CFG.cpp revision 4c98b1f67cdf385e05a86d54201b319cf1f1c042
1 //===--- CFG.cpp - Classes for representing and building CFGs----*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the CFG and CFGBuilder classes for representing and 11// building Control-Flow Graphs (CFGs) from ASTs. 12// 13//===----------------------------------------------------------------------===// 14 15#include "clang/Analysis/CFG.h" 16#include "clang/AST/ASTContext.h" 17#include "clang/AST/Attr.h" 18#include "clang/AST/CharUnits.h" 19#include "clang/AST/DeclCXX.h" 20#include "clang/AST/PrettyPrinter.h" 21#include "clang/AST/StmtVisitor.h" 22#include "llvm/ADT/DenseMap.h" 23#include "llvm/ADT/OwningPtr.h" 24#include "llvm/ADT/SmallPtrSet.h" 25#include "llvm/Support/Allocator.h" 26#include "llvm/Support/Format.h" 27#include "llvm/Support/GraphWriter.h" 28#include "llvm/Support/SaveAndRestore.h" 29 30using namespace clang; 31 32namespace { 33 34static SourceLocation GetEndLoc(Decl *D) { 35 if (VarDecl *VD = dyn_cast<VarDecl>(D)) 36 if (Expr *Ex = VD->getInit()) 37 return Ex->getSourceRange().getEnd(); 38 return D->getLocation(); 39} 40 41class CFGBuilder; 42 43/// The CFG builder uses a recursive algorithm to build the CFG. When 44/// we process an expression, sometimes we know that we must add the 45/// subexpressions as block-level expressions. For example: 46/// 47/// exp1 || exp2 48/// 49/// When processing the '||' expression, we know that exp1 and exp2 50/// need to be added as block-level expressions, even though they 51/// might not normally need to be. AddStmtChoice records this 52/// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then 53/// the builder has an option not to add a subexpression as a 54/// block-level expression. 55/// 56class AddStmtChoice { 57public: 58 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 }; 59 60 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {} 61 62 bool alwaysAdd(CFGBuilder &builder, 63 const Stmt *stmt) const; 64 65 /// Return a copy of this object, except with the 'always-add' bit 66 /// set as specified. 67 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const { 68 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd); 69 } 70 71private: 72 Kind kind; 73}; 74 75/// LocalScope - Node in tree of local scopes created for C++ implicit 76/// destructor calls generation. It contains list of automatic variables 77/// declared in the scope and link to position in previous scope this scope 78/// began in. 79/// 80/// The process of creating local scopes is as follows: 81/// - Init CFGBuilder::ScopePos with invalid position (equivalent for null), 82/// - Before processing statements in scope (e.g. CompoundStmt) create 83/// LocalScope object using CFGBuilder::ScopePos as link to previous scope 84/// and set CFGBuilder::ScopePos to the end of new scope, 85/// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points 86/// at this VarDecl, 87/// - For every normal (without jump) end of scope add to CFGBlock destructors 88/// for objects in the current scope, 89/// - For every jump add to CFGBlock destructors for objects 90/// between CFGBuilder::ScopePos and local scope position saved for jump 91/// target. Thanks to C++ restrictions on goto jumps we can be sure that 92/// jump target position will be on the path to root from CFGBuilder::ScopePos 93/// (adding any variable that doesn't need constructor to be called to 94/// LocalScope can break this assumption), 95/// 96class LocalScope { 97public: 98 typedef BumpVector<VarDecl*> AutomaticVarsTy; 99 100 /// const_iterator - Iterates local scope backwards and jumps to previous 101 /// scope on reaching the beginning of currently iterated scope. 102 class const_iterator { 103 const LocalScope* Scope; 104 105 /// VarIter is guaranteed to be greater then 0 for every valid iterator. 106 /// Invalid iterator (with null Scope) has VarIter equal to 0. 107 unsigned VarIter; 108 109 public: 110 /// Create invalid iterator. Dereferencing invalid iterator is not allowed. 111 /// Incrementing invalid iterator is allowed and will result in invalid 112 /// iterator. 113 const_iterator() 114 : Scope(NULL), VarIter(0) {} 115 116 /// Create valid iterator. In case when S.Prev is an invalid iterator and 117 /// I is equal to 0, this will create invalid iterator. 118 const_iterator(const LocalScope& S, unsigned I) 119 : Scope(&S), VarIter(I) { 120 // Iterator to "end" of scope is not allowed. Handle it by going up 121 // in scopes tree possibly up to invalid iterator in the root. 122 if (VarIter == 0 && Scope) 123 *this = Scope->Prev; 124 } 125 126 VarDecl *const* operator->() const { 127 assert (Scope && "Dereferencing invalid iterator is not allowed"); 128 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 129 return &Scope->Vars[VarIter - 1]; 130 } 131 VarDecl *operator*() const { 132 return *this->operator->(); 133 } 134 135 const_iterator &operator++() { 136 if (!Scope) 137 return *this; 138 139 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 140 --VarIter; 141 if (VarIter == 0) 142 *this = Scope->Prev; 143 return *this; 144 } 145 const_iterator operator++(int) { 146 const_iterator P = *this; 147 ++*this; 148 return P; 149 } 150 151 bool operator==(const const_iterator &rhs) const { 152 return Scope == rhs.Scope && VarIter == rhs.VarIter; 153 } 154 bool operator!=(const const_iterator &rhs) const { 155 return !(*this == rhs); 156 } 157 158 LLVM_EXPLICIT operator bool() const { 159 return *this != const_iterator(); 160 } 161 162 int distance(const_iterator L); 163 }; 164 165 friend class const_iterator; 166 167private: 168 BumpVectorContext ctx; 169 170 /// Automatic variables in order of declaration. 171 AutomaticVarsTy Vars; 172 /// Iterator to variable in previous scope that was declared just before 173 /// begin of this scope. 174 const_iterator Prev; 175 176public: 177 /// Constructs empty scope linked to previous scope in specified place. 178 LocalScope(BumpVectorContext &ctx, const_iterator P) 179 : ctx(ctx), Vars(ctx, 4), Prev(P) {} 180 181 /// Begin of scope in direction of CFG building (backwards). 182 const_iterator begin() const { return const_iterator(*this, Vars.size()); } 183 184 void addVar(VarDecl *VD) { 185 Vars.push_back(VD, ctx); 186 } 187}; 188 189/// distance - Calculates distance from this to L. L must be reachable from this 190/// (with use of ++ operator). Cost of calculating the distance is linear w.r.t. 191/// number of scopes between this and L. 192int LocalScope::const_iterator::distance(LocalScope::const_iterator L) { 193 int D = 0; 194 const_iterator F = *this; 195 while (F.Scope != L.Scope) { 196 assert (F != const_iterator() 197 && "L iterator is not reachable from F iterator."); 198 D += F.VarIter; 199 F = F.Scope->Prev; 200 } 201 D += F.VarIter - L.VarIter; 202 return D; 203} 204 205/// BlockScopePosPair - Structure for specifying position in CFG during its 206/// build process. It consists of CFGBlock that specifies position in CFG graph 207/// and LocalScope::const_iterator that specifies position in LocalScope graph. 208struct BlockScopePosPair { 209 BlockScopePosPair() : block(0) {} 210 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos) 211 : block(b), scopePosition(scopePos) {} 212 213 CFGBlock *block; 214 LocalScope::const_iterator scopePosition; 215}; 216 217/// TryResult - a class representing a variant over the values 218/// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool, 219/// and is used by the CFGBuilder to decide if a branch condition 220/// can be decided up front during CFG construction. 221class TryResult { 222 int X; 223public: 224 TryResult(bool b) : X(b ? 1 : 0) {} 225 TryResult() : X(-1) {} 226 227 bool isTrue() const { return X == 1; } 228 bool isFalse() const { return X == 0; } 229 bool isKnown() const { return X >= 0; } 230 void negate() { 231 assert(isKnown()); 232 X ^= 0x1; 233 } 234}; 235 236class reverse_children { 237 llvm::SmallVector<Stmt *, 12> childrenBuf; 238 ArrayRef<Stmt*> children; 239public: 240 reverse_children(Stmt *S); 241 242 typedef ArrayRef<Stmt*>::reverse_iterator iterator; 243 iterator begin() const { return children.rbegin(); } 244 iterator end() const { return children.rend(); } 245}; 246 247 248reverse_children::reverse_children(Stmt *S) { 249 if (CallExpr *CE = dyn_cast<CallExpr>(S)) { 250 children = CE->getRawSubExprs(); 251 return; 252 } 253 switch (S->getStmtClass()) { 254 // Note: Fill in this switch with more cases we want to optimize. 255 case Stmt::InitListExprClass: { 256 InitListExpr *IE = cast<InitListExpr>(S); 257 children = llvm::makeArrayRef(reinterpret_cast<Stmt**>(IE->getInits()), 258 IE->getNumInits()); 259 return; 260 } 261 default: 262 break; 263 } 264 265 // Default case for all other statements. 266 for (Stmt::child_range I = S->children(); I; ++I) { 267 childrenBuf.push_back(*I); 268 } 269 270 // This needs to be done *after* childrenBuf has been populated. 271 children = childrenBuf; 272} 273 274/// CFGBuilder - This class implements CFG construction from an AST. 275/// The builder is stateful: an instance of the builder should be used to only 276/// construct a single CFG. 277/// 278/// Example usage: 279/// 280/// CFGBuilder builder; 281/// CFG* cfg = builder.BuildAST(stmt1); 282/// 283/// CFG construction is done via a recursive walk of an AST. We actually parse 284/// the AST in reverse order so that the successor of a basic block is 285/// constructed prior to its predecessor. This allows us to nicely capture 286/// implicit fall-throughs without extra basic blocks. 287/// 288class CFGBuilder { 289 typedef BlockScopePosPair JumpTarget; 290 typedef BlockScopePosPair JumpSource; 291 292 ASTContext *Context; 293 OwningPtr<CFG> cfg; 294 295 CFGBlock *Block; 296 CFGBlock *Succ; 297 JumpTarget ContinueJumpTarget; 298 JumpTarget BreakJumpTarget; 299 CFGBlock *SwitchTerminatedBlock; 300 CFGBlock *DefaultCaseBlock; 301 CFGBlock *TryTerminatedBlock; 302 303 // Current position in local scope. 304 LocalScope::const_iterator ScopePos; 305 306 // LabelMap records the mapping from Label expressions to their jump targets. 307 typedef llvm::DenseMap<LabelDecl*, JumpTarget> LabelMapTy; 308 LabelMapTy LabelMap; 309 310 // A list of blocks that end with a "goto" that must be backpatched to their 311 // resolved targets upon completion of CFG construction. 312 typedef std::vector<JumpSource> BackpatchBlocksTy; 313 BackpatchBlocksTy BackpatchBlocks; 314 315 // A list of labels whose address has been taken (for indirect gotos). 316 typedef llvm::SmallPtrSet<LabelDecl*, 5> LabelSetTy; 317 LabelSetTy AddressTakenLabels; 318 319 bool badCFG; 320 const CFG::BuildOptions &BuildOpts; 321 322 // State to track for building switch statements. 323 bool switchExclusivelyCovered; 324 Expr::EvalResult *switchCond; 325 326 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry; 327 const Stmt *lastLookup; 328 329 // Caches boolean evaluations of expressions to avoid multiple re-evaluations 330 // during construction of branches for chained logical operators. 331 typedef llvm::DenseMap<Expr *, TryResult> CachedBoolEvalsTy; 332 CachedBoolEvalsTy CachedBoolEvals; 333 334public: 335 explicit CFGBuilder(ASTContext *astContext, 336 const CFG::BuildOptions &buildOpts) 337 : Context(astContext), cfg(new CFG()), // crew a new CFG 338 Block(NULL), Succ(NULL), 339 SwitchTerminatedBlock(NULL), DefaultCaseBlock(NULL), 340 TryTerminatedBlock(NULL), badCFG(false), BuildOpts(buildOpts), 341 switchExclusivelyCovered(false), switchCond(0), 342 cachedEntry(0), lastLookup(0) {} 343 344 // buildCFG - Used by external clients to construct the CFG. 345 CFG* buildCFG(const Decl *D, Stmt *Statement); 346 347 bool alwaysAdd(const Stmt *stmt); 348 349private: 350 // Visitors to walk an AST and construct the CFG. 351 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc); 352 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc); 353 CFGBlock *VisitBreakStmt(BreakStmt *B); 354 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc); 355 CFGBlock *VisitCaseStmt(CaseStmt *C); 356 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc); 357 CFGBlock *VisitCompoundStmt(CompoundStmt *C); 358 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C, 359 AddStmtChoice asc); 360 CFGBlock *VisitContinueStmt(ContinueStmt *C); 361 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 362 AddStmtChoice asc); 363 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S); 364 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc); 365 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S); 366 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 367 AddStmtChoice asc); 368 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 369 AddStmtChoice asc); 370 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T); 371 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S); 372 CFGBlock *VisitDeclStmt(DeclStmt *DS); 373 CFGBlock *VisitDeclSubExpr(DeclStmt *DS); 374 CFGBlock *VisitDefaultStmt(DefaultStmt *D); 375 CFGBlock *VisitDoStmt(DoStmt *D); 376 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E, AddStmtChoice asc); 377 CFGBlock *VisitForStmt(ForStmt *F); 378 CFGBlock *VisitGotoStmt(GotoStmt *G); 379 CFGBlock *VisitIfStmt(IfStmt *I); 380 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc); 381 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I); 382 CFGBlock *VisitLabelStmt(LabelStmt *L); 383 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc); 384 CFGBlock *VisitLogicalOperator(BinaryOperator *B); 385 std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B, 386 Stmt *Term, 387 CFGBlock *TrueBlock, 388 CFGBlock *FalseBlock); 389 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc); 390 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S); 391 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S); 392 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S); 393 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S); 394 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S); 395 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S); 396 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E); 397 CFGBlock *VisitReturnStmt(ReturnStmt *R); 398 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc); 399 CFGBlock *VisitSwitchStmt(SwitchStmt *S); 400 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 401 AddStmtChoice asc); 402 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc); 403 CFGBlock *VisitWhileStmt(WhileStmt *W); 404 405 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd); 406 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc); 407 CFGBlock *VisitChildren(Stmt *S); 408 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc); 409 410 // Visitors to walk an AST and generate destructors of temporaries in 411 // full expression. 412 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary = false); 413 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E); 414 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E); 415 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors(CXXBindTemporaryExpr *E, 416 bool BindToTemporary); 417 CFGBlock * 418 VisitConditionalOperatorForTemporaryDtors(AbstractConditionalOperator *E, 419 bool BindToTemporary); 420 421 // NYS == Not Yet Supported 422 CFGBlock *NYS() { 423 badCFG = true; 424 return Block; 425 } 426 427 void autoCreateBlock() { if (!Block) Block = createBlock(); } 428 CFGBlock *createBlock(bool add_successor = true); 429 CFGBlock *createNoReturnBlock(); 430 431 CFGBlock *addStmt(Stmt *S) { 432 return Visit(S, AddStmtChoice::AlwaysAdd); 433 } 434 CFGBlock *addInitializer(CXXCtorInitializer *I); 435 void addAutomaticObjDtors(LocalScope::const_iterator B, 436 LocalScope::const_iterator E, Stmt *S); 437 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD); 438 439 // Local scopes creation. 440 LocalScope* createOrReuseLocalScope(LocalScope* Scope); 441 442 void addLocalScopeForStmt(Stmt *S); 443 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, LocalScope* Scope = NULL); 444 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = NULL); 445 446 void addLocalScopeAndDtors(Stmt *S); 447 448 // Interface to CFGBlock - adding CFGElements. 449 void appendStmt(CFGBlock *B, const Stmt *S) { 450 if (alwaysAdd(S) && cachedEntry) 451 cachedEntry->second = B; 452 453 // All block-level expressions should have already been IgnoreParens()ed. 454 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); 455 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); 456 } 457 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) { 458 B->appendInitializer(I, cfg->getBumpVectorContext()); 459 } 460 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) { 461 B->appendBaseDtor(BS, cfg->getBumpVectorContext()); 462 } 463 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) { 464 B->appendMemberDtor(FD, cfg->getBumpVectorContext()); 465 } 466 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) { 467 B->appendTemporaryDtor(E, cfg->getBumpVectorContext()); 468 } 469 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) { 470 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext()); 471 } 472 473 void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 474 LocalScope::const_iterator B, LocalScope::const_iterator E); 475 476 void addSuccessor(CFGBlock *B, CFGBlock *S) { 477 B->addSuccessor(S, cfg->getBumpVectorContext()); 478 } 479 480 /// Try and evaluate an expression to an integer constant. 481 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) { 482 if (!BuildOpts.PruneTriviallyFalseEdges) 483 return false; 484 return !S->isTypeDependent() && 485 !S->isValueDependent() && 486 S->EvaluateAsRValue(outResult, *Context); 487 } 488 489 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1 490 /// if we can evaluate to a known value, otherwise return -1. 491 TryResult tryEvaluateBool(Expr *S) { 492 if (!BuildOpts.PruneTriviallyFalseEdges || 493 S->isTypeDependent() || S->isValueDependent()) 494 return TryResult(); 495 496 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) { 497 if (Bop->isLogicalOp()) { 498 // Check the cache first. 499 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S); 500 if (I != CachedBoolEvals.end()) 501 return I->second; // already in map; 502 503 // Retrieve result at first, or the map might be updated. 504 TryResult Result = evaluateAsBooleanConditionNoCache(S); 505 CachedBoolEvals[S] = Result; // update or insert 506 return Result; 507 } 508 else { 509 switch (Bop->getOpcode()) { 510 default: break; 511 // For 'x & 0' and 'x * 0', we can determine that 512 // the value is always false. 513 case BO_Mul: 514 case BO_And: { 515 // If either operand is zero, we know the value 516 // must be false. 517 llvm::APSInt IntVal; 518 if (Bop->getLHS()->EvaluateAsInt(IntVal, *Context)) { 519 if (IntVal.getBoolValue() == false) { 520 return TryResult(false); 521 } 522 } 523 if (Bop->getRHS()->EvaluateAsInt(IntVal, *Context)) { 524 if (IntVal.getBoolValue() == false) { 525 return TryResult(false); 526 } 527 } 528 } 529 break; 530 } 531 } 532 } 533 534 return evaluateAsBooleanConditionNoCache(S); 535 } 536 537 /// \brief Evaluate as boolean \param E without using the cache. 538 TryResult evaluateAsBooleanConditionNoCache(Expr *E) { 539 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) { 540 if (Bop->isLogicalOp()) { 541 TryResult LHS = tryEvaluateBool(Bop->getLHS()); 542 if (LHS.isKnown()) { 543 // We were able to evaluate the LHS, see if we can get away with not 544 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1 545 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 546 return LHS.isTrue(); 547 548 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 549 if (RHS.isKnown()) { 550 if (Bop->getOpcode() == BO_LOr) 551 return LHS.isTrue() || RHS.isTrue(); 552 else 553 return LHS.isTrue() && RHS.isTrue(); 554 } 555 } else { 556 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 557 if (RHS.isKnown()) { 558 // We can't evaluate the LHS; however, sometimes the result 559 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1. 560 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 561 return RHS.isTrue(); 562 } 563 } 564 565 return TryResult(); 566 } 567 } 568 569 bool Result; 570 if (E->EvaluateAsBooleanCondition(Result, *Context)) 571 return Result; 572 573 return TryResult(); 574 } 575 576}; 577 578inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder, 579 const Stmt *stmt) const { 580 return builder.alwaysAdd(stmt) || kind == AlwaysAdd; 581} 582 583bool CFGBuilder::alwaysAdd(const Stmt *stmt) { 584 bool shouldAdd = BuildOpts.alwaysAdd(stmt); 585 586 if (!BuildOpts.forcedBlkExprs) 587 return shouldAdd; 588 589 if (lastLookup == stmt) { 590 if (cachedEntry) { 591 assert(cachedEntry->first == stmt); 592 return true; 593 } 594 return shouldAdd; 595 } 596 597 lastLookup = stmt; 598 599 // Perform the lookup! 600 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs; 601 602 if (!fb) { 603 // No need to update 'cachedEntry', since it will always be null. 604 assert(cachedEntry == 0); 605 return shouldAdd; 606 } 607 608 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt); 609 if (itr == fb->end()) { 610 cachedEntry = 0; 611 return shouldAdd; 612 } 613 614 cachedEntry = &*itr; 615 return true; 616} 617 618// FIXME: Add support for dependent-sized array types in C++? 619// Does it even make sense to build a CFG for an uninstantiated template? 620static const VariableArrayType *FindVA(const Type *t) { 621 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) { 622 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt)) 623 if (vat->getSizeExpr()) 624 return vat; 625 626 t = vt->getElementType().getTypePtr(); 627 } 628 629 return 0; 630} 631 632/// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an 633/// arbitrary statement. Examples include a single expression or a function 634/// body (compound statement). The ownership of the returned CFG is 635/// transferred to the caller. If CFG construction fails, this method returns 636/// NULL. 637CFG* CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) { 638 assert(cfg.get()); 639 if (!Statement) 640 return NULL; 641 642 // Create an empty block that will serve as the exit block for the CFG. Since 643 // this is the first block added to the CFG, it will be implicitly registered 644 // as the exit block. 645 Succ = createBlock(); 646 assert(Succ == &cfg->getExit()); 647 Block = NULL; // the EXIT block is empty. Create all other blocks lazily. 648 649 if (BuildOpts.AddImplicitDtors) 650 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D)) 651 addImplicitDtorsForDestructor(DD); 652 653 // Visit the statements and create the CFG. 654 CFGBlock *B = addStmt(Statement); 655 656 if (badCFG) 657 return NULL; 658 659 // For C++ constructor add initializers to CFG. 660 if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) { 661 for (CXXConstructorDecl::init_const_reverse_iterator I = CD->init_rbegin(), 662 E = CD->init_rend(); I != E; ++I) { 663 B = addInitializer(*I); 664 if (badCFG) 665 return NULL; 666 } 667 } 668 669 if (B) 670 Succ = B; 671 672 // Backpatch the gotos whose label -> block mappings we didn't know when we 673 // encountered them. 674 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(), 675 E = BackpatchBlocks.end(); I != E; ++I ) { 676 677 CFGBlock *B = I->block; 678 const GotoStmt *G = cast<GotoStmt>(B->getTerminator()); 679 LabelMapTy::iterator LI = LabelMap.find(G->getLabel()); 680 681 // If there is no target for the goto, then we are looking at an 682 // incomplete AST. Handle this by not registering a successor. 683 if (LI == LabelMap.end()) continue; 684 685 JumpTarget JT = LI->second; 686 prependAutomaticObjDtorsWithTerminator(B, I->scopePosition, 687 JT.scopePosition); 688 addSuccessor(B, JT.block); 689 } 690 691 // Add successors to the Indirect Goto Dispatch block (if we have one). 692 if (CFGBlock *B = cfg->getIndirectGotoBlock()) 693 for (LabelSetTy::iterator I = AddressTakenLabels.begin(), 694 E = AddressTakenLabels.end(); I != E; ++I ) { 695 696 // Lookup the target block. 697 LabelMapTy::iterator LI = LabelMap.find(*I); 698 699 // If there is no target block that contains label, then we are looking 700 // at an incomplete AST. Handle this by not registering a successor. 701 if (LI == LabelMap.end()) continue; 702 703 addSuccessor(B, LI->second.block); 704 } 705 706 // Create an empty entry block that has no predecessors. 707 cfg->setEntry(createBlock()); 708 709 return cfg.take(); 710} 711 712/// createBlock - Used to lazily create blocks that are connected 713/// to the current (global) succcessor. 714CFGBlock *CFGBuilder::createBlock(bool add_successor) { 715 CFGBlock *B = cfg->createBlock(); 716 if (add_successor && Succ) 717 addSuccessor(B, Succ); 718 return B; 719} 720 721/// createNoReturnBlock - Used to create a block is a 'noreturn' point in the 722/// CFG. It is *not* connected to the current (global) successor, and instead 723/// directly tied to the exit block in order to be reachable. 724CFGBlock *CFGBuilder::createNoReturnBlock() { 725 CFGBlock *B = createBlock(false); 726 B->setHasNoReturnElement(); 727 addSuccessor(B, &cfg->getExit()); 728 return B; 729} 730 731/// addInitializer - Add C++ base or member initializer element to CFG. 732CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) { 733 if (!BuildOpts.AddInitializers) 734 return Block; 735 736 bool IsReference = false; 737 bool HasTemporaries = false; 738 739 // Destructors of temporaries in initialization expression should be called 740 // after initialization finishes. 741 Expr *Init = I->getInit(); 742 if (Init) { 743 if (FieldDecl *FD = I->getAnyMember()) 744 IsReference = FD->getType()->isReferenceType(); 745 HasTemporaries = isa<ExprWithCleanups>(Init); 746 747 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 748 // Generate destructors for temporaries in initialization expression. 749 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 750 IsReference); 751 } 752 } 753 754 autoCreateBlock(); 755 appendInitializer(Block, I); 756 757 if (Init) { 758 if (HasTemporaries) { 759 // For expression with temporaries go directly to subexpression to omit 760 // generating destructors for the second time. 761 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); 762 } 763 return Visit(Init); 764 } 765 766 return Block; 767} 768 769/// \brief Retrieve the type of the temporary object whose lifetime was 770/// extended by a local reference with the given initializer. 771static QualType getReferenceInitTemporaryType(ASTContext &Context, 772 const Expr *Init) { 773 while (true) { 774 // Skip parentheses. 775 Init = Init->IgnoreParens(); 776 777 // Skip through cleanups. 778 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { 779 Init = EWC->getSubExpr(); 780 continue; 781 } 782 783 // Skip through the temporary-materialization expression. 784 if (const MaterializeTemporaryExpr *MTE 785 = dyn_cast<MaterializeTemporaryExpr>(Init)) { 786 Init = MTE->GetTemporaryExpr(); 787 continue; 788 } 789 790 // Skip derived-to-base and no-op casts. 791 if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { 792 if ((CE->getCastKind() == CK_DerivedToBase || 793 CE->getCastKind() == CK_UncheckedDerivedToBase || 794 CE->getCastKind() == CK_NoOp) && 795 Init->getType()->isRecordType()) { 796 Init = CE->getSubExpr(); 797 continue; 798 } 799 } 800 801 // Skip member accesses into rvalues. 802 if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) { 803 if (!ME->isArrow() && ME->getBase()->isRValue()) { 804 Init = ME->getBase(); 805 continue; 806 } 807 } 808 809 break; 810 } 811 812 return Init->getType(); 813} 814 815/// addAutomaticObjDtors - Add to current block automatic objects destructors 816/// for objects in range of local scope positions. Use S as trigger statement 817/// for destructors. 818void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B, 819 LocalScope::const_iterator E, Stmt *S) { 820 if (!BuildOpts.AddImplicitDtors) 821 return; 822 823 if (B == E) 824 return; 825 826 // We need to append the destructors in reverse order, but any one of them 827 // may be a no-return destructor which changes the CFG. As a result, buffer 828 // this sequence up and replay them in reverse order when appending onto the 829 // CFGBlock(s). 830 SmallVector<VarDecl*, 10> Decls; 831 Decls.reserve(B.distance(E)); 832 for (LocalScope::const_iterator I = B; I != E; ++I) 833 Decls.push_back(*I); 834 835 for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(), 836 E = Decls.rend(); 837 I != E; ++I) { 838 // If this destructor is marked as a no-return destructor, we need to 839 // create a new block for the destructor which does not have as a successor 840 // anything built thus far: control won't flow out of this block. 841 QualType Ty = (*I)->getType(); 842 if (Ty->isReferenceType()) { 843 Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); 844 } 845 Ty = Context->getBaseElementType(Ty); 846 847 const CXXDestructorDecl *Dtor = Ty->getAsCXXRecordDecl()->getDestructor(); 848 if (Dtor->isNoReturn()) 849 Block = createNoReturnBlock(); 850 else 851 autoCreateBlock(); 852 853 appendAutomaticObjDtor(Block, *I, S); 854 } 855} 856 857/// addImplicitDtorsForDestructor - Add implicit destructors generated for 858/// base and member objects in destructor. 859void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) { 860 assert (BuildOpts.AddImplicitDtors 861 && "Can be called only when dtors should be added"); 862 const CXXRecordDecl *RD = DD->getParent(); 863 864 // At the end destroy virtual base objects. 865 for (CXXRecordDecl::base_class_const_iterator VI = RD->vbases_begin(), 866 VE = RD->vbases_end(); VI != VE; ++VI) { 867 const CXXRecordDecl *CD = VI->getType()->getAsCXXRecordDecl(); 868 if (!CD->hasTrivialDestructor()) { 869 autoCreateBlock(); 870 appendBaseDtor(Block, VI); 871 } 872 } 873 874 // Before virtual bases destroy direct base objects. 875 for (CXXRecordDecl::base_class_const_iterator BI = RD->bases_begin(), 876 BE = RD->bases_end(); BI != BE; ++BI) { 877 if (!BI->isVirtual()) { 878 const CXXRecordDecl *CD = BI->getType()->getAsCXXRecordDecl(); 879 if (!CD->hasTrivialDestructor()) { 880 autoCreateBlock(); 881 appendBaseDtor(Block, BI); 882 } 883 } 884 } 885 886 // First destroy member objects. 887 for (CXXRecordDecl::field_iterator FI = RD->field_begin(), 888 FE = RD->field_end(); FI != FE; ++FI) { 889 // Check for constant size array. Set type to array element type. 890 QualType QT = FI->getType(); 891 if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 892 if (AT->getSize() == 0) 893 continue; 894 QT = AT->getElementType(); 895 } 896 897 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 898 if (!CD->hasTrivialDestructor()) { 899 autoCreateBlock(); 900 appendMemberDtor(Block, *FI); 901 } 902 } 903} 904 905/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either 906/// way return valid LocalScope object. 907LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) { 908 if (!Scope) { 909 llvm::BumpPtrAllocator &alloc = cfg->getAllocator(); 910 Scope = alloc.Allocate<LocalScope>(); 911 BumpVectorContext ctx(alloc); 912 new (Scope) LocalScope(ctx, ScopePos); 913 } 914 return Scope; 915} 916 917/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement 918/// that should create implicit scope (e.g. if/else substatements). 919void CFGBuilder::addLocalScopeForStmt(Stmt *S) { 920 if (!BuildOpts.AddImplicitDtors) 921 return; 922 923 LocalScope *Scope = 0; 924 925 // For compound statement we will be creating explicit scope. 926 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) { 927 for (CompoundStmt::body_iterator BI = CS->body_begin(), BE = CS->body_end() 928 ; BI != BE; ++BI) { 929 Stmt *SI = (*BI)->stripLabelLikeStatements(); 930 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI)) 931 Scope = addLocalScopeForDeclStmt(DS, Scope); 932 } 933 return; 934 } 935 936 // For any other statement scope will be implicit and as such will be 937 // interesting only for DeclStmt. 938 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements())) 939 addLocalScopeForDeclStmt(DS); 940} 941 942/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will 943/// reuse Scope if not NULL. 944LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS, 945 LocalScope* Scope) { 946 if (!BuildOpts.AddImplicitDtors) 947 return Scope; 948 949 for (DeclStmt::decl_iterator DI = DS->decl_begin(), DE = DS->decl_end() 950 ; DI != DE; ++DI) { 951 if (VarDecl *VD = dyn_cast<VarDecl>(*DI)) 952 Scope = addLocalScopeForVarDecl(VD, Scope); 953 } 954 return Scope; 955} 956 957/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will 958/// create add scope for automatic objects and temporary objects bound to 959/// const reference. Will reuse Scope if not NULL. 960LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD, 961 LocalScope* Scope) { 962 if (!BuildOpts.AddImplicitDtors) 963 return Scope; 964 965 // Check if variable is local. 966 switch (VD->getStorageClass()) { 967 case SC_None: 968 case SC_Auto: 969 case SC_Register: 970 break; 971 default: return Scope; 972 } 973 974 // Check for const references bound to temporary. Set type to pointee. 975 QualType QT = VD->getType(); 976 if (QT.getTypePtr()->isReferenceType()) { 977 if (!VD->extendsLifetimeOfTemporary()) 978 return Scope; 979 980 QT = getReferenceInitTemporaryType(*Context, VD->getInit()); 981 } 982 983 // Check for constant size array. Set type to array element type. 984 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 985 if (AT->getSize() == 0) 986 return Scope; 987 QT = AT->getElementType(); 988 } 989 990 // Check if type is a C++ class with non-trivial destructor. 991 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 992 if (!CD->hasTrivialDestructor()) { 993 // Add the variable to scope 994 Scope = createOrReuseLocalScope(Scope); 995 Scope->addVar(VD); 996 ScopePos = Scope->begin(); 997 } 998 return Scope; 999} 1000 1001/// addLocalScopeAndDtors - For given statement add local scope for it and 1002/// add destructors that will cleanup the scope. Will reuse Scope if not NULL. 1003void CFGBuilder::addLocalScopeAndDtors(Stmt *S) { 1004 if (!BuildOpts.AddImplicitDtors) 1005 return; 1006 1007 LocalScope::const_iterator scopeBeginPos = ScopePos; 1008 addLocalScopeForStmt(S); 1009 addAutomaticObjDtors(ScopePos, scopeBeginPos, S); 1010} 1011 1012/// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for 1013/// variables with automatic storage duration to CFGBlock's elements vector. 1014/// Elements will be prepended to physical beginning of the vector which 1015/// happens to be logical end. Use blocks terminator as statement that specifies 1016/// destructors call site. 1017/// FIXME: This mechanism for adding automatic destructors doesn't handle 1018/// no-return destructors properly. 1019void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 1020 LocalScope::const_iterator B, LocalScope::const_iterator E) { 1021 BumpVectorContext &C = cfg->getBumpVectorContext(); 1022 CFGBlock::iterator InsertPos 1023 = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C); 1024 for (LocalScope::const_iterator I = B; I != E; ++I) 1025 InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I, 1026 Blk->getTerminator()); 1027} 1028 1029/// Visit - Walk the subtree of a statement and add extra 1030/// blocks for ternary operators, &&, and ||. We also process "," and 1031/// DeclStmts (which may contain nested control-flow). 1032CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) { 1033 if (!S) { 1034 badCFG = true; 1035 return 0; 1036 } 1037 1038 if (Expr *E = dyn_cast<Expr>(S)) 1039 S = E->IgnoreParens(); 1040 1041 switch (S->getStmtClass()) { 1042 default: 1043 return VisitStmt(S, asc); 1044 1045 case Stmt::AddrLabelExprClass: 1046 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc); 1047 1048 case Stmt::BinaryConditionalOperatorClass: 1049 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc); 1050 1051 case Stmt::BinaryOperatorClass: 1052 return VisitBinaryOperator(cast<BinaryOperator>(S), asc); 1053 1054 case Stmt::BlockExprClass: 1055 return VisitNoRecurse(cast<Expr>(S), asc); 1056 1057 case Stmt::BreakStmtClass: 1058 return VisitBreakStmt(cast<BreakStmt>(S)); 1059 1060 case Stmt::CallExprClass: 1061 case Stmt::CXXOperatorCallExprClass: 1062 case Stmt::CXXMemberCallExprClass: 1063 case Stmt::UserDefinedLiteralClass: 1064 return VisitCallExpr(cast<CallExpr>(S), asc); 1065 1066 case Stmt::CaseStmtClass: 1067 return VisitCaseStmt(cast<CaseStmt>(S)); 1068 1069 case Stmt::ChooseExprClass: 1070 return VisitChooseExpr(cast<ChooseExpr>(S), asc); 1071 1072 case Stmt::CompoundStmtClass: 1073 return VisitCompoundStmt(cast<CompoundStmt>(S)); 1074 1075 case Stmt::ConditionalOperatorClass: 1076 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc); 1077 1078 case Stmt::ContinueStmtClass: 1079 return VisitContinueStmt(cast<ContinueStmt>(S)); 1080 1081 case Stmt::CXXCatchStmtClass: 1082 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S)); 1083 1084 case Stmt::ExprWithCleanupsClass: 1085 return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc); 1086 1087 case Stmt::CXXDefaultArgExprClass: 1088 case Stmt::CXXDefaultInitExprClass: 1089 // FIXME: The expression inside a CXXDefaultArgExpr is owned by the 1090 // called function's declaration, not by the caller. If we simply add 1091 // this expression to the CFG, we could end up with the same Expr 1092 // appearing multiple times. 1093 // PR13385 / <rdar://problem/12156507> 1094 // 1095 // It's likewise possible for multiple CXXDefaultInitExprs for the same 1096 // expression to be used in the same function (through aggregate 1097 // initialization). 1098 return VisitStmt(S, asc); 1099 1100 case Stmt::CXXBindTemporaryExprClass: 1101 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc); 1102 1103 case Stmt::CXXConstructExprClass: 1104 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc); 1105 1106 case Stmt::CXXFunctionalCastExprClass: 1107 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc); 1108 1109 case Stmt::CXXTemporaryObjectExprClass: 1110 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc); 1111 1112 case Stmt::CXXThrowExprClass: 1113 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S)); 1114 1115 case Stmt::CXXTryStmtClass: 1116 return VisitCXXTryStmt(cast<CXXTryStmt>(S)); 1117 1118 case Stmt::CXXForRangeStmtClass: 1119 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S)); 1120 1121 case Stmt::DeclStmtClass: 1122 return VisitDeclStmt(cast<DeclStmt>(S)); 1123 1124 case Stmt::DefaultStmtClass: 1125 return VisitDefaultStmt(cast<DefaultStmt>(S)); 1126 1127 case Stmt::DoStmtClass: 1128 return VisitDoStmt(cast<DoStmt>(S)); 1129 1130 case Stmt::ForStmtClass: 1131 return VisitForStmt(cast<ForStmt>(S)); 1132 1133 case Stmt::GotoStmtClass: 1134 return VisitGotoStmt(cast<GotoStmt>(S)); 1135 1136 case Stmt::IfStmtClass: 1137 return VisitIfStmt(cast<IfStmt>(S)); 1138 1139 case Stmt::ImplicitCastExprClass: 1140 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc); 1141 1142 case Stmt::IndirectGotoStmtClass: 1143 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S)); 1144 1145 case Stmt::LabelStmtClass: 1146 return VisitLabelStmt(cast<LabelStmt>(S)); 1147 1148 case Stmt::LambdaExprClass: 1149 return VisitLambdaExpr(cast<LambdaExpr>(S), asc); 1150 1151 case Stmt::MemberExprClass: 1152 return VisitMemberExpr(cast<MemberExpr>(S), asc); 1153 1154 case Stmt::NullStmtClass: 1155 return Block; 1156 1157 case Stmt::ObjCAtCatchStmtClass: 1158 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S)); 1159 1160 case Stmt::ObjCAutoreleasePoolStmtClass: 1161 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S)); 1162 1163 case Stmt::ObjCAtSynchronizedStmtClass: 1164 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S)); 1165 1166 case Stmt::ObjCAtThrowStmtClass: 1167 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S)); 1168 1169 case Stmt::ObjCAtTryStmtClass: 1170 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S)); 1171 1172 case Stmt::ObjCForCollectionStmtClass: 1173 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S)); 1174 1175 case Stmt::OpaqueValueExprClass: 1176 return Block; 1177 1178 case Stmt::PseudoObjectExprClass: 1179 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S)); 1180 1181 case Stmt::ReturnStmtClass: 1182 return VisitReturnStmt(cast<ReturnStmt>(S)); 1183 1184 case Stmt::UnaryExprOrTypeTraitExprClass: 1185 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S), 1186 asc); 1187 1188 case Stmt::StmtExprClass: 1189 return VisitStmtExpr(cast<StmtExpr>(S), asc); 1190 1191 case Stmt::SwitchStmtClass: 1192 return VisitSwitchStmt(cast<SwitchStmt>(S)); 1193 1194 case Stmt::UnaryOperatorClass: 1195 return VisitUnaryOperator(cast<UnaryOperator>(S), asc); 1196 1197 case Stmt::WhileStmtClass: 1198 return VisitWhileStmt(cast<WhileStmt>(S)); 1199 } 1200} 1201 1202CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) { 1203 if (asc.alwaysAdd(*this, S)) { 1204 autoCreateBlock(); 1205 appendStmt(Block, S); 1206 } 1207 1208 return VisitChildren(S); 1209} 1210 1211/// VisitChildren - Visit the children of a Stmt. 1212CFGBlock *CFGBuilder::VisitChildren(Stmt *S) { 1213 CFGBlock *B = Block; 1214 1215 // Visit the children in their reverse order so that they appear in 1216 // left-to-right (natural) order in the CFG. 1217 reverse_children RChildren(S); 1218 for (reverse_children::iterator I = RChildren.begin(), E = RChildren.end(); 1219 I != E; ++I) { 1220 if (Stmt *Child = *I) 1221 if (CFGBlock *R = Visit(Child)) 1222 B = R; 1223 } 1224 return B; 1225} 1226 1227CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A, 1228 AddStmtChoice asc) { 1229 AddressTakenLabels.insert(A->getLabel()); 1230 1231 if (asc.alwaysAdd(*this, A)) { 1232 autoCreateBlock(); 1233 appendStmt(Block, A); 1234 } 1235 1236 return Block; 1237} 1238 1239CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, 1240 AddStmtChoice asc) { 1241 if (asc.alwaysAdd(*this, U)) { 1242 autoCreateBlock(); 1243 appendStmt(Block, U); 1244 } 1245 1246 return Visit(U->getSubExpr(), AddStmtChoice()); 1247} 1248 1249CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) { 1250 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1251 appendStmt(ConfluenceBlock, B); 1252 1253 if (badCFG) 1254 return 0; 1255 1256 return VisitLogicalOperator(B, 0, ConfluenceBlock, ConfluenceBlock).first; 1257} 1258 1259std::pair<CFGBlock*, CFGBlock*> 1260CFGBuilder::VisitLogicalOperator(BinaryOperator *B, 1261 Stmt *Term, 1262 CFGBlock *TrueBlock, 1263 CFGBlock *FalseBlock) { 1264 1265 // Introspect the RHS. If it is a nested logical operation, we recursively 1266 // build the CFG using this function. Otherwise, resort to default 1267 // CFG construction behavior. 1268 Expr *RHS = B->getRHS()->IgnoreParens(); 1269 CFGBlock *RHSBlock, *ExitBlock; 1270 1271 do { 1272 if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS)) 1273 if (B_RHS->isLogicalOp()) { 1274 llvm::tie(RHSBlock, ExitBlock) = 1275 VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock); 1276 break; 1277 } 1278 1279 // The RHS is not a nested logical operation. Don't push the terminator 1280 // down further, but instead visit RHS and construct the respective 1281 // pieces of the CFG, and link up the RHSBlock with the terminator 1282 // we have been provided. 1283 ExitBlock = RHSBlock = createBlock(false); 1284 1285 if (!Term) { 1286 assert(TrueBlock == FalseBlock); 1287 addSuccessor(RHSBlock, TrueBlock); 1288 } 1289 else { 1290 RHSBlock->setTerminator(Term); 1291 TryResult KnownVal = tryEvaluateBool(RHS); 1292 addSuccessor(RHSBlock, KnownVal.isFalse() ? NULL : TrueBlock); 1293 addSuccessor(RHSBlock, KnownVal.isTrue() ? NULL : FalseBlock); 1294 } 1295 1296 Block = RHSBlock; 1297 RHSBlock = addStmt(RHS); 1298 } 1299 while (false); 1300 1301 if (badCFG) 1302 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1303 1304 // Generate the blocks for evaluating the LHS. 1305 Expr *LHS = B->getLHS()->IgnoreParens(); 1306 1307 if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS)) 1308 if (B_LHS->isLogicalOp()) { 1309 if (B->getOpcode() == BO_LOr) 1310 FalseBlock = RHSBlock; 1311 else 1312 TrueBlock = RHSBlock; 1313 1314 // For the LHS, treat 'B' as the terminator that we want to sink 1315 // into the nested branch. The RHS always gets the top-most 1316 // terminator. 1317 return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock); 1318 } 1319 1320 // Create the block evaluating the LHS. 1321 // This contains the '&&' or '||' as the terminator. 1322 CFGBlock *LHSBlock = createBlock(false); 1323 LHSBlock->setTerminator(B); 1324 1325 Block = LHSBlock; 1326 CFGBlock *EntryLHSBlock = addStmt(LHS); 1327 1328 if (badCFG) 1329 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1330 1331 // See if this is a known constant. 1332 TryResult KnownVal = tryEvaluateBool(LHS); 1333 1334 // Now link the LHSBlock with RHSBlock. 1335 if (B->getOpcode() == BO_LOr) { 1336 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : TrueBlock); 1337 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : RHSBlock); 1338 } else { 1339 assert(B->getOpcode() == BO_LAnd); 1340 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 1341 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : FalseBlock); 1342 } 1343 1344 return std::make_pair(EntryLHSBlock, ExitBlock); 1345} 1346 1347 1348CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B, 1349 AddStmtChoice asc) { 1350 // && or || 1351 if (B->isLogicalOp()) 1352 return VisitLogicalOperator(B); 1353 1354 if (B->getOpcode() == BO_Comma) { // , 1355 autoCreateBlock(); 1356 appendStmt(Block, B); 1357 addStmt(B->getRHS()); 1358 return addStmt(B->getLHS()); 1359 } 1360 1361 if (B->isAssignmentOp()) { 1362 if (asc.alwaysAdd(*this, B)) { 1363 autoCreateBlock(); 1364 appendStmt(Block, B); 1365 } 1366 Visit(B->getLHS()); 1367 return Visit(B->getRHS()); 1368 } 1369 1370 if (asc.alwaysAdd(*this, B)) { 1371 autoCreateBlock(); 1372 appendStmt(Block, B); 1373 } 1374 1375 CFGBlock *RBlock = Visit(B->getRHS()); 1376 CFGBlock *LBlock = Visit(B->getLHS()); 1377 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr 1378 // containing a DoStmt, and the LHS doesn't create a new block, then we should 1379 // return RBlock. Otherwise we'll incorrectly return NULL. 1380 return (LBlock ? LBlock : RBlock); 1381} 1382 1383CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) { 1384 if (asc.alwaysAdd(*this, E)) { 1385 autoCreateBlock(); 1386 appendStmt(Block, E); 1387 } 1388 return Block; 1389} 1390 1391CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) { 1392 // "break" is a control-flow statement. Thus we stop processing the current 1393 // block. 1394 if (badCFG) 1395 return 0; 1396 1397 // Now create a new block that ends with the break statement. 1398 Block = createBlock(false); 1399 Block->setTerminator(B); 1400 1401 // If there is no target for the break, then we are looking at an incomplete 1402 // AST. This means that the CFG cannot be constructed. 1403 if (BreakJumpTarget.block) { 1404 addAutomaticObjDtors(ScopePos, BreakJumpTarget.scopePosition, B); 1405 addSuccessor(Block, BreakJumpTarget.block); 1406 } else 1407 badCFG = true; 1408 1409 1410 return Block; 1411} 1412 1413static bool CanThrow(Expr *E, ASTContext &Ctx) { 1414 QualType Ty = E->getType(); 1415 if (Ty->isFunctionPointerType()) 1416 Ty = Ty->getAs<PointerType>()->getPointeeType(); 1417 else if (Ty->isBlockPointerType()) 1418 Ty = Ty->getAs<BlockPointerType>()->getPointeeType(); 1419 1420 const FunctionType *FT = Ty->getAs<FunctionType>(); 1421 if (FT) { 1422 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT)) 1423 if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) && 1424 Proto->isNothrow(Ctx)) 1425 return false; 1426 } 1427 return true; 1428} 1429 1430CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) { 1431 // Compute the callee type. 1432 QualType calleeType = C->getCallee()->getType(); 1433 if (calleeType == Context->BoundMemberTy) { 1434 QualType boundType = Expr::findBoundMemberType(C->getCallee()); 1435 1436 // We should only get a null bound type if processing a dependent 1437 // CFG. Recover by assuming nothing. 1438 if (!boundType.isNull()) calleeType = boundType; 1439 } 1440 1441 // If this is a call to a no-return function, this stops the block here. 1442 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn(); 1443 1444 bool AddEHEdge = false; 1445 1446 // Languages without exceptions are assumed to not throw. 1447 if (Context->getLangOpts().Exceptions) { 1448 if (BuildOpts.AddEHEdges) 1449 AddEHEdge = true; 1450 } 1451 1452 if (FunctionDecl *FD = C->getDirectCallee()) { 1453 if (FD->isNoReturn()) 1454 NoReturn = true; 1455 if (FD->hasAttr<NoThrowAttr>()) 1456 AddEHEdge = false; 1457 } 1458 1459 if (!CanThrow(C->getCallee(), *Context)) 1460 AddEHEdge = false; 1461 1462 if (!NoReturn && !AddEHEdge) 1463 return VisitStmt(C, asc.withAlwaysAdd(true)); 1464 1465 if (Block) { 1466 Succ = Block; 1467 if (badCFG) 1468 return 0; 1469 } 1470 1471 if (NoReturn) 1472 Block = createNoReturnBlock(); 1473 else 1474 Block = createBlock(); 1475 1476 appendStmt(Block, C); 1477 1478 if (AddEHEdge) { 1479 // Add exceptional edges. 1480 if (TryTerminatedBlock) 1481 addSuccessor(Block, TryTerminatedBlock); 1482 else 1483 addSuccessor(Block, &cfg->getExit()); 1484 } 1485 1486 return VisitChildren(C); 1487} 1488 1489CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C, 1490 AddStmtChoice asc) { 1491 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1492 appendStmt(ConfluenceBlock, C); 1493 if (badCFG) 1494 return 0; 1495 1496 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1497 Succ = ConfluenceBlock; 1498 Block = NULL; 1499 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd); 1500 if (badCFG) 1501 return 0; 1502 1503 Succ = ConfluenceBlock; 1504 Block = NULL; 1505 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd); 1506 if (badCFG) 1507 return 0; 1508 1509 Block = createBlock(false); 1510 // See if this is a known constant. 1511 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1512 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1513 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1514 Block->setTerminator(C); 1515 return addStmt(C->getCond()); 1516} 1517 1518 1519CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) { 1520 addLocalScopeAndDtors(C); 1521 CFGBlock *LastBlock = Block; 1522 1523 for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend(); 1524 I != E; ++I ) { 1525 // If we hit a segment of code just containing ';' (NullStmts), we can 1526 // get a null block back. In such cases, just use the LastBlock 1527 if (CFGBlock *newBlock = addStmt(*I)) 1528 LastBlock = newBlock; 1529 1530 if (badCFG) 1531 return NULL; 1532 } 1533 1534 return LastBlock; 1535} 1536 1537CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C, 1538 AddStmtChoice asc) { 1539 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C); 1540 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : NULL); 1541 1542 // Create the confluence block that will "merge" the results of the ternary 1543 // expression. 1544 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1545 appendStmt(ConfluenceBlock, C); 1546 if (badCFG) 1547 return 0; 1548 1549 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1550 1551 // Create a block for the LHS expression if there is an LHS expression. A 1552 // GCC extension allows LHS to be NULL, causing the condition to be the 1553 // value that is returned instead. 1554 // e.g: x ?: y is shorthand for: x ? x : y; 1555 Succ = ConfluenceBlock; 1556 Block = NULL; 1557 CFGBlock *LHSBlock = 0; 1558 const Expr *trueExpr = C->getTrueExpr(); 1559 if (trueExpr != opaqueValue) { 1560 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd); 1561 if (badCFG) 1562 return 0; 1563 Block = NULL; 1564 } 1565 else 1566 LHSBlock = ConfluenceBlock; 1567 1568 // Create the block for the RHS expression. 1569 Succ = ConfluenceBlock; 1570 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd); 1571 if (badCFG) 1572 return 0; 1573 1574 // If the condition is a logical '&&' or '||', build a more accurate CFG. 1575 if (BinaryOperator *Cond = 1576 dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens())) 1577 if (Cond->isLogicalOp()) 1578 return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first; 1579 1580 // Create the block that will contain the condition. 1581 Block = createBlock(false); 1582 1583 // See if this is a known constant. 1584 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1585 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1586 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1587 Block->setTerminator(C); 1588 Expr *condExpr = C->getCond(); 1589 1590 if (opaqueValue) { 1591 // Run the condition expression if it's not trivially expressed in 1592 // terms of the opaque value (or if there is no opaque value). 1593 if (condExpr != opaqueValue) 1594 addStmt(condExpr); 1595 1596 // Before that, run the common subexpression if there was one. 1597 // At least one of this or the above will be run. 1598 return addStmt(BCO->getCommon()); 1599 } 1600 1601 return addStmt(condExpr); 1602} 1603 1604CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) { 1605 // Check if the Decl is for an __label__. If so, elide it from the 1606 // CFG entirely. 1607 if (isa<LabelDecl>(*DS->decl_begin())) 1608 return Block; 1609 1610 // This case also handles static_asserts. 1611 if (DS->isSingleDecl()) 1612 return VisitDeclSubExpr(DS); 1613 1614 CFGBlock *B = 0; 1615 1616 // Build an individual DeclStmt for each decl. 1617 for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(), 1618 E = DS->decl_rend(); 1619 I != E; ++I) { 1620 // Get the alignment of the new DeclStmt, padding out to >=8 bytes. 1621 unsigned A = llvm::AlignOf<DeclStmt>::Alignment < 8 1622 ? 8 : llvm::AlignOf<DeclStmt>::Alignment; 1623 1624 // Allocate the DeclStmt using the BumpPtrAllocator. It will get 1625 // automatically freed with the CFG. 1626 DeclGroupRef DG(*I); 1627 Decl *D = *I; 1628 void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A); 1629 DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D)); 1630 cfg->addSyntheticDeclStmt(DSNew, DS); 1631 1632 // Append the fake DeclStmt to block. 1633 B = VisitDeclSubExpr(DSNew); 1634 } 1635 1636 return B; 1637} 1638 1639/// VisitDeclSubExpr - Utility method to add block-level expressions for 1640/// DeclStmts and initializers in them. 1641CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) { 1642 assert(DS->isSingleDecl() && "Can handle single declarations only."); 1643 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); 1644 1645 if (!VD) { 1646 // Of everything that can be declared in a DeclStmt, only VarDecls impact 1647 // runtime semantics. 1648 return Block; 1649 } 1650 1651 bool IsReference = false; 1652 bool HasTemporaries = false; 1653 1654 // Guard static initializers under a branch. 1655 CFGBlock *blockAfterStaticInit = 0; 1656 1657 if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) { 1658 // For static variables, we need to create a branch to track 1659 // whether or not they are initialized. 1660 if (Block) { 1661 Succ = Block; 1662 Block = 0; 1663 if (badCFG) 1664 return 0; 1665 } 1666 blockAfterStaticInit = Succ; 1667 } 1668 1669 // Destructors of temporaries in initialization expression should be called 1670 // after initialization finishes. 1671 Expr *Init = VD->getInit(); 1672 if (Init) { 1673 IsReference = VD->getType()->isReferenceType(); 1674 HasTemporaries = isa<ExprWithCleanups>(Init); 1675 1676 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 1677 // Generate destructors for temporaries in initialization expression. 1678 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 1679 IsReference); 1680 } 1681 } 1682 1683 autoCreateBlock(); 1684 appendStmt(Block, DS); 1685 1686 // Keep track of the last non-null block, as 'Block' can be nulled out 1687 // if the initializer expression is something like a 'while' in a 1688 // statement-expression. 1689 CFGBlock *LastBlock = Block; 1690 1691 if (Init) { 1692 if (HasTemporaries) { 1693 // For expression with temporaries go directly to subexpression to omit 1694 // generating destructors for the second time. 1695 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init); 1696 if (CFGBlock *newBlock = Visit(EC->getSubExpr())) 1697 LastBlock = newBlock; 1698 } 1699 else { 1700 if (CFGBlock *newBlock = Visit(Init)) 1701 LastBlock = newBlock; 1702 } 1703 } 1704 1705 // If the type of VD is a VLA, then we must process its size expressions. 1706 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr()); 1707 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) { 1708 if (CFGBlock *newBlock = addStmt(VA->getSizeExpr())) 1709 LastBlock = newBlock; 1710 } 1711 1712 // Remove variable from local scope. 1713 if (ScopePos && VD == *ScopePos) 1714 ++ScopePos; 1715 1716 CFGBlock *B = LastBlock; 1717 if (blockAfterStaticInit) { 1718 Succ = B; 1719 Block = createBlock(false); 1720 Block->setTerminator(DS); 1721 addSuccessor(Block, blockAfterStaticInit); 1722 addSuccessor(Block, B); 1723 B = Block; 1724 } 1725 1726 return B; 1727} 1728 1729CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) { 1730 // We may see an if statement in the middle of a basic block, or it may be the 1731 // first statement we are processing. In either case, we create a new basic 1732 // block. First, we create the blocks for the then...else statements, and 1733 // then we create the block containing the if statement. If we were in the 1734 // middle of a block, we stop processing that block. That block is then the 1735 // implicit successor for the "then" and "else" clauses. 1736 1737 // Save local scope position because in case of condition variable ScopePos 1738 // won't be restored when traversing AST. 1739 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1740 1741 // Create local scope for possible condition variable. 1742 // Store scope position. Add implicit destructor. 1743 if (VarDecl *VD = I->getConditionVariable()) { 1744 LocalScope::const_iterator BeginScopePos = ScopePos; 1745 addLocalScopeForVarDecl(VD); 1746 addAutomaticObjDtors(ScopePos, BeginScopePos, I); 1747 } 1748 1749 // The block we were processing is now finished. Make it the successor 1750 // block. 1751 if (Block) { 1752 Succ = Block; 1753 if (badCFG) 1754 return 0; 1755 } 1756 1757 // Process the false branch. 1758 CFGBlock *ElseBlock = Succ; 1759 1760 if (Stmt *Else = I->getElse()) { 1761 SaveAndRestore<CFGBlock*> sv(Succ); 1762 1763 // NULL out Block so that the recursive call to Visit will 1764 // create a new basic block. 1765 Block = NULL; 1766 1767 // If branch is not a compound statement create implicit scope 1768 // and add destructors. 1769 if (!isa<CompoundStmt>(Else)) 1770 addLocalScopeAndDtors(Else); 1771 1772 ElseBlock = addStmt(Else); 1773 1774 if (!ElseBlock) // Can occur when the Else body has all NullStmts. 1775 ElseBlock = sv.get(); 1776 else if (Block) { 1777 if (badCFG) 1778 return 0; 1779 } 1780 } 1781 1782 // Process the true branch. 1783 CFGBlock *ThenBlock; 1784 { 1785 Stmt *Then = I->getThen(); 1786 assert(Then); 1787 SaveAndRestore<CFGBlock*> sv(Succ); 1788 Block = NULL; 1789 1790 // If branch is not a compound statement create implicit scope 1791 // and add destructors. 1792 if (!isa<CompoundStmt>(Then)) 1793 addLocalScopeAndDtors(Then); 1794 1795 ThenBlock = addStmt(Then); 1796 1797 if (!ThenBlock) { 1798 // We can reach here if the "then" body has all NullStmts. 1799 // Create an empty block so we can distinguish between true and false 1800 // branches in path-sensitive analyses. 1801 ThenBlock = createBlock(false); 1802 addSuccessor(ThenBlock, sv.get()); 1803 } else if (Block) { 1804 if (badCFG) 1805 return 0; 1806 } 1807 } 1808 1809 // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by 1810 // having these handle the actual control-flow jump. Note that 1811 // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)" 1812 // we resort to the old control-flow behavior. This special handling 1813 // removes infeasible paths from the control-flow graph by having the 1814 // control-flow transfer of '&&' or '||' go directly into the then/else 1815 // blocks directly. 1816 if (!I->getConditionVariable()) 1817 if (BinaryOperator *Cond = 1818 dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens())) 1819 if (Cond->isLogicalOp()) 1820 return VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first; 1821 1822 // Now create a new block containing the if statement. 1823 Block = createBlock(false); 1824 1825 // Set the terminator of the new block to the If statement. 1826 Block->setTerminator(I); 1827 1828 // See if this is a known constant. 1829 const TryResult &KnownVal = tryEvaluateBool(I->getCond()); 1830 1831 // Now add the successors. 1832 addSuccessor(Block, KnownVal.isFalse() ? NULL : ThenBlock); 1833 addSuccessor(Block, KnownVal.isTrue()? NULL : ElseBlock); 1834 1835 // Add the condition as the last statement in the new block. This may create 1836 // new blocks as the condition may contain control-flow. Any newly created 1837 // blocks will be pointed to be "Block". 1838 CFGBlock *LastBlock = addStmt(I->getCond()); 1839 1840 // Finally, if the IfStmt contains a condition variable, add both the IfStmt 1841 // and the condition variable initialization to the CFG. 1842 if (VarDecl *VD = I->getConditionVariable()) { 1843 if (Expr *Init = VD->getInit()) { 1844 autoCreateBlock(); 1845 appendStmt(Block, I->getConditionVariableDeclStmt()); 1846 LastBlock = addStmt(Init); 1847 } 1848 } 1849 1850 return LastBlock; 1851} 1852 1853 1854CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) { 1855 // If we were in the middle of a block we stop processing that block. 1856 // 1857 // NOTE: If a "return" appears in the middle of a block, this means that the 1858 // code afterwards is DEAD (unreachable). We still keep a basic block 1859 // for that code; a simple "mark-and-sweep" from the entry block will be 1860 // able to report such dead blocks. 1861 1862 // Create the new block. 1863 Block = createBlock(false); 1864 1865 // The Exit block is the only successor. 1866 addAutomaticObjDtors(ScopePos, LocalScope::const_iterator(), R); 1867 addSuccessor(Block, &cfg->getExit()); 1868 1869 // Add the return statement to the block. This may create new blocks if R 1870 // contains control-flow (short-circuit operations). 1871 return VisitStmt(R, AddStmtChoice::AlwaysAdd); 1872} 1873 1874CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) { 1875 // Get the block of the labeled statement. Add it to our map. 1876 addStmt(L->getSubStmt()); 1877 CFGBlock *LabelBlock = Block; 1878 1879 if (!LabelBlock) // This can happen when the body is empty, i.e. 1880 LabelBlock = createBlock(); // scopes that only contains NullStmts. 1881 1882 assert(LabelMap.find(L->getDecl()) == LabelMap.end() && 1883 "label already in map"); 1884 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos); 1885 1886 // Labels partition blocks, so this is the end of the basic block we were 1887 // processing (L is the block's label). Because this is label (and we have 1888 // already processed the substatement) there is no extra control-flow to worry 1889 // about. 1890 LabelBlock->setLabel(L); 1891 if (badCFG) 1892 return 0; 1893 1894 // We set Block to NULL to allow lazy creation of a new block (if necessary); 1895 Block = NULL; 1896 1897 // This block is now the implicit successor of other blocks. 1898 Succ = LabelBlock; 1899 1900 return LabelBlock; 1901} 1902 1903CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) { 1904 CFGBlock *LastBlock = VisitNoRecurse(E, asc); 1905 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(), 1906 et = E->capture_init_end(); it != et; ++it) { 1907 if (Expr *Init = *it) { 1908 CFGBlock *Tmp = Visit(Init); 1909 if (Tmp != 0) 1910 LastBlock = Tmp; 1911 } 1912 } 1913 return LastBlock; 1914} 1915 1916CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) { 1917 // Goto is a control-flow statement. Thus we stop processing the current 1918 // block and create a new one. 1919 1920 Block = createBlock(false); 1921 Block->setTerminator(G); 1922 1923 // If we already know the mapping to the label block add the successor now. 1924 LabelMapTy::iterator I = LabelMap.find(G->getLabel()); 1925 1926 if (I == LabelMap.end()) 1927 // We will need to backpatch this block later. 1928 BackpatchBlocks.push_back(JumpSource(Block, ScopePos)); 1929 else { 1930 JumpTarget JT = I->second; 1931 addAutomaticObjDtors(ScopePos, JT.scopePosition, G); 1932 addSuccessor(Block, JT.block); 1933 } 1934 1935 return Block; 1936} 1937 1938CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) { 1939 CFGBlock *LoopSuccessor = NULL; 1940 1941 // Save local scope position because in case of condition variable ScopePos 1942 // won't be restored when traversing AST. 1943 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1944 1945 // Create local scope for init statement and possible condition variable. 1946 // Add destructor for init statement and condition variable. 1947 // Store scope position for continue statement. 1948 if (Stmt *Init = F->getInit()) 1949 addLocalScopeForStmt(Init); 1950 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 1951 1952 if (VarDecl *VD = F->getConditionVariable()) 1953 addLocalScopeForVarDecl(VD); 1954 LocalScope::const_iterator ContinueScopePos = ScopePos; 1955 1956 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), F); 1957 1958 // "for" is a control-flow statement. Thus we stop processing the current 1959 // block. 1960 if (Block) { 1961 if (badCFG) 1962 return 0; 1963 LoopSuccessor = Block; 1964 } else 1965 LoopSuccessor = Succ; 1966 1967 // Save the current value for the break targets. 1968 // All breaks should go to the code following the loop. 1969 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 1970 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 1971 1972 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 1973 1974 // Now create the loop body. 1975 { 1976 assert(F->getBody()); 1977 1978 // Save the current values for Block, Succ, continue and break targets. 1979 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 1980 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 1981 1982 // Create an empty block to represent the transition block for looping back 1983 // to the head of the loop. If we have increment code, it will 1984 // go in this block as well. 1985 Block = Succ = TransitionBlock = createBlock(false); 1986 TransitionBlock->setLoopTarget(F); 1987 1988 if (Stmt *I = F->getInc()) { 1989 // Generate increment code in its own basic block. This is the target of 1990 // continue statements. 1991 Succ = addStmt(I); 1992 } 1993 1994 // Finish up the increment (or empty) block if it hasn't been already. 1995 if (Block) { 1996 assert(Block == Succ); 1997 if (badCFG) 1998 return 0; 1999 Block = 0; 2000 } 2001 2002 // The starting block for the loop increment is the block that should 2003 // represent the 'loop target' for looping back to the start of the loop. 2004 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 2005 ContinueJumpTarget.block->setLoopTarget(F); 2006 2007 // Loop body should end with destructor of Condition variable (if any). 2008 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, F); 2009 2010 // If body is not a compound statement create implicit scope 2011 // and add destructors. 2012 if (!isa<CompoundStmt>(F->getBody())) 2013 addLocalScopeAndDtors(F->getBody()); 2014 2015 // Now populate the body block, and in the process create new blocks as we 2016 // walk the body of the loop. 2017 BodyBlock = addStmt(F->getBody()); 2018 2019 if (!BodyBlock) { 2020 // In the case of "for (...;...;...);" we can have a null BodyBlock. 2021 // Use the continue jump target as the proxy for the body. 2022 BodyBlock = ContinueJumpTarget.block; 2023 } 2024 else if (badCFG) 2025 return 0; 2026 } 2027 2028 // Because of short-circuit evaluation, the condition of the loop can span 2029 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2030 // evaluate the condition. 2031 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2032 2033 do { 2034 Expr *C = F->getCond(); 2035 2036 // Specially handle logical operators, which have a slightly 2037 // more optimal CFG representation. 2038 if (BinaryOperator *Cond = 2039 dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : 0)) 2040 if (Cond->isLogicalOp()) { 2041 llvm::tie(EntryConditionBlock, ExitConditionBlock) = 2042 VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor); 2043 break; 2044 } 2045 2046 // The default case when not handling logical operators. 2047 EntryConditionBlock = ExitConditionBlock = createBlock(false); 2048 ExitConditionBlock->setTerminator(F); 2049 2050 // See if this is a known constant. 2051 TryResult KnownVal(true); 2052 2053 if (C) { 2054 // Now add the actual condition to the condition block. 2055 // Because the condition itself may contain control-flow, new blocks may 2056 // be created. Thus we update "Succ" after adding the condition. 2057 Block = ExitConditionBlock; 2058 EntryConditionBlock = addStmt(C); 2059 2060 // If this block contains a condition variable, add both the condition 2061 // variable and initializer to the CFG. 2062 if (VarDecl *VD = F->getConditionVariable()) { 2063 if (Expr *Init = VD->getInit()) { 2064 autoCreateBlock(); 2065 appendStmt(Block, F->getConditionVariableDeclStmt()); 2066 EntryConditionBlock = addStmt(Init); 2067 assert(Block == EntryConditionBlock); 2068 } 2069 } 2070 2071 if (Block && badCFG) 2072 return 0; 2073 2074 KnownVal = tryEvaluateBool(C); 2075 } 2076 2077 // Add the loop body entry as a successor to the condition. 2078 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2079 // Link up the condition block with the code that follows the loop. (the 2080 // false branch). 2081 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2082 2083 } while (false); 2084 2085 // Link up the loop-back block to the entry condition block. 2086 addSuccessor(TransitionBlock, EntryConditionBlock); 2087 2088 // The condition block is the implicit successor for any code above the loop. 2089 Succ = EntryConditionBlock; 2090 2091 // If the loop contains initialization, create a new block for those 2092 // statements. This block can also contain statements that precede the loop. 2093 if (Stmt *I = F->getInit()) { 2094 Block = createBlock(); 2095 return addStmt(I); 2096 } 2097 2098 // There is no loop initialization. We are thus basically a while loop. 2099 // NULL out Block to force lazy block construction. 2100 Block = NULL; 2101 Succ = EntryConditionBlock; 2102 return EntryConditionBlock; 2103} 2104 2105CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) { 2106 if (asc.alwaysAdd(*this, M)) { 2107 autoCreateBlock(); 2108 appendStmt(Block, M); 2109 } 2110 return Visit(M->getBase()); 2111} 2112 2113CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) { 2114 // Objective-C fast enumeration 'for' statements: 2115 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC 2116 // 2117 // for ( Type newVariable in collection_expression ) { statements } 2118 // 2119 // becomes: 2120 // 2121 // prologue: 2122 // 1. collection_expression 2123 // T. jump to loop_entry 2124 // loop_entry: 2125 // 1. side-effects of element expression 2126 // 1. ObjCForCollectionStmt [performs binding to newVariable] 2127 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil] 2128 // TB: 2129 // statements 2130 // T. jump to loop_entry 2131 // FB: 2132 // what comes after 2133 // 2134 // and 2135 // 2136 // Type existingItem; 2137 // for ( existingItem in expression ) { statements } 2138 // 2139 // becomes: 2140 // 2141 // the same with newVariable replaced with existingItem; the binding works 2142 // the same except that for one ObjCForCollectionStmt::getElement() returns 2143 // a DeclStmt and the other returns a DeclRefExpr. 2144 // 2145 2146 CFGBlock *LoopSuccessor = 0; 2147 2148 if (Block) { 2149 if (badCFG) 2150 return 0; 2151 LoopSuccessor = Block; 2152 Block = 0; 2153 } else 2154 LoopSuccessor = Succ; 2155 2156 // Build the condition blocks. 2157 CFGBlock *ExitConditionBlock = createBlock(false); 2158 2159 // Set the terminator for the "exit" condition block. 2160 ExitConditionBlock->setTerminator(S); 2161 2162 // The last statement in the block should be the ObjCForCollectionStmt, which 2163 // performs the actual binding to 'element' and determines if there are any 2164 // more items in the collection. 2165 appendStmt(ExitConditionBlock, S); 2166 Block = ExitConditionBlock; 2167 2168 // Walk the 'element' expression to see if there are any side-effects. We 2169 // generate new blocks as necessary. We DON'T add the statement by default to 2170 // the CFG unless it contains control-flow. 2171 CFGBlock *EntryConditionBlock = Visit(S->getElement(), 2172 AddStmtChoice::NotAlwaysAdd); 2173 if (Block) { 2174 if (badCFG) 2175 return 0; 2176 Block = 0; 2177 } 2178 2179 // The condition block is the implicit successor for the loop body as well as 2180 // any code above the loop. 2181 Succ = EntryConditionBlock; 2182 2183 // Now create the true branch. 2184 { 2185 // Save the current values for Succ, continue and break targets. 2186 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2187 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2188 save_break(BreakJumpTarget); 2189 2190 // Add an intermediate block between the BodyBlock and the 2191 // EntryConditionBlock to represent the "loop back" transition, for looping 2192 // back to the head of the loop. 2193 CFGBlock *LoopBackBlock = 0; 2194 Succ = LoopBackBlock = createBlock(); 2195 LoopBackBlock->setLoopTarget(S); 2196 2197 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2198 ContinueJumpTarget = JumpTarget(Succ, ScopePos); 2199 2200 CFGBlock *BodyBlock = addStmt(S->getBody()); 2201 2202 if (!BodyBlock) 2203 BodyBlock = ContinueJumpTarget.block; // can happen for "for (X in Y) ;" 2204 else if (Block) { 2205 if (badCFG) 2206 return 0; 2207 } 2208 2209 // This new body block is a successor to our "exit" condition block. 2210 addSuccessor(ExitConditionBlock, BodyBlock); 2211 } 2212 2213 // Link up the condition block with the code that follows the loop. 2214 // (the false branch). 2215 addSuccessor(ExitConditionBlock, LoopSuccessor); 2216 2217 // Now create a prologue block to contain the collection expression. 2218 Block = createBlock(); 2219 return addStmt(S->getCollection()); 2220} 2221 2222CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) { 2223 // Inline the body. 2224 return addStmt(S->getSubStmt()); 2225 // TODO: consider adding cleanups for the end of @autoreleasepool scope. 2226} 2227 2228CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) { 2229 // FIXME: Add locking 'primitives' to CFG for @synchronized. 2230 2231 // Inline the body. 2232 CFGBlock *SyncBlock = addStmt(S->getSynchBody()); 2233 2234 // The sync body starts its own basic block. This makes it a little easier 2235 // for diagnostic clients. 2236 if (SyncBlock) { 2237 if (badCFG) 2238 return 0; 2239 2240 Block = 0; 2241 Succ = SyncBlock; 2242 } 2243 2244 // Add the @synchronized to the CFG. 2245 autoCreateBlock(); 2246 appendStmt(Block, S); 2247 2248 // Inline the sync expression. 2249 return addStmt(S->getSynchExpr()); 2250} 2251 2252CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *S) { 2253 // FIXME 2254 return NYS(); 2255} 2256 2257CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) { 2258 autoCreateBlock(); 2259 2260 // Add the PseudoObject as the last thing. 2261 appendStmt(Block, E); 2262 2263 CFGBlock *lastBlock = Block; 2264 2265 // Before that, evaluate all of the semantics in order. In 2266 // CFG-land, that means appending them in reverse order. 2267 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) { 2268 Expr *Semantic = E->getSemanticExpr(--i); 2269 2270 // If the semantic is an opaque value, we're being asked to bind 2271 // it to its source expression. 2272 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic)) 2273 Semantic = OVE->getSourceExpr(); 2274 2275 if (CFGBlock *B = Visit(Semantic)) 2276 lastBlock = B; 2277 } 2278 2279 return lastBlock; 2280} 2281 2282CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) { 2283 CFGBlock *LoopSuccessor = NULL; 2284 2285 // Save local scope position because in case of condition variable ScopePos 2286 // won't be restored when traversing AST. 2287 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2288 2289 // Create local scope for possible condition variable. 2290 // Store scope position for continue statement. 2291 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2292 if (VarDecl *VD = W->getConditionVariable()) { 2293 addLocalScopeForVarDecl(VD); 2294 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2295 } 2296 2297 // "while" is a control-flow statement. Thus we stop processing the current 2298 // block. 2299 if (Block) { 2300 if (badCFG) 2301 return 0; 2302 LoopSuccessor = Block; 2303 Block = 0; 2304 } else { 2305 LoopSuccessor = Succ; 2306 } 2307 2308 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 2309 2310 // Process the loop body. 2311 { 2312 assert(W->getBody()); 2313 2314 // Save the current values for Block, Succ, continue and break targets. 2315 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2316 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2317 save_break(BreakJumpTarget); 2318 2319 // Create an empty block to represent the transition block for looping back 2320 // to the head of the loop. 2321 Succ = TransitionBlock = createBlock(false); 2322 TransitionBlock->setLoopTarget(W); 2323 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos); 2324 2325 // All breaks should go to the code following the loop. 2326 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2327 2328 // Loop body should end with destructor of Condition variable (if any). 2329 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2330 2331 // If body is not a compound statement create implicit scope 2332 // and add destructors. 2333 if (!isa<CompoundStmt>(W->getBody())) 2334 addLocalScopeAndDtors(W->getBody()); 2335 2336 // Create the body. The returned block is the entry to the loop body. 2337 BodyBlock = addStmt(W->getBody()); 2338 2339 if (!BodyBlock) 2340 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;" 2341 else if (Block && badCFG) 2342 return 0; 2343 } 2344 2345 // Because of short-circuit evaluation, the condition of the loop can span 2346 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2347 // evaluate the condition. 2348 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2349 2350 do { 2351 Expr *C = W->getCond(); 2352 2353 // Specially handle logical operators, which have a slightly 2354 // more optimal CFG representation. 2355 if (BinaryOperator *Cond = dyn_cast<BinaryOperator>(C->IgnoreParens())) 2356 if (Cond->isLogicalOp()) { 2357 llvm::tie(EntryConditionBlock, ExitConditionBlock) = 2358 VisitLogicalOperator(Cond, W, BodyBlock, 2359 LoopSuccessor); 2360 break; 2361 } 2362 2363 // The default case when not handling logical operators. 2364 ExitConditionBlock = createBlock(false); 2365 ExitConditionBlock->setTerminator(W); 2366 2367 // Now add the actual condition to the condition block. 2368 // Because the condition itself may contain control-flow, new blocks may 2369 // be created. Thus we update "Succ" after adding the condition. 2370 Block = ExitConditionBlock; 2371 Block = EntryConditionBlock = addStmt(C); 2372 2373 // If this block contains a condition variable, add both the condition 2374 // variable and initializer to the CFG. 2375 if (VarDecl *VD = W->getConditionVariable()) { 2376 if (Expr *Init = VD->getInit()) { 2377 autoCreateBlock(); 2378 appendStmt(Block, W->getConditionVariableDeclStmt()); 2379 EntryConditionBlock = addStmt(Init); 2380 assert(Block == EntryConditionBlock); 2381 } 2382 } 2383 2384 if (Block && badCFG) 2385 return 0; 2386 2387 // See if this is a known constant. 2388 const TryResult& KnownVal = tryEvaluateBool(C); 2389 2390 // Add the loop body entry as a successor to the condition. 2391 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2392 // Link up the condition block with the code that follows the loop. (the 2393 // false branch). 2394 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2395 2396 } while(false); 2397 2398 // Link up the loop-back block to the entry condition block. 2399 addSuccessor(TransitionBlock, EntryConditionBlock); 2400 2401 // There can be no more statements in the condition block since we loop back 2402 // to this block. NULL out Block to force lazy creation of another block. 2403 Block = NULL; 2404 2405 // Return the condition block, which is the dominating block for the loop. 2406 Succ = EntryConditionBlock; 2407 return EntryConditionBlock; 2408} 2409 2410 2411CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *S) { 2412 // FIXME: For now we pretend that @catch and the code it contains does not 2413 // exit. 2414 return Block; 2415} 2416 2417CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) { 2418 // FIXME: This isn't complete. We basically treat @throw like a return 2419 // statement. 2420 2421 // If we were in the middle of a block we stop processing that block. 2422 if (badCFG) 2423 return 0; 2424 2425 // Create the new block. 2426 Block = createBlock(false); 2427 2428 // The Exit block is the only successor. 2429 addSuccessor(Block, &cfg->getExit()); 2430 2431 // Add the statement to the block. This may create new blocks if S contains 2432 // control-flow (short-circuit operations). 2433 return VisitStmt(S, AddStmtChoice::AlwaysAdd); 2434} 2435 2436CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) { 2437 // If we were in the middle of a block we stop processing that block. 2438 if (badCFG) 2439 return 0; 2440 2441 // Create the new block. 2442 Block = createBlock(false); 2443 2444 if (TryTerminatedBlock) 2445 // The current try statement is the only successor. 2446 addSuccessor(Block, TryTerminatedBlock); 2447 else 2448 // otherwise the Exit block is the only successor. 2449 addSuccessor(Block, &cfg->getExit()); 2450 2451 // Add the statement to the block. This may create new blocks if S contains 2452 // control-flow (short-circuit operations). 2453 return VisitStmt(T, AddStmtChoice::AlwaysAdd); 2454} 2455 2456CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) { 2457 CFGBlock *LoopSuccessor = NULL; 2458 2459 // "do...while" is a control-flow statement. Thus we stop processing the 2460 // current block. 2461 if (Block) { 2462 if (badCFG) 2463 return 0; 2464 LoopSuccessor = Block; 2465 } else 2466 LoopSuccessor = Succ; 2467 2468 // Because of short-circuit evaluation, the condition of the loop can span 2469 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2470 // evaluate the condition. 2471 CFGBlock *ExitConditionBlock = createBlock(false); 2472 CFGBlock *EntryConditionBlock = ExitConditionBlock; 2473 2474 // Set the terminator for the "exit" condition block. 2475 ExitConditionBlock->setTerminator(D); 2476 2477 // Now add the actual condition to the condition block. Because the condition 2478 // itself may contain control-flow, new blocks may be created. 2479 if (Stmt *C = D->getCond()) { 2480 Block = ExitConditionBlock; 2481 EntryConditionBlock = addStmt(C); 2482 if (Block) { 2483 if (badCFG) 2484 return 0; 2485 } 2486 } 2487 2488 // The condition block is the implicit successor for the loop body. 2489 Succ = EntryConditionBlock; 2490 2491 // See if this is a known constant. 2492 const TryResult &KnownVal = tryEvaluateBool(D->getCond()); 2493 2494 // Process the loop body. 2495 CFGBlock *BodyBlock = NULL; 2496 { 2497 assert(D->getBody()); 2498 2499 // Save the current values for Block, Succ, and continue and break targets 2500 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2501 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2502 save_break(BreakJumpTarget); 2503 2504 // All continues within this loop should go to the condition block 2505 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos); 2506 2507 // All breaks should go to the code following the loop. 2508 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2509 2510 // NULL out Block to force lazy instantiation of blocks for the body. 2511 Block = NULL; 2512 2513 // If body is not a compound statement create implicit scope 2514 // and add destructors. 2515 if (!isa<CompoundStmt>(D->getBody())) 2516 addLocalScopeAndDtors(D->getBody()); 2517 2518 // Create the body. The returned block is the entry to the loop body. 2519 BodyBlock = addStmt(D->getBody()); 2520 2521 if (!BodyBlock) 2522 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)" 2523 else if (Block) { 2524 if (badCFG) 2525 return 0; 2526 } 2527 2528 if (!KnownVal.isFalse()) { 2529 // Add an intermediate block between the BodyBlock and the 2530 // ExitConditionBlock to represent the "loop back" transition. Create an 2531 // empty block to represent the transition block for looping back to the 2532 // head of the loop. 2533 // FIXME: Can we do this more efficiently without adding another block? 2534 Block = NULL; 2535 Succ = BodyBlock; 2536 CFGBlock *LoopBackBlock = createBlock(); 2537 LoopBackBlock->setLoopTarget(D); 2538 2539 // Add the loop body entry as a successor to the condition. 2540 addSuccessor(ExitConditionBlock, LoopBackBlock); 2541 } 2542 else 2543 addSuccessor(ExitConditionBlock, NULL); 2544 } 2545 2546 // Link up the condition block with the code that follows the loop. 2547 // (the false branch). 2548 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2549 2550 // There can be no more statements in the body block(s) since we loop back to 2551 // the body. NULL out Block to force lazy creation of another block. 2552 Block = NULL; 2553 2554 // Return the loop body, which is the dominating block for the loop. 2555 Succ = BodyBlock; 2556 return BodyBlock; 2557} 2558 2559CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) { 2560 // "continue" is a control-flow statement. Thus we stop processing the 2561 // current block. 2562 if (badCFG) 2563 return 0; 2564 2565 // Now create a new block that ends with the continue statement. 2566 Block = createBlock(false); 2567 Block->setTerminator(C); 2568 2569 // If there is no target for the continue, then we are looking at an 2570 // incomplete AST. This means the CFG cannot be constructed. 2571 if (ContinueJumpTarget.block) { 2572 addAutomaticObjDtors(ScopePos, ContinueJumpTarget.scopePosition, C); 2573 addSuccessor(Block, ContinueJumpTarget.block); 2574 } else 2575 badCFG = true; 2576 2577 return Block; 2578} 2579 2580CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 2581 AddStmtChoice asc) { 2582 2583 if (asc.alwaysAdd(*this, E)) { 2584 autoCreateBlock(); 2585 appendStmt(Block, E); 2586 } 2587 2588 // VLA types have expressions that must be evaluated. 2589 CFGBlock *lastBlock = Block; 2590 2591 if (E->isArgumentType()) { 2592 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr()); 2593 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) 2594 lastBlock = addStmt(VA->getSizeExpr()); 2595 } 2596 return lastBlock; 2597} 2598 2599/// VisitStmtExpr - Utility method to handle (nested) statement 2600/// expressions (a GCC extension). 2601CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) { 2602 if (asc.alwaysAdd(*this, SE)) { 2603 autoCreateBlock(); 2604 appendStmt(Block, SE); 2605 } 2606 return VisitCompoundStmt(SE->getSubStmt()); 2607} 2608 2609CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) { 2610 // "switch" is a control-flow statement. Thus we stop processing the current 2611 // block. 2612 CFGBlock *SwitchSuccessor = NULL; 2613 2614 // Save local scope position because in case of condition variable ScopePos 2615 // won't be restored when traversing AST. 2616 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2617 2618 // Create local scope for possible condition variable. 2619 // Store scope position. Add implicit destructor. 2620 if (VarDecl *VD = Terminator->getConditionVariable()) { 2621 LocalScope::const_iterator SwitchBeginScopePos = ScopePos; 2622 addLocalScopeForVarDecl(VD); 2623 addAutomaticObjDtors(ScopePos, SwitchBeginScopePos, Terminator); 2624 } 2625 2626 if (Block) { 2627 if (badCFG) 2628 return 0; 2629 SwitchSuccessor = Block; 2630 } else SwitchSuccessor = Succ; 2631 2632 // Save the current "switch" context. 2633 SaveAndRestore<CFGBlock*> save_switch(SwitchTerminatedBlock), 2634 save_default(DefaultCaseBlock); 2635 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2636 2637 // Set the "default" case to be the block after the switch statement. If the 2638 // switch statement contains a "default:", this value will be overwritten with 2639 // the block for that code. 2640 DefaultCaseBlock = SwitchSuccessor; 2641 2642 // Create a new block that will contain the switch statement. 2643 SwitchTerminatedBlock = createBlock(false); 2644 2645 // Now process the switch body. The code after the switch is the implicit 2646 // successor. 2647 Succ = SwitchSuccessor; 2648 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos); 2649 2650 // When visiting the body, the case statements should automatically get linked 2651 // up to the switch. We also don't keep a pointer to the body, since all 2652 // control-flow from the switch goes to case/default statements. 2653 assert(Terminator->getBody() && "switch must contain a non-NULL body"); 2654 Block = NULL; 2655 2656 // For pruning unreachable case statements, save the current state 2657 // for tracking the condition value. 2658 SaveAndRestore<bool> save_switchExclusivelyCovered(switchExclusivelyCovered, 2659 false); 2660 2661 // Determine if the switch condition can be explicitly evaluated. 2662 assert(Terminator->getCond() && "switch condition must be non-NULL"); 2663 Expr::EvalResult result; 2664 bool b = tryEvaluate(Terminator->getCond(), result); 2665 SaveAndRestore<Expr::EvalResult*> save_switchCond(switchCond, 2666 b ? &result : 0); 2667 2668 // If body is not a compound statement create implicit scope 2669 // and add destructors. 2670 if (!isa<CompoundStmt>(Terminator->getBody())) 2671 addLocalScopeAndDtors(Terminator->getBody()); 2672 2673 addStmt(Terminator->getBody()); 2674 if (Block) { 2675 if (badCFG) 2676 return 0; 2677 } 2678 2679 // If we have no "default:" case, the default transition is to the code 2680 // following the switch body. Moreover, take into account if all the 2681 // cases of a switch are covered (e.g., switching on an enum value). 2682 // 2683 // Note: We add a successor to a switch that is considered covered yet has no 2684 // case statements if the enumeration has no enumerators. 2685 bool SwitchAlwaysHasSuccessor = false; 2686 SwitchAlwaysHasSuccessor |= switchExclusivelyCovered; 2687 SwitchAlwaysHasSuccessor |= Terminator->isAllEnumCasesCovered() && 2688 Terminator->getSwitchCaseList(); 2689 addSuccessor(SwitchTerminatedBlock, 2690 SwitchAlwaysHasSuccessor ? 0 : DefaultCaseBlock); 2691 2692 // Add the terminator and condition in the switch block. 2693 SwitchTerminatedBlock->setTerminator(Terminator); 2694 Block = SwitchTerminatedBlock; 2695 CFGBlock *LastBlock = addStmt(Terminator->getCond()); 2696 2697 // Finally, if the SwitchStmt contains a condition variable, add both the 2698 // SwitchStmt and the condition variable initialization to the CFG. 2699 if (VarDecl *VD = Terminator->getConditionVariable()) { 2700 if (Expr *Init = VD->getInit()) { 2701 autoCreateBlock(); 2702 appendStmt(Block, Terminator->getConditionVariableDeclStmt()); 2703 LastBlock = addStmt(Init); 2704 } 2705 } 2706 2707 return LastBlock; 2708} 2709 2710static bool shouldAddCase(bool &switchExclusivelyCovered, 2711 const Expr::EvalResult *switchCond, 2712 const CaseStmt *CS, 2713 ASTContext &Ctx) { 2714 if (!switchCond) 2715 return true; 2716 2717 bool addCase = false; 2718 2719 if (!switchExclusivelyCovered) { 2720 if (switchCond->Val.isInt()) { 2721 // Evaluate the LHS of the case value. 2722 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx); 2723 const llvm::APSInt &condInt = switchCond->Val.getInt(); 2724 2725 if (condInt == lhsInt) { 2726 addCase = true; 2727 switchExclusivelyCovered = true; 2728 } 2729 else if (condInt < lhsInt) { 2730 if (const Expr *RHS = CS->getRHS()) { 2731 // Evaluate the RHS of the case value. 2732 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx); 2733 if (V2 <= condInt) { 2734 addCase = true; 2735 switchExclusivelyCovered = true; 2736 } 2737 } 2738 } 2739 } 2740 else 2741 addCase = true; 2742 } 2743 return addCase; 2744} 2745 2746CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) { 2747 // CaseStmts are essentially labels, so they are the first statement in a 2748 // block. 2749 CFGBlock *TopBlock = 0, *LastBlock = 0; 2750 2751 if (Stmt *Sub = CS->getSubStmt()) { 2752 // For deeply nested chains of CaseStmts, instead of doing a recursion 2753 // (which can blow out the stack), manually unroll and create blocks 2754 // along the way. 2755 while (isa<CaseStmt>(Sub)) { 2756 CFGBlock *currentBlock = createBlock(false); 2757 currentBlock->setLabel(CS); 2758 2759 if (TopBlock) 2760 addSuccessor(LastBlock, currentBlock); 2761 else 2762 TopBlock = currentBlock; 2763 2764 addSuccessor(SwitchTerminatedBlock, 2765 shouldAddCase(switchExclusivelyCovered, switchCond, 2766 CS, *Context) 2767 ? currentBlock : 0); 2768 2769 LastBlock = currentBlock; 2770 CS = cast<CaseStmt>(Sub); 2771 Sub = CS->getSubStmt(); 2772 } 2773 2774 addStmt(Sub); 2775 } 2776 2777 CFGBlock *CaseBlock = Block; 2778 if (!CaseBlock) 2779 CaseBlock = createBlock(); 2780 2781 // Cases statements partition blocks, so this is the top of the basic block we 2782 // were processing (the "case XXX:" is the label). 2783 CaseBlock->setLabel(CS); 2784 2785 if (badCFG) 2786 return 0; 2787 2788 // Add this block to the list of successors for the block with the switch 2789 // statement. 2790 assert(SwitchTerminatedBlock); 2791 addSuccessor(SwitchTerminatedBlock, 2792 shouldAddCase(switchExclusivelyCovered, switchCond, 2793 CS, *Context) 2794 ? CaseBlock : 0); 2795 2796 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2797 Block = NULL; 2798 2799 if (TopBlock) { 2800 addSuccessor(LastBlock, CaseBlock); 2801 Succ = TopBlock; 2802 } else { 2803 // This block is now the implicit successor of other blocks. 2804 Succ = CaseBlock; 2805 } 2806 2807 return Succ; 2808} 2809 2810CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) { 2811 if (Terminator->getSubStmt()) 2812 addStmt(Terminator->getSubStmt()); 2813 2814 DefaultCaseBlock = Block; 2815 2816 if (!DefaultCaseBlock) 2817 DefaultCaseBlock = createBlock(); 2818 2819 // Default statements partition blocks, so this is the top of the basic block 2820 // we were processing (the "default:" is the label). 2821 DefaultCaseBlock->setLabel(Terminator); 2822 2823 if (badCFG) 2824 return 0; 2825 2826 // Unlike case statements, we don't add the default block to the successors 2827 // for the switch statement immediately. This is done when we finish 2828 // processing the switch statement. This allows for the default case 2829 // (including a fall-through to the code after the switch statement) to always 2830 // be the last successor of a switch-terminated block. 2831 2832 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2833 Block = NULL; 2834 2835 // This block is now the implicit successor of other blocks. 2836 Succ = DefaultCaseBlock; 2837 2838 return DefaultCaseBlock; 2839} 2840 2841CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) { 2842 // "try"/"catch" is a control-flow statement. Thus we stop processing the 2843 // current block. 2844 CFGBlock *TrySuccessor = NULL; 2845 2846 if (Block) { 2847 if (badCFG) 2848 return 0; 2849 TrySuccessor = Block; 2850 } else TrySuccessor = Succ; 2851 2852 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock; 2853 2854 // Create a new block that will contain the try statement. 2855 CFGBlock *NewTryTerminatedBlock = createBlock(false); 2856 // Add the terminator in the try block. 2857 NewTryTerminatedBlock->setTerminator(Terminator); 2858 2859 bool HasCatchAll = false; 2860 for (unsigned h = 0; h <Terminator->getNumHandlers(); ++h) { 2861 // The code after the try is the implicit successor. 2862 Succ = TrySuccessor; 2863 CXXCatchStmt *CS = Terminator->getHandler(h); 2864 if (CS->getExceptionDecl() == 0) { 2865 HasCatchAll = true; 2866 } 2867 Block = NULL; 2868 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS); 2869 if (CatchBlock == 0) 2870 return 0; 2871 // Add this block to the list of successors for the block with the try 2872 // statement. 2873 addSuccessor(NewTryTerminatedBlock, CatchBlock); 2874 } 2875 if (!HasCatchAll) { 2876 if (PrevTryTerminatedBlock) 2877 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock); 2878 else 2879 addSuccessor(NewTryTerminatedBlock, &cfg->getExit()); 2880 } 2881 2882 // The code after the try is the implicit successor. 2883 Succ = TrySuccessor; 2884 2885 // Save the current "try" context. 2886 SaveAndRestore<CFGBlock*> save_try(TryTerminatedBlock, NewTryTerminatedBlock); 2887 cfg->addTryDispatchBlock(TryTerminatedBlock); 2888 2889 assert(Terminator->getTryBlock() && "try must contain a non-NULL body"); 2890 Block = NULL; 2891 return addStmt(Terminator->getTryBlock()); 2892} 2893 2894CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) { 2895 // CXXCatchStmt are treated like labels, so they are the first statement in a 2896 // block. 2897 2898 // Save local scope position because in case of exception variable ScopePos 2899 // won't be restored when traversing AST. 2900 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2901 2902 // Create local scope for possible exception variable. 2903 // Store scope position. Add implicit destructor. 2904 if (VarDecl *VD = CS->getExceptionDecl()) { 2905 LocalScope::const_iterator BeginScopePos = ScopePos; 2906 addLocalScopeForVarDecl(VD); 2907 addAutomaticObjDtors(ScopePos, BeginScopePos, CS); 2908 } 2909 2910 if (CS->getHandlerBlock()) 2911 addStmt(CS->getHandlerBlock()); 2912 2913 CFGBlock *CatchBlock = Block; 2914 if (!CatchBlock) 2915 CatchBlock = createBlock(); 2916 2917 // CXXCatchStmt is more than just a label. They have semantic meaning 2918 // as well, as they implicitly "initialize" the catch variable. Add 2919 // it to the CFG as a CFGElement so that the control-flow of these 2920 // semantics gets captured. 2921 appendStmt(CatchBlock, CS); 2922 2923 // Also add the CXXCatchStmt as a label, to mirror handling of regular 2924 // labels. 2925 CatchBlock->setLabel(CS); 2926 2927 // Bail out if the CFG is bad. 2928 if (badCFG) 2929 return 0; 2930 2931 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2932 Block = NULL; 2933 2934 return CatchBlock; 2935} 2936 2937CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) { 2938 // C++0x for-range statements are specified as [stmt.ranged]: 2939 // 2940 // { 2941 // auto && __range = range-init; 2942 // for ( auto __begin = begin-expr, 2943 // __end = end-expr; 2944 // __begin != __end; 2945 // ++__begin ) { 2946 // for-range-declaration = *__begin; 2947 // statement 2948 // } 2949 // } 2950 2951 // Save local scope position before the addition of the implicit variables. 2952 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2953 2954 // Create local scopes and destructors for range, begin and end variables. 2955 if (Stmt *Range = S->getRangeStmt()) 2956 addLocalScopeForStmt(Range); 2957 if (Stmt *BeginEnd = S->getBeginEndStmt()) 2958 addLocalScopeForStmt(BeginEnd); 2959 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), S); 2960 2961 LocalScope::const_iterator ContinueScopePos = ScopePos; 2962 2963 // "for" is a control-flow statement. Thus we stop processing the current 2964 // block. 2965 CFGBlock *LoopSuccessor = NULL; 2966 if (Block) { 2967 if (badCFG) 2968 return 0; 2969 LoopSuccessor = Block; 2970 } else 2971 LoopSuccessor = Succ; 2972 2973 // Save the current value for the break targets. 2974 // All breaks should go to the code following the loop. 2975 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2976 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2977 2978 // The block for the __begin != __end expression. 2979 CFGBlock *ConditionBlock = createBlock(false); 2980 ConditionBlock->setTerminator(S); 2981 2982 // Now add the actual condition to the condition block. 2983 if (Expr *C = S->getCond()) { 2984 Block = ConditionBlock; 2985 CFGBlock *BeginConditionBlock = addStmt(C); 2986 if (badCFG) 2987 return 0; 2988 assert(BeginConditionBlock == ConditionBlock && 2989 "condition block in for-range was unexpectedly complex"); 2990 (void)BeginConditionBlock; 2991 } 2992 2993 // The condition block is the implicit successor for the loop body as well as 2994 // any code above the loop. 2995 Succ = ConditionBlock; 2996 2997 // See if this is a known constant. 2998 TryResult KnownVal(true); 2999 3000 if (S->getCond()) 3001 KnownVal = tryEvaluateBool(S->getCond()); 3002 3003 // Now create the loop body. 3004 { 3005 assert(S->getBody()); 3006 3007 // Save the current values for Block, Succ, and continue targets. 3008 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 3009 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 3010 3011 // Generate increment code in its own basic block. This is the target of 3012 // continue statements. 3013 Block = 0; 3014 Succ = addStmt(S->getInc()); 3015 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 3016 3017 // The starting block for the loop increment is the block that should 3018 // represent the 'loop target' for looping back to the start of the loop. 3019 ContinueJumpTarget.block->setLoopTarget(S); 3020 3021 // Finish up the increment block and prepare to start the loop body. 3022 assert(Block); 3023 if (badCFG) 3024 return 0; 3025 Block = 0; 3026 3027 3028 // Add implicit scope and dtors for loop variable. 3029 addLocalScopeAndDtors(S->getLoopVarStmt()); 3030 3031 // Populate a new block to contain the loop body and loop variable. 3032 addStmt(S->getBody()); 3033 if (badCFG) 3034 return 0; 3035 CFGBlock *LoopVarStmtBlock = addStmt(S->getLoopVarStmt()); 3036 if (badCFG) 3037 return 0; 3038 3039 // This new body block is a successor to our condition block. 3040 addSuccessor(ConditionBlock, KnownVal.isFalse() ? 0 : LoopVarStmtBlock); 3041 } 3042 3043 // Link up the condition block with the code that follows the loop (the 3044 // false branch). 3045 addSuccessor(ConditionBlock, KnownVal.isTrue() ? 0 : LoopSuccessor); 3046 3047 // Add the initialization statements. 3048 Block = createBlock(); 3049 addStmt(S->getBeginEndStmt()); 3050 return addStmt(S->getRangeStmt()); 3051} 3052 3053CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E, 3054 AddStmtChoice asc) { 3055 if (BuildOpts.AddTemporaryDtors) { 3056 // If adding implicit destructors visit the full expression for adding 3057 // destructors of temporaries. 3058 VisitForTemporaryDtors(E->getSubExpr()); 3059 3060 // Full expression has to be added as CFGStmt so it will be sequenced 3061 // before destructors of it's temporaries. 3062 asc = asc.withAlwaysAdd(true); 3063 } 3064 return Visit(E->getSubExpr(), asc); 3065} 3066 3067CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 3068 AddStmtChoice asc) { 3069 if (asc.alwaysAdd(*this, E)) { 3070 autoCreateBlock(); 3071 appendStmt(Block, E); 3072 3073 // We do not want to propagate the AlwaysAdd property. 3074 asc = asc.withAlwaysAdd(false); 3075 } 3076 return Visit(E->getSubExpr(), asc); 3077} 3078 3079CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C, 3080 AddStmtChoice asc) { 3081 autoCreateBlock(); 3082 appendStmt(Block, C); 3083 3084 return VisitChildren(C); 3085} 3086 3087CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 3088 AddStmtChoice asc) { 3089 if (asc.alwaysAdd(*this, E)) { 3090 autoCreateBlock(); 3091 appendStmt(Block, E); 3092 // We do not want to propagate the AlwaysAdd property. 3093 asc = asc.withAlwaysAdd(false); 3094 } 3095 return Visit(E->getSubExpr(), asc); 3096} 3097 3098CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 3099 AddStmtChoice asc) { 3100 autoCreateBlock(); 3101 appendStmt(Block, C); 3102 return VisitChildren(C); 3103} 3104 3105CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E, 3106 AddStmtChoice asc) { 3107 if (asc.alwaysAdd(*this, E)) { 3108 autoCreateBlock(); 3109 appendStmt(Block, E); 3110 } 3111 return Visit(E->getSubExpr(), AddStmtChoice()); 3112} 3113 3114CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3115 // Lazily create the indirect-goto dispatch block if there isn't one already. 3116 CFGBlock *IBlock = cfg->getIndirectGotoBlock(); 3117 3118 if (!IBlock) { 3119 IBlock = createBlock(false); 3120 cfg->setIndirectGotoBlock(IBlock); 3121 } 3122 3123 // IndirectGoto is a control-flow statement. Thus we stop processing the 3124 // current block and create a new one. 3125 if (badCFG) 3126 return 0; 3127 3128 Block = createBlock(false); 3129 Block->setTerminator(I); 3130 addSuccessor(Block, IBlock); 3131 return addStmt(I->getTarget()); 3132} 3133 3134CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary) { 3135 assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors); 3136 3137tryAgain: 3138 if (!E) { 3139 badCFG = true; 3140 return NULL; 3141 } 3142 switch (E->getStmtClass()) { 3143 default: 3144 return VisitChildrenForTemporaryDtors(E); 3145 3146 case Stmt::BinaryOperatorClass: 3147 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E)); 3148 3149 case Stmt::CXXBindTemporaryExprClass: 3150 return VisitCXXBindTemporaryExprForTemporaryDtors( 3151 cast<CXXBindTemporaryExpr>(E), BindToTemporary); 3152 3153 case Stmt::BinaryConditionalOperatorClass: 3154 case Stmt::ConditionalOperatorClass: 3155 return VisitConditionalOperatorForTemporaryDtors( 3156 cast<AbstractConditionalOperator>(E), BindToTemporary); 3157 3158 case Stmt::ImplicitCastExprClass: 3159 // For implicit cast we want BindToTemporary to be passed further. 3160 E = cast<CastExpr>(E)->getSubExpr(); 3161 goto tryAgain; 3162 3163 case Stmt::ParenExprClass: 3164 E = cast<ParenExpr>(E)->getSubExpr(); 3165 goto tryAgain; 3166 3167 case Stmt::MaterializeTemporaryExprClass: 3168 E = cast<MaterializeTemporaryExpr>(E)->GetTemporaryExpr(); 3169 goto tryAgain; 3170 } 3171} 3172 3173CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E) { 3174 // When visiting children for destructors we want to visit them in reverse 3175 // order that they will appear in the CFG. Because the CFG is built 3176 // bottom-up, this means we visit them in their natural order, which 3177 // reverses them in the CFG. 3178 CFGBlock *B = Block; 3179 for (Stmt::child_range I = E->children(); I; ++I) { 3180 if (Stmt *Child = *I) 3181 if (CFGBlock *R = VisitForTemporaryDtors(Child)) 3182 B = R; 3183 } 3184 return B; 3185} 3186 3187CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E) { 3188 if (E->isLogicalOp()) { 3189 // Destructors for temporaries in LHS expression should be called after 3190 // those for RHS expression. Even if this will unnecessarily create a block, 3191 // this block will be used at least by the full expression. 3192 autoCreateBlock(); 3193 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getLHS()); 3194 if (badCFG) 3195 return NULL; 3196 3197 Succ = ConfluenceBlock; 3198 Block = NULL; 3199 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3200 3201 if (RHSBlock) { 3202 if (badCFG) 3203 return NULL; 3204 3205 // If RHS expression did produce destructors we need to connect created 3206 // blocks to CFG in same manner as for binary operator itself. 3207 CFGBlock *LHSBlock = createBlock(false); 3208 LHSBlock->setTerminator(CFGTerminator(E, true)); 3209 3210 // For binary operator LHS block is before RHS in list of predecessors 3211 // of ConfluenceBlock. 3212 std::reverse(ConfluenceBlock->pred_begin(), 3213 ConfluenceBlock->pred_end()); 3214 3215 // See if this is a known constant. 3216 TryResult KnownVal = tryEvaluateBool(E->getLHS()); 3217 if (KnownVal.isKnown() && (E->getOpcode() == BO_LOr)) 3218 KnownVal.negate(); 3219 3220 // Link LHSBlock with RHSBlock exactly the same way as for binary operator 3221 // itself. 3222 if (E->getOpcode() == BO_LOr) { 3223 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3224 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3225 } else { 3226 assert (E->getOpcode() == BO_LAnd); 3227 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3228 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3229 } 3230 3231 Block = LHSBlock; 3232 return LHSBlock; 3233 } 3234 3235 Block = ConfluenceBlock; 3236 return ConfluenceBlock; 3237 } 3238 3239 if (E->isAssignmentOp()) { 3240 // For assignment operator (=) LHS expression is visited 3241 // before RHS expression. For destructors visit them in reverse order. 3242 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3243 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3244 return LHSBlock ? LHSBlock : RHSBlock; 3245 } 3246 3247 // For any other binary operator RHS expression is visited before 3248 // LHS expression (order of children). For destructors visit them in reverse 3249 // order. 3250 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3251 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3252 return RHSBlock ? RHSBlock : LHSBlock; 3253} 3254 3255CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors( 3256 CXXBindTemporaryExpr *E, bool BindToTemporary) { 3257 // First add destructors for temporaries in subexpression. 3258 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr()); 3259 if (!BindToTemporary) { 3260 // If lifetime of temporary is not prolonged (by assigning to constant 3261 // reference) add destructor for it. 3262 3263 // If the destructor is marked as a no-return destructor, we need to create 3264 // a new block for the destructor which does not have as a successor 3265 // anything built thus far. Control won't flow out of this block. 3266 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor(); 3267 if (Dtor->isNoReturn()) 3268 Block = createNoReturnBlock(); 3269 else 3270 autoCreateBlock(); 3271 3272 appendTemporaryDtor(Block, E); 3273 B = Block; 3274 } 3275 return B; 3276} 3277 3278CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors( 3279 AbstractConditionalOperator *E, bool BindToTemporary) { 3280 // First add destructors for condition expression. Even if this will 3281 // unnecessarily create a block, this block will be used at least by the full 3282 // expression. 3283 autoCreateBlock(); 3284 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getCond()); 3285 if (badCFG) 3286 return NULL; 3287 if (BinaryConditionalOperator *BCO 3288 = dyn_cast<BinaryConditionalOperator>(E)) { 3289 ConfluenceBlock = VisitForTemporaryDtors(BCO->getCommon()); 3290 if (badCFG) 3291 return NULL; 3292 } 3293 3294 // Try to add block with destructors for LHS expression. 3295 CFGBlock *LHSBlock = NULL; 3296 Succ = ConfluenceBlock; 3297 Block = NULL; 3298 LHSBlock = VisitForTemporaryDtors(E->getTrueExpr(), BindToTemporary); 3299 if (badCFG) 3300 return NULL; 3301 3302 // Try to add block with destructors for RHS expression; 3303 Succ = ConfluenceBlock; 3304 Block = NULL; 3305 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getFalseExpr(), 3306 BindToTemporary); 3307 if (badCFG) 3308 return NULL; 3309 3310 if (!RHSBlock && !LHSBlock) { 3311 // If neither LHS nor RHS expression had temporaries to destroy don't create 3312 // more blocks. 3313 Block = ConfluenceBlock; 3314 return Block; 3315 } 3316 3317 Block = createBlock(false); 3318 Block->setTerminator(CFGTerminator(E, true)); 3319 3320 // See if this is a known constant. 3321 const TryResult &KnownVal = tryEvaluateBool(E->getCond()); 3322 3323 if (LHSBlock) { 3324 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 3325 } else if (KnownVal.isFalse()) { 3326 addSuccessor(Block, NULL); 3327 } else { 3328 addSuccessor(Block, ConfluenceBlock); 3329 std::reverse(ConfluenceBlock->pred_begin(), ConfluenceBlock->pred_end()); 3330 } 3331 3332 if (!RHSBlock) 3333 RHSBlock = ConfluenceBlock; 3334 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 3335 3336 return Block; 3337} 3338 3339} // end anonymous namespace 3340 3341/// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has 3342/// no successors or predecessors. If this is the first block created in the 3343/// CFG, it is automatically set to be the Entry and Exit of the CFG. 3344CFGBlock *CFG::createBlock() { 3345 bool first_block = begin() == end(); 3346 3347 // Create the block. 3348 CFGBlock *Mem = getAllocator().Allocate<CFGBlock>(); 3349 new (Mem) CFGBlock(NumBlockIDs++, BlkBVC, this); 3350 Blocks.push_back(Mem, BlkBVC); 3351 3352 // If this is the first block, set it as the Entry and Exit. 3353 if (first_block) 3354 Entry = Exit = &back(); 3355 3356 // Return the block. 3357 return &back(); 3358} 3359 3360/// buildCFG - Constructs a CFG from an AST. Ownership of the returned 3361/// CFG is returned to the caller. 3362CFG* CFG::buildCFG(const Decl *D, Stmt *Statement, ASTContext *C, 3363 const BuildOptions &BO) { 3364 CFGBuilder Builder(C, BO); 3365 return Builder.buildCFG(D, Statement); 3366} 3367 3368const CXXDestructorDecl * 3369CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const { 3370 switch (getKind()) { 3371 case CFGElement::Statement: 3372 case CFGElement::Initializer: 3373 llvm_unreachable("getDestructorDecl should only be used with " 3374 "ImplicitDtors"); 3375 case CFGElement::AutomaticObjectDtor: { 3376 const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl(); 3377 QualType ty = var->getType(); 3378 ty = ty.getNonReferenceType(); 3379 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) { 3380 ty = arrayType->getElementType(); 3381 } 3382 const RecordType *recordType = ty->getAs<RecordType>(); 3383 const CXXRecordDecl *classDecl = 3384 cast<CXXRecordDecl>(recordType->getDecl()); 3385 return classDecl->getDestructor(); 3386 } 3387 case CFGElement::TemporaryDtor: { 3388 const CXXBindTemporaryExpr *bindExpr = 3389 castAs<CFGTemporaryDtor>().getBindTemporaryExpr(); 3390 const CXXTemporary *temp = bindExpr->getTemporary(); 3391 return temp->getDestructor(); 3392 } 3393 case CFGElement::BaseDtor: 3394 case CFGElement::MemberDtor: 3395 3396 // Not yet supported. 3397 return 0; 3398 } 3399 llvm_unreachable("getKind() returned bogus value"); 3400} 3401 3402bool CFGImplicitDtor::isNoReturn(ASTContext &astContext) const { 3403 if (const CXXDestructorDecl *DD = getDestructorDecl(astContext)) 3404 return DD->isNoReturn(); 3405 return false; 3406} 3407 3408//===----------------------------------------------------------------------===// 3409// Filtered walking of the CFG. 3410//===----------------------------------------------------------------------===// 3411 3412bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F, 3413 const CFGBlock *From, const CFGBlock *To) { 3414 3415 if (To && F.IgnoreDefaultsWithCoveredEnums) { 3416 // If the 'To' has no label or is labeled but the label isn't a 3417 // CaseStmt then filter this edge. 3418 if (const SwitchStmt *S = 3419 dyn_cast_or_null<SwitchStmt>(From->getTerminator().getStmt())) { 3420 if (S->isAllEnumCasesCovered()) { 3421 const Stmt *L = To->getLabel(); 3422 if (!L || !isa<CaseStmt>(L)) 3423 return true; 3424 } 3425 } 3426 } 3427 3428 return false; 3429} 3430 3431//===----------------------------------------------------------------------===// 3432// CFG pretty printing 3433//===----------------------------------------------------------------------===// 3434 3435namespace { 3436 3437class StmtPrinterHelper : public PrinterHelper { 3438 typedef llvm::DenseMap<const Stmt*,std::pair<unsigned,unsigned> > StmtMapTy; 3439 typedef llvm::DenseMap<const Decl*,std::pair<unsigned,unsigned> > DeclMapTy; 3440 StmtMapTy StmtMap; 3441 DeclMapTy DeclMap; 3442 signed currentBlock; 3443 unsigned currStmt; 3444 const LangOptions &LangOpts; 3445public: 3446 3447 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO) 3448 : currentBlock(0), currStmt(0), LangOpts(LO) 3449 { 3450 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) { 3451 unsigned j = 1; 3452 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ; 3453 BI != BEnd; ++BI, ++j ) { 3454 if (Optional<CFGStmt> SE = BI->getAs<CFGStmt>()) { 3455 const Stmt *stmt= SE->getStmt(); 3456 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j); 3457 StmtMap[stmt] = P; 3458 3459 switch (stmt->getStmtClass()) { 3460 case Stmt::DeclStmtClass: 3461 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P; 3462 break; 3463 case Stmt::IfStmtClass: { 3464 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable(); 3465 if (var) 3466 DeclMap[var] = P; 3467 break; 3468 } 3469 case Stmt::ForStmtClass: { 3470 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable(); 3471 if (var) 3472 DeclMap[var] = P; 3473 break; 3474 } 3475 case Stmt::WhileStmtClass: { 3476 const VarDecl *var = 3477 cast<WhileStmt>(stmt)->getConditionVariable(); 3478 if (var) 3479 DeclMap[var] = P; 3480 break; 3481 } 3482 case Stmt::SwitchStmtClass: { 3483 const VarDecl *var = 3484 cast<SwitchStmt>(stmt)->getConditionVariable(); 3485 if (var) 3486 DeclMap[var] = P; 3487 break; 3488 } 3489 case Stmt::CXXCatchStmtClass: { 3490 const VarDecl *var = 3491 cast<CXXCatchStmt>(stmt)->getExceptionDecl(); 3492 if (var) 3493 DeclMap[var] = P; 3494 break; 3495 } 3496 default: 3497 break; 3498 } 3499 } 3500 } 3501 } 3502 } 3503 3504 3505 virtual ~StmtPrinterHelper() {} 3506 3507 const LangOptions &getLangOpts() const { return LangOpts; } 3508 void setBlockID(signed i) { currentBlock = i; } 3509 void setStmtID(unsigned i) { currStmt = i; } 3510 3511 virtual bool handledStmt(Stmt *S, raw_ostream &OS) { 3512 StmtMapTy::iterator I = StmtMap.find(S); 3513 3514 if (I == StmtMap.end()) 3515 return false; 3516 3517 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3518 && I->second.second == currStmt) { 3519 return false; 3520 } 3521 3522 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3523 return true; 3524 } 3525 3526 bool handleDecl(const Decl *D, raw_ostream &OS) { 3527 DeclMapTy::iterator I = DeclMap.find(D); 3528 3529 if (I == DeclMap.end()) 3530 return false; 3531 3532 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3533 && I->second.second == currStmt) { 3534 return false; 3535 } 3536 3537 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3538 return true; 3539 } 3540}; 3541} // end anonymous namespace 3542 3543 3544namespace { 3545class CFGBlockTerminatorPrint 3546 : public StmtVisitor<CFGBlockTerminatorPrint,void> { 3547 3548 raw_ostream &OS; 3549 StmtPrinterHelper* Helper; 3550 PrintingPolicy Policy; 3551public: 3552 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper, 3553 const PrintingPolicy &Policy) 3554 : OS(os), Helper(helper), Policy(Policy) {} 3555 3556 void VisitIfStmt(IfStmt *I) { 3557 OS << "if "; 3558 I->getCond()->printPretty(OS,Helper,Policy); 3559 } 3560 3561 // Default case. 3562 void VisitStmt(Stmt *Terminator) { 3563 Terminator->printPretty(OS, Helper, Policy); 3564 } 3565 3566 void VisitDeclStmt(DeclStmt *DS) { 3567 VarDecl *VD = cast<VarDecl>(DS->getSingleDecl()); 3568 OS << "static init " << VD->getName(); 3569 } 3570 3571 void VisitForStmt(ForStmt *F) { 3572 OS << "for (" ; 3573 if (F->getInit()) 3574 OS << "..."; 3575 OS << "; "; 3576 if (Stmt *C = F->getCond()) 3577 C->printPretty(OS, Helper, Policy); 3578 OS << "; "; 3579 if (F->getInc()) 3580 OS << "..."; 3581 OS << ")"; 3582 } 3583 3584 void VisitWhileStmt(WhileStmt *W) { 3585 OS << "while " ; 3586 if (Stmt *C = W->getCond()) 3587 C->printPretty(OS, Helper, Policy); 3588 } 3589 3590 void VisitDoStmt(DoStmt *D) { 3591 OS << "do ... while "; 3592 if (Stmt *C = D->getCond()) 3593 C->printPretty(OS, Helper, Policy); 3594 } 3595 3596 void VisitSwitchStmt(SwitchStmt *Terminator) { 3597 OS << "switch "; 3598 Terminator->getCond()->printPretty(OS, Helper, Policy); 3599 } 3600 3601 void VisitCXXTryStmt(CXXTryStmt *CS) { 3602 OS << "try ..."; 3603 } 3604 3605 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) { 3606 C->getCond()->printPretty(OS, Helper, Policy); 3607 OS << " ? ... : ..."; 3608 } 3609 3610 void VisitChooseExpr(ChooseExpr *C) { 3611 OS << "__builtin_choose_expr( "; 3612 C->getCond()->printPretty(OS, Helper, Policy); 3613 OS << " )"; 3614 } 3615 3616 void VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3617 OS << "goto *"; 3618 I->getTarget()->printPretty(OS, Helper, Policy); 3619 } 3620 3621 void VisitBinaryOperator(BinaryOperator* B) { 3622 if (!B->isLogicalOp()) { 3623 VisitExpr(B); 3624 return; 3625 } 3626 3627 B->getLHS()->printPretty(OS, Helper, Policy); 3628 3629 switch (B->getOpcode()) { 3630 case BO_LOr: 3631 OS << " || ..."; 3632 return; 3633 case BO_LAnd: 3634 OS << " && ..."; 3635 return; 3636 default: 3637 llvm_unreachable("Invalid logical operator."); 3638 } 3639 } 3640 3641 void VisitExpr(Expr *E) { 3642 E->printPretty(OS, Helper, Policy); 3643 } 3644}; 3645} // end anonymous namespace 3646 3647static void print_elem(raw_ostream &OS, StmtPrinterHelper* Helper, 3648 const CFGElement &E) { 3649 if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) { 3650 const Stmt *S = CS->getStmt(); 3651 3652 if (Helper) { 3653 3654 // special printing for statement-expressions. 3655 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) { 3656 const CompoundStmt *Sub = SE->getSubStmt(); 3657 3658 if (Sub->children()) { 3659 OS << "({ ... ; "; 3660 Helper->handledStmt(*SE->getSubStmt()->body_rbegin(),OS); 3661 OS << " })\n"; 3662 return; 3663 } 3664 } 3665 // special printing for comma expressions. 3666 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) { 3667 if (B->getOpcode() == BO_Comma) { 3668 OS << "... , "; 3669 Helper->handledStmt(B->getRHS(),OS); 3670 OS << '\n'; 3671 return; 3672 } 3673 } 3674 } 3675 S->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts())); 3676 3677 if (isa<CXXOperatorCallExpr>(S)) { 3678 OS << " (OperatorCall)"; 3679 } 3680 else if (isa<CXXBindTemporaryExpr>(S)) { 3681 OS << " (BindTemporary)"; 3682 } 3683 else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) { 3684 OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")"; 3685 } 3686 else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) { 3687 OS << " (" << CE->getStmtClassName() << ", " 3688 << CE->getCastKindName() 3689 << ", " << CE->getType().getAsString() 3690 << ")"; 3691 } 3692 3693 // Expressions need a newline. 3694 if (isa<Expr>(S)) 3695 OS << '\n'; 3696 3697 } else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) { 3698 const CXXCtorInitializer *I = IE->getInitializer(); 3699 if (I->isBaseInitializer()) 3700 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName(); 3701 else OS << I->getAnyMember()->getName(); 3702 3703 OS << "("; 3704 if (Expr *IE = I->getInit()) 3705 IE->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts())); 3706 OS << ")"; 3707 3708 if (I->isBaseInitializer()) 3709 OS << " (Base initializer)\n"; 3710 else OS << " (Member initializer)\n"; 3711 3712 } else if (Optional<CFGAutomaticObjDtor> DE = 3713 E.getAs<CFGAutomaticObjDtor>()) { 3714 const VarDecl *VD = DE->getVarDecl(); 3715 Helper->handleDecl(VD, OS); 3716 3717 const Type* T = VD->getType().getTypePtr(); 3718 if (const ReferenceType* RT = T->getAs<ReferenceType>()) 3719 T = RT->getPointeeType().getTypePtr(); 3720 T = T->getBaseElementTypeUnsafe(); 3721 3722 OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()"; 3723 OS << " (Implicit destructor)\n"; 3724 3725 } else if (Optional<CFGBaseDtor> BE = E.getAs<CFGBaseDtor>()) { 3726 const CXXBaseSpecifier *BS = BE->getBaseSpecifier(); 3727 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()"; 3728 OS << " (Base object destructor)\n"; 3729 3730 } else if (Optional<CFGMemberDtor> ME = E.getAs<CFGMemberDtor>()) { 3731 const FieldDecl *FD = ME->getFieldDecl(); 3732 const Type *T = FD->getType()->getBaseElementTypeUnsafe(); 3733 OS << "this->" << FD->getName(); 3734 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()"; 3735 OS << " (Member object destructor)\n"; 3736 3737 } else if (Optional<CFGTemporaryDtor> TE = E.getAs<CFGTemporaryDtor>()) { 3738 const CXXBindTemporaryExpr *BT = TE->getBindTemporaryExpr(); 3739 OS << "~" << BT->getType()->getAsCXXRecordDecl()->getName() << "()"; 3740 OS << " (Temporary object destructor)\n"; 3741 } 3742} 3743 3744static void print_block(raw_ostream &OS, const CFG* cfg, 3745 const CFGBlock &B, 3746 StmtPrinterHelper* Helper, bool print_edges, 3747 bool ShowColors) { 3748 3749 if (Helper) 3750 Helper->setBlockID(B.getBlockID()); 3751 3752 // Print the header. 3753 if (ShowColors) 3754 OS.changeColor(raw_ostream::YELLOW, true); 3755 3756 OS << "\n [B" << B.getBlockID(); 3757 3758 if (&B == &cfg->getEntry()) 3759 OS << " (ENTRY)]\n"; 3760 else if (&B == &cfg->getExit()) 3761 OS << " (EXIT)]\n"; 3762 else if (&B == cfg->getIndirectGotoBlock()) 3763 OS << " (INDIRECT GOTO DISPATCH)]\n"; 3764 else 3765 OS << "]\n"; 3766 3767 if (ShowColors) 3768 OS.resetColor(); 3769 3770 // Print the label of this block. 3771 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) { 3772 3773 if (print_edges) 3774 OS << " "; 3775 3776 if (LabelStmt *L = dyn_cast<LabelStmt>(Label)) 3777 OS << L->getName(); 3778 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) { 3779 OS << "case "; 3780 C->getLHS()->printPretty(OS, Helper, 3781 PrintingPolicy(Helper->getLangOpts())); 3782 if (C->getRHS()) { 3783 OS << " ... "; 3784 C->getRHS()->printPretty(OS, Helper, 3785 PrintingPolicy(Helper->getLangOpts())); 3786 } 3787 } else if (isa<DefaultStmt>(Label)) 3788 OS << "default"; 3789 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) { 3790 OS << "catch ("; 3791 if (CS->getExceptionDecl()) 3792 CS->getExceptionDecl()->print(OS, PrintingPolicy(Helper->getLangOpts()), 3793 0); 3794 else 3795 OS << "..."; 3796 OS << ")"; 3797 3798 } else 3799 llvm_unreachable("Invalid label statement in CFGBlock."); 3800 3801 OS << ":\n"; 3802 } 3803 3804 // Iterate through the statements in the block and print them. 3805 unsigned j = 1; 3806 3807 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ; 3808 I != E ; ++I, ++j ) { 3809 3810 // Print the statement # in the basic block and the statement itself. 3811 if (print_edges) 3812 OS << " "; 3813 3814 OS << llvm::format("%3d", j) << ": "; 3815 3816 if (Helper) 3817 Helper->setStmtID(j); 3818 3819 print_elem(OS, Helper, *I); 3820 } 3821 3822 // Print the terminator of this block. 3823 if (B.getTerminator()) { 3824 if (ShowColors) 3825 OS.changeColor(raw_ostream::GREEN); 3826 3827 OS << " T: "; 3828 3829 if (Helper) Helper->setBlockID(-1); 3830 3831 PrintingPolicy PP(Helper ? Helper->getLangOpts() : LangOptions()); 3832 CFGBlockTerminatorPrint TPrinter(OS, Helper, PP); 3833 TPrinter.Visit(const_cast<Stmt*>(B.getTerminator().getStmt())); 3834 OS << '\n'; 3835 3836 if (ShowColors) 3837 OS.resetColor(); 3838 } 3839 3840 if (print_edges) { 3841 // Print the predecessors of this block. 3842 if (!B.pred_empty()) { 3843 const raw_ostream::Colors Color = raw_ostream::BLUE; 3844 if (ShowColors) 3845 OS.changeColor(Color); 3846 OS << " Preds " ; 3847 if (ShowColors) 3848 OS.resetColor(); 3849 OS << '(' << B.pred_size() << "):"; 3850 unsigned i = 0; 3851 3852 if (ShowColors) 3853 OS.changeColor(Color); 3854 3855 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end(); 3856 I != E; ++I, ++i) { 3857 3858 if (i % 10 == 8) 3859 OS << "\n "; 3860 3861 OS << " B" << (*I)->getBlockID(); 3862 } 3863 3864 if (ShowColors) 3865 OS.resetColor(); 3866 3867 OS << '\n'; 3868 } 3869 3870 // Print the successors of this block. 3871 if (!B.succ_empty()) { 3872 const raw_ostream::Colors Color = raw_ostream::MAGENTA; 3873 if (ShowColors) 3874 OS.changeColor(Color); 3875 OS << " Succs "; 3876 if (ShowColors) 3877 OS.resetColor(); 3878 OS << '(' << B.succ_size() << "):"; 3879 unsigned i = 0; 3880 3881 if (ShowColors) 3882 OS.changeColor(Color); 3883 3884 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end(); 3885 I != E; ++I, ++i) { 3886 3887 if (i % 10 == 8) 3888 OS << "\n "; 3889 3890 if (*I) 3891 OS << " B" << (*I)->getBlockID(); 3892 else 3893 OS << " NULL"; 3894 } 3895 3896 if (ShowColors) 3897 OS.resetColor(); 3898 OS << '\n'; 3899 } 3900 } 3901} 3902 3903 3904/// dump - A simple pretty printer of a CFG that outputs to stderr. 3905void CFG::dump(const LangOptions &LO, bool ShowColors) const { 3906 print(llvm::errs(), LO, ShowColors); 3907} 3908 3909/// print - A simple pretty printer of a CFG that outputs to an ostream. 3910void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const { 3911 StmtPrinterHelper Helper(this, LO); 3912 3913 // Print the entry block. 3914 print_block(OS, this, getEntry(), &Helper, true, ShowColors); 3915 3916 // Iterate through the CFGBlocks and print them one by one. 3917 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) { 3918 // Skip the entry block, because we already printed it. 3919 if (&(**I) == &getEntry() || &(**I) == &getExit()) 3920 continue; 3921 3922 print_block(OS, this, **I, &Helper, true, ShowColors); 3923 } 3924 3925 // Print the exit block. 3926 print_block(OS, this, getExit(), &Helper, true, ShowColors); 3927 OS << '\n'; 3928 OS.flush(); 3929} 3930 3931/// dump - A simply pretty printer of a CFGBlock that outputs to stderr. 3932void CFGBlock::dump(const CFG* cfg, const LangOptions &LO, 3933 bool ShowColors) const { 3934 print(llvm::errs(), cfg, LO, ShowColors); 3935} 3936 3937/// print - A simple pretty printer of a CFGBlock that outputs to an ostream. 3938/// Generally this will only be called from CFG::print. 3939void CFGBlock::print(raw_ostream &OS, const CFG* cfg, 3940 const LangOptions &LO, bool ShowColors) const { 3941 StmtPrinterHelper Helper(cfg, LO); 3942 print_block(OS, cfg, *this, &Helper, true, ShowColors); 3943 OS << '\n'; 3944} 3945 3946/// printTerminator - A simple pretty printer of the terminator of a CFGBlock. 3947void CFGBlock::printTerminator(raw_ostream &OS, 3948 const LangOptions &LO) const { 3949 CFGBlockTerminatorPrint TPrinter(OS, NULL, PrintingPolicy(LO)); 3950 TPrinter.Visit(const_cast<Stmt*>(getTerminator().getStmt())); 3951} 3952 3953Stmt *CFGBlock::getTerminatorCondition() { 3954 Stmt *Terminator = this->Terminator; 3955 if (!Terminator) 3956 return NULL; 3957 3958 Expr *E = NULL; 3959 3960 switch (Terminator->getStmtClass()) { 3961 default: 3962 break; 3963 3964 case Stmt::CXXForRangeStmtClass: 3965 E = cast<CXXForRangeStmt>(Terminator)->getCond(); 3966 break; 3967 3968 case Stmt::ForStmtClass: 3969 E = cast<ForStmt>(Terminator)->getCond(); 3970 break; 3971 3972 case Stmt::WhileStmtClass: 3973 E = cast<WhileStmt>(Terminator)->getCond(); 3974 break; 3975 3976 case Stmt::DoStmtClass: 3977 E = cast<DoStmt>(Terminator)->getCond(); 3978 break; 3979 3980 case Stmt::IfStmtClass: 3981 E = cast<IfStmt>(Terminator)->getCond(); 3982 break; 3983 3984 case Stmt::ChooseExprClass: 3985 E = cast<ChooseExpr>(Terminator)->getCond(); 3986 break; 3987 3988 case Stmt::IndirectGotoStmtClass: 3989 E = cast<IndirectGotoStmt>(Terminator)->getTarget(); 3990 break; 3991 3992 case Stmt::SwitchStmtClass: 3993 E = cast<SwitchStmt>(Terminator)->getCond(); 3994 break; 3995 3996 case Stmt::BinaryConditionalOperatorClass: 3997 E = cast<BinaryConditionalOperator>(Terminator)->getCond(); 3998 break; 3999 4000 case Stmt::ConditionalOperatorClass: 4001 E = cast<ConditionalOperator>(Terminator)->getCond(); 4002 break; 4003 4004 case Stmt::BinaryOperatorClass: // '&&' and '||' 4005 E = cast<BinaryOperator>(Terminator)->getLHS(); 4006 break; 4007 4008 case Stmt::ObjCForCollectionStmtClass: 4009 return Terminator; 4010 } 4011 4012 return E ? E->IgnoreParens() : NULL; 4013} 4014 4015//===----------------------------------------------------------------------===// 4016// CFG Graphviz Visualization 4017//===----------------------------------------------------------------------===// 4018 4019 4020#ifndef NDEBUG 4021static StmtPrinterHelper* GraphHelper; 4022#endif 4023 4024void CFG::viewCFG(const LangOptions &LO) const { 4025#ifndef NDEBUG 4026 StmtPrinterHelper H(this, LO); 4027 GraphHelper = &H; 4028 llvm::ViewGraph(this,"CFG"); 4029 GraphHelper = NULL; 4030#endif 4031} 4032 4033namespace llvm { 4034template<> 4035struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits { 4036 4037 DOTGraphTraits (bool isSimple=false) : DefaultDOTGraphTraits(isSimple) {} 4038 4039 static std::string getNodeLabel(const CFGBlock *Node, const CFG* Graph) { 4040 4041#ifndef NDEBUG 4042 std::string OutSStr; 4043 llvm::raw_string_ostream Out(OutSStr); 4044 print_block(Out,Graph, *Node, GraphHelper, false, false); 4045 std::string& OutStr = Out.str(); 4046 4047 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin()); 4048 4049 // Process string output to make it nicer... 4050 for (unsigned i = 0; i != OutStr.length(); ++i) 4051 if (OutStr[i] == '\n') { // Left justify 4052 OutStr[i] = '\\'; 4053 OutStr.insert(OutStr.begin()+i+1, 'l'); 4054 } 4055 4056 return OutStr; 4057#else 4058 return ""; 4059#endif 4060 } 4061}; 4062} // end namespace llvm 4063