Current Behavior
The ProgramSlice::getClonedCond(Value *origCond) method is responsible for finding the cloned equivalent of a branch condition within a newly outlined function. Currently, if the method fails to find a mapping for the original condition in its internal maps (_origToNewInst or _depArgs), it defaults to returning an UndefValue.
File: lib/ProgramSlice.cpp
Value *ProgramSlice::getClonedCond(Value *origCond) {
if (auto *inst = dyn_cast<Instruction>(origCond)) {
auto it = _origToNewInst.find(inst);
if (it != _origToNewInst.end()) return it->second;
}
if (auto *arg = dyn_cast<Argument>(origCond)) {
auto it = std::find(_depArgs.begin(), _depArgs.end(), arg);
if (it != _depArgs.end()) return *it;
}
// This fallback causes incorrect control flow.
return UndefValue::get(origCond->getType());
}This behavior can lead to outlined functions with invalid terminators, causing incorrect control flow or verification failures, as the branch condition becomes undefined.
Expected Behavior
The getClonedCond method must always resolve to a valid, cloned Value that represents the original condition. The data dependency analysis should correctly identify all values used in terminators as dependencies of the slice. The fallback to UndefValue should be removed and replaced with a more robust mechanism, such as an assertion, to catch analysis failures during development.
Implementation Suggestions
- Analyze Dependency Tracking: Investigate why certain branch conditions are not being added to the
_depArgs list or mapped in _origToNewInst during the initial data dependency analysis in getDataDependencies.
- Ensure Full Mapping: Modify the dependency analysis to guarantee that all values used as branch or switch conditions within a slice's basic blocks are correctly identified and mapped.
- Remove
UndefValue Fallback: Replace return UndefValue::get(origCond->getType()); with an assertion like assert(false && "Could not find cloned condition for branch"); to immediately flag any analysis gaps.
Current Behavior
The
ProgramSlice::getClonedCond(Value *origCond)method is responsible for finding the cloned equivalent of a branch condition within a newly outlined function. Currently, if the method fails to find a mapping for the original condition in its internal maps (_origToNewInstor_depArgs), it defaults to returning anUndefValue.File:
lib/ProgramSlice.cppThis behavior can lead to outlined functions with invalid terminators, causing incorrect control flow or verification failures, as the branch condition becomes undefined.
Expected Behavior
The
getClonedCondmethod must always resolve to a valid, cloned Value that represents the original condition. The data dependency analysis should correctly identify all values used in terminators as dependencies of the slice. The fallback toUndefValueshould be removed and replaced with a more robust mechanism, such as an assertion, to catch analysis failures during development.Implementation Suggestions
_depArgslist or mapped in_origToNewInstduring the initial data dependency analysis ingetDataDependencies.UndefValueFallback: Replace returnUndefValue::get(origCond->getType());with an assertion likeassert(false && "Could not find cloned condition for branch");to immediately flag any analysis gaps.