dnrops
/
clang
mirror of https://github.com/microsoft/clang.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[CFG] [analyzer] NFC: Enumerate construction context layer kinds. 

This is a refactoring patch; no functional change intended.

The common part of ConstructionContextLayer and ConstructedObjectKey is
factored out into a new structure, ConstructionContextItem.

Various sub-kinds of ConstructionContextItem are enumerated in order to
provide richer information about construction contexts.

Differential Revision: https://reviews.llvm.org/D49210.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@338439 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Artem Dergachev 2018-07-31 21:12:42 +00:00
parent 84fd36a067
commit 9612e11233
5 changed files with 419 additions and 309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

224
include/clang/Analysis/ConstructionContext.h
View File

@ -22,74 +22,193 @@
namespace clang { namespace clang {
/// Construction context is a linked list of multiple layers. Layers are /// Represents a single point (AST node) in the program that requires attention
/// created gradually while traversing the AST, and layers that represent /// during construction of an object. ConstructionContext would be represented
/// the outmost AST nodes are built first, while the node that immediately /// as a list of such items.
/// contains the constructor would be built last and capture the previous class ConstructionContextItem {
/// layers as its parents. Construction context captures the last layer
/// (which has links to the previous layers) and classifies the seemingly
/// arbitrary chain of layers into one of the possible ways of constructing
/// an object in C++ for user-friendly experience.
class ConstructionContextLayer {
public: public:
typedef llvm::PointerUnion<Stmt *, CXXCtorInitializer *> TriggerTy; enum ItemKind {
VariableKind,
NewAllocatorKind,
ReturnKind,
MaterializationKind,
TemporaryDestructorKind,
ElidedDestructorKind,
ElidableConstructorKind,
ArgumentKind,
STATEMENT_WITH_INDEX_KIND_BEGIN=ArgumentKind,
STATEMENT_WITH_INDEX_KIND_END=ArgumentKind,
STATEMENT_KIND_BEGIN = VariableKind,
STATEMENT_KIND_END = ArgumentKind,
InitializerKind,
INITIALIZER_KIND_BEGIN=InitializerKind,
INITIALIZER_KIND_END=InitializerKind
};
LLVM_DUMP_METHOD static StringRef getKindAsString(ItemKind K) {
switch (K) {
case VariableKind: return "construct into local variable";
case NewAllocatorKind: return "construct into new-allocator";
case ReturnKind: return "construct into return address";
case MaterializationKind: return "materialize temporary";
case TemporaryDestructorKind: return "destroy temporary";
case ElidedDestructorKind: return "elide destructor";
case ElidableConstructorKind: return "elide constructor";
case ArgumentKind: return "construct into argument";
case InitializerKind: return "construct into member variable";
};
}
private: private:
const void *const Data;
const ItemKind Kind;
const unsigned Index = 0;
bool hasStatement() const {
return Kind >= STATEMENT_KIND_BEGIN &&
Kind <= STATEMENT_KIND_END;
}
bool hasIndex() const {
return Kind >= STATEMENT_WITH_INDEX_KIND_BEGIN &&
Kind >= STATEMENT_WITH_INDEX_KIND_END;
}
bool hasInitializer() const {
return Kind >= INITIALIZER_KIND_BEGIN &&
Kind <= INITIALIZER_KIND_END;
}
public:
// ConstructionContextItem should be simple enough so that it was easy to
// re-construct it from the AST node it captures. For that reason we provide
// simple implicit conversions from all sorts of supported AST nodes.
ConstructionContextItem(const DeclStmt *DS)
: Data(DS), Kind(VariableKind) {}
ConstructionContextItem(const CXXNewExpr *NE)
: Data(NE), Kind(NewAllocatorKind) {}
ConstructionContextItem(const ReturnStmt *RS)
: Data(RS), Kind(ReturnKind) {}
ConstructionContextItem(const MaterializeTemporaryExpr *MTE)
: Data(MTE), Kind(MaterializationKind) {}
ConstructionContextItem(const CXXBindTemporaryExpr *BTE,
bool IsElided = false)
: Data(BTE),
Kind(IsElided ? ElidedDestructorKind : TemporaryDestructorKind) {}
ConstructionContextItem(const CXXConstructExpr *CE)
: Data(CE), Kind(ElidableConstructorKind) {}
ConstructionContextItem(const CallExpr *CE, unsigned Index)
: Data(CE), Kind(ArgumentKind), Index(Index) {}
ConstructionContextItem(const CXXConstructExpr *CE, unsigned Index)
: Data(CE), Kind(ArgumentKind), Index(Index) {}
ConstructionContextItem(const ObjCMessageExpr *ME, unsigned Index)
: Data(ME), Kind(ArgumentKind), Index(Index) {}
ConstructionContextItem(const CXXCtorInitializer *Init)
: Data(Init), Kind(InitializerKind), Index(0) {}
ItemKind getKind() const { return Kind; }
LLVM_DUMP_METHOD StringRef getKindAsString() const {
return getKindAsString(getKind());
}
/// The construction site - the statement that triggered the construction /// The construction site - the statement that triggered the construction
/// for one of its parts. For instance, stack variable declaration statement /// for one of its parts. For instance, stack variable declaration statement
/// triggers construction of itself or its elements if it's an array, /// triggers construction of itself or its elements if it's an array,
/// new-expression triggers construction of the newly allocated object(s). /// new-expression triggers construction of the newly allocated object(s).
TriggerTy Trigger; const Stmt *getStmt() const {
assert(hasStatement());
return static_cast<const Stmt *>(Data);
}
const Stmt *getStmtOrNull() const {
return hasStatement() ? getStmt() : nullptr;
}
/// The construction site is not necessarily a statement. It may also be a
/// CXXCtorInitializer, which means that a member variable is being
/// constructed during initialization of the object that contains it.
const CXXCtorInitializer *getCXXCtorInitializer() const {
assert(hasInitializer());
return static_cast<const CXXCtorInitializer *>(Data);
}
/// If a single trigger statement triggers multiple constructors, they are /// If a single trigger statement triggers multiple constructors, they are
/// usually being enumerated. This covers function argument constructors /// usually being enumerated. This covers function argument constructors
/// triggered by a call-expression and items in an initializer list triggered /// triggered by a call-expression and items in an initializer list triggered
/// by an init-list-expression. /// by an init-list-expression.
unsigned Index; unsigned getIndex() const {
// This is a fairly specific request. Let's make sure the user knows
// what he's doing.
assert(hasIndex());
return Index;
}
/// Sometimes a single trigger is not enough to describe the construction void Profile(llvm::FoldingSetNodeID &ID) const {
/// site. In this case we'd have a chain of "partial" construction context ID.AddPointer(Data);
/// layers. ID.AddInteger(Kind);
/// Some examples: ID.AddInteger(Index);
/// - A constructor within in an aggregate initializer list within a variable }
/// would have a construction context of the initializer list with
/// the parent construction context of a variable. bool operator==(const ConstructionContextItem &Other) const {
/// - A constructor for a temporary that needs to be both destroyed // For most kinds the Index comparison is trivially true, but
/// and materialized into an elidable copy constructor would have a // checking kind separately doesn't seem to be less expensive
/// construction context of a CXXBindTemporaryExpr with the parent // than checking Index. Same in operator<().
/// construction context of a MaterializeTemproraryExpr. return std::make_tuple(Data, Kind, Index) ==
/// Not all of these are currently supported. std::make_tuple(Other.Data, Other.Kind, Other.Index);
}
bool operator<(const ConstructionContextItem &Other) const {
return std::make_tuple(Data, Kind, Index) <
std::make_tuple(Other.Data, Other.Kind, Other.Index);
}
};
/// Construction context can be seen as a linked list of multiple layers.
/// Sometimes a single trigger is not enough to describe the construction
/// site. That's what causing us to have a chain of "partial" construction
/// context layers. Some examples:
/// - A constructor within in an aggregate initializer list within a variable
/// would have a construction context of the initializer list with
/// the parent construction context of a variable.
/// - A constructor for a temporary that needs to be both destroyed
/// and materialized into an elidable copy constructor would have a
/// construction context of a CXXBindTemporaryExpr with the parent
/// construction context of a MaterializeTemproraryExpr.
/// Not all of these are currently supported.
/// Layers are created gradually while traversing the AST, and layers that
/// represent the outmost AST nodes are built first, while the node that
/// immediately contains the constructor would be built last and capture the
/// previous layers as its parents. Construction context captures the last layer
/// (which has links to the previous layers) and classifies the seemingly
/// arbitrary chain of layers into one of the possible ways of constructing
/// an object in C++ for user-friendly experience.
class ConstructionContextLayer {
const ConstructionContextLayer *Parent = nullptr; const ConstructionContextLayer *Parent = nullptr;
ConstructionContextItem Item;
ConstructionContextLayer(TriggerTy Trigger, unsigned Index, ConstructionContextLayer(ConstructionContextItem Item,
const ConstructionContextLayer *Parent) const ConstructionContextLayer *Parent)
: Trigger(Trigger), Index(Index), Parent(Parent) {} : Parent(Parent), Item(Item) {}
public: public:
static const ConstructionContextLayer * static const ConstructionContextLayer *
create(BumpVectorContext &C, TriggerTy Trigger, unsigned Index = 0, create(BumpVectorContext &C, const ConstructionContextItem &Item,
const ConstructionContextLayer *Parent = nullptr); const ConstructionContextLayer *Parent = nullptr);
const ConstructionContextItem &getItem() const { return Item; }
const ConstructionContextLayer *getParent() const { return Parent; } const ConstructionContextLayer *getParent() const { return Parent; }
bool isLast() const { return !Parent; } bool isLast() const { return !Parent; }
const Stmt *getTriggerStmt() const {
return Trigger.dyn_cast<Stmt *>();
}
const CXXCtorInitializer *getTriggerInit() const {
return Trigger.dyn_cast<CXXCtorInitializer *>();
}
unsigned getIndex() const { return Index; }
/// Returns true if these layers are equal as individual layers, even if
/// their parents are different.
bool isSameLayer(const ConstructionContextLayer *Other) const {
assert(Other);
return (Trigger == Other->Trigger && Index == Other->Index);
}
/// See if Other is a proper initial segment of this construction context /// See if Other is a proper initial segment of this construction context
/// in terms of the parent chain - i.e. a few first parents coincide and /// in terms of the parent chain - i.e. a few first parents coincide and
/// then the other context terminates but our context goes further - i.e., /// then the other context terminates but our context goes further - i.e.,
@ -141,6 +260,23 @@ private:
return new (CC) T(Args...); return new (CC) T(Args...);
} }
// A sub-routine of createFromLayers() that deals with temporary objects
// that need to be materialized. The BTE argument is for the situation when
// the object also needs to be bound for destruction.
static const ConstructionContext *createMaterializedTemporaryFromLayers(
BumpVectorContext &C, const MaterializeTemporaryExpr *MTE,
const CXXBindTemporaryExpr *BTE,
const ConstructionContextLayer *ParentLayer);
// A sub-routine of createFromLayers() that deals with temporary objects
// that need to be bound for destruction. Automatically finds out if the
// object also needs to be materialized and delegates to
// createMaterializedTemporaryFromLayers() if necessary.
static const ConstructionContext *
createBoundTemporaryFromLayers(
BumpVectorContext &C, const CXXBindTemporaryExpr *BTE,
const ConstructionContextLayer *ParentLayer);
public: public:
/// Consume the construction context layer, together with its parent layers, /// Consume the construction context layer, together with its parent layers,
/// and wrap it up into a complete construction context. May return null /// and wrap it up into a complete construction context. May return null

18
include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
View File

@ -761,23 +761,23 @@ private:
/// This allows, among other things, to keep bindings to variable's fields /// This allows, among other things, to keep bindings to variable's fields
/// made within the constructor alive until its declaration actually /// made within the constructor alive until its declaration actually
/// goes into scope. /// goes into scope.
static ProgramStateRef addObjectUnderConstruction( static ProgramStateRef
ProgramStateRef State, addObjectUnderConstruction(ProgramStateRef State,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P, const ConstructionContextItem &Item,
const LocationContext *LC, SVal V); const LocationContext *LC, SVal V);
/// Mark the object sa fully constructed, cleaning up the state trait /// Mark the object sa fully constructed, cleaning up the state trait
/// that tracks objects under construction. /// that tracks objects under construction.
static ProgramStateRef finishObjectConstruction( static ProgramStateRef
ProgramStateRef State, finishObjectConstruction(ProgramStateRef State,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P, const ConstructionContextItem &Item,
const LocationContext *LC); const LocationContext *LC);
/// If the given statement corresponds to an object under construction, /// If the given statement corresponds to an object under construction,
/// being part of its construciton context, retrieve that object's location. /// being part of its construciton context, retrieve that object's location.
static Optional<SVal> getObjectUnderConstruction( static Optional<SVal>
ProgramStateRef State, getObjectUnderConstruction(ProgramStateRef State,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P, const ConstructionContextItem &Item,
const LocationContext *LC); const LocationContext *LC);
/// If the given expression corresponds to a temporary that was used for /// If the given expression corresponds to a temporary that was used for

21
lib/Analysis/CFG.cpp
View File

@ -697,7 +697,8 @@ private:
Expr *Arg = E->getArg(i); Expr *Arg = E->getArg(i);
if (Arg->getType()->getAsCXXRecordDecl() && !Arg->isGLValue()) if (Arg->getType()->getAsCXXRecordDecl() && !Arg->isGLValue())
findConstructionContexts( findConstructionContexts(
ConstructionContextLayer::create(cfg->getBumpVectorContext(), E, i), ConstructionContextLayer::create(cfg->getBumpVectorContext(),
ConstructionContextItem(E, i)),
Arg); Arg);
} }
} }
@ -1286,9 +1287,9 @@ void CFGBuilder::findConstructionContexts(
if (!Child) if (!Child)
return; return;
auto withExtraLayer = [this, Layer](Stmt *S, unsigned Index = 0) { auto withExtraLayer = [this, Layer](const ConstructionContextItem &Item) {
return ConstructionContextLayer::create(cfg->getBumpVectorContext(), S, return ConstructionContextLayer::create(cfg->getBumpVectorContext(), Item,
Index, Layer); Layer);
}; };
switch(Child->getStmtClass()) { switch(Child->getStmtClass()) {
@ -1348,18 +1349,17 @@ void CFGBuilder::findConstructionContexts(
// it indicates the beginning of a temporary object construction context, // it indicates the beginning of a temporary object construction context,
// so it shouldn't be found in the middle. However, if it is the beginning // so it shouldn't be found in the middle. However, if it is the beginning
// of an elidable copy or move construction context, we need to include it. // of an elidable copy or move construction context, we need to include it.
if (const auto *CE = if (Layer->getItem().getKind() ==
dyn_cast_or_null<CXXConstructExpr>(Layer->getTriggerStmt())) { ConstructionContextItem::ElidableConstructorKind) {
if (CE->isElidable()) {
auto *MTE = cast<MaterializeTemporaryExpr>(Child); auto *MTE = cast<MaterializeTemporaryExpr>(Child);
findConstructionContexts(withExtraLayer(MTE), MTE->GetTemporaryExpr()); findConstructionContexts(withExtraLayer(MTE), MTE->GetTemporaryExpr());
} }
}
break; break;
} }
case Stmt::ConditionalOperatorClass: { case Stmt::ConditionalOperatorClass: {
auto *CO = cast<ConditionalOperator>(Child); auto *CO = cast<ConditionalOperator>(Child);
if (!dyn_cast_or_null<MaterializeTemporaryExpr>(Layer->getTriggerStmt())) { if (Layer->getItem().getKind() !=
ConstructionContextItem::MaterializationKind) {
// If the object returned by the conditional operator is not going to be a // If the object returned by the conditional operator is not going to be a
// temporary object that needs to be immediately materialized, then // temporary object that needs to be immediately materialized, then
// it must be C++17 with its mandatory copy elision. Do not yet promise // it must be C++17 with its mandatory copy elision. Do not yet promise
@ -3221,8 +3221,7 @@ CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) {
const DeclStmt *DS = F->getConditionVariableDeclStmt(); const DeclStmt *DS = F->getConditionVariableDeclStmt();
assert(DS->isSingleDecl()); assert(DS->isSingleDecl());
findConstructionContexts( findConstructionContexts(
ConstructionContextLayer::create(cfg->getBumpVectorContext(), ConstructionContextLayer::create(cfg->getBumpVectorContext(), DS),
const_cast<DeclStmt *>(DS)),
Init); Init);
appendStmt(Block, DS); appendStmt(Block, DS);
EntryConditionBlock = addStmt(Init); EntryConditionBlock = addStmt(Init);

248
lib/Analysis/ConstructionContext.cpp
View File

@ -20,12 +20,12 @@
using namespace clang; using namespace clang;
const ConstructionContextLayer * const ConstructionContextLayer *
ConstructionContextLayer::create(BumpVectorContext &C, TriggerTy Trigger, ConstructionContextLayer::create(BumpVectorContext &C,
unsigned Index, const ConstructionContextItem &Item,
const ConstructionContextLayer *Parent) { const ConstructionContextLayer *Parent) {
ConstructionContextLayer *CC = ConstructionContextLayer *CC =
C.getAllocator().Allocate<ConstructionContextLayer>(); C.getAllocator().Allocate<ConstructionContextLayer>();
return new (CC) ConstructionContextLayer(Trigger, Index, Parent); return new (CC) ConstructionContextLayer(Item, Parent);
} }
bool ConstructionContextLayer::isStrictlyMoreSpecificThan( bool ConstructionContextLayer::isStrictlyMoreSpecificThan(
@ -34,7 +34,7 @@ bool ConstructionContextLayer::isStrictlyMoreSpecificThan(
while (true) { while (true) {
if (!Other) if (!Other)
return Self; return Self;
if (!Self || !Self->isSameLayer(Other)) if (!Self || !(Self->Item == Other->Item))
return false; return false;
Self = Self->getParent(); Self = Self->getParent();
Other = Other->getParent(); Other = Other->getParent();
@ -42,100 +42,61 @@ bool ConstructionContextLayer::isStrictlyMoreSpecificThan(
llvm_unreachable("The above loop can only be terminated via return!"); llvm_unreachable("The above loop can only be terminated via return!");
} }
const ConstructionContext *ConstructionContext::createFromLayers( const ConstructionContext *
BumpVectorContext &C, const ConstructionContextLayer *TopLayer) { ConstructionContext::createMaterializedTemporaryFromLayers(
// Before this point all we've had was a stockpile of arbitrary layers. BumpVectorContext &C, const MaterializeTemporaryExpr *MTE,
// Now validate that it is shaped as one of the finite amount of expected const CXXBindTemporaryExpr *BTE,
// patterns. const ConstructionContextLayer *ParentLayer) {
if (const Stmt *S = TopLayer->getTriggerStmt()) { assert(MTE);
if (const auto *DS = dyn_cast<DeclStmt>(S)) {
assert(TopLayer->isLast()); // If the object requires destruction and is not lifetime-extended,
return create<SimpleVariableConstructionContext>(C, DS); // then it must have a BTE within its MTE, otherwise it shouldn't.
// FIXME: This should be an assertion.
if (!BTE && !(MTE->getType().getCanonicalType()->getAsCXXRecordDecl()
->hasTrivialDestructor() ||
MTE->getStorageDuration() != SD_FullExpression)) {
return nullptr;
} }
if (const auto *NE = dyn_cast<CXXNewExpr>(S)) {
assert(TopLayer->isLast());
return create<NewAllocatedObjectConstructionContext>(C, NE);
}
if (const auto *BTE = dyn_cast<CXXBindTemporaryExpr>(S)) {
const MaterializeTemporaryExpr *MTE = nullptr;
assert(BTE->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasNonTrivialDestructor());
// For temporaries with destructors, there may or may not be
// lifetime extension on the parent layer.
if (const ConstructionContextLayer *ParentLayer = TopLayer->getParent()) {
// C++17 *requires* elision of the constructor at the return site
// and at variable/member initialization site, while previous standards
// were allowing an optional elidable constructor.
// This is the C++17 copy-elided construction into a ctor initializer.
if (const CXXCtorInitializer *I = ParentLayer->getTriggerInit()) {
return create<
CXX17ElidedCopyConstructorInitializerConstructionContext>(C,
I, BTE);
}
assert(ParentLayer->getTriggerStmt() &&
"Non-statement-based layers have been handled above!");
// This is the normal, non-C++17 case: a temporary object which has
// both destruction and materialization info attached to it in the AST.
if ((MTE = dyn_cast<MaterializeTemporaryExpr>(
ParentLayer->getTriggerStmt()))) {
if (MTE->getStorageDuration() != SD_FullExpression) {
// If the temporary is lifetime-extended, don't save the BTE, // If the temporary is lifetime-extended, don't save the BTE,
// because we don't need a temporary destructor, but an automatic // because we don't need a temporary destructor, but an automatic
// destructor. // destructor.
if (MTE->getStorageDuration() != SD_FullExpression) {
BTE = nullptr; BTE = nullptr;
} }
// Handle pre-C++17 copy and move elision. // Handle pre-C++17 copy and move elision.
const CXXConstructExpr *ElidedCE = nullptr; const CXXConstructExpr *ElidedCE = nullptr;
const ConstructionContext *ElidedCC = nullptr; const ConstructionContext *ElidedCC = nullptr;
if (const ConstructionContextLayer *ElidedLayer = if (ParentLayer) {
ParentLayer->getParent()) { const ConstructionContextItem &ElidedItem = ParentLayer->getItem();
ElidedCE = cast<CXXConstructExpr>(ElidedLayer->getTriggerStmt()); assert(ElidedItem.getKind() ==
ConstructionContextItem::ElidableConstructorKind);
ElidedCE = cast<CXXConstructExpr>(ElidedItem.getStmt());
assert(ElidedCE->isElidable()); assert(ElidedCE->isElidable());
// We're creating a construction context that might have already // We're creating a construction context that might have already
// been created elsewhere. Maybe we should unique our construction // been created elsewhere. Maybe we should unique our construction
// contexts. That's what we often do, but in this case it's unlikely // contexts. That's what we often do, but in this case it's unlikely
// to bring any benefits. // to bring any benefits.
ElidedCC = createFromLayers(C, ElidedLayer->getParent()); ElidedCC = createFromLayers(C, ParentLayer->getParent());
if (!ElidedCC) { if (!ElidedCC) {
// We may fail to create the elided construction context. // We may fail to create the elided construction context.
// In this case, skip copy elision entirely. // In this case, skip copy elision entirely.
return create<SimpleTemporaryObjectConstructionContext>(C, BTE, return create<SimpleTemporaryObjectConstructionContext>(C, BTE, MTE);
MTE); }
} else {
return create<ElidedTemporaryObjectConstructionContext>( return create<ElidedTemporaryObjectConstructionContext>(
C, BTE, MTE, ElidedCE, ElidedCC); C, BTE, MTE, ElidedCE, ElidedCC);
} }
}
assert(ParentLayer->isLast());
return create<SimpleTemporaryObjectConstructionContext>(C, BTE, MTE);
}
assert(ParentLayer->isLast());
// This is a constructor into a function argument. // This is a normal temporary.
if (isa<CallExpr>(ParentLayer->getTriggerStmt()) || assert(!ParentLayer);
isa<CXXConstructExpr>(ParentLayer->getTriggerStmt()) || return create<SimpleTemporaryObjectConstructionContext>(C, BTE, MTE);
isa<ObjCMessageExpr>(ParentLayer->getTriggerStmt())) { }
return create<ArgumentConstructionContext>(
C, cast<Expr>(ParentLayer->getTriggerStmt()), const ConstructionContext *ConstructionContext::createBoundTemporaryFromLayers(
ParentLayer->getIndex(), BTE); BumpVectorContext &C, const CXXBindTemporaryExpr *BTE,
} const ConstructionContextLayer *ParentLayer) {
// This is C++17 copy-elided construction into return statement. if (!ParentLayer) {
if (auto *RS = dyn_cast<ReturnStmt>(ParentLayer->getTriggerStmt())) {
assert(!RS->getRetValue()->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasTrivialDestructor());
return create<CXX17ElidedCopyReturnedValueConstructionContext>(C,
RS, BTE);
}
// This is C++17 copy-elided construction into a simple variable.
if (auto *DS = dyn_cast<DeclStmt>(ParentLayer->getTriggerStmt())) {
assert(!cast<VarDecl>(DS->getSingleDecl())->getType()
.getCanonicalType()->getAsCXXRecordDecl()
->hasTrivialDestructor());
return create<CXX17ElidedCopyVariableConstructionContext>(C, DS, BTE);
}
llvm_unreachable("Unexpected construction context with destructor!");
}
// A temporary object that doesn't require materialization. // A temporary object that doesn't require materialization.
// In particular, it shouldn't require copy elision, because // In particular, it shouldn't require copy elision, because
// copy/move constructors take a reference, which requires // copy/move constructors take a reference, which requires
@ -143,55 +104,114 @@ const ConstructionContext *ConstructionContext::createFromLayers(
return create<SimpleTemporaryObjectConstructionContext>(C, BTE, return create<SimpleTemporaryObjectConstructionContext>(C, BTE,
/*MTE=*/nullptr); /*MTE=*/nullptr);
} }
if (const auto *MTE = dyn_cast<MaterializeTemporaryExpr>(S)) {
// If the object requires destruction and is not lifetime-extended,
// then it must have a BTE within its MTE.
// FIXME: This should be an assertion.
if (!(MTE->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasTrivialDestructor() ||
MTE->getStorageDuration() != SD_FullExpression))
return nullptr;
// Handle pre-C++17 copy and move elision. const ConstructionContextItem &ParentItem = ParentLayer->getItem();
const CXXConstructExpr *ElidedCE = nullptr; switch (ParentItem.getKind()) {
const ConstructionContext *ElidedCC = nullptr; case ConstructionContextItem::VariableKind: {
if (const ConstructionContextLayer *ElidedLayer = TopLayer->getParent()) { const auto *DS = cast<DeclStmt>(ParentItem.getStmt());
ElidedCE = cast<CXXConstructExpr>(ElidedLayer->getTriggerStmt()); assert(!cast<VarDecl>(DS->getSingleDecl())->getType().getCanonicalType()
assert(ElidedCE->isElidable()); ->getAsCXXRecordDecl()->hasTrivialDestructor());
// We're creating a construction context that might have already return create<CXX17ElidedCopyVariableConstructionContext>(C, DS, BTE);
// been created elsewhere. Maybe we should unique our construction
// contexts. That's what we often do, but in this case it's unlikely
// to bring any benefits.
ElidedCC = createFromLayers(C, ElidedLayer->getParent());
if (!ElidedCC) {
// We may fail to create the elided construction context.
// In this case, skip copy elision entirely.
return create<SimpleTemporaryObjectConstructionContext>(C, nullptr,
MTE);
} }
return create<ElidedTemporaryObjectConstructionContext>( case ConstructionContextItem::NewAllocatorKind: {
C, nullptr, MTE, ElidedCE, ElidedCC); llvm_unreachable("This context does not accept a bound temporary!");
} }
case ConstructionContextItem::ReturnKind: {
assert(ParentLayer->isLast());
const auto *RS = cast<ReturnStmt>(ParentItem.getStmt());
assert(!RS->getRetValue()->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasTrivialDestructor());
return create<CXX17ElidedCopyReturnedValueConstructionContext>(C, RS,
BTE);
}
case ConstructionContextItem::MaterializationKind: {
// No assert. We may have an elidable copy on the grandparent layer.
const auto *MTE = cast<MaterializeTemporaryExpr>(ParentItem.getStmt());
return createMaterializedTemporaryFromLayers(C, MTE, BTE,
ParentLayer->getParent());
}
case ConstructionContextItem::TemporaryDestructorKind: {
llvm_unreachable("Duplicate CXXBindTemporaryExpr in the AST!");
}
case ConstructionContextItem::ElidedDestructorKind: {
llvm_unreachable("Elided destructor items are not produced by the CFG!");
}
case ConstructionContextItem::ElidableConstructorKind: {
llvm_unreachable("Materialization is necessary to put temporary into a "
"copy or move constructor!");
}
case ConstructionContextItem::ArgumentKind: {
assert(ParentLayer->isLast());
const auto *E = cast<Expr>(ParentItem.getStmt());
assert(isa<CallExpr>(E) || isa<CXXConstructExpr>(E) ||
isa<ObjCMessageExpr>(E));
return create<ArgumentConstructionContext>(C, E, ParentItem.getIndex(),
BTE);
}
case ConstructionContextItem::InitializerKind: {
assert(ParentLayer->isLast());
const auto *I = ParentItem.getCXXCtorInitializer();
assert(!I->getAnyMember()->getType().getCanonicalType()
->getAsCXXRecordDecl()->hasTrivialDestructor());
return create<CXX17ElidedCopyConstructorInitializerConstructionContext>(
C, I, BTE);
}
} // switch (ParentItem.getKind())
llvm_unreachable("Unexpected construction context with destructor!");
}
const ConstructionContext *ConstructionContext::createFromLayers(
BumpVectorContext &C, const ConstructionContextLayer *TopLayer) {
// Before this point all we've had was a stockpile of arbitrary layers.
// Now validate that it is shaped as one of the finite amount of expected
// patterns.
const ConstructionContextItem &TopItem = TopLayer->getItem();
switch (TopItem.getKind()) {
case ConstructionContextItem::VariableKind: {
assert(TopLayer->isLast()); assert(TopLayer->isLast());
return create<SimpleTemporaryObjectConstructionContext>(C, nullptr, MTE); const auto *DS = cast<DeclStmt>(TopItem.getStmt());
return create<SimpleVariableConstructionContext>(C, DS);
} }
if (const auto *RS = dyn_cast<ReturnStmt>(S)) { case ConstructionContextItem::NewAllocatorKind: {
assert(TopLayer->isLast()); assert(TopLayer->isLast());
const auto *NE = cast<CXXNewExpr>(TopItem.getStmt());
return create<NewAllocatedObjectConstructionContext>(C, NE);
}
case ConstructionContextItem::ReturnKind: {
assert(TopLayer->isLast());
const auto *RS = cast<ReturnStmt>(TopItem.getStmt());
return create<SimpleReturnedValueConstructionContext>(C, RS); return create<SimpleReturnedValueConstructionContext>(C, RS);
} }
// This is a constructor into a function argument. case ConstructionContextItem::MaterializationKind: {
if (isa<CallExpr>(TopLayer->getTriggerStmt()) || const auto *MTE = cast<MaterializeTemporaryExpr>(TopItem.getStmt());
isa<CXXConstructExpr>(TopLayer->getTriggerStmt()) || return createMaterializedTemporaryFromLayers(C, MTE, /*BTE=*/nullptr,
isa<ObjCMessageExpr>(TopLayer->getTriggerStmt())) { TopLayer->getParent());
assert(TopLayer->isLast());
return create<ArgumentConstructionContext>(
C, cast<Expr>(TopLayer->getTriggerStmt()), TopLayer->getIndex(),
/*BTE=*/nullptr);
} }
llvm_unreachable("Unexpected construction context with statement!"); case ConstructionContextItem::TemporaryDestructorKind: {
} else if (const CXXCtorInitializer *I = TopLayer->getTriggerInit()) { const auto *BTE = cast<CXXBindTemporaryExpr>(TopItem.getStmt());
assert(BTE->getType().getCanonicalType()->getAsCXXRecordDecl()
->hasNonTrivialDestructor());
return createBoundTemporaryFromLayers(C, BTE, TopLayer->getParent());
}
case ConstructionContextItem::ElidedDestructorKind: {
llvm_unreachable("Elided destructor items are not produced by the CFG!");
}
case ConstructionContextItem::ElidableConstructorKind: {
llvm_unreachable("The argument needs to be materialized first!");
}
case ConstructionContextItem::InitializerKind: {
assert(TopLayer->isLast()); assert(TopLayer->isLast());
const CXXCtorInitializer *I = TopItem.getCXXCtorInitializer();
return create<SimpleConstructorInitializerConstructionContext>(C, I); return create<SimpleConstructorInitializerConstructionContext>(C, I);
} }
case ConstructionContextItem::ArgumentKind: {
assert(TopLayer->isLast());
const auto *E = cast<Expr>(TopItem.getStmt());
return create<ArgumentConstructionContext>(C, E, TopItem.getIndex(),
/*BTE=*/nullptr);
}
} // switch (TopItem.getKind())
llvm_unreachable("Unexpected construction context!"); llvm_unreachable("Unexpected construction context!");
} }

133
lib/StaticAnalyzer/Core/ExprEngine.cpp
View File

@ -117,56 +117,42 @@ STATISTIC(NumTimesRetriedWithoutInlining,
/// the construction context was present and contained references to these /// the construction context was present and contained references to these
/// AST nodes. /// AST nodes.
class ConstructedObjectKey { class ConstructedObjectKey {
typedef std::pair< typedef std::pair<ConstructionContextItem, const LocationContext *>
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *>, ConstructedObjectKeyImpl;
const LocationContext *> ConstructedObjectKeyImpl;
ConstructedObjectKeyImpl Impl; const ConstructedObjectKeyImpl Impl;
const void *getAnyASTNodePtr() const { const void *getAnyASTNodePtr() const {
if (const Stmt *S = getStmt()) if (const Stmt *S = getItem().getStmtOrNull())
return S; return S;
else else
return getCXXCtorInitializer(); return getItem().getCXXCtorInitializer();
} }
public: public:
ConstructedObjectKey( explicit ConstructedObjectKey(const ConstructionContextItem &Item,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P,
const LocationContext *LC) const LocationContext *LC)
: Impl(P, LC) { : Impl(Item, LC) {}
// This is the full list of statements that require additional actions when
// encountered. This list may be expanded when new actions are implemented.
assert(getCXXCtorInitializer() || isa<DeclStmt>(getStmt()) ||
isa<CXXNewExpr>(getStmt()) || isa<CXXBindTemporaryExpr>(getStmt()) ||
isa<MaterializeTemporaryExpr>(getStmt()) ||
isa<CXXConstructExpr>(getStmt()));
}
const Stmt *getStmt() const { const ConstructionContextItem &getItem() const { return Impl.first; }
return Impl.first.dyn_cast<const Stmt *>(); const LocationContext *getLocationContext() const { return Impl.second; }
}
const CXXCtorInitializer *getCXXCtorInitializer() const {
return Impl.first.dyn_cast<const CXXCtorInitializer *>();
}
const LocationContext *getLocationContext() const {
return Impl.second;
}
void print(llvm::raw_ostream &OS, PrinterHelper *Helper, PrintingPolicy &PP) { void print(llvm::raw_ostream &OS, PrinterHelper *Helper, PrintingPolicy &PP) {
OS << '(' << getLocationContext() << ',' << getAnyASTNodePtr() << ") "; OS << '(' << getLocationContext() << ',' << getAnyASTNodePtr() << ','
if (const Stmt *S = getStmt()) { << getItem().getKindAsString();
if (getItem().getKind() == ConstructionContextItem::ArgumentKind)
OS << " #" << getItem().getIndex();
OS << ") ";
if (const Stmt *S = getItem().getStmtOrNull()) {
S->printPretty(OS, Helper, PP); S->printPretty(OS, Helper, PP);
} else { } else {
const CXXCtorInitializer *I = getCXXCtorInitializer(); const CXXCtorInitializer *I = getItem().getCXXCtorInitializer();
OS << I->getAnyMember()->getNameAsString(); OS << I->getAnyMember()->getNameAsString();
} }
} }
void Profile(llvm::FoldingSetNodeID &ID) const { void Profile(llvm::FoldingSetNodeID &ID) const {
ID.AddPointer(Impl.first.getOpaqueValue()); ID.Add(Impl.first);
ID.AddPointer(Impl.second); ID.AddPointer(Impl.second);
} }
@ -184,15 +170,6 @@ typedef llvm::ImmutableMap<ConstructedObjectKey, SVal>
REGISTER_TRAIT_WITH_PROGRAMSTATE(ObjectsUnderConstruction, REGISTER_TRAIT_WITH_PROGRAMSTATE(ObjectsUnderConstruction,
ObjectsUnderConstructionMap) ObjectsUnderConstructionMap)
// Additionally, track a set of destructors that correspond to elided
// constructors when copy elision occurs.
typedef std::pair<const CXXBindTemporaryExpr *, const LocationContext *>
ElidedDestructorItem;
typedef llvm::ImmutableSet<ElidedDestructorItem>
ElidedDestructorSet;
REGISTER_TRAIT_WITH_PROGRAMSTATE(ElidedDestructors,
ElidedDestructorSet)
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Engine construction and deletion. // Engine construction and deletion.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
@ -449,31 +426,32 @@ ExprEngine::createTemporaryRegionIfNeeded(ProgramStateRef State,
return State; return State;
} }
ProgramStateRef ExprEngine::addObjectUnderConstruction( ProgramStateRef
ProgramStateRef State, ExprEngine::addObjectUnderConstruction(ProgramStateRef State,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P, const ConstructionContextItem &Item,
const LocationContext *LC, SVal V) { const LocationContext *LC, SVal V) {
ConstructedObjectKey Key(P, LC->getStackFrame()); ConstructedObjectKey Key(Item, LC->getStackFrame());
// FIXME: Currently the state might already contain the marker due to // FIXME: Currently the state might already contain the marker due to
// incorrect handling of temporaries bound to default parameters. // incorrect handling of temporaries bound to default parameters.
assert(!State->get<ObjectsUnderConstruction>(Key) || assert(!State->get<ObjectsUnderConstruction>(Key) ||
isa<CXXBindTemporaryExpr>(Key.getStmt())); Key.getItem().getKind() ==
ConstructionContextItem::TemporaryDestructorKind);
return State->set<ObjectsUnderConstruction>(Key, V); return State->set<ObjectsUnderConstruction>(Key, V);
} }
Optional<SVal> ExprEngine::getObjectUnderConstruction( Optional<SVal>
ProgramStateRef State, ExprEngine::getObjectUnderConstruction(ProgramStateRef State,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P, const ConstructionContextItem &Item,
const LocationContext *LC) { const LocationContext *LC) {
ConstructedObjectKey Key(P, LC->getStackFrame()); ConstructedObjectKey Key(Item, LC->getStackFrame());
return Optional<SVal>::create(State->get<ObjectsUnderConstruction>(Key)); return Optional<SVal>::create(State->get<ObjectsUnderConstruction>(Key));
} }
ProgramStateRef ExprEngine::finishObjectConstruction( ProgramStateRef
ProgramStateRef State, ExprEngine::finishObjectConstruction(ProgramStateRef State,
llvm::PointerUnion<const Stmt *, const CXXCtorInitializer *> P, const ConstructionContextItem &Item,
const LocationContext *LC) { const LocationContext *LC) {
ConstructedObjectKey Key(P, LC->getStackFrame()); ConstructedObjectKey Key(Item, LC->getStackFrame());
assert(State->contains<ObjectsUnderConstruction>(Key)); assert(State->contains<ObjectsUnderConstruction>(Key));
return State->remove<ObjectsUnderConstruction>(Key); return State->remove<ObjectsUnderConstruction>(Key);
} }
@ -481,25 +459,25 @@ ProgramStateRef ExprEngine::finishObjectConstruction(
ProgramStateRef ExprEngine::elideDestructor(ProgramStateRef State, ProgramStateRef ExprEngine::elideDestructor(ProgramStateRef State,
const CXXBindTemporaryExpr *BTE, const CXXBindTemporaryExpr *BTE,
const LocationContext *LC) { const LocationContext *LC) {
ElidedDestructorItem I(BTE, LC); ConstructedObjectKey Key({BTE, /*IsElided=*/true}, LC);
assert(!State->contains<ElidedDestructors>(I)); assert(!State->contains<ObjectsUnderConstruction>(Key));
return State->add<ElidedDestructors>(I); return State->set<ObjectsUnderConstruction>(Key, UnknownVal());
} }
ProgramStateRef ProgramStateRef
ExprEngine::cleanupElidedDestructor(ProgramStateRef State, ExprEngine::cleanupElidedDestructor(ProgramStateRef State,
const CXXBindTemporaryExpr *BTE, const CXXBindTemporaryExpr *BTE,
const LocationContext *LC) { const LocationContext *LC) {
ElidedDestructorItem I(BTE, LC); ConstructedObjectKey Key({BTE, /*IsElided=*/true}, LC);
assert(State->contains<ElidedDestructors>(I)); assert(State->contains<ObjectsUnderConstruction>(Key));
return State->remove<ElidedDestructors>(I); return State->remove<ObjectsUnderConstruction>(Key);
} }
bool ExprEngine::isDestructorElided(ProgramStateRef State, bool ExprEngine::isDestructorElided(ProgramStateRef State,
const CXXBindTemporaryExpr *BTE, const CXXBindTemporaryExpr *BTE,
const LocationContext *LC) { const LocationContext *LC) {
ElidedDestructorItem I(BTE, LC); ConstructedObjectKey Key({BTE, /*IsElided=*/true}, LC);
return State->contains<ElidedDestructors>(I); return State->contains<ObjectsUnderConstruction>(Key);
} }
bool ExprEngine::areAllObjectsFullyConstructed(ProgramStateRef State, bool ExprEngine::areAllObjectsFullyConstructed(ProgramStateRef State,
@ -512,10 +490,6 @@ bool ExprEngine::areAllObjectsFullyConstructed(ProgramStateRef State,
if (I.first.getLocationContext() == LC) if (I.first.getLocationContext() == LC)
return false; return false;
for (auto I: State->get<ElidedDestructors>())
if (I.second == LC)
return false;
LC = LC->getParent(); LC = LC->getParent();
} }
return true; return true;
@ -560,14 +534,6 @@ static void printObjectsUnderConstructionForContext(raw_ostream &Out,
Key.print(Out, nullptr, PP); Key.print(Out, nullptr, PP);
Out << " : " << Value << NL; Out << " : " << Value << NL;
} }
for (auto I : State->get<ElidedDestructors>()) {
if (I.second != LC)
continue;
Out << '(' << I.second << ',' << (const void *)I.first << ") ";
I.first->printPretty(Out, nullptr, PP);
Out << " : (constructor elided)" << NL;
}
} }
void ExprEngine::printState(raw_ostream &Out, ProgramStateRef State, void ExprEngine::printState(raw_ostream &Out, ProgramStateRef State,
@ -2252,25 +2218,14 @@ void ExprEngine::processEndOfFunction(NodeBuilderContext& BC,
for (auto I : State->get<ObjectsUnderConstruction>()) for (auto I : State->get<ObjectsUnderConstruction>())
if (I.first.getLocationContext() == LC) { if (I.first.getLocationContext() == LC) {
// The comment above only pardons us for not cleaning up a // The comment above only pardons us for not cleaning up a
// CXXBindTemporaryExpr. If any other statements are found here, // temporary destructor. If any other statements are found here,
// it must be a separate problem. // it must be a separate problem.
assert(isa<CXXBindTemporaryExpr>(I.first.getStmt())); assert(I.first.getItem().getKind() ==
ConstructionContextItem::TemporaryDestructorKind ||
I.first.getItem().getKind() ==
ConstructionContextItem::ElidedDestructorKind);
State = State->remove<ObjectsUnderConstruction>(I.first); State = State->remove<ObjectsUnderConstruction>(I.first);
// Also cleanup the elided destructor info.
ElidedDestructorItem Item(
cast<CXXBindTemporaryExpr>(I.first.getStmt()),
I.first.getLocationContext());
State = State->remove<ElidedDestructors>(Item);
} }
// Also suppress the assertion for elided destructors when temporary
// destructors are not provided at all by the CFG, because there's no
// good place to clean them up.
if (!AMgr.getAnalyzerOptions().includeTemporaryDtorsInCFG())
for (auto I : State->get<ElidedDestructors>())
if (I.second == LC)
State = State->remove<ElidedDestructors>(I);
LC = LC->getParent(); LC = LC->getParent();
} }
if (State != Pred->getState()) { if (State != Pred->getState()) {