1 //===--- CFG.cpp - Classes for representing and building CFGs----*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the CFG and CFGBuilder classes for representing and 11// building Control-Flow Graphs (CFGs) from ASTs. 12// 13//===----------------------------------------------------------------------===// 14 15#include "clang/Analysis/CFG.h" 16#include "clang/AST/ASTContext.h" 17#include "clang/AST/Attr.h" 18#include "clang/AST/CharUnits.h" 19#include "clang/AST/DeclCXX.h" 20#include "clang/AST/PrettyPrinter.h" 21#include "clang/AST/StmtVisitor.h" 22#include "clang/Basic/Builtins.h" 23#include "llvm/ADT/DenseMap.h" 24#include <memory> 25#include "llvm/ADT/SmallPtrSet.h" 26#include "llvm/Support/Allocator.h" 27#include "llvm/Support/Format.h" 28#include "llvm/Support/GraphWriter.h" 29#include "llvm/Support/SaveAndRestore.h" 30 31using namespace clang; 32 33namespace { 34 35static SourceLocation GetEndLoc(Decl *D) { 36 if (VarDecl *VD = dyn_cast<VarDecl>(D)) 37 if (Expr *Ex = VD->getInit()) 38 return Ex->getSourceRange().getEnd(); 39 return D->getLocation(); 40} 41 42/// Helper for tryNormalizeBinaryOperator. Attempts to extract an IntegerLiteral 43/// or EnumConstantDecl from the given Expr. If it fails, returns nullptr. 44const Expr *tryTransformToIntOrEnumConstant(const Expr *E) { 45 E = E->IgnoreParens(); 46 if (isa<IntegerLiteral>(E)) 47 return E; 48 if (auto *DR = dyn_cast<DeclRefExpr>(E->IgnoreParenImpCasts())) 49 return isa<EnumConstantDecl>(DR->getDecl()) ? DR : nullptr; 50 return nullptr; 51} 52 53/// Tries to interpret a binary operator into `Decl Op Expr` form, if Expr is 54/// an integer literal or an enum constant. 55/// 56/// If this fails, at least one of the returned DeclRefExpr or Expr will be 57/// null. 58static std::tuple<const DeclRefExpr *, BinaryOperatorKind, const Expr *> 59tryNormalizeBinaryOperator(const BinaryOperator *B) { 60 BinaryOperatorKind Op = B->getOpcode(); 61 62 const Expr *MaybeDecl = B->getLHS(); 63 const Expr *Constant = tryTransformToIntOrEnumConstant(B->getRHS()); 64 // Expr looked like `0 == Foo` instead of `Foo == 0` 65 if (Constant == nullptr) { 66 // Flip the operator 67 if (Op == BO_GT) 68 Op = BO_LT; 69 else if (Op == BO_GE) 70 Op = BO_LE; 71 else if (Op == BO_LT) 72 Op = BO_GT; 73 else if (Op == BO_LE) 74 Op = BO_GE; 75 76 MaybeDecl = B->getRHS(); 77 Constant = tryTransformToIntOrEnumConstant(B->getLHS()); 78 } 79 80 auto *D = dyn_cast<DeclRefExpr>(MaybeDecl->IgnoreParenImpCasts()); 81 return std::make_tuple(D, Op, Constant); 82} 83 84/// For an expression `x == Foo && x == Bar`, this determines whether the 85/// `Foo` and `Bar` are either of the same enumeration type, or both integer 86/// literals. 87/// 88/// It's an error to pass this arguments that are not either IntegerLiterals 89/// or DeclRefExprs (that have decls of type EnumConstantDecl) 90static bool areExprTypesCompatible(const Expr *E1, const Expr *E2) { 91 // User intent isn't clear if they're mixing int literals with enum 92 // constants. 93 if (isa<IntegerLiteral>(E1) != isa<IntegerLiteral>(E2)) 94 return false; 95 96 // Integer literal comparisons, regardless of literal type, are acceptable. 97 if (isa<IntegerLiteral>(E1)) 98 return true; 99 100 // IntegerLiterals are handled above and only EnumConstantDecls are expected 101 // beyond this point 102 assert(isa<DeclRefExpr>(E1) && isa<DeclRefExpr>(E2)); 103 auto *Decl1 = cast<DeclRefExpr>(E1)->getDecl(); 104 auto *Decl2 = cast<DeclRefExpr>(E2)->getDecl(); 105 106 assert(isa<EnumConstantDecl>(Decl1) && isa<EnumConstantDecl>(Decl2)); 107 const DeclContext *DC1 = Decl1->getDeclContext(); 108 const DeclContext *DC2 = Decl2->getDeclContext(); 109 110 assert(isa<EnumDecl>(DC1) && isa<EnumDecl>(DC2)); 111 return DC1 == DC2; 112} 113 114class CFGBuilder; 115 116/// The CFG builder uses a recursive algorithm to build the CFG. When 117/// we process an expression, sometimes we know that we must add the 118/// subexpressions as block-level expressions. For example: 119/// 120/// exp1 || exp2 121/// 122/// When processing the '||' expression, we know that exp1 and exp2 123/// need to be added as block-level expressions, even though they 124/// might not normally need to be. AddStmtChoice records this 125/// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then 126/// the builder has an option not to add a subexpression as a 127/// block-level expression. 128/// 129class AddStmtChoice { 130public: 131 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 }; 132 133 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {} 134 135 bool alwaysAdd(CFGBuilder &builder, 136 const Stmt *stmt) const; 137 138 /// Return a copy of this object, except with the 'always-add' bit 139 /// set as specified. 140 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const { 141 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd); 142 } 143 144private: 145 Kind kind; 146}; 147 148/// LocalScope - Node in tree of local scopes created for C++ implicit 149/// destructor calls generation. It contains list of automatic variables 150/// declared in the scope and link to position in previous scope this scope 151/// began in. 152/// 153/// The process of creating local scopes is as follows: 154/// - Init CFGBuilder::ScopePos with invalid position (equivalent for null), 155/// - Before processing statements in scope (e.g. CompoundStmt) create 156/// LocalScope object using CFGBuilder::ScopePos as link to previous scope 157/// and set CFGBuilder::ScopePos to the end of new scope, 158/// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points 159/// at this VarDecl, 160/// - For every normal (without jump) end of scope add to CFGBlock destructors 161/// for objects in the current scope, 162/// - For every jump add to CFGBlock destructors for objects 163/// between CFGBuilder::ScopePos and local scope position saved for jump 164/// target. Thanks to C++ restrictions on goto jumps we can be sure that 165/// jump target position will be on the path to root from CFGBuilder::ScopePos 166/// (adding any variable that doesn't need constructor to be called to 167/// LocalScope can break this assumption), 168/// 169class LocalScope { 170public: 171 typedef BumpVector<VarDecl*> AutomaticVarsTy; 172 173 /// const_iterator - Iterates local scope backwards and jumps to previous 174 /// scope on reaching the beginning of currently iterated scope. 175 class const_iterator { 176 const LocalScope* Scope; 177 178 /// VarIter is guaranteed to be greater then 0 for every valid iterator. 179 /// Invalid iterator (with null Scope) has VarIter equal to 0. 180 unsigned VarIter; 181 182 public: 183 /// Create invalid iterator. Dereferencing invalid iterator is not allowed. 184 /// Incrementing invalid iterator is allowed and will result in invalid 185 /// iterator. 186 const_iterator() 187 : Scope(nullptr), VarIter(0) {} 188 189 /// Create valid iterator. In case when S.Prev is an invalid iterator and 190 /// I is equal to 0, this will create invalid iterator. 191 const_iterator(const LocalScope& S, unsigned I) 192 : Scope(&S), VarIter(I) { 193 // Iterator to "end" of scope is not allowed. Handle it by going up 194 // in scopes tree possibly up to invalid iterator in the root. 195 if (VarIter == 0 && Scope) 196 *this = Scope->Prev; 197 } 198 199 VarDecl *const* operator->() const { 200 assert (Scope && "Dereferencing invalid iterator is not allowed"); 201 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 202 return &Scope->Vars[VarIter - 1]; 203 } 204 VarDecl *operator*() const { 205 return *this->operator->(); 206 } 207 208 const_iterator &operator++() { 209 if (!Scope) 210 return *this; 211 212 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 213 --VarIter; 214 if (VarIter == 0) 215 *this = Scope->Prev; 216 return *this; 217 } 218 const_iterator operator++(int) { 219 const_iterator P = *this; 220 ++*this; 221 return P; 222 } 223 224 bool operator==(const const_iterator &rhs) const { 225 return Scope == rhs.Scope && VarIter == rhs.VarIter; 226 } 227 bool operator!=(const const_iterator &rhs) const { 228 return !(*this == rhs); 229 } 230 231 explicit operator bool() const { 232 return *this != const_iterator(); 233 } 234 235 int distance(const_iterator L); 236 }; 237 238 friend class const_iterator; 239 240private: 241 BumpVectorContext ctx; 242 243 /// Automatic variables in order of declaration. 244 AutomaticVarsTy Vars; 245 /// Iterator to variable in previous scope that was declared just before 246 /// begin of this scope. 247 const_iterator Prev; 248 249public: 250 /// Constructs empty scope linked to previous scope in specified place. 251 LocalScope(BumpVectorContext ctx, const_iterator P) 252 : ctx(std::move(ctx)), Vars(this->ctx, 4), Prev(P) {} 253 254 /// Begin of scope in direction of CFG building (backwards). 255 const_iterator begin() const { return const_iterator(*this, Vars.size()); } 256 257 void addVar(VarDecl *VD) { 258 Vars.push_back(VD, ctx); 259 } 260}; 261 262/// distance - Calculates distance from this to L. L must be reachable from this 263/// (with use of ++ operator). Cost of calculating the distance is linear w.r.t. 264/// number of scopes between this and L. 265int LocalScope::const_iterator::distance(LocalScope::const_iterator L) { 266 int D = 0; 267 const_iterator F = *this; 268 while (F.Scope != L.Scope) { 269 assert (F != const_iterator() 270 && "L iterator is not reachable from F iterator."); 271 D += F.VarIter; 272 F = F.Scope->Prev; 273 } 274 D += F.VarIter - L.VarIter; 275 return D; 276} 277 278/// Structure for specifying position in CFG during its build process. It 279/// consists of CFGBlock that specifies position in CFG and 280/// LocalScope::const_iterator that specifies position in LocalScope graph. 281struct BlockScopePosPair { 282 BlockScopePosPair() : block(nullptr) {} 283 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos) 284 : block(b), scopePosition(scopePos) {} 285 286 CFGBlock *block; 287 LocalScope::const_iterator scopePosition; 288}; 289 290/// TryResult - a class representing a variant over the values 291/// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool, 292/// and is used by the CFGBuilder to decide if a branch condition 293/// can be decided up front during CFG construction. 294class TryResult { 295 int X; 296public: 297 TryResult(bool b) : X(b ? 1 : 0) {} 298 TryResult() : X(-1) {} 299 300 bool isTrue() const { return X == 1; } 301 bool isFalse() const { return X == 0; } 302 bool isKnown() const { return X >= 0; } 303 void negate() { 304 assert(isKnown()); 305 X ^= 0x1; 306 } 307}; 308 309TryResult bothKnownTrue(TryResult R1, TryResult R2) { 310 if (!R1.isKnown() || !R2.isKnown()) 311 return TryResult(); 312 return TryResult(R1.isTrue() && R2.isTrue()); 313} 314 315class reverse_children { 316 llvm::SmallVector<Stmt *, 12> childrenBuf; 317 ArrayRef<Stmt*> children; 318public: 319 reverse_children(Stmt *S); 320 321 typedef ArrayRef<Stmt*>::reverse_iterator iterator; 322 iterator begin() const { return children.rbegin(); } 323 iterator end() const { return children.rend(); } 324}; 325 326 327reverse_children::reverse_children(Stmt *S) { 328 if (CallExpr *CE = dyn_cast<CallExpr>(S)) { 329 children = CE->getRawSubExprs(); 330 return; 331 } 332 switch (S->getStmtClass()) { 333 // Note: Fill in this switch with more cases we want to optimize. 334 case Stmt::InitListExprClass: { 335 InitListExpr *IE = cast<InitListExpr>(S); 336 children = llvm::makeArrayRef(reinterpret_cast<Stmt**>(IE->getInits()), 337 IE->getNumInits()); 338 return; 339 } 340 default: 341 break; 342 } 343 344 // Default case for all other statements. 345 for (Stmt *SubStmt : S->children()) 346 childrenBuf.push_back(SubStmt); 347 348 // This needs to be done *after* childrenBuf has been populated. 349 children = childrenBuf; 350} 351 352/// CFGBuilder - This class implements CFG construction from an AST. 353/// The builder is stateful: an instance of the builder should be used to only 354/// construct a single CFG. 355/// 356/// Example usage: 357/// 358/// CFGBuilder builder; 359/// std::unique_ptr<CFG> cfg = builder.buildCFG(decl, stmt1); 360/// 361/// CFG construction is done via a recursive walk of an AST. We actually parse 362/// the AST in reverse order so that the successor of a basic block is 363/// constructed prior to its predecessor. This allows us to nicely capture 364/// implicit fall-throughs without extra basic blocks. 365/// 366class CFGBuilder { 367 typedef BlockScopePosPair JumpTarget; 368 typedef BlockScopePosPair JumpSource; 369 370 ASTContext *Context; 371 std::unique_ptr<CFG> cfg; 372 373 CFGBlock *Block; 374 CFGBlock *Succ; 375 JumpTarget ContinueJumpTarget; 376 JumpTarget BreakJumpTarget; 377 CFGBlock *SwitchTerminatedBlock; 378 CFGBlock *DefaultCaseBlock; 379 CFGBlock *TryTerminatedBlock; 380 381 // Current position in local scope. 382 LocalScope::const_iterator ScopePos; 383 384 // LabelMap records the mapping from Label expressions to their jump targets. 385 typedef llvm::DenseMap<LabelDecl*, JumpTarget> LabelMapTy; 386 LabelMapTy LabelMap; 387 388 // A list of blocks that end with a "goto" that must be backpatched to their 389 // resolved targets upon completion of CFG construction. 390 typedef std::vector<JumpSource> BackpatchBlocksTy; 391 BackpatchBlocksTy BackpatchBlocks; 392 393 // A list of labels whose address has been taken (for indirect gotos). 394 typedef llvm::SmallPtrSet<LabelDecl*, 5> LabelSetTy; 395 LabelSetTy AddressTakenLabels; 396 397 bool badCFG; 398 const CFG::BuildOptions &BuildOpts; 399 400 // State to track for building switch statements. 401 bool switchExclusivelyCovered; 402 Expr::EvalResult *switchCond; 403 404 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry; 405 const Stmt *lastLookup; 406 407 // Caches boolean evaluations of expressions to avoid multiple re-evaluations 408 // during construction of branches for chained logical operators. 409 typedef llvm::DenseMap<Expr *, TryResult> CachedBoolEvalsTy; 410 CachedBoolEvalsTy CachedBoolEvals; 411 412public: 413 explicit CFGBuilder(ASTContext *astContext, 414 const CFG::BuildOptions &buildOpts) 415 : Context(astContext), cfg(new CFG()), // crew a new CFG 416 Block(nullptr), Succ(nullptr), 417 SwitchTerminatedBlock(nullptr), DefaultCaseBlock(nullptr), 418 TryTerminatedBlock(nullptr), badCFG(false), BuildOpts(buildOpts), 419 switchExclusivelyCovered(false), switchCond(nullptr), 420 cachedEntry(nullptr), lastLookup(nullptr) {} 421 422 // buildCFG - Used by external clients to construct the CFG. 423 std::unique_ptr<CFG> buildCFG(const Decl *D, Stmt *Statement); 424 425 bool alwaysAdd(const Stmt *stmt); 426 427private: 428 // Visitors to walk an AST and construct the CFG. 429 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc); 430 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc); 431 CFGBlock *VisitBreakStmt(BreakStmt *B); 432 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc); 433 CFGBlock *VisitCaseStmt(CaseStmt *C); 434 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc); 435 CFGBlock *VisitCompoundStmt(CompoundStmt *C); 436 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C, 437 AddStmtChoice asc); 438 CFGBlock *VisitContinueStmt(ContinueStmt *C); 439 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 440 AddStmtChoice asc); 441 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S); 442 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc); 443 CFGBlock *VisitCXXNewExpr(CXXNewExpr *DE, AddStmtChoice asc); 444 CFGBlock *VisitCXXDeleteExpr(CXXDeleteExpr *DE, AddStmtChoice asc); 445 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S); 446 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 447 AddStmtChoice asc); 448 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 449 AddStmtChoice asc); 450 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T); 451 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S); 452 CFGBlock *VisitDeclStmt(DeclStmt *DS); 453 CFGBlock *VisitDeclSubExpr(DeclStmt *DS); 454 CFGBlock *VisitDefaultStmt(DefaultStmt *D); 455 CFGBlock *VisitDoStmt(DoStmt *D); 456 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E, AddStmtChoice asc); 457 CFGBlock *VisitForStmt(ForStmt *F); 458 CFGBlock *VisitGotoStmt(GotoStmt *G); 459 CFGBlock *VisitIfStmt(IfStmt *I); 460 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc); 461 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I); 462 CFGBlock *VisitLabelStmt(LabelStmt *L); 463 CFGBlock *VisitBlockExpr(BlockExpr *E, AddStmtChoice asc); 464 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc); 465 CFGBlock *VisitLogicalOperator(BinaryOperator *B); 466 std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B, 467 Stmt *Term, 468 CFGBlock *TrueBlock, 469 CFGBlock *FalseBlock); 470 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc); 471 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S); 472 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S); 473 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S); 474 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S); 475 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S); 476 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S); 477 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E); 478 CFGBlock *VisitReturnStmt(ReturnStmt *R); 479 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc); 480 CFGBlock *VisitSwitchStmt(SwitchStmt *S); 481 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 482 AddStmtChoice asc); 483 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc); 484 CFGBlock *VisitWhileStmt(WhileStmt *W); 485 486 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd); 487 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc); 488 CFGBlock *VisitChildren(Stmt *S); 489 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc); 490 491 /// When creating the CFG for temporary destructors, we want to mirror the 492 /// branch structure of the corresponding constructor calls. 493 /// Thus, while visiting a statement for temporary destructors, we keep a 494 /// context to keep track of the following information: 495 /// - whether a subexpression is executed unconditionally 496 /// - if a subexpression is executed conditionally, the first 497 /// CXXBindTemporaryExpr we encounter in that subexpression (which 498 /// corresponds to the last temporary destructor we have to call for this 499 /// subexpression) and the CFG block at that point (which will become the 500 /// successor block when inserting the decision point). 501 /// 502 /// That way, we can build the branch structure for temporary destructors as 503 /// follows: 504 /// 1. If a subexpression is executed unconditionally, we add the temporary 505 /// destructor calls to the current block. 506 /// 2. If a subexpression is executed conditionally, when we encounter a 507 /// CXXBindTemporaryExpr: 508 /// a) If it is the first temporary destructor call in the subexpression, 509 /// we remember the CXXBindTemporaryExpr and the current block in the 510 /// TempDtorContext; we start a new block, and insert the temporary 511 /// destructor call. 512 /// b) Otherwise, add the temporary destructor call to the current block. 513 /// 3. When we finished visiting a conditionally executed subexpression, 514 /// and we found at least one temporary constructor during the visitation 515 /// (2.a has executed), we insert a decision block that uses the 516 /// CXXBindTemporaryExpr as terminator, and branches to the current block 517 /// if the CXXBindTemporaryExpr was marked executed, and otherwise 518 /// branches to the stored successor. 519 struct TempDtorContext { 520 TempDtorContext() 521 : IsConditional(false), KnownExecuted(true), Succ(nullptr), 522 TerminatorExpr(nullptr) {} 523 524 TempDtorContext(TryResult KnownExecuted) 525 : IsConditional(true), KnownExecuted(KnownExecuted), Succ(nullptr), 526 TerminatorExpr(nullptr) {} 527 528 /// Returns whether we need to start a new branch for a temporary destructor 529 /// call. This is the case when the temporary destructor is 530 /// conditionally executed, and it is the first one we encounter while 531 /// visiting a subexpression - other temporary destructors at the same level 532 /// will be added to the same block and are executed under the same 533 /// condition. 534 bool needsTempDtorBranch() const { 535 return IsConditional && !TerminatorExpr; 536 } 537 538 /// Remember the successor S of a temporary destructor decision branch for 539 /// the corresponding CXXBindTemporaryExpr E. 540 void setDecisionPoint(CFGBlock *S, CXXBindTemporaryExpr *E) { 541 Succ = S; 542 TerminatorExpr = E; 543 } 544 545 const bool IsConditional; 546 const TryResult KnownExecuted; 547 CFGBlock *Succ; 548 CXXBindTemporaryExpr *TerminatorExpr; 549 }; 550 551 // Visitors to walk an AST and generate destructors of temporaries in 552 // full expression. 553 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary, 554 TempDtorContext &Context); 555 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E, TempDtorContext &Context); 556 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E, 557 TempDtorContext &Context); 558 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors( 559 CXXBindTemporaryExpr *E, bool BindToTemporary, TempDtorContext &Context); 560 CFGBlock *VisitConditionalOperatorForTemporaryDtors( 561 AbstractConditionalOperator *E, bool BindToTemporary, 562 TempDtorContext &Context); 563 void InsertTempDtorDecisionBlock(const TempDtorContext &Context, 564 CFGBlock *FalseSucc = nullptr); 565 566 // NYS == Not Yet Supported 567 CFGBlock *NYS() { 568 badCFG = true; 569 return Block; 570 } 571 572 void autoCreateBlock() { if (!Block) Block = createBlock(); } 573 CFGBlock *createBlock(bool add_successor = true); 574 CFGBlock *createNoReturnBlock(); 575 576 CFGBlock *addStmt(Stmt *S) { 577 return Visit(S, AddStmtChoice::AlwaysAdd); 578 } 579 CFGBlock *addInitializer(CXXCtorInitializer *I); 580 void addAutomaticObjDtors(LocalScope::const_iterator B, 581 LocalScope::const_iterator E, Stmt *S); 582 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD); 583 584 // Local scopes creation. 585 LocalScope* createOrReuseLocalScope(LocalScope* Scope); 586 587 void addLocalScopeForStmt(Stmt *S); 588 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, 589 LocalScope* Scope = nullptr); 590 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = nullptr); 591 592 void addLocalScopeAndDtors(Stmt *S); 593 594 // Interface to CFGBlock - adding CFGElements. 595 void appendStmt(CFGBlock *B, const Stmt *S) { 596 if (alwaysAdd(S) && cachedEntry) 597 cachedEntry->second = B; 598 599 // All block-level expressions should have already been IgnoreParens()ed. 600 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); 601 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); 602 } 603 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) { 604 B->appendInitializer(I, cfg->getBumpVectorContext()); 605 } 606 void appendNewAllocator(CFGBlock *B, CXXNewExpr *NE) { 607 B->appendNewAllocator(NE, cfg->getBumpVectorContext()); 608 } 609 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) { 610 B->appendBaseDtor(BS, cfg->getBumpVectorContext()); 611 } 612 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) { 613 B->appendMemberDtor(FD, cfg->getBumpVectorContext()); 614 } 615 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) { 616 B->appendTemporaryDtor(E, cfg->getBumpVectorContext()); 617 } 618 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) { 619 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext()); 620 } 621 622 void appendDeleteDtor(CFGBlock *B, CXXRecordDecl *RD, CXXDeleteExpr *DE) { 623 B->appendDeleteDtor(RD, DE, cfg->getBumpVectorContext()); 624 } 625 626 void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 627 LocalScope::const_iterator B, LocalScope::const_iterator E); 628 629 void addSuccessor(CFGBlock *B, CFGBlock *S, bool IsReachable = true) { 630 B->addSuccessor(CFGBlock::AdjacentBlock(S, IsReachable), 631 cfg->getBumpVectorContext()); 632 } 633 634 /// Add a reachable successor to a block, with the alternate variant that is 635 /// unreachable. 636 void addSuccessor(CFGBlock *B, CFGBlock *ReachableBlock, CFGBlock *AltBlock) { 637 B->addSuccessor(CFGBlock::AdjacentBlock(ReachableBlock, AltBlock), 638 cfg->getBumpVectorContext()); 639 } 640 641 /// \brief Find a relational comparison with an expression evaluating to a 642 /// boolean and a constant other than 0 and 1. 643 /// e.g. if ((x < y) == 10) 644 TryResult checkIncorrectRelationalOperator(const BinaryOperator *B) { 645 const Expr *LHSExpr = B->getLHS()->IgnoreParens(); 646 const Expr *RHSExpr = B->getRHS()->IgnoreParens(); 647 648 const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr); 649 const Expr *BoolExpr = RHSExpr; 650 bool IntFirst = true; 651 if (!IntLiteral) { 652 IntLiteral = dyn_cast<IntegerLiteral>(RHSExpr); 653 BoolExpr = LHSExpr; 654 IntFirst = false; 655 } 656 657 if (!IntLiteral || !BoolExpr->isKnownToHaveBooleanValue()) 658 return TryResult(); 659 660 llvm::APInt IntValue = IntLiteral->getValue(); 661 if ((IntValue == 1) || (IntValue == 0)) 662 return TryResult(); 663 664 bool IntLarger = IntLiteral->getType()->isUnsignedIntegerType() || 665 !IntValue.isNegative(); 666 667 BinaryOperatorKind Bok = B->getOpcode(); 668 if (Bok == BO_GT || Bok == BO_GE) { 669 // Always true for 10 > bool and bool > -1 670 // Always false for -1 > bool and bool > 10 671 return TryResult(IntFirst == IntLarger); 672 } else { 673 // Always true for -1 < bool and bool < 10 674 // Always false for 10 < bool and bool < -1 675 return TryResult(IntFirst != IntLarger); 676 } 677 } 678 679 /// Find an incorrect equality comparison. Either with an expression 680 /// evaluating to a boolean and a constant other than 0 and 1. 681 /// e.g. if (!x == 10) or a bitwise and/or operation that always evaluates to 682 /// true/false e.q. (x & 8) == 4. 683 TryResult checkIncorrectEqualityOperator(const BinaryOperator *B) { 684 const Expr *LHSExpr = B->getLHS()->IgnoreParens(); 685 const Expr *RHSExpr = B->getRHS()->IgnoreParens(); 686 687 const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr); 688 const Expr *BoolExpr = RHSExpr; 689 690 if (!IntLiteral) { 691 IntLiteral = dyn_cast<IntegerLiteral>(RHSExpr); 692 BoolExpr = LHSExpr; 693 } 694 695 if (!IntLiteral) 696 return TryResult(); 697 698 const BinaryOperator *BitOp = dyn_cast<BinaryOperator>(BoolExpr); 699 if (BitOp && (BitOp->getOpcode() == BO_And || 700 BitOp->getOpcode() == BO_Or)) { 701 const Expr *LHSExpr2 = BitOp->getLHS()->IgnoreParens(); 702 const Expr *RHSExpr2 = BitOp->getRHS()->IgnoreParens(); 703 704 const IntegerLiteral *IntLiteral2 = dyn_cast<IntegerLiteral>(LHSExpr2); 705 706 if (!IntLiteral2) 707 IntLiteral2 = dyn_cast<IntegerLiteral>(RHSExpr2); 708 709 if (!IntLiteral2) 710 return TryResult(); 711 712 llvm::APInt L1 = IntLiteral->getValue(); 713 llvm::APInt L2 = IntLiteral2->getValue(); 714 if ((BitOp->getOpcode() == BO_And && (L2 & L1) != L1) || 715 (BitOp->getOpcode() == BO_Or && (L2 | L1) != L1)) { 716 if (BuildOpts.Observer) 717 BuildOpts.Observer->compareBitwiseEquality(B, 718 B->getOpcode() != BO_EQ); 719 TryResult(B->getOpcode() != BO_EQ); 720 } 721 } else if (BoolExpr->isKnownToHaveBooleanValue()) { 722 llvm::APInt IntValue = IntLiteral->getValue(); 723 if ((IntValue == 1) || (IntValue == 0)) { 724 return TryResult(); 725 } 726 return TryResult(B->getOpcode() != BO_EQ); 727 } 728 729 return TryResult(); 730 } 731 732 TryResult analyzeLogicOperatorCondition(BinaryOperatorKind Relation, 733 const llvm::APSInt &Value1, 734 const llvm::APSInt &Value2) { 735 assert(Value1.isSigned() == Value2.isSigned()); 736 switch (Relation) { 737 default: 738 return TryResult(); 739 case BO_EQ: 740 return TryResult(Value1 == Value2); 741 case BO_NE: 742 return TryResult(Value1 != Value2); 743 case BO_LT: 744 return TryResult(Value1 < Value2); 745 case BO_LE: 746 return TryResult(Value1 <= Value2); 747 case BO_GT: 748 return TryResult(Value1 > Value2); 749 case BO_GE: 750 return TryResult(Value1 >= Value2); 751 } 752 } 753 754 /// \brief Find a pair of comparison expressions with or without parentheses 755 /// with a shared variable and constants and a logical operator between them 756 /// that always evaluates to either true or false. 757 /// e.g. if (x != 3 || x != 4) 758 TryResult checkIncorrectLogicOperator(const BinaryOperator *B) { 759 assert(B->isLogicalOp()); 760 const BinaryOperator *LHS = 761 dyn_cast<BinaryOperator>(B->getLHS()->IgnoreParens()); 762 const BinaryOperator *RHS = 763 dyn_cast<BinaryOperator>(B->getRHS()->IgnoreParens()); 764 if (!LHS || !RHS) 765 return TryResult(); 766 767 if (!LHS->isComparisonOp() || !RHS->isComparisonOp()) 768 return TryResult(); 769 770 const DeclRefExpr *Decl1; 771 const Expr *Expr1; 772 BinaryOperatorKind BO1; 773 std::tie(Decl1, BO1, Expr1) = tryNormalizeBinaryOperator(LHS); 774 775 if (!Decl1 || !Expr1) 776 return TryResult(); 777 778 const DeclRefExpr *Decl2; 779 const Expr *Expr2; 780 BinaryOperatorKind BO2; 781 std::tie(Decl2, BO2, Expr2) = tryNormalizeBinaryOperator(RHS); 782 783 if (!Decl2 || !Expr2) 784 return TryResult(); 785 786 // Check that it is the same variable on both sides. 787 if (Decl1->getDecl() != Decl2->getDecl()) 788 return TryResult(); 789 790 // Make sure the user's intent is clear (e.g. they're comparing against two 791 // int literals, or two things from the same enum) 792 if (!areExprTypesCompatible(Expr1, Expr2)) 793 return TryResult(); 794 795 llvm::APSInt L1, L2; 796 797 if (!Expr1->EvaluateAsInt(L1, *Context) || 798 !Expr2->EvaluateAsInt(L2, *Context)) 799 return TryResult(); 800 801 // Can't compare signed with unsigned or with different bit width. 802 if (L1.isSigned() != L2.isSigned() || L1.getBitWidth() != L2.getBitWidth()) 803 return TryResult(); 804 805 // Values that will be used to determine if result of logical 806 // operator is always true/false 807 const llvm::APSInt Values[] = { 808 // Value less than both Value1 and Value2 809 llvm::APSInt::getMinValue(L1.getBitWidth(), L1.isUnsigned()), 810 // L1 811 L1, 812 // Value between Value1 and Value2 813 ((L1 < L2) ? L1 : L2) + llvm::APSInt(llvm::APInt(L1.getBitWidth(), 1), 814 L1.isUnsigned()), 815 // L2 816 L2, 817 // Value greater than both Value1 and Value2 818 llvm::APSInt::getMaxValue(L1.getBitWidth(), L1.isUnsigned()), 819 }; 820 821 // Check whether expression is always true/false by evaluating the following 822 // * variable x is less than the smallest literal. 823 // * variable x is equal to the smallest literal. 824 // * Variable x is between smallest and largest literal. 825 // * Variable x is equal to the largest literal. 826 // * Variable x is greater than largest literal. 827 bool AlwaysTrue = true, AlwaysFalse = true; 828 for (llvm::APSInt Value : Values) { 829 TryResult Res1, Res2; 830 Res1 = analyzeLogicOperatorCondition(BO1, Value, L1); 831 Res2 = analyzeLogicOperatorCondition(BO2, Value, L2); 832 833 if (!Res1.isKnown() || !Res2.isKnown()) 834 return TryResult(); 835 836 if (B->getOpcode() == BO_LAnd) { 837 AlwaysTrue &= (Res1.isTrue() && Res2.isTrue()); 838 AlwaysFalse &= !(Res1.isTrue() && Res2.isTrue()); 839 } else { 840 AlwaysTrue &= (Res1.isTrue() || Res2.isTrue()); 841 AlwaysFalse &= !(Res1.isTrue() || Res2.isTrue()); 842 } 843 } 844 845 if (AlwaysTrue || AlwaysFalse) { 846 if (BuildOpts.Observer) 847 BuildOpts.Observer->compareAlwaysTrue(B, AlwaysTrue); 848 return TryResult(AlwaysTrue); 849 } 850 return TryResult(); 851 } 852 853 /// Try and evaluate an expression to an integer constant. 854 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) { 855 if (!BuildOpts.PruneTriviallyFalseEdges) 856 return false; 857 return !S->isTypeDependent() && 858 !S->isValueDependent() && 859 S->EvaluateAsRValue(outResult, *Context); 860 } 861 862 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1 863 /// if we can evaluate to a known value, otherwise return -1. 864 TryResult tryEvaluateBool(Expr *S) { 865 if (!BuildOpts.PruneTriviallyFalseEdges || 866 S->isTypeDependent() || S->isValueDependent()) 867 return TryResult(); 868 869 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) { 870 if (Bop->isLogicalOp()) { 871 // Check the cache first. 872 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S); 873 if (I != CachedBoolEvals.end()) 874 return I->second; // already in map; 875 876 // Retrieve result at first, or the map might be updated. 877 TryResult Result = evaluateAsBooleanConditionNoCache(S); 878 CachedBoolEvals[S] = Result; // update or insert 879 return Result; 880 } 881 else { 882 switch (Bop->getOpcode()) { 883 default: break; 884 // For 'x & 0' and 'x * 0', we can determine that 885 // the value is always false. 886 case BO_Mul: 887 case BO_And: { 888 // If either operand is zero, we know the value 889 // must be false. 890 llvm::APSInt IntVal; 891 if (Bop->getLHS()->EvaluateAsInt(IntVal, *Context)) { 892 if (!IntVal.getBoolValue()) { 893 return TryResult(false); 894 } 895 } 896 if (Bop->getRHS()->EvaluateAsInt(IntVal, *Context)) { 897 if (!IntVal.getBoolValue()) { 898 return TryResult(false); 899 } 900 } 901 } 902 break; 903 } 904 } 905 } 906 907 return evaluateAsBooleanConditionNoCache(S); 908 } 909 910 /// \brief Evaluate as boolean \param E without using the cache. 911 TryResult evaluateAsBooleanConditionNoCache(Expr *E) { 912 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) { 913 if (Bop->isLogicalOp()) { 914 TryResult LHS = tryEvaluateBool(Bop->getLHS()); 915 if (LHS.isKnown()) { 916 // We were able to evaluate the LHS, see if we can get away with not 917 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1 918 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 919 return LHS.isTrue(); 920 921 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 922 if (RHS.isKnown()) { 923 if (Bop->getOpcode() == BO_LOr) 924 return LHS.isTrue() || RHS.isTrue(); 925 else 926 return LHS.isTrue() && RHS.isTrue(); 927 } 928 } else { 929 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 930 if (RHS.isKnown()) { 931 // We can't evaluate the LHS; however, sometimes the result 932 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1. 933 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 934 return RHS.isTrue(); 935 } else { 936 TryResult BopRes = checkIncorrectLogicOperator(Bop); 937 if (BopRes.isKnown()) 938 return BopRes.isTrue(); 939 } 940 } 941 942 return TryResult(); 943 } else if (Bop->isEqualityOp()) { 944 TryResult BopRes = checkIncorrectEqualityOperator(Bop); 945 if (BopRes.isKnown()) 946 return BopRes.isTrue(); 947 } else if (Bop->isRelationalOp()) { 948 TryResult BopRes = checkIncorrectRelationalOperator(Bop); 949 if (BopRes.isKnown()) 950 return BopRes.isTrue(); 951 } 952 } 953 954 bool Result; 955 if (E->EvaluateAsBooleanCondition(Result, *Context)) 956 return Result; 957 958 return TryResult(); 959 } 960 961}; 962 963inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder, 964 const Stmt *stmt) const { 965 return builder.alwaysAdd(stmt) || kind == AlwaysAdd; 966} 967 968bool CFGBuilder::alwaysAdd(const Stmt *stmt) { 969 bool shouldAdd = BuildOpts.alwaysAdd(stmt); 970 971 if (!BuildOpts.forcedBlkExprs) 972 return shouldAdd; 973 974 if (lastLookup == stmt) { 975 if (cachedEntry) { 976 assert(cachedEntry->first == stmt); 977 return true; 978 } 979 return shouldAdd; 980 } 981 982 lastLookup = stmt; 983 984 // Perform the lookup! 985 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs; 986 987 if (!fb) { 988 // No need to update 'cachedEntry', since it will always be null. 989 assert(!cachedEntry); 990 return shouldAdd; 991 } 992 993 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt); 994 if (itr == fb->end()) { 995 cachedEntry = nullptr; 996 return shouldAdd; 997 } 998 999 cachedEntry = &*itr; 1000 return true; 1001} 1002 1003// FIXME: Add support for dependent-sized array types in C++? 1004// Does it even make sense to build a CFG for an uninstantiated template? 1005static const VariableArrayType *FindVA(const Type *t) { 1006 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) { 1007 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt)) 1008 if (vat->getSizeExpr()) 1009 return vat; 1010 1011 t = vt->getElementType().getTypePtr(); 1012 } 1013 1014 return nullptr; 1015} 1016 1017/// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an 1018/// arbitrary statement. Examples include a single expression or a function 1019/// body (compound statement). The ownership of the returned CFG is 1020/// transferred to the caller. If CFG construction fails, this method returns 1021/// NULL. 1022std::unique_ptr<CFG> CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) { 1023 assert(cfg.get()); 1024 if (!Statement) 1025 return nullptr; 1026 1027 // Create an empty block that will serve as the exit block for the CFG. Since 1028 // this is the first block added to the CFG, it will be implicitly registered 1029 // as the exit block. 1030 Succ = createBlock(); 1031 assert(Succ == &cfg->getExit()); 1032 Block = nullptr; // the EXIT block is empty. Create all other blocks lazily. 1033 1034 if (BuildOpts.AddImplicitDtors) 1035 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D)) 1036 addImplicitDtorsForDestructor(DD); 1037 1038 // Visit the statements and create the CFG. 1039 CFGBlock *B = addStmt(Statement); 1040 1041 if (badCFG) 1042 return nullptr; 1043 1044 // For C++ constructor add initializers to CFG. 1045 if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) { 1046 for (auto *I : llvm::reverse(CD->inits())) { 1047 B = addInitializer(I); 1048 if (badCFG) 1049 return nullptr; 1050 } 1051 } 1052 1053 if (B) 1054 Succ = B; 1055 1056 // Backpatch the gotos whose label -> block mappings we didn't know when we 1057 // encountered them. 1058 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(), 1059 E = BackpatchBlocks.end(); I != E; ++I ) { 1060 1061 CFGBlock *B = I->block; 1062 const GotoStmt *G = cast<GotoStmt>(B->getTerminator()); 1063 LabelMapTy::iterator LI = LabelMap.find(G->getLabel()); 1064 1065 // If there is no target for the goto, then we are looking at an 1066 // incomplete AST. Handle this by not registering a successor. 1067 if (LI == LabelMap.end()) continue; 1068 1069 JumpTarget JT = LI->second; 1070 prependAutomaticObjDtorsWithTerminator(B, I->scopePosition, 1071 JT.scopePosition); 1072 addSuccessor(B, JT.block); 1073 } 1074 1075 // Add successors to the Indirect Goto Dispatch block (if we have one). 1076 if (CFGBlock *B = cfg->getIndirectGotoBlock()) 1077 for (LabelSetTy::iterator I = AddressTakenLabels.begin(), 1078 E = AddressTakenLabels.end(); I != E; ++I ) { 1079 1080 // Lookup the target block. 1081 LabelMapTy::iterator LI = LabelMap.find(*I); 1082 1083 // If there is no target block that contains label, then we are looking 1084 // at an incomplete AST. Handle this by not registering a successor. 1085 if (LI == LabelMap.end()) continue; 1086 1087 addSuccessor(B, LI->second.block); 1088 } 1089 1090 // Create an empty entry block that has no predecessors. 1091 cfg->setEntry(createBlock()); 1092 1093 return std::move(cfg); 1094} 1095 1096/// createBlock - Used to lazily create blocks that are connected 1097/// to the current (global) succcessor. 1098CFGBlock *CFGBuilder::createBlock(bool add_successor) { 1099 CFGBlock *B = cfg->createBlock(); 1100 if (add_successor && Succ) 1101 addSuccessor(B, Succ); 1102 return B; 1103} 1104 1105/// createNoReturnBlock - Used to create a block is a 'noreturn' point in the 1106/// CFG. It is *not* connected to the current (global) successor, and instead 1107/// directly tied to the exit block in order to be reachable. 1108CFGBlock *CFGBuilder::createNoReturnBlock() { 1109 CFGBlock *B = createBlock(false); 1110 B->setHasNoReturnElement(); 1111 addSuccessor(B, &cfg->getExit(), Succ); 1112 return B; 1113} 1114 1115/// addInitializer - Add C++ base or member initializer element to CFG. 1116CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) { 1117 if (!BuildOpts.AddInitializers) 1118 return Block; 1119 1120 bool HasTemporaries = false; 1121 1122 // Destructors of temporaries in initialization expression should be called 1123 // after initialization finishes. 1124 Expr *Init = I->getInit(); 1125 if (Init) { 1126 HasTemporaries = isa<ExprWithCleanups>(Init); 1127 1128 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 1129 // Generate destructors for temporaries in initialization expression. 1130 TempDtorContext Context; 1131 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 1132 /*BindToTemporary=*/false, Context); 1133 } 1134 } 1135 1136 autoCreateBlock(); 1137 appendInitializer(Block, I); 1138 1139 if (Init) { 1140 if (HasTemporaries) { 1141 // For expression with temporaries go directly to subexpression to omit 1142 // generating destructors for the second time. 1143 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); 1144 } 1145 if (BuildOpts.AddCXXDefaultInitExprInCtors) { 1146 if (CXXDefaultInitExpr *Default = dyn_cast<CXXDefaultInitExpr>(Init)) { 1147 // In general, appending the expression wrapped by a CXXDefaultInitExpr 1148 // may cause the same Expr to appear more than once in the CFG. Doing it 1149 // here is safe because there's only one initializer per field. 1150 autoCreateBlock(); 1151 appendStmt(Block, Default); 1152 if (Stmt *Child = Default->getExpr()) 1153 if (CFGBlock *R = Visit(Child)) 1154 Block = R; 1155 return Block; 1156 } 1157 } 1158 return Visit(Init); 1159 } 1160 1161 return Block; 1162} 1163 1164/// \brief Retrieve the type of the temporary object whose lifetime was 1165/// extended by a local reference with the given initializer. 1166static QualType getReferenceInitTemporaryType(ASTContext &Context, 1167 const Expr *Init) { 1168 while (true) { 1169 // Skip parentheses. 1170 Init = Init->IgnoreParens(); 1171 1172 // Skip through cleanups. 1173 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { 1174 Init = EWC->getSubExpr(); 1175 continue; 1176 } 1177 1178 // Skip through the temporary-materialization expression. 1179 if (const MaterializeTemporaryExpr *MTE 1180 = dyn_cast<MaterializeTemporaryExpr>(Init)) { 1181 Init = MTE->GetTemporaryExpr(); 1182 continue; 1183 } 1184 1185 // Skip derived-to-base and no-op casts. 1186 if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { 1187 if ((CE->getCastKind() == CK_DerivedToBase || 1188 CE->getCastKind() == CK_UncheckedDerivedToBase || 1189 CE->getCastKind() == CK_NoOp) && 1190 Init->getType()->isRecordType()) { 1191 Init = CE->getSubExpr(); 1192 continue; 1193 } 1194 } 1195 1196 // Skip member accesses into rvalues. 1197 if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) { 1198 if (!ME->isArrow() && ME->getBase()->isRValue()) { 1199 Init = ME->getBase(); 1200 continue; 1201 } 1202 } 1203 1204 break; 1205 } 1206 1207 return Init->getType(); 1208} 1209 1210/// addAutomaticObjDtors - Add to current block automatic objects destructors 1211/// for objects in range of local scope positions. Use S as trigger statement 1212/// for destructors. 1213void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B, 1214 LocalScope::const_iterator E, Stmt *S) { 1215 if (!BuildOpts.AddImplicitDtors) 1216 return; 1217 1218 if (B == E) 1219 return; 1220 1221 // We need to append the destructors in reverse order, but any one of them 1222 // may be a no-return destructor which changes the CFG. As a result, buffer 1223 // this sequence up and replay them in reverse order when appending onto the 1224 // CFGBlock(s). 1225 SmallVector<VarDecl*, 10> Decls; 1226 Decls.reserve(B.distance(E)); 1227 for (LocalScope::const_iterator I = B; I != E; ++I) 1228 Decls.push_back(*I); 1229 1230 for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(), 1231 E = Decls.rend(); 1232 I != E; ++I) { 1233 // If this destructor is marked as a no-return destructor, we need to 1234 // create a new block for the destructor which does not have as a successor 1235 // anything built thus far: control won't flow out of this block. 1236 QualType Ty = (*I)->getType(); 1237 if (Ty->isReferenceType()) { 1238 Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); 1239 } 1240 Ty = Context->getBaseElementType(Ty); 1241 1242 if (Ty->getAsCXXRecordDecl()->isAnyDestructorNoReturn()) 1243 Block = createNoReturnBlock(); 1244 else 1245 autoCreateBlock(); 1246 1247 appendAutomaticObjDtor(Block, *I, S); 1248 } 1249} 1250 1251/// addImplicitDtorsForDestructor - Add implicit destructors generated for 1252/// base and member objects in destructor. 1253void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) { 1254 assert (BuildOpts.AddImplicitDtors 1255 && "Can be called only when dtors should be added"); 1256 const CXXRecordDecl *RD = DD->getParent(); 1257 1258 // At the end destroy virtual base objects. 1259 for (const auto &VI : RD->vbases()) { 1260 const CXXRecordDecl *CD = VI.getType()->getAsCXXRecordDecl(); 1261 if (!CD->hasTrivialDestructor()) { 1262 autoCreateBlock(); 1263 appendBaseDtor(Block, &VI); 1264 } 1265 } 1266 1267 // Before virtual bases destroy direct base objects. 1268 for (const auto &BI : RD->bases()) { 1269 if (!BI.isVirtual()) { 1270 const CXXRecordDecl *CD = BI.getType()->getAsCXXRecordDecl(); 1271 if (!CD->hasTrivialDestructor()) { 1272 autoCreateBlock(); 1273 appendBaseDtor(Block, &BI); 1274 } 1275 } 1276 } 1277 1278 // First destroy member objects. 1279 for (auto *FI : RD->fields()) { 1280 // Check for constant size array. Set type to array element type. 1281 QualType QT = FI->getType(); 1282 if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 1283 if (AT->getSize() == 0) 1284 continue; 1285 QT = AT->getElementType(); 1286 } 1287 1288 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 1289 if (!CD->hasTrivialDestructor()) { 1290 autoCreateBlock(); 1291 appendMemberDtor(Block, FI); 1292 } 1293 } 1294} 1295 1296/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either 1297/// way return valid LocalScope object. 1298LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) { 1299 if (Scope) 1300 return Scope; 1301 llvm::BumpPtrAllocator &alloc = cfg->getAllocator(); 1302 return new (alloc.Allocate<LocalScope>()) 1303 LocalScope(BumpVectorContext(alloc), ScopePos); 1304} 1305 1306/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement 1307/// that should create implicit scope (e.g. if/else substatements). 1308void CFGBuilder::addLocalScopeForStmt(Stmt *S) { 1309 if (!BuildOpts.AddImplicitDtors) 1310 return; 1311 1312 LocalScope *Scope = nullptr; 1313 1314 // For compound statement we will be creating explicit scope. 1315 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) { 1316 for (auto *BI : CS->body()) { 1317 Stmt *SI = BI->stripLabelLikeStatements(); 1318 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI)) 1319 Scope = addLocalScopeForDeclStmt(DS, Scope); 1320 } 1321 return; 1322 } 1323 1324 // For any other statement scope will be implicit and as such will be 1325 // interesting only for DeclStmt. 1326 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements())) 1327 addLocalScopeForDeclStmt(DS); 1328} 1329 1330/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will 1331/// reuse Scope if not NULL. 1332LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS, 1333 LocalScope* Scope) { 1334 if (!BuildOpts.AddImplicitDtors) 1335 return Scope; 1336 1337 for (auto *DI : DS->decls()) 1338 if (VarDecl *VD = dyn_cast<VarDecl>(DI)) 1339 Scope = addLocalScopeForVarDecl(VD, Scope); 1340 return Scope; 1341} 1342 1343/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will 1344/// create add scope for automatic objects and temporary objects bound to 1345/// const reference. Will reuse Scope if not NULL. 1346LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD, 1347 LocalScope* Scope) { 1348 if (!BuildOpts.AddImplicitDtors) 1349 return Scope; 1350 1351 // Check if variable is local. 1352 switch (VD->getStorageClass()) { 1353 case SC_None: 1354 case SC_Auto: 1355 case SC_Register: 1356 break; 1357 default: return Scope; 1358 } 1359 1360 // Check for const references bound to temporary. Set type to pointee. 1361 QualType QT = VD->getType(); 1362 if (QT.getTypePtr()->isReferenceType()) { 1363 // Attempt to determine whether this declaration lifetime-extends a 1364 // temporary. 1365 // 1366 // FIXME: This is incorrect. Non-reference declarations can lifetime-extend 1367 // temporaries, and a single declaration can extend multiple temporaries. 1368 // We should look at the storage duration on each nested 1369 // MaterializeTemporaryExpr instead. 1370 const Expr *Init = VD->getInit(); 1371 if (!Init) 1372 return Scope; 1373 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) 1374 Init = EWC->getSubExpr(); 1375 if (!isa<MaterializeTemporaryExpr>(Init)) 1376 return Scope; 1377 1378 // Lifetime-extending a temporary. 1379 QT = getReferenceInitTemporaryType(*Context, Init); 1380 } 1381 1382 // Check for constant size array. Set type to array element type. 1383 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 1384 if (AT->getSize() == 0) 1385 return Scope; 1386 QT = AT->getElementType(); 1387 } 1388 1389 // Check if type is a C++ class with non-trivial destructor. 1390 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 1391 if (!CD->hasTrivialDestructor()) { 1392 // Add the variable to scope 1393 Scope = createOrReuseLocalScope(Scope); 1394 Scope->addVar(VD); 1395 ScopePos = Scope->begin(); 1396 } 1397 return Scope; 1398} 1399 1400/// addLocalScopeAndDtors - For given statement add local scope for it and 1401/// add destructors that will cleanup the scope. Will reuse Scope if not NULL. 1402void CFGBuilder::addLocalScopeAndDtors(Stmt *S) { 1403 if (!BuildOpts.AddImplicitDtors) 1404 return; 1405 1406 LocalScope::const_iterator scopeBeginPos = ScopePos; 1407 addLocalScopeForStmt(S); 1408 addAutomaticObjDtors(ScopePos, scopeBeginPos, S); 1409} 1410 1411/// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for 1412/// variables with automatic storage duration to CFGBlock's elements vector. 1413/// Elements will be prepended to physical beginning of the vector which 1414/// happens to be logical end. Use blocks terminator as statement that specifies 1415/// destructors call site. 1416/// FIXME: This mechanism for adding automatic destructors doesn't handle 1417/// no-return destructors properly. 1418void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 1419 LocalScope::const_iterator B, LocalScope::const_iterator E) { 1420 BumpVectorContext &C = cfg->getBumpVectorContext(); 1421 CFGBlock::iterator InsertPos 1422 = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C); 1423 for (LocalScope::const_iterator I = B; I != E; ++I) 1424 InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I, 1425 Blk->getTerminator()); 1426} 1427 1428/// Visit - Walk the subtree of a statement and add extra 1429/// blocks for ternary operators, &&, and ||. We also process "," and 1430/// DeclStmts (which may contain nested control-flow). 1431CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) { 1432 if (!S) { 1433 badCFG = true; 1434 return nullptr; 1435 } 1436 1437 if (Expr *E = dyn_cast<Expr>(S)) 1438 S = E->IgnoreParens(); 1439 1440 switch (S->getStmtClass()) { 1441 default: 1442 return VisitStmt(S, asc); 1443 1444 case Stmt::AddrLabelExprClass: 1445 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc); 1446 1447 case Stmt::BinaryConditionalOperatorClass: 1448 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc); 1449 1450 case Stmt::BinaryOperatorClass: 1451 return VisitBinaryOperator(cast<BinaryOperator>(S), asc); 1452 1453 case Stmt::BlockExprClass: 1454 return VisitBlockExpr(cast<BlockExpr>(S), asc); 1455 1456 case Stmt::BreakStmtClass: 1457 return VisitBreakStmt(cast<BreakStmt>(S)); 1458 1459 case Stmt::CallExprClass: 1460 case Stmt::CXXOperatorCallExprClass: 1461 case Stmt::CXXMemberCallExprClass: 1462 case Stmt::UserDefinedLiteralClass: 1463 return VisitCallExpr(cast<CallExpr>(S), asc); 1464 1465 case Stmt::CaseStmtClass: 1466 return VisitCaseStmt(cast<CaseStmt>(S)); 1467 1468 case Stmt::ChooseExprClass: 1469 return VisitChooseExpr(cast<ChooseExpr>(S), asc); 1470 1471 case Stmt::CompoundStmtClass: 1472 return VisitCompoundStmt(cast<CompoundStmt>(S)); 1473 1474 case Stmt::ConditionalOperatorClass: 1475 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc); 1476 1477 case Stmt::ContinueStmtClass: 1478 return VisitContinueStmt(cast<ContinueStmt>(S)); 1479 1480 case Stmt::CXXCatchStmtClass: 1481 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S)); 1482 1483 case Stmt::ExprWithCleanupsClass: 1484 return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc); 1485 1486 case Stmt::CXXDefaultArgExprClass: 1487 case Stmt::CXXDefaultInitExprClass: 1488 // FIXME: The expression inside a CXXDefaultArgExpr is owned by the 1489 // called function's declaration, not by the caller. If we simply add 1490 // this expression to the CFG, we could end up with the same Expr 1491 // appearing multiple times. 1492 // PR13385 / <rdar://problem/12156507> 1493 // 1494 // It's likewise possible for multiple CXXDefaultInitExprs for the same 1495 // expression to be used in the same function (through aggregate 1496 // initialization). 1497 return VisitStmt(S, asc); 1498 1499 case Stmt::CXXBindTemporaryExprClass: 1500 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc); 1501 1502 case Stmt::CXXConstructExprClass: 1503 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc); 1504 1505 case Stmt::CXXNewExprClass: 1506 return VisitCXXNewExpr(cast<CXXNewExpr>(S), asc); 1507 1508 case Stmt::CXXDeleteExprClass: 1509 return VisitCXXDeleteExpr(cast<CXXDeleteExpr>(S), asc); 1510 1511 case Stmt::CXXFunctionalCastExprClass: 1512 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc); 1513 1514 case Stmt::CXXTemporaryObjectExprClass: 1515 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc); 1516 1517 case Stmt::CXXThrowExprClass: 1518 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S)); 1519 1520 case Stmt::CXXTryStmtClass: 1521 return VisitCXXTryStmt(cast<CXXTryStmt>(S)); 1522 1523 case Stmt::CXXForRangeStmtClass: 1524 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S)); 1525 1526 case Stmt::DeclStmtClass: 1527 return VisitDeclStmt(cast<DeclStmt>(S)); 1528 1529 case Stmt::DefaultStmtClass: 1530 return VisitDefaultStmt(cast<DefaultStmt>(S)); 1531 1532 case Stmt::DoStmtClass: 1533 return VisitDoStmt(cast<DoStmt>(S)); 1534 1535 case Stmt::ForStmtClass: 1536 return VisitForStmt(cast<ForStmt>(S)); 1537 1538 case Stmt::GotoStmtClass: 1539 return VisitGotoStmt(cast<GotoStmt>(S)); 1540 1541 case Stmt::IfStmtClass: 1542 return VisitIfStmt(cast<IfStmt>(S)); 1543 1544 case Stmt::ImplicitCastExprClass: 1545 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc); 1546 1547 case Stmt::IndirectGotoStmtClass: 1548 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S)); 1549 1550 case Stmt::LabelStmtClass: 1551 return VisitLabelStmt(cast<LabelStmt>(S)); 1552 1553 case Stmt::LambdaExprClass: 1554 return VisitLambdaExpr(cast<LambdaExpr>(S), asc); 1555 1556 case Stmt::MemberExprClass: 1557 return VisitMemberExpr(cast<MemberExpr>(S), asc); 1558 1559 case Stmt::NullStmtClass: 1560 return Block; 1561 1562 case Stmt::ObjCAtCatchStmtClass: 1563 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S)); 1564 1565 case Stmt::ObjCAutoreleasePoolStmtClass: 1566 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S)); 1567 1568 case Stmt::ObjCAtSynchronizedStmtClass: 1569 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S)); 1570 1571 case Stmt::ObjCAtThrowStmtClass: 1572 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S)); 1573 1574 case Stmt::ObjCAtTryStmtClass: 1575 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S)); 1576 1577 case Stmt::ObjCForCollectionStmtClass: 1578 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S)); 1579 1580 case Stmt::OpaqueValueExprClass: 1581 return Block; 1582 1583 case Stmt::PseudoObjectExprClass: 1584 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S)); 1585 1586 case Stmt::ReturnStmtClass: 1587 return VisitReturnStmt(cast<ReturnStmt>(S)); 1588 1589 case Stmt::UnaryExprOrTypeTraitExprClass: 1590 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S), 1591 asc); 1592 1593 case Stmt::StmtExprClass: 1594 return VisitStmtExpr(cast<StmtExpr>(S), asc); 1595 1596 case Stmt::SwitchStmtClass: 1597 return VisitSwitchStmt(cast<SwitchStmt>(S)); 1598 1599 case Stmt::UnaryOperatorClass: 1600 return VisitUnaryOperator(cast<UnaryOperator>(S), asc); 1601 1602 case Stmt::WhileStmtClass: 1603 return VisitWhileStmt(cast<WhileStmt>(S)); 1604 } 1605} 1606 1607CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) { 1608 if (asc.alwaysAdd(*this, S)) { 1609 autoCreateBlock(); 1610 appendStmt(Block, S); 1611 } 1612 1613 return VisitChildren(S); 1614} 1615 1616/// VisitChildren - Visit the children of a Stmt. 1617CFGBlock *CFGBuilder::VisitChildren(Stmt *S) { 1618 CFGBlock *B = Block; 1619 1620 // Visit the children in their reverse order so that they appear in 1621 // left-to-right (natural) order in the CFG. 1622 reverse_children RChildren(S); 1623 for (reverse_children::iterator I = RChildren.begin(), E = RChildren.end(); 1624 I != E; ++I) { 1625 if (Stmt *Child = *I) 1626 if (CFGBlock *R = Visit(Child)) 1627 B = R; 1628 } 1629 return B; 1630} 1631 1632CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A, 1633 AddStmtChoice asc) { 1634 AddressTakenLabels.insert(A->getLabel()); 1635 1636 if (asc.alwaysAdd(*this, A)) { 1637 autoCreateBlock(); 1638 appendStmt(Block, A); 1639 } 1640 1641 return Block; 1642} 1643 1644CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, 1645 AddStmtChoice asc) { 1646 if (asc.alwaysAdd(*this, U)) { 1647 autoCreateBlock(); 1648 appendStmt(Block, U); 1649 } 1650 1651 return Visit(U->getSubExpr(), AddStmtChoice()); 1652} 1653 1654CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) { 1655 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1656 appendStmt(ConfluenceBlock, B); 1657 1658 if (badCFG) 1659 return nullptr; 1660 1661 return VisitLogicalOperator(B, nullptr, ConfluenceBlock, 1662 ConfluenceBlock).first; 1663} 1664 1665std::pair<CFGBlock*, CFGBlock*> 1666CFGBuilder::VisitLogicalOperator(BinaryOperator *B, 1667 Stmt *Term, 1668 CFGBlock *TrueBlock, 1669 CFGBlock *FalseBlock) { 1670 1671 // Introspect the RHS. If it is a nested logical operation, we recursively 1672 // build the CFG using this function. Otherwise, resort to default 1673 // CFG construction behavior. 1674 Expr *RHS = B->getRHS()->IgnoreParens(); 1675 CFGBlock *RHSBlock, *ExitBlock; 1676 1677 do { 1678 if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS)) 1679 if (B_RHS->isLogicalOp()) { 1680 std::tie(RHSBlock, ExitBlock) = 1681 VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock); 1682 break; 1683 } 1684 1685 // The RHS is not a nested logical operation. Don't push the terminator 1686 // down further, but instead visit RHS and construct the respective 1687 // pieces of the CFG, and link up the RHSBlock with the terminator 1688 // we have been provided. 1689 ExitBlock = RHSBlock = createBlock(false); 1690 1691 if (!Term) { 1692 assert(TrueBlock == FalseBlock); 1693 addSuccessor(RHSBlock, TrueBlock); 1694 } 1695 else { 1696 RHSBlock->setTerminator(Term); 1697 TryResult KnownVal = tryEvaluateBool(RHS); 1698 if (!KnownVal.isKnown()) 1699 KnownVal = tryEvaluateBool(B); 1700 addSuccessor(RHSBlock, TrueBlock, !KnownVal.isFalse()); 1701 addSuccessor(RHSBlock, FalseBlock, !KnownVal.isTrue()); 1702 } 1703 1704 Block = RHSBlock; 1705 RHSBlock = addStmt(RHS); 1706 } 1707 while (false); 1708 1709 if (badCFG) 1710 return std::make_pair(nullptr, nullptr); 1711 1712 // Generate the blocks for evaluating the LHS. 1713 Expr *LHS = B->getLHS()->IgnoreParens(); 1714 1715 if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS)) 1716 if (B_LHS->isLogicalOp()) { 1717 if (B->getOpcode() == BO_LOr) 1718 FalseBlock = RHSBlock; 1719 else 1720 TrueBlock = RHSBlock; 1721 1722 // For the LHS, treat 'B' as the terminator that we want to sink 1723 // into the nested branch. The RHS always gets the top-most 1724 // terminator. 1725 return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock); 1726 } 1727 1728 // Create the block evaluating the LHS. 1729 // This contains the '&&' or '||' as the terminator. 1730 CFGBlock *LHSBlock = createBlock(false); 1731 LHSBlock->setTerminator(B); 1732 1733 Block = LHSBlock; 1734 CFGBlock *EntryLHSBlock = addStmt(LHS); 1735 1736 if (badCFG) 1737 return std::make_pair(nullptr, nullptr); 1738 1739 // See if this is a known constant. 1740 TryResult KnownVal = tryEvaluateBool(LHS); 1741 1742 // Now link the LHSBlock with RHSBlock. 1743 if (B->getOpcode() == BO_LOr) { 1744 addSuccessor(LHSBlock, TrueBlock, !KnownVal.isFalse()); 1745 addSuccessor(LHSBlock, RHSBlock, !KnownVal.isTrue()); 1746 } else { 1747 assert(B->getOpcode() == BO_LAnd); 1748 addSuccessor(LHSBlock, RHSBlock, !KnownVal.isFalse()); 1749 addSuccessor(LHSBlock, FalseBlock, !KnownVal.isTrue()); 1750 } 1751 1752 return std::make_pair(EntryLHSBlock, ExitBlock); 1753} 1754 1755 1756CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B, 1757 AddStmtChoice asc) { 1758 // && or || 1759 if (B->isLogicalOp()) 1760 return VisitLogicalOperator(B); 1761 1762 if (B->getOpcode() == BO_Comma) { // , 1763 autoCreateBlock(); 1764 appendStmt(Block, B); 1765 addStmt(B->getRHS()); 1766 return addStmt(B->getLHS()); 1767 } 1768 1769 if (B->isAssignmentOp()) { 1770 if (asc.alwaysAdd(*this, B)) { 1771 autoCreateBlock(); 1772 appendStmt(Block, B); 1773 } 1774 Visit(B->getLHS()); 1775 return Visit(B->getRHS()); 1776 } 1777 1778 if (asc.alwaysAdd(*this, B)) { 1779 autoCreateBlock(); 1780 appendStmt(Block, B); 1781 } 1782 1783 CFGBlock *RBlock = Visit(B->getRHS()); 1784 CFGBlock *LBlock = Visit(B->getLHS()); 1785 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr 1786 // containing a DoStmt, and the LHS doesn't create a new block, then we should 1787 // return RBlock. Otherwise we'll incorrectly return NULL. 1788 return (LBlock ? LBlock : RBlock); 1789} 1790 1791CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) { 1792 if (asc.alwaysAdd(*this, E)) { 1793 autoCreateBlock(); 1794 appendStmt(Block, E); 1795 } 1796 return Block; 1797} 1798 1799CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) { 1800 // "break" is a control-flow statement. Thus we stop processing the current 1801 // block. 1802 if (badCFG) 1803 return nullptr; 1804 1805 // Now create a new block that ends with the break statement. 1806 Block = createBlock(false); 1807 Block->setTerminator(B); 1808 1809 // If there is no target for the break, then we are looking at an incomplete 1810 // AST. This means that the CFG cannot be constructed. 1811 if (BreakJumpTarget.block) { 1812 addAutomaticObjDtors(ScopePos, BreakJumpTarget.scopePosition, B); 1813 addSuccessor(Block, BreakJumpTarget.block); 1814 } else 1815 badCFG = true; 1816 1817 1818 return Block; 1819} 1820 1821static bool CanThrow(Expr *E, ASTContext &Ctx) { 1822 QualType Ty = E->getType(); 1823 if (Ty->isFunctionPointerType()) 1824 Ty = Ty->getAs<PointerType>()->getPointeeType(); 1825 else if (Ty->isBlockPointerType()) 1826 Ty = Ty->getAs<BlockPointerType>()->getPointeeType(); 1827 1828 const FunctionType *FT = Ty->getAs<FunctionType>(); 1829 if (FT) { 1830 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT)) 1831 if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) && 1832 Proto->isNothrow(Ctx)) 1833 return false; 1834 } 1835 return true; 1836} 1837 1838CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) { 1839 // Compute the callee type. 1840 QualType calleeType = C->getCallee()->getType(); 1841 if (calleeType == Context->BoundMemberTy) { 1842 QualType boundType = Expr::findBoundMemberType(C->getCallee()); 1843 1844 // We should only get a null bound type if processing a dependent 1845 // CFG. Recover by assuming nothing. 1846 if (!boundType.isNull()) calleeType = boundType; 1847 } 1848 1849 // If this is a call to a no-return function, this stops the block here. 1850 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn(); 1851 1852 bool AddEHEdge = false; 1853 1854 // Languages without exceptions are assumed to not throw. 1855 if (Context->getLangOpts().Exceptions) { 1856 if (BuildOpts.AddEHEdges) 1857 AddEHEdge = true; 1858 } 1859 1860 // If this is a call to a builtin function, it might not actually evaluate 1861 // its arguments. Don't add them to the CFG if this is the case. 1862 bool OmitArguments = false; 1863 1864 if (FunctionDecl *FD = C->getDirectCallee()) { 1865 if (FD->isNoReturn()) 1866 NoReturn = true; 1867 if (FD->hasAttr<NoThrowAttr>()) 1868 AddEHEdge = false; 1869 if (FD->getBuiltinID() == Builtin::BI__builtin_object_size) 1870 OmitArguments = true; 1871 } 1872 1873 if (!CanThrow(C->getCallee(), *Context)) 1874 AddEHEdge = false; 1875 1876 if (OmitArguments) { 1877 assert(!NoReturn && "noreturn calls with unevaluated args not implemented"); 1878 assert(!AddEHEdge && "EH calls with unevaluated args not implemented"); 1879 autoCreateBlock(); 1880 appendStmt(Block, C); 1881 return Visit(C->getCallee()); 1882 } 1883 1884 if (!NoReturn && !AddEHEdge) { 1885 return VisitStmt(C, asc.withAlwaysAdd(true)); 1886 } 1887 1888 if (Block) { 1889 Succ = Block; 1890 if (badCFG) 1891 return nullptr; 1892 } 1893 1894 if (NoReturn) 1895 Block = createNoReturnBlock(); 1896 else 1897 Block = createBlock(); 1898 1899 appendStmt(Block, C); 1900 1901 if (AddEHEdge) { 1902 // Add exceptional edges. 1903 if (TryTerminatedBlock) 1904 addSuccessor(Block, TryTerminatedBlock); 1905 else 1906 addSuccessor(Block, &cfg->getExit()); 1907 } 1908 1909 return VisitChildren(C); 1910} 1911 1912CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C, 1913 AddStmtChoice asc) { 1914 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1915 appendStmt(ConfluenceBlock, C); 1916 if (badCFG) 1917 return nullptr; 1918 1919 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1920 Succ = ConfluenceBlock; 1921 Block = nullptr; 1922 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd); 1923 if (badCFG) 1924 return nullptr; 1925 1926 Succ = ConfluenceBlock; 1927 Block = nullptr; 1928 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd); 1929 if (badCFG) 1930 return nullptr; 1931 1932 Block = createBlock(false); 1933 // See if this is a known constant. 1934 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1935 addSuccessor(Block, KnownVal.isFalse() ? nullptr : LHSBlock); 1936 addSuccessor(Block, KnownVal.isTrue() ? nullptr : RHSBlock); 1937 Block->setTerminator(C); 1938 return addStmt(C->getCond()); 1939} 1940 1941 1942CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) { 1943 LocalScope::const_iterator scopeBeginPos = ScopePos; 1944 if (BuildOpts.AddImplicitDtors) { 1945 addLocalScopeForStmt(C); 1946 } 1947 if (!C->body_empty() && !isa<ReturnStmt>(*C->body_rbegin())) { 1948 // If the body ends with a ReturnStmt, the dtors will be added in VisitReturnStmt 1949 addAutomaticObjDtors(ScopePos, scopeBeginPos, C); 1950 } 1951 1952 CFGBlock *LastBlock = Block; 1953 1954 for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend(); 1955 I != E; ++I ) { 1956 // If we hit a segment of code just containing ';' (NullStmts), we can 1957 // get a null block back. In such cases, just use the LastBlock 1958 if (CFGBlock *newBlock = addStmt(*I)) 1959 LastBlock = newBlock; 1960 1961 if (badCFG) 1962 return nullptr; 1963 } 1964 1965 return LastBlock; 1966} 1967 1968CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C, 1969 AddStmtChoice asc) { 1970 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C); 1971 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : nullptr); 1972 1973 // Create the confluence block that will "merge" the results of the ternary 1974 // expression. 1975 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1976 appendStmt(ConfluenceBlock, C); 1977 if (badCFG) 1978 return nullptr; 1979 1980 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1981 1982 // Create a block for the LHS expression if there is an LHS expression. A 1983 // GCC extension allows LHS to be NULL, causing the condition to be the 1984 // value that is returned instead. 1985 // e.g: x ?: y is shorthand for: x ? x : y; 1986 Succ = ConfluenceBlock; 1987 Block = nullptr; 1988 CFGBlock *LHSBlock = nullptr; 1989 const Expr *trueExpr = C->getTrueExpr(); 1990 if (trueExpr != opaqueValue) { 1991 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd); 1992 if (badCFG) 1993 return nullptr; 1994 Block = nullptr; 1995 } 1996 else 1997 LHSBlock = ConfluenceBlock; 1998 1999 // Create the block for the RHS expression. 2000 Succ = ConfluenceBlock; 2001 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd); 2002 if (badCFG) 2003 return nullptr; 2004 2005 // If the condition is a logical '&&' or '||', build a more accurate CFG. 2006 if (BinaryOperator *Cond = 2007 dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens())) 2008 if (Cond->isLogicalOp()) 2009 return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first; 2010 2011 // Create the block that will contain the condition. 2012 Block = createBlock(false); 2013 2014 // See if this is a known constant. 2015 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 2016 addSuccessor(Block, LHSBlock, !KnownVal.isFalse()); 2017 addSuccessor(Block, RHSBlock, !KnownVal.isTrue()); 2018 Block->setTerminator(C); 2019 Expr *condExpr = C->getCond(); 2020 2021 if (opaqueValue) { 2022 // Run the condition expression if it's not trivially expressed in 2023 // terms of the opaque value (or if there is no opaque value). 2024 if (condExpr != opaqueValue) 2025 addStmt(condExpr); 2026 2027 // Before that, run the common subexpression if there was one. 2028 // At least one of this or the above will be run. 2029 return addStmt(BCO->getCommon()); 2030 } 2031 2032 return addStmt(condExpr); 2033} 2034 2035CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) { 2036 // Check if the Decl is for an __label__. If so, elide it from the 2037 // CFG entirely. 2038 if (isa<LabelDecl>(*DS->decl_begin())) 2039 return Block; 2040 2041 // This case also handles static_asserts. 2042 if (DS->isSingleDecl()) 2043 return VisitDeclSubExpr(DS); 2044 2045 CFGBlock *B = nullptr; 2046 2047 // Build an individual DeclStmt for each decl. 2048 for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(), 2049 E = DS->decl_rend(); 2050 I != E; ++I) { 2051 // Get the alignment of the new DeclStmt, padding out to >=8 bytes. 2052 unsigned A = llvm::AlignOf<DeclStmt>::Alignment < 8 2053 ? 8 : llvm::AlignOf<DeclStmt>::Alignment; 2054 2055 // Allocate the DeclStmt using the BumpPtrAllocator. It will get 2056 // automatically freed with the CFG. 2057 DeclGroupRef DG(*I); 2058 Decl *D = *I; 2059 void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A); 2060 DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D)); 2061 cfg->addSyntheticDeclStmt(DSNew, DS); 2062 2063 // Append the fake DeclStmt to block. 2064 B = VisitDeclSubExpr(DSNew); 2065 } 2066 2067 return B; 2068} 2069 2070/// VisitDeclSubExpr - Utility method to add block-level expressions for 2071/// DeclStmts and initializers in them. 2072CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) { 2073 assert(DS->isSingleDecl() && "Can handle single declarations only."); 2074 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); 2075 2076 if (!VD) { 2077 // Of everything that can be declared in a DeclStmt, only VarDecls impact 2078 // runtime semantics. 2079 return Block; 2080 } 2081 2082 bool HasTemporaries = false; 2083 2084 // Guard static initializers under a branch. 2085 CFGBlock *blockAfterStaticInit = nullptr; 2086 2087 if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) { 2088 // For static variables, we need to create a branch to track 2089 // whether or not they are initialized. 2090 if (Block) { 2091 Succ = Block; 2092 Block = nullptr; 2093 if (badCFG) 2094 return nullptr; 2095 } 2096 blockAfterStaticInit = Succ; 2097 } 2098 2099 // Destructors of temporaries in initialization expression should be called 2100 // after initialization finishes. 2101 Expr *Init = VD->getInit(); 2102 if (Init) { 2103 HasTemporaries = isa<ExprWithCleanups>(Init); 2104 2105 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 2106 // Generate destructors for temporaries in initialization expression. 2107 TempDtorContext Context; 2108 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 2109 /*BindToTemporary=*/false, Context); 2110 } 2111 } 2112 2113 autoCreateBlock(); 2114 appendStmt(Block, DS); 2115 2116 // Keep track of the last non-null block, as 'Block' can be nulled out 2117 // if the initializer expression is something like a 'while' in a 2118 // statement-expression. 2119 CFGBlock *LastBlock = Block; 2120 2121 if (Init) { 2122 if (HasTemporaries) { 2123 // For expression with temporaries go directly to subexpression to omit 2124 // generating destructors for the second time. 2125 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init); 2126 if (CFGBlock *newBlock = Visit(EC->getSubExpr())) 2127 LastBlock = newBlock; 2128 } 2129 else { 2130 if (CFGBlock *newBlock = Visit(Init)) 2131 LastBlock = newBlock; 2132 } 2133 } 2134 2135 // If the type of VD is a VLA, then we must process its size expressions. 2136 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr()); 2137 VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr())) { 2138 if (CFGBlock *newBlock = addStmt(VA->getSizeExpr())) 2139 LastBlock = newBlock; 2140 } 2141 2142 // Remove variable from local scope. 2143 if (ScopePos && VD == *ScopePos) 2144 ++ScopePos; 2145 2146 CFGBlock *B = LastBlock; 2147 if (blockAfterStaticInit) { 2148 Succ = B; 2149 Block = createBlock(false); 2150 Block->setTerminator(DS); 2151 addSuccessor(Block, blockAfterStaticInit); 2152 addSuccessor(Block, B); 2153 B = Block; 2154 } 2155 2156 return B; 2157} 2158 2159CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) { 2160 // We may see an if statement in the middle of a basic block, or it may be the 2161 // first statement we are processing. In either case, we create a new basic 2162 // block. First, we create the blocks for the then...else statements, and 2163 // then we create the block containing the if statement. If we were in the 2164 // middle of a block, we stop processing that block. That block is then the 2165 // implicit successor for the "then" and "else" clauses. 2166 2167 // Save local scope position because in case of condition variable ScopePos 2168 // won't be restored when traversing AST. 2169 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2170 2171 // Create local scope for possible condition variable. 2172 // Store scope position. Add implicit destructor. 2173 if (VarDecl *VD = I->getConditionVariable()) { 2174 LocalScope::const_iterator BeginScopePos = ScopePos; 2175 addLocalScopeForVarDecl(VD); 2176 addAutomaticObjDtors(ScopePos, BeginScopePos, I); 2177 } 2178 2179 // The block we were processing is now finished. Make it the successor 2180 // block. 2181 if (Block) { 2182 Succ = Block; 2183 if (badCFG) 2184 return nullptr; 2185 } 2186 2187 // Process the false branch. 2188 CFGBlock *ElseBlock = Succ; 2189 2190 if (Stmt *Else = I->getElse()) { 2191 SaveAndRestore<CFGBlock*> sv(Succ); 2192 2193 // NULL out Block so that the recursive call to Visit will 2194 // create a new basic block. 2195 Block = nullptr; 2196 2197 // If branch is not a compound statement create implicit scope 2198 // and add destructors. 2199 if (!isa<CompoundStmt>(Else)) 2200 addLocalScopeAndDtors(Else); 2201 2202 ElseBlock = addStmt(Else); 2203 2204 if (!ElseBlock) // Can occur when the Else body has all NullStmts. 2205 ElseBlock = sv.get(); 2206 else if (Block) { 2207 if (badCFG) 2208 return nullptr; 2209 } 2210 } 2211 2212 // Process the true branch. 2213 CFGBlock *ThenBlock; 2214 { 2215 Stmt *Then = I->getThen(); 2216 assert(Then); 2217 SaveAndRestore<CFGBlock*> sv(Succ); 2218 Block = nullptr; 2219 2220 // If branch is not a compound statement create implicit scope 2221 // and add destructors. 2222 if (!isa<CompoundStmt>(Then)) 2223 addLocalScopeAndDtors(Then); 2224 2225 ThenBlock = addStmt(Then); 2226 2227 if (!ThenBlock) { 2228 // We can reach here if the "then" body has all NullStmts. 2229 // Create an empty block so we can distinguish between true and false 2230 // branches in path-sensitive analyses. 2231 ThenBlock = createBlock(false); 2232 addSuccessor(ThenBlock, sv.get()); 2233 } else if (Block) { 2234 if (badCFG) 2235 return nullptr; 2236 } 2237 } 2238 2239 // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by 2240 // having these handle the actual control-flow jump. Note that 2241 // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)" 2242 // we resort to the old control-flow behavior. This special handling 2243 // removes infeasible paths from the control-flow graph by having the 2244 // control-flow transfer of '&&' or '||' go directly into the then/else 2245 // blocks directly. 2246 if (!I->getConditionVariable()) 2247 if (BinaryOperator *Cond = 2248 dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens())) 2249 if (Cond->isLogicalOp()) 2250 return VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first; 2251 2252 // Now create a new block containing the if statement. 2253 Block = createBlock(false); 2254 2255 // Set the terminator of the new block to the If statement. 2256 Block->setTerminator(I); 2257 2258 // See if this is a known constant. 2259 const TryResult &KnownVal = tryEvaluateBool(I->getCond()); 2260 2261 // Add the successors. If we know that specific branches are 2262 // unreachable, inform addSuccessor() of that knowledge. 2263 addSuccessor(Block, ThenBlock, /* isReachable = */ !KnownVal.isFalse()); 2264 addSuccessor(Block, ElseBlock, /* isReachable = */ !KnownVal.isTrue()); 2265 2266 // Add the condition as the last statement in the new block. This may create 2267 // new blocks as the condition may contain control-flow. Any newly created 2268 // blocks will be pointed to be "Block". 2269 CFGBlock *LastBlock = addStmt(I->getCond()); 2270 2271 // Finally, if the IfStmt contains a condition variable, add it and its 2272 // initializer to the CFG. 2273 if (const DeclStmt* DS = I->getConditionVariableDeclStmt()) { 2274 autoCreateBlock(); 2275 LastBlock = addStmt(const_cast<DeclStmt *>(DS)); 2276 } 2277 2278 return LastBlock; 2279} 2280 2281 2282CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) { 2283 // If we were in the middle of a block we stop processing that block. 2284 // 2285 // NOTE: If a "return" appears in the middle of a block, this means that the 2286 // code afterwards is DEAD (unreachable). We still keep a basic block 2287 // for that code; a simple "mark-and-sweep" from the entry block will be 2288 // able to report such dead blocks. 2289 2290 // Create the new block. 2291 Block = createBlock(false); 2292 2293 addAutomaticObjDtors(ScopePos, LocalScope::const_iterator(), R); 2294 2295 // If the one of the destructors does not return, we already have the Exit 2296 // block as a successor. 2297 if (!Block->hasNoReturnElement()) 2298 addSuccessor(Block, &cfg->getExit()); 2299 2300 // Add the return statement to the block. This may create new blocks if R 2301 // contains control-flow (short-circuit operations). 2302 return VisitStmt(R, AddStmtChoice::AlwaysAdd); 2303} 2304 2305CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) { 2306 // Get the block of the labeled statement. Add it to our map. 2307 addStmt(L->getSubStmt()); 2308 CFGBlock *LabelBlock = Block; 2309 2310 if (!LabelBlock) // This can happen when the body is empty, i.e. 2311 LabelBlock = createBlock(); // scopes that only contains NullStmts. 2312 2313 assert(LabelMap.find(L->getDecl()) == LabelMap.end() && 2314 "label already in map"); 2315 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos); 2316 2317 // Labels partition blocks, so this is the end of the basic block we were 2318 // processing (L is the block's label). Because this is label (and we have 2319 // already processed the substatement) there is no extra control-flow to worry 2320 // about. 2321 LabelBlock->setLabel(L); 2322 if (badCFG) 2323 return nullptr; 2324 2325 // We set Block to NULL to allow lazy creation of a new block (if necessary); 2326 Block = nullptr; 2327 2328 // This block is now the implicit successor of other blocks. 2329 Succ = LabelBlock; 2330 2331 return LabelBlock; 2332} 2333 2334CFGBlock *CFGBuilder::VisitBlockExpr(BlockExpr *E, AddStmtChoice asc) { 2335 CFGBlock *LastBlock = VisitNoRecurse(E, asc); 2336 for (const BlockDecl::Capture &CI : E->getBlockDecl()->captures()) { 2337 if (Expr *CopyExpr = CI.getCopyExpr()) { 2338 CFGBlock *Tmp = Visit(CopyExpr); 2339 if (Tmp) 2340 LastBlock = Tmp; 2341 } 2342 } 2343 return LastBlock; 2344} 2345 2346CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) { 2347 CFGBlock *LastBlock = VisitNoRecurse(E, asc); 2348 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(), 2349 et = E->capture_init_end(); it != et; ++it) { 2350 if (Expr *Init = *it) { 2351 CFGBlock *Tmp = Visit(Init); 2352 if (Tmp) 2353 LastBlock = Tmp; 2354 } 2355 } 2356 return LastBlock; 2357} 2358 2359CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) { 2360 // Goto is a control-flow statement. Thus we stop processing the current 2361 // block and create a new one. 2362 2363 Block = createBlock(false); 2364 Block->setTerminator(G); 2365 2366 // If we already know the mapping to the label block add the successor now. 2367 LabelMapTy::iterator I = LabelMap.find(G->getLabel()); 2368 2369 if (I == LabelMap.end()) 2370 // We will need to backpatch this block later. 2371 BackpatchBlocks.push_back(JumpSource(Block, ScopePos)); 2372 else { 2373 JumpTarget JT = I->second; 2374 addAutomaticObjDtors(ScopePos, JT.scopePosition, G); 2375 addSuccessor(Block, JT.block); 2376 } 2377 2378 return Block; 2379} 2380 2381CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) { 2382 CFGBlock *LoopSuccessor = nullptr; 2383 2384 // Save local scope position because in case of condition variable ScopePos 2385 // won't be restored when traversing AST. 2386 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2387 2388 // Create local scope for init statement and possible condition variable. 2389 // Add destructor for init statement and condition variable. 2390 // Store scope position for continue statement. 2391 if (Stmt *Init = F->getInit()) 2392 addLocalScopeForStmt(Init); 2393 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2394 2395 if (VarDecl *VD = F->getConditionVariable()) 2396 addLocalScopeForVarDecl(VD); 2397 LocalScope::const_iterator ContinueScopePos = ScopePos; 2398 2399 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), F); 2400 2401 // "for" is a control-flow statement. Thus we stop processing the current 2402 // block. 2403 if (Block) { 2404 if (badCFG) 2405 return nullptr; 2406 LoopSuccessor = Block; 2407 } else 2408 LoopSuccessor = Succ; 2409 2410 // Save the current value for the break targets. 2411 // All breaks should go to the code following the loop. 2412 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2413 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2414 2415 CFGBlock *BodyBlock = nullptr, *TransitionBlock = nullptr; 2416 2417 // Now create the loop body. 2418 { 2419 assert(F->getBody()); 2420 2421 // Save the current values for Block, Succ, continue and break targets. 2422 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2423 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 2424 2425 // Create an empty block to represent the transition block for looping back 2426 // to the head of the loop. If we have increment code, it will 2427 // go in this block as well. 2428 Block = Succ = TransitionBlock = createBlock(false); 2429 TransitionBlock->setLoopTarget(F); 2430 2431 if (Stmt *I = F->getInc()) { 2432 // Generate increment code in its own basic block. This is the target of 2433 // continue statements. 2434 Succ = addStmt(I); 2435 } 2436 2437 // Finish up the increment (or empty) block if it hasn't been already. 2438 if (Block) { 2439 assert(Block == Succ); 2440 if (badCFG) 2441 return nullptr; 2442 Block = nullptr; 2443 } 2444 2445 // The starting block for the loop increment is the block that should 2446 // represent the 'loop target' for looping back to the start of the loop. 2447 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 2448 ContinueJumpTarget.block->setLoopTarget(F); 2449 2450 // Loop body should end with destructor of Condition variable (if any). 2451 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, F); 2452 2453 // If body is not a compound statement create implicit scope 2454 // and add destructors. 2455 if (!isa<CompoundStmt>(F->getBody())) 2456 addLocalScopeAndDtors(F->getBody()); 2457 2458 // Now populate the body block, and in the process create new blocks as we 2459 // walk the body of the loop. 2460 BodyBlock = addStmt(F->getBody()); 2461 2462 if (!BodyBlock) { 2463 // In the case of "for (...;...;...);" we can have a null BodyBlock. 2464 // Use the continue jump target as the proxy for the body. 2465 BodyBlock = ContinueJumpTarget.block; 2466 } 2467 else if (badCFG) 2468 return nullptr; 2469 } 2470 2471 // Because of short-circuit evaluation, the condition of the loop can span 2472 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2473 // evaluate the condition. 2474 CFGBlock *EntryConditionBlock = nullptr, *ExitConditionBlock = nullptr; 2475 2476 do { 2477 Expr *C = F->getCond(); 2478 2479 // Specially handle logical operators, which have a slightly 2480 // more optimal CFG representation. 2481 if (BinaryOperator *Cond = 2482 dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : nullptr)) 2483 if (Cond->isLogicalOp()) { 2484 std::tie(EntryConditionBlock, ExitConditionBlock) = 2485 VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor); 2486 break; 2487 } 2488 2489 // The default case when not handling logical operators. 2490 EntryConditionBlock = ExitConditionBlock = createBlock(false); 2491 ExitConditionBlock->setTerminator(F); 2492 2493 // See if this is a known constant. 2494 TryResult KnownVal(true); 2495 2496 if (C) { 2497 // Now add the actual condition to the condition block. 2498 // Because the condition itself may contain control-flow, new blocks may 2499 // be created. Thus we update "Succ" after adding the condition. 2500 Block = ExitConditionBlock; 2501 EntryConditionBlock = addStmt(C); 2502 2503 // If this block contains a condition variable, add both the condition 2504 // variable and initializer to the CFG. 2505 if (VarDecl *VD = F->getConditionVariable()) { 2506 if (Expr *Init = VD->getInit()) { 2507 autoCreateBlock(); 2508 appendStmt(Block, F->getConditionVariableDeclStmt()); 2509 EntryConditionBlock = addStmt(Init); 2510 assert(Block == EntryConditionBlock); 2511 } 2512 } 2513 2514 if (Block && badCFG) 2515 return nullptr; 2516 2517 KnownVal = tryEvaluateBool(C); 2518 } 2519 2520 // Add the loop body entry as a successor to the condition. 2521 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? nullptr : BodyBlock); 2522 // Link up the condition block with the code that follows the loop. (the 2523 // false branch). 2524 addSuccessor(ExitConditionBlock, 2525 KnownVal.isTrue() ? nullptr : LoopSuccessor); 2526 2527 } while (false); 2528 2529 // Link up the loop-back block to the entry condition block. 2530 addSuccessor(TransitionBlock, EntryConditionBlock); 2531 2532 // The condition block is the implicit successor for any code above the loop. 2533 Succ = EntryConditionBlock; 2534 2535 // If the loop contains initialization, create a new block for those 2536 // statements. This block can also contain statements that precede the loop. 2537 if (Stmt *I = F->getInit()) { 2538 Block = createBlock(); 2539 return addStmt(I); 2540 } 2541 2542 // There is no loop initialization. We are thus basically a while loop. 2543 // NULL out Block to force lazy block construction. 2544 Block = nullptr; 2545 Succ = EntryConditionBlock; 2546 return EntryConditionBlock; 2547} 2548 2549CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) { 2550 if (asc.alwaysAdd(*this, M)) { 2551 autoCreateBlock(); 2552 appendStmt(Block, M); 2553 } 2554 return Visit(M->getBase()); 2555} 2556 2557CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) { 2558 // Objective-C fast enumeration 'for' statements: 2559 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC 2560 // 2561 // for ( Type newVariable in collection_expression ) { statements } 2562 // 2563 // becomes: 2564 // 2565 // prologue: 2566 // 1. collection_expression 2567 // T. jump to loop_entry 2568 // loop_entry: 2569 // 1. side-effects of element expression 2570 // 1. ObjCForCollectionStmt [performs binding to newVariable] 2571 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil] 2572 // TB: 2573 // statements 2574 // T. jump to loop_entry 2575 // FB: 2576 // what comes after 2577 // 2578 // and 2579 // 2580 // Type existingItem; 2581 // for ( existingItem in expression ) { statements } 2582 // 2583 // becomes: 2584 // 2585 // the same with newVariable replaced with existingItem; the binding works 2586 // the same except that for one ObjCForCollectionStmt::getElement() returns 2587 // a DeclStmt and the other returns a DeclRefExpr. 2588 // 2589 2590 CFGBlock *LoopSuccessor = nullptr; 2591 2592 if (Block) { 2593 if (badCFG) 2594 return nullptr; 2595 LoopSuccessor = Block; 2596 Block = nullptr; 2597 } else 2598 LoopSuccessor = Succ; 2599 2600 // Build the condition blocks. 2601 CFGBlock *ExitConditionBlock = createBlock(false); 2602 2603 // Set the terminator for the "exit" condition block. 2604 ExitConditionBlock->setTerminator(S); 2605 2606 // The last statement in the block should be the ObjCForCollectionStmt, which 2607 // performs the actual binding to 'element' and determines if there are any 2608 // more items in the collection. 2609 appendStmt(ExitConditionBlock, S); 2610 Block = ExitConditionBlock; 2611 2612 // Walk the 'element' expression to see if there are any side-effects. We 2613 // generate new blocks as necessary. We DON'T add the statement by default to 2614 // the CFG unless it contains control-flow. 2615 CFGBlock *EntryConditionBlock = Visit(S->getElement(), 2616 AddStmtChoice::NotAlwaysAdd); 2617 if (Block) { 2618 if (badCFG) 2619 return nullptr; 2620 Block = nullptr; 2621 } 2622 2623 // The condition block is the implicit successor for the loop body as well as 2624 // any code above the loop. 2625 Succ = EntryConditionBlock; 2626 2627 // Now create the true branch. 2628 { 2629 // Save the current values for Succ, continue and break targets. 2630 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2631 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2632 save_break(BreakJumpTarget); 2633 2634 // Add an intermediate block between the BodyBlock and the 2635 // EntryConditionBlock to represent the "loop back" transition, for looping 2636 // back to the head of the loop. 2637 CFGBlock *LoopBackBlock = nullptr; 2638 Succ = LoopBackBlock = createBlock(); 2639 LoopBackBlock->setLoopTarget(S); 2640 2641 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2642 ContinueJumpTarget = JumpTarget(Succ, ScopePos); 2643 2644 CFGBlock *BodyBlock = addStmt(S->getBody()); 2645 2646 if (!BodyBlock) 2647 BodyBlock = ContinueJumpTarget.block; // can happen for "for (X in Y) ;" 2648 else if (Block) { 2649 if (badCFG) 2650 return nullptr; 2651 } 2652 2653 // This new body block is a successor to our "exit" condition block. 2654 addSuccessor(ExitConditionBlock, BodyBlock); 2655 } 2656 2657 // Link up the condition block with the code that follows the loop. 2658 // (the false branch). 2659 addSuccessor(ExitConditionBlock, LoopSuccessor); 2660 2661 // Now create a prologue block to contain the collection expression. 2662 Block = createBlock(); 2663 return addStmt(S->getCollection()); 2664} 2665 2666CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) { 2667 // Inline the body. 2668 return addStmt(S->getSubStmt()); 2669 // TODO: consider adding cleanups for the end of @autoreleasepool scope. 2670} 2671 2672CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) { 2673 // FIXME: Add locking 'primitives' to CFG for @synchronized. 2674 2675 // Inline the body. 2676 CFGBlock *SyncBlock = addStmt(S->getSynchBody()); 2677 2678 // The sync body starts its own basic block. This makes it a little easier 2679 // for diagnostic clients. 2680 if (SyncBlock) { 2681 if (badCFG) 2682 return nullptr; 2683 2684 Block = nullptr; 2685 Succ = SyncBlock; 2686 } 2687 2688 // Add the @synchronized to the CFG. 2689 autoCreateBlock(); 2690 appendStmt(Block, S); 2691 2692 // Inline the sync expression. 2693 return addStmt(S->getSynchExpr()); 2694} 2695 2696CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *S) { 2697 // FIXME 2698 return NYS(); 2699} 2700 2701CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) { 2702 autoCreateBlock(); 2703 2704 // Add the PseudoObject as the last thing. 2705 appendStmt(Block, E); 2706 2707 CFGBlock *lastBlock = Block; 2708 2709 // Before that, evaluate all of the semantics in order. In 2710 // CFG-land, that means appending them in reverse order. 2711 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) { 2712 Expr *Semantic = E->getSemanticExpr(--i); 2713 2714 // If the semantic is an opaque value, we're being asked to bind 2715 // it to its source expression. 2716 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic)) 2717 Semantic = OVE->getSourceExpr(); 2718 2719 if (CFGBlock *B = Visit(Semantic)) 2720 lastBlock = B; 2721 } 2722 2723 return lastBlock; 2724} 2725 2726CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) { 2727 CFGBlock *LoopSuccessor = nullptr; 2728 2729 // Save local scope position because in case of condition variable ScopePos 2730 // won't be restored when traversing AST. 2731 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2732 2733 // Create local scope for possible condition variable. 2734 // Store scope position for continue statement. 2735 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2736 if (VarDecl *VD = W->getConditionVariable()) { 2737 addLocalScopeForVarDecl(VD); 2738 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2739 } 2740 2741 // "while" is a control-flow statement. Thus we stop processing the current 2742 // block. 2743 if (Block) { 2744 if (badCFG) 2745 return nullptr; 2746 LoopSuccessor = Block; 2747 Block = nullptr; 2748 } else { 2749 LoopSuccessor = Succ; 2750 } 2751 2752 CFGBlock *BodyBlock = nullptr, *TransitionBlock = nullptr; 2753 2754 // Process the loop body. 2755 { 2756 assert(W->getBody()); 2757 2758 // Save the current values for Block, Succ, continue and break targets. 2759 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2760 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2761 save_break(BreakJumpTarget); 2762 2763 // Create an empty block to represent the transition block for looping back 2764 // to the head of the loop. 2765 Succ = TransitionBlock = createBlock(false); 2766 TransitionBlock->setLoopTarget(W); 2767 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos); 2768 2769 // All breaks should go to the code following the loop. 2770 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2771 2772 // Loop body should end with destructor of Condition variable (if any). 2773 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2774 2775 // If body is not a compound statement create implicit scope 2776 // and add destructors. 2777 if (!isa<CompoundStmt>(W->getBody())) 2778 addLocalScopeAndDtors(W->getBody()); 2779 2780 // Create the body. The returned block is the entry to the loop body. 2781 BodyBlock = addStmt(W->getBody()); 2782 2783 if (!BodyBlock) 2784 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;" 2785 else if (Block && badCFG) 2786 return nullptr; 2787 } 2788 2789 // Because of short-circuit evaluation, the condition of the loop can span 2790 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2791 // evaluate the condition. 2792 CFGBlock *EntryConditionBlock = nullptr, *ExitConditionBlock = nullptr; 2793 2794 do { 2795 Expr *C = W->getCond(); 2796 2797 // Specially handle logical operators, which have a slightly 2798 // more optimal CFG representation. 2799 if (BinaryOperator *Cond = dyn_cast<BinaryOperator>(C->IgnoreParens())) 2800 if (Cond->isLogicalOp()) { 2801 std::tie(EntryConditionBlock, ExitConditionBlock) = 2802 VisitLogicalOperator(Cond, W, BodyBlock, LoopSuccessor); 2803 break; 2804 } 2805 2806 // The default case when not handling logical operators. 2807 ExitConditionBlock = createBlock(false); 2808 ExitConditionBlock->setTerminator(W); 2809 2810 // Now add the actual condition to the condition block. 2811 // Because the condition itself may contain control-flow, new blocks may 2812 // be created. Thus we update "Succ" after adding the condition. 2813 Block = ExitConditionBlock; 2814 Block = EntryConditionBlock = addStmt(C); 2815 2816 // If this block contains a condition variable, add both the condition 2817 // variable and initializer to the CFG. 2818 if (VarDecl *VD = W->getConditionVariable()) { 2819 if (Expr *Init = VD->getInit()) { 2820 autoCreateBlock(); 2821 appendStmt(Block, W->getConditionVariableDeclStmt()); 2822 EntryConditionBlock = addStmt(Init); 2823 assert(Block == EntryConditionBlock); 2824 } 2825 } 2826 2827 if (Block && badCFG) 2828 return nullptr; 2829 2830 // See if this is a known constant. 2831 const TryResult& KnownVal = tryEvaluateBool(C); 2832 2833 // Add the loop body entry as a successor to the condition. 2834 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? nullptr : BodyBlock); 2835 // Link up the condition block with the code that follows the loop. (the 2836 // false branch). 2837 addSuccessor(ExitConditionBlock, 2838 KnownVal.isTrue() ? nullptr : LoopSuccessor); 2839 2840 } while(false); 2841 2842 // Link up the loop-back block to the entry condition block. 2843 addSuccessor(TransitionBlock, EntryConditionBlock); 2844 2845 // There can be no more statements in the condition block since we loop back 2846 // to this block. NULL out Block to force lazy creation of another block. 2847 Block = nullptr; 2848 2849 // Return the condition block, which is the dominating block for the loop. 2850 Succ = EntryConditionBlock; 2851 return EntryConditionBlock; 2852} 2853 2854 2855CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *S) { 2856 // FIXME: For now we pretend that @catch and the code it contains does not 2857 // exit. 2858 return Block; 2859} 2860 2861CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) { 2862 // FIXME: This isn't complete. We basically treat @throw like a return 2863 // statement. 2864 2865 // If we were in the middle of a block we stop processing that block. 2866 if (badCFG) 2867 return nullptr; 2868 2869 // Create the new block. 2870 Block = createBlock(false); 2871 2872 // The Exit block is the only successor. 2873 addSuccessor(Block, &cfg->getExit()); 2874 2875 // Add the statement to the block. This may create new blocks if S contains 2876 // control-flow (short-circuit operations). 2877 return VisitStmt(S, AddStmtChoice::AlwaysAdd); 2878} 2879 2880CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) { 2881 // If we were in the middle of a block we stop processing that block. 2882 if (badCFG) 2883 return nullptr; 2884 2885 // Create the new block. 2886 Block = createBlock(false); 2887 2888 if (TryTerminatedBlock) 2889 // The current try statement is the only successor. 2890 addSuccessor(Block, TryTerminatedBlock); 2891 else 2892 // otherwise the Exit block is the only successor. 2893 addSuccessor(Block, &cfg->getExit()); 2894 2895 // Add the statement to the block. This may create new blocks if S contains 2896 // control-flow (short-circuit operations). 2897 return VisitStmt(T, AddStmtChoice::AlwaysAdd); 2898} 2899 2900CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) { 2901 CFGBlock *LoopSuccessor = nullptr; 2902 2903 // "do...while" is a control-flow statement. Thus we stop processing the 2904 // current block. 2905 if (Block) { 2906 if (badCFG) 2907 return nullptr; 2908 LoopSuccessor = Block; 2909 } else 2910 LoopSuccessor = Succ; 2911 2912 // Because of short-circuit evaluation, the condition of the loop can span 2913 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2914 // evaluate the condition. 2915 CFGBlock *ExitConditionBlock = createBlock(false); 2916 CFGBlock *EntryConditionBlock = ExitConditionBlock; 2917 2918 // Set the terminator for the "exit" condition block. 2919 ExitConditionBlock->setTerminator(D); 2920 2921 // Now add the actual condition to the condition block. Because the condition 2922 // itself may contain control-flow, new blocks may be created. 2923 if (Stmt *C = D->getCond()) { 2924 Block = ExitConditionBlock; 2925 EntryConditionBlock = addStmt(C); 2926 if (Block) { 2927 if (badCFG) 2928 return nullptr; 2929 } 2930 } 2931 2932 // The condition block is the implicit successor for the loop body. 2933 Succ = EntryConditionBlock; 2934 2935 // See if this is a known constant. 2936 const TryResult &KnownVal = tryEvaluateBool(D->getCond()); 2937 2938 // Process the loop body. 2939 CFGBlock *BodyBlock = nullptr; 2940 { 2941 assert(D->getBody()); 2942 2943 // Save the current values for Block, Succ, and continue and break targets 2944 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2945 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2946 save_break(BreakJumpTarget); 2947 2948 // All continues within this loop should go to the condition block 2949 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos); 2950 2951 // All breaks should go to the code following the loop. 2952 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2953 2954 // NULL out Block to force lazy instantiation of blocks for the body. 2955 Block = nullptr; 2956 2957 // If body is not a compound statement create implicit scope 2958 // and add destructors. 2959 if (!isa<CompoundStmt>(D->getBody())) 2960 addLocalScopeAndDtors(D->getBody()); 2961 2962 // Create the body. The returned block is the entry to the loop body. 2963 BodyBlock = addStmt(D->getBody()); 2964 2965 if (!BodyBlock) 2966 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)" 2967 else if (Block) { 2968 if (badCFG) 2969 return nullptr; 2970 } 2971 2972 if (!KnownVal.isFalse()) { 2973 // Add an intermediate block between the BodyBlock and the 2974 // ExitConditionBlock to represent the "loop back" transition. Create an 2975 // empty block to represent the transition block for looping back to the 2976 // head of the loop. 2977 // FIXME: Can we do this more efficiently without adding another block? 2978 Block = nullptr; 2979 Succ = BodyBlock; 2980 CFGBlock *LoopBackBlock = createBlock(); 2981 LoopBackBlock->setLoopTarget(D); 2982 2983 // Add the loop body entry as a successor to the condition. 2984 addSuccessor(ExitConditionBlock, LoopBackBlock); 2985 } 2986 else 2987 addSuccessor(ExitConditionBlock, nullptr); 2988 } 2989 2990 // Link up the condition block with the code that follows the loop. 2991 // (the false branch). 2992 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? nullptr : LoopSuccessor); 2993 2994 // There can be no more statements in the body block(s) since we loop back to 2995 // the body. NULL out Block to force lazy creation of another block. 2996 Block = nullptr; 2997 2998 // Return the loop body, which is the dominating block for the loop. 2999 Succ = BodyBlock; 3000 return BodyBlock; 3001} 3002 3003CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) { 3004 // "continue" is a control-flow statement. Thus we stop processing the 3005 // current block. 3006 if (badCFG) 3007 return nullptr; 3008 3009 // Now create a new block that ends with the continue statement. 3010 Block = createBlock(false); 3011 Block->setTerminator(C); 3012 3013 // If there is no target for the continue, then we are looking at an 3014 // incomplete AST. This means the CFG cannot be constructed. 3015 if (ContinueJumpTarget.block) { 3016 addAutomaticObjDtors(ScopePos, ContinueJumpTarget.scopePosition, C); 3017 addSuccessor(Block, ContinueJumpTarget.block); 3018 } else 3019 badCFG = true; 3020 3021 return Block; 3022} 3023 3024CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 3025 AddStmtChoice asc) { 3026 3027 if (asc.alwaysAdd(*this, E)) { 3028 autoCreateBlock(); 3029 appendStmt(Block, E); 3030 } 3031 3032 // VLA types have expressions that must be evaluated. 3033 CFGBlock *lastBlock = Block; 3034 3035 if (E->isArgumentType()) { 3036 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr()); 3037 VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr())) 3038 lastBlock = addStmt(VA->getSizeExpr()); 3039 } 3040 return lastBlock; 3041} 3042 3043/// VisitStmtExpr - Utility method to handle (nested) statement 3044/// expressions (a GCC extension). 3045CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) { 3046 if (asc.alwaysAdd(*this, SE)) { 3047 autoCreateBlock(); 3048 appendStmt(Block, SE); 3049 } 3050 return VisitCompoundStmt(SE->getSubStmt()); 3051} 3052 3053CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) { 3054 // "switch" is a control-flow statement. Thus we stop processing the current 3055 // block. 3056 CFGBlock *SwitchSuccessor = nullptr; 3057 3058 // Save local scope position because in case of condition variable ScopePos 3059 // won't be restored when traversing AST. 3060 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 3061 3062 // Create local scope for possible condition variable. 3063 // Store scope position. Add implicit destructor. 3064 if (VarDecl *VD = Terminator->getConditionVariable()) { 3065 LocalScope::const_iterator SwitchBeginScopePos = ScopePos; 3066 addLocalScopeForVarDecl(VD); 3067 addAutomaticObjDtors(ScopePos, SwitchBeginScopePos, Terminator); 3068 } 3069 3070 if (Block) { 3071 if (badCFG) 3072 return nullptr; 3073 SwitchSuccessor = Block; 3074 } else SwitchSuccessor = Succ; 3075 3076 // Save the current "switch" context. 3077 SaveAndRestore<CFGBlock*> save_switch(SwitchTerminatedBlock), 3078 save_default(DefaultCaseBlock); 3079 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 3080 3081 // Set the "default" case to be the block after the switch statement. If the 3082 // switch statement contains a "default:", this value will be overwritten with 3083 // the block for that code. 3084 DefaultCaseBlock = SwitchSuccessor; 3085 3086 // Create a new block that will contain the switch statement. 3087 SwitchTerminatedBlock = createBlock(false); 3088 3089 // Now process the switch body. The code after the switch is the implicit 3090 // successor. 3091 Succ = SwitchSuccessor; 3092 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos); 3093 3094 // When visiting the body, the case statements should automatically get linked 3095 // up to the switch. We also don't keep a pointer to the body, since all 3096 // control-flow from the switch goes to case/default statements. 3097 assert(Terminator->getBody() && "switch must contain a non-NULL body"); 3098 Block = nullptr; 3099 3100 // For pruning unreachable case statements, save the current state 3101 // for tracking the condition value. 3102 SaveAndRestore<bool> save_switchExclusivelyCovered(switchExclusivelyCovered, 3103 false); 3104 3105 // Determine if the switch condition can be explicitly evaluated. 3106 assert(Terminator->getCond() && "switch condition must be non-NULL"); 3107 Expr::EvalResult result; 3108 bool b = tryEvaluate(Terminator->getCond(), result); 3109 SaveAndRestore<Expr::EvalResult*> save_switchCond(switchCond, 3110 b ? &result : nullptr); 3111 3112 // If body is not a compound statement create implicit scope 3113 // and add destructors. 3114 if (!isa<CompoundStmt>(Terminator->getBody())) 3115 addLocalScopeAndDtors(Terminator->getBody()); 3116 3117 addStmt(Terminator->getBody()); 3118 if (Block) { 3119 if (badCFG) 3120 return nullptr; 3121 } 3122 3123 // If we have no "default:" case, the default transition is to the code 3124 // following the switch body. Moreover, take into account if all the 3125 // cases of a switch are covered (e.g., switching on an enum value). 3126 // 3127 // Note: We add a successor to a switch that is considered covered yet has no 3128 // case statements if the enumeration has no enumerators. 3129 bool SwitchAlwaysHasSuccessor = false; 3130 SwitchAlwaysHasSuccessor |= switchExclusivelyCovered; 3131 SwitchAlwaysHasSuccessor |= Terminator->isAllEnumCasesCovered() && 3132 Terminator->getSwitchCaseList(); 3133 addSuccessor(SwitchTerminatedBlock, DefaultCaseBlock, 3134 !SwitchAlwaysHasSuccessor); 3135 3136 // Add the terminator and condition in the switch block. 3137 SwitchTerminatedBlock->setTerminator(Terminator); 3138 Block = SwitchTerminatedBlock; 3139 CFGBlock *LastBlock = addStmt(Terminator->getCond()); 3140 3141 // Finally, if the SwitchStmt contains a condition variable, add both the 3142 // SwitchStmt and the condition variable initialization to the CFG. 3143 if (VarDecl *VD = Terminator->getConditionVariable()) { 3144 if (Expr *Init = VD->getInit()) { 3145 autoCreateBlock(); 3146 appendStmt(Block, Terminator->getConditionVariableDeclStmt()); 3147 LastBlock = addStmt(Init); 3148 } 3149 } 3150 3151 return LastBlock; 3152} 3153 3154static bool shouldAddCase(bool &switchExclusivelyCovered, 3155 const Expr::EvalResult *switchCond, 3156 const CaseStmt *CS, 3157 ASTContext &Ctx) { 3158 if (!switchCond) 3159 return true; 3160 3161 bool addCase = false; 3162 3163 if (!switchExclusivelyCovered) { 3164 if (switchCond->Val.isInt()) { 3165 // Evaluate the LHS of the case value. 3166 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx); 3167 const llvm::APSInt &condInt = switchCond->Val.getInt(); 3168 3169 if (condInt == lhsInt) { 3170 addCase = true; 3171 switchExclusivelyCovered = true; 3172 } 3173 else if (condInt > lhsInt) { 3174 if (const Expr *RHS = CS->getRHS()) { 3175 // Evaluate the RHS of the case value. 3176 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx); 3177 if (V2 >= condInt) { 3178 addCase = true; 3179 switchExclusivelyCovered = true; 3180 } 3181 } 3182 } 3183 } 3184 else 3185 addCase = true; 3186 } 3187 return addCase; 3188} 3189 3190CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) { 3191 // CaseStmts are essentially labels, so they are the first statement in a 3192 // block. 3193 CFGBlock *TopBlock = nullptr, *LastBlock = nullptr; 3194 3195 if (Stmt *Sub = CS->getSubStmt()) { 3196 // For deeply nested chains of CaseStmts, instead of doing a recursion 3197 // (which can blow out the stack), manually unroll and create blocks 3198 // along the way. 3199 while (isa<CaseStmt>(Sub)) { 3200 CFGBlock *currentBlock = createBlock(false); 3201 currentBlock->setLabel(CS); 3202 3203 if (TopBlock) 3204 addSuccessor(LastBlock, currentBlock); 3205 else 3206 TopBlock = currentBlock; 3207 3208 addSuccessor(SwitchTerminatedBlock, 3209 shouldAddCase(switchExclusivelyCovered, switchCond, 3210 CS, *Context) 3211 ? currentBlock : nullptr); 3212 3213 LastBlock = currentBlock; 3214 CS = cast<CaseStmt>(Sub); 3215 Sub = CS->getSubStmt(); 3216 } 3217 3218 addStmt(Sub); 3219 } 3220 3221 CFGBlock *CaseBlock = Block; 3222 if (!CaseBlock) 3223 CaseBlock = createBlock(); 3224 3225 // Cases statements partition blocks, so this is the top of the basic block we 3226 // were processing (the "case XXX:" is the label). 3227 CaseBlock->setLabel(CS); 3228 3229 if (badCFG) 3230 return nullptr; 3231 3232 // Add this block to the list of successors for the block with the switch 3233 // statement. 3234 assert(SwitchTerminatedBlock); 3235 addSuccessor(SwitchTerminatedBlock, CaseBlock, 3236 shouldAddCase(switchExclusivelyCovered, switchCond, 3237 CS, *Context)); 3238 3239 // We set Block to NULL to allow lazy creation of a new block (if necessary) 3240 Block = nullptr; 3241 3242 if (TopBlock) { 3243 addSuccessor(LastBlock, CaseBlock); 3244 Succ = TopBlock; 3245 } else { 3246 // This block is now the implicit successor of other blocks. 3247 Succ = CaseBlock; 3248 } 3249 3250 return Succ; 3251} 3252 3253CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) { 3254 if (Terminator->getSubStmt()) 3255 addStmt(Terminator->getSubStmt()); 3256 3257 DefaultCaseBlock = Block; 3258 3259 if (!DefaultCaseBlock) 3260 DefaultCaseBlock = createBlock(); 3261 3262 // Default statements partition blocks, so this is the top of the basic block 3263 // we were processing (the "default:" is the label). 3264 DefaultCaseBlock->setLabel(Terminator); 3265 3266 if (badCFG) 3267 return nullptr; 3268 3269 // Unlike case statements, we don't add the default block to the successors 3270 // for the switch statement immediately. This is done when we finish 3271 // processing the switch statement. This allows for the default case 3272 // (including a fall-through to the code after the switch statement) to always 3273 // be the last successor of a switch-terminated block. 3274 3275 // We set Block to NULL to allow lazy creation of a new block (if necessary) 3276 Block = nullptr; 3277 3278 // This block is now the implicit successor of other blocks. 3279 Succ = DefaultCaseBlock; 3280 3281 return DefaultCaseBlock; 3282} 3283 3284CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) { 3285 // "try"/"catch" is a control-flow statement. Thus we stop processing the 3286 // current block. 3287 CFGBlock *TrySuccessor = nullptr; 3288 3289 if (Block) { 3290 if (badCFG) 3291 return nullptr; 3292 TrySuccessor = Block; 3293 } else TrySuccessor = Succ; 3294 3295 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock; 3296 3297 // Create a new block that will contain the try statement. 3298 CFGBlock *NewTryTerminatedBlock = createBlock(false); 3299 // Add the terminator in the try block. 3300 NewTryTerminatedBlock->setTerminator(Terminator); 3301 3302 bool HasCatchAll = false; 3303 for (unsigned h = 0; h <Terminator->getNumHandlers(); ++h) { 3304 // The code after the try is the implicit successor. 3305 Succ = TrySuccessor; 3306 CXXCatchStmt *CS = Terminator->getHandler(h); 3307 if (CS->getExceptionDecl() == nullptr) { 3308 HasCatchAll = true; 3309 } 3310 Block = nullptr; 3311 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS); 3312 if (!CatchBlock) 3313 return nullptr; 3314 // Add this block to the list of successors for the block with the try 3315 // statement. 3316 addSuccessor(NewTryTerminatedBlock, CatchBlock); 3317 } 3318 if (!HasCatchAll) { 3319 if (PrevTryTerminatedBlock) 3320 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock); 3321 else 3322 addSuccessor(NewTryTerminatedBlock, &cfg->getExit()); 3323 } 3324 3325 // The code after the try is the implicit successor. 3326 Succ = TrySuccessor; 3327 3328 // Save the current "try" context. 3329 SaveAndRestore<CFGBlock*> save_try(TryTerminatedBlock, NewTryTerminatedBlock); 3330 cfg->addTryDispatchBlock(TryTerminatedBlock); 3331 3332 assert(Terminator->getTryBlock() && "try must contain a non-NULL body"); 3333 Block = nullptr; 3334 return addStmt(Terminator->getTryBlock()); 3335} 3336 3337CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) { 3338 // CXXCatchStmt are treated like labels, so they are the first statement in a 3339 // block. 3340 3341 // Save local scope position because in case of exception variable ScopePos 3342 // won't be restored when traversing AST. 3343 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 3344 3345 // Create local scope for possible exception variable. 3346 // Store scope position. Add implicit destructor. 3347 if (VarDecl *VD = CS->getExceptionDecl()) { 3348 LocalScope::const_iterator BeginScopePos = ScopePos; 3349 addLocalScopeForVarDecl(VD); 3350 addAutomaticObjDtors(ScopePos, BeginScopePos, CS); 3351 } 3352 3353 if (CS->getHandlerBlock()) 3354 addStmt(CS->getHandlerBlock()); 3355 3356 CFGBlock *CatchBlock = Block; 3357 if (!CatchBlock) 3358 CatchBlock = createBlock(); 3359 3360 // CXXCatchStmt is more than just a label. They have semantic meaning 3361 // as well, as they implicitly "initialize" the catch variable. Add 3362 // it to the CFG as a CFGElement so that the control-flow of these 3363 // semantics gets captured. 3364 appendStmt(CatchBlock, CS); 3365 3366 // Also add the CXXCatchStmt as a label, to mirror handling of regular 3367 // labels. 3368 CatchBlock->setLabel(CS); 3369 3370 // Bail out if the CFG is bad. 3371 if (badCFG) 3372 return nullptr; 3373 3374 // We set Block to NULL to allow lazy creation of a new block (if necessary) 3375 Block = nullptr; 3376 3377 return CatchBlock; 3378} 3379 3380CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) { 3381 // C++0x for-range statements are specified as [stmt.ranged]: 3382 // 3383 // { 3384 // auto && __range = range-init; 3385 // for ( auto __begin = begin-expr, 3386 // __end = end-expr; 3387 // __begin != __end; 3388 // ++__begin ) { 3389 // for-range-declaration = *__begin; 3390 // statement 3391 // } 3392 // } 3393 3394 // Save local scope position before the addition of the implicit variables. 3395 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 3396 3397 // Create local scopes and destructors for range, begin and end variables. 3398 if (Stmt *Range = S->getRangeStmt()) 3399 addLocalScopeForStmt(Range); 3400 if (Stmt *BeginEnd = S->getBeginEndStmt()) 3401 addLocalScopeForStmt(BeginEnd); 3402 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), S); 3403 3404 LocalScope::const_iterator ContinueScopePos = ScopePos; 3405 3406 // "for" is a control-flow statement. Thus we stop processing the current 3407 // block. 3408 CFGBlock *LoopSuccessor = nullptr; 3409 if (Block) { 3410 if (badCFG) 3411 return nullptr; 3412 LoopSuccessor = Block; 3413 } else 3414 LoopSuccessor = Succ; 3415 3416 // Save the current value for the break targets. 3417 // All breaks should go to the code following the loop. 3418 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 3419 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 3420 3421 // The block for the __begin != __end expression. 3422 CFGBlock *ConditionBlock = createBlock(false); 3423 ConditionBlock->setTerminator(S); 3424 3425 // Now add the actual condition to the condition block. 3426 if (Expr *C = S->getCond()) { 3427 Block = ConditionBlock; 3428 CFGBlock *BeginConditionBlock = addStmt(C); 3429 if (badCFG) 3430 return nullptr; 3431 assert(BeginConditionBlock == ConditionBlock && 3432 "condition block in for-range was unexpectedly complex"); 3433 (void)BeginConditionBlock; 3434 } 3435 3436 // The condition block is the implicit successor for the loop body as well as 3437 // any code above the loop. 3438 Succ = ConditionBlock; 3439 3440 // See if this is a known constant. 3441 TryResult KnownVal(true); 3442 3443 if (S->getCond()) 3444 KnownVal = tryEvaluateBool(S->getCond()); 3445 3446 // Now create the loop body. 3447 { 3448 assert(S->getBody()); 3449 3450 // Save the current values for Block, Succ, and continue targets. 3451 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 3452 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 3453 3454 // Generate increment code in its own basic block. This is the target of 3455 // continue statements. 3456 Block = nullptr; 3457 Succ = addStmt(S->getInc()); 3458 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 3459 3460 // The starting block for the loop increment is the block that should 3461 // represent the 'loop target' for looping back to the start of the loop. 3462 ContinueJumpTarget.block->setLoopTarget(S); 3463 3464 // Finish up the increment block and prepare to start the loop body. 3465 assert(Block); 3466 if (badCFG) 3467 return nullptr; 3468 Block = nullptr; 3469 3470 // Add implicit scope and dtors for loop variable. 3471 addLocalScopeAndDtors(S->getLoopVarStmt()); 3472 3473 // Populate a new block to contain the loop body and loop variable. 3474 addStmt(S->getBody()); 3475 if (badCFG) 3476 return nullptr; 3477 CFGBlock *LoopVarStmtBlock = addStmt(S->getLoopVarStmt()); 3478 if (badCFG) 3479 return nullptr; 3480 3481 // This new body block is a successor to our condition block. 3482 addSuccessor(ConditionBlock, 3483 KnownVal.isFalse() ? nullptr : LoopVarStmtBlock); 3484 } 3485 3486 // Link up the condition block with the code that follows the loop (the 3487 // false branch). 3488 addSuccessor(ConditionBlock, KnownVal.isTrue() ? nullptr : LoopSuccessor); 3489 3490 // Add the initialization statements. 3491 Block = createBlock(); 3492 addStmt(S->getBeginEndStmt()); 3493 return addStmt(S->getRangeStmt()); 3494} 3495 3496CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E, 3497 AddStmtChoice asc) { 3498 if (BuildOpts.AddTemporaryDtors) { 3499 // If adding implicit destructors visit the full expression for adding 3500 // destructors of temporaries. 3501 TempDtorContext Context; 3502 VisitForTemporaryDtors(E->getSubExpr(), false, Context); 3503 3504 // Full expression has to be added as CFGStmt so it will be sequenced 3505 // before destructors of it's temporaries. 3506 asc = asc.withAlwaysAdd(true); 3507 } 3508 return Visit(E->getSubExpr(), asc); 3509} 3510 3511CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 3512 AddStmtChoice asc) { 3513 if (asc.alwaysAdd(*this, E)) { 3514 autoCreateBlock(); 3515 appendStmt(Block, E); 3516 3517 // We do not want to propagate the AlwaysAdd property. 3518 asc = asc.withAlwaysAdd(false); 3519 } 3520 return Visit(E->getSubExpr(), asc); 3521} 3522 3523CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C, 3524 AddStmtChoice asc) { 3525 autoCreateBlock(); 3526 appendStmt(Block, C); 3527 3528 return VisitChildren(C); 3529} 3530 3531CFGBlock *CFGBuilder::VisitCXXNewExpr(CXXNewExpr *NE, 3532 AddStmtChoice asc) { 3533 3534 autoCreateBlock(); 3535 appendStmt(Block, NE); 3536 3537 if (NE->getInitializer()) 3538 Block = Visit(NE->getInitializer()); 3539 if (BuildOpts.AddCXXNewAllocator) 3540 appendNewAllocator(Block, NE); 3541 if (NE->isArray()) 3542 Block = Visit(NE->getArraySize()); 3543 for (CXXNewExpr::arg_iterator I = NE->placement_arg_begin(), 3544 E = NE->placement_arg_end(); I != E; ++I) 3545 Block = Visit(*I); 3546 return Block; 3547} 3548 3549CFGBlock *CFGBuilder::VisitCXXDeleteExpr(CXXDeleteExpr *DE, 3550 AddStmtChoice asc) { 3551 autoCreateBlock(); 3552 appendStmt(Block, DE); 3553 QualType DTy = DE->getDestroyedType(); 3554 DTy = DTy.getNonReferenceType(); 3555 CXXRecordDecl *RD = Context->getBaseElementType(DTy)->getAsCXXRecordDecl(); 3556 if (RD) { 3557 if (RD->isCompleteDefinition() && !RD->hasTrivialDestructor()) 3558 appendDeleteDtor(Block, RD, DE); 3559 } 3560 3561 return VisitChildren(DE); 3562} 3563 3564CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 3565 AddStmtChoice asc) { 3566 if (asc.alwaysAdd(*this, E)) { 3567 autoCreateBlock(); 3568 appendStmt(Block, E); 3569 // We do not want to propagate the AlwaysAdd property. 3570 asc = asc.withAlwaysAdd(false); 3571 } 3572 return Visit(E->getSubExpr(), asc); 3573} 3574 3575CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 3576 AddStmtChoice asc) { 3577 autoCreateBlock(); 3578 appendStmt(Block, C); 3579 return VisitChildren(C); 3580} 3581 3582CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E, 3583 AddStmtChoice asc) { 3584 if (asc.alwaysAdd(*this, E)) { 3585 autoCreateBlock(); 3586 appendStmt(Block, E); 3587 } 3588 return Visit(E->getSubExpr(), AddStmtChoice()); 3589} 3590 3591CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3592 // Lazily create the indirect-goto dispatch block if there isn't one already. 3593 CFGBlock *IBlock = cfg->getIndirectGotoBlock(); 3594 3595 if (!IBlock) { 3596 IBlock = createBlock(false); 3597 cfg->setIndirectGotoBlock(IBlock); 3598 } 3599 3600 // IndirectGoto is a control-flow statement. Thus we stop processing the 3601 // current block and create a new one. 3602 if (badCFG) 3603 return nullptr; 3604 3605 Block = createBlock(false); 3606 Block->setTerminator(I); 3607 addSuccessor(Block, IBlock); 3608 return addStmt(I->getTarget()); 3609} 3610 3611CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary, 3612 TempDtorContext &Context) { 3613 assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors); 3614 3615tryAgain: 3616 if (!E) { 3617 badCFG = true; 3618 return nullptr; 3619 } 3620 switch (E->getStmtClass()) { 3621 default: 3622 return VisitChildrenForTemporaryDtors(E, Context); 3623 3624 case Stmt::BinaryOperatorClass: 3625 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E), 3626 Context); 3627 3628 case Stmt::CXXBindTemporaryExprClass: 3629 return VisitCXXBindTemporaryExprForTemporaryDtors( 3630 cast<CXXBindTemporaryExpr>(E), BindToTemporary, Context); 3631 3632 case Stmt::BinaryConditionalOperatorClass: 3633 case Stmt::ConditionalOperatorClass: 3634 return VisitConditionalOperatorForTemporaryDtors( 3635 cast<AbstractConditionalOperator>(E), BindToTemporary, Context); 3636 3637 case Stmt::ImplicitCastExprClass: 3638 // For implicit cast we want BindToTemporary to be passed further. 3639 E = cast<CastExpr>(E)->getSubExpr(); 3640 goto tryAgain; 3641 3642 case Stmt::CXXFunctionalCastExprClass: 3643 // For functional cast we want BindToTemporary to be passed further. 3644 E = cast<CXXFunctionalCastExpr>(E)->getSubExpr(); 3645 goto tryAgain; 3646 3647 case Stmt::ParenExprClass: 3648 E = cast<ParenExpr>(E)->getSubExpr(); 3649 goto tryAgain; 3650 3651 case Stmt::MaterializeTemporaryExprClass: { 3652 const MaterializeTemporaryExpr* MTE = cast<MaterializeTemporaryExpr>(E); 3653 BindToTemporary = (MTE->getStorageDuration() != SD_FullExpression); 3654 SmallVector<const Expr *, 2> CommaLHSs; 3655 SmallVector<SubobjectAdjustment, 2> Adjustments; 3656 // Find the expression whose lifetime needs to be extended. 3657 E = const_cast<Expr *>( 3658 cast<MaterializeTemporaryExpr>(E) 3659 ->GetTemporaryExpr() 3660 ->skipRValueSubobjectAdjustments(CommaLHSs, Adjustments)); 3661 // Visit the skipped comma operator left-hand sides for other temporaries. 3662 for (const Expr *CommaLHS : CommaLHSs) { 3663 VisitForTemporaryDtors(const_cast<Expr *>(CommaLHS), 3664 /*BindToTemporary=*/false, Context); 3665 } 3666 goto tryAgain; 3667 } 3668 3669 case Stmt::BlockExprClass: 3670 // Don't recurse into blocks; their subexpressions don't get evaluated 3671 // here. 3672 return Block; 3673 3674 case Stmt::LambdaExprClass: { 3675 // For lambda expressions, only recurse into the capture initializers, 3676 // and not the body. 3677 auto *LE = cast<LambdaExpr>(E); 3678 CFGBlock *B = Block; 3679 for (Expr *Init : LE->capture_inits()) { 3680 if (CFGBlock *R = VisitForTemporaryDtors( 3681 Init, /*BindToTemporary=*/false, Context)) 3682 B = R; 3683 } 3684 return B; 3685 } 3686 3687 case Stmt::CXXDefaultArgExprClass: 3688 E = cast<CXXDefaultArgExpr>(E)->getExpr(); 3689 goto tryAgain; 3690 3691 case Stmt::CXXDefaultInitExprClass: 3692 E = cast<CXXDefaultInitExpr>(E)->getExpr(); 3693 goto tryAgain; 3694 } 3695} 3696 3697CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E, 3698 TempDtorContext &Context) { 3699 if (isa<LambdaExpr>(E)) { 3700 // Do not visit the children of lambdas; they have their own CFGs. 3701 return Block; 3702 } 3703 3704 // When visiting children for destructors we want to visit them in reverse 3705 // order that they will appear in the CFG. Because the CFG is built 3706 // bottom-up, this means we visit them in their natural order, which 3707 // reverses them in the CFG. 3708 CFGBlock *B = Block; 3709 for (Stmt *Child : E->children()) 3710 if (Child) 3711 if (CFGBlock *R = VisitForTemporaryDtors(Child, false, Context)) 3712 B = R; 3713 3714 return B; 3715} 3716 3717CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors( 3718 BinaryOperator *E, TempDtorContext &Context) { 3719 if (E->isLogicalOp()) { 3720 VisitForTemporaryDtors(E->getLHS(), false, Context); 3721 TryResult RHSExecuted = tryEvaluateBool(E->getLHS()); 3722 if (RHSExecuted.isKnown() && E->getOpcode() == BO_LOr) 3723 RHSExecuted.negate(); 3724 3725 // We do not know at CFG-construction time whether the right-hand-side was 3726 // executed, thus we add a branch node that depends on the temporary 3727 // constructor call. 3728 TempDtorContext RHSContext( 3729 bothKnownTrue(Context.KnownExecuted, RHSExecuted)); 3730 VisitForTemporaryDtors(E->getRHS(), false, RHSContext); 3731 InsertTempDtorDecisionBlock(RHSContext); 3732 3733 return Block; 3734 } 3735 3736 if (E->isAssignmentOp()) { 3737 // For assignment operator (=) LHS expression is visited 3738 // before RHS expression. For destructors visit them in reverse order. 3739 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS(), false, Context); 3740 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS(), false, Context); 3741 return LHSBlock ? LHSBlock : RHSBlock; 3742 } 3743 3744 // For any other binary operator RHS expression is visited before 3745 // LHS expression (order of children). For destructors visit them in reverse 3746 // order. 3747 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS(), false, Context); 3748 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS(), false, Context); 3749 return RHSBlock ? RHSBlock : LHSBlock; 3750} 3751 3752CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors( 3753 CXXBindTemporaryExpr *E, bool BindToTemporary, TempDtorContext &Context) { 3754 // First add destructors for temporaries in subexpression. 3755 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr(), false, Context); 3756 if (!BindToTemporary) { 3757 // If lifetime of temporary is not prolonged (by assigning to constant 3758 // reference) add destructor for it. 3759 3760 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor(); 3761 3762 if (Dtor->getParent()->isAnyDestructorNoReturn()) { 3763 // If the destructor is marked as a no-return destructor, we need to 3764 // create a new block for the destructor which does not have as a 3765 // successor anything built thus far. Control won't flow out of this 3766 // block. 3767 if (B) Succ = B; 3768 Block = createNoReturnBlock(); 3769 } else if (Context.needsTempDtorBranch()) { 3770 // If we need to introduce a branch, we add a new block that we will hook 3771 // up to a decision block later. 3772 if (B) Succ = B; 3773 Block = createBlock(); 3774 } else { 3775 autoCreateBlock(); 3776 } 3777 if (Context.needsTempDtorBranch()) { 3778 Context.setDecisionPoint(Succ, E); 3779 } 3780 appendTemporaryDtor(Block, E); 3781 3782 B = Block; 3783 } 3784 return B; 3785} 3786 3787void CFGBuilder::InsertTempDtorDecisionBlock(const TempDtorContext &Context, 3788 CFGBlock *FalseSucc) { 3789 if (!Context.TerminatorExpr) { 3790 // If no temporary was found, we do not need to insert a decision point. 3791 return; 3792 } 3793 assert(Context.TerminatorExpr); 3794 CFGBlock *Decision = createBlock(false); 3795 Decision->setTerminator(CFGTerminator(Context.TerminatorExpr, true)); 3796 addSuccessor(Decision, Block, !Context.KnownExecuted.isFalse()); 3797 addSuccessor(Decision, FalseSucc ? FalseSucc : Context.Succ, 3798 !Context.KnownExecuted.isTrue()); 3799 Block = Decision; 3800} 3801 3802CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors( 3803 AbstractConditionalOperator *E, bool BindToTemporary, 3804 TempDtorContext &Context) { 3805 VisitForTemporaryDtors(E->getCond(), false, Context); 3806 CFGBlock *ConditionBlock = Block; 3807 CFGBlock *ConditionSucc = Succ; 3808 TryResult ConditionVal = tryEvaluateBool(E->getCond()); 3809 TryResult NegatedVal = ConditionVal; 3810 if (NegatedVal.isKnown()) NegatedVal.negate(); 3811 3812 TempDtorContext TrueContext( 3813 bothKnownTrue(Context.KnownExecuted, ConditionVal)); 3814 VisitForTemporaryDtors(E->getTrueExpr(), BindToTemporary, TrueContext); 3815 CFGBlock *TrueBlock = Block; 3816 3817 Block = ConditionBlock; 3818 Succ = ConditionSucc; 3819 TempDtorContext FalseContext( 3820 bothKnownTrue(Context.KnownExecuted, NegatedVal)); 3821 VisitForTemporaryDtors(E->getFalseExpr(), BindToTemporary, FalseContext); 3822 3823 if (TrueContext.TerminatorExpr && FalseContext.TerminatorExpr) { 3824 InsertTempDtorDecisionBlock(FalseContext, TrueBlock); 3825 } else if (TrueContext.TerminatorExpr) { 3826 Block = TrueBlock; 3827 InsertTempDtorDecisionBlock(TrueContext); 3828 } else { 3829 InsertTempDtorDecisionBlock(FalseContext); 3830 } 3831 return Block; 3832} 3833 3834} // end anonymous namespace 3835 3836/// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has 3837/// no successors or predecessors. If this is the first block created in the 3838/// CFG, it is automatically set to be the Entry and Exit of the CFG. 3839CFGBlock *CFG::createBlock() { 3840 bool first_block = begin() == end(); 3841 3842 // Create the block. 3843 CFGBlock *Mem = getAllocator().Allocate<CFGBlock>(); 3844 new (Mem) CFGBlock(NumBlockIDs++, BlkBVC, this); 3845 Blocks.push_back(Mem, BlkBVC); 3846 3847 // If this is the first block, set it as the Entry and Exit. 3848 if (first_block) 3849 Entry = Exit = &back(); 3850 3851 // Return the block. 3852 return &back(); 3853} 3854 3855/// buildCFG - Constructs a CFG from an AST. 3856std::unique_ptr<CFG> CFG::buildCFG(const Decl *D, Stmt *Statement, 3857 ASTContext *C, const BuildOptions &BO) { 3858 CFGBuilder Builder(C, BO); 3859 return Builder.buildCFG(D, Statement); 3860} 3861 3862const CXXDestructorDecl * 3863CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const { 3864 switch (getKind()) { 3865 case CFGElement::Statement: 3866 case CFGElement::Initializer: 3867 case CFGElement::NewAllocator: 3868 llvm_unreachable("getDestructorDecl should only be used with " 3869 "ImplicitDtors"); 3870 case CFGElement::AutomaticObjectDtor: { 3871 const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl(); 3872 QualType ty = var->getType(); 3873 ty = ty.getNonReferenceType(); 3874 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) { 3875 ty = arrayType->getElementType(); 3876 } 3877 const RecordType *recordType = ty->getAs<RecordType>(); 3878 const CXXRecordDecl *classDecl = 3879 cast<CXXRecordDecl>(recordType->getDecl()); 3880 return classDecl->getDestructor(); 3881 } 3882 case CFGElement::DeleteDtor: { 3883 const CXXDeleteExpr *DE = castAs<CFGDeleteDtor>().getDeleteExpr(); 3884 QualType DTy = DE->getDestroyedType(); 3885 DTy = DTy.getNonReferenceType(); 3886 const CXXRecordDecl *classDecl = 3887 astContext.getBaseElementType(DTy)->getAsCXXRecordDecl(); 3888 return classDecl->getDestructor(); 3889 } 3890 case CFGElement::TemporaryDtor: { 3891 const CXXBindTemporaryExpr *bindExpr = 3892 castAs<CFGTemporaryDtor>().getBindTemporaryExpr(); 3893 const CXXTemporary *temp = bindExpr->getTemporary(); 3894 return temp->getDestructor(); 3895 } 3896 case CFGElement::BaseDtor: 3897 case CFGElement::MemberDtor: 3898 3899 // Not yet supported. 3900 return nullptr; 3901 } 3902 llvm_unreachable("getKind() returned bogus value"); 3903} 3904 3905bool CFGImplicitDtor::isNoReturn(ASTContext &astContext) const { 3906 if (const CXXDestructorDecl *DD = getDestructorDecl(astContext)) 3907 return DD->isNoReturn(); 3908 return false; 3909} 3910 3911//===----------------------------------------------------------------------===// 3912// CFGBlock operations. 3913//===----------------------------------------------------------------------===// 3914 3915CFGBlock::AdjacentBlock::AdjacentBlock(CFGBlock *B, bool IsReachable) 3916 : ReachableBlock(IsReachable ? B : nullptr), 3917 UnreachableBlock(!IsReachable ? B : nullptr, 3918 B && IsReachable ? AB_Normal : AB_Unreachable) {} 3919 3920CFGBlock::AdjacentBlock::AdjacentBlock(CFGBlock *B, CFGBlock *AlternateBlock) 3921 : ReachableBlock(B), 3922 UnreachableBlock(B == AlternateBlock ? nullptr : AlternateBlock, 3923 B == AlternateBlock ? AB_Alternate : AB_Normal) {} 3924 3925void CFGBlock::addSuccessor(AdjacentBlock Succ, 3926 BumpVectorContext &C) { 3927 if (CFGBlock *B = Succ.getReachableBlock()) 3928 B->Preds.push_back(AdjacentBlock(this, Succ.isReachable()), C); 3929 3930 if (CFGBlock *UnreachableB = Succ.getPossiblyUnreachableBlock()) 3931 UnreachableB->Preds.push_back(AdjacentBlock(this, false), C); 3932 3933 Succs.push_back(Succ, C); 3934} 3935 3936bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F, 3937 const CFGBlock *From, const CFGBlock *To) { 3938 3939 if (F.IgnoreNullPredecessors && !From) 3940 return true; 3941 3942 if (To && From && F.IgnoreDefaultsWithCoveredEnums) { 3943 // If the 'To' has no label or is labeled but the label isn't a 3944 // CaseStmt then filter this edge. 3945 if (const SwitchStmt *S = 3946 dyn_cast_or_null<SwitchStmt>(From->getTerminator().getStmt())) { 3947 if (S->isAllEnumCasesCovered()) { 3948 const Stmt *L = To->getLabel(); 3949 if (!L || !isa<CaseStmt>(L)) 3950 return true; 3951 } 3952 } 3953 } 3954 3955 return false; 3956} 3957 3958//===----------------------------------------------------------------------===// 3959// CFG pretty printing 3960//===----------------------------------------------------------------------===// 3961 3962namespace { 3963 3964class StmtPrinterHelper : public PrinterHelper { 3965 typedef llvm::DenseMap<const Stmt*,std::pair<unsigned,unsigned> > StmtMapTy; 3966 typedef llvm::DenseMap<const Decl*,std::pair<unsigned,unsigned> > DeclMapTy; 3967 StmtMapTy StmtMap; 3968 DeclMapTy DeclMap; 3969 signed currentBlock; 3970 unsigned currStmt; 3971 const LangOptions &LangOpts; 3972public: 3973 3974 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO) 3975 : currentBlock(0), currStmt(0), LangOpts(LO) 3976 { 3977 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) { 3978 unsigned j = 1; 3979 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ; 3980 BI != BEnd; ++BI, ++j ) { 3981 if (Optional<CFGStmt> SE = BI->getAs<CFGStmt>()) { 3982 const Stmt *stmt= SE->getStmt(); 3983 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j); 3984 StmtMap[stmt] = P; 3985 3986 switch (stmt->getStmtClass()) { 3987 case Stmt::DeclStmtClass: 3988 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P; 3989 break; 3990 case Stmt::IfStmtClass: { 3991 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable(); 3992 if (var) 3993 DeclMap[var] = P; 3994 break; 3995 } 3996 case Stmt::ForStmtClass: { 3997 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable(); 3998 if (var) 3999 DeclMap[var] = P; 4000 break; 4001 } 4002 case Stmt::WhileStmtClass: { 4003 const VarDecl *var = 4004 cast<WhileStmt>(stmt)->getConditionVariable(); 4005 if (var) 4006 DeclMap[var] = P; 4007 break; 4008 } 4009 case Stmt::SwitchStmtClass: { 4010 const VarDecl *var = 4011 cast<SwitchStmt>(stmt)->getConditionVariable(); 4012 if (var) 4013 DeclMap[var] = P; 4014 break; 4015 } 4016 case Stmt::CXXCatchStmtClass: { 4017 const VarDecl *var = 4018 cast<CXXCatchStmt>(stmt)->getExceptionDecl(); 4019 if (var) 4020 DeclMap[var] = P; 4021 break; 4022 } 4023 default: 4024 break; 4025 } 4026 } 4027 } 4028 } 4029 } 4030 4031 ~StmtPrinterHelper() override {} 4032 4033 const LangOptions &getLangOpts() const { return LangOpts; } 4034 void setBlockID(signed i) { currentBlock = i; } 4035 void setStmtID(unsigned i) { currStmt = i; } 4036 4037 bool handledStmt(Stmt *S, raw_ostream &OS) override { 4038 StmtMapTy::iterator I = StmtMap.find(S); 4039 4040 if (I == StmtMap.end()) 4041 return false; 4042 4043 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 4044 && I->second.second == currStmt) { 4045 return false; 4046 } 4047 4048 OS << "[B" << I->second.first << "." << I->second.second << "]"; 4049 return true; 4050 } 4051 4052 bool handleDecl(const Decl *D, raw_ostream &OS) { 4053 DeclMapTy::iterator I = DeclMap.find(D); 4054 4055 if (I == DeclMap.end()) 4056 return false; 4057 4058 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 4059 && I->second.second == currStmt) { 4060 return false; 4061 } 4062 4063 OS << "[B" << I->second.first << "." << I->second.second << "]"; 4064 return true; 4065 } 4066}; 4067} // end anonymous namespace 4068 4069 4070namespace { 4071class CFGBlockTerminatorPrint 4072 : public StmtVisitor<CFGBlockTerminatorPrint,void> { 4073 4074 raw_ostream &OS; 4075 StmtPrinterHelper* Helper; 4076 PrintingPolicy Policy; 4077public: 4078 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper, 4079 const PrintingPolicy &Policy) 4080 : OS(os), Helper(helper), Policy(Policy) { 4081 this->Policy.IncludeNewlines = false; 4082 } 4083 4084 void VisitIfStmt(IfStmt *I) { 4085 OS << "if "; 4086 if (Stmt *C = I->getCond()) 4087 C->printPretty(OS, Helper, Policy); 4088 } 4089 4090 // Default case. 4091 void VisitStmt(Stmt *Terminator) { 4092 Terminator->printPretty(OS, Helper, Policy); 4093 } 4094 4095 void VisitDeclStmt(DeclStmt *DS) { 4096 VarDecl *VD = cast<VarDecl>(DS->getSingleDecl()); 4097 OS << "static init " << VD->getName(); 4098 } 4099 4100 void VisitForStmt(ForStmt *F) { 4101 OS << "for (" ; 4102 if (F->getInit()) 4103 OS << "..."; 4104 OS << "; "; 4105 if (Stmt *C = F->getCond()) 4106 C->printPretty(OS, Helper, Policy); 4107 OS << "; "; 4108 if (F->getInc()) 4109 OS << "..."; 4110 OS << ")"; 4111 } 4112 4113 void VisitWhileStmt(WhileStmt *W) { 4114 OS << "while " ; 4115 if (Stmt *C = W->getCond()) 4116 C->printPretty(OS, Helper, Policy); 4117 } 4118 4119 void VisitDoStmt(DoStmt *D) { 4120 OS << "do ... while "; 4121 if (Stmt *C = D->getCond()) 4122 C->printPretty(OS, Helper, Policy); 4123 } 4124 4125 void VisitSwitchStmt(SwitchStmt *Terminator) { 4126 OS << "switch "; 4127 Terminator->getCond()->printPretty(OS, Helper, Policy); 4128 } 4129 4130 void VisitCXXTryStmt(CXXTryStmt *CS) { 4131 OS << "try ..."; 4132 } 4133 4134 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) { 4135 if (Stmt *Cond = C->getCond()) 4136 Cond->printPretty(OS, Helper, Policy); 4137 OS << " ? ... : ..."; 4138 } 4139 4140 void VisitChooseExpr(ChooseExpr *C) { 4141 OS << "__builtin_choose_expr( "; 4142 if (Stmt *Cond = C->getCond()) 4143 Cond->printPretty(OS, Helper, Policy); 4144 OS << " )"; 4145 } 4146 4147 void VisitIndirectGotoStmt(IndirectGotoStmt *I) { 4148 OS << "goto *"; 4149 if (Stmt *T = I->getTarget()) 4150 T->printPretty(OS, Helper, Policy); 4151 } 4152 4153 void VisitBinaryOperator(BinaryOperator* B) { 4154 if (!B->isLogicalOp()) { 4155 VisitExpr(B); 4156 return; 4157 } 4158 4159 if (B->getLHS()) 4160 B->getLHS()->printPretty(OS, Helper, Policy); 4161 4162 switch (B->getOpcode()) { 4163 case BO_LOr: 4164 OS << " || ..."; 4165 return; 4166 case BO_LAnd: 4167 OS << " && ..."; 4168 return; 4169 default: 4170 llvm_unreachable("Invalid logical operator."); 4171 } 4172 } 4173 4174 void VisitExpr(Expr *E) { 4175 E->printPretty(OS, Helper, Policy); 4176 } 4177 4178public: 4179 void print(CFGTerminator T) { 4180 if (T.isTemporaryDtorsBranch()) 4181 OS << "(Temp Dtor) "; 4182 Visit(T.getStmt()); 4183 } 4184}; 4185} // end anonymous namespace 4186 4187static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper, 4188 const CFGElement &E) { 4189 if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) { 4190 const Stmt *S = CS->getStmt(); 4191 assert(S != nullptr && "Expecting non-null Stmt"); 4192 4193 // special printing for statement-expressions. 4194 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) { 4195 const CompoundStmt *Sub = SE->getSubStmt(); 4196 4197 auto Children = Sub->children(); 4198 if (Children.begin() != Children.end()) { 4199 OS << "({ ... ; "; 4200 Helper.handledStmt(*SE->getSubStmt()->body_rbegin(),OS); 4201 OS << " })\n"; 4202 return; 4203 } 4204 } 4205 // special printing for comma expressions. 4206 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) { 4207 if (B->getOpcode() == BO_Comma) { 4208 OS << "... , "; 4209 Helper.handledStmt(B->getRHS(),OS); 4210 OS << '\n'; 4211 return; 4212 } 4213 } 4214 S->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts())); 4215 4216 if (isa<CXXOperatorCallExpr>(S)) { 4217 OS << " (OperatorCall)"; 4218 } 4219 else if (isa<CXXBindTemporaryExpr>(S)) { 4220 OS << " (BindTemporary)"; 4221 } 4222 else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) { 4223 OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")"; 4224 } 4225 else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) { 4226 OS << " (" << CE->getStmtClassName() << ", " 4227 << CE->getCastKindName() 4228 << ", " << CE->getType().getAsString() 4229 << ")"; 4230 } 4231 4232 // Expressions need a newline. 4233 if (isa<Expr>(S)) 4234 OS << '\n'; 4235 4236 } else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) { 4237 const CXXCtorInitializer *I = IE->getInitializer(); 4238 if (I->isBaseInitializer()) 4239 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName(); 4240 else if (I->isDelegatingInitializer()) 4241 OS << I->getTypeSourceInfo()->getType()->getAsCXXRecordDecl()->getName(); 4242 else OS << I->getAnyMember()->getName(); 4243 4244 OS << "("; 4245 if (Expr *IE = I->getInit()) 4246 IE->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts())); 4247 OS << ")"; 4248 4249 if (I->isBaseInitializer()) 4250 OS << " (Base initializer)\n"; 4251 else if (I->isDelegatingInitializer()) 4252 OS << " (Delegating initializer)\n"; 4253 else OS << " (Member initializer)\n"; 4254 4255 } else if (Optional<CFGAutomaticObjDtor> DE = 4256 E.getAs<CFGAutomaticObjDtor>()) { 4257 const VarDecl *VD = DE->getVarDecl(); 4258 Helper.handleDecl(VD, OS); 4259 4260 const Type* T = VD->getType().getTypePtr(); 4261 if (const ReferenceType* RT = T->getAs<ReferenceType>()) 4262 T = RT->getPointeeType().getTypePtr(); 4263 T = T->getBaseElementTypeUnsafe(); 4264 4265 OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()"; 4266 OS << " (Implicit destructor)\n"; 4267 4268 } else if (Optional<CFGNewAllocator> NE = E.getAs<CFGNewAllocator>()) { 4269 OS << "CFGNewAllocator("; 4270 if (const CXXNewExpr *AllocExpr = NE->getAllocatorExpr()) 4271 AllocExpr->getType().print(OS, PrintingPolicy(Helper.getLangOpts())); 4272 OS << ")\n"; 4273 } else if (Optional<CFGDeleteDtor> DE = E.getAs<CFGDeleteDtor>()) { 4274 const CXXRecordDecl *RD = DE->getCXXRecordDecl(); 4275 if (!RD) 4276 return; 4277 CXXDeleteExpr *DelExpr = 4278 const_cast<CXXDeleteExpr*>(DE->getDeleteExpr()); 4279 Helper.handledStmt(cast<Stmt>(DelExpr->getArgument()), OS); 4280 OS << "->~" << RD->getName().str() << "()"; 4281 OS << " (Implicit destructor)\n"; 4282 } else if (Optional<CFGBaseDtor> BE = E.getAs<CFGBaseDtor>()) { 4283 const CXXBaseSpecifier *BS = BE->getBaseSpecifier(); 4284 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()"; 4285 OS << " (Base object destructor)\n"; 4286 4287 } else if (Optional<CFGMemberDtor> ME = E.getAs<CFGMemberDtor>()) { 4288 const FieldDecl *FD = ME->getFieldDecl(); 4289 const Type *T = FD->getType()->getBaseElementTypeUnsafe(); 4290 OS << "this->" << FD->getName(); 4291 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()"; 4292 OS << " (Member object destructor)\n"; 4293 4294 } else if (Optional<CFGTemporaryDtor> TE = E.getAs<CFGTemporaryDtor>()) { 4295 const CXXBindTemporaryExpr *BT = TE->getBindTemporaryExpr(); 4296 OS << "~"; 4297 BT->getType().print(OS, PrintingPolicy(Helper.getLangOpts())); 4298 OS << "() (Temporary object destructor)\n"; 4299 } 4300} 4301 4302static void print_block(raw_ostream &OS, const CFG* cfg, 4303 const CFGBlock &B, 4304 StmtPrinterHelper &Helper, bool print_edges, 4305 bool ShowColors) { 4306 4307 Helper.setBlockID(B.getBlockID()); 4308 4309 // Print the header. 4310 if (ShowColors) 4311 OS.changeColor(raw_ostream::YELLOW, true); 4312 4313 OS << "\n [B" << B.getBlockID(); 4314 4315 if (&B == &cfg->getEntry()) 4316 OS << " (ENTRY)]\n"; 4317 else if (&B == &cfg->getExit()) 4318 OS << " (EXIT)]\n"; 4319 else if (&B == cfg->getIndirectGotoBlock()) 4320 OS << " (INDIRECT GOTO DISPATCH)]\n"; 4321 else if (B.hasNoReturnElement()) 4322 OS << " (NORETURN)]\n"; 4323 else 4324 OS << "]\n"; 4325 4326 if (ShowColors) 4327 OS.resetColor(); 4328 4329 // Print the label of this block. 4330 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) { 4331 4332 if (print_edges) 4333 OS << " "; 4334 4335 if (LabelStmt *L = dyn_cast<LabelStmt>(Label)) 4336 OS << L->getName(); 4337 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) { 4338 OS << "case "; 4339 if (C->getLHS()) 4340 C->getLHS()->printPretty(OS, &Helper, 4341 PrintingPolicy(Helper.getLangOpts())); 4342 if (C->getRHS()) { 4343 OS << " ... "; 4344 C->getRHS()->printPretty(OS, &Helper, 4345 PrintingPolicy(Helper.getLangOpts())); 4346 } 4347 } else if (isa<DefaultStmt>(Label)) 4348 OS << "default"; 4349 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) { 4350 OS << "catch ("; 4351 if (CS->getExceptionDecl()) 4352 CS->getExceptionDecl()->print(OS, PrintingPolicy(Helper.getLangOpts()), 4353 0); 4354 else 4355 OS << "..."; 4356 OS << ")"; 4357 4358 } else 4359 llvm_unreachable("Invalid label statement in CFGBlock."); 4360 4361 OS << ":\n"; 4362 } 4363 4364 // Iterate through the statements in the block and print them. 4365 unsigned j = 1; 4366 4367 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ; 4368 I != E ; ++I, ++j ) { 4369 4370 // Print the statement # in the basic block and the statement itself. 4371 if (print_edges) 4372 OS << " "; 4373 4374 OS << llvm::format("%3d", j) << ": "; 4375 4376 Helper.setStmtID(j); 4377 4378 print_elem(OS, Helper, *I); 4379 } 4380 4381 // Print the terminator of this block. 4382 if (B.getTerminator()) { 4383 if (ShowColors) 4384 OS.changeColor(raw_ostream::GREEN); 4385 4386 OS << " T: "; 4387 4388 Helper.setBlockID(-1); 4389 4390 PrintingPolicy PP(Helper.getLangOpts()); 4391 CFGBlockTerminatorPrint TPrinter(OS, &Helper, PP); 4392 TPrinter.print(B.getTerminator()); 4393 OS << '\n'; 4394 4395 if (ShowColors) 4396 OS.resetColor(); 4397 } 4398 4399 if (print_edges) { 4400 // Print the predecessors of this block. 4401 if (!B.pred_empty()) { 4402 const raw_ostream::Colors Color = raw_ostream::BLUE; 4403 if (ShowColors) 4404 OS.changeColor(Color); 4405 OS << " Preds " ; 4406 if (ShowColors) 4407 OS.resetColor(); 4408 OS << '(' << B.pred_size() << "):"; 4409 unsigned i = 0; 4410 4411 if (ShowColors) 4412 OS.changeColor(Color); 4413 4414 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end(); 4415 I != E; ++I, ++i) { 4416 4417 if (i % 10 == 8) 4418 OS << "\n "; 4419 4420 CFGBlock *B = *I; 4421 bool Reachable = true; 4422 if (!B) { 4423 Reachable = false; 4424 B = I->getPossiblyUnreachableBlock(); 4425 } 4426 4427 OS << " B" << B->getBlockID(); 4428 if (!Reachable) 4429 OS << "(Unreachable)"; 4430 } 4431 4432 if (ShowColors) 4433 OS.resetColor(); 4434 4435 OS << '\n'; 4436 } 4437 4438 // Print the successors of this block. 4439 if (!B.succ_empty()) { 4440 const raw_ostream::Colors Color = raw_ostream::MAGENTA; 4441 if (ShowColors) 4442 OS.changeColor(Color); 4443 OS << " Succs "; 4444 if (ShowColors) 4445 OS.resetColor(); 4446 OS << '(' << B.succ_size() << "):"; 4447 unsigned i = 0; 4448 4449 if (ShowColors) 4450 OS.changeColor(Color); 4451 4452 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end(); 4453 I != E; ++I, ++i) { 4454 4455 if (i % 10 == 8) 4456 OS << "\n "; 4457 4458 CFGBlock *B = *I; 4459 4460 bool Reachable = true; 4461 if (!B) { 4462 Reachable = false; 4463 B = I->getPossiblyUnreachableBlock(); 4464 } 4465 4466 if (B) { 4467 OS << " B" << B->getBlockID(); 4468 if (!Reachable) 4469 OS << "(Unreachable)"; 4470 } 4471 else { 4472 OS << " NULL"; 4473 } 4474 } 4475 4476 if (ShowColors) 4477 OS.resetColor(); 4478 OS << '\n'; 4479 } 4480 } 4481} 4482 4483 4484/// dump - A simple pretty printer of a CFG that outputs to stderr. 4485void CFG::dump(const LangOptions &LO, bool ShowColors) const { 4486 print(llvm::errs(), LO, ShowColors); 4487} 4488 4489/// print - A simple pretty printer of a CFG that outputs to an ostream. 4490void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const { 4491 StmtPrinterHelper Helper(this, LO); 4492 4493 // Print the entry block. 4494 print_block(OS, this, getEntry(), Helper, true, ShowColors); 4495 4496 // Iterate through the CFGBlocks and print them one by one. 4497 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) { 4498 // Skip the entry block, because we already printed it. 4499 if (&(**I) == &getEntry() || &(**I) == &getExit()) 4500 continue; 4501 4502 print_block(OS, this, **I, Helper, true, ShowColors); 4503 } 4504 4505 // Print the exit block. 4506 print_block(OS, this, getExit(), Helper, true, ShowColors); 4507 OS << '\n'; 4508 OS.flush(); 4509} 4510 4511/// dump - A simply pretty printer of a CFGBlock that outputs to stderr. 4512void CFGBlock::dump(const CFG* cfg, const LangOptions &LO, 4513 bool ShowColors) const { 4514 print(llvm::errs(), cfg, LO, ShowColors); 4515} 4516 4517void CFGBlock::dump() const { 4518 dump(getParent(), LangOptions(), false); 4519} 4520 4521/// print - A simple pretty printer of a CFGBlock that outputs to an ostream. 4522/// Generally this will only be called from CFG::print. 4523void CFGBlock::print(raw_ostream &OS, const CFG* cfg, 4524 const LangOptions &LO, bool ShowColors) const { 4525 StmtPrinterHelper Helper(cfg, LO); 4526 print_block(OS, cfg, *this, Helper, true, ShowColors); 4527 OS << '\n'; 4528} 4529 4530/// printTerminator - A simple pretty printer of the terminator of a CFGBlock. 4531void CFGBlock::printTerminator(raw_ostream &OS, 4532 const LangOptions &LO) const { 4533 CFGBlockTerminatorPrint TPrinter(OS, nullptr, PrintingPolicy(LO)); 4534 TPrinter.print(getTerminator()); 4535} 4536 4537Stmt *CFGBlock::getTerminatorCondition(bool StripParens) { 4538 Stmt *Terminator = this->Terminator; 4539 if (!Terminator) 4540 return nullptr; 4541 4542 Expr *E = nullptr; 4543 4544 switch (Terminator->getStmtClass()) { 4545 default: 4546 break; 4547 4548 case Stmt::CXXForRangeStmtClass: 4549 E = cast<CXXForRangeStmt>(Terminator)->getCond(); 4550 break; 4551 4552 case Stmt::ForStmtClass: 4553 E = cast<ForStmt>(Terminator)->getCond(); 4554 break; 4555 4556 case Stmt::WhileStmtClass: 4557 E = cast<WhileStmt>(Terminator)->getCond(); 4558 break; 4559 4560 case Stmt::DoStmtClass: 4561 E = cast<DoStmt>(Terminator)->getCond(); 4562 break; 4563 4564 case Stmt::IfStmtClass: 4565 E = cast<IfStmt>(Terminator)->getCond(); 4566 break; 4567 4568 case Stmt::ChooseExprClass: 4569 E = cast<ChooseExpr>(Terminator)->getCond(); 4570 break; 4571 4572 case Stmt::IndirectGotoStmtClass: 4573 E = cast<IndirectGotoStmt>(Terminator)->getTarget(); 4574 break; 4575 4576 case Stmt::SwitchStmtClass: 4577 E = cast<SwitchStmt>(Terminator)->getCond(); 4578 break; 4579 4580 case Stmt::BinaryConditionalOperatorClass: 4581 E = cast<BinaryConditionalOperator>(Terminator)->getCond(); 4582 break; 4583 4584 case Stmt::ConditionalOperatorClass: 4585 E = cast<ConditionalOperator>(Terminator)->getCond(); 4586 break; 4587 4588 case Stmt::BinaryOperatorClass: // '&&' and '||' 4589 E = cast<BinaryOperator>(Terminator)->getLHS(); 4590 break; 4591 4592 case Stmt::ObjCForCollectionStmtClass: 4593 return Terminator; 4594 } 4595 4596 if (!StripParens) 4597 return E; 4598 4599 return E ? E->IgnoreParens() : nullptr; 4600} 4601 4602//===----------------------------------------------------------------------===// 4603// CFG Graphviz Visualization 4604//===----------------------------------------------------------------------===// 4605 4606 4607#ifndef NDEBUG 4608static StmtPrinterHelper* GraphHelper; 4609#endif 4610 4611void CFG::viewCFG(const LangOptions &LO) const { 4612#ifndef NDEBUG 4613 StmtPrinterHelper H(this, LO); 4614 GraphHelper = &H; 4615 llvm::ViewGraph(this,"CFG"); 4616 GraphHelper = nullptr; 4617#endif 4618} 4619 4620namespace llvm { 4621template<> 4622struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits { 4623 4624 DOTGraphTraits (bool isSimple=false) : DefaultDOTGraphTraits(isSimple) {} 4625 4626 static std::string getNodeLabel(const CFGBlock *Node, const CFG* Graph) { 4627 4628#ifndef NDEBUG 4629 std::string OutSStr; 4630 llvm::raw_string_ostream Out(OutSStr); 4631 print_block(Out,Graph, *Node, *GraphHelper, false, false); 4632 std::string& OutStr = Out.str(); 4633 4634 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin()); 4635 4636 // Process string output to make it nicer... 4637 for (unsigned i = 0; i != OutStr.length(); ++i) 4638 if (OutStr[i] == '\n') { // Left justify 4639 OutStr[i] = '\\'; 4640 OutStr.insert(OutStr.begin()+i+1, 'l'); 4641 } 4642 4643 return OutStr; 4644#else 4645 return ""; 4646#endif 4647 } 4648}; 4649} // end namespace llvm 4650