This is an archive of the discontinued LLVM Phabricator instance.

Differential D61051

[analyzer] Treat functions without runtime branches as "small".
ClosedPublic

Authored by NoQ on Apr 23 2019, 6:56 PM.

Details

Reviewers
dcoughlin
xazax.hun
a_sidorin
rnkovacs
mikhail.ramalho
Szelethus
baloghadamsoftware
Charusso
Commits
rGab7747b727d7: [analyzer] Treat functions without run-time branches as "small".
rC359531: [analyzer] Treat functions without run-time branches as "small".
rL359531: [analyzer] Treat functions without run-time branches as "small".
Summary

Currently we always inline functions that have no branches, i.e. have exactly three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there are no branches, it means that there's no exponential complexity introduced by inlining such function. Such functions also don't trigger various fundamental problems with our inlining mechanism, such as the problem of inlined defensive checks.

Sometimes the CFG may contain more blocks, but in practice it still has linear structure because all directions (except, at most, one) of all branches turned out to be unreachable. When this happens, still treat the function as "small".

This is useful, in particular, for dealing with C++17 if constexpr.

Diff Detail

Repository
rC Clang

Event Timeline

NoQ created this revision.Apr 23 2019, 6:56 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2019, 6:56 PM
Herald added subscribers: cfe-commits, dkrupp, donat.nagy and 3 others. · View Herald Transcript
NoQ edited the summary of this revision. (Show Details)Apr 23 2019, 6:56 PM
NoQ edited the summary of this revision. (Show Details)
Szelethus added a comment.Apr 24 2019, 2:10 PM

Nice! I have no objections (other than the nits) to this! Ill take a second look later, because I really need to play around with CFG a bit to give a definitive LGTM.

clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
723 ↗(On Diff #196366)

Your explanation of state splitting, and early returns and the like could be added here as well :)

clang/lib/Analysis/CFG.cpp
4684 ↗(On Diff #196366)

What are the cases for the size being 2 or 1? Empty function? Is a size of 1 even possible? Can we enforce something here with asserts?

4686 ↗(On Diff #196366)

Break TODO to new line.

clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
890 ↗(On Diff #196366)

Nice.

clang/test/Analysis/inline-if-constexpr.cpp
16 ↗(On Diff #196366)

Aha, we wouldve seen UNKNOWN because the analyzer wouldn't inline these many functions, right? Neat!

clang/unittests/Analysis/CFGTest.cpp
117 ↗(On Diff #196366)

What do you mean?

NoQ marked 4 inline comments as done.Apr 24 2019, 2:43 PM
NoQ added inline comments.
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
723 ↗(On Diff #196366)

This function can be controlled through -analyzer-config, which breaks the explanation. I guess i'll put it inside the body.

clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
890 ↗(On Diff #196366)

Whoops, that was actually accidental.

clang/test/Analysis/inline-if-constexpr.cpp
16 ↗(On Diff #196366)

Aha, yup.

NoQ updated this revision to Diff 196733.Apr 25 2019, 3:07 PM
NoQ marked 4 inline comments as done.

Fxd.

clang/lib/Analysis/CFG.cpp
4684 ↗(On Diff #196366)

An empty function, i.e. void foo() {}, has two CFG blocks. Every CFG has (by construction) at least an ENTRY and an EXIT, but i don't think this is the right place to introduce such sanity check.

clang/test/Analysis/inline-if-constexpr.cpp
16 ↗(On Diff #196366)

Hardcoded the max stack depth count to make this more apparent and prevent the test from not testing anything if it's bumped.

Charusso accepted this revision.Apr 28 2019, 10:54 PM

Great patch! There is only a design problem:
You have negated every isSmall() condition looks like you could write isLarge() instead but there is no connection between these functions.
Could you rename or redesign them? The following would be cool: isLarge() iff !isSmalll and isSmall() iff !isLarge().

This revision is now accepted and ready to land.Apr 28 2019, 10:54 PM
NoQ added a comment.Apr 29 2019, 12:07 PM
In D61051#1481976, @Charusso wrote:

Great patch! There is only a design problem:
You have negated every isSmall() condition looks like you could write isLarge() instead but there is no connection between these functions.
Could you rename or redesign them? The following would be cool: isLarge() iff !isSmalll and isSmall() iff !isLarge().

We essentially classify functions into small/medium/large/huge. In this sense !isSmall() may mean medium or large or huge, while isLarge() may mean large or huge.
I guess i'll comment this up.

NoQ updated this revision to Diff 197248.Apr 29 2019, 7:33 PM

Crystallize the isHuge() function and document more stuff.

Closed by commit rC359531: [analyzer] Treat functions without run-time branches as "small". (authored by NoQ). · Explain WhyApr 29 2019, 8:02 PM
This revision was automatically updated to reflect the committed changes.
Szelethus added a comment.Apr 30 2019, 3:28 AM

I mean, better late then never, but LGTM :^)

Revision Contents

PathSize
include/
clang/
Analysis/
6 lines
StaticAnalyzer/
Core/
PathSensitive/
19 lines
lib/
Analysis/
45 lines
StaticAnalyzer/
Core/
7 lines
42 lines
test/
Analysis/
18 lines
unittests/
Analysis/
59 lines

Diff 197253

include/clang/Analysis/CFG.h

Show First 20 LinesShow All 1,166 Lines▼ Show 20 Linespublic:
/// Returns the total number of BlockIDs allocated (which start at 0). /// Returns the total number of BlockIDs allocated (which start at 0).
unsigned getNumBlockIDs() const { return NumBlockIDs; } unsigned getNumBlockIDs() const { return NumBlockIDs; }
/// Return the total number of CFGBlocks within the CFG This is simply a /// Return the total number of CFGBlocks within the CFG This is simply a
/// renaming of the getNumBlockIDs(). This is necessary because the dominator /// renaming of the getNumBlockIDs(). This is necessary because the dominator
/// implementation needs such an interface. /// implementation needs such an interface.
unsigned size() const { return NumBlockIDs; } unsigned size() const { return NumBlockIDs; }
/// Returns true if the CFG has no branches. Usually it boils down to the CFG
/// having exactly three blocks (entry, the actual code, exit), but sometimes
/// more blocks appear due to having control flow that can be fully
/// resolved in compile time.
bool isLinear() const;
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
// CFG Debugging: Pretty-Printing and Visualization. // CFG Debugging: Pretty-Printing and Visualization.
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
void viewCFG(const LangOptions &LO) const; void viewCFG(const LangOptions &LO) const;
void print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const; void print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const;
void dump(const LangOptions &LO, bool ShowColors) const; void dump(const LangOptions &LO, bool ShowColors) const;
▲ Show 20 LinesShow All 156 LinesShow Last 20 Lines

include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h

Show First 20 LinesShow All 712 Lines▼ Show 20 Linesprivate:
/// See if a particular call should be inlined, by only looking /// See if a particular call should be inlined, by only looking
/// at the call event and the current state of analysis. /// at the call event and the current state of analysis.
CallInlinePolicy mayInlineCallKind(const CallEvent &Call, CallInlinePolicy mayInlineCallKind(const CallEvent &Call,
const ExplodedNode *Pred, const ExplodedNode *Pred,
AnalyzerOptions &Opts, AnalyzerOptions &Opts,
const EvalCallOptions &CallOpts); const EvalCallOptions &CallOpts);
/// See if the given AnalysisDeclContext is built for a function that we
/// should always inline simply because it's small enough.
/// Apart from "small" functions, we also have "large" functions
/// (cf. isLarge()), some of which are huge (cf. isHuge()), and we classify
/// the remaining functions as "medium".
bool isSmall(AnalysisDeclContext *ADC) const;
/// See if the given AnalysisDeclContext is built for a function that we
/// should inline carefully because it looks pretty large.
bool isLarge(AnalysisDeclContext *ADC) const;
/// See if the given AnalysisDeclContext is built for a function that we
/// should never inline because it's legit gigantic.
bool isHuge(AnalysisDeclContext *ADC) const;
/// See if the given AnalysisDeclContext is built for a function that we
/// should inline, just by looking at the declaration of the function.
bool mayInlineDecl(AnalysisDeclContext *ADC) const;
/// Checks our policies and decides weither the given call should be inlined. /// Checks our policies and decides weither the given call should be inlined.
bool shouldInlineCall(const CallEvent &Call, const Decl *D, bool shouldInlineCall(const CallEvent &Call, const Decl *D,
const ExplodedNode *Pred, const ExplodedNode *Pred,
const EvalCallOptions &CallOpts = {}); const EvalCallOptions &CallOpts = {});
bool inlineCall(const CallEvent &Call, const Decl *D, NodeBuilder &Bldr, bool inlineCall(const CallEvent &Call, const Decl *D, NodeBuilder &Bldr,
ExplodedNode *Pred, ProgramStateRef State); ExplodedNode *Pred, ProgramStateRef State);
▲ Show 20 LinesShow All 125 LinesShow Last 20 Lines

lib/Analysis/CFG.cpp

Show First 20 LinesShow All 4,671 Lines▼ Show 20 Lines
/// buildCFG - Constructs a CFG from an AST. /// buildCFG - Constructs a CFG from an AST.
std::unique_ptr<CFG> CFG::buildCFG(const Decl *D, Stmt *Statement, std::unique_ptr<CFG> CFG::buildCFG(const Decl *D, Stmt *Statement,
ASTContext *C, const BuildOptions &BO) { ASTContext *C, const BuildOptions &BO) {
CFGBuilder Builder(C, BO); CFGBuilder Builder(C, BO);
return Builder.buildCFG(D, Statement); return Builder.buildCFG(D, Statement);
} }
bool CFG::isLinear() const {
// Quick path: if we only have the ENTRY block, the EXIT block, and some code
// in between, then we have no room for control flow.
if (size() <= 3)
return true;
// Traverse the CFG until we find a branch.
// TODO: While this should still be very fast,
// maybe we should cache the answer.
llvm::SmallPtrSet<const CFGBlock *, 4> Visited;
const CFGBlock *B = Entry;
while (B != Exit) {
auto IteratorAndFlag = Visited.insert(B);
if (!IteratorAndFlag.second) {
// We looped back to a block that we've already visited. Not linear.
return false;
}
// Iterate over reachable successors.
const CFGBlock *FirstReachableB = nullptr;
for (const CFGBlock::AdjacentBlock &AB : B->succs()) {
if (!AB.isReachable())
continue;
if (FirstReachableB == nullptr) {
FirstReachableB = &*AB;
} else {
// We've encountered a branch. It's not a linear CFG.
return false;
}
}
if (!FirstReachableB) {
// We reached a dead end. EXIT is unreachable. This is linear enough.
return true;
}
// There's only one way to move forward. Proceed.
B = FirstReachableB;
}
// We reached EXIT and found no branches.
return true;
}
const CXXDestructorDecl * const CXXDestructorDecl *
CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const { CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const {
switch (getKind()) { switch (getKind()) {
case CFGElement::Initializer: case CFGElement::Initializer:
case CFGElement::NewAllocator: case CFGElement::NewAllocator:
case CFGElement::LoopExit: case CFGElement::LoopExit:
case CFGElement::LifetimeEnds: case CFGElement::LifetimeEnds:
case CFGElement::Statement: case CFGElement::Statement:
▲ Show 20 LinesShow All 900 LinesShow Last 20 Lines

lib/StaticAnalyzer/Core/BugReporterVisitors.cpp

Show First 20 LinesShow All 557 Lines▼ Show 20 Lines maybeEmitNote(BugReport &R, const CallEvent &Call, const ExplodedNode *N,
// but failing to do so. It's too unlikely a system header's fault. // but failing to do so. It's too unlikely a system header's fault.
// It's much more likely a situation in which the function has a failure // It's much more likely a situation in which the function has a failure
// mode that the user decided not to check. If we want to hunt such // mode that the user decided not to check. If we want to hunt such
// omitted checks, we should provide an explicit function-specific note // omitted checks, we should provide an explicit function-specific note
// describing the precondition under which the function isn't supposed to // describing the precondition under which the function isn't supposed to
// initialize its out-parameter, and additionally check that such // initialize its out-parameter, and additionally check that such
// precondition can actually be fulfilled on the current path. // precondition can actually be fulfilled on the current path.
if (Call.isInSystemHeader()) { if (Call.isInSystemHeader()) {
// We make an exception for system header functions that have no branches, // We make an exception for system header functions that have no branches.
// i.e. have exactly 3 CFG blocks: begin, all its code, end. Such // Such functions unconditionally fail to initialize the variable.
// functions unconditionally fail to initialize the variable.
// If they call other functions that have more paths within them, // If they call other functions that have more paths within them,
// this suppression would still apply when we visit these inner functions. // this suppression would still apply when we visit these inner functions.
// One common example of a standard function that doesn't ever initialize // One common example of a standard function that doesn't ever initialize
// its out parameter is operator placement new; it's up to the follow-up // its out parameter is operator placement new; it's up to the follow-up
// constructor (if any) to initialize the memory. // constructor (if any) to initialize the memory.
if (N->getStackFrame()->getCFG()->size() > 3) if (!N->getStackFrame()->getCFG()->isLinear())
R.markInvalid(getTag(), nullptr); R.markInvalid(getTag(), nullptr);
return nullptr; return nullptr;
} }
PathDiagnosticLocation L = PathDiagnosticLocation L =
PathDiagnosticLocation::create(N->getLocation(), SM); PathDiagnosticLocation::create(N->getLocation(), SM);
// For now this shouldn't trigger, but once it does (as we add more // For now this shouldn't trigger, but once it does (as we add more
▲ Show 20 LinesShow All 1,933 LinesShow Last 20 Lines

lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp

Show First 20 LinesShow All 358 Lines▼ Show 20 Lines for (ExplodedNodeSet::iterator I = CleanedNodes.begin(),
for (ExplodedNodeSet::iterator PSI = Dst.begin(), PSE = Dst.end(); for (ExplodedNodeSet::iterator PSI = Dst.begin(), PSE = Dst.end();
PSI != PSE; ++PSI) { PSI != PSE; ++PSI) {
Engine.getWorkList()->enqueue(*PSI, calleeCtx->getCallSiteBlock(), Engine.getWorkList()->enqueue(*PSI, calleeCtx->getCallSiteBlock(),
calleeCtx->getIndex()+1); calleeCtx->getIndex()+1);
} }
} }
} }
bool ExprEngine::isSmall(AnalysisDeclContext *ADC) const {
// When there are no branches in the function, it means that there's no
// exponential complexity introduced by inlining such function.
// Such functions also don't trigger various fundamental problems
// with our inlining mechanism, such as the problem of
// inlined defensive checks. Hence isLinear().
const CFG *Cfg = ADC->getCFG();
return Cfg->isLinear() || Cfg->size() <= AMgr.options.AlwaysInlineSize;
}
bool ExprEngine::isLarge(AnalysisDeclContext *ADC) const {
const CFG *Cfg = ADC->getCFG();
return Cfg->size() >= AMgr.options.MinCFGSizeTreatFunctionsAsLarge;
}
bool ExprEngine::isHuge(AnalysisDeclContext *ADC) const {
const CFG *Cfg = ADC->getCFG();
return Cfg->getNumBlockIDs() > AMgr.options.MaxInlinableSize;
}
void ExprEngine::examineStackFrames(const Decl *D, const LocationContext *LCtx, void ExprEngine::examineStackFrames(const Decl *D, const LocationContext *LCtx,
bool &IsRecursive, unsigned &StackDepth) { bool &IsRecursive, unsigned &StackDepth) {
IsRecursive = false; IsRecursive = false;
StackDepth = 0; StackDepth = 0;
while (LCtx) { while (LCtx) {
if (const StackFrameContext *SFC = dyn_cast<StackFrameContext>(LCtx)) { if (const StackFrameContext *SFC = dyn_cast<StackFrameContext>(LCtx)) {
const Decl *DI = SFC->getDecl(); const Decl *DI = SFC->getDecl();
// Mark recursive (and mutually recursive) functions and always count // Mark recursive (and mutually recursive) functions and always count
// them when measuring the stack depth. // them when measuring the stack depth.
if (DI == D) { if (DI == D) {
IsRecursive = true; IsRecursive = true;
++StackDepth; ++StackDepth;
LCtx = LCtx->getParent(); LCtx = LCtx->getParent();
continue; continue;
} }
// Do not count the small functions when determining the stack depth. // Do not count the small functions when determining the stack depth.
AnalysisDeclContext *CalleeADC = AMgr.getAnalysisDeclContext(DI); AnalysisDeclContext *CalleeADC = AMgr.getAnalysisDeclContext(DI);
const CFG *CalleeCFG = CalleeADC->getCFG(); if (!isSmall(CalleeADC))
if (CalleeCFG->getNumBlockIDs() > AMgr.options.AlwaysInlineSize)
++StackDepth; ++StackDepth;
} }
LCtx = LCtx->getParent(); LCtx = LCtx->getParent();
} }
} }
// The GDM component containing the dynamic dispatch bifurcation info. When // The GDM component containing the dynamic dispatch bifurcation info. When
// the exact type of the receiver is not known, we want to explore both paths - // the exact type of the receiver is not known, we want to explore both paths -
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Linesstatic bool isCXXSharedPtrDtor(const FunctionDecl *FD) {
return false; return false;
} }
/// Returns true if the function in \p CalleeADC may be inlined in general. /// Returns true if the function in \p CalleeADC may be inlined in general.
/// ///
/// This checks static properties of the function, such as its signature and /// This checks static properties of the function, such as its signature and
/// CFG, to determine whether the analyzer should ever consider inlining it, /// CFG, to determine whether the analyzer should ever consider inlining it,
/// in any context. /// in any context.
static bool mayInlineDecl(AnalysisManager &AMgr, bool ExprEngine::mayInlineDecl(AnalysisDeclContext *CalleeADC) const {
AnalysisDeclContext *CalleeADC) {
AnalyzerOptions &Opts = AMgr.getAnalyzerOptions(); AnalyzerOptions &Opts = AMgr.getAnalyzerOptions();
// FIXME: Do not inline variadic calls. // FIXME: Do not inline variadic calls.
if (CallEvent::isVariadic(CalleeADC->getDecl())) if (CallEvent::isVariadic(CalleeADC->getDecl()))
return false; return false;
// Check certain C++-related inlining policies. // Check certain C++-related inlining policies.
ASTContext &Ctx = CalleeADC->getASTContext(); ASTContext &Ctx = CalleeADC->getASTContext();
if (Ctx.getLangOpts().CPlusPlus) { if (Ctx.getLangOpts().CPlusPlus) {
Show All 28 Linesbool ExprEngine::mayInlineDecl(AnalysisDeclContext *CalleeADC) const {
// It is possible that the CFG cannot be constructed. // It is possible that the CFG cannot be constructed.
// Be safe, and check if the CalleeCFG is valid. // Be safe, and check if the CalleeCFG is valid.
const CFG *CalleeCFG = CalleeADC->getCFG(); const CFG *CalleeCFG = CalleeADC->getCFG();
if (!CalleeCFG) if (!CalleeCFG)
return false; return false;
// Do not inline large functions. // Do not inline large functions.
if (CalleeCFG->getNumBlockIDs() > Opts.MaxInlinableSize) if (isHuge(CalleeADC))
return false; return false;
// It is possible that the live variables analysis cannot be // It is possible that the live variables analysis cannot be
// run. If so, bail out. // run. If so, bail out.
if (!CalleeADC->getAnalysis<RelaxedLiveVariables>()) if (!CalleeADC->getAnalysis<RelaxedLiveVariables>())
return false; return false;
return true; return true;
Show All 23 Linesbool ExprEngine::shouldInlineCall(const CallEvent &Call, const Decl *D,
Optional<bool> MayInline = Engine.FunctionSummaries->mayInline(D); Optional<bool> MayInline = Engine.FunctionSummaries->mayInline(D);
if (MayInline.hasValue()) { if (MayInline.hasValue()) {
if (!MayInline.getValue()) if (!MayInline.getValue())
return false; return false;
} else { } else {
// We haven't actually checked the static properties of this function yet. // We haven't actually checked the static properties of this function yet.
// Do that now, and record our decision in the function summaries. // Do that now, and record our decision in the function summaries.
if (mayInlineDecl(getAnalysisManager(), CalleeADC)) { if (mayInlineDecl(CalleeADC)) {
Engine.FunctionSummaries->markMayInline(D); Engine.FunctionSummaries->markMayInline(D);
} else { } else {
Engine.FunctionSummaries->markShouldNotInline(D); Engine.FunctionSummaries->markShouldNotInline(D);
return false; return false;
} }
} }
// Check if we should inline a call based on its kind. // Check if we should inline a call based on its kind.
// FIXME: this checks both static and dynamic properties of the call, which // FIXME: this checks both static and dynamic properties of the call, which
// means we're redoing a bit of work that could be cached in the function // means we're redoing a bit of work that could be cached in the function
// summary. // summary.
CallInlinePolicy CIP = mayInlineCallKind(Call, Pred, Opts, CallOpts); CallInlinePolicy CIP = mayInlineCallKind(Call, Pred, Opts, CallOpts);
if (CIP != CIP_Allowed) { if (CIP != CIP_Allowed) {
if (CIP == CIP_DisallowedAlways) { if (CIP == CIP_DisallowedAlways) {
assert(!MayInline.hasValue() || MayInline.getValue()); assert(!MayInline.hasValue() || MayInline.getValue());
Engine.FunctionSummaries->markShouldNotInline(D); Engine.FunctionSummaries->markShouldNotInline(D);
} }
return false; return false;
} }
const CFG *CalleeCFG = CalleeADC->getCFG();
// Do not inline if recursive or we've reached max stack frame count. // Do not inline if recursive or we've reached max stack frame count.
bool IsRecursive = false; bool IsRecursive = false;
unsigned StackDepth = 0; unsigned StackDepth = 0;
examineStackFrames(D, Pred->getLocationContext(), IsRecursive, StackDepth); examineStackFrames(D, Pred->getLocationContext(), IsRecursive, StackDepth);
if ((StackDepth >= Opts.InlineMaxStackDepth) && if ((StackDepth >= Opts.InlineMaxStackDepth) &&
((CalleeCFG->getNumBlockIDs() > Opts.AlwaysInlineSize) (!isSmall(CalleeADC) || IsRecursive))
|| IsRecursive))
return false; return false;
// Do not inline large functions too many times. // Do not inline large functions too many times.
if ((Engine.FunctionSummaries->getNumTimesInlined(D) > if ((Engine.FunctionSummaries->getNumTimesInlined(D) >
Opts.MaxTimesInlineLarge) && Opts.MaxTimesInlineLarge) &&
CalleeCFG->getNumBlockIDs() >= isLarge(CalleeADC)) {
Opts.MinCFGSizeTreatFunctionsAsLarge) {
NumReachedInlineCountMax++; NumReachedInlineCountMax++;
return false; return false;
} }
if (HowToInline == Inline_Minimal && if (HowToInline == Inline_Minimal && (!isSmall(CalleeADC) || IsRecursive))
(CalleeCFG->getNumBlockIDs() > Opts.AlwaysInlineSize
|| IsRecursive))
return false; return false;
return true; return true;
} }
static bool isTrivialObjectAssignment(const CallEvent &Call) { static bool isTrivialObjectAssignment(const CallEvent &Call) {
const CXXInstanceCall *ICall = dyn_cast<CXXInstanceCall>(&Call); const CXXInstanceCall *ICall = dyn_cast<CXXInstanceCall>(&Call);
if (!ICall) if (!ICall)
▲ Show 20 LinesShow All 115 LinesShow Last 20 Lines

test/Analysis/inline-if-constexpr.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection \
// RUN: -analyzer-inline-max-stack-depth=5 -w -std=c++17 -verify %s
void clang_analyzer_eval(bool);
namespace inline_large_functions_with_if_constexpr {
bool f0() { if constexpr (true); return true; }
bool f1() { if constexpr (true); return f0(); }
bool f2() { if constexpr (true); return f1(); }
bool f3() { if constexpr (true); return f2(); }
bool f4() { if constexpr (true); return f3(); }
bool f5() { if constexpr (true); return f4(); }
bool f6() { if constexpr (true); return f5(); }
bool f7() { if constexpr (true); return f6(); }
void bar() {
clang_analyzer_eval(f7()); // expected-warning{{TRUE}}
}
} // namespace inline_large_functions_with_if_constexpr

unittests/Analysis/CFGTest.cpp

Show All 11 Lines
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include <string> #include <string>
#include <vector> #include <vector>
namespace clang { namespace clang {
namespace analysis { namespace analysis {
namespace { namespace {
enum BuildResult { class BuildResult {
public:
enum Status {
ToolFailed, ToolFailed,
ToolRan, ToolRan,
SawFunctionBody, SawFunctionBody,
BuiltCFG, BuiltCFG,
}; };
BuildResult(Status S, std::unique_ptr<CFG> Cfg = nullptr)
: S(S), Cfg(std::move(Cfg)) {}
Status getStatus() const { return S; }
CFG *getCFG() const { return Cfg.get(); }
private:
Status S;
std::unique_ptr<CFG> Cfg;
};
class CFGCallback : public ast_matchers::MatchFinder::MatchCallback { class CFGCallback : public ast_matchers::MatchFinder::MatchCallback {
public: public:
BuildResult TheBuildResult = ToolRan; BuildResult TheBuildResult = BuildResult::ToolRan;
void run(const ast_matchers::MatchFinder::MatchResult &Result) override { void run(const ast_matchers::MatchFinder::MatchResult &Result) override {
const auto *Func = Result.Nodes.getNodeAs<FunctionDecl>("func"); const auto *Func = Result.Nodes.getNodeAs<FunctionDecl>("func");
Stmt *Body = Func->getBody(); Stmt *Body = Func->getBody();
if (!Body) if (!Body)
return; return;
TheBuildResult = SawFunctionBody; TheBuildResult = BuildResult::SawFunctionBody;
CFG::BuildOptions Options; CFG::BuildOptions Options;
Options.AddImplicitDtors = true; Options.AddImplicitDtors = true;
if (CFG::buildCFG(nullptr, Body, Result.Context, Options)) if (std::unique_ptr<CFG> Cfg =
TheBuildResult = BuiltCFG; CFG::buildCFG(nullptr, Body, Result.Context, Options))
TheBuildResult = {BuildResult::BuiltCFG, std::move(Cfg)};
} }
}; };
BuildResult BuildCFG(const char *Code) { BuildResult BuildCFG(const char *Code) {
CFGCallback Callback; CFGCallback Callback;
ast_matchers::MatchFinder Finder; ast_matchers::MatchFinder Finder;
Finder.addMatcher(ast_matchers::functionDecl().bind("func"), &Callback); Finder.addMatcher(ast_matchers::functionDecl().bind("func"), &Callback);
std::unique_ptr<tooling::FrontendActionFactory> Factory( std::unique_ptr<tooling::FrontendActionFactory> Factory(
tooling::newFrontendActionFactory(&Finder)); tooling::newFrontendActionFactory(&Finder));
std::vector<std::string> Args = {"-std=c++11", "-fno-delayed-template-parsing"}; std::vector<std::string> Args = {"-std=c++11", "-fno-delayed-template-parsing"};
if (!tooling::runToolOnCodeWithArgs(Factory->create(), Code, Args)) if (!tooling::runToolOnCodeWithArgs(Factory->create(), Code, Args))
return ToolFailed; return BuildResult::ToolFailed;
return Callback.TheBuildResult; return std::move(Callback.TheBuildResult);
} }
// Constructing a CFG for a range-based for over a dependent type fails (but // Constructing a CFG for a range-based for over a dependent type fails (but
// should not crash). // should not crash).
TEST(CFG, RangeBasedForOverDependentType) { TEST(CFG, RangeBasedForOverDependentType) {
const char *Code = "class Foo;\n" const char *Code = "class Foo;\n"
"template <typename T>\n" "template <typename T>\n"
"void f(const T &Range) {\n" "void f(const T &Range) {\n"
" for (const Foo *TheFoo : Range) {\n" " for (const Foo *TheFoo : Range) {\n"
" }\n" " }\n"
"}\n"; "}\n";
EXPECT_EQ(SawFunctionBody, BuildCFG(Code)); EXPECT_EQ(BuildResult::SawFunctionBody, BuildCFG(Code).getStatus());
} }
// Constructing a CFG containing a delete expression on a dependent type should // Constructing a CFG containing a delete expression on a dependent type should
// not crash. // not crash.
TEST(CFG, DeleteExpressionOnDependentType) { TEST(CFG, DeleteExpressionOnDependentType) {
const char *Code = "template<class T>\n" const char *Code = "template<class T>\n"
"void f(T t) {\n" "void f(T t) {\n"
" delete t;\n" " delete t;\n"
"}\n"; "}\n";
EXPECT_EQ(BuiltCFG, BuildCFG(Code)); EXPECT_EQ(BuildResult::BuiltCFG, BuildCFG(Code).getStatus());
} }
// Constructing a CFG on a function template with a variable of incomplete type // Constructing a CFG on a function template with a variable of incomplete type
// should not crash. // should not crash.
TEST(CFG, VariableOfIncompleteType) { TEST(CFG, VariableOfIncompleteType) {
const char *Code = "template<class T> void f() {\n" const char *Code = "template<class T> void f() {\n"
" class Undefined;\n" " class Undefined;\n"
" Undefined u;\n" " Undefined u;\n"
"}\n"; "}\n";
EXPECT_EQ(BuiltCFG, BuildCFG(Code)); EXPECT_EQ(BuildResult::BuiltCFG, BuildCFG(Code).getStatus());
}
TEST(CFG, IsLinear) {
auto expectLinear = [](bool IsLinear, const char *Code) {
BuildResult B = BuildCFG(Code);
EXPECT_EQ(BuildResult::BuiltCFG, B.getStatus());
EXPECT_EQ(IsLinear, B.getCFG()->isLinear());
};
expectLinear(true, "void foo() {}");
expectLinear(true, "void foo() { if (true) return; }");
expectLinear(true, "void foo() { if constexpr (false); }");
expectLinear(false, "void foo(bool coin) { if (coin) return; }");
expectLinear(false, "void foo() { for(;;); }");
expectLinear(false, "void foo() { do {} while (true); }");
expectLinear(true, "void foo() { do {} while (false); }");
expectLinear(true, "void foo() { foo(); }"); // Recursion is not our problem.
} }
} // namespace } // namespace
} // namespace analysis } // namespace analysis
} // namespace clang } // namespace clang