This is an archive of the discontinued LLVM Phabricator instance.

Differential D43533

[CFG] [analyzer] NFC: Refactor ConstructionContext into a finite set of cases.
ClosedPublic

Authored by NoQ on Feb 20 2018, 3:34 PM.

Details

Reviewers
dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
Commits
rG4068481bdb11: [CFG] NFC: Refactor ConstructionContext into a finite set of cases.
rC326238: [CFG] NFC: Refactor ConstructionContext into a finite set of cases.
rL326238: [CFG] NFC: Refactor ConstructionContext into a finite set of cases.
Summary

ConstructionContext is moved into a separate translation unit and is separated into multiple classes.

The "old" "raw" ConstructionContext is renamed into ConstructionContextLayer - which corresponds to the idea of building the context gradually layer-by-layer, but it isn't easy to use in the clients. Once CXXConstructExpr is reached, layers that we've gathered so far are transformed into the actual, "new-style" "flat" ConstructionContext, which is put into the CFGConstructor element and has no layers whatsoever (until it actually needs them, eg. aggregate initialization). The new-style ConstructionContext is instead presented as a variety of sub-classes that enumerate different ways of constructing an object in C++. There are 5 (five) of these supported for now, which is around a half of what needs to be supported.

The layer-by-layer buildup process is still a bit weird, but it's pretty functional with all the immutable stuff and pattern-matching, and i'm not seeing any easy alternatives.

Diff Detail

Repository
rL LLVM

Event Timeline

NoQ created this revision.Feb 20 2018, 3:34 PM
Herald added subscribers: cfe-commits, rnkovacs, mgorny. · View Herald TranscriptFeb 20 2018, 3:34 PM
NoQ added a parent revision: D43497: [analyzer] Introduce correct lifetime extension behavior in simple cases..Feb 20 2018, 3:34 PM
NoQ updated this revision to Diff 135154.Feb 20 2018, 3:40 PM

Remove unused methods.

dcoughlin added a comment.Feb 20 2018, 7:07 PM

This looks great to me Artem! I'll be very curious to see how you extend this to handle initializer lists.

lib/Analysis/CFG.cpp
4737 ↗(On Diff #135154)

Eventually (not now) I think it would be great to include the construction context kind in the printed CFG. This would make it easier to understand at a glance the context.

lib/Analysis/ConstructionContext.cpp
49 ↗(On Diff #135154)

I like how this puts all the messy pattern matching in one place. The follows the general LLVM guidelines of "if it has to be messy, put it all in one place and hide the messiness from everything else".

lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
643 ↗(On Diff #135154)

This is much more semantically clear. Thank you!!

dcoughlin accepted this revision.Feb 20 2018, 7:07 PM
This revision is now accepted and ready to land.Feb 20 2018, 7:07 PM
a.sidorin accepted this revision.Feb 21 2018, 3:45 AM
a.sidorin added inline comments.
include/clang/Analysis/ConstructionContext.h
119 ↗(On Diff #135154)

Maybe just build()? For me, finalize() strongly associates with Java's broken clean-up mechanism.

NoQ updated this revision to Diff 135480.Feb 22 2018, 11:09 AM

Address comments.

include/clang/Analysis/ConstructionContext.h
119 ↗(On Diff #135154)

Renamed into createFromLayers().

lib/Analysis/CFG.cpp
4737 ↗(On Diff #135154)

Yeah, the only reason i don't do verbose printing is because changes in tests are massive.

lib/Analysis/ConstructionContext.cpp
49 ↗(On Diff #135154)

Actually two places, the other one being findConstructionContext().

NoQ added a child revision: D43666: [analyzer] When constructing a temporary without construction context, track it for destruction anyway..Feb 22 2018, 6:15 PM
NoQ updated this revision to Diff 135667.EditedFeb 23 2018, 11:08 AM

Missing break!~~

NoQ added a child revision: D43689: [analyzer] Disable constructor inlining when lifetime extension through fields occurs..Feb 23 2018, 11:22 AM
Closed by commit rL326238: [CFG] NFC: Refactor ConstructionContext into a finite set of cases. (authored by NoQ). · Explain WhyFeb 27 2018, 12:05 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptFeb 27 2018, 12:05 PM

Revision Contents

PathSize
cfe/
trunk/
include/
clang/
Analysis/
107 lines
245 lines
lib/
Analysis/
118 lines
1 line
92 lines
StaticAnalyzer/
Core/
130 lines
8 lines

Diff 136128

cfe/trunk/include/clang/Analysis/CFG.h

Show All 32 Lines
#include <memory> #include <memory>
#include <vector> #include <vector>
namespace clang { namespace clang {
class ASTContext; class ASTContext;
class BinaryOperator; class BinaryOperator;
class CFG; class CFG;
class ConstructionContext;
class CXXBaseSpecifier; class CXXBaseSpecifier;
class CXXBindTemporaryExpr; class CXXBindTemporaryExpr;
class CXXCtorInitializer; class CXXCtorInitializer;
class CXXDeleteExpr; class CXXDeleteExpr;
class CXXDestructorDecl; class CXXDestructorDecl;
class CXXNewExpr; class CXXNewExpr;
class CXXRecordDecl; class CXXRecordDecl;
class Decl; class Decl;
▲ Show 20 LinesShow All 86 Lines▼ Show 20 Linesprivate:
static bool isKind(const CFGElement &E) { static bool isKind(const CFGElement &E) {
return E.getKind() >= STMT_BEGIN && E.getKind() <= STMT_END; return E.getKind() >= STMT_BEGIN && E.getKind() <= STMT_END;
} }
protected: protected:
CFGStmt() = default; CFGStmt() = default;
}; };
// This is bulky data for CFGConstructor which would not fit into the
// CFGElement's room (pair of pointers). Contains the information
// necessary to express what memory is being initialized by
// the construction.
class ConstructionContext {
public:
typedef llvm::PointerUnion<Stmt *, CXXCtorInitializer *> TriggerTy;
private:
// The construction site - the statement that triggered the construction
// for one of its parts. For instance, stack variable declaration statement
// triggers construction of itself or its elements if it's an array,
// new-expression triggers construction of the newly allocated object(s).
TriggerTy Trigger;
// Sometimes a single trigger is not enough to describe the construction site.
// In this case we'd have a chain of "partial" construction contexts.
// Some examples:
// - A constructor within in an aggregate initializer list within a variable
// would have a construction context of the initializer list with the parent
// construction context of a variable.
// - A constructor for a temporary that needs to be both destroyed
// and materialized into an elidable copy constructor would have a
// construction context of a CXXBindTemporaryExpr with the parent
// construction context of a MaterializeTemproraryExpr.
// Not all of these are currently supported.
const ConstructionContext *Parent = nullptr;
ConstructionContext() = default;
ConstructionContext(TriggerTy Trigger, const ConstructionContext *Parent)
: Trigger(Trigger), Parent(Parent) {}
public:
static const ConstructionContext *
create(BumpVectorContext &C, TriggerTy Trigger,
const ConstructionContext *Parent = nullptr) {
ConstructionContext *CC = C.getAllocator().Allocate<ConstructionContext>();
return new (CC) ConstructionContext(Trigger, Parent);
}
bool isNull() const { return Trigger.isNull(); }
TriggerTy getTrigger() const { return Trigger; }
const ConstructionContext *getParent() const { return Parent; }
const Stmt *getTriggerStmt() const {
return Trigger.dyn_cast<Stmt *>();
}
const CXXCtorInitializer *getTriggerInit() const {
return Trigger.dyn_cast<CXXCtorInitializer *>();
}
const MaterializeTemporaryExpr *getMaterializedTemporary() const {
// TODO: Be more careful to ensure that there's only one MTE around.
for (const ConstructionContext *CC = this; CC; CC = CC->getParent()) {
if (const auto *MTE = dyn_cast_or_null<MaterializeTemporaryExpr>(
CC->getTriggerStmt())) {
return MTE;
}
}
return nullptr;
}
bool isSameAsPartialContext(const ConstructionContext *Other) const {
assert(Other);
return (Trigger == Other->Trigger);
}
// See if Other is a proper initial segment of this construction context
// in terms of the parent chain - i.e. a few first parents coincide and
// then the other context terminates but our context goes further - i.e.,
// we are providing the same context that the other context provides,
// and a bit more above that.
bool isStrictlyMoreSpecificThan(const ConstructionContext *Other) const {
const ConstructionContext *Self = this;
while (true) {
if (!Other)
return Self;
if (!Self || !Self->isSameAsPartialContext(Other))
return false;
Self = Self->getParent();
Other = Other->getParent();
}
llvm_unreachable("The above loop can only be terminated via return!");
}
};
/// CFGConstructor - Represents C++ constructor call. Maintains information /// CFGConstructor - Represents C++ constructor call. Maintains information
/// necessary to figure out what memory is being initialized by the /// necessary to figure out what memory is being initialized by the
/// constructor expression. For now this is only used by the analyzer's CFG. /// constructor expression. For now this is only used by the analyzer's CFG.
class CFGConstructor : public CFGStmt { class CFGConstructor : public CFGStmt {
public: public:
explicit CFGConstructor(CXXConstructExpr *CE, const ConstructionContext *C) explicit CFGConstructor(CXXConstructExpr *CE, const ConstructionContext *C)
: CFGStmt(CE, Constructor) { : CFGStmt(CE, Constructor) {
assert(!C->isNull()); assert(C);
Data2.setPointer(const_cast<ConstructionContext *>(C)); Data2.setPointer(const_cast<ConstructionContext *>(C));
} }
const ConstructionContext *getConstructionContext() const { const ConstructionContext *getConstructionContext() const {
return static_cast<ConstructionContext *>(Data2.getPointer()); return static_cast<ConstructionContext *>(Data2.getPointer());
} }
QualType getType() const { QualType getType() const {
return cast<CXXConstructExpr>(getStmt())->getType(); return cast<CXXConstructExpr>(getStmt())->getType();
} }
ConstructionContext::TriggerTy getTrigger() const {
return getConstructionContext()->getTrigger();
}
const Stmt *getTriggerStmt() const {
return getConstructionContext()->getTriggerStmt();
}
const CXXCtorInitializer *getTriggerInit() const {
return getConstructionContext()->getTriggerInit();
}
const MaterializeTemporaryExpr *getMaterializedTemporary() const {
return getConstructionContext()->getMaterializedTemporary();
}
private: private:
friend class CFGElement; friend class CFGElement;
CFGConstructor() = default; CFGConstructor() = default;
static bool isKind(const CFGElement &E) { static bool isKind(const CFGElement &E) {
return E.getKind() == Constructor; return E.getKind() == Constructor;
} }
▲ Show 20 LinesShow All 1,041 LinesShow Last 20 Lines

cfe/trunk/include/clang/Analysis/ConstructionContext.h

//===- ConstructionContext.h - CFG constructor information ------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This file defines the ConstructionContext class and its sub-classes,
// which represent various different ways of constructing C++ objects
// with the additional information the users may want to know about
// the constructor.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_ANALYSIS_CONSTRUCTIONCONTEXT_H
#define LLVM_CLANG_ANALYSIS_CONSTRUCTIONCONTEXT_H
#include "clang/Analysis/Support/BumpVector.h"
#include "clang/AST/ExprCXX.h"
namespace clang {
/// Construction context is a linked list of multiple layers. Layers are
/// created gradually while traversing the AST, and layers that represent
/// the outmost AST nodes are built first, while the node that immediately
/// contains the constructor would be built last and capture the previous
/// layers as its parents. Construction context captures the last layer
/// (which has links to the previous layers) and classifies the seemingly
/// arbitrary chain of layers into one of the possible ways of constructing
/// an object in C++ for user-friendly experience.
class ConstructionContextLayer {
public:
typedef llvm::PointerUnion<Stmt *, CXXCtorInitializer *> TriggerTy;
private:
/// The construction site - the statement that triggered the construction
/// for one of its parts. For instance, stack variable declaration statement
/// triggers construction of itself or its elements if it's an array,
/// new-expression triggers construction of the newly allocated object(s).
TriggerTy Trigger;
/// Sometimes a single trigger is not enough to describe the construction
/// site. In this case we'd have a chain of "partial" construction context
/// layers.
/// Some examples:
/// - A constructor within in an aggregate initializer list within a variable
/// would have a construction context of the initializer list with
/// the parent construction context of a variable.
/// - A constructor for a temporary that needs to be both destroyed
/// and materialized into an elidable copy constructor would have a
/// construction context of a CXXBindTemporaryExpr with the parent
/// construction context of a MaterializeTemproraryExpr.
/// Not all of these are currently supported.
const ConstructionContextLayer *Parent = nullptr;
ConstructionContextLayer(TriggerTy Trigger,
const ConstructionContextLayer *Parent)
: Trigger(Trigger), Parent(Parent) {}
public:
static const ConstructionContextLayer *
create(BumpVectorContext &C, TriggerTy Trigger,
const ConstructionContextLayer *Parent = nullptr);
const ConstructionContextLayer *getParent() const { return Parent; }
bool isLast() const { return !Parent; }
const Stmt *getTriggerStmt() const {
return Trigger.dyn_cast<Stmt *>();
}
const CXXCtorInitializer *getTriggerInit() const {
return Trigger.dyn_cast<CXXCtorInitializer *>();
}
/// Returns true if these layers are equal as individual layers, even if
/// their parents are different.
bool isSameLayer(const ConstructionContextLayer *Other) const {
assert(Other);
return (Trigger == Other->Trigger);
}
/// See if Other is a proper initial segment of this construction context
/// in terms of the parent chain - i.e. a few first parents coincide and
/// then the other context terminates but our context goes further - i.e.,
/// we are providing the same context that the other context provides,
/// and a bit more above that.
bool isStrictlyMoreSpecificThan(const ConstructionContextLayer *Other) const;
};
/// ConstructionContext's subclasses describe different ways of constructing
/// an object in C++. The context re-captures the essential parent AST nodes
/// of the CXXConstructExpr it is assigned to and presents these nodes
/// through easy-to-understand accessor methods.
class ConstructionContext {
public:
enum Kind {
SimpleVariableKind,
ConstructorInitializerKind,
NewAllocatedObjectKind,
TemporaryObjectKind,
ReturnedValueKind
};
protected:
Kind K;
protected:
// Do not make public! These need to only be constructed
// via createFromLayers().
explicit ConstructionContext(Kind K) : K(K) {}
public:
/// Consume the construction context layer, together with its parent layers,
/// and wrap it up into a complete construction context.
static const ConstructionContext *
createFromLayers(BumpVectorContext &C,
const ConstructionContextLayer *TopLayer);
Kind getKind() const { return K; }
};
/// Represents construction into a simple local variable, eg. T var(123);.
class SimpleVariableConstructionContext : public ConstructionContext {
const DeclStmt *DS;
public:
explicit SimpleVariableConstructionContext(const DeclStmt *DS)
: ConstructionContext(ConstructionContext::SimpleVariableKind), DS(DS) {
assert(DS);
}
const DeclStmt *getDeclStmt() const { return DS; }
static bool classof(const ConstructionContext *CC) {
return CC->getKind() == SimpleVariableKind;
}
};
/// Represents construction into a field or a base class within a bigger object
/// via a constructor initializer, eg. T(): field(123) { ... }.
class ConstructorInitializerConstructionContext : public ConstructionContext {
const CXXCtorInitializer *I;
public:
explicit ConstructorInitializerConstructionContext(
const CXXCtorInitializer *I)
: ConstructionContext(ConstructionContext::ConstructorInitializerKind),
I(I) {
assert(I);
}
const CXXCtorInitializer *getCXXCtorInitializer() const { return I; }
static bool classof(const ConstructionContext *CC) {
return CC->getKind() == ConstructorInitializerKind;
}
};
/// Represents immediate initialization of memory allocated by operator new,
/// eg. new T(123);.
class NewAllocatedObjectConstructionContext : public ConstructionContext {
const CXXNewExpr *NE;
public:
explicit NewAllocatedObjectConstructionContext(const CXXNewExpr *NE)
: ConstructionContext(ConstructionContext::NewAllocatedObjectKind),
NE(NE) {
assert(NE);
}
const CXXNewExpr *getCXXNewExpr() const { return NE; }
static bool classof(const ConstructionContext *CC) {
return CC->getKind() == NewAllocatedObjectKind;
}
};
/// Represents a temporary object, eg. T(123), that does not immediately cross
/// function boundaries "by value"; constructors that construct function
/// value-type arguments or values that are immediately returned from the
/// function that returns a value receive separate construction context kinds.
class TemporaryObjectConstructionContext : public ConstructionContext {
const CXXBindTemporaryExpr *BTE;
const MaterializeTemporaryExpr *MTE;
public:
explicit TemporaryObjectConstructionContext(
const CXXBindTemporaryExpr *BTE, const MaterializeTemporaryExpr *MTE)
: ConstructionContext(ConstructionContext::TemporaryObjectKind),
BTE(BTE), MTE(MTE) {
// Both BTE and MTE can be null here, all combinations possible.
// Even though for now at least one should be non-null, we simply haven't
// implemented this case yet (this would be a temporary in the middle of
// nowhere that doesn't have a non-trivial destructor).
}
/// CXXBindTemporaryExpr here is non-null as long as the temporary has
/// a non-trivial destructor.
const CXXBindTemporaryExpr *getCXXBindTemporaryExpr() const {
return BTE;
}
/// MaterializeTemporaryExpr is non-null as long as the temporary is actually
/// used after construction, eg. by binding to a reference (lifetime
/// extension), accessing a field, calling a method, or passing it into
/// a function (an elidable copy or move constructor would be a common
/// example) by reference.
const MaterializeTemporaryExpr *getMaterializedTemporaryExpr() const {
return MTE;
}
static bool classof(const ConstructionContext *CC) {
return CC->getKind() == TemporaryObjectKind;
}
};
/// Represents a temporary object that is being immediately returned from a
/// function by value, eg. return t; or return T(123);. In this case there is
/// always going to be a constructor at the return site. However, the usual
/// temporary-related bureaucracy (CXXBindTemporaryExpr,
/// MaterializeTemporaryExpr) is normally located in the caller function's AST.
class ReturnedValueConstructionContext : public ConstructionContext {
const ReturnStmt *RS;
public:
explicit ReturnedValueConstructionContext(const ReturnStmt *RS)
: ConstructionContext(ConstructionContext::ReturnedValueKind), RS(RS) {
assert(RS);
}
const ReturnStmt *getReturnStmt() const { return RS; }
static bool classof(const ConstructionContext *CC) {
return CC->getKind() == ReturnedValueKind;
}
};
} // end namespace clang
#endif // LLVM_CLANG_ANALYSIS_CONSTRUCTIONCONTEXT_H

cfe/trunk/lib/Analysis/CFG.cpp

Show All 23 Lines
#include "clang/AST/OperationKinds.h" #include "clang/AST/OperationKinds.h"
#include "clang/AST/PrettyPrinter.h" #include "clang/AST/PrettyPrinter.h"
#include "clang/AST/Stmt.h" #include "clang/AST/Stmt.h"
#include "clang/AST/StmtCXX.h" #include "clang/AST/StmtCXX.h"
#include "clang/AST/StmtObjC.h" #include "clang/AST/StmtObjC.h"
#include "clang/AST/StmtVisitor.h" #include "clang/AST/StmtVisitor.h"
#include "clang/AST/Type.h" #include "clang/AST/Type.h"
#include "clang/Analysis/Support/BumpVector.h" #include "clang/Analysis/Support/BumpVector.h"
#include "clang/Analysis/ConstructionContext.h"
#include "clang/Basic/Builtins.h" #include "clang/Basic/Builtins.h"
#include "clang/Basic/ExceptionSpecificationType.h" #include "clang/Basic/ExceptionSpecificationType.h"
#include "clang/Basic/LLVM.h" #include "clang/Basic/LLVM.h"
#include "clang/Basic/LangOptions.h" #include "clang/Basic/LangOptions.h"
#include "clang/Basic/SourceLocation.h" #include "clang/Basic/SourceLocation.h"
#include "clang/Basic/Specifiers.h" #include "clang/Basic/Specifiers.h"
#include "llvm/ADT/APInt.h" #include "llvm/ADT/APInt.h"
#include "llvm/ADT/APSInt.h" #include "llvm/ADT/APSInt.h"
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Linesclass CFGBuilder {
// A list of labels whose address has been taken (for indirect gotos). // A list of labels whose address has been taken (for indirect gotos).
using LabelSetTy = llvm::SmallSetVector<LabelDecl *, 8>; using LabelSetTy = llvm::SmallSetVector<LabelDecl *, 8>;
LabelSetTy AddressTakenLabels; LabelSetTy AddressTakenLabels;
// Information about the currently visited C++ object construction site. // Information about the currently visited C++ object construction site.
// This is set in the construction trigger and read when the constructor // This is set in the construction trigger and read when the constructor
// itself is being visited. // itself is being visited.
llvm::DenseMap<CXXConstructExpr *, const ConstructionContext *> llvm::DenseMap<CXXConstructExpr *, const ConstructionContextLayer *>
ConstructionContextMap; ConstructionContextMap;
bool badCFG = false; bool badCFG = false;
const CFG::BuildOptions &BuildOpts; const CFG::BuildOptions &BuildOpts;
// State to track for building switch statements. // State to track for building switch statements.
bool switchExclusivelyCovered = false; bool switchExclusivelyCovered = false;
Expr::EvalResult *switchCond = nullptr; Expr::EvalResult *switchCond = nullptr;
▲ Show 20 LinesShow All 160 Lines▼ Show 20 Lines void InsertTempDtorDecisionBlock(const TempDtorContext &Context,
CFGBlock *FalseSucc = nullptr); CFGBlock *FalseSucc = nullptr);
// NYS == Not Yet Supported // NYS == Not Yet Supported
CFGBlock *NYS() { CFGBlock *NYS() {
badCFG = true; badCFG = true;
return Block; return Block;
} }
// Remember to apply \p CC when constructing the CFG element for \p CE. // Remember to apply the construction context based on the current \p Layer
void consumeConstructionContext(const ConstructionContext *CC, // when constructing the CFG element for \p CE.
void consumeConstructionContext(const ConstructionContextLayer *Layer,
CXXConstructExpr *CE); CXXConstructExpr *CE);
// Scan the child statement \p Child to find the constructor that might // Scan \p Child statement to find constructors in it, while keeping in mind
// have been directly triggered by the current node, \p Trigger. If such // that its parent statement is providing a partial construction context
// constructor has been found, set current construction context to point // described by \p Layer. If a constructor is found, it would be assigned
// to the trigger statement. The construction context will be unset once // the context based on the layer. If an additional construction context layer
// it is consumed when the CFG building procedure processes the // is found, the function recurses into that.
// construct-expression and adds the respective CFGConstructor element. void findConstructionContexts(const ConstructionContextLayer *Layer,
void findConstructionContexts(const ConstructionContext *ContextSoFar,
Stmt *Child); Stmt *Child);
// Unset the construction context after consuming it. This is done immediately // Unset the construction context after consuming it. This is done immediately
// after adding the CFGConstructor element, so there's no need to // after adding the CFGConstructor element, so there's no need to
// do this manually in every Visit... function. // do this manually in every Visit... function.
void cleanupConstructionContext(CXXConstructExpr *CE); void cleanupConstructionContext(CXXConstructExpr *CE);
void autoCreateBlock() { if (!Block) Block = createBlock(); } void autoCreateBlock() { if (!Block) Block = createBlock(); }
CFGBlock *createBlock(bool add_successor = true); CFGBlock *createBlock(bool add_successor = true);
CFGBlock *createNoReturnBlock(); CFGBlock *createNoReturnBlock();
Show All 30 Lines void appendStmt(CFGBlock *B, const Stmt *S) {
// All block-level expressions should have already been IgnoreParens()ed. // All block-level expressions should have already been IgnoreParens()ed.
assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S);
B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext());
} }
void appendConstructor(CFGBlock *B, CXXConstructExpr *CE) { void appendConstructor(CFGBlock *B, CXXConstructExpr *CE) {
if (BuildOpts.AddRichCXXConstructors) { if (BuildOpts.AddRichCXXConstructors) {
if (const ConstructionContext *CC = ConstructionContextMap.lookup(CE)) { if (const ConstructionContextLayer *Layer =
ConstructionContextMap.lookup(CE)) {
const ConstructionContext *CC =
ConstructionContext::createFromLayers(cfg->getBumpVectorContext(),
Layer);
B->appendConstructor(CE, CC, cfg->getBumpVectorContext()); B->appendConstructor(CE, CC, cfg->getBumpVectorContext());
cleanupConstructionContext(CE); cleanupConstructionContext(CE);
return; return;
} }
} }
// No valid construction context found. Fall back to statement. // No valid construction context found. Fall back to statement.
B->appendStmt(CE, cfg->getBumpVectorContext()); B->appendStmt(CE, cfg->getBumpVectorContext());
▲ Show 20 LinesShow All 428 Lines▼ Show 20 Lines if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt))
return vat; return vat;
t = vt->getElementType().getTypePtr(); t = vt->getElementType().getTypePtr();
} }
return nullptr; return nullptr;
} }
void CFGBuilder::consumeConstructionContext(const ConstructionContext *CC, CXXConstructExpr *CE) { void CFGBuilder::consumeConstructionContext(
if (const ConstructionContext *PreviousContext = const ConstructionContextLayer *Layer, CXXConstructExpr *CE) {
if (const ConstructionContextLayer *PreviouslyStoredLayer =
ConstructionContextMap.lookup(CE)) { ConstructionContextMap.lookup(CE)) {
// We might have visited this child when we were finding construction // We might have visited this child when we were finding construction
// contexts within its parents. // contexts within its parents.
assert(PreviousContext->isStrictlyMoreSpecificThan(CC) && assert(PreviouslyStoredLayer->isStrictlyMoreSpecificThan(Layer) &&
"Already within a different construction context!"); "Already within a different construction context!");
} else { } else {
ConstructionContextMap[CE] = CC; ConstructionContextMap[CE] = Layer;
} }
} }
void CFGBuilder::findConstructionContexts( void CFGBuilder::findConstructionContexts(
const ConstructionContext *ContextSoFar, Stmt *Child) { const ConstructionContextLayer *Layer, Stmt *Child) {
if (!BuildOpts.AddRichCXXConstructors) if (!BuildOpts.AddRichCXXConstructors)
return; return;
if (!Child) if (!Child)
return; return;
switch(Child->getStmtClass()) { switch(Child->getStmtClass()) {
case Stmt::CXXConstructExprClass: case Stmt::CXXConstructExprClass:
case Stmt::CXXTemporaryObjectExprClass: { case Stmt::CXXTemporaryObjectExprClass: {
consumeConstructionContext(ContextSoFar, cast<CXXConstructExpr>(Child)); consumeConstructionContext(Layer, cast<CXXConstructExpr>(Child));
break; break;
} }
case Stmt::ExprWithCleanupsClass: { case Stmt::ExprWithCleanupsClass: {
auto *Cleanups = cast<ExprWithCleanups>(Child); auto *Cleanups = cast<ExprWithCleanups>(Child);
findConstructionContexts(ContextSoFar, Cleanups->getSubExpr()); findConstructionContexts(Layer, Cleanups->getSubExpr());
break; break;
} }
case Stmt::CXXFunctionalCastExprClass: { case Stmt::CXXFunctionalCastExprClass: {
auto *Cast = cast<CXXFunctionalCastExpr>(Child); auto *Cast = cast<CXXFunctionalCastExpr>(Child);
findConstructionContexts(ContextSoFar, Cast->getSubExpr()); findConstructionContexts(Layer, Cast->getSubExpr());
break; break;
} }
case Stmt::ImplicitCastExprClass: { case Stmt::ImplicitCastExprClass: {
auto *Cast = cast<ImplicitCastExpr>(Child); auto *Cast = cast<ImplicitCastExpr>(Child);
findConstructionContexts(ContextSoFar, Cast->getSubExpr()); findConstructionContexts(Layer, Cast->getSubExpr());
break; break;
} }
case Stmt::CXXBindTemporaryExprClass: { case Stmt::CXXBindTemporaryExprClass: {
auto *BTE = cast<CXXBindTemporaryExpr>(Child); auto *BTE = cast<CXXBindTemporaryExpr>(Child);
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), BTE, ConstructionContextLayer::create(cfg->getBumpVectorContext(),
ContextSoFar), BTE, Layer),
BTE->getSubExpr()); BTE->getSubExpr());
break; break;
} }
case Stmt::ConditionalOperatorClass: { case Stmt::ConditionalOperatorClass: {
auto *CO = cast<ConditionalOperator>(Child); auto *CO = cast<ConditionalOperator>(Child);
findConstructionContexts(ContextSoFar, CO->getLHS()); findConstructionContexts(Layer, CO->getLHS());
findConstructionContexts(ContextSoFar, CO->getRHS()); findConstructionContexts(Layer, CO->getRHS());
break; break;
} }
default: default:
break; break;
} }
} }
void CFGBuilder::cleanupConstructionContext(CXXConstructExpr *CE) { void CFGBuilder::cleanupConstructionContext(CXXConstructExpr *CE) {
▲ Show 20 LinesShow All 132 Lines▼ Show 20 Lines if (Init) {
} }
} }
autoCreateBlock(); autoCreateBlock();
appendInitializer(Block, I); appendInitializer(Block, I);
if (Init) { if (Init) {
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), I), ConstructionContextLayer::create(cfg->getBumpVectorContext(), I),
Init); Init);
if (HasTemporaries) { if (HasTemporaries) {
// For expression with temporaries go directly to subexpression to omit // For expression with temporaries go directly to subexpression to omit
// generating destructors for the second time. // generating destructors for the second time.
return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); return Visit(cast<ExprWithCleanups>(Init)->getSubExpr());
} }
if (BuildOpts.AddCXXDefaultInitExprInCtors) { if (BuildOpts.AddCXXDefaultInitExprInCtors) {
▲ Show 20 LinesShow All 1,075 Lines▼ Show 20 Lines if (BuildOpts.AddTemporaryDtors && HasTemporaries) {
/*BindToTemporary=*/false, Context); /*BindToTemporary=*/false, Context);
} }
} }
autoCreateBlock(); autoCreateBlock();
appendStmt(Block, DS); appendStmt(Block, DS);
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), DS), ConstructionContextLayer::create(cfg->getBumpVectorContext(), DS),
Init); Init);
// Keep track of the last non-null block, as 'Block' can be nulled out // Keep track of the last non-null block, as 'Block' can be nulled out
// if the initializer expression is something like a 'while' in a // if the initializer expression is something like a 'while' in a
// statement-expression. // statement-expression.
CFGBlock *LastBlock = Block; CFGBlock *LastBlock = Block;
if (Init) { if (Init) {
▲ Show 20 LinesShow All 177 Lines▼ Show 20 LinesCFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) {
// able to report such dead blocks. // able to report such dead blocks.
// Create the new block. // Create the new block.
Block = createBlock(false); Block = createBlock(false);
addAutomaticObjHandling(ScopePos, LocalScope::const_iterator(), R); addAutomaticObjHandling(ScopePos, LocalScope::const_iterator(), R);
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), R), ConstructionContextLayer::create(cfg->getBumpVectorContext(), R),
R->getRetValue()); R->getRetValue());
// If the one of the destructors does not return, we already have the Exit // If the one of the destructors does not return, we already have the Exit
// block as a successor. // block as a successor.
if (!Block->hasNoReturnElement()) if (!Block->hasNoReturnElement())
addSuccessor(Block, &cfg->getExit()); addSuccessor(Block, &cfg->getExit());
// Add the return statement to the block. This may create new blocks if R // Add the return statement to the block. This may create new blocks if R
▲ Show 20 LinesShow All 356 Lines▼ Show 20 LinesCFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) {
Succ = EntryConditionBlock; Succ = EntryConditionBlock;
return EntryConditionBlock; return EntryConditionBlock;
} }
CFGBlock * CFGBlock *
CFGBuilder::VisitMaterializeTemporaryExpr(MaterializeTemporaryExpr *MTE, CFGBuilder::VisitMaterializeTemporaryExpr(MaterializeTemporaryExpr *MTE,
AddStmtChoice asc) { AddStmtChoice asc) {
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), MTE), ConstructionContextLayer::create(cfg->getBumpVectorContext(), MTE),
MTE->getTemporary()); MTE->getTemporary());
return VisitStmt(MTE, asc); return VisitStmt(MTE, asc);
} }
CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) { CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) {
if (asc.alwaysAdd(*this, M)) { if (asc.alwaysAdd(*this, M)) {
autoCreateBlock(); autoCreateBlock();
▲ Show 20 LinesShow All 970 Lines▼ Show 20 Lines
CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E,
AddStmtChoice asc) { AddStmtChoice asc) {
if (asc.alwaysAdd(*this, E)) { if (asc.alwaysAdd(*this, E)) {
autoCreateBlock(); autoCreateBlock();
appendStmt(Block, E); appendStmt(Block, E);
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), E), ConstructionContextLayer::create(cfg->getBumpVectorContext(), E),
E->getSubExpr()); E->getSubExpr());
// We do not want to propagate the AlwaysAdd property. // We do not want to propagate the AlwaysAdd property.
asc = asc.withAlwaysAdd(false); asc = asc.withAlwaysAdd(false);
} }
return Visit(E->getSubExpr(), asc); return Visit(E->getSubExpr(), asc);
} }
CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C, CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C,
AddStmtChoice asc) { AddStmtChoice asc) {
autoCreateBlock(); autoCreateBlock();
appendConstructor(Block, C); appendConstructor(Block, C);
return VisitChildren(C); return VisitChildren(C);
} }
CFGBlock *CFGBuilder::VisitCXXNewExpr(CXXNewExpr *NE, CFGBlock *CFGBuilder::VisitCXXNewExpr(CXXNewExpr *NE,
AddStmtChoice asc) { AddStmtChoice asc) {
autoCreateBlock(); autoCreateBlock();
appendStmt(Block, NE); appendStmt(Block, NE);
findConstructionContexts( findConstructionContexts(
ConstructionContext::create(cfg->getBumpVectorContext(), NE), ConstructionContextLayer::create(cfg->getBumpVectorContext(), NE),
const_cast<CXXConstructExpr *>(NE->getConstructExpr())); const_cast<CXXConstructExpr *>(NE->getConstructExpr()));
if (NE->getInitializer()) if (NE->getInitializer())
Block = Visit(NE->getInitializer()); Block = Visit(NE->getInitializer());
if (BuildOpts.AddCXXNewAllocator) if (BuildOpts.AddCXXNewAllocator)
appendNewAllocator(Block, NE); appendNewAllocator(Block, NE);
▲ Show 20 LinesShow All 710 Lines▼ Show 20 Lines if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) {
if (isa<CXXOperatorCallExpr>(S)) { if (isa<CXXOperatorCallExpr>(S)) {
OS << " (OperatorCall)"; OS << " (OperatorCall)";
} else if (isa<CXXBindTemporaryExpr>(S)) { } else if (isa<CXXBindTemporaryExpr>(S)) {
OS << " (BindTemporary)"; OS << " (BindTemporary)";
} else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) { } else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) {
OS << " (CXXConstructExpr, "; OS << " (CXXConstructExpr, ";
if (Optional<CFGConstructor> CE = E.getAs<CFGConstructor>()) { if (Optional<CFGConstructor> CE = E.getAs<CFGConstructor>()) {
// TODO: Refactor into ConstructionContext::print(). const ConstructionContext *CC = CE->getConstructionContext();
if (const Stmt *S = CE->getTriggerStmt()) const Stmt *S1 = nullptr, *S2 = nullptr;
Helper.handledStmt(const_cast<Stmt *>(S), OS); switch (CC->getKind()) {
else if (const CXXCtorInitializer *I = CE->getTriggerInit()) case ConstructionContext::ConstructorInitializerKind: {
print_initializer(OS, Helper, I); const auto *ICC = cast<ConstructorInitializerConstructionContext>(CC);
else print_initializer(OS, Helper, ICC->getCXXCtorInitializer());
llvm_unreachable("Unexpected trigger kind!");
OS << ", "; OS << ", ";
if (const Stmt *S = CE->getMaterializedTemporary()) { break;
if (S != CE->getTriggerStmt()) { }
Helper.handledStmt(const_cast<Stmt *>(S), OS); case ConstructionContext::SimpleVariableKind: {
const auto *DSCC = cast<SimpleVariableConstructionContext>(CC);
S1 = DSCC->getDeclStmt();
break;
}
case ConstructionContext::NewAllocatedObjectKind: {
const auto *NECC = cast<NewAllocatedObjectConstructionContext>(CC);
S1 = NECC->getCXXNewExpr();
break;
}
case ConstructionContext::ReturnedValueKind: {
const auto *RSCC = cast<ReturnedValueConstructionContext>(CC);
S1 = RSCC->getReturnStmt();
break;
}
case ConstructionContext::TemporaryObjectKind: {
const auto *TOCC = cast<TemporaryObjectConstructionContext>(CC);
S1 = TOCC->getCXXBindTemporaryExpr();
S2 = TOCC->getMaterializedTemporaryExpr();
break;
}
}
if (S1) {
Helper.handledStmt(const_cast<Stmt *>(S1), OS);
OS << ", "; OS << ", ";
} }
if (S2) {
Helper.handledStmt(const_cast<Stmt *>(S2), OS);
OS << ", ";
} }
} }
OS << CCE->getType().getAsString() << ")"; OS << CCE->getType().getAsString() << ")";
} else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) { } else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) {
OS << " (" << CE->getStmtClassName() << ", " OS << " (" << CE->getStmtClassName() << ", "
<< CE->getCastKindName() << CE->getCastKindName()
<< ", " << CE->getType().getAsString() << ", " << CE->getType().getAsString()
<< ")"; << ")";
▲ Show 20 LinesShow All 405 LinesShow Last 20 Lines

cfe/trunk/lib/Analysis/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
Support Support
) )
add_clang_library(clangAnalysis add_clang_library(clangAnalysis
AnalysisDeclContext.cpp AnalysisDeclContext.cpp
BodyFarm.cpp BodyFarm.cpp
CFG.cpp CFG.cpp
CFGReachabilityAnalysis.cpp CFGReachabilityAnalysis.cpp
CFGStmtMap.cpp CFGStmtMap.cpp
CallGraph.cpp CallGraph.cpp
CloneDetection.cpp CloneDetection.cpp
CocoaConventions.cpp CocoaConventions.cpp
ConstructionContext.cpp
Consumed.cpp Consumed.cpp
CodeInjector.cpp CodeInjector.cpp
Dominators.cpp Dominators.cpp
FormatString.cpp FormatString.cpp
LiveVariables.cpp LiveVariables.cpp
OSLog.cpp OSLog.cpp
ObjCNoReturn.cpp ObjCNoReturn.cpp
PostOrderCFGView.cpp PostOrderCFGView.cpp
Show All 16 Lines

cfe/trunk/lib/Analysis/ConstructionContext.cpp

//===- ConstructionContext.cpp - CFG constructor information --------------===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This file defines the ConstructionContext class and its sub-classes,
// which represent various different ways of constructing C++ objects
// with the additional information the users may want to know about
// the constructor.
//
//===----------------------------------------------------------------------===//
#include "clang/Analysis/ConstructionContext.h"
using namespace clang;
const ConstructionContextLayer *
ConstructionContextLayer::create(BumpVectorContext &C, TriggerTy Trigger,
const ConstructionContextLayer *Parent) {
ConstructionContextLayer *CC =
C.getAllocator().Allocate<ConstructionContextLayer>();
return new (CC) ConstructionContextLayer(Trigger, Parent);
}
bool ConstructionContextLayer::isStrictlyMoreSpecificThan(
const ConstructionContextLayer *Other) const {
const ConstructionContextLayer *Self = this;
while (true) {
if (!Other)
return Self;
if (!Self || !Self->isSameLayer(Other))
return false;
Self = Self->getParent();
Other = Other->getParent();
}
llvm_unreachable("The above loop can only be terminated via return!");
}
const ConstructionContext *ConstructionContext::createFromLayers(
BumpVectorContext &C, const ConstructionContextLayer *TopLayer) {
// Before this point all we've had was a stockpile of arbitrary layers.
// Now validate that it is shaped as one of the finite amount of expected
// patterns.
if (const Stmt *S = TopLayer->getTriggerStmt()) {
if (const auto *DS = dyn_cast<DeclStmt>(S)) {
assert(TopLayer->isLast());
auto *CC =
C.getAllocator().Allocate<SimpleVariableConstructionContext>();
return new (CC) SimpleVariableConstructionContext(DS);
} else if (const auto *NE = dyn_cast<CXXNewExpr>(S)) {
assert(TopLayer->isLast());
auto *CC =
C.getAllocator().Allocate<NewAllocatedObjectConstructionContext>();
return new (CC) NewAllocatedObjectConstructionContext(NE);
} else if (const auto *BTE = dyn_cast<CXXBindTemporaryExpr>(S)) {
const MaterializeTemporaryExpr *MTE = nullptr;
assert(BTE->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasNonTrivialDestructor());
// For temporaries with destructors, there may or may not be
// lifetime extension on the parent layer.
if (const ConstructionContextLayer *ParentLayer = TopLayer->getParent()) {
assert(ParentLayer->isLast());
MTE = cast<MaterializeTemporaryExpr>(ParentLayer->getTriggerStmt());
}
auto *CC =
C.getAllocator().Allocate<TemporaryObjectConstructionContext>();
return new (CC) TemporaryObjectConstructionContext(BTE, MTE);
} else if (const auto *MTE = dyn_cast<MaterializeTemporaryExpr>(S)) {
assert(MTE->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasTrivialDestructor());
assert(TopLayer->isLast());
auto *CC =
C.getAllocator().Allocate<TemporaryObjectConstructionContext>();
return new (CC) TemporaryObjectConstructionContext(nullptr, MTE);
} else if (const auto *RS = dyn_cast<ReturnStmt>(S)) {
assert(TopLayer->isLast());
auto *CC =
C.getAllocator().Allocate<ReturnedValueConstructionContext>();
return new (CC) ReturnedValueConstructionContext(RS);
}
} else if (const CXXCtorInitializer *I = TopLayer->getTriggerInit()) {
assert(TopLayer->isLast());
auto *CC =
C.getAllocator().Allocate<ConstructorInitializerConstructionContext>();
return new (CC) ConstructorInitializerConstructionContext(I);
}
llvm_unreachable("Unexpected construction context!");
}

cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp

//===- ExprEngineCXX.cpp - ExprEngine support for C++ -----------*- C++ -*-===// //===- ExprEngineCXX.cpp - ExprEngine support for C++ -----------*- C++ -*-===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file defines the C++ expression evaluation engine. // This file defines the C++ expression evaluation engine.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
#include "clang/Analysis/ConstructionContext.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
#include "clang/AST/StmtCXX.h" #include "clang/AST/StmtCXX.h"
#include "clang/AST/ParentMap.h" #include "clang/AST/ParentMap.h"
#include "clang/Basic/PrettyStackTrace.h" #include "clang/Basic/PrettyStackTrace.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
▲ Show 20 LinesShow All 83 Lines▼ Show 20 LinesExprEngine::getRegionForConstructedObject(const CXXConstructExpr *CE,
EvalCallOptions &CallOpts) { EvalCallOptions &CallOpts) {
const LocationContext *LCtx = Pred->getLocationContext(); const LocationContext *LCtx = Pred->getLocationContext();
ProgramStateRef State = Pred->getState(); ProgramStateRef State = Pred->getState();
MemRegionManager &MRMgr = getSValBuilder().getRegionManager(); MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
// See if we're constructing an existing region by looking at the // See if we're constructing an existing region by looking at the
// current construction context. // current construction context.
if (CC) { if (CC) {
if (const Stmt *TriggerStmt = CC->getTriggerStmt()) { switch (CC->getKind()) {
if (const CXXNewExpr *CNE = dyn_cast<CXXNewExpr>(TriggerStmt)) { case ConstructionContext::SimpleVariableKind: {
if (AMgr.getAnalyzerOptions().mayInlineCXXAllocator()) { const auto *DSCC = cast<SimpleVariableConstructionContext>(CC);
// TODO: Detect when the allocator returns a null pointer. const auto *DS = DSCC->getDeclStmt();
// Constructor shall not be called in this case.
if (const SubRegion *MR = dyn_cast_or_null<SubRegion>(
getCXXNewAllocatorValue(State, CNE, LCtx).getAsRegion())) {
if (CNE->isArray()) {
// TODO: In fact, we need to call the constructor for every
// allocated element, not just the first one!
CallOpts.IsArrayCtorOrDtor = true;
return getStoreManager().GetElementZeroRegion(
MR, CNE->getType()->getPointeeType());
}
return MR;
}
}
} else if (auto *DS = dyn_cast<DeclStmt>(TriggerStmt)) {
const auto *Var = cast<VarDecl>(DS->getSingleDecl()); const auto *Var = cast<VarDecl>(DS->getSingleDecl());
SVal LValue = State->getLValue(Var, LCtx); SVal LValue = State->getLValue(Var, LCtx);
QualType Ty = Var->getType(); QualType Ty = Var->getType();
LValue = makeZeroElementRegion(State, LValue, Ty, LValue =
CallOpts.IsArrayCtorOrDtor); makeZeroElementRegion(State, LValue, Ty, CallOpts.IsArrayCtorOrDtor);
return LValue.getAsRegion(); return LValue.getAsRegion();
} else if (isa<ReturnStmt>(TriggerStmt)) {
// TODO: We should construct into a CXXBindTemporaryExpr or a
// MaterializeTemporaryExpr around the call-expression on the previous
// stack frame. Currently we re-bind the temporary to the correct region
// later, but that's not semantically correct. This of course does not
// apply when we're in the top frame. But if we are in an inlined
// function, we should be able to take the call-site CFG element,
// and it should contain (but right now it wouldn't) some sort of
// construction context that'd give us the right temporary expression.
CallOpts.IsTemporaryCtorOrDtor = true;
return MRMgr.getCXXTempObjectRegion(CE, LCtx);
} else if (isa<CXXBindTemporaryExpr>(TriggerStmt)) {
CallOpts.IsTemporaryCtorOrDtor = true;
return MRMgr.getCXXTempObjectRegion(CE, LCtx);
} }
// TODO: Consider other directly initialized elements. case ConstructionContext::ConstructorInitializerKind: {
} else if (const CXXCtorInitializer *Init = CC->getTriggerInit()) { const auto *ICC = cast<ConstructorInitializerConstructionContext>(CC);
const auto *Init = ICC->getCXXCtorInitializer();
assert(Init->isAnyMemberInitializer()); assert(Init->isAnyMemberInitializer());
const CXXMethodDecl *CurCtor = cast<CXXMethodDecl>(LCtx->getDecl()); const CXXMethodDecl *CurCtor = cast<CXXMethodDecl>(LCtx->getDecl());
Loc ThisPtr = Loc ThisPtr =
getSValBuilder().getCXXThis(CurCtor, LCtx->getCurrentStackFrame()); getSValBuilder().getCXXThis(CurCtor, LCtx->getCurrentStackFrame());
SVal ThisVal = State->getSVal(ThisPtr); SVal ThisVal = State->getSVal(ThisPtr);
const ValueDecl *Field; const ValueDecl *Field;
SVal FieldVal; SVal FieldVal;
if (Init->isIndirectMemberInitializer()) { if (Init->isIndirectMemberInitializer()) {
Field = Init->getIndirectMember(); Field = Init->getIndirectMember();
FieldVal = State->getLValue(Init->getIndirectMember(), ThisVal); FieldVal = State->getLValue(Init->getIndirectMember(), ThisVal);
} else { } else {
Field = Init->getMember(); Field = Init->getMember();
FieldVal = State->getLValue(Init->getMember(), ThisVal); FieldVal = State->getLValue(Init->getMember(), ThisVal);
} }
QualType Ty = Field->getType(); QualType Ty = Field->getType();
FieldVal = makeZeroElementRegion(State, FieldVal, Ty, FieldVal = makeZeroElementRegion(State, FieldVal, Ty,
CallOpts.IsArrayCtorOrDtor); CallOpts.IsArrayCtorOrDtor);
return FieldVal.getAsRegion(); return FieldVal.getAsRegion();
} }
case ConstructionContext::NewAllocatedObjectKind: {
// FIXME: This will eventually need to handle new-expressions as well. if (AMgr.getAnalyzerOptions().mayInlineCXXAllocator()) {
// Don't forget to update the pre-constructor initialization code in const auto *NECC = cast<NewAllocatedObjectConstructionContext>(CC);
// ExprEngine::VisitCXXConstructExpr. const auto *NE = NECC->getCXXNewExpr();
// TODO: Detect when the allocator returns a null pointer.
// Constructor shall not be called in this case.
if (const SubRegion *MR = dyn_cast_or_null<SubRegion>(
getCXXNewAllocatorValue(State, NE, LCtx).getAsRegion())) {
if (NE->isArray()) {
// TODO: In fact, we need to call the constructor for every
// allocated element, not just the first one!
CallOpts.IsArrayCtorOrDtor = true;
return getStoreManager().GetElementZeroRegion(
MR, NE->getType()->getPointeeType());
}
return MR;
}
}
break;
}
case ConstructionContext::TemporaryObjectKind: {
// TODO: Support temporaries lifetime-extended via static references.
// They'd need a getCXXStaticTempObjectRegion().
CallOpts.IsTemporaryCtorOrDtor = true;
return MRMgr.getCXXTempObjectRegion(CE, LCtx);
}
case ConstructionContext::ReturnedValueKind: {
// TODO: We should construct into a CXXBindTemporaryExpr or a
// MaterializeTemporaryExpr around the call-expression on the previous
// stack frame. Currently we re-bind the temporary to the correct region
// later, but that's not semantically correct. This of course does not
// apply when we're in the top frame. But if we are in an inlined
// function, we should be able to take the call-site CFG element,
// and it should contain (but right now it wouldn't) some sort of
// construction context that'd give us the right temporary expression.
CallOpts.IsTemporaryCtorOrDtor = true;
return MRMgr.getCXXTempObjectRegion(CE, LCtx);
}
}
} }
// If we couldn't find an existing region to construct into, assume we're // If we couldn't find an existing region to construct into, assume we're
// constructing a temporary. Notify the caller of our failure. // constructing a temporary. Notify the caller of our failure.
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true; CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
return MRMgr.getCXXTempObjectRegion(CE, LCtx); return MRMgr.getCXXTempObjectRegion(CE, LCtx);
} }
const CXXConstructExpr * const CXXConstructExpr *
Show All 34 Linesvoid ExprEngine::VisitCXXConstructExpr(const CXXConstructExpr *CE,
const MemRegion *Target = nullptr; const MemRegion *Target = nullptr;
// FIXME: Handle arrays, which run the same constructor for every element. // FIXME: Handle arrays, which run the same constructor for every element.
// For now, we just run the first constructor (which should still invalidate // For now, we just run the first constructor (which should still invalidate
// the entire array). // the entire array).
EvalCallOptions CallOpts; EvalCallOptions CallOpts;
auto C = getCurrentCFGElement().getAs<CFGConstructor>(); auto C = getCurrentCFGElement().getAs<CFGConstructor>();
assert(C || getCurrentCFGElement().getAs<CFGStmt>());
const ConstructionContext *CC = C ? C->getConstructionContext() : nullptr; const ConstructionContext *CC = C ? C->getConstructionContext() : nullptr;
const CXXBindTemporaryExpr *BTE = nullptr; const CXXBindTemporaryExpr *BTE = nullptr;
const MaterializeTemporaryExpr *MTE = nullptr; const MaterializeTemporaryExpr *MTE = nullptr;
switch (CE->getConstructionKind()) { switch (CE->getConstructionKind()) {
case CXXConstructExpr::CK_Complete: { case CXXConstructExpr::CK_Complete: {
Target = getRegionForConstructedObject(CE, Pred, CC, CallOpts); Target = getRegionForConstructedObject(CE, Pred, CC, CallOpts);
if (CC && AMgr.getAnalyzerOptions().includeTemporaryDtorsInCFG() &&
!CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion && // In case of temporary object construction, extract data necessary for
CallOpts.IsTemporaryCtorOrDtor) { // destruction and lifetime extension.
MTE = CC->getMaterializedTemporary(); if (const auto *TCC =
if (!MTE || MTE->getStorageDuration() == SD_FullExpression) { dyn_cast_or_null<TemporaryObjectConstructionContext>(CC)) {
assert(CallOpts.IsTemporaryCtorOrDtor);
assert(!CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion);
if (AMgr.getAnalyzerOptions().includeTemporaryDtorsInCFG()) {
BTE = TCC->getCXXBindTemporaryExpr();
MTE = TCC->getMaterializedTemporaryExpr();
if (!BTE) {
// FIXME: lifetime extension for temporaries without destructors
// is not implemented yet.
MTE = nullptr;
}
if (MTE && MTE->getStorageDuration() != SD_FullExpression) {
// If the temporary is lifetime-extended, don't save the BTE, // If the temporary is lifetime-extended, don't save the BTE,
// because we don't need a temporary destructor, but an automatic // because we don't need a temporary destructor, but an automatic
// destructor. The cast may fail because it may as well be a ReturnStmt. // destructor.
BTE = dyn_cast<CXXBindTemporaryExpr>(CC->getTriggerStmt()); BTE = nullptr;
}
} }
} }
break; break;
} }
case CXXConstructExpr::CK_VirtualBase: case CXXConstructExpr::CK_VirtualBase:
// Make sure we are not calling virtual base class initializers twice. // Make sure we are not calling virtual base class initializers twice.
// Only the most-derived object should initialize virtual base classes. // Only the most-derived object should initialize virtual base classes.
if (const Stmt *Outer = LCtx->getCurrentStackFrame()->getCallSite()) { if (const Stmt *Outer = LCtx->getCurrentStackFrame()->getCallSite()) {
▲ Show 20 LinesShow All 472 LinesShow Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp

Show All 10 Lines
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
#include "PrettyStackTraceLocationContext.h" #include "PrettyStackTraceLocationContext.h"
#include "clang/AST/CXXInheritance.h" #include "clang/AST/CXXInheritance.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
#include "clang/Analysis/Analyses/LiveVariables.h" #include "clang/Analysis/Analyses/LiveVariables.h"
#include "clang/Analysis/ConstructionContext.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "llvm/ADT/SmallSet.h" #include "llvm/ADT/SmallSet.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/Support/SaveAndRestore.h" #include "llvm/Support/SaveAndRestore.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
▲ Show 20 LinesShow All 603 Lines▼ Show 20 LinesExprEngine::mayInlineCallKind(const CallEvent &Call, const ExplodedNode *Pred,
case CE_CXXConstructor: { case CE_CXXConstructor: {
if (!Opts.mayInlineCXXMemberFunction(CIMK_Constructors)) if (!Opts.mayInlineCXXMemberFunction(CIMK_Constructors))
return CIP_DisallowedAlways; return CIP_DisallowedAlways;
const CXXConstructorCall &Ctor = cast<CXXConstructorCall>(Call); const CXXConstructorCall &Ctor = cast<CXXConstructorCall>(Call);
const CXXConstructExpr *CtorExpr = Ctor.getOriginExpr(); const CXXConstructExpr *CtorExpr = Ctor.getOriginExpr();
auto CC = getCurrentCFGElement().getAs<CFGConstructor>(); auto CCE = getCurrentCFGElement().getAs<CFGConstructor>();
const Stmt *ParentExpr = CC ? CC->getTriggerStmt() : nullptr; const ConstructionContext *CC = CCE ? CCE->getConstructionContext()
: nullptr;
if (ParentExpr && isa<CXXNewExpr>(ParentExpr) && if (CC && isa<NewAllocatedObjectConstructionContext>(CC) &&
!Opts.mayInlineCXXAllocator()) !Opts.mayInlineCXXAllocator())
return CIP_DisallowedOnce; return CIP_DisallowedOnce;
// FIXME: We don't handle constructors or destructors for arrays properly. // FIXME: We don't handle constructors or destructors for arrays properly.
// Even once we do, we still need to be careful about implicitly-generated // Even once we do, we still need to be careful about implicitly-generated
// initializers for array fields in default move/copy constructors. // initializers for array fields in default move/copy constructors.
// We still allow construction into ElementRegion targets when they don't // We still allow construction into ElementRegion targets when they don't
// represent array elements. // represent array elements.
▲ Show 20 LinesShow All 388 LinesShow Last 20 Lines