NoQ updated this revision to Diff 132685.
NoQ added a comment.
Rename the method, add comments.
https://reviews.llvm.org/D42672
Files:
include/clang/Analysis/AnalysisDeclContext.h
include/clang/Analysis/CFG.h
include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
lib/Analysis/AnalysisDeclContext.cpp
lib/Analysis/CFG.cpp
lib/Analysis/LiveVariables.cpp
lib/StaticAnalyzer/Core/AnalysisManager.cpp
lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
lib/StaticAnalyzer/Core/CoreEngine.cpp
lib/StaticAnalyzer/Core/ExprEngine.cpp
lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
lib/StaticAnalyzer/Core/PathDiagnostic.cpp
test/Analysis/analyzer-config.c
test/Analysis/analyzer-config.cpp
test/Analysis/cfg-rich-constructors.cpp
test/Analysis/cfg.cpp
Index: test/Analysis/cfg.cpp
===================================================================
--- test/Analysis/cfg.cpp
+++ test/Analysis/cfg.cpp
@@ -1,5 +1,16 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=debug.DumpCFG -triple x86_64-apple-darwin12 -analyzer-config cfg-temporary-dtors=true -std=c++11 %s > %t 2>&1
-// RUN: FileCheck --input-file=%t %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=debug.DumpCFG -triple x86_64-apple-darwin12 -analyzer-config cfg-temporary-dtors=true -std=c++11 -analyzer-config cfg-rich-constructors=false %s > %t 2>&1
+// RUN: FileCheck --input-file=%t -check-prefixes=CHECK,WARNINGS %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=debug.DumpCFG -triple x86_64-apple-darwin12 -analyzer-config cfg-temporary-dtors=true -std=c++11 -analyzer-config cfg-rich-constructors=true %s > %t 2>&1
+// RUN: FileCheck --input-file=%t -check-prefixes=CHECK,ANALYZER %s
+
+// This file tests how we construct two different flavors of the Clang CFG -
+// the CFG used by the Sema analysis-based warnings and the CFG used by the
+// static analyzer. The difference in the behavior is checked via FileCheck
+// prefixes (WARNINGS and ANALYZER respectively). When introducing new analyzer
+// flags, no new run lines should be added - just these flags would go to the
+// respective line depending on where is it turned on and where is it turned
+// off. Feel free to add tests that test only one of the CFG flavors if you're
+// not sure how the other flavor is supposed to work in your case.
// CHECK-LABEL: void checkWrap(int i)
// CHECK: ENTRY
@@ -116,7 +127,8 @@
// CHECK-NEXT: Succs (1): B1
// CHECK: [B1]
// CHECK-NEXT: 1: CFGNewAllocator(A *)
-// CHECK-NEXT: 2: (CXXConstructExpr, class A)
+// WARNINGS-NEXT: 2: (CXXConstructExpr, class A)
+// ANALYZER-NEXT: 2: (CXXConstructExpr, [B1.3], class A)
// CHECK-NEXT: 3: new A([B1.2])
// CHECK-NEXT: 4: A *a = new A();
// CHECK-NEXT: 5: a
@@ -138,7 +150,8 @@
// CHECK: [B1]
// CHECK-NEXT: 1: 5
// CHECK-NEXT: 2: CFGNewAllocator(A *)
-// CHECK-NEXT: 3: (CXXConstructExpr, class A [5])
+// WARNINGS-NEXT: 3: (CXXConstructExpr, class A [5])
+// ANALYZER-NEXT: 3: (CXXConstructExpr, [B1.4], class A [5])
// CHECK-NEXT: 4: new A {{\[\[}}B1.1]]
// CHECK-NEXT: 5: A *a = new A [5];
// CHECK-NEXT: 6: a
@@ -331,7 +344,8 @@
// CHECK-NEXT: 3: [B1.2] (ImplicitCastExpr, ArrayToPointerDecay, int *)
// CHECK-NEXT: 4: [B1.3] (ImplicitCastExpr, BitCast, void *)
// CHECK-NEXT: 5: CFGNewAllocator(MyClass *)
-// CHECK-NEXT: 6: (CXXConstructExpr, class MyClass)
+// WARNINGS-NEXT: 6: (CXXConstructExpr, class MyClass)
+// ANALYZER-NEXT: 6: (CXXConstructExpr, [B1.7], class MyClass)
// CHECK-NEXT: 7: new ([B1.4]) MyClass([B1.6])
// CHECK-NEXT: 8: MyClass *obj = new (buffer) MyClass();
// CHECK-NEXT: Preds (1): B2
@@ -363,7 +377,8 @@
// CHECK-NEXT: 4: [B1.3] (ImplicitCastExpr, BitCast, void *)
// CHECK-NEXT: 5: 5
// CHECK-NEXT: 6: CFGNewAllocator(MyClass *)
-// CHECK-NEXT: 7: (CXXConstructExpr, class MyClass [5])
+// WARNINGS-NEXT: 7: (CXXConstructExpr, class MyClass [5])
+// ANALYZER-NEXT: 7: (CXXConstructExpr, [B1.8], class MyClass [5])
// CHECK-NEXT: 8: new ([B1.4]) MyClass {{\[\[}}B1.5]]
// CHECK-NEXT: 9: MyClass *obj = new (buffer) MyClass [5];
// CHECK-NEXT: Preds (1): B2
Index: test/Analysis/cfg-rich-constructors.cpp
===================================================================
--- /dev/null
+++ test/Analysis/cfg-rich-constructors.cpp
@@ -0,0 +1,46 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=debug.DumpCFG -triple x86_64-apple-darwin12 -analyzer-config cfg-temporary-dtors=true -std=c++11 %s > %t 2>&1
+// RUN: FileCheck --input-file=%t %s
+
+class C {
+public:
+ C();
+ C(C *);
+};
+
+typedef __typeof(sizeof(int)) size_t;
+void *operator new(size_t size, void *placement);
+
+namespace operator_new {
+
+// CHECK: void operatorNewWithConstructor()
+// CHECK: 1: CFGNewAllocator(C *)
+// CHECK-NEXT: 2: (CXXConstructExpr, [B1.3], class C)
+// CHECK-NEXT: 3: new C([B1.2])
+void operatorNewWithConstructor() {
+ new C();
+}
+
+// CHECK: void operatorNewWithConstructorWithOperatorNewWithContstructor()
+// CHECK: 1: CFGNewAllocator(C *)
+// CHECK-NEXT: 2: CFGNewAllocator(C *)
+// CHECK-NEXT: 3: (CXXConstructExpr, [B1.4], class C)
+// CHECK-NEXT: 4: new C([B1.3])
+// CHECK-NEXT: 5: [B1.4] (CXXConstructExpr, [B1.6], class C)
+// CHECK-NEXT: 6: new C([B1.5])
+void operatorNewWithConstructorWithOperatorNewWithContstructor() {
+ new C(new C());
+}
+
+// CHECK: void operatorPlacementNewWithConstructorWithinPlacementArgument()
+// CHECK: 1: CFGNewAllocator(C *)
+// CHECK-NEXT: 2: (CXXConstructExpr, [B1.3], class C)
+// CHECK-NEXT: 3: new C([B1.2])
+// CHECK-NEXT: 4: [B1.3] (ImplicitCastExpr, BitCast, void *)
+// CHECK-NEXT: 5: CFGNewAllocator(C *)
+// CHECK-NEXT: 6: (CXXConstructExpr, [B1.7], class C)
+// CHECK-NEXT: 7: new ([B1.4]) C([B1.6])
+void operatorPlacementNewWithConstructorWithinPlacementArgument() {
+ new (new C()) C();
+}
+
+} // namespace operator_new
Index: test/Analysis/analyzer-config.cpp
===================================================================
--- test/Analysis/analyzer-config.cpp
+++ test/Analysis/analyzer-config.cpp
@@ -26,6 +26,7 @@
// CHECK-NEXT: cfg-implicit-dtors = true
// CHECK-NEXT: cfg-lifetime = false
// CHECK-NEXT: cfg-loopexit = false
+// CHECK-NEXT: cfg-rich-constructors = true
// CHECK-NEXT: cfg-temporary-dtors = false
// CHECK-NEXT: faux-bodies = true
// CHECK-NEXT: graph-trim-interval = 1000
@@ -42,4 +43,4 @@
// CHECK-NEXT: unroll-loops = false
// CHECK-NEXT: widen-loops = false
// CHECK-NEXT: [stats]
-// CHECK-NEXT: num-entries = 24
+// CHECK-NEXT: num-entries = 25
Index: test/Analysis/analyzer-config.c
===================================================================
--- test/Analysis/analyzer-config.c
+++ test/Analysis/analyzer-config.c
@@ -15,6 +15,7 @@
// CHECK-NEXT: cfg-implicit-dtors = true
// CHECK-NEXT: cfg-lifetime = false
// CHECK-NEXT: cfg-loopexit = false
+// CHECK-NEXT: cfg-rich-constructors = true
// CHECK-NEXT: cfg-temporary-dtors = false
// CHECK-NEXT: faux-bodies = true
// CHECK-NEXT: graph-trim-interval = 1000
@@ -31,4 +32,4 @@
// CHECK-NEXT: unroll-loops = false
// CHECK-NEXT: widen-loops = false
// CHECK-NEXT: [stats]
-// CHECK-NEXT: num-entries = 19
+// CHECK-NEXT: num-entries = 20
Index: lib/StaticAnalyzer/Core/PathDiagnostic.cpp
===================================================================
--- lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -553,6 +553,9 @@
case CFGElement::Statement:
return PathDiagnosticLocation(Source.castAs<CFGStmt>().getStmt(),
SM, CallerCtx);
+ case CFGElement::Constructor:
+ return PathDiagnosticLocation(
+ Source.castAs<CFGConstructor>().getConstructor(), SM, CallerCtx);
case CFGElement::Initializer: {
const CFGInitializer &Init = Source.castAs<CFGInitializer>();
return PathDiagnosticLocation(Init.getInitializer()->getInit(),
Index: lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
===================================================================
--- lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -210,7 +210,10 @@
// See if we're constructing an existing region by looking at the next
// element in the CFG.
const CFGBlock *B = CurrBldrCtx.getBlock();
- assert(isa<CXXConstructExpr>(((*B)[currStmtIdx]).castAs<CFGStmt>().getStmt()));
+ // TODO: Retrieve construction target from CFGConstructor directly.
+ assert(
+ (*B)[currStmtIdx].getAs<CFGConstructor>() ||
+ isa<CXXConstructExpr>(((*B)[currStmtIdx]).castAs<CFGStmt>().getStmt()));
unsigned int NextStmtIdx = currStmtIdx + 1;
if (NextStmtIdx >= B->size())
return None;
@@ -251,10 +254,14 @@
Previous = (*B)[PreviousStmtIdx];
}
- if (Optional<CFGStmt> PrevStmtElem = Previous.getAs<CFGStmt>()) {
+ if (auto PrevStmtElem = Previous.getAs<CFGStmt>()) {
if (auto *CtorExpr = dyn_cast<CXXConstructExpr>(PrevStmtElem->getStmt())) {
return CtorExpr;
}
+ } else if (auto PrevCtorElem = Previous.getAs<CFGConstructor>()) {
+ if (auto *CtorExpr = PrevCtorElem->getConstructor()) {
+ return CtorExpr;
+ }
}
return nullptr;
Index: lib/StaticAnalyzer/Core/ExprEngine.cpp
===================================================================
--- lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -454,10 +454,13 @@
switch (E.getKind()) {
case CFGElement::Statement:
- ProcessStmt(const_cast<Stmt*>(E.castAs<CFGStmt>().getStmt()), Pred);
+ ProcessStmt(E.castAs<CFGStmt>().getStmt(), Pred);
+ return;
+ case CFGElement::Constructor:
+ ProcessStmt(E.castAs<CFGConstructor>().getConstructor(), Pred);
return;
case CFGElement::Initializer:
- ProcessInitializer(E.castAs<CFGInitializer>().getInitializer(), Pred);
+ ProcessInitializer(E.castAs<CFGInitializer>(), Pred);
return;
case CFGElement::NewAllocator:
ProcessNewAllocator(E.castAs<CFGNewAllocator>().getAllocatorExpr(),
@@ -479,7 +482,7 @@
}
static bool shouldRemoveDeadBindings(AnalysisManager &AMgr,
- const CFGStmt S,
+ const Stmt *S,
const ExplodedNode *Pred,
const LocationContext *LC) {
@@ -492,17 +495,17 @@
return true;
// Is this on a non-expression?
- if (!isa<Expr>(S.getStmt()))
+ if (!isa<Expr>(S))
return true;
// Run before processing a call.
- if (CallEvent::isCallStmt(S.getStmt()))
+ if (CallEvent::isCallStmt(S))
return true;
// Is this an expression that is consumed by another expression? If so,
// postpone cleaning out the state.
ParentMap &PM = LC->getAnalysisDeclContext()->getParentMap();
- return !PM.isConsumedExpr(cast<Expr>(S.getStmt()));
+ return !PM.isConsumedExpr(cast<Expr>(S));
}
void ExprEngine::removeDead(ExplodedNode *Pred, ExplodedNodeSet &Out,
@@ -594,30 +597,29 @@
}
}
-void ExprEngine::ProcessStmt(const CFGStmt S,
- ExplodedNode *Pred) {
+void ExprEngine::ProcessStmt(const Stmt *currStmt, ExplodedNode *Pred) {
// Reclaim any unnecessary nodes in the ExplodedGraph.
G.reclaimRecentlyAllocatedNodes();
- const Stmt *currStmt = S.getStmt();
PrettyStackTraceLoc CrashInfo(getContext().getSourceManager(),
currStmt->getLocStart(),
"Error evaluating statement");
// Remove dead bindings and symbols.
ExplodedNodeSet CleanedStates;
- if (shouldRemoveDeadBindings(AMgr, S, Pred, Pred->getLocationContext())){
- removeDead(Pred, CleanedStates, currStmt, Pred->getLocationContext());
+ if (shouldRemoveDeadBindings(AMgr, currStmt, Pred,
+ Pred->getLocationContext())) {
+ removeDead(Pred, CleanedStates, currStmt,
+ Pred->getLocationContext());
} else
CleanedStates.Add(Pred);
// Visit the statement.
ExplodedNodeSet Dst;
- for (ExplodedNodeSet::iterator I = CleanedStates.begin(),
- E = CleanedStates.end(); I != E; ++I) {
+ for (auto I: CleanedStates) {
ExplodedNodeSet DstI;
// Visit the statement.
- Visit(currStmt, *I, DstI);
+ Visit(currStmt, I, DstI);
Dst.insert(DstI);
}
Index: lib/StaticAnalyzer/Core/CoreEngine.cpp
===================================================================
--- lib/StaticAnalyzer/Core/CoreEngine.cpp
+++ lib/StaticAnalyzer/Core/CoreEngine.cpp
@@ -585,8 +585,14 @@
}
// At this point, we know we're processing a normal statement.
- CFGStmt CS = (*Block)[Idx].castAs<CFGStmt>();
- PostStmt Loc(CS.getStmt(), N->getLocationContext());
+ const Stmt *S = nullptr;
+ if (Optional<CFGStmt> CS = (*Block)[Idx].getAs<CFGStmt>())
+ S = CS->getStmt();
+ else
+ S = (*Block)[Idx].castAs<CFGConstructor>().getConstructor();
+
+ assert(S);
+ PostStmt Loc(S, N->getLocationContext());
if (Loc == N->getLocation().withTag(nullptr)) {
// Note: 'N' should be a fresh node because otherwise it shouldn't be
Index: lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
===================================================================
--- lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
+++ lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
@@ -185,7 +185,13 @@
bool AnalyzerOptions::includeLoopExitInCFG() {
return getBooleanOption(IncludeLoopExitInCFG, "cfg-loopexit",
- /* Default = */ false);
+ /* Default = */ false);
+}
+
+bool AnalyzerOptions::includeRichConstructorsInCFG() {
+ return getBooleanOption(IncludeRichConstructorsInCFG,
+ "cfg-rich-constructors",
+ /* Default = */ true);
}
bool AnalyzerOptions::mayInlineCXXStandardLibrary() {
Index: lib/StaticAnalyzer/Core/AnalysisManager.cpp
===================================================================
--- lib/StaticAnalyzer/Core/AnalysisManager.cpp
+++ lib/StaticAnalyzer/Core/AnalysisManager.cpp
@@ -29,6 +29,7 @@
Options.shouldSynthesizeBodies(),
Options.shouldConditionalizeStaticInitializers(),
/*addCXXNewAllocator=*/true,
+ Options.includeRichConstructorsInCFG(),
injector),
Ctx(ASTCtx), Diags(diags), LangOpts(lang), PathConsumers(PDC),
CreateStoreMgr(storemgr), CreateConstraintMgr(constraintmgr),
Index: lib/Analysis/LiveVariables.cpp
===================================================================
--- lib/Analysis/LiveVariables.cpp
+++ lib/Analysis/LiveVariables.cpp
@@ -452,10 +452,15 @@
continue;
}
- if (!elem.getAs<CFGStmt>())
+ const Stmt *S = nullptr;
+ if (auto CS = elem.getAs<CFGStmt>())
+ S = CS->getStmt();
+ else if (auto CC = elem.getAs<CFGConstructor>())
+ S = CC->getConstructor();
+ else
continue;
-
- const Stmt *S = elem.castAs<CFGStmt>().getStmt();
+ assert(S);
+
TF.Visit(const_cast<Stmt*>(S));
stmtsToLiveness[S] = val;
}
Index: lib/Analysis/CFG.cpp
===================================================================
--- lib/Analysis/CFG.cpp
+++ lib/Analysis/CFG.cpp
@@ -472,6 +472,11 @@
using LabelSetTy = llvm::SmallSetVector<LabelDecl *, 8>;
LabelSetTy AddressTakenLabels;
+ // Information about the currently visited C++ object construction site.
+ // This is set in the construction trigger and read when the constructor
+ // itself is being visited.
+ ConstructionContext CurrentConstructionContext = {nullptr, nullptr};
+
bool badCFG = false;
const CFG::BuildOptions &BuildOpts;
@@ -643,6 +648,18 @@
return Block;
}
+ // Scan the child statement \p Child to find the constructor that might
+ // have been directly triggered by the current node, \p Trigger. If such
+ // constructor has been found, set current construction context to point
+ // to the trigger statement. The construction context will be unset once
+ // it is consumed when the CFG building procedure processes the
+ // construct-expression and adds the respective CFGConstructor element.
+ void EnterConstructionContextIfNecessary(Stmt *Trigger, Stmt *Child);
+ // Unset the construction context after consuming it. This is done immediately
+ // after adding the CFGConstructor element, so there's no need to
+ // do this manually in every Visit... function.
+ void ExitConstructionContext();
+
void autoCreateBlock() { if (!Block) Block = createBlock(); }
CFGBlock *createBlock(bool add_successor = true);
CFGBlock *createNoReturnBlock();
@@ -682,6 +699,21 @@
B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext());
}
+ void appendConstructor(CFGBlock *B, CXXConstructExpr *CE) {
+ if (BuildOpts.AddRichCXXConstructors) {
+ if (!CurrentConstructionContext.isNull()) {
+ assert(CurrentConstructionContext.getConstructor() == CE);
+ B->appendConstructor(CurrentConstructionContext,
+ cfg->getBumpVectorContext());
+ ExitConstructionContext();
+ return;
+ }
+ }
+
+ // No valid construction context found. Fall back to statement.
+ B->appendStmt(CE, cfg->getBumpVectorContext());
+ }
+
void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) {
B->appendInitializer(I, cfg->getBumpVectorContext());
}
@@ -1116,6 +1148,26 @@
return nullptr;
}
+void CFGBuilder::EnterConstructionContextIfNecessary(Stmt *Trigger,
+ Stmt *Child) {
+ if (!BuildOpts.AddRichCXXConstructors)
+ return;
+ if (!Child)
+ return;
+ if (auto *Constructor = dyn_cast<CXXConstructExpr>(Child)) {
+ assert(CurrentConstructionContext.isNull() &&
+ "Already within a construction context!");
+ CurrentConstructionContext = ConstructionContext(Constructor, Trigger);
+ }
+}
+
+void CFGBuilder::ExitConstructionContext() {
+ assert(!CurrentConstructionContext.isNull() &&
+ "Cannot exit construction context without the context!");
+ CurrentConstructionContext = ConstructionContext();
+}
+
+
/// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an
/// arbitrary statement. Examples include a single expression or a function
/// body (compound statement). The ownership of the returned CFG is
@@ -3872,7 +3924,7 @@
CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C,
AddStmtChoice asc) {
autoCreateBlock();
- appendStmt(Block, C);
+ appendConstructor(Block, C);
return VisitChildren(C);
}
@@ -3882,15 +3934,22 @@
autoCreateBlock();
appendStmt(Block, NE);
+ EnterConstructionContextIfNecessary(
+ NE, const_cast<CXXConstructExpr *>(NE->getConstructExpr()));
+
if (NE->getInitializer())
Block = Visit(NE->getInitializer());
+
if (BuildOpts.AddCXXNewAllocator)
appendNewAllocator(Block, NE);
+
if (NE->isArray())
Block = Visit(NE->getArraySize());
+
for (CXXNewExpr::arg_iterator I = NE->placement_arg_begin(),
E = NE->placement_arg_end(); I != E; ++I)
Block = Visit(*I);
+
return Block;
}
@@ -4210,11 +4269,12 @@
const CXXDestructorDecl *
CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const {
switch (getKind()) {
- case CFGElement::Statement:
case CFGElement::Initializer:
case CFGElement::NewAllocator:
case CFGElement::LoopExit:
case CFGElement::LifetimeEnds:
+ case CFGElement::Statement:
+ case CFGElement::Constructor:
llvm_unreachable("getDestructorDecl should only be used with "
"ImplicitDtors");
case CFGElement::AutomaticObjectDtor: {
@@ -4335,52 +4395,54 @@
for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) {
unsigned j = 1;
for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ;
- BI != BEnd; ++BI, ++j ) {
- if (Optional<CFGStmt> SE = BI->getAs<CFGStmt>()) {
- const Stmt *stmt= SE->getStmt();
- std::pair<unsigned, unsigned> P((*I)->getBlockID(), j);
- StmtMap[stmt] = P;
-
- switch (stmt->getStmtClass()) {
- case Stmt::DeclStmtClass:
- DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P;
- break;
- case Stmt::IfStmtClass: {
- const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable();
- if (var)
- DeclMap[var] = P;
- break;
- }
- case Stmt::ForStmtClass: {
- const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable();
- if (var)
- DeclMap[var] = P;
- break;
- }
- case Stmt::WhileStmtClass: {
- const VarDecl *var =
- cast<WhileStmt>(stmt)->getConditionVariable();
- if (var)
- DeclMap[var] = P;
- break;
- }
- case Stmt::SwitchStmtClass: {
- const VarDecl *var =
- cast<SwitchStmt>(stmt)->getConditionVariable();
- if (var)
- DeclMap[var] = P;
- break;
- }
- case Stmt::CXXCatchStmtClass: {
- const VarDecl *var =
- cast<CXXCatchStmt>(stmt)->getExceptionDecl();
- if (var)
- DeclMap[var] = P;
- break;
- }
- default:
- break;
- }
+ BI != BEnd; ++BI, ++j ) {
+ const Stmt *stmt = nullptr;
+ if (auto SE = BI->getAs<CFGStmt>())
+ stmt = SE->getStmt();
+ else if (auto CE = BI->getAs<CFGConstructor>())
+ stmt = CE->getConstructor();
+ else
+ continue;
+
+ std::pair<unsigned, unsigned> P((*I)->getBlockID(), j);
+ StmtMap[stmt] = P;
+
+ switch (stmt->getStmtClass()) {
+ case Stmt::DeclStmtClass:
+ DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P;
+ break;
+ case Stmt::IfStmtClass: {
+ const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable();
+ if (var)
+ DeclMap[var] = P;
+ break;
+ }
+ case Stmt::ForStmtClass: {
+ const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable();
+ if (var)
+ DeclMap[var] = P;
+ break;
+ }
+ case Stmt::WhileStmtClass: {
+ const VarDecl *var = cast<WhileStmt>(stmt)->getConditionVariable();
+ if (var)
+ DeclMap[var] = P;
+ break;
+ }
+ case Stmt::SwitchStmtClass: {
+ const VarDecl *var = cast<SwitchStmt>(stmt)->getConditionVariable();
+ if (var)
+ DeclMap[var] = P;
+ break;
+ }
+ case Stmt::CXXCatchStmtClass: {
+ const VarDecl *var = cast<CXXCatchStmt>(stmt)->getExceptionDecl();
+ if (var)
+ DeclMap[var] = P;
+ break;
+ }
+ default:
+ break;
}
}
}
@@ -4575,14 +4637,11 @@
if (isa<CXXOperatorCallExpr>(S)) {
OS << " (OperatorCall)";
- }
- else if (isa<CXXBindTemporaryExpr>(S)) {
+ } else if (isa<CXXBindTemporaryExpr>(S)) {
OS << " (BindTemporary)";
- }
- else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) {
- OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")";
- }
- else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) {
+ } else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) {
+ OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ')';
+ } else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) {
OS << " (" << CE->getStmtClassName() << ", "
<< CE->getCastKindName()
<< ", " << CE->getType().getAsString()
@@ -4592,6 +4651,12 @@
// Expressions need a newline.
if (isa<Expr>(S))
OS << '\n';
+ } else if (Optional<CFGConstructor> CE = E.getAs<CFGConstructor>()) {
+ CE->getConstructor()->printPretty(OS, &Helper,
+ PrintingPolicy(Helper.getLangOpts()));
+ OS << " (CXXConstructExpr, ";
+ Helper.handledStmt(const_cast<Stmt *>(CE->getTriggerStmt()), OS);
+ OS << ", " << CE->getType().getAsString() << ")\n";
} else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) {
const CXXCtorInitializer *I = IE->getInitializer();
if (I->isBaseInitializer())
Index: lib/Analysis/AnalysisDeclContext.cpp
===================================================================
--- lib/Analysis/AnalysisDeclContext.cpp
+++ lib/Analysis/AnalysisDeclContext.cpp
@@ -67,7 +67,8 @@
ASTContext &ASTCtx, bool useUnoptimizedCFG, bool addImplicitDtors,
bool addInitializers, bool addTemporaryDtors, bool addLifetime,
bool addLoopExit, bool synthesizeBodies, bool addStaticInitBranch,
- bool addCXXNewAllocator, CodeInjector *injector)
+ bool addCXXNewAllocator, bool addRichCXXConstructors,
+ CodeInjector *injector)
: Injector(injector), FunctionBodyFarm(ASTCtx, injector),
SynthesizeBodies(synthesizeBodies) {
cfgBuildOptions.PruneTriviallyFalseEdges = !useUnoptimizedCFG;
@@ -78,6 +79,7 @@
cfgBuildOptions.AddLoopExit = addLoopExit;
cfgBuildOptions.AddStaticInitBranches = addStaticInitBranch;
cfgBuildOptions.AddCXXNewAllocator = addCXXNewAllocator;
+ cfgBuildOptions.AddRichCXXConstructors = addRichCXXConstructors;
}
void AnalysisDeclContextManager::clear() { Contexts.clear(); }
Index: include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
===================================================================
--- include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
+++ include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
@@ -194,7 +194,7 @@
void processCFGElement(const CFGElement E, ExplodedNode *Pred,
unsigned StmtIdx, NodeBuilderContext *Ctx) override;
- void ProcessStmt(const CFGStmt S, ExplodedNode *Pred);
+ void ProcessStmt(const Stmt *S, ExplodedNode *Pred);
void ProcessLoopExit(const Stmt* S, ExplodedNode *Pred);
Index: include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
===================================================================
--- include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
+++ include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
@@ -221,6 +221,9 @@
/// \sa IncludeLoopExitInCFG
Optional<bool> IncludeLoopExitInCFG;
+ /// \sa IncludeRichConstructorsInCFG
+ Optional<bool> IncludeRichConstructorsInCFG;
+
/// \sa mayInlineCXXStandardLibrary
Optional<bool> InlineCXXStandardLibrary;
@@ -432,6 +435,13 @@
/// the values "true" and "false".
bool includeLoopExitInCFG();
+ /// Returns whether or not construction site information should be included
+ /// in the CFG C++ constructor elements.
+ ///
+ /// This is controlled by the 'cfg-rich-constructors' config options,
+ /// which accepts the values "true" and "false".
+ bool includeRichConstructorsInCFG();
+
/// Returns whether or not C++ standard library functions may be considered
/// for inlining.
///
Index: include/clang/Analysis/CFG.h
===================================================================
--- include/clang/Analysis/CFG.h
+++ include/clang/Analysis/CFG.h
@@ -15,7 +15,7 @@
#ifndef LLVM_CLANG_ANALYSIS_CFG_H
#define LLVM_CLANG_ANALYSIS_CFG_H
-#include "clang/AST/Stmt.h"
+#include "clang/AST/ExprCXX.h"
#include "clang/Analysis/Support/BumpVector.h"
#include "clang/Basic/LLVM.h"
#include "llvm/ADT/DenseMap.h"
@@ -56,6 +56,7 @@
enum Kind {
// main kind
Statement,
+ Constructor,
Initializer,
NewAllocator,
LifetimeEnds,
@@ -117,7 +118,7 @@
class CFGStmt : public CFGElement {
public:
- CFGStmt(Stmt *S) : CFGElement(Statement, S) {}
+ explicit CFGStmt(Stmt *S) : CFGElement(Statement, S) {}
const Stmt *getStmt() const {
return static_cast<const Stmt *>(Data1.getPointer());
@@ -133,11 +134,75 @@
}
};
+// This is bulky data for CFGConstructor which would not fit into the
+// CFGElement's room (pair of pointers). Contains the information
+// necessary to express what memory is being initialized by
+// the construction.
+class ConstructionContext {
+ // The constructor that is going to be executed. We describe the context for
+ // this constructor. It describes how are we constructing the object.
+ CXXConstructExpr *Constructor;
+ // The construction site - the statement that triggered the construction
+ // for one of its parts. For instance, stack variable declaration statement
+ // triggers construction of itself or its elements if it's an array,
+ // new-expression triggers construction of the newly allocated object(s).
+ Stmt *Trigger;
+
+public:
+
+ ConstructionContext() = default;
+ ConstructionContext(CXXConstructExpr *Constructor, Stmt *Trigger)
+ : Constructor(Constructor), Trigger(Trigger) {}
+
+ bool isNull() const { return Constructor == nullptr; }
+
+ const CXXConstructExpr *getConstructor() const { return Constructor; }
+ const Stmt *getTriggerStmt() const { return Trigger; }
+
+ const ConstructionContext *getPersistentCopy(BumpVectorContext &C) const {
+ ConstructionContext *CC = C.getAllocator().Allocate<ConstructionContext>();
+ *CC = *this;
+ return CC;
+ }
+};
+
+/// CFGConstructor - Represents C++ constructor call. Maintains information
+/// necessary to figure out what memory is being initialized by the
+/// constructor expression. For now this is only used by the analyzer's CFG.
+class CFGConstructor : public CFGElement {
+public:
+ explicit CFGConstructor(const ConstructionContext *C)
+ : CFGElement(Constructor, C) {}
+
+ const ConstructionContext *getConstructionContext() const {
+ return static_cast<ConstructionContext *>(Data1.getPointer());
+ }
+
+ const CXXConstructExpr *getConstructor() const {
+ return getConstructionContext()->getConstructor();
+ }
+
+ QualType getType() const { return getConstructor()->getType(); }
+
+ const Stmt *getTriggerStmt() const {
+ return getConstructionContext()->getTriggerStmt();
+ }
+
+private:
+ friend class CFGElement;
+
+ CFGConstructor() = default;
+
+ static bool isKind(const CFGElement &E) {
+ return E.getKind() == Constructor;
+ }
+};
+
/// CFGInitializer - Represents C++ base or member initializer from
/// constructor's initialization list.
class CFGInitializer : public CFGElement {
public:
- CFGInitializer(CXXCtorInitializer *initializer)
+ explicit CFGInitializer(CXXCtorInitializer *initializer)
: CFGElement(Initializer, initializer) {}
CXXCtorInitializer* getInitializer() const {
@@ -747,6 +812,10 @@
Elements.push_back(CFGStmt(statement), C);
}
+ void appendConstructor(const ConstructionContext &CC, BumpVectorContext &C) {
+ Elements.push_back(CFGConstructor(CC.getPersistentCopy(C)), C);
+ }
+
void appendInitializer(CXXCtorInitializer *initializer,
BumpVectorContext &C) {
Elements.push_back(CFGInitializer(initializer), C);
@@ -855,6 +924,7 @@
bool AddStaticInitBranches = false;
bool AddCXXNewAllocator = false;
bool AddCXXDefaultInitExprInCtors = false;
+ bool AddRichCXXConstructors = false;
BuildOptions() = default;
Index: include/clang/Analysis/AnalysisDeclContext.h
===================================================================
--- include/clang/Analysis/AnalysisDeclContext.h
+++ include/clang/Analysis/AnalysisDeclContext.h
@@ -439,6 +439,7 @@
bool synthesizeBodies = false,
bool addStaticInitBranches = false,
bool addCXXNewAllocator = true,
+ bool addRichCXXConstructors = true,
CodeInjector *injector = nullptr);
AnalysisDeclContext *getContext(const Decl *D);
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
