This is an archive of the discontinued LLVM Phabricator instance.

Differential D127746

[clang][dataflow] Convert `PointeeLoc` of `PointerValue` from reference to pointer.
AbandonedPublic

Authored by wyt on Jun 14 2022, 7:53 AM.

Details

Reviewers
hlopko
gribozavr2
sgatev
ymandel
xazax.hun
Summary

This allows PointeeLoc to be empty in the case of nullptr.

Depends On D127745

Diff Detail

Event Timeline

wyt created this revision.Jun 14 2022, 7:53 AM
Herald added a project: Restricted Project. · View Herald TranscriptJun 14 2022, 7:53 AM
Herald added subscribers: tschuett, steakhal, xazax.hun. · View Herald Transcript
wyt requested review of this revision.Jun 14 2022, 7:53 AM
Herald added a project: Restricted Project. · View Herald TranscriptJun 14 2022, 7:53 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
wyt added reviewers: hlopko, gribozavr2, sgatev, ymandel, xazax.hun.Jun 14 2022, 8:01 AM
Herald added a subscriber: rnkovacs. · View Herald TranscriptJun 14 2022, 8:01 AM
Harbormaster completed remote builds in B169718: Diff 436782.Jun 14 2022, 8:30 AM
wyt updated this revision to Diff 436817.Jun 14 2022, 9:23 AM

Update naming of getPointeeLoc with respect to change in parent

sgatev added inline comments.Jun 14 2022, 10:27 AM
clang/include/clang/Analysis/FlowSensitive/Value.h
189

Can you please document when this can be null?

clang/lib/Analysis/FlowSensitive/Transfer.cpp
266–267

Can you please add a test for this?

Harbormaster completed remote builds in B169747: Diff 436817.Jun 14 2022, 11:00 AM
ymandel retitled this revision from [clang][dataflow] Convert `PointeeLoc` of PointerValue from reference to pointer. This allows PointeeLoc to be empty in the case of `nullptr` to [clang][dataflow] Convert `PointeeLoc` of `PointerValue` from reference to pointer. .Jun 14 2022, 2:13 PM
ymandel edited the summary of this revision. (Show Details)
ymandel added a comment.Jun 15 2022, 4:41 AM

Overall, this seems to be an important API change, and I'm having trouble seeing the big picture here. I think it would be great if you could expand (in the CL description) on the motivation behind the change and the thinking behind the particular design choices you've made here. For example, you mentioned that this change supports explicit modeling of nullptr, but what is gained by this explicit modeling? Also, regarding the design choice itself: is the intent that native nullptr now represents an interpreted nullptr? If so, have you considered instead introducing an explicit NullptrLocation or the like and if so, what were the tradeoffs in this decision?

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
332

Please document the conditions under which these functions return nullptr.

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
348

If I understand correctly, the nullptr result from this function is now ambiguous: either there's no entry for that storagelocation, or there is and it is null. But, perhaps I'm misunderstanding -- is this not a concern?

clang/lib/Analysis/FlowSensitive/Transfer.cpp
266–267

How does this work in practice? It seems to be an unsual case that we statically know a pointer is null. So, what is the use of this change and (more importantly) what is the impact on the framework, if any?

Herald added a subscriber: martong. · View Herald TranscriptJun 15 2022, 4:41 AM
wyt abandoned this revision.Jun 27 2022, 2:48 AM

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
FlowSensitive/
4 lines
6 lines
lib/
Analysis/
FlowSensitive/
23 lines
18 lines
unittests/
Analysis/
FlowSensitive/
58 lines
2 lines

Diff 436817

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

Show First 20 LinesShow All 323 Lines▼ Show 20 Linesprivate:
/// ///
/// Requirements: /// Requirements:
/// ///
/// `Type` must not be null. /// `Type` must not be null.
Value *createValueUnlessSelfReferential(QualType Type, Value *createValueUnlessSelfReferential(QualType Type,
llvm::DenseSet<QualType> &Visited, llvm::DenseSet<QualType> &Visited,
int Depth, int &CreatedValuesCount); int Depth, int &CreatedValuesCount);
StorageLocation &skip(StorageLocation &Loc, SkipPast SP) const; StorageLocation *skip(StorageLocation &Loc, SkipPast SP) const;
ymandelUnsubmitted
Not Done
ReplyInline Actions

Please document the conditions under which these functions return nullptr.

ymandel: Please document the conditions under which these functions return nullptr.
const StorageLocation &skip(const StorageLocation &Loc, SkipPast SP) const; const StorageLocation *skip(const StorageLocation &Loc, SkipPast SP) const;
// `DACtx` is not null and not owned by this object. // `DACtx` is not null and not owned by this object.
DataflowAnalysisContext *DACtx; DataflowAnalysisContext *DACtx;
// Maps from program declarations and statements to storage locations that are // Maps from program declarations and statements to storage locations that are
// assigned to them. Unlike the maps in `DataflowAnalysisContext`, these // assigned to them. Unlike the maps in `DataflowAnalysisContext`, these
// include only storage locations that are in scope for a particular basic // include only storage locations that are in scope for a particular basic
// block. // block.
Show All 18 Lines

clang/include/clang/Analysis/FlowSensitive/Value.h

Show First 20 LinesShow All 180 Lines▼ Show 20 Lines
private: private:
StorageLocation &ReferentLoc; StorageLocation &ReferentLoc;
}; };
/// Models a symbolic pointer. Specifically, any value of type `T*`. /// Models a symbolic pointer. Specifically, any value of type `T*`.
class PointerValue final : public Value { class PointerValue final : public Value {
public: public:
explicit PointerValue(StorageLocation &PointeeLoc) explicit PointerValue(StorageLocation *PointeeLoc)
sgatevUnsubmitted
Not Done
ReplyInline Actions

Can you please document when this can be null?

sgatev: Can you please document when this can be null?
: Value(Kind::Pointer), PointeeLoc(PointeeLoc) {} : Value(Kind::Pointer), PointeeLoc(PointeeLoc) {}
static bool classof(const Value *Val) { static bool classof(const Value *Val) {
return Val->getKind() == Kind::Pointer; return Val->getKind() == Kind::Pointer;
} }
StorageLocation &getPointeeLoc() const { return PointeeLoc; } StorageLocation *getPointeeLoc() const { return PointeeLoc; }
private: private:
StorageLocation &PointeeLoc; StorageLocation *PointeeLoc;
}; };
/// Models a value of `struct` or `class` type, with a flat map of fields to /// Models a value of `struct` or `class` type, with a flat map of fields to
/// child storage locations, containing all accessible members of base struct /// child storage locations, containing all accessible members of base struct
/// and class types. /// and class types.
class StructValue final : public Value { class StructValue final : public Value {
public: public:
StructValue() : StructValue(llvm::DenseMap<const ValueDecl *, Value *>()) {} StructValue() : StructValue(llvm::DenseMap<const ValueDecl *, Value *>()) {}
Show All 28 Lines

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines
static bool areEquivalentIndirectionValues(Value *Val1, Value *Val2) { static bool areEquivalentIndirectionValues(Value *Val1, Value *Val2) {
if (auto *IndVal1 = dyn_cast<ReferenceValue>(Val1)) { if (auto *IndVal1 = dyn_cast<ReferenceValue>(Val1)) {
auto *IndVal2 = cast<ReferenceValue>(Val2); auto *IndVal2 = cast<ReferenceValue>(Val2);
return &IndVal1->getReferentLoc() == &IndVal2->getReferentLoc(); return &IndVal1->getReferentLoc() == &IndVal2->getReferentLoc();
} }
if (auto *IndVal1 = dyn_cast<PointerValue>(Val1)) { if (auto *IndVal1 = dyn_cast<PointerValue>(Val1)) {
auto *IndVal2 = cast<PointerValue>(Val2); auto *IndVal2 = cast<PointerValue>(Val2);
return &IndVal1->getPointeeLoc() == &IndVal2->getPointeeLoc(); return IndVal1->getPointeeLoc() == IndVal2->getPointeeLoc();
} }
return false; return false;
} }
/// Returns true if and only if `Val1` is equivalent to `Val2`. /// Returns true if and only if `Val1` is equivalent to `Val2`.
static bool equivalentValues(QualType Type, Value *Val1, static bool equivalentValues(QualType Type, Value *Val1,
const Environment &Env1, Value *Val2, const Environment &Env1, Value *Val2,
const Environment &Env2, const Environment &Env2,
▲ Show 20 LinesShow All 271 Lines▼ Show 20 LinesStorageLocation &Environment::createStorageLocation(const Expr &E) {
return Loc; return Loc;
} }
void Environment::setStorageLocation(const ValueDecl &D, StorageLocation &Loc) { void Environment::setStorageLocation(const ValueDecl &D, StorageLocation &Loc) {
assert(DeclToLoc.find(&D) == DeclToLoc.end()); assert(DeclToLoc.find(&D) == DeclToLoc.end());
DeclToLoc[&D] = &Loc; DeclToLoc[&D] = &Loc;
} }
StorageLocation *Environment::getStorageLocation(const ValueDecl &D, StorageLocation *Environment::getStorageLocation(const ValueDecl &D,
ymandelUnsubmitted
Not Done
ReplyInline Actions

If I understand correctly, the nullptr result from this function is now ambiguous: either there's no entry for that storagelocation, or there is and it is null. But, perhaps I'm misunderstanding -- is this not a concern?

ymandel: If I understand correctly, the `nullptr` result from this function is now ambiguous: either…
SkipPast SP) const { SkipPast SP) const {
auto It = DeclToLoc.find(&D); auto It = DeclToLoc.find(&D);
return It == DeclToLoc.end() ? nullptr : &skip(*It->second, SP); return It == DeclToLoc.end() ? nullptr : skip(*It->second, SP);
} }
void Environment::setStorageLocation(const Expr &E, StorageLocation &Loc) { void Environment::setStorageLocation(const Expr &E, StorageLocation &Loc) {
const Expr &CanonE = ignoreCFGOmittedNodes(E); const Expr &CanonE = ignoreCFGOmittedNodes(E);
assert(ExprToLoc.find(&CanonE) == ExprToLoc.end()); assert(ExprToLoc.find(&CanonE) == ExprToLoc.end());
ExprToLoc[&CanonE] = &Loc; ExprToLoc[&CanonE] = &Loc;
} }
StorageLocation *Environment::getStorageLocation(const Expr &E, StorageLocation *Environment::getStorageLocation(const Expr &E,
SkipPast SP) const { SkipPast SP) const {
// FIXME: Add a test with parens. // FIXME: Add a test with parens.
auto It = ExprToLoc.find(&ignoreCFGOmittedNodes(E)); auto It = ExprToLoc.find(&ignoreCFGOmittedNodes(E));
return It == ExprToLoc.end() ? nullptr : &skip(*It->second, SP); return It == ExprToLoc.end() ? nullptr : skip(*It->second, SP);
} }
StorageLocation *Environment::getThisPointeeStorageLocation() const { StorageLocation *Environment::getThisPointeeStorageLocation() const {
return DACtx->getThisPointeeStorageLocation(); return DACtx->getThisPointeeStorageLocation();
} }
void Environment::setValue(const StorageLocation &Loc, Value &Val) { void Environment::setValue(const StorageLocation &Loc, Value &Val) {
LocToVal[&Loc] = &Val; LocToVal[&Loc] = &Val;
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Lines if (!Visited.contains(PointeeType.getCanonicalType())) {
Value *PointeeVal = createValueUnlessSelfReferential( Value *PointeeVal = createValueUnlessSelfReferential(
PointeeType, Visited, Depth, CreatedValuesCount); PointeeType, Visited, Depth, CreatedValuesCount);
Visited.erase(PointeeType.getCanonicalType()); Visited.erase(PointeeType.getCanonicalType());
if (PointeeVal != nullptr) if (PointeeVal != nullptr)
setValue(PointeeLoc, *PointeeVal); setValue(PointeeLoc, *PointeeVal);
} }
return &takeOwnership(std::make_unique<PointerValue>(PointeeLoc)); return &takeOwnership(std::make_unique<PointerValue>(&PointeeLoc));
} }
if (Type->isStructureOrClassType()) { if (Type->isStructureOrClassType()) {
CreatedValuesCount++; CreatedValuesCount++;
// FIXME: Initialize only fields that are accessed in the context that is // FIXME: Initialize only fields that are accessed in the context that is
// being analyzed. // being analyzed.
llvm::DenseMap<const ValueDecl *, Value *> FieldValues; llvm::DenseMap<const ValueDecl *, Value *> FieldValues;
for (const FieldDecl *Field : getObjectFields(Type)) { for (const FieldDecl *Field : getObjectFields(Type)) {
Show All 12 Lines if (Type->isStructureOrClassType()) {
return &takeOwnership( return &takeOwnership(
std::make_unique<StructValue>(std::move(FieldValues))); std::make_unique<StructValue>(std::move(FieldValues)));
} }
return nullptr; return nullptr;
} }
StorageLocation &Environment::skip(StorageLocation &Loc, SkipPast SP) const { StorageLocation *Environment::skip(StorageLocation &Loc, SkipPast SP) const {
switch (SP) { switch (SP) {
case SkipPast::None: case SkipPast::None:
return Loc; return &Loc;
case SkipPast::Reference: case SkipPast::Reference:
// References cannot be chained so we only need to skip past one level of // References cannot be chained so we only need to skip past one level of
// indirection. // indirection.
if (auto *Val = dyn_cast_or_null<ReferenceValue>(getValue(Loc))) if (auto *Val = dyn_cast_or_null<ReferenceValue>(getValue(Loc)))
return Val->getReferentLoc(); return &Val->getReferentLoc();
return Loc; return &Loc;
case SkipPast::ReferenceThenPointer: case SkipPast::ReferenceThenPointer:
StorageLocation &LocPastRef = skip(Loc, SkipPast::Reference); StorageLocation *LocPastRef = skip(Loc, SkipPast::Reference);
if (auto *Val = dyn_cast_or_null<PointerValue>(getValue(LocPastRef))) assert(LocPastRef != nullptr);
if (auto *Val = dyn_cast_or_null<PointerValue>(getValue(*LocPastRef)))
return Val->getPointeeLoc(); return Val->getPointeeLoc();
return LocPastRef; return LocPastRef;
} }
llvm_unreachable("bad SkipPast kind"); llvm_unreachable("bad SkipPast kind");
} }
const StorageLocation &Environment::skip(const StorageLocation &Loc, const StorageLocation *Environment::skip(const StorageLocation &Loc,
SkipPast SP) const { SkipPast SP) const {
return skip(*const_cast<StorageLocation *>(&Loc), SP); return skip(*const_cast<StorageLocation *>(&Loc), SP);
} }
void Environment::addToFlowCondition(BoolValue &Val) { void Environment::addToFlowCondition(BoolValue &Val) {
DACtx->addFlowConditionConstraint(*FlowConditionToken, Val); DACtx->addFlowConditionConstraint(*FlowConditionToken, Val);
} }
bool Environment::flowConditionImplies(BoolValue &Val) const { bool Environment::flowConditionImplies(BoolValue &Val) const {
return DACtx->flowConditionImplies(*FlowConditionToken, Val); return DACtx->flowConditionImplies(*FlowConditionToken, Val);
} }
} // namespace dataflow } // namespace dataflow
} // namespace clang } // namespace clang

clang/lib/Analysis/FlowSensitive/Transfer.cpp

Show First 20 LinesShow All 257 Lines▼ Show 20 Lines void VisitUnaryOperator(const UnaryOperator *S) {
switch (S->getOpcode()) { switch (S->getOpcode()) {
case UO_Deref: { case UO_Deref: {
// Skip past a reference to handle dereference of a dependent pointer. // Skip past a reference to handle dereference of a dependent pointer.
const auto *SubExprVal = cast_or_null<PointerValue>( const auto *SubExprVal = cast_or_null<PointerValue>(
Env.getValue(*SubExpr, SkipPast::Reference)); Env.getValue(*SubExpr, SkipPast::Reference));
if (SubExprVal == nullptr) if (SubExprVal == nullptr)
break; break;
// If PointeeLoc is null, then we are dereferencing a nullptr, skip
// creating a value for the dereference
sgatevUnsubmitted
Not Done
ReplyInline Actions

Can you please add a test for this?

sgatev: Can you please add a test for this?
ymandelUnsubmitted
Not Done
ReplyInline Actions

How does this work in practice? It seems to be an unsual case that we statically know a pointer is null. So, what is the use of this change and (more importantly) what is the impact on the framework, if any?

ymandel: How does this work in practice? It seems to be an unsual case that we statically know a pointer…
if (auto *PointeeLoc = SubExprVal->getPointeeLoc()) {
auto &Loc = Env.createStorageLocation(*S); auto &Loc = Env.createStorageLocation(*S);
Env.setStorageLocation(*S, Loc); Env.setStorageLocation(*S, Loc);
Env.setValue(Loc, Env.takeOwnership(std::make_unique<ReferenceValue>( Env.setValue(Loc, Env.takeOwnership(
SubExprVal->getPointeeLoc()))); std::make_unique<ReferenceValue>(*PointeeLoc)));
}
break; break;
} }
case UO_AddrOf: { case UO_AddrOf: {
// Do not form a pointer to a reference. If `SubExpr` is assigned a // Do not form a pointer to a reference. If `SubExpr` is assigned a
// `ReferenceValue` then form a value that points to the location of its // `ReferenceValue` then form a value that points to the location of its
// pointee. // pointee.
StorageLocation *PointeeLoc = StorageLocation *PointeeLoc =
Env.getStorageLocation(*SubExpr, SkipPast::Reference); Env.getStorageLocation(*SubExpr, SkipPast::Reference);
if (PointeeLoc == nullptr) if (PointeeLoc == nullptr)
break; break;
auto &PointerLoc = Env.createStorageLocation(*S); auto &PointerLoc = Env.createStorageLocation(*S);
auto &PointerVal = auto &PointerVal =
Env.takeOwnership(std::make_unique<PointerValue>(*PointeeLoc)); Env.takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
Env.setStorageLocation(*S, PointerLoc); Env.setStorageLocation(*S, PointerLoc);
Env.setValue(PointerLoc, PointerVal); Env.setValue(PointerLoc, PointerVal);
break; break;
} }
case UO_LNot: { case UO_LNot: {
auto *SubExprVal = auto *SubExprVal =
dyn_cast_or_null<BoolValue>(Env.getValue(*SubExpr, SkipPast::None)); dyn_cast_or_null<BoolValue>(Env.getValue(*SubExpr, SkipPast::None));
if (SubExprVal == nullptr) if (SubExprVal == nullptr)
Show All 13 Lines void VisitCXXThisExpr(const CXXThisExpr *S) {
auto *ThisPointeeLoc = Env.getThisPointeeStorageLocation(); auto *ThisPointeeLoc = Env.getThisPointeeStorageLocation();
if (ThisPointeeLoc == nullptr) if (ThisPointeeLoc == nullptr)
// Unions are not supported yet, and will not have a location for the // Unions are not supported yet, and will not have a location for the
// `this` expression's pointee. // `this` expression's pointee.
return; return;
auto &Loc = Env.createStorageLocation(*S); auto &Loc = Env.createStorageLocation(*S);
Env.setStorageLocation(*S, Loc); Env.setStorageLocation(*S, Loc);
Env.setValue(Loc, Env.takeOwnership( Env.setValue(
std::make_unique<PointerValue>(*ThisPointeeLoc))); Loc, Env.takeOwnership(std::make_unique<PointerValue>(ThisPointeeLoc)));
} }
void VisitMemberExpr(const MemberExpr *S) { void VisitMemberExpr(const MemberExpr *S) {
ValueDecl *Member = S->getMemberDecl(); ValueDecl *Member = S->getMemberDecl();
assert(Member != nullptr); assert(Member != nullptr);
// FIXME: Consider assigning pointer values to function member expressions. // FIXME: Consider assigning pointer values to function member expressions.
if (Member->isFunctionOrFunctionTemplate()) if (Member->isFunctionOrFunctionTemplate())
▲ Show 20 LinesShow All 306 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show First 20 LinesShow All 406 Lines▼ Show 20 Lines runDataflow(Code, [](llvm::ArrayRef<std::pair<
const auto *FooRefVal = const auto *FooRefVal =
cast<ReferenceValue>(BarReferentVal->getChild(*FooRefDecl)); cast<ReferenceValue>(BarReferentVal->getChild(*FooRefDecl));
const StorageLocation &FooReferentLoc = FooRefVal->getReferentLoc(); const StorageLocation &FooReferentLoc = FooRefVal->getReferentLoc();
EXPECT_THAT(Env.getValue(FooReferentLoc), IsNull()); EXPECT_THAT(Env.getValue(FooReferentLoc), IsNull());
const auto *FooPtrVal = const auto *FooPtrVal =
cast<PointerValue>(BarReferentVal->getChild(*FooPtrDecl)); cast<PointerValue>(BarReferentVal->getChild(*FooPtrDecl));
const StorageLocation &FooPtrPointeeLoc = FooPtrVal->getPointeeLoc(); const StorageLocation *FooPtrPointeeLoc = FooPtrVal->getPointeeLoc();
EXPECT_THAT(Env.getValue(FooPtrPointeeLoc), IsNull()); ASSERT_THAT(FooPtrPointeeLoc, NotNull());
EXPECT_THAT(Env.getValue(*FooPtrPointeeLoc), IsNull());
const auto *BazRefVal = const auto *BazRefVal =
cast<ReferenceValue>(BarReferentVal->getChild(*BazRefDecl)); cast<ReferenceValue>(BarReferentVal->getChild(*BazRefDecl));
const StorageLocation &BazReferentLoc = BazRefVal->getReferentLoc(); const StorageLocation &BazReferentLoc = BazRefVal->getReferentLoc();
EXPECT_THAT(Env.getValue(BazReferentLoc), NotNull()); EXPECT_THAT(Env.getValue(BazReferentLoc), NotNull());
const auto *BazPtrVal = const auto *BazPtrVal =
cast<PointerValue>(BarReferentVal->getChild(*BazPtrDecl)); cast<PointerValue>(BarReferentVal->getChild(*BazPtrDecl));
const StorageLocation &BazPtrPointeeLoc = BazPtrVal->getPointeeLoc(); const StorageLocation *BazPtrPointeeLoc = BazPtrVal->getPointeeLoc();
EXPECT_THAT(Env.getValue(BazPtrPointeeLoc), NotNull()); ASSERT_THAT(BazPtrPointeeLoc, NotNull());
EXPECT_THAT(Env.getValue(*BazPtrPointeeLoc), NotNull());
}); });
} }
TEST_F(TransferTest, PointerVarDecl) { TEST_F(TransferTest, PointerVarDecl) {
std::string Code = R"( std::string Code = R"(
struct A {}; struct A {};
A *getA(); A *getA();
Show All 14 Lines runDataflow(
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const StorageLocation *FooLoc = const StorageLocation *FooLoc =
Env.getStorageLocation(*FooDecl, SkipPast::None); Env.getStorageLocation(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc)); ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc));
const PointerValue *FooVal = cast<PointerValue>(Env.getValue(*FooLoc)); const PointerValue *FooVal = cast<PointerValue>(Env.getValue(*FooLoc));
const StorageLocation &FooPointeeLoc = FooVal->getPointeeLoc(); const StorageLocation *FooPointeeLoc = FooVal->getPointeeLoc();
EXPECT_TRUE(isa<AggregateStorageLocation>(&FooPointeeLoc)); EXPECT_TRUE(isa_and_nonnull<AggregateStorageLocation>(FooPointeeLoc));
const Value *FooPointeeVal = Env.getValue(FooPointeeLoc); const Value *FooPointeeVal = Env.getValue(*FooPointeeLoc);
EXPECT_TRUE(isa_and_nonnull<StructValue>(FooPointeeVal)); EXPECT_TRUE(isa_and_nonnull<StructValue>(FooPointeeVal));
}); });
} }
TEST_F(TransferTest, SelfReferentialPointerVarDecl) { TEST_F(TransferTest, SelfReferentialPointerVarDecl) {
std::string Code = R"( std::string Code = R"(
struct A; struct A;
▲ Show 20 LinesShow All 80 Lines▼ Show 20 Lines runDataflow(
ASSERT_THAT(FooRefDecl, NotNull()); ASSERT_THAT(FooRefDecl, NotNull());
ASSERT_THAT(FooPtrDecl, NotNull()); ASSERT_THAT(FooPtrDecl, NotNull());
ASSERT_THAT(BazRefDecl, NotNull()); ASSERT_THAT(BazRefDecl, NotNull());
ASSERT_THAT(BazPtrDecl, NotNull()); ASSERT_THAT(BazPtrDecl, NotNull());
const auto *FooLoc = cast<ScalarStorageLocation>( const auto *FooLoc = cast<ScalarStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *FooVal = cast<PointerValue>(Env.getValue(*FooLoc)); const auto *FooVal = cast<PointerValue>(Env.getValue(*FooLoc));
const auto *FooPointeeLoc = FooVal->getPointeeLoc();
ASSERT_THAT(FooPointeeLoc, NotNull());
const auto *FooPointeeVal = const auto *FooPointeeVal =
cast<StructValue>(Env.getValue(FooVal->getPointeeLoc())); cast<StructValue>(Env.getValue(*FooPointeeLoc));
const auto *BarVal = const auto *BarVal =
cast<PointerValue>(FooPointeeVal->getChild(*BarDecl)); cast<PointerValue>(FooPointeeVal->getChild(*BarDecl));
const auto *BarPointeeLoc = BarVal->getPointeeLoc();
ASSERT_THAT(BarPointeeLoc, NotNull());
const auto *BarPointeeVal = const auto *BarPointeeVal =
cast<StructValue>(Env.getValue(BarVal->getPointeeLoc())); cast<StructValue>(Env.getValue(*BarPointeeLoc));
const auto *FooRefVal = const auto *FooRefVal =
cast<ReferenceValue>(BarPointeeVal->getChild(*FooRefDecl)); cast<ReferenceValue>(BarPointeeVal->getChild(*FooRefDecl));
const StorageLocation &FooReferentLoc = FooRefVal->getReferentLoc(); const StorageLocation &FooReferentLoc = FooRefVal->getReferentLoc();
EXPECT_THAT(Env.getValue(FooReferentLoc), IsNull()); EXPECT_THAT(Env.getValue(FooReferentLoc), IsNull());
const auto *FooPtrVal = const auto *FooPtrVal =
cast<PointerValue>(BarPointeeVal->getChild(*FooPtrDecl)); cast<PointerValue>(BarPointeeVal->getChild(*FooPtrDecl));
const StorageLocation &FooPtrPointeeLoc = FooPtrVal->getPointeeLoc(); const StorageLocation *FooPtrPointeeLoc = FooPtrVal->getPointeeLoc();
EXPECT_THAT(Env.getValue(FooPtrPointeeLoc), IsNull()); ASSERT_THAT(FooPtrPointeeLoc, NotNull());
EXPECT_THAT(Env.getValue(*FooPtrPointeeLoc), IsNull());
const auto *BazRefVal = const auto *BazRefVal =
cast<ReferenceValue>(BarPointeeVal->getChild(*BazRefDecl)); cast<ReferenceValue>(BarPointeeVal->getChild(*BazRefDecl));
const StorageLocation &BazReferentLoc = BazRefVal->getReferentLoc(); const StorageLocation &BazReferentLoc = BazRefVal->getReferentLoc();
EXPECT_THAT(Env.getValue(BazReferentLoc), NotNull()); EXPECT_THAT(Env.getValue(BazReferentLoc), NotNull());
const auto *BazPtrVal = const auto *BazPtrVal =
cast<PointerValue>(BarPointeeVal->getChild(*BazPtrDecl)); cast<PointerValue>(BarPointeeVal->getChild(*BazPtrDecl));
const StorageLocation &BazPtrPointeeLoc = BazPtrVal->getPointeeLoc(); const StorageLocation *BazPtrPointeeLoc = BazPtrVal->getPointeeLoc();
EXPECT_THAT(Env.getValue(BazPtrPointeeLoc), NotNull()); ASSERT_THAT(BazPtrPointeeLoc, NotNull());
EXPECT_THAT(Env.getValue(*BazPtrPointeeLoc), NotNull());
}); });
} }
TEST_F(TransferTest, MultipleVarsDecl) { TEST_F(TransferTest, MultipleVarsDecl) {
std::string Code = R"( std::string Code = R"(
void target() { void target() {
int Foo, Bar; int Foo, Bar;
(void)0; (void)0;
▲ Show 20 LinesShow All 202 Lines▼ Show 20 Lines runDataflow(Code,
const Value *FooVal = Env.getValue(*FooDecl, SkipPast::None); const Value *FooVal = Env.getValue(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal)); ASSERT_TRUE(isa_and_nonnull<IntegerValue>(FooVal));
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *BarVal = const auto *BarVal =
cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_EQ(Env.getValue(BarVal->getPointeeLoc()), FooVal); const auto *BarPointeeLoc = BarVal->getPointeeLoc();
ASSERT_THAT(BarPointeeLoc, NotNull());
EXPECT_EQ(Env.getValue(*BarPointeeLoc), FooVal);
const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz"); const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
ASSERT_THAT(BazDecl, NotNull()); ASSERT_THAT(BazDecl, NotNull());
EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), FooVal); EXPECT_EQ(Env.getValue(*BazDecl, SkipPast::None), FooVal);
}); });
} }
▲ Show 20 LinesShow All 188 Lines▼ Show 20 Lines runDataflow(
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const StorageLocation *FooLoc = const StorageLocation *FooLoc =
Env.getStorageLocation(*FooDecl, SkipPast::None); Env.getStorageLocation(*FooDecl, SkipPast::None);
ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc)); ASSERT_TRUE(isa_and_nonnull<ScalarStorageLocation>(FooLoc));
const PointerValue *FooVal = cast<PointerValue>(Env.getValue(*FooLoc)); const PointerValue *FooVal = cast<PointerValue>(Env.getValue(*FooLoc));
const StorageLocation &FooPointeeLoc = FooVal->getPointeeLoc(); const StorageLocation *FooPointeeLoc = FooVal->getPointeeLoc();
EXPECT_TRUE(isa<AggregateStorageLocation>(&FooPointeeLoc)); EXPECT_TRUE(isa_and_nonnull<AggregateStorageLocation>(FooPointeeLoc));
const Value *FooPointeeVal = Env.getValue(FooPointeeLoc); const Value *FooPointeeVal = Env.getValue(*FooPointeeLoc);
EXPECT_TRUE(isa_and_nonnull<StructValue>(FooPointeeVal)); EXPECT_TRUE(isa_and_nonnull<StructValue>(FooPointeeVal));
}); });
} }
TEST_F(TransferTest, StructMember) { TEST_F(TransferTest, StructMember) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
▲ Show 20 LinesShow All 1,216 Lines▼ Show 20 Lines runDataflow(Code,
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooLoc = cast<ScalarStorageLocation>( const auto *FooLoc = cast<ScalarStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *BarVal = const auto *BarVal =
cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_EQ(&BarVal->getPointeeLoc(), FooLoc); EXPECT_EQ(BarVal->getPointeeLoc(), FooLoc);
}); });
} }
TEST_F(TransferTest, AddrOfReference) { TEST_F(TransferTest, AddrOfReference) {
std::string Code = R"( std::string Code = R"(
void target(int *Foo) { void target(int *Foo) {
int *Bar = &(*Foo); int *Bar = &(*Foo);
// [[p]] // [[p]]
Show All 12 Lines runDataflow(Code,
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooVal = const auto *FooVal =
cast<PointerValue>(Env.getValue(*FooDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*FooDecl, SkipPast::None));
const auto *BarVal = const auto *BarVal =
cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_EQ(&BarVal->getPointeeLoc(), &FooVal->getPointeeLoc()); EXPECT_EQ(BarVal->getPointeeLoc(), FooVal->getPointeeLoc());
}); });
} }
TEST_F(TransferTest, DerefDependentPtr) { TEST_F(TransferTest, DerefDependentPtr) {
std::string Code = R"( std::string Code = R"(
template <typename T> template <typename T>
void target(T *Foo) { void target(T *Foo) {
T &Bar = *Foo; T &Bar = *Foo;
Show All 13 Lines runDataflow(
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooVal = const auto *FooVal =
cast<PointerValue>(Env.getValue(*FooDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*FooDecl, SkipPast::None));
const auto *BarVal = const auto *BarVal =
cast<ReferenceValue>(Env.getValue(*BarDecl, SkipPast::None)); cast<ReferenceValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_EQ(&BarVal->getReferentLoc(), &FooVal->getPointeeLoc()); EXPECT_EQ(&BarVal->getReferentLoc(), FooVal->getPointeeLoc());
}); });
} }
TEST_F(TransferTest, VarDeclInitAssignConditionalOperator) { TEST_F(TransferTest, VarDeclInitAssignConditionalOperator) {
std::string Code = R"( std::string Code = R"(
struct A {}; struct A {};
void target(A Foo, A Bar, bool Cond) { void target(A Foo, A Bar, bool Cond) {
▲ Show 20 LinesShow All 53 Lines▼ Show 20 Lines runDataflow(Code,
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooVal = const auto *FooVal =
cast<PointerValue>(Env.getValue(*FooDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*FooDecl, SkipPast::None));
const auto *FooPointeeLoc = FooVal->getPointeeLoc();
ASSERT_THAT(FooPointeeLoc, NotNull());
const auto *FooPointeeVal = const auto *FooPointeeVal =
cast<IntegerValue>(Env.getValue(FooVal->getPointeeLoc())); cast<IntegerValue>(Env.getValue(*FooPointeeLoc));
const auto *BarVal = dyn_cast_or_null<IntegerValue>( const auto *BarVal = dyn_cast_or_null<IntegerValue>(
Env.getValue(*BarDecl, SkipPast::None)); Env.getValue(*BarDecl, SkipPast::None));
ASSERT_THAT(BarVal, NotNull()); ASSERT_THAT(BarVal, NotNull());
EXPECT_EQ(BarVal, FooPointeeVal); EXPECT_EQ(BarVal, FooPointeeVal);
}); });
} }
▲ Show 20 LinesShow All 944 Lines▼ Show 20 Lines runDataflow(
const ValueDecl *LDecl = findValueDecl(ASTCtx, "l"); const ValueDecl *LDecl = findValueDecl(ASTCtx, "l");
ASSERT_THAT(LDecl, NotNull()); ASSERT_THAT(LDecl, NotNull());
// Inner. // Inner.
auto *LVal = auto *LVal =
dyn_cast<PointerValue>(InnerEnv.getValue(*LDecl, SkipPast::None)); dyn_cast<PointerValue>(InnerEnv.getValue(*LDecl, SkipPast::None));
ASSERT_THAT(LVal, NotNull()); ASSERT_THAT(LVal, NotNull());
EXPECT_EQ(&LVal->getPointeeLoc(), EXPECT_EQ(LVal->getPointeeLoc(),
InnerEnv.getStorageLocation(*ValDecl, SkipPast::Reference)); InnerEnv.getStorageLocation(*ValDecl, SkipPast::Reference));
// Outer. // Outer.
LVal = LVal =
dyn_cast<PointerValue>(OuterEnv.getValue(*LDecl, SkipPast::None)); dyn_cast<PointerValue>(OuterEnv.getValue(*LDecl, SkipPast::None));
ASSERT_THAT(LVal, NotNull()); ASSERT_THAT(LVal, NotNull());
// The loop body may not have been executed, so we should not conclude // The loop body may not have been executed, so we should not conclude
// that `l` points to `val`. // that `l` points to `val`.
EXPECT_NE(&LVal->getPointeeLoc(), EXPECT_NE(LVal->getPointeeLoc(),
OuterEnv.getStorageLocation(*ValDecl, SkipPast::Reference)); OuterEnv.getStorageLocation(*ValDecl, SkipPast::Reference));
}); });
} }
TEST_F(TransferTest, DoesNotCrashOnUnionThisExpr) { TEST_F(TransferTest, DoesNotCrashOnUnionThisExpr) {
std::string Code = R"( std::string Code = R"(
union Union { union Union {
int A; int A;
▲ Show 20 LinesShow All 208 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp

Show First 20 LinesShow All 670 Lines▼ Show 20 Lines runDataflow(Code,
const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar"); const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
ASSERT_THAT(BarDecl, NotNull()); ASSERT_THAT(BarDecl, NotNull());
const auto *FooLoc = cast<ScalarStorageLocation>( const auto *FooLoc = cast<ScalarStorageLocation>(
Env.getStorageLocation(*FooDecl, SkipPast::None)); Env.getStorageLocation(*FooDecl, SkipPast::None));
const auto *BarVal = const auto *BarVal =
cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None)); cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_EQ(&BarVal->getPointeeLoc(), FooLoc); EXPECT_EQ(BarVal->getPointeeLoc(), FooLoc);
}); });
} }
TEST_F(WideningTest, DistinctValuesWithSamePropertiesAreEquivalent) { TEST_F(WideningTest, DistinctValuesWithSamePropertiesAreEquivalent) {
std::string Code = R"( std::string Code = R"(
#include "widening_test_defs.h" #include "widening_test_defs.h"
void target(bool Cond) { void target(bool Cond) {
▲ Show 20 LinesShow All 491 LinesShow Last 20 Lines