #include "call_stack_history.h"
 
-ai_history_baset::step_returnt
-call_stack_historyt::step(locationt to, const trace_sett &others) const
+ai_history_baset::step_returnt call_stack_historyt::step(
+  locationt to,
+  const trace_sett &others,
+  trace_ptrt caller_hist) const
 {
   DATA_INVARIANT(current_stack != nullptr, "current_stack must exist");
 
@@ -79,12 +81,29 @@ call_stack_historyt::step(locationt to, const trace_sett &others) const
     }
     else
     {
+      INVARIANT(
+        caller_hist != ai_history_baset::no_caller_history,
+        "return from function should have a caller");
+
       // The expected call return site...
       locationt l_caller_return =
         std::next(current_stack->caller->current_location);
 
       if(l_caller_return->location_number == to->location_number)
       {
+        INVARIANT(
+          std::next(caller_hist->current_location())->location_number ==
+            l_caller_return->location_number,
+          "caller and caller_hist should be consistent");
+        // It is tempting to think that...
+        // INVARIANT(*(current_stack->caller) ==
+        //           *(std::dynamic_pointer_cast<const call_stack_historyt>
+        //                                       (caller_hist)->current_stack),
+        //           "call stacks should match");
+        // and that we could just use caller_hist->current_stack here.
+        // This fails when you hit the recursion limit so that the
+        // caller_hist has a deep stack but *this has a shallow one.
+
         // ... which is where we are going
         next_stack = cse_ptrt(std::make_shared<call_stack_entryt>(
           to, current_stack->caller->caller));

src/analyses/call_stack_history.h

@@ -81,7 +81,10 @@ class call_stack_historyt : public ai_history_baset
   {
   }
 
-  step_returnt step(locationt to, const trace_sett &others) const override;
+  step_returnt step(
+    locationt to,
+    const trace_sett &others,
+    trace_ptrt caller_hist) const override;
 
   bool operator<(const ai_history_baset &op) const override;
   bool operator==(const ai_history_baset &op) const override;