This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/clang/
-
clang/
-
Analysis/
-
AnalysisDeclContext.h
3/3
CFG.h
-
StaticAnalyzer/Core/
-
Core/
-
AnalyzerOptions.h
-
lib/
-
Analysis/
-
AnalysisDeclContext.cpp
3/6
CFG.cpp
-
StaticAnalyzer/Core/
-
Core/
1/1
AnalysisManager.cpp
-
AnalyzerOptions.cpp
-
ExprEngine.cpp
-
PathDiagnostic.cpp
-
test/Analysis/
-
Analysis/
-
analyzer-config.c
-
analyzer-config.cpp
-
scopes-cfg-output.cpp

Differential D16403

Add scope information to CFG
ClosedPublic

Authored by m.ostapenko on Jan 21 2016, 6:17 AM.

Download Raw Diff

Details

Reviewers

klimek
dcoughlin
zaks.anna
bshastry
rsmith
NoQ

Commits

rGdebca45e45a1: [analyzer] Add scope information to CFG
rL327258: [analyzer] Add scope information to CFG
rC327258: [analyzer] Add scope information to CFG

Summary

This patch adds two new CFG elements CFGScopeBegin and CFGScopeEnd that indicate when a local scope begins and ends respectively.
The addition has been developed behind a new analyzer-config flag called cfg-scopes (false by default).
A new test file called scopes-cfg-output.cpp has been created. This tests the new (experimental) feature.
Old test files affected by this patch are analyzer-config.c and analyzer-config.cpp; these have been updated to reflect changes pertaining to the newly added analyzer-config flag.
All tests pass.

Diff Detail

Repository: rL LLVM

Event Timeline

bshastry updated this revision to Diff 45522.Jan 21 2016, 6:17 AM

bshastry retitled this revision from to Add scope information to CFG.

bshastry updated this object.

bshastry added reviewers: dcoughlin, klimek, zaks.anna.

xazax.hun added a subscriber: xazax.hun.Jan 27 2016, 5:01 AM

NoQ added a subscriber: NoQ.Jan 27 2016, 9:32 AM

a.sidorin added a subscriber: a.sidorin.Jan 28 2016, 12:18 AM

Bhargava,

Thanks for the patch! Here are some quick, superficial comments. Some more in-depth comments coming later.

Also, it is very helpful for reviewers on Phabricator if the you include more context in the diff with -U999999. (See http://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-web-interface).

include/clang/Analysis/CFG.h
171	Even though a lot of code doesn't follow the guidelines, LLVM style discourages duplicating the function or class name at the beginning of the comment. (See http://llvm.org/docs/CodingStandards.html#doxygen-use-in-documentation-comments)
192	Same doc comment style issue here.
790	I would suggest calling this "AddScopes" to match the pluralization of the other options and propagate that name throughout the rest of the patch (e.g. "IncludeScopesInCFG", etc.).
lib/Analysis/CFG.cpp
249	I think it would be helpful to name this something more expressive (perhaps "TriggerStmt") so it is immediately clear what the relationship between the statement the LocalScope is.
1225	What is the difference between TriggerStmt and ScopeCreator? Do we need them both here?
1430	I think it is very important to document the different between 'S' and 'ScopeCreator' here.
lib/StaticAnalyzer/Core/AnalysisManager.cpp
29	The indentation looks off here.

ilya_palachev added a subscriber: ilya_palachev.Jan 29 2016, 7:56 AM

Updated patch to include full context.

Thanks for including more context. It is very helpful on Phabricator.

This looks like it is in good shape to me, but I think there are still two things to be done.

I think it is important to not create ScopeBegin/ScopeEnd elements in the CFG if the scope doesn't actually contain any local variables. The CFGElements in blocks get iterated over many times, so it is good to keep the CFG as lean as possible. For example, in

if (x) {
 x++;
}

there isn't a need to add a scope pair around the Then statement. I think you should be able to avoid this by modifying addAutomaticObjDtors() to not add the End if the local scope is empty and having it communicate whether it did so or not to callers to that they can avoid adding the corresponding Begin after emitting the code in the scope.

I think you are also missing some important scopes. For example, in:

int stuff();
void bar() {
  int *x = 0;
  if (int i = stuff()) {
    x = &i;
  } else {
  }
}

There needs to be a scope that starts immediately before int i = stuff() is evaluated and ends when the then statement ends. Every control flow statement with a condition variable (if/for/while/switch) will need the same treatment.

It is probably also good to add some tests that don't use C++ objects with destructors but instead just plain-old-C to make sure the scopes are correctly added even when there are no automatic destructors.

Also, don't forget to add cases for ScopeBegin and ScopeEnd to ExprEngine::processCFGElement() and getLocationForCaller() in PathDiagnostic.cpp. These can be llvm_unreachable() for now. Right now compiling your patch warns about those being missing.

Hello Bhargava,

Do you have any progress on this patch?
We have implemented ScopeContext support in the analyzer core but our work relies on this patch. Do you plan to continue work on CFG?
Also, I found a similar review: http://reviews.llvm.org/D15031 and I don't know what patch should really be accepted. Devin, Bhargava, could you please take a look?

In D16403#338460, @dcoughlin wrote:

Bhargava,

Thanks for the patch! Here are some quick, superficial comments. Some more in-depth comments coming later.

Also, it is very helpful for reviewers on Phabricator if the you include more context in the diff with -U999999. (See http://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-web-interface).

In D16403#390943, @a.sidorin wrote:

Hello Bhargava,

Do you have any progress on this patch?
We have implemented ScopeContext support in the analyzer core but our work relies on this patch. Do you plan to continue work on CFG?
Also, I found a similar review: http://reviews.llvm.org/D15031 and I don't know what patch should really be accepted. Devin, Bhargava, could you please take a look?

Hi Aleksei,

I was working on this patch but got sidetracked. It is nice to know that there is going to be support for ScopeContext within the analyzer core. I would be happy to get back on this patch and push it upstream with help from Devin. I cannot promise a strict timeline but hopefully by the end of this week, there should be something commit ready.

Regards,
Bhargava

jbcoe added a subscriber: jbcoe.Apr 4 2016, 7:43 AM

mgehre added a subscriber: mgehre.Apr 4 2016, 9:48 AM

jrmuizel added a subscriber: jrmuizel.Apr 4 2016, 7:46 PM

Addressed Devin's comments from first review:

Comments conform to LLVM style
Missing switch cases added for CFGElements ScopeBegin and ScopeEnd

Please note that this patch is not final yet. Devin's comments from second review are still being incorporated. Specifically, the comments being addressed are:

Document difference between Stmt and TriggerStmt
Avoiding scopes when no local VarDecl exists
Correcting the position of scopes to before the first VarDecl in scope e.g., as part of a condition statement

Fixed bug: Previous patch caused build failure due to CFG scope option rename (AddScope instead of AddScopeInfo) not being applied to CFG.cpp and the test case.

Renamed and documented the difference between scope creator statement (TriggerScopeStmt) and auto obj dtors statement (TriggerAutoObjDtorsStmt).

Hi Devin,

Please find my thoughts on your second batch of comments inline:

I think it is important to not create ScopeBegin/ScopeEnd elements in the CFG if the scope doesn't actually contain any local variables. The CFGElements in blocks get iterated over many times, so it is good to keep the CFG as lean as possible. For example, in
if (x) {
 x++;
}
there isn't a need to add a scope pair around the Then statement. I think you should be able to avoid this by modifying addAutomaticObjDtors() to not add the End if the local scope is empty and having it communicate whether it did so or not to callers to that they can avoid adding the corresponding Begin after emitting the code in the scope.

[Task 1] I agree that it is necessary to keep CFG lean. However, your implementation proposal (communicating outcome of ScopeEnd addition up the caller hierarchy) requires careful consideration. Problematic cases are when scope end and scope begin are scattered across visitors e.g., breakstmt, continuestmt etc. For instance, the information about presence/absence of a scopeend element from a break stmt needs to be propogated through to the corresponding switch case stmt. I am afraid I feel a bit underprepared to implement this.

I think you are also missing some important scopes. For example, in:
int stuff();
void bar() {
  int *x = 0;
  if (int i = stuff()) {
    x = &i;
  } else {
  }
}
There needs to be a scope that starts immediately before int i = stuff() is evaluated and ends when the then statement ends. Every control flow statement with a condition variable (if/for/while/switch) will need the same treatment.

[Task 2] Agreed. This is a bit more simpler than the task 1. I will have a go and post a patch when this is ready.

It is probably also good to add some tests that don't use C++ objects with destructors but instead just plain-old-C to make sure the scopes are correctly added even when there are no automatic destructors.

[Task 3] Agreed. Will couple this with task 2.

Also, don't forget to add cases for ScopeBegin and ScopeEnd to ExprEngine::processCFGElement() and getLocationForCaller() in PathDiagnostic.cpp. These can be llvm_unreachable() for now. Right now compiling your patch warns about those being missing.

This has been done in the latest patch.

lib/Analysis/CFG.cpp
1463	Yes. I have renamed TriggerStmt to TriggerAutoObjDtorsStmt and ScopeCreator to TriggerScopeStmt. The former tells us when to add ScopeEnd element and the former ScopeBegin element. Addition of TriggerScopeStmt was necessary because TriggerAutoObjDtorsStmt doesn't tell us anything about the present scope's context; only that the present scope is going to end.

Nit: Renamed addScopeInfo to addScopes in AnalysisDeclContextManager ctor declaration

Hello Bhargava,

I used your patch as a development base. It is a really good improvement. But there are some things I wish to point on.
First, it is good to document some things.

Scopes are not strictly nested. A ScopeEnd may terminate a number of ScopeBegins - for example, for break, continue or return. It was not evident for me so I'd prefer to state it somewhere.
As I understand, the number of ScopeBegins on any path should be more or equal than the number of ScopeEnds.

Second, I found an issue for SwitchStmts without a CompoundStmt body. Consider this test case:

void test() {
  switch (0)
  case 0:
  default: {
    int a = 0;
  }
}

CFG for this code will contain a ScopeEnd for SwitchStmt but no ScopeBegin (invariant #2 is violated) so there are 2 ScopeBegins and 3 ScopeEnds in this linear CFG. It looks like a bug for me.

BTW, I found that handle exit of multiple Scopes with a single ScopeEnd it is pretty inconvenient for analyzer since the checker should manually check all the scopes we leave. Could we modify this behaviour to have each ScopeBegin correspond to a single ScopeEnd or vise versa?

Another test case, break-related.

void testBreak() {
  for (int i = 0; i < 3; ++i) {
    {
      int unused;
      break;
    }
  }
  {
    int unused;
  }
}

Its CFG looks broken.

a.sidorin added a child revision: D19979: [analyzer] ScopeContext - initial implementation.May 5 2016, 9:06 AM

Hello Bhargava. Is there any update on this review?

In D16403#440600, @a.sidorin wrote:

Hello Bhargava. Is there any update on this review?

Hi Aleksei, Firstly, thanks for the good feedback on the initial implementation. It is useful going forward. Sadly, I have not been able to set aside time for working on a follow-up. I will try to pick up where I left off and post a patch when it is ready. It might take a couple of weeks though, since my schedule is very tight at the moment.

NoQ mentioned this in D34260: [StaticAnalyzer] Completely unrolling specific loops with known bound option .Jun 16 2017, 12:41 PM

Hi,

unless someone has objections (@bshastry ?) I'll commandeer this revision and post updated patch shortly (it still needs some polishing though).

m.ostapenko commandeered this revision.Jun 23 2017, 4:55 AM

m.ostapenko added a reviewer: bshastry.

m.ostapenko added a subscriber: cfe-commits.

So, updating the diff. This is still a very experimental version and any feedback would be greatly appreciated.
Current patch should support basic {If, While, For, Compound, Switch}Stmts as well as their interactions with {Break, Continue, Return}Stmts.
GotoStmt and CXXForRangeStmt are not supported at this moment.

Please consider also https://reviews.llvm.org/D15031
It already handles all possible control flows. Instead of ScopeBegin and ScopeEnd,
it introduces LifetimeEnds elements. It's a more specific in that is also
correctly models the order of lifetime expiry of variables and the order
or destructor calls / lifetime ending.

Hi Matthias,
I have posted a comment about review duplication (more than a year ago!) in your review but you haven't answered. So, all this time we were thinking that you do separate non-related work.
@dcoughlin As a reviewer of both patches - could you tell us what's the difference between them? And how are we going to resolve this issue?

Maxim, totally thanks for picking this up!

Could you explain the idea behind shouldDeferScopeEnd, maybe in a code comment before the function?

In D16403#788926, @m.ostapenko wrote:

Current patch should support basic {If, While, For, Compound, Switch}Stmts as well as their interactions with {Break, Continue, Return}Stmts.
GotoStmt and CXXForRangeStmt are not supported at this moment.

SwitchStmt isn't much easier than GotoStmt; it doesn't jump backwards, but it can still jump into multiple different scopes. Does your code handle Duff's device (1) (2) correctly? We should probably add it as a test, or split out switch support into a separate patch together with goto, if such test isn't yet supported.

@dcoughlin As a reviewer of both patches - could you tell us what's the difference between them? And how are we going to resolve this issue?

Unfortunately, @dcoughlin is on vacation this week; should be back next week.

@dcoughlin As a reviewer of both patches - could you tell us what's the difference between them? And how are we going to resolve this issue?

These two patches are emitting markers in the CFG for different things.

Here is how I would characterize the difference between the two patches.

Despite its name, https://reviews.llvm.org/D15031, is really emitting markers for when the lifetime of a C++ object in an automatic variable ends. For C++ objects with non-trivial destructors, this point is when the destructor is called. At this point the storage for the variable still exists, but what you can do with that storage is very restricted by the language because its contents have been destroyed. Note that even with the contents of the object have been destroyed, it is still meaningful to, say, take the address of the variable and construct a new object into it with a placement new. In other words, the same variable can have different objects, with different lifetimes, in it at different program points.

In contrast, the purpose of this patch (https://reviews.llvm.org/D16403) is to add markers for when the storage duration for the variable begins and ends (this is, when the storage exists). Once the storage duration has ended, you can't placement new into the variables address, because another variable may already be at that address.

I don't think there is an "issue" to resolve here. We should make sure the two patches play nicely with each other, though. In particular, we should make sure that the markers for when lifetime ends and when storage duration ends are ordered correctly.

Oh, I see now. I was wrongly thinking that these patches do the same thing and we're duplicating the work. Thank you very much for your explanation, Devin.

Hi Artem, I'm sorry for a long delay (nasty corporate issues).

In D16403#789957, @NoQ wrote:

Maxim, totally thanks for picking this up!

Could you explain the idea behind shouldDeferScopeEnd, maybe in a code comment before the function?

In D16403#788926, @m.ostapenko wrote:

Current patch should support basic {If, While, For, Compound, Switch}Stmts as well as their interactions with {Break, Continue, Return}Stmts.
GotoStmt and CXXForRangeStmt are not supported at this moment.

SwitchStmt isn't much easier than GotoStmt; it doesn't jump backwards, but it can still jump into multiple different scopes. Does your code handle Duff's device (1) (2) correctly? We should probably add it as a test, or split out switch support into a separate patch together with goto, if such test isn't yet supported.

Ugh, yeah, SwitchStmt is tricky (thank you for pointing to Duff's device example!). I've tried to resolve several issues with switch revealed by this testcase, but didn't succeed for now :(. So, it was decided to remove SwitchStmt support in this patch.
There is one more thing I'd like to clarify: since e.g. BreakStmt can terminate multiple scopes, do I need to create ScopeEnd marks for all of them to make analyzer's work easier? Because right now only one "cumulative" block is generated and I'm not sure that it's acceptable for analyzer.

In D16403#803518, @m.ostapenko wrote:

There is one more thing I'd like to clarify: since e.g. BreakStmt can terminate multiple scopes, do I need to create ScopeEnd marks for all of them to make analyzer's work easier? Because right now only one "cumulative" block is generated and I'm not sure that it's acceptable for analyzer.

The analyzer intends to maintain a stack of scopes. When the scope is entered during symbolic execution, it gets put on top of the stack, and when it is exited it is taken off the top of the stack. It's probably not important if we have one mark or multiple marks, but it's important to know what scopes, in what order, are getting entered or exited.

Updating the diff. I've dropped SwitchStmt support, let's implement in separately as well as GotoStmt.

Hello Maxim!
Thanks for working on this!

Ugh, yeah, SwitchStmt is tricky (thank you for pointing to Duff's device example!). I've tried to resolve several issues with switch revealed by this testcase, but didn't succeed for now :(. So, it was decided to remove SwitchStmt support in this patch.

I think this is a great decision! It can build up incremental and the patch can be more easily reviewed. When do you plan to upload a patch wihtout casestmt support? (As far as I see there is switchstmt related code but maybe Im missing something.)

I think the remaining switch-related code seems to be about C++17 switch condition variables, i.e. switch (int x = ...)(?)

In D16403#808104, @NoQ wrote:

I think the remaining switch-related code seems to be about C++17 switch condition variables, i.e. switch (int x = ...)(?)

Yeah, exactly. I can remove it from this patch if it looks confusing.

Rebased and removed a bunch of stale changes. Also added a check for goto's: if we see GotoStmt and have cfg-scopes == true, make badCFG = true and retry without scopes enabled. This check will be removed once GotoStmt will become supported.

Updated some comments. Could someone take a look please?

Rebased and ping.

Ping^3

Ping^4

Maxim, thanks for commandeering the patch. I apologize for the long delay reviewing!

I really like the approach of retrying without scopes enabled when we hit a construct we can't handle yet. This will make is possible to turn the feature on by default (and get it running on large amounts of code) while still developing it incrementally!

I'd like to suggest a change in the scope representation that will make it much easier to support all the corner cases and also re-use the existing logic for handling variable scopes. Right now the CFGScopeBegin and CFGScopeEnd elements use a statement (a loop or a CompoundStatement) to uniquely identify a scope. However, this is a problem because a for loop with an initializer may have two scopes that we really want to distinguish:

for (int i = 0; i < 10; i++)
  int j = i;

Here i and j really have different scopes, but with the current approach we won't be able tell them apart.

My suggestion is to instead use the first VarDecl declared in a scope to uniquely identify it. This means, for example, that CFGScopeBegin's constructor will take a VarDecl instead of a statement.

What's nice about this VarDecl approach is that the CFGBuilder already has a bunch of infrastructure to correctly track local scopes for variables (see the LocalScope class in CFG.cpp and the addLocalScopeForStmt() function.) Further, there are two functions, addLocalScopeAndDtors() and addAutomaticObjHandling() that are already called in all the places where a scope should end. This means you should only need to add logic to add an end of scope element in those two functions. What's more, future work to extend CFG construction to handle new C++ language features will also use these two functions -- so we will get support for those features for free. For an example of how to change those two functions, take a look at Matthias Gehre's commit in https://reviews.llvm.org/D15031. What you would need to do for CFGScopeEnd would be very similar to that patch. Using this approach should also make it possible to re-use the logic in that patch to eventually handle gotos.

To handle CFGScopeBegin, you would only need to change CFGBuilder::VisitDeclSubExpr() to detect when the variable being visited is the first variable declared in its LocalScope. If so, you would append the CFGScopeBegin element. What's nice about this is that you won't have to handle all the different kinds of loops individually.

What do you think? I'd be happy to have a Skype/Google hangouts talk about this if you want to have real-time discussion about it.

Hi Devin,

now I'm very sorry for a such long delay. Now I have a bunch of time to proceed development of this patch (if scope contexts are still needed, of course).
Regarding to approach you suggested (reuse LocalScope infrastructure and use first VarDecl for ScopeBegin): it seems very reasonable for me, but perhaps I need more advisory here.
I've implemented a draft patch to make sure I've understood you correctly (this is not a final version, the test case is completely inadequate for now). While testing, I've discovered several questions that I would like to discuss:

Do we need to have one-to-one mapping between ScopeBegins and corresponding ScopeEnds or is it OK to assume that ScopeEnd can terminate several nested scopes?
In the following example:

class A {
public:
  A() {}
  ~A() {}
  operator int() const { return 1; }
};

bool UV;
void test_for_implicit_scope() {
  for (A a; A b = a; )
      if (UV) continue;
      A c;
  }

it seems that lifetime of **b** ends when we branch out from the loop body (if entered, of course), but it seems that in current implementation we don't generate an implicit destructor for **b** just before **continue**. Is this a bug, or perhaps I'm missing something?
# The approach with first VarDecl works not so well with the following test case:

void test_goto() {
  A f;
l0:
  A d;
  { 
    A a;
    if (UV) goto l0;
    if (UV) goto l1;
    A b;
  }
l1:
  A c;
}

in this approach we'll don't emit a ScopeBegin for d because the first VarDecl is f. However IMHO we still need to add ScopeBegin for d in order to handle d's scope end occurring when we jumping to l0 via if (UV) goto l0;. I think this can be solved by adding ScopeBegin for d when backpatching blocks late in buildCFG routine (when we know all targets of all gotos). Does this approach look reasonable for you?

Thanks.

Some code cleanup + updated test case.

Rebased and ping.

Herald added a subscriber: llvm-commits. · View Herald TranscriptJan 23 2018, 9:00 AM

Hmm. @m.ostapenko @szepet @mgehre - I think it might be a good time to figure out if ScopeBegin/ScopeEnd, LoopEntrance/LoopExit, LifetimeEnds, AutomaticObjectDtor elements work nicely together. How should they be ordered with respect to each other? Is any of these scope representation a superset of another scope representation, or maybe fully covered by other two or three other scope representations? Would anybody be willing to produce some pictures (-analyzer-checker debug.ViewCFG and attach here) with current and/or intended behavior? Not sure, i guess LifetimeEnds is mostly used in clang-tidy so it does not necessarily need to work together with analyzer-specific elements (or maybe it's so great that we should switch to using it), but it would still be great if we had a single scope representation which would be rich enough to satisfy all needs.

Do we need to have one-to-one mapping between ScopeBegins and corresponding ScopeEnds or is it OK to assume that ScopeEnd can terminate several nested scopes?

It's fine if ScopeEnds terminates multiple scopes - as long as it is easy to find out what scopes are being terminated by looking at it. Because in the analyzer we need to put the scope on the stack when we enter it and pop it from the stack when we leave it, and those must match no matter what. So imagine that we look at the current ScopeEnd and at the stack of scopes we currently have. Once we have that, we should be able to figure out what scopes are ending, without using ParentMap or CFGStmtMap or re-visiting a large chunk of the AST recursively - ideally by a direct lookup.

Hi Artem,

In D16403#989451, @NoQ wrote:

Hmm. @m.ostapenko @szepet @mgehre - I think it might be a good time to figure out if ScopeBegin/ScopeEnd, LoopEntrance/LoopExit, LifetimeEnds, AutomaticObjectDtor elements work nicely together. How should they be ordered with respect to each other?

Here are several observations about ScopeBegin/ScopeEnd, LoopEntrance/LoopExit, LifetimeEnds, AutomaticObjectDtor interaction:

LifetimeEnds and AutomaticObjectDtor don't work together (I'm unable to tell why).
The difference between ScopeBegin/ScopeEnd and LifetimeEnds was described by Devin several comments above, in short:
- LifetimeEnds emits markers for when the lifetime of a C++ object in an automatic variable ends. For C++ objects with non-trivial destructors, this point is when the destructor is called. At this point the storage for the variable still exists, but what you can do with that storage is very restricted by the language because its contents have been destroyed.
- ScopeBegin/ScopeEnd add markers for when the storage duration for the variable begins and ends. Hence I can conclude that ScopeEnd should reside after implicit destructors and LifetimeEnds markers in CFG.
LoopEntrance/LoopExit improve modelling of unrolled loops and I'm not sure whether scopes across iterations are the only thing that's modeled here.

Is any of these scope representation a superset of another scope representation, or maybe fully covered by other two or three other scope representations?

Given my observations above, I'm not sure whether some representation can be fully covered by others -- all of them serve different purposes. Or perhaps I'm missing something?

Would anybody be willing to produce some pictures (-analyzer-checker debug.ViewCFG and attach here) with current and/or intended behavior?

I'm attaching two CFGs for the following example:

void test_for_implicit_scope() {
  for (A a; A b = a; )
    A c;
}

$ ./bin/clang -cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.ViewCFG -analyzer-config cfg-scopes=true -analyzer-config cfg-loopexit=true -analyzer-config unroll-loops=true /tmp/scopes-cfg-output.cpp
-> CFG-scopes-destructors-loopexit.dot

$ ./bin/clang -cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.ViewCFG -analyzer-config cfg-scopes=true -analyzer-config cfg-loopexit=true -analyzer-config cfg-lifetime=true -analyzer-config cfg-implicit-dtors=false /tmp/scopes-cfg-output.cpp
-> CFG-scopes-loopexit-lifetime.dot{F5792940}

{F5792939}

Not sure, i guess LifetimeEnds is mostly used in clang-tidy so it does not necessarily need to work together with analyzer-specific elements (or maybe it's so great that we should switch to using it), but it would still be great if we had a single scope representation which would be rich enough to satisfy all needs.

Actually upload the files.

CFG-scopes-destructors-loopexit.dot1 KBDownload

CFG-scopes-loopexit-lifetime.dot1 KBDownload

Thank you, this explanation looks very reasonable.

All right, so right after the termination of the loop we have

[B1]
1: ForStmt (LoopExit)
2: [B4.5].~A() (Implicit destructor)
3: [B5.3].~A() (Implicit destructor)
4: CFGScopeEnd(a)
5: CFGScopeEnd(b)

... where [B4.5] is A b = a; and [B5.3] is A a;. Am i understanding correctly that while destroying a you can still use the storage of b safely? Or should a go out of scope before b gets destroyed? Also, is the order of scope ends actually correct here - shouldn't b go out of scope earlier? Given that they are in very different lifetime scopes (a is one for the whole loop, b is per-loop-iteration). I guess the order would matter for the analyzer.

@szepet: so i see that LoopExit goes in the beginning of the cleanup block after the loop, while various ScopeEnds go after the LoopExit. Would loop unrolling be significantly broken if you simply subscribe to ScopeEnd instead of LoopExit and avoid cleaning up the loop state until destructors are processed? I might not be remembering correctly - is LoopExit only used for cleanup, or do we have more work to be done here?

In D16403#992452, @NoQ wrote:
Thank you, this explanation looks very reasonable.

All right, so right after the termination of the loop we have
[B1]
1: ForStmt (LoopExit)
2: [B4.5].~A() (Implicit destructor)
3: [B5.3].~A() (Implicit destructor)
4: CFGScopeEnd(a)
5: CFGScopeEnd(b)
... where [B4.5] is A b = a; and [B5.3] is A a;. Am i understanding correctly that while destroying a you can still use the storage of b safely? Or should a go out of scope before b gets destroyed?

AFAIU, when we destroying a we can still use the storage of b because nothing can be allocated into b's storage between calling destructors for b and a. So, imho the sequence should look like:

[B4.5].~A() (Implicit destructor)
[B5.3].~A() (Implicit destructor)
CFGScopeEnd(b)
CFGScopeEnd(a)

Also, is the order of scope ends actually correct here - shouldn't b go out of scope earlier? Given that they are in very different lifetime scopes (a is one for the whole loop, b is per-loop-iteration). I guess the order would matter for the analyzer.

Yeah, this is a bug in a current implementation. Will fix this in the next patch version.

Fix scope ends order (as discussed above) and adjust a testcase.

I poked Devin offline and we agreed that the overall approach is good to go. Maxim, thank you for picking it up!

We still don't have scopes for segments of code that don't have any variables in them, so i guess it's not yet in the shape where it is super useful for loops, but it's already useful for finding use of stale stack variables, which was the whole point originally, so i think this should definitely land soon.

In D16403#993512, @m.ostapenko wrote:
In D16403#992452, @NoQ wrote:

Am i understanding correctly that while destroying a you can still use the storage of b safely? Or should a go out of scope before b gets destroyed?

AFAIU, when we destroying a we can still use the storage of b because nothing can be allocated into b's storage between calling destructors for b and a. So, imho the sequence should look like:
[B4.5].~A() (Implicit destructor)
[B5.3].~A() (Implicit destructor)
CFGScopeEnd(b)
CFGScopeEnd(a)

Thought about it a bit more and this still doesn't look correct to me. Like, a.~A() is a function call. It can do a lot of unexpected stuff to registers and stack space before jumping into the function. And given that a and b are in different scopes (a is in loop scope, b is in single iteration scope), storage of b is not protected from such stuff during call to the destructor of a. So there's definitely something fishy here. I guess scope ends and destructors would have to be properly interleaved in all cases of exiting multiple scopes.

Added @rsmith because we're trying to give him a heads up every time large CFG changes are coming, because if we mess up it would affect not only the analyzer but the whole compiler through analysis-based compiler warnings, just in case.

In D16403#992452, @NoQ wrote:
Thank you, this explanation looks very reasonable.

All right, so right after the termination of the loop we have
[B1]
1: ForStmt (LoopExit)
2: [B4.5].~A() (Implicit destructor)
3: [B5.3].~A() (Implicit destructor)
4: CFGScopeEnd(a)
5: CFGScopeEnd(b)
... where [B4.5] is A b = a; and [B5.3] is A a;. Am i understanding correctly that while destroying a you can still use the storage of b safely? Or should a go out of scope before b gets destroyed? Also, is the order of scope ends actually correct here - shouldn't b go out of scope earlier? Given that they are in very different lifetime scopes (a is one for the whole loop, b is per-loop-iteration). I guess the order would matter for the analyzer.

I guess CFGScopeEnd should happen (should be encountered) before the LoopExit and CFGScopeBegin should be after LoopEntrance (still not sure if it is going to be part of the CFG ever.) Just like parenthesis {(())} that is what would make the most sense for me. However, I do not want to block this patch or something so I can do these changes as well by modifying LoopExit (and probably should since ImplicitDestructor calls should precede the LoopExit as well).

In D16403#992454, @NoQ wrote:

@szepet: so i see that LoopExit goes in the beginning of the cleanup block after the loop, while various ScopeEnds go after the LoopExit. Would loop unrolling be significantly broken if you simply subscribe to ScopeEnd instead of LoopExit and avoid cleaning up the loop state until destructors are processed? I might not be remembering correctly - is LoopExit only used for cleanup, or do we have more work to be done here?

I guess your following comment just answers this:

In D16403#1001466, @NoQ wrote:

We still don't have scopes for segments of code that don't have any variables in them, so i guess it's not yet in the shape where it is super useful for loops, but it's already useful for finding use of stale stack variables, which was the whole point originally, so i think this should definitely land soon.

It could be, however, we would lose cases like:

int i = 0;
int a[32];
for(i = 0;i<32;++i) {a[i] = i;}

Since there is no variable which has the scope of the loop, ScopeEnd would be not enough. Sure, we could remove this case, however, the aim is to extend the loop-patterns for completely unrolling. Another thing that there are the patches which would enhance the covered cases by LoopExit (D39398) and add the LoopEntrance to the CFG(D41150) as well. So, at this point, I feel like it would be a huge step back not to use these elements. (Sorry Maxim that we are discussing this here^^)

In D16403#1010096, @szepet wrote:
In D16403#992454, @NoQ wrote:

@szepet: so i see that LoopExit goes in the beginning of the cleanup block after the loop, while various ScopeEnds go after the LoopExit. Would loop unrolling be significantly broken if you simply subscribe to ScopeEnd instead of LoopExit and avoid cleaning up the loop state until destructors are processed? I might not be remembering correctly - is LoopExit only used for cleanup, or do we have more work to be done here?

I guess your following comment just answers this:

In D16403#1001466, @NoQ wrote:

We still don't have scopes for segments of code that don't have any variables in them, so i guess it's not yet in the shape where it is super useful for loops, but it's already useful for finding use of stale stack variables, which was the whole point originally, so i think this should definitely land soon.

It could be, however, we would lose cases like:
int i = 0;
int a[32];
for(i = 0;i<32;++i) {a[i] = i;}
Since there is no variable which has the scope of the loop, ScopeEnd would be not enough. Sure, we could remove this case, however, the aim is to extend the loop-patterns for completely unrolling. Another thing that there are the patches which would enhance the covered cases by LoopExit (D39398) and add the LoopEntrance to the CFG(D41150) as well. So, at this point, I feel like it would be a huge step back not to use these elements. (Sorry Maxim that we are discussing this here^^)

Yeah, i mean, like, if we change the scope markers to also appear even when no variables are present in the scope, then it would be possible to replace loop markers with some of the scope markers, right?

In D16403#1011218, @NoQ wrote:
In D16403#1010096, @szepet wrote:
In D16403#992454, @NoQ wrote:

@szepet: so i see that LoopExit goes in the beginning of the cleanup block after the loop, while various ScopeEnds go after the LoopExit. Would loop unrolling be significantly broken if you simply subscribe to ScopeEnd instead of LoopExit and avoid cleaning up the loop state until destructors are processed? I might not be remembering correctly - is LoopExit only used for cleanup, or do we have more work to be done here?

I guess your following comment just answers this:

In D16403#1001466, @NoQ wrote:

We still don't have scopes for segments of code that don't have any variables in them, so i guess it's not yet in the shape where it is super useful for loops, but it's already useful for finding use of stale stack variables, which was the whole point originally, so i think this should definitely land soon.

It could be, however, we would lose cases like:
int i = 0;
int a[32];
for(i = 0;i<32;++i) {a[i] = i;}
Since there is no variable which has the scope of the loop, ScopeEnd would be not enough. Sure, we could remove this case, however, the aim is to extend the loop-patterns for completely unrolling. Another thing that there are the patches which would enhance the covered cases by LoopExit (D39398) and add the LoopEntrance to the CFG(D41150) as well. So, at this point, I feel like it would be a huge step back not to use these elements. (Sorry Maxim that we are discussing this here^^)
Yeah, i mean, like, if we change the scope markers to also appear even when no variables are present in the scope, then it would be possible to replace loop markers with some of the scope markers, right?

Hm, so does this mean that I need to cover the case when no variables are present in loop scope here in this patch?

In D16403#1001466, @NoQ wrote:
I poked Devin offline and we agreed that the overall approach is good to go. Maxim, thank you for picking it up!

We still don't have scopes for segments of code that don't have any variables in them, so i guess it's not yet in the shape where it is super useful for loops, but it's already useful for finding use of stale stack variables, which was the whole point originally, so i think this should definitely land soon.
In D16403#993512, @m.ostapenko wrote:
In D16403#992452, @NoQ wrote:

Am i understanding correctly that while destroying a you can still use the storage of b safely? Or should a go out of scope before b gets destroyed?

AFAIU, when we destroying a we can still use the storage of b because nothing can be allocated into b's storage between calling destructors for b and a. So, imho the sequence should look like:
[B4.5].~A() (Implicit destructor)
[B5.3].~A() (Implicit destructor)
CFGScopeEnd(b)
CFGScopeEnd(a)
Thought about it a bit more and this still doesn't look correct to me. Like, a.~A() is a function call. It can do a lot of unexpected stuff to registers and stack space before jumping into the function. And given that a and b are in different scopes (a is in loop scope, b is in single iteration scope), storage of b is not protected from such stuff during call to the destructor of a. So there's definitely something fishy here. I guess scope ends and destructors would have to be properly interleaved in all cases of exiting multiple scopes.

Sounds reasonable, I'll fix this.

In D16403#1013346, @m.ostapenko wrote:

In D16403#1011218, @NoQ wrote:

Yeah, i mean, like, if we change the scope markers to also appear even when no variables are present in the scope, then it would be possible to replace loop markers with some of the scope markers, right?

Hm, so does this mean that I need to cover the case when no variables are present in loop scope here in this patch?

Definitely not :) Feel free to address it some day (or let someone else address it) - the culture of keeping our patches small is something that we currently badly lack :)

In D16403#1011218, @NoQ wrote:

Yeah, i mean, like, if we change the scope markers to also appear even when no variables are present in the scope, then it would be possible to replace loop markers with some of the scope markers, right?

OK, probably I am a bit too slow for this, but I dont get it. Yes, it would be possible to replace them IF these markers appears even in case of no variables. However, this patch is based on LocalScopes which practically means that VarDecls are needed. Aaand here we are, it would require a different approach to consistently mark things like LoopExit.
Another thing that what should be the TriggerStmt? I guess the Stmt of the loop. So, LoopExit and ScopeExit would be the same but the underlying TriggerStmt would decide which marks a loop and which marks a variable? Then I can just rewrite LoopExit into ScopeEnd. Or if you would like to see that, a subclass of ScopeEnd. However, the main functionality should stay the same (I guess).
So, could you help me out what are those things I do not see/understand?

Rebased and updated. Fix the issue with ordering between ScopeEnds and implicit destructors.

Now, the cfg for this example:

void test_for_implicit_scope() {
  for (A a; A b = a;)
    A c;
}

looks like this:

CFG-implicit-for.dot1 KBDownload

I think we should land this and celebrate.

@szepet: Ouch, i was sure i already answered this, sorry, dunno where this went.

So, LoopExit and ScopeExit would be the same but the underlying TriggerStmt would decide which marks a loop and which marks a variable?

I was thinking of a single CFGElement to mark both. Which would probably be called "ScopeExit", but you could use it for detecting the end of the loop and, if necessary, add whatever information you need into it.

lib/Analysis/CFG.cpp
1550	It seems that something has moved asterisks to a weird spot, might be a rebase artifact or accidental tooling.

This revision is now accepted and ready to land.Mar 7 2018, 5:50 PM

NoQ added inline comments.Mar 7 2018, 5:51 PM

lib/Analysis/CFG.cpp
1550	Uhm, it was always this way, just weird history when i looked at the diff between diffs, nvm, sorry.

Since this affects analysis-based warnings, have you checked if this patch has any effect on compile times?

In D16403#1031567, @thakis wrote:

Since this affects analysis-based warnings, have you checked if this patch has any effect on compile times?

Just in case - this is under an analyzer-only flag, so the actual warnings are not affected. I guess it might be useful to evaluate compilation time impact caused by checking the flag and bailing out, but i doubt it'd be noticeable.

Closed by commit rC327258: [analyzer] Add scope information to CFG (authored by chefmax). · Explain WhyMar 12 2018, 5:29 AM

This revision was automatically updated to reflect the committed changes.

xazax.hun mentioned this in D149144: [clang][dataflow] Eliminate intermediate `ReferenceValue`s from `Environment::DeclToLoc`..May 1 2023, 2:18 PM

Revision Contents

Path

Size

include/

clang/

Analysis/

AnalysisDeclContext.h

4 lines

CFG.h

83 lines

StaticAnalyzer/

Core/

AnalyzerOptions.h

9 lines

lib/

Analysis/

AnalysisDeclContext.cpp

5 lines

CFG.cpp

141 lines

StaticAnalyzer/

Core/

1 line

6 lines

2 lines

2 lines

test/

Analysis/

analyzer-config.c

3 lines

analyzer-config.cpp

3 lines

scopes-cfg-output.cpp

1171 lines

Diff 131091

include/clang/Analysis/AnalysisDeclContext.h

Show First 20 Lines • Show All 425 Lines • ▼ Show 20 Lines	class AnalysisDeclContextManager {
/// for well-known functions.		/// for well-known functions.
bool SynthesizeBodies;		bool SynthesizeBodies;

public:		public:
AnalysisDeclContextManager(ASTContext &ASTCtx, bool useUnoptimizedCFG = false,		AnalysisDeclContextManager(ASTContext &ASTCtx, bool useUnoptimizedCFG = false,
bool addImplicitDtors = false,		bool addImplicitDtors = false,
bool addInitializers = false,		bool addInitializers = false,
bool addTemporaryDtors = false,		bool addTemporaryDtors = false,
bool addLifetime = false, bool addLoopExit = false,		bool addLifetime = false,
		bool addLoopExit = false,
		bool addScopes = false,
bool synthesizeBodies = false,		bool synthesizeBodies = false,
bool addStaticInitBranches = false,		bool addStaticInitBranches = false,
bool addCXXNewAllocator = true,		bool addCXXNewAllocator = true,
CodeInjector *injector = nullptr);		CodeInjector *injector = nullptr);

AnalysisDeclContext getContext(const Decl D);		AnalysisDeclContext getContext(const Decl D);

bool getUseUnoptimizedCFG() const {		bool getUseUnoptimizedCFG() const {
▲ Show 20 Lines • Show All 50 Lines • Show Last 20 Lines

include/clang/Analysis/CFG.h

Show First 20 Lines • Show All 51 Lines • ▼ Show 20 Lines

/// CFGElement - Represents a top-level expression in a basic block.		/// CFGElement - Represents a top-level expression in a basic block.
class CFGElement {		class CFGElement {
public:		public:
enum Kind {		enum Kind {
// main kind		// main kind
Statement,		Statement,
Initializer,		Initializer,
		ScopeBegin,
		ScopeEnd,
NewAllocator,		NewAllocator,
LifetimeEnds,		LifetimeEnds,
LoopExit,		LoopExit,
// dtor kind		// dtor kind
AutomaticObjectDtor,		AutomaticObjectDtor,
DeleteDtor,		DeleteDtor,
BaseDtor,		BaseDtor,
MemberDtor,		MemberDtor,
▲ Show 20 Lines • Show All 93 Lines • ▼ Show 20 Lines	explicit CFGNewAllocator(const CXXNewExpr *S)
: CFGElement(NewAllocator, S) {}		: CFGElement(NewAllocator, S) {}

// Get the new expression.		// Get the new expression.
const CXXNewExpr *getAllocatorExpr() const {		const CXXNewExpr *getAllocatorExpr() const {
return static_cast<CXXNewExpr *>(Data1.getPointer());		return static_cast<CXXNewExpr *>(Data1.getPointer());
}		}

private:		private:
friend class CFGElement;		friend class CFGElement;
		dcoughlinUnsubmitted Done Reply Inline Actions Even though a lot of code doesn't follow the guidelines, LLVM style discourages duplicating the function or class name at the beginning of the comment. (See http://llvm.org/docs/CodingStandards.html#doxygen-use-in-documentation-comments) dcoughlin: Even though a lot of code doesn't follow the guidelines, LLVM style discourages duplicating the…

CFGNewAllocator() = default;		CFGNewAllocator() = default;

static bool isKind(const CFGElement &elem) {		static bool isKind(const CFGElement &elem) {
return elem.getKind() == NewAllocator;		return elem.getKind() == NewAllocator;
}		}
};		};

/// Represents the point where a loop ends.		/// Represents the point where a loop ends.
/// This element is is only produced when building the CFG for the static		/// This element is is only produced when building the CFG for the static
/// analyzer and hidden behind the 'cfg-loopexit' analyzer config flag.		/// analyzer and hidden behind the 'cfg-loopexit' analyzer config flag.
///		///
/// Note: a loop exit element can be reached even when the loop body was never		/// Note: a loop exit element can be reached even when the loop body was never
/// entered.		/// entered.
class CFGLoopExit : public CFGElement {		class CFGLoopExit : public CFGElement {
public:		public:
explicit CFGLoopExit(const Stmt *stmt) : CFGElement(LoopExit, stmt) {}		explicit CFGLoopExit(const Stmt *stmt) : CFGElement(LoopExit, stmt) {}

const Stmt *getLoopStmt() const {		const Stmt *getLoopStmt() const {
return static_cast<Stmt *>(Data1.getPointer());		return static_cast<Stmt *>(Data1.getPointer());
}		}
		dcoughlinUnsubmitted Done Reply Inline Actions Same doc comment style issue here. dcoughlin: Same doc comment style issue here.

private:		private:
friend class CFGElement;		friend class CFGElement;

CFGLoopExit() = default;		CFGLoopExit() = default;

static bool isKind(const CFGElement &elem) {		static bool isKind(const CFGElement &elem) {
return elem.getKind() == LoopExit;		return elem.getKind() == LoopExit;
Show All 19 Lines	private:

CFGLifetimeEnds() = default;		CFGLifetimeEnds() = default;

static bool isKind(const CFGElement &elem) {		static bool isKind(const CFGElement &elem) {
return elem.getKind() == LifetimeEnds;		return elem.getKind() == LifetimeEnds;
}		}
};		};

		/// Represents beginning of a scope implicitly generated
		/// by the compiler on encountering a CompoundStmt
		class CFGScopeBegin : public CFGElement {
		public:
		CFGScopeBegin() {}
		CFGScopeBegin(const VarDecl VD, const Stmt S)
		: CFGElement(ScopeBegin, VD, S) {}

		// Get statement that triggered a new scope.
		const Stmt *getTriggerStmt() const {
		return static_cast<Stmt*>(Data2.getPointer());
		}

		// Get VD that triggered a new scope.
		const VarDecl *getVarDecl() const {
		return static_cast<VarDecl *>(Data1.getPointer());
		}

		private:
		friend class CFGElement;
		static bool isKind(const CFGElement &E) {
		Kind kind = E.getKind();
		return kind == ScopeBegin;
		}
		};

		/// Represents end of a scope implicitly generated by
		/// the compiler after the last Stmt in a CompoundStmt's body
		class CFGScopeEnd : public CFGElement {
		public:
		CFGScopeEnd() {}
		CFGScopeEnd(const VarDecl VD, const Stmt S) : CFGElement(ScopeEnd, VD, S) {}

		const VarDecl *getVarDecl() const {
		return static_cast<VarDecl *>(Data1.getPointer());
		}

		const Stmt *getTriggerStmt() const {
		return static_cast<Stmt *>(Data2.getPointer());
		}

		private:
		friend class CFGElement;
		static bool isKind(const CFGElement &E) {
		Kind kind = E.getKind();
		return kind == ScopeEnd;
		}
		};

/// CFGImplicitDtor - Represents C++ object destructor implicitly generated		/// CFGImplicitDtor - Represents C++ object destructor implicitly generated
/// by compiler on various occasions.		/// by compiler on various occasions.
class CFGImplicitDtor : public CFGElement {		class CFGImplicitDtor : public CFGElement {
protected:		protected:
CFGImplicitDtor() = default;		CFGImplicitDtor() = default;

CFGImplicitDtor(Kind kind, const void data1, const void data2 = nullptr)		CFGImplicitDtor(Kind kind, const void data1, const void data2 = nullptr)
: CFGElement(kind, data1, data2) {		: CFGElement(kind, data1, data2) {
▲ Show 20 Lines • Show All 497 Lines • ▼ Show 20 Lines	public:
CFG *getParent() const { return Parent; }		CFG *getParent() const { return Parent; }

void dump() const;		void dump() const;

void dump(const CFG *cfg, const LangOptions &LO, bool ShowColors = false) const;		void dump(const CFG *cfg, const LangOptions &LO, bool ShowColors = false) const;
void print(raw_ostream &OS, const CFG* cfg, const LangOptions &LO,		void print(raw_ostream &OS, const CFG* cfg, const LangOptions &LO,
bool ShowColors) const;		bool ShowColors) const;
void printTerminator(raw_ostream &OS, const LangOptions &LO) const;		void printTerminator(raw_ostream &OS, const LangOptions &LO) const;
void printAsOperand(raw_ostream &OS, bool /PrintType/) {		void printAsOperand(raw_ostream &OS, bool /PrintType/) {
		dcoughlinUnsubmitted Done Reply Inline Actions I would suggest calling this "AddScopes" to match the pluralization of the other options and propagate that name throughout the rest of the patch (e.g. "IncludeScopesInCFG", etc.). dcoughlin: I would suggest calling this "AddScopes" to match the pluralization of the other options and…
OS << "BB#" << getBlockID();		OS << "BB#" << getBlockID();
}		}

/// Adds a (potentially unreachable) successor block to the current block.		/// Adds a (potentially unreachable) successor block to the current block.
void addSuccessor(AdjacentBlock Succ, BumpVectorContext &C);		void addSuccessor(AdjacentBlock Succ, BumpVectorContext &C);

void appendStmt(Stmt *statement, BumpVectorContext &C) {		void appendStmt(Stmt *statement, BumpVectorContext &C) {
Elements.push_back(CFGStmt(statement), C);		Elements.push_back(CFGStmt(statement), C);
}		}

void appendInitializer(CXXCtorInitializer *initializer,		void appendInitializer(CXXCtorInitializer *initializer,
BumpVectorContext &C) {		BumpVectorContext &C) {
Elements.push_back(CFGInitializer(initializer), C);		Elements.push_back(CFGInitializer(initializer), C);
}		}

void appendNewAllocator(CXXNewExpr *NE,		void appendNewAllocator(CXXNewExpr *NE,
BumpVectorContext &C) {		BumpVectorContext &C) {
Elements.push_back(CFGNewAllocator(NE), C);		Elements.push_back(CFGNewAllocator(NE), C);
}		}

		void appendScopeBegin(const VarDecl VD, const Stmt S,
		BumpVectorContext &C) {
		Elements.push_back(CFGScopeBegin(VD, S), C);
		}

		void prependScopeBegin(const VarDecl VD, const Stmt S,
		BumpVectorContext &C) {
		Elements.insert(Elements.rbegin(), 1, CFGScopeBegin(VD, S), C);
		}

		void appendScopeEnd(const VarDecl VD, const Stmt S, BumpVectorContext &C) {
		Elements.push_back(CFGScopeEnd(VD, S), C);
		}

		void prependScopeEnd(const VarDecl VD, const Stmt S, BumpVectorContext &C) {
		Elements.insert(Elements.rbegin(), 1, CFGScopeEnd(VD, S), C);
		}

void appendBaseDtor(const CXXBaseSpecifier *BS, BumpVectorContext &C) {		void appendBaseDtor(const CXXBaseSpecifier *BS, BumpVectorContext &C) {
Elements.push_back(CFGBaseDtor(BS), C);		Elements.push_back(CFGBaseDtor(BS), C);
}		}

void appendMemberDtor(FieldDecl *FD, BumpVectorContext &C) {		void appendMemberDtor(FieldDecl *FD, BumpVectorContext &C) {
Elements.push_back(CFGMemberDtor(FD), C);		Elements.push_back(CFGMemberDtor(FD), C);
}		}

Show All 37 Lines	iterator beginLifetimeEndsInsert(iterator I, size_t Cnt,
BumpVectorContext &C) {		BumpVectorContext &C) {
return iterator(		return iterator(
Elements.insert(I.base(), Cnt, CFGLifetimeEnds(nullptr, nullptr), C));		Elements.insert(I.base(), Cnt, CFGLifetimeEnds(nullptr, nullptr), C));
}		}
iterator insertLifetimeEnds(iterator I, VarDecl VD, Stmt S) {		iterator insertLifetimeEnds(iterator I, VarDecl VD, Stmt S) {
*I = CFGLifetimeEnds(VD, S);		*I = CFGLifetimeEnds(VD, S);
return ++I;		return ++I;
}		}

		// Scope leaving must be performed in reversed order. So insertion is in two
		// steps. First we prepare space for some number of elements, then we insert
		// the elements beginning at the last position in prepared space.
		iterator beginScopeEndInsert(iterator I, size_t Cnt, BumpVectorContext &C) {
		return iterator(
		Elements.insert(I.base(), Cnt, CFGScopeEnd(nullptr, nullptr), C));
		}
		iterator insertScopeEnd(iterator I, VarDecl VD, Stmt S) {
		*I = CFGScopeEnd(VD, S);
		return ++I;
		}

};		};

/// \brief CFGCallback defines methods that should be called when a logical		/// \brief CFGCallback defines methods that should be called when a logical
/// operator error is found when building the CFG.		/// operator error is found when building the CFG.
class CFGCallback {		class CFGCallback {
public:		public:
CFGCallback() = default;		CFGCallback() = default;
virtual ~CFGCallback() = default;		virtual ~CFGCallback() = default;
Show All 26 Lines	public:
CFGCallback *Observer = nullptr;		CFGCallback *Observer = nullptr;
bool PruneTriviallyFalseEdges = true;		bool PruneTriviallyFalseEdges = true;
bool AddEHEdges = false;		bool AddEHEdges = false;
bool AddInitializers = false;		bool AddInitializers = false;
bool AddImplicitDtors = false;		bool AddImplicitDtors = false;
bool AddLifetime = false;		bool AddLifetime = false;
bool AddLoopExit = false;		bool AddLoopExit = false;
bool AddTemporaryDtors = false;		bool AddTemporaryDtors = false;
		bool AddScopes = false;
bool AddStaticInitBranches = false;		bool AddStaticInitBranches = false;
bool AddCXXNewAllocator = false;		bool AddCXXNewAllocator = false;
bool AddCXXDefaultInitExprInCtors = false;		bool AddCXXDefaultInitExprInCtors = false;

BuildOptions() = default;		BuildOptions() = default;

bool alwaysAdd(const Stmt *stmt) const {		bool alwaysAdd(const Stmt *stmt) const {
return alwaysAddMask[stmt->getStmtClass()];		return alwaysAddMask[stmt->getStmtClass()];
▲ Show 20 Lines • Show All 306 Lines • Show Last 20 Lines

include/clang/StaticAnalyzer/Core/AnalyzerOptions.h

Show First 20 Lines • Show All 214 Lines • ▼ Show 20 Lines	private:
Optional<bool> IncludeLifetimeInCFG;		Optional<bool> IncludeLifetimeInCFG;

/// \sa IncludeLoopExitInCFG		/// \sa IncludeLoopExitInCFG
Optional<bool> IncludeLoopExitInCFG;		Optional<bool> IncludeLoopExitInCFG;

/// \sa mayInlineCXXStandardLibrary		/// \sa mayInlineCXXStandardLibrary
Optional<bool> InlineCXXStandardLibrary;		Optional<bool> InlineCXXStandardLibrary;

		/// \sa includeScopesInCFG
		Optional<bool> IncludeScopesInCFG;

/// \sa mayInlineTemplateFunctions		/// \sa mayInlineTemplateFunctions
Optional<bool> InlineTemplateFunctions;		Optional<bool> InlineTemplateFunctions;

/// \sa mayInlineCXXAllocator		/// \sa mayInlineCXXAllocator
Optional<bool> InlineCXXAllocator;		Optional<bool> InlineCXXAllocator;

/// \sa mayInlineCXXContainerMethods		/// \sa mayInlineCXXContainerMethods
Optional<bool> InlineCXXContainerMethods;		Optional<bool> InlineCXXContainerMethods;
▲ Show 20 Lines • Show All 192 Lines • ▼ Show 20 Lines	public:

/// Returns whether or not the end of the loop information should be included		/// Returns whether or not the end of the loop information should be included
/// in the CFG.		/// in the CFG.
///		///
/// This is controlled by the 'cfg-loopexit' config option, which accepts		/// This is controlled by the 'cfg-loopexit' config option, which accepts
/// the values "true" and "false".		/// the values "true" and "false".
bool includeLoopExitInCFG();		bool includeLoopExitInCFG();

		/// Returns whether or not scope information should be included in the CFG.
		///
		/// This is controlled by the 'cfg-scope-info' config option, which accepts
		/// the values "true" and "false".
		bool includeScopesInCFG();

/// Returns whether or not C++ standard library functions may be considered		/// Returns whether or not C++ standard library functions may be considered
/// for inlining.		/// for inlining.
///		///
/// This is controlled by the 'c++-stdlib-inlining' config option, which		/// This is controlled by the 'c++-stdlib-inlining' config option, which
/// accepts the values "true" and "false".		/// accepts the values "true" and "false".
bool mayInlineCXXStandardLibrary();		bool mayInlineCXXStandardLibrary();

/// Returns whether or not templated functions may be considered for inlining.		/// Returns whether or not templated functions may be considered for inlining.
▲ Show 20 Lines • Show All 182 Lines • Show Last 20 Lines

lib/Analysis/AnalysisDeclContext.cpp

Show First 20 Lines • Show All 60 Lines • ▼ Show 20 Lines	: Manager(Mgr),
ManagedAnalyses(nullptr)		ManagedAnalyses(nullptr)
{		{
cfgBuildOptions.forcedBlkExprs = &forcedBlkExprs;		cfgBuildOptions.forcedBlkExprs = &forcedBlkExprs;
}		}

AnalysisDeclContextManager::AnalysisDeclContextManager(		AnalysisDeclContextManager::AnalysisDeclContextManager(
ASTContext &ASTCtx, bool useUnoptimizedCFG, bool addImplicitDtors,		ASTContext &ASTCtx, bool useUnoptimizedCFG, bool addImplicitDtors,
bool addInitializers, bool addTemporaryDtors, bool addLifetime,		bool addInitializers, bool addTemporaryDtors, bool addLifetime,
bool addLoopExit, bool synthesizeBodies, bool addStaticInitBranch,		bool addLoopExit, bool addScopes, bool synthesizeBodies,
bool addCXXNewAllocator, CodeInjector *injector)		bool addStaticInitBranch, bool addCXXNewAllocator, CodeInjector *injector)
: Injector(injector), FunctionBodyFarm(ASTCtx, injector),		: Injector(injector), FunctionBodyFarm(ASTCtx, injector),
SynthesizeBodies(synthesizeBodies) {		SynthesizeBodies(synthesizeBodies) {
cfgBuildOptions.PruneTriviallyFalseEdges = !useUnoptimizedCFG;		cfgBuildOptions.PruneTriviallyFalseEdges = !useUnoptimizedCFG;
cfgBuildOptions.AddImplicitDtors = addImplicitDtors;		cfgBuildOptions.AddImplicitDtors = addImplicitDtors;
cfgBuildOptions.AddInitializers = addInitializers;		cfgBuildOptions.AddInitializers = addInitializers;
cfgBuildOptions.AddTemporaryDtors = addTemporaryDtors;		cfgBuildOptions.AddTemporaryDtors = addTemporaryDtors;
cfgBuildOptions.AddLifetime = addLifetime;		cfgBuildOptions.AddLifetime = addLifetime;
cfgBuildOptions.AddLoopExit = addLoopExit;		cfgBuildOptions.AddLoopExit = addLoopExit;
		cfgBuildOptions.AddScopes = addScopes;
cfgBuildOptions.AddStaticInitBranches = addStaticInitBranch;		cfgBuildOptions.AddStaticInitBranches = addStaticInitBranch;
cfgBuildOptions.AddCXXNewAllocator = addCXXNewAllocator;		cfgBuildOptions.AddCXXNewAllocator = addCXXNewAllocator;
}		}

void AnalysisDeclContextManager::clear() { Contexts.clear(); }		void AnalysisDeclContextManager::clear() { Contexts.clear(); }

Stmt *AnalysisDeclContext::getBody(bool &IsAutosynthesized) const {		Stmt *AnalysisDeclContext::getBody(bool &IsAutosynthesized) const {
IsAutosynthesized = false;		IsAutosynthesized = false;
▲ Show 20 Lines • Show All 533 Lines • Show Last 20 Lines

lib/Analysis/CFG.cpp

Show First 20 Lines • Show All 227 Lines • ▼ Show 20 Lines	const_iterator(const LocalScope& S, unsigned I)
*this = Scope->Prev;		*this = Scope->Prev;
}		}

VarDecl const operator->() const {		VarDecl const operator->() const {
assert(Scope && "Dereferencing invalid iterator is not allowed");		assert(Scope && "Dereferencing invalid iterator is not allowed");
assert(VarIter != 0 && "Iterator has invalid value of VarIter member");		assert(VarIter != 0 && "Iterator has invalid value of VarIter member");
return &Scope->Vars[VarIter - 1];		return &Scope->Vars[VarIter - 1];
}		}

		const VarDecl *getFirstVarInScope() const {
		assert(Scope && "Dereferencing invalid iterator is not allowed");
		assert(VarIter != 0 && "Iterator has invalid value of VarIter member");
		return Scope->Vars[0];
		}

VarDecl operator() const {		VarDecl operator() const {
return *this->operator->();		return *this->operator->();
}		}

const_iterator &operator++() {		const_iterator &operator++() {
if (!Scope)		if (!Scope)
return *this;		return *this;
		dcoughlinUnsubmitted Done Reply Inline Actions I think it would be helpful to name this something more expressive (perhaps "TriggerStmt") so it is immediately clear what the relationship between the statement the LocalScope is. dcoughlin: I think it would be helpful to name this something more expressive (perhaps "TriggerStmt") so…

assert(VarIter != 0 && "Iterator has invalid value of VarIter member");		assert(VarIter != 0 && "Iterator has invalid value of VarIter member");
--VarIter;		--VarIter;
if (VarIter == 0)		if (VarIter == 0)
*this = Scope->Prev;		*this = Scope->Prev;
return *this;		return *this;
}		}
const_iterator operator++(int) {		const_iterator operator++(int) {
Show All 10 Lines	public:
}		}

explicit operator bool() const {		explicit operator bool() const {
return *this != const_iterator();		return *this != const_iterator();
}		}

int distance(const_iterator L);		int distance(const_iterator L);
const_iterator shared_parent(const_iterator L);		const_iterator shared_parent(const_iterator L);
		bool pointsToFirstDeclaredVar() { return VarIter == 1; }
};		};

private:		private:
BumpVectorContext ctx;		BumpVectorContext ctx;

/// Automatic variables in order of declaration.		/// Automatic variables in order of declaration.
AutomaticVarsTy Vars;		AutomaticVarsTy Vars;

▲ Show 20 Lines • Show All 284 Lines • ▼ Show 20 Lines	private:
CFGBlock VisitUnaryOperator(UnaryOperator U, AddStmtChoice asc);		CFGBlock VisitUnaryOperator(UnaryOperator U, AddStmtChoice asc);
CFGBlock VisitWhileStmt(WhileStmt W);		CFGBlock VisitWhileStmt(WhileStmt W);

CFGBlock Visit(Stmt S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd);		CFGBlock Visit(Stmt S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd);
CFGBlock VisitStmt(Stmt S, AddStmtChoice asc);		CFGBlock VisitStmt(Stmt S, AddStmtChoice asc);
CFGBlock VisitChildren(Stmt S);		CFGBlock VisitChildren(Stmt S);
CFGBlock VisitNoRecurse(Expr E, AddStmtChoice asc);		CFGBlock VisitNoRecurse(Expr E, AddStmtChoice asc);

		void maybeAddScopeBeginForVarDecl(CFGBlock B, const VarDecl VD,
		const Stmt *S) {
		if (ScopePos && (VD == ScopePos.getFirstVarInScope()))
		appendScopeBegin(B, VD, S);
		}

/// When creating the CFG for temporary destructors, we want to mirror the		/// When creating the CFG for temporary destructors, we want to mirror the
/// branch structure of the corresponding constructor calls.		/// branch structure of the corresponding constructor calls.
/// Thus, while visiting a statement for temporary destructors, we keep a		/// Thus, while visiting a statement for temporary destructors, we keep a
/// context to keep track of the following information:		/// context to keep track of the following information:
/// - whether a subexpression is executed unconditionally		/// - whether a subexpression is executed unconditionally
/// - if a subexpression is executed conditionally, the first		/// - if a subexpression is executed conditionally, the first
/// CXXBindTemporaryExpr we encounter in that subexpression (which		/// CXXBindTemporaryExpr we encounter in that subexpression (which
/// corresponds to the last temporary destructor we have to call for this		/// corresponds to the last temporary destructor we have to call for this
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	private:
void addLoopExit(const Stmt *LoopStmt);		void addLoopExit(const Stmt *LoopStmt);
void addAutomaticObjDtors(LocalScope::const_iterator B,		void addAutomaticObjDtors(LocalScope::const_iterator B,
LocalScope::const_iterator E, Stmt *S);		LocalScope::const_iterator E, Stmt *S);
void addLifetimeEnds(LocalScope::const_iterator B,		void addLifetimeEnds(LocalScope::const_iterator B,
LocalScope::const_iterator E, Stmt *S);		LocalScope::const_iterator E, Stmt *S);
void addAutomaticObjHandling(LocalScope::const_iterator B,		void addAutomaticObjHandling(LocalScope::const_iterator B,
LocalScope::const_iterator E, Stmt *S);		LocalScope::const_iterator E, Stmt *S);
void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD);		void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD);
		void addScopesEnd(LocalScope::const_iterator B, LocalScope::const_iterator E,
		Stmt *S);

// Local scopes creation.		// Local scopes creation.
LocalScope* createOrReuseLocalScope(LocalScope* Scope);		LocalScope createOrReuseLocalScope(LocalScope Scope);

void addLocalScopeForStmt(Stmt *S);		void addLocalScopeForStmt(Stmt *S);
LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS,		LocalScope addLocalScopeForDeclStmt(DeclStmt DS, LocalScope *Scope = nullptr);
LocalScope* Scope = nullptr);
LocalScope* addLocalScopeForVarDecl(VarDecl VD, LocalScope Scope = nullptr);		LocalScope addLocalScopeForVarDecl(VarDecl VD, LocalScope *Scope = nullptr);

void addLocalScopeAndDtors(Stmt *S);		void addLocalScopeAndDtors(Stmt *S);

// Interface to CFGBlock - adding CFGElements.		// Interface to CFGBlock - adding CFGElements.

void appendStmt(CFGBlock B, const Stmt S) {		void appendStmt(CFGBlock B, const Stmt S) {
if (alwaysAdd(S) && cachedEntry)		if (alwaysAdd(S) && cachedEntry)
cachedEntry->second = B;		cachedEntry->second = B;
▲ Show 20 Lines • Show All 41 Lines • ▼ Show 20 Lines	private:

void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk,		void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk,
LocalScope::const_iterator B, LocalScope::const_iterator E);		LocalScope::const_iterator B, LocalScope::const_iterator E);

void prependAutomaticObjLifetimeWithTerminator(CFGBlock *Blk,		void prependAutomaticObjLifetimeWithTerminator(CFGBlock *Blk,
LocalScope::const_iterator B,		LocalScope::const_iterator B,
LocalScope::const_iterator E);		LocalScope::const_iterator E);

		const VarDecl *
		prependAutomaticObjScopeEndWithTerminator(CFGBlock *Blk,
		LocalScope::const_iterator B,
		LocalScope::const_iterator E);

void addSuccessor(CFGBlock B, CFGBlock S, bool IsReachable = true) {		void addSuccessor(CFGBlock B, CFGBlock S, bool IsReachable = true) {
B->addSuccessor(CFGBlock::AdjacentBlock(S, IsReachable),		B->addSuccessor(CFGBlock::AdjacentBlock(S, IsReachable),
cfg->getBumpVectorContext());		cfg->getBumpVectorContext());
}		}

/// Add a reachable successor to a block, with the alternate variant that is		/// Add a reachable successor to a block, with the alternate variant that is
/// unreachable.		/// unreachable.
void addSuccessor(CFGBlock B, CFGBlock ReachableBlock, CFGBlock *AltBlock) {		void addSuccessor(CFGBlock B, CFGBlock ReachableBlock, CFGBlock *AltBlock) {
B->addSuccessor(CFGBlock::AdjacentBlock(ReachableBlock, AltBlock),		B->addSuccessor(CFGBlock::AdjacentBlock(ReachableBlock, AltBlock),
cfg->getBumpVectorContext());		cfg->getBumpVectorContext());
}		}

		void appendScopeBegin(CFGBlock B, const VarDecl VD, const Stmt *S) {
		if (BuildOpts.AddScopes)
		B->appendScopeBegin(VD, S, cfg->getBumpVectorContext());
		}

		void prependScopeBegin(CFGBlock B, const VarDecl VD, const Stmt *S) {
		if (BuildOpts.AddScopes)
		B->prependScopeBegin(VD, S, cfg->getBumpVectorContext());
		}

		void appendScopeEnd(CFGBlock B, const VarDecl VD, const Stmt *S) {
		if (BuildOpts.AddScopes)
		B->appendScopeEnd(VD, S, cfg->getBumpVectorContext());
		}

		void prependScopeEnd(CFGBlock B, const VarDecl VD, const Stmt *S) {
		if (BuildOpts.AddScopes)
		B->prependScopeEnd(VD, S, cfg->getBumpVectorContext());
		}

/// \brief Find a relational comparison with an expression evaluating to a		/// \brief Find a relational comparison with an expression evaluating to a
/// boolean and a constant other than 0 and 1.		/// boolean and a constant other than 0 and 1.
/// e.g. if ((x < y) == 10)		/// e.g. if ((x < y) == 10)
TryResult checkIncorrectRelationalOperator(const BinaryOperator *B) {		TryResult checkIncorrectRelationalOperator(const BinaryOperator *B) {
const Expr *LHSExpr = B->getLHS()->IgnoreParens();		const Expr *LHSExpr = B->getLHS()->IgnoreParens();
const Expr *RHSExpr = B->getRHS()->IgnoreParens();		const Expr *RHSExpr = B->getRHS()->IgnoreParens();

const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr);		const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr);
▲ Show 20 Lines • Show All 423 Lines • ▼ Show 20 Lines	for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(),
// incomplete AST. Handle this by not registering a successor.		// incomplete AST. Handle this by not registering a successor.
if (LI == LabelMap.end()) continue;		if (LI == LabelMap.end()) continue;

JumpTarget JT = LI->second;		JumpTarget JT = LI->second;
prependAutomaticObjLifetimeWithTerminator(B, I->scopePosition,		prependAutomaticObjLifetimeWithTerminator(B, I->scopePosition,
JT.scopePosition);		JT.scopePosition);
prependAutomaticObjDtorsWithTerminator(B, I->scopePosition,		prependAutomaticObjDtorsWithTerminator(B, I->scopePosition,
JT.scopePosition);		JT.scopePosition);
		const VarDecl *VD = prependAutomaticObjScopeEndWithTerminator(
		B, I->scopePosition, JT.scopePosition);
		appendScopeBegin(JT.block, VD, G);
addSuccessor(B, JT.block);		addSuccessor(B, JT.block);
}		}

// Add successors to the Indirect Goto Dispatch block (if we have one).		// Add successors to the Indirect Goto Dispatch block (if we have one).
		dcoughlinUnsubmitted Done Reply Inline Actions What is the difference between TriggerStmt and ScopeCreator? Do we need them both here? dcoughlin: What is the difference between TriggerStmt and ScopeCreator? Do we need them both here?
if (CFGBlock *B = cfg->getIndirectGotoBlock())		if (CFGBlock *B = cfg->getIndirectGotoBlock())
for (LabelSetTy::iterator I = AddressTakenLabels.begin(),		for (LabelSetTy::iterator I = AddressTakenLabels.begin(),
E = AddressTakenLabels.end(); I != E; ++I ) {		E = AddressTakenLabels.end(); I != E; ++I ) {
// Lookup the target block.		// Lookup the target block.
LabelMapTy::iterator LI = LabelMap.find(*I);		LabelMapTy::iterator LI = LabelMap.find(*I);

// If there is no target block that contains label, then we are looking		// If there is no target block that contains label, then we are looking
// at an incomplete AST. Handle this by not registering a successor.		// at an incomplete AST. Handle this by not registering a successor.
▲ Show 20 Lines • Show All 136 Lines • ▼ Show 20 Lines

void CFGBuilder::addAutomaticObjHandling(LocalScope::const_iterator B,		void CFGBuilder::addAutomaticObjHandling(LocalScope::const_iterator B,
LocalScope::const_iterator E,		LocalScope::const_iterator E,
Stmt *S) {		Stmt *S) {
if (BuildOpts.AddImplicitDtors)		if (BuildOpts.AddImplicitDtors)
addAutomaticObjDtors(B, E, S);		addAutomaticObjDtors(B, E, S);
if (BuildOpts.AddLifetime)		if (BuildOpts.AddLifetime)
addLifetimeEnds(B, E, S);		addLifetimeEnds(B, E, S);
		if (BuildOpts.AddScopes)
		addScopesEnd(B, E, S);
}		}

/// Add to current block automatic objects that leave the scope.		/// Add to current block automatic objects that leave the scope.
void CFGBuilder::addLifetimeEnds(LocalScope::const_iterator B,		void CFGBuilder::addLifetimeEnds(LocalScope::const_iterator B,
LocalScope::const_iterator E, Stmt *S) {		LocalScope::const_iterator E, Stmt *S) {
if (!BuildOpts.AddLifetime)		if (!BuildOpts.AddLifetime)
return;		return;

Show All 31 Lines	void CFGBuilder::addLifetimeEnds(LocalScope::const_iterator B,

for (SmallVectorImpl<VarDecl *>::reverse_iterator		for (SmallVectorImpl<VarDecl *>::reverse_iterator
I = DeclsNonTrivial.rbegin(),		I = DeclsNonTrivial.rbegin(),
E = DeclsNonTrivial.rend();		E = DeclsNonTrivial.rend();
I != E; ++I)		I != E; ++I)
appendLifetimeEnds(Block, *I, S);		appendLifetimeEnds(Block, *I, S);
}		}

		/// Add to current block markers for ending scopes.
		void CFGBuilder::addScopesEnd(LocalScope::const_iterator B,
		LocalScope::const_iterator E, Stmt *S) {
		if (!BuildOpts.AddScopes)
		dcoughlinUnsubmitted Done Reply Inline Actions I think it is very important to document the different between 'S' and 'ScopeCreator' here. dcoughlin: I think it is very important to document the different between 'S' and 'ScopeCreator' here.
		return;

		if (B == E)
		return;

		// To go from B to E, one first goes up the scopes from B to P
		// then sideways in one scope from P to P' and then down
		// the scopes from P' to E.
		// The lifetime of all objects between B and P end.
		LocalScope::const_iterator P = B.shared_parent(E);
		int Dist = B.distance(P);
		if (Dist <= 0)
		return;

		// We need to perform the scope leaving in reverse order
		SmallVector<VarDecl *, 10> DeclsWithEndedScope;
		DeclsWithEndedScope.reserve(Dist);

		for (LocalScope::const_iterator I = B; I != P; ++I)
		if (I.pointsToFirstDeclaredVar())
		DeclsWithEndedScope.push_back(*I);

		autoCreateBlock();

		for (const auto *VD : DeclsWithEndedScope)
		appendScopeEnd(Block, VD, S);

		return;
		}

/// addAutomaticObjDtors - Add to current block automatic objects destructors		/// addAutomaticObjDtors - Add to current block automatic objects destructors
/// for objects in range of local scope positions. Use S as trigger statement		/// for objects in range of local scope positions. Use S as trigger statement
/// for destructors.		/// for destructors.
		bshastryUnsubmitted Not Done Reply Inline Actions Yes. I have renamed TriggerStmt to TriggerAutoObjDtorsStmt and ScopeCreator to TriggerScopeStmt. The former tells us when to add ScopeEnd element and the former ScopeBegin element. Addition of TriggerScopeStmt was necessary because TriggerAutoObjDtorsStmt doesn't tell us anything about the present scope's context; only that the present scope is going to end. bshastry: Yes. I have renamed TriggerStmt to TriggerAutoObjDtorsStmt and ScopeCreator to TriggerScopeStmt.
void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B,		void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B,
LocalScope::const_iterator E, Stmt *S) {		LocalScope::const_iterator E, Stmt *S) {
if (!BuildOpts.AddImplicitDtors)		if (!BuildOpts.AddImplicitDtors)
return;		return;

if (B == E)		if (B == E)
return;		return;

// We need to append the destructors in reverse order, but any one of them		// We need to append the destructors in reverse order, but any one of them
// may be a no-return destructor which changes the CFG. As a result, buffer		// may be a no-return destructor which changes the CFG. As a result, buffer
// this sequence up and replay them in reverse order when appending onto the		// this sequence up and replay them in reverse order when appending onto the
// CFGBlock(s).		// CFGBlock(s).
SmallVector<VarDecl*, 10> Decls;		SmallVector<VarDecl*, 10> Decls;
Decls.reserve(B.distance(E));		Decls.reserve(B.distance(E));
for (LocalScope::const_iterator I = B; I != E; ++I)		for (LocalScope::const_iterator I = B; I != E; ++I)
Decls.push_back(*I);		Decls.push_back(*I);

for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(),		for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(),
E = Decls.rend();		E = Decls.rend();
I != E; ++I) {		I != E; ++I) {
		if (hasTrivialDestructor(*I)) continue;
// If this destructor is marked as a no-return destructor, we need to		// If this destructor is marked as a no-return destructor, we need to
// create a new block for the destructor which does not have as a successor		// create a new block for the destructor which does not have as a successor
// anything built thus far: control won't flow out of this block.		// anything built thus far: control won't flow out of this block.
QualType Ty = (*I)->getType();		QualType Ty = (*I)->getType();
if (Ty->isReferenceType()) {		if (Ty->isReferenceType()) {
Ty = getReferenceInitTemporaryType(Context, (I)->getInit());		Ty = getReferenceInitTemporaryType(Context, (I)->getInit());
}		}
Ty = Context->getBaseElementType(Ty);		Ty = Context->getBaseElementType(Ty);
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines	if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl())
autoCreateBlock();		autoCreateBlock();
appendMemberDtor(Block, FI);		appendMemberDtor(Block, FI);
}		}
}		}
}		}

/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either		/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either
/// way return valid LocalScope object.		/// way return valid LocalScope object.
LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) {		LocalScope CFGBuilder::createOrReuseLocalScope(LocalScope Scope) {
		NoQUnsubmitted Not Done Reply Inline Actions It seems that something has moved asterisks to a weird spot, might be a rebase artifact or accidental tooling. NoQ: It seems that something has moved asterisks to a weird spot, might be a rebase artifact or…
		NoQUnsubmitted Not Done Reply Inline Actions Uhm, it was always this way, just weird history when i looked at the diff between diffs, nvm, sorry. NoQ: Uhm, it was always this way, just weird history when i looked at the diff between diffs, nvm…
if (Scope)		if (Scope)
return Scope;		return Scope;
llvm::BumpPtrAllocator &alloc = cfg->getAllocator();		llvm::BumpPtrAllocator &alloc = cfg->getAllocator();
return new (alloc.Allocate<LocalScope>())		return new (alloc.Allocate<LocalScope>())
LocalScope(BumpVectorContext(alloc), ScopePos);		LocalScope(BumpVectorContext(alloc), ScopePos);
}		}

/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement		/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement
/// that should create implicit scope (e.g. if/else substatements).		/// that should create implicit scope (e.g. if/else substatements).
void CFGBuilder::addLocalScopeForStmt(Stmt *S) {		void CFGBuilder::addLocalScopeForStmt(Stmt *S) {
if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime)		if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
		!BuildOpts.AddScopes)
return;		return;

LocalScope *Scope = nullptr;		LocalScope *Scope = nullptr;

// For compound statement we will be creating explicit scope.		// For compound statement we will be creating explicit scope.
if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) {		if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) {
for (auto *BI : CS->body()) {		for (auto *BI : CS->body()) {
Stmt *SI = BI->stripLabelLikeStatements();		Stmt *SI = BI->stripLabelLikeStatements();
if (DeclStmt *DS = dyn_cast<DeclStmt>(SI))		if (DeclStmt *DS = dyn_cast<DeclStmt>(SI))
Scope = addLocalScopeForDeclStmt(DS, Scope);		Scope = addLocalScopeForDeclStmt(DS, Scope);
}		}
return;		return;
}		}

// For any other statement scope will be implicit and as such will be		// For any other statement scope will be implicit and as such will be
// interesting only for DeclStmt.		// interesting only for DeclStmt.
if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements()))		if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements()))
addLocalScopeForDeclStmt(DS);		addLocalScopeForDeclStmt(DS);
}		}

/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will		/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will
/// reuse Scope if not NULL.		/// reuse Scope if not NULL.
LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS,		LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS,
LocalScope* Scope) {		LocalScope* Scope) {
if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime)		if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
		!BuildOpts.AddScopes)
return Scope;		return Scope;

for (auto *DI : DS->decls())		for (auto *DI : DS->decls())
if (VarDecl *VD = dyn_cast<VarDecl>(DI))		if (VarDecl *VD = dyn_cast<VarDecl>(DI))
Scope = addLocalScopeForVarDecl(VD, Scope);		Scope = addLocalScopeForVarDecl(VD, Scope);
return Scope;		return Scope;
}		}

Show All 35 Lines

/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will		/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will
/// create add scope for automatic objects and temporary objects bound to		/// create add scope for automatic objects and temporary objects bound to
/// const reference. Will reuse Scope if not NULL.		/// const reference. Will reuse Scope if not NULL.
LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD,		LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD,
LocalScope* Scope) {		LocalScope* Scope) {
assert(!(BuildOpts.AddImplicitDtors && BuildOpts.AddLifetime) &&		assert(!(BuildOpts.AddImplicitDtors && BuildOpts.AddLifetime) &&
"AddImplicitDtors and AddLifetime cannot be used at the same time");		"AddImplicitDtors and AddLifetime cannot be used at the same time");
if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime)		if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
		!BuildOpts.AddScopes)
return Scope;		return Scope;

// Check if variable is local.		// Check if variable is local.
switch (VD->getStorageClass()) {		switch (VD->getStorageClass()) {
case SC_None:		case SC_None:
case SC_Auto:		case SC_Auto:
case SC_Register:		case SC_Register:
break;		break;
default: return Scope;		default: return Scope;
}		}

if (BuildOpts.AddImplicitDtors) {		if (BuildOpts.AddImplicitDtors) {
if (!hasTrivialDestructor(VD)) {		if (!hasTrivialDestructor(VD) \|\| BuildOpts.AddScopes) {
// Add the variable to scope		// Add the variable to scope
Scope = createOrReuseLocalScope(Scope);		Scope = createOrReuseLocalScope(Scope);
Scope->addVar(VD);		Scope->addVar(VD);
ScopePos = Scope->begin();		ScopePos = Scope->begin();
}		}
return Scope;		return Scope;
}		}

▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines	if (!BuildOpts.AddLifetime)
return;		return;
BumpVectorContext &C = cfg->getBumpVectorContext();		BumpVectorContext &C = cfg->getBumpVectorContext();
CFGBlock::iterator InsertPos =		CFGBlock::iterator InsertPos =
Blk->beginLifetimeEndsInsert(Blk->end(), B.distance(E), C);		Blk->beginLifetimeEndsInsert(Blk->end(), B.distance(E), C);
for (LocalScope::const_iterator I = B; I != E; ++I)		for (LocalScope::const_iterator I = B; I != E; ++I)
InsertPos = Blk->insertLifetimeEnds(InsertPos, *I, Blk->getTerminator());		InsertPos = Blk->insertLifetimeEnds(InsertPos, *I, Blk->getTerminator());
}		}

		/// prependAutomaticObjScopeEndWithTerminator - Prepend scope end CFGElements for
		/// variables with automatic storage duration to CFGBlock's elements vector.
		/// Elements will be prepended to physical beginning of the vector which
		/// happens to be logical end. Use blocks terminator as statement that specifies
		/// where scope ends.
		const VarDecl *
		CFGBuilder::prependAutomaticObjScopeEndWithTerminator(
		CFGBlock *Blk, LocalScope::const_iterator B, LocalScope::const_iterator E) {
		if (!BuildOpts.AddScopes)
		return nullptr;
		BumpVectorContext &C = cfg->getBumpVectorContext();
		CFGBlock::iterator InsertPos =
		Blk->beginScopeEndInsert(Blk->end(), 1, C);
		LocalScope::const_iterator PlaceToInsert = B;
		for (LocalScope::const_iterator I = B; I != E; ++I)
		PlaceToInsert = I;
		Blk->insertScopeEnd(InsertPos, *PlaceToInsert, Blk->getTerminator());
		return *PlaceToInsert;
		}

/// Visit - Walk the subtree of a statement and add extra		/// Visit - Walk the subtree of a statement and add extra
/// blocks for ternary operators, &&, and \|\|. We also process "," and		/// blocks for ternary operators, &&, and \|\|. We also process "," and
/// DeclStmts (which may contain nested control-flow).		/// DeclStmts (which may contain nested control-flow).
CFGBlock CFGBuilder::Visit(Stmt S, AddStmtChoice asc) {		CFGBlock CFGBuilder::Visit(Stmt S, AddStmtChoice asc) {
if (!S) {		if (!S) {
badCFG = true;		badCFG = true;
return nullptr;		return nullptr;
}		}
▲ Show 20 Lines • Show All 709 Lines • ▼ Show 20 Lines	CFGBlock CFGBuilder::VisitDeclSubExpr(DeclStmt DS) {

// If the type of VD is a VLA, then we must process its size expressions.		// If the type of VD is a VLA, then we must process its size expressions.
for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr());		for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr());
VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr())) {		VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr())) {
if (CFGBlock *newBlock = addStmt(VA->getSizeExpr()))		if (CFGBlock *newBlock = addStmt(VA->getSizeExpr()))
LastBlock = newBlock;		LastBlock = newBlock;
}		}

		maybeAddScopeBeginForVarDecl(Block, VD, DS);

// Remove variable from local scope.		// Remove variable from local scope.
if (ScopePos && VD == *ScopePos)		if (ScopePos && VD == *ScopePos)
++ScopePos;		++ScopePos;

CFGBlock *B = LastBlock;		CFGBlock *B = LastBlock;
if (blockAfterStaticInit) {		if (blockAfterStaticInit) {
Succ = B;		Succ = B;
Block = createBlock(false);		Block = createBlock(false);
▲ Show 20 Lines • Show All 444 Lines • ▼ Show 20 Lines	CFGBlock CFGBuilder::VisitForStmt(ForStmt F) {

// Because of short-circuit evaluation, the condition of the loop can span		// Because of short-circuit evaluation, the condition of the loop can span
// multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that		// multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
// evaluate the condition.		// evaluate the condition.
CFGBlock EntryConditionBlock = nullptr, ExitConditionBlock = nullptr;		CFGBlock EntryConditionBlock = nullptr, ExitConditionBlock = nullptr;

do {		do {
Expr *C = F->getCond();		Expr *C = F->getCond();
		SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);

// Specially handle logical operators, which have a slightly		// Specially handle logical operators, which have a slightly
// more optimal CFG representation.		// more optimal CFG representation.
if (BinaryOperator *Cond =		if (BinaryOperator *Cond =
dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : nullptr))		dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : nullptr))
if (Cond->isLogicalOp()) {		if (Cond->isLogicalOp()) {
std::tie(EntryConditionBlock, ExitConditionBlock) =		std::tie(EntryConditionBlock, ExitConditionBlock) =
VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor);		VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor);
Show All 17 Lines	if (C) {
// If this block contains a condition variable, add both the condition		// If this block contains a condition variable, add both the condition
// variable and initializer to the CFG.		// variable and initializer to the CFG.
if (VarDecl *VD = F->getConditionVariable()) {		if (VarDecl *VD = F->getConditionVariable()) {
if (Expr *Init = VD->getInit()) {		if (Expr *Init = VD->getInit()) {
autoCreateBlock();		autoCreateBlock();
appendStmt(Block, F->getConditionVariableDeclStmt());		appendStmt(Block, F->getConditionVariableDeclStmt());
EntryConditionBlock = addStmt(Init);		EntryConditionBlock = addStmt(Init);
assert(Block == EntryConditionBlock);		assert(Block == EntryConditionBlock);
		maybeAddScopeBeginForVarDecl(EntryConditionBlock, VD, C);
}		}
}		}

if (Block && badCFG)		if (Block && badCFG)
return nullptr;		return nullptr;

KnownVal = tryEvaluateBool(C);		KnownVal = tryEvaluateBool(C);
}		}
Show All 10 Lines	CFGBlock CFGBuilder::VisitForStmt(ForStmt F) {
addSuccessor(TransitionBlock, EntryConditionBlock);		addSuccessor(TransitionBlock, EntryConditionBlock);

// The condition block is the implicit successor for any code above the loop.		// The condition block is the implicit successor for any code above the loop.
Succ = EntryConditionBlock;		Succ = EntryConditionBlock;

// If the loop contains initialization, create a new block for those		// If the loop contains initialization, create a new block for those
// statements. This block can also contain statements that precede the loop.		// statements. This block can also contain statements that precede the loop.
if (Stmt *I = F->getInit()) {		if (Stmt *I = F->getInit()) {
		SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
		ScopePos = LoopBeginScopePos;
Block = createBlock();		Block = createBlock();
return addStmt(I);		return addStmt(I);
}		}

// There is no loop initialization. We are thus basically a while loop.		// There is no loop initialization. We are thus basically a while loop.
// NULL out Block to force lazy block construction.		// NULL out Block to force lazy block construction.
Block = nullptr;		Block = nullptr;
Succ = EntryConditionBlock;		Succ = EntryConditionBlock;
▲ Show 20 Lines • Show All 270 Lines • ▼ Show 20 Lines	do {
// If this block contains a condition variable, add both the condition		// If this block contains a condition variable, add both the condition
// variable and initializer to the CFG.		// variable and initializer to the CFG.
if (VarDecl *VD = W->getConditionVariable()) {		if (VarDecl *VD = W->getConditionVariable()) {
if (Expr *Init = VD->getInit()) {		if (Expr *Init = VD->getInit()) {
autoCreateBlock();		autoCreateBlock();
appendStmt(Block, W->getConditionVariableDeclStmt());		appendStmt(Block, W->getConditionVariableDeclStmt());
EntryConditionBlock = addStmt(Init);		EntryConditionBlock = addStmt(Init);
assert(Block == EntryConditionBlock);		assert(Block == EntryConditionBlock);
		maybeAddScopeBeginForVarDecl(EntryConditionBlock, VD, C);
}		}
}		}

if (Block && badCFG)		if (Block && badCFG)
return nullptr;		return nullptr;

// See if this is a known constant.		// See if this is a known constant.
const TryResult& KnownVal = tryEvaluateBool(C);		const TryResult& KnownVal = tryEvaluateBool(C);
▲ Show 20 Lines • Show All 309 Lines • ▼ Show 20 Lines	CFGBlock CFGBuilder::VisitSwitchStmt(SwitchStmt Terminator) {

// If the SwitchStmt contains a condition variable, add both the		// If the SwitchStmt contains a condition variable, add both the
// SwitchStmt and the condition variable initialization to the CFG.		// SwitchStmt and the condition variable initialization to the CFG.
if (VarDecl *VD = Terminator->getConditionVariable()) {		if (VarDecl *VD = Terminator->getConditionVariable()) {
if (Expr *Init = VD->getInit()) {		if (Expr *Init = VD->getInit()) {
autoCreateBlock();		autoCreateBlock();
appendStmt(Block, Terminator->getConditionVariableDeclStmt());		appendStmt(Block, Terminator->getConditionVariableDeclStmt());
LastBlock = addStmt(Init);		LastBlock = addStmt(Init);
		maybeAddScopeBeginForVarDecl(LastBlock, VD, Init);
}		}
}		}

// Finally, if the SwitchStmt contains a C++17 init-stmt, add it to the CFG.		// Finally, if the SwitchStmt contains a C++17 init-stmt, add it to the CFG.
if (Stmt *Init = Terminator->getInit()) {		if (Stmt *Init = Terminator->getInit()) {
autoCreateBlock();		autoCreateBlock();
LastBlock = addStmt(Init);		LastBlock = addStmt(Init);
}		}
▲ Show 20 Lines • Show All 716 Lines • ▼ Show 20 Lines
const CXXDestructorDecl *		const CXXDestructorDecl *
CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const {		CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const {
switch (getKind()) {		switch (getKind()) {
case CFGElement::Statement:		case CFGElement::Statement:
case CFGElement::Initializer:		case CFGElement::Initializer:
case CFGElement::NewAllocator:		case CFGElement::NewAllocator:
case CFGElement::LoopExit:		case CFGElement::LoopExit:
case CFGElement::LifetimeEnds:		case CFGElement::LifetimeEnds:
		case CFGElement::ScopeBegin:
		case CFGElement::ScopeEnd:
llvm_unreachable("getDestructorDecl should only be used with "		llvm_unreachable("getDestructorDecl should only be used with "
"ImplicitDtors");		"ImplicitDtors");
case CFGElement::AutomaticObjectDtor: {		case CFGElement::AutomaticObjectDtor: {
const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl();		const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl();
QualType ty = var->getType();		QualType ty = var->getType();

// FIXME: See CFGBuilder::addLocalScopeForVarDecl.		// FIXME: See CFGBuilder::addLocalScopeForVarDecl.
//		//
▲ Show 20 Lines • Show All 399 Lines • ▼ Show 20 Lines	static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper,
} else if (Optional<CFGLifetimeEnds> DE = E.getAs<CFGLifetimeEnds>()) {		} else if (Optional<CFGLifetimeEnds> DE = E.getAs<CFGLifetimeEnds>()) {
const VarDecl *VD = DE->getVarDecl();		const VarDecl *VD = DE->getVarDecl();
Helper.handleDecl(VD, OS);		Helper.handleDecl(VD, OS);

OS << " (Lifetime ends)\n";		OS << " (Lifetime ends)\n";
} else if (Optional<CFGLoopExit> LE = E.getAs<CFGLoopExit>()) {		} else if (Optional<CFGLoopExit> LE = E.getAs<CFGLoopExit>()) {
const Stmt *LoopStmt = LE->getLoopStmt();		const Stmt *LoopStmt = LE->getLoopStmt();
OS << LoopStmt->getStmtClassName() << " (LoopExit)\n";		OS << LoopStmt->getStmtClassName() << " (LoopExit)\n";
		} else if (Optional<CFGScopeBegin> SB = E.getAs<CFGScopeBegin>()) {
		OS << "CFGScopeBegin(";
		if (const VarDecl *VD = SB->getVarDecl())
		OS << VD->getQualifiedNameAsString();
		OS << ")\n";
		} else if (Optional<CFGScopeEnd> SE = E.getAs<CFGScopeEnd>()) {
		OS << "CFGScopeEnd(";
		if (const VarDecl *VD = SE->getVarDecl())
		OS << VD->getQualifiedNameAsString();
		OS << ")\n";
} else if (Optional<CFGNewAllocator> NE = E.getAs<CFGNewAllocator>()) {		} else if (Optional<CFGNewAllocator> NE = E.getAs<CFGNewAllocator>()) {
OS << "CFGNewAllocator(";		OS << "CFGNewAllocator(";
if (const CXXNewExpr *AllocExpr = NE->getAllocatorExpr())		if (const CXXNewExpr *AllocExpr = NE->getAllocatorExpr())
AllocExpr->getType().print(OS, PrintingPolicy(Helper.getLangOpts()));		AllocExpr->getType().print(OS, PrintingPolicy(Helper.getLangOpts()));
OS << ")\n";		OS << ")\n";
} else if (Optional<CFGDeleteDtor> DE = E.getAs<CFGDeleteDtor>()) {		} else if (Optional<CFGDeleteDtor> DE = E.getAs<CFGDeleteDtor>()) {
const CXXRecordDecl *RD = DE->getCXXRecordDecl();		const CXXRecordDecl *RD = DE->getCXXRecordDecl();
if (!RD)		if (!RD)
▲ Show 20 Lines • Show All 369 Lines • Show Last 20 Lines

lib/StaticAnalyzer/Core/AnalysisManager.cpp

Show All 20 Lines	AnalysisManager::AnalysisManager(
AnalyzerOptions &Options, CodeInjector *injector)		AnalyzerOptions &Options, CodeInjector *injector)
: AnaCtxMgr(ASTCtx, Options.UnoptimizedCFG,		: AnaCtxMgr(ASTCtx, Options.UnoptimizedCFG,
Options.includeImplicitDtorsInCFG(),		Options.includeImplicitDtorsInCFG(),
/AddInitializers=/true, Options.includeTemporaryDtorsInCFG(),		/AddInitializers=/true, Options.includeTemporaryDtorsInCFG(),
Options.includeLifetimeInCFG(),		Options.includeLifetimeInCFG(),
// Adding LoopExit elements to the CFG is a requirement for loop		// Adding LoopExit elements to the CFG is a requirement for loop
// unrolling.		// unrolling.
Options.includeLoopExitInCFG() \|\| Options.shouldUnrollLoops(),		Options.includeLoopExitInCFG() \|\| Options.shouldUnrollLoops(),
		Options.includeScopesInCFG(),
		dcoughlinUnsubmitted Done Reply Inline Actions The indentation looks off here. dcoughlin: The indentation looks off here.
Options.shouldSynthesizeBodies(),		Options.shouldSynthesizeBodies(),
Options.shouldConditionalizeStaticInitializers(),		Options.shouldConditionalizeStaticInitializers(),
/addCXXNewAllocator=/true,		/addCXXNewAllocator=/true,
injector),		injector),
Ctx(ASTCtx), Diags(diags), LangOpts(lang), PathConsumers(PDC),		Ctx(ASTCtx), Diags(diags), LangOpts(lang), PathConsumers(PDC),
CreateStoreMgr(storemgr), CreateConstraintMgr(constraintmgr),		CreateStoreMgr(storemgr), CreateConstraintMgr(constraintmgr),
CheckerMgr(checkerMgr), options(Options) {		CheckerMgr(checkerMgr), options(Options) {
AnaCtxMgr.getCFGBuildOptions().setAllAlwaysAdd();		AnaCtxMgr.getCFGBuildOptions().setAllAlwaysAdd();
Show All 18 Lines

lib/StaticAnalyzer/Core/AnalyzerOptions.cpp

Show First 20 Lines • Show All 182 Lines • ▼ Show 20 Lines	return getBooleanOption(IncludeLifetimeInCFG, "cfg-lifetime",
/* Default = */ false);		/* Default = */ false);
}		}

bool AnalyzerOptions::includeLoopExitInCFG() {		bool AnalyzerOptions::includeLoopExitInCFG() {
return getBooleanOption(IncludeLoopExitInCFG, "cfg-loopexit",		return getBooleanOption(IncludeLoopExitInCFG, "cfg-loopexit",
/* Default = */ false);		/* Default = */ false);
}		}

		bool AnalyzerOptions::includeScopesInCFG() {
		return getBooleanOption(IncludeScopesInCFG,
		"cfg-scopes",
		/* Default = */ false);
		}

bool AnalyzerOptions::mayInlineCXXStandardLibrary() {		bool AnalyzerOptions::mayInlineCXXStandardLibrary() {
return getBooleanOption(InlineCXXStandardLibrary,		return getBooleanOption(InlineCXXStandardLibrary,
"c++-stdlib-inlining",		"c++-stdlib-inlining",
/Default=/true);		/Default=/true);
}		}

bool AnalyzerOptions::mayInlineTemplateFunctions() {		bool AnalyzerOptions::mayInlineTemplateFunctions() {
return getBooleanOption(InlineTemplateFunctions,		return getBooleanOption(InlineTemplateFunctions,
▲ Show 20 Lines • Show All 196 Lines • Show Last 20 Lines

lib/StaticAnalyzer/Core/ExprEngine.cpp

Show First 20 Lines • Show All 414 Lines • ▼ Show 20 Lines	switch (E.getKind()) {
case CFGElement::MemberDtor:		case CFGElement::MemberDtor:
case CFGElement::TemporaryDtor:		case CFGElement::TemporaryDtor:
ProcessImplicitDtor(E.castAs<CFGImplicitDtor>(), Pred);		ProcessImplicitDtor(E.castAs<CFGImplicitDtor>(), Pred);
return;		return;
case CFGElement::LoopExit:		case CFGElement::LoopExit:
ProcessLoopExit(E.castAs<CFGLoopExit>().getLoopStmt(), Pred);		ProcessLoopExit(E.castAs<CFGLoopExit>().getLoopStmt(), Pred);
return;		return;
case CFGElement::LifetimeEnds:		case CFGElement::LifetimeEnds:
		case CFGElement::ScopeBegin:
		case CFGElement::ScopeEnd:
return;		return;
}		}
}		}

static bool shouldRemoveDeadBindings(AnalysisManager &AMgr,		static bool shouldRemoveDeadBindings(AnalysisManager &AMgr,
const CFGStmt S,		const CFGStmt S,
const ExplodedNode *Pred,		const ExplodedNode *Pred,
const LocationContext *LC) {		const LocationContext *LC) {
▲ Show 20 Lines • Show All 2,615 Lines • Show Last 20 Lines

lib/StaticAnalyzer/Core/PathDiagnostic.cpp

Show First 20 Lines • Show All 573 Lines • ▼ Show 20 Lines	if (const Stmt *CallerBody = CallerInfo->getBody())
return PathDiagnosticLocation::createEnd(CallerBody, SM, CallerCtx);		return PathDiagnosticLocation::createEnd(CallerBody, SM, CallerCtx);
return PathDiagnosticLocation::create(CallerInfo->getDecl(), SM);		return PathDiagnosticLocation::create(CallerInfo->getDecl(), SM);
}		}
case CFGElement::NewAllocator: {		case CFGElement::NewAllocator: {
const CFGNewAllocator &Alloc = Source.castAs<CFGNewAllocator>();		const CFGNewAllocator &Alloc = Source.castAs<CFGNewAllocator>();
return PathDiagnosticLocation(Alloc.getAllocatorExpr(), SM, CallerCtx);		return PathDiagnosticLocation(Alloc.getAllocatorExpr(), SM, CallerCtx);
}		}
case CFGElement::TemporaryDtor:		case CFGElement::TemporaryDtor:
		case CFGElement::ScopeBegin:
		case CFGElement::ScopeEnd:
llvm_unreachable("not yet implemented!");		llvm_unreachable("not yet implemented!");
case CFGElement::LifetimeEnds:		case CFGElement::LifetimeEnds:
case CFGElement::LoopExit:		case CFGElement::LoopExit:
llvm_unreachable("CFGElement kind should not be on callsite!");		llvm_unreachable("CFGElement kind should not be on callsite!");
}		}

llvm_unreachable("Unknown CFGElement kind");		llvm_unreachable("Unknown CFGElement kind");
}		}
▲ Show 20 Lines • Show All 655 Lines • Show Last 20 Lines

test/Analysis/analyzer-config.c

Show All 9 Lines	void foo() {
}		}
}		}

// CHECK: [config]		// CHECK: [config]
// CHECK-NEXT: cfg-conditional-static-initializers = true		// CHECK-NEXT: cfg-conditional-static-initializers = true
// CHECK-NEXT: cfg-implicit-dtors = true		// CHECK-NEXT: cfg-implicit-dtors = true
// CHECK-NEXT: cfg-lifetime = false		// CHECK-NEXT: cfg-lifetime = false
// CHECK-NEXT: cfg-loopexit = false		// CHECK-NEXT: cfg-loopexit = false
		// CHECK-NEXT: cfg-scopes = false
// CHECK-NEXT: cfg-temporary-dtors = false		// CHECK-NEXT: cfg-temporary-dtors = false
// CHECK-NEXT: faux-bodies = true		// CHECK-NEXT: faux-bodies = true
// CHECK-NEXT: graph-trim-interval = 1000		// CHECK-NEXT: graph-trim-interval = 1000
// CHECK-NEXT: inline-lambdas = true		// CHECK-NEXT: inline-lambdas = true
// CHECK-NEXT: ipa = dynamic-bifurcate		// CHECK-NEXT: ipa = dynamic-bifurcate
// CHECK-NEXT: ipa-always-inline-size = 3		// CHECK-NEXT: ipa-always-inline-size = 3
// CHECK-NEXT: leak-diagnostics-reference-allocation = false		// CHECK-NEXT: leak-diagnostics-reference-allocation = false
// CHECK-NEXT: max-inlinable-size = 100		// CHECK-NEXT: max-inlinable-size = 100
// CHECK-NEXT: max-nodes = 225000		// CHECK-NEXT: max-nodes = 225000
// CHECK-NEXT: max-times-inline-large = 32		// CHECK-NEXT: max-times-inline-large = 32
// CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14		// CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14
// CHECK-NEXT: mode = deep		// CHECK-NEXT: mode = deep
// CHECK-NEXT: region-store-small-struct-limit = 2		// CHECK-NEXT: region-store-small-struct-limit = 2
// CHECK-NEXT: unroll-loops = false		// CHECK-NEXT: unroll-loops = false
// CHECK-NEXT: widen-loops = false		// CHECK-NEXT: widen-loops = false
// CHECK-NEXT: [stats]		// CHECK-NEXT: [stats]
// CHECK-NEXT: num-entries = 19		// CHECK-NEXT: num-entries = 20

test/Analysis/analyzer-config.cpp

	Show All 20 Lines
	// CHECK-NEXT: c++-inlining = destructors			// CHECK-NEXT: c++-inlining = destructors
	// CHECK-NEXT: c++-shared_ptr-inlining = false			// CHECK-NEXT: c++-shared_ptr-inlining = false
	// CHECK-NEXT: c++-stdlib-inlining = true			// CHECK-NEXT: c++-stdlib-inlining = true
	// CHECK-NEXT: c++-template-inlining = true			// CHECK-NEXT: c++-template-inlining = true
	// CHECK-NEXT: cfg-conditional-static-initializers = true			// CHECK-NEXT: cfg-conditional-static-initializers = true
	// CHECK-NEXT: cfg-implicit-dtors = true			// CHECK-NEXT: cfg-implicit-dtors = true
	// CHECK-NEXT: cfg-lifetime = false			// CHECK-NEXT: cfg-lifetime = false
	// CHECK-NEXT: cfg-loopexit = false			// CHECK-NEXT: cfg-loopexit = false
				// CHECK-NEXT: cfg-scopes = false
	// CHECK-NEXT: cfg-temporary-dtors = false			// CHECK-NEXT: cfg-temporary-dtors = false
	// CHECK-NEXT: faux-bodies = true			// CHECK-NEXT: faux-bodies = true
	// CHECK-NEXT: graph-trim-interval = 1000			// CHECK-NEXT: graph-trim-interval = 1000
	// CHECK-NEXT: inline-lambdas = true			// CHECK-NEXT: inline-lambdas = true
	// CHECK-NEXT: ipa = dynamic-bifurcate			// CHECK-NEXT: ipa = dynamic-bifurcate
	// CHECK-NEXT: ipa-always-inline-size = 3			// CHECK-NEXT: ipa-always-inline-size = 3
	// CHECK-NEXT: leak-diagnostics-reference-allocation = false			// CHECK-NEXT: leak-diagnostics-reference-allocation = false
	// CHECK-NEXT: max-inlinable-size = 100			// CHECK-NEXT: max-inlinable-size = 100
	// CHECK-NEXT: max-nodes = 225000			// CHECK-NEXT: max-nodes = 225000
	// CHECK-NEXT: max-times-inline-large = 32			// CHECK-NEXT: max-times-inline-large = 32
	// CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14			// CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14
	// CHECK-NEXT: mode = deep			// CHECK-NEXT: mode = deep
	// CHECK-NEXT: region-store-small-struct-limit = 2			// CHECK-NEXT: region-store-small-struct-limit = 2
	// CHECK-NEXT: unroll-loops = false			// CHECK-NEXT: unroll-loops = false
	// CHECK-NEXT: widen-loops = false			// CHECK-NEXT: widen-loops = false
	// CHECK-NEXT: [stats]			// CHECK-NEXT: [stats]
	// CHECK-NEXT: num-entries = 24			// CHECK-NEXT: num-entries = 25

test/Analysis/scopes-cfg-output.cpp

This file was added.

				// RUN: %clang_cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.DumpCFG -analyzer-config cfg-scopes=true %s > %t 2>&1
				// RUN: FileCheck --input-file=%t %s

				class A {
				public:
				// CHECK: [B1 (ENTRY)]
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				A() {}

				// CHECK: [B1 (ENTRY)]
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				~A() {}

				// CHECK: [B2 (ENTRY)]
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B1]
				// CHECK-NEXT: 1: 1
				// CHECK-NEXT: 2: return [B1.1];
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				operator int() const { return 1; }
				};

				int getX();
				extern const bool UV;

				// CHECK: [B2 (ENTRY)]
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A [2])
				// CHECK-NEXT: 3: A a[2];
				// CHECK-NEXT: 4: (CXXConstructExpr, class A [0])
				// CHECK-NEXT: 5: A b[0];
				// CHECK-NEXT: 6: CFGScopeEnd(a)
				// CHECK-NEXT: 7: [B1.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_array() {
				A a[2];
				A b[0];
				}

				// CHECK: [B2 (ENTRY)]
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: 4: CFGScopeBegin(c)
				// CHECK-NEXT: 5: (CXXConstructExpr, class A)
				// CHECK-NEXT: 6: A c;
				// CHECK-NEXT: 7: (CXXConstructExpr, class A)
				// CHECK-NEXT: 8: A d;
				// CHECK-NEXT: 9: CFGScopeEnd(c)
				// CHECK-NEXT: 10: [B1.8].~A() (Implicit destructor)
				// CHECK-NEXT: 11: [B1.6].~A() (Implicit destructor)
				// CHECK-NEXT: 12: (CXXConstructExpr, class A)
				// CHECK-NEXT: 13: A b;
				// CHECK-NEXT: 14: CFGScopeEnd(a)
				// CHECK-NEXT: 15: [B1.13].~A() (Implicit destructor)
				// CHECK-NEXT: 16: [B1.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_scope() {
				A a;
				{ A c;
				A d;
				}
				A b;
				}

				// CHECK: [B4 (ENTRY)]
				// CHECK-NEXT: Succs (1): B3
				// CHECK: [B1]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A c;
				// CHECK-NEXT: 3: CFGScopeEnd(a)
				// CHECK-NEXT: 4: [B1.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B3.5].~A() (Implicit destructor)
				// CHECK-NEXT: 6: [B3.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B3
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: return;
				// CHECK-NEXT: 2: CFGScopeEnd(a)
				// CHECK-NEXT: 3: [B3.5].~A() (Implicit destructor)
				// CHECK-NEXT: 4: [B3.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B3
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: 4: (CXXConstructExpr, class A)
				// CHECK-NEXT: 5: A b;
				// CHECK-NEXT: 6: UV
				// CHECK-NEXT: 7: [B3.6] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B3.7]
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (2): B2 B1
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (2): B1 B2
				void test_return() {
				A a;
				A b;
				if (UV) return;
				A c;
				}

				// CHECK: [B5 (ENTRY)]
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: [B4.8].~A() (Implicit destructor)
				// CHECK-NEXT: 3: CFGScopeEnd(a)
				// CHECK-NEXT: 4: [B4.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (2): B2 B3
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B2.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B3.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: 4: CFGScopeBegin(b)
				// CHECK-NEXT: 5: a
				// CHECK-NEXT: 6: [B4.5] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 7: [B4.6] (CXXConstructExpr, class A)
				// CHECK-NEXT: 8: A b = a;
				// CHECK-NEXT: 9: b
				// CHECK-NEXT: 10: [B4.9] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 11: [B4.10].operator int
				// CHECK-NEXT: 12: [B4.10]
				// CHECK-NEXT: 13: [B4.12] (ImplicitCastExpr, UserDefinedConversion, int)
				// CHECK-NEXT: 14: [B4.13] (ImplicitCastExpr, IntegralToBoolean, _Bool)
				// CHECK-NEXT: T: if [B4.14]
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (2): B3 B2
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_if_implicit_scope() {
				A a;
				if (A b = a)
				A c;
				else A c;
				}

				// CHECK: [B9 (ENTRY)]
				// CHECK-NEXT: Succs (1): B8
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: [B8.8].~A() (Implicit destructor)
				// CHECK-NEXT: 3: (CXXConstructExpr, class A)
				// CHECK-NEXT: 4: A e;
				// CHECK-NEXT: 5: CFGScopeEnd(a)
				// CHECK-NEXT: 6: [B1.4].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B8.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (2): B2 B5
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A d;
				// CHECK-NEXT: 3: CFGScopeEnd(c)
				// CHECK-NEXT: 4: [B2.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B4.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B3]
				// CHECK-NEXT: 1: return;
				// CHECK-NEXT: 2: CFGScopeEnd(a)
				// CHECK-NEXT: 3: CFGScopeEnd(b)
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B4.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: [B8.8].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B8.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: UV
				// CHECK-NEXT: 5: [B4.4] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B4.5]
				// CHECK-NEXT: Preds (1): B8
				// CHECK-NEXT: Succs (2): B3 B2
				// CHECK: [B5]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A d;
				// CHECK-NEXT: 3: CFGScopeEnd(c)
				// CHECK-NEXT: 4: [B5.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B7.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B6]
				// CHECK-NEXT: 1: return;
				// CHECK-NEXT: 2: CFGScopeEnd(a)
				// CHECK-NEXT: 3: CFGScopeEnd(b)
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B7.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: [B8.8].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B8.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B7]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: UV
				// CHECK-NEXT: 5: [B7.4] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B7.5]
				// CHECK-NEXT: Preds (1): B8
				// CHECK-NEXT: Succs (2): B6 B5
				// CHECK: [B8]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: 4: CFGScopeBegin(b)
				// CHECK-NEXT: 5: a
				// CHECK-NEXT: 6: [B8.5] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 7: [B8.6] (CXXConstructExpr, class A)
				// CHECK-NEXT: 8: A b = a;
				// CHECK-NEXT: 9: b
				// CHECK-NEXT: 10: [B8.9] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 11: [B8.10].operator int
				// CHECK-NEXT: 12: [B8.10]
				// CHECK-NEXT: 13: [B8.12] (ImplicitCastExpr, UserDefinedConversion, int)
				// CHECK-NEXT: 14: [B8.13] (ImplicitCastExpr, IntegralToBoolean, _Bool)
				// CHECK-NEXT: T: if [B8.14]
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (2): B7 B4
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (3): B1 B3 B6
				void test_if_jumps() {
				A a;
				if (A b = a) {
				A c;
				if (UV) return;
				A d;
				} else {
				A c;
				if (UV) return;
				A d;
				}
				A e;
				}

				// CHECK: [B6 (ENTRY)]
				// CHECK-NEXT: Succs (1): B5
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: [B4.5].~A() (Implicit destructor)
				// CHECK-NEXT: 3: CFGScopeEnd(a)
				// CHECK-NEXT: 4: [B5.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: Preds (1): B3
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B3.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: CFGScopeEnd(b)
				// CHECK-NEXT: 7: [B4.5].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(b)
				// CHECK-NEXT: 2: a
				// CHECK-NEXT: 3: [B4.2] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 4: [B4.3] (CXXConstructExpr, class A)
				// CHECK-NEXT: 5: A b = a;
				// CHECK-NEXT: 6: b
				// CHECK-NEXT: 7: [B4.6] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 8: [B4.7].operator int
				// CHECK-NEXT: 9: [B4.7]
				// CHECK-NEXT: 10: [B4.9] (ImplicitCastExpr, UserDefinedConversion, int)
				// CHECK-NEXT: 11: [B4.10] (ImplicitCastExpr, IntegralToBoolean, _Bool)
				// CHECK-NEXT: T: while [B4.11]
				// CHECK-NEXT: Preds (2): B2 B5
				// CHECK-NEXT: Succs (2): B3 B1
				// CHECK: [B5]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: Preds (1): B6
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_while_implicit_scope() {
				A a;
				while (A b = a)
				A c;
				}

				// CHECK: [B12 (ENTRY)]
				// CHECK-NEXT: Succs (1): B11
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: 3: (CXXConstructExpr, class A)
				// CHECK-NEXT: 4: A e;
				// CHECK-NEXT: 5: CFGScopeEnd(a)
				// CHECK-NEXT: 6: [B1.4].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B11.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (2): B8 B10
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: Preds (2): B3 B6
				// CHECK-NEXT: Succs (1): B10
				// CHECK: [B3]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A d;
				// CHECK-NEXT: 3: CFGScopeEnd(c)
				// CHECK-NEXT: 4: [B3.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: CFGScopeEnd(b)
				// CHECK-NEXT: 7: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: return;
				// CHECK-NEXT: 2: CFGScopeEnd(a)
				// CHECK-NEXT: 3: CFGScopeEnd(b)
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B11.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B5]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B5.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B5.2]
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (2): B4 B3
				// CHECK: [B6]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: CFGScopeEnd(c)
				// CHECK-NEXT: 3: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: 4: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: T: continue;
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B7]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B7.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B7.2]
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (2): B6 B5
				// CHECK: [B8]
				// CHECK-NEXT: 1: CFGScopeEnd(c)
				// CHECK-NEXT: 2: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B9]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: UV
				// CHECK-NEXT: 5: [B9.4] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B9.5]
				// CHECK-NEXT: Preds (1): B10
				// CHECK-NEXT: Succs (2): B8 B7
				// CHECK: [B10]
				// CHECK-NEXT: 1: CFGScopeBegin(b)
				// CHECK-NEXT: 2: a
				// CHECK-NEXT: 3: [B10.2] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 4: [B10.3] (CXXConstructExpr, class A)
				// CHECK-NEXT: 5: A b = a;
				// CHECK-NEXT: 6: b
				// CHECK-NEXT: 7: [B10.6] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 8: [B10.7].operator int
				// CHECK-NEXT: 9: [B10.7]
				// CHECK-NEXT: 10: [B10.9] (ImplicitCastExpr, UserDefinedConversion, int)
				// CHECK-NEXT: 11: [B10.10] (ImplicitCastExpr, IntegralToBoolean, _Bool)
				// CHECK-NEXT: T: while [B10.11]
				// CHECK-NEXT: Preds (2): B2 B11
				// CHECK-NEXT: Succs (2): B9 B1
				// CHECK: [B11]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: Preds (1): B12
				// CHECK-NEXT: Succs (1): B10
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (2): B1 B4
				void test_while_jumps() {
				A a;
				while (A b = a) {
				A c;
				if (UV) break;
				if (UV) continue;
				if (UV) return;
				A d;
				}
				A e;
				}

				// CHECK: [B12 (ENTRY)]
				// CHECK-NEXT: Succs (1): B11
				// CHECK: [B1]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A d;
				// CHECK-NEXT: 3: CFGScopeEnd(a)
				// CHECK-NEXT: 4: [B1.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B11.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (2): B8 B2
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B2.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: do ... while [B2.2]
				// CHECK-NEXT: Preds (2): B3 B6
				// CHECK-NEXT: Succs (2): B10 B1
				// CHECK: [B3]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A c;
				// CHECK-NEXT: 3: CFGScopeEnd(b)
				// CHECK-NEXT: 4: [B3.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: return;
				// CHECK-NEXT: 2: CFGScopeEnd(a)
				// CHECK-NEXT: 3: CFGScopeEnd(b)
				// CHECK-NEXT: 4: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B11.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B5]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B5.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B5.2]
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (2): B4 B3
				// CHECK: [B6]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: T: continue;
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B7]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B7.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B7.2]
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (2): B6 B5
				// CHECK: [B8]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B9]
				// CHECK-NEXT: 1: CFGScopeBegin(b)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A b;
				// CHECK-NEXT: 4: UV
				// CHECK-NEXT: 5: [B9.4] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B9.5]
				// CHECK-NEXT: Preds (2): B10 B11
				// CHECK-NEXT: Succs (2): B8 B7
				// CHECK: [B10]
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B9
				// CHECK: [B11]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: Preds (1): B12
				// CHECK-NEXT: Succs (1): B9
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (2): B1 B4
				void test_do_jumps() {
				A a;
				do {
				A b;
				if (UV) break;
				if (UV) continue;
				if (UV) return;
				A c;
				} while (UV);
				A d;
				}

				// CHECK: [B6 (ENTRY)]
				// CHECK-NEXT: Succs (1): B5
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(a)
				// CHECK-NEXT: 2: CFGScopeEnd(b)
				// CHECK-NEXT: 3: [B4.5].~A() (Implicit destructor)
				// CHECK-NEXT: 4: [B5.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: Preds (1): B3
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A c;
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: [B3.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: CFGScopeEnd(b)
				// CHECK-NEXT: 7: [B4.5].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(b)
				// CHECK-NEXT: 2: a
				// CHECK-NEXT: 3: [B4.2] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 4: [B4.3] (CXXConstructExpr, class A)
				// CHECK-NEXT: 5: A b = a;
				// CHECK-NEXT: 6: b
				// CHECK-NEXT: 7: [B4.6] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 8: [B4.7].operator int
				// CHECK-NEXT: 9: [B4.7]
				// CHECK-NEXT: 10: [B4.9] (ImplicitCastExpr, UserDefinedConversion, int)
				// CHECK-NEXT: 11: [B4.10] (ImplicitCastExpr, IntegralToBoolean, _Bool)
				// CHECK-NEXT: T: for (...; [B4.11]; )
				// CHECK-NEXT: Preds (2): B2 B5
				// CHECK-NEXT: Succs (2): B3 B1
				// CHECK: [B5]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: Preds (1): B6
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_for_implicit_scope() {
				for (A a; A b = a; )
				A c;
				}

				// CHECK: [B12 (ENTRY)]
				// CHECK-NEXT: Succs (1): B11
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(b)
				// CHECK-NEXT: 2: CFGScopeEnd(c)
				// CHECK-NEXT: 3: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: 4: [B11.6].~A() (Implicit destructor)
				// CHECK-NEXT: 5: (CXXConstructExpr, class A)
				// CHECK-NEXT: 6: A f;
				// CHECK-NEXT: 7: CFGScopeEnd(a)
				// CHECK-NEXT: 8: [B1.6].~A() (Implicit destructor)
				// CHECK-NEXT: 9: [B11.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (2): B8 B10
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: Preds (2): B3 B6
				// CHECK-NEXT: Succs (1): B10
				// CHECK: [B3]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A e;
				// CHECK-NEXT: 3: CFGScopeEnd(d)
				// CHECK-NEXT: 4: [B3.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: 6: CFGScopeEnd(c)
				// CHECK-NEXT: 7: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: return;
				// CHECK-NEXT: 2: CFGScopeEnd(a)
				// CHECK-NEXT: 3: CFGScopeEnd(b)
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: 5: CFGScopeEnd(d)
				// CHECK-NEXT: 6: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B10.5].~A() (Implicit destructor)
				// CHECK-NEXT: 8: [B11.6].~A() (Implicit destructor)
				// CHECK-NEXT: 9: [B11.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B5]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B5.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B5.2]
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (2): B4 B3
				// CHECK: [B6]
				// CHECK-NEXT: 1: CFGScopeEnd(d)
				// CHECK-NEXT: 2: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: T: continue;
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B7]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B7.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B7.2]
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (2): B6 B5
				// CHECK: [B8]
				// CHECK-NEXT: 1: CFGScopeEnd(d)
				// CHECK-NEXT: 2: [B9.3].~A() (Implicit destructor)
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (1): B9
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B9]
				// CHECK-NEXT: 1: CFGScopeBegin(d)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A d;
				// CHECK-NEXT: 4: UV
				// CHECK-NEXT: 5: [B9.4] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B9.5]
				// CHECK-NEXT: Preds (1): B10
				// CHECK-NEXT: Succs (2): B8 B7
				// CHECK: [B10]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: b
				// CHECK-NEXT: 3: [B10.2] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 4: [B10.3] (CXXConstructExpr, class A)
				// CHECK-NEXT: 5: A c = b;
				// CHECK-NEXT: 6: c
				// CHECK-NEXT: 7: [B10.6] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 8: [B10.7].operator int
				// CHECK-NEXT: 9: [B10.7]
				// CHECK-NEXT: 10: [B10.9] (ImplicitCastExpr, UserDefinedConversion, int)
				// CHECK-NEXT: 11: [B10.10] (ImplicitCastExpr, IntegralToBoolean, _Bool)
				// CHECK-NEXT: T: for (...; [B10.11]; )
				// CHECK-NEXT: Preds (2): B2 B11
				// CHECK-NEXT: Succs (2): B9 B1
				// CHECK: [B11]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: 4: CFGScopeBegin(b)
				// CHECK-NEXT: 5: (CXXConstructExpr, class A)
				// CHECK-NEXT: 6: A b;
				// CHECK-NEXT: Preds (1): B12
				// CHECK-NEXT: Succs (1): B10
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (2): B1 B4
				void test_for_jumps() {
				A a;
				for (A b; A c = b; ) {
				A d;
				if (UV) break;
				if (UV) continue;
				if (UV) return;
				A e;
				}
				A f;
				}

				// CHECK: [B8 (ENTRY)]
				// CHECK-NEXT: Succs (1): B7
				// CHECK: [B1]
				// CHECK-NEXT: l1:
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A c;
				// CHECK-NEXT: 3: CFGScopeEnd(a)
				// CHECK-NEXT: 4: [B1.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B6.5].~A() (Implicit destructor)
				// CHECK-NEXT: 6: [B6.3].~A() (Implicit destructor)
				// CHECK-NEXT: 7: [B7.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (2): B2 B3
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: (CXXConstructExpr, class A)
				// CHECK-NEXT: 2: A b;
				// CHECK-NEXT: 3: CFGScopeEnd(a)
				// CHECK-NEXT: 4: [B2.2].~A() (Implicit destructor)
				// CHECK-NEXT: 5: [B6.8].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeEnd(a)
				// CHECK-NEXT: 2: [B6.8].~A() (Implicit destructor)
				// CHECK-NEXT: T: goto l1;
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B4]
				// CHECK-NEXT: 1: UV
				// CHECK-NEXT: 2: [B4.1] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B4.2]
				// CHECK-NEXT: Preds (1): B6
				// CHECK-NEXT: Succs (2): B3 B2
				// CHECK: [B5]
				// CHECK-NEXT: 1: [B6.8].~A() (Implicit destructor)
				// CHECK-NEXT: 2: [B6.5].~A() (Implicit destructor)
				// CHECK-NEXT: 3: [B6.3].~A() (Implicit destructor)
				// CHECK-NEXT: 4: CFGScopeEnd(cb)
				// CHECK-NEXT: T: goto l0;
				// CHECK-NEXT: Preds (1): B6
				// CHECK-NEXT: Succs (1): B6
				// CHECK: [B6]
				// CHECK-NEXT: l0:
				// CHECK-NEXT: 1: CFGScopeBegin(cb)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A cb;
				// CHECK-NEXT: 4: (CXXConstructExpr, class A)
				// CHECK-NEXT: 5: A b;
				// CHECK-NEXT: 6: CFGScopeBegin(a)
				// CHECK-NEXT: 7: (CXXConstructExpr, class A)
				// CHECK-NEXT: 8: A a;
				// CHECK-NEXT: 9: UV
				// CHECK-NEXT: 10: [B6.9] (ImplicitCastExpr, LValueToRValue, _Bool)
				// CHECK-NEXT: T: if [B6.10]
				// CHECK-NEXT: Preds (2): B7 B5
				// CHECK-NEXT: Succs (2): B5 B4
				// CHECK: [B7]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A)
				// CHECK-NEXT: 3: A a;
				// CHECK-NEXT: Preds (1): B8
				// CHECK-NEXT: Succs (1): B6
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_goto() {
				A a;
				l0:
				A cb;
				A b;
				{ A a;
				if (UV) goto l0;
				if (UV) goto l1;
				A b;
				}
				l1:
				A c;
				}

				// CHECK: [B7 (ENTRY)]
				// CHECK-NEXT: Succs (1): B6
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(i)
				// CHECK-NEXT: 2: CFGScopeBegin(unused2)
				// CHECK-NEXT: 3: int unused2;
				// CHECK-NEXT: 4: CFGScopeEnd(unused2)
				// CHECK-NEXT: Preds (2): B4 B5
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: i
				// CHECK-NEXT: 2: ++[B2.1]
				// CHECK-NEXT: Preds (1): B3
				// CHECK-NEXT: Succs (1): B5
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeEnd(unused1)
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(unused1)
				// CHECK-NEXT: 2: int unused1;
				// CHECK-NEXT: 3: CFGScopeEnd(unused1)
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B5]
				// CHECK-NEXT: 1: i
				// CHECK-NEXT: 2: [B5.1] (ImplicitCastExpr, LValueToRValue, int)
				// CHECK-NEXT: 3: 3
				// CHECK-NEXT: 4: [B5.2] < [B5.3]
				// CHECK-NEXT: T: for (...; [B5.4]; ...)
				// CHECK-NEXT: Preds (2): B2 B6
				// CHECK-NEXT: Succs (2): B4 B1
				// CHECK: [B6]
				// CHECK-NEXT: 1: CFGScopeBegin(i)
				// CHECK-NEXT: 2: 0
				// CHECK-NEXT: 3: int i = 0;
				// CHECK-NEXT: Preds (1): B7
				// CHECK-NEXT: Succs (1): B5
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_for_compound_and_break() {
				for (int i = 0; i < 3; ++i) {
				{
				int unused1;
				break;
				}
				}
				{
				int unused2;
				}
				}

				// CHECK: [B6 (ENTRY)]
				// CHECK-NEXT: Succs (1): B5
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(__range)
				// CHECK-NEXT: 2: CFGScopeEnd(__begin)
				// CHECK-NEXT: 3: CFGScopeEnd(__end)
				// CHECK-NEXT: 4: CFGScopeEnd(a)
				// CHECK-NEXT: 5: [B5.3].~A() (Implicit destructor)
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: __begin
				// CHECK-NEXT: 2: [B2.1] (ImplicitCastExpr, LValueToRValue, class A *)
				// CHECK-NEXT: 3: __end
				// CHECK-NEXT: 4: [B2.3] (ImplicitCastExpr, LValueToRValue, class A *)
				// CHECK-NEXT: 5: [B2.2] != [B2.4]
				// CHECK-NEXT: T: for (auto &i : [B5.4]) {
				// CHECK: [B4.11];
				// CHECK-NEXT:}
				// CHECK-NEXT: Preds (2): B3 B5
				// CHECK-NEXT: Succs (2): B4 B1
				// CHECK: [B3]
				// CHECK-NEXT: 1: __begin
				// CHECK-NEXT: 2: ++[B3.1]
				// CHECK-NEXT: Preds (1): B4
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(i)
				// CHECK-NEXT: 2: __begin
				// CHECK-NEXT: 3: [B4.2] (ImplicitCastExpr, LValueToRValue, class A *)
				// CHECK-NEXT: 4: *[B4.3]
				// CHECK-NEXT: 5: auto &i = *__begin;
				// CHECK-NEXT: 6: operator=
				// CHECK-NEXT: 7: [B4.6] (ImplicitCastExpr, FunctionToPointerDecay, class A &(*)(const class A &) noexcept)
				// CHECK-NEXT: 8: i
				// CHECK-NEXT: 9: b
				// CHECK-NEXT: 10: [B4.9] (ImplicitCastExpr, NoOp, const class A)
				// CHECK-NEXT: 11: [B4.8] = [B4.10] (OperatorCall)
				// CHECK-NEXT: 12: CFGScopeEnd(i)
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B3
				// CHECK: [B5]
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: (CXXConstructExpr, class A [10])
				// CHECK-NEXT: 3: A a[10];
				// CHECK-NEXT: 4: a
				// CHECK-NEXT: 5: auto &&__range = a;
				// CHECK-NEXT: 6: CFGScopeBegin(__end)
				// CHECK-NEXT: 7: __range
				// CHECK-NEXT: 8: [B5.7] (ImplicitCastExpr, ArrayToPointerDecay, class A *)
				// CHECK-NEXT: 9: 10L
				// CHECK-NEXT: 10: [B5.8] + [B5.9]
				// CHECK-NEXT: 11: auto __end = __range + 10L;
				// CHECK-NEXT: 12: __range
				// CHECK-NEXT: 13: [B5.12] (ImplicitCastExpr, ArrayToPointerDecay, class A *)
				// CHECK-NEXT: 14: auto __begin = __range;
				// CHECK-NEXT: Preds (1): B6
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_range_for(A &b) {
				A a[10];
				for (auto &i : a)
				i = b;
				}

				// CHECK: [B8 (ENTRY)]
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(i)
				// CHECK-NEXT: 2: 1
				// CHECK-NEXT: 3: int k = 1;
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: Preds (3): B3 B5 B6
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: '1'
				// CHECK-NEXT: 3: char c = '1';
				// CHECK-NEXT: 4: CFGScopeBegin(i)
				// CHECK-NEXT: 5: getX
				// CHECK-NEXT: 6: [B2.5] (ImplicitCastExpr, FunctionToPointerDecay, int (*)(void))
				// CHECK-NEXT: 7: [B2.6]()
				// CHECK-NEXT: 8: int i = getX();
				// CHECK-NEXT: 9: i
				// CHECK-NEXT: 10: [B2.9] (ImplicitCastExpr, LValueToRValue, int)
				// CHECK-NEXT: T: switch [B2.10]
				// CHECK-NEXT: Preds (1): B8
				// CHECK-NEXT: Succs (5): B4 B5 B6 B7 B3
				// CHECK: [B3]
				// CHECK-NEXT: default:
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: 0
				// CHECK-NEXT: 3: int a = 0;
				// CHECK-NEXT: 4: i
				// CHECK-NEXT: 5: ++[B3.4]
				// CHECK-NEXT: 6: CFGScopeEnd(a)
				// CHECK-NEXT: Preds (2): B4 B2
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B4]
				// CHECK-NEXT: case 3:
				// CHECK-NEXT: 1: '2'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B4.2] = [B4.1]
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B3
				// CHECK: [B5]
				// CHECK-NEXT: case 2:
				// CHECK-NEXT: 1: '2'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B5.2] = [B5.1]
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B6]
				// CHECK-NEXT: case 1:
				// CHECK-NEXT: 1: '3'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B6.2] = [B6.1]
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (2): B2 B7
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B7]
				// CHECK-NEXT: case 0:
				// CHECK-NEXT: 1: '2'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B7.2] = [B7.1]
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B6
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_switch_with_compound_with_default() {
				char c = '1';
				switch (int i = getX()) {
				case 0:
				c = '2';
				case 1:
				c = '3';
				break;
				case 2: {
				c = '2';
				break;
				}
				case 3:
				c = '2';
				default: {
				int a = 0;
				++i;
				}
				}
				int k = 1;
				}

				// CHECK: [B6 (ENTRY)]
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(i)
				// CHECK-NEXT: 2: 3
				// CHECK-NEXT: 3: int k = 3;
				// CHECK-NEXT: 4: CFGScopeEnd(c)
				// CHECK-NEXT: Preds (3): B3 B4 B2
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: CFGScopeBegin(c)
				// CHECK-NEXT: 2: '1'
				// CHECK-NEXT: 3: char c = '1';
				// CHECK-NEXT: 4: CFGScopeBegin(i)
				// CHECK-NEXT: 5: getX
				// CHECK-NEXT: 6: [B2.5] (ImplicitCastExpr, FunctionToPointerDecay, int (*)(void))
				// CHECK-NEXT: 7: [B2.6]()
				// CHECK-NEXT: 8: int i = getX();
				// CHECK-NEXT: 9: i
				// CHECK-NEXT: 10: [B2.9] (ImplicitCastExpr, LValueToRValue, int)
				// CHECK-NEXT: T: switch [B2.10]
				// CHECK-NEXT: Preds (1): B6
				// CHECK-NEXT: Succs (4): B3 B4 B5 B1
				// CHECK: [B3]
				// CHECK-NEXT: case 2:
				// CHECK-NEXT: 1: '3'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B3.2] = [B3.1]
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B4]
				// CHECK-NEXT: case 1:
				// CHECK-NEXT: 1: '1'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B4.2] = [B4.1]
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (2): B2 B5
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B5]
				// CHECK-NEXT: case 0:
				// CHECK-NEXT: 1: '2'
				// CHECK-NEXT: 2: c
				// CHECK-NEXT: 3: [B5.2] = [B5.1]
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				int test_switch_with_compound_without_default() {
				char c = '1';
				switch (int i = getX()) {
				case 0:
				c = '2';
				case 1:
				c = '1';
				break;
				case 2:
				c = '3';
				break;
				}
				int k = 3;
				}

				// CHECK: [B5 (ENTRY)]
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(i)
				// CHECK-NEXT: 2: 1
				// CHECK-NEXT: 3: int k = 1;
				// CHECK-NEXT: 4: CFGScopeEnd(s)
				// CHECK-NEXT: Preds (1): B3
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: CFGScopeBegin(s)
				// CHECK-NEXT: 2: '1'
				// CHECK-NEXT: 3: char s = '1';
				// CHECK-NEXT: 4: CFGScopeBegin(i)
				// CHECK-NEXT: 5: getX
				// CHECK-NEXT: 6: [B2.5] (ImplicitCastExpr, FunctionToPointerDecay, int (*)(void))
				// CHECK-NEXT: 7: [B2.6]()
				// CHECK-NEXT: 8: int i = getX();
				// CHECK-NEXT: 9: i
				// CHECK-NEXT: 10: [B2.9] (ImplicitCastExpr, LValueToRValue, int)
				// CHECK-NEXT: T: switch [B2.10]
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (2): B4 B3
				// CHECK: [B3]
				// CHECK-NEXT: default:
				// CHECK-NEXT: 1: CFGScopeBegin(a)
				// CHECK-NEXT: 2: 0
				// CHECK-NEXT: 3: int a = 0;
				// CHECK-NEXT: 4: i
				// CHECK-NEXT: 5: ++[B3.4]
				// CHECK-NEXT: 6: CFGScopeEnd(a)
				// CHECK-NEXT: Preds (2): B4 B2
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B4]
				// CHECK-NEXT: case 0:
				// CHECK-NEXT: Preds (1): B2
				// CHECK-NEXT: Succs (1): B3
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_without_compound() {
				char s = '1';
				switch (int i = getX())
				case 0:
				default: {
				int a = 0;
				++i;
				}
				int k = 1;
				}

				// CHECK: [B12 (ENTRY)]
				// CHECK-NEXT: Succs (1): B11
				// CHECK: [B1]
				// CHECK-NEXT: 1: CFGScopeEnd(i)
				// CHECK-NEXT: Preds (2): B4 B10
				// CHECK-NEXT: Succs (1): B0
				// CHECK: [B2]
				// CHECK-NEXT: 1: i
				// CHECK-NEXT: 2: ++[B2.1]
				// CHECK-NEXT: Preds (2): B3 B7
				// CHECK-NEXT: Succs (1): B10
				// CHECK: [B3]
				// CHECK-NEXT: 1: CFGScopeEnd(z)
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B4]
				// CHECK-NEXT: 1: CFGScopeBegin(z)
				// CHECK-NEXT: 2: 5
				// CHECK-NEXT: 3: int z = 5;
				// CHECK-NEXT: 4: CFGScopeEnd(z)
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (2): B6 B8
				// CHECK-NEXT: Succs (1): B1
				// CHECK: [B5]
				// CHECK-NEXT: 1: x
				// CHECK-NEXT: 2: [B5.1] (ImplicitCastExpr, LValueToRValue, int)
				// CHECK-NEXT: T: switch [B5.2]
				// CHECK-NEXT: Preds (1): B10
				// CHECK-NEXT: Succs (4): B7 B8 B9 B6
				// CHECK: [B6]
				// CHECK-NEXT: default:
				// CHECK-NEXT: 1: 3
				// CHECK-NEXT: 2: y
				// CHECK-NEXT: 3: [B6.2] = [B6.1]
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B7]
				// CHECK-NEXT: case 2:
				// CHECK-NEXT: 1: 4
				// CHECK-NEXT: 2: y
				// CHECK-NEXT: 3: [B7.2] = [B7.1]
				// CHECK-NEXT: T: continue;
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B2
				// CHECK: [B8]
				// CHECK-NEXT: case 1:
				// CHECK-NEXT: 1: 2
				// CHECK-NEXT: 2: y
				// CHECK-NEXT: 3: [B8.2] = [B8.1]
				// CHECK-NEXT: T: break;
				// CHECK-NEXT: Preds (2): B5 B9
				// CHECK-NEXT: Succs (1): B4
				// CHECK: [B9]
				// CHECK-NEXT: case 0:
				// CHECK-NEXT: 1: 1
				// CHECK-NEXT: 2: y
				// CHECK-NEXT: 3: [B9.2] = [B9.1]
				// CHECK-NEXT: Preds (1): B5
				// CHECK-NEXT: Succs (1): B8
				// CHECK: [B10]
				// CHECK-NEXT: 1: i
				// CHECK-NEXT: 2: [B10.1] (ImplicitCastExpr, LValueToRValue, int)
				// CHECK-NEXT: 3: 1000
				// CHECK-NEXT: 4: [B10.2] < [B10.3]
				// CHECK-NEXT: T: for (...; [B10.4]; ...)
				// CHECK-NEXT: Preds (2): B2 B11
				// CHECK-NEXT: Succs (2): B5 B1
				// CHECK: [B11]
				// CHECK-NEXT: 1: CFGScopeBegin(i)
				// CHECK-NEXT: 2: int i;
				// CHECK-NEXT: 3: int x;
				// CHECK-NEXT: 4: int y;
				// CHECK-NEXT: 5: 0
				// CHECK-NEXT: 6: i
				// CHECK-NEXT: 7: [B11.6] = [B11.5]
				// CHECK-NEXT: Preds (1): B12
				// CHECK-NEXT: Succs (1): B10
				// CHECK: [B0 (EXIT)]
				// CHECK-NEXT: Preds (1): B1
				void test_for_switch_in_for() {
				int i, x, y;
				for (i = 0; i < 1000; ++i) {
				switch (x) {
				case 0:
				y = 1;
				case 1:
				y = 2;
				break; // break from switch
				case 2:
				y = 4;
				continue; // continue in loop
				default:
				y = 3;
				}
				{
				int z = 5;
				break; // break from loop
				}
				}
				}

This is an archive of the discontinued LLVM Phabricator instance.

Add scope information to CFGClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 131091

include/clang/Analysis/AnalysisDeclContext.h

include/clang/Analysis/CFG.h

include/clang/StaticAnalyzer/Core/AnalyzerOptions.h

lib/Analysis/AnalysisDeclContext.cpp

lib/Analysis/CFG.cpp

lib/StaticAnalyzer/Core/AnalysisManager.cpp

lib/StaticAnalyzer/Core/AnalyzerOptions.cpp

lib/StaticAnalyzer/Core/ExprEngine.cpp

lib/StaticAnalyzer/Core/PathDiagnostic.cpp

test/Analysis/analyzer-config.c

test/Analysis/analyzer-config.cpp

test/Analysis/scopes-cfg-output.cpp

Add scope information to CFG
ClosedPublic