This is an archive of the discontinued LLVM Phabricator instance.

Differential D116596

[clang][dataflow] Add transfer functions for assignment
ClosedPublic

Authored by sgatev on Jan 4 2022, 5:48 AM.

Details

Reviewers
ymandel
xazax.hun
gribozavr2
Commits
rGe7481f6ee591: [clang][dataflow] Add transfer functions for assignment
Summary

This is part of the implementation of the dataflow analysis framework.
See "[RFC] A dataflow analysis framework for Clang AST" on cfe-dev.

Diff Detail

Event Timeline

sgatev created this revision.Jan 4 2022, 5:48 AM
Herald added a subscriber: rnkovacs. · View Herald TranscriptJan 4 2022, 5:48 AM
sgatev requested review of this revision.Jan 4 2022, 5:48 AM
Herald added a project: Restricted Project. · View Herald TranscriptJan 4 2022, 5:48 AM
sgatev updated this revision to Diff 397275.Jan 4 2022, 6:16 AM

Extend TransferTest.

Harbormaster completed remote builds in B141481: Diff 397275.Jan 4 2022, 6:51 AM
xazax.hun added inline comments.Jan 4 2022, 9:33 AM
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
34

I am just wondering if this is the right level of abstraction. Maybe users do think of this in terms of skipping references?
Or would they think in terms of value categories? E.g., having getLValue vs getRValue. I think we can leave this as is for now, I just like the idea of exploring alternatives.

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
95

What is the model for expressions that evaluate to different locations in every loop iterations, e.g.:

for(int *p = array; p != array + size; ++p)
  *p; // The dereference expression

Here, having *p always evaluate to the same location is not correct, we'd probably need a way to widen this.

clang/lib/Analysis/FlowSensitive/Transfer.cpp
46

I think you probably also want to set the correct location for the whole expression. Or is that handled somewhere else?

sgatev updated this revision to Diff 397508.Jan 5 2022, 3:40 AM
sgatev marked 3 inline comments as done.

Address reviewers' comments.

sgatev added inline comments.Jan 5 2022, 3:42 AM
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
34

Absolutely! It makes sense to me to consider this (and other) alternatives so I added a FIXME as a reminder.

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
95

In the current model, the storage location for p is stable and the value that is assigned to it changes. So, in one iteration the value assigned to the storage location for p is val1 which is a PointerValue that points to loc1 and in another iteration the value assigned to the storage location for p is val2 which is a PointerValue that points to loc2. The storage location for *p is also stable and the value that is assigned to it is a ReferenceValue that points to either loc1 or loc2. I implemented this and added a test.

clang/lib/Analysis/FlowSensitive/Transfer.cpp
46

You're right. I updated the code and added a test.

Harbormaster completed remote builds in B141636: Diff 397508.Jan 5 2022, 4:10 AM
ymandel added inline comments.Jan 5 2022, 5:59 AM
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
36

I'm not sure that value categories are right here. The key is that skipping is optional, unlike value categories which are fixed. I think the problem is just that C++ references are weird (for lack of a technical term). A reference variable exists simultaneously in two different categories -- a pointer and the value it points to. That's what this is trying to capture.

So, I'd recommend just changing the name to reflect that. WDYT of something like this?

/// Indicates how to treat references, if encountered -- as a reference or the value referred to -- when retrieving
/// storage locations or values.
enum class RefTreatment {
   /// Consider the reference itself.
  AsSelf,
  /// Consider the referent.
  AsReferent,
};
113

Why have a SkipPast argument here? I understand the concept for considering var-decls - it corresponds to the weirdness of lvalue-refs themselves. But StorageLocation is a lower-level (and simpler) concept, to which this doesn't seem to map. I'm fine with resolving indirections, but what is the value of only doing so conditionally?

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
242–247
clang/lib/Analysis/FlowSensitive/Transfer.cpp
37

maybe comment as to why this is necessary? I'd have thought that CFG's flattening of expressions would handle this (why, in general, we don't need to look deep into expressions).

143

nit: might be easier to read if you invert this:

const Expr *InitExpr = D.getInit();
if (InitExpr == nullptr) return;
152–153

nit: else-if (one line)?

xazax.hun added inline comments.Jan 5 2022, 9:23 AM
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
36

Yeah, value categories are indeed fixed, I was thinking along the lines of treating expressions as if there was an LValueToRValue or RValueToLValue conversion. I think some of this problem might come from the ambiguity. E.g., when I want to query the analysis state about the value of *p, what do I want? Do I want the value for *p as an lvalue or *p as an rvalue? I would get a different answer in both cases. If I see *p in the source code it is fixed but when I want to query the analysis state it is not.

On the other hand I see that SkipPast is used in the transfer functions, and I am wondering if that is justified. According to the language rules, I can never observe the actual value of the reference. I can modify the pointee, (ref = val) or create a pointer to the same value (&ref), but I cannot actually read or modify what is inside the reference. So I wonder if it might be less error prone if there would be no way in the transfer functions to observe the values of the references either.

But I do not have a strong feeling about any of this at this point so feel free to leave everything as it is.

So, I'd recommend just changing the name to reflect that.

I am not sure how clear Referent is. For a non-native speaker Pointee might be clearer, although I do see how it can be confusing.

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
95

In this case, does it really make sense to materialize this mapping? If every subexpression corresponds to a unique location, and always the same location, we could use the subexpression directly as a location.

sgatev updated this revision to Diff 398629.Jan 10 2022, 7:21 AM
sgatev marked 8 inline comments as done.

Address reviewers' comments.

sgatev added inline comments.Jan 10 2022, 7:27 AM
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
36

Thanks both! I agree with the comments. I prefer to keep it as is for now. I updated the FIXME with a pointer to this discussion so that we remember to get back to it at some point.

113

You're right. It's not necessary here. Removed it.

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
95

True, but a StorageLocation can also be assigned to a ValueDecl, not only to Expr. We also keep some additional information in the StorageLocation sub-classes so I don't think we can replace it directly.

clang/lib/Analysis/FlowSensitive/Transfer.cpp
37

Added a comment. The CFG does not contain ParenExpr as top-level statements in basic blocks, however sub-expressions can still be of that type.

ymandel accepted this revision.Jan 10 2022, 7:48 AM
This revision is now accepted and ready to land.Jan 10 2022, 7:48 AM
Harbormaster completed remote builds in B142434: Diff 398629.Jan 10 2022, 7:54 AM
xazax.hun accepted this revision.Jan 10 2022, 10:58 AM
This revision was landed with ongoing or failed builds.Jan 10 2022, 11:37 AM
Closed by commit rGe7481f6ee591: [clang][dataflow] Add transfer functions for assignment (authored by sgatev). · Explain Why
This revision was automatically updated to reflect the committed changes.
sgatev added a commit: rGe7481f6ee591: [clang][dataflow] Add transfer functions for assignment.

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
FlowSensitive/
20 lines
59 lines
lib/
Analysis/
FlowSensitive/
102 lines
124 lines
unittests/
Analysis/
FlowSensitive/
252 lines

Diff 398710

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h

Show All 10 Lines
// dataflow analysis. // dataflow analysis.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H #ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H
#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H #define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/Expr.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h" #include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "clang/Analysis/FlowSensitive/Value.h" #include "clang/Analysis/FlowSensitive/Value.h"
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include <cassert> #include <cassert>
#include <memory> #include <memory>
#include <utility> #include <utility>
#include <vector> #include <vector>
Show All 38 Linespublic:
/// Returns the storage location assigned to `D` or null if `D` has no /// Returns the storage location assigned to `D` or null if `D` has no
/// assigned storage location. /// assigned storage location.
StorageLocation *getStorageLocation(const ValueDecl &D) const { StorageLocation *getStorageLocation(const ValueDecl &D) const {
auto It = DeclToLoc.find(&D); auto It = DeclToLoc.find(&D);
return It == DeclToLoc.end() ? nullptr : It->second; return It == DeclToLoc.end() ? nullptr : It->second;
} }
/// Assigns `Loc` as the storage location of `E`.
///
/// Requirements:
///
/// `E` must not be assigned a storage location.
void setStorageLocation(const Expr &E, StorageLocation &Loc) {
assert(ExprToLoc.find(&E) == ExprToLoc.end());
ExprToLoc[&E] = &Loc;
}
/// Returns the storage location assigned to `E` or null if `E` has no
/// assigned storage location.
StorageLocation *getStorageLocation(const Expr &E) const {
auto It = ExprToLoc.find(&E);
return It == ExprToLoc.end() ? nullptr : It->second;
}
private: private:
// Storage for the state of a program. // Storage for the state of a program.
std::vector<std::unique_ptr<StorageLocation>> Locs; std::vector<std::unique_ptr<StorageLocation>> Locs;
std::vector<std::unique_ptr<Value>> Vals; std::vector<std::unique_ptr<Value>> Vals;
// Maps from program declarations and statements to storage locations that are // Maps from program declarations and statements to storage locations that are
// assigned to them. These assignments are global (aggregated across all basic // assigned to them. These assignments are global (aggregated across all basic
// blocks) and are used to produce stable storage locations when the same // blocks) and are used to produce stable storage locations when the same
// basic blocks are evaluated multiple times. The storage locations that are // basic blocks are evaluated multiple times. The storage locations that are
// in scope for a particular basic block are stored in `Environment`. // in scope for a particular basic block are stored in `Environment`.
llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc; llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc;
// FIXME: Add `Expr` to `StorageLocation` map. llvm::DenseMap<const Expr *, StorageLocation *> ExprToLoc;
// FIXME: Add `StorageLocation` for `this`. // FIXME: Add `StorageLocation` for `this`.
// FIXME: Add support for boolean expressions. // FIXME: Add support for boolean expressions.
}; };
} // namespace dataflow } // namespace dataflow
} // namespace clang } // namespace clang
#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H #endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

Show All 10 Lines
// program at given program points. // program at given program points.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H #ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H
#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H #define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/Expr.h"
#include "clang/AST/Type.h" #include "clang/AST/Type.h"
#include "clang/AST/TypeOrdering.h" #include "clang/AST/TypeOrdering.h"
#include "clang/Analysis/FlowSensitive/DataflowAnalysisContext.h" #include "clang/Analysis/FlowSensitive/DataflowAnalysisContext.h"
#include "clang/Analysis/FlowSensitive/DataflowLattice.h" #include "clang/Analysis/FlowSensitive/DataflowLattice.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h" #include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "clang/Analysis/FlowSensitive/Value.h" #include "clang/Analysis/FlowSensitive/Value.h"
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/DenseSet.h" #include "llvm/ADT/DenseSet.h"
namespace clang { namespace clang {
namespace dataflow { namespace dataflow {
/// Indicates what kind of indirections should be skipped past when retrieving
/// storage locations or values.
///
xazax.hunUnsubmitted
Done
ReplyInline Actions

I am just wondering if this is the right level of abstraction. Maybe users do think of this in terms of skipping references?
Or would they think in terms of value categories? E.g., having getLValue vs getRValue. I think we can leave this as is for now, I just like the idea of exploring alternatives.

xazax.hun: I am just wondering if this is the right level of abstraction. Maybe users do think of this in…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

Absolutely! It makes sense to me to consider this (and other) alternatives so I added a FIXME as a reminder.

sgatev: Absolutely! It makes sense to me to consider this (and other) alternatives so I added a FIXME…
/// FIXME: Consider renaming this or replacing it with a more appropriate model.
/// See the discussion in https://reviews.llvm.org/D116596 for context.
ymandelUnsubmitted
Done
ReplyInline Actions

I'm not sure that value categories are right here. The key is that skipping is optional, unlike value categories which are fixed. I think the problem is just that C++ references are weird (for lack of a technical term). A reference variable exists simultaneously in two different categories -- a pointer and the value it points to. That's what this is trying to capture.

So, I'd recommend just changing the name to reflect that. WDYT of something like this?

/// Indicates how to treat references, if encountered -- as a reference or the value referred to -- when retrieving
/// storage locations or values.
enum class RefTreatment {
   /// Consider the reference itself.
  AsSelf,
  /// Consider the referent.
  AsReferent,
};
ymandel: I'm not sure that value categories are right here. The key is that skipping is optional…
xazax.hunUnsubmitted
Done
ReplyInline Actions

Yeah, value categories are indeed fixed, I was thinking along the lines of treating expressions as if there was an LValueToRValue or RValueToLValue conversion. I think some of this problem might come from the ambiguity. E.g., when I want to query the analysis state about the value of *p, what do I want? Do I want the value for *p as an lvalue or *p as an rvalue? I would get a different answer in both cases. If I see *p in the source code it is fixed but when I want to query the analysis state it is not.

On the other hand I see that SkipPast is used in the transfer functions, and I am wondering if that is justified. According to the language rules, I can never observe the actual value of the reference. I can modify the pointee, (ref = val) or create a pointer to the same value (&ref), but I cannot actually read or modify what is inside the reference. So I wonder if it might be less error prone if there would be no way in the transfer functions to observe the values of the references either.

But I do not have a strong feeling about any of this at this point so feel free to leave everything as it is.

So, I'd recommend just changing the name to reflect that.

I am not sure how clear Referent is. For a non-native speaker Pointee might be clearer, although I do see how it can be confusing.

xazax.hun: Yeah, value categories are indeed fixed, I was thinking along the lines of treating expressions…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

Thanks both! I agree with the comments. I prefer to keep it as is for now. I updated the FIXME with a pointer to this discussion so that we remember to get back to it at some point.

sgatev: Thanks both! I agree with the comments. I prefer to keep it as is for now. I updated the FIXME…
enum class SkipPast {
/// No indirections should be skipped past.
None,
/// An optional reference should be skipped past.
Reference,
};
/// Holds the state of the program (store and heap) at a given program point. /// Holds the state of the program (store and heap) at a given program point.
class Environment { class Environment {
public: public:
Environment(DataflowAnalysisContext &DACtx) : DACtx(&DACtx) {} Environment(DataflowAnalysisContext &DACtx) : DACtx(&DACtx) {}
bool operator==(const Environment &) const; bool operator==(const Environment &) const;
LatticeJoinEffect join(const Environment &); LatticeJoinEffect join(const Environment &);
/// Creates a storage location appropriate for `Type`. Does not assign a value /// Creates a storage location appropriate for `Type`. Does not assign a value
/// to the returned storage location in the environment. /// to the returned storage location in the environment.
/// ///
/// Requirements: /// Requirements:
/// ///
/// `Type` must not be null. /// `Type` must not be null.
StorageLocation &createStorageLocation(QualType Type); StorageLocation &createStorageLocation(QualType Type);
/// Creates a storage location for `D`. Does not assign the returned storage /// Creates a storage location for `D`. Does not assign the returned storage
/// location to `D` in the environment. Does not assign a value to the /// location to `D` in the environment. Does not assign a value to the
/// returned storage location in the environment. /// returned storage location in the environment.
StorageLocation &createStorageLocation(const VarDecl &D); StorageLocation &createStorageLocation(const VarDecl &D);
/// Creates a storage location for `E`. Does not assign the returned storage
/// location to `E` in the environment. Does not assign a value to the
/// returned storage location in the environment.
StorageLocation &createStorageLocation(const Expr &E);
/// Assigns `Loc` as the storage location of `D` in the environment. /// Assigns `Loc` as the storage location of `D` in the environment.
/// ///
/// Requirements: /// Requirements:
/// ///
/// `D` must not be assigned a storage location in the environment. /// `D` must not be assigned a storage location in the environment.
void setStorageLocation(const ValueDecl &D, StorageLocation &Loc); void setStorageLocation(const ValueDecl &D, StorageLocation &Loc);
/// Returns the storage location assigned to `D` in the environment or null if /// Returns the storage location assigned to `D` in the environment, applying
/// `D` isn't assigned a storage location in the environment. /// the `SP` policy for skipping past indirections, or null if `D` isn't
StorageLocation *getStorageLocation(const ValueDecl &D) const; /// assigned a storage location in the environment.
StorageLocation *getStorageLocation(const ValueDecl &D, SkipPast SP) const;
/// Assigns `Loc` as the storage location of `E` in the environment.
///
/// Requirements:
///
/// `E` must not be assigned a storage location in the environment.
void setStorageLocation(const Expr &E, StorageLocation &Loc);
/// Returns the storage location assigned to `E` in the environment, applying
/// the `SP` policy for skipping past indirections, or null if `E` isn't
/// assigned a storage location in the environment.
StorageLocation *getStorageLocation(const Expr &E, SkipPast SP) const;
/// Creates a value appropriate for `Type`, assigns it to `Loc`, and returns /// Creates a value appropriate for `Type`, assigns it to `Loc`, and returns
/// it, if `Type` is supported, otherwise return null. If `Type` is a pointer /// it, if `Type` is supported, otherwise return null. If `Type` is a pointer
/// or reference type, creates all the necessary storage locations and values /// or reference type, creates all the necessary storage locations and values
/// for indirections until it finds a non-pointer/non-reference type. /// for indirections until it finds a non-pointer/non-reference type.
/// ///
/// Requirements: /// Requirements:
/// ///
/// `Type` must not be null. /// `Type` must not be null.
Value *initValueInStorageLocation(const StorageLocation &Loc, QualType Type); Value *initValueInStorageLocation(const StorageLocation &Loc, QualType Type);
/// Assigns `Val` as the value of `Loc` in the environment. /// Assigns `Val` as the value of `Loc` in the environment.
void setValue(const StorageLocation &Loc, Value &Val); void setValue(const StorageLocation &Loc, Value &Val);
/// Returns the value assigned to `Loc` in the environment or null if `Loc` /// Returns the value assigned to `Loc` in the environment or null if `Loc`
/// isn't assigned a value in the environment. /// isn't assigned a value in the environment.
Value *getValue(const StorageLocation &Loc) const; Value *getValue(const StorageLocation &Loc) const;
/// Equivalent to `getValue(getStorageLocation(D, SP), SkipPast::None)` if `D`
/// is assigned a storage location in the environment, otherwise returns null.
ymandelUnsubmitted
Done
ReplyInline Actions

Why have a SkipPast argument here? I understand the concept for considering var-decls - it corresponds to the weirdness of lvalue-refs themselves. But StorageLocation is a lower-level (and simpler) concept, to which this doesn't seem to map. I'm fine with resolving indirections, but what is the value of only doing so conditionally?

ymandel: Why have a SkipPast argument here? I understand the concept for considering var-decls - it…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

You're right. It's not necessary here. Removed it.

sgatev: You're right. It's not necessary here. Removed it.
Value *getValue(const ValueDecl &D, SkipPast SP) const;
/// Equivalent to `getValue(getStorageLocation(E, SP), SkipPast::None)` if `E`
/// is assigned a storage location in the environment, otherwise returns null.
Value *getValue(const Expr &E, SkipPast SP) const;
/// Transfers ownership of `Loc` to the analysis context and returns a
/// reference to `Loc`.
StorageLocation &takeOwnership(std::unique_ptr<StorageLocation> Loc);
/// Transfers ownership of `Val` to the analysis context and returns a
/// reference to `Val`.
Value &takeOwnership(std::unique_ptr<Value> Val);
private: private:
/// Returns the value assigned to `Loc` in the environment or null if `Type` /// Returns the value assigned to `Loc` in the environment or null if `Type`
/// isn't supported. /// isn't supported.
/// ///
/// Recursively initializes storage locations and values until it sees a /// Recursively initializes storage locations and values until it sees a
/// self-referential pointer or reference type. `Visited` is used to track /// self-referential pointer or reference type. `Visited` is used to track
/// which types appeared in the reference/pointer chain in order to avoid /// which types appeared in the reference/pointer chain in order to avoid
/// creating a cyclic dependency with self-referential pointers/references. /// creating a cyclic dependency with self-referential pointers/references.
/// ///
/// Requirements: /// Requirements:
/// ///
/// `Type` must not be null. /// `Type` must not be null.
Value *initValueInStorageLocationUnlessSelfReferential( Value *initValueInStorageLocationUnlessSelfReferential(
const StorageLocation &Loc, QualType Type, const StorageLocation &Loc, QualType Type,
llvm::DenseSet<QualType> &Visited); llvm::DenseSet<QualType> &Visited);
StorageLocation &skip(StorageLocation &Loc, SkipPast SP) const;
const StorageLocation &skip(const StorageLocation &Loc, SkipPast SP) const;
// `DACtx` is not null and not owned by this object.
DataflowAnalysisContext *DACtx; DataflowAnalysisContext *DACtx;
// Maps from program declarations and statements to storage locations that are // Maps from program declarations and statements to storage locations that are
// assigned to them. Unlike the maps in `DataflowAnalysisContext`, these // assigned to them. Unlike the maps in `DataflowAnalysisContext`, these
// include only storage locations that are in scope for a particular basic // include only storage locations that are in scope for a particular basic
// block. // block.
llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc; llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc;
// FIXME: Add `Expr` to `StorageLocation` map. llvm::DenseMap<const Expr *, StorageLocation *> ExprToLoc;
llvm::DenseMap<const StorageLocation *, Value *> LocToVal; llvm::DenseMap<const StorageLocation *, Value *> LocToVal;
// FIXME: Add flow condition constraints. // FIXME: Add flow condition constraints.
}; };
} // namespace dataflow } // namespace dataflow
} // namespace clang } // namespace clang
#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H #endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

Show All 14 Lines
#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h" #include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/Type.h" #include "clang/AST/Type.h"
#include "clang/Analysis/FlowSensitive/DataflowLattice.h" #include "clang/Analysis/FlowSensitive/DataflowLattice.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h" #include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "clang/Analysis/FlowSensitive/Value.h" #include "clang/Analysis/FlowSensitive/Value.h"
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/DenseSet.h" #include "llvm/ADT/DenseSet.h"
#include "llvm/Support/ErrorHandling.h"
#include <memory> #include <memory>
#include <utility> #include <utility>
namespace clang { namespace clang {
namespace dataflow { namespace dataflow {
/// Returns a map consisting of key-value entries that are present in both maps. /// Returns a map consisting of key-value entries that are present in both maps.
template <typename K, typename V> template <typename K, typename V>
Show All 37 LinesStorageLocation &Environment::createStorageLocation(QualType Type) {
assert(!Type.isNull()); assert(!Type.isNull());
if (Type->isStructureOrClassType()) { if (Type->isStructureOrClassType()) {
// FIXME: Explore options to avoid eager initialization of fields as some of // FIXME: Explore options to avoid eager initialization of fields as some of
// them might not be needed for a particular analysis. // them might not be needed for a particular analysis.
llvm::DenseMap<const ValueDecl *, StorageLocation *> FieldLocs; llvm::DenseMap<const ValueDecl *, StorageLocation *> FieldLocs;
for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) { for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) {
FieldLocs.insert({Field, &createStorageLocation(Field->getType())}); FieldLocs.insert({Field, &createStorageLocation(Field->getType())});
} }
return DACtx->takeOwnership( return takeOwnership(
std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs))); std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs)));
} }
return DACtx->takeOwnership(std::make_unique<ScalarStorageLocation>(Type)); return takeOwnership(std::make_unique<ScalarStorageLocation>(Type));
} }
StorageLocation &Environment::createStorageLocation(const VarDecl &D) { StorageLocation &Environment::createStorageLocation(const VarDecl &D) {
// Evaluated declarations are always assigned the same storage locations to // Evaluated declarations are always assigned the same storage locations to
// ensure that the environment stabilizes across loop iterations. Storage // ensure that the environment stabilizes across loop iterations. Storage
// locations for evaluated declarations are stored in the analysis context. // locations for evaluated declarations are stored in the analysis context.
if (auto *Loc = DACtx->getStorageLocation(D)) if (auto *Loc = DACtx->getStorageLocation(D))
return *Loc; return *Loc;
auto &Loc = createStorageLocation(D.getType()); auto &Loc = createStorageLocation(D.getType());
DACtx->setStorageLocation(D, Loc); DACtx->setStorageLocation(D, Loc);
return Loc; return Loc;
} }
StorageLocation &Environment::createStorageLocation(const Expr &E) {
// Evaluated expressions are always assigned the same storage locations to
xazax.hunUnsubmitted
Done
ReplyInline Actions

What is the model for expressions that evaluate to different locations in every loop iterations, e.g.:

for(int *p = array; p != array + size; ++p)
  *p; // The dereference expression

Here, having *p always evaluate to the same location is not correct, we'd probably need a way to widen this.

xazax.hun: What is the model for expressions that evaluate to different locations in every loop iterations…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

In the current model, the storage location for p is stable and the value that is assigned to it changes. So, in one iteration the value assigned to the storage location for p is val1 which is a PointerValue that points to loc1 and in another iteration the value assigned to the storage location for p is val2 which is a PointerValue that points to loc2. The storage location for *p is also stable and the value that is assigned to it is a ReferenceValue that points to either loc1 or loc2. I implemented this and added a test.

sgatev: In the current model, the storage location for `p` is stable and the value that is assigned to…
xazax.hunUnsubmitted
Done
ReplyInline Actions

In this case, does it really make sense to materialize this mapping? If every subexpression corresponds to a unique location, and always the same location, we could use the subexpression directly as a location.

xazax.hun: In this case, does it really make sense to materialize this mapping? If every subexpression…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

True, but a StorageLocation can also be assigned to a ValueDecl, not only to Expr. We also keep some additional information in the StorageLocation sub-classes so I don't think we can replace it directly.

sgatev: True, but a `StorageLocation` can also be assigned to a `ValueDecl`, not only to `Expr`. We…
// ensure that the environment stabilizes across loop iterations. Storage
// locations for evaluated expressions are stored in the analysis context.
if (auto *Loc = DACtx->getStorageLocation(E))
return *Loc;
auto &Loc = createStorageLocation(E.getType());
DACtx->setStorageLocation(E, Loc);
return Loc;
}
void Environment::setStorageLocation(const ValueDecl &D, StorageLocation &Loc) { void Environment::setStorageLocation(const ValueDecl &D, StorageLocation &Loc) {
assert(DeclToLoc.find(&D) == DeclToLoc.end()); assert(DeclToLoc.find(&D) == DeclToLoc.end());
DeclToLoc[&D] = &Loc; DeclToLoc[&D] = &Loc;
} }
StorageLocation *Environment::getStorageLocation(const ValueDecl &D) const { StorageLocation *Environment::getStorageLocation(const ValueDecl &D,
SkipPast SP) const {
auto It = DeclToLoc.find(&D); auto It = DeclToLoc.find(&D);
return It == DeclToLoc.end() ? nullptr : It->second; return It == DeclToLoc.end() ? nullptr : &skip(*It->second, SP);
}
void Environment::setStorageLocation(const Expr &E, StorageLocation &Loc) {
assert(ExprToLoc.find(&E) == ExprToLoc.end());
ExprToLoc[&E] = &Loc;
}
StorageLocation *Environment::getStorageLocation(const Expr &E,
SkipPast SP) const {
auto It = ExprToLoc.find(&E);
return It == ExprToLoc.end() ? nullptr : &skip(*It->second, SP);
} }
void Environment::setValue(const StorageLocation &Loc, Value &Value) { void Environment::setValue(const StorageLocation &Loc, Value &Value) {
LocToVal[&Loc] = &Value; LocToVal[&Loc] = &Value;
} }
Value *Environment::getValue(const StorageLocation &Loc) const { Value *Environment::getValue(const StorageLocation &Loc) const {
auto It = LocToVal.find(&Loc); auto It = LocToVal.find(&Loc);
return It == LocToVal.end() ? nullptr : It->second; return It == LocToVal.end() ? nullptr : It->second;
} }
Value *Environment::getValue(const ValueDecl &D, SkipPast SP) const {
auto *Loc = getStorageLocation(D, SP);
if (Loc == nullptr)
return nullptr;
return getValue(*Loc);
}
Value *Environment::getValue(const Expr &E, SkipPast SP) const {
auto *Loc = getStorageLocation(E, SP);
if (Loc == nullptr)
return nullptr;
return getValue(*Loc);
}
Value *Environment::initValueInStorageLocation(const StorageLocation &Loc, Value *Environment::initValueInStorageLocation(const StorageLocation &Loc,
QualType Type) { QualType Type) {
llvm::DenseSet<QualType> Visited; llvm::DenseSet<QualType> Visited;
return initValueInStorageLocationUnlessSelfReferential(Loc, Type, Visited); return initValueInStorageLocationUnlessSelfReferential(Loc, Type, Visited);
} }
Value *Environment::initValueInStorageLocationUnlessSelfReferential( Value *Environment::initValueInStorageLocationUnlessSelfReferential(
const StorageLocation &Loc, QualType Type, const StorageLocation &Loc, QualType Type,
llvm::DenseSet<QualType> &Visited) { llvm::DenseSet<QualType> &Visited) {
assert(!Type.isNull()); assert(!Type.isNull());
if (Type->isIntegerType()) { if (Type->isIntegerType()) {
auto &Value = DACtx->takeOwnership(std::make_unique<IntegerValue>()); auto &Val = takeOwnership(std::make_unique<IntegerValue>());
setValue(Loc, Value); setValue(Loc, Val);
return &Value; return &Val;
} }
if (Type->isReferenceType()) { if (Type->isReferenceType()) {
QualType PointeeType = Type->getAs<ReferenceType>()->getPointeeType(); QualType PointeeType = Type->getAs<ReferenceType>()->getPointeeType();
auto &PointeeLoc = createStorageLocation(PointeeType); auto &PointeeLoc = createStorageLocation(PointeeType);
if (!Visited.contains(PointeeType.getCanonicalType())) { if (!Visited.contains(PointeeType.getCanonicalType())) {
Visited.insert(PointeeType.getCanonicalType()); Visited.insert(PointeeType.getCanonicalType());
initValueInStorageLocationUnlessSelfReferential(PointeeLoc, PointeeType, initValueInStorageLocationUnlessSelfReferential(PointeeLoc, PointeeType,
Visited); Visited);
Visited.erase(PointeeType.getCanonicalType()); Visited.erase(PointeeType.getCanonicalType());
} }
auto &Value = auto &Val = takeOwnership(std::make_unique<ReferenceValue>(PointeeLoc));
DACtx->takeOwnership(std::make_unique<ReferenceValue>(PointeeLoc)); setValue(Loc, Val);
setValue(Loc, Value); return &Val;
return &Value;
} }
if (Type->isPointerType()) { if (Type->isPointerType()) {
QualType PointeeType = Type->getAs<PointerType>()->getPointeeType(); QualType PointeeType = Type->getAs<PointerType>()->getPointeeType();
auto &PointeeLoc = createStorageLocation(PointeeType); auto &PointeeLoc = createStorageLocation(PointeeType);
if (!Visited.contains(PointeeType.getCanonicalType())) { if (!Visited.contains(PointeeType.getCanonicalType())) {
Visited.insert(PointeeType.getCanonicalType()); Visited.insert(PointeeType.getCanonicalType());
initValueInStorageLocationUnlessSelfReferential(PointeeLoc, PointeeType, initValueInStorageLocationUnlessSelfReferential(PointeeLoc, PointeeType,
Visited); Visited);
Visited.erase(PointeeType.getCanonicalType()); Visited.erase(PointeeType.getCanonicalType());
} }
auto &Value = auto &Val = takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
DACtx->takeOwnership(std::make_unique<PointerValue>(PointeeLoc)); setValue(Loc, Val);
setValue(Loc, Value); return &Val;
return &Value;
} }
if (Type->isStructureOrClassType()) { if (Type->isStructureOrClassType()) {
auto *AggregateLoc = cast<AggregateStorageLocation>(&Loc); auto *AggregateLoc = cast<AggregateStorageLocation>(&Loc);
llvm::DenseMap<const ValueDecl *, Value *> FieldValues; llvm::DenseMap<const ValueDecl *, Value *> FieldValues;
for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) { for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) {
assert(Field != nullptr); assert(Field != nullptr);
QualType FieldType = Field->getType(); QualType FieldType = Field->getType();
if (Visited.contains(FieldType.getCanonicalType())) if (Visited.contains(FieldType.getCanonicalType()))
continue; continue;
Visited.insert(FieldType.getCanonicalType()); Visited.insert(FieldType.getCanonicalType());
FieldValues.insert( FieldValues.insert(
{Field, initValueInStorageLocationUnlessSelfReferential( {Field, initValueInStorageLocationUnlessSelfReferential(
AggregateLoc->getChild(*Field), FieldType, Visited)}); AggregateLoc->getChild(*Field), FieldType, Visited)});
Visited.erase(FieldType.getCanonicalType()); Visited.erase(FieldType.getCanonicalType());
} }
auto &Value = DACtx->takeOwnership( auto &Val =
std::make_unique<StructValue>(std::move(FieldValues))); takeOwnership(std::make_unique<StructValue>(std::move(FieldValues)));
setValue(Loc, Value); setValue(Loc, Val);
return &Value; return &Val;
} }
return nullptr; return nullptr;
} }
StorageLocation &
Environment::takeOwnership(std::unique_ptr<StorageLocation> Loc) {
return DACtx->takeOwnership(std::move(Loc));
}
Value &Environment::takeOwnership(std::unique_ptr<Value> Val) {
return DACtx->takeOwnership(std::move(Val));
}
StorageLocation &Environment::skip(StorageLocation &Loc, SkipPast SP) const {
switch (SP) {
case SkipPast::None:
return Loc;
case SkipPast::Reference:
// References cannot be chained so we only need to skip past one level of
// indirection.
if (auto *Val = dyn_cast_or_null<ReferenceValue>(getValue(Loc)))
return Val->getPointeeLoc();
return Loc;
}
llvm_unreachable("bad SkipPast kind");
}
ymandelUnsubmitted
Done
ReplyInline Actions
// indirection.
if (auto *Val =
- dyn_cast_or_null<ReferenceValue>(getValue(Loc, SkipPast::None))) {
+ dyn_cast_or_null<ReferenceValue>(getValue(Loc, SkipPast::None)))
return Val->getPointeeLoc();
- } else {
- return Loc;
- }
- }
+
+ return Loc;
+ }
llvm_unreachable("bad SkipPast kind");
ymandel:
const StorageLocation &Environment::skip(const StorageLocation &Loc,
SkipPast SP) const {
return skip(*const_cast<StorageLocation *>(&Loc), SP);
}
} // namespace dataflow } // namespace dataflow
} // namespace clang } // namespace clang

clang/lib/Analysis/FlowSensitive/Transfer.cpp

Show All 9 Lines
// update an environment accordingly. // update an environment accordingly.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/Analysis/FlowSensitive/Transfer.h" #include "clang/Analysis/FlowSensitive/Transfer.h"
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/DeclBase.h" #include "clang/AST/DeclBase.h"
#include "clang/AST/Expr.h" #include "clang/AST/Expr.h"
#include "clang/AST/OperationKinds.h"
#include "clang/AST/Stmt.h" #include "clang/AST/Stmt.h"
#include "clang/AST/StmtVisitor.h" #include "clang/AST/StmtVisitor.h"
#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h" #include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
#include "clang/Basic/OperatorKinds.h"
#include "llvm/Support/Casting.h" #include "llvm/Support/Casting.h"
#include <cassert> #include <cassert>
#include <memory>
namespace clang { namespace clang {
namespace dataflow { namespace dataflow {
class TransferVisitor : public ConstStmtVisitor<TransferVisitor> { class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
public: public:
TransferVisitor(Environment &Env) : Env(Env) {} TransferVisitor(Environment &Env) : Env(Env) {}
void VisitBinaryOperator(const BinaryOperator *S) {
if (S->getOpcode() == BO_Assign) {
// The CFG does not contain `ParenExpr` as top-level statements in basic
// blocks, however sub-expressions can still be of that type.
ymandelUnsubmitted
Done
ReplyInline Actions

maybe comment as to why this is necessary? I'd have thought that CFG's flattening of expressions would handle this (why, in general, we don't need to look deep into expressions).

ymandel: maybe comment as to why this is necessary? I'd have thought that CFG's flattening of…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

Added a comment. The CFG does not contain ParenExpr as top-level statements in basic blocks, however sub-expressions can still be of that type.

sgatev: Added a comment. The CFG does not contain `ParenExpr` as top-level statements in basic blocks…
assert(S->getLHS() != nullptr);
const Expr *LHS = S->getLHS()->IgnoreParens();
assert(LHS != nullptr);
auto *LHSLoc = Env.getStorageLocation(*LHS, SkipPast::Reference);
if (LHSLoc == nullptr)
return;
// The CFG does not contain `ParenExpr` as top-level statements in basic
xazax.hunUnsubmitted
Done
ReplyInline Actions

I think you probably also want to set the correct location for the whole expression. Or is that handled somewhere else?

xazax.hun: I think you probably also want to set the correct location for the whole expression. Or is that…
sgatevAuthorUnsubmitted
Done
ReplyInline Actions

You're right. I updated the code and added a test.

sgatev: You're right. I updated the code and added a test.
// blocks, however sub-expressions can still be of that type.
assert(S->getRHS() != nullptr);
const Expr *RHS = S->getRHS()->IgnoreParens();
assert(RHS != nullptr);
Value *RHSVal = Env.getValue(*RHS, SkipPast::Reference);
if (RHSVal == nullptr)
return;
// Assign a value to the storage location of the left-hand side.
Env.setValue(*LHSLoc, *RHSVal);
// Assign a storage location for the whole expression.
Env.setStorageLocation(*S, *LHSLoc);
}
// FIXME: Add support for BO_EQ, BO_NE.
}
void VisitDeclRefExpr(const DeclRefExpr *S) {
assert(S->getDecl() != nullptr);
auto *DeclLoc = Env.getStorageLocation(*S->getDecl(), SkipPast::None);
if (DeclLoc == nullptr)
return;
if (S->getDecl()->getType()->isReferenceType()) {
Env.setStorageLocation(*S, *DeclLoc);
} else {
auto &Loc = Env.createStorageLocation(*S);
auto &Val = Env.takeOwnership(std::make_unique<ReferenceValue>(*DeclLoc));
Env.setStorageLocation(*S, Loc);
Env.setValue(Loc, Val);
}
}
void VisitDeclStmt(const DeclStmt *S) { void VisitDeclStmt(const DeclStmt *S) {
// FIXME: Add support for group decls, e.g: `int a, b;` // FIXME: Add support for group decls, e.g: `int a, b;`
if (S->isSingleDecl()) { if (S->isSingleDecl()) {
if (const auto *D = dyn_cast<VarDecl>(S->getSingleDecl())) { if (const auto *D = dyn_cast<VarDecl>(S->getSingleDecl())) {
visitVarDecl(*D); visitVarDecl(*D);
} }
} }
} }
void VisitImplicitCastExpr(const ImplicitCastExpr *S) {
if (S->getCastKind() == CK_LValueToRValue) {
// The CFG does not contain `ParenExpr` as top-level statements in basic
// blocks, however sub-expressions can still be of that type.
assert(S->getSubExpr() != nullptr);
const Expr *SubExpr = S->getSubExpr()->IgnoreParens();
assert(SubExpr != nullptr);
auto *SubExprVal = Env.getValue(*SubExpr, SkipPast::Reference);
if (SubExprVal == nullptr)
return;
auto &ExprLoc = Env.createStorageLocation(*S);
Env.setStorageLocation(*S, ExprLoc);
Env.setValue(ExprLoc, *SubExprVal);
}
// FIXME: Add support for CK_NoOp, CK_UserDefinedConversion,
// CK_ConstructorConversion, CK_UncheckedDerivedToBase.
}
void VisitUnaryOperator(const UnaryOperator *S) {
if (S->getOpcode() == UO_Deref) {
assert(S->getSubExpr() != nullptr);
const auto *SubExprVal = cast_or_null<PointerValue>(
Env.getValue(*S->getSubExpr(), SkipPast::Reference));
if (SubExprVal == nullptr)
return;
auto &Loc = Env.createStorageLocation(*S);
Env.setStorageLocation(*S, Loc);
Env.setValue(Loc, Env.takeOwnership(std::make_unique<ReferenceValue>(
SubExprVal->getPointeeLoc())));
}
// FIXME: Add support for UO_AddrOf, UO_LNot.
}
// FIXME: Add support for: // FIXME: Add support for:
// - BinaryOperator
// - CallExpr // - CallExpr
// - CXXBindTemporaryExpr // - CXXBindTemporaryExpr
// - CXXBoolLiteralExpr // - CXXBoolLiteralExpr
// - CXXConstructExpr // - CXXConstructExpr
// - CXXFunctionalCastExpr // - CXXFunctionalCastExpr
// - CXXOperatorCallExpr // - CXXOperatorCallExpr
// - CXXStaticCastExpr // - CXXStaticCastExpr
// - CXXThisExpr // - CXXThisExpr
// - DeclRefExpr
// - ImplicitCastExpr
// - MaterializeTemporaryExpr // - MaterializeTemporaryExpr
// - MemberExpr // - MemberExpr
// - UnaryOperator
private: private:
void visitVarDecl(const VarDecl &D) { void visitVarDecl(const VarDecl &D) {
auto &Loc = Env.createStorageLocation(D); auto &Loc = Env.createStorageLocation(D);
Env.setStorageLocation(D, Loc); Env.setStorageLocation(D, Loc);
const Expr *InitExpr = D.getInit();
ymandelUnsubmitted
Done
ReplyInline Actions

nit: might be easier to read if you invert this:

const Expr *InitExpr = D.getInit();
if (InitExpr == nullptr) return;
ymandel: nit: might be easier to read if you invert this: ``` const Expr *InitExpr = D.getInit(); if…
if (InitExpr == nullptr) {
// No initializer expression - associate `Loc` with a new value.
Env.initValueInStorageLocation(Loc, D.getType());
return;
}
if (D.getType()->isReferenceType()) {
// Initializing a reference variable - do not create a reference to
// reference.
if (auto *InitExprLoc =
ymandelUnsubmitted
Done
ReplyInline Actions

nit: else-if (one line)?

ymandel: nit: else-if (one line)?
Env.getStorageLocation(*InitExpr, SkipPast::Reference)) {
auto &Val =
Env.takeOwnership(std::make_unique<ReferenceValue>(*InitExprLoc));
Env.setValue(Loc, Val);
} else {
// FIXME: The initializer expression must always be assigned a value.
// Replace this with an assert when we have sufficient coverage of
// language features.
Env.initValueInStorageLocation(Loc, D.getType()); Env.initValueInStorageLocation(Loc, D.getType());
} }
return;
}
if (auto *InitExprVal = Env.getValue(*InitExpr, SkipPast::None)) {
Env.setValue(Loc, *InitExprVal);
} else {
// FIXME: The initializer expression must always be assigned a value.
// Replace this with an assert when we have sufficient coverage of
// language features.
Env.initValueInStorageLocation(Loc, D.getType());
}
}
Environment &Env; Environment &Env;
}; };
void transfer(const Stmt &S, Environment &Env) { void transfer(const Stmt &S, Environment &Env) {
assert(!isa<ParenExpr>(&S)); assert(!isa<ParenExpr>(&S));
TransferVisitor(Env).Visit(&S); TransferVisitor(Env).Visit(&S);
} }
} // namespace dataflow } // namespace dataflow
} // namespace clang } // namespace clang

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show First 20 LinesShow All 76 Lines▼ Show 20 Lines runDataflow(
Results, Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _))); ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env; const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const StorageLocation *FooLoc = Env.getStorageLocation(*FooDecl); const StorageLocation *FooLoc =
Env.getStorageLocation(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc)); ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc));
const Value *FooVal = Env.getValue(*FooLoc); const Value *FooVal = Env.getValue(*FooLoc);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal)); ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
}); });
} }
TEST_F(TransferTest, StructVarDecl) { TEST_F(TransferTest, StructVarDecl) {
Show All 26 Lines runDataflow(
if (Field->getNameAsString() == "Bar") { if (Field->getNameAsString() == "Bar") {
BarDecl = Field; BarDecl = Field;
} else { } else {
FAIL() << "Unexpected field: " << Field->getNameAsString(); FAIL() << "Unexpected field: " << Field->getNameAsString();
} }
} }
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooLoc = const auto *FooLoc = cast<AggregateStorageLocation>(
cast<AggregateStorageLocation>(Env.getStorageLocation(*FooDecl)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *BarLoc = const auto *BarLoc =
cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl)); cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<IntegerValue>(&FooVal->getChild(*BarDecl)); const auto *BarVal = cast<IntegerValue>(&FooVal->getChild(*BarDecl));
ASSERT_EQ(Env.getValue(*BarLoc), BarVal); ASSERT_EQ(Env.getValue(*BarLoc), BarVal);
}); });
} }
Show All 28 Lines runDataflow(
if (Field->getNameAsString() == "Bar") { if (Field->getNameAsString() == "Bar") {
BarDecl = Field; BarDecl = Field;
} else { } else {
FAIL() << "Unexpected field: " << Field->getNameAsString(); FAIL() << "Unexpected field: " << Field->getNameAsString();
} }
} }
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooLoc = const auto *FooLoc = cast<AggregateStorageLocation>(
cast<AggregateStorageLocation>(Env.getStorageLocation(*FooDecl)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *BarLoc = const auto *BarLoc =
cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl)); cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<IntegerValue>(&FooVal->getChild(*BarDecl)); const auto *BarVal = cast<IntegerValue>(&FooVal->getChild(*BarDecl));
ASSERT_EQ(Env.getValue(*BarLoc), BarVal); ASSERT_EQ(Env.getValue(*BarLoc), BarVal);
}); });
} }
Show All 15 Lines runDataflow(
Results, Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _))); ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env; const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const StorageLocation *FooLoc = Env.getStorageLocation(*FooDecl); const StorageLocation *FooLoc =
Env.getStorageLocation(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc)); ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc));
const ReferenceValue *FooVal = const ReferenceValue *FooVal =
cast<ReferenceValue>(Env.getValue(*FooLoc)); cast<ReferenceValue>(Env.getValue(*FooLoc));
const StorageLocation &FooPointeeLoc = FooVal->getPointeeLoc(); const StorageLocation &FooPointeeLoc = FooVal->getPointeeLoc();
ASSERT_TRUE(isa<AggregateStorageLocation>(&FooPointeeLoc)); ASSERT_TRUE(isa<AggregateStorageLocation>(&FooPointeeLoc));
const Value *FooPointeeVal = Env.getValue(FooPointeeLoc); const Value *FooPointeeVal = Env.getValue(FooPointeeLoc);
▲ Show 20 LinesShow All 72 Lines▼ Show 20 Lines for (FieldDecl *Field : BarFields) {
FAIL() << "Unexpected field: " << Field->getNameAsString(); FAIL() << "Unexpected field: " << Field->getNameAsString();
} }
} }
ASSERT_THAT(FooRefDecl, NotNull()); ASSERT_THAT(FooRefDecl, NotNull());
ASSERT_THAT(FooPtrDecl, NotNull()); ASSERT_THAT(FooPtrDecl, NotNull());
ASSERT_THAT(BazRefDecl, NotNull()); ASSERT_THAT(BazRefDecl, NotNull());
ASSERT_THAT(BazPtrDecl, NotNull()); ASSERT_THAT(BazPtrDecl, NotNull());
const auto *FooLoc = const auto *FooLoc = cast<ScalarStorageLocation>(
cast<ScalarStorageLocation>(Env.getStorageLocation(*FooDecl)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *FooVal = cast<ReferenceValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<ReferenceValue>(Env.getValue(*FooLoc));
const auto *FooPointeeVal = const auto *FooPointeeVal =
cast<StructValue>(Env.getValue(FooVal->getPointeeLoc())); cast<StructValue>(Env.getValue(FooVal->getPointeeLoc()));
const auto *BarVal = const auto *BarVal =
cast<ReferenceValue>(&FooPointeeVal->getChild(*BarDecl)); cast<ReferenceValue>(&FooPointeeVal->getChild(*BarDecl));
const auto *BarPointeeVal = const auto *BarPointeeVal =
cast<StructValue>(Env.getValue(BarVal->getPointeeLoc())); cast<StructValue>(Env.getValue(BarVal->getPointeeLoc()));
Show All 37 Lines runDataflow(
Results, Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _))); ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env; const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const StorageLocation *FooLoc = Env.getStorageLocation(*FooDecl); const StorageLocation *FooLoc =
Env.getStorageLocation(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc)); ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc));
const PointerValue *FooVal = cast<PointerValue>(Env.getValue(*FooLoc)); const PointerValue *FooVal = cast<PointerValue>(Env.getValue(*FooLoc));
const StorageLocation &FooPointeeLoc = FooVal->getPointeeLoc(); const StorageLocation &FooPointeeLoc = FooVal->getPointeeLoc();
ASSERT_TRUE(isa<AggregateStorageLocation>(&FooPointeeLoc)); ASSERT_TRUE(isa<AggregateStorageLocation>(&FooPointeeLoc));
const Value *FooPointeeVal = Env.getValue(FooPointeeLoc); const Value *FooPointeeVal = Env.getValue(FooPointeeLoc);
ASSERT_TRUE(isa_and_nonnull<StructValue>(FooPointeeVal)); ASSERT_TRUE(isa_and_nonnull<StructValue>(FooPointeeVal));
▲ Show 20 LinesShow All 84 Lines▼ Show 20 Lines runDataflow(
FAIL() << "Unexpected field: " << Field->getNameAsString(); FAIL() << "Unexpected field: " << Field->getNameAsString();
} }
} }
ASSERT_THAT(FooRefDecl, NotNull()); ASSERT_THAT(FooRefDecl, NotNull());
ASSERT_THAT(FooPtrDecl, NotNull()); ASSERT_THAT(FooPtrDecl, NotNull());
ASSERT_THAT(BazRefDecl, NotNull()); ASSERT_THAT(BazRefDecl, NotNull());
ASSERT_THAT(BazPtrDecl, NotNull()); ASSERT_THAT(BazPtrDecl, NotNull());
const auto *FooLoc = const auto *FooLoc = cast<ScalarStorageLocation>(
cast<ScalarStorageLocation>(Env.getStorageLocation(*FooDecl)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *FooVal = cast<PointerValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<PointerValue>(Env.getValue(*FooLoc));
const auto *FooPointeeVal = const auto *FooPointeeVal =
cast<StructValue>(Env.getValue(FooVal->getPointeeLoc())); cast<StructValue>(Env.getValue(FooVal->getPointeeLoc()));
const auto *BarVal = const auto *BarVal =
cast<PointerValue>(&FooPointeeVal->getChild(*BarDecl)); cast<PointerValue>(&FooPointeeVal->getChild(*BarDecl));
const auto *BarPointeeVal = const auto *BarPointeeVal =
cast<StructValue>(Env.getValue(BarVal->getPointeeLoc())); cast<StructValue>(Env.getValue(BarVal->getPointeeLoc()));
Show All 31 Lines void target(bool b) {
} else { } else {
int baz; int baz;
// [[p3]] // [[p3]]
} }
(void)0; (void)0;
// [[p4]] // [[p4]]
} }
)"; )";
runDataflow( runDataflow(Code, [](llvm::ArrayRef<std::pair<
Code, [](llvm::ArrayRef< std::string, DataflowAnalysisState<NoopLattice>>>
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results, Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p4", _), Pair("p3", _), ASSERT_THAT(Results, ElementsAre(Pair("p4", _), Pair("p3", _),
Pair("p2", _), Pair("p1", _))); Pair("p2", _), Pair("p1", _)));
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "baz"); const ValueDecl *BazDecl = findValueDecl(ASTCtx, "baz");
ASSERT_THAT(BazDecl, NotNull()); ASSERT_THAT(BazDecl, NotNull());
const Environment &Env1 = Results[3].second.Env; const Environment &Env1 = Results[3].second.Env;
const StorageLocation *FooLoc = Env1.getStorageLocation(*FooDecl); const StorageLocation *FooLoc =
Env1.getStorageLocation(*FooDecl, SkipPast::None);
ASSERT_THAT(FooLoc, NotNull()); ASSERT_THAT(FooLoc, NotNull());
ASSERT_THAT(Env1.getStorageLocation(*BarDecl), IsNull()); ASSERT_THAT(Env1.getStorageLocation(*BarDecl, SkipPast::None), IsNull());
ASSERT_THAT(Env1.getStorageLocation(*BazDecl), IsNull()); ASSERT_THAT(Env1.getStorageLocation(*BazDecl, SkipPast::None), IsNull());
const Environment &Env2 = Results[2].second.Env; const Environment &Env2 = Results[2].second.Env;
ASSERT_EQ(Env2.getStorageLocation(*FooDecl), FooLoc); ASSERT_EQ(Env2.getStorageLocation(*FooDecl, SkipPast::None), FooLoc);
ASSERT_THAT(Env2.getStorageLocation(*BarDecl), NotNull()); ASSERT_THAT(Env2.getStorageLocation(*BarDecl, SkipPast::None), NotNull());
ASSERT_THAT(Env2.getStorageLocation(*BazDecl), IsNull()); ASSERT_THAT(Env2.getStorageLocation(*BazDecl, SkipPast::None), IsNull());
const Environment &Env3 = Results[1].second.Env; const Environment &Env3 = Results[1].second.Env;
ASSERT_EQ(Env3.getStorageLocation(*FooDecl), FooLoc); ASSERT_EQ(Env3.getStorageLocation(*FooDecl, SkipPast::None), FooLoc);
ASSERT_THAT(Env3.getStorageLocation(*BarDecl), IsNull()); ASSERT_THAT(Env3.getStorageLocation(*BarDecl, SkipPast::None), IsNull());
ASSERT_THAT(Env3.getStorageLocation(*BazDecl), NotNull()); ASSERT_THAT(Env3.getStorageLocation(*BazDecl, SkipPast::None), NotNull());
const Environment &Env4 = Results[0].second.Env; const Environment &Env4 = Results[0].second.Env;
ASSERT_EQ(Env4.getStorageLocation(*FooDecl), FooLoc); ASSERT_EQ(Env4.getStorageLocation(*FooDecl, SkipPast::None), FooLoc);
ASSERT_THAT(Env4.getStorageLocation(*BarDecl), IsNull()); ASSERT_THAT(Env4.getStorageLocation(*BarDecl, SkipPast::None), IsNull());
ASSERT_THAT(Env4.getStorageLocation(*BazDecl), IsNull()); ASSERT_THAT(Env4.getStorageLocation(*BazDecl, SkipPast::None), IsNull());
});
}
TEST_F(TransferTest, BinaryOperatorAssign) {
std::string Code = R"(
void target() {
int foo;
int bar;
(bar) = (foo);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull());
const Value *FooVal = Env.getValue(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar");
ASSERT_THAT(BarDecl, NotNull());
EXPECT_EQ(Env.getValue(*BarDecl, SkipPast::None), FooVal);
});
}
TEST_F(TransferTest, VarDeclInitAssign) {
std::string Code = R"(
void target() {
int foo;
int bar = foo;
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull());
const Value *FooVal = Env.getValue(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar");
ASSERT_THAT(BarDecl, NotNull());
EXPECT_EQ(Env.getValue(*BarDecl, SkipPast::None), FooVal);
});
}
TEST_F(TransferTest, VarDeclInitAssignChained) {
std::string Code = R"(
void target() {
int foo;
int bar;
int baz = (bar = foo);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull());
const Value *FooVal = Env.getValue(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar");
ASSERT_THAT(BarDecl, NotNull());
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "baz");
ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BarDecl, SkipPast::None), FooVal);
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), FooVal);
});
}
TEST_F(TransferTest, VarDeclInitAssignPtrDeref) {
std::string Code = R"(
void target() {
int foo;
int *bar;
*(bar) = foo;
int baz = *(bar);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull());
const Value *FooVal = Env.getValue(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar");
ASSERT_THAT(BarDecl, NotNull());
const auto *BarVal =
cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_EQ(Env.getValue(BarVal->getPointeeLoc()), FooVal);
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "baz");
ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), FooVal);
});
}
TEST_F(TransferTest, AssignToAndFromReference) {
std::string Code = R"(
void target() {
int foo;
int bar;
int& baz = foo;
// [[p1]]
baz = bar;
int qux = baz;
int& quux = baz;
// [[p2]]
}
)";
runDataflow(
Code, [](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p1", _), Pair("p2", _)));
const Environment &Env1 = Results[0].second.Env;
const Environment &Env2 = Results[1].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "foo");
ASSERT_THAT(FooDecl, NotNull());
const Value *FooVal = Env1.getValue(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "bar");
ASSERT_THAT(BarDecl, NotNull());
const Value *BarVal = Env1.getValue(*BarDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(BarVal));
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "baz");
ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env1.getValue(*BazDecl, SkipPast::Reference), FooVal);
EXPECT_EQ(Env2.getValue(*BazDecl, SkipPast::Reference), BarVal);
EXPECT_EQ(Env2.getValue(*FooDecl, SkipPast::None), BarVal);
const ValueDecl *QuxDecl = findValueDecl(ASTCtx, "qux");
ASSERT_THAT(QuxDecl, NotNull());
EXPECT_EQ(Env2.getValue(*QuxDecl, SkipPast::None), BarVal);
const ValueDecl *QuuxDecl = findValueDecl(ASTCtx, "quux");
ASSERT_THAT(QuuxDecl, NotNull());
EXPECT_EQ(Env2.getValue(*QuuxDecl, SkipPast::Reference), BarVal);
}); });
} }
} // namespace } // namespace