This is an archive of the discontinued LLVM Phabricator instance.

Differential D44238

[CFG] Fix automatic destructors when a member is bound to a reference.
ClosedPublic

Authored by NoQ on Mar 7 2018, 5:24 PM.

Details

Reviewers
rsmith
doug.gregor
dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
rjmccall
Commits
rGa25809fb746e: [CFG] Fix automatic destructors when a member is bound to a reference.
rL333941: [CFG] Fix automatic destructors when a member is bound to a reference.
rC333941: [CFG] Fix automatic destructors when a member is bound to a reference.
Summary

In code like

const int &x = A().x;

the destructor for A() was not present in the CFG due to two problems in the pattern-matching in getReferenceInitTemporaryType():

  1. The no-op cast from T to const T is not necessarily performed on a record type. It may be performed on essentially any type. In the current example, it is performed on an xvalue of type int in order to turn it into a const int.
  2. Since rC288563 member access is no longer performed over rvalues, but goes after the MaterializeTemporaryExpr instead.

This is not an analyzer-specific change. It may add/remove compiler warnings, but i don't think it makes any sense to hide this behind an analyzer-specific flag.

Diff Detail

Repository
rC Clang

Event Timeline

NoQ created this revision.Mar 7 2018, 5:24 PM
Herald added subscribers: cfe-commits, rnkovacs. · View Herald TranscriptMar 7 2018, 5:24 PM
NoQ mentioned this in D44239: [analyzer] Re-enable constructor inlining when lifetime extension through fields occurs..Mar 7 2018, 5:35 PM
NoQ added a child revision: D44239: [analyzer] Re-enable constructor inlining when lifetime extension through fields occurs..
george.karpenkov added a reviewer: rjmccall.Mar 30 2018, 10:51 AM
rjmccall added a comment.Mar 30 2018, 8:28 PM

Seems fine to me, but you might want someone with analyzer experience to review.

rsmith added inline comments.Mar 31 2018, 4:51 PM
lib/Analysis/CFG.cpp
1495–1496

Can you replace this with Expr::skipRValueSubobjectAdjustments? That's how we compute this elsewhere. (You'll need to skip a top-level ExprWithCleanups and check for the search terminating in a MaterializeTemporaryExpr yourself, but this will reduce duplication and fix a couple more cases this function is getting wrong).

NoQ added inline comments.Apr 4 2018, 11:39 AM
lib/Analysis/CFG.cpp
1495–1496

Hmm, right, ok, yeah. I'm in no rush with this one, so i'll spend some time trying to understand what rvalue adjustments do we still have after rC288563.

rsmith added inline comments.Apr 4 2018, 2:26 PM
lib/Analysis/CFG.cpp
1495–1496

We still have to deal with rvalue adjustments in C++98 compilations, because we don't create xvalue MaterializeTemporaryExpr nodes there (because C++98 doesn't have xvalues). I think if/when we carry out the plan to remove CXXBindTemporaryExpr, skipping rvalue adjustments will only be interesting to the code that performs lifetime extension, and everything else can just deal with the MaterializeTemporaryExpr nodes. But for now, you'll need to skip rvalue adjustments if you want to handle our C++98 ASTs.

As a quick example, take:

struct A { int n; };
const int &r = A().*&A::n;

... which produces this AST in C++11 onwards:

`-VarDecl 0xc2681f0 <col:22, col:46> col:33 r 'const int &' cinit
  `-ExprWithCleanups 0xc268b28 <col:37, col:46> 'const int' xvalue
    `-ImplicitCastExpr 0xc2689f0 <col:37, col:46> 'const int' xvalue <NoOp>
      `-BinaryOperator 0xc2689c8 <col:37, col:46> 'int' xvalue '.*'
        |-MaterializeTemporaryExpr 0xc2689b0 <col:37, col:39> 'A' xvalue extended by Var 0xc2681f0 'r' 'const int &'
        | `-CXXTemporaryObjectExpr 0xc2687b0 <col:37, col:39> 'A' 'void () noexcept' zeroing
        `-UnaryOperator 0xc268990 <col:42, col:46> 'int A::*' prefix '&' cannot overflow
          `-DeclRefExpr 0xc268928 <col:43, col:46> 'int' lvalue Field 0xc268148 'n' 'int'

... but produces this in C++98 mode (which I think this function will mishandle because it doesn't know how to look through the binary .* operator):

`-VarDecl 0xcd61c90 <col:22, col:46> col:33 r 'const int &' cinit
  `-ExprWithCleanups 0xcd62398 <col:37, col:46> 'const int' lvalue
    `-MaterializeTemporaryExpr 0xcd622a8 <col:37, col:46> 'const int' lvalue extended by Var 0xcd61c90 'r' 'const int &'
      `-BinaryOperator 0xcd62280 <col:37, col:46> 'int' '.*'
        |-CXXTemporaryObjectExpr 0xcd62080 <col:37, col:39> 'A' 'void () throw()' zeroing
        `-UnaryOperator 0xcd62260 <col:42, col:46> 'int A::*' prefix '&' cannot overflow
          `-DeclRefExpr 0xcd621f8 <col:43, col:46> 'int' lvalue Field 0xcd61be8 'n' 'int'
NoQ added inline comments.Apr 4 2018, 4:21 PM
lib/Analysis/CFG.cpp
1495–1496

Aha, yay, thanks, i'll add this one, and also it seems that CFG and Analyzer C++ tests need way more different -std= run-lines :)

NoQ mentioned this in D46037: [analyzer] pr37166, pr37139: Disable constructor inlining when lifetime extension through aggregate initialization occurs..Apr 24 2018, 6:20 PM
NoQ updated this revision to Diff 147635.May 18 2018, 6:57 PM

Switch to skipRValueSubobjectAdjustments. Yup, that's much better.

Add FIXME tests for lifetime extension through non-references that are still not working - that correspond to a nearby FIXME in the code. I'm not planning to fix them immediately, but it's nice to know what else isn't working in this realm.

NoQ marked an inline comment as done.May 18 2018, 6:58 PM
george.karpenkov accepted this revision.May 30 2018, 4:52 PM

I'm not an expert in CFG construction, but looks good to me.

This revision is now accepted and ready to land.May 30 2018, 4:52 PM
Closed by commit rC333941: [CFG] Fix automatic destructors when a member is bound to a reference. (authored by NoQ). · Explain WhyJun 4 2018, 12:00 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
Analysis/
62 lines
test/
Analysis/
295 lines

Diff 149822

lib/Analysis/CFG.cpp

Show First 20 LinesShow All 1,486 Lines▼ Show 20 Lines if (Init) {
} }
return Visit(Init); return Visit(Init);
} }
return Block; return Block;
} }
/// Retrieve the type of the temporary object whose lifetime was /// Retrieve the type of the temporary object whose lifetime was
/// extended by a local reference with the given initializer. /// extended by a local reference with the given initializer.
static QualType getReferenceInitTemporaryType(ASTContext &Context, static QualType getReferenceInitTemporaryType(const Expr *Init,
rsmithUnsubmitted
Done
ReplyInline Actions

Can you replace this with Expr::skipRValueSubobjectAdjustments? That's how we compute this elsewhere. (You'll need to skip a top-level ExprWithCleanups and check for the search terminating in a MaterializeTemporaryExpr yourself, but this will reduce duplication and fix a couple more cases this function is getting wrong).

rsmith: Can you replace this with `Expr::skipRValueSubobjectAdjustments`? That's how we compute this…
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

Hmm, right, ok, yeah. I'm in no rush with this one, so i'll spend some time trying to understand what rvalue adjustments do we still have after rC288563.

NoQ: Hmm, right, ok, yeah. I'm in no rush with this one, so i'll spend some time trying to…
rsmithUnsubmitted
Not Done
ReplyInline Actions

We still have to deal with rvalue adjustments in C++98 compilations, because we don't create xvalue MaterializeTemporaryExpr nodes there (because C++98 doesn't have xvalues). I think if/when we carry out the plan to remove CXXBindTemporaryExpr, skipping rvalue adjustments will only be interesting to the code that performs lifetime extension, and everything else can just deal with the MaterializeTemporaryExpr nodes. But for now, you'll need to skip rvalue adjustments if you want to handle our C++98 ASTs.

As a quick example, take:

struct A { int n; };
const int &r = A().*&A::n;

... which produces this AST in C++11 onwards:

`-VarDecl 0xc2681f0 <col:22, col:46> col:33 r 'const int &' cinit
  `-ExprWithCleanups 0xc268b28 <col:37, col:46> 'const int' xvalue
    `-ImplicitCastExpr 0xc2689f0 <col:37, col:46> 'const int' xvalue <NoOp>
      `-BinaryOperator 0xc2689c8 <col:37, col:46> 'int' xvalue '.*'
        |-MaterializeTemporaryExpr 0xc2689b0 <col:37, col:39> 'A' xvalue extended by Var 0xc2681f0 'r' 'const int &'
        | `-CXXTemporaryObjectExpr 0xc2687b0 <col:37, col:39> 'A' 'void () noexcept' zeroing
        `-UnaryOperator 0xc268990 <col:42, col:46> 'int A::*' prefix '&' cannot overflow
          `-DeclRefExpr 0xc268928 <col:43, col:46> 'int' lvalue Field 0xc268148 'n' 'int'

... but produces this in C++98 mode (which I think this function will mishandle because it doesn't know how to look through the binary .* operator):

`-VarDecl 0xcd61c90 <col:22, col:46> col:33 r 'const int &' cinit
  `-ExprWithCleanups 0xcd62398 <col:37, col:46> 'const int' lvalue
    `-MaterializeTemporaryExpr 0xcd622a8 <col:37, col:46> 'const int' lvalue extended by Var 0xcd61c90 'r' 'const int &'
      `-BinaryOperator 0xcd62280 <col:37, col:46> 'int' '.*'
        |-CXXTemporaryObjectExpr 0xcd62080 <col:37, col:39> 'A' 'void () throw()' zeroing
        `-UnaryOperator 0xcd62260 <col:42, col:46> 'int A::*' prefix '&' cannot overflow
          `-DeclRefExpr 0xcd621f8 <col:43, col:46> 'int' lvalue Field 0xcd61be8 'n' 'int'
rsmith: We still have to deal with rvalue adjustments in C++98 compilations, because we don't create…
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

Aha, yay, thanks, i'll add this one, and also it seems that CFG and Analyzer C++ tests need way more different -std= run-lines :)

NoQ: Aha, yay, thanks, i'll add this one, and also it seems that CFG and Analyzer C++ tests need way…
const Expr *Init,
bool *FoundMTE = nullptr) { bool *FoundMTE = nullptr) {
while (true) { while (true) {
// Skip parentheses. // Skip parentheses.
Init = Init->IgnoreParens(); Init = Init->IgnoreParens();
// Skip through cleanups. // Skip through cleanups.
if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) {
Init = EWC->getSubExpr(); Init = EWC->getSubExpr();
continue; continue;
} }
// Skip through the temporary-materialization expression. // Skip through the temporary-materialization expression.
if (const MaterializeTemporaryExpr *MTE if (const MaterializeTemporaryExpr *MTE
= dyn_cast<MaterializeTemporaryExpr>(Init)) { = dyn_cast<MaterializeTemporaryExpr>(Init)) {
Init = MTE->GetTemporaryExpr(); Init = MTE->GetTemporaryExpr();
if (FoundMTE) if (FoundMTE)
*FoundMTE = true; *FoundMTE = true;
continue; continue;
} }
// Skip derived-to-base and no-op casts. // Skip sub-object accesses into rvalues.
if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { SmallVector<const Expr *, 2> CommaLHSs;
if ((CE->getCastKind() == CK_DerivedToBase || SmallVector<SubobjectAdjustment, 2> Adjustments;
CE->getCastKind() == CK_UncheckedDerivedToBase || const Expr *SkippedInit =
CE->getCastKind() == CK_NoOp) && Init->skipRValueSubobjectAdjustments(CommaLHSs, Adjustments);
Init->getType()->isRecordType()) { if (SkippedInit != Init) {
Init = CE->getSubExpr(); Init = SkippedInit;
continue;
}
}
// Skip member accesses into rvalues.
if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) {
if (!ME->isArrow() && ME->getBase()->isRValue()) {
Init = ME->getBase();
continue; continue;
} }
}
break; break;
} }
return Init->getType(); return Init->getType();
} }
// TODO: Support adding LoopExit element to the CFG in case where the loop is // TODO: Support adding LoopExit element to the CFG in case where the loop is
// ended by ReturnStmt, GotoStmt or ThrowExpr. // ended by ReturnStmt, GotoStmt or ThrowExpr.
▲ Show 20 LinesShow All 132 Lines▼ Show 20 Lines if (hasTrivialDestructor(*I)) {
} }
continue; continue;
} }
// If this destructor is marked as a no-return destructor, we need to // If this destructor is marked as a no-return destructor, we need to
// create a new block for the destructor which does not have as a successor // create a new block for the destructor which does not have as a successor
// anything built thus far: control won't flow out of this block. // anything built thus far: control won't flow out of this block.
QualType Ty = (*I)->getType(); QualType Ty = (*I)->getType();
if (Ty->isReferenceType()) { if (Ty->isReferenceType()) {
Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); Ty = getReferenceInitTemporaryType((*I)->getInit());
} }
Ty = Context->getBaseElementType(Ty); Ty = Context->getBaseElementType(Ty);
if (Ty->getAsCXXRecordDecl()->isAnyDestructorNoReturn()) if (Ty->getAsCXXRecordDecl()->isAnyDestructorNoReturn())
Block = createNoReturnBlock(); Block = createNoReturnBlock();
else else
autoCreateBlock(); autoCreateBlock();
▲ Show 20 LinesShow All 96 Lines▼ Show 20 Lines for (auto *DI : DS->decls())
if (VarDecl *VD = dyn_cast<VarDecl>(DI)) if (VarDecl *VD = dyn_cast<VarDecl>(DI))
Scope = addLocalScopeForVarDecl(VD, Scope); Scope = addLocalScopeForVarDecl(VD, Scope);
return Scope; return Scope;
} }
bool CFGBuilder::hasTrivialDestructor(VarDecl *VD) { bool CFGBuilder::hasTrivialDestructor(VarDecl *VD) {
// Check for const references bound to temporary. Set type to pointee. // Check for const references bound to temporary. Set type to pointee.
QualType QT = VD->getType(); QualType QT = VD->getType();
if (QT.getTypePtr()->isReferenceType()) { if (QT->isReferenceType()) {
// Attempt to determine whether this declaration lifetime-extends a // Attempt to determine whether this declaration lifetime-extends a
// temporary. // temporary.
// //
// FIXME: This is incorrect. Non-reference declarations can lifetime-extend // FIXME: This is incorrect. Non-reference declarations can lifetime-extend
// temporaries, and a single declaration can extend multiple temporaries. // temporaries, and a single declaration can extend multiple temporaries.
// We should look at the storage duration on each nested // We should look at the storage duration on each nested
// MaterializeTemporaryExpr instead. // MaterializeTemporaryExpr instead.
const Expr *Init = VD->getInit(); const Expr *Init = VD->getInit();
if (!Init) if (!Init) {
// Probably an exception catch-by-reference variable.
// FIXME: It doesn't really mean that the object has a trivial destructor.
// Also are there other cases?
return true; return true;
}
// Lifetime-extending a temporary. // Lifetime-extending a temporary?
bool FoundMTE = false; bool FoundMTE = false;
QT = getReferenceInitTemporaryType(*Context, Init, &FoundMTE); QT = getReferenceInitTemporaryType(Init, &FoundMTE);
if (!FoundMTE) if (!FoundMTE)
return true; return true;
} }
// Check for constant size array. Set type to array element type. // Check for constant size array. Set type to array element type.
while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) {
if (AT->getSize() == 0) if (AT->getSize() == 0)
return true; return true;
▲ Show 20 LinesShow All 2,769 Lines▼ Show 20 Lines case CFGElement::AutomaticObjectDtor: {
QualType ty = var->getType(); QualType ty = var->getType();
// FIXME: See CFGBuilder::addLocalScopeForVarDecl. // FIXME: See CFGBuilder::addLocalScopeForVarDecl.
// //
// Lifetime-extending constructs are handled here. This works for a single // Lifetime-extending constructs are handled here. This works for a single
// temporary in an initializer expression. // temporary in an initializer expression.
if (ty->isReferenceType()) { if (ty->isReferenceType()) {
if (const Expr *Init = var->getInit()) { if (const Expr *Init = var->getInit()) {
ty = getReferenceInitTemporaryType(astContext, Init); ty = getReferenceInitTemporaryType(Init);
} }
} }
while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) { while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) {
ty = arrayType->getElementType(); ty = arrayType->getElementType();
} }
const RecordType *recordType = ty->getAs<RecordType>(); const RecordType *recordType = ty->getAs<RecordType>();
const CXXRecordDecl *classDecl = const CXXRecordDecl *classDecl =
▲ Show 20 LinesShow All 448 Lines▼ Show 20 Linesstatic void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper,
} else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) { } else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) {
print_initializer(OS, Helper, IE->getInitializer()); print_initializer(OS, Helper, IE->getInitializer());
OS << '\n'; OS << '\n';
} else if (Optional<CFGAutomaticObjDtor> DE = } else if (Optional<CFGAutomaticObjDtor> DE =
E.getAs<CFGAutomaticObjDtor>()) { E.getAs<CFGAutomaticObjDtor>()) {
const VarDecl *VD = DE->getVarDecl(); const VarDecl *VD = DE->getVarDecl();
Helper.handleDecl(VD, OS); Helper.handleDecl(VD, OS);
const Type* T = VD->getType().getTypePtr(); ASTContext &ACtx = VD->getASTContext();
if (const ReferenceType* RT = T->getAs<ReferenceType>()) QualType T = VD->getType();
T = RT->getPointeeType().getTypePtr(); if (T->isReferenceType())
T = T->getBaseElementTypeUnsafe(); T = getReferenceInitTemporaryType(VD->getInit(), nullptr);
if (const ArrayType *AT = ACtx.getAsArrayType(T))
T = ACtx.getBaseElementType(AT);
OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()"; OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()";
OS << " (Implicit destructor)\n"; OS << " (Implicit destructor)\n";
} else if (Optional<CFGLifetimeEnds> DE = E.getAs<CFGLifetimeEnds>()) { } else if (Optional<CFGLifetimeEnds> DE = E.getAs<CFGLifetimeEnds>()) {
const VarDecl *VD = DE->getVarDecl(); const VarDecl *VD = DE->getVarDecl();
Helper.handleDecl(VD, OS); Helper.handleDecl(VD, OS);
OS << " (Lifetime ends)\n"; OS << " (Lifetime ends)\n";
▲ Show 20 LinesShow All 390 LinesShow Last 20 Lines

test/Analysis/auto-obj-dtors-cfg-output.cpp

// RUN: %clang_analyze_cc1 -fcxx-exceptions -fexceptions -analyzer-checker=debug.DumpCFG -analyzer-config cfg-rich-constructors=false %s > %t 2>&1 // RUN: %clang_analyze_cc1 -std=c++98 -fcxx-exceptions -fexceptions -analyzer-checker=debug.DumpCFG -analyzer-config cfg-rich-constructors=false %s > %t 2>&1
// RUN: FileCheck --input-file=%t -check-prefixes=CHECK,WARNINGS %s // RUN: FileCheck --input-file=%t -check-prefixes=CHECK,CXX98,WARNINGS,CXX98-WARNINGS %s
// RUN: %clang_analyze_cc1 -fcxx-exceptions -fexceptions -analyzer-checker=debug.DumpCFG -analyzer-config cfg-rich-constructors=true %s > %t 2>&1 // RUN: %clang_analyze_cc1 -std=c++98 -fcxx-exceptions -fexceptions -analyzer-checker=debug.DumpCFG -analyzer-config cfg-rich-constructors=true %s > %t 2>&1
// RUN: FileCheck --input-file=%t -check-prefixes=CHECK,ANALYZER %s // RUN: FileCheck --input-file=%t -check-prefixes=CHECK,CXX98,ANALYZER,CXX98-ANALYZER %s
// RUN: %clang_analyze_cc1 -std=c++11 -fcxx-exceptions -fexceptions -analyzer-checker=debug.DumpCFG -analyzer-config cfg-rich-constructors=false %s > %t 2>&1
// RUN: FileCheck --input-file=%t -check-prefixes=CHECK,CXX11,WARNINGS,CXX11-WARNINGS %s
// RUN: %clang_analyze_cc1 -std=c++11 -fcxx-exceptions -fexceptions -analyzer-checker=debug.DumpCFG -analyzer-config cfg-rich-constructors=true %s > %t 2>&1
// RUN: FileCheck --input-file=%t -check-prefixes=CHECK,CXX11,ANALYZER,CXX11-ANALYZER %s
// This file tests how we construct two different flavors of the Clang CFG - // This file tests how we construct two different flavors of the Clang CFG -
// the CFG used by the Sema analysis-based warnings and the CFG used by the // the CFG used by the Sema analysis-based warnings and the CFG used by the
// static analyzer. The difference in the behavior is checked via FileCheck // static analyzer. The difference in the behavior is checked via FileCheck
// prefixes (WARNINGS and ANALYZER respectively). When introducing new analyzer // prefixes (WARNINGS and ANALYZER respectively). When introducing new analyzer
// flags, no new run lines should be added - just these flags would go to the // flags, no new run lines should be added - just these flags would go to the
// respective line depending on where is it turned on and where is it turned // respective line depending on where is it turned on and where is it turned
// off. Feel free to add tests that test only one of the CFG flavors if you're // off. Feel free to add tests that test only one of the CFG flavors if you're
// not sure how the other flavor is supposed to work in your case. // not sure how the other flavor is supposed to work in your case.
class A { class A {
public: public:
int x;
// CHECK: [B1 (ENTRY)] // CHECK: [B1 (ENTRY)]
// CHECK-NEXT: Succs (1): B0 // CHECK-NEXT: Succs (1): B0
// CHECK: [B0 (EXIT)] // CHECK: [B0 (EXIT)]
// CHECK-NEXT: Preds (1): B1 // CHECK-NEXT: Preds (1): B1
A() {} A() {}
// CHECK: [B1 (ENTRY)] // CHECK: [B1 (ENTRY)]
// CHECK-NEXT: Succs (1): B0 // CHECK-NEXT: Succs (1): B0
Show All 40 Linesvoid test_const_ref() {
A a; A a;
const A& b = a; const A& b = a;
const A& c = A(); const A& c = A();
} }
// CHECK: [B2 (ENTRY)] // CHECK: [B2 (ENTRY)]
// CHECK-NEXT: Succs (1): B1 // CHECK-NEXT: Succs (1): B1
// CHECK: [B1] // CHECK: [B1]
// WARNINGS-NEXT: 1: A() (CXXConstructExpr, class A)
// CXX98-ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], class A)
// CXX11-ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], [B1.3], class A)
// CHECK-NEXT: 2: [B1.1] (BindTemporary)
// CXX98-NEXT: 3: [B1.2].x
// CXX98-NEXT: 4: [B1.3]
// CXX98-NEXT: 5: const int &x = A().x;
// CXX98-NEXT: 6: [B1.5].~A() (Implicit destructor)
// CXX11-NEXT: 3: [B1.2]
// CXX11-NEXT: 4: [B1.3].x
// CXX11-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const int)
// CXX11-NEXT: 6: const int &x = A().x;
// CXX11-NEXT: 7: [B1.6].~A() (Implicit destructor)
// CHECK-NEXT: Preds (1): B2
// CHECK-NEXT: Succs (1): B0
// CHECK: [B0 (EXIT)]
// CHECK-NEXT: Preds (1): B1
void test_const_ref_to_field() {
const int &x = A().x;
}
// CHECK: [B2 (ENTRY)]
// CHECK-NEXT: Succs (1): B1
// CHECK: [B1]
// WARNINGS-NEXT: 1: A() (CXXConstructExpr, class A)
// CXX98-ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], class A)
// CXX11-ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], [B1.3], class A)
// CHECK-NEXT: 2: [B1.1] (BindTemporary)
// CXX98-NEXT: 3: A::x
// CXX98-NEXT: 4: &[B1.3]
// CXX98-NEXT: 5: [B1.2] .* [B1.4]
// CXX98-NEXT: 6: [B1.5]
// CXX98-NEXT: 7: const int &x = A() .* &A::x;
// CXX98-NEXT: 8: [B1.7].~A() (Implicit destructor)
// CXX11-NEXT: 3: [B1.2]
// CXX11-NEXT: 4: A::x
// CXX11-NEXT: 5: &[B1.4]
// CXX11-NEXT: 6: [B1.3] .* [B1.5]
// CXX11-NEXT: 7: [B1.6] (ImplicitCastExpr, NoOp, const int)
// CXX11-NEXT: 8: const int &x = A() .* &A::x;
// CXX11-NEXT: 9: [B1.8].~A() (Implicit destructor)
// CHECK-NEXT: Preds (1): B2
// CHECK-NEXT: Succs (1): B0
// CHECK: [B0 (EXIT)]
// CHECK-NEXT: Preds (1): B1
void test_pointer_to_member() {
const int &x = A().*&A::x;
}
// FIXME: There should be automatic destructors at the end of scope.
// CHECK: [B2 (ENTRY)]
// CHECK-NEXT: Succs (1): B1
// CHECK: [B1]
// WARNINGS-NEXT: 1: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], [B1.4], class A)
// CHECK-NEXT: 2: [B1.1] (BindTemporary)
// CHECK-NEXT: 3: [B1.2] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 4: [B1.3]
// CHECK-NEXT: 5: {[B1.4]}
// CHECK-NEXT: 6: B b = {A()};
// WARNINGS-NEXT: 7: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 7: A() (CXXConstructExpr, [B1.8], [B1.10], class A)
// CHECK-NEXT: 8: [B1.7] (BindTemporary)
// CHECK-NEXT: 9: [B1.8] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 10: [B1.9]
// CHECK-NEXT: 11: {[B1.10]}
// WARNINGS-NEXT: 12: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 12: A() (CXXConstructExpr, [B1.13], [B1.15], class A)
// CHECK-NEXT: 13: [B1.12] (BindTemporary)
// CHECK-NEXT: 14: [B1.13] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 15: [B1.14]
// CHECK-NEXT: 16: {[B1.15]}
// CHECK-NEXT: 17: {[B1.10], [B1.15]}
// CHECK-NEXT: 18: B bb[2] = {A(), A()};
// CHECK-NEXT: Preds (1): B2
// CHECK-NEXT: Succs (1): B0
// CHECK: [B0 (EXIT)]
// CHECK-NEXT: Preds (1): B1
void test_aggregate_lifetime_extension() {
struct B {
const A &x;
};
B b = {A()};
B bb[2] = {A(), A()};
}
// In C++98 such class 'C' will not be an aggregate.
#if __cplusplus >= 201103L
// FIXME: There should be automatic destructors at the end of the scope.
// CXX11: [B2 (ENTRY)]
// CXX11-NEXT: Succs (1): B1
// CXX11: [B1]
// CXX11-WARNINGS-NEXT: 1: A() (CXXConstructExpr, class A)
// CXX11-ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], [B1.4], class A)
// CXX11-NEXT: 2: [B1.1] (BindTemporary)
// CXX11-NEXT: 3: [B1.2] (ImplicitCastExpr, NoOp, const class A)
// CXX11-NEXT: 4: [B1.3]
// CXX11-NEXT: 5: [B1.4] (CXXConstructExpr, const class A)
// CXX11-WARNINGS-NEXT: 6: A() (CXXConstructExpr, class A)
// CXX11-ANALYZER-NEXT: 6: A() (CXXConstructExpr, [B1.7], [B1.9], class A)
// CXX11-NEXT: 7: [B1.6] (BindTemporary)
// CXX11-NEXT: 8: [B1.7] (ImplicitCastExpr, NoOp, const class A)
// CXX11-NEXT: 9: [B1.8]
// CXX11-NEXT: 10: [B1.9] (CXXConstructExpr, const class A)
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CXX11-NEXT: 11: {[B1.2], [B1.7]}
// CXX11-NEXT: 12: [B1.11] (BindTemporary)
// CXX11-NEXT: 13: [B1.12]
// CXX11-NEXT: 14: {[B1.13]}
// Double curly braces trigger regexps, escape as per FileCheck manual.
// CXX11-NEXT: 15: C c = {{[{][{]}}A(), A(){{[}][}]}};
// CXX11-NEXT: 16: ~A() (Temporary object destructor)
// CXX11-NEXT: 17: ~A() (Temporary object destructor)
// CXX11-WARNINGS-NEXT: 18: A() (CXXConstructExpr, class A)
// CXX11-ANALYZER-NEXT: 18: A() (CXXConstructExpr, [B1.19], [B1.21], class A)
// CXX11-NEXT: 19: [B1.18] (BindTemporary)
// CXX11-NEXT: 20: [B1.19] (ImplicitCastExpr, NoOp, const class A)
// CXX11-NEXT: 21: [B1.20]
// CXX11-NEXT: 22: [B1.21] (CXXConstructExpr, const class A)
// CXX11-WARNINGS-NEXT: 23: A() (CXXConstructExpr, class A)
// CXX11-ANALYZER-NEXT: 23: A() (CXXConstructExpr, [B1.24], [B1.26], class A)
// CXX11-NEXT: 24: [B1.23] (BindTemporary)
// CXX11-NEXT: 25: [B1.24] (ImplicitCastExpr, NoOp, const class A)
// CXX11-NEXT: 26: [B1.25]
// CXX11-NEXT: 27: [B1.26] (CXXConstructExpr, const class A)
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CXX11-NEXT: 28: {[B1.19], [B1.24]}
// CXX11-NEXT: 29: [B1.28] (BindTemporary)
// CXX11-NEXT: 30: [B1.29]
// CXX11-NEXT: 31: {[B1.30]}
// CXX11-WARNINGS-NEXT: 32: A() (CXXConstructExpr, class A)
// CXX11-ANALYZER-NEXT: 32: A() (CXXConstructExpr, [B1.33], [B1.35], class A)
// CXX11-NEXT: 33: [B1.32] (BindTemporary)
// CXX11-NEXT: 34: [B1.33] (ImplicitCastExpr, NoOp, const class A)
// CXX11-NEXT: 35: [B1.34]
// CXX11-NEXT: 36: [B1.35] (CXXConstructExpr, const class A)
// CXX11-WARNINGS-NEXT: 37: A() (CXXConstructExpr, class A)
// CXX11-ANALYZER-NEXT: 37: A() (CXXConstructExpr, [B1.38], [B1.40], class A)
// CXX11-NEXT: 38: [B1.37] (BindTemporary)
// CXX11-NEXT: 39: [B1.38] (ImplicitCastExpr, NoOp, const class A)
// CXX11-NEXT: 40: [B1.39]
// CXX11-NEXT: 41: [B1.40] (CXXConstructExpr, const class A)
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CXX11-NEXT: 42: {[B1.33], [B1.38]}
// CXX11-NEXT: 43: [B1.42] (BindTemporary)
// CXX11-NEXT: 44: [B1.43]
// CXX11-NEXT: 45: {[B1.44]}
// Double curly braces trigger regexps, escape as per FileCheck manual.
// CXX11-NEXT: 46: {{[{][{]}}[B1.30]}, {[B1.44]{{[}][}]}}
// Double curly braces trigger regexps, escape as per FileCheck manual.
// CXX11-NEXT: 47: C cc[2] = {{[{][{][{]}}A(), A(){{[}][}]}}, {{[{][{]}}A(), A(){{[}][}][}]}};
// CXX11-NEXT: 48: ~A() (Temporary object destructor)
// CXX11-NEXT: 49: ~A() (Temporary object destructor)
// CXX11-NEXT: 50: ~A() (Temporary object destructor)
// CXX11-NEXT: 51: ~A() (Temporary object destructor)
// CXX11-NEXT: Preds (1): B2
// CXX11-NEXT: Succs (1): B0
// CXX11: [B0 (EXIT)]
// CXX11-NEXT: Preds (1): B1
void test_aggregate_array_lifetime_extension() {
struct C {
const A (&z)[2];
};
// Until C++17 there are elidable copies here, so there should be 9 temporary
// destructors of A()s. There are no destructors of 'c' and 'cc' because this
// aggregate has no destructor. Instead, arrays are lifetime-extended,
// and copies of A()s within them need to be destroyed via automatic
// destructors.
C c = {{A(), A()}};
C cc[2] = {{{A(), A()}}, {{A(), A()}}};
}
#endif
// CHECK: [B2 (ENTRY)]
// CHECK-NEXT: Succs (1): B1
// CHECK: [B1]
// WARNINGS-NEXT: 1: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 1: A() (CXXConstructExpr, [B1.2], [B1.4], class A)
// CHECK-NEXT: 2: [B1.1] (BindTemporary)
// CHECK-NEXT: 3: [B1.2] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 4: [B1.3]
// CHECK-NEXT: 5: [B1.4] (CXXConstructExpr, class A)
// WARNINGS-NEXT: 6: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 6: A() (CXXConstructExpr, [B1.7], [B1.9], class A)
// CHECK-NEXT: 7: [B1.6] (BindTemporary)
// CHECK-NEXT: 8: [B1.7] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 9: [B1.8]
// CHECK-NEXT: 10: [B1.9] (CXXConstructExpr, class A)
// WARNINGS-NEXT: 11: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 11: A() (CXXConstructExpr, [B1.12], [B1.14], class A)
// CHECK-NEXT: 12: [B1.11] (BindTemporary)
// CHECK-NEXT: 13: [B1.12] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 14: [B1.13]
// CHECK-NEXT: 15: [B1.14] (CXXConstructExpr, class A)
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CHECK-NEXT: 16: {[B1.7], [B1.12]}
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CHECK-NEXT: 17: {[B1.2], {[B1.7], [B1.12]}}
// CHECK-NEXT: 18: D d = {A(), {A(), A()}};
// CHECK-NEXT: 19: ~A() (Temporary object destructor)
// CHECK-NEXT: 20: ~A() (Temporary object destructor)
// CHECK-NEXT: 21: ~A() (Temporary object destructor)
// WARNINGS-NEXT: 22: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 22: A() (CXXConstructExpr, [B1.23], [B1.25], class A)
// CHECK-NEXT: 23: [B1.22] (BindTemporary)
// CHECK-NEXT: 24: [B1.23] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 25: [B1.24]
// CHECK-NEXT: 26: [B1.25] (CXXConstructExpr, class A)
// WARNINGS-NEXT: 27: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 27: A() (CXXConstructExpr, [B1.28], [B1.30], class A)
// CHECK-NEXT: 28: [B1.27] (BindTemporary)
// CHECK-NEXT: 29: [B1.28] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 30: [B1.29]
// CHECK-NEXT: 31: [B1.30] (CXXConstructExpr, class A)
// WARNINGS-NEXT: 32: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 32: A() (CXXConstructExpr, [B1.33], [B1.35], class A)
// CHECK-NEXT: 33: [B1.32] (BindTemporary)
// CHECK-NEXT: 34: [B1.33] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 35: [B1.34]
// CHECK-NEXT: 36: [B1.35] (CXXConstructExpr, class A)
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CHECK-NEXT: 37: {[B1.28], [B1.33]}
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CHECK-NEXT: 38: {[B1.23], {[B1.28], [B1.33]}}
// WARNINGS-NEXT: 39: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 39: A() (CXXConstructExpr, [B1.40], [B1.42], class A)
// CHECK-NEXT: 40: [B1.39] (BindTemporary)
// CHECK-NEXT: 41: [B1.40] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 42: [B1.41]
// CHECK-NEXT: 43: [B1.42] (CXXConstructExpr, class A)
// WARNINGS-NEXT: 44: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 44: A() (CXXConstructExpr, [B1.45], [B1.47], class A)
// CHECK-NEXT: 45: [B1.44] (BindTemporary)
// CHECK-NEXT: 46: [B1.45] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 47: [B1.46]
// CHECK-NEXT: 48: [B1.47] (CXXConstructExpr, class A)
// WARNINGS-NEXT: 49: A() (CXXConstructExpr, class A)
// ANALYZER-NEXT: 49: A() (CXXConstructExpr, [B1.50], [B1.52], class A)
// CHECK-NEXT: 50: [B1.49] (BindTemporary)
// CHECK-NEXT: 51: [B1.50] (ImplicitCastExpr, NoOp, const class A)
// CHECK-NEXT: 52: [B1.51]
// CHECK-NEXT: 53: [B1.52] (CXXConstructExpr, class A)
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CHECK-NEXT: 54: {[B1.45], [B1.50]}
// FIXME: Why does it look as if the initializer list consumes uncopied objects?
// CHECK-NEXT: 55: {[B1.40], {[B1.45], [B1.50]}}
// Double curly braces trigger regexps, escape as per FileCheck manual.
// CHECK-NEXT: 56: {{[{][{]}}[B1.23], {[B1.28], [B1.33]{{[}][}]}}, {[B1.40], {[B1.45], [B1.50]{{[}][}][}]}}
// Double curly braces trigger regexps, escape as per FileCheck manual.
// CHECK-NEXT: 57: D dd[2] = {{[{][{]}}A(), {A(), A(){{[}][}]}}, {A(), {A(), A(){{[}][}][}]}};
// CHECK-NEXT: 58: ~A() (Temporary object destructor)
// CHECK-NEXT: 59: ~A() (Temporary object destructor)
// CHECK-NEXT: 60: ~A() (Temporary object destructor)
// CHECK-NEXT: 61: ~A() (Temporary object destructor)
// CHECK-NEXT: 62: ~A() (Temporary object destructor)
// CHECK-NEXT: 63: ~A() (Temporary object destructor)
// CHECK-NEXT: 64: [B1.57].~D() (Implicit destructor)
// CHECK-NEXT: 65: [B1.18].~D() (Implicit destructor)
// CHECK-NEXT: Preds (1): B2
// CHECK-NEXT: Succs (1): B0
// CHECK: [B0 (EXIT)]
// CHECK-NEXT: Preds (1): B1
void test_aggregate_with_nontrivial_own_destructor() {
struct D {
A y;
A w[2];
};
// Until C++17 there are elidable copies here, so there should be 9 temporary
// destructors of A()s. Destructors of 'd' and 'dd' should implicitly
// take care of the copies, so there should not be automatic destructors
// for copies of A()s.
D d = {A(), {A(), A()}};
D dd[2] = {{A(), {A(), A()}}, {A(), {A(), A()}}};
}
// CHECK: [B2 (ENTRY)]
// CHECK-NEXT: Succs (1): B1
// CHECK: [B1]
// WARNINGS-NEXT: 1: (CXXConstructExpr, class A [2]) // WARNINGS-NEXT: 1: (CXXConstructExpr, class A [2])
// ANALYZER-NEXT: 1: (CXXConstructExpr, [B1.2], class A [2]) // ANALYZER-NEXT: 1: (CXXConstructExpr, [B1.2], class A [2])
// CHECK-NEXT: 2: A a[2]; // CHECK-NEXT: 2: A a[2];
// WARNINGS-NEXT: 3: (CXXConstructExpr, class A [0]) // WARNINGS-NEXT: 3: (CXXConstructExpr, class A [0])
// ANALYZER-NEXT: 3: (CXXConstructExpr, [B1.4], class A [0]) // ANALYZER-NEXT: 3: (CXXConstructExpr, [B1.4], class A [0])
// CHECK-NEXT: 4: A b[0]; // CHECK-NEXT: 4: A b[0];
// CHECK-NEXT: 5: [B1.2].~A() (Implicit destructor) // CHECK-NEXT: 5: [B1.2].~A() (Implicit destructor)
// CHECK-NEXT: Preds (1): B2 // CHECK-NEXT: Preds (1): B2
▲ Show 20 LinesShow All 849 LinesShow Last 20 Lines