Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 65a506b364fb5cb27f18851f313c551dc6d56b3b / . / Analysis / UninitializedValues.cpp
blob: ce9454d0cc7d2b44ac63709a370ac0851130ed22 [file] [log] [blame]
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]1//==- UninitializedValues.cpp - Find Unintialized Values --------*- C++ --*-==//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file was developed by Ted Kremenek and is distributed under
6// the University of Illinois Open Source License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file implements Uninitialized Values analysis for source-level CFGs.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/Analysis/UninitializedValues.h"
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]15#include "clang/Analysis/CFGStmtVisitor.h"
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]16#include "clang/Analysis/LocalCheckers.h"
17#include "clang/Basic/Diagnostic.h"
18#include "clang/AST/ASTContext.h"
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]19#include "DataflowSolver.h"
20
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]21#include "llvm/ADT/SmallPtrSet.h"
22
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]23using namespace clang;
24
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]25//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]26// Dataflow initialization logic.
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]27//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]28
29namespace {
30
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]31class RegisterDeclsAndExprs : public CFGStmtVisitor<RegisterDeclsAndExprs> {
Ted Kremenek3e039752007-09-17 17:14:52 +0000[diff] [blame]32 UninitializedValues::AnalysisDataTy& AD;
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]33public:
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]34 RegisterDeclsAndExprs(UninitializedValues::AnalysisDataTy& ad) : AD(ad) {}
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]35
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]36 void VisitBlockVarDecl(BlockVarDecl* VD) {
37 if (AD.VMap.find(VD) == AD.VMap.end())
38 AD.VMap[VD] = AD.NumDecls++;
39 }
40
41 void VisitDeclChain(ScopedDecl* D) {
42 for (; D != NULL; D = D->getNextDeclarator())
43 if (BlockVarDecl* VD = dyn_cast<BlockVarDecl>(D))
44 VisitBlockVarDecl(VD);
Ted Kremenek3e039752007-09-17 17:14:52 +0000[diff] [blame]45 }
46
47 void BlockStmt_VisitExpr(Expr* E) {
48 if (AD.EMap.find(E) == AD.EMap.end())
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]49 AD.EMap[E] = AD.NumBlockExprs++;
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]50
51 Visit(E);
52 }
53
54 void VisitDeclRefExpr(DeclRefExpr* DR) {
55 VisitDeclChain(DR->getDecl());
56 }
57
58 void VisitDeclStmt(DeclStmt* S) {
59 VisitDeclChain(S->getDecl());
60 }
61
62 void VisitStmt(Stmt* S) {
63 VisitChildren(S);
64 }
65
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]66};
67
68} // end anonymous namespace
69
70void UninitializedValues::InitializeValues(const CFG& cfg) {
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]71 RegisterDeclsAndExprs R(this->getAnalysisData());
72
73 for (CFG::const_iterator I=cfg.begin(), E=cfg.end(); I!=E; ++I)
74 for (CFGBlock::const_iterator BI=I->begin(), BE=I->end(); BI!=BE; ++BI)
75 R.BlockStmt_Visit(*BI);
76
77 // Initialize the values of the last block.
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]78 UninitializedValues::ValTy& V = getBlockDataMap()[&cfg.getEntry()];
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]79 V.resetValues(getAnalysisData());
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]80}
81
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]82//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]83// Transfer functions.
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]84//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]85
86namespace {
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]87
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]88class TransferFuncs : public CFGStmtVisitor<TransferFuncs,bool> {
89 UninitializedValues::ValTy V;
Ted Kremenek3e039752007-09-17 17:14:52 +0000[diff] [blame]90 UninitializedValues::AnalysisDataTy& AD;
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]91public:
Ted Kremenek3e039752007-09-17 17:14:52 +0000[diff] [blame]92 TransferFuncs(UninitializedValues::AnalysisDataTy& ad) : AD(ad) {
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]93 V.resetValues(AD);
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]94 }
95
96 UninitializedValues::ValTy& getVal() { return V; }
Ted Kremenek3e039752007-09-17 17:14:52 +0000[diff] [blame]97
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]98 bool VisitDeclRefExpr(DeclRefExpr* DR);
99 bool VisitBinaryOperator(BinaryOperator* B);
100 bool VisitUnaryOperator(UnaryOperator* U);
101 bool VisitStmt(Stmt* S);
102 bool VisitCallExpr(CallExpr* C);
103 bool BlockStmt_VisitExpr(Expr* E);
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]104 bool VisitDeclStmt(DeclStmt* D);
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]105
106 static inline bool Initialized() { return true; }
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]107 static inline bool Uninitialized() { return false; }
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]108};
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]109
110
111bool TransferFuncs::VisitDeclRefExpr(DeclRefExpr* DR) {
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]112 if (BlockVarDecl* VD = dyn_cast<BlockVarDecl>(DR->getDecl())) {
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]113 assert ( AD.VMap.find(VD) != AD.VMap.end() && "Unknown VarDecl.");
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]114 if (AD.Observer)
115 AD.Observer->ObserveDeclRefExpr(V,AD,DR,VD);
116
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]117 return V.DeclBV[ AD.VMap[VD] ];
118 }
119 else
120 return Initialized();
121}
122
123bool TransferFuncs::VisitBinaryOperator(BinaryOperator* B) {
124 if (CFG::hasImplicitControlFlow(B)) {
125 assert ( AD.EMap.find(B) != AD.EMap.end() && "Unknown block-level expr.");
126 return V.ExprBV[ AD.EMap[B] ];
127 }
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]128
129 if (B->isAssignmentOp()) {
130 // Get the Decl for the LHS, if any
131 for (Stmt* S = B->getLHS() ;; ) {
132 if (ParenExpr* P = dyn_cast<ParenExpr>(S))
133 S = P->getSubExpr();
134 else if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(S))
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]135 if (BlockVarDecl* VD = dyn_cast<BlockVarDecl>(DR->getDecl())) {
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]136 assert ( AD.VMap.find(VD) != AD.VMap.end() && "Unknown VarDecl.");
137 return V.DeclBV[ AD.VMap[VD] ] = Visit(B->getRHS());
138 }
139
140 break;
141 }
142 }
143
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]144 return VisitStmt(B);
145}
146
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]147bool TransferFuncs::VisitDeclStmt(DeclStmt* S) {
148 bool x = Initialized();
149
150 for (ScopedDecl* D = S->getDecl(); D != NULL; D = D->getNextDeclarator())
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]151 if (BlockVarDecl* VD = dyn_cast<BlockVarDecl>(D))
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]152 if (Stmt* I = VD->getInit()) {
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]153 assert ( AD.EMap.find(cast<Expr>(I)) !=
154 AD.EMap.end() && "Unknown Expr.");
155
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]156 assert ( AD.VMap.find(VD) != AD.VMap.end() && "Unknown VarDecl.");
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]157 x = V.DeclBV[ AD.VMap[VD] ] = V.ExprBV[ AD.EMap[cast<Expr>(I)] ];
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]158 }
159
160 return x;
161}
162
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]163bool TransferFuncs::VisitCallExpr(CallExpr* C) {
164 VisitStmt(C);
165 return Initialized();
166}
167
168bool TransferFuncs::VisitUnaryOperator(UnaryOperator* U) {
169 switch (U->getOpcode()) {
170 case UnaryOperator::AddrOf: {
171 // Blast through parentheses and find the decl (if any). Treat it
172 // as initialized from this point forward.
173 for (Stmt* S = U->getSubExpr() ;; )
174 if (ParenExpr* P = dyn_cast<ParenExpr>(S))
175 S = P->getSubExpr();
176 else if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(S)) {
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]177 if (BlockVarDecl* VD = dyn_cast<BlockVarDecl>(DR->getDecl())) {
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]178 assert ( AD.VMap.find(VD) != AD.VMap.end() && "Unknown VarDecl.");
179 V.DeclBV[ AD.VMap[VD] ] = Initialized();
180 }
181 break;
182 }
183 else {
184 // Evaluate the transfer function for subexpressions, even
185 // if we cannot reason more deeply about the &-expression.
186 return Visit(U->getSubExpr());
187 }
188
189 return Initialized();
190 }
191
192 default:
193 return Visit(U->getSubExpr());
194 }
195}
196
197bool TransferFuncs::VisitStmt(Stmt* S) {
198 bool x = Initialized();
199
200 // We don't stop at the first subexpression that is Uninitialized because
201 // evaluating some subexpressions may result in propogating "Uninitialized"
202 // or "Initialized" to variables referenced in the other subexpressions.
203 for (Stmt::child_iterator I=S->child_begin(), E=S->child_end(); I!=E; ++I)
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]204 if (Visit(*I) == Uninitialized())
205 x = Uninitialized();
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]206
207 return x;
208}
209
210bool TransferFuncs::BlockStmt_VisitExpr(Expr* E) {
211 assert ( AD.EMap.find(E) != AD.EMap.end() );
212 return V.ExprBV[ AD.EMap[E] ] = Visit(E);
213}
214
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]215} // end anonymous namespace
216
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]217//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]218// Merge operator.
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]219//
220// In our transfer functions we take the approach that any
221// combination of unintialized values, e.g. Unitialized + ___ = Unitialized.
222//
223// Merges take the opposite approach.
224//
225// In the merge of dataflow values (for Decls) we prefer unsoundness, and
226// prefer false negatives to false positives. At merges, if a value for a
227// tracked Decl is EVER initialized in any of the predecessors we treat it as
228// initialized at the confluence point.
229//
230// For tracked CFGBlock-level expressions (such as the result of
231// short-circuit), we do the opposite merge: if a value is EVER uninitialized
232// in a predecessor we treat it as uninitalized at the confluence point.
233// The reason we do this is because dataflow values for tracked Exprs are
234// not as control-dependent as dataflow values for tracked Decls.
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]235//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]236
237namespace {
238struct Merge {
239 void operator()(UninitializedValues::ValTy& Dst,
240 UninitializedValues::ValTy& Src) {
Ted Kremenek334b30a2007-09-17 18:31:23 +0000[diff] [blame]241 assert (Dst.DeclBV.size() == Src.DeclBV.size()
242 && "Bitvector sizes do not match.");
243
244 Dst.DeclBV |= Src.DeclBV;
245
246 assert (Dst.ExprBV.size() == Src.ExprBV.size()
247 && "Bitvector sizes do not match.");
248
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]249 Dst.ExprBV |= Src.ExprBV;
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]250 }
251};
252} // end anonymous namespace
253
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]254//===----------------------------------------------------------------------===//
255// Unitialized values checker. Scan an AST and flag variable uses
256//===----------------------------------------------------------------------===//
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]257
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]258UninitializedValues_ValueTypes::ObserverTy::~ObserverTy() {}
259
260namespace {
261
262class UninitializedValuesChecker : public UninitializedValues::ObserverTy {
263 ASTContext &Ctx;
264 Diagnostic &Diags;
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]265 llvm::SmallPtrSet<BlockVarDecl*,10> AlreadyWarned;
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]266
267public:
268 UninitializedValuesChecker(ASTContext &ctx, Diagnostic &diags)
269 : Ctx(ctx), Diags(diags) {}
270
271 virtual void ObserveDeclRefExpr(UninitializedValues::ValTy& V,
272 UninitializedValues::AnalysisDataTy& AD,
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]273 DeclRefExpr* DR, BlockVarDecl* VD) {
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]274
275 assert ( AD.VMap.find(VD) != AD.VMap.end() && "Unknown VarDecl.");
276 if (V.DeclBV[ AD.VMap[VD] ] == TransferFuncs::Uninitialized())
277 if (AlreadyWarned.insert(VD))
278 Diags.Report(DR->getSourceRange().Begin(), diag::warn_uninit_val);
279 }
280};
281
282} // end anonymous namespace
283
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]284namespace clang {
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]285
286void CheckUninitializedValues(CFG& cfg, ASTContext &Ctx, Diagnostic &Diags) {
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]287
288 typedef DataflowSolver<UninitializedValues,TransferFuncs,Merge> Solver;
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]289
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]290 // Compute the unitialized values information.
291 UninitializedValues U;
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]292 Solver S(U);
Ted Kremenek3871d8e2007-09-17 19:59:27 +0000[diff] [blame]293 S.runOnCFG(cfg);
294
295 // Scan for DeclRefExprs that use uninitialized values.
296 UninitializedValuesChecker Observer(Ctx,Diags);
297 U.getAnalysisData().Observer = &Observer;
298
299 for (CFG::iterator I=cfg.begin(), E=cfg.end(); I!=E; ++I)
Ted Kremenek7f49f502007-09-14 22:49:21 +0000[diff] [blame]300 S.runOnBlock(&*I);
301}
Ted Kremenek0a03ce62007-09-17 20:49:30 +0000[diff] [blame]302
303}