This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/include/clang/Analysis/FlowSensitive/
-
include/
-
clang/
-
Analysis/
-
FlowSensitive/
8/9
DataflowAnalysis.h

Differential D121796

[clang][dataflow] Add an API for dataflow "models" -- reusable analysis components.
ClosedPublic

Authored by ymandel on Mar 16 2022, 5:56 AM.

Download Raw Diff

Details

Reviewers

sgatev
xazax.hun

Commits

rGe0aefb4f9278: [clang][dataflow] Add an API for dataflow "models" -- reusable analysis…

Summary

This patch introduces DataflowModel, an abstract base class for dataflow
"models": reusable analysis components that model a particular aspect of program
semantics.

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	1,510 ms	x64 debian > AddressSanitizer-x86_64-linux-dynamic.TestCases::large_func_test.cpp
	2,230 ms	x64 debian > AddressSanitizer-x86_64-linux.TestCases::large_func_test.cpp

Event Timeline

ymandel created this revision.Mar 16 2022, 5:56 AM

Herald added a project: Restricted Project. · View Herald TranscriptMar 16 2022, 5:56 AM

Herald added subscribers: tschuett, steakhal, rnkovacs. · View Herald Transcript

ymandel requested review of this revision.Mar 16 2022, 5:56 AM

Herald added a project: Restricted Project. · View Herald TranscriptMar 16 2022, 5:56 AM

ymandel added a child revision: D121797: [clang][dataflow] Add modeling of Chromium's CHECK functionality.Mar 16 2022, 6:01 AM

sgatev accepted this revision.Mar 16 2022, 6:43 AM

sgatev added inline comments.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h
148–149	Do we want to compose models that have different lattice types? Do we want to have models with no lattices that only use `Environment`? If we don't know this yet, I suggest replacing this with a FIXME to explore model composability at a later point when we have answers to these questions.
153	`LatticeT` for consistency with the code above.

This revision is now accepted and ready to land.Mar 16 2022, 6:43 AM

Harbormaster completed remote builds in B154580: Diff 415794.Mar 16 2022, 6:56 AM

gribozavr2 added inline comments.Mar 16 2022, 6:57 AM

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h
139	DYM "Abstract base class"?

Address comments.

ymandel marked 3 inline comments as done.Mar 16 2022, 7:09 AM

ymandel added inline comments.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h
139	Indeed.

Harbormaster completed remote builds in B154594: Diff 415817.Mar 16 2022, 7:36 AM

xazax.hun added inline comments.Mar 16 2022, 8:45 AM

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h
150–151	I think supporting different lattice types is a must for a good composability model. E.g., in an ideal world when we have a lattice for constant propagation of integers and we have a model for `std::optional`, it would be great if we could do constant propagation to/from non-empty optionals of integers.
152	The Clang Static Analyzer is full of modeling that has no dedicated state, it will just update the equivalent of an environment (e.g., adding a range to the returned values): https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp#L1208 Once we have a framework that can reason about integers, I think having something similar (or even better, somehow being able to reuse these summaries across CSA and dataflow) would be awesome.
159	In the Clang Static Analyzer the process of modelling is more conversational between the "modeling checks" and the framework. There, a return value indicates whether a particular function call was modeled and the first time someone wants to model a function call it will short circuit the whole process. This ensures that only one model will be applied. I'm not 100% sure whether this would be the best model here. But I'd strongly suggest to add a `bool` return value here, because it might be useful for the framework to know in the future if some modeling was done at all (potentially skipping some default modeling based ont he return value).

adjust API in response to comments.

ymandel edited the summary of this revision. (Show Details)Mar 16 2022, 11:52 AM

ymandel marked 3 inline comments as done.Mar 16 2022, 12:04 PM

ymandel added inline comments.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h
150–151	Agreed. And, fwiw, my stacked patch with a very small model does not involve the lattice. For the optional checker, we plan to split it into a model and a separate analysis which handles the lattice.
152	I removed the lattice dependency and reworded the description to focus on the environment.

Harbormaster completed remote builds in B154663: Diff 415926.Mar 16 2022, 12:27 PM

Thanks!

This revision was landed with ongoing or failed builds.Mar 16 2022, 12:48 PM

Closed by commit rGe0aefb4f9278: [clang][dataflow] Add an API for dataflow "models" -- reusable analysis… (authored by ymandel). · Explain Why

This revision was automatically updated to reflect the committed changes.

ymandel marked 2 inline comments as done.

ymandel added a commit: rGe0aefb4f9278: [clang][dataflow] Add an API for dataflow "models" -- reusable analysis….

Revision Contents

Path

Size

clang/

include/

clang/

Analysis/

FlowSensitive/

DataflowAnalysis.h

9 lines

Diff 415926

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h

Show First 20 Lines • Show All 130 Lines • ▼ Show 20 Lines	llvm::transform(std::move(*TypeErasedBlockStates),
llvm::any_cast<typename AnalysisT::Lattice>(		llvm::any_cast<typename AnalysisT::Lattice>(
std::move(State.Lattice.Value)),		std::move(State.Lattice.Value)),
std::move(State.Env)};		std::move(State.Env)};
});		});
});		});
return BlockStates;		return BlockStates;
}		}

		/// Abstract base class for dataflow "models": reusable analysis components that
		gribozavr2Unsubmitted Done Reply Inline Actions DYM "Abstract base class"? gribozavr2: DYM "Abstract base class"?
		ymandelAuthorUnsubmitted Done Reply Inline Actions Indeed. ymandel: Indeed.
		/// model a particular aspect of program semantics in the `Environment`. For
		/// example, a model may capture a type and its related functions.
		class DataflowModel : public Environment::ValueModel {
		public:
		/// Return value indicates whether the model processed the `Stmt`.
		virtual bool transfer(const Stmt *Stmt, Environment &Env) = 0;
		};

} // namespace dataflow		} // namespace dataflow
} // namespace clang		} // namespace clang
		sgatevUnsubmitted Done Reply Inline Actions Do we want to compose models that have different lattice types? Do we want to have models with no lattices that only use `Environment`? If we don't know this yet, I suggest replacing this with a FIXME to explore model composability at a later point when we have answers to these questions. sgatev: Do we want to compose models that have different lattice types? Do we want to have models with…

#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSIS_H		#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSIS_H
		sgatevUnsubmitted Done Reply Inline Actions `LatticeT` for consistency with the code above. sgatev: `LatticeT` for consistency with the code above.
		xazax.hunUnsubmitted Done Reply Inline Actions I think supporting different lattice types is a must for a good composability model. E.g., in an ideal world when we have a lattice for constant propagation of integers and we have a model for `std::optional`, it would be great if we could do constant propagation to/from non-empty optionals of integers. xazax.hun: I think supporting different lattice types is a must for a good composability model. E.g., in…
		ymandelAuthorUnsubmitted Done Reply Inline Actions Agreed. And, fwiw, my stacked patch with a very small model does not involve the lattice. For the optional checker, we plan to split it into a model and a separate analysis which handles the lattice. ymandel: Agreed. And, fwiw, my stacked patch with a very small model does not involve the lattice. For…
		xazax.hunUnsubmitted Done Reply Inline Actions The Clang Static Analyzer is full of modeling that has no dedicated state, it will just update the equivalent of an environment (e.g., adding a range to the returned values): https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp#L1208 Once we have a framework that can reason about integers, I think having something similar (or even better, somehow being able to reuse these summaries across CSA and dataflow) would be awesome. xazax.hun: The Clang Static Analyzer is full of modeling that has no dedicated state, it will just update…
		ymandelAuthorUnsubmitted Not Done Reply Inline Actions I removed the lattice dependency and reworded the description to focus on the environment. ymandel: I removed the lattice dependency and reworded the description to focus on the environment.
		xazax.hunUnsubmitted Done Reply Inline Actions In the Clang Static Analyzer the process of modelling is more conversational between the "modeling checks" and the framework. There, a return value indicates whether a particular function call was modeled and the first time someone wants to model a function call it will short circuit the whole process. This ensures that only one model will be applied. I'm not 100% sure whether this would be the best model here. But I'd strongly suggest to add a `bool` return value here, because it might be useful for the framework to know in the future if some modeling was done at all (potentially skipping some default modeling based ont he return value). xazax.hun: In the Clang Static Analyzer the process of modelling is more conversational between the…