This is an archive of the discontinued LLVM Phabricator instance.

Differential D131809

[clang][dataflow] Add an option for context-sensitive depth
ClosedPublic

Authored by samestep on Aug 12 2022, 2:18 PM.

Details

Reviewers
NoQ
sgatev
gribozavr2
xazax.hun
wyt
Commits
rG2efc8f8d6561: [clang][dataflow] Add an option for context-sensitive depth
Summary

This patch adds a Depth field (default value 2) to ContextSensitiveOptions, allowing context-sensitive analysis of functions that call other functions. This also requires replacing the DeclCtx field on Environment with a CallString field that contains a vector of decl contexts, to ensure that the analysis doesn't try to analyze recursive or mutually recursive calls (which would result in a crash, due to the way we handle StorageLocations).

Diff Detail

Event Timeline

samestep created this revision.Aug 12 2022, 2:18 PM
Herald added a reviewer: NoQ. · View Herald TranscriptAug 12 2022, 2:18 PM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: martong, xazax.hun. · View Herald Transcript
samestep requested review of this revision.Aug 12 2022, 2:18 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 12 2022, 2:18 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
samestep edited the summary of this revision. (Show Details)Aug 12 2022, 2:20 PM
samestep added reviewers: sgatev, gribozavr2, xazax.hun, wyt.
Herald added a subscriber: rnkovacs. · View Herald TranscriptAug 12 2022, 2:20 PM
samestep edited the summary of this revision. (Show Details)Aug 12 2022, 2:21 PM
Harbormaster completed remote builds in B181000: Diff 452304.Aug 12 2022, 3:54 PM
sgatev added inline comments.Aug 15 2022, 7:49 AM
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
395
clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
210

If canDescend is supposed to return false for MaxDepth = 0, shouldn't this be <?

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
4033

Let's add a similar test with Depth set to 0.

xazax.hun accepted this revision.Aug 15 2022, 8:22 AM

Once the Stanislav's comments are resolved, it looks good to me.

clang/lib/Analysis/FlowSensitive/Transfer.cpp
665

Alternatively, canDescend could get the optional ContextSensitiveOpts and we can do all the checking there.

This revision is now accepted and ready to land.Aug 15 2022, 8:22 AM
samestep added inline comments.Aug 15 2022, 12:50 PM
clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
210

I don't follow; could you clarify? The CallStack should always be nonempty.

clang/lib/Analysis/FlowSensitive/Transfer.cpp
665

Ah, good idea!

samestep added inline comments.Aug 15 2022, 12:54 PM
clang/lib/Analysis/FlowSensitive/Transfer.cpp
665

Oh... actually that doesn't work quite so nicely, because it introduces a circular dependency between Transfer.h and DataflowEnvironment.h. I'll leave it as-is for now.

samestep updated this revision to Diff 452783.Aug 15 2022, 12:55 PM

Address Stanislav's comments

This revision was landed with ongoing or failed builds.Aug 15 2022, 12:58 PM
Closed by commit rG2efc8f8d6561: [clang][dataflow] Add an option for context-sensitive depth (authored by samestep). · Explain Why
This revision was automatically updated to reflect the committed changes.
samestep added a commit: rG2efc8f8d6561: [clang][dataflow] Add an option for context-sensitive depth.
Harbormaster completed remote builds in B181361: Diff 452783.Aug 15 2022, 1:23 PM

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
FlowSensitive/
10 lines
6 lines
lib/
Analysis/
FlowSensitive/
29 lines
5 lines
unittests/
Analysis/
FlowSensitive/
173 lines

Diff 452784

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

Show First 20 LinesShow All 342 Lines▼ Show 20 Linespublic:
void addToFlowCondition(BoolValue &Val); void addToFlowCondition(BoolValue &Val);
/// Returns true if and only if the clauses that constitute the flow condition /// Returns true if and only if the clauses that constitute the flow condition
/// imply that `Val` is true. /// imply that `Val` is true.
bool flowConditionImplies(BoolValue &Val) const; bool flowConditionImplies(BoolValue &Val) const;
/// Returns the `DeclContext` of the block being analysed, if any. Otherwise, /// Returns the `DeclContext` of the block being analysed, if any. Otherwise,
/// returns null. /// returns null.
const DeclContext *getDeclCtx() { return DeclCtx; } const DeclContext *getDeclCtx() { return CallStack.back(); }
/// Sets the `DeclContext` of the block being analysed. /// Returns whether this `Environment` can be extended to analyze the given
void setDeclCtx(const DeclContext *Ctx) { DeclCtx = Ctx; } /// `Callee` (i.e. if `pushCall` can be used), with recursion disallowed and a
/// given `MaxDepth`.
bool canDescend(unsigned MaxDepth, const DeclContext *Callee) const;
/// Returns the `ControlFlowContext` registered for `F`, if any. Otherwise, /// Returns the `ControlFlowContext` registered for `F`, if any. Otherwise,
/// returns null. /// returns null.
const ControlFlowContext *getControlFlowContext(const FunctionDecl *F) { const ControlFlowContext *getControlFlowContext(const FunctionDecl *F) {
return DACtx->getControlFlowContext(F); return DACtx->getControlFlowContext(F);
} }
LLVM_DUMP_METHOD void dump() const; LLVM_DUMP_METHOD void dump() const;
Show All 22 Linesprivate:
/// of the caller. /// of the caller.
void pushCallInternal(const FunctionDecl *FuncDecl, void pushCallInternal(const FunctionDecl *FuncDecl,
ArrayRef<const Expr *> Args); ArrayRef<const Expr *> Args);
// `DACtx` is not null and not owned by this object. // `DACtx` is not null and not owned by this object.
DataflowAnalysisContext *DACtx; DataflowAnalysisContext *DACtx;
// `DeclContext` of the block being analysed if provided. // `DeclContext` of the block being analysed if provided.
const DeclContext *DeclCtx = nullptr; std::vector<const DeclContext *> CallStack;
sgatevUnsubmitted
Not Done
ReplyInline Actions
// `DeclContext` of the block being analysed if provided.
- std::vector<const DeclContext *> CallString;
+ std::vector<const DeclContext *> CallStack;
// In a properly initialized `Environment`, `ReturnLoc` should only be null if
sgatev:
// In a properly initialized `Environment`, `ReturnLoc` should only be null if // In a properly initialized `Environment`, `ReturnLoc` should only be null if
// its `DeclContext` could not be cast to a `FunctionDecl`. // its `DeclContext` could not be cast to a `FunctionDecl`.
StorageLocation *ReturnLoc = nullptr; StorageLocation *ReturnLoc = nullptr;
// The storage location of the `this` pointee. Should only be null if the // The storage location of the `this` pointee. Should only be null if the
// function being analyzed is only a function and not a method. // function being analyzed is only a function and not a method.
StorageLocation *ThisPointeeLoc = nullptr; StorageLocation *ThisPointeeLoc = nullptr;
Show All 22 Lines

clang/include/clang/Analysis/FlowSensitive/Transfer.h

Show All 15 Lines
#include "clang/AST/Stmt.h" #include "clang/AST/Stmt.h"
#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h" #include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
#include "llvm/ADT/Optional.h" #include "llvm/ADT/Optional.h"
namespace clang { namespace clang {
namespace dataflow { namespace dataflow {
struct ContextSensitiveOptions {}; struct ContextSensitiveOptions {
/// The maximum depth to analyze. A value of zero is equivalent to disabling
/// context-sensitive analysis entirely.
unsigned Depth = 2;
};
struct TransferOptions { struct TransferOptions {
/// Options for analyzing function bodies when present in the translation /// Options for analyzing function bodies when present in the translation
/// unit, or empty to disable context-sensitive analysis. Note that this is /// unit, or empty to disable context-sensitive analysis. Note that this is
/// fundamentally limited: some constructs, such as recursion, are explicitly /// fundamentally limited: some constructs, such as recursion, are explicitly
/// unsupported. /// unsupported.
llvm::Optional<ContextSensitiveOptions> ContextSensitiveOpts; llvm::Optional<ContextSensitiveOptions> ContextSensitiveOpts;
}; };
Show All 24 Lines

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

Show First 20 LinesShow All 148 Lines▼ Show 20 Lines if (auto *DS = dyn_cast<DeclStmt>(&S)) {
initGlobalVar(*E->getMemberDecl(), Env); initGlobalVar(*E->getMemberDecl(), Env);
} }
} }
Environment::Environment(DataflowAnalysisContext &DACtx) Environment::Environment(DataflowAnalysisContext &DACtx)
: DACtx(&DACtx), FlowConditionToken(&DACtx.makeFlowConditionToken()) {} : DACtx(&DACtx), FlowConditionToken(&DACtx.makeFlowConditionToken()) {}
Environment::Environment(const Environment &Other) Environment::Environment(const Environment &Other)
: DACtx(Other.DACtx), DeclCtx(Other.DeclCtx), ReturnLoc(Other.ReturnLoc), : DACtx(Other.DACtx), CallStack(Other.CallStack),
ThisPointeeLoc(Other.ThisPointeeLoc), DeclToLoc(Other.DeclToLoc), ReturnLoc(Other.ReturnLoc), ThisPointeeLoc(Other.ThisPointeeLoc),
ExprToLoc(Other.ExprToLoc), LocToVal(Other.LocToVal), DeclToLoc(Other.DeclToLoc), ExprToLoc(Other.ExprToLoc),
MemberLocToStruct(Other.MemberLocToStruct), LocToVal(Other.LocToVal), MemberLocToStruct(Other.MemberLocToStruct),
FlowConditionToken(&DACtx->forkFlowCondition(*Other.FlowConditionToken)) { FlowConditionToken(&DACtx->forkFlowCondition(*Other.FlowConditionToken)) {
} }
Environment &Environment::operator=(const Environment &Other) { Environment &Environment::operator=(const Environment &Other) {
Environment Copy(Other); Environment Copy(Other);
*this = std::move(Copy); *this = std::move(Copy);
return *this; return *this;
} }
Environment::Environment(DataflowAnalysisContext &DACtx, Environment::Environment(DataflowAnalysisContext &DACtx,
const DeclContext &DeclCtxArg) const DeclContext &DeclCtx)
: Environment(DACtx) { : Environment(DACtx) {
setDeclCtx(&DeclCtxArg); CallStack.push_back(&DeclCtx);
if (const auto *FuncDecl = dyn_cast<FunctionDecl>(DeclCtx)) { if (const auto *FuncDecl = dyn_cast<FunctionDecl>(&DeclCtx)) {
assert(FuncDecl->getBody() != nullptr); assert(FuncDecl->getBody() != nullptr);
initGlobalVars(*FuncDecl->getBody(), *this); initGlobalVars(*FuncDecl->getBody(), *this);
for (const auto *ParamDecl : FuncDecl->parameters()) { for (const auto *ParamDecl : FuncDecl->parameters()) {
assert(ParamDecl != nullptr); assert(ParamDecl != nullptr);
auto &ParamLoc = createStorageLocation(*ParamDecl); auto &ParamLoc = createStorageLocation(*ParamDecl);
setStorageLocation(*ParamDecl, ParamLoc); setStorageLocation(*ParamDecl, ParamLoc);
if (Value *ParamVal = createValue(ParamDecl->getType())) if (Value *ParamVal = createValue(ParamDecl->getType()))
setValue(ParamLoc, *ParamVal); setValue(ParamLoc, *ParamVal);
} }
QualType ReturnType = FuncDecl->getReturnType(); QualType ReturnType = FuncDecl->getReturnType();
ReturnLoc = &createStorageLocation(ReturnType); ReturnLoc = &createStorageLocation(ReturnType);
} }
if (const auto *MethodDecl = dyn_cast<CXXMethodDecl>(DeclCtx)) { if (const auto *MethodDecl = dyn_cast<CXXMethodDecl>(&DeclCtx)) {
auto *Parent = MethodDecl->getParent(); auto *Parent = MethodDecl->getParent();
assert(Parent != nullptr); assert(Parent != nullptr);
if (Parent->isLambda()) if (Parent->isLambda())
MethodDecl = dyn_cast<CXXMethodDecl>(Parent->getDeclContext()); MethodDecl = dyn_cast<CXXMethodDecl>(Parent->getDeclContext());
if (MethodDecl && !MethodDecl->isStatic()) { if (MethodDecl && !MethodDecl->isStatic()) {
QualType ThisPointeeType = MethodDecl->getThisObjectType(); QualType ThisPointeeType = MethodDecl->getThisObjectType();
// FIXME: Add support for union types. // FIXME: Add support for union types.
if (!ThisPointeeType->isUnionType()) { if (!ThisPointeeType->isUnionType()) {
ThisPointeeLoc = &createStorageLocation(ThisPointeeType); ThisPointeeLoc = &createStorageLocation(ThisPointeeType);
if (Value *ThisPointeeVal = createValue(ThisPointeeType)) if (Value *ThisPointeeVal = createValue(ThisPointeeType))
setValue(*ThisPointeeLoc, *ThisPointeeVal); setValue(*ThisPointeeLoc, *ThisPointeeVal);
} }
} }
} }
} }
bool Environment::canDescend(unsigned MaxDepth,
const DeclContext *Callee) const {
return CallStack.size() <= MaxDepth &&
sgatevUnsubmitted
Not Done
ReplyInline Actions

If canDescend is supposed to return false for MaxDepth = 0, shouldn't this be <?

sgatev: If `canDescend` is supposed to return false for `MaxDepth = 0`, shouldn't this be `<`?
samestepAuthorUnsubmitted
Done
ReplyInline Actions

I don't follow; could you clarify? The CallStack should always be nonempty.

samestep: I don't follow; could you clarify? The `CallStack` should always be nonempty.
std::find(CallStack.begin(), CallStack.end(), Callee) ==
CallStack.end();
}
Environment Environment::pushCall(const CallExpr *Call) const { Environment Environment::pushCall(const CallExpr *Call) const {
Environment Env(*this); Environment Env(*this);
// FIXME: Support references here. // FIXME: Support references here.
Env.ReturnLoc = getStorageLocation(*Call, SkipPast::Reference); Env.ReturnLoc = getStorageLocation(*Call, SkipPast::Reference);
if (const auto *MethodCall = dyn_cast<CXXMemberCallExpr>(Call)) { if (const auto *MethodCall = dyn_cast<CXXMemberCallExpr>(Call)) {
if (const Expr *Arg = MethodCall->getImplicitObjectArgument()) { if (const Expr *Arg = MethodCall->getImplicitObjectArgument()) {
Show All 18 LinesEnvironment Environment::pushCall(const CXXConstructExpr *Call) const {
Env.pushCallInternal(Call->getConstructor(), Env.pushCallInternal(Call->getConstructor(),
llvm::makeArrayRef(Call->getArgs(), Call->getNumArgs())); llvm::makeArrayRef(Call->getArgs(), Call->getNumArgs()));
return Env; return Env;
} }
void Environment::pushCallInternal(const FunctionDecl *FuncDecl, void Environment::pushCallInternal(const FunctionDecl *FuncDecl,
ArrayRef<const Expr *> Args) { ArrayRef<const Expr *> Args) {
setDeclCtx(FuncDecl); CallStack.push_back(FuncDecl);
// FIXME: In order to allow the callee to reference globals, we probably need // FIXME: In order to allow the callee to reference globals, we probably need
// to call `initGlobalVars` here in some way. // to call `initGlobalVars` here in some way.
auto ParamIt = FuncDecl->param_begin(); auto ParamIt = FuncDecl->param_begin();
// FIXME: Parameters don't always map to arguments 1:1; examples include // FIXME: Parameters don't always map to arguments 1:1; examples include
// overloaded operators implemented as member functions, and parameter packs. // overloaded operators implemented as member functions, and parameter packs.
▲ Show 20 LinesShow All 70 Lines▼ Show 20 Linesbool Environment::equivalentTo(const Environment &Other,
return true; return true;
} }
LatticeJoinEffect Environment::join(const Environment &Other, LatticeJoinEffect Environment::join(const Environment &Other,
Environment::ValueModel &Model) { Environment::ValueModel &Model) {
assert(DACtx == Other.DACtx); assert(DACtx == Other.DACtx);
assert(ReturnLoc == Other.ReturnLoc); assert(ReturnLoc == Other.ReturnLoc);
assert(ThisPointeeLoc == Other.ThisPointeeLoc); assert(ThisPointeeLoc == Other.ThisPointeeLoc);
assert(DeclCtx == Other.DeclCtx); assert(CallStack == Other.CallStack);
auto Effect = LatticeJoinEffect::Unchanged; auto Effect = LatticeJoinEffect::Unchanged;
Environment JoinedEnv(*DACtx); Environment JoinedEnv(*DACtx);
JoinedEnv.setDeclCtx(DeclCtx); JoinedEnv.CallStack = CallStack;
JoinedEnv.ReturnLoc = ReturnLoc; JoinedEnv.ReturnLoc = ReturnLoc;
JoinedEnv.ThisPointeeLoc = ThisPointeeLoc; JoinedEnv.ThisPointeeLoc = ThisPointeeLoc;
JoinedEnv.DeclToLoc = intersectDenseMaps(DeclToLoc, Other.DeclToLoc); JoinedEnv.DeclToLoc = intersectDenseMaps(DeclToLoc, Other.DeclToLoc);
if (DeclToLoc.size() != JoinedEnv.DeclToLoc.size()) if (DeclToLoc.size() != JoinedEnv.DeclToLoc.size())
Effect = LatticeJoinEffect::Changed; Effect = LatticeJoinEffect::Changed;
JoinedEnv.ExprToLoc = intersectDenseMaps(ExprToLoc, Other.ExprToLoc); JoinedEnv.ExprToLoc = intersectDenseMaps(ExprToLoc, Other.ExprToLoc);
▲ Show 20 LinesShow All 277 LinesShow Last 20 Lines

clang/lib/Analysis/FlowSensitive/Transfer.cpp

Show First 20 LinesShow All 655 Lines▼ Show 20 Lines BoolValue &getLogicOperatorSubExprValue(const Expr &SubExpr) {
// boolean value for it. // boolean value for it.
return Env.makeAtomicBoolValue(); return Env.makeAtomicBoolValue();
} }
// If context sensitivity is enabled, try to analyze the body of the callee // If context sensitivity is enabled, try to analyze the body of the callee
// `F` of `S`. The type `E` must be either `CallExpr` or `CXXConstructExpr`. // `F` of `S`. The type `E` must be either `CallExpr` or `CXXConstructExpr`.
template <typename E> template <typename E>
void transferInlineCall(const E *S, const FunctionDecl *F) { void transferInlineCall(const E *S, const FunctionDecl *F) {
if (!Options.ContextSensitiveOpts) if (!(Options.ContextSensitiveOpts &&
Env.canDescend(Options.ContextSensitiveOpts->Depth, F)))
xazax.hunUnsubmitted
Not Done
ReplyInline Actions

Alternatively, canDescend could get the optional ContextSensitiveOpts and we can do all the checking there.

xazax.hun: Alternatively, `canDescend` could get the optional `ContextSensitiveOpts` and we can do all the…
samestepAuthorUnsubmitted
Done
ReplyInline Actions

Ah, good idea!

samestep: Ah, good idea!
samestepAuthorUnsubmitted
Done
ReplyInline Actions

Oh... actually that doesn't work quite so nicely, because it introduces a circular dependency between Transfer.h and DataflowEnvironment.h. I'll leave it as-is for now.

samestep: Oh... actually that doesn't work quite so nicely, because it introduces a circular dependency…
return; return;
const ControlFlowContext *CFCtx = Env.getControlFlowContext(F); const ControlFlowContext *CFCtx = Env.getControlFlowContext(F);
if (!CFCtx) if (!CFCtx)
return; return;
// FIXME: We don't support context-sensitive analysis of recursion, so // FIXME: We don't support context-sensitive analysis of recursion, so
// we should return early here if `F` is the same as the `FunctionDecl` // we should return early here if `F` is the same as the `FunctionDecl`
Show All 11 Lines void transferInlineCall(const E *S, const FunctionDecl *F) {
auto CalleeEnv = Env.pushCall(S); auto CalleeEnv = Env.pushCall(S);
// FIXME: Use the same analysis as the caller for the callee. Note, // FIXME: Use the same analysis as the caller for the callee. Note,
// though, that doing so would require support for changing the analysis's // though, that doing so would require support for changing the analysis's
// ASTContext. // ASTContext.
assert(CFCtx->getDecl() != nullptr && assert(CFCtx->getDecl() != nullptr &&
"ControlFlowContexts in the environment should always carry a decl"); "ControlFlowContexts in the environment should always carry a decl");
auto Analysis = NoopAnalysis(CFCtx->getDecl()->getASTContext(), auto Analysis = NoopAnalysis(CFCtx->getDecl()->getASTContext(),
DataflowAnalysisOptions()); DataflowAnalysisOptions{Options});
auto BlockToOutputState = auto BlockToOutputState =
dataflow::runDataflowAnalysis(*CFCtx, Analysis, CalleeEnv); dataflow::runDataflowAnalysis(*CFCtx, Analysis, CalleeEnv);
assert(BlockToOutputState); assert(BlockToOutputState);
assert(ExitBlock < BlockToOutputState->size()); assert(ExitBlock < BlockToOutputState->size());
auto ExitState = (*BlockToOutputState)[ExitBlock]; auto ExitState = (*BlockToOutputState)[ExitBlock];
assert(ExitState); assert(ExitState);
Show All 16 Lines

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show First 20 LinesShow All 3,896 Lines▼ Show 20 Lines runDataflow(Code,
auto &FooVal = auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None)); *cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
EXPECT_FALSE(Env.flowConditionImplies(FooVal)); EXPECT_FALSE(Env.flowConditionImplies(FooVal));
EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal))); EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal)));
}, },
{TransferOptions{/*.ContextSensitiveOpts=*/llvm::None}}); {TransferOptions{/*.ContextSensitiveOpts=*/llvm::None}});
} }
TEST(TransferTest, ContextSensitiveDepthZero) {
std::string Code = R"(
bool GiveBool();
void SetBool(bool &Var) { Var = true; }
void target() {
bool Foo = GiveBool();
SetBool(Foo);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
EXPECT_FALSE(Env.flowConditionImplies(FooVal));
EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal)));
},
{TransferOptions{ContextSensitiveOptions{/*.Depth=*/0}}});
}
TEST(TransferTest, ContextSensitiveSetTrue) { TEST(TransferTest, ContextSensitiveSetTrue) {
std::string Code = R"( std::string Code = R"(
bool GiveBool(); bool GiveBool();
void SetBool(bool &Var) { Var = true; } void SetBool(bool &Var) { Var = true; }
void target() { void target() {
bool Foo = GiveBool(); bool Foo = GiveBool();
SetBool(Foo); SetBool(Foo);
▲ Show 20 LinesShow All 82 Lines▼ Show 20 Lines runDataflow(Code,
auto &BarVal = auto &BarVal =
*cast<BoolValue>(Env.getValue(*BarDecl, SkipPast::None)); *cast<BoolValue>(Env.getValue(*BarDecl, SkipPast::None));
EXPECT_FALSE(Env.flowConditionImplies(BarVal)); EXPECT_FALSE(Env.flowConditionImplies(BarVal));
EXPECT_TRUE(Env.flowConditionImplies(Env.makeNot(BarVal))); EXPECT_TRUE(Env.flowConditionImplies(Env.makeNot(BarVal)));
}, },
{TransferOptions{ContextSensitiveOptions{}}}); {TransferOptions{ContextSensitiveOptions{}}});
} }
TEST(TransferTest, ContextSensitiveSetTwoLayers) { TEST(TransferTest, ContextSensitiveSetTwoLayersDepthOne) {
sgatevUnsubmitted
Not Done
ReplyInline Actions

Let's add a similar test with Depth set to 0.

sgatev: Let's add a similar test with `Depth` set to 0.
std::string Code = R"( std::string Code = R"(
bool GiveBool(); bool GiveBool();
void SetBool1(bool &Var) { Var = true; } void SetBool1(bool &Var) { Var = true; }
void SetBool2(bool &Var) { SetBool1(Var); } void SetBool2(bool &Var) { SetBool1(Var); }
void target() { void target() {
bool Foo = GiveBool(); bool Foo = GiveBool();
SetBool2(Foo); SetBool2(Foo);
Show All 11 Lines runDataflow(Code,
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo"); const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull()); ASSERT_THAT(FooDecl, NotNull());
auto &FooVal = auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None)); *cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
EXPECT_FALSE(Env.flowConditionImplies(FooVal)); EXPECT_FALSE(Env.flowConditionImplies(FooVal));
EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal))); EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal)));
}, },
{TransferOptions{ContextSensitiveOptions{}}}); {TransferOptions{ContextSensitiveOptions{/*.Depth=*/1}}});
}
TEST(TransferTest, ContextSensitiveSetTwoLayersDepthTwo) {
std::string Code = R"(
bool GiveBool();
void SetBool1(bool &Var) { Var = true; }
void SetBool2(bool &Var) { SetBool1(Var); }
void target() {
bool Foo = GiveBool();
SetBool2(Foo);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
EXPECT_TRUE(Env.flowConditionImplies(FooVal));
},
{TransferOptions{ContextSensitiveOptions{/*.Depth=*/2}}});
}
TEST(TransferTest, ContextSensitiveSetThreeLayersDepthTwo) {
std::string Code = R"(
bool GiveBool();
void SetBool1(bool &Var) { Var = true; }
void SetBool2(bool &Var) { SetBool1(Var); }
void SetBool3(bool &Var) { SetBool2(Var); }
void target() {
bool Foo = GiveBool();
SetBool3(Foo);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
EXPECT_FALSE(Env.flowConditionImplies(FooVal));
EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal)));
},
{TransferOptions{ContextSensitiveOptions{/*.Depth=*/2}}});
}
TEST(TransferTest, ContextSensitiveSetThreeLayersDepthThree) {
std::string Code = R"(
bool GiveBool();
void SetBool1(bool &Var) { Var = true; }
void SetBool2(bool &Var) { SetBool1(Var); }
void SetBool3(bool &Var) { SetBool2(Var); }
void target() {
bool Foo = GiveBool();
SetBool3(Foo);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
EXPECT_TRUE(Env.flowConditionImplies(FooVal));
},
{TransferOptions{ContextSensitiveOptions{/*.Depth=*/3}}});
}
TEST(TransferTest, ContextSensitiveMutualRecursion) {
std::string Code = R"(
bool Pong(bool X, bool Y);
bool Ping(bool X, bool Y) {
if (X) {
return Y;
} else {
return Pong(!X, Y);
}
}
bool Pong(bool X, bool Y) {
if (Y) {
return X;
} else {
return Ping(X, !Y);
}
}
void target() {
bool Foo = Ping(false, false);
// [[p]]
}
)";
runDataflow(Code,
[](llvm::ArrayRef<
std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
Results,
ASTContext &ASTCtx) {
ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
// The analysis doesn't crash...
const Environment &Env = Results[0].second.Env;
const ValueDecl *FooDecl = findValueDecl(ASTCtx, "Foo");
ASSERT_THAT(FooDecl, NotNull());
auto &FooVal =
*cast<BoolValue>(Env.getValue(*FooDecl, SkipPast::None));
// ... but it also can't prove anything here.
EXPECT_FALSE(Env.flowConditionImplies(FooVal));
EXPECT_FALSE(Env.flowConditionImplies(Env.makeNot(FooVal)));
},
{TransferOptions{ContextSensitiveOptions{/*.Depth=*/4}}});
} }
TEST(TransferTest, ContextSensitiveSetMultipleLines) { TEST(TransferTest, ContextSensitiveSetMultipleLines) {
std::string Code = R"( std::string Code = R"(
void SetBools(bool &Var1, bool &Var2) { void SetBools(bool &Var1, bool &Var2) {
Var1 = true; Var1 = true;
Var2 = false; Var2 = false;
} }
▲ Show 20 LinesShow All 439 LinesShow Last 20 Lines