Simple assignment statements, expressions, and conditionals are
represented by one program point. The
following table shows the normalizations applied to these simple
constructs.
Compound constructs are normalized to collections of simpler
constructs, as follows:
| |
Normalization |
Example |
| Return Values
|
The return value of a non-void function f is stored in
a local variable named f$return. |
is treated as if it were:
f$return = x + y;
return;
|
| Nested Function Calls
|
Each call to a function f is lifted out of any enclosing
expression or assignment statement and is treated as a
free-standing function call. The return value of each such call
appears, by convention, in a unique variable named f$resulti, where
different values of i are chosen to distinguish among
different calls to f within the same caller.
The assignment of the function return value from
f$return (a local
variable of f to f$resulti (a local
variable of the caller) is implicit in the call-return
mechanism, i.e., no assignment statement for the transfer from
f$return to
f$resulti
occurs in the representation.
|
is treated as if it were:
|
| Side Effects
|
A nested side effect is factored and treated as a separate
assignment statement. |
is treated as if it were:
TMP = x;
x = x + 1;
i = TMP;
|
| If any actual parameter in a given function call may have a
side effect, then all actual parameters in that call are first
evaluated and stored in temporary variables, with the order of
those assignments determined by the setting of the PARAMETER_EVALUATION_ORDER
configuration parameter. |
is handled as follows.
- With PARAMETER_EVALUATION_ORDER=LEFT_TO_RIGHT,
treated as if it were:
TMP1 = x();
TMP2 = y;
TMP3 = z();
p(TMP1, TMP2, TMP3);
- With PARAMETER_EVALUATION_ORDER=RIGHT_TO_LEFT,
treated as if it were:
TMP1 = z();
TMP2 = y;
TMP3 = x();
p(TMP3, TMP2, TMP1);
|
| Infinite for Loops
|
When no condition is to be tested in a for loop, the loop is normalized so that it
is as if a test against the integer literal one (i.e.,
1) is present. A normalized AST
is present for the integer literal introduced by this
normalization. |
is treated as if it were:
|
| Array Names
|
An array name, which represents the address of the 0-th
element of the array and not the contents of the entire array, is
normalized to make this explicit. |
If x is declared:
All occurrences of x are
treated as if they were:
|
| Subscripts
|
A subscript is normalized to its
pointer-manipulation equivalent. |
If x is declared:
All occurrences of x[i] are
treated as if they were:
|
|
If x is declared:
All occurrences of x[i] are
treated as if they were:
|
| CONDITIONAL (Ternary)
Expressions
|
A conditional expression (i.e., one using C's ternary
operator) embedded in an expression is factored and treated as a
conditional statement that assigns the value of the conditional
expression to a temporary variable. |
is treated as if it were:
if (y)
TMP = z;
else
TMP = w;
x = TMP;
|
Short-circuiting
AND and OR Expressions
|
A collection of n short-circuiting AND and OR
operators is normalized as a collection of n+1
conditional statements that test the n+1 different
operands from left to right and branch to one of two locations as
soon as it is known whether the expression is true (1) or false
(0). |
is normalized to the following:
|
| If the collection of AND and OR operators occurs at the top
level of the condition of a control point, control flows
immediately to the appropriate target, and no temporary variable
is used to hold the intermediate result. |
if (x || y && z)
a;
else
b;
is treated as if it were:
if (x || y && z)
trueLocation: a;
else
falseLocation: b;
|
| If the collection of AND and OR operators occurs as a
subexpression of an enclosing expression or statement, then the
value of the expression is stored in a temporary variable, which
is then used as the operand for the enclosing expression or
statement. |
is treated as if it were:
if (x || y && z)
trueLocation: TMP = 1;
else
falseLocation: TMP = 0;
i = TMP;
|
| NOT
Expressions
|
If the NOT operator occurs at the top level of the condition of
a control point, or is an operand of AND or OR, the operator is
factored out and the sense of the outgoing true and false CFG
edges is switched.
The NOT operator is preserved in all other contexts.
|
is treated as if it were:
|
| Nested Relational Operators
|
Relational operators ( ==,!=,
>,>=, <,<=
) nested inside other expressions are moved into control
points. |
is treated as if it were:
if (a==b)
TMP = 1;
else
TMP = 0;
i = TMP;
|
Cast or coercion to
C++ bool / C _Bool
|
Suppose there an expression with an embedded cast or coercion
of subexpression X to boolean
type (C++ bool or C _Bool). The cast/coercion is factored and
treated as a conditional statement where the conditional
expression is X != 0 and a
temporary variable is set to true on the TRUE branch and false on the FALSE branch. |
is treated as if it were:
if( i != 0 ) TMP = true; else TMP = false;
bool b = TMP;
|
| C++
Constructs
|
There are dozens of normalizations associated with C++
constructs. |
Consider the following code.
class C{
private:
int m_i;
public:
C(){m_i=4;}
};
void f(void){
new C[10];
}
The compact statement new
C[10]; is normalized to a sequence that includes an
initial allocator call followed by a loop in which the default
constructor for class C is
called to populate each array location. Temporary variables are
introduced for the loop counter and array location
computations.
![flowchart for void f(void){new C[10];}](images/ctorLoopNormalization.png)
|