This is an archive of the discontinued LLVM Phabricator instance.

Differential D122273

[clang][dataflow] Fix handling of base-class fields
ClosedPublic

Authored by ymandel on Mar 22 2022, 5:03 PM.

Details

Reviewers
sgatev
gribozavr2
xazax.hun
Commits
rG36d4e84427a7: [clang][dataflow] Fix handling of base-class fields.
Summary

This patch adds support for tracking of non-private base-class fields in derived classes.

Diff Detail

Event Timeline

ymandel created this revision.Mar 22 2022, 5:03 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 22 2022, 5:03 PM
Herald added subscribers: tschuett, steakhal. · View Herald Transcript
Harbormaster completed remote builds in B155739: Diff 417444.Mar 22 2022, 6:06 PM
ymandel updated this revision to Diff 417906.Mar 24 2022, 6:24 AM

Added repros for equality-related failures.

Harbormaster completed remote builds in B156048: Diff 417906.Mar 24 2022, 7:26 AM
ymandel updated this revision to Diff 419430.Mar 31 2022, 6:43 AM

c

ymandel retitled this revision from [clang][dataflow] Fields bug repro. NOT FOR REVIEW. to [clang][dataflow] Fix handling of base-class fields.Mar 31 2022, 6:46 AM
ymandel edited the summary of this revision. (Show Details)
ymandel updated this revision to Diff 419440.Mar 31 2022, 7:00 AM
ymandel edited the summary of this revision. (Show Details)

added missing call

ymandel updated this revision to Diff 419449.Mar 31 2022, 7:23 AM

refactor

ymandel updated this revision to Diff 419451.Mar 31 2022, 7:24 AM

tweak

ymandel added a reviewer: xazax.hun.Mar 31 2022, 7:25 AM
Herald added a subscriber: rnkovacs. · View Herald TranscriptMar 31 2022, 7:25 AM
ymandel published this revision for review.Mar 31 2022, 7:25 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 31 2022, 7:25 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
sgatev accepted this revision.Mar 31 2022, 7:50 AM
sgatev added inline comments.
clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
168

Let's add to the documentation of AggregateStorageLocation and StructValue that they implement a flat struct layout. I don't see an immediate reason to revisit this, but let's be explicit about it.

182

The clang namespace is unnecessary.

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
1014

Add a similar test with class instead of struct?

1015

Let's also add private and protected members in A and a private member in B.

This revision is now accepted and ready to land.Mar 31 2022, 7:50 AM
xazax.hun added inline comments.Mar 31 2022, 8:20 AM
clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
185

Will this work well for all cases of diamond shape inheritance?

E.g.:

struct A { int a; };
struct B : virtual A { int b; };
struct C : virtual A { int c; };
struct D : B, C { int d; };

In the above code, I would expect the field a to appear only once. I guess this should work well because of the set representation although we will visit A twice.

On the other hand, consider:

struct A { int a; };
struct B : A { int b; };
struct C : A { int c; };
struct D : B, C { int d; };

Here, in fact, we have 2 instances of the field a. Both B::a and C::a are part of D. I suspect that the current implementation might not handle this.

ymandel updated this revision to Diff 419496.Mar 31 2022, 9:25 AM

address reviewer comments

ymandel updated this revision to Diff 419499.Mar 31 2022, 9:31 AM
ymandel marked 5 inline comments as done.

adjusted test

ymandel added a comment.Mar 31 2022, 9:32 AM

Thanks for the reviews.

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
185

Good point, no. But, I'm not sure that fixing this here would be enough - I think we'd also need to revisit how we model structs, since getChild takes a decl as argument -- it doesn't support multiple versions of the same field decl.

I added a FIXME since this seems a larger issue, but let me know if you think it needs fixing now.

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
1014

I went with a simpler test for struct, only verifying that the default is understood correctly (and differently than class), but happy to expand it.

xazax.hun accepted this revision.Mar 31 2022, 9:36 AM
xazax.hun added inline comments.
clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
185

I think the argument of getChild needs fixing as well is strong enough to push this to a separate PR.

ymandel added a subscriber: kinu.Mar 31 2022, 10:58 AM
Harbormaster completed remote builds in B157216: Diff 419499.Mar 31 2022, 2:44 PM
sgatev accepted this revision.Mar 31 2022, 10:42 PM
sgatev added inline comments.
clang/include/clang/Analysis/FlowSensitive/StorageLocation.h
59–60 ↗(On Diff #419499)

I find this a bit confusing. StructValue does not contain storage locations in general. I think we should make it clear that the layout of AggregateStorageLocation is flat, i.e. if it's used for a struct or class type it will contain child storage locations for all accessible members of base struct and class types.

clang/include/clang/Analysis/FlowSensitive/Value.h
193–194 ↗(On Diff #419499)

I'm not sure what's meant here by indirect reachability, but I suggest documenting that a StructValue that models a struct or class type contains child values for all accessible members of its base struct and class types.

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
1097–1100
1102–1111

Let's also check FooLoc's child storage locations. Same for the test below.

1156–1159
ymandel updated this revision to Diff 419743.Apr 1 2022, 6:43 AM

address comments

ymandel updated this revision to Diff 419744.Apr 1 2022, 6:48 AM
ymandel marked 5 inline comments as done.

add clarifying comment

clang/include/clang/Analysis/FlowSensitive/StorageLocation.h
59–60 ↗(On Diff #419499)

Updated. I misunderstood what you meant as "flat" in the previous round of comments. Thanks for clarifying!

ymandel updated this revision to Diff 419751.Apr 1 2022, 7:17 AM

tweak comment

Harbormaster completed remote builds in B157411: Diff 419751.Apr 1 2022, 7:52 AM
This revision was landed with ongoing or failed builds.Apr 1 2022, 8:02 AM
Closed by commit rG36d4e84427a7: [clang][dataflow] Fix handling of base-class fields. (authored by ymandel). · Explain Why
This revision was automatically updated to reflect the committed changes.
ymandel added a commit: rG36d4e84427a7: [clang][dataflow] Fix handling of base-class fields..

Revision Contents

PathSize
clang/
lib/
Analysis/
FlowSensitive/
39 lines
unittests/
Analysis/
FlowSensitive/
53 lines

Diff 419451

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

Show First 20 LinesShow All 158 Lines▼ Show 20 LinesjoinConstraints(DataflowAnalysisContext *Context,
// constraint only if both `Val1` and `Val2` are not null. // constraint only if both `Val1` and `Val2` are not null.
if (Val1 != nullptr && Val2 != nullptr) if (Val1 != nullptr && Val2 != nullptr)
JoinedConstraints.insert( JoinedConstraints.insert(
&Context->getOrCreateDisjunctionValue(*Val1, *Val2)); &Context->getOrCreateDisjunctionValue(*Val1, *Val2));
return JoinedConstraints; return JoinedConstraints;
} }
static void
getFieldsFromClassHierarchy(QualType Type, bool IgnorePrivateFields,
sgatevUnsubmitted
Done
ReplyInline Actions

Let's add to the documentation of AggregateStorageLocation and StructValue that they implement a flat struct layout. I don't see an immediate reason to revisit this, but let's be explicit about it.

sgatev: Let's add to the documentation of `AggregateStorageLocation` and `StructValue` that they…
llvm::DenseSet<const FieldDecl *> &Fields) {
if (Type->isIncompleteType() || Type->isDependentType() ||
!Type->isRecordType())
return;
for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) {
if (IgnorePrivateFields && (Field->getAccess() == clang::AS_private ||
(Field->getAccess() == clang::AS_none &&
Type->getAsRecordDecl()->isClass())))
continue;
Fields.insert(Field);
}
if (auto *CXXRecord = Type->getAsCXXRecordDecl()) {
for (const clang::CXXBaseSpecifier &Base : CXXRecord->bases()) {
sgatevUnsubmitted
Done
ReplyInline Actions

The clang namespace is unnecessary.

sgatev: The `clang` namespace is unnecessary.
// Ignore private fields (including default access in C++ classes) in
// base classes, because they are not visible in derived classes.
getFieldsFromClassHierarchy(Base.getType(), /*IgnorePrivateFields=*/true,
xazax.hunUnsubmitted
Done
ReplyInline Actions

Will this work well for all cases of diamond shape inheritance?

E.g.:

struct A { int a; };
struct B : virtual A { int b; };
struct C : virtual A { int c; };
struct D : B, C { int d; };

In the above code, I would expect the field a to appear only once. I guess this should work well because of the set representation although we will visit A twice.

On the other hand, consider:

struct A { int a; };
struct B : A { int b; };
struct C : A { int c; };
struct D : B, C { int d; };

Here, in fact, we have 2 instances of the field a. Both B::a and C::a are part of D. I suspect that the current implementation might not handle this.

xazax.hun: Will this work well for all cases of diamond shape inheritance? E.g.: ``` struct A { int a; }…
ymandelAuthorUnsubmitted
Done
ReplyInline Actions

Good point, no. But, I'm not sure that fixing this here would be enough - I think we'd also need to revisit how we model structs, since getChild takes a decl as argument -- it doesn't support multiple versions of the same field decl.

I added a FIXME since this seems a larger issue, but let me know if you think it needs fixing now.

ymandel: Good point, no. But, I'm not sure that fixing this here would be enough - I think we'd also…
xazax.hunUnsubmitted
Not Done
ReplyInline Actions

I think the argument of getChild needs fixing as well is strong enough to push this to a separate PR.

xazax.hun: I think the argument of `getChild` needs fixing as well is strong enough to push this to a…
Fields);
}
}
}
/// Gets the set of all fields accesible from the type.
static llvm::DenseSet<const FieldDecl *>
getAccessibleObjectFields(QualType Type) {
llvm::DenseSet<const FieldDecl *> Fields;
// Don't ignore private fields for the class itself, only its super classes.
getFieldsFromClassHierarchy(Type, /*IgnorePrivateFields=*/false, Fields);
return Fields;
}
Environment::Environment(DataflowAnalysisContext &DACtx, Environment::Environment(DataflowAnalysisContext &DACtx,
const DeclContext &DeclCtx) const DeclContext &DeclCtx)
: Environment(DACtx) { : Environment(DACtx) {
if (const auto *FuncDecl = dyn_cast<FunctionDecl>(&DeclCtx)) { if (const auto *FuncDecl = dyn_cast<FunctionDecl>(&DeclCtx)) {
assert(FuncDecl->getBody() != nullptr); assert(FuncDecl->getBody() != nullptr);
initGlobalVars(*FuncDecl->getBody(), *this); initGlobalVars(*FuncDecl->getBody(), *this);
for (const auto *ParamDecl : FuncDecl->parameters()) { for (const auto *ParamDecl : FuncDecl->parameters()) {
assert(ParamDecl != nullptr); assert(ParamDecl != nullptr);
▲ Show 20 LinesShow All 116 Lines▼ Show 20 Lines
} }
StorageLocation &Environment::createStorageLocation(QualType Type) { StorageLocation &Environment::createStorageLocation(QualType Type) {
assert(!Type.isNull()); assert(!Type.isNull());
if (Type->isStructureOrClassType() || Type->isUnionType()) { if (Type->isStructureOrClassType() || Type->isUnionType()) {
// FIXME: Explore options to avoid eager initialization of fields as some of // FIXME: Explore options to avoid eager initialization of fields as some of
// them might not be needed for a particular analysis. // them might not be needed for a particular analysis.
llvm::DenseMap<const ValueDecl *, StorageLocation *> FieldLocs; llvm::DenseMap<const ValueDecl *, StorageLocation *> FieldLocs;
for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) { for (const FieldDecl *Field : getAccessibleObjectFields(Type)) {
FieldLocs.insert({Field, &createStorageLocation(Field->getType())}); FieldLocs.insert({Field, &createStorageLocation(Field->getType())});
} }
return takeOwnership( return takeOwnership(
std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs))); std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs)));
} }
return takeOwnership(std::make_unique<ScalarStorageLocation>(Type)); return takeOwnership(std::make_unique<ScalarStorageLocation>(Type));
} }
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Linesvoid Environment::setValue(const StorageLocation &Loc, Value &Val) {
LocToVal[&Loc] = &Val; LocToVal[&Loc] = &Val;
if (auto *StructVal = dyn_cast<StructValue>(&Val)) { if (auto *StructVal = dyn_cast<StructValue>(&Val)) {
auto &AggregateLoc = *cast<AggregateStorageLocation>(&Loc); auto &AggregateLoc = *cast<AggregateStorageLocation>(&Loc);
const QualType Type = AggregateLoc.getType(); const QualType Type = AggregateLoc.getType();
assert(Type->isStructureOrClassType()); assert(Type->isStructureOrClassType());
for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) { for (const FieldDecl *Field : getAccessibleObjectFields(Type)) {
assert(Field != nullptr); assert(Field != nullptr);
StorageLocation &FieldLoc = AggregateLoc.getChild(*Field); StorageLocation &FieldLoc = AggregateLoc.getChild(*Field);
MemberLocToStruct[&FieldLoc] = std::make_pair(StructVal, Field); MemberLocToStruct[&FieldLoc] = std::make_pair(StructVal, Field);
if (auto *FieldVal = StructVal->getChild(*Field)) if (auto *FieldVal = StructVal->getChild(*Field))
setValue(FieldLoc, *FieldVal); setValue(FieldLoc, *FieldVal);
} }
} }
▲ Show 20 LinesShow All 99 Lines▼ Show 20 Lines if (Type->isPointerType()) {
return &takeOwnership(std::make_unique<PointerValue>(PointeeLoc)); return &takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
} }
if (Type->isStructureOrClassType()) { if (Type->isStructureOrClassType()) {
CreatedValuesCount++; CreatedValuesCount++;
// FIXME: Initialize only fields that are accessed in the context that is // FIXME: Initialize only fields that are accessed in the context that is
// being analyzed. // being analyzed.
llvm::DenseMap<const ValueDecl *, Value *> FieldValues; llvm::DenseMap<const ValueDecl *, Value *> FieldValues;
for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) { for (const FieldDecl *Field : getAccessibleObjectFields(Type)) {
assert(Field != nullptr); assert(Field != nullptr);
QualType FieldType = Field->getType(); QualType FieldType = Field->getType();
if (Visited.contains(FieldType.getCanonicalType())) if (Visited.contains(FieldType.getCanonicalType()))
continue; continue;
Visited.insert(FieldType.getCanonicalType()); Visited.insert(FieldType.getCanonicalType());
if (auto *FieldValue = createValueUnlessSelfReferential( if (auto *FieldValue = createValueUnlessSelfReferential(
▲ Show 20 LinesShow All 57 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show First 20 LinesShow All 1,003 Lines▼ Show 20 Lines runDataflow(
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz"); const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
ASSERT_THAT(BazDecl, NotNull()); ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarVal); EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarVal);
}); });
} }
TEST_F(TransferTest, DerivedBaseMember) {
std::string Code = R"(
struct A {
sgatevUnsubmitted
Done
ReplyInline Actions

Add a similar test with class instead of struct?

sgatev: Add a similar test with `class` instead of `struct`?
ymandelAuthorUnsubmitted
Done
ReplyInline Actions

I went with a simpler test for struct, only verifying that the default is understood correctly (and differently than class), but happy to expand it.

ymandel: I went with a simpler test for struct, only verifying that the default is understood correctly…
int Bar;
sgatevUnsubmitted
Done
ReplyInline Actions

Let's also add private and protected members in A and a private member in B.

sgatev: Let's also add private and protected members in `A` and a private member in `B`.
};
struct B : public A {
};
void target(B Foo) {
int Baz = Foo.Bar;
// [[p]]
}
)";
runDataflow(
Code, [](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
ASSERT_TRUE(FooDecl->getType()->isStructureType());
const FieldDecl *BarDecl = nullptr;
for (const clang::CXXBaseSpecifier &Base :
FooDecl->getType()->getAsCXXRecordDecl()->bases()) {
QualType BaseType = Base.getType();
ASSERT_TRUE(BaseType->isStructureType());
for (const FieldDecl *Field : BaseType->getAsRecordDecl()->fields()) {
if (Field->getNameAsString() == "Bar") {
BarDecl = Field;
} else {
FAIL() << "Unexpected field: " << Field->getNameAsString();
}
}
}
ASSERT_THAT(BarDecl, NotNull());
const auto *FooLoc = cast<AggregateStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl));
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarVal);
});
}
TEST_F(TransferTest, ClassMember) { TEST_F(TransferTest, ClassMember) {
std::string Code = R"( std::string Code = R"(
class A { class A {
public: public:
int Bar; int Bar;
}; };
void target(A Foo) { void target(A Foo) {
Show All 16 Lines runDataflow(
auto FooFields = FooDecl->getType()->getAsRecordDecl()->fields(); auto FooFields = FooDecl->getType()->getAsRecordDecl()->fields();
FieldDecl *BarDecl = nullptr; FieldDecl *BarDecl = nullptr;
for (FieldDecl *Field : FooFields) { for (FieldDecl *Field : FooFields) {
if (Field->getNameAsString() == "Bar") { if (Field->getNameAsString() == "Bar") {
BarDecl = Field; BarDecl = Field;
} else { } else {
FAIL() << "Unexpected field: " << Field->getNameAsString(); FAIL() << "Unexpected field: " << Field->getNameAsString();
} }
} }
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
sgatevUnsubmitted
Done
ReplyInline Actions
ASSERT_THAT(APublicDecl, NotNull());
- const auto *FooLoc = cast<AggregateStorageLocation>(
+ const auto &FooLoc = *cast<AggregateStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None));
- const auto &FooVal = *cast<StructValue>(Env.getValue(*FooLoc));
+ const auto &FooVal = *cast<StructValue>(Env.getValue(FooLoc));
EXPECT_THAT(FooVal.getChild(*APublicDecl), NotNull());
// Base-class fields.
sgatev:
const auto *FooLoc = cast<AggregateStorageLocation>( const auto *FooLoc = cast<AggregateStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl)); const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl));
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz"); const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
ASSERT_THAT(BazDecl, NotNull()); ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarVal); EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarVal);
}); });
} }
sgatevUnsubmitted
Done
ReplyInline Actions

Let's also check FooLoc's child storage locations. Same for the test below.

sgatev: Let's also check `FooLoc`'s child storage locations. Same for the test below.
TEST_F(TransferTest, ReferenceMember) { TEST_F(TransferTest, ReferenceMember) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int &Bar; int &Bar;
}; };
void target(A Foo) { void target(A Foo) {
Show All 28 Lines runDataflow(
const auto *FooLoc = cast<AggregateStorageLocation>( const auto *FooLoc = cast<AggregateStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<ReferenceValue>(FooVal->getChild(*BarDecl)); const auto *BarVal = cast<ReferenceValue>(FooVal->getChild(*BarDecl));
const auto *BarPointeeVal = const auto *BarPointeeVal =
cast<IntegerValue>(Env.getValue(BarVal->getPointeeLoc())); cast<IntegerValue>(Env.getValue(BarVal->getPointeeLoc()));
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz"); const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
ASSERT_THAT(BazDecl, NotNull()); ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarPointeeVal); EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), BarPointeeVal);
}); });
sgatevUnsubmitted
Done
ReplyInline Actions
ASSERT_THAT(BarDecl, NotNull());
- const auto *FooLoc = cast<AggregateStorageLocation>(
+ const auto &FooLoc = *cast<AggregateStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None));
- const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
- EXPECT_THAT(FooVal->getChild(*BarDecl), NotNull());
+ const auto &FooVal = *cast<StructValue>(Env.getValue(FooLoc));
+ EXPECT_THAT(FooVal.getChild(*BarDecl), NotNull());
});
}
sgatev:
} }
TEST_F(TransferTest, StructThisMember) { TEST_F(TransferTest, StructThisMember) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
struct B { struct B {
▲ Show 20 LinesShow All 1,299 LinesShow Last 20 Lines