This is an archive of the discontinued LLVM Phabricator instance.

Differential D123961

[clang][dataflow] Do not crash on missing `Value` for struct-typed variable init.
ClosedPublic

Authored by ymandel on Apr 18 2022, 2:40 PM.

Details

Reviewers
xazax.hun
sgatev
Commits
rGeb2131bdbad3: [clang][dataflow] Do not crash on missing `Value` for struct-typed variable…
Summary

Remove constraint that an initializing expression of struct type must have an
associated Value. This invariant is not and will not be guaranteed by the
framework, because of potentially uninitialized fields.

Diff Detail

Event Timeline

ymandel created this revision.Apr 18 2022, 2:40 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 18 2022, 2:40 PM
Herald added subscribers: tschuett, steakhal, rnkovacs. · View Herald Transcript
ymandel requested review of this revision.Apr 18 2022, 2:40 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 18 2022, 2:40 PM
Harbormaster completed remote builds in B160118: Diff 423474.Apr 18 2022, 3:46 PM
sgatev added inline comments.Apr 19 2022, 4:10 AM
clang/lib/Analysis/FlowSensitive/Transfer.cpp
184–186

The patch makes sense to me in the current state, but it's unclear why is this not something that we'd like to do in the long term.

ymandel added inline comments.Apr 19 2022, 6:21 AM
clang/lib/Analysis/FlowSensitive/Transfer.cpp
184–186

Because of uninterpreted fields. If we consider those a temporary fix, then I agree about the long term. I'd thought those were here to stay. That said, if we find a way to either interperet fields lazily or only interpret those needed in the current function scope, we may be able to avoid uninterpreted expressions.

This also begs the question as to why we insist on initializing the variable. Arguably, if the expresssion is uninterpreted, so should be the variable. So, we should at least explain why we're distinguishing. Thoughts on my adding a comment to that effect?

xazax.hun accepted this revision.Apr 19 2022, 9:02 AM
xazax.hun added inline comments.
clang/lib/Analysis/FlowSensitive/Transfer.cpp
184–186

Because of uninterpreted fields.

Could you elaborate on this? Do you mean fields being uninterpreted due to hitting a depth limit or being recursive? Or is this something else?

This revision is now accepted and ready to land.Apr 19 2022, 9:02 AM
sgatev accepted this revision.Apr 19 2022, 9:21 AM
sgatev added inline comments.
clang/lib/Analysis/FlowSensitive/Transfer.cpp
184–186

Not initializing the variable in such cases also makes sense to me. I'd very much appreciate a comment. I suggest also keeping the FIXME as interpreting fields lazily (and thus relying that all fields that are accessed are initialized) is still an option.

ymandel updated this revision to Diff 423724.Apr 19 2022, 1:37 PM

extended comments.

This revision was landed with ongoing or failed builds.Apr 19 2022, 1:53 PM
Closed by commit rGeb2131bdbad3: [clang][dataflow] Do not crash on missing `Value` for struct-typed variable… (authored by ymandel). · Explain Why
This revision was automatically updated to reflect the committed changes.
ymandel added a commit: rGeb2131bdbad3: [clang][dataflow] Do not crash on missing `Value` for struct-typed variable….
Harbormaster completed remote builds in B160315: Diff 423724.Apr 19 2022, 3:17 PM

Revision Contents

PathSize
clang/
lib/
Analysis/
FlowSensitive/
32 lines
unittests/
Analysis/
FlowSensitive/
48 lines

Diff 423731

clang/lib/Analysis/FlowSensitive/Transfer.cpp

Show First 20 LinesShow All 162 Lines▼ Show 20 Lines void VisitDeclStmt(const DeclStmt *S) {
if (D.getType()->isReferenceType()) { if (D.getType()->isReferenceType()) {
// Initializing a reference variable - do not create a reference to // Initializing a reference variable - do not create a reference to
// reference. // reference.
if (auto *InitExprLoc = if (auto *InitExprLoc =
Env.getStorageLocation(*InitExpr, SkipPast::Reference)) { Env.getStorageLocation(*InitExpr, SkipPast::Reference)) {
auto &Val = auto &Val =
Env.takeOwnership(std::make_unique<ReferenceValue>(*InitExprLoc)); Env.takeOwnership(std::make_unique<ReferenceValue>(*InitExprLoc));
Env.setValue(Loc, Val); Env.setValue(Loc, Val);
} else { return;
// FIXME: The initializer expression must always be assigned a value.
// Replace this with an assert when we have sufficient coverage of
// language features.
if (Value *Val = Env.createValue(D.getType()))
Env.setValue(Loc, *Val);
} }
} else if (auto *InitExprVal = Env.getValue(*InitExpr, SkipPast::None)) {
Env.setValue(Loc, *InitExprVal);
return; return;
} }
if (auto *InitExprVal = Env.getValue(*InitExpr, SkipPast::None)) { // We arrive here in (the few) cases where an expression is intentionally
Env.setValue(Loc, *InitExprVal); // "uninterpreted". There are two ways to handle this situation: propagate
} else if (!D.getType()->isStructureOrClassType()) { // the status, so that uninterpreted initializers result in uninterpreted
// FIXME: The initializer expression must always be assigned a value. // variables, or provide a default value. We choose the latter so that later
// Replace this with an assert when we have sufficient coverage of // refinements of the variable can be used for reasoning about the
// language features. // surrounding code.
sgatevUnsubmitted
Not Done
ReplyInline Actions

The patch makes sense to me in the current state, but it's unclear why is this not something that we'd like to do in the long term.

sgatev: The patch makes sense to me in the current state, but it's unclear why is this not something…
ymandelAuthorUnsubmitted
Done
ReplyInline Actions

Because of uninterpreted fields. If we consider those a temporary fix, then I agree about the long term. I'd thought those were here to stay. That said, if we find a way to either interperet fields lazily or only interpret those needed in the current function scope, we may be able to avoid uninterpreted expressions.

This also begs the question as to why we insist on initializing the variable. Arguably, if the expresssion is uninterpreted, so should be the variable. So, we should at least explain why we're distinguishing. Thoughts on my adding a comment to that effect?

ymandel: Because of uninterpreted fields. If we consider those a temporary fix, then I agree about the…
xazax.hunUnsubmitted
Not Done
ReplyInline Actions

Because of uninterpreted fields.

Could you elaborate on this? Do you mean fields being uninterpreted due to hitting a depth limit or being recursive? Or is this something else?

xazax.hun: >Because of uninterpreted fields. Could you elaborate on this? Do you mean fields being…
sgatevUnsubmitted
Not Done
ReplyInline Actions

Not initializing the variable in such cases also makes sense to me. I'd very much appreciate a comment. I suggest also keeping the FIXME as interpreting fields lazily (and thus relying that all fields that are accessed are initialized) is still an option.

sgatev: Not initializing the variable in such cases also makes sense to me. I'd very much appreciate a…
//
// FIXME. If and when we interpret all language cases, change this to assert
// that `InitExpr` is interpreted, rather than supplying a default value
// (assuming we don't update the environment API to return references).
if (Value *Val = Env.createValue(D.getType())) if (Value *Val = Env.createValue(D.getType()))
Env.setValue(Loc, *Val); Env.setValue(Loc, *Val);
} else {
llvm_unreachable("structs and classes must always be assigned values");
}
} }
void VisitImplicitCastExpr(const ImplicitCastExpr *S) { void VisitImplicitCastExpr(const ImplicitCastExpr *S) {
// The CFG does not contain `ParenExpr` as top-level statements in basic // The CFG does not contain `ParenExpr` as top-level statements in basic
// blocks, however sub-expressions can still be of that type. // blocks, however sub-expressions can still be of that type.
assert(S->getSubExpr() != nullptr); assert(S->getSubExpr() != nullptr);
const Expr *SubExpr = S->getSubExpr()->IgnoreParens(); const Expr *SubExpr = S->getSubExpr()->IgnoreParens();
assert(SubExpr != nullptr); assert(SubExpr != nullptr);
▲ Show 20 LinesShow All 415 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show First 20 LinesShow All 181 Lines▼ Show 20 Lines runDataflow(
cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl)); cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl)); const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl));
EXPECT_EQ(Env.getValue(*BarLoc), BarVal); EXPECT_EQ(Env.getValue(*BarLoc), BarVal);
}); });
} }
TEST_F(TransferTest, StructVarDeclWithInit) {
std::string Code = R"(
struct A {
int Bar;
};
A Gen();
void target() {
A Foo = Gen();
// [[p]]
}
)";
runDataflow(
Code, [](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
ASSERT_TRUE(FooDecl->getType()->isStructureType());
auto FooFields = FooDecl->getType()->getAsRecordDecl()->fields();
FieldDecl *BarDecl = nullptr;
for (FieldDecl *Field : FooFields) {
if (Field->getNameAsString() == "Bar") {
BarDecl = Field;
} else {
FAIL() << "Unexpected field: " << Field->getNameAsString();
}
}
ASSERT_THAT(BarDecl, NotNull());
const auto *FooLoc = cast<AggregateStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *BarLoc =
cast<ScalarStorageLocation>(&FooLoc->getChild(*BarDecl));
const auto *FooVal = cast<StructValue>(Env.getValue(*FooLoc));
const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl));
EXPECT_EQ(Env.getValue(*BarLoc), BarVal);
});
}
TEST_F(TransferTest, ClassVarDecl) { TEST_F(TransferTest, ClassVarDecl) {
std::string Code = R"( std::string Code = R"(
class A { class A {
int Bar; int Bar;
}; };
void target() { void target() {
A Foo; A Foo;
▲ Show 20 LinesShow All 2,817 LinesShow Last 20 Lines