This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/lib/Analysis/
-
lib/
-
Analysis/
1/1
CFG.cpp

Differential D127993

[Static Analyzer][CFG] Introducing the source array in the CFG of DecompositionDecl
ClosedPublic

Authored by isuckatcs on Jun 16 2022, 11:19 AM.

Download Raw Diff

Details

Reviewers

NoQ
xazax.hun
Szelethus
t-rasmud

Commits

rGfc6b2281bfd7: [Static Analyzer][CFG] Introducing the source array in the CFG of…

Summary

Before this patch the array being decomposed was not present in the CFG, which lead to liveness issues.

Consider this snippet:

int uninit[2];
int init[2] = {0};

uninit[0] = init[0];  <-- init is marked as a dead symbol and gets removed

auto [i, j] = init;   <-- init is not referenced in the CFG

This patch makes sure, that the required array is referenced in the CFG, so the liveness of the variable is handled properly.

The AST of auto [i, j] = init; and the solution looks like the following:

`-DecompositionDecl 
  |-ArrayInitLoopExpr 
  | |-OpaqueValueExpr          <-- ignore this OpaqueValueExpr
  | | `-DeclRefExpr 'int[2]'   <-- put this DeclRefExpr to the CFG
  | `-ImplicitCastExpr
  |   `-ArraySubscriptExpr
  |     |-ImplicitCastExpr 
  |     | `-OpaqueValueExpr
  |     |   `-DeclRefExpr
  |     `-ArrayInitIndexExpr
  ` ...

Comparing the old and the new CFG of DecompositionDecl:

                         Old CFG                         |                           New CFG                        
                                                         |   
15: init (ImplicitCastExpr, ArrayToPointerDecay, int *)  |  15: init
16: *                                                    |  16: [B1.15] (ImplicitCastExpr, ArrayToPointerDecay, int *)
17: [B1.15][[B1.16]]                                     |  17: *
18: [B1.17] (ImplicitCastExpr, LValueToRValue, int)      |  18: [B1.16][[B1.17]]
19: {[B1.18]}                                            |  19: [B1.18] (ImplicitCastExpr, LValueToRValue, int)
20: auto = {init[*]};                                    |  20: {[B1.19]}
                                                         |  21: auto = {init[*]};

Diff Detail

Event Timeline

isuckatcs created this revision.Jun 16 2022, 11:19 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 16 2022, 11:19 AM

Herald added subscribers: manas, ASDenysPetrov, dkrupp and 4 others. · View Herald Transcript

isuckatcs requested review of this revision.Jun 16 2022, 11:19 AM

isuckatcs edited the summary of this revision. (Show Details)

Applied clang-format

isuckatcs mentioned this in D126613: [Static Analyzer] Structured binding to arrays.Jun 16 2022, 11:44 AM

I think a unit test would be nice. We have some CFG tests here: https://github.com/llvm/llvm-project/blob/main/clang/unittests/Analysis/CFGTest.cpp

clang/lib/Analysis/CFG.cpp
3866	I think visiting the children we want explicitly would be cleaner. I.e., instead of using a loop, querying each child using getters like `getCommonExpr`.

Harbormaster completed remote builds in B170320: Diff 437631.Jun 16 2022, 12:40 PM

There are also LIT tests in test/Analysis/cfg.cpp etc. which are easier to write and maintain so we usually do them until we have something very specific we want to test.

I see you're still omitting OpaqueValueExpr. I don't remember whether this is the right thing to do, somebody has to eventually omit them but I don't remember whether it's traditionally CFG's responsibility or the consumer (eg. static analyzer)'s responsibility. I think we'll cross this bridge when we get to it.

In D127993#3590071, @NoQ wrote:

There are also LIT tests in test/Analysis/cfg.cpp etc. which are easier to write and maintain so we usually do them until we have something very specific we want to test.

I see you're still omitting OpaqueValueExpr. I don't remember whether this is the right thing to do, somebody has to eventually omit them but I don't remember whether it's traditionally CFG's responsibility or the consumer (eg. static analyzer)'s responsibility. I think we'll cross this bridge when we get to it.

OpaqueValueExpr terminates the CFG building, the expression it contains is not visited at all. My initial idea was that if we encounter the OpaqueValueExpr, just take the Expr is contains and visit it, however that resulted in 30+ failing testcases in analysis. I think this situation when the DeclRefExpr we need is wrapped in an OpaqueValueExpr is unique to ArrayInitLoopExpr, so there is no good general solution here.

We either handle it separately in the CFG, or in liveness analysis.

Aha great, sounds like this is the right thing to do then!

Addressed comments.

It seems unit tests are focusing more on the features of the CFG itself, and not on CFGs built from snippets.
As this change only affects how a specific expression is evaluated, and doesn't influence the core of the CFG,
I decided to only add a LIT test.

isuckatcs marked an inline comment as done.Jun 17 2022, 5:35 AM

Harbormaster completed remote builds in B170483: Diff 437859.Jun 17 2022, 5:35 AM

Looks good to me, thanks!

This revision is now accepted and ready to land.Jun 17 2022, 9:19 AM

This revision was landed with ongoing or failed builds.Jun 17 2022, 9:35 AM

Closed by commit rGfc6b2281bfd7: [Static Analyzer][CFG] Introducing the source array in the CFG of… (authored by isuckatcs). · Explain Why

This revision was automatically updated to reflect the committed changes.

isuckatcs added a commit: rGfc6b2281bfd7: [Static Analyzer][CFG] Introducing the source array in the CFG of….

Herald added a subscriber: cfe-commits. · View Herald TranscriptJun 17 2022, 9:35 AM

Revision Contents

Path

Size

clang/

lib/

Analysis/

CFG.cpp

28 lines

Diff 437608

clang/lib/Analysis/CFG.cpp

Show First 20 Lines • Show All 601 Lines • ▼ Show 20 Lines	private:
CFGBlock VisitSEHLeaveStmt(SEHLeaveStmt S);		CFGBlock VisitSEHLeaveStmt(SEHLeaveStmt S);
CFGBlock VisitSEHTryStmt(SEHTryStmt S);		CFGBlock VisitSEHTryStmt(SEHTryStmt S);
CFGBlock VisitStmtExpr(StmtExpr S, AddStmtChoice asc);		CFGBlock VisitStmtExpr(StmtExpr S, AddStmtChoice asc);
CFGBlock VisitSwitchStmt(SwitchStmt S);		CFGBlock VisitSwitchStmt(SwitchStmt S);
CFGBlock VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr E,		CFGBlock VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr E,
AddStmtChoice asc);		AddStmtChoice asc);
CFGBlock VisitUnaryOperator(UnaryOperator U, AddStmtChoice asc);		CFGBlock VisitUnaryOperator(UnaryOperator U, AddStmtChoice asc);
CFGBlock VisitWhileStmt(WhileStmt W);		CFGBlock VisitWhileStmt(WhileStmt W);
		CFGBlock VisitArrayInitLoopExpr(ArrayInitLoopExpr A, AddStmtChoice asc);

CFGBlock Visit(Stmt S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd,		CFGBlock Visit(Stmt S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd,
bool ExternallyDestructed = false);		bool ExternallyDestructed = false);
CFGBlock VisitStmt(Stmt S, AddStmtChoice asc);		CFGBlock VisitStmt(Stmt S, AddStmtChoice asc);
CFGBlock VisitChildren(Stmt S);		CFGBlock VisitChildren(Stmt S);
CFGBlock VisitNoRecurse(Expr E, AddStmtChoice asc);		CFGBlock VisitNoRecurse(Expr E, AddStmtChoice asc);
CFGBlock VisitOMPExecutableDirective(OMPExecutableDirective D,		CFGBlock VisitOMPExecutableDirective(OMPExecutableDirective D,
AddStmtChoice asc);		AddStmtChoice asc);
▲ Show 20 Lines • Show All 1,706 Lines • ▼ Show 20 Lines	switch (S->getStmtClass()) {
case Stmt::SwitchStmtClass:		case Stmt::SwitchStmtClass:
return VisitSwitchStmt(cast<SwitchStmt>(S));		return VisitSwitchStmt(cast<SwitchStmt>(S));

case Stmt::UnaryOperatorClass:		case Stmt::UnaryOperatorClass:
return VisitUnaryOperator(cast<UnaryOperator>(S), asc);		return VisitUnaryOperator(cast<UnaryOperator>(S), asc);

case Stmt::WhileStmtClass:		case Stmt::WhileStmtClass:
return VisitWhileStmt(cast<WhileStmt>(S));		return VisitWhileStmt(cast<WhileStmt>(S));

		case Stmt::ArrayInitLoopExprClass:
		return VisitArrayInitLoopExpr(cast<ArrayInitLoopExpr>(S), asc);
}		}
}		}

CFGBlock CFGBuilder::VisitStmt(Stmt S, AddStmtChoice asc) {		CFGBlock CFGBuilder::VisitStmt(Stmt S, AddStmtChoice asc) {
if (asc.alwaysAdd(*this, S)) {		if (asc.alwaysAdd(*this, S)) {
autoCreateBlock();		autoCreateBlock();
appendStmt(Block, S);		appendStmt(Block, S);
}		}
▲ Show 20 Lines • Show All 1,503 Lines • ▼ Show 20 Lines	CFGBlock CFGBuilder::VisitWhileStmt(WhileStmt W) {
// to this block. NULL out Block to force lazy creation of another block.		// to this block. NULL out Block to force lazy creation of another block.
Block = nullptr;		Block = nullptr;

// Return the condition block, which is the dominating block for the loop.		// Return the condition block, which is the dominating block for the loop.
Succ = EntryConditionBlock;		Succ = EntryConditionBlock;
return EntryConditionBlock;		return EntryConditionBlock;
}		}

		CFGBlock CFGBuilder::VisitArrayInitLoopExpr(ArrayInitLoopExpr A, AddStmtChoice asc) {
		if (asc.alwaysAdd(*this, A)) {
		autoCreateBlock();
		appendStmt(Block, A);
		}

		CFGBlock *B = Block;

		// Visit the children in their reverse order so that they appear in
		// left-to-right (natural) order in the CFG.
		reverse_children RChildren(A);
		for (Stmt *Child : RChildren) {
		xazax.hunUnsubmitted Done Reply Inline Actions I think visiting the children we want explicitly would be cleaner. I.e., instead of using a loop, querying each child using getters like `getCommonExpr`. xazax.hun: I think visiting the children we want explicitly would be cleaner. I.e., instead of using a…
		if (Child)
		{
		if(auto *OVE = dyn_cast<OpaqueValueExpr>(Child))
		Child = OVE->getSourceExpr();

		if (CFGBlock *R = Visit(Child))
		B = R;
		}
		}
		return B;
		}

CFGBlock CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt CS) {		CFGBlock CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt CS) {
// ObjCAtCatchStmt are treated like labels, so they are the first statement		// ObjCAtCatchStmt are treated like labels, so they are the first statement
// in a block.		// in a block.

// Save local scope position because in case of exception variable ScopePos		// Save local scope position because in case of exception variable ScopePos
// won't be restored when traversing AST.		// won't be restored when traversing AST.
SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);		SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);

▲ Show 20 Lines • Show All 2,306 Lines • Show Last 20 Lines