This is an archive of the discontinued LLVM Phabricator instance.

Differential D48681

[CFG] [analyzer] Add construction contexts for function arguments.
ClosedPublic

Authored by NoQ on Jun 27 2018, 4:27 PM.

Details

Reviewers
dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
rnkovacs
Summary

Replace stubs we had to discriminate between temporaries and function arguments with actual construction contexts for arguments. Make them visible in the CFG. Which means that when there's an argument constructor in the CFG, it'll now be a CFGConstructor element (or a CFGCXXRecordTypedCall element if it's a temporary produced by a function call in C++17 where copy elision is mandatory) that will augment the construct-expression with the information about the constructed object - that it's argument #N of a certain function call.

On the analyzer side, the patch interacts with the recently implemented pre-C++17 copy elision support (D47616, D47671) in an interesting manner. If on the CFG side we didn't find a construction context for the elidable constructor, we build the CFG as if the elidable constructor is not elided, and the non-elided constructor within it is a simple temporary. But the same problem may occur in the analyzer: if the elidable constructor has a construction context but the analyzer doesn't implement such context yet, the analyzer should also try to skip copy elision and still inline the non-elided temporary constructor. This was implemented by adding a "roll back" mechanism: when elision fails, roll back the changes and proceed as if it's a simple temporary. The approach is wonky, but i'm fine with that as long as it's merely a defensive mechanism that should eventually go away once all construction contexts become supported.

Diff Detail

Event Timeline

NoQ created this revision.Jun 27 2018, 4:27 PM
Herald added subscribers: cfe-commits, mikhail.ramalho, baloghadamsoftware. · View Herald TranscriptJun 27 2018, 4:27 PM
NoQ added inline comments.Jun 27 2018, 4:29 PM
lib/Analysis/CFG.cpp
5011

For consistency.

5074–5078

I'm starting to regret this code reuse mechanism. I guess i should have made a simple lambda instead to wrap all handledStmt calls.

NoQ added inline comments.Jul 2 2018, 2:16 PM
include/clang/Analysis/ConstructionContext.h
90

Uhm. Will fix.

george.karpenkov accepted this revision.Jul 3 2018, 11:23 AM
This revision is now accepted and ready to land.Jul 3 2018, 11:23 AM
NoQ added inline comments.Jul 10 2018, 5:34 PM
lib/Analysis/ConstructionContext.cpp
186

Should assert that we only have one layer.

NoQ updated this revision to Diff 155091.Jul 11 2018, 5:26 PM

Address my own comments.

NoQ added a child revision: D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys..Jul 11 2018, 5:47 PM
NoQ added a parent revision: D48608: [CFG] [analyzer] Add construction contexts for C++ objects returned from Objective-C messages..Jul 16 2018, 5:55 PM
NoQ added a child revision: D49627: [CFG] [analyzer] Constructors of member CXXOperatorCallExpr's argument 0 are not argument constructors..Jul 20 2018, 5:48 PM
NoQ closed this revision.Jul 31 2018, 2:47 PM

Committed as rC338436 but Phabricator didn't pick it up because i put a . after the phabricator link.

Revision Contents

PathSize
include/
clang/
Analysis/
3 lines
47 lines
lib/
Analysis/
28 lines
22 lines
StaticAnalyzer/
Core/
43 lines
test/
Analysis/
52 lines
8 lines

Diff 155091

include/clang/Analysis/CFG.h

Show First 20 LinesShow All 190 Lines▼ Show 20 Linespublic:
explicit CFGCXXRecordTypedCall(Expr *E, const ConstructionContext *C) explicit CFGCXXRecordTypedCall(Expr *E, const ConstructionContext *C)
: CFGStmt(E, CXXRecordTypedCall) { : CFGStmt(E, CXXRecordTypedCall) {
assert(isCXXRecordTypedCall(E)); assert(isCXXRecordTypedCall(E));
assert(C && (isa<TemporaryObjectConstructionContext>(C) || assert(C && (isa<TemporaryObjectConstructionContext>(C) ||
// These are possible in C++17 due to mandatory copy elision. // These are possible in C++17 due to mandatory copy elision.
isa<ReturnedValueConstructionContext>(C) || isa<ReturnedValueConstructionContext>(C) ||
isa<VariableConstructionContext>(C) || isa<VariableConstructionContext>(C) ||
isa<ConstructorInitializerConstructionContext>(C))); isa<ConstructorInitializerConstructionContext>(C) ||
isa<ArgumentConstructionContext>(C)));
Data2.setPointer(const_cast<ConstructionContext *>(C)); Data2.setPointer(const_cast<ConstructionContext *>(C));
} }
const ConstructionContext *getConstructionContext() const { const ConstructionContext *getConstructionContext() const {
return static_cast<ConstructionContext *>(Data2.getPointer()); return static_cast<ConstructionContext *>(Data2.getPointer());
} }
private: private:
▲ Show 20 LinesShow All 1,136 LinesShow Last 20 Lines

include/clang/Analysis/ConstructionContext.h

Show All 35 Lines
private: private:
/// The construction site - the statement that triggered the construction /// The construction site - the statement that triggered the construction
/// for one of its parts. For instance, stack variable declaration statement /// for one of its parts. For instance, stack variable declaration statement
/// triggers construction of itself or its elements if it's an array, /// triggers construction of itself or its elements if it's an array,
/// new-expression triggers construction of the newly allocated object(s). /// new-expression triggers construction of the newly allocated object(s).
TriggerTy Trigger; TriggerTy Trigger;
/// If a single trigger statement triggers multiple constructors, they are
/// usually being enumerated. This covers function argument constructors
/// triggered by a call-expression and items in an initializer list triggered
/// by an init-list-expression.
unsigned Index;
/// Sometimes a single trigger is not enough to describe the construction /// Sometimes a single trigger is not enough to describe the construction
/// site. In this case we'd have a chain of "partial" construction context /// site. In this case we'd have a chain of "partial" construction context
/// layers. /// layers.
/// Some examples: /// Some examples:
/// - A constructor within in an aggregate initializer list within a variable /// - A constructor within in an aggregate initializer list within a variable
/// would have a construction context of the initializer list with /// would have a construction context of the initializer list with
/// the parent construction context of a variable. /// the parent construction context of a variable.
/// - A constructor for a temporary that needs to be both destroyed /// - A constructor for a temporary that needs to be both destroyed
/// and materialized into an elidable copy constructor would have a /// and materialized into an elidable copy constructor would have a
/// construction context of a CXXBindTemporaryExpr with the parent /// construction context of a CXXBindTemporaryExpr with the parent
/// construction context of a MaterializeTemproraryExpr. /// construction context of a MaterializeTemproraryExpr.
/// Not all of these are currently supported. /// Not all of these are currently supported.
const ConstructionContextLayer *Parent = nullptr; const ConstructionContextLayer *Parent = nullptr;
ConstructionContextLayer(TriggerTy Trigger, ConstructionContextLayer(TriggerTy Trigger, unsigned Index,
const ConstructionContextLayer *Parent) const ConstructionContextLayer *Parent)
: Trigger(Trigger), Parent(Parent) {} : Trigger(Trigger), Index(Index), Parent(Parent) {}
public: public:
static const ConstructionContextLayer * static const ConstructionContextLayer *
create(BumpVectorContext &C, TriggerTy Trigger, create(BumpVectorContext &C, TriggerTy Trigger, unsigned Index = 0,
const ConstructionContextLayer *Parent = nullptr); const ConstructionContextLayer *Parent = nullptr);
const ConstructionContextLayer *getParent() const { return Parent; } const ConstructionContextLayer *getParent() const { return Parent; }
bool isLast() const { return !Parent; } bool isLast() const { return !Parent; }
const Stmt *getTriggerStmt() const { const Stmt *getTriggerStmt() const {
return Trigger.dyn_cast<Stmt *>(); return Trigger.dyn_cast<Stmt *>();
} }
const CXXCtorInitializer *getTriggerInit() const { const CXXCtorInitializer *getTriggerInit() const {
return Trigger.dyn_cast<CXXCtorInitializer *>(); return Trigger.dyn_cast<CXXCtorInitializer *>();
} }
unsigned getIndex() const { return Index; }
/// Returns true if these layers are equal as individual layers, even if /// Returns true if these layers are equal as individual layers, even if
/// their parents are different. /// their parents are different.
bool isSameLayer(const ConstructionContextLayer *Other) const { bool isSameLayer(const ConstructionContextLayer *Other) const {
assert(Other); assert(Other);
return (Trigger == Other->Trigger); return (Trigger == Other->Trigger && Index == Other->Index);
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

Uhm. Will fix.

NoQ: Uhm. Will fix.
} }
/// See if Other is a proper initial segment of this construction context /// See if Other is a proper initial segment of this construction context
/// in terms of the parent chain - i.e. a few first parents coincide and /// in terms of the parent chain - i.e. a few first parents coincide and
/// then the other context terminates but our context goes further - i.e., /// then the other context terminates but our context goes further - i.e.,
/// we are providing the same context that the other context provides, /// we are providing the same context that the other context provides,
/// and a bit more above that. /// and a bit more above that.
bool isStrictlyMoreSpecificThan(const ConstructionContextLayer *Other) const; bool isStrictlyMoreSpecificThan(const ConstructionContextLayer *Other) const;
Show All 18 Lines enum Kind {
NewAllocatedObjectKind, NewAllocatedObjectKind,
SimpleTemporaryObjectKind, SimpleTemporaryObjectKind,
ElidedTemporaryObjectKind, ElidedTemporaryObjectKind,
TEMPORARY_BEGIN = SimpleTemporaryObjectKind, TEMPORARY_BEGIN = SimpleTemporaryObjectKind,
TEMPORARY_END = ElidedTemporaryObjectKind, TEMPORARY_END = ElidedTemporaryObjectKind,
SimpleReturnedValueKind, SimpleReturnedValueKind,
CXX17ElidedCopyReturnedValueKind, CXX17ElidedCopyReturnedValueKind,
RETURNED_VALUE_BEGIN = SimpleReturnedValueKind, RETURNED_VALUE_BEGIN = SimpleReturnedValueKind,
RETURNED_VALUE_END = CXX17ElidedCopyReturnedValueKind RETURNED_VALUE_END = CXX17ElidedCopyReturnedValueKind,
ArgumentKind
}; };
protected: protected:
Kind K; Kind K;
// Do not make public! These need to only be constructed // Do not make public! These need to only be constructed
// via createFromLayers(). // via createFromLayers().
explicit ConstructionContext(Kind K) : K(K) {} explicit ConstructionContext(Kind K) : K(K) {}
▲ Show 20 LinesShow All 338 Lines▼ Show 20 Lines
public: public:
const CXXBindTemporaryExpr *getCXXBindTemporaryExpr() const { return BTE; } const CXXBindTemporaryExpr *getCXXBindTemporaryExpr() const { return BTE; }
static bool classof(const ConstructionContext *CC) { static bool classof(const ConstructionContext *CC) {
return CC->getKind() == CXX17ElidedCopyReturnedValueKind; return CC->getKind() == CXX17ElidedCopyReturnedValueKind;
} }
}; };
class ArgumentConstructionContext : public ConstructionContext {
const Expr *CE; // The call of which the context is an argument.
unsigned Index; // Which argument we're constructing.
const CXXBindTemporaryExpr *BTE; // Whether the object needs to be destroyed.
friend class ConstructionContext; // Allows to create<>() itself.
explicit ArgumentConstructionContext(const Expr *CE, unsigned Index,
const CXXBindTemporaryExpr *BTE)
: ConstructionContext(ArgumentKind), CE(CE),
Index(Index), BTE(BTE) {
assert(isa<CallExpr>(CE) || isa<CXXConstructExpr>(CE) ||
isa<ObjCMessageExpr>(CE));
// BTE is optional.
}
public:
const Expr *getCallLikeExpr() const { return CE; }
unsigned getIndex() const { return Index; }
const CXXBindTemporaryExpr *getCXXBindTemporaryExpr() const { return BTE; }
static bool classof(const ConstructionContext *CC) {
return CC->getKind() == ArgumentKind;
}
};
} // end namespace clang } // end namespace clang
#endif // LLVM_CLANG_ANALYSIS_CONSTRUCTIONCONTEXT_H #endif // LLVM_CLANG_ANALYSIS_CONSTRUCTIONCONTEXT_H

lib/Analysis/CFG.cpp

Show First 20 LinesShow All 687 Lines▼ Show 20 Linesprivate:
// These sorts of call expressions don't have a common superclass, // These sorts of call expressions don't have a common superclass,
// hence strict duck-typing. // hence strict duck-typing.
template <typename CallLikeExpr, template <typename CallLikeExpr,
typename = typename std::enable_if< typename = typename std::enable_if<
std::is_same<CallLikeExpr, CallExpr>::value || std::is_same<CallLikeExpr, CallExpr>::value ||
std::is_same<CallLikeExpr, CXXConstructExpr>::value || std::is_same<CallLikeExpr, CXXConstructExpr>::value ||
std::is_same<CallLikeExpr, ObjCMessageExpr>::value>> std::is_same<CallLikeExpr, ObjCMessageExpr>::value>>
void findConstructionContextsForArguments(CallLikeExpr *E) { void findConstructionContextsForArguments(CallLikeExpr *E) {
// A stub for the code that'll eventually be used for finding construction for (unsigned i = 0, e = E->getNumArgs(); i != e; ++i) {
// contexts for constructors of C++ object-type arguments passed into Expr *Arg = E->getArg(i);
// call-like expression E.
// FIXME: Once actually implemented, this construction context layer should
// include the index of the argument as well.
for (auto Arg : E->arguments())
if (Arg->getType()->getAsCXXRecordDecl() && !Arg->isGLValue()) if (Arg->getType()->getAsCXXRecordDecl() && !Arg->isGLValue())
findConstructionContexts( findConstructionContexts(
ConstructionContextLayer::create(cfg->getBumpVectorContext(), E), ConstructionContextLayer::create(cfg->getBumpVectorContext(), E, i),
Arg); Arg);
} }
}
// Unset the construction context after consuming it. This is done immediately // Unset the construction context after consuming it. This is done immediately
// after adding the CFGConstructor or CFGCXXRecordTypedCall element, so // after adding the CFGConstructor or CFGCXXRecordTypedCall element, so
// there's no need to do this manually in every Visit... function. // there's no need to do this manually in every Visit... function.
void cleanupConstructionContext(Expr *E); void cleanupConstructionContext(Expr *E);
void autoCreateBlock() { if (!Block) Block = createBlock(); } void autoCreateBlock() { if (!Block) Block = createBlock(); }
CFGBlock *createBlock(bool add_successor = true); CFGBlock *createBlock(bool add_successor = true);
▲ Show 20 LinesShow All 569 Lines▼ Show 20 Lines
void CFGBuilder::findConstructionContexts( void CFGBuilder::findConstructionContexts(
const ConstructionContextLayer *Layer, Stmt *Child) { const ConstructionContextLayer *Layer, Stmt *Child) {
if (!BuildOpts.AddRichCXXConstructors) if (!BuildOpts.AddRichCXXConstructors)
return; return;
if (!Child) if (!Child)
return; return;
auto withExtraLayer = [this, Layer](Stmt *S) { auto withExtraLayer = [this, Layer](Stmt *S, unsigned Index = 0) {
return ConstructionContextLayer::create(cfg->getBumpVectorContext(), S, return ConstructionContextLayer::create(cfg->getBumpVectorContext(), S,
Layer); Index, Layer);
}; };
switch(Child->getStmtClass()) { switch(Child->getStmtClass()) {
case Stmt::CXXConstructExprClass: case Stmt::CXXConstructExprClass:
case Stmt::CXXTemporaryObjectExprClass: { case Stmt::CXXTemporaryObjectExprClass: {
// Support pre-C++17 copy elision AST. // Support pre-C++17 copy elision AST.
auto *CE = cast<CXXConstructExpr>(Child); auto *CE = cast<CXXConstructExpr>(Child);
if (BuildOpts.MarkElidedCXXConstructors && CE->isElidable()) { if (BuildOpts.MarkElidedCXXConstructors && CE->isElidable()) {
▲ Show 20 LinesShow All 3,703 Lines▼ Show 20 Linesstatic void print_construction_context(raw_ostream &OS,
StmtPrinterHelper &Helper, StmtPrinterHelper &Helper,
const ConstructionContext *CC) { const ConstructionContext *CC) {
SmallVector<const Stmt *, 3> Stmts; SmallVector<const Stmt *, 3> Stmts;
switch (CC->getKind()) { switch (CC->getKind()) {
case ConstructionContext::SimpleConstructorInitializerKind: { case ConstructionContext::SimpleConstructorInitializerKind: {
OS << ", "; OS << ", ";
const auto *SICC = cast<SimpleConstructorInitializerConstructionContext>(CC); const auto *SICC = cast<SimpleConstructorInitializerConstructionContext>(CC);
print_initializer(OS, Helper, SICC->getCXXCtorInitializer()); print_initializer(OS, Helper, SICC->getCXXCtorInitializer());
break; return;
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

For consistency.

NoQ: For consistency.
} }
case ConstructionContext::CXX17ElidedCopyConstructorInitializerKind: { case ConstructionContext::CXX17ElidedCopyConstructorInitializerKind: {
OS << ", "; OS << ", ";
const auto *CICC = const auto *CICC =
cast<CXX17ElidedCopyConstructorInitializerConstructionContext>(CC); cast<CXX17ElidedCopyConstructorInitializerConstructionContext>(CC);
print_initializer(OS, Helper, CICC->getCXXCtorInitializer()); print_initializer(OS, Helper, CICC->getCXXCtorInitializer());
Stmts.push_back(CICC->getCXXBindTemporaryExpr()); Stmts.push_back(CICC->getCXXBindTemporaryExpr());
break; break;
Show All 34 Linesstatic void print_construction_context(raw_ostream &OS,
} }
case ConstructionContext::ElidedTemporaryObjectKind: { case ConstructionContext::ElidedTemporaryObjectKind: {
const auto *TOCC = cast<ElidedTemporaryObjectConstructionContext>(CC); const auto *TOCC = cast<ElidedTemporaryObjectConstructionContext>(CC);
Stmts.push_back(TOCC->getCXXBindTemporaryExpr()); Stmts.push_back(TOCC->getCXXBindTemporaryExpr());
Stmts.push_back(TOCC->getMaterializedTemporaryExpr()); Stmts.push_back(TOCC->getMaterializedTemporaryExpr());
Stmts.push_back(TOCC->getConstructorAfterElision()); Stmts.push_back(TOCC->getConstructorAfterElision());
break; break;
} }
case ConstructionContext::ArgumentKind: {
const auto *ACC = cast<ArgumentConstructionContext>(CC);
if (const Stmt *BTE = ACC->getCXXBindTemporaryExpr()) {
OS << ", ";
Helper.handledStmt(const_cast<Stmt *>(BTE), OS);
}
OS << ", ";
Helper.handledStmt(const_cast<Expr *>(ACC->getCallLikeExpr()), OS);
OS << "+" << ACC->getIndex();
return;
}
} }
for (auto I: Stmts) for (auto I: Stmts)
if (I) { if (I) {
OS << ", "; OS << ", ";
Helper.handledStmt(const_cast<Stmt *>(I), OS); Helper.handledStmt(const_cast<Stmt *>(I), OS);
} }
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

I'm starting to regret this code reuse mechanism. I guess i should have made a simple lambda instead to wrap all handledStmt calls.

NoQ: I'm starting to regret this code reuse mechanism. I guess i should have made a simple lambda…
} }
static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper, static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper,
const CFGElement &E) { const CFGElement &E) {
if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) { if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) {
const Stmt *S = CS->getStmt(); const Stmt *S = CS->getStmt();
assert(S != nullptr && "Expecting non-null Stmt"); assert(S != nullptr && "Expecting non-null Stmt");
▲ Show 20 LinesShow All 461 LinesShow Last 20 Lines

lib/Analysis/ConstructionContext.cpp

Show All 15 Lines
#include "clang/Analysis/ConstructionContext.h" #include "clang/Analysis/ConstructionContext.h"
#include "clang/AST/ExprObjC.h" #include "clang/AST/ExprObjC.h"
using namespace clang; using namespace clang;
const ConstructionContextLayer * const ConstructionContextLayer *
ConstructionContextLayer::create(BumpVectorContext &C, TriggerTy Trigger, ConstructionContextLayer::create(BumpVectorContext &C, TriggerTy Trigger,
unsigned Index,
const ConstructionContextLayer *Parent) { const ConstructionContextLayer *Parent) {
ConstructionContextLayer *CC = ConstructionContextLayer *CC =
C.getAllocator().Allocate<ConstructionContextLayer>(); C.getAllocator().Allocate<ConstructionContextLayer>();
return new (CC) ConstructionContextLayer(Trigger, Parent); return new (CC) ConstructionContextLayer(Trigger, Index, Parent);
} }
bool ConstructionContextLayer::isStrictlyMoreSpecificThan( bool ConstructionContextLayer::isStrictlyMoreSpecificThan(
const ConstructionContextLayer *Other) const { const ConstructionContextLayer *Other) const {
const ConstructionContextLayer *Self = this; const ConstructionContextLayer *Self = this;
while (true) { while (true) {
if (!Other) if (!Other)
return Self; return Self;
▲ Show 20 LinesShow All 70 Lines▼ Show 20 Lines if (const auto *BTE = dyn_cast<CXXBindTemporaryExpr>(S)) {
C, BTE, MTE, ElidedCE, ElidedCC); C, BTE, MTE, ElidedCE, ElidedCC);
} }
} }
assert(ParentLayer->isLast()); assert(ParentLayer->isLast());
return create<SimpleTemporaryObjectConstructionContext>(C, BTE, MTE); return create<SimpleTemporaryObjectConstructionContext>(C, BTE, MTE);
} }
assert(ParentLayer->isLast()); assert(ParentLayer->isLast());
// This is a constructor into a function argument. Not implemented yet. // This is a constructor into a function argument.
if (isa<CallExpr>(ParentLayer->getTriggerStmt()) || if (isa<CallExpr>(ParentLayer->getTriggerStmt()) ||
isa<CXXConstructExpr>(ParentLayer->getTriggerStmt()) || isa<CXXConstructExpr>(ParentLayer->getTriggerStmt()) ||
isa<ObjCMessageExpr>(ParentLayer->getTriggerStmt())) isa<ObjCMessageExpr>(ParentLayer->getTriggerStmt())) {
return nullptr; return create<ArgumentConstructionContext>(
C, cast<Expr>(ParentLayer->getTriggerStmt()),
ParentLayer->getIndex(), BTE);
}
// This is C++17 copy-elided construction into return statement. // This is C++17 copy-elided construction into return statement.
if (auto *RS = dyn_cast<ReturnStmt>(ParentLayer->getTriggerStmt())) { if (auto *RS = dyn_cast<ReturnStmt>(ParentLayer->getTriggerStmt())) {
assert(!RS->getRetValue()->getType().getCanonicalType() assert(!RS->getRetValue()->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasTrivialDestructor()); ->getAsCXXRecordDecl()->hasTrivialDestructor());
return create<CXX17ElidedCopyReturnedValueConstructionContext>(C, return create<CXX17ElidedCopyReturnedValueConstructionContext>(C,
RS, BTE); RS, BTE);
} }
// This is C++17 copy-elided construction into a simple variable. // This is C++17 copy-elided construction into a simple variable.
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines if (const auto *MTE = dyn_cast<MaterializeTemporaryExpr>(S)) {
} }
assert(TopLayer->isLast()); assert(TopLayer->isLast());
return create<SimpleTemporaryObjectConstructionContext>(C, nullptr, MTE); return create<SimpleTemporaryObjectConstructionContext>(C, nullptr, MTE);
} }
if (const auto *RS = dyn_cast<ReturnStmt>(S)) { if (const auto *RS = dyn_cast<ReturnStmt>(S)) {
assert(TopLayer->isLast()); assert(TopLayer->isLast());
return create<SimpleReturnedValueConstructionContext>(C, RS); return create<SimpleReturnedValueConstructionContext>(C, RS);
} }
// This is a constructor into a function argument. Not implemented yet. // This is a constructor into a function argument.
if (isa<CallExpr>(TopLayer->getTriggerStmt()) || if (isa<CallExpr>(TopLayer->getTriggerStmt()) ||
isa<CXXConstructExpr>(TopLayer->getTriggerStmt()) || isa<CXXConstructExpr>(TopLayer->getTriggerStmt()) ||
isa<ObjCMessageExpr>(TopLayer->getTriggerStmt())) isa<ObjCMessageExpr>(TopLayer->getTriggerStmt())) {
return nullptr; assert(TopLayer->isLast());
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

Should assert that we only have one layer.

NoQ: Should assert that we only have one layer.
return create<ArgumentConstructionContext>(
C, cast<Expr>(TopLayer->getTriggerStmt()), TopLayer->getIndex(),
/*BTE=*/nullptr);
}
llvm_unreachable("Unexpected construction context with statement!"); llvm_unreachable("Unexpected construction context with statement!");
} else if (const CXXCtorInitializer *I = TopLayer->getTriggerInit()) { } else if (const CXXCtorInitializer *I = TopLayer->getTriggerInit()) {
assert(TopLayer->isLast()); assert(TopLayer->isLast());
return create<SimpleConstructorInitializerConstructionContext>(C, I); return create<SimpleConstructorInitializerConstructionContext>(C, I);
} }
llvm_unreachable("Unexpected construction context!"); llvm_unreachable("Unexpected construction context!");
} }

lib/StaticAnalyzer/Core/ExprEngineCXX.cpp

Show First 20 LinesShow All 215 Lines▼ Show 20 Lines case ConstructionContext::ElidedTemporaryObjectKind: {
const MaterializeTemporaryExpr *MTE = TCC->getMaterializedTemporaryExpr(); const MaterializeTemporaryExpr *MTE = TCC->getMaterializedTemporaryExpr();
const CXXConstructExpr *CE = TCC->getConstructorAfterElision(); const CXXConstructExpr *CE = TCC->getConstructorAfterElision();
// Support pre-C++17 copy elision. We'll have the elidable copy // Support pre-C++17 copy elision. We'll have the elidable copy
// constructor in the AST and in the CFG, but we'll skip it // constructor in the AST and in the CFG, but we'll skip it
// and construct directly into the final object. This call // and construct directly into the final object. This call
// also sets the CallOpts flags for us. // also sets the CallOpts flags for us.
SVal V; SVal V;
// If the elided copy/move constructor is not supported, there's still
// benefit in trying to model the non-elided constructor.
// Stash our state before trying to elide, as it'll get overwritten.
ProgramStateRef PreElideState = State;
EvalCallOptions PreElideCallOpts = CallOpts;
std::tie(State, V) = prepareForObjectConstruction( std::tie(State, V) = prepareForObjectConstruction(
CE, State, LCtx, TCC->getConstructionContextAfterElision(), CallOpts); CE, State, LCtx, TCC->getConstructionContextAfterElision(), CallOpts);
// FIXME: This definition of "copy elision has not failed" is unreliable.
// It doesn't indicate that the constructor will actually be inlined
// later; it is still up to evalCall() to decide.
if (!CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion) {
// Remember that we've elided the constructor. // Remember that we've elided the constructor.
State = addObjectUnderConstruction(State, CE, LCtx, V); State = addObjectUnderConstruction(State, CE, LCtx, V);
// Remember that we've elided the destructor. // Remember that we've elided the destructor.
if (BTE) if (BTE)
State = elideDestructor(State, BTE, LCtx); State = elideDestructor(State, BTE, LCtx);
// Instead of materialization, shamelessly return // Instead of materialization, shamelessly return
// the final object destination. // the final object destination.
if (MTE) if (MTE)
State = addObjectUnderConstruction(State, MTE, LCtx, V); State = addObjectUnderConstruction(State, MTE, LCtx, V);
return std::make_pair(State, V); return std::make_pair(State, V);
} else {
// Copy elision failed. Revert the changes and proceed as if we have
// a simple temporary.
State = PreElideState;
CallOpts = PreElideCallOpts;
}
// FALL-THROUGH
} }
case ConstructionContext::SimpleTemporaryObjectKind: { case ConstructionContext::SimpleTemporaryObjectKind: {
const auto *TCC = cast<SimpleTemporaryObjectConstructionContext>(CC); const auto *TCC = cast<TemporaryObjectConstructionContext>(CC);
const CXXBindTemporaryExpr *BTE = TCC->getCXXBindTemporaryExpr(); const CXXBindTemporaryExpr *BTE = TCC->getCXXBindTemporaryExpr();
const MaterializeTemporaryExpr *MTE = TCC->getMaterializedTemporaryExpr(); const MaterializeTemporaryExpr *MTE = TCC->getMaterializedTemporaryExpr();
SVal V = UnknownVal(); SVal V = UnknownVal();
if (MTE) { if (MTE) {
if (const ValueDecl *VD = MTE->getExtendingDecl()) { if (const ValueDecl *VD = MTE->getExtendingDecl()) {
assert(MTE->getStorageDuration() != SD_FullExpression); assert(MTE->getStorageDuration() != SD_FullExpression);
if (!VD->getType()->isReferenceType()) { if (!VD->getType()->isReferenceType()) {
Show All 18 Lines case ConstructionContext::SimpleTemporaryObjectKind: {
State = addObjectUnderConstruction(State, BTE, LCtx, V); State = addObjectUnderConstruction(State, BTE, LCtx, V);
if (MTE) if (MTE)
State = addObjectUnderConstruction(State, MTE, LCtx, V); State = addObjectUnderConstruction(State, MTE, LCtx, V);
CallOpts.IsTemporaryCtorOrDtor = true; CallOpts.IsTemporaryCtorOrDtor = true;
return std::make_pair(State, V); return std::make_pair(State, V);
} }
case ConstructionContext::ArgumentKind: {
// Function argument constructors. Not implemented yet.
break;
}
} }
} }
// If we couldn't find an existing region to construct into, assume we're // If we couldn't find an existing region to construct into, assume we're
// constructing a temporary. Notify the caller of our failure. // constructing a temporary. Notify the caller of our failure.
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true; CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
return std::make_pair( return std::make_pair(
State, loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx))); State, loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx)));
} }
▲ Show 20 LinesShow All 514 LinesShow Last 20 Lines

test/Analysis/cfg-rich-constructors.cpp

Show First 20 LinesShow All 817 Lines▼ Show 20 Lines
public: public:
E(D d); E(D d);
}; };
void useC(C c); void useC(C c);
void useCByReference(const C &c); void useCByReference(const C &c);
void useD(D d); void useD(D d);
void useDByReference(const D &d); void useDByReference(const D &d);
void useCAndD(C c, D d);
// FIXME: Find construction context for the argument.
// CHECK: void passArgument() // CHECK: void passArgument()
// CHECK: 1: useC // CHECK: 1: useC
// CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(class C)) // CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(class C))
// CXX11-NEXT: 3: C() (CXXConstructExpr, [B1.4], class C) // CXX11-ELIDE-NEXT: 3: C() (CXXConstructExpr, [B1.4], [B1.5], class C)
// CXX11-NOELIDE-NEXT: 3: C() (CXXConstructExpr, [B1.4], class C)
// CXX11-NEXT: 4: [B1.3] // CXX11-NEXT: 4: [B1.3]
// CXX11-NEXT: 5: [B1.4] (CXXConstructExpr, class C) // CXX11-NEXT: 5: [B1.4] (CXXConstructExpr, [B1.6]+0, class C)
// CXX11-NEXT: 6: [B1.2]([B1.5]) // CXX11-NEXT: 6: [B1.2]([B1.5])
// CXX17-NEXT: 3: C() (CXXConstructExpr, class C) // CXX17-NEXT: 3: C() (CXXConstructExpr, [B1.4]+0, class C)
// CXX17-NEXT: 4: [B1.2]([B1.3]) // CXX17-NEXT: 4: [B1.2]([B1.3])
void passArgument() { void passArgument() {
useC(C()); useC(C());
} }
// CHECK: void passTwoArguments()
// CHECK: [B1]
// CHECK-NEXT: 1: useCAndD
// CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(class C, class argument_constructors::D))
// CXX11-ELIDE-NEXT: 3: C() (CXXConstructExpr, [B1.4], [B1.5], class C)
// CXX11-NOELIDE-NEXT: 3: C() (CXXConstructExpr, [B1.4], class C)
// CXX11-NEXT: 4: [B1.3]
// CXX11-NEXT: 5: [B1.4] (CXXConstructExpr, [B1.12]+0, class C)
// CXX11-ELIDE-NEXT: 6: argument_constructors::D() (CXXConstructExpr, [B1.7], [B1.9], [B1.10], class argument_constructors::D)
// CXX11-NOELIDE-NEXT: 6: argument_constructors::D() (CXXConstructExpr, [B1.7], [B1.9], class argument_constructors::D)
// CXX11-NEXT: 7: [B1.6] (BindTemporary)
// CXX11-NEXT: 8: [B1.7] (ImplicitCastExpr, NoOp, const class argument_constructors::D)
// CXX11-NEXT: 9: [B1.8]
// CXX11-NEXT: 10: [B1.9] (CXXConstructExpr, [B1.11], [B1.12]+1, class argument_constructors::D)
// CXX11-NEXT: 11: [B1.10] (BindTemporary)
// CXX11-NEXT: 12: [B1.2]([B1.5], [B1.11])
// CXX11-NEXT: 13: ~argument_constructors::D() (Temporary object destructor)
// CXX11-NEXT: 14: ~argument_constructors::D() (Temporary object destructor)
// CXX17-NEXT: 3: C() (CXXConstructExpr, [B1.6]+0, class C)
// CXX17-NEXT: 4: argument_constructors::D() (CXXConstructExpr, [B1.5], [B1.6]+1, class argument_co
// CXX17-NEXT: 5: [B1.4] (BindTemporary)
// CXX17-NEXT: 6: [B1.2]([B1.3], [B1.5])
// CXX17-NEXT: 7: ~argument_constructors::D() (Temporary object destructor)
void passTwoArguments() {
useCAndD(C(), D());
}
// CHECK: void passArgumentByReference() // CHECK: void passArgumentByReference()
// CHECK: 1: useCByReference // CHECK: 1: useCByReference
// CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(const class C &)) // CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(const class C &))
// CHECK-NEXT: 3: C() (CXXConstructExpr, [B1.5], class C) // CHECK-NEXT: 3: C() (CXXConstructExpr, [B1.5], class C)
// CHECK-NEXT: 4: [B1.3] (ImplicitCastExpr, NoOp, const class C) // CHECK-NEXT: 4: [B1.3] (ImplicitCastExpr, NoOp, const class C)
// CHECK-NEXT: 5: [B1.4] // CHECK-NEXT: 5: [B1.4]
// CHECK-NEXT: 6: [B1.2]([B1.5]) // CHECK-NEXT: 6: [B1.2]([B1.5])
void passArgumentByReference() { void passArgumentByReference() {
useCByReference(C()); useCByReference(C());
} }
// FIXME: Find construction context for the argument.
// CHECK: void passArgumentWithDestructor() // CHECK: void passArgumentWithDestructor()
// CHECK: 1: useD // CHECK: 1: useD
// CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(class argument_constructors::D)) // CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(class argument_constructors::D))
// CXX11-NEXT: 3: argument_constructors::D() (CXXConstructExpr, [B1.4], [B1.6], class argument_constructors::D) // CXX11-ELIDE-NEXT: 3: argument_constructors::D() (CXXConstructExpr, [B1.4], [B1.6], [B1.7], class argument_constructors::D)
// CXX11-NOELIDE-NEXT: 3: argument_constructors::D() (CXXConstructExpr, [B1.4], [B1.6], class argument_constructors::D)
// CXX11-NEXT: 4: [B1.3] (BindTemporary) // CXX11-NEXT: 4: [B1.3] (BindTemporary)
// CXX11-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const class argument_constructors::D) // CXX11-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const class argument_constructors::D)
// CXX11-NEXT: 6: [B1.5] // CXX11-NEXT: 6: [B1.5]
// CXX11-NEXT: 7: [B1.6] (CXXConstructExpr, class argument_constructors::D) // CXX11-NEXT: 7: [B1.6] (CXXConstructExpr, [B1.8], [B1.9]+0, class argument_constructors::D)
// CXX11-NEXT: 8: [B1.7] (BindTemporary) // CXX11-NEXT: 8: [B1.7] (BindTemporary)
// CXX11-NEXT: 9: [B1.2]([B1.8]) // CXX11-NEXT: 9: [B1.2]([B1.8])
// CXX11-NEXT: 10: ~argument_constructors::D() (Temporary object destructor) // CXX11-NEXT: 10: ~argument_constructors::D() (Temporary object destructor)
// CXX11-NEXT: 11: ~argument_constructors::D() (Temporary object destructor) // CXX11-NEXT: 11: ~argument_constructors::D() (Temporary object destructor)
// CXX17-NEXT: 3: argument_constructors::D() (CXXConstructExpr, class argument_constructors::D) // CXX17-NEXT: 3: argument_constructors::D() (CXXConstructExpr, [B1.4], [B1.5]+0, class argument_constructors::D)
// CXX17-NEXT: 4: [B1.3] (BindTemporary) // CXX17-NEXT: 4: [B1.3] (BindTemporary)
// CXX17-NEXT: 5: [B1.2]([B1.4]) // CXX17-NEXT: 5: [B1.2]([B1.4])
// CXX17-NEXT: 6: ~argument_constructors::D() (Temporary object destructor) // CXX17-NEXT: 6: ~argument_constructors::D() (Temporary object destructor)
void passArgumentWithDestructor() { void passArgumentWithDestructor() {
useD(D()); useD(D());
} }
// CHECK: void passArgumentWithDestructorByReference() // CHECK: void passArgumentWithDestructorByReference()
// CHECK: 1: useDByReference // CHECK: 1: useDByReference
// CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(const class argumen // CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, FunctionToPointerDecay, void (*)(const class argumen
// CHECK-NEXT: 3: argument_constructors::D() (CXXConstructExpr, [B1.4], [B1.6], class argument_c // CHECK-NEXT: 3: argument_constructors::D() (CXXConstructExpr, [B1.4], [B1.6], class argument_c
// CHECK-NEXT: 4: [B1.3] (BindTemporary) // CHECK-NEXT: 4: [B1.3] (BindTemporary)
// CHECK-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const class argument_constructors::D) // CHECK-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const class argument_constructors::D)
// CHECK-NEXT: 6: [B1.5] // CHECK-NEXT: 6: [B1.5]
// CHECK-NEXT: 7: [B1.2]([B1.6]) // CHECK-NEXT: 7: [B1.2]([B1.6])
// CHECK-NEXT: 8: ~argument_constructors::D() (Temporary object destructor) // CHECK-NEXT: 8: ~argument_constructors::D() (Temporary object destructor)
void passArgumentWithDestructorByReference() { void passArgumentWithDestructorByReference() {
useDByReference(D()); useDByReference(D());
} }
// FIXME: Find construction context for the argument.
// CHECK: void passArgumentIntoAnotherConstructor() // CHECK: void passArgumentIntoAnotherConstructor()
// CXX11: 1: argument_constructors::D() (CXXConstructExpr, [B1.2], [B1.4], class argument_constructors::D) // CXX11-ELIDE: 1: argument_constructors::D() (CXXConstructExpr, [B1.2], [B1.4], [B1.5], class argument_constructors::D)
// CXX11-NOELIDE: 1: argument_constructors::D() (CXXConstructExpr, [B1.2], [B1.4], class argument_constructors::D)
// CXX11-NEXT: 2: [B1.1] (BindTemporary) // CXX11-NEXT: 2: [B1.1] (BindTemporary)
// CXX11-NEXT: 3: [B1.2] (ImplicitCastExpr, NoOp, const class argument_constructors::D) // CXX11-NEXT: 3: [B1.2] (ImplicitCastExpr, NoOp, const class argument_constructors::D)
// CXX11-NEXT: 4: [B1.3] // CXX11-NEXT: 4: [B1.3]
// CXX11-NEXT: 5: [B1.4] (CXXConstructExpr, class argument_constructors::D) // CXX11-NEXT: 5: [B1.4] (CXXConstructExpr, [B1.6], [B1.7]+0, class argument_constructors::D)
// CXX11-NEXT: 6: [B1.5] (BindTemporary) // CXX11-NEXT: 6: [B1.5] (BindTemporary)
// CXX11-ELIDE-NEXT: 7: [B1.6] (CXXConstructExpr, [B1.9], [B1.10], class argument_constructors::E) // CXX11-ELIDE-NEXT: 7: [B1.6] (CXXConstructExpr, [B1.9], [B1.10], class argument_constructors::E)
// CXX11-NOELIDE-NEXT: 7: [B1.6] (CXXConstructExpr, [B1.9], class argument_constructors::E) // CXX11-NOELIDE-NEXT: 7: [B1.6] (CXXConstructExpr, [B1.9], class argument_constructors::E)
// CXX11-NEXT: 8: argument_constructors::E([B1.7]) (CXXFunctionalCastExpr, ConstructorConversion, class argument_constructors::E) // CXX11-NEXT: 8: argument_constructors::E([B1.7]) (CXXFunctionalCastExpr, ConstructorConversion, class argument_constructors::E)
// CXX11-NEXT: 9: [B1.8] // CXX11-NEXT: 9: [B1.8]
// CXX11-NEXT: 10: [B1.9] (CXXConstructExpr, [B1.11], class argument_constructors::E) // CXX11-NEXT: 10: [B1.9] (CXXConstructExpr, [B1.11], class argument_constructors::E)
// CXX11-NEXT: 11: argument_constructors::E e = argument_constructors::E(argument_constructors::D()); // CXX11-NEXT: 11: argument_constructors::E e = argument_constructors::E(argument_constructors::D());
// CXX11-NEXT: 12: ~argument_constructors::D() (Temporary object destructor) // CXX11-NEXT: 12: ~argument_constructors::D() (Temporary object destructor)
// CXX11-NEXT: 13: ~argument_constructors::D() (Temporary object destructor) // CXX11-NEXT: 13: ~argument_constructors::D() (Temporary object destructor)
// CXX17: 1: argument_constructors::D() (CXXConstructExpr, class argument_constructors::D) // CXX17: 1: argument_constructors::D() (CXXConstructExpr, [B1.2], [B1.3]+0, class argument_constructors::D)
// CXX17-NEXT: 2: [B1.1] (BindTemporary) // CXX17-NEXT: 2: [B1.1] (BindTemporary)
// CXX17-NEXT: 3: [B1.2] (CXXConstructExpr, [B1.5], class argument_constructors::E) // CXX17-NEXT: 3: [B1.2] (CXXConstructExpr, [B1.5], class argument_constructors::E)
// CXX17-NEXT: 4: argument_constructors::E([B1.3]) (CXXFunctionalCastExpr, ConstructorConversion, class argument_constructors::E) // CXX17-NEXT: 4: argument_constructors::E([B1.3]) (CXXFunctionalCastExpr, ConstructorConversion, class argument_constructors::E)
// CXX17-NEXT: 5: argument_constructors::E e = argument_constructors::E(argument_constructors::D()); // CXX17-NEXT: 5: argument_constructors::E e = argument_constructors::E(argument_constructors::D());
// CXX17-NEXT: 6: ~argument_constructors::D() (Temporary object destructor) // CXX17-NEXT: 6: ~argument_constructors::D() (Temporary object destructor)
void passArgumentIntoAnotherConstructor() { void passArgumentIntoAnotherConstructor() {
E e = E(D()); E e = E(D());
} }
} // end namespace argument_constructors } // end namespace argument_constructors

test/Analysis/cfg-rich-constructors.mm

Show All 12 Linespublic:
~D(); ~D();
}; };
@interface E {} @interface E {}
-(void) foo: (D) d; -(void) foo: (D) d;
-(D) bar; -(D) bar;
@end @end
// FIXME: Find construction context for the argument.
// CHECK: void passArgumentIntoMessage(E *e) // CHECK: void passArgumentIntoMessage(E *e)
// CHECK: 1: e // CHECK: 1: e
// CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, LValueToRValue, E *) // CHECK-NEXT: 2: [B1.1] (ImplicitCastExpr, LValueToRValue, E *)
// CXX11-NEXT: 3: D() (CXXConstructExpr, [B1.4], [B1.6], class D) // CXX11-ELIDE-NEXT: 3: D() (CXXConstructExpr, [B1.4], [B1.6], [B1.7], class D)
// CXX11-NOELIDE-NEXT: 3: D() (CXXConstructExpr, [B1.4], [B1.6], class D)
// CXX11-NEXT: 4: [B1.3] (BindTemporary) // CXX11-NEXT: 4: [B1.3] (BindTemporary)
// CXX11-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const class D) // CXX11-NEXT: 5: [B1.4] (ImplicitCastExpr, NoOp, const class D)
// CXX11-NEXT: 6: [B1.5] // CXX11-NEXT: 6: [B1.5]
// CXX11-NEXT: 7: [B1.6] (CXXConstructExpr, class D) // CXX11-NEXT: 7: [B1.6] (CXXConstructExpr, [B1.8], [B1.9]+0, class D)
// CXX11-NEXT: 8: [B1.7] (BindTemporary) // CXX11-NEXT: 8: [B1.7] (BindTemporary)
// Double brackets trigger FileCheck variables, escape. // Double brackets trigger FileCheck variables, escape.
// CXX11-NEXT: 9: {{\[}}[B1.2] foo:[B1.8]] // CXX11-NEXT: 9: {{\[}}[B1.2] foo:[B1.8]]
// CXX11-NEXT: 10: ~D() (Temporary object destructor) // CXX11-NEXT: 10: ~D() (Temporary object destructor)
// CXX11-NEXT: 11: ~D() (Temporary object destructor) // CXX11-NEXT: 11: ~D() (Temporary object destructor)
// CXX17-NEXT: 3: D() (CXXConstructExpr, class D) // CXX17-NEXT: 3: D() (CXXConstructExpr, [B1.4], [B1.5]+0, class D)
// CXX17-NEXT: 4: [B1.3] (BindTemporary) // CXX17-NEXT: 4: [B1.3] (BindTemporary)
// Double brackets trigger FileCheck variables, escape. // Double brackets trigger FileCheck variables, escape.
// CXX17-NEXT: 5: {{\[}}[B1.2] foo:[B1.4]] // CXX17-NEXT: 5: {{\[}}[B1.2] foo:[B1.4]]
// CXX17-NEXT: 6: ~D() (Temporary object destructor) // CXX17-NEXT: 6: ~D() (Temporary object destructor)
void passArgumentIntoMessage(E *e) { void passArgumentIntoMessage(E *e) {
[e foo: D()]; [e foo: D()];
} }
Show All 23 Lines