Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 4dccb90e92ba9e4abffe0177493b6db9949678dd / . / lib / Analysis / UninitializedValuesV2.cpp
blob: c5b093b7ade80c3ba0a1ac707ef806326d4aad5b [file] [log] [blame]
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]1//==- UninitializedValuesV2.cpp - Find Uninitialized Values -----*- C++ --*-==//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file implements uninitialized values analysis for source-level CFGs.
11//
12//===----------------------------------------------------------------------===//
13
14#include "llvm/ADT/Optional.h"
15#include "llvm/ADT/SmallVector.h"
16#include "llvm/ADT/BitVector.h"
17#include "llvm/ADT/DenseMap.h"
18#include "clang/AST/Decl.h"
19#include "clang/Analysis/CFG.h"
20#include "clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h"
21#include "clang/Analysis/Analyses/UninitializedValuesV2.h"
22
23using namespace clang;
24
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]25static bool isTrackedVar(const VarDecl *vd) {
26 return vd->isLocalVarDecl() && !vd->hasGlobalStorage() &&
27 vd->getType()->isScalarType();
28}
29
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]30//------------------------------------------------------------------------====//
31// DeclToBit: a mapping from Decls we track to bitvector indices.
32//====------------------------------------------------------------------------//
33
34namespace {
35class DeclToBit {
36 llvm::DenseMap<const VarDecl *, unsigned> map;
37public:
38 DeclToBit() {}
39
40 /// Compute the actual mapping from declarations to bits.
41 void computeMap(const DeclContext &dc);
42
43 /// Return the number of declarations in the map.
44 unsigned size() const { return map.size(); }
45
46 /// Returns the bit vector index for a given declaration.
47 llvm::Optional<unsigned> getBitVectorIndex(const VarDecl *d);
48};
49}
50
51void DeclToBit::computeMap(const DeclContext &dc) {
52 unsigned count = 0;
53 DeclContext::specific_decl_iterator<VarDecl> I(dc.decls_begin()),
54 E(dc.decls_end());
55 for ( ; I != E; ++I) {
56 const VarDecl *vd = *I;
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]57 if (isTrackedVar(vd))
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]58 map[vd] = count++;
59 }
60}
61
62llvm::Optional<unsigned> DeclToBit::getBitVectorIndex(const VarDecl *d) {
63 llvm::DenseMap<const VarDecl *, unsigned>::iterator I = map.find(d);
64 if (I == map.end())
65 return llvm::Optional<unsigned>();
66 return I->second;
67}
68
69//------------------------------------------------------------------------====//
70// CFGBlockValues: dataflow values for CFG blocks.
71//====------------------------------------------------------------------------//
72
73namespace {
74class CFGBlockValues {
75 const CFG &cfg;
76 llvm::BitVector **vals;
77 llvm::BitVector scratch;
78 DeclToBit declToBit;
79public:
80 CFGBlockValues(const CFG &cfg);
81 ~CFGBlockValues();
82
83 void computeSetOfDeclarations(const DeclContext &dc);
84 llvm::BitVector &getBitVector(const CFGBlock *block);
85 void mergeIntoScratch(llvm::BitVector const &source, bool isFirst);
86 bool updateBitVectorWithScratch(const CFGBlock *block);
87
88 bool hasNoDeclarations() const {
89 return declToBit.size() == 0;
90 }
91
92 void resetScratch();
93 llvm::BitVector::reference operator[](const VarDecl *vd);
94};
95}
96
97CFGBlockValues::CFGBlockValues(const CFG &c) : cfg(c), vals(0) {
98 unsigned n = cfg.getNumBlockIDs();
99 if (!n)
100 return;
101 vals = new llvm::BitVector*[n];
Francois Pichet2d78c372011-01-15 13:27:47 +0000[diff] [blame]102 memset(vals, 0, sizeof(*vals) * n);
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]103}
104
105CFGBlockValues::~CFGBlockValues() {
106 unsigned n = cfg.getNumBlockIDs();
107 if (n == 0)
108 return;
109 for (unsigned i = 0; i < n; ++i)
110 delete vals[i];
111 delete [] vals;
112}
113
114void CFGBlockValues::computeSetOfDeclarations(const DeclContext &dc) {
115 declToBit.computeMap(dc);
116 scratch.resize(declToBit.size());
117}
118
119llvm::BitVector &CFGBlockValues::getBitVector(const CFGBlock *block) {
120 unsigned idx = block->getBlockID();
121 llvm::BitVector *bv = vals[idx];
122 if (!bv) {
123 bv = new llvm::BitVector(declToBit.size());
124 vals[idx] = bv;
125 }
126 return *bv;
127}
128
129void CFGBlockValues::mergeIntoScratch(llvm::BitVector const &source,
130 bool isFirst) {
131 if (isFirst)
132 scratch = source;
133 else
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]134 scratch |= source;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]135}
136
137bool CFGBlockValues::updateBitVectorWithScratch(const CFGBlock *block) {
138 llvm::BitVector &dst = getBitVector(block);
139 bool changed = (dst != scratch);
140 if (changed)
141 dst = scratch;
142 return changed;
143}
144
145void CFGBlockValues::resetScratch() {
146 scratch.reset();
147}
148
149llvm::BitVector::reference CFGBlockValues::operator[](const VarDecl *vd) {
150 const llvm::Optional<unsigned> &idx = declToBit.getBitVectorIndex(vd);
151 assert(idx.hasValue());
152 return scratch[idx.getValue()];
153}
154
155//------------------------------------------------------------------------====//
156// Worklist: worklist for dataflow analysis.
157//====------------------------------------------------------------------------//
158
159namespace {
160class DataflowWorklist {
161 llvm::SmallVector<const CFGBlock *, 20> worklist;
162 llvm::BitVector enqueuedBlocks;
163public:
164 DataflowWorklist(const CFG &cfg) : enqueuedBlocks(cfg.getNumBlockIDs()) {}
165
166 void enqueue(const CFGBlock *block);
167 void enqueueSuccessors(const CFGBlock *block);
168 const CFGBlock *dequeue();
169
170};
171}
172
173void DataflowWorklist::enqueue(const CFGBlock *block) {
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]174 if (!block)
175 return;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]176 unsigned idx = block->getBlockID();
177 if (enqueuedBlocks[idx])
178 return;
179 worklist.push_back(block);
180 enqueuedBlocks[idx] = true;
181}
182
183void DataflowWorklist::enqueueSuccessors(const clang::CFGBlock *block) {
184 for (CFGBlock::const_succ_iterator I = block->succ_begin(),
185 E = block->succ_end(); I != E; ++I) {
186 enqueue(*I);
187 }
188}
189
190const CFGBlock *DataflowWorklist::dequeue() {
191 if (worklist.empty())
192 return 0;
193 const CFGBlock *b = worklist.back();
194 worklist.pop_back();
195 enqueuedBlocks[b->getBlockID()] = false;
196 return b;
197}
198
199//------------------------------------------------------------------------====//
200// Transfer function for uninitialized values analysis.
201//====------------------------------------------------------------------------//
202
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]203static const bool Initialized = false;
204static const bool Uninitialized = true;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]205
206namespace {
207class FindVarResult {
208 const VarDecl *vd;
209 const DeclRefExpr *dr;
210public:
211 FindVarResult(VarDecl *vd, DeclRefExpr *dr) : vd(vd), dr(dr) {}
212
213 const DeclRefExpr *getDeclRefExpr() const { return dr; }
214 const VarDecl *getDecl() const { return vd; }
215};
216
217class TransferFunctions : public CFGRecStmtVisitor<TransferFunctions> {
218 CFGBlockValues &vals;
219 const CFG &cfg;
220 UninitVariablesHandler *handler;
221public:
222 TransferFunctions(CFGBlockValues &vals, const CFG &cfg,
223 UninitVariablesHandler *handler)
224 : vals(vals), cfg(cfg), handler(handler) {}
225
226 const CFG &getCFG() { return cfg; }
227 void reportUninit(const DeclRefExpr *ex, const VarDecl *vd);
228
229 void VisitDeclStmt(DeclStmt *ds);
230 void VisitUnaryOperator(UnaryOperator *uo);
231 void VisitBinaryOperator(BinaryOperator *bo);
232 void VisitCastExpr(CastExpr *ce);
233};
234}
235
236void TransferFunctions::reportUninit(const DeclRefExpr *ex,
237 const VarDecl *vd) {
238 if (handler) handler->handleUseOfUninitVariable(ex, vd);
239}
240
241void TransferFunctions::VisitDeclStmt(DeclStmt *ds) {
242 for (DeclStmt::decl_iterator DI = ds->decl_begin(), DE = ds->decl_end();
243 DI != DE; ++DI) {
244 if (VarDecl *vd = dyn_cast<VarDecl>(*DI)) {
Ted Kremenek4dccb902011-01-18 05:00:42 +0000[diff] [blame^]245 if (isTrackedVar(vd)) {
246 vals[vd] = Uninitialized;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]247 if (Stmt *init = vd->getInit()) {
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]248 Visit(init);
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]249 vals[vd] = Initialized;
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]250 }
Ted Kremenek4dccb902011-01-18 05:00:42 +0000[diff] [blame^]251 }
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]252 }
253 }
254}
255
256static FindVarResult findBlockVarDecl(Expr* ex) {
257 if (DeclRefExpr* dr = dyn_cast<DeclRefExpr>(ex->IgnoreParenCasts()))
258 if (VarDecl *vd = dyn_cast<VarDecl>(dr->getDecl()))
Ted Kremenekc104e532011-01-18 04:53:25 +0000[diff] [blame]259 if (isTrackedVar(vd))
Ted Kremenek610068c2011-01-15 02:58:47 +0000[diff] [blame]260 return FindVarResult(vd, dr);
261
262 return FindVarResult(0, 0);
263}
264
265void TransferFunctions::VisitBinaryOperator(clang::BinaryOperator *bo) {
266 Visit(bo->getRHS());
267 Visit(bo->getLHS());
268 if (bo->isAssignmentOp()) {
269 const FindVarResult &res = findBlockVarDecl(bo->getLHS());
270 if (const VarDecl* vd = res.getDecl()) {
271 llvm::BitVector::reference bit = vals[vd];
272 if (bit == Uninitialized) {
273 if (bo->getOpcode() != BO_Assign)
274 reportUninit(res.getDeclRefExpr(), vd);
275 bit = Initialized;
276 }
277 }
278 }
279}
280
281void TransferFunctions::VisitUnaryOperator(clang::UnaryOperator *uo) {
282 Visit(uo->getSubExpr());
283 switch (uo->getOpcode()) {
284 case clang::UO_AddrOf:
285 if (const VarDecl *vd = findBlockVarDecl(uo->getSubExpr()).getDecl())
286 vals[vd] = Initialized;
287 break;
288 case clang::UO_PostDec:
289 case clang::UO_PostInc:
290 case clang::UO_PreDec:
291 case clang::UO_PreInc: {
292 const FindVarResult &res = findBlockVarDecl(uo->getSubExpr());
293 if (const VarDecl *vd = res.getDecl()) {
294 llvm::BitVector::reference bit = vals[vd];
295 if (bit == Uninitialized) {
296 reportUninit(res.getDeclRefExpr(), vd);
297 bit = Initialized;
298 }
299 }
300 break;
301 }
302 default:
303 break;
304 }
305}
306
307void TransferFunctions::VisitCastExpr(clang::CastExpr *ce) {
308 Visit(ce->getSubExpr());
309 if (ce->getCastKind() == CK_LValueToRValue) {
310 const FindVarResult &res = findBlockVarDecl(ce->getSubExpr());
311 if (const VarDecl *vd = res.getDecl())
312 if (vals[vd] == Uninitialized)
313 reportUninit(res.getDeclRefExpr(), vd);
314 }
315}
316
317//------------------------------------------------------------------------====//
318// High-level "driver" logic for uninitialized values analysis.
319//====------------------------------------------------------------------------//
320
321static void runOnBlock(const CFGBlock *block, const CFG &cfg,
322 CFGBlockValues &vals,
323 UninitVariablesHandler *handler = 0) {
324 // Merge in values of predecessor blocks.
325 vals.resetScratch();
326 bool isFirst = true;
327 for (CFGBlock::const_pred_iterator I = block->pred_begin(),
328 E = block->pred_end(); I != E; ++I) {
329 vals.mergeIntoScratch(vals.getBitVector(*I), isFirst);
330 isFirst = false;
331 }
332 // Apply the transfer function.
333 TransferFunctions tf(vals, cfg, handler);
334 for (CFGBlock::const_iterator I = block->begin(), E = block->end();
335 I != E; ++I) {
336 if (const CFGStmt *cs = dyn_cast<CFGStmt>(&*I)) {
337 tf.BlockStmt_Visit(cs->getStmt());
338 }
339 }
340}
341
342void clang::runUninitializedVariablesAnalysis(const DeclContext &dc,
343 const CFG &cfg,
344 UninitVariablesHandler &handler) {
345 CFGBlockValues vals(cfg);
346 vals.computeSetOfDeclarations(dc);
347 if (vals.hasNoDeclarations())
348 return;
349 DataflowWorklist worklist(cfg);
350 llvm::BitVector previouslyVisited(cfg.getNumBlockIDs());
351
352 worklist.enqueueSuccessors(&cfg.getEntry());
353
354 while (const CFGBlock *block = worklist.dequeue()) {
355 runOnBlock(block, cfg, vals);
356 // Did the block change?
357 bool changed = vals.updateBitVectorWithScratch(block);
358 if (changed || !previouslyVisited[block->getBlockID()])
359 worklist.enqueueSuccessors(block);
360 previouslyVisited[block->getBlockID()] = true;
361 }
362
363 // Run through the blocks one more time, and report uninitialized variabes.
364 for (CFG::const_iterator BI = cfg.begin(), BE = cfg.end(); BI != BE; ++BI) {
365 runOnBlock(*BI, cfg, vals, &handler);
366 }
367}
368
369UninitVariablesHandler::~UninitVariablesHandler() {}
370