Download Raw Diff

Details

Reviewers

gribozavr2
hlopko
sgatev
ymandel
xazax.hun

Commits

rGb611376e7eb5: [clang][dataflow] Singleton pointer values for null pointers.

Summary

When a nullptr is assigned to a pointer variable, it is wrapped in a ImplicitCastExpr with cast kind CK_NullTo(Member)Pointer. This patch assigns singleton pointer values representing null to these expressions.

For each pointee type, a singleton null PointerValue is created and stored in the NullPointerVals map of the DataflowAnalysisContext class. The pointee type is retrieved from the implicit cast expression, and used to initialise the PointeeLoc field of the PointerValue. The PointeeLoc created is not mapped to any Value, reflecting the absence of value indicated by null pointers.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

wyt created this revision.Jun 17 2022, 7:10 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 17 2022, 7:10 AM

Herald added subscribers: martong, tschuett, xazax.hun. · View Herald Transcript

wyt requested review of this revision.Jun 17 2022, 7:10 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 17 2022, 7:10 AM

Herald added a subscriber: cfe-commits. · View Herald Transcript

wyt added reviewers: gribozavr2, hlopko, sgatev, ymandel.Jun 17 2022, 7:12 AM

Harbormaster completed remote builds in B170504: Diff 437890.Jun 17 2022, 8:28 AM

I am wondering about the future plans regarding how pointers are represented.
What will be the expected behavior when the analysis discovers that the pointer has a null value? E.g.:

if (p == nullptr)
{
  ....
}

Would we expect p in this case to have the same singleton value in the then block of the if statement?

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
163	Since you always want this function to create a null pointer value, I think it would be less error prone to ask for the location instead of an arbitrary value. Currently, a confused caller could put a non-null value into a table.
166	I think `getAsString` is considered expensive. Could you use `QualType` directly as the key?

Use QualType as key to singleton map, implement getOrCreate factory function for retrieving null pointer values.

Harbormaster completed remote builds in B171363: Diff 439078.Jun 22 2022, 10:12 AM

wyt added a parent revision: D128359: [clang][dataflow] Move logic for `createStorageLocation` from `DataflowEnvironment` to `DataflowAnalysisContext`..Jun 22 2022, 10:18 AM

@xazax.hun

Since you always want this function to create a null pointer value, I think it would be less error prone to ask for the location instead of an arbitrary value. Currently, a confused caller could put a non-null value into a table.

Replaced with a getOrCreate factory to encapsulate pointer value creation.

I think getAsString is considered expensive. Could you use QualType directly as the key?

Done.

I am wondering about the future plans regarding how pointers are represented.
What will be the expected behavior when the analysis discovers that the pointer has a null value? E.g.:
if (p == nullptr)
{
  ....
}
Would we expect p in this case to have the same singleton value in the then block of the if statement?

This is an interesting idea.
IIUC, for non-boolean values, the core framework currently does not dissect the equality expression - p == nullptr would be represented by a symbolic boolean, but p and nullptr would not be entangled together.
However, we are working on a pointer nullability analysis on top of the framework that should add information to interrelate two pointer values and their nullability information when we do a comparison between pointers.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
163	Since you always want this function to create a null pointer value, I think it would be less error prone to ask for the location instead of an arbitrary value. Currently, a confused caller could put a non-null value into a table.
166	I think `getAsString` is considered expensive. Could you use `QualType` directly as the key?

wyt added a reviewer: xazax.hun.Jun 22 2022, 11:07 AM

Herald added a subscriber: rnkovacs. · View Herald TranscriptJun 22 2022, 11:07 AM

xazax.hun accepted this revision.Jun 22 2022, 4:38 PM

xazax.hun added inline comments.

clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp
65	Should we have a `PointerValue` without `PointeeLoc` to represent null pointers?

This revision is now accepted and ready to land.Jun 22 2022, 4:38 PM

sgatev accepted this revision.Jun 23 2022, 12:05 AM

sgatev added inline comments.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
156–158
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
318–320
321	Let's move this below `getThisPointeeStorageLocation` so that it's closer to related members. Same for the cpp file.

Address comments.

wyt added inline comments.Jun 24 2022, 6:05 AM

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
311–314	@xazax.hun Should we have a `PointerValue` without `PointeeLoc` to represent null pointers? `PointeeLoc` is a reference field in the current `PointerValue` so it is required for now. Creating an independent `NullPointerValue` class without `PointeeLoc` is something we are considering, but in this patch we will be using `PointerValues` with a `PointeeLoc` corresponding to the pointee type to represent null pointers.

Harbormaster completed remote builds in B171842: Diff 439721.Jun 24 2022, 7:18 AM

gribozavr2 accepted this revision.Jun 27 2022, 3:48 AM

gribozavr2 added inline comments.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
308–309
clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp
59

Address comments.

Harbormaster completed remote builds in B172155: Diff 440162.Jun 27 2022, 4:58 AM

gribozavr2 accepted this revision.Jun 27 2022, 5:13 AM

Closed by commit rGb611376e7eb5: [clang][dataflow] Singleton pointer values for null pointers. (authored by wyt, committed by gribozavr). · Explain WhyJun 27 2022, 5:17 AM

This revision was automatically updated to reflect the committed changes.

gribozavr added a commit: rGb611376e7eb5: [clang][dataflow] Singleton pointer values for null pointers..

Diff 440176

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h

Show All 11 Lines

// //

//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//

#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H #ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H

#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H #define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H

#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"

#include "clang/AST/Expr.h" #include "clang/AST/Expr.h"

#include "clang/AST/TypeOrdering.h"

#include "clang/Analysis/FlowSensitive/Solver.h" #include "clang/Analysis/FlowSensitive/Solver.h"

#include "clang/Analysis/FlowSensitive/StorageLocation.h" #include "clang/Analysis/FlowSensitive/StorageLocation.h"

#include "clang/Analysis/FlowSensitive/Value.h" #include "clang/Analysis/FlowSensitive/Value.h"

#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"

#include "llvm/ADT/DenseSet.h" #include "llvm/ADT/DenseSet.h"

#include <cassert> #include <cassert>

#include <memory> #include <memory>

#include <type_traits> #include <type_traits>

▲ Show 20 Lines • Show All 119 Lines • ▼ Show 20 Lines public:

} }

/// Returns the storage location assigned to the `this` pointee or null if the /// Returns the storage location assigned to the `this` pointee or null if the

/// `this` pointee has no assigned storage location. /// `this` pointee has no assigned storage location.

StorageLocation *getThisPointeeStorageLocation() const { StorageLocation *getThisPointeeStorageLocation() const {

return ThisPointeeLoc; return ThisPointeeLoc;

} }

/// Returns a pointer value that represents a null pointer. Calls with

/// `PointeeType` that are canonically equivalent will return the same result.

PointerValue &getOrCreateNullPointerValue(QualType PointeeType);

sgatevUnsubmitted

Done

return ThisPointeeLoc;

}

- /// Returns a pointer value that represents a null pointer. Calls

- /// with `PointeeType` that are canonically equivalent will return the same

+ /// Returns a pointer value that represents a null pointer. Calls with

+ /// `PointeeType` that are canonically equivalent will return the same

/// result.

PointerValue &getOrCreateNullPointerValue(QualType PointeeType);

sgatev:

/// Returns a symbolic boolean value that models a boolean literal equal to /// Returns a symbolic boolean value that models a boolean literal equal to

/// `Value`. /// `Value`.

AtomicBoolValue &getBoolLiteralValue(bool Value) const { AtomicBoolValue &getBoolLiteralValue(bool Value) const {

return Value ? TrueVal : FalseVal; return Value ? TrueVal : FalseVal;

xazax.hunUnsubmitted

Done

Since you always want this function to create a null pointer value, I think it would be less error prone to ask for the location instead of an arbitrary value. Currently, a confused caller could put a non-null value into a table.

xazax.hun: Since you always want this function to create a null pointer value, I think it would be less…

wytAuthorUnsubmitted

Done

Since you always want this function to create a null pointer value, I think it would be less error prone to ask for the location instead of an arbitrary value. Currently, a confused caller could put a non-null value into a table.

wyt: > Since you always want this function to create a null pointer value, I think it would be less…

} }

/// Creates an atomic boolean value. /// Creates an atomic boolean value.

xazax.hunUnsubmitted

Not Done

I think getAsString is considered expensive. Could you use QualType directly as the key?

xazax.hun: I think `getAsString` is considered expensive. Could you use `QualType` directly as the key?

wytAuthorUnsubmitted

Done

I think getAsString is considered expensive. Could you use QualType directly as the key?

wyt: > I think `getAsString` is considered expensive. Could you use `QualType` directly as the key?

AtomicBoolValue &createAtomicBoolValue() { AtomicBoolValue &createAtomicBoolValue() {

return takeOwnership(std::make_unique<AtomicBoolValue>()); return takeOwnership(std::make_unique<AtomicBoolValue>());

} }

/// Returns a boolean value that represents the conjunction of `LHS` and /// Returns a boolean value that represents the conjunction of `LHS` and

/// `RHS`. Subsequent calls with the same arguments, regardless of their /// `RHS`. Subsequent calls with the same arguments, regardless of their

/// order, will return the same result. If the given boolean values represent /// order, will return the same result. If the given boolean values represent

/// the same value, the result will be the value itself. /// the same value, the result will be the value itself.

▲ Show 20 Lines • Show All 125 Lines • ▼ Show 20 Lines private:

// blocks) and are used to produce stable storage locations when the same // blocks) and are used to produce stable storage locations when the same

// basic blocks are evaluated multiple times. The storage locations that are // basic blocks are evaluated multiple times. The storage locations that are

// in scope for a particular basic block are stored in `Environment`. // in scope for a particular basic block are stored in `Environment`.

llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc; llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc;

llvm::DenseMap<const Expr *, StorageLocation *> ExprToLoc; llvm::DenseMap<const Expr *, StorageLocation *> ExprToLoc;

StorageLocation *ThisPointeeLoc = nullptr; StorageLocation *ThisPointeeLoc = nullptr;

// Null pointer values, keyed by the canonical pointee type.

gribozavr2Unsubmitted

Done

StorageLocation *ThisPointeeLoc = nullptr;

- // Index used to avoid recreating pointer values for null pointers of the

- // same canonical pointee type.

+ // Null pointer values, keyed by the canonical pointee type.

// FIXME: The pointer values are indexed by the pointee types which are

gribozavr2:

// FIXME: The pointer values are indexed by the pointee types which are

// required to initialize the `PointeeLoc` field in `PointerValue`. Consider

// creating a type-independent `NullPointerValue` without a `PointeeLoc`

// field.

llvm::DenseMap<QualType, PointerValue *> NullPointerVals;

wytAuthorUnsubmitted

Done

@xazax.hun

Should we have a PointerValue without PointeeLoc to represent null pointers?

PointeeLoc is a reference field in the current PointerValue so it is required for now.
Creating an independent NullPointerValue class without PointeeLoc is something we are considering, but in this patch we will be using PointerValues with a PointeeLoc corresponding to the pointee type to represent null pointers.

wyt: @xazax.hun > Should we have a `PointerValue` without `PointeeLoc` to represent null pointers?

AtomicBoolValue &TrueVal; AtomicBoolValue &TrueVal;

AtomicBoolValue &FalseVal; AtomicBoolValue &FalseVal;

// Indices that are used to avoid recreating the same composite boolean // Indices that are used to avoid recreating the same composite boolean

// values. // values.

llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, ConjunctionValue *> llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, ConjunctionValue *>

ConjunctionVals; ConjunctionVals;

llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, DisjunctionValue *> llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, DisjunctionValue *>

Show All 24 Lines

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

Show First 20 Lines • Show All 197 Lines • ▼ Show 20 Lines public:

/// assigned a storage location in the environment. /// assigned a storage location in the environment.

StorageLocation *getStorageLocation(const Expr &E, SkipPast SP) const; StorageLocation *getStorageLocation(const Expr &E, SkipPast SP) const;

/// Returns the storage location assigned to the `this` pointee in the /// Returns the storage location assigned to the `this` pointee in the

/// environment or null if the `this` pointee has no assigned storage location /// environment or null if the `this` pointee has no assigned storage location

/// in the environment. /// in the environment.

StorageLocation *getThisPointeeStorageLocation() const; StorageLocation *getThisPointeeStorageLocation() const;

/// Returns a pointer value that represents a null pointer. Calls with

/// `PointeeType` that are canonically equivalent will return the same result.

PointerValue &getOrCreateNullPointerValue(QualType PointeeType);

/// Creates a value appropriate for `Type`, if `Type` is supported, otherwise /// Creates a value appropriate for `Type`, if `Type` is supported, otherwise

/// return null. If `Type` is a pointer or reference type, creates all the /// return null. If `Type` is a pointer or reference type, creates all the

/// necessary storage locations and values for indirections until it finds a /// necessary storage locations and values for indirections until it finds a

/// non-pointer/non-reference type. /// non-pointer/non-reference type.

/// ///

/// Requirements: /// Requirements:

/// ///

/// `Type` must not be null. /// `Type` must not be null.

▲ Show 20 Lines • Show All 92 Lines • ▼ Show 20 Lines public:

/// Adds `Val` to the set of clauses that constitute the flow condition. /// Adds `Val` to the set of clauses that constitute the flow condition.

void addToFlowCondition(BoolValue &Val); void addToFlowCondition(BoolValue &Val);

/// Returns true if and only if the clauses that constitute the flow condition /// Returns true if and only if the clauses that constitute the flow condition

/// imply that `Val` is true. /// imply that `Val` is true.

bool flowConditionImplies(BoolValue &Val) const; bool flowConditionImplies(BoolValue &Val) const;

private: private:

/// Creates a value appropriate for `Type`, if `Type` is supported, otherwise /// Creates a value appropriate for `Type`, if `Type` is supported, otherwise

/// return null. /// return null.

sgatevUnsubmitted

Done

bool flowConditionImplies(BoolValue &Val) const;

- /// Returns a pointer value that represents a null pointer. Calls

- /// with `PointeeType` that are canonically equivalent will return the same

+ /// Returns a pointer value that represents a null pointer. Calls with

+ /// `PointeeType` that are canonically equivalent will return the same

/// result.

PointerValue &getOrCreateNullPointerValue(QualType PointeeType);

sgatev:

/// ///

sgatevUnsubmitted

Done

Let's move this below getThisPointeeStorageLocation so that it's closer to related members. Same for the cpp file.

sgatev: Let's move this below `getThisPointeeStorageLocation` so that it's closer to related members.

/// Recursively initializes storage locations and values until it sees a /// Recursively initializes storage locations and values until it sees a

/// self-referential pointer or reference type. `Visited` is used to track /// self-referential pointer or reference type. `Visited` is used to track

/// which types appeared in the reference/pointer chain in order to avoid /// which types appeared in the reference/pointer chain in order to avoid

/// creating a cyclic dependency with self-referential pointers/references. /// creating a cyclic dependency with self-referential pointers/references.

/// ///

/// Requirements: /// Requirements:

/// ///

/// `Type` must not be null. /// `Type` must not be null.

Show All 32 Lines

clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp

Show First 20 Lines • Show All 49 Lines • ▼ Show 20 Lines

DataflowAnalysisContext::getStableStorageLocation(const Expr &E) { DataflowAnalysisContext::getStableStorageLocation(const Expr &E) {

if (auto *Loc = getStorageLocation(E)) if (auto *Loc = getStorageLocation(E))

return *Loc; return *Loc;

auto &Loc = getStableStorageLocation(E.getType()); auto &Loc = getStableStorageLocation(E.getType());

setStorageLocation(E, Loc); setStorageLocation(E, Loc);

return Loc; return Loc;

} }

PointerValue &

DataflowAnalysisContext::getOrCreateNullPointerValue(QualType PointeeType) {

gribozavr2Unsubmitted

Done

PointerValue &

DataflowAnalysisContext::getOrCreateNullPointerValue(QualType PointeeType) {

+ assert(!PointeeType.isNull());

auto CanonicalPointeeType = PointeeType.getCanonicalType();

gribozavr2:

assert(!PointeeType.isNull());

auto CanonicalPointeeType = PointeeType.getCanonicalType();

auto Res = NullPointerVals.try_emplace(CanonicalPointeeType, nullptr);

if (Res.second) {

auto &PointeeLoc = getStableStorageLocation(CanonicalPointeeType);

Res.first->second =

xazax.hunUnsubmitted

Done

Should we have a PointerValue without PointeeLoc to represent null pointers?

xazax.hun: Should we have a `PointerValue` without `PointeeLoc` to represent null pointers?

&takeOwnership(std::make_unique<PointerValue>(PointeeLoc));

}

return *Res.first->second;

}

static std::pair<BoolValue *, BoolValue *> static std::pair<BoolValue *, BoolValue *>

makeCanonicalBoolValuePair(BoolValue &LHS, BoolValue &RHS) { makeCanonicalBoolValuePair(BoolValue &LHS, BoolValue &RHS) {

auto Res = std::make_pair(&LHS, &RHS); auto Res = std::make_pair(&LHS, &RHS);

if (&RHS < &LHS) if (&RHS < &LHS)

std::swap(Res.first, Res.second); std::swap(Res.first, Res.second);

return Res; return Res;

} }

▲ Show 20 Lines • Show All 254 Lines • Show Last 20 Lines

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

Show First 20 Lines • Show All 326 Lines • ▼ Show 20 Lines	StorageLocation *Environment::getStorageLocation(const Expr &E,
auto It = ExprToLoc.find(&ignoreCFGOmittedNodes(E));		auto It = ExprToLoc.find(&ignoreCFGOmittedNodes(E));
return It == ExprToLoc.end() ? nullptr : &skip(*It->second, SP);		return It == ExprToLoc.end() ? nullptr : &skip(*It->second, SP);
}		}

StorageLocation *Environment::getThisPointeeStorageLocation() const {		StorageLocation *Environment::getThisPointeeStorageLocation() const {
return DACtx->getThisPointeeStorageLocation();		return DACtx->getThisPointeeStorageLocation();
}		}

		PointerValue &Environment::getOrCreateNullPointerValue(QualType PointeeType) {
		return DACtx->getOrCreateNullPointerValue(PointeeType);
		}

void Environment::setValue(const StorageLocation &Loc, Value &Val) {		void Environment::setValue(const StorageLocation &Loc, Value &Val) {
LocToVal[&Loc] = &Val;		LocToVal[&Loc] = &Val;

if (auto *StructVal = dyn_cast<StructValue>(&Val)) {		if (auto *StructVal = dyn_cast<StructValue>(&Val)) {
auto &AggregateLoc = *cast<AggregateStorageLocation>(&Loc);		auto &AggregateLoc = *cast<AggregateStorageLocation>(&Loc);

const QualType Type = AggregateLoc.getType();		const QualType Type = AggregateLoc.getType();
assert(Type->isStructureOrClassType());		assert(Type->isStructureOrClassType());
▲ Show 20 Lines • Show All 170 Lines • Show Last 20 Lines

clang/lib/Analysis/FlowSensitive/Transfer.cpp

Show First 20 Lines • Show All 245 Lines • ▼ Show 20 Lines	case CK_NoOp: {
// assigning them storage locations.		// assigning them storage locations.
auto SubExprLoc = Env.getStorageLocation(SubExpr, SkipPast::None);		auto SubExprLoc = Env.getStorageLocation(SubExpr, SkipPast::None);
if (SubExprLoc == nullptr)		if (SubExprLoc == nullptr)
break;		break;

Env.setStorageLocation(S, SubExprLoc);		Env.setStorageLocation(S, SubExprLoc);
break;		break;
}		}
		case CK_NullToPointer:
		case CK_NullToMemberPointer: {
		auto &Loc = Env.createStorageLocation(S->getType());
		Env.setStorageLocation(*S, Loc);

		auto &NullPointerVal =
		Env.getOrCreateNullPointerValue(S->getType()->getPointeeType());
		Env.setValue(Loc, NullPointerVal);
		break;
		}
default:		default:
break;		break;
}		}
}		}

void VisitUnaryOperator(const UnaryOperator *S) {		void VisitUnaryOperator(const UnaryOperator *S) {
const Expr *SubExpr = S->getSubExpr();		const Expr *SubExpr = S->getSubExpr();
assert(SubExpr != nullptr);		assert(SubExpr != nullptr);
▲ Show 20 Lines • Show All 372 Lines • Show Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show First 20 Lines • Show All 2,208 Lines • ▼ Show 20 Lines	runDataflow(Code,
const auto FooVal = Env.getValue(FooDecl, SkipPast::None);		const auto FooVal = Env.getValue(FooDecl, SkipPast::None);
const auto BarVal = Env.getValue(BarDecl, SkipPast::None);		const auto BarVal = Env.getValue(BarDecl, SkipPast::None);
EXPECT_TRUE(isa<BoolValue>(FooVal));		EXPECT_TRUE(isa<BoolValue>(FooVal));
EXPECT_TRUE(isa<BoolValue>(BarVal));		EXPECT_TRUE(isa<BoolValue>(BarVal));
EXPECT_EQ(FooVal, BarVal);		EXPECT_EQ(FooVal, BarVal);
});		});
}		}

		TEST_F(TransferTest, NullToPointerCast) {
		std::string Code = R"(
		struct Baz {};
		void target() {
		int *FooX = nullptr;
		int *FooY = nullptr;
		bool **Bar = nullptr;
		Baz *Baz = nullptr;
		// [[p]]
		}
		)";
		runDataflow(Code,
		[](llvm::ArrayRef<
		std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
		Results,
		ASTContext &ASTCtx) {
		ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
		const Environment &Env = Results[0].second.Env;

		const ValueDecl *FooXDecl = findValueDecl(ASTCtx, "FooX");
		ASSERT_THAT(FooXDecl, NotNull());

		const ValueDecl *FooYDecl = findValueDecl(ASTCtx, "FooY");
		ASSERT_THAT(FooYDecl, NotNull());

		const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
		ASSERT_THAT(BarDecl, NotNull());

		const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
		ASSERT_THAT(BazDecl, NotNull());

		const auto *FooXVal =
		cast<PointerValue>(Env.getValue(*FooXDecl, SkipPast::None));
		const auto *FooYVal =
		cast<PointerValue>(Env.getValue(*FooYDecl, SkipPast::None));
		const auto *BarVal =
		cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
		const auto *BazVal =
		cast<PointerValue>(Env.getValue(*BazDecl, SkipPast::None));

		EXPECT_EQ(FooXVal, FooYVal);
		EXPECT_NE(FooXVal, BarVal);
		EXPECT_NE(FooXVal, BazVal);
		EXPECT_NE(BarVal, BazVal);

		const StorageLocation &FooPointeeLoc = FooXVal->getPointeeLoc();
		EXPECT_TRUE(isa<ScalarStorageLocation>(FooPointeeLoc));
		EXPECT_THAT(Env.getValue(FooPointeeLoc), IsNull());

		const StorageLocation &BarPointeeLoc = BarVal->getPointeeLoc();
		EXPECT_TRUE(isa<ScalarStorageLocation>(BarPointeeLoc));
		EXPECT_THAT(Env.getValue(BarPointeeLoc), IsNull());

		const StorageLocation &BazPointeeLoc = BazVal->getPointeeLoc();
		EXPECT_TRUE(isa<AggregateStorageLocation>(BazPointeeLoc));
		EXPECT_THAT(Env.getValue(BazPointeeLoc), IsNull());
		});
		}

		TEST_F(TransferTest, NullToMemberPointerCast) {
		std::string Code = R"(
		struct Foo {};
		void target(Foo *Foo) {
		int Foo::*MemberPointer = nullptr;
		// [[p]]
		}
		)";
		runDataflow(
		Code, [](llvm::ArrayRef<
		std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
		Results,
		ASTContext &ASTCtx) {
		ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
		const Environment &Env = Results[0].second.Env;

		const ValueDecl *MemberPointerDecl =
		findValueDecl(ASTCtx, "MemberPointer");
		ASSERT_THAT(MemberPointerDecl, NotNull());

		const auto *MemberPointerVal = cast<PointerValue>(
		Env.getValue(*MemberPointerDecl, SkipPast::None));

		const StorageLocation &MemberLoc = MemberPointerVal->getPointeeLoc();
		EXPECT_THAT(Env.getValue(MemberLoc), IsNull());
		});
		}

TEST_F(TransferTest, AddrOfValue) {		TEST_F(TransferTest, AddrOfValue) {
std::string Code = R"(		std::string Code = R"(
void target() {		void target() {
int Foo;		int Foo;
int *Bar = &Foo;		int *Bar = &Foo;
// [[p]]		// [[p]]
}		}
)";		)";
▲ Show 20 Lines • Show All 1,519 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[clang][dataflow] Singleton pointer values for null pointers.
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 440176

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

clang/lib/Analysis/FlowSensitive/Transfer.cpp

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

This is an archive of the discontinued LLVM Phabricator instance.

[clang][dataflow] Singleton pointer values for null pointers.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 440176

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

clang/lib/Analysis/FlowSensitive/Transfer.cpp

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

[clang][dataflow] Singleton pointer values for null pointers.
ClosedPublic