| //===- CFG.cpp - Classes for representing and building CFGs ---------------===// |
| // |
| // The LLVM Compiler Infrastructure |
| // |
| // This file is distributed under the University of Illinois Open Source |
| // License. See LICENSE.TXT for details. |
| // |
| //===----------------------------------------------------------------------===// |
| // |
| // This file defines the CFG and CFGBuilder classes for representing and |
| // building Control-Flow Graphs (CFGs) from ASTs. |
| // |
| //===----------------------------------------------------------------------===// |
| |
| #include "clang/Analysis/CFG.h" |
| #include "clang/AST/ASTContext.h" |
| #include "clang/AST/Attr.h" |
| #include "clang/AST/Decl.h" |
| #include "clang/AST/DeclBase.h" |
| #include "clang/AST/DeclCXX.h" |
| #include "clang/AST/DeclGroup.h" |
| #include "clang/AST/Expr.h" |
| #include "clang/AST/ExprCXX.h" |
| #include "clang/AST/OperationKinds.h" |
| #include "clang/AST/PrettyPrinter.h" |
| #include "clang/AST/Stmt.h" |
| #include "clang/AST/StmtCXX.h" |
| #include "clang/AST/StmtObjC.h" |
| #include "clang/AST/StmtVisitor.h" |
| #include "clang/AST/Type.h" |
| #include "clang/Analysis/Support/BumpVector.h" |
| #include "clang/Basic/Builtins.h" |
| #include "clang/Basic/ExceptionSpecificationType.h" |
| #include "clang/Basic/LLVM.h" |
| #include "clang/Basic/LangOptions.h" |
| #include "clang/Basic/SourceLocation.h" |
| #include "clang/Basic/Specifiers.h" |
| #include "llvm/ADT/APInt.h" |
| #include "llvm/ADT/APSInt.h" |
| #include "llvm/ADT/ArrayRef.h" |
| #include "llvm/ADT/DenseMap.h" |
| #include "llvm/ADT/Optional.h" |
| #include "llvm/ADT/STLExtras.h" |
| #include "llvm/ADT/SetVector.h" |
| #include "llvm/ADT/SmallPtrSet.h" |
| #include "llvm/ADT/SmallVector.h" |
| #include "llvm/Support/Allocator.h" |
| #include "llvm/Support/Casting.h" |
| #include "llvm/Support/Compiler.h" |
| #include "llvm/Support/DOTGraphTraits.h" |
| #include "llvm/Support/ErrorHandling.h" |
| #include "llvm/Support/Format.h" |
| #include "llvm/Support/GraphWriter.h" |
| #include "llvm/Support/SaveAndRestore.h" |
| #include "llvm/Support/raw_ostream.h" |
| #include <cassert> |
| #include <memory> |
| #include <string> |
| #include <tuple> |
| #include <utility> |
| #include <vector> |
| |
| using namespace clang; |
| |
| static SourceLocation GetEndLoc(Decl *D) { |
| if (VarDecl *VD = dyn_cast<VarDecl>(D)) |
| if (Expr *Ex = VD->getInit()) |
| return Ex->getSourceRange().getEnd(); |
| return D->getLocation(); |
| } |
| |
| /// Helper for tryNormalizeBinaryOperator. Attempts to extract an IntegerLiteral |
| /// or EnumConstantDecl from the given Expr. If it fails, returns nullptr. |
| static const Expr *tryTransformToIntOrEnumConstant(const Expr *E) { |
| E = E->IgnoreParens(); |
| if (isa<IntegerLiteral>(E)) |
| return E; |
| if (auto *DR = dyn_cast<DeclRefExpr>(E->IgnoreParenImpCasts())) |
| return isa<EnumConstantDecl>(DR->getDecl()) ? DR : nullptr; |
| return nullptr; |
| } |
| |
| /// Tries to interpret a binary operator into `Decl Op Expr` form, if Expr is |
| /// an integer literal or an enum constant. |
| /// |
| /// If this fails, at least one of the returned DeclRefExpr or Expr will be |
| /// null. |
| static std::tuple<const DeclRefExpr *, BinaryOperatorKind, const Expr *> |
| tryNormalizeBinaryOperator(const BinaryOperator *B) { |
| BinaryOperatorKind Op = B->getOpcode(); |
| |
| const Expr *MaybeDecl = B->getLHS(); |
| const Expr *Constant = tryTransformToIntOrEnumConstant(B->getRHS()); |
| // Expr looked like `0 == Foo` instead of `Foo == 0` |
| if (Constant == nullptr) { |
| // Flip the operator |
| if (Op == BO_GT) |
| Op = BO_LT; |
| else if (Op == BO_GE) |
| Op = BO_LE; |
| else if (Op == BO_LT) |
| Op = BO_GT; |
| else if (Op == BO_LE) |
| Op = BO_GE; |
| |
| MaybeDecl = B->getRHS(); |
| Constant = tryTransformToIntOrEnumConstant(B->getLHS()); |
| } |
| |
| auto *D = dyn_cast<DeclRefExpr>(MaybeDecl->IgnoreParenImpCasts()); |
| return std::make_tuple(D, Op, Constant); |
| } |
| |
| /// For an expression `x == Foo && x == Bar`, this determines whether the |
| /// `Foo` and `Bar` are either of the same enumeration type, or both integer |
| /// literals. |
| /// |
| /// It's an error to pass this arguments that are not either IntegerLiterals |
| /// or DeclRefExprs (that have decls of type EnumConstantDecl) |
| static bool areExprTypesCompatible(const Expr *E1, const Expr *E2) { |
| // User intent isn't clear if they're mixing int literals with enum |
| // constants. |
| if (isa<IntegerLiteral>(E1) != isa<IntegerLiteral>(E2)) |
| return false; |
| |
| // Integer literal comparisons, regardless of literal type, are acceptable. |
| if (isa<IntegerLiteral>(E1)) |
| return true; |
| |
| // IntegerLiterals are handled above and only EnumConstantDecls are expected |
| // beyond this point |
| assert(isa<DeclRefExpr>(E1) && isa<DeclRefExpr>(E2)); |
| auto *Decl1 = cast<DeclRefExpr>(E1)->getDecl(); |
| auto *Decl2 = cast<DeclRefExpr>(E2)->getDecl(); |
| |
| assert(isa<EnumConstantDecl>(Decl1) && isa<EnumConstantDecl>(Decl2)); |
| const DeclContext *DC1 = Decl1->getDeclContext(); |
| const DeclContext *DC2 = Decl2->getDeclContext(); |
| |
| assert(isa<EnumDecl>(DC1) && isa<EnumDecl>(DC2)); |
| return DC1 == DC2; |
| } |
| |
| namespace { |
| |
| class CFGBuilder; |
| |
| /// The CFG builder uses a recursive algorithm to build the CFG. When |
| /// we process an expression, sometimes we know that we must add the |
| /// subexpressions as block-level expressions. For example: |
| /// |
| /// exp1 || exp2 |
| /// |
| /// When processing the '||' expression, we know that exp1 and exp2 |
| /// need to be added as block-level expressions, even though they |
| /// might not normally need to be. AddStmtChoice records this |
| /// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then |
| /// the builder has an option not to add a subexpression as a |
| /// block-level expression. |
| class AddStmtChoice { |
| public: |
| enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 }; |
| |
| AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {} |
| |
| bool alwaysAdd(CFGBuilder &builder, |
| const Stmt *stmt) const; |
| |
| /// Return a copy of this object, except with the 'always-add' bit |
| /// set as specified. |
| AddStmtChoice withAlwaysAdd(bool alwaysAdd) const { |
| return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd); |
| } |
| |
| private: |
| Kind kind; |
| }; |
| |
| /// LocalScope - Node in tree of local scopes created for C++ implicit |
| /// destructor calls generation. It contains list of automatic variables |
| /// declared in the scope and link to position in previous scope this scope |
| /// began in. |
| /// |
| /// The process of creating local scopes is as follows: |
| /// - Init CFGBuilder::ScopePos with invalid position (equivalent for null), |
| /// - Before processing statements in scope (e.g. CompoundStmt) create |
| /// LocalScope object using CFGBuilder::ScopePos as link to previous scope |
| /// and set CFGBuilder::ScopePos to the end of new scope, |
| /// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points |
| /// at this VarDecl, |
| /// - For every normal (without jump) end of scope add to CFGBlock destructors |
| /// for objects in the current scope, |
| /// - For every jump add to CFGBlock destructors for objects |
| /// between CFGBuilder::ScopePos and local scope position saved for jump |
| /// target. Thanks to C++ restrictions on goto jumps we can be sure that |
| /// jump target position will be on the path to root from CFGBuilder::ScopePos |
| /// (adding any variable that doesn't need constructor to be called to |
| /// LocalScope can break this assumption), |
| /// |
| class LocalScope { |
| public: |
| friend class const_iterator; |
| |
| using AutomaticVarsTy = BumpVector<VarDecl *>; |
| |
| /// const_iterator - Iterates local scope backwards and jumps to previous |
| /// scope on reaching the beginning of currently iterated scope. |
| class const_iterator { |
| const LocalScope* Scope = nullptr; |
| |
| /// VarIter is guaranteed to be greater then 0 for every valid iterator. |
| /// Invalid iterator (with null Scope) has VarIter equal to 0. |
| unsigned VarIter = 0; |
| |
| public: |
| /// Create invalid iterator. Dereferencing invalid iterator is not allowed. |
| /// Incrementing invalid iterator is allowed and will result in invalid |
| /// iterator. |
| const_iterator() = default; |
| |
| /// Create valid iterator. In case when S.Prev is an invalid iterator and |
| /// I is equal to 0, this will create invalid iterator. |
| const_iterator(const LocalScope& S, unsigned I) |
| : Scope(&S), VarIter(I) { |
| // Iterator to "end" of scope is not allowed. Handle it by going up |
| // in scopes tree possibly up to invalid iterator in the root. |
| if (VarIter == 0 && Scope) |
| *this = Scope->Prev; |
| } |
| |
| VarDecl *const* operator->() const { |
| assert(Scope && "Dereferencing invalid iterator is not allowed"); |
| assert(VarIter != 0 && "Iterator has invalid value of VarIter member"); |
| return &Scope->Vars[VarIter - 1]; |
| } |
| VarDecl *operator*() const { |
| return *this->operator->(); |
| } |
| |
| const_iterator &operator++() { |
| if (!Scope) |
| return *this; |
| |
| assert(VarIter != 0 && "Iterator has invalid value of VarIter member"); |
| --VarIter; |
| if (VarIter == 0) |
| *this = Scope->Prev; |
| return *this; |
| } |
| const_iterator operator++(int) { |
| const_iterator P = *this; |
| ++*this; |
| return P; |
| } |
| |
| bool operator==(const const_iterator &rhs) const { |
| return Scope == rhs.Scope && VarIter == rhs.VarIter; |
| } |
| bool operator!=(const const_iterator &rhs) const { |
| return !(*this == rhs); |
| } |
| |
| explicit operator bool() const { |
| return *this != const_iterator(); |
| } |
| |
| int distance(const_iterator L); |
| const_iterator shared_parent(const_iterator L); |
| }; |
| |
| private: |
| BumpVectorContext ctx; |
| |
| /// Automatic variables in order of declaration. |
| AutomaticVarsTy Vars; |
| |
| /// Iterator to variable in previous scope that was declared just before |
| /// begin of this scope. |
| const_iterator Prev; |
| |
| public: |
| /// Constructs empty scope linked to previous scope in specified place. |
| LocalScope(BumpVectorContext ctx, const_iterator P) |
| : ctx(std::move(ctx)), Vars(this->ctx, 4), Prev(P) {} |
| |
| /// Begin of scope in direction of CFG building (backwards). |
| const_iterator begin() const { return const_iterator(*this, Vars.size()); } |
| |
| void addVar(VarDecl *VD) { |
| Vars.push_back(VD, ctx); |
| } |
| }; |
| |
| } // namespace |
| |
| /// distance - Calculates distance from this to L. L must be reachable from this |
| /// (with use of ++ operator). Cost of calculating the distance is linear w.r.t. |
| /// number of scopes between this and L. |
| int LocalScope::const_iterator::distance(LocalScope::const_iterator L) { |
| int D = 0; |
| const_iterator F = *this; |
| while (F.Scope != L.Scope) { |
| assert(F != const_iterator() && |
| "L iterator is not reachable from F iterator."); |
| D += F.VarIter; |
| F = F.Scope->Prev; |
| } |
| D += F.VarIter - L.VarIter; |
| return D; |
| } |
| |
| /// Calculates the closest parent of this iterator |
| /// that is in a scope reachable through the parents of L. |
| /// I.e. when using 'goto' from this to L, the lifetime of all variables |
| /// between this and shared_parent(L) end. |
| LocalScope::const_iterator |
| LocalScope::const_iterator::shared_parent(LocalScope::const_iterator L) { |
| llvm::SmallPtrSet<const LocalScope *, 4> ScopesOfL; |
| while (true) { |
| ScopesOfL.insert(L.Scope); |
| if (L == const_iterator()) |
| break; |
| L = L.Scope->Prev; |
| } |
| |
| const_iterator F = *this; |
| while (true) { |
| if (ScopesOfL.count(F.Scope)) |
| return F; |
| assert(F != const_iterator() && |
| "L iterator is not reachable from F iterator."); |
| F = F.Scope->Prev; |
| } |
| } |
| |
| namespace { |
| |
| /// Structure for specifying position in CFG during its build process. It |
| /// consists of CFGBlock that specifies position in CFG and |
| /// LocalScope::const_iterator that specifies position in LocalScope graph. |
| struct BlockScopePosPair { |
| CFGBlock *block = nullptr; |
| LocalScope::const_iterator scopePosition; |
| |
| BlockScopePosPair() = default; |
| BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos) |
| : block(b), scopePosition(scopePos) {} |
| }; |
| |
| /// TryResult - a class representing a variant over the values |
| /// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool, |
| /// and is used by the CFGBuilder to decide if a branch condition |
| /// can be decided up front during CFG construction. |
| class TryResult { |
| int X = -1; |
| |
| public: |
| TryResult() = default; |
| TryResult(bool b) : X(b ? 1 : 0) {} |
| |
| bool isTrue() const { return X == 1; } |
| bool isFalse() const { return X == 0; } |
| bool isKnown() const { return X >= 0; } |
| |
| void negate() { |
| assert(isKnown()); |
| X ^= 0x1; |
| } |
| }; |
| |
| } // namespace |
| |
| static TryResult bothKnownTrue(TryResult R1, TryResult R2) { |
| if (!R1.isKnown() || !R2.isKnown()) |
| return TryResult(); |
| return TryResult(R1.isTrue() && R2.isTrue()); |
| } |
| |
| namespace { |
| |
| class reverse_children { |
| llvm::SmallVector<Stmt *, 12> childrenBuf; |
| ArrayRef<Stmt *> children; |
| |
| public: |
| reverse_children(Stmt *S); |
| |
| using iterator = ArrayRef<Stmt *>::reverse_iterator; |
| |
| iterator begin() const { return children.rbegin(); } |
| iterator end() const { return children.rend(); } |
| }; |
| |
| } // namespace |
| |
| reverse_children::reverse_children(Stmt *S) { |
| if (CallExpr *CE = dyn_cast<CallExpr>(S)) { |
| children = CE->getRawSubExprs(); |
| return; |
| } |
| switch (S->getStmtClass()) { |
| // Note: Fill in this switch with more cases we want to optimize. |
| case Stmt::InitListExprClass: { |
| InitListExpr *IE = cast<InitListExpr>(S); |
| children = llvm::makeArrayRef(reinterpret_cast<Stmt**>(IE->getInits()), |
| IE->getNumInits()); |
| return; |
| } |
| default: |
| break; |
| } |
| |
| // Default case for all other statements. |
| for (Stmt *SubStmt : S->children()) |
| childrenBuf.push_back(SubStmt); |
| |
| // This needs to be done *after* childrenBuf has been populated. |
| children = childrenBuf; |
| } |
| |
| namespace { |
| |
| /// CFGBuilder - This class implements CFG construction from an AST. |
| /// The builder is stateful: an instance of the builder should be used to only |
| /// construct a single CFG. |
| /// |
| /// Example usage: |
| /// |
| /// CFGBuilder builder; |
| /// std::unique_ptr<CFG> cfg = builder.buildCFG(decl, stmt1); |
| /// |
| /// CFG construction is done via a recursive walk of an AST. We actually parse |
| /// the AST in reverse order so that the successor of a basic block is |
| /// constructed prior to its predecessor. This allows us to nicely capture |
| /// implicit fall-throughs without extra basic blocks. |
| class CFGBuilder { |
| using JumpTarget = BlockScopePosPair; |
| using JumpSource = BlockScopePosPair; |
| |
| ASTContext *Context; |
| std::unique_ptr<CFG> cfg; |
| |
| // Current block. |
| CFGBlock *Block = nullptr; |
| |
| // Block after the current block. |
| CFGBlock *Succ = nullptr; |
| |
| JumpTarget ContinueJumpTarget; |
| JumpTarget BreakJumpTarget; |
| JumpTarget SEHLeaveJumpTarget; |
| CFGBlock *SwitchTerminatedBlock = nullptr; |
| CFGBlock *DefaultCaseBlock = nullptr; |
| |
| // This can point either to a try or a __try block. The frontend forbids |
| // mixing both kinds in one function, so having one for both is enough. |
| CFGBlock *TryTerminatedBlock = nullptr; |
| |
| // Current position in local scope. |
| LocalScope::const_iterator ScopePos; |
| |
| // LabelMap records the mapping from Label expressions to their jump targets. |
| using LabelMapTy = llvm::DenseMap<LabelDecl *, JumpTarget>; |
| LabelMapTy LabelMap; |
| |
| // A list of blocks that end with a "goto" that must be backpatched to their |
| // resolved targets upon completion of CFG construction. |
| using BackpatchBlocksTy = std::vector<JumpSource>; |
| BackpatchBlocksTy BackpatchBlocks; |
| |
| // A list of labels whose address has been taken (for indirect gotos). |
| using LabelSetTy = llvm::SmallSetVector<LabelDecl *, 8>; |
| LabelSetTy AddressTakenLabels; |
| |
| bool badCFG = false; |
| const CFG::BuildOptions &BuildOpts; |
| |
| // State to track for building switch statements. |
| bool switchExclusivelyCovered = false; |
| Expr::EvalResult *switchCond = nullptr; |
| |
| CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry = nullptr; |
| const Stmt *lastLookup = nullptr; |
| |
| // Caches boolean evaluations of expressions to avoid multiple re-evaluations |
| // during construction of branches for chained logical operators. |
| using CachedBoolEvalsTy = llvm::DenseMap<Expr *, TryResult>; |
| CachedBoolEvalsTy CachedBoolEvals; |
| |
| public: |
| explicit CFGBuilder(ASTContext *astContext, |
| const CFG::BuildOptions &buildOpts) |
| : Context(astContext), cfg(new CFG()), // crew a new CFG |
| BuildOpts(buildOpts) {} |
| |
| // buildCFG - Used by external clients to construct the CFG. |
| std::unique_ptr<CFG> buildCFG(const Decl *D, Stmt *Statement); |
| |
| bool alwaysAdd(const Stmt *stmt); |
| |
| private: |
| // Visitors to walk an AST and construct the CFG. |
| CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc); |
| CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc); |
| CFGBlock *VisitBreakStmt(BreakStmt *B); |
| CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc); |
| CFGBlock *VisitCaseStmt(CaseStmt *C); |
| CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc); |
| CFGBlock *VisitCompoundStmt(CompoundStmt *C); |
| CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C, |
| AddStmtChoice asc); |
| CFGBlock *VisitContinueStmt(ContinueStmt *C); |
| CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, |
| AddStmtChoice asc); |
| CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S); |
| CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc); |
| CFGBlock *VisitCXXNewExpr(CXXNewExpr *DE, AddStmtChoice asc); |
| CFGBlock *VisitCXXDeleteExpr(CXXDeleteExpr *DE, AddStmtChoice asc); |
| CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S); |
| CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, |
| AddStmtChoice asc); |
| CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, |
| AddStmtChoice asc); |
| CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T); |
| CFGBlock *VisitCXXTryStmt(CXXTryStmt *S); |
| CFGBlock *VisitDeclStmt(DeclStmt *DS); |
| CFGBlock *VisitDeclSubExpr(DeclStmt *DS); |
| CFGBlock *VisitDefaultStmt(DefaultStmt *D); |
| CFGBlock *VisitDoStmt(DoStmt *D); |
| CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E, AddStmtChoice asc); |
| CFGBlock *VisitForStmt(ForStmt *F); |
| CFGBlock *VisitGotoStmt(GotoStmt *G); |
| CFGBlock *VisitIfStmt(IfStmt *I); |
| CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc); |
| CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I); |
| CFGBlock *VisitLabelStmt(LabelStmt *L); |
| CFGBlock *VisitBlockExpr(BlockExpr *E, AddStmtChoice asc); |
| CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc); |
| CFGBlock *VisitLogicalOperator(BinaryOperator *B); |
| std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B, |
| Stmt *Term, |
| CFGBlock *TrueBlock, |
| CFGBlock *FalseBlock); |
| CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc); |
| CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S); |
| CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S); |
| CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S); |
| CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S); |
| CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S); |
| CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S); |
| CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E); |
| CFGBlock *VisitReturnStmt(ReturnStmt *R); |
| CFGBlock *VisitSEHExceptStmt(SEHExceptStmt *S); |
| CFGBlock *VisitSEHFinallyStmt(SEHFinallyStmt *S); |
| CFGBlock *VisitSEHLeaveStmt(SEHLeaveStmt *S); |
| CFGBlock *VisitSEHTryStmt(SEHTryStmt *S); |
| CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc); |
| CFGBlock *VisitSwitchStmt(SwitchStmt *S); |
| CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, |
| AddStmtChoice asc); |
| CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc); |
| CFGBlock *VisitWhileStmt(WhileStmt *W); |
| |
| CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd); |
| CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc); |
| CFGBlock *VisitChildren(Stmt *S); |
| CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc); |
| |
| /// When creating the CFG for temporary destructors, we want to mirror the |
| /// branch structure of the corresponding constructor calls. |
| /// Thus, while visiting a statement for temporary destructors, we keep a |
| /// context to keep track of the following information: |
| /// - whether a subexpression is executed unconditionally |
| /// - if a subexpression is executed conditionally, the first |
| /// CXXBindTemporaryExpr we encounter in that subexpression (which |
| /// corresponds to the last temporary destructor we have to call for this |
| /// subexpression) and the CFG block at that point (which will become the |
| /// successor block when inserting the decision point). |
| /// |
| /// That way, we can build the branch structure for temporary destructors as |
| /// follows: |
| /// 1. If a subexpression is executed unconditionally, we add the temporary |
| /// destructor calls to the current block. |
| /// 2. If a subexpression is executed conditionally, when we encounter a |
| /// CXXBindTemporaryExpr: |
| /// a) If it is the first temporary destructor call in the subexpression, |
| /// we remember the CXXBindTemporaryExpr and the current block in the |
| /// TempDtorContext; we start a new block, and insert the temporary |
| /// destructor call. |
| /// b) Otherwise, add the temporary destructor call to the current block. |
| /// 3. When we finished visiting a conditionally executed subexpression, |
| /// and we found at least one temporary constructor during the visitation |
| /// (2.a has executed), we insert a decision block that uses the |
| /// CXXBindTemporaryExpr as terminator, and branches to the current block |
| /// if the CXXBindTemporaryExpr was marked executed, and otherwise |
| /// branches to the stored successor. |
| struct TempDtorContext { |
| TempDtorContext() = default; |
| TempDtorContext(TryResult KnownExecuted) |
| : IsConditional(true), KnownExecuted(KnownExecuted) {} |
| |
| /// Returns whether we need to start a new branch for a temporary destructor |
| /// call. This is the case when the temporary destructor is |
| /// conditionally executed, and it is the first one we encounter while |
| /// visiting a subexpression - other temporary destructors at the same level |
| /// will be added to the same block and are executed under the same |
| /// condition. |
| bool needsTempDtorBranch() const { |
| return IsConditional && !TerminatorExpr; |
| } |
| |
| /// Remember the successor S of a temporary destructor decision branch for |
| /// the corresponding CXXBindTemporaryExpr E. |
| void setDecisionPoint(CFGBlock *S, CXXBindTemporaryExpr *E) { |
| Succ = S; |
| TerminatorExpr = E; |
| } |
| |
| const bool IsConditional = false; |
| const TryResult KnownExecuted = true; |
| CFGBlock *Succ = nullptr; |
| CXXBindTemporaryExpr *TerminatorExpr = nullptr; |
| }; |
| |
| // Visitors to walk an AST and generate destructors of temporaries in |
| // full expression. |
| CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary, |
| TempDtorContext &Context); |
| CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E, TempDtorContext &Context); |
| CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E, |
| TempDtorContext &Context); |
| CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors( |
| CXXBindTemporaryExpr *E, bool BindToTemporary, TempDtorContext &Context); |
| CFGBlock *VisitConditionalOperatorForTemporaryDtors( |
| AbstractConditionalOperator *E, bool BindToTemporary, |
| TempDtorContext &Context); |
| void InsertTempDtorDecisionBlock(const TempDtorContext &Context, |
| CFGBlock *FalseSucc = nullptr); |
| |
| // NYS == Not Yet Supported |
| CFGBlock *NYS() { |
| badCFG = true; |
| return Block; |
| } |
| |
| void autoCreateBlock() { if (!Block) Block = createBlock(); } |
| CFGBlock *createBlock(bool add_successor = true); |
| CFGBlock *createNoReturnBlock(); |
| |
| CFGBlock *addStmt(Stmt *S) { |
| return Visit(S, AddStmtChoice::AlwaysAdd); |
| } |
| |
| CFGBlock *addInitializer(CXXCtorInitializer *I); |
| void addLoopExit(const Stmt *LoopStmt); |
| void addAutomaticObjDtors(LocalScope::const_iterator B, |
| LocalScope::const_iterator E, Stmt *S); |
| void addLifetimeEnds(LocalScope::const_iterator B, |
| LocalScope::const_iterator E, Stmt *S); |
| void addAutomaticObjHandling(LocalScope::const_iterator B, |
| LocalScope::const_iterator E, Stmt *S); |
| void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD); |
| |
| // Local scopes creation. |
| LocalScope* createOrReuseLocalScope(LocalScope* Scope); |
| |
| void addLocalScopeForStmt(Stmt *S); |
| LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, |
| LocalScope* Scope = nullptr); |
| LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = nullptr); |
| |
| void addLocalScopeAndDtors(Stmt *S); |
| |
| // Interface to CFGBlock - adding CFGElements. |
| |
| void appendStmt(CFGBlock *B, const Stmt *S) { |
| if (alwaysAdd(S) && cachedEntry) |
| cachedEntry->second = B; |
| |
| // All block-level expressions should have already been IgnoreParens()ed. |
| assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); |
| B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); |
| } |
| |
| void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) { |
| B->appendInitializer(I, cfg->getBumpVectorContext()); |
| } |
| |
| void appendNewAllocator(CFGBlock *B, CXXNewExpr *NE) { |
| B->appendNewAllocator(NE, cfg->getBumpVectorContext()); |
| } |
| |
| void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) { |
| B->appendBaseDtor(BS, cfg->getBumpVectorContext()); |
| } |
| |
| void appendMemberDtor(CFGBlock *B, FieldDecl *FD) { |
| B->appendMemberDtor(FD, cfg->getBumpVectorContext()); |
| } |
| |
| void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) { |
| B->appendTemporaryDtor(E, cfg->getBumpVectorContext()); |
| } |
| |
| void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) { |
| B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext()); |
| } |
| |
| void appendLifetimeEnds(CFGBlock *B, VarDecl *VD, Stmt *S) { |
| B->appendLifetimeEnds(VD, S, cfg->getBumpVectorContext()); |
| } |
| |
| void appendLoopExit(CFGBlock *B, const Stmt *LoopStmt) { |
| B->appendLoopExit(LoopStmt, cfg->getBumpVectorContext()); |
| } |
| |
| void appendDeleteDtor(CFGBlock *B, CXXRecordDecl *RD, CXXDeleteExpr *DE) { |
| B->appendDeleteDtor(RD, DE, cfg->getBumpVectorContext()); |
| } |
| |
| void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, |
| LocalScope::const_iterator B, LocalScope::const_iterator E); |
| |
| void prependAutomaticObjLifetimeWithTerminator(CFGBlock *Blk, |
| LocalScope::const_iterator B, |
| LocalScope::const_iterator E); |
| |
| void addSuccessor(CFGBlock *B, CFGBlock *S, bool IsReachable = true) { |
| B->addSuccessor(CFGBlock::AdjacentBlock(S, IsReachable), |
| cfg->getBumpVectorContext()); |
| } |
| |
| /// Add a reachable successor to a block, with the alternate variant that is |
| /// unreachable. |
| void addSuccessor(CFGBlock *B, CFGBlock *ReachableBlock, CFGBlock *AltBlock) { |
| B->addSuccessor(CFGBlock::AdjacentBlock(ReachableBlock, AltBlock), |
| cfg->getBumpVectorContext()); |
| } |
| |
| /// \brief Find a relational comparison with an expression evaluating to a |
| /// boolean and a constant other than 0 and 1. |
| /// e.g. if ((x < y) == 10) |
| TryResult checkIncorrectRelationalOperator(const BinaryOperator *B) { |
| const Expr *LHSExpr = B->getLHS()->IgnoreParens(); |
| const Expr *RHSExpr = B->getRHS()->IgnoreParens(); |
| |
| const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr); |
| const Expr *BoolExpr = RHSExpr; |
| bool IntFirst = true; |
| if (!IntLiteral) { |
| IntLiteral = dyn_cast<IntegerLiteral>(RHSExpr); |
| BoolExpr = LHSExpr; |
| IntFirst = false; |
| } |
| |
| if (!IntLiteral || !BoolExpr->isKnownToHaveBooleanValue()) |
| return TryResult(); |
| |
| llvm::APInt IntValue = IntLiteral->getValue(); |
| if ((IntValue == 1) || (IntValue == 0)) |
| return TryResult(); |
| |
| bool IntLarger = IntLiteral->getType()->isUnsignedIntegerType() || |
| !IntValue.isNegative(); |
| |
| BinaryOperatorKind Bok = B->getOpcode(); |
| if (Bok == BO_GT || Bok == BO_GE) { |
| // Always true for 10 > bool and bool > -1 |
| // Always false for -1 > bool and bool > 10 |
| return TryResult(IntFirst == IntLarger); |
| } else { |
| // Always true for -1 < bool and bool < 10 |
| // Always false for 10 < bool and bool < -1 |
| return TryResult(IntFirst != IntLarger); |
| } |
| } |
| |
| /// Find an incorrect equality comparison. Either with an expression |
| /// evaluating to a boolean and a constant other than 0 and 1. |
| /// e.g. if (!x == 10) or a bitwise and/or operation that always evaluates to |
| /// true/false e.q. (x & 8) == 4. |
| TryResult checkIncorrectEqualityOperator(const BinaryOperator *B) { |
| const Expr *LHSExpr = B->getLHS()->IgnoreParens(); |
| const Expr *RHSExpr = B->getRHS()->IgnoreParens(); |
| |
| const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr); |
| const Expr *BoolExpr = RHSExpr; |
| |
| if (!IntLiteral) { |
| IntLiteral = dyn_cast<IntegerLiteral>(RHSExpr); |
| BoolExpr = LHSExpr; |
| } |
| |
| if (!IntLiteral) |
| return TryResult(); |
| |
| const BinaryOperator *BitOp = dyn_cast<BinaryOperator>(BoolExpr); |
| if (BitOp && (BitOp->getOpcode() == BO_And || |
| BitOp->getOpcode() == BO_Or)) { |
| const Expr *LHSExpr2 = BitOp->getLHS()->IgnoreParens(); |
| const Expr *RHSExpr2 = BitOp->getRHS()->IgnoreParens(); |
| |
| const IntegerLiteral *IntLiteral2 = dyn_cast<IntegerLiteral>(LHSExpr2); |
| |
| if (!IntLiteral2) |
| IntLiteral2 = dyn_cast<IntegerLiteral>(RHSExpr2); |
| |
| if (!IntLiteral2) |
| return TryResult(); |
| |
| llvm::APInt L1 = IntLiteral->getValue(); |
| llvm::APInt L2 = IntLiteral2->getValue(); |
| if ((BitOp->getOpcode() == BO_And && (L2 & L1) != L1) || |
| (BitOp->getOpcode() == BO_Or && (L2 | L1) != L1)) { |
| if (BuildOpts.Observer) |
| BuildOpts.Observer->compareBitwiseEquality(B, |
| B->getOpcode() != BO_EQ); |
| TryResult(B->getOpcode() != BO_EQ); |
| } |
| } else if (BoolExpr->isKnownToHaveBooleanValue()) { |
| llvm::APInt IntValue = IntLiteral->getValue(); |
| if ((IntValue == 1) || (IntValue == 0)) { |
| return TryResult(); |
| } |
| return TryResult(B->getOpcode() != BO_EQ); |
| } |
| |
| return TryResult(); |
| } |
| |
| TryResult analyzeLogicOperatorCondition(BinaryOperatorKind Relation, |
| const llvm::APSInt &Value1, |
| const llvm::APSInt &Value2) { |
| assert(Value1.isSigned() == Value2.isSigned()); |
| switch (Relation) { |
| default: |
| return TryResult(); |
| case BO_EQ: |
| return TryResult(Value1 == Value2); |
| case BO_NE: |
| return TryResult(Value1 != Value2); |
| case BO_LT: |
| return TryResult(Value1 < Value2); |
| case BO_LE: |
| return TryResult(Value1 <= Value2); |
| case BO_GT: |
| return TryResult(Value1 > Value2); |
| case BO_GE: |
| return TryResult(Value1 >= Value2); |
| } |
| } |
| |
| /// \brief Find a pair of comparison expressions with or without parentheses |
| /// with a shared variable and constants and a logical operator between them |
| /// that always evaluates to either true or false. |
| /// e.g. if (x != 3 || x != 4) |
| TryResult checkIncorrectLogicOperator(const BinaryOperator *B) { |
| assert(B->isLogicalOp()); |
| const BinaryOperator *LHS = |
| dyn_cast<BinaryOperator>(B->getLHS()->IgnoreParens()); |
| const BinaryOperator *RHS = |
| dyn_cast<BinaryOperator>(B->getRHS()->IgnoreParens()); |
| if (!LHS || !RHS) |
| return {}; |
| |
| if (!LHS->isComparisonOp() || !RHS->isComparisonOp()) |
| return {}; |
| |
| const DeclRefExpr *Decl1; |
| const Expr *Expr1; |
| BinaryOperatorKind BO1; |
| std::tie(Decl1, BO1, Expr1) = tryNormalizeBinaryOperator(LHS); |
| |
| if (!Decl1 || !Expr1) |
| return {}; |
| |
| const DeclRefExpr *Decl2; |
| const Expr *Expr2; |
| BinaryOperatorKind BO2; |
| std::tie(Decl2, BO2, Expr2) = tryNormalizeBinaryOperator(RHS); |
| |
| if (!Decl2 || !Expr2) |
| return {}; |
| |
| // Check that it is the same variable on both sides. |
| if (Decl1->getDecl() != Decl2->getDecl()) |
| return {}; |
| |
| // Make sure the user's intent is clear (e.g. they're comparing against two |
| // int literals, or two things from the same enum) |
| if (!areExprTypesCompatible(Expr1, Expr2)) |
| return {}; |
| |
| llvm::APSInt L1, L2; |
| |
| if (!Expr1->EvaluateAsInt(L1, *Context) || |
| !Expr2->EvaluateAsInt(L2, *Context)) |
| return {}; |
| |
| // Can't compare signed with unsigned or with different bit width. |
| if (L1.isSigned() != L2.isSigned() || L1.getBitWidth() != L2.getBitWidth()) |
| return {}; |
| |
| // Values that will be used to determine if result of logical |
| // operator is always true/false |
| const llvm::APSInt Values[] = { |
| // Value less than both Value1 and Value2 |
| llvm::APSInt::getMinValue(L1.getBitWidth(), L1.isUnsigned()), |
| // L1 |
| L1, |
| // Value between Value1 and Value2 |
| ((L1 < L2) ? L1 : L2) + llvm::APSInt(llvm::APInt(L1.getBitWidth(), 1), |
| L1.isUnsigned()), |
| // L2 |
| L2, |
| // Value greater than both Value1 and Value2 |
| llvm::APSInt::getMaxValue(L1.getBitWidth(), L1.isUnsigned()), |
| }; |
| |
| // Check whether expression is always true/false by evaluating the following |
| // * variable x is less than the smallest literal. |
| // * variable x is equal to the smallest literal. |
| // * Variable x is between smallest and largest literal. |
| // * Variable x is equal to the largest literal. |
| // * Variable x is greater than largest literal. |
| bool AlwaysTrue = true, AlwaysFalse = true; |
| for (const llvm::APSInt &Value : Values) { |
| TryResult Res1, Res2; |
| Res1 = analyzeLogicOperatorCondition(BO1, Value, L1); |
| Res2 = analyzeLogicOperatorCondition(BO2, Value, L2); |
| |
| if (!Res1.isKnown() || !Res2.isKnown()) |
| return {}; |
| |
| if (B->getOpcode() == BO_LAnd) { |
| AlwaysTrue &= (Res1.isTrue() && Res2.isTrue()); |
| AlwaysFalse &= !(Res1.isTrue() && Res2.isTrue()); |
| } else { |
| AlwaysTrue &= (Res1.isTrue() || Res2.isTrue()); |
| AlwaysFalse &= !(Res1.isTrue() || Res2.isTrue()); |
| } |
| } |
| |
| if (AlwaysTrue || AlwaysFalse) { |
| if (BuildOpts.Observer) |
| BuildOpts.Observer->compareAlwaysTrue(B, AlwaysTrue); |
| return TryResult(AlwaysTrue); |
| } |
| return {}; |
| } |
| |
| /// Try and evaluate an expression to an integer constant. |
| bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) { |
| if (!BuildOpts.PruneTriviallyFalseEdges) |
| return false; |
| return !S->isTypeDependent() && |
| !S->isValueDependent() && |
| S->EvaluateAsRValue(outResult, *Context); |
| } |
| |
| /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1 |
| /// if we can evaluate to a known value, otherwise return -1. |
| TryResult tryEvaluateBool(Expr *S) { |
| if (!BuildOpts.PruneTriviallyFalseEdges || |
| S->isTypeDependent() || S->isValueDependent()) |
| return {}; |
| |
| if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) { |
| if (Bop->isLogicalOp()) { |
| // Check the cache first. |
| CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S); |
| if (I != CachedBoolEvals.end()) |
| return I->second; // already in map; |
| |
| // Retrieve result at first, or the map might be updated. |
| TryResult Result = evaluateAsBooleanConditionNoCache(S); |
| CachedBoolEvals[S] = Result; // update or insert |
| return Result; |
| } |
| else { |
| switch (Bop->getOpcode()) { |
| default: break; |
| // For 'x & 0' and 'x * 0', we can determine that |
| // the value is always false. |
| case BO_Mul: |
| case BO_And: { |
| // If either operand is zero, we know the value |
| // must be false. |
| llvm::APSInt IntVal; |
| if (Bop->getLHS()->EvaluateAsInt(IntVal, *Context)) { |
| if (!IntVal.getBoolValue()) { |
| return TryResult(false); |
| } |
| } |
| if (Bop->getRHS()->EvaluateAsInt(IntVal, *Context)) { |
| if (!IntVal.getBoolValue()) { |
| return TryResult(false); |
| } |
| } |
| } |
| break; |
| } |
| } |
| } |
| |
| return evaluateAsBooleanConditionNoCache(S); |
| } |
| |
| /// \brief Evaluate as boolean \param E without using the cache. |
| TryResult evaluateAsBooleanConditionNoCache(Expr *E) { |
| if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) { |
| if (Bop->isLogicalOp()) { |
| TryResult LHS = tryEvaluateBool(Bop->getLHS()); |
| if (LHS.isKnown()) { |
| // We were able to evaluate the LHS, see if we can get away with not |
| // evaluating the RHS: 0 && X -> 0, 1 || X -> 1 |
| if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr)) |
| return LHS.isTrue(); |
| |
| TryResult RHS = tryEvaluateBool(Bop->getRHS()); |
| if (RHS.isKnown()) { |
| if (Bop->getOpcode() == BO_LOr) |
| return LHS.isTrue() || RHS.isTrue(); |
| else |
| return LHS.isTrue() && RHS.isTrue(); |
| } |
| } else { |
| TryResult RHS = tryEvaluateBool(Bop->getRHS()); |
| if (RHS.isKnown()) { |
| // We can't evaluate the LHS; however, sometimes the result |
| // is determined by the RHS: X && 0 -> 0, X || 1 -> 1. |
| if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr)) |
| return RHS.isTrue(); |
| } else { |
| TryResult BopRes = checkIncorrectLogicOperator(Bop); |
| if (BopRes.isKnown()) |
| return BopRes.isTrue(); |
| } |
| } |
| |
| return {}; |
| } else if (Bop->isEqualityOp()) { |
| TryResult BopRes = checkIncorrectEqualityOperator(Bop); |
| if (BopRes.isKnown()) |
| return BopRes.isTrue(); |
| } else if (Bop->isRelationalOp()) { |
| TryResult BopRes = checkIncorrectRelationalOperator(Bop); |
| if (BopRes.isKnown()) |
| return BopRes.isTrue(); |
| } |
| } |
| |
| bool Result; |
| if (E->EvaluateAsBooleanCondition(Result, *Context)) |
| return Result; |
| |
| return {}; |
| } |
| |
| bool hasTrivialDestructor(VarDecl *VD); |
| }; |
| |
| } // namespace |
| |
| inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder, |
| const Stmt *stmt) const { |
| return builder.alwaysAdd(stmt) || kind == AlwaysAdd; |
| } |
| |
| bool CFGBuilder::alwaysAdd(const Stmt *stmt) { |
| bool shouldAdd = BuildOpts.alwaysAdd(stmt); |
| |
| if (!BuildOpts.forcedBlkExprs) |
| return shouldAdd; |
| |
| if (lastLookup == stmt) { |
| if (cachedEntry) { |
| assert(cachedEntry->first == stmt); |
| return true; |
| } |
| return shouldAdd; |
| } |
| |
| lastLookup = stmt; |
| |
| // Perform the lookup! |
| CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs; |
| |
| if (!fb) { |
| // No need to update 'cachedEntry', since it will always be null. |
| assert(!cachedEntry); |
| return shouldAdd; |
| } |
| |
| CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt); |
| if (itr == fb->end()) { |
| cachedEntry = nullptr; |
| return shouldAdd; |
| } |
| |
| cachedEntry = &*itr; |
| return true; |
| } |
| |
| // FIXME: Add support for dependent-sized array types in C++? |
| // Does it even make sense to build a CFG for an uninstantiated template? |
| static const VariableArrayType *FindVA(const Type *t) { |
| while (const ArrayType *vt = dyn_cast<ArrayType>(t)) { |
| if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt)) |
| if (vat->getSizeExpr()) |
| return vat; |
| |
| t = vt->getElementType().getTypePtr(); |
| } |
| |
| return nullptr; |
| } |
| |
| /// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an |
| /// arbitrary statement. Examples include a single expression or a function |
| /// body (compound statement). The ownership of the returned CFG is |
| /// transferred to the caller. If CFG construction fails, this method returns |
| /// NULL. |
| std::unique_ptr<CFG> CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) { |
| assert(cfg.get()); |
| if (!Statement) |
| return nullptr; |
| |
| // Create an empty block that will serve as the exit block for the CFG. Since |
| // this is the first block added to the CFG, it will be implicitly registered |
| // as the exit block. |
| Succ = createBlock(); |
| assert(Succ == &cfg->getExit()); |
| Block = nullptr; // the EXIT block is empty. Create all other blocks lazily. |
| |
| assert(!(BuildOpts.AddImplicitDtors && BuildOpts.AddLifetime) && |
| "AddImplicitDtors and AddLifetime cannot be used at the same time"); |
| |
| if (BuildOpts.AddImplicitDtors) |
| if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D)) |
| addImplicitDtorsForDestructor(DD); |
| |
| // Visit the statements and create the CFG. |
| CFGBlock *B = addStmt(Statement); |
| |
| if (badCFG) |
| return nullptr; |
| |
| // For C++ constructor add initializers to CFG. |
| if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) { |
| for (auto *I : llvm::reverse(CD->inits())) { |
| B = addInitializer(I); |
| if (badCFG) |
| return nullptr; |
| } |
| } |
| |
| if (B) |
| Succ = B; |
| |
| // Backpatch the gotos whose label -> block mappings we didn't know when we |
| // encountered them. |
| for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(), |
| E = BackpatchBlocks.end(); I != E; ++I ) { |
| |
| CFGBlock *B = I->block; |
| const GotoStmt *G = cast<GotoStmt>(B->getTerminator()); |
| LabelMapTy::iterator LI = LabelMap.find(G->getLabel()); |
| |
| // If there is no target for the goto, then we are looking at an |
| // incomplete AST. Handle this by not registering a successor. |
| if (LI == LabelMap.end()) continue; |
| |
| JumpTarget JT = LI->second; |
| prependAutomaticObjLifetimeWithTerminator(B, I->scopePosition, |
| JT.scopePosition); |
| prependAutomaticObjDtorsWithTerminator(B, I->scopePosition, |
| JT.scopePosition); |
| addSuccessor(B, JT.block); |
| } |
| |
| // Add successors to the Indirect Goto Dispatch block (if we have one). |
| if (CFGBlock *B = cfg->getIndirectGotoBlock()) |
| for (LabelSetTy::iterator I = AddressTakenLabels.begin(), |
| E = AddressTakenLabels.end(); I != E; ++I ) { |
| // Lookup the target block. |
| LabelMapTy::iterator LI = LabelMap.find(*I); |
| |
| // If there is no target block that contains label, then we are looking |
| // at an incomplete AST. Handle this by not registering a successor. |
| if (LI == LabelMap.end()) continue; |
| |
| addSuccessor(B, LI->second.block); |
| } |
| |
| // Create an empty entry block that has no predecessors. |
| cfg->setEntry(createBlock()); |
| |
| return std::move(cfg); |
| } |
| |
| /// createBlock - Used to lazily create blocks that are connected |
| /// to the current (global) succcessor. |
| CFGBlock *CFGBuilder::createBlock(bool add_successor) { |
| CFGBlock *B = cfg->createBlock(); |
| if (add_successor && Succ) |
| addSuccessor(B, Succ); |
| return B; |
| } |
| |
| /// createNoReturnBlock - Used to create a block is a 'noreturn' point in the |
| /// CFG. It is *not* connected to the current (global) successor, and instead |
| /// directly tied to the exit block in order to be reachable. |
| CFGBlock *CFGBuilder::createNoReturnBlock() { |
| CFGBlock *B = createBlock(false); |
| B->setHasNoReturnElement(); |
| addSuccessor(B, &cfg->getExit(), Succ); |
| return B; |
| } |
| |
| /// addInitializer - Add C++ base or member initializer element to CFG. |
| CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) { |
| if (!BuildOpts.AddInitializers) |
| return Block; |
| |
| bool HasTemporaries = false; |
| |
| // Destructors of temporaries in initialization expression should be called |
| // after initialization finishes. |
| Expr *Init = I->getInit(); |
| if (Init) { |
| HasTemporaries = isa<ExprWithCleanups>(Init); |
| |
| if (BuildOpts.AddTemporaryDtors && HasTemporaries) { |
| // Generate destructors for temporaries in initialization expression. |
| TempDtorContext Context; |
| VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), |
| /*BindToTemporary=*/false, Context); |
| } |
| } |
| |
| autoCreateBlock(); |
| appendInitializer(Block, I); |
| |
| if (Init) { |
| if (HasTemporaries) { |
| // For expression with temporaries go directly to subexpression to omit |
| // generating destructors for the second time. |
| return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); |
| } |
| if (BuildOpts.AddCXXDefaultInitExprInCtors) { |
| if (CXXDefaultInitExpr *Default = dyn_cast<CXXDefaultInitExpr>(Init)) { |
| // In general, appending the expression wrapped by a CXXDefaultInitExpr |
| // may cause the same Expr to appear more than once in the CFG. Doing it |
| // here is safe because there's only one initializer per field. |
| autoCreateBlock(); |
| appendStmt(Block, Default); |
| if (Stmt *Child = Default->getExpr()) |
| if (CFGBlock *R = Visit(Child)) |
| Block = R; |
| return Block; |
| } |
| } |
| return Visit(Init); |
| } |
| |
| return Block; |
| } |
| |
| /// \brief Retrieve the type of the temporary object whose lifetime was |
| /// extended by a local reference with the given initializer. |
| static QualType getReferenceInitTemporaryType(ASTContext &Context, |
| const Expr *Init, |
| bool *FoundMTE = nullptr) { |
| while (true) { |
| // Skip parentheses. |
| Init = Init->IgnoreParens(); |
| |
| // Skip through cleanups. |
| if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { |
| Init = EWC->getSubExpr(); |
| continue; |
| } |
| |
| // Skip through the temporary-materialization expression. |
| if (const MaterializeTemporaryExpr *MTE |
| = dyn_cast<MaterializeTemporaryExpr>(Init)) { |
| Init = MTE->GetTemporaryExpr(); |
| if (FoundMTE) |
| *FoundMTE = true; |
| continue; |
| } |
| |
| // Skip derived-to-base and no-op casts. |
| if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { |
| if ((CE->getCastKind() == CK_DerivedToBase || |
| CE->getCastKind() == CK_UncheckedDerivedToBase || |
| CE->getCastKind() == CK_NoOp) && |
| Init->getType()->isRecordType()) { |
| Init = CE->getSubExpr(); |
| continue; |
| } |
| } |
| |
| // Skip member accesses into rvalues. |
| if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) { |
| if (!ME->isArrow() && ME->getBase()->isRValue()) { |
| Init = ME->getBase(); |
| continue; |
| } |
| } |
| |
| break; |
| } |
| |
| return Init->getType(); |
| } |
| |
| // TODO: Support adding LoopExit element to the CFG in case where the loop is |
| // ended by ReturnStmt, GotoStmt or ThrowExpr. |
| void CFGBuilder::addLoopExit(const Stmt *LoopStmt){ |
| if(!BuildOpts.AddLoopExit) |
| return; |
| autoCreateBlock(); |
| appendLoopExit(Block, LoopStmt); |
| } |
| |
| void CFGBuilder::addAutomaticObjHandling(LocalScope::const_iterator B, |
| LocalScope::const_iterator E, |
| Stmt *S) { |
| if (BuildOpts.AddImplicitDtors) |
| addAutomaticObjDtors(B, E, S); |
| if (BuildOpts.AddLifetime) |
| addLifetimeEnds(B, E, S); |
| } |
| |
| /// Add to current block automatic objects that leave the scope. |
| void CFGBuilder::addLifetimeEnds(LocalScope::const_iterator B, |
| LocalScope::const_iterator E, Stmt *S) { |
| if (!BuildOpts.AddLifetime) |
| return; |
| |
| if (B == E) |
| return; |
| |
| // To go from B to E, one first goes up the scopes from B to P |
| // then sideways in one scope from P to P' and then down |
| // the scopes from P' to E. |
| // The lifetime of all objects between B and P end. |
| LocalScope::const_iterator P = B.shared_parent(E); |
| int dist = B.distance(P); |
| if (dist <= 0) |
| return; |
| |
| // We need to perform the scope leaving in reverse order |
| SmallVector<VarDecl *, 10> DeclsTrivial; |
| SmallVector<VarDecl *, 10> DeclsNonTrivial; |
| DeclsTrivial.reserve(dist); |
| DeclsNonTrivial.reserve(dist); |
| |
| for (LocalScope::const_iterator I = B; I != P; ++I) |
| if (hasTrivialDestructor(*I)) |
| DeclsTrivial.push_back(*I); |
| else |
| DeclsNonTrivial.push_back(*I); |
| |
| autoCreateBlock(); |
| // object with trivial destructor end their lifetime last (when storage |
| // duration ends) |
| for (SmallVectorImpl<VarDecl *>::reverse_iterator I = DeclsTrivial.rbegin(), |
| E = DeclsTrivial.rend(); |
| I != E; ++I) |
| appendLifetimeEnds(Block, *I, S); |
| |
| for (SmallVectorImpl<VarDecl *>::reverse_iterator |
| I = DeclsNonTrivial.rbegin(), |
| E = DeclsNonTrivial.rend(); |
| I != E; ++I) |
| appendLifetimeEnds(Block, *I, S); |
| } |
| |
| /// addAutomaticObjDtors - Add to current block automatic objects destructors |
| /// for objects in range of local scope positions. Use S as trigger statement |
| /// for destructors. |
| void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B, |
| LocalScope::const_iterator E, Stmt *S) { |
| if (!BuildOpts.AddImplicitDtors) |
| return; |
| |
| if (B == E) |
| return; |
| |
| // We need to append the destructors in reverse order, but any one of them |
| // may be a no-return destructor which changes the CFG. As a result, buffer |
| // this sequence up and replay them in reverse order when appending onto the |
| // CFGBlock(s). |
| SmallVector<VarDecl*, 10> Decls; |
| Decls.reserve(B.distance(E)); |
| for (LocalScope::const_iterator I = B; I != E; ++I) |
| Decls.push_back(*I); |
| |
| for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(), |
| E = Decls.rend(); |
| I != E; ++I) { |
| // If this destructor is marked as a no-return destructor, we need to |
| // create a new block for the destructor which does not have as a successor |
| // anything built thus far: control won't flow out of this block. |
| QualType Ty = (*I)->getType(); |
| if (Ty->isReferenceType()) { |
| Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); |
| } |
| Ty = Context->getBaseElementType(Ty); |
| |
| if (Ty->getAsCXXRecordDecl()->isAnyDestructorNoReturn()) |
| Block = createNoReturnBlock(); |
| else |
| autoCreateBlock(); |
| |
| appendAutomaticObjDtor(Block, *I, S); |
| } |
| } |
| |
| /// addImplicitDtorsForDestructor - Add implicit destructors generated for |
| /// base and member objects in destructor. |
| void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) { |
| assert(BuildOpts.AddImplicitDtors && |
| "Can be called only when dtors should be added"); |
| const CXXRecordDecl *RD = DD->getParent(); |
| |
| // At the end destroy virtual base objects. |
| for (const auto &VI : RD->vbases()) { |
| const CXXRecordDecl *CD = VI.getType()->getAsCXXRecordDecl(); |
| if (!CD->hasTrivialDestructor()) { |
| autoCreateBlock(); |
| appendBaseDtor(Block, &VI); |
| } |
| } |
| |
| // Before virtual bases destroy direct base objects. |
| for (const auto &BI : RD->bases()) { |
| if (!BI.isVirtual()) { |
| const CXXRecordDecl *CD = BI.getType()->getAsCXXRecordDecl(); |
| if (!CD->hasTrivialDestructor()) { |
| autoCreateBlock(); |
| appendBaseDtor(Block, &BI); |
| } |
| } |
| } |
| |
| // First destroy member objects. |
| for (auto *FI : RD->fields()) { |
| // Check for constant size array. Set type to array element type. |
| QualType QT = FI->getType(); |
| if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { |
| if (AT->getSize() == 0) |
| continue; |
| QT = AT->getElementType(); |
| } |
| |
| if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) |
| if (!CD->hasTrivialDestructor()) { |
| autoCreateBlock(); |
| appendMemberDtor(Block, FI); |
| } |
| } |
| } |
| |
| /// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either |
| /// way return valid LocalScope object. |
| LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) { |
| if (Scope) |
| return Scope; |
| llvm::BumpPtrAllocator &alloc = cfg->getAllocator(); |
| return new (alloc.Allocate<LocalScope>()) |
| LocalScope(BumpVectorContext(alloc), ScopePos); |
| } |
| |
| /// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement |
| /// that should create implicit scope (e.g. if/else substatements). |
| void CFGBuilder::addLocalScopeForStmt(Stmt *S) { |
| if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime) |
| return; |
| |
| LocalScope *Scope = nullptr; |
| |
| // For compound statement we will be creating explicit scope. |
| if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) { |
| for (auto *BI : CS->body()) { |
| Stmt *SI = BI->stripLabelLikeStatements(); |
| if (DeclStmt *DS = dyn_cast<DeclStmt>(SI)) |
| Scope = addLocalScopeForDeclStmt(DS, Scope); |
| } |
| return; |
| } |
| |
| // For any other statement scope will be implicit and as such will be |
| // interesting only for DeclStmt. |
| if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements())) |
| addLocalScopeForDeclStmt(DS); |
| } |
| |
| /// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will |
| /// reuse Scope if not NULL. |
| LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS, |
| LocalScope* Scope) { |
| if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime) |
| return Scope; |
| |
| for (auto *DI : DS->decls()) |
| if (VarDecl *VD = dyn_cast<VarDecl>(DI)) |
| Scope = addLocalScopeForVarDecl(VD, Scope); |
| return Scope; |
| } |
| |
| bool CFGBuilder::hasTrivialDestructor(VarDecl *VD) { |
| // Check for const references bound to temporary. Set type to pointee. |
| QualType QT = VD->getType(); |
| if (QT.getTypePtr()->isReferenceType()) { |
| // Attempt to determine whether this declaration lifetime-extends a |
| // temporary. |
| // |
| // FIXME: This is incorrect. Non-reference declarations can lifetime-extend |
| // temporaries, and a single declaration can extend multiple temporaries. |
| // We should look at the storage duration on each nested |
| // MaterializeTemporaryExpr instead. |
| |
| const Expr *Init = VD->getInit(); |
| if (!Init) |
| return true; |
| |
| // Lifetime-extending a temporary. |
| bool FoundMTE = false; |
| QT = getReferenceInitTemporaryType(*Context, Init, &FoundMTE); |
| if (!FoundMTE) |
| return true; |
| } |
| |
| // Check for constant size array. Set type to array element type. |
| while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { |
| if (AT->getSize() == 0) |
| return true; |
| QT = AT->getElementType(); |
| } |
| |
| // Check if type is a C++ class with non-trivial destructor. |
| if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) |
| return !CD->hasDefinition() || CD->hasTrivialDestructor(); |
| return true; |
| } |
| |
| /// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will |
| /// create add scope for automatic objects and temporary objects bound to |
| /// const reference. Will reuse Scope if not NULL. |
| LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD, |
| LocalScope* Scope) { |
| assert(!(BuildOpts.AddImplicitDtors && BuildOpts.AddLifetime) && |
| "AddImplicitDtors and AddLifetime cannot be used at the same time"); |
| if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime) |
| return Scope; |
| |
| // Check if variable is local. |
| switch (VD->getStorageClass()) { |
| case SC_None: |
| case SC_Auto: |
| case SC_Register: |
| break; |
| default: return Scope; |
| } |
| |
| if (BuildOpts.AddImplicitDtors) { |
| if (!hasTrivialDestructor(VD)) { |
| // Add the variable to scope |
| Scope = createOrReuseLocalScope(Scope); |
| Scope->addVar(VD); |
| ScopePos = Scope->begin(); |
| } |
| return Scope; |
| } |
| |
| assert(BuildOpts.AddLifetime); |
| // Add the variable to scope |
| Scope = createOrReuseLocalScope(Scope); |
| Scope->addVar(VD); |
| ScopePos = Scope->begin(); |
| return Scope; |
| } |
| |
| /// addLocalScopeAndDtors - For given statement add local scope for it and |
| /// add destructors that will cleanup the scope. Will reuse Scope if not NULL. |
| void CFGBuilder::addLocalScopeAndDtors(Stmt *S) { |
| LocalScope::const_iterator scopeBeginPos = ScopePos; |
| addLocalScopeForStmt(S); |
| addAutomaticObjHandling(ScopePos, scopeBeginPos, S); |
| } |
| |
| /// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for |
| /// variables with automatic storage duration to CFGBlock's elements vector. |
| /// Elements will be prepended to physical beginning of the vector which |
| /// happens to be logical end. Use blocks terminator as statement that specifies |
| /// destructors call site. |
| /// FIXME: This mechanism for adding automatic destructors doesn't handle |
| /// no-return destructors properly. |
| void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, |
| LocalScope::const_iterator B, LocalScope::const_iterator E) { |
| if (!BuildOpts.AddImplicitDtors) |
| return; |
| BumpVectorContext &C = cfg->getBumpVectorContext(); |
| CFGBlock::iterator InsertPos |
| = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C); |
| for (LocalScope::const_iterator I = B; I != E; ++I) |
| InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I, |
| Blk->getTerminator()); |
| } |
| |
| /// prependAutomaticObjLifetimeWithTerminator - Prepend lifetime CFGElements for |
| /// variables with automatic storage duration to CFGBlock's elements vector. |
| /// Elements will be prepended to physical beginning of the vector which |
| /// happens to be logical end. Use blocks terminator as statement that specifies |
| /// where lifetime ends. |
| void CFGBuilder::prependAutomaticObjLifetimeWithTerminator( |
| CFGBlock *Blk, LocalScope::const_iterator B, LocalScope::const_iterator E) { |
| if (!BuildOpts.AddLifetime) |
| return; |
| BumpVectorContext &C = cfg->getBumpVectorContext(); |
| CFGBlock::iterator InsertPos = |
| Blk->beginLifetimeEndsInsert(Blk->end(), B.distance(E), C); |
| for (LocalScope::const_iterator I = B; I != E; ++I) |
| InsertPos = Blk->insertLifetimeEnds(InsertPos, *I, Blk->getTerminator()); |
| } |
| |
| /// Visit - Walk the subtree of a statement and add extra |
| /// blocks for ternary operators, &&, and ||. We also process "," and |
| /// DeclStmts (which may contain nested control-flow). |
| CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) { |
| if (!S) { |
| badCFG = true; |
| return nullptr; |
| } |
| |
| if (Expr *E = dyn_cast<Expr>(S)) |
| S = E->IgnoreParens(); |
| |
| switch (S->getStmtClass()) { |
| default: |
| return VisitStmt(S, asc); |
| |
| case Stmt::AddrLabelExprClass: |
| return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc); |
| |
| case Stmt::BinaryConditionalOperatorClass: |
| return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc); |
| |
| case Stmt::BinaryOperatorClass: |
| return VisitBinaryOperator(cast<BinaryOperator>(S), asc); |
| |
| case Stmt::BlockExprClass: |
| return VisitBlockExpr(cast<BlockExpr>(S), asc); |
| |
| case Stmt::BreakStmtClass: |
| return VisitBreakStmt(cast<BreakStmt>(S)); |
| |
| case Stmt::CallExprClass: |
| case Stmt::CXXOperatorCallExprClass: |
| case Stmt::CXXMemberCallExprClass: |
| case Stmt::UserDefinedLiteralClass: |
| return VisitCallExpr(cast<CallExpr>(S), asc); |
| |
| case Stmt::CaseStmtClass: |
| return VisitCaseStmt(cast<CaseStmt>(S)); |
| |
| case Stmt::ChooseExprClass: |
| return VisitChooseExpr(cast<ChooseExpr>(S), asc); |
| |
| case Stmt::CompoundStmtClass: |
| return VisitCompoundStmt(cast<CompoundStmt>(S)); |
| |
| case Stmt::ConditionalOperatorClass: |
| return VisitConditionalOperator(cast<ConditionalOperator>(S), asc); |
| |
| case Stmt::ContinueStmtClass: |
| return VisitContinueStmt(cast<ContinueStmt>(S)); |
| |
| case Stmt::CXXCatchStmtClass: |
| return VisitCXXCatchStmt(cast<CXXCatchStmt>(S)); |
| |
| case Stmt::ExprWithCleanupsClass: |
| return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc); |
| |
| case Stmt::CXXDefaultArgExprClass: |
| case Stmt::CXXDefaultInitExprClass: |
| // FIXME: The expression inside a CXXDefaultArgExpr is owned by the |
| // called function's declaration, not by the caller. If we simply add |
| // this expression to the CFG, we could end up with the same Expr |
| // appearing multiple times. |
| // PR13385 / <rdar://problem/12156507> |
| // |
| // It's likewise possible for multiple CXXDefaultInitExprs for the same |
| // expression to be used in the same function (through aggregate |
| // initialization). |
| return VisitStmt(S, asc); |
| |
| case Stmt::CXXBindTemporaryExprClass: |
| return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc); |
| |
| case Stmt::CXXConstructExprClass: |
| return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc); |
| |
| case Stmt::CXXNewExprClass: |
| return VisitCXXNewExpr(cast<CXXNewExpr>(S), asc); |
| |
| case Stmt::CXXDeleteExprClass: |
| return VisitCXXDeleteExpr(cast<CXXDeleteExpr>(S), asc); |
| |
| case Stmt::CXXFunctionalCastExprClass: |
| return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc); |
| |
| case Stmt::CXXTemporaryObjectExprClass: |
| return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc); |
| |
| case Stmt::CXXThrowExprClass: |
| return VisitCXXThrowExpr(cast<CXXThrowExpr>(S)); |
| |
| case Stmt::CXXTryStmtClass: |
| return VisitCXXTryStmt(cast<CXXTryStmt>(S)); |
| |
| case Stmt::CXXForRangeStmtClass: |
| return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S)); |
| |
| case Stmt::DeclStmtClass: |
| return VisitDeclStmt(cast<DeclStmt>(S)); |
| |
| case Stmt::DefaultStmtClass: |
| return VisitDefaultStmt(cast<DefaultStmt>(S)); |
| |
| case Stmt::DoStmtClass: |
| return VisitDoStmt(cast<DoStmt>(S)); |
| |
| case Stmt::ForStmtClass: |
| return VisitForStmt(cast<ForStmt>(S)); |
| |
| case Stmt::GotoStmtClass: |
| return VisitGotoStmt(cast<GotoStmt>(S)); |
| |
| case Stmt::IfStmtClass: |
| return VisitIfStmt(cast<IfStmt>(S)); |
| |
| case Stmt::ImplicitCastExprClass: |
| return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc); |
| |
| case Stmt::IndirectGotoStmtClass: |
| return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S)); |
| |
| case Stmt::LabelStmtClass: |
| return VisitLabelStmt(cast<LabelStmt>(S)); |
| |
| case Stmt::LambdaExprClass: |
| return VisitLambdaExpr(cast<LambdaExpr>(S), asc); |
| |
| case Stmt::MemberExprClass: |
| return VisitMemberExpr(cast<MemberExpr>(S), asc); |
| |
| case Stmt::NullStmtClass: |
| return Block; |
| |
| case Stmt::ObjCAtCatchStmtClass: |
| return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S)); |
| |
| case Stmt::ObjCAutoreleasePoolStmtClass: |
| return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S)); |
| |
| case Stmt::ObjCAtSynchronizedStmtClass: |
| return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S)); |
| |
| case Stmt::ObjCAtThrowStmtClass: |
| return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S)); |
| |
| case Stmt::ObjCAtTryStmtClass: |
| return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S)); |
| |
| case Stmt::ObjCForCollectionStmtClass: |
| return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S)); |
| |
| case Stmt::OpaqueValueExprClass: |
| return Block; |
| |
| case Stmt::PseudoObjectExprClass: |
| return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S)); |
| |
| case Stmt::ReturnStmtClass: |
| return VisitReturnStmt(cast<ReturnStmt>(S)); |
| |
| case Stmt::SEHExceptStmtClass: |
| return VisitSEHExceptStmt(cast<SEHExceptStmt>(S)); |
| |
| case Stmt::SEHFinallyStmtClass: |
| return VisitSEHFinallyStmt(cast<SEHFinallyStmt>(S)); |
| |
| case Stmt::SEHLeaveStmtClass: |
| return VisitSEHLeaveStmt(cast<SEHLeaveStmt>(S)); |
| |
| case Stmt::SEHTryStmtClass: |
| return VisitSEHTryStmt(cast<SEHTryStmt>(S)); |
| |
| case Stmt::UnaryExprOrTypeTraitExprClass: |
| return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S), |
| asc); |
| |
| case Stmt::StmtExprClass: |
| return VisitStmtExpr(cast<StmtExpr>(S), asc); |
| |
| case Stmt::SwitchStmtClass: |
| return VisitSwitchStmt(cast<SwitchStmt>(S)); |
| |
| case Stmt::UnaryOperatorClass: |
| return VisitUnaryOperator(cast<UnaryOperator>(S), asc); |
| |
| case Stmt::WhileStmtClass: |
| return VisitWhileStmt(cast<WhileStmt>(S)); |
| } |
| } |
| |
| CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) { |
| if (asc.alwaysAdd(*this, S)) { |
| autoCreateBlock(); |
| appendStmt(Block, S); |
| } |
| |
| return VisitChildren(S); |
| } |
| |
| /// VisitChildren - Visit the children of a Stmt. |
| CFGBlock *CFGBuilder::VisitChildren(Stmt *S) { |
| CFGBlock *B = Block; |
| |
| // Visit the children in their reverse order so that they appear in |
| // left-to-right (natural) order in the CFG. |
| reverse_children RChildren(S); |
| for (reverse_children::iterator I = RChildren.begin(), E = RChildren.end(); |
| I != E; ++I) { |
| if (Stmt *Child = *I) |
| if (CFGBlock *R = Visit(Child)) |
| B = R; |
| } |
| return B; |
| } |
| |
| CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A, |
| AddStmtChoice asc) { |
| AddressTakenLabels.insert(A->getLabel()); |
| |
| if (asc.alwaysAdd(*this, A)) { |
| autoCreateBlock(); |
| appendStmt(Block, A); |
| } |
| |
| return Block; |
| } |
| |
| CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, |
| AddStmtChoice asc) { |
| if (asc.alwaysAdd(*this, U)) { |
| autoCreateBlock(); |
| appendStmt(Block, U); |
| } |
| |
| return Visit(U->getSubExpr(), AddStmtChoice()); |
| } |
| |
| CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) { |
| CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); |
| appendStmt(ConfluenceBlock, B); |
| |
| if (badCFG) |
| return nullptr; |
| |
| return VisitLogicalOperator(B, nullptr, ConfluenceBlock, |
| ConfluenceBlock).first; |
| } |
| |
| std::pair<CFGBlock*, CFGBlock*> |
| CFGBuilder::VisitLogicalOperator(BinaryOperator *B, |
| Stmt *Term, |
| CFGBlock *TrueBlock, |
| CFGBlock *FalseBlock) { |
| // Introspect the RHS. If it is a nested logical operation, we recursively |
| // build the CFG using this function. Otherwise, resort to default |
| // CFG construction behavior. |
| Expr *RHS = B->getRHS()->IgnoreParens(); |
| CFGBlock *RHSBlock, *ExitBlock; |
| |
| do { |
| if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS)) |
| if (B_RHS->isLogicalOp()) { |
| std::tie(RHSBlock, ExitBlock) = |
| VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock); |
| break; |
| } |
| |
| // The RHS is not a nested logical operation. Don't push the terminator |
| // down further, but instead visit RHS and construct the respective |
| // pieces of the CFG, and link up the RHSBlock with the terminator |
| // we have been provided. |
| ExitBlock = RHSBlock = createBlock(false); |
| |
| // Even though KnownVal is only used in the else branch of the next |
| // conditional, tryEvaluateBool performs additional checking on the |
| // Expr, so it should be called unconditionally. |
| TryResult KnownVal = tryEvaluateBool(RHS); |
| if (!KnownVal.isKnown()) |
| KnownVal = tryEvaluateBool(B); |
| |
| if (!Term) { |
| assert(TrueBlock == FalseBlock); |
| addSuccessor(RHSBlock, TrueBlock); |
| } |
| else { |
| RHSBlock->setTerminator(Term); |
| addSuccessor(RHSBlock, TrueBlock, !KnownVal.isFalse()); |
| addSuccessor(RHSBlock, FalseBlock, !KnownVal.isTrue()); |
| } |
| |
| Block = RHSBlock; |
| RHSBlock = addStmt(RHS); |
| } |
| while (false); |
| |
| if (badCFG) |
| return std::make_pair(nullptr, nullptr); |
| |
| // Generate the blocks for evaluating the LHS. |
| Expr *LHS = B->getLHS()->IgnoreParens(); |
| |
| if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS)) |
| if (B_LHS->isLogicalOp()) { |
| if (B->getOpcode() == BO_LOr) |
| FalseBlock = RHSBlock; |
| else |
| TrueBlock = RHSBlock; |
| |
| // For the LHS, treat 'B' as the terminator that we want to sink |
| // into the nested branch. The RHS always gets the top-most |
| // terminator. |
| return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock); |
| } |
| |
| // Create the block evaluating the LHS. |
| // This contains the '&&' or '||' as the terminator. |
| CFGBlock *LHSBlock = createBlock(false); |
| LHSBlock->setTerminator(B); |
| |
| Block = LHSBlock; |
| CFGBlock *EntryLHSBlock = addStmt(LHS); |
| |
| if (badCFG) |
| return std::make_pair(nullptr, nullptr); |
| |
| // See if this is a known constant. |
| TryResult KnownVal = tryEvaluateBool(LHS); |
| |
| // Now link the LHSBlock with RHSBlock. |
| if (B->getOpcode() == BO_LOr) { |
| addSuccessor(LHSBlock, TrueBlock, !KnownVal.isFalse()); |
| addSuccessor(LHSBlock, RHSBlock, !KnownVal.isTrue()); |
| } else { |
| assert(B->getOpcode() == BO_LAnd); |
| addSuccessor(LHSBlock, RHSBlock, !KnownVal.isFalse()); |
| addSuccessor(LHSBlock, FalseBlock, !KnownVal.isTrue()); |
| } |
| |
| return std::make_pair(EntryLHSBlock, ExitBlock); |
| } |
| |
| CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B, |
| AddStmtChoice asc) { |
| // && or || |
| if (B->isLogicalOp()) |
| return VisitLogicalOperator(B); |
| |
| if (B->getOpcode() == BO_Comma) { // , |
| autoCreateBlock(); |
| appendStmt(Block, B); |
| addStmt(B->getRHS()); |
| return addStmt(B->getLHS()); |
| } |
| |
| if (B->isAssignmentOp()) { |
| if (asc.alwaysAdd(*this, B)) { |
| autoCreateBlock(); |
| appendStmt(Block, B); |
| } |
| Visit(B->getLHS()); |
| return Visit(B->getRHS()); |
| } |
| |
| if (asc.alwaysAdd(*this, B)) { |
| autoCreateBlock(); |
| appendStmt(Block, B); |
| } |
| |
| CFGBlock *RBlock = Visit(B->getRHS()); |
| CFGBlock *LBlock = Visit(B->getLHS()); |
| // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr |
| // containing a DoStmt, and the LHS doesn't create a new block, then we should |
| // return RBlock. Otherwise we'll incorrectly return NULL. |
| return (LBlock ? LBlock : RBlock); |
| } |
| |
| CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) { |
| if (asc.alwaysAdd(*this, E)) { |
| autoCreateBlock(); |
| appendStmt(Block, E); |
| } |
| return Block; |
| } |
| |
| CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) { |
| // "break" is a control-flow statement. Thus we stop processing the current |
| // block. |
| if (badCFG) |
| return nullptr; |
| |
| // Now create a new block that ends with the break statement. |
| Block = createBlock(false); |
| Block->setTerminator(B); |
| |
| // If there is no target for the break, then we are looking at an incomplete |
| // AST. This means that the CFG cannot be constructed. |
| if (BreakJumpTarget.block) { |
| addAutomaticObjHandling(ScopePos, BreakJumpTarget.scopePosition, B); |
| addSuccessor(Block, BreakJumpTarget.block); |
| } else |
| badCFG = true; |
| |
| return Block; |
| } |
| |
| static bool CanThrow(Expr *E, ASTContext &Ctx) { |
| QualType Ty = E->getType(); |
| if (Ty->isFunctionPointerType()) |
| Ty = Ty->getAs<PointerType>()->getPointeeType(); |
| else if (Ty->isBlockPointerType()) |
| Ty = Ty->getAs<BlockPointerType>()->getPointeeType(); |
| |
| const FunctionType *FT = Ty->getAs<FunctionType>(); |
| if (FT) { |
| if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT)) |
| if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) && |
| Proto->isNothrow(Ctx)) |
| return false; |
| } |
| return true; |
| } |
| |
| CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) { |
| // Compute the callee type. |
| QualType calleeType = C->getCallee()->getType(); |
| if (calleeType == Context->BoundMemberTy) { |
| QualType boundType = Expr::findBoundMemberType(C->getCallee()); |
| |
| // We should only get a null bound type if processing a dependent |
| // CFG. Recover by assuming nothing. |
| if (!boundType.isNull()) calleeType = boundType; |
| } |
| |
| // If this is a call to a no-return function, this stops the block here. |
| bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn(); |
| |
| bool AddEHEdge = false; |
| |
| // Languages without exceptions are assumed to not throw. |
| if (Context->getLangOpts().Exceptions) { |
| if (BuildOpts.AddEHEdges) |
| AddEHEdge = true; |
| } |
| |
| // If this is a call to a builtin function, it might not actually evaluate |
| // its arguments. Don't add them to the CFG if this is the case. |
| bool OmitArguments = false; |
| |
| if (FunctionDecl *FD = C->getDirectCallee()) { |
| if (FD->isNoReturn()) |
| NoReturn = true; |
| if (FD->hasAttr<NoThrowAttr>()) |
| AddEHEdge = false; |
| if (FD->getBuiltinID() == Builtin::BI__builtin_object_size) |
| OmitArguments = true; |
| } |
| |
| if (!CanThrow(C->getCallee(), *Context)) |
| AddEHEdge = false; |
| |
| if (OmitArguments) { |
| assert(!NoReturn && "noreturn calls with unevaluated args not implemented"); |
| assert(!AddEHEdge && "EH calls with unevaluated args not implemented"); |
| autoCreateBlock(); |
| appendStmt(Block, C); |
| return Visit(C->getCallee()); |
| } |
| |
| if (!NoReturn && !AddEHEdge) { |
| return VisitStmt(C, asc.withAlwaysAdd(true)); |
| } |
| |
| if (Block) { |
| Succ = Block; |
| if (badCFG) |
| return nullptr; |
| } |
| |
| if (NoReturn) |
| Block = createNoReturnBlock(); |
| else |
| Block = createBlock(); |
| |
| appendStmt(Block, C); |
| |
| if (AddEHEdge) { |
| // Add exceptional edges. |
| if (TryTerminatedBlock) |
| addSuccessor(Block, TryTerminatedBlock); |
| else |
| addSuccessor(Block, &cfg->getExit()); |
| } |
| |
| return VisitChildren(C); |
| } |
| |
| CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C, |
| AddStmtChoice asc) { |
| CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); |
| appendStmt(ConfluenceBlock, C); |
| if (badCFG) |
| return nullptr; |
| |
| AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); |
| Succ = ConfluenceBlock; |
| Block = nullptr; |
| CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd); |
| if (badCFG) |
| return nullptr; |
| |
| Succ = ConfluenceBlock; |
| Block = nullptr; |
| CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd); |
| if (badCFG) |
| return nullptr; |
| |
| Block = createBlock(false); |
| // See if this is a known constant. |
| const TryResult& KnownVal = tryEvaluateBool(C->getCond()); |
| addSuccessor(Block, KnownVal.isFalse() ? nullptr : LHSBlock); |
| addSuccessor(Block, KnownVal.isTrue() ? nullptr : RHSBlock); |
| Block->setTerminator(C); |
| return addStmt(C->getCond()); |
| } |
| |
| CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) { |
| LocalScope::const_iterator scopeBeginPos = ScopePos; |
| addLocalScopeForStmt(C); |
| |
| if (!C->body_empty() && !isa<ReturnStmt>(*C->body_rbegin())) { |
| // If the body ends with a ReturnStmt, the dtors will be added in |
| // VisitReturnStmt. |
| addAutomaticObjHandling(ScopePos, scopeBeginPos, C); |
| } |
| |
| CFGBlock *LastBlock = Block; |
| |
| for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend(); |
| I != E; ++I ) { |
| // If we hit a segment of code just containing ';' (NullStmts), we can |
| // get a null block back. In such cases, just use the LastBlock |
| if (CFGBlock *newBlock = addStmt(*I)) |
| LastBlock = newBlock; |
| |
| if (badCFG) |
| return nullptr; |
| } |
| |
| return LastBlock; |
| } |
| |
| CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C, |
| AddStmtChoice asc) { |
| const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C); |
| const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : nullptr); |
| |
| // Create the confluence block that will "merge" the results of the ternary |
| // expression. |
| CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); |
| appendStmt(ConfluenceBlock, C); |
| if (badCFG) |
| return nullptr; |
| |
| AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); |
| |
| // Create a block for the LHS expression if there is an LHS expression. A |
| // GCC extension allows LHS to be NULL, causing the condition to be the |
| // value that is returned instead. |
| // e.g: x ?: y is shorthand for: x ? x : y; |
| Succ = ConfluenceBlock; |
| Block = nullptr; |
| CFGBlock *LHSBlock = nullptr; |
| const Expr *trueExpr = C->getTrueExpr(); |
| if (trueExpr != opaqueValue) { |
| LHSBlock = Visit(C->getTrueExpr(), alwaysAdd); |
| if (badCFG) |
| return nullptr; |
| Block = nullptr; |
| } |
| else |
| LHSBlock = ConfluenceBlock; |
| |
| // Create the block for the RHS expression. |
| Succ = ConfluenceBlock; |
| CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd); |
| if (badCFG) |
| return nullptr; |
| |
| // If the condition is a logical '&&' or '||', build a more accurate CFG. |
| if (BinaryOperator *Cond = |
| dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens())) |
| if (Cond->isLogicalOp()) |
| return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first; |
| |
| // Create the block that will contain the condition. |
| Block = createBlock(false); |
| |
| // See if this is a known constant. |
| const TryResult& KnownVal = tryEvaluateBool(C->getCond()); |
| addSuccessor(Block, LHSBlock, !KnownVal.isFalse()); |
| addSuccessor(Block, RHSBlock, !KnownVal.isTrue()); |
| Block->setTerminator(C); |
| Expr *condExpr = C->getCond(); |
| |
| if (opaqueValue) { |
| // Run the condition expression if it's not trivially expressed in |
| // terms of the opaque value (or if there is no opaque value). |
| if (condExpr != opaqueValue) |
| addStmt(condExpr); |
| |
| // Before that, run the common subexpression if there was one. |
| // At least one of this or the above will be run. |
| return addStmt(BCO->getCommon()); |
| } |
| |
| return addStmt(condExpr); |
| } |
| |
| CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) { |
| // Check if the Decl is for an __label__. If so, elide it from the |
| // CFG entirely. |
| if (isa<LabelDecl>(*DS->decl_begin())) |
| return Block; |
| |
| // This case also handles static_asserts. |
| if (DS->isSingleDecl()) |
| return VisitDeclSubExpr(DS); |
| |
| CFGBlock *B = nullptr; |
| |
| // Build an individual DeclStmt for each decl. |
| for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(), |
| E = DS->decl_rend(); |
| I != E; ++I) { |
| // Get the alignment of the new DeclStmt, padding out to >=8 bytes. |
| unsigned A = alignof(DeclStmt) < 8 ? 8 : alignof(DeclStmt); |
| |
| // Allocate the DeclStmt using the BumpPtrAllocator. It will get |
| // automatically freed with the CFG. |
| DeclGroupRef DG(*I); |
| Decl *D = *I; |
| void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A); |
| DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D)); |
| cfg->addSyntheticDeclStmt(DSNew, DS); |
| |
| // Append the fake DeclStmt to block. |
| B = VisitDeclSubExpr(DSNew); |
| } |
| |
| return B; |
| } |
| |
| /// VisitDeclSubExpr - Utility method to add block-level expressions for |
| /// DeclStmts and initializers in them. |
| CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) { |
| assert(DS->isSingleDecl() && "Can handle single declarations only."); |
| VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); |
| |
| if (!VD) { |
| // Of everything that can be declared in a DeclStmt, only VarDecls impact |
| // runtime semantics. |
| return Block; |
| } |
| |
| bool HasTemporaries = false; |
| |
| // Guard static initializers under a branch. |
| CFGBlock *blockAfterStaticInit = nullptr; |
| |
| if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) { |
| // For static variables, we need to create a branch to track |
| // whether or not they are initialized. |
| if (Block) { |
| Succ = Block; |
| Block = nullptr; |
| if (badCFG) |
| return nullptr; |
| } |
| blockAfterStaticInit = Succ; |
| } |
| |
| // Destructors of temporaries in initialization expression should be called |
| // after initialization finishes. |
| Expr *Init = VD->getInit(); |
| if (Init) { |
| HasTemporaries = isa<ExprWithCleanups>(Init); |
| |
| if (BuildOpts.AddTemporaryDtors && HasTemporaries) { |
| // Generate destructors for temporaries in initialization expression. |
| TempDtorContext Context; |
| VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), |
| /*BindToTemporary=*/false, Context); |
| } |
| } |
| |
| autoCreateBlock(); |
| appendStmt(Block, DS); |
| |
| // Keep track of the last non-null block, as 'Block' can be nulled out |
| // if the initializer expression is something like a 'while' in a |
| // statement-expression. |
| CFGBlock *LastBlock = Block; |
| |
| if (Init) { |
| if (HasTemporaries) { |
| // For expression with temporaries go directly to subexpression to omit |
| // generating destructors for the second time. |
| ExprWithCleanups *EC = cast<ExprWithCleanups>(Init); |
| if (CFGBlock *newBlock = Visit(EC->getSubExpr())) |
| LastBlock = newBlock; |
| } |
| else { |
| if (CFGBlock *newBlock = Visit(Init)) |
| LastBlock = newBlock; |
| } |
| } |
| |
| // If the type of VD is a VLA, then we must process its size expressions. |
| for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr()); |
| VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr())) { |
| if (CFGBlock *newBlock = addStmt(VA->getSizeExpr())) |
| LastBlock = newBlock; |
| } |
| |
| // Remove variable from local scope. |
| if (ScopePos && VD == *ScopePos) |
| ++ScopePos; |
| |
| CFGBlock *B = LastBlock; |
| if (blockAfterStaticInit) { |
| Succ = B; |
| Block = createBlock(false); |
| Block->setTerminator(DS); |
| addSuccessor(Block, blockAfterStaticInit); |
| addSuccessor(Block, B); |
| B = Block; |
| } |
| |
| return B; |
| } |
| |
| CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) { |
| // We may see an if statement in the middle of a basic block, or it may be the |
| // first statement we are processing. In either case, we create a new basic |
| // block. First, we create the blocks for the then...else statements, and |
| // then we create the block containing the if statement. If we were in the |
| // middle of a block, we stop processing that block. That block is then the |
| // implicit successor for the "then" and "else" clauses. |
| |
| // Save local scope position because in case of condition variable ScopePos |
| // won't be restored when traversing AST. |
| SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); |
| |
| // Create local scope for C++17 if init-stmt if one exists. |
| if (Stmt *Init = I->getInit()) |
| addLocalScopeForStmt(Init); |
| |
| // Create local scope for possible condition variable. |
| // Store scope position. Add implicit destructor. |
| if (VarDecl *VD = I->getConditionVariable()) |
| addLocalScopeForVarDecl(VD); |
| |
| addAutomaticObjHandling(ScopePos, save_scope_pos.get(), I); |
| |
| // The block we were processing is now finished. Make it the successor |
| // block. |
| if (Block) { |
| Succ = Block; |
| if (badCFG) |
| return nullptr; |
| } |
| |
| // Process the false branch. |
| CFGBlock *ElseBlock = Succ; |
| |
| if (Stmt *Else = I->getElse()) { |
| SaveAndRestore<CFGBlock*> sv(Succ); |
| |
| // NULL out Block so that the recursive call to Visit will |
| // create a new basic block. |
| Block = nullptr; |
| |
| // If branch is not a compound statement create implicit scope |
| // and add destructors. |
| if (!isa<CompoundStmt>(Else)) |
| addLocalScopeAndDtors(Else); |
| |
| ElseBlock = addStmt(Else); |
| |
| if (!ElseBlock) // Can occur when the Else body has all NullStmts. |
| ElseBlock = sv.get(); |
| else if (Block) { |
| if (badCFG) |
| return nullptr; |
| } |
| } |
| |
| // Process the true branch. |
| CFGBlock *ThenBlock; |
| { |
| Stmt *Then = I->getThen(); |
| assert(Then); |
| SaveAndRestore<CFGBlock*> sv(Succ); |
| Block = nullptr; |
| |
| // If branch is not a compound statement create implicit scope |
| // and add destructors. |
| if (!isa<CompoundStmt>(Then)) |
| addLocalScopeAndDtors(Then); |
| |
| ThenBlock = addStmt(Then); |
| |
| if (!ThenBlock) { |
| // We can reach here if the "then" body has all NullStmts. |
| // Create an empty block so we can distinguish between true and false |
| // branches in path-sensitive analyses. |
| ThenBlock = createBlock(false); |
| addSuccessor(ThenBlock, sv.get()); |
| } else if (Block) { |
| if (badCFG) |
| return nullptr; |
| } |
| } |
| |
| // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by |
| // having these handle the actual control-flow jump. Note that |
| // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)" |
| // we resort to the old control-flow behavior. This special handling |
| // removes infeasible paths from the control-flow graph by having the |
| // control-flow transfer of '&&' or '||' go directly into the then/else |
| // blocks directly. |
| BinaryOperator *Cond = |
| I->getConditionVariable() |
| ? nullptr |
| : dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens()); |
| CFGBlock *LastBlock; |
| if (Cond && Cond->isLogicalOp()) |
| LastBlock = VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first; |
| else { |
| // Now create a new block containing the if statement. |
| Block = createBlock(false); |
| |
| // Set the terminator of the new block to the If statement. |
| Block->setTerminator(I); |
| |
| // See if this is a known constant. |
| const TryResult &KnownVal = tryEvaluateBool(I->getCond()); |
| |
| // Add the successors. If we know that specific branches are |
| // unreachable, inform addSuccessor() of that knowledge. |
| addSuccessor(Block, ThenBlock, /* isReachable = */ !KnownVal.isFalse()); |
| addSuccessor(Block, ElseBlock, /* isReachable = */ !KnownVal.isTrue()); |
| |
| // Add the condition as the last statement in the new block. This may |
| // create new blocks as the condition may contain control-flow. Any newly |
| // created blocks will be pointed to be "Block". |
| LastBlock = addStmt(I->getCond()); |
| |
| // If the IfStmt contains a condition variable, add it and its |
| // initializer to the CFG. |
| if (const DeclStmt* DS = I->getConditionVariableDeclStmt()) { |
| autoCreateBlock(); |
| LastBlock = addStmt(const_cast<DeclStmt *>(DS)); |
| } |
| } |
| |
| // Finally, if the IfStmt contains a C++17 init-stmt, add it to the CFG. |
| if (Stmt *Init = I->getInit()) { |
| autoCreateBlock(); |
| LastBlock = addStmt(Init); |
| } |
| |
| return LastBlock; |
| } |
| |
| CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) { |
| // If we were in the middle of a block we stop processing that block. |
| // |
| // NOTE: If a "return" appears in the middle of a block, this means that the |
| // code afterwards is DEAD (unreachable). We still keep a basic block |
| // for that code; a simple "mark-and-sweep" from the entry block will be |
| // able to report such dead blocks. |
| |
| // Create the new block. |
| Block = createBlock(false); |
| |
| addAutomaticObjHandling(ScopePos, LocalScope::const_iterator(), R); |
| |
| // If the one of the destructors does not return, we already have the Exit |
| // block as a successor. |
| if (!Block->hasNoReturnElement()) |
| addSuccessor(Block, &cfg->getExit()); |
| |
| // Add the return statement to the block. This may create new blocks if R |
| // contains control-flow (short-circuit operations). |
| return VisitStmt(R, AddStmtChoice::AlwaysAdd); |
| } |
| |
| CFGBlock *CFGBuilder::VisitSEHExceptStmt(SEHExceptStmt *ES) { |
| // SEHExceptStmt are treated like labels, so they are the first statement in a |
| // block. |
| |
| // Save local scope position because in case of exception variable ScopePos |
| // won't be restored when traversing AST. |
| SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); |
| |
| addStmt(ES->getBlock()); |
| CFGBlock *SEHExceptBlock = Block; |
| if (!SEHExceptBlock) |
| SEHExceptBlock = createBlock(); |
| |
| appendStmt(SEHExceptBlock, ES); |
| |
| // Also add the SEHExceptBlock as a label, like with regular labels. |
| SEHExceptBlock->setLabel(ES); |
| |
| // Bail out if the CFG is bad. |
| if (badCFG) |
| return nullptr; |
| |
| // We set Block to NULL to allow lazy creation of a new block (if necessary). |
| Block = nullptr; |
| |
| return SEHExceptBlock; |
| } |
| |
| CFGBlock *CFGBuilder::VisitSEHFinallyStmt(SEHFinallyStmt *FS) { |
| return VisitCompoundStmt(FS->getBlock()); |
| } |
| |
| CFGBlock *CFGBuilder::VisitSEHLeaveStmt(SEHLeaveStmt *LS) { |
| // "__leave" is a control-flow statement. Thus we stop processing the current |
| // block. |
| if (badCFG) |
| return nullptr; |
| |
| // Now create a new block that ends with the __leave statement. |
| Block = createBlock(false); |
| Block->setTerminator(LS); |
| |
| // If there is no target for the __leave, then we are looking at an incomplete |
| // AST. This means that the CFG cannot be constructed. |
| if (SEHLeaveJumpTarget.block) { |
| addAutomaticObjHandling(ScopePos, SEHLeaveJumpTarget.scopePosition, LS); |
| addSuccessor(Block, SEHLeaveJumpTarget.block); |
| } else |
| badCFG = true; |
| |
| return Block; |
| } |
| |
| CFGBlock *CFGBuilder::VisitSEHTryStmt(SEHTryStmt *Terminator) { |
| // "__try"/"__except"/"__finally" is a control-flow statement. Thus we stop |
| // processing the current block. |
| CFGBlock *SEHTrySuccessor = nullptr; |
| |
| if (Block) { |
| if (badCFG) |
| return nullptr; |
| SEHTrySuccessor = Block; |
| } else SEHTrySuccessor = Succ; |
| |
| // FIXME: Implement __finally support. |
| if (Terminator->getFinallyHandler()) |
| return NYS(); |
| |
| CFGBlock *PrevSEHTryTerminatedBlock = TryTerminatedBlock; |
| |
| // Create a new block that will contain the __try statement. |
| CFGBlock *NewTryTerminatedBlock = createBlock(false); |
| |
| // Add the terminator in the __try block. |
| NewTryTerminatedBlock->setTerminator(Terminator); |
| |
| if (SEHExceptStmt *Except = Terminator->getExceptHandler()) { |
| // The code after the try is the implicit successor if there's an __except. |
| Succ = SEHTrySuccessor; |
| Block = nullptr; |
| CFGBlock *ExceptBlock = VisitSEHExceptStmt(Except); |
| if (!ExceptBlock) |
| return nullptr; |
| // Add this block to the list of successors for the block with the try |
| // statement. |
| addSuccessor(NewTryTerminatedBlock, ExceptBlock); |
| } |
| if (PrevSEHTryTerminatedBlock) |
| addSuccessor(NewTryTerminatedBlock, PrevSEHTryTerminatedBlock); |
| else |
| addSuccessor(NewTryTerminatedBlock, &cfg->getExit()); |
| |
| // The code after the try is the implicit successor. |
| Succ = SEHTrySuccessor; |
| |
| // Save the current "__try" context. |
| SaveAndRestore<CFGBlock *> save_try(TryTerminatedBlock, |
| NewTryTerminatedBlock); |
| cfg->addTryDispatchBlock(TryTerminatedBlock); |
| |
| // Save the current value for the __leave target. |
| // All __leaves should go to the code following the __try |
| // (FIXME: or if the __try has a __finally, to the __finally.) |
| SaveAndRestore<JumpTarget> save_break(SEHLeaveJumpTarget); |
| SEHLeaveJumpTarget = JumpTarget(SEHTrySuccessor, ScopePos); |
| |
| assert(Terminator->getTryBlock() && "__try must contain a non-NULL body"); |
| Block = nullptr; |
| return addStmt(Terminator->getTryBlock()); |
| } |
| |
| CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) { |
| // Get the block of the labeled statement. Add it to our map. |
| addStmt(L->getSubStmt()); |
| CFGBlock *LabelBlock = Block; |
| |
| if (!LabelBlock) // This can happen when the body is empty, i.e. |
| LabelBlock = createBlock(); // scopes that only contains NullStmts. |
| |
| assert(LabelMap.find(L->getDecl()) == LabelMap.end() && |
| "label already in map"); |
| LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos); |
| |
| // Labels partition blocks, so this is the end of the basic block we were |
| // processing (L is the block's label). Because this is label (and we have |
| // already processed the substatement) there is no extra control-flow to worry |
| // about. |
| LabelBlock->setLabel(L); |
| if (badCFG) |
| return nullptr; |
| |
| // We set Block to NULL to allow lazy creation of a new block (if necessary); |
| Block = nullptr; |
| |
| // This block is now the implicit successor of other blocks. |
| Succ = LabelBlock; |
| |
| return LabelBlock; |
| } |
| |
| CFGBlock *CFGBuilder::VisitBlockExpr(BlockExpr *E, AddStmtChoice asc) { |
| CFGBlock *LastBlock = VisitNoRecurse(E, asc); |
| for (const BlockDecl::Capture &CI : E->getBlockDecl()->captures()) { |
| if (Expr *CopyExpr = CI.getCopyExpr()) { |
| CFGBlock *Tmp = Visit(CopyExpr); |
| if (Tmp) |
| LastBlock = Tmp; |
| } |
| } |
| return LastBlock; |
| } |
| |
| CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) { |
| CFGBlock *LastBlock = VisitNoRecurse(E, asc); |
| for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(), |
| et = E->capture_init_end(); it != et; ++it) { |
| if (Expr *Init = *it) { |
| CFGBlock *Tmp = Visit(Init); |
| if (Tmp) |
| LastBlock = Tmp; |
| } |
| } |
| return LastBlock; |
| } |
| |
| CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) { |
| // Goto is a control-flow statement. Thus we stop processing the current |
| // block and create a new one. |
| |
| Block = createBlock(false); |
| Block->setTerminator(G); |
| |
| // If we already know the mapping to the label block add the successor now. |
| LabelMapTy::iterator I = LabelMap.find(G->getLabel()); |
| |
| if (I == LabelMap.end()) |
| // We will need to backpatch this block later. |
| BackpatchBlocks.push_back(JumpSource(Block, ScopePos)); |
| else { |
| JumpTarget JT = I->second; |
| addAutomaticObjHandling(ScopePos, JT.scopePosition, G); |
| addSuccessor(Block, JT.block); |
| } |
| |
| return Block; |
| } |
| |
| CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) { |
| CFGBlock *LoopSuccessor = nullptr; |
| |
| // Save local scope position because in case of condition variable ScopePos |
| // won't be restored when traversing AST. |
| SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); |
| |
| // Create local scope for init statement and possible condition variable. |
| // Add destructor for init statement and condition variable. |
| // Store scope position for continue statement. |
| if (Stmt *Init = F->getInit()) |
| addLocalScopeForStmt(Init); |
| LocalScope::const_iterator LoopBeginScopePos = ScopePos; |
| |
| if (VarDecl *VD = F->getConditionVariable()) |
| addLocalScopeForVarDecl(VD); |
| LocalScope::const_iterator ContinueScopePos = ScopePos; |
| |
| addAutomaticObjHandling(ScopePos, save_scope_pos.get(), F); |
| |
| addLoopExit(F); |
| |
| // "for" is a control-flow statement. Thus we stop processing the current |
| // block. |
| if (Block) { |
| if (badCFG) |
| return nullptr; |
| LoopSuccessor = Block; |
| } else |
| LoopSuccessor = Succ; |
| |
| // Save the current value for the break targets. |
| // All breaks should go to the code following the loop. |
| SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); |
| BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); |
| |
| CFGBlock *BodyBlock = nullptr, *TransitionBlock = nullptr; |
| |
| // Now create the loop body. |
| { |
| assert(F->getBody()); |
| |
| // Save the current values for Block, Succ, continue and break targets. |
| SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); |
| SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); |
| |
| // Create an empty block to represent the transition block for looping back |
| // to the head of the loop. If we have increment code, it will |
| // go in this block as well. |
| Block = Succ = TransitionBlock = createBlock(false); |
| TransitionBlock->setLoopTarget(F); |
| |
| if (Stmt *I = F->getInc()) { |
| // Generate increment code in its own basic block. This is the target of |
| // continue statements. |
| Succ = addStmt(I); |
| } |
| |
| // Finish up the increment (or empty) block if it hasn't been already. |
| if (Block) { |
| assert(Block == Succ); |
| if (badCFG) |
| return nullptr; |
| Block = nullptr; |
| } |
| |
| // The starting block for the loop increment is the block that should |
| // represent the 'loop target' for looping back to the start of the loop. |
| ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); |
| ContinueJumpTarget.block->setLoopTarget(F); |
| |
| // Loop body should end with destructor of Condition variable (if any). |
| addAutomaticObjHandling(ScopePos, LoopBeginScopePos, F); |
| |
| // If body is not a compound statement create implicit scope |
| // and add destructors. |
| if (!isa<CompoundStmt>(F->getBody())) |
| addLocalScopeAndDtors(F->getBody()); |
| |
| // Now populate the body block, and in the process create new blocks as we |
| // walk the body of the loop. |
| BodyBlock = addStmt(F->getBody()); |
| |
| if (!BodyBlock) { |
| // In the case of "for (...;...;...);" we can have a null BodyBlock. |
| // Use the continue jump target as the proxy for the body. |
| BodyBlock = ContinueJumpTarget.block; |
| } |
| else if (badCFG) |
| return nullptr; |
| } |
| |
| // Because of short-circuit evaluation, the condition of the loop can span |
| // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that |
| // evaluate the condition. |
| CFGBlock *EntryConditionBlock = nullptr, *ExitConditionBlock = nullptr; |
| |
| do { |
| Expr *C = F->getCond(); |
| |
| // Specially handle logical operators, which have a slightly |
| // more optimal CFG representation. |
| if (BinaryOperator *Cond = |
| dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : nullptr)) |
| if (Cond->isLogicalOp()) { |
| std::tie(EntryConditionBlock, ExitConditionBlock) = |
| VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor); |
| break; |
| } |
| |
| // The default case when not handling logical operators. |
| EntryConditionBlock = ExitConditionBlock = createBlock(false); |
| ExitConditionBlock->setTerminator(F); |
| |
| // See if this is a known constant. |
| TryResult KnownVal(true); |
| |
| if (C) { |
| // Now add the actual condition to the condition block. |
| // Because the condition itself may contain control-flow, new blocks may |
| // be created. Thus we update "Succ" after adding the condition. |
| Block = ExitConditionBlock; |
| EntryConditionBlock = addStmt(C); |
| |
| // If this block contains a condition variable, add both the condition |
| // variable and initializer to the CFG. |
| if (VarDecl *VD = F->getConditionVariable()) { |
| if (Expr *Init = VD->getInit()) { |
| autoCreateBlock(); |
| appendStmt(Block, F->getConditionVariableDeclStmt()); |
| EntryConditionBlock = addStmt(Init); |
| assert(Block == EntryConditionBlock); |
| } |
| } |
| |
| if (Block && badCFG) |
| return nullptr; |
| |
| KnownVal = tryEvaluateBool(C); |
| } |
| |
| // Add the loop body entry as a successor to the condition. |
| addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? nullptr : BodyBlock); |
| // Link up the condition block with the code that follows the loop. (the |
| // false branch). |
| addSuccessor(ExitConditionBlock, |
| KnownVal.isTrue() ? nullptr : LoopSuccessor); |
| } while (false); |
| |
| // Link up the loop-back block to the entry condition block. |
| addSuccessor(TransitionBlock, EntryConditionBlock); |
| |