Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / c22eb066dd85c69ad05e852666a31afd0437a2f6 / . / Analysis / GREngine.cpp
blob: 3d46fa35fe3c71f2d1a604d6f2159665df184b20 [file] [log] [blame]
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]1//==- GREngine.cpp - Path-Sensitive Dataflow Engine ----------------*- C++ -*-//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file defines a generic engine for intraprocedural, path-sensitive,
11// dataflow analysis via graph reachability engine.
12//
13//===----------------------------------------------------------------------===//
14
15#include "clang/Analysis/PathSensitive/GREngine.h"
16#include "clang/AST/Expr.h"
17#include "llvm/Support/Compiler.h"
18#include "llvm/Support/Casting.h"
19#include "llvm/ADT/DenseMap.h"
20#include <vector>
21
22using llvm::cast;
23using llvm::isa;
24using namespace clang;
25
26namespace {
27 class VISIBILITY_HIDDEN DFS : public GRWorkList {
28 llvm::SmallVector<GRWorkListUnit,20> Stack;
29public:
30 virtual bool hasWork() const {
31 return !Stack.empty();
32 }
33
34 virtual void Enqueue(const GRWorkListUnit& U) {
35 Stack.push_back(U);
36 }
37
38 virtual GRWorkListUnit Dequeue() {
39 assert (!Stack.empty());
40 const GRWorkListUnit& U = Stack.back();
41 Stack.pop_back(); // This technically "invalidates" U, but we are fine.
42 return U;
43 }
44};
45} // end anonymous namespace
46
Ted Kremenekd2500ab2008-01-16 18:18:48 +0000[diff] [blame]47// Place the dstor for GRWorkList here because it contains virtual member
48// functions, and we the code for the dstor generated in one compilation unit.
49GRWorkList::~GRWorkList() {}
50
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]51GRWorkList* GRWorkList::MakeDFS() { return new DFS(); }
52
53/// ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.
54bool GREngineImpl::ExecuteWorkList(unsigned Steps) {
55
56 if (G->num_roots() == 0) { // Initialize the analysis by constructing
57 // the root if none exists.
58
Ted Kremenek7c647412008-01-29 00:33:40 +0000[diff] [blame]59 CFGBlock* Entry = &getCFG().getEntry();
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]60
61 assert (Entry->empty() &&
62 "Entry block must be empty.");
63
64 assert (Entry->succ_size() == 1 &&
65 "Entry block must have 1 successor.");
66
67 // Get the solitary successor.
68 CFGBlock* Succ = *(Entry->succ_begin());
69
70 // Construct an edge representing the
71 // starting location in the function.
Ted Kremenek7c647412008-01-29 00:33:40 +0000[diff] [blame]72 BlockEdge StartLoc(getCFG(), Entry, Succ);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]73
Ted Kremenek4b170e52008-02-12 18:08:17 +0000[diff] [blame]74 // Set the current block counter to being empty.
75 WList->setBlockCounter(BCounterFactory.GetEmptyCounter());
76
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]77 // Generate the root.
78 GenerateNode(StartLoc, getInitialState());
79 }
80
81 while (Steps && WList->hasWork()) {
82 --Steps;
83 const GRWorkListUnit& WU = WList->Dequeue();
Ted Kremenek4b170e52008-02-12 18:08:17 +0000[diff] [blame]84
85 // Set the current block counter.
86 WList->setBlockCounter(WU.getBlockCounter());
87
88 // Retrieve the node.
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]89 ExplodedNodeImpl* Node = WU.getNode();
90
91 // Dispatch on the location type.
92 switch (Node->getLocation().getKind()) {
93 default:
94 assert (isa<BlockEdge>(Node->getLocation()));
95 HandleBlockEdge(cast<BlockEdge>(Node->getLocation()), Node);
96 break;
97
98 case ProgramPoint::BlockEntranceKind:
99 HandleBlockEntrance(cast<BlockEntrance>(Node->getLocation()), Node);
100 break;
101
102 case ProgramPoint::BlockExitKind:
Ted Kremenek3226a652008-01-15 00:24:08 +0000[diff] [blame]103 assert (false && "BlockExit location never occur in forward analysis.");
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]104 break;
105
106 case ProgramPoint::PostStmtKind:
107 HandlePostStmt(cast<PostStmt>(Node->getLocation()), WU.getBlock(),
108 WU.getIndex(), Node);
109 break;
110 }
111 }
112
113 return WList->hasWork();
114}
115
116void GREngineImpl::HandleBlockEdge(const BlockEdge& L, ExplodedNodeImpl* Pred) {
117
118 CFGBlock* Blk = L.getDst();
119
120 // Check if we are entering the EXIT block.
Ted Kremenek7c647412008-01-29 00:33:40 +0000[diff] [blame]121 if (Blk == &getCFG().getExit()) {
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]122
Ted Kremenek7c647412008-01-29 00:33:40 +0000[diff] [blame]123 assert (getCFG().getExit().size() == 0
124 && "EXIT block cannot contain Stmts.");
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]125
126 // Process the final state transition.
127 void* State = ProcessEOP(Blk, Pred->State);
128
129 bool IsNew;
130 ExplodedNodeImpl* Node = G->getNodeImpl(BlockEntrance(Blk), State, &IsNew);
131 Node->addPredecessor(Pred);
132
133 // If the node was freshly created, mark it as an "End-Of-Path" node.
134 if (IsNew) G->addEndOfPath(Node);
135
136 // This path is done. Don't enqueue any more nodes.
137 return;
138 }
139
140 // FIXME: we will dispatch to a function that
141 // manipulates the state at the entrance to a block.
142
Ted Kremenek3226a652008-01-15 00:24:08 +0000[diff] [blame]143 GenerateNode(BlockEntrance(Blk), Pred->State, Pred);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]144}
145
146void GREngineImpl::HandleBlockEntrance(const BlockEntrance& L,
147 ExplodedNodeImpl* Pred) {
148
Ted Kremenek4b170e52008-02-12 18:08:17 +0000[diff] [blame]149 // Increment the block counter.
150 GRBlockCounter Counter = WList->getBlockCounter();
151 Counter = BCounterFactory.IncrementCount(Counter, L.getBlock()->getBlockID());
152 WList->setBlockCounter(Counter);
153
154 // Process the entrance of the block.
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]155 if (Stmt* S = L.getFirstStmt()) {
Ted Kremenek1118e582008-01-29 22:11:49 +0000[diff] [blame]156 GRStmtNodeBuilderImpl Builder(L.getBlock(), 0, Pred, this);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]157 ProcessStmt(S, Builder);
158 }
Ted Kremenek3226a652008-01-15 00:24:08 +0000[diff] [blame]159 else
160 HandleBlockExit(L.getBlock(), Pred);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]161}
162
163
Ted Kremenek3226a652008-01-15 00:24:08 +0000[diff] [blame]164void GREngineImpl::HandleBlockExit(CFGBlock * B, ExplodedNodeImpl* Pred) {
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]165
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]166 if (Stmt* Term = B->getTerminator()) {
167 switch (Term->getStmtClass()) {
168 default:
169 assert(false && "Analysis for this terminator not implemented.");
170 break;
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]171
172 case Stmt::BinaryOperatorClass: // '&&' and '||'
173 HandleBranch(cast<BinaryOperator>(Term)->getLHS(), Term, B, Pred);
174 return;
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]175
Ted Kremenek1f0eb992008-02-05 00:26:40 +0000[diff] [blame]176 case Stmt::ConditionalOperatorClass:
177 HandleBranch(cast<ConditionalOperator>(Term)->getCond(), Term, B, Pred);
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]178 return;
179
180 // FIXME: Use constant-folding in CFG construction to simplify this
181 // case.
Ted Kremenek1f0eb992008-02-05 00:26:40 +0000[diff] [blame]182
183 case Stmt::ChooseExprClass:
184 HandleBranch(cast<ChooseExpr>(Term)->getCond(), Term, B, Pred);
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]185 return;
Ted Kremenek1f0eb992008-02-05 00:26:40 +0000[diff] [blame]186
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]187 case Stmt::DoStmtClass:
188 HandleBranch(cast<DoStmt>(Term)->getCond(), Term, B, Pred);
189 return;
190
191 case Stmt::ForStmtClass:
192 HandleBranch(cast<ForStmt>(Term)->getCond(), Term, B, Pred);
193 return;
Ted Kremenekc22eb062008-02-13 16:56:51 +0000[diff] [blame^]194
195 case Stmt::ContinueStmtClass:
196 case Stmt::BreakStmtClass:
197 case Stmt::GotoStmtClass:
Ted Kremenek1f0eb992008-02-05 00:26:40 +0000[diff] [blame]198 break;
199
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]200 case Stmt::IfStmtClass:
201 HandleBranch(cast<IfStmt>(Term)->getCond(), Term, B, Pred);
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]202 return;
Ted Kremenek677f4ef2008-02-13 00:24:44 +0000[diff] [blame]203
204 case Stmt::IndirectGotoStmtClass: {
205 // Only 1 successor: the indirect goto dispatch block.
206 assert (B->succ_size() == 1);
207
208 GRIndirectGotoNodeBuilderImpl
209 builder(Pred, B, cast<IndirectGotoStmt>(Term)->getTarget(),
210 *(B->succ_begin()), this);
211
212 ProcessIndirectGoto(builder);
213 return;
214 }
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]215
216 case Stmt::WhileStmtClass:
217 HandleBranch(cast<WhileStmt>(Term)->getCond(), Term, B, Pred);
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]218 return;
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]219 }
220 }
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]221
222 assert (B->succ_size() == 1 &&
223 "Blocks with no terminator should have at most 1 successor.");
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]224
Ted Kremenek6ff52182008-02-12 21:51:20 +0000[diff] [blame]225 GenerateNode(BlockEdge(getCFG(),B,*(B->succ_begin())), Pred->State, Pred);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]226}
227
Ted Kremenek1f0eb992008-02-05 00:26:40 +0000[diff] [blame]228void GREngineImpl::HandleBranch(Expr* Cond, Stmt* Term, CFGBlock * B,
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]229 ExplodedNodeImpl* Pred) {
230 assert (B->succ_size() == 2);
231
Ted Kremenek4b170e52008-02-12 18:08:17 +0000[diff] [blame]232 GRBranchNodeBuilderImpl Builder(B, *(B->succ_begin()), *(B->succ_begin()+1),
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]233 Pred, this);
234
235 ProcessBranch(Cond, Term, Builder);
236}
237
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]238void GREngineImpl::HandlePostStmt(const PostStmt& L, CFGBlock* B,
239 unsigned StmtIdx, ExplodedNodeImpl* Pred) {
240
241 assert (!B->empty());
242
Ted Kremenek3226a652008-01-15 00:24:08 +0000[diff] [blame]243 if (StmtIdx == B->size())
244 HandleBlockExit(B, Pred);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]245 else {
Ted Kremenek1118e582008-01-29 22:11:49 +0000[diff] [blame]246 GRStmtNodeBuilderImpl Builder(B, StmtIdx, Pred, this);
Ted Kremenekc0f1aae2008-01-16 22:13:19 +0000[diff] [blame]247 ProcessStmt((*B)[StmtIdx], Builder);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]248 }
249}
250
251typedef llvm::DenseMap<Stmt*,Stmt*> ParentMapTy;
252/// PopulateParentMap - Recurse the AST starting at 'Parent' and add the
253/// mappings between child and parent to ParentMap.
254static void PopulateParentMap(Stmt* Parent, ParentMapTy& M) {
255 for (Stmt::child_iterator I=Parent->child_begin(),
256 E=Parent->child_end(); I!=E; ++I) {
257
258 assert (M.find(*I) == M.end());
259 M[*I] = Parent;
260 PopulateParentMap(*I, M);
261 }
262}
263
264/// GenerateNode - Utility method to generate nodes, hook up successors,
265/// and add nodes to the worklist.
266void GREngineImpl::GenerateNode(const ProgramPoint& Loc, void* State,
267 ExplodedNodeImpl* Pred) {
268
269 bool IsNew;
270 ExplodedNodeImpl* Node = G->getNodeImpl(Loc, State, &IsNew);
271
272 if (Pred)
273 Node->addPredecessor(Pred); // Link 'Node' with its predecessor.
274 else {
275 assert (IsNew);
276 G->addRoot(Node); // 'Node' has no predecessor. Make it a root.
277 }
278
279 // Only add 'Node' to the worklist if it was freshly generated.
Ted Kremenek4b170e52008-02-12 18:08:17 +0000[diff] [blame]280 if (IsNew) WList->Enqueue(Node);
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]281}
282
Ted Kremenek1118e582008-01-29 22:11:49 +0000[diff] [blame]283GRStmtNodeBuilderImpl::GRStmtNodeBuilderImpl(CFGBlock* b, unsigned idx,
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]284 ExplodedNodeImpl* N, GREngineImpl* e)
285 : Eng(*e), B(*b), Idx(idx), LastNode(N), Populated(false) {
286 Deferred.insert(N);
287}
288
Ted Kremenek1118e582008-01-29 22:11:49 +0000[diff] [blame]289GRStmtNodeBuilderImpl::~GRStmtNodeBuilderImpl() {
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]290 for (DeferredTy::iterator I=Deferred.begin(), E=Deferred.end(); I!=E; ++I)
Ted Kremenek90960972008-01-30 23:03:39 +0000[diff] [blame]291 if (!(*I)->isSink())
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]292 GenerateAutoTransition(*I);
293}
294
Ted Kremenek1118e582008-01-29 22:11:49 +0000[diff] [blame]295void GRStmtNodeBuilderImpl::GenerateAutoTransition(ExplodedNodeImpl* N) {
Ted Kremenek90960972008-01-30 23:03:39 +0000[diff] [blame]296 assert (!N->isSink());
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]297
298 PostStmt Loc(getStmt());
299
300 if (Loc == N->getLocation()) {
301 // Note: 'N' should be a fresh node because otherwise it shouldn't be
302 // a member of Deferred.
303 Eng.WList->Enqueue(N, B, Idx+1);
304 return;
305 }
306
307 bool IsNew;
308 ExplodedNodeImpl* Succ = Eng.G->getNodeImpl(Loc, N->State, &IsNew);
309 Succ->addPredecessor(N);
310
311 if (IsNew)
312 Eng.WList->Enqueue(Succ, B, Idx+1);
313}
314
Ted Kremenek1118e582008-01-29 22:11:49 +0000[diff] [blame]315ExplodedNodeImpl* GRStmtNodeBuilderImpl::generateNodeImpl(Stmt* S, void* State,
Ted Kremenekef27b4b2008-01-14 23:24:37 +0000[diff] [blame]316 ExplodedNodeImpl* Pred) {
317
318 bool IsNew;
319 ExplodedNodeImpl* N = Eng.G->getNodeImpl(PostStmt(S), State, &IsNew);
320 N->addPredecessor(Pred);
321 Deferred.erase(Pred);
322
323 HasGeneratedNode = true;
324
325 if (IsNew) {
326 Deferred.insert(N);
327 LastNode = N;
328 return N;
329 }
330
331 LastNode = NULL;
332 return NULL;
333}
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]334
Ted Kremenek90960972008-01-30 23:03:39 +0000[diff] [blame]335ExplodedNodeImpl* GRBranchNodeBuilderImpl::generateNodeImpl(void* State,
336 bool branch) {
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]337 bool IsNew;
338
339 ExplodedNodeImpl* Succ =
340 Eng.G->getNodeImpl(BlockEdge(Eng.getCFG(), Src, branch ? DstT : DstF),
341 State, &IsNew);
342
343 Succ->addPredecessor(Pred);
344
Ted Kremenek6ff3cea2008-01-29 23:32:35 +0000[diff] [blame]345 if (branch) GeneratedTrue = true;
346 else GeneratedFalse = true;
347
Ted Kremenek90960972008-01-30 23:03:39 +0000[diff] [blame]348 if (IsNew) {
Ted Kremenek428d39e2008-01-30 23:24:39 +0000[diff] [blame]349 Deferred.push_back(Succ);
Ted Kremenek90960972008-01-30 23:03:39 +0000[diff] [blame]350 return Succ;
351 }
352
353 return NULL;
Ted Kremenek19fbb102008-01-29 22:56:11 +0000[diff] [blame]354}
Ted Kremenek6ff3cea2008-01-29 23:32:35 +0000[diff] [blame]355
356GRBranchNodeBuilderImpl::~GRBranchNodeBuilderImpl() {
357 if (!GeneratedTrue) generateNodeImpl(Pred->State, true);
358 if (!GeneratedFalse) generateNodeImpl(Pred->State, false);
Ted Kremenek428d39e2008-01-30 23:24:39 +0000[diff] [blame]359
360 for (DeferredTy::iterator I=Deferred.begin(), E=Deferred.end(); I!=E; ++I)
Ted Kremenek4b170e52008-02-12 18:08:17 +0000[diff] [blame]361 if (!(*I)->isSink()) Eng.WList->Enqueue(*I);
Ted Kremenek6ff3cea2008-01-29 23:32:35 +0000[diff] [blame]362}
Ted Kremenek677f4ef2008-02-13 00:24:44 +0000[diff] [blame]363
364GRIndirectGotoNodeBuilderImpl::Destination
365GRIndirectGotoNodeBuilderImpl::Iterator::operator*() {
366 CFGBlock* B = *I;
367 assert (!B->empty());
368 LabelStmt* L = cast<LabelStmt>(B->getLabel());
369 return Destination(L, *I);
370}
371
372GRIndirectGotoNodeBuilderImpl::Iterator
373GRIndirectGotoNodeBuilderImpl::begin() {
374 return Iterator(DispatchBlock.succ_begin());
375}
376
377GRIndirectGotoNodeBuilderImpl::Iterator
378GRIndirectGotoNodeBuilderImpl::end() {
379 return Iterator(DispatchBlock.succ_end());
380}
381
382ExplodedNodeImpl*
383GRIndirectGotoNodeBuilderImpl::generateNodeImpl(const Destination& D,
384 void* St,
385 bool isSink) {
386 bool IsNew;
387
388 ExplodedNodeImpl* Succ =
389 Eng.G->getNodeImpl(BlockEdge(Eng.getCFG(), Src, D.getBlock(), true),
390 St, &IsNew);
391
392 Succ->addPredecessor(Pred);
393
394 if (IsNew) {
395
396 if (isSink)
397 Succ->markAsSink();
398 else
399 Eng.WList->Enqueue(Succ);
400
401 return Succ;
402 }
403
404 return NULL;
405}