This is an archive of the discontinued LLVM Phabricator instance.

Differential D37840

[Analyzer] Synthesize function body for call_once
ClosedPublic

Authored by george.karpenkov on Sep 13 2017, 6:03 PM.

Details

Reviewers
NoQ
dcoughlin
zaks.anna
Commits
rG657a5896b19a: [Analyzer] Synthesize function body for std::call_once
rC314571: [Analyzer] Synthesize function body for std::call_once
rL314571: [Analyzer] Synthesize function body for std::call_once

Diff Detail

Repository
rL LLVM

Event Timeline

george.karpenkov created this revision.Sep 13 2017, 6:03 PM
Herald added subscribers: xazax.hun, javed.absar. · View Herald TranscriptSep 13 2017, 6:03 PM
NoQ added inline comments.Sep 14 2017, 8:58 AM
lib/Analysis/BodyFarm.cpp
87 ↗(On Diff #115148)

I guess it's supposed to be the type to which we cast, while the arg's type would be the type from which we cast?

266–268 ↗(On Diff #115148)

This function looks as if it begs to be reused from some other place, but i didn't immediately find a ready-made way to do this, which is surprising.

281 ↗(On Diff #115148)

return None;.

405–407 ↗(On Diff #115148)

No idea, but, as a bit of brainstorming, Objective-C++ sometimes seems to treat blocks and lambdas similarly, eg. CK_CopyAndAutoreleaseBlockObject cast kind casts from lambdas to blocks. So i'm probably curious if passing a block is possible here (which goes in the opposite direction).

421–424 ↗(On Diff #115148)

Just to make sure i understand - the name of the once-token must be std::once_flag, while the name of the field we're looking for is unspecified. So we wouldn't necessarily find the field called __state inside the function in the real-world code. Same for the possible values of this field and their meanings.

Could you comment that we're trying to match popular implementation(s) of once_flag? And if you're seeing potential better approaches.

681 ↗(On Diff #115148)

I think we have to check that this is in namespace std::, otherwise it might be a different function.

george.karpenkov added inline comments.Sep 14 2017, 9:37 AM
lib/Analysis/BodyFarm.cpp
87 ↗(On Diff #115148)

But in most cases we don't actually change the type,
e.g. just changing lvalue to rvalue.

266–268 ↗(On Diff #115148)

yeah we've talked about that with Devin.
It was initially mostly copied from ExprEngineWithCall (or a similar name),
but changed substantially.
That code can be rewritten to reuse this one now.
Maybe we should just expose all of ASTMaker?

george.karpenkov added inline comments.Sep 14 2017, 1:39 PM
lib/Analysis/BodyFarm.cpp
421–424 ↗(On Diff #115148)

So we wouldn't necessarily find the field called __state inside the function

It seems we would, from libc++ header:

struct _LIBCPP_TEMPLATE_VIS once_flag
{
    _LIBCPP_INLINE_VISIBILITY
    _LIBCPP_CONSTEXPR
        once_flag() _NOEXCEPT : __state_(0) {}

private:
    once_flag(const once_flag&); // = delete;
    once_flag& operator=(const once_flag&); // = delete;

    unsigned long __state_;

#ifndef _LIBCPP_CXX03_LANG
    template<class _Callable, class... _Args>
    friend
    void call_once(once_flag&, _Callable&&, _Args&&...);
#else  // _LIBCPP_CXX03_LANG
    template<class _Callable>
    friend
    void call_once(once_flag&, _Callable&);

    template<class _Callable>
    friend
    void call_once(once_flag&, const _Callable&);
#endif  // _LIBCPP_CXX03_LANG
};

Though other implementation might try to put more stuff into the .cpp file.

george.karpenkov updated this revision to Diff 115283.Sep 14 2017, 2:13 PM
george.karpenkov edited the summary of this revision. (Show Details)

updated to work with blocks.

george.karpenkov marked 2 inline comments as done.Sep 14 2017, 2:14 PM
george.karpenkov added inline comments.
lib/Analysis/BodyFarm.cpp
405–407 ↗(On Diff #115148)

shockingly, blocks work.

george.karpenkov updated this revision to Diff 115301.Sep 14 2017, 3:15 PM
george.karpenkov marked an inline comment as done.

This works with --analyze on an actual file which has #include<mutex>.

george.karpenkov updated this revision to Diff 115309.Sep 14 2017, 3:48 PM

Checked for std:: namespace, left a comment that we are assuming libc++ implementation.

george.karpenkov marked an inline comment as done.Sep 14 2017, 3:49 PM
george.karpenkov added inline comments.
lib/Analysis/BodyFarm.cpp
421–424 ↗(On Diff #115148)

Added a comment that we are assuming libc++ implementation.

george.karpenkov updated this revision to Diff 115421.Sep 15 2017, 10:29 AM

Add logging statements.
@NoQ that should be good to commit I think.

george.karpenkov updated this revision to Diff 115675.Sep 18 2017, 10:34 AM

Removed TODO notes.
@NoQ @dcoughlin any further comments?

zaks.anna accepted this revision.Sep 18 2017, 7:47 PM

Please, commit. I think we can take further comments post-commit.

This revision is now accepted and ready to land.Sep 18 2017, 7:47 PM
NoQ accepted this revision.Sep 19 2017, 10:57 AM

Yeah, sounds good to me as well.

lib/Analysis/BodyFarm.cpp
87 ↗(On Diff #115148)

No, most casts actually change the type, even if implicit. Even CK_NoOp changes the type sometimes.

Actually not sure, do we need the default argument for CastKind?

test/Analysis/call_once.cpp
222 ↗(On Diff #115421)

Btw http://en.cppreference.com/w/c/thread/call_once

dcoughlin edited edge metadata.Sep 19 2017, 8:32 PM

Some comments in line. Also, don't forget to run git clang-format on your changes to fix the indention and '*' placement for pointers.

lib/Analysis/BodyFarm.cpp
28 ↗(On Diff #115421)

We should probably follow the convention the rest of the analyzer uses have this be camel case ("BodyFarm").

53 ↗(On Diff #115421)

There a bunch of whitespace-only changes here. (Probably clang-format or your editor removed spaces on empty lines?) We generally try to avoid whitespace-only changes since they obscure the history of a commit.

285 ↗(On Diff #115421)

Why does findMember() return an optional of a pointer type? What is the meaning of 'Some(nullptr)' to the caller? Can the method just return NamedDecl * instead?

301 ↗(On Diff #115421)

Do we need to look up in the bases? There don't seem to be tests for this code. Should it be removed?

360 ↗(On Diff #115421)

It seems quite sketchy to me that create_call_once_lambda_call() mutates one of its reference parameters. It is also inserting at the beginning of a vector, which is expensive. Can you create the CallArgs vector in the caller and pass in an immutable llvm::ArrayRef to it instead? This is more idiomatic and will prevent surprises on the part of future callers from unexpected mutation.

403 ↗(On Diff #115421)

To be idiomatic, CallArgs should probably be an llvm::SmallVector. This will avoid a heap allocation.

266–268 ↗(On Diff #115148)

I'm a bit uncomfortable with returning just the first found member for member functions. Since member functions are often overloaded, anyone who uses this API in the future to find a member function will almost certainly be using it incorrectly. What do you think about restricting it to only find fields?

george.karpenkov added inline comments.Sep 20 2017, 1:41 PM
lib/Analysis/BodyFarm.cpp
360 ↗(On Diff #115421)

It is also inserting at the beginning of a vector, which is expensive

Yes, I have taken that into consideration (though realistically speaking we are talking about an array with a couple of elements, in a function called once per analysis).
The problem arises from the fact that CXXOperatorCallExpr does not autoinsert function reference in the beginning of call arguments, like parent implementation (maybe it is a bug which should be fixed separately).
Thus I haven't seen any other option if we want to reuse the code inserting parameters into the vector, while only inserting the function first parameter for CXX operator calls. Also note I can't easily use deque, as args type is not auto-construcable from it.

Can you create the CallArgs vector in the caller and pass in an immutable llvm::ArrayRef to it instead

Did you mean "callee" instead of "caller"? Yes, but from my understanding that would result in more code, and be less efficient than the current implementation (even though performance does not particularly matter in this case).

and will prevent surprises on the part of future callers from unexpected mutation

Why is it unexpected though? It is a mutable datastructure passed by reference, it is quite idiomatic to write into those.
Moreover, conceptually the mutation is needed if we want callArgs to correspond to the list of arguments passed to the call expression constructor.

george.karpenkov updated this revision to Diff 116290.Sep 21 2017, 5:11 PM

Updated using review comments.

george.karpenkov marked 3 inline comments as done.Sep 21 2017, 5:12 PM
george.karpenkov added inline comments.
lib/Analysis/BodyFarm.cpp
28 ↗(On Diff #115421)

I have only found two files with DEBUG_TYPE in the analyzer, however.
Would that be called a convention, especially given that we are inside Clang, and the rest of Clang and LLVM codebase use dashes and lowercase?
Would seem to make more sense to rename DEBUG_TYPE in those files.

53 ↗(On Diff #115421)

Can't see any now?

285 ↗(On Diff #115421)

OK that depends on the style, let's change it to be more consistent with body generation.
If a function returns a pointer, it is not immediately apparent that it can be a nullptr, while it is with an optional.

301 ↗(On Diff #115421)

Good point, I've cargo-culted it from another file without realizing.
If we are not planning on generalizing this function/class (and it seems we are not doing it in this PR) then indeed it makes sense to remove it.

403 ↗(On Diff #115421)

ok

266–268 ↗(On Diff #115148)

OK let's restrict it to fields.

dcoughlin accepted this revision.Sep 29 2017, 4:34 PM

Ok. Looks fine to me. Just make sure to check out the raw diff for whitespace changes. I suspect your viewer is hiding them from you.

lib/Analysis/BodyFarm.cpp
53 ↗(On Diff #115421)

Make sure to look at the raw diff. I still see them.

360 ↗(On Diff #115421)

I'm not convinced the mutation is needed and I think you can rewrite it without it. I won't block this patch on that though.

Closed by commit rL314571: [Analyzer] Synthesize function body for std::call_once (authored by george.karpenkov). · Explain WhySep 29 2017, 5:04 PM
This revision was automatically updated to reflect the committed changes.
george.karpenkov marked 3 inline comments as done.
zaks.anna added inline comments.Sep 29 2017, 10:36 PM
lib/Analysis/BodyFarm.cpp
360 ↗(On Diff #115421)

Generally, in LLVM codebase it's preferable to use immutable data structures wherever possible. That makes code safer and easier to understand.

Revision Contents

PathSize
cfe/
trunk/
lib/
Analysis/
316 lines
test/
Analysis/
233 lines

Diff 117243

cfe/trunk/lib/Analysis/BodyFarm.cpp

//== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-// //== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// BodyFarm is a factory for creating faux implementations for functions/methods // BodyFarm is a factory for creating faux implementations for functions/methods
// for analysis purposes. // for analysis purposes.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "BodyFarm.h" #include "BodyFarm.h"
#include "clang/AST/ASTContext.h" #include "clang/AST/ASTContext.h"
#include "clang/AST/CXXInheritance.h"
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/Expr.h" #include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"
#include "clang/AST/ExprObjC.h" #include "clang/AST/ExprObjC.h"
#include "clang/AST/NestedNameSpecifier.h"
#include "clang/Analysis/CodeInjector.h" #include "clang/Analysis/CodeInjector.h"
#include "clang/Basic/OperatorKinds.h"
#include "llvm/ADT/StringSwitch.h" #include "llvm/ADT/StringSwitch.h"
#include "llvm/Support/Debug.h"
#define DEBUG_TYPE "body-farm"
using namespace clang; using namespace clang;
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Helper creation functions for constructing faux ASTs. // Helper creation functions for constructing faux ASTs.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
static bool isDispatchBlock(QualType Ty) { static bool isDispatchBlock(QualType Ty) {
Show All 20 Linespublic:
/// Create a new BinaryOperator representing a comparison. /// Create a new BinaryOperator representing a comparison.
BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS, BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS,
BinaryOperator::Opcode Op); BinaryOperator::Opcode Op);
/// Create a new compound stmt using the provided statements. /// Create a new compound stmt using the provided statements.
CompoundStmt *makeCompound(ArrayRef<Stmt*>); CompoundStmt *makeCompound(ArrayRef<Stmt*>);
/// Create a new DeclRefExpr for the referenced variable. /// Create a new DeclRefExpr for the referenced variable.
DeclRefExpr *makeDeclRefExpr(const VarDecl *D); DeclRefExpr *makeDeclRefExpr(const VarDecl *D,
bool RefersToEnclosingVariableOrCapture = false,
bool GetNonReferenceType = false);
/// Create a new UnaryOperator representing a dereference. /// Create a new UnaryOperator representing a dereference.
UnaryOperator *makeDereference(const Expr *Arg, QualType Ty); UnaryOperator *makeDereference(const Expr *Arg, QualType Ty);
/// Create an implicit cast for an integer conversion. /// Create an implicit cast for an integer conversion.
Expr *makeIntegralCast(const Expr *Arg, QualType Ty); Expr *makeIntegralCast(const Expr *Arg, QualType Ty);
/// Create an implicit cast to a builtin boolean type. /// Create an implicit cast to a builtin boolean type.
ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg); ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg);
// Create an implicit cast for lvalue-to-rvaluate conversions. /// Create an implicit cast for lvalue-to-rvaluate conversions.
ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty); ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty);
/// Create an implicit cast for lvalue-to-rvaluate conversions.
ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg,
bool GetNonReferenceType = false);
/// Make RValue out of variable declaration, creating a temporary
/// DeclRefExpr in the process.
ImplicitCastExpr *
makeLvalueToRvalue(const VarDecl *Decl,
bool RefersToEnclosingVariableOrCapture = false,
bool GetNonReferenceType = false);
/// Create an implicit cast of the given type.
ImplicitCastExpr *makeImplicitCast(const Expr *Arg, QualType Ty,
CastKind CK = CK_LValueToRValue);
/// Create an Objective-C bool literal. /// Create an Objective-C bool literal.
ObjCBoolLiteralExpr *makeObjCBool(bool Val); ObjCBoolLiteralExpr *makeObjCBool(bool Val);
/// Create an Objective-C ivar reference. /// Create an Objective-C ivar reference.
ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar); ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar);
/// Create a Return statement. /// Create a Return statement.
ReturnStmt *makeReturn(const Expr *RetVal); ReturnStmt *makeReturn(const Expr *RetVal);
/// Create an integer literal.
IntegerLiteral *makeIntegerLiteral(uint64_t value);
/// Create a member expression.
MemberExpr *makeMemberExpression(Expr *base, ValueDecl *MemberDecl,
bool IsArrow = false,
ExprValueKind ValueKind = VK_LValue);
/// Returns a *first* member field of a record declaration with a given name.
/// \return an nullptr if no member with such a name exists.
NamedDecl *findMemberField(const CXXRecordDecl *RD, StringRef Name);
private: private:
ASTContext &C; ASTContext &C;
}; };
} }
BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS, BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS,
QualType Ty) { QualType Ty) {
return new (C) BinaryOperator(const_cast<Expr*>(LHS), const_cast<Expr*>(RHS), return new (C) BinaryOperator(const_cast<Expr*>(LHS), const_cast<Expr*>(RHS),
Show All 12 Lines return new (C) BinaryOperator(const_cast<Expr*>(LHS),
VK_RValue, VK_RValue,
OK_Ordinary, SourceLocation(), FPOptions()); OK_Ordinary, SourceLocation(), FPOptions());
} }
CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) { CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) {
return new (C) CompoundStmt(C, Stmts, SourceLocation(), SourceLocation()); return new (C) CompoundStmt(C, Stmts, SourceLocation(), SourceLocation());
} }
DeclRefExpr *ASTMaker::makeDeclRefExpr(const VarDecl *D) { DeclRefExpr *ASTMaker::makeDeclRefExpr(const VarDecl *D,
DeclRefExpr *DR = bool RefersToEnclosingVariableOrCapture,
DeclRefExpr::Create(/* Ctx = */ C, bool GetNonReferenceType) {
/* QualifierLoc = */ NestedNameSpecifierLoc(), auto Type = D->getType();
/* TemplateKWLoc = */ SourceLocation(), if (GetNonReferenceType)
/* D = */ const_cast<VarDecl*>(D), Type = Type.getNonReferenceType();
/* RefersToEnclosingVariableOrCapture = */ false,
/* NameLoc = */ SourceLocation(), DeclRefExpr *DR = DeclRefExpr::Create(
/* T = */ D->getType(), C, NestedNameSpecifierLoc(), SourceLocation(), const_cast<VarDecl *>(D),
/* VK = */ VK_LValue); RefersToEnclosingVariableOrCapture, SourceLocation(), Type, VK_LValue);
return DR; return DR;
} }
UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) { UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) {
return new (C) UnaryOperator(const_cast<Expr*>(Arg), UO_Deref, Ty, return new (C) UnaryOperator(const_cast<Expr*>(Arg), UO_Deref, Ty,
VK_LValue, OK_Ordinary, SourceLocation()); VK_LValue, OK_Ordinary, SourceLocation());
} }
ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) { ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) {
return ImplicitCastExpr::Create(C, Ty, CK_LValueToRValue, return makeImplicitCast(Arg, Ty, CK_LValueToRValue);
const_cast<Expr*>(Arg), nullptr, VK_RValue); }
ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg,
bool GetNonReferenceType) {
QualType Type = Arg->getType();
if (GetNonReferenceType)
Type = Type.getNonReferenceType();
return makeImplicitCast(Arg, Type, CK_LValueToRValue);
}
ImplicitCastExpr *
ASTMaker::makeLvalueToRvalue(const VarDecl *Arg,
bool RefersToEnclosingVariableOrCapture,
bool GetNonReferenceType) {
auto Type = Arg->getType();
if (GetNonReferenceType)
Type = Type.getNonReferenceType();
return makeLvalueToRvalue(makeDeclRefExpr(Arg,
RefersToEnclosingVariableOrCapture,
GetNonReferenceType),
Type);
}
ImplicitCastExpr *ASTMaker::makeImplicitCast(const Expr *Arg, QualType Ty,
CastKind CK) {
return ImplicitCastExpr::Create(C, Ty,
/* CastKind= */ CK,
/* Expr= */ const_cast<Expr *>(Arg),
/* CXXCastPath= */ nullptr,
/* ExprValueKind= */ VK_RValue);
} }
Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) { Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) {
if (Arg->getType() == Ty) if (Arg->getType() == Ty)
return const_cast<Expr*>(Arg); return const_cast<Expr*>(Arg);
return ImplicitCastExpr::Create(C, Ty, CK_IntegralCast, return ImplicitCastExpr::Create(C, Ty, CK_IntegralCast,
const_cast<Expr*>(Arg), nullptr, VK_RValue); const_cast<Expr*>(Arg), nullptr, VK_RValue);
Show All 18 Lines
} }
ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) { ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) {
return new (C) ReturnStmt(SourceLocation(), const_cast<Expr*>(RetVal), return new (C) ReturnStmt(SourceLocation(), const_cast<Expr*>(RetVal),
nullptr); nullptr);
} }
IntegerLiteral *ASTMaker::makeIntegerLiteral(uint64_t value) {
return IntegerLiteral::Create(C,
llvm::APInt(
/*numBits=*/C.getTypeSize(C.IntTy), value),
/*QualType=*/C.IntTy, SourceLocation());
}
MemberExpr *ASTMaker::makeMemberExpression(Expr *base, ValueDecl *MemberDecl,
bool IsArrow,
ExprValueKind ValueKind) {
DeclAccessPair FoundDecl = DeclAccessPair::make(MemberDecl, AS_public);
return MemberExpr::Create(
C, base, IsArrow, SourceLocation(), NestedNameSpecifierLoc(),
SourceLocation(), MemberDecl, FoundDecl,
DeclarationNameInfo(MemberDecl->getDeclName(), SourceLocation()),
/* TemplateArgumentListInfo= */ nullptr, MemberDecl->getType(), ValueKind,
OK_Ordinary);
}
NamedDecl *ASTMaker::findMemberField(const CXXRecordDecl *RD, StringRef Name) {
CXXBasePaths Paths(
/* FindAmbiguities=*/false,
/* RecordPaths=*/false,
/* DetectVirtual= */ false);
const IdentifierInfo &II = C.Idents.get(Name);
DeclarationName DeclName = C.DeclarationNames.getIdentifier(&II);
DeclContextLookupResult Decls = RD->lookup(DeclName);
for (NamedDecl *FoundDecl : Decls)
if (!FoundDecl->getDeclContext()->isFunctionOrMethod())
return FoundDecl;
return nullptr;
}
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Creation functions for faux ASTs. // Creation functions for faux ASTs.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D); typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D);
static CallExpr *
create_call_once_funcptr_call(ASTContext &C, ASTMaker M,
const ParmVarDecl *Callback,
SmallVectorImpl<Expr *> &CallArgs) {
return new (C) CallExpr(
/*ASTContext=*/C,
/*StmtClass=*/M.makeLvalueToRvalue(/*Expr=*/Callback),
/*args=*/CallArgs,
/*QualType=*/C.VoidTy,
/*ExprValueType=*/VK_RValue,
/*SourceLocation=*/SourceLocation());
}
static CallExpr *
create_call_once_lambda_call(ASTContext &C, ASTMaker M,
const ParmVarDecl *Callback, QualType CallbackType,
SmallVectorImpl<Expr *> &CallArgs) {
CXXRecordDecl *CallbackDecl = CallbackType->getAsCXXRecordDecl();
assert(CallbackDecl != nullptr);
assert(CallbackDecl->isLambda());
FunctionDecl *callOperatorDecl = CallbackDecl->getLambdaCallOperator();
assert(callOperatorDecl != nullptr);
DeclRefExpr *callOperatorDeclRef =
DeclRefExpr::Create(/* Ctx = */ C,
/* QualifierLoc = */ NestedNameSpecifierLoc(),
/* TemplateKWLoc = */ SourceLocation(),
const_cast<FunctionDecl *>(callOperatorDecl),
/* RefersToEnclosingVariableOrCapture= */ false,
/* NameLoc = */ SourceLocation(),
/* T = */ callOperatorDecl->getType(),
/* VK = */ VK_LValue);
CallArgs.insert(
CallArgs.begin(),
M.makeDeclRefExpr(Callback,
/* RefersToEnclosingVariableOrCapture= */ true,
/* GetNonReferenceType= */ true));
return new (C)
CXXOperatorCallExpr(/*AstContext=*/C, OO_Call, callOperatorDeclRef,
/*args=*/CallArgs,
/*QualType=*/C.VoidTy,
/*ExprValueType=*/VK_RValue,
/*SourceLocation=*/SourceLocation(), FPOptions());
}
/// Create a fake body for std::call_once.
/// Emulates the following function body:
///
/// \code
/// typedef struct once_flag_s {
/// unsigned long __state = 0;
/// } once_flag;
/// template<class Callable>
/// void call_once(once_flag& o, Callable func) {
/// if (!o.__state) {
/// func();
/// }
/// o.__state = 1;
/// }
/// \endcode
static Stmt *create_call_once(ASTContext &C, const FunctionDecl *D) {
DEBUG(llvm::dbgs() << "Generating body for call_once\n");
// We need at least two parameters.
if (D->param_size() < 2)
return nullptr;
ASTMaker M(C);
const ParmVarDecl *Flag = D->getParamDecl(0);
const ParmVarDecl *Callback = D->getParamDecl(1);
QualType CallbackType = Callback->getType().getNonReferenceType();
SmallVector<Expr *, 5> CallArgs;
// All arguments past first two ones are passed to the callback.
for (unsigned int i = 2; i < D->getNumParams(); i++)
CallArgs.push_back(M.makeLvalueToRvalue(D->getParamDecl(i)));
CallExpr *CallbackCall;
if (CallbackType->getAsCXXRecordDecl() &&
CallbackType->getAsCXXRecordDecl()->isLambda()) {
CallbackCall =
create_call_once_lambda_call(C, M, Callback, CallbackType, CallArgs);
} else {
// Function pointer case.
CallbackCall = create_call_once_funcptr_call(C, M, Callback, CallArgs);
}
QualType FlagType = Flag->getType().getNonReferenceType();
DeclRefExpr *FlagDecl =
M.makeDeclRefExpr(Flag,
/* RefersToEnclosingVariableOrCapture=*/true,
/* GetNonReferenceType=*/true);
CXXRecordDecl *FlagCXXDecl = FlagType->getAsCXXRecordDecl();
// Note: here we are assuming libc++ implementation of call_once,
// which has a struct with a field `__state_`.
// Body farming might not work for other `call_once` implementations.
NamedDecl *FoundDecl = M.findMemberField(FlagCXXDecl, "__state_");
ValueDecl *FieldDecl;
if (FoundDecl) {
FieldDecl = dyn_cast<ValueDecl>(FoundDecl);
} else {
DEBUG(llvm::dbgs() << "No field __state_ found on std::once_flag struct, "
<< "unable to synthesize call_once body, ignoring "
<< "the call.\n");
return nullptr;
}
MemberExpr *Deref = M.makeMemberExpression(FlagDecl, FieldDecl);
assert(Deref->isLValue());
QualType DerefType = Deref->getType();
// Negation predicate.
UnaryOperator *FlagCheck = new (C) UnaryOperator(
/* input= */
M.makeImplicitCast(M.makeLvalueToRvalue(Deref, DerefType), DerefType,
CK_IntegralToBoolean),
/* opc= */ UO_LNot,
/* QualType= */ C.IntTy,
/* ExprValueKind= */ VK_RValue,
/* ExprObjectKind= */ OK_Ordinary, SourceLocation());
// Create assignment.
BinaryOperator *FlagAssignment = M.makeAssignment(
Deref, M.makeIntegralCast(M.makeIntegerLiteral(1), DerefType), DerefType);
IfStmt *Out = new (C)
IfStmt(C, SourceLocation(),
/* IsConstexpr= */ false,
/* init= */ nullptr,
/* var= */ nullptr,
/* cond= */ FlagCheck,
/* then= */ M.makeCompound({CallbackCall, FlagAssignment}));
return Out;
}
/// Create a fake body for dispatch_once. /// Create a fake body for dispatch_once.
static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) { static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) {
// Check if we have at least two parameters. // Check if we have at least two parameters.
if (D->param_size() != 2) if (D->param_size() != 2)
return nullptr; return nullptr;
// Check if the first parameter is a pointer to integer type. // Check if the first parameter is a pointer to integer type.
const ParmVarDecl *Predicate = D->getParamDecl(0); const ParmVarDecl *Predicate = D->getParamDecl(0);
Show All 19 Linesstatic Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) {
// *predicate = 1; // *predicate = 1;
// block(); // block();
// } // }
// } // }
ASTMaker M(C); ASTMaker M(C);
// (1) Create the call. // (1) Create the call.
DeclRefExpr *DR = M.makeDeclRefExpr(Block); CallExpr *CE = new (C) CallExpr(
ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty); /*ASTContext=*/C,
CallExpr *CE = new (C) CallExpr(C, ICE, None, C.VoidTy, VK_RValue, /*StmtClass=*/M.makeLvalueToRvalue(/*Expr=*/Block),
SourceLocation()); /*args=*/None,
/*QualType=*/C.VoidTy,
/*ExprValueType=*/VK_RValue,
/*SourceLocation=*/SourceLocation());
// (2) Create the assignment to the predicate. // (2) Create the assignment to the predicate.
IntegerLiteral *IL = IntegerLiteral *IL = M.makeIntegerLiteral(1);
IntegerLiteral::Create(C, llvm::APInt(C.getTypeSize(C.IntTy), (uint64_t) 1),
C.IntTy, SourceLocation());
BinaryOperator *B = BinaryOperator *B =
M.makeAssignment( M.makeAssignment(
M.makeDereference( M.makeDereference(
M.makeLvalueToRvalue( M.makeLvalueToRvalue(
M.makeDeclRefExpr(Predicate), PredicateQPtrTy), M.makeDeclRefExpr(Predicate), PredicateQPtrTy),
PredicateTy), PredicateTy),
M.makeIntegralCast(IL, PredicateTy), M.makeIntegralCast(IL, PredicateTy),
PredicateTy); PredicateTy);
// (3) Create the compound statement. // (3) Create the compound statement.
Stmt *Stmts[] = { B, CE }; Stmt *Stmts[] = { B, CE };
CompoundStmt *CS = M.makeCompound(Stmts); CompoundStmt *CS = M.makeCompound(Stmts);
// (4) Create the 'if' condition. // (4) Create the 'if' condition.
ImplicitCastExpr *LValToRval = ImplicitCastExpr *LValToRval =
M.makeLvalueToRvalue( M.makeLvalueToRvalue(
M.makeDereference( M.makeDereference(
M.makeLvalueToRvalue( M.makeLvalueToRvalue(
M.makeDeclRefExpr(Predicate), M.makeDeclRefExpr(Predicate),
PredicateQPtrTy), PredicateQPtrTy),
PredicateTy), PredicateTy),
PredicateTy); PredicateTy);
UnaryOperator *UO = new (C) UnaryOperator(LValToRval, UO_LNot, C.IntTy, UnaryOperator *UO = new (C) UnaryOperator(
VK_RValue, OK_Ordinary, /* input= */ LValToRval,
SourceLocation()); /* opc= */ UO_LNot,
/* QualType= */ C.IntTy,
/* ExprValueKind= */ VK_RValue,
/* ExprObjectKind= */ OK_Ordinary, SourceLocation());
// (5) Create the 'if' statement. // (5) Create the 'if' statement.
IfStmt *If = new (C) IfStmt(C, SourceLocation(), false, nullptr, nullptr, IfStmt *If = new (C) IfStmt(C, SourceLocation(),
UO, CS); /* IsConstexpr= */ false,
/* init= */ nullptr,
/* var= */ nullptr,
/* cond= */ UO,
/* then= */ CS);
return If; return If;
} }
/// Create a fake body for dispatch_sync. /// Create a fake body for dispatch_sync.
static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) { static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) {
// Check if we have at least two parameters. // Check if we have at least two parameters.
if (D->param_size() != 2) if (D->param_size() != 2)
return nullptr; return nullptr;
▲ Show 20 LinesShow All 113 Lines▼ Show 20 LinesStmt *BodyFarm::getBody(const FunctionDecl *D) {
if (Name.empty()) if (Name.empty())
return nullptr; return nullptr;
FunctionFarmer FF; FunctionFarmer FF;
if (Name.startswith("OSAtomicCompareAndSwap") || if (Name.startswith("OSAtomicCompareAndSwap") ||
Name.startswith("objc_atomicCompareAndSwap")) { Name.startswith("objc_atomicCompareAndSwap")) {
FF = create_OSAtomicCompareAndSwap; FF = create_OSAtomicCompareAndSwap;
} } else if (Name == "call_once" && D->getDeclContext()->isStdNamespace()) {
else { FF = create_call_once;
} else {
FF = llvm::StringSwitch<FunctionFarmer>(Name) FF = llvm::StringSwitch<FunctionFarmer>(Name)
.Case("dispatch_sync", create_dispatch_sync) .Case("dispatch_sync", create_dispatch_sync)
.Case("dispatch_once", create_dispatch_once) .Case("dispatch_once", create_dispatch_once)
.Default(nullptr); .Default(nullptr);
} }
if (FF) { Val = FF(C, D); } if (FF) { Val = FF(C, D); }
else if (Injector) { Val = Injector->getBody(D); } else if (Injector) { Val = Injector->getBody(D); }
▲ Show 20 LinesShow All 136 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/call_once.cpp

// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -w -verify %s
void clang_analyzer_eval(bool);
// Faking std::std::call_once implementation.
namespace std {
typedef struct once_flag_s {
unsigned long __state_ = 0;
} once_flag;
template <class Callable, class... Args>
void call_once(once_flag &o, Callable func, Args... args);
} // namespace std
// Check with Lambdas.
void test_called_warning() {
std::once_flag g_initialize;
int z;
std::call_once(g_initialize, [&] {
int *x = nullptr;
int y = *x; // expected-warning{{Dereference of null pointer (loaded from variable 'x')}}
z = 200;
});
}
void test_called_on_path_inside_no_warning() {
std::once_flag g_initialize;
int *x = nullptr;
int y = 100;
int z;
std::call_once(g_initialize, [&] {
z = 200;
x = &z;
});
*x = 100; // no-warning
clang_analyzer_eval(z == 100); // expected-warning{{TRUE}}
}
void test_called_on_path_no_warning() {
std::once_flag g_initialize;
int *x = nullptr;
int y = 100;
std::call_once(g_initialize, [&] {
x = &y;
});
*x = 100; // no-warning
}
void test_called_on_path_warning() {
std::once_flag g_initialize;
int y = 100;
int *x = &y;
std::call_once(g_initialize, [&] {
x = nullptr;
});
*x = 100; // expected-warning{{Dereference of null pointer (loaded from variable 'x')}}
}
void test_called_once_warning() {
std::once_flag g_initialize;
int *x = nullptr;
int y = 100;
std::call_once(g_initialize, [&] {
x = nullptr;
});
std::call_once(g_initialize, [&] {
x = &y;
});
*x = 100; // expected-warning{{Dereference of null pointer (loaded from variable 'x')}}
}
void test_called_once_no_warning() {
std::once_flag g_initialize;
int *x = nullptr;
int y = 100;
std::call_once(g_initialize, [&] {
x = &y;
});
std::call_once(g_initialize, [&] {
x = nullptr;
});
*x = 100; // no-warning
}
static int global = 0;
void funcPointer() {
global = 1;
}
void test_func_pointers() {
static std::once_flag flag;
std::call_once(flag, &funcPointer);
clang_analyzer_eval(global == 1); // expected-warning{{TRUE}}
}
template <class _Fp>
class function; // undefined
template <class _Rp, class... _ArgTypes>
struct function<_Rp(_ArgTypes...)> {
_Rp operator()(_ArgTypes...) const;
template <class _Fp>
function(_Fp);
};
// Note: currently we do not support calls to std::function,
// but the analyzer should not crash either.
void test_function_objects_warning() {
int x = 0;
int *y = &x;
std::once_flag flag;
function<void()> func = [&]() {
y = nullptr;
};
std::call_once(flag, func);
func();
int z = *y;
}
void test_param_passing_lambda() {
std::once_flag flag;
int x = 120;
int y = 0;
std::call_once(flag, [&](int p) {
y = p;
},
x);
clang_analyzer_eval(y == 120); // expected-warning{{TRUE}}
}
void test_param_passing_lambda_false() {
std::once_flag flag;
int x = 120;
std::call_once(flag, [&](int p) {
x = 0;
},
x);
clang_analyzer_eval(x == 120); // expected-warning{{FALSE}}
}
void test_param_passing_stored_lambda() {
std::once_flag flag;
int x = 120;
int y = 0;
auto lambda = [&](int p) {
y = p;
};
std::call_once(flag, lambda, x);
clang_analyzer_eval(y == 120); // expected-warning{{TRUE}}
}
void test_multiparam_passing_lambda() {
std::once_flag flag;
int x = 120;
std::call_once(flag, [&](int a, int b, int c) {
x = a + b + c;
},
1, 2, 3);
clang_analyzer_eval(x == 120); // expected-warning{{FALSE}}
clang_analyzer_eval(x == 6); // expected-warning{{TRUE}}
}
static int global2 = 0;
void test_param_passing_lambda_global() {
std::once_flag flag;
global2 = 0;
std::call_once(flag, [&](int a, int b, int c) {
global2 = a + b + c;
},
1, 2, 3);
clang_analyzer_eval(global2 == 6); // expected-warning{{TRUE}}
}
static int global3 = 0;
void funcptr(int a, int b, int c) {
global3 = a + b + c;
}
void test_param_passing_funcptr() {
std::once_flag flag;
global3 = 0;
std::call_once(flag, &funcptr, 1, 2, 3);
clang_analyzer_eval(global3 == 6); // expected-warning{{TRUE}}
}
void test_blocks() {
global3 = 0;
std::once_flag flag;
std::call_once(flag, ^{
global3 = 120;
});
clang_analyzer_eval(global3 == 120); // expected-warning{{TRUE}}
}
int call_once() {
return 5;
}
void test_non_std_call_once() {
int x = call_once();
clang_analyzer_eval(x == 5); // expected-warning{{TRUE}}
}