A CIL Tutorial - Department of Computer Science - ETH Zürich
A CIL Tutorial - Department of Computer Science - ETH Zürich A CIL Tutorial - Department of Computer Science - ETH Zürich
CHAPTER 0. OVERVIEW AND ORGANIZATION 10 $ OCAMLRUNPARAM=b ciltutcc --bytecode ...
Chapter 1 The AST The Concrete Syntax of a program, is the textual representation of the program. An Abstract Syntax Tree(AST) is the in-memory data-structure that represents the parsed program. Parsing turns the concrete syntax into an AST. Parsing, the specication of grammars, and the various algorithms for lexical analysis and parsing, are covered in detail in many traditional textbooks on compilers. The textbooks by Appel [2] and Muchnick [3] are good starting points. This chapter of the tutorial explains the structure of CIL's AST for C. The AST is dened in the Cil module in cil/src/cil.ml between lines 130 and 850. It might seem pretty complex at rst glance, but you will nd that it is very well documented, and the names of types, elds and constructors are logically assigned. Also, if you are familiar with other C or C++ front-ends, this AST is refreshingly straightforward. Finally, one of the key advantages to using CIL is that it makes a number of transformations that simplify analysis and instrumentation. Biggest among these is the absence of side-eects in expressions. Function calls and assignments are all lifted out of expressions into the Cil.instr nodes. In this example code, we go digging through the AST looking for a function called target, when we nd it, we lter out assignments to a global variable called deleted. In src/tut2.ml we'll see how to do this a bit more elegantly. Coding Hint: When working with CIL, have two windows of source on your screen. One window is the project you are hacking on. The other window is cil.ml, so you can refer quickly to the AST type denitions and utility functions. 11
- Page 1 and 2: A CIL Tutorial Using CIL for langua
- Page 3 and 4: Contents Preface 4 Introduction 5 0
- Page 5 and 6: CONTENTS 3 13 Whole-program Analysi
- Page 7 and 8: Introduction The C Intermediate Lan
- Page 9 and 10: References [1] clang: a C language
- Page 11: CHAPTER 0. OVERVIEW AND ORGANIZATIO
- Page 15 and 16: CHAPTER 1. THE AST 13 1.2 Printing
- Page 17 and 18: References [1] Andrew W. Appel. Mod
- Page 19 and 20: CHAPTER 2. VISITING THE AST 17 open
- Page 21 and 22: CHAPTER 2. VISITING THE AST 19 $ ci
- Page 23 and 24: Chapter 3 Dataow Analysis Dataow An
- Page 25 and 26: CHAPTER 3. DATAFLOW ANALYSIS 23 Cod
- Page 27 and 28: CHAPTER 3. DATAFLOW ANALYSIS 25 let
- Page 29 and 30: CHAPTER 3. DATAFLOW ANALYSIS 27 and
- Page 31 and 32: CHAPTER 3. DATAFLOW ANALYSIS 29 let
- Page 33 and 34: CHAPTER 3. DATAFLOW ANALYSIS 31 DoC
- Page 35 and 36: CHAPTER 3. DATAFLOW ANALYSIS 33 tes
- Page 37 and 38: References [1] Aws Albarghouthi, Ra
- Page 39 and 40: CHAPTER 4. INSTRUMENTATION 37 type
- Page 41 and 42: CHAPTER 4. INSTRUMENTATION 39 metho
- Page 43 and 44: CHAPTER 4. INSTRUMENTATION 41 $ cil
- Page 45 and 46: CHAPTER 5. INTERPRETED CONSTRUCTORS
- Page 47 and 48: CHAPTER 5. INTERPRETED CONSTRUCTORS
- Page 49 and 50: Chapter 6 Overriding Functions When
- Page 51 and 52: CHAPTER 6. OVERRIDING FUNCTIONS 49
- Page 53 and 54: References [1] Kumar Avijit, Pratee
- Page 55 and 56: CHAPTER 7. TYPE QUALIFIERS 53 let c
- Page 57 and 58: CHAPTER 7. TYPE QUALIFIERS 55 let w
- Page 59 and 60: CHAPTER 7. TYPE QUALIFIERS 57 $ cil
- Page 61 and 62: Chapter 8 Dependant Type Qualiers O
Chapter 1<br />
The AST<br />
The Concrete Syntax <strong>of</strong> a program, is the textual representation <strong>of</strong> the program. An Abstract Syntax<br />
Tree(AST) is the in-memory data-structure that represents the parsed program. Parsing turns the<br />
concrete syntax into an AST. Parsing, the specication <strong>of</strong> grammars, and the various algorithms<br />
for lexical analysis and parsing, are covered in detail in many traditional textbooks on compilers.<br />
The textbooks by Appel [2] and Muchnick [3] are good starting points.<br />
This chapter <strong>of</strong> the tutorial explains the structure <strong>of</strong> <strong>CIL</strong>'s AST for C. The AST is dened in<br />
the Cil module in cil/src/cil.ml between lines 130 and 850. It might seem pretty complex at<br />
rst glance, but you will nd that it is very well documented, and the names <strong>of</strong> types, elds and<br />
constructors are logically assigned. Also, if you are familiar with other C or C++ front-ends, this<br />
AST is refreshingly straightforward. Finally, one <strong>of</strong> the key advantages to using <strong>CIL</strong> is that it makes<br />
a number <strong>of</strong> transformations that simplify analysis and instrumentation. Biggest among these is the<br />
absence <strong>of</strong> side-eects in expressions. Function calls and assignments are all lifted out <strong>of</strong> expressions<br />
into the Cil.instr nodes.<br />
In this example code, we go digging through the AST looking for a function called target, when<br />
we nd it, we lter out assignments to a global variable called deleted. In src/tut2.ml we'll see<br />
how to do this a bit more elegantly.<br />
Coding Hint: When working with <strong>CIL</strong>, have two windows <strong>of</strong> source on your<br />
screen. One window is the project you are hacking on. The other window<br />
is cil.ml, so you can refer quickly to the AST type denitions and utility<br />
functions.<br />
11
Change language