This is an archive of the discontinued LLVM Phabricator instance.

Differential D140694

[clang][dataflow] Only model struct fields that are used in the function being analyzed.
ClosedPublic

Authored by ymandel on Dec 27 2022, 7:40 AM.

Details

Reviewers
xazax.hun
gribozavr2
NoQ
Commits
rG5e8f597c2fed: [clang][dataflow] Only model struct fields that are used in the function being…
Summary

Previously, the model for structs modeled all fields in a struct when
createValue was called for that type. This patch adds a prepass on the
function under analysis to discover the fields referenced in the scope and then
limits modeling to only those fields. This reduces wasted memory usage
(modeling unused fields) which can be important for programss that use large
structs.

Note: This patch obviates the need for https://reviews.llvm.org/D123032.

Diff Detail

Event Timeline

ymandel created this revision.Dec 27 2022, 7:40 AM
Herald added a reviewer: NoQ. · View Herald TranscriptDec 27 2022, 7:40 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: martong, rnkovacs. · View Herald Transcript
ymandel requested review of this revision.Dec 27 2022, 7:40 AM
Herald added a project: Restricted Project. · View Herald TranscriptDec 27 2022, 7:40 AM
Harbormaster completed remote builds in B204984: Diff 485376.Dec 27 2022, 8:27 AM
gribozavr2 accepted this revision.Dec 27 2022, 9:59 AM
gribozavr2 added inline comments.
clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
147–148
380
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
455
clang/unittests/Analysis/FlowSensitive/DataflowEnvironmentTest.cpp
61
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
167

It is not clear what "optional" means for a boolean.

This revision is now accepted and ready to land.Dec 27 2022, 9:59 AM
ymandel updated this revision to Diff 485393.Dec 27 2022, 10:16 AM

address comments; fix lifetime bug in new code.

ymandel marked 5 inline comments as done.Dec 27 2022, 10:23 AM
Harbormaster completed remote builds in B204995: Diff 485393.Dec 27 2022, 10:24 AM
ymandel added a child revision: D140703: [clang][dataflow] Unify `TransferOptions` and `DataflowAnalysisContext::Options`..Dec 27 2022, 10:54 AM
ymandel added a comment.Jan 4 2023, 5:38 AM

Gabor -- do you want to review before I land this patch (Dmitri already accepted it)? thx

xazax.hun accepted this revision.Jan 4 2023, 7:50 AM

This is a big improvement, I skimmed through it and looks good to me. There might be some sneaky ways to change values of fields without mentioning them, e.g., casting a pointer to a struct to an array of chars. But I think reasoning about those scenarios is probably not something we want to model anytime soon.

Another pesky scenario when we are not doing context sensitive analysis:

int* pointsToField = getField(myObj);

But this can be handled correctly in a conservative way buy treating `myObj' as escaped. Overall, I dont anticipate any blockers at the moment.

xazax.hun added a comment.Jan 5 2023, 9:14 AM

I realized I did not say this explicitly in my previous comment, but feel free to commit :)

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
263

Is there any scenario where check authors might invoke this function? If no, I wonder if it would be better to make this private and make Environment a friend of this class. Keeping the number of public methods minimal could be a great service to future check authors.

ymandel updated this revision to Diff 486657.Jan 5 2023, 1:05 PM

rebase onto HEAD

ymandel updated this revision to Diff 486658.Jan 5 2023, 1:11 PM

address comments

ymandel marked an inline comment as done.Jan 5 2023, 1:13 PM
In D140694#4026244, @xazax.hun wrote:

This is a big improvement, I skimmed through it and looks good to me. There might be some sneaky ways to change values of fields without mentioning them, e.g., casting a pointer to a struct to an array of chars. But I think reasoning about those scenarios is probably not something we want to model anytime soon.

Thanks!

Another pesky scenario when we are not doing context sensitive analysis:

int* pointsToField = getField(myObj);

But this can be handled correctly in a conservative way buy treating `myObj' as escaped. Overall, I dont anticipate any blockers at the moment.

Agreed. I think any other field access either falls into 1) we don't handle it soundly anyhow or 2) a conservative analysis will rule it out.

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
263

Good point. Done.

ymandel updated this revision to Diff 486659.Jan 5 2023, 1:14 PM
ymandel marked an inline comment as done.

fix typo

ymandel updated this revision to Diff 486666.Jan 5 2023, 1:30 PM

fix broken test (from rebase)

This revision was landed with ongoing or failed builds.Jan 5 2023, 1:47 PM
Closed by commit rG5e8f597c2fed: [clang][dataflow] Only model struct fields that are used in the function being… (authored by ymandel). · Explain Why
This revision was automatically updated to reflect the committed changes.
ymandel added a commit: rG5e8f597c2fed: [clang][dataflow] Only model struct fields that are used in the function being….
Harbormaster completed remote builds in B205983: Diff 486666.Jan 5 2023, 2:33 PM
thakis added a subscriber: thakis.Jan 5 2023, 3:35 PM

This breaks tests on Mac: http://45.33.8.238/macm1/52112/step_7.txt

Please take a look and revert for now if it takes a while to fix.

paulkirth added a subscriber: paulkirth.Jan 5 2023, 3:45 PM

We're seeing a similar breakage on Linux in Fuchsia's Clang CI: https://ci.chromium.org/ui/p/fuchsia/builders/toolchain.ci/clang-linux-x64/b8792772367021497153/overview

ymandel added a comment.Jan 5 2023, 5:05 PM

I'll revert now and take a look in the morning...

ymandel added a reverting change: rG2b1a517a92bf: Revert "[clang][dataflow] Only model struct fields that are used in the….Jan 5 2023, 5:08 PM
ymandel reopened this revision.Jan 6 2023, 5:44 AM
This revision is now accepted and ready to land.Jan 6 2023, 5:44 AM
ymandel mentioned this in D123032: [clang][dataflow] Exclude protobuf types from modeling in the environment..Jan 6 2023, 6:52 AM
ymandel updated this revision to Diff 486926.Jan 6 2023, 10:26 AM

fix use-after-free bug in test. Possible cause of buildbot failures.

Harbormaster completed remote builds in B206155: Diff 486926.Jan 6 2023, 11:18 AM
xazax.hun accepted this revision.Jan 6 2023, 2:05 PM

I think in these cases you can recommit without waiting for a new round of reviews, but I hit accept just in case :)

gribozavr2 accepted this revision.Jan 6 2023, 2:14 PM
ymandel updated this revision to Diff 487506.Jan 9 2023, 11:12 AM

fix memory error that cause buildbot failures

Fixes a self-move assign. This operation should be safe, but is known to cause
problems in some implementations of the standard library. The patch drops the
assignment, which was unnecessary since the object is modified in place.

ymandel closed this revision.Jan 9 2023, 11:40 AM

Committed: https://reviews.llvm.org/rG01ccf7b3cee58dbe02fd97696cae1781746b6137

ymandel removed a child revision: D140703: [clang][dataflow] Unify `TransferOptions` and `DataflowAnalysisContext::Options`..Jan 9 2023, 11:56 AM
Harbormaster completed remote builds in B206592: Diff 487506.Jan 9 2023, 3:32 PM

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
FlowSensitive/
24 lines
3 lines
lib/
Analysis/
FlowSensitive/
27 lines
137 lines
2 lines
unittests/
Analysis/
FlowSensitive/
19 lines
12 lines
64 lines

Diff 486926

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
/// Returns the set of all fields in the type. /// Returns the set of all fields in the type.
llvm::DenseSet<const FieldDecl *> getObjectFields(QualType Type); llvm::DenseSet<const FieldDecl *> getObjectFields(QualType Type);
/// Owns objects that encompass the state of a program and stores context that /// Owns objects that encompass the state of a program and stores context that
/// is used during dataflow analysis. /// is used during dataflow analysis.
class DataflowAnalysisContext { class DataflowAnalysisContext {
public: public:
// FIXME: merge with TransferOptions from Transfer.h.
struct Options {
bool EnableContextSensitiveAnalysis;
};
/// Constructs a dataflow analysis context. /// Constructs a dataflow analysis context.
/// ///
/// Requirements: /// Requirements:
/// ///
/// `S` must not be null. /// `S` must not be null.
DataflowAnalysisContext(std::unique_ptr<Solver> S) DataflowAnalysisContext(std::unique_ptr<Solver> S,
Options Opts = {
/*EnableContextSensitiveAnalysis=*/false})
: S(std::move(S)), TrueVal(createAtomicBoolValue()), : S(std::move(S)), TrueVal(createAtomicBoolValue()),
FalseVal(createAtomicBoolValue()) { FalseVal(createAtomicBoolValue()), Options(Opts) {
assert(this->S != nullptr); assert(this->S != nullptr);
} }
/// Takes ownership of `Loc` and returns a reference to it. /// Takes ownership of `Loc` and returns a reference to it.
/// ///
/// Requirements: /// Requirements:
/// ///
/// `Loc` must not be null. /// `Loc` must not be null.
▲ Show 20 LinesShow All 59 Lines▼ Show 20 Linespublic:
/// Returns the storage location assigned to `E` or null if `E` has no /// Returns the storage location assigned to `E` or null if `E` has no
/// assigned storage location. /// assigned storage location.
StorageLocation *getStorageLocation(const Expr &E) const { StorageLocation *getStorageLocation(const Expr &E) const {
auto It = ExprToLoc.find(&ignoreCFGOmittedNodes(E)); auto It = ExprToLoc.find(&ignoreCFGOmittedNodes(E));
return It == ExprToLoc.end() ? nullptr : It->second; return It == ExprToLoc.end() ? nullptr : It->second;
} }
/// Returns a pointer value that represents a null pointer. Calls with /// Returns a pointer value that represents a null pointer. Calls with
/// `PointeeType` that are canonically equivalent will return the same result. /// `PointeeType` that are canonically equivalent will return the same result.
gribozavr2Unsubmitted
Done
ReplyInline Actions
return It == ExprToLoc.end() ? nullptr : It->second;
}
- // Returns the subset of fields of `Type` that are referenced in the scope of
- // the analysis.
+ /// Returns the subset of fields of `Type` that are referenced in the scope of
+ /// the analysis.
llvm::DenseSet<const FieldDecl *> getReferencedFields(QualType Type);
gribozavr2:
/// A null `PointeeType` can be used for the pointee of `std::nullptr_t`. /// A null `PointeeType` can be used for the pointee of `std::nullptr_t`.
PointerValue &getOrCreateNullPointerValue(QualType PointeeType); PointerValue &getOrCreateNullPointerValue(QualType PointeeType);
/// Returns a symbolic boolean value that models a boolean literal equal to /// Returns a symbolic boolean value that models a boolean literal equal to
/// `Value`. /// `Value`.
AtomicBoolValue &getBoolLiteralValue(bool Value) const { AtomicBoolValue &getBoolLiteralValue(bool Value) const {
return Value ? TrueVal : FalseVal; return Value ? TrueVal : FalseVal;
} }
▲ Show 20 LinesShow All 98 Lines▼ Show 20 Linespublic:
bool equivalentBoolValues(BoolValue &Val1, BoolValue &Val2); bool equivalentBoolValues(BoolValue &Val1, BoolValue &Val2);
LLVM_DUMP_METHOD void dumpFlowCondition(AtomicBoolValue &Token); LLVM_DUMP_METHOD void dumpFlowCondition(AtomicBoolValue &Token);
/// Returns the `ControlFlowContext` registered for `F`, if any. Otherwise, /// Returns the `ControlFlowContext` registered for `F`, if any. Otherwise,
/// returns null. /// returns null.
const ControlFlowContext *getControlFlowContext(const FunctionDecl *F); const ControlFlowContext *getControlFlowContext(const FunctionDecl *F);
void addFieldsReferencedInScope(llvm::DenseSet<const FieldDecl *> Fields);
xazax.hunUnsubmitted
Done
ReplyInline Actions

Is there any scenario where check authors might invoke this function? If no, I wonder if it would be better to make this private and make Environment a friend of this class. Keeping the number of public methods minimal could be a great service to future check authors.

xazax.hun: Is there any scenario where check authors might invoke this function? If no, I wonder if it…
ymandelAuthorUnsubmitted
Done
ReplyInline Actions

Good point. Done.

ymandel: Good point. Done.
private: private:
friend class Environment;
struct NullableQualTypeDenseMapInfo : private llvm::DenseMapInfo<QualType> { struct NullableQualTypeDenseMapInfo : private llvm::DenseMapInfo<QualType> {
static QualType getEmptyKey() { static QualType getEmptyKey() {
// Allow a NULL `QualType` by using a different value as the empty key. // Allow a NULL `QualType` by using a different value as the empty key.
return QualType::getFromOpaquePtr(reinterpret_cast<Type *>(1)); return QualType::getFromOpaquePtr(reinterpret_cast<Type *>(1));
} }
using DenseMapInfo::getHashValue; using DenseMapInfo::getHashValue;
using DenseMapInfo::getTombstoneKey; using DenseMapInfo::getTombstoneKey;
using DenseMapInfo::isEqual; using DenseMapInfo::isEqual;
}; };
/// Returns the subset of fields of `Type` that are referenced in the scope of
/// the analysis.
llvm::DenseSet<const FieldDecl *> getReferencedFields(QualType Type);
/// Adds all constraints of the flow condition identified by `Token` and all /// Adds all constraints of the flow condition identified by `Token` and all
/// of its transitive dependencies to `Constraints`. `VisitedTokens` is used /// of its transitive dependencies to `Constraints`. `VisitedTokens` is used
/// to track tokens of flow conditions that were already visited by recursive /// to track tokens of flow conditions that were already visited by recursive
/// calls. /// calls.
void addTransitiveFlowConditionConstraints( void addTransitiveFlowConditionConstraints(
AtomicBoolValue &Token, llvm::DenseSet<BoolValue *> &Constraints, AtomicBoolValue &Token, llvm::DenseSet<BoolValue *> &Constraints,
llvm::DenseSet<AtomicBoolValue *> &VisitedTokens); llvm::DenseSet<AtomicBoolValue *> &VisitedTokens);
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Linesprivate:
// creating a type-independent `NullPointerValue` without a `PointeeLoc` // creating a type-independent `NullPointerValue` without a `PointeeLoc`
// field. // field.
llvm::DenseMap<QualType, PointerValue *, NullableQualTypeDenseMapInfo> llvm::DenseMap<QualType, PointerValue *, NullableQualTypeDenseMapInfo>
NullPointerVals; NullPointerVals;
AtomicBoolValue &TrueVal; AtomicBoolValue &TrueVal;
AtomicBoolValue &FalseVal; AtomicBoolValue &FalseVal;
Options Options;
// Indices that are used to avoid recreating the same composite boolean // Indices that are used to avoid recreating the same composite boolean
// values. // values.
llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, ConjunctionValue *> llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, ConjunctionValue *>
ConjunctionVals; ConjunctionVals;
llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, DisjunctionValue *> llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, DisjunctionValue *>
DisjunctionVals; DisjunctionVals;
llvm::DenseMap<BoolValue *, NegationValue *> NegationVals; llvm::DenseMap<BoolValue *, NegationValue *> NegationVals;
llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, ImplicationValue *> llvm::DenseMap<std::pair<BoolValue *, BoolValue *>, ImplicationValue *>
Show All 13 Linesprivate:
// Flow conditions depend on other flow conditions if they are created using // Flow conditions depend on other flow conditions if they are created using
// `forkFlowCondition` or `joinFlowConditions`. The graph of flow condition // `forkFlowCondition` or `joinFlowConditions`. The graph of flow condition
// dependencies is stored in the `FlowConditionDeps` map. // dependencies is stored in the `FlowConditionDeps` map.
llvm::DenseMap<AtomicBoolValue *, llvm::DenseSet<AtomicBoolValue *>> llvm::DenseMap<AtomicBoolValue *, llvm::DenseSet<AtomicBoolValue *>>
FlowConditionDeps; FlowConditionDeps;
llvm::DenseMap<AtomicBoolValue *, BoolValue *> FlowConditionConstraints; llvm::DenseMap<AtomicBoolValue *, BoolValue *> FlowConditionConstraints;
llvm::DenseMap<const FunctionDecl *, ControlFlowContext> FunctionContexts; llvm::DenseMap<const FunctionDecl *, ControlFlowContext> FunctionContexts;
// All fields referenced (statically) in the scope of the analysis.
gribozavr2Unsubmitted
Done
ReplyInline Actions
llvm::DenseMap<const FunctionDecl *, ControlFlowContext> FunctionContexts;
- // The set of all fields referenced in the scope of the analysis.
+ // All fields referenced in the scope of the analysis.
llvm::DenseSet<const FieldDecl *> FieldsReferencedInScope;
gribozavr2:
llvm::DenseSet<const FieldDecl *> FieldsReferencedInScope;
}; };
} // namespace dataflow } // namespace dataflow
} // namespace clang } // namespace clang
#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H #endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H

clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h

Show First 20 LinesShow All 446 Lines▼ Show 20 Linesprivate:
const StorageLocation &skip(const StorageLocation &Loc, SkipPast SP) const; const StorageLocation &skip(const StorageLocation &Loc, SkipPast SP) const;
/// Shared implementation of `pushCall` overloads. Note that unlike /// Shared implementation of `pushCall` overloads. Note that unlike
/// `pushCall`, this member is invoked on the environment of the callee, not /// `pushCall`, this member is invoked on the environment of the callee, not
/// of the caller. /// of the caller.
void pushCallInternal(const FunctionDecl *FuncDecl, void pushCallInternal(const FunctionDecl *FuncDecl,
ArrayRef<const Expr *> Args); ArrayRef<const Expr *> Args);
/// Assigns storage locations and values to all variables in `Vars`.
gribozavr2Unsubmitted
Done
ReplyInline Actions
ArrayRef<const Expr *> Args);
- // Assign storage locations and values to all variables in `Vars`.
+ /// Assigns storage locations and values to all variables in `Vars`.
void initVars(llvm::DenseSet<const VarDecl *> Vars);
gribozavr2:
void initVars(llvm::DenseSet<const VarDecl *> Vars);
// `DACtx` is not null and not owned by this object. // `DACtx` is not null and not owned by this object.
DataflowAnalysisContext *DACtx; DataflowAnalysisContext *DACtx;
// FIXME: move the fields `CallStack`, `ReturnLoc` and `ThisPointeeLoc` into a // FIXME: move the fields `CallStack`, `ReturnLoc` and `ThisPointeeLoc` into a
// separate call-context object, shared between environments in the same call. // separate call-context object, shared between environments in the same call.
// https://github.com/llvm/llvm-project/issues/59005 // https://github.com/llvm/llvm-project/issues/59005
Show All 32 Lines

clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp

Show All 10 Lines
// dataflow analysis. // dataflow analysis.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/Analysis/FlowSensitive/DataflowAnalysisContext.h" #include "clang/Analysis/FlowSensitive/DataflowAnalysisContext.h"
#include "clang/AST/ExprCXX.h" #include "clang/AST/ExprCXX.h"
#include "clang/Analysis/FlowSensitive/DebugSupport.h" #include "clang/Analysis/FlowSensitive/DebugSupport.h"
#include "clang/Analysis/FlowSensitive/Value.h" #include "clang/Analysis/FlowSensitive/Value.h"
#include "llvm/ADT/SetOperations.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include <cassert> #include <cassert>
#include <memory> #include <memory>
#include <utility> #include <utility>
namespace clang { namespace clang {
namespace dataflow { namespace dataflow {
void DataflowAnalysisContext::addFieldsReferencedInScope(
llvm::DenseSet<const FieldDecl *> Fields) {
llvm::set_union(FieldsReferencedInScope, Fields);
}
llvm::DenseSet<const FieldDecl *>
DataflowAnalysisContext::getReferencedFields(QualType Type) {
llvm::DenseSet<const FieldDecl *> Fields = getObjectFields(Type);
llvm::set_intersect(Fields, FieldsReferencedInScope);
return Fields;
}
StorageLocation &DataflowAnalysisContext::createStorageLocation(QualType Type) { StorageLocation &DataflowAnalysisContext::createStorageLocation(QualType Type) {
if (!Type.isNull() && if (!Type.isNull() &&
(Type->isStructureOrClassType() || Type->isUnionType())) { (Type->isStructureOrClassType() || Type->isUnionType())) {
// FIXME: Explore options to avoid eager initialization of fields as some of
// them might not be needed for a particular analysis.
llvm::DenseMap<const ValueDecl *, StorageLocation *> FieldLocs; llvm::DenseMap<const ValueDecl *, StorageLocation *> FieldLocs;
for (const FieldDecl *Field : getObjectFields(Type)) // During context-sensitive analysis, a struct may be allocated in one
// function, but its field accessed in a function lower in the stack than
// the allocation. Since we only collect fields used in the function where
// the allocation occurs, we can't apply that filter when performing
// context-sensitive analysis. But, this only applies to storage locations,
// since fields access it not allowed to fail. In contrast, field *values*
// don't need this allowance, since the API allows for uninitialized fields.
auto Fields = Options.EnableContextSensitiveAnalysis
? getObjectFields(Type)
: getReferencedFields(Type);
for (const FieldDecl *Field : Fields)
FieldLocs.insert({Field, &createStorageLocation(Field->getType())}); FieldLocs.insert({Field, &createStorageLocation(Field->getType())});
return takeOwnership( return takeOwnership(
std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs))); std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs)));
} }
return takeOwnership(std::make_unique<ScalarStorageLocation>(Type)); return takeOwnership(std::make_unique<ScalarStorageLocation>(Type));
} }
StorageLocation & StorageLocation &
▲ Show 20 LinesShow All 361 LinesShow Last 20 Lines

clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp

Show First 20 LinesShow All 145 Lines▼ Show 20 Linesstatic Value &widenDistinctValues(QualType Type, Value &Prev,
if (auto *W = Model.widen(Type, Prev, PrevEnv, Current, CurrentEnv)) if (auto *W = Model.widen(Type, Prev, PrevEnv, Current, CurrentEnv))
return *W; return *W;
// Default of widening is a no-op: leave the current value unchanged. // Default of widening is a no-op: leave the current value unchanged.
return Current; return Current;
} }
/// Initializes a global storage value. /// Initializes a global storage value.
static void initGlobalVar(const VarDecl &D, Environment &Env) { static void insertIfGlobal(const Decl &D,
if (!D.hasGlobalStorage() || llvm::DenseSet<const FieldDecl *> &Fields,
Env.getStorageLocation(D, SkipPast::None) != nullptr) llvm::DenseSet<const VarDecl *> &Vars) {
return;
auto &Loc = Env.createStorageLocation(D);
Env.setStorageLocation(D, Loc);
if (auto *Val = Env.createValue(D.getType()))
Env.setValue(Loc, *Val);
}
/// Initializes a global storage value.
static void initGlobalVar(const Decl &D, Environment &Env) {
if (auto *V = dyn_cast<VarDecl>(&D)) if (auto *V = dyn_cast<VarDecl>(&D))
initGlobalVar(*V, Env); if (V->hasGlobalStorage())
Vars.insert(V);
} }
/// Initializes global storage values that are declared or referenced from static void getFieldsAndGlobalVars(const Decl &D,
/// sub-statements of `S`. llvm::DenseSet<const FieldDecl *> &Fields,
// FIXME: Add support for resetting globals after function calls to enable llvm::DenseSet<const VarDecl *> &Vars) {
// the implementation of sound analyses. insertIfGlobal(D, Fields, Vars);
static void initGlobalVars(const Stmt &S, Environment &Env) { if (const auto *Decomp = dyn_cast<DecompositionDecl>(&D))
for (auto *Child : S.children()) { for (const auto *B : Decomp->bindings())
if (auto *ME = dyn_cast_or_null<MemberExpr>(B->getBinding()))
// FIXME: should we be using `E->getFoundDecl()`?
if (const auto *FD = dyn_cast<FieldDecl>(ME->getMemberDecl()))
Fields.insert(FD);
}
/// Traverses `S` and inserts into `Vars` any global storage values that are
/// declared in or referenced from sub-statements.
static void getFieldsAndGlobalVars(const Stmt &S,
llvm::DenseSet<const FieldDecl *> &Fields,
llvm::DenseSet<const VarDecl *> &Vars) {
for (auto *Child : S.children())
if (Child != nullptr) if (Child != nullptr)
initGlobalVars(*Child, Env); getFieldsAndGlobalVars(*Child, Fields, Vars);
}
if (auto *DS = dyn_cast<DeclStmt>(&S)) { if (auto *DS = dyn_cast<DeclStmt>(&S)) {
if (DS->isSingleDecl()) { if (DS->isSingleDecl())
initGlobalVar(*DS->getSingleDecl(), Env); getFieldsAndGlobalVars(*DS->getSingleDecl(), Fields, Vars);
} else { else
for (auto *D : DS->getDeclGroup()) for (auto *D : DS->getDeclGroup())
initGlobalVar(*D, Env); getFieldsAndGlobalVars(*D, Fields, Vars);
}
} else if (auto *E = dyn_cast<DeclRefExpr>(&S)) { } else if (auto *E = dyn_cast<DeclRefExpr>(&S)) {
initGlobalVar(*E->getDecl(), Env); insertIfGlobal(*E->getDecl(), Fields, Vars);
} else if (auto *E = dyn_cast<MemberExpr>(&S)) { } else if (auto *E = dyn_cast<MemberExpr>(&S)) {
initGlobalVar(*E->getMemberDecl(), Env); // FIXME: should we be using `E->getFoundDecl()`?
const ValueDecl *VD = E->getMemberDecl();
insertIfGlobal(*VD, Fields, Vars);
if (const auto *FD = dyn_cast<FieldDecl>(VD))
Fields.insert(FD);
}
}
// FIXME: Add support for resetting globals after function calls to enable
// the implementation of sound analyses.
void Environment::initVars(llvm::DenseSet<const VarDecl *> Vars) {
for (const VarDecl *D : Vars) {
if (getStorageLocation(*D, SkipPast::None) != nullptr)
continue;
auto &Loc = createStorageLocation(*D);
setStorageLocation(*D, Loc);
if (auto *Val = createValue(D->getType()))
setValue(Loc, *Val);
} }
} }
Environment::Environment(DataflowAnalysisContext &DACtx) Environment::Environment(DataflowAnalysisContext &DACtx)
: DACtx(&DACtx), FlowConditionToken(&DACtx.makeFlowConditionToken()) {} : DACtx(&DACtx), FlowConditionToken(&DACtx.makeFlowConditionToken()) {}
Environment::Environment(const Environment &Other) Environment::Environment(const Environment &Other)
: DACtx(Other.DACtx), CallStack(Other.CallStack), : DACtx(Other.DACtx), CallStack(Other.CallStack),
Show All 11 Lines
Environment::Environment(DataflowAnalysisContext &DACtx, Environment::Environment(DataflowAnalysisContext &DACtx,
const DeclContext &DeclCtx) const DeclContext &DeclCtx)
: Environment(DACtx) { : Environment(DACtx) {
CallStack.push_back(&DeclCtx); CallStack.push_back(&DeclCtx);
if (const auto *FuncDecl = dyn_cast<FunctionDecl>(&DeclCtx)) { if (const auto *FuncDecl = dyn_cast<FunctionDecl>(&DeclCtx)) {
assert(FuncDecl->getBody() != nullptr); assert(FuncDecl->getBody() != nullptr);
initGlobalVars(*FuncDecl->getBody(), *this);
llvm::DenseSet<const FieldDecl *> Fields;
llvm::DenseSet<const VarDecl *> Vars;
// Look for global variable references in the constructor-initializers.
if (const auto *CtorDecl = dyn_cast<CXXConstructorDecl>(&DeclCtx)) {
for (const auto *Init : CtorDecl->inits()) {
if (const auto *M = Init->getAnyMember())
Fields.insert(M);
const Expr *E = Init->getInit();
assert(E != nullptr);
getFieldsAndGlobalVars(*E, Fields, Vars);
}
}
getFieldsAndGlobalVars(*FuncDecl->getBody(), Fields, Vars);
initVars(Vars);
// These have to be set before the lines that follow to ensure that create*
// work correctly for structs.
DACtx.addFieldsReferencedInScope(std::move(Fields));
for (const auto *ParamDecl : FuncDecl->parameters()) { for (const auto *ParamDecl : FuncDecl->parameters()) {
assert(ParamDecl != nullptr); assert(ParamDecl != nullptr);
auto &ParamLoc = createStorageLocation(*ParamDecl); auto &ParamLoc = createStorageLocation(*ParamDecl);
setStorageLocation(*ParamDecl, ParamLoc); setStorageLocation(*ParamDecl, ParamLoc);
if (Value *ParamVal = createValue(ParamDecl->getType())) if (Value *ParamVal = createValue(ParamDecl->getType()))
setValue(ParamLoc, *ParamVal); setValue(ParamLoc, *ParamVal);
} }
Show All 10 Lines if (const auto *MethodDecl = dyn_cast<CXXMethodDecl>(&DeclCtx)) {
// FIXME: Initialize the ThisPointeeLoc of lambdas too. // FIXME: Initialize the ThisPointeeLoc of lambdas too.
if (MethodDecl && !MethodDecl->isStatic()) { if (MethodDecl && !MethodDecl->isStatic()) {
QualType ThisPointeeType = MethodDecl->getThisObjectType(); QualType ThisPointeeType = MethodDecl->getThisObjectType();
ThisPointeeLoc = &createStorageLocation(ThisPointeeType); ThisPointeeLoc = &createStorageLocation(ThisPointeeType);
if (Value *ThisPointeeVal = createValue(ThisPointeeType)) if (Value *ThisPointeeVal = createValue(ThisPointeeType))
setValue(*ThisPointeeLoc, *ThisPointeeVal); setValue(*ThisPointeeLoc, *ThisPointeeVal);
} }
} }
// Look for global variable references in the constructor-initializers.
if (const auto *CtorDecl = dyn_cast<CXXConstructorDecl>(&DeclCtx)) {
for (const auto *Init : CtorDecl->inits()) {
const Expr *E = Init->getInit();
assert(E != nullptr);
initGlobalVars(*E, *this);
}
}
} }
bool Environment::canDescend(unsigned MaxDepth, bool Environment::canDescend(unsigned MaxDepth,
const DeclContext *Callee) const { const DeclContext *Callee) const {
return CallStack.size() <= MaxDepth && !llvm::is_contained(CallStack, Callee); return CallStack.size() <= MaxDepth && !llvm::is_contained(CallStack, Callee);
} }
Environment Environment::pushCall(const CallExpr *Call) const { Environment Environment::pushCall(const CallExpr *Call) const {
Show All 30 LinesEnvironment Environment::pushCall(const CXXConstructExpr *Call) const {
return Env; return Env;
} }
void Environment::pushCallInternal(const FunctionDecl *FuncDecl, void Environment::pushCallInternal(const FunctionDecl *FuncDecl,
ArrayRef<const Expr *> Args) { ArrayRef<const Expr *> Args) {
CallStack.push_back(FuncDecl); CallStack.push_back(FuncDecl);
// FIXME: In order to allow the callee to reference globals, we probably need // FIXME: Share this code with the constructor, rather than duplicating it.
// to call `initGlobalVars` here in some way. llvm::DenseSet<const FieldDecl *> Fields;
llvm::DenseSet<const VarDecl *> Vars;
// Look for global variable references in the constructor-initializers.
if (const auto *CtorDecl = dyn_cast<CXXConstructorDecl>(FuncDecl)) {
for (const auto *Init : CtorDecl->inits()) {
if (const auto *M = Init->getAnyMember())
Fields.insert(M);
const Expr *E = Init->getInit();
assert(E != nullptr);
getFieldsAndGlobalVars(*E, Fields, Vars);
}
}
getFieldsAndGlobalVars(*FuncDecl->getBody(), Fields, Vars);
initVars(Vars);
DACtx->addFieldsReferencedInScope(std::move(Fields));
auto ParamIt = FuncDecl->param_begin(); const auto *ParamIt = FuncDecl->param_begin();
// FIXME: Parameters don't always map to arguments 1:1; examples include // FIXME: Parameters don't always map to arguments 1:1; examples include
// overloaded operators implemented as member functions, and parameter packs. // overloaded operators implemented as member functions, and parameter packs.
for (unsigned ArgIndex = 0; ArgIndex < Args.size(); ++ParamIt, ++ArgIndex) { for (unsigned ArgIndex = 0; ArgIndex < Args.size(); ++ParamIt, ++ArgIndex) {
assert(ParamIt != FuncDecl->param_end()); assert(ParamIt != FuncDecl->param_end());
const Expr *Arg = Args[ArgIndex]; const Expr *Arg = Args[ArgIndex];
auto *ArgLoc = getStorageLocation(*Arg, SkipPast::Reference); auto *ArgLoc = getStorageLocation(*Arg, SkipPast::Reference);
▲ Show 20 LinesShow All 252 Lines▼ Show 20 Linesvoid Environment::setValue(const StorageLocation &Loc, Value &Val) {
LocToVal[&Loc] = &Val; LocToVal[&Loc] = &Val;
if (auto *StructVal = dyn_cast<StructValue>(&Val)) { if (auto *StructVal = dyn_cast<StructValue>(&Val)) {
auto &AggregateLoc = *cast<AggregateStorageLocation>(&Loc); auto &AggregateLoc = *cast<AggregateStorageLocation>(&Loc);
const QualType Type = AggregateLoc.getType(); const QualType Type = AggregateLoc.getType();
assert(Type->isStructureOrClassType() || Type->isUnionType()); assert(Type->isStructureOrClassType() || Type->isUnionType());
for (const FieldDecl *Field : getObjectFields(Type)) { for (const FieldDecl *Field : DACtx->getReferencedFields(Type)) {
assert(Field != nullptr); assert(Field != nullptr);
StorageLocation &FieldLoc = AggregateLoc.getChild(*Field); StorageLocation &FieldLoc = AggregateLoc.getChild(*Field);
MemberLocToStruct[&FieldLoc] = std::make_pair(StructVal, Field); MemberLocToStruct[&FieldLoc] = std::make_pair(StructVal, Field);
if (auto *FieldVal = StructVal->getChild(*Field)) if (auto *FieldVal = StructVal->getChild(*Field))
setValue(FieldLoc, *FieldVal); setValue(FieldLoc, *FieldVal);
} }
} }
▲ Show 20 LinesShow All 97 Lines▼ Show 20 Lines if (Visited.insert(PointeeType.getCanonicalType()).second) {
setValue(PointeeLoc, *PointeeVal); setValue(PointeeLoc, *PointeeVal);
} }
return &takeOwnership(std::make_unique<PointerValue>(PointeeLoc)); return &takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
} }
if (Type->isStructureOrClassType() || Type->isUnionType()) { if (Type->isStructureOrClassType() || Type->isUnionType()) {
CreatedValuesCount++; CreatedValuesCount++;
// FIXME: Initialize only fields that are accessed in the context that is
// being analyzed.
llvm::DenseMap<const ValueDecl *, Value *> FieldValues; llvm::DenseMap<const ValueDecl *, Value *> FieldValues;
for (const FieldDecl *Field : getObjectFields(Type)) { for (const FieldDecl *Field : DACtx->getReferencedFields(Type)) {
assert(Field != nullptr); assert(Field != nullptr);
QualType FieldType = Field->getType(); QualType FieldType = Field->getType();
if (Visited.contains(FieldType.getCanonicalType())) if (Visited.contains(FieldType.getCanonicalType()))
continue; continue;
Visited.insert(FieldType.getCanonicalType()); Visited.insert(FieldType.getCanonicalType());
if (auto *FieldValue = createValueUnlessSelfReferential( if (auto *FieldValue = createValueUnlessSelfReferential(
▲ Show 20 LinesShow All 50 LinesShow Last 20 Lines

clang/lib/Analysis/FlowSensitive/Transfer.cpp

Show First 20 LinesShow All 277 Lines▼ Show 20 Lines if (const auto *Decomp = dyn_cast<DecompositionDecl>(&D)) {
VisitDeclRefExpr(DE); VisitDeclRefExpr(DE);
VisitMemberExpr(ME); VisitMemberExpr(ME);
if (auto *Loc = Env.getStorageLocation(*ME, SkipPast::Reference)) if (auto *Loc = Env.getStorageLocation(*ME, SkipPast::Reference))
Env.setStorageLocation(*B, *Loc); Env.setStorageLocation(*B, *Loc);
} else if (auto *VD = B->getHoldingVar()) { } else if (auto *VD = B->getHoldingVar()) {
// Holding vars are used to back the BindingDecls of tuple-like // Holding vars are used to back the BindingDecls of tuple-like
// types. The holding var declarations appear *after* this statement, // types. The holding var declarations appear *after* this statement,
// so we have to create a location or them here to share with `B`. We // so we have to create a location for them here to share with `B`. We
// don't visit the binding, because we know it will be a DeclRefExpr // don't visit the binding, because we know it will be a DeclRefExpr
// to `VD`. // to `VD`.
auto &VDLoc = Env.createStorageLocation(*VD); auto &VDLoc = Env.createStorageLocation(*VD);
Env.setStorageLocation(*VD, VDLoc); Env.setStorageLocation(*VD, VDLoc);
Env.setStorageLocation(*B, VDLoc); Env.setStorageLocation(*B, VDLoc);
} }
} }
} }
▲ Show 20 LinesShow All 522 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/DataflowEnvironmentTest.cpp

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines
TEST_F(EnvironmentTest, CreateValueRecursiveType) { TEST_F(EnvironmentTest, CreateValueRecursiveType) {
using namespace ast_matchers; using namespace ast_matchers;
std::string Code = R"cc( std::string Code = R"cc(
struct Recursive { struct Recursive {
bool X; bool X;
Recursive *R; Recursive *R;
}; };
// Use both fields to force them to be created with `createValue`.
void Usage(Recursive R) { (void)R.X; (void)R.R; }
gribozavr2Unsubmitted
Done
ReplyInline Actions
// Use both fields to force them to be created with `createValue`.
- void Usage (Recursive R) { (void)R.X; (void)R.R; }
+ void Usage(Recursive R) { (void)R.X; (void)R.R; }
)cc";
gribozavr2:
)cc"; )cc";
auto Unit = auto Unit =
tooling::buildASTFromCodeWithArgs(Code, {"-fsyntax-only", "-std=c++11"}); tooling::buildASTFromCodeWithArgs(Code, {"-fsyntax-only", "-std=c++11"});
auto &Context = Unit->getASTContext(); auto &Context = Unit->getASTContext();
ASSERT_EQ(Context.getDiagnostics().getClient()->getNumErrors(), 0U); ASSERT_EQ(Context.getDiagnostics().getClient()->getNumErrors(), 0U);
auto Results = auto Results =
match(qualType(hasDeclaration(recordDecl( match(qualType(hasDeclaration(recordDecl(
hasName("Recursive"), hasName("Recursive"),
has(fieldDecl(hasName("R")).bind("field-r"))))) has(fieldDecl(hasName("R")).bind("field-r")))))
.bind("target"), .bind("target"),
Context); Context);
const QualType *Ty = selectFirst<QualType>("target", Results); const QualType *TyPtr = selectFirst<QualType>("target", Results);
ASSERT_THAT(TyPtr, NotNull());
QualType Ty = *TyPtr;
ASSERT_FALSE(Ty.isNull());
const FieldDecl *R = selectFirst<FieldDecl>("field-r", Results); const FieldDecl *R = selectFirst<FieldDecl>("field-r", Results);
ASSERT_TRUE(Ty != nullptr && !Ty->isNull()); ASSERT_THAT(R, NotNull());
ASSERT_TRUE(R != nullptr);
Results = match(functionDecl(hasName("Usage")).bind("fun"), Context);
const auto *Fun = selectFirst<FunctionDecl>("fun", Results);
ASSERT_THAT(Fun, NotNull());
// Verify that the struct and the field (`R`) with first appearance of the // Verify that the struct and the field (`R`) with first appearance of the
// type is created successfully. // type is created successfully.
Environment Env(DAContext); Environment Env(DAContext, *Fun);
Value *Val = Env.createValue(*Ty); Value *Val = Env.createValue(Ty);
ASSERT_NE(Val, nullptr); ASSERT_NE(Val, nullptr);
StructValue *SVal = clang::dyn_cast<StructValue>(Val); StructValue *SVal = clang::dyn_cast<StructValue>(Val);
ASSERT_NE(SVal, nullptr); ASSERT_NE(SVal, nullptr);
Val = SVal->getChild(*R); Val = SVal->getChild(*R);
ASSERT_NE(Val, nullptr); ASSERT_NE(Val, nullptr);
PointerValue *PV = clang::dyn_cast<PointerValue>(Val); PointerValue *PV = clang::dyn_cast<PointerValue>(Val);
EXPECT_NE(PV, nullptr); EXPECT_NE(PV, nullptr);
} }
▲ Show 20 LinesShow All 62 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TestingSupport.h

Show First 20 LinesShow All 128 Lines▼ Show 20 Lines AnalysisInputs<AnalysisT> &&withASTBuildArgs(ArrayRef<std::string> Arg) && {
ASTBuildArgs = std::move(Arg); ASTBuildArgs = std::move(Arg);
return std::move(*this); return std::move(*this);
} }
AnalysisInputs<AnalysisT> && AnalysisInputs<AnalysisT> &&
withASTBuildVirtualMappedFiles(tooling::FileContentMappings Arg) && { withASTBuildVirtualMappedFiles(tooling::FileContentMappings Arg) && {
ASTBuildVirtualMappedFiles = std::move(Arg); ASTBuildVirtualMappedFiles = std::move(Arg);
return std::move(*this); return std::move(*this);
} }
AnalysisInputs<AnalysisT> &&
withContextSensitivity() && {
EnableContextSensitivity = true;
return std::move(*this);
}
/// Required. Input code that is analyzed. /// Required. Input code that is analyzed.
llvm::StringRef Code; llvm::StringRef Code;
/// Required. The body of the function which matches this matcher is analyzed. /// Required. The body of the function which matches this matcher is analyzed.
ast_matchers::internal::Matcher<FunctionDecl> TargetFuncMatcher; ast_matchers::internal::Matcher<FunctionDecl> TargetFuncMatcher;
/// Required. The analysis to be run is constructed with this function that /// Required. The analysis to be run is constructed with this function that
/// takes as argument the AST generated from the code being analyzed and the /// takes as argument the AST generated from the code being analyzed and the
/// initial state from which the analysis starts with. /// initial state from which the analysis starts with.
Show All 9 Lines std::function<void(
ASTContext &, const CFGElement &, ASTContext &, const CFGElement &,
const TransferStateForDiagnostics<typename AnalysisT::Lattice> &)> const TransferStateForDiagnostics<typename AnalysisT::Lattice> &)>
PostVisitCFG = nullptr; PostVisitCFG = nullptr;
/// Optional. Options for building the AST context. /// Optional. Options for building the AST context.
ArrayRef<std::string> ASTBuildArgs = {}; ArrayRef<std::string> ASTBuildArgs = {};
/// Optional. Options for building the AST context. /// Optional. Options for building the AST context.
tooling::FileContentMappings ASTBuildVirtualMappedFiles = {}; tooling::FileContentMappings ASTBuildVirtualMappedFiles = {};
/// Enables context-sensitive analysis when constructing the
gribozavr2Unsubmitted
Done
ReplyInline Actions
tooling::FileContentMappings ASTBuildVirtualMappedFiles = {};
- /// Optional. Enables context-sensitive analysis when constructing the
+ /// Enables context-sensitive analysis when constructing the
/// `DataflowAnalysisContext`.

It is not clear what "optional" means for a boolean.

gribozavr2: It is not clear what "optional" means for a boolean.
/// `DataflowAnalysisContext`.
bool EnableContextSensitivity = false;
}; };
/// Returns assertions based on annotations that are present after statements in /// Returns assertions based on annotations that are present after statements in
/// `AnnotatedCode`. /// `AnnotatedCode`.
llvm::Expected<llvm::DenseMap<const Stmt *, std::string>> llvm::Expected<llvm::DenseMap<const Stmt *, std::string>>
buildStatementToAnnotationMapping(const FunctionDecl *Func, buildStatementToAnnotationMapping(const FunctionDecl *Func,
llvm::Annotations AnnotatedCode); llvm::Annotations AnnotatedCode);
▲ Show 20 LinesShow All 47 Lines▼ Show 20 LinescheckDataflow(AnalysisInputs<AnalysisT> AI,
// Build control flow graph from body of target function. // Build control flow graph from body of target function.
auto MaybeCFCtx = auto MaybeCFCtx =
ControlFlowContext::build(Target, *Target->getBody(), Context); ControlFlowContext::build(Target, *Target->getBody(), Context);
if (!MaybeCFCtx) if (!MaybeCFCtx)
return MaybeCFCtx.takeError(); return MaybeCFCtx.takeError();
auto &CFCtx = *MaybeCFCtx; auto &CFCtx = *MaybeCFCtx;
// Initialize states for running dataflow analysis. // Initialize states for running dataflow analysis.
DataflowAnalysisContext DACtx(std::make_unique<WatchedLiteralsSolver>()); DataflowAnalysisContext DACtx(
std::make_unique<WatchedLiteralsSolver>(),
{/*EnableContextSensitiveAnalysis=*/AI.EnableContextSensitivity});
Environment InitEnv(DACtx, *Target); Environment InitEnv(DACtx, *Target);
auto Analysis = AI.MakeAnalysis(Context, InitEnv); auto Analysis = AI.MakeAnalysis(Context, InitEnv);
std::function<void(const CFGElement &, std::function<void(const CFGElement &,
const TypeErasedDataflowAnalysisState &)> const TypeErasedDataflowAnalysisState &)>
PostVisitCFGClosure = nullptr; PostVisitCFGClosure = nullptr;
if (AI.PostVisitCFG) { if (AI.PostVisitCFG) {
PostVisitCFGClosure = [&AI, &Context]( PostVisitCFGClosure = [&AI, &Context](
const CFGElement &Element, const CFGElement &Element,
▲ Show 20 LinesShow All 198 LinesShow Last 20 Lines

clang/unittests/Analysis/FlowSensitive/TransferTest.cpp

Show All 10 Lines
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/ASTMatchers/ASTMatchers.h" #include "clang/ASTMatchers/ASTMatchers.h"
#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h" #include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
#include "clang/Analysis/FlowSensitive/NoopAnalysis.h" #include "clang/Analysis/FlowSensitive/NoopAnalysis.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h" #include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "clang/Analysis/FlowSensitive/Value.h" #include "clang/Analysis/FlowSensitive/Value.h"
#include "clang/Basic/LangStandard.h" #include "clang/Basic/LangStandard.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/Support/Casting.h" #include "llvm/Support/Casting.h"
#include "llvm/Testing/Support/Error.h" #include "llvm/Testing/Support/Error.h"
#include "gmock/gmock.h" #include "gmock/gmock.h"
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include <string> #include <string>
#include <utility> #include <utility>
namespace { namespace {
using namespace clang; using namespace clang;
using namespace dataflow; using namespace dataflow;
using namespace test; using namespace test;
using ::testing::IsNull; using ::testing::IsNull;
using ::testing::NotNull; using ::testing::NotNull;
using ::testing::UnorderedElementsAre; using ::testing::UnorderedElementsAre;
template <typename Matcher> template <typename Matcher>
void runDataflow(llvm::StringRef Code, Matcher Match, void runDataflow(llvm::StringRef Code, Matcher Match,
DataflowAnalysisOptions Options, DataflowAnalysisOptions Options,
LangStandard::Kind Std = LangStandard::lang_cxx17, LangStandard::Kind Std = LangStandard::lang_cxx17,
llvm::StringRef TargetFun = "target") { llvm::StringRef TargetFun = "target") {
using ast_matchers::hasName; using ast_matchers::hasName;
ASSERT_THAT_ERROR( llvm::SmallVector<std::string, 3> ASTBuildArgs = {
checkDataflow<NoopAnalysis>( "-fsyntax-only", "-fno-delayed-template-parsing",
"-std=" +
std::string(LangStandard::getLangStandardForKind(Std).getName())};
auto AI =
AnalysisInputs<NoopAnalysis>(Code, hasName(TargetFun), AnalysisInputs<NoopAnalysis>(Code, hasName(TargetFun),
[Options](ASTContext &C, Environment &) { [&Options](ASTContext &C, Environment &) {
return NoopAnalysis(C, Options); return NoopAnalysis(C, Options);
}) })
.withASTBuildArgs( .withASTBuildArgs(ASTBuildArgs);
{"-fsyntax-only", "-fno-delayed-template-parsing", if (Options.BuiltinTransferOpts &&
"-std=" + Options.BuiltinTransferOpts->ContextSensitiveOpts)
std::string(LangStandard::getLangStandardForKind(Std) AI = std::move(AI).withContextSensitivity();
.getName())}), ASSERT_THAT_ERROR(
checkDataflow<NoopAnalysis>(
std::move(AI),
/*VerifyResults=*/ /*VerifyResults=*/
[&Match](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> [&Match](const llvm::StringMap<DataflowAnalysisState<NoopLattice>>
&Results, &Results,
const AnalysisOutputs &AO) { Match(Results, AO.ASTCtx); }), const AnalysisOutputs &AO) { Match(Results, AO.ASTCtx); }),
llvm::Succeeded()); llvm::Succeeded());
} }
template <typename Matcher> template <typename Matcher>
▲ Show 20 LinesShow All 85 Lines▼ Show 20 Lines
TEST(TransferTest, StructVarDecl) { TEST(TransferTest, StructVarDecl) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
}; };
void target() { void target() {
A Foo; A Foo;
(void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
Show All 31 Lines std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
}; };
A Gen(); A Gen();
void target() { void target() {
A Foo = Gen(); A Foo = Gen();
(void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
Show All 24 Lines runDataflow(
const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl)); const auto *BarVal = cast<IntegerValue>(FooVal->getChild(*BarDecl));
EXPECT_EQ(Env.getValue(*BarLoc), BarVal); EXPECT_EQ(Env.getValue(*BarLoc), BarVal);
}); });
} }
TEST(TransferTest, ClassVarDecl) { TEST(TransferTest, ClassVarDecl) {
std::string Code = R"( std::string Code = R"(
class A { class A {
public:
int Bar; int Bar;
}; };
void target() { void target() {
A Foo; A Foo;
(void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
▲ Show 20 LinesShow All 77 Lines▼ Show 20 Lines std::string Code = R"(
struct A { struct A {
C &Bar; C &Bar;
}; };
A &getA(); A &getA();
void target() { void target() {
A &Foo = getA(); A &Foo = getA();
(void)Foo.Bar.FooRef;
(void)Foo.Bar.FooPtr;
(void)Foo.Bar.BazRef;
(void)Foo.Bar.BazPtr;
// [[p]] // [[p]]
} }
)"; )";
runDataflow(Code, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> runDataflow(Code, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>>
&Results, &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
const Environment &Env = getEnvironmentAtAnnotation(Results, "p"); const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
▲ Show 20 LinesShow All 126 Lines▼ Show 20 Lines std::string Code = R"(
struct A { struct A {
C *Bar; C *Bar;
}; };
A *getA(); A *getA();
void target() { void target() {
A *Foo = getA(); A *Foo = getA();
(void)Foo->Bar->FooRef;
(void)Foo->Bar->FooPtr;
(void)Foo->Bar->BazRef;
(void)Foo->Bar->BazPtr;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
▲ Show 20 LinesShow All 397 Lines▼ Show 20 Lines
TEST(TransferTest, StructParamDecl) { TEST(TransferTest, StructParamDecl) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
}; };
void target(A Foo) { void target(A Foo) {
(void)0; (void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
▲ Show 20 LinesShow All 144 Lines▼ Show 20 Lines std::string Code = R"(
class A { class A {
int ADefault; int ADefault;
protected: protected:
int AProtected; int AProtected;
private: private:
int APrivate; int APrivate;
public: public:
int APublic; int APublic;
private:
friend void target();
}; };
class B : public A { class B : public A {
int BDefault; int BDefault;
protected: protected:
int BProtected; int BProtected;
private: private:
int BPrivate; int BPrivate;
private:
friend void target();
}; };
void target() { void target() {
B Foo; B Foo;
(void)Foo.ADefault;
(void)Foo.AProtected;
(void)Foo.APrivate;
(void)Foo.APublic;
(void)Foo.BDefault;
(void)Foo.BProtected;
(void)Foo.BPrivate;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
▲ Show 20 LinesShow All 122 Lines▼ Show 20 Lines std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
}; };
struct B : public A { struct B : public A {
}; };
void target() { void target() {
B Foo; B Foo;
(void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow(Code, derivedBaseMemberExpectations); runDataflow(Code, derivedBaseMemberExpectations);
} }
TEST(TransferTest, DerivedBaseMemberPrivateFriend) { TEST(TransferTest, DerivedBaseMemberPrivateFriend) {
// Include an access to `Foo.Bar` to verify the analysis doesn't crash on that // Include an access to `Foo.Bar` to verify the analysis doesn't crash on that
▲ Show 20 LinesShow All 307 Lines▼ Show 20 Lines
TEST(TransferTest, UnionThisMember) { TEST(TransferTest, UnionThisMember) {
std::string Code = R"( std::string Code = R"(
union A { union A {
int Foo; int Foo;
int Bar; int Bar;
void target() { void target() {
(void)0; // [[p]] A a;
// Mention the fields to ensure they're included in the analysis.
(void)a.Foo;
(void)a.Bar;
// [[p]]
} }
}; };
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
▲ Show 20 LinesShow All 235 Lines▼ Show 20 Lines
TEST(TransferTest, TemporaryObject) { TEST(TransferTest, TemporaryObject) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
}; };
void target() { void target() {
A Foo = A(); A Foo = A();
(void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
Show All 21 LinesTEST(TransferTest, ElidableConstructor) {
// the code is compiled as C++ 14. // the code is compiled as C++ 14.
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Bar; int Bar;
}; };
void target() { void target() {
A Foo = A(); A Foo = A();
(void)Foo.Bar;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
ASSERT_THAT(Results.keys(), UnorderedElementsAre("p")); ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
Show All 21 LinesTEST(TransferTest, AssignmentOperator) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Baz; int Baz;
}; };
void target() { void target() {
A Foo; A Foo;
A Bar; A Bar;
(void)Foo.Baz;
// [[p1]] // [[p1]]
Foo = Bar; Foo = Bar;
// [[p2]] // [[p2]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines
TEST(TransferTest, CopyConstructor) { TEST(TransferTest, CopyConstructor) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Baz; int Baz;
}; };
void target() { void target() {
A Foo; A Foo;
(void)Foo.Baz;
A Bar = Foo; A Bar = Foo;
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
Show All 29 Lines
TEST(TransferTest, CopyConstructorWithParens) { TEST(TransferTest, CopyConstructorWithParens) {
std::string Code = R"( std::string Code = R"(
struct A { struct A {
int Baz; int Baz;
}; };
void target() { void target() {
A Foo; A Foo;
(void)Foo.Baz;
A Bar((A(Foo))); A Bar((A(Foo)));
// [[p]] // [[p]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
ASTContext &ASTCtx) { ASTContext &ASTCtx) {
▲ Show 20 LinesShow All 44 Lines▼ Show 20 Lines std::string Code = R"(
struct A { struct A {
int Baz; int Baz;
}; };
void target() { void target() {
A Foo; A Foo;
A Bar; A Bar;
(void)Foo.Baz;
// [[p1]] // [[p1]]
Foo = std::move(Bar); Foo = std::move(Bar);
// [[p2]] // [[p2]]
} }
)"; )";
runDataflow( runDataflow(
Code, Code,
[](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
▲ Show 20 LinesShow All 2,850 LinesShow Last 20 Lines