Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 1ea800c4ca76d5bb41aa8a1e0a6c7628b9fff28d / . / lib / Analysis / UninitializedValuesV2.cpp
blob: 71a62f7e19f42af36127d933aafc929a8e39b65b [file] [log] [blame]
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]1//==- UninitializedValuesV2.cpp - Find Uninitialized Values -----*- C++ --*-==//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file implements uninitialized values analysis for source-level CFGs.
11//
12//===----------------------------------------------------------------------===//
13
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]14#include <utility>
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]15#include "llvm/ADT/Optional.h"
16#include "llvm/ADT/SmallVector.h"
17#include "llvm/ADT/BitVector.h"
18#include "llvm/ADT/DenseMap.h"
19#include "clang/AST/Decl.h"
20#include "clang/Analysis/CFG.h"
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]21#include "clang/Analysis/AnalysisContext.h"
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]22#include "clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h"
23#include "clang/Analysis/Analyses/UninitializedValuesV2.h"
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]24#include "clang/Analysis/Support/SaveAndRestore.h"
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]25
26using namespace clang;
27
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]28static bool isTrackedVar(const VarDecl *vd) {
29 return vd->isLocalVarDecl() && !vd->hasGlobalStorage() &&
30 vd->getType()->isScalarType();
31}
32
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]33//------------------------------------------------------------------------====//
34// DeclToBit: a mapping from Decls we track to bitvector indices.
35//====------------------------------------------------------------------------//
36
37namespace {
38class DeclToBit {
39 llvm::DenseMap<const VarDecl *, unsigned> map;
40public:
41 DeclToBit() {}
42
43 /// Compute the actual mapping from declarations to bits.
44 void computeMap(const DeclContext &dc);
45
46 /// Return the number of declarations in the map.
47 unsigned size() const { return map.size(); }
48
49 /// Returns the bit vector index for a given declaration.
50 llvm::Optional<unsigned> getBitVectorIndex(const VarDecl *d);
51};
52}
53
54void DeclToBit::computeMap(const DeclContext &dc) {
55 unsigned count = 0;
56 DeclContext::specific_decl_iterator<VarDecl> I(dc.decls_begin()),
57 E(dc.decls_end());
58 for ( ; I != E; ++I) {
59 const VarDecl *vd = *I;
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]60 if (isTrackedVar(vd))
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]61 map[vd] = count++;
62 }
63}
64
65llvm::Optional<unsigned> DeclToBit::getBitVectorIndex(const VarDecl *d) {
66 llvm::DenseMap<const VarDecl *, unsigned>::iterator I = map.find(d);
67 if (I == map.end())
68 return llvm::Optional<unsigned>();
69 return I->second;
70}
71
72//------------------------------------------------------------------------====//
73// CFGBlockValues: dataflow values for CFG blocks.
74//====------------------------------------------------------------------------//
75
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]76typedef std::pair<llvm::BitVector *, llvm::BitVector *> BVPair;
77
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]78namespace {
79class CFGBlockValues {
80 const CFG &cfg;
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]81 BVPair *vals;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]82 llvm::BitVector scratch;
83 DeclToBit declToBit;
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]84
85 llvm::BitVector &lazyCreate(llvm::BitVector *&bv);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]86public:
87 CFGBlockValues(const CFG &cfg);
88 ~CFGBlockValues();
89
90 void computeSetOfDeclarations(const DeclContext &dc);
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]91 llvm::BitVector &getBitVector(const CFGBlock *block,
92 const CFGBlock *dstBlock);
93
94 BVPair &getBitVectors(const CFGBlock *block);
95
96 BVPair getPredBitVectors(const CFGBlock *block);
97
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]98 void mergeIntoScratch(llvm::BitVector const &source, bool isFirst);
99 bool updateBitVectorWithScratch(const CFGBlock *block);
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]100 bool updateBitVectors(const CFGBlock *block, const BVPair &newVals);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]101
102 bool hasNoDeclarations() const {
103 return declToBit.size() == 0;
104 }
105
106 void resetScratch();
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]107 llvm::BitVector &getScratch() { return scratch; }
108
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]109 llvm::BitVector::reference operator[](const VarDecl *vd);
110};
111}
112
113CFGBlockValues::CFGBlockValues(const CFG &c) : cfg(c), vals(0) {
114 unsigned n = cfg.getNumBlockIDs();
115 if (!n)
116 return;
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]117 vals = new std::pair<llvm::BitVector*, llvm::BitVector*>[n];
Francois Pichet2d78c372011-01-15 13:27:47 +0000[diff] [blame]118 memset(vals, 0, sizeof(*vals) * n);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]119}
120
121CFGBlockValues::~CFGBlockValues() {
122 unsigned n = cfg.getNumBlockIDs();
123 if (n == 0)
124 return;
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]125 for (unsigned i = 0; i < n; ++i) {
126 delete vals[i].first;
127 delete vals[i].second;
128 }
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]129 delete [] vals;
130}
131
132void CFGBlockValues::computeSetOfDeclarations(const DeclContext &dc) {
133 declToBit.computeMap(dc);
134 scratch.resize(declToBit.size());
135}
136
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]137llvm::BitVector &CFGBlockValues::lazyCreate(llvm::BitVector *&bv) {
138 if (!bv)
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]139 bv = new llvm::BitVector(declToBit.size());
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]140 return *bv;
141}
142
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]143/// This function pattern matches for a '&&' or '||' that appears at
144/// the beginning of a CFGBlock that also (1) has a terminator and
145/// (2) has no other elements. If such an expression is found, it is returned.
146static BinaryOperator *getLogicalOperatorInChain(const CFGBlock *block) {
147 if (block->empty())
148 return 0;
149
150 CFGStmt cstmt = block->front().getAs<CFGStmt>();
151 BinaryOperator *b = llvm::dyn_cast_or_null<BinaryOperator>(cstmt.getStmt());
152 if (!b || !b->isLogicalOp() || block->getTerminatorCondition() != b)
153 return 0;
154 return b;
155}
156
157llvm::BitVector &CFGBlockValues::getBitVector(const CFGBlock *block,
158 const CFGBlock *dstBlock) {
159 unsigned idx = block->getBlockID();
Ted Kremenek2d4bed12011-01-20 21:25:31 +0000[diff] [blame]160 if (dstBlock && block->succ_size() == 2 && block->pred_size() == 2) {
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]161 assert(block->getTerminator());
162 if (getLogicalOperatorInChain(block)) {
163 if (*block->succ_begin() == dstBlock)
164 return lazyCreate(vals[idx].first);
165 assert(*(block->succ_begin()+1) == dstBlock);
166 return lazyCreate(vals[idx].second);
167 }
168 }
169
170 assert(vals[idx].second == 0);
171 return lazyCreate(vals[idx].first);
172}
173
174BVPair &CFGBlockValues::getBitVectors(const clang::CFGBlock *block) {
175 unsigned idx = block->getBlockID();
176 lazyCreate(vals[idx].first);
177 lazyCreate(vals[idx].second);
178 return vals[idx];
179}
180
181BVPair CFGBlockValues::getPredBitVectors(const clang::CFGBlock *block) {
182 assert(block->pred_size() == 2);
183 CFGBlock::const_pred_iterator itr = block->pred_begin();
184 llvm::BitVector &bvA = getBitVector(*itr, block);
185 ++itr;
186 return BVPair(&bvA, &getBitVector(*itr, block));
187}
188
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]189void CFGBlockValues::mergeIntoScratch(llvm::BitVector const &source,
190 bool isFirst) {
191 if (isFirst)
192 scratch = source;
193 else
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]194 scratch |= source;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]195}
196
197bool CFGBlockValues::updateBitVectorWithScratch(const CFGBlock *block) {
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]198 llvm::BitVector &dst = getBitVector(block, 0);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]199 bool changed = (dst != scratch);
200 if (changed)
201 dst = scratch;
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]202
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]203 return changed;
204}
205
206bool CFGBlockValues::updateBitVectors(const CFGBlock *block,
207 const BVPair &newVals) {
208 BVPair &vals = getBitVectors(block);
209 bool changed = *newVals.first != *vals.first ||
210 *newVals.second != *vals.second;
211 *vals.first = *newVals.first;
212 *vals.second = *newVals.second;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]213 return changed;
214}
215
216void CFGBlockValues::resetScratch() {
217 scratch.reset();
218}
219
220llvm::BitVector::reference CFGBlockValues::operator[](const VarDecl *vd) {
221 const llvm::Optional<unsigned> &idx = declToBit.getBitVectorIndex(vd);
222 assert(idx.hasValue());
223 return scratch[idx.getValue()];
224}
225
226//------------------------------------------------------------------------====//
227// Worklist: worklist for dataflow analysis.
228//====------------------------------------------------------------------------//
229
230namespace {
231class DataflowWorklist {
232 llvm::SmallVector<const CFGBlock *, 20> worklist;
233 llvm::BitVector enqueuedBlocks;
234public:
235 DataflowWorklist(const CFG &cfg) : enqueuedBlocks(cfg.getNumBlockIDs()) {}
236
237 void enqueue(const CFGBlock *block);
238 void enqueueSuccessors(const CFGBlock *block);
239 const CFGBlock *dequeue();
240
241};
242}
243
244void DataflowWorklist::enqueue(const CFGBlock *block) {
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]245 if (!block)
246 return;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]247 unsigned idx = block->getBlockID();
248 if (enqueuedBlocks[idx])
249 return;
250 worklist.push_back(block);
251 enqueuedBlocks[idx] = true;
252}
253
254void DataflowWorklist::enqueueSuccessors(const clang::CFGBlock *block) {
255 for (CFGBlock::const_succ_iterator I = block->succ_begin(),
256 E = block->succ_end(); I != E; ++I) {
257 enqueue(*I);
258 }
259}
260
261const CFGBlock *DataflowWorklist::dequeue() {
262 if (worklist.empty())
263 return 0;
264 const CFGBlock *b = worklist.back();
265 worklist.pop_back();
266 enqueuedBlocks[b->getBlockID()] = false;
267 return b;
268}
269
270//------------------------------------------------------------------------====//
271// Transfer function for uninitialized values analysis.
272//====------------------------------------------------------------------------//
273
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]274static const bool Initialized = false;
275static const bool Uninitialized = true;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]276
277namespace {
278class FindVarResult {
279 const VarDecl *vd;
280 const DeclRefExpr *dr;
281public:
282 FindVarResult(VarDecl *vd, DeclRefExpr *dr) : vd(vd), dr(dr) {}
283
284 const DeclRefExpr *getDeclRefExpr() const { return dr; }
285 const VarDecl *getDecl() const { return vd; }
286};
287
288class TransferFunctions : public CFGRecStmtVisitor<TransferFunctions> {
289 CFGBlockValues &vals;
290 const CFG &cfg;
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]291 AnalysisContext &ac;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]292 UninitVariablesHandler *handler;
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]293 const DeclRefExpr *currentDR;
Ted Kremenekdd0f7942011-01-26 04:49:43 +0000[diff] [blame]294 const Expr *currentVoidCast;
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]295 const bool flagBlockUses;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]296public:
297 TransferFunctions(CFGBlockValues &vals, const CFG &cfg,
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]298 AnalysisContext &ac,
299 UninitVariablesHandler *handler,
300 bool flagBlockUses)
301 : vals(vals), cfg(cfg), ac(ac), handler(handler), currentDR(0),
Ted Kremenekdd0f7942011-01-26 04:49:43 +0000[diff] [blame]302 currentVoidCast(0), flagBlockUses(flagBlockUses) {}
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]303
304 const CFG &getCFG() { return cfg; }
305 void reportUninit(const DeclRefExpr *ex, const VarDecl *vd);
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]306
307 void VisitBlockExpr(BlockExpr *be);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]308 void VisitDeclStmt(DeclStmt *ds);
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]309 void VisitDeclRefExpr(DeclRefExpr *dr);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]310 void VisitUnaryOperator(UnaryOperator *uo);
311 void VisitBinaryOperator(BinaryOperator *bo);
312 void VisitCastExpr(CastExpr *ce);
Ted Kremenek96608032011-01-23 17:53:04 +0000[diff] [blame]313 void VisitSizeOfAlignOfExpr(SizeOfAlignOfExpr *se);
Ted Kremenek1ea800c2011-01-27 02:01:31 +0000[diff] [blame^]314 void BlockStmt_VisitObjCForCollectionStmt(ObjCForCollectionStmt *fs);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]315};
316}
317
318void TransferFunctions::reportUninit(const DeclRefExpr *ex,
319 const VarDecl *vd) {
320 if (handler) handler->handleUseOfUninitVariable(ex, vd);
321}
322
Ted Kremenek1ea800c2011-01-27 02:01:31 +0000[diff] [blame^]323static FindVarResult findBlockVarDecl(Expr* ex) {
324 if (DeclRefExpr* dr = dyn_cast<DeclRefExpr>(ex->IgnoreParenCasts()))
325 if (VarDecl *vd = dyn_cast<VarDecl>(dr->getDecl()))
326 if (isTrackedVar(vd))
327 return FindVarResult(vd, dr);
328
329 return FindVarResult(0, 0);
330}
331
332void TransferFunctions::BlockStmt_VisitObjCForCollectionStmt(
333 ObjCForCollectionStmt *fs) {
334
335 Visit(fs->getCollection());
336
337 // This represents an initialization of the 'element' value.
338 Stmt *element = fs->getElement();
339 const VarDecl* vd = 0;
340
341 if (DeclStmt* ds = dyn_cast<DeclStmt>(element)) {
342 vd = cast<VarDecl>(ds->getSingleDecl());
343 if (!isTrackedVar(vd))
344 vd = 0;
345 }
346 else {
347 // Initialize the value of the reference variable.
348 const FindVarResult &res = findBlockVarDecl(cast<Expr>(element));
349 vd = res.getDecl();
350 if (!vd) {
351 Visit(element);
352 return;
353 }
354 }
355
356 if (vd)
357 vals[vd] = Initialized;
358}
359
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]360void TransferFunctions::VisitBlockExpr(BlockExpr *be) {
361 if (!flagBlockUses || !handler)
362 return;
363 AnalysisContext::referenced_decls_iterator i, e;
364 llvm::tie(i, e) = ac.getReferencedBlockVars(be->getBlockDecl());
365 for ( ; i != e; ++i) {
366 const VarDecl *vd = *i;
367 if (vd->getAttr<BlocksAttr>() || !vd->hasLocalStorage())
368 continue;
369 if (vals[vd] == Uninitialized)
370 handler->handleUseOfUninitVariable(be, vd);
371 }
372}
373
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]374void TransferFunctions::VisitDeclStmt(DeclStmt *ds) {
375 for (DeclStmt::decl_iterator DI = ds->decl_begin(), DE = ds->decl_end();
376 DI != DE; ++DI) {
377 if (VarDecl *vd = dyn_cast<VarDecl>(*DI)) {
Ted Kremenek4dccb902011-01-18 05:00:42 +0000[diff] [blame]378 if (isTrackedVar(vd)) {
379 vals[vd] = Uninitialized;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]380 if (Stmt *init = vd->getInit()) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]381 Visit(init);
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]382 vals[vd] = Initialized;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]383 }
Ted Kremenek4dccb902011-01-18 05:00:42 +0000[diff] [blame]384 }
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]385 else if (Stmt *init = vd->getInit()) {
386 Visit(init);
387 }
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]388 }
389 }
390}
391
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]392void TransferFunctions::VisitDeclRefExpr(DeclRefExpr *dr) {
393 // We assume that DeclRefExprs wrapped in an lvalue-to-rvalue cast
394 // cannot be block-level expressions. Therefore, we determine if
395 // a DeclRefExpr is involved in a "load" by comparing it to the current
396 // DeclRefExpr found when analyzing the last lvalue-to-rvalue CastExpr.
397 // If a DeclRefExpr is not involved in a load, we are essentially computing
398 // its address, either for assignment to a reference or via the '&' operator.
399 // In such cases, treat the variable as being initialized, since this
400 // analysis isn't powerful enough to do alias tracking.
401 if (dr != currentDR)
402 if (const VarDecl *vd = dyn_cast<VarDecl>(dr->getDecl()))
403 if (isTrackedVar(vd))
404 vals[vd] = Initialized;
405}
406
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]407void TransferFunctions::VisitBinaryOperator(clang::BinaryOperator *bo) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]408 if (bo->isAssignmentOp()) {
409 const FindVarResult &res = findBlockVarDecl(bo->getLHS());
410 if (const VarDecl* vd = res.getDecl()) {
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]411 // We assume that DeclRefExprs wrapped in a BinaryOperator "assignment"
412 // cannot be block-level expressions. Therefore, we determine if
413 // a DeclRefExpr is involved in a "load" by comparing it to the current
414 // DeclRefExpr found when analyzing the last lvalue-to-rvalue CastExpr.
415 SaveAndRestore<const DeclRefExpr*> lastDR(currentDR,
416 res.getDeclRefExpr());
417 Visit(bo->getRHS());
418 Visit(bo->getLHS());
419
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]420 llvm::BitVector::reference bit = vals[vd];
421 if (bit == Uninitialized) {
422 if (bo->getOpcode() != BO_Assign)
423 reportUninit(res.getDeclRefExpr(), vd);
424 bit = Initialized;
425 }
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]426 return;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]427 }
428 }
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]429 Visit(bo->getRHS());
430 Visit(bo->getLHS());
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]431}
432
433void TransferFunctions::VisitUnaryOperator(clang::UnaryOperator *uo) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]434 switch (uo->getOpcode()) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]435 case clang::UO_PostDec:
436 case clang::UO_PostInc:
437 case clang::UO_PreDec:
438 case clang::UO_PreInc: {
439 const FindVarResult &res = findBlockVarDecl(uo->getSubExpr());
440 if (const VarDecl *vd = res.getDecl()) {
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]441 // We assume that DeclRefExprs wrapped in a unary operator ++/--
442 // cannot be block-level expressions. Therefore, we determine if
443 // a DeclRefExpr is involved in a "load" by comparing it to the current
444 // DeclRefExpr found when analyzing the last lvalue-to-rvalue CastExpr.
445 SaveAndRestore<const DeclRefExpr*> lastDR(currentDR,
446 res.getDeclRefExpr());
447 Visit(uo->getSubExpr());
448
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]449 llvm::BitVector::reference bit = vals[vd];
450 if (bit == Uninitialized) {
451 reportUninit(res.getDeclRefExpr(), vd);
452 bit = Initialized;
453 }
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]454 return;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]455 }
456 break;
457 }
458 default:
459 break;
460 }
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]461 Visit(uo->getSubExpr());
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]462}
463
464void TransferFunctions::VisitCastExpr(clang::CastExpr *ce) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]465 if (ce->getCastKind() == CK_LValueToRValue) {
466 const FindVarResult &res = findBlockVarDecl(ce->getSubExpr());
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]467 if (const VarDecl *vd = res.getDecl()) {
468 // We assume that DeclRefExprs wrapped in an lvalue-to-rvalue cast
469 // cannot be block-level expressions. Therefore, we determine if
470 // a DeclRefExpr is involved in a "load" by comparing it to the current
471 // DeclRefExpr found when analyzing the last lvalue-to-rvalue CastExpr.
472 // Here we update 'currentDR' to be the one associated with this
473 // lvalue-to-rvalue cast. Then, when we analyze the DeclRefExpr, we
474 // will know that we are not computing its lvalue for other purposes
475 // than to perform a load.
476 SaveAndRestore<const DeclRefExpr*> lastDR(currentDR,
477 res.getDeclRefExpr());
478 Visit(ce->getSubExpr());
Ted Kremenekdd0f7942011-01-26 04:49:43 +0000[diff] [blame]479 if (currentVoidCast != ce && vals[vd] == Uninitialized) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]480 reportUninit(res.getDeclRefExpr(), vd);
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]481 // Don't cascade warnings.
482 vals[vd] = Initialized;
483 }
484 return;
485 }
Ted Kremenekdd0f7942011-01-26 04:49:43 +0000[diff] [blame]486 }
487 else if (CStyleCastExpr *cse = dyn_cast<CStyleCastExpr>(ce)) {
488 if (cse->getType()->isVoidType()) {
489 // e.g. (void) x;
490 SaveAndRestore<const Expr *>
491 lastVoidCast(currentVoidCast, cse->getSubExpr()->IgnoreParens());
492 Visit(cse->getSubExpr());
493 return;
494 }
495 }
Ted Kremenekc21fed32011-01-18 21:18:58 +0000[diff] [blame]496 Visit(ce->getSubExpr());
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]497}
498
Ted Kremenek96608032011-01-23 17:53:04 +0000[diff] [blame]499void TransferFunctions::VisitSizeOfAlignOfExpr(SizeOfAlignOfExpr *se) {
500 if (se->isSizeOf()) {
501 if (se->getType()->isConstantSizeType())
502 return;
503 // Handle VLAs.
504 Visit(se->getArgumentExpr());
505 }
506}
507
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]508//------------------------------------------------------------------------====//
509// High-level "driver" logic for uninitialized values analysis.
510//====------------------------------------------------------------------------//
511
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]512static bool runOnBlock(const CFGBlock *block, const CFG &cfg,
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]513 AnalysisContext &ac, CFGBlockValues &vals,
514 UninitVariablesHandler *handler = 0,
515 bool flagBlockUses = false) {
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]516
517 if (const BinaryOperator *b = getLogicalOperatorInChain(block)) {
Ted Kremenek2d4bed12011-01-20 21:25:31 +0000[diff] [blame]518 if (block->pred_size() == 2 && block->succ_size() == 2) {
519 assert(block->getTerminatorCondition() == b);
520 BVPair valsAB = vals.getPredBitVectors(block);
521 vals.mergeIntoScratch(*valsAB.first, true);
522 vals.mergeIntoScratch(*valsAB.second, false);
523 valsAB.second = &vals.getScratch();
524 if (b->getOpcode() == BO_LOr) {
525 // Ensure the invariant that 'first' corresponds to the true
526 // branch and 'second' to the false.
527 std::swap(valsAB.first, valsAB.second);
528 }
529 return vals.updateBitVectors(block, valsAB);
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]530 }
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]531 }
532
533 // Default behavior: merge in values of predecessor blocks.
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]534 vals.resetScratch();
535 bool isFirst = true;
536 for (CFGBlock::const_pred_iterator I = block->pred_begin(),
537 E = block->pred_end(); I != E; ++I) {
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]538 vals.mergeIntoScratch(vals.getBitVector(*I, block), isFirst);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]539 isFirst = false;
540 }
541 // Apply the transfer function.
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]542 TransferFunctions tf(vals, cfg, ac, handler, flagBlockUses);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]543 for (CFGBlock::const_iterator I = block->begin(), E = block->end();
544 I != E; ++I) {
545 if (const CFGStmt *cs = dyn_cast<CFGStmt>(&*I)) {
546 tf.BlockStmt_Visit(cs->getStmt());
547 }
548 }
Ted Kremenek13bd4232011-01-20 17:37:17 +0000[diff] [blame]549 return vals.updateBitVectorWithScratch(block);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]550}
551
552void clang::runUninitializedVariablesAnalysis(const DeclContext &dc,
553 const CFG &cfg,
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]554 AnalysisContext &ac,
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]555 UninitVariablesHandler &handler) {
556 CFGBlockValues vals(cfg);
557 vals.computeSetOfDeclarations(dc);
558 if (vals.hasNoDeclarations())
559 return;
560 DataflowWorklist worklist(cfg);
561 llvm::BitVector previouslyVisited(cfg.getNumBlockIDs());
562
563 worklist.enqueueSuccessors(&cfg.getEntry());
564
565 while (const CFGBlock *block = worklist.dequeue()) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]566 // Did the block change?
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]567 bool changed = runOnBlock(block, cfg, ac, vals);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]568 if (changed || !previouslyVisited[block->getBlockID()])
569 worklist.enqueueSuccessors(block);
570 previouslyVisited[block->getBlockID()] = true;
571 }
572
573 // Run through the blocks one more time, and report uninitialized variabes.
574 for (CFG::const_iterator BI = cfg.begin(), BE = cfg.end(); BI != BE; ++BI) {
Ted Kremeneka8c17a52011-01-25 19:13:48 +0000[diff] [blame]575 runOnBlock(*BI, cfg, ac, vals, &handler, /* flagBlockUses */ true);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]576 }
577}
578
579UninitVariablesHandler::~UninitVariablesHandler() {}
580