CFG.cpp revision 651f13cea278ec967336033dd032faef0e9fc2ec
1 //===--- CFG.cpp - Classes for representing and building CFGs----*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the CFG and CFGBuilder classes for representing and 11// building Control-Flow Graphs (CFGs) from ASTs. 12// 13//===----------------------------------------------------------------------===// 14 15#include "clang/Analysis/CFG.h" 16#include "clang/AST/ASTContext.h" 17#include "clang/AST/Attr.h" 18#include "clang/AST/CharUnits.h" 19#include "clang/AST/DeclCXX.h" 20#include "clang/AST/PrettyPrinter.h" 21#include "clang/AST/StmtVisitor.h" 22#include "clang/Basic/Builtins.h" 23#include "llvm/ADT/DenseMap.h" 24#include <memory> 25#include "llvm/ADT/SmallPtrSet.h" 26#include "llvm/Support/Allocator.h" 27#include "llvm/Support/Format.h" 28#include "llvm/Support/GraphWriter.h" 29#include "llvm/Support/SaveAndRestore.h" 30 31using namespace clang; 32 33namespace { 34 35static SourceLocation GetEndLoc(Decl *D) { 36 if (VarDecl *VD = dyn_cast<VarDecl>(D)) 37 if (Expr *Ex = VD->getInit()) 38 return Ex->getSourceRange().getEnd(); 39 return D->getLocation(); 40} 41 42class CFGBuilder; 43 44/// The CFG builder uses a recursive algorithm to build the CFG. When 45/// we process an expression, sometimes we know that we must add the 46/// subexpressions as block-level expressions. For example: 47/// 48/// exp1 || exp2 49/// 50/// When processing the '||' expression, we know that exp1 and exp2 51/// need to be added as block-level expressions, even though they 52/// might not normally need to be. AddStmtChoice records this 53/// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then 54/// the builder has an option not to add a subexpression as a 55/// block-level expression. 56/// 57class AddStmtChoice { 58public: 59 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 }; 60 61 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {} 62 63 bool alwaysAdd(CFGBuilder &builder, 64 const Stmt *stmt) const; 65 66 /// Return a copy of this object, except with the 'always-add' bit 67 /// set as specified. 68 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const { 69 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd); 70 } 71 72private: 73 Kind kind; 74}; 75 76/// LocalScope - Node in tree of local scopes created for C++ implicit 77/// destructor calls generation. It contains list of automatic variables 78/// declared in the scope and link to position in previous scope this scope 79/// began in. 80/// 81/// The process of creating local scopes is as follows: 82/// - Init CFGBuilder::ScopePos with invalid position (equivalent for null), 83/// - Before processing statements in scope (e.g. CompoundStmt) create 84/// LocalScope object using CFGBuilder::ScopePos as link to previous scope 85/// and set CFGBuilder::ScopePos to the end of new scope, 86/// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points 87/// at this VarDecl, 88/// - For every normal (without jump) end of scope add to CFGBlock destructors 89/// for objects in the current scope, 90/// - For every jump add to CFGBlock destructors for objects 91/// between CFGBuilder::ScopePos and local scope position saved for jump 92/// target. Thanks to C++ restrictions on goto jumps we can be sure that 93/// jump target position will be on the path to root from CFGBuilder::ScopePos 94/// (adding any variable that doesn't need constructor to be called to 95/// LocalScope can break this assumption), 96/// 97class LocalScope { 98public: 99 typedef BumpVector<VarDecl*> AutomaticVarsTy; 100 101 /// const_iterator - Iterates local scope backwards and jumps to previous 102 /// scope on reaching the beginning of currently iterated scope. 103 class const_iterator { 104 const LocalScope* Scope; 105 106 /// VarIter is guaranteed to be greater then 0 for every valid iterator. 107 /// Invalid iterator (with null Scope) has VarIter equal to 0. 108 unsigned VarIter; 109 110 public: 111 /// Create invalid iterator. Dereferencing invalid iterator is not allowed. 112 /// Incrementing invalid iterator is allowed and will result in invalid 113 /// iterator. 114 const_iterator() 115 : Scope(NULL), VarIter(0) {} 116 117 /// Create valid iterator. In case when S.Prev is an invalid iterator and 118 /// I is equal to 0, this will create invalid iterator. 119 const_iterator(const LocalScope& S, unsigned I) 120 : Scope(&S), VarIter(I) { 121 // Iterator to "end" of scope is not allowed. Handle it by going up 122 // in scopes tree possibly up to invalid iterator in the root. 123 if (VarIter == 0 && Scope) 124 *this = Scope->Prev; 125 } 126 127 VarDecl *const* operator->() const { 128 assert (Scope && "Dereferencing invalid iterator is not allowed"); 129 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 130 return &Scope->Vars[VarIter - 1]; 131 } 132 VarDecl *operator*() const { 133 return *this->operator->(); 134 } 135 136 const_iterator &operator++() { 137 if (!Scope) 138 return *this; 139 140 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 141 --VarIter; 142 if (VarIter == 0) 143 *this = Scope->Prev; 144 return *this; 145 } 146 const_iterator operator++(int) { 147 const_iterator P = *this; 148 ++*this; 149 return P; 150 } 151 152 bool operator==(const const_iterator &rhs) const { 153 return Scope == rhs.Scope && VarIter == rhs.VarIter; 154 } 155 bool operator!=(const const_iterator &rhs) const { 156 return !(*this == rhs); 157 } 158 159 LLVM_EXPLICIT operator bool() const { 160 return *this != const_iterator(); 161 } 162 163 int distance(const_iterator L); 164 }; 165 166 friend class const_iterator; 167 168private: 169 BumpVectorContext ctx; 170 171 /// Automatic variables in order of declaration. 172 AutomaticVarsTy Vars; 173 /// Iterator to variable in previous scope that was declared just before 174 /// begin of this scope. 175 const_iterator Prev; 176 177public: 178 /// Constructs empty scope linked to previous scope in specified place. 179 LocalScope(BumpVectorContext &ctx, const_iterator P) 180 : ctx(ctx), Vars(ctx, 4), Prev(P) {} 181 182 /// Begin of scope in direction of CFG building (backwards). 183 const_iterator begin() const { return const_iterator(*this, Vars.size()); } 184 185 void addVar(VarDecl *VD) { 186 Vars.push_back(VD, ctx); 187 } 188}; 189 190/// distance - Calculates distance from this to L. L must be reachable from this 191/// (with use of ++ operator). Cost of calculating the distance is linear w.r.t. 192/// number of scopes between this and L. 193int LocalScope::const_iterator::distance(LocalScope::const_iterator L) { 194 int D = 0; 195 const_iterator F = *this; 196 while (F.Scope != L.Scope) { 197 assert (F != const_iterator() 198 && "L iterator is not reachable from F iterator."); 199 D += F.VarIter; 200 F = F.Scope->Prev; 201 } 202 D += F.VarIter - L.VarIter; 203 return D; 204} 205 206/// BlockScopePosPair - Structure for specifying position in CFG during its 207/// build process. It consists of CFGBlock that specifies position in CFG graph 208/// and LocalScope::const_iterator that specifies position in LocalScope graph. 209struct BlockScopePosPair { 210 BlockScopePosPair() : block(0) {} 211 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos) 212 : block(b), scopePosition(scopePos) {} 213 214 CFGBlock *block; 215 LocalScope::const_iterator scopePosition; 216}; 217 218/// TryResult - a class representing a variant over the values 219/// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool, 220/// and is used by the CFGBuilder to decide if a branch condition 221/// can be decided up front during CFG construction. 222class TryResult { 223 int X; 224public: 225 TryResult(bool b) : X(b ? 1 : 0) {} 226 TryResult() : X(-1) {} 227 228 bool isTrue() const { return X == 1; } 229 bool isFalse() const { return X == 0; } 230 bool isKnown() const { return X >= 0; } 231 void negate() { 232 assert(isKnown()); 233 X ^= 0x1; 234 } 235}; 236 237class reverse_children { 238 llvm::SmallVector<Stmt *, 12> childrenBuf; 239 ArrayRef<Stmt*> children; 240public: 241 reverse_children(Stmt *S); 242 243 typedef ArrayRef<Stmt*>::reverse_iterator iterator; 244 iterator begin() const { return children.rbegin(); } 245 iterator end() const { return children.rend(); } 246}; 247 248 249reverse_children::reverse_children(Stmt *S) { 250 if (CallExpr *CE = dyn_cast<CallExpr>(S)) { 251 children = CE->getRawSubExprs(); 252 return; 253 } 254 switch (S->getStmtClass()) { 255 // Note: Fill in this switch with more cases we want to optimize. 256 case Stmt::InitListExprClass: { 257 InitListExpr *IE = cast<InitListExpr>(S); 258 children = llvm::makeArrayRef(reinterpret_cast<Stmt**>(IE->getInits()), 259 IE->getNumInits()); 260 return; 261 } 262 default: 263 break; 264 } 265 266 // Default case for all other statements. 267 for (Stmt::child_range I = S->children(); I; ++I) { 268 childrenBuf.push_back(*I); 269 } 270 271 // This needs to be done *after* childrenBuf has been populated. 272 children = childrenBuf; 273} 274 275/// CFGBuilder - This class implements CFG construction from an AST. 276/// The builder is stateful: an instance of the builder should be used to only 277/// construct a single CFG. 278/// 279/// Example usage: 280/// 281/// CFGBuilder builder; 282/// CFG* cfg = builder.BuildAST(stmt1); 283/// 284/// CFG construction is done via a recursive walk of an AST. We actually parse 285/// the AST in reverse order so that the successor of a basic block is 286/// constructed prior to its predecessor. This allows us to nicely capture 287/// implicit fall-throughs without extra basic blocks. 288/// 289class CFGBuilder { 290 typedef BlockScopePosPair JumpTarget; 291 typedef BlockScopePosPair JumpSource; 292 293 ASTContext *Context; 294 std::unique_ptr<CFG> cfg; 295 296 CFGBlock *Block; 297 CFGBlock *Succ; 298 JumpTarget ContinueJumpTarget; 299 JumpTarget BreakJumpTarget; 300 CFGBlock *SwitchTerminatedBlock; 301 CFGBlock *DefaultCaseBlock; 302 CFGBlock *TryTerminatedBlock; 303 304 // Current position in local scope. 305 LocalScope::const_iterator ScopePos; 306 307 // LabelMap records the mapping from Label expressions to their jump targets. 308 typedef llvm::DenseMap<LabelDecl*, JumpTarget> LabelMapTy; 309 LabelMapTy LabelMap; 310 311 // A list of blocks that end with a "goto" that must be backpatched to their 312 // resolved targets upon completion of CFG construction. 313 typedef std::vector<JumpSource> BackpatchBlocksTy; 314 BackpatchBlocksTy BackpatchBlocks; 315 316 // A list of labels whose address has been taken (for indirect gotos). 317 typedef llvm::SmallPtrSet<LabelDecl*, 5> LabelSetTy; 318 LabelSetTy AddressTakenLabels; 319 320 bool badCFG; 321 const CFG::BuildOptions &BuildOpts; 322 323 // State to track for building switch statements. 324 bool switchExclusivelyCovered; 325 Expr::EvalResult *switchCond; 326 327 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry; 328 const Stmt *lastLookup; 329 330 // Caches boolean evaluations of expressions to avoid multiple re-evaluations 331 // during construction of branches for chained logical operators. 332 typedef llvm::DenseMap<Expr *, TryResult> CachedBoolEvalsTy; 333 CachedBoolEvalsTy CachedBoolEvals; 334 335public: 336 explicit CFGBuilder(ASTContext *astContext, 337 const CFG::BuildOptions &buildOpts) 338 : Context(astContext), cfg(new CFG()), // crew a new CFG 339 Block(NULL), Succ(NULL), 340 SwitchTerminatedBlock(NULL), DefaultCaseBlock(NULL), 341 TryTerminatedBlock(NULL), badCFG(false), BuildOpts(buildOpts), 342 switchExclusivelyCovered(false), switchCond(0), 343 cachedEntry(0), lastLookup(0) {} 344 345 // buildCFG - Used by external clients to construct the CFG. 346 CFG* buildCFG(const Decl *D, Stmt *Statement); 347 348 bool alwaysAdd(const Stmt *stmt); 349 350private: 351 // Visitors to walk an AST and construct the CFG. 352 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc); 353 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc); 354 CFGBlock *VisitBreakStmt(BreakStmt *B); 355 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc); 356 CFGBlock *VisitCaseStmt(CaseStmt *C); 357 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc); 358 CFGBlock *VisitCompoundStmt(CompoundStmt *C); 359 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C, 360 AddStmtChoice asc); 361 CFGBlock *VisitContinueStmt(ContinueStmt *C); 362 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 363 AddStmtChoice asc); 364 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S); 365 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc); 366 CFGBlock *VisitCXXNewExpr(CXXNewExpr *DE, AddStmtChoice asc); 367 CFGBlock *VisitCXXDeleteExpr(CXXDeleteExpr *DE, AddStmtChoice asc); 368 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S); 369 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 370 AddStmtChoice asc); 371 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 372 AddStmtChoice asc); 373 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T); 374 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S); 375 CFGBlock *VisitDeclStmt(DeclStmt *DS); 376 CFGBlock *VisitDeclSubExpr(DeclStmt *DS); 377 CFGBlock *VisitDefaultStmt(DefaultStmt *D); 378 CFGBlock *VisitDoStmt(DoStmt *D); 379 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E, AddStmtChoice asc); 380 CFGBlock *VisitForStmt(ForStmt *F); 381 CFGBlock *VisitGotoStmt(GotoStmt *G); 382 CFGBlock *VisitIfStmt(IfStmt *I); 383 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc); 384 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I); 385 CFGBlock *VisitLabelStmt(LabelStmt *L); 386 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc); 387 CFGBlock *VisitLogicalOperator(BinaryOperator *B); 388 std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B, 389 Stmt *Term, 390 CFGBlock *TrueBlock, 391 CFGBlock *FalseBlock); 392 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc); 393 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S); 394 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S); 395 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S); 396 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S); 397 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S); 398 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S); 399 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E); 400 CFGBlock *VisitReturnStmt(ReturnStmt *R); 401 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc); 402 CFGBlock *VisitSwitchStmt(SwitchStmt *S); 403 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 404 AddStmtChoice asc); 405 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc); 406 CFGBlock *VisitWhileStmt(WhileStmt *W); 407 408 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd); 409 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc); 410 CFGBlock *VisitChildren(Stmt *S); 411 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc); 412 413 // Visitors to walk an AST and generate destructors of temporaries in 414 // full expression. 415 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary = false); 416 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E); 417 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E); 418 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors(CXXBindTemporaryExpr *E, 419 bool BindToTemporary); 420 CFGBlock * 421 VisitConditionalOperatorForTemporaryDtors(AbstractConditionalOperator *E, 422 bool BindToTemporary); 423 424 // NYS == Not Yet Supported 425 CFGBlock *NYS() { 426 badCFG = true; 427 return Block; 428 } 429 430 void autoCreateBlock() { if (!Block) Block = createBlock(); } 431 CFGBlock *createBlock(bool add_successor = true); 432 CFGBlock *createNoReturnBlock(); 433 434 CFGBlock *addStmt(Stmt *S) { 435 return Visit(S, AddStmtChoice::AlwaysAdd); 436 } 437 CFGBlock *addInitializer(CXXCtorInitializer *I); 438 void addAutomaticObjDtors(LocalScope::const_iterator B, 439 LocalScope::const_iterator E, Stmt *S); 440 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD); 441 442 // Local scopes creation. 443 LocalScope* createOrReuseLocalScope(LocalScope* Scope); 444 445 void addLocalScopeForStmt(Stmt *S); 446 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, LocalScope* Scope = NULL); 447 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = NULL); 448 449 void addLocalScopeAndDtors(Stmt *S); 450 451 // Interface to CFGBlock - adding CFGElements. 452 void appendStmt(CFGBlock *B, const Stmt *S) { 453 if (alwaysAdd(S) && cachedEntry) 454 cachedEntry->second = B; 455 456 // All block-level expressions should have already been IgnoreParens()ed. 457 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); 458 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); 459 } 460 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) { 461 B->appendInitializer(I, cfg->getBumpVectorContext()); 462 } 463 void appendNewAllocator(CFGBlock *B, CXXNewExpr *NE) { 464 B->appendNewAllocator(NE, cfg->getBumpVectorContext()); 465 } 466 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) { 467 B->appendBaseDtor(BS, cfg->getBumpVectorContext()); 468 } 469 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) { 470 B->appendMemberDtor(FD, cfg->getBumpVectorContext()); 471 } 472 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) { 473 B->appendTemporaryDtor(E, cfg->getBumpVectorContext()); 474 } 475 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) { 476 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext()); 477 } 478 479 void appendDeleteDtor(CFGBlock *B, CXXRecordDecl *RD, CXXDeleteExpr *DE) { 480 B->appendDeleteDtor(RD, DE, cfg->getBumpVectorContext()); 481 } 482 483 void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 484 LocalScope::const_iterator B, LocalScope::const_iterator E); 485 486 void addSuccessor(CFGBlock *B, CFGBlock *S, bool IsReachable = true) { 487 B->addSuccessor(CFGBlock::AdjacentBlock(S, IsReachable), 488 cfg->getBumpVectorContext()); 489 } 490 491 /// Add a reachable successor to a block, with the alternate variant that is 492 /// unreachable. 493 void addSuccessor(CFGBlock *B, CFGBlock *ReachableBlock, CFGBlock *AltBlock) { 494 B->addSuccessor(CFGBlock::AdjacentBlock(ReachableBlock, AltBlock), 495 cfg->getBumpVectorContext()); 496 } 497 498 /// Try and evaluate an expression to an integer constant. 499 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) { 500 if (!BuildOpts.PruneTriviallyFalseEdges) 501 return false; 502 return !S->isTypeDependent() && 503 !S->isValueDependent() && 504 S->EvaluateAsRValue(outResult, *Context); 505 } 506 507 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1 508 /// if we can evaluate to a known value, otherwise return -1. 509 TryResult tryEvaluateBool(Expr *S) { 510 if (!BuildOpts.PruneTriviallyFalseEdges || 511 S->isTypeDependent() || S->isValueDependent()) 512 return TryResult(); 513 514 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) { 515 if (Bop->isLogicalOp()) { 516 // Check the cache first. 517 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S); 518 if (I != CachedBoolEvals.end()) 519 return I->second; // already in map; 520 521 // Retrieve result at first, or the map might be updated. 522 TryResult Result = evaluateAsBooleanConditionNoCache(S); 523 CachedBoolEvals[S] = Result; // update or insert 524 return Result; 525 } 526 else { 527 switch (Bop->getOpcode()) { 528 default: break; 529 // For 'x & 0' and 'x * 0', we can determine that 530 // the value is always false. 531 case BO_Mul: 532 case BO_And: { 533 // If either operand is zero, we know the value 534 // must be false. 535 llvm::APSInt IntVal; 536 if (Bop->getLHS()->EvaluateAsInt(IntVal, *Context)) { 537 if (IntVal.getBoolValue() == false) { 538 return TryResult(false); 539 } 540 } 541 if (Bop->getRHS()->EvaluateAsInt(IntVal, *Context)) { 542 if (IntVal.getBoolValue() == false) { 543 return TryResult(false); 544 } 545 } 546 } 547 break; 548 } 549 } 550 } 551 552 return evaluateAsBooleanConditionNoCache(S); 553 } 554 555 /// \brief Evaluate as boolean \param E without using the cache. 556 TryResult evaluateAsBooleanConditionNoCache(Expr *E) { 557 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) { 558 if (Bop->isLogicalOp()) { 559 TryResult LHS = tryEvaluateBool(Bop->getLHS()); 560 if (LHS.isKnown()) { 561 // We were able to evaluate the LHS, see if we can get away with not 562 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1 563 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 564 return LHS.isTrue(); 565 566 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 567 if (RHS.isKnown()) { 568 if (Bop->getOpcode() == BO_LOr) 569 return LHS.isTrue() || RHS.isTrue(); 570 else 571 return LHS.isTrue() && RHS.isTrue(); 572 } 573 } else { 574 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 575 if (RHS.isKnown()) { 576 // We can't evaluate the LHS; however, sometimes the result 577 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1. 578 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 579 return RHS.isTrue(); 580 } 581 } 582 583 return TryResult(); 584 } 585 } 586 587 bool Result; 588 if (E->EvaluateAsBooleanCondition(Result, *Context)) 589 return Result; 590 591 return TryResult(); 592 } 593 594}; 595 596inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder, 597 const Stmt *stmt) const { 598 return builder.alwaysAdd(stmt) || kind == AlwaysAdd; 599} 600 601bool CFGBuilder::alwaysAdd(const Stmt *stmt) { 602 bool shouldAdd = BuildOpts.alwaysAdd(stmt); 603 604 if (!BuildOpts.forcedBlkExprs) 605 return shouldAdd; 606 607 if (lastLookup == stmt) { 608 if (cachedEntry) { 609 assert(cachedEntry->first == stmt); 610 return true; 611 } 612 return shouldAdd; 613 } 614 615 lastLookup = stmt; 616 617 // Perform the lookup! 618 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs; 619 620 if (!fb) { 621 // No need to update 'cachedEntry', since it will always be null. 622 assert(cachedEntry == 0); 623 return shouldAdd; 624 } 625 626 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt); 627 if (itr == fb->end()) { 628 cachedEntry = 0; 629 return shouldAdd; 630 } 631 632 cachedEntry = &*itr; 633 return true; 634} 635 636// FIXME: Add support for dependent-sized array types in C++? 637// Does it even make sense to build a CFG for an uninstantiated template? 638static const VariableArrayType *FindVA(const Type *t) { 639 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) { 640 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt)) 641 if (vat->getSizeExpr()) 642 return vat; 643 644 t = vt->getElementType().getTypePtr(); 645 } 646 647 return 0; 648} 649 650/// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an 651/// arbitrary statement. Examples include a single expression or a function 652/// body (compound statement). The ownership of the returned CFG is 653/// transferred to the caller. If CFG construction fails, this method returns 654/// NULL. 655CFG* CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) { 656 assert(cfg.get()); 657 if (!Statement) 658 return NULL; 659 660 // Create an empty block that will serve as the exit block for the CFG. Since 661 // this is the first block added to the CFG, it will be implicitly registered 662 // as the exit block. 663 Succ = createBlock(); 664 assert(Succ == &cfg->getExit()); 665 Block = NULL; // the EXIT block is empty. Create all other blocks lazily. 666 667 if (BuildOpts.AddImplicitDtors) 668 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D)) 669 addImplicitDtorsForDestructor(DD); 670 671 // Visit the statements and create the CFG. 672 CFGBlock *B = addStmt(Statement); 673 674 if (badCFG) 675 return NULL; 676 677 // For C++ constructor add initializers to CFG. 678 if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) { 679 for (CXXConstructorDecl::init_const_reverse_iterator I = CD->init_rbegin(), 680 E = CD->init_rend(); I != E; ++I) { 681 B = addInitializer(*I); 682 if (badCFG) 683 return NULL; 684 } 685 } 686 687 if (B) 688 Succ = B; 689 690 // Backpatch the gotos whose label -> block mappings we didn't know when we 691 // encountered them. 692 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(), 693 E = BackpatchBlocks.end(); I != E; ++I ) { 694 695 CFGBlock *B = I->block; 696 const GotoStmt *G = cast<GotoStmt>(B->getTerminator()); 697 LabelMapTy::iterator LI = LabelMap.find(G->getLabel()); 698 699 // If there is no target for the goto, then we are looking at an 700 // incomplete AST. Handle this by not registering a successor. 701 if (LI == LabelMap.end()) continue; 702 703 JumpTarget JT = LI->second; 704 prependAutomaticObjDtorsWithTerminator(B, I->scopePosition, 705 JT.scopePosition); 706 addSuccessor(B, JT.block); 707 } 708 709 // Add successors to the Indirect Goto Dispatch block (if we have one). 710 if (CFGBlock *B = cfg->getIndirectGotoBlock()) 711 for (LabelSetTy::iterator I = AddressTakenLabels.begin(), 712 E = AddressTakenLabels.end(); I != E; ++I ) { 713 714 // Lookup the target block. 715 LabelMapTy::iterator LI = LabelMap.find(*I); 716 717 // If there is no target block that contains label, then we are looking 718 // at an incomplete AST. Handle this by not registering a successor. 719 if (LI == LabelMap.end()) continue; 720 721 addSuccessor(B, LI->second.block); 722 } 723 724 // Create an empty entry block that has no predecessors. 725 cfg->setEntry(createBlock()); 726 727 return cfg.release(); 728} 729 730/// createBlock - Used to lazily create blocks that are connected 731/// to the current (global) succcessor. 732CFGBlock *CFGBuilder::createBlock(bool add_successor) { 733 CFGBlock *B = cfg->createBlock(); 734 if (add_successor && Succ) 735 addSuccessor(B, Succ); 736 return B; 737} 738 739/// createNoReturnBlock - Used to create a block is a 'noreturn' point in the 740/// CFG. It is *not* connected to the current (global) successor, and instead 741/// directly tied to the exit block in order to be reachable. 742CFGBlock *CFGBuilder::createNoReturnBlock() { 743 CFGBlock *B = createBlock(false); 744 B->setHasNoReturnElement(); 745 addSuccessor(B, &cfg->getExit(), Succ); 746 return B; 747} 748 749/// addInitializer - Add C++ base or member initializer element to CFG. 750CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) { 751 if (!BuildOpts.AddInitializers) 752 return Block; 753 754 bool IsReference = false; 755 bool HasTemporaries = false; 756 757 // Destructors of temporaries in initialization expression should be called 758 // after initialization finishes. 759 Expr *Init = I->getInit(); 760 if (Init) { 761 if (FieldDecl *FD = I->getAnyMember()) 762 IsReference = FD->getType()->isReferenceType(); 763 HasTemporaries = isa<ExprWithCleanups>(Init); 764 765 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 766 // Generate destructors for temporaries in initialization expression. 767 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 768 IsReference); 769 } 770 } 771 772 autoCreateBlock(); 773 appendInitializer(Block, I); 774 775 if (Init) { 776 if (HasTemporaries) { 777 // For expression with temporaries go directly to subexpression to omit 778 // generating destructors for the second time. 779 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); 780 } 781 return Visit(Init); 782 } 783 784 return Block; 785} 786 787/// \brief Retrieve the type of the temporary object whose lifetime was 788/// extended by a local reference with the given initializer. 789static QualType getReferenceInitTemporaryType(ASTContext &Context, 790 const Expr *Init) { 791 while (true) { 792 // Skip parentheses. 793 Init = Init->IgnoreParens(); 794 795 // Skip through cleanups. 796 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { 797 Init = EWC->getSubExpr(); 798 continue; 799 } 800 801 // Skip through the temporary-materialization expression. 802 if (const MaterializeTemporaryExpr *MTE 803 = dyn_cast<MaterializeTemporaryExpr>(Init)) { 804 Init = MTE->GetTemporaryExpr(); 805 continue; 806 } 807 808 // Skip derived-to-base and no-op casts. 809 if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { 810 if ((CE->getCastKind() == CK_DerivedToBase || 811 CE->getCastKind() == CK_UncheckedDerivedToBase || 812 CE->getCastKind() == CK_NoOp) && 813 Init->getType()->isRecordType()) { 814 Init = CE->getSubExpr(); 815 continue; 816 } 817 } 818 819 // Skip member accesses into rvalues. 820 if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) { 821 if (!ME->isArrow() && ME->getBase()->isRValue()) { 822 Init = ME->getBase(); 823 continue; 824 } 825 } 826 827 break; 828 } 829 830 return Init->getType(); 831} 832 833/// addAutomaticObjDtors - Add to current block automatic objects destructors 834/// for objects in range of local scope positions. Use S as trigger statement 835/// for destructors. 836void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B, 837 LocalScope::const_iterator E, Stmt *S) { 838 if (!BuildOpts.AddImplicitDtors) 839 return; 840 841 if (B == E) 842 return; 843 844 // We need to append the destructors in reverse order, but any one of them 845 // may be a no-return destructor which changes the CFG. As a result, buffer 846 // this sequence up and replay them in reverse order when appending onto the 847 // CFGBlock(s). 848 SmallVector<VarDecl*, 10> Decls; 849 Decls.reserve(B.distance(E)); 850 for (LocalScope::const_iterator I = B; I != E; ++I) 851 Decls.push_back(*I); 852 853 for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(), 854 E = Decls.rend(); 855 I != E; ++I) { 856 // If this destructor is marked as a no-return destructor, we need to 857 // create a new block for the destructor which does not have as a successor 858 // anything built thus far: control won't flow out of this block. 859 QualType Ty = (*I)->getType(); 860 if (Ty->isReferenceType()) { 861 Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); 862 } 863 Ty = Context->getBaseElementType(Ty); 864 865 const CXXDestructorDecl *Dtor = Ty->getAsCXXRecordDecl()->getDestructor(); 866 if (Dtor->isNoReturn()) 867 Block = createNoReturnBlock(); 868 else 869 autoCreateBlock(); 870 871 appendAutomaticObjDtor(Block, *I, S); 872 } 873} 874 875/// addImplicitDtorsForDestructor - Add implicit destructors generated for 876/// base and member objects in destructor. 877void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) { 878 assert (BuildOpts.AddImplicitDtors 879 && "Can be called only when dtors should be added"); 880 const CXXRecordDecl *RD = DD->getParent(); 881 882 // At the end destroy virtual base objects. 883 for (const auto &VI : RD->vbases()) { 884 const CXXRecordDecl *CD = VI.getType()->getAsCXXRecordDecl(); 885 if (!CD->hasTrivialDestructor()) { 886 autoCreateBlock(); 887 appendBaseDtor(Block, &VI); 888 } 889 } 890 891 // Before virtual bases destroy direct base objects. 892 for (const auto &BI : RD->bases()) { 893 if (!BI.isVirtual()) { 894 const CXXRecordDecl *CD = BI.getType()->getAsCXXRecordDecl(); 895 if (!CD->hasTrivialDestructor()) { 896 autoCreateBlock(); 897 appendBaseDtor(Block, &BI); 898 } 899 } 900 } 901 902 // First destroy member objects. 903 for (auto *FI : RD->fields()) { 904 // Check for constant size array. Set type to array element type. 905 QualType QT = FI->getType(); 906 if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 907 if (AT->getSize() == 0) 908 continue; 909 QT = AT->getElementType(); 910 } 911 912 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 913 if (!CD->hasTrivialDestructor()) { 914 autoCreateBlock(); 915 appendMemberDtor(Block, FI); 916 } 917 } 918} 919 920/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either 921/// way return valid LocalScope object. 922LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) { 923 if (!Scope) { 924 llvm::BumpPtrAllocator &alloc = cfg->getAllocator(); 925 Scope = alloc.Allocate<LocalScope>(); 926 BumpVectorContext ctx(alloc); 927 new (Scope) LocalScope(ctx, ScopePos); 928 } 929 return Scope; 930} 931 932/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement 933/// that should create implicit scope (e.g. if/else substatements). 934void CFGBuilder::addLocalScopeForStmt(Stmt *S) { 935 if (!BuildOpts.AddImplicitDtors) 936 return; 937 938 LocalScope *Scope = 0; 939 940 // For compound statement we will be creating explicit scope. 941 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) { 942 for (auto *BI : CS->body()) { 943 Stmt *SI = BI->stripLabelLikeStatements(); 944 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI)) 945 Scope = addLocalScopeForDeclStmt(DS, Scope); 946 } 947 return; 948 } 949 950 // For any other statement scope will be implicit and as such will be 951 // interesting only for DeclStmt. 952 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements())) 953 addLocalScopeForDeclStmt(DS); 954} 955 956/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will 957/// reuse Scope if not NULL. 958LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS, 959 LocalScope* Scope) { 960 if (!BuildOpts.AddImplicitDtors) 961 return Scope; 962 963 for (auto *DI : DS->decls()) 964 if (VarDecl *VD = dyn_cast<VarDecl>(DI)) 965 Scope = addLocalScopeForVarDecl(VD, Scope); 966 return Scope; 967} 968 969/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will 970/// create add scope for automatic objects and temporary objects bound to 971/// const reference. Will reuse Scope if not NULL. 972LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD, 973 LocalScope* Scope) { 974 if (!BuildOpts.AddImplicitDtors) 975 return Scope; 976 977 // Check if variable is local. 978 switch (VD->getStorageClass()) { 979 case SC_None: 980 case SC_Auto: 981 case SC_Register: 982 break; 983 default: return Scope; 984 } 985 986 // Check for const references bound to temporary. Set type to pointee. 987 QualType QT = VD->getType(); 988 if (QT.getTypePtr()->isReferenceType()) { 989 // Attempt to determine whether this declaration lifetime-extends a 990 // temporary. 991 // 992 // FIXME: This is incorrect. Non-reference declarations can lifetime-extend 993 // temporaries, and a single declaration can extend multiple temporaries. 994 // We should look at the storage duration on each nested 995 // MaterializeTemporaryExpr instead. 996 const Expr *Init = VD->getInit(); 997 if (!Init) 998 return Scope; 999 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) 1000 Init = EWC->getSubExpr(); 1001 if (!isa<MaterializeTemporaryExpr>(Init)) 1002 return Scope; 1003 1004 // Lifetime-extending a temporary. 1005 QT = getReferenceInitTemporaryType(*Context, Init); 1006 } 1007 1008 // Check for constant size array. Set type to array element type. 1009 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 1010 if (AT->getSize() == 0) 1011 return Scope; 1012 QT = AT->getElementType(); 1013 } 1014 1015 // Check if type is a C++ class with non-trivial destructor. 1016 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 1017 if (!CD->hasTrivialDestructor()) { 1018 // Add the variable to scope 1019 Scope = createOrReuseLocalScope(Scope); 1020 Scope->addVar(VD); 1021 ScopePos = Scope->begin(); 1022 } 1023 return Scope; 1024} 1025 1026/// addLocalScopeAndDtors - For given statement add local scope for it and 1027/// add destructors that will cleanup the scope. Will reuse Scope if not NULL. 1028void CFGBuilder::addLocalScopeAndDtors(Stmt *S) { 1029 if (!BuildOpts.AddImplicitDtors) 1030 return; 1031 1032 LocalScope::const_iterator scopeBeginPos = ScopePos; 1033 addLocalScopeForStmt(S); 1034 addAutomaticObjDtors(ScopePos, scopeBeginPos, S); 1035} 1036 1037/// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for 1038/// variables with automatic storage duration to CFGBlock's elements vector. 1039/// Elements will be prepended to physical beginning of the vector which 1040/// happens to be logical end. Use blocks terminator as statement that specifies 1041/// destructors call site. 1042/// FIXME: This mechanism for adding automatic destructors doesn't handle 1043/// no-return destructors properly. 1044void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 1045 LocalScope::const_iterator B, LocalScope::const_iterator E) { 1046 BumpVectorContext &C = cfg->getBumpVectorContext(); 1047 CFGBlock::iterator InsertPos 1048 = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C); 1049 for (LocalScope::const_iterator I = B; I != E; ++I) 1050 InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I, 1051 Blk->getTerminator()); 1052} 1053 1054/// Visit - Walk the subtree of a statement and add extra 1055/// blocks for ternary operators, &&, and ||. We also process "," and 1056/// DeclStmts (which may contain nested control-flow). 1057CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) { 1058 if (!S) { 1059 badCFG = true; 1060 return 0; 1061 } 1062 1063 if (Expr *E = dyn_cast<Expr>(S)) 1064 S = E->IgnoreParens(); 1065 1066 switch (S->getStmtClass()) { 1067 default: 1068 return VisitStmt(S, asc); 1069 1070 case Stmt::AddrLabelExprClass: 1071 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc); 1072 1073 case Stmt::BinaryConditionalOperatorClass: 1074 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc); 1075 1076 case Stmt::BinaryOperatorClass: 1077 return VisitBinaryOperator(cast<BinaryOperator>(S), asc); 1078 1079 case Stmt::BlockExprClass: 1080 return VisitNoRecurse(cast<Expr>(S), asc); 1081 1082 case Stmt::BreakStmtClass: 1083 return VisitBreakStmt(cast<BreakStmt>(S)); 1084 1085 case Stmt::CallExprClass: 1086 case Stmt::CXXOperatorCallExprClass: 1087 case Stmt::CXXMemberCallExprClass: 1088 case Stmt::UserDefinedLiteralClass: 1089 return VisitCallExpr(cast<CallExpr>(S), asc); 1090 1091 case Stmt::CaseStmtClass: 1092 return VisitCaseStmt(cast<CaseStmt>(S)); 1093 1094 case Stmt::ChooseExprClass: 1095 return VisitChooseExpr(cast<ChooseExpr>(S), asc); 1096 1097 case Stmt::CompoundStmtClass: 1098 return VisitCompoundStmt(cast<CompoundStmt>(S)); 1099 1100 case Stmt::ConditionalOperatorClass: 1101 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc); 1102 1103 case Stmt::ContinueStmtClass: 1104 return VisitContinueStmt(cast<ContinueStmt>(S)); 1105 1106 case Stmt::CXXCatchStmtClass: 1107 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S)); 1108 1109 case Stmt::ExprWithCleanupsClass: 1110 return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc); 1111 1112 case Stmt::CXXDefaultArgExprClass: 1113 case Stmt::CXXDefaultInitExprClass: 1114 // FIXME: The expression inside a CXXDefaultArgExpr is owned by the 1115 // called function's declaration, not by the caller. If we simply add 1116 // this expression to the CFG, we could end up with the same Expr 1117 // appearing multiple times. 1118 // PR13385 / <rdar://problem/12156507> 1119 // 1120 // It's likewise possible for multiple CXXDefaultInitExprs for the same 1121 // expression to be used in the same function (through aggregate 1122 // initialization). 1123 return VisitStmt(S, asc); 1124 1125 case Stmt::CXXBindTemporaryExprClass: 1126 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc); 1127 1128 case Stmt::CXXConstructExprClass: 1129 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc); 1130 1131 case Stmt::CXXNewExprClass: 1132 return VisitCXXNewExpr(cast<CXXNewExpr>(S), asc); 1133 1134 case Stmt::CXXDeleteExprClass: 1135 return VisitCXXDeleteExpr(cast<CXXDeleteExpr>(S), asc); 1136 1137 case Stmt::CXXFunctionalCastExprClass: 1138 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc); 1139 1140 case Stmt::CXXTemporaryObjectExprClass: 1141 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc); 1142 1143 case Stmt::CXXThrowExprClass: 1144 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S)); 1145 1146 case Stmt::CXXTryStmtClass: 1147 return VisitCXXTryStmt(cast<CXXTryStmt>(S)); 1148 1149 case Stmt::CXXForRangeStmtClass: 1150 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S)); 1151 1152 case Stmt::DeclStmtClass: 1153 return VisitDeclStmt(cast<DeclStmt>(S)); 1154 1155 case Stmt::DefaultStmtClass: 1156 return VisitDefaultStmt(cast<DefaultStmt>(S)); 1157 1158 case Stmt::DoStmtClass: 1159 return VisitDoStmt(cast<DoStmt>(S)); 1160 1161 case Stmt::ForStmtClass: 1162 return VisitForStmt(cast<ForStmt>(S)); 1163 1164 case Stmt::GotoStmtClass: 1165 return VisitGotoStmt(cast<GotoStmt>(S)); 1166 1167 case Stmt::IfStmtClass: 1168 return VisitIfStmt(cast<IfStmt>(S)); 1169 1170 case Stmt::ImplicitCastExprClass: 1171 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc); 1172 1173 case Stmt::IndirectGotoStmtClass: 1174 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S)); 1175 1176 case Stmt::LabelStmtClass: 1177 return VisitLabelStmt(cast<LabelStmt>(S)); 1178 1179 case Stmt::LambdaExprClass: 1180 return VisitLambdaExpr(cast<LambdaExpr>(S), asc); 1181 1182 case Stmt::MemberExprClass: 1183 return VisitMemberExpr(cast<MemberExpr>(S), asc); 1184 1185 case Stmt::NullStmtClass: 1186 return Block; 1187 1188 case Stmt::ObjCAtCatchStmtClass: 1189 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S)); 1190 1191 case Stmt::ObjCAutoreleasePoolStmtClass: 1192 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S)); 1193 1194 case Stmt::ObjCAtSynchronizedStmtClass: 1195 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S)); 1196 1197 case Stmt::ObjCAtThrowStmtClass: 1198 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S)); 1199 1200 case Stmt::ObjCAtTryStmtClass: 1201 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S)); 1202 1203 case Stmt::ObjCForCollectionStmtClass: 1204 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S)); 1205 1206 case Stmt::OpaqueValueExprClass: 1207 return Block; 1208 1209 case Stmt::PseudoObjectExprClass: 1210 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S)); 1211 1212 case Stmt::ReturnStmtClass: 1213 return VisitReturnStmt(cast<ReturnStmt>(S)); 1214 1215 case Stmt::UnaryExprOrTypeTraitExprClass: 1216 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S), 1217 asc); 1218 1219 case Stmt::StmtExprClass: 1220 return VisitStmtExpr(cast<StmtExpr>(S), asc); 1221 1222 case Stmt::SwitchStmtClass: 1223 return VisitSwitchStmt(cast<SwitchStmt>(S)); 1224 1225 case Stmt::UnaryOperatorClass: 1226 return VisitUnaryOperator(cast<UnaryOperator>(S), asc); 1227 1228 case Stmt::WhileStmtClass: 1229 return VisitWhileStmt(cast<WhileStmt>(S)); 1230 } 1231} 1232 1233CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) { 1234 if (asc.alwaysAdd(*this, S)) { 1235 autoCreateBlock(); 1236 appendStmt(Block, S); 1237 } 1238 1239 return VisitChildren(S); 1240} 1241 1242/// VisitChildren - Visit the children of a Stmt. 1243CFGBlock *CFGBuilder::VisitChildren(Stmt *S) { 1244 CFGBlock *B = Block; 1245 1246 // Visit the children in their reverse order so that they appear in 1247 // left-to-right (natural) order in the CFG. 1248 reverse_children RChildren(S); 1249 for (reverse_children::iterator I = RChildren.begin(), E = RChildren.end(); 1250 I != E; ++I) { 1251 if (Stmt *Child = *I) 1252 if (CFGBlock *R = Visit(Child)) 1253 B = R; 1254 } 1255 return B; 1256} 1257 1258CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A, 1259 AddStmtChoice asc) { 1260 AddressTakenLabels.insert(A->getLabel()); 1261 1262 if (asc.alwaysAdd(*this, A)) { 1263 autoCreateBlock(); 1264 appendStmt(Block, A); 1265 } 1266 1267 return Block; 1268} 1269 1270CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, 1271 AddStmtChoice asc) { 1272 if (asc.alwaysAdd(*this, U)) { 1273 autoCreateBlock(); 1274 appendStmt(Block, U); 1275 } 1276 1277 return Visit(U->getSubExpr(), AddStmtChoice()); 1278} 1279 1280CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) { 1281 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1282 appendStmt(ConfluenceBlock, B); 1283 1284 if (badCFG) 1285 return 0; 1286 1287 return VisitLogicalOperator(B, 0, ConfluenceBlock, ConfluenceBlock).first; 1288} 1289 1290std::pair<CFGBlock*, CFGBlock*> 1291CFGBuilder::VisitLogicalOperator(BinaryOperator *B, 1292 Stmt *Term, 1293 CFGBlock *TrueBlock, 1294 CFGBlock *FalseBlock) { 1295 1296 // Introspect the RHS. If it is a nested logical operation, we recursively 1297 // build the CFG using this function. Otherwise, resort to default 1298 // CFG construction behavior. 1299 Expr *RHS = B->getRHS()->IgnoreParens(); 1300 CFGBlock *RHSBlock, *ExitBlock; 1301 1302 do { 1303 if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS)) 1304 if (B_RHS->isLogicalOp()) { 1305 std::tie(RHSBlock, ExitBlock) = 1306 VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock); 1307 break; 1308 } 1309 1310 // The RHS is not a nested logical operation. Don't push the terminator 1311 // down further, but instead visit RHS and construct the respective 1312 // pieces of the CFG, and link up the RHSBlock with the terminator 1313 // we have been provided. 1314 ExitBlock = RHSBlock = createBlock(false); 1315 1316 if (!Term) { 1317 assert(TrueBlock == FalseBlock); 1318 addSuccessor(RHSBlock, TrueBlock); 1319 } 1320 else { 1321 RHSBlock->setTerminator(Term); 1322 TryResult KnownVal = tryEvaluateBool(RHS); 1323 addSuccessor(RHSBlock, TrueBlock, !KnownVal.isFalse()); 1324 addSuccessor(RHSBlock, FalseBlock, !KnownVal.isTrue()); 1325 } 1326 1327 Block = RHSBlock; 1328 RHSBlock = addStmt(RHS); 1329 } 1330 while (false); 1331 1332 if (badCFG) 1333 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1334 1335 // Generate the blocks for evaluating the LHS. 1336 Expr *LHS = B->getLHS()->IgnoreParens(); 1337 1338 if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS)) 1339 if (B_LHS->isLogicalOp()) { 1340 if (B->getOpcode() == BO_LOr) 1341 FalseBlock = RHSBlock; 1342 else 1343 TrueBlock = RHSBlock; 1344 1345 // For the LHS, treat 'B' as the terminator that we want to sink 1346 // into the nested branch. The RHS always gets the top-most 1347 // terminator. 1348 return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock); 1349 } 1350 1351 // Create the block evaluating the LHS. 1352 // This contains the '&&' or '||' as the terminator. 1353 CFGBlock *LHSBlock = createBlock(false); 1354 LHSBlock->setTerminator(B); 1355 1356 Block = LHSBlock; 1357 CFGBlock *EntryLHSBlock = addStmt(LHS); 1358 1359 if (badCFG) 1360 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1361 1362 // See if this is a known constant. 1363 TryResult KnownVal = tryEvaluateBool(LHS); 1364 1365 // Now link the LHSBlock with RHSBlock. 1366 if (B->getOpcode() == BO_LOr) { 1367 addSuccessor(LHSBlock, TrueBlock, !KnownVal.isFalse()); 1368 addSuccessor(LHSBlock, RHSBlock, !KnownVal.isTrue()); 1369 } else { 1370 assert(B->getOpcode() == BO_LAnd); 1371 addSuccessor(LHSBlock, RHSBlock, !KnownVal.isFalse()); 1372 addSuccessor(LHSBlock, FalseBlock, !KnownVal.isTrue()); 1373 } 1374 1375 return std::make_pair(EntryLHSBlock, ExitBlock); 1376} 1377 1378 1379CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B, 1380 AddStmtChoice asc) { 1381 // && or || 1382 if (B->isLogicalOp()) 1383 return VisitLogicalOperator(B); 1384 1385 if (B->getOpcode() == BO_Comma) { // , 1386 autoCreateBlock(); 1387 appendStmt(Block, B); 1388 addStmt(B->getRHS()); 1389 return addStmt(B->getLHS()); 1390 } 1391 1392 if (B->isAssignmentOp()) { 1393 if (asc.alwaysAdd(*this, B)) { 1394 autoCreateBlock(); 1395 appendStmt(Block, B); 1396 } 1397 Visit(B->getLHS()); 1398 return Visit(B->getRHS()); 1399 } 1400 1401 if (asc.alwaysAdd(*this, B)) { 1402 autoCreateBlock(); 1403 appendStmt(Block, B); 1404 } 1405 1406 CFGBlock *RBlock = Visit(B->getRHS()); 1407 CFGBlock *LBlock = Visit(B->getLHS()); 1408 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr 1409 // containing a DoStmt, and the LHS doesn't create a new block, then we should 1410 // return RBlock. Otherwise we'll incorrectly return NULL. 1411 return (LBlock ? LBlock : RBlock); 1412} 1413 1414CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) { 1415 if (asc.alwaysAdd(*this, E)) { 1416 autoCreateBlock(); 1417 appendStmt(Block, E); 1418 } 1419 return Block; 1420} 1421 1422CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) { 1423 // "break" is a control-flow statement. Thus we stop processing the current 1424 // block. 1425 if (badCFG) 1426 return 0; 1427 1428 // Now create a new block that ends with the break statement. 1429 Block = createBlock(false); 1430 Block->setTerminator(B); 1431 1432 // If there is no target for the break, then we are looking at an incomplete 1433 // AST. This means that the CFG cannot be constructed. 1434 if (BreakJumpTarget.block) { 1435 addAutomaticObjDtors(ScopePos, BreakJumpTarget.scopePosition, B); 1436 addSuccessor(Block, BreakJumpTarget.block); 1437 } else 1438 badCFG = true; 1439 1440 1441 return Block; 1442} 1443 1444static bool CanThrow(Expr *E, ASTContext &Ctx) { 1445 QualType Ty = E->getType(); 1446 if (Ty->isFunctionPointerType()) 1447 Ty = Ty->getAs<PointerType>()->getPointeeType(); 1448 else if (Ty->isBlockPointerType()) 1449 Ty = Ty->getAs<BlockPointerType>()->getPointeeType(); 1450 1451 const FunctionType *FT = Ty->getAs<FunctionType>(); 1452 if (FT) { 1453 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT)) 1454 if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) && 1455 Proto->isNothrow(Ctx)) 1456 return false; 1457 } 1458 return true; 1459} 1460 1461CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) { 1462 // Compute the callee type. 1463 QualType calleeType = C->getCallee()->getType(); 1464 if (calleeType == Context->BoundMemberTy) { 1465 QualType boundType = Expr::findBoundMemberType(C->getCallee()); 1466 1467 // We should only get a null bound type if processing a dependent 1468 // CFG. Recover by assuming nothing. 1469 if (!boundType.isNull()) calleeType = boundType; 1470 } 1471 1472 // If this is a call to a no-return function, this stops the block here. 1473 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn(); 1474 1475 bool AddEHEdge = false; 1476 1477 // Languages without exceptions are assumed to not throw. 1478 if (Context->getLangOpts().Exceptions) { 1479 if (BuildOpts.AddEHEdges) 1480 AddEHEdge = true; 1481 } 1482 1483 // If this is a call to a builtin function, it might not actually evaluate 1484 // its arguments. Don't add them to the CFG if this is the case. 1485 bool OmitArguments = false; 1486 1487 if (FunctionDecl *FD = C->getDirectCallee()) { 1488 if (FD->isNoReturn()) 1489 NoReturn = true; 1490 if (FD->hasAttr<NoThrowAttr>()) 1491 AddEHEdge = false; 1492 if (FD->getBuiltinID() == Builtin::BI__builtin_object_size) 1493 OmitArguments = true; 1494 } 1495 1496 if (!CanThrow(C->getCallee(), *Context)) 1497 AddEHEdge = false; 1498 1499 if (OmitArguments) { 1500 assert(!NoReturn && "noreturn calls with unevaluated args not implemented"); 1501 assert(!AddEHEdge && "EH calls with unevaluated args not implemented"); 1502 autoCreateBlock(); 1503 appendStmt(Block, C); 1504 return Visit(C->getCallee()); 1505 } 1506 1507 if (!NoReturn && !AddEHEdge) { 1508 return VisitStmt(C, asc.withAlwaysAdd(true)); 1509 } 1510 1511 if (Block) { 1512 Succ = Block; 1513 if (badCFG) 1514 return 0; 1515 } 1516 1517 if (NoReturn) 1518 Block = createNoReturnBlock(); 1519 else 1520 Block = createBlock(); 1521 1522 appendStmt(Block, C); 1523 1524 if (AddEHEdge) { 1525 // Add exceptional edges. 1526 if (TryTerminatedBlock) 1527 addSuccessor(Block, TryTerminatedBlock); 1528 else 1529 addSuccessor(Block, &cfg->getExit()); 1530 } 1531 1532 return VisitChildren(C); 1533} 1534 1535CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C, 1536 AddStmtChoice asc) { 1537 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1538 appendStmt(ConfluenceBlock, C); 1539 if (badCFG) 1540 return 0; 1541 1542 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1543 Succ = ConfluenceBlock; 1544 Block = NULL; 1545 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd); 1546 if (badCFG) 1547 return 0; 1548 1549 Succ = ConfluenceBlock; 1550 Block = NULL; 1551 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd); 1552 if (badCFG) 1553 return 0; 1554 1555 Block = createBlock(false); 1556 // See if this is a known constant. 1557 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1558 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1559 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1560 Block->setTerminator(C); 1561 return addStmt(C->getCond()); 1562} 1563 1564 1565CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) { 1566 addLocalScopeAndDtors(C); 1567 CFGBlock *LastBlock = Block; 1568 1569 for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend(); 1570 I != E; ++I ) { 1571 // If we hit a segment of code just containing ';' (NullStmts), we can 1572 // get a null block back. In such cases, just use the LastBlock 1573 if (CFGBlock *newBlock = addStmt(*I)) 1574 LastBlock = newBlock; 1575 1576 if (badCFG) 1577 return NULL; 1578 } 1579 1580 return LastBlock; 1581} 1582 1583CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C, 1584 AddStmtChoice asc) { 1585 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C); 1586 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : NULL); 1587 1588 // Create the confluence block that will "merge" the results of the ternary 1589 // expression. 1590 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1591 appendStmt(ConfluenceBlock, C); 1592 if (badCFG) 1593 return 0; 1594 1595 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1596 1597 // Create a block for the LHS expression if there is an LHS expression. A 1598 // GCC extension allows LHS to be NULL, causing the condition to be the 1599 // value that is returned instead. 1600 // e.g: x ?: y is shorthand for: x ? x : y; 1601 Succ = ConfluenceBlock; 1602 Block = NULL; 1603 CFGBlock *LHSBlock = 0; 1604 const Expr *trueExpr = C->getTrueExpr(); 1605 if (trueExpr != opaqueValue) { 1606 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd); 1607 if (badCFG) 1608 return 0; 1609 Block = NULL; 1610 } 1611 else 1612 LHSBlock = ConfluenceBlock; 1613 1614 // Create the block for the RHS expression. 1615 Succ = ConfluenceBlock; 1616 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd); 1617 if (badCFG) 1618 return 0; 1619 1620 // If the condition is a logical '&&' or '||', build a more accurate CFG. 1621 if (BinaryOperator *Cond = 1622 dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens())) 1623 if (Cond->isLogicalOp()) 1624 return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first; 1625 1626 // Create the block that will contain the condition. 1627 Block = createBlock(false); 1628 1629 // See if this is a known constant. 1630 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1631 addSuccessor(Block, LHSBlock, !KnownVal.isFalse()); 1632 addSuccessor(Block, RHSBlock, !KnownVal.isTrue()); 1633 Block->setTerminator(C); 1634 Expr *condExpr = C->getCond(); 1635 1636 if (opaqueValue) { 1637 // Run the condition expression if it's not trivially expressed in 1638 // terms of the opaque value (or if there is no opaque value). 1639 if (condExpr != opaqueValue) 1640 addStmt(condExpr); 1641 1642 // Before that, run the common subexpression if there was one. 1643 // At least one of this or the above will be run. 1644 return addStmt(BCO->getCommon()); 1645 } 1646 1647 return addStmt(condExpr); 1648} 1649 1650CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) { 1651 // Check if the Decl is for an __label__. If so, elide it from the 1652 // CFG entirely. 1653 if (isa<LabelDecl>(*DS->decl_begin())) 1654 return Block; 1655 1656 // This case also handles static_asserts. 1657 if (DS->isSingleDecl()) 1658 return VisitDeclSubExpr(DS); 1659 1660 CFGBlock *B = 0; 1661 1662 // Build an individual DeclStmt for each decl. 1663 for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(), 1664 E = DS->decl_rend(); 1665 I != E; ++I) { 1666 // Get the alignment of the new DeclStmt, padding out to >=8 bytes. 1667 unsigned A = llvm::AlignOf<DeclStmt>::Alignment < 8 1668 ? 8 : llvm::AlignOf<DeclStmt>::Alignment; 1669 1670 // Allocate the DeclStmt using the BumpPtrAllocator. It will get 1671 // automatically freed with the CFG. 1672 DeclGroupRef DG(*I); 1673 Decl *D = *I; 1674 void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A); 1675 DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D)); 1676 cfg->addSyntheticDeclStmt(DSNew, DS); 1677 1678 // Append the fake DeclStmt to block. 1679 B = VisitDeclSubExpr(DSNew); 1680 } 1681 1682 return B; 1683} 1684 1685/// VisitDeclSubExpr - Utility method to add block-level expressions for 1686/// DeclStmts and initializers in them. 1687CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) { 1688 assert(DS->isSingleDecl() && "Can handle single declarations only."); 1689 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); 1690 1691 if (!VD) { 1692 // Of everything that can be declared in a DeclStmt, only VarDecls impact 1693 // runtime semantics. 1694 return Block; 1695 } 1696 1697 bool IsReference = false; 1698 bool HasTemporaries = false; 1699 1700 // Guard static initializers under a branch. 1701 CFGBlock *blockAfterStaticInit = 0; 1702 1703 if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) { 1704 // For static variables, we need to create a branch to track 1705 // whether or not they are initialized. 1706 if (Block) { 1707 Succ = Block; 1708 Block = 0; 1709 if (badCFG) 1710 return 0; 1711 } 1712 blockAfterStaticInit = Succ; 1713 } 1714 1715 // Destructors of temporaries in initialization expression should be called 1716 // after initialization finishes. 1717 Expr *Init = VD->getInit(); 1718 if (Init) { 1719 IsReference = VD->getType()->isReferenceType(); 1720 HasTemporaries = isa<ExprWithCleanups>(Init); 1721 1722 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 1723 // Generate destructors for temporaries in initialization expression. 1724 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 1725 IsReference); 1726 } 1727 } 1728 1729 autoCreateBlock(); 1730 appendStmt(Block, DS); 1731 1732 // Keep track of the last non-null block, as 'Block' can be nulled out 1733 // if the initializer expression is something like a 'while' in a 1734 // statement-expression. 1735 CFGBlock *LastBlock = Block; 1736 1737 if (Init) { 1738 if (HasTemporaries) { 1739 // For expression with temporaries go directly to subexpression to omit 1740 // generating destructors for the second time. 1741 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init); 1742 if (CFGBlock *newBlock = Visit(EC->getSubExpr())) 1743 LastBlock = newBlock; 1744 } 1745 else { 1746 if (CFGBlock *newBlock = Visit(Init)) 1747 LastBlock = newBlock; 1748 } 1749 } 1750 1751 // If the type of VD is a VLA, then we must process its size expressions. 1752 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr()); 1753 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) { 1754 if (CFGBlock *newBlock = addStmt(VA->getSizeExpr())) 1755 LastBlock = newBlock; 1756 } 1757 1758 // Remove variable from local scope. 1759 if (ScopePos && VD == *ScopePos) 1760 ++ScopePos; 1761 1762 CFGBlock *B = LastBlock; 1763 if (blockAfterStaticInit) { 1764 Succ = B; 1765 Block = createBlock(false); 1766 Block->setTerminator(DS); 1767 addSuccessor(Block, blockAfterStaticInit); 1768 addSuccessor(Block, B); 1769 B = Block; 1770 } 1771 1772 return B; 1773} 1774 1775CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) { 1776 // We may see an if statement in the middle of a basic block, or it may be the 1777 // first statement we are processing. In either case, we create a new basic 1778 // block. First, we create the blocks for the then...else statements, and 1779 // then we create the block containing the if statement. If we were in the 1780 // middle of a block, we stop processing that block. That block is then the 1781 // implicit successor for the "then" and "else" clauses. 1782 1783 // Save local scope position because in case of condition variable ScopePos 1784 // won't be restored when traversing AST. 1785 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1786 1787 // Create local scope for possible condition variable. 1788 // Store scope position. Add implicit destructor. 1789 if (VarDecl *VD = I->getConditionVariable()) { 1790 LocalScope::const_iterator BeginScopePos = ScopePos; 1791 addLocalScopeForVarDecl(VD); 1792 addAutomaticObjDtors(ScopePos, BeginScopePos, I); 1793 } 1794 1795 // The block we were processing is now finished. Make it the successor 1796 // block. 1797 if (Block) { 1798 Succ = Block; 1799 if (badCFG) 1800 return 0; 1801 } 1802 1803 // Process the false branch. 1804 CFGBlock *ElseBlock = Succ; 1805 1806 if (Stmt *Else = I->getElse()) { 1807 SaveAndRestore<CFGBlock*> sv(Succ); 1808 1809 // NULL out Block so that the recursive call to Visit will 1810 // create a new basic block. 1811 Block = NULL; 1812 1813 // If branch is not a compound statement create implicit scope 1814 // and add destructors. 1815 if (!isa<CompoundStmt>(Else)) 1816 addLocalScopeAndDtors(Else); 1817 1818 ElseBlock = addStmt(Else); 1819 1820 if (!ElseBlock) // Can occur when the Else body has all NullStmts. 1821 ElseBlock = sv.get(); 1822 else if (Block) { 1823 if (badCFG) 1824 return 0; 1825 } 1826 } 1827 1828 // Process the true branch. 1829 CFGBlock *ThenBlock; 1830 { 1831 Stmt *Then = I->getThen(); 1832 assert(Then); 1833 SaveAndRestore<CFGBlock*> sv(Succ); 1834 Block = NULL; 1835 1836 // If branch is not a compound statement create implicit scope 1837 // and add destructors. 1838 if (!isa<CompoundStmt>(Then)) 1839 addLocalScopeAndDtors(Then); 1840 1841 ThenBlock = addStmt(Then); 1842 1843 if (!ThenBlock) { 1844 // We can reach here if the "then" body has all NullStmts. 1845 // Create an empty block so we can distinguish between true and false 1846 // branches in path-sensitive analyses. 1847 ThenBlock = createBlock(false); 1848 addSuccessor(ThenBlock, sv.get()); 1849 } else if (Block) { 1850 if (badCFG) 1851 return 0; 1852 } 1853 } 1854 1855 // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by 1856 // having these handle the actual control-flow jump. Note that 1857 // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)" 1858 // we resort to the old control-flow behavior. This special handling 1859 // removes infeasible paths from the control-flow graph by having the 1860 // control-flow transfer of '&&' or '||' go directly into the then/else 1861 // blocks directly. 1862 if (!I->getConditionVariable()) 1863 if (BinaryOperator *Cond = 1864 dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens())) 1865 if (Cond->isLogicalOp()) 1866 return VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first; 1867 1868 // Now create a new block containing the if statement. 1869 Block = createBlock(false); 1870 1871 // Set the terminator of the new block to the If statement. 1872 Block->setTerminator(I); 1873 1874 // See if this is a known constant. 1875 const TryResult &KnownVal = tryEvaluateBool(I->getCond()); 1876 1877 // Add the successors. If we know that specific branches are 1878 // unreachable, inform addSuccessor() of that knowledge. 1879 addSuccessor(Block, ThenBlock, /* isReachable = */ !KnownVal.isFalse()); 1880 addSuccessor(Block, ElseBlock, /* isReachable = */ !KnownVal.isTrue()); 1881 1882 // Add the condition as the last statement in the new block. This may create 1883 // new blocks as the condition may contain control-flow. Any newly created 1884 // blocks will be pointed to be "Block". 1885 CFGBlock *LastBlock = addStmt(I->getCond()); 1886 1887 // Finally, if the IfStmt contains a condition variable, add both the IfStmt 1888 // and the condition variable initialization to the CFG. 1889 if (VarDecl *VD = I->getConditionVariable()) { 1890 if (Expr *Init = VD->getInit()) { 1891 autoCreateBlock(); 1892 appendStmt(Block, I->getConditionVariableDeclStmt()); 1893 LastBlock = addStmt(Init); 1894 } 1895 } 1896 1897 return LastBlock; 1898} 1899 1900 1901CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) { 1902 // If we were in the middle of a block we stop processing that block. 1903 // 1904 // NOTE: If a "return" appears in the middle of a block, this means that the 1905 // code afterwards is DEAD (unreachable). We still keep a basic block 1906 // for that code; a simple "mark-and-sweep" from the entry block will be 1907 // able to report such dead blocks. 1908 1909 // Create the new block. 1910 Block = createBlock(false); 1911 1912 addAutomaticObjDtors(ScopePos, LocalScope::const_iterator(), R); 1913 1914 // If the one of the destructors does not return, we already have the Exit 1915 // block as a successor. 1916 if (!Block->hasNoReturnElement()) 1917 addSuccessor(Block, &cfg->getExit()); 1918 1919 // Add the return statement to the block. This may create new blocks if R 1920 // contains control-flow (short-circuit operations). 1921 return VisitStmt(R, AddStmtChoice::AlwaysAdd); 1922} 1923 1924CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) { 1925 // Get the block of the labeled statement. Add it to our map. 1926 addStmt(L->getSubStmt()); 1927 CFGBlock *LabelBlock = Block; 1928 1929 if (!LabelBlock) // This can happen when the body is empty, i.e. 1930 LabelBlock = createBlock(); // scopes that only contains NullStmts. 1931 1932 assert(LabelMap.find(L->getDecl()) == LabelMap.end() && 1933 "label already in map"); 1934 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos); 1935 1936 // Labels partition blocks, so this is the end of the basic block we were 1937 // processing (L is the block's label). Because this is label (and we have 1938 // already processed the substatement) there is no extra control-flow to worry 1939 // about. 1940 LabelBlock->setLabel(L); 1941 if (badCFG) 1942 return 0; 1943 1944 // We set Block to NULL to allow lazy creation of a new block (if necessary); 1945 Block = NULL; 1946 1947 // This block is now the implicit successor of other blocks. 1948 Succ = LabelBlock; 1949 1950 return LabelBlock; 1951} 1952 1953CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) { 1954 CFGBlock *LastBlock = VisitNoRecurse(E, asc); 1955 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(), 1956 et = E->capture_init_end(); it != et; ++it) { 1957 if (Expr *Init = *it) { 1958 CFGBlock *Tmp = Visit(Init); 1959 if (Tmp != 0) 1960 LastBlock = Tmp; 1961 } 1962 } 1963 return LastBlock; 1964} 1965 1966CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) { 1967 // Goto is a control-flow statement. Thus we stop processing the current 1968 // block and create a new one. 1969 1970 Block = createBlock(false); 1971 Block->setTerminator(G); 1972 1973 // If we already know the mapping to the label block add the successor now. 1974 LabelMapTy::iterator I = LabelMap.find(G->getLabel()); 1975 1976 if (I == LabelMap.end()) 1977 // We will need to backpatch this block later. 1978 BackpatchBlocks.push_back(JumpSource(Block, ScopePos)); 1979 else { 1980 JumpTarget JT = I->second; 1981 addAutomaticObjDtors(ScopePos, JT.scopePosition, G); 1982 addSuccessor(Block, JT.block); 1983 } 1984 1985 return Block; 1986} 1987 1988CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) { 1989 CFGBlock *LoopSuccessor = NULL; 1990 1991 // Save local scope position because in case of condition variable ScopePos 1992 // won't be restored when traversing AST. 1993 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1994 1995 // Create local scope for init statement and possible condition variable. 1996 // Add destructor for init statement and condition variable. 1997 // Store scope position for continue statement. 1998 if (Stmt *Init = F->getInit()) 1999 addLocalScopeForStmt(Init); 2000 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2001 2002 if (VarDecl *VD = F->getConditionVariable()) 2003 addLocalScopeForVarDecl(VD); 2004 LocalScope::const_iterator ContinueScopePos = ScopePos; 2005 2006 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), F); 2007 2008 // "for" is a control-flow statement. Thus we stop processing the current 2009 // block. 2010 if (Block) { 2011 if (badCFG) 2012 return 0; 2013 LoopSuccessor = Block; 2014 } else 2015 LoopSuccessor = Succ; 2016 2017 // Save the current value for the break targets. 2018 // All breaks should go to the code following the loop. 2019 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2020 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2021 2022 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 2023 2024 // Now create the loop body. 2025 { 2026 assert(F->getBody()); 2027 2028 // Save the current values for Block, Succ, continue and break targets. 2029 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2030 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 2031 2032 // Create an empty block to represent the transition block for looping back 2033 // to the head of the loop. If we have increment code, it will 2034 // go in this block as well. 2035 Block = Succ = TransitionBlock = createBlock(false); 2036 TransitionBlock->setLoopTarget(F); 2037 2038 if (Stmt *I = F->getInc()) { 2039 // Generate increment code in its own basic block. This is the target of 2040 // continue statements. 2041 Succ = addStmt(I); 2042 } 2043 2044 // Finish up the increment (or empty) block if it hasn't been already. 2045 if (Block) { 2046 assert(Block == Succ); 2047 if (badCFG) 2048 return 0; 2049 Block = 0; 2050 } 2051 2052 // The starting block for the loop increment is the block that should 2053 // represent the 'loop target' for looping back to the start of the loop. 2054 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 2055 ContinueJumpTarget.block->setLoopTarget(F); 2056 2057 // Loop body should end with destructor of Condition variable (if any). 2058 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, F); 2059 2060 // If body is not a compound statement create implicit scope 2061 // and add destructors. 2062 if (!isa<CompoundStmt>(F->getBody())) 2063 addLocalScopeAndDtors(F->getBody()); 2064 2065 // Now populate the body block, and in the process create new blocks as we 2066 // walk the body of the loop. 2067 BodyBlock = addStmt(F->getBody()); 2068 2069 if (!BodyBlock) { 2070 // In the case of "for (...;...;...);" we can have a null BodyBlock. 2071 // Use the continue jump target as the proxy for the body. 2072 BodyBlock = ContinueJumpTarget.block; 2073 } 2074 else if (badCFG) 2075 return 0; 2076 } 2077 2078 // Because of short-circuit evaluation, the condition of the loop can span 2079 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2080 // evaluate the condition. 2081 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2082 2083 do { 2084 Expr *C = F->getCond(); 2085 2086 // Specially handle logical operators, which have a slightly 2087 // more optimal CFG representation. 2088 if (BinaryOperator *Cond = 2089 dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : 0)) 2090 if (Cond->isLogicalOp()) { 2091 std::tie(EntryConditionBlock, ExitConditionBlock) = 2092 VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor); 2093 break; 2094 } 2095 2096 // The default case when not handling logical operators. 2097 EntryConditionBlock = ExitConditionBlock = createBlock(false); 2098 ExitConditionBlock->setTerminator(F); 2099 2100 // See if this is a known constant. 2101 TryResult KnownVal(true); 2102 2103 if (C) { 2104 // Now add the actual condition to the condition block. 2105 // Because the condition itself may contain control-flow, new blocks may 2106 // be created. Thus we update "Succ" after adding the condition. 2107 Block = ExitConditionBlock; 2108 EntryConditionBlock = addStmt(C); 2109 2110 // If this block contains a condition variable, add both the condition 2111 // variable and initializer to the CFG. 2112 if (VarDecl *VD = F->getConditionVariable()) { 2113 if (Expr *Init = VD->getInit()) { 2114 autoCreateBlock(); 2115 appendStmt(Block, F->getConditionVariableDeclStmt()); 2116 EntryConditionBlock = addStmt(Init); 2117 assert(Block == EntryConditionBlock); 2118 } 2119 } 2120 2121 if (Block && badCFG) 2122 return 0; 2123 2124 KnownVal = tryEvaluateBool(C); 2125 } 2126 2127 // Add the loop body entry as a successor to the condition. 2128 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2129 // Link up the condition block with the code that follows the loop. (the 2130 // false branch). 2131 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2132 2133 } while (false); 2134 2135 // Link up the loop-back block to the entry condition block. 2136 addSuccessor(TransitionBlock, EntryConditionBlock); 2137 2138 // The condition block is the implicit successor for any code above the loop. 2139 Succ = EntryConditionBlock; 2140 2141 // If the loop contains initialization, create a new block for those 2142 // statements. This block can also contain statements that precede the loop. 2143 if (Stmt *I = F->getInit()) { 2144 Block = createBlock(); 2145 return addStmt(I); 2146 } 2147 2148 // There is no loop initialization. We are thus basically a while loop. 2149 // NULL out Block to force lazy block construction. 2150 Block = NULL; 2151 Succ = EntryConditionBlock; 2152 return EntryConditionBlock; 2153} 2154 2155CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) { 2156 if (asc.alwaysAdd(*this, M)) { 2157 autoCreateBlock(); 2158 appendStmt(Block, M); 2159 } 2160 return Visit(M->getBase()); 2161} 2162 2163CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) { 2164 // Objective-C fast enumeration 'for' statements: 2165 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC 2166 // 2167 // for ( Type newVariable in collection_expression ) { statements } 2168 // 2169 // becomes: 2170 // 2171 // prologue: 2172 // 1. collection_expression 2173 // T. jump to loop_entry 2174 // loop_entry: 2175 // 1. side-effects of element expression 2176 // 1. ObjCForCollectionStmt [performs binding to newVariable] 2177 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil] 2178 // TB: 2179 // statements 2180 // T. jump to loop_entry 2181 // FB: 2182 // what comes after 2183 // 2184 // and 2185 // 2186 // Type existingItem; 2187 // for ( existingItem in expression ) { statements } 2188 // 2189 // becomes: 2190 // 2191 // the same with newVariable replaced with existingItem; the binding works 2192 // the same except that for one ObjCForCollectionStmt::getElement() returns 2193 // a DeclStmt and the other returns a DeclRefExpr. 2194 // 2195 2196 CFGBlock *LoopSuccessor = 0; 2197 2198 if (Block) { 2199 if (badCFG) 2200 return 0; 2201 LoopSuccessor = Block; 2202 Block = 0; 2203 } else 2204 LoopSuccessor = Succ; 2205 2206 // Build the condition blocks. 2207 CFGBlock *ExitConditionBlock = createBlock(false); 2208 2209 // Set the terminator for the "exit" condition block. 2210 ExitConditionBlock->setTerminator(S); 2211 2212 // The last statement in the block should be the ObjCForCollectionStmt, which 2213 // performs the actual binding to 'element' and determines if there are any 2214 // more items in the collection. 2215 appendStmt(ExitConditionBlock, S); 2216 Block = ExitConditionBlock; 2217 2218 // Walk the 'element' expression to see if there are any side-effects. We 2219 // generate new blocks as necessary. We DON'T add the statement by default to 2220 // the CFG unless it contains control-flow. 2221 CFGBlock *EntryConditionBlock = Visit(S->getElement(), 2222 AddStmtChoice::NotAlwaysAdd); 2223 if (Block) { 2224 if (badCFG) 2225 return 0; 2226 Block = 0; 2227 } 2228 2229 // The condition block is the implicit successor for the loop body as well as 2230 // any code above the loop. 2231 Succ = EntryConditionBlock; 2232 2233 // Now create the true branch. 2234 { 2235 // Save the current values for Succ, continue and break targets. 2236 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2237 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2238 save_break(BreakJumpTarget); 2239 2240 // Add an intermediate block between the BodyBlock and the 2241 // EntryConditionBlock to represent the "loop back" transition, for looping 2242 // back to the head of the loop. 2243 CFGBlock *LoopBackBlock = 0; 2244 Succ = LoopBackBlock = createBlock(); 2245 LoopBackBlock->setLoopTarget(S); 2246 2247 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2248 ContinueJumpTarget = JumpTarget(Succ, ScopePos); 2249 2250 CFGBlock *BodyBlock = addStmt(S->getBody()); 2251 2252 if (!BodyBlock) 2253 BodyBlock = ContinueJumpTarget.block; // can happen for "for (X in Y) ;" 2254 else if (Block) { 2255 if (badCFG) 2256 return 0; 2257 } 2258 2259 // This new body block is a successor to our "exit" condition block. 2260 addSuccessor(ExitConditionBlock, BodyBlock); 2261 } 2262 2263 // Link up the condition block with the code that follows the loop. 2264 // (the false branch). 2265 addSuccessor(ExitConditionBlock, LoopSuccessor); 2266 2267 // Now create a prologue block to contain the collection expression. 2268 Block = createBlock(); 2269 return addStmt(S->getCollection()); 2270} 2271 2272CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) { 2273 // Inline the body. 2274 return addStmt(S->getSubStmt()); 2275 // TODO: consider adding cleanups for the end of @autoreleasepool scope. 2276} 2277 2278CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) { 2279 // FIXME: Add locking 'primitives' to CFG for @synchronized. 2280 2281 // Inline the body. 2282 CFGBlock *SyncBlock = addStmt(S->getSynchBody()); 2283 2284 // The sync body starts its own basic block. This makes it a little easier 2285 // for diagnostic clients. 2286 if (SyncBlock) { 2287 if (badCFG) 2288 return 0; 2289 2290 Block = 0; 2291 Succ = SyncBlock; 2292 } 2293 2294 // Add the @synchronized to the CFG. 2295 autoCreateBlock(); 2296 appendStmt(Block, S); 2297 2298 // Inline the sync expression. 2299 return addStmt(S->getSynchExpr()); 2300} 2301 2302CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *S) { 2303 // FIXME 2304 return NYS(); 2305} 2306 2307CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) { 2308 autoCreateBlock(); 2309 2310 // Add the PseudoObject as the last thing. 2311 appendStmt(Block, E); 2312 2313 CFGBlock *lastBlock = Block; 2314 2315 // Before that, evaluate all of the semantics in order. In 2316 // CFG-land, that means appending them in reverse order. 2317 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) { 2318 Expr *Semantic = E->getSemanticExpr(--i); 2319 2320 // If the semantic is an opaque value, we're being asked to bind 2321 // it to its source expression. 2322 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic)) 2323 Semantic = OVE->getSourceExpr(); 2324 2325 if (CFGBlock *B = Visit(Semantic)) 2326 lastBlock = B; 2327 } 2328 2329 return lastBlock; 2330} 2331 2332CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) { 2333 CFGBlock *LoopSuccessor = NULL; 2334 2335 // Save local scope position because in case of condition variable ScopePos 2336 // won't be restored when traversing AST. 2337 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2338 2339 // Create local scope for possible condition variable. 2340 // Store scope position for continue statement. 2341 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2342 if (VarDecl *VD = W->getConditionVariable()) { 2343 addLocalScopeForVarDecl(VD); 2344 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2345 } 2346 2347 // "while" is a control-flow statement. Thus we stop processing the current 2348 // block. 2349 if (Block) { 2350 if (badCFG) 2351 return 0; 2352 LoopSuccessor = Block; 2353 Block = 0; 2354 } else { 2355 LoopSuccessor = Succ; 2356 } 2357 2358 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 2359 2360 // Process the loop body. 2361 { 2362 assert(W->getBody()); 2363 2364 // Save the current values for Block, Succ, continue and break targets. 2365 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2366 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2367 save_break(BreakJumpTarget); 2368 2369 // Create an empty block to represent the transition block for looping back 2370 // to the head of the loop. 2371 Succ = TransitionBlock = createBlock(false); 2372 TransitionBlock->setLoopTarget(W); 2373 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos); 2374 2375 // All breaks should go to the code following the loop. 2376 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2377 2378 // Loop body should end with destructor of Condition variable (if any). 2379 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2380 2381 // If body is not a compound statement create implicit scope 2382 // and add destructors. 2383 if (!isa<CompoundStmt>(W->getBody())) 2384 addLocalScopeAndDtors(W->getBody()); 2385 2386 // Create the body. The returned block is the entry to the loop body. 2387 BodyBlock = addStmt(W->getBody()); 2388 2389 if (!BodyBlock) 2390 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;" 2391 else if (Block && badCFG) 2392 return 0; 2393 } 2394 2395 // Because of short-circuit evaluation, the condition of the loop can span 2396 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2397 // evaluate the condition. 2398 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2399 2400 do { 2401 Expr *C = W->getCond(); 2402 2403 // Specially handle logical operators, which have a slightly 2404 // more optimal CFG representation. 2405 if (BinaryOperator *Cond = dyn_cast<BinaryOperator>(C->IgnoreParens())) 2406 if (Cond->isLogicalOp()) { 2407 std::tie(EntryConditionBlock, ExitConditionBlock) = 2408 VisitLogicalOperator(Cond, W, BodyBlock, LoopSuccessor); 2409 break; 2410 } 2411 2412 // The default case when not handling logical operators. 2413 ExitConditionBlock = createBlock(false); 2414 ExitConditionBlock->setTerminator(W); 2415 2416 // Now add the actual condition to the condition block. 2417 // Because the condition itself may contain control-flow, new blocks may 2418 // be created. Thus we update "Succ" after adding the condition. 2419 Block = ExitConditionBlock; 2420 Block = EntryConditionBlock = addStmt(C); 2421 2422 // If this block contains a condition variable, add both the condition 2423 // variable and initializer to the CFG. 2424 if (VarDecl *VD = W->getConditionVariable()) { 2425 if (Expr *Init = VD->getInit()) { 2426 autoCreateBlock(); 2427 appendStmt(Block, W->getConditionVariableDeclStmt()); 2428 EntryConditionBlock = addStmt(Init); 2429 assert(Block == EntryConditionBlock); 2430 } 2431 } 2432 2433 if (Block && badCFG) 2434 return 0; 2435 2436 // See if this is a known constant. 2437 const TryResult& KnownVal = tryEvaluateBool(C); 2438 2439 // Add the loop body entry as a successor to the condition. 2440 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2441 // Link up the condition block with the code that follows the loop. (the 2442 // false branch). 2443 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2444 2445 } while(false); 2446 2447 // Link up the loop-back block to the entry condition block. 2448 addSuccessor(TransitionBlock, EntryConditionBlock); 2449 2450 // There can be no more statements in the condition block since we loop back 2451 // to this block. NULL out Block to force lazy creation of another block. 2452 Block = NULL; 2453 2454 // Return the condition block, which is the dominating block for the loop. 2455 Succ = EntryConditionBlock; 2456 return EntryConditionBlock; 2457} 2458 2459 2460CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *S) { 2461 // FIXME: For now we pretend that @catch and the code it contains does not 2462 // exit. 2463 return Block; 2464} 2465 2466CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) { 2467 // FIXME: This isn't complete. We basically treat @throw like a return 2468 // statement. 2469 2470 // If we were in the middle of a block we stop processing that block. 2471 if (badCFG) 2472 return 0; 2473 2474 // Create the new block. 2475 Block = createBlock(false); 2476 2477 // The Exit block is the only successor. 2478 addSuccessor(Block, &cfg->getExit()); 2479 2480 // Add the statement to the block. This may create new blocks if S contains 2481 // control-flow (short-circuit operations). 2482 return VisitStmt(S, AddStmtChoice::AlwaysAdd); 2483} 2484 2485CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) { 2486 // If we were in the middle of a block we stop processing that block. 2487 if (badCFG) 2488 return 0; 2489 2490 // Create the new block. 2491 Block = createBlock(false); 2492 2493 if (TryTerminatedBlock) 2494 // The current try statement is the only successor. 2495 addSuccessor(Block, TryTerminatedBlock); 2496 else 2497 // otherwise the Exit block is the only successor. 2498 addSuccessor(Block, &cfg->getExit()); 2499 2500 // Add the statement to the block. This may create new blocks if S contains 2501 // control-flow (short-circuit operations). 2502 return VisitStmt(T, AddStmtChoice::AlwaysAdd); 2503} 2504 2505CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) { 2506 CFGBlock *LoopSuccessor = NULL; 2507 2508 // "do...while" is a control-flow statement. Thus we stop processing the 2509 // current block. 2510 if (Block) { 2511 if (badCFG) 2512 return 0; 2513 LoopSuccessor = Block; 2514 } else 2515 LoopSuccessor = Succ; 2516 2517 // Because of short-circuit evaluation, the condition of the loop can span 2518 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2519 // evaluate the condition. 2520 CFGBlock *ExitConditionBlock = createBlock(false); 2521 CFGBlock *EntryConditionBlock = ExitConditionBlock; 2522 2523 // Set the terminator for the "exit" condition block. 2524 ExitConditionBlock->setTerminator(D); 2525 2526 // Now add the actual condition to the condition block. Because the condition 2527 // itself may contain control-flow, new blocks may be created. 2528 if (Stmt *C = D->getCond()) { 2529 Block = ExitConditionBlock; 2530 EntryConditionBlock = addStmt(C); 2531 if (Block) { 2532 if (badCFG) 2533 return 0; 2534 } 2535 } 2536 2537 // The condition block is the implicit successor for the loop body. 2538 Succ = EntryConditionBlock; 2539 2540 // See if this is a known constant. 2541 const TryResult &KnownVal = tryEvaluateBool(D->getCond()); 2542 2543 // Process the loop body. 2544 CFGBlock *BodyBlock = NULL; 2545 { 2546 assert(D->getBody()); 2547 2548 // Save the current values for Block, Succ, and continue and break targets 2549 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2550 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2551 save_break(BreakJumpTarget); 2552 2553 // All continues within this loop should go to the condition block 2554 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos); 2555 2556 // All breaks should go to the code following the loop. 2557 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2558 2559 // NULL out Block to force lazy instantiation of blocks for the body. 2560 Block = NULL; 2561 2562 // If body is not a compound statement create implicit scope 2563 // and add destructors. 2564 if (!isa<CompoundStmt>(D->getBody())) 2565 addLocalScopeAndDtors(D->getBody()); 2566 2567 // Create the body. The returned block is the entry to the loop body. 2568 BodyBlock = addStmt(D->getBody()); 2569 2570 if (!BodyBlock) 2571 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)" 2572 else if (Block) { 2573 if (badCFG) 2574 return 0; 2575 } 2576 2577 if (!KnownVal.isFalse()) { 2578 // Add an intermediate block between the BodyBlock and the 2579 // ExitConditionBlock to represent the "loop back" transition. Create an 2580 // empty block to represent the transition block for looping back to the 2581 // head of the loop. 2582 // FIXME: Can we do this more efficiently without adding another block? 2583 Block = NULL; 2584 Succ = BodyBlock; 2585 CFGBlock *LoopBackBlock = createBlock(); 2586 LoopBackBlock->setLoopTarget(D); 2587 2588 // Add the loop body entry as a successor to the condition. 2589 addSuccessor(ExitConditionBlock, LoopBackBlock); 2590 } 2591 else 2592 addSuccessor(ExitConditionBlock, NULL); 2593 } 2594 2595 // Link up the condition block with the code that follows the loop. 2596 // (the false branch). 2597 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2598 2599 // There can be no more statements in the body block(s) since we loop back to 2600 // the body. NULL out Block to force lazy creation of another block. 2601 Block = NULL; 2602 2603 // Return the loop body, which is the dominating block for the loop. 2604 Succ = BodyBlock; 2605 return BodyBlock; 2606} 2607 2608CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) { 2609 // "continue" is a control-flow statement. Thus we stop processing the 2610 // current block. 2611 if (badCFG) 2612 return 0; 2613 2614 // Now create a new block that ends with the continue statement. 2615 Block = createBlock(false); 2616 Block->setTerminator(C); 2617 2618 // If there is no target for the continue, then we are looking at an 2619 // incomplete AST. This means the CFG cannot be constructed. 2620 if (ContinueJumpTarget.block) { 2621 addAutomaticObjDtors(ScopePos, ContinueJumpTarget.scopePosition, C); 2622 addSuccessor(Block, ContinueJumpTarget.block); 2623 } else 2624 badCFG = true; 2625 2626 return Block; 2627} 2628 2629CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 2630 AddStmtChoice asc) { 2631 2632 if (asc.alwaysAdd(*this, E)) { 2633 autoCreateBlock(); 2634 appendStmt(Block, E); 2635 } 2636 2637 // VLA types have expressions that must be evaluated. 2638 CFGBlock *lastBlock = Block; 2639 2640 if (E->isArgumentType()) { 2641 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr()); 2642 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) 2643 lastBlock = addStmt(VA->getSizeExpr()); 2644 } 2645 return lastBlock; 2646} 2647 2648/// VisitStmtExpr - Utility method to handle (nested) statement 2649/// expressions (a GCC extension). 2650CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) { 2651 if (asc.alwaysAdd(*this, SE)) { 2652 autoCreateBlock(); 2653 appendStmt(Block, SE); 2654 } 2655 return VisitCompoundStmt(SE->getSubStmt()); 2656} 2657 2658CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) { 2659 // "switch" is a control-flow statement. Thus we stop processing the current 2660 // block. 2661 CFGBlock *SwitchSuccessor = NULL; 2662 2663 // Save local scope position because in case of condition variable ScopePos 2664 // won't be restored when traversing AST. 2665 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2666 2667 // Create local scope for possible condition variable. 2668 // Store scope position. Add implicit destructor. 2669 if (VarDecl *VD = Terminator->getConditionVariable()) { 2670 LocalScope::const_iterator SwitchBeginScopePos = ScopePos; 2671 addLocalScopeForVarDecl(VD); 2672 addAutomaticObjDtors(ScopePos, SwitchBeginScopePos, Terminator); 2673 } 2674 2675 if (Block) { 2676 if (badCFG) 2677 return 0; 2678 SwitchSuccessor = Block; 2679 } else SwitchSuccessor = Succ; 2680 2681 // Save the current "switch" context. 2682 SaveAndRestore<CFGBlock*> save_switch(SwitchTerminatedBlock), 2683 save_default(DefaultCaseBlock); 2684 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2685 2686 // Set the "default" case to be the block after the switch statement. If the 2687 // switch statement contains a "default:", this value will be overwritten with 2688 // the block for that code. 2689 DefaultCaseBlock = SwitchSuccessor; 2690 2691 // Create a new block that will contain the switch statement. 2692 SwitchTerminatedBlock = createBlock(false); 2693 2694 // Now process the switch body. The code after the switch is the implicit 2695 // successor. 2696 Succ = SwitchSuccessor; 2697 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos); 2698 2699 // When visiting the body, the case statements should automatically get linked 2700 // up to the switch. We also don't keep a pointer to the body, since all 2701 // control-flow from the switch goes to case/default statements. 2702 assert(Terminator->getBody() && "switch must contain a non-NULL body"); 2703 Block = NULL; 2704 2705 // For pruning unreachable case statements, save the current state 2706 // for tracking the condition value. 2707 SaveAndRestore<bool> save_switchExclusivelyCovered(switchExclusivelyCovered, 2708 false); 2709 2710 // Determine if the switch condition can be explicitly evaluated. 2711 assert(Terminator->getCond() && "switch condition must be non-NULL"); 2712 Expr::EvalResult result; 2713 bool b = tryEvaluate(Terminator->getCond(), result); 2714 SaveAndRestore<Expr::EvalResult*> save_switchCond(switchCond, 2715 b ? &result : 0); 2716 2717 // If body is not a compound statement create implicit scope 2718 // and add destructors. 2719 if (!isa<CompoundStmt>(Terminator->getBody())) 2720 addLocalScopeAndDtors(Terminator->getBody()); 2721 2722 addStmt(Terminator->getBody()); 2723 if (Block) { 2724 if (badCFG) 2725 return 0; 2726 } 2727 2728 // If we have no "default:" case, the default transition is to the code 2729 // following the switch body. Moreover, take into account if all the 2730 // cases of a switch are covered (e.g., switching on an enum value). 2731 // 2732 // Note: We add a successor to a switch that is considered covered yet has no 2733 // case statements if the enumeration has no enumerators. 2734 bool SwitchAlwaysHasSuccessor = false; 2735 SwitchAlwaysHasSuccessor |= switchExclusivelyCovered; 2736 SwitchAlwaysHasSuccessor |= Terminator->isAllEnumCasesCovered() && 2737 Terminator->getSwitchCaseList(); 2738 addSuccessor(SwitchTerminatedBlock, DefaultCaseBlock, 2739 !SwitchAlwaysHasSuccessor); 2740 2741 // Add the terminator and condition in the switch block. 2742 SwitchTerminatedBlock->setTerminator(Terminator); 2743 Block = SwitchTerminatedBlock; 2744 CFGBlock *LastBlock = addStmt(Terminator->getCond()); 2745 2746 // Finally, if the SwitchStmt contains a condition variable, add both the 2747 // SwitchStmt and the condition variable initialization to the CFG. 2748 if (VarDecl *VD = Terminator->getConditionVariable()) { 2749 if (Expr *Init = VD->getInit()) { 2750 autoCreateBlock(); 2751 appendStmt(Block, Terminator->getConditionVariableDeclStmt()); 2752 LastBlock = addStmt(Init); 2753 } 2754 } 2755 2756 return LastBlock; 2757} 2758 2759static bool shouldAddCase(bool &switchExclusivelyCovered, 2760 const Expr::EvalResult *switchCond, 2761 const CaseStmt *CS, 2762 ASTContext &Ctx) { 2763 if (!switchCond) 2764 return true; 2765 2766 bool addCase = false; 2767 2768 if (!switchExclusivelyCovered) { 2769 if (switchCond->Val.isInt()) { 2770 // Evaluate the LHS of the case value. 2771 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx); 2772 const llvm::APSInt &condInt = switchCond->Val.getInt(); 2773 2774 if (condInt == lhsInt) { 2775 addCase = true; 2776 switchExclusivelyCovered = true; 2777 } 2778 else if (condInt < lhsInt) { 2779 if (const Expr *RHS = CS->getRHS()) { 2780 // Evaluate the RHS of the case value. 2781 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx); 2782 if (V2 <= condInt) { 2783 addCase = true; 2784 switchExclusivelyCovered = true; 2785 } 2786 } 2787 } 2788 } 2789 else 2790 addCase = true; 2791 } 2792 return addCase; 2793} 2794 2795CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) { 2796 // CaseStmts are essentially labels, so they are the first statement in a 2797 // block. 2798 CFGBlock *TopBlock = 0, *LastBlock = 0; 2799 2800 if (Stmt *Sub = CS->getSubStmt()) { 2801 // For deeply nested chains of CaseStmts, instead of doing a recursion 2802 // (which can blow out the stack), manually unroll and create blocks 2803 // along the way. 2804 while (isa<CaseStmt>(Sub)) { 2805 CFGBlock *currentBlock = createBlock(false); 2806 currentBlock->setLabel(CS); 2807 2808 if (TopBlock) 2809 addSuccessor(LastBlock, currentBlock); 2810 else 2811 TopBlock = currentBlock; 2812 2813 addSuccessor(SwitchTerminatedBlock, 2814 shouldAddCase(switchExclusivelyCovered, switchCond, 2815 CS, *Context) 2816 ? currentBlock : 0); 2817 2818 LastBlock = currentBlock; 2819 CS = cast<CaseStmt>(Sub); 2820 Sub = CS->getSubStmt(); 2821 } 2822 2823 addStmt(Sub); 2824 } 2825 2826 CFGBlock *CaseBlock = Block; 2827 if (!CaseBlock) 2828 CaseBlock = createBlock(); 2829 2830 // Cases statements partition blocks, so this is the top of the basic block we 2831 // were processing (the "case XXX:" is the label). 2832 CaseBlock->setLabel(CS); 2833 2834 if (badCFG) 2835 return 0; 2836 2837 // Add this block to the list of successors for the block with the switch 2838 // statement. 2839 assert(SwitchTerminatedBlock); 2840 addSuccessor(SwitchTerminatedBlock, CaseBlock, 2841 shouldAddCase(switchExclusivelyCovered, switchCond, 2842 CS, *Context)); 2843 2844 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2845 Block = NULL; 2846 2847 if (TopBlock) { 2848 addSuccessor(LastBlock, CaseBlock); 2849 Succ = TopBlock; 2850 } else { 2851 // This block is now the implicit successor of other blocks. 2852 Succ = CaseBlock; 2853 } 2854 2855 return Succ; 2856} 2857 2858CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) { 2859 if (Terminator->getSubStmt()) 2860 addStmt(Terminator->getSubStmt()); 2861 2862 DefaultCaseBlock = Block; 2863 2864 if (!DefaultCaseBlock) 2865 DefaultCaseBlock = createBlock(); 2866 2867 // Default statements partition blocks, so this is the top of the basic block 2868 // we were processing (the "default:" is the label). 2869 DefaultCaseBlock->setLabel(Terminator); 2870 2871 if (badCFG) 2872 return 0; 2873 2874 // Unlike case statements, we don't add the default block to the successors 2875 // for the switch statement immediately. This is done when we finish 2876 // processing the switch statement. This allows for the default case 2877 // (including a fall-through to the code after the switch statement) to always 2878 // be the last successor of a switch-terminated block. 2879 2880 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2881 Block = NULL; 2882 2883 // This block is now the implicit successor of other blocks. 2884 Succ = DefaultCaseBlock; 2885 2886 return DefaultCaseBlock; 2887} 2888 2889CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) { 2890 // "try"/"catch" is a control-flow statement. Thus we stop processing the 2891 // current block. 2892 CFGBlock *TrySuccessor = NULL; 2893 2894 if (Block) { 2895 if (badCFG) 2896 return 0; 2897 TrySuccessor = Block; 2898 } else TrySuccessor = Succ; 2899 2900 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock; 2901 2902 // Create a new block that will contain the try statement. 2903 CFGBlock *NewTryTerminatedBlock = createBlock(false); 2904 // Add the terminator in the try block. 2905 NewTryTerminatedBlock->setTerminator(Terminator); 2906 2907 bool HasCatchAll = false; 2908 for (unsigned h = 0; h <Terminator->getNumHandlers(); ++h) { 2909 // The code after the try is the implicit successor. 2910 Succ = TrySuccessor; 2911 CXXCatchStmt *CS = Terminator->getHandler(h); 2912 if (CS->getExceptionDecl() == 0) { 2913 HasCatchAll = true; 2914 } 2915 Block = NULL; 2916 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS); 2917 if (CatchBlock == 0) 2918 return 0; 2919 // Add this block to the list of successors for the block with the try 2920 // statement. 2921 addSuccessor(NewTryTerminatedBlock, CatchBlock); 2922 } 2923 if (!HasCatchAll) { 2924 if (PrevTryTerminatedBlock) 2925 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock); 2926 else 2927 addSuccessor(NewTryTerminatedBlock, &cfg->getExit()); 2928 } 2929 2930 // The code after the try is the implicit successor. 2931 Succ = TrySuccessor; 2932 2933 // Save the current "try" context. 2934 SaveAndRestore<CFGBlock*> save_try(TryTerminatedBlock, NewTryTerminatedBlock); 2935 cfg->addTryDispatchBlock(TryTerminatedBlock); 2936 2937 assert(Terminator->getTryBlock() && "try must contain a non-NULL body"); 2938 Block = NULL; 2939 return addStmt(Terminator->getTryBlock()); 2940} 2941 2942CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) { 2943 // CXXCatchStmt are treated like labels, so they are the first statement in a 2944 // block. 2945 2946 // Save local scope position because in case of exception variable ScopePos 2947 // won't be restored when traversing AST. 2948 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2949 2950 // Create local scope for possible exception variable. 2951 // Store scope position. Add implicit destructor. 2952 if (VarDecl *VD = CS->getExceptionDecl()) { 2953 LocalScope::const_iterator BeginScopePos = ScopePos; 2954 addLocalScopeForVarDecl(VD); 2955 addAutomaticObjDtors(ScopePos, BeginScopePos, CS); 2956 } 2957 2958 if (CS->getHandlerBlock()) 2959 addStmt(CS->getHandlerBlock()); 2960 2961 CFGBlock *CatchBlock = Block; 2962 if (!CatchBlock) 2963 CatchBlock = createBlock(); 2964 2965 // CXXCatchStmt is more than just a label. They have semantic meaning 2966 // as well, as they implicitly "initialize" the catch variable. Add 2967 // it to the CFG as a CFGElement so that the control-flow of these 2968 // semantics gets captured. 2969 appendStmt(CatchBlock, CS); 2970 2971 // Also add the CXXCatchStmt as a label, to mirror handling of regular 2972 // labels. 2973 CatchBlock->setLabel(CS); 2974 2975 // Bail out if the CFG is bad. 2976 if (badCFG) 2977 return 0; 2978 2979 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2980 Block = NULL; 2981 2982 return CatchBlock; 2983} 2984 2985CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) { 2986 // C++0x for-range statements are specified as [stmt.ranged]: 2987 // 2988 // { 2989 // auto && __range = range-init; 2990 // for ( auto __begin = begin-expr, 2991 // __end = end-expr; 2992 // __begin != __end; 2993 // ++__begin ) { 2994 // for-range-declaration = *__begin; 2995 // statement 2996 // } 2997 // } 2998 2999 // Save local scope position before the addition of the implicit variables. 3000 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 3001 3002 // Create local scopes and destructors for range, begin and end variables. 3003 if (Stmt *Range = S->getRangeStmt()) 3004 addLocalScopeForStmt(Range); 3005 if (Stmt *BeginEnd = S->getBeginEndStmt()) 3006 addLocalScopeForStmt(BeginEnd); 3007 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), S); 3008 3009 LocalScope::const_iterator ContinueScopePos = ScopePos; 3010 3011 // "for" is a control-flow statement. Thus we stop processing the current 3012 // block. 3013 CFGBlock *LoopSuccessor = NULL; 3014 if (Block) { 3015 if (badCFG) 3016 return 0; 3017 LoopSuccessor = Block; 3018 } else 3019 LoopSuccessor = Succ; 3020 3021 // Save the current value for the break targets. 3022 // All breaks should go to the code following the loop. 3023 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 3024 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 3025 3026 // The block for the __begin != __end expression. 3027 CFGBlock *ConditionBlock = createBlock(false); 3028 ConditionBlock->setTerminator(S); 3029 3030 // Now add the actual condition to the condition block. 3031 if (Expr *C = S->getCond()) { 3032 Block = ConditionBlock; 3033 CFGBlock *BeginConditionBlock = addStmt(C); 3034 if (badCFG) 3035 return 0; 3036 assert(BeginConditionBlock == ConditionBlock && 3037 "condition block in for-range was unexpectedly complex"); 3038 (void)BeginConditionBlock; 3039 } 3040 3041 // The condition block is the implicit successor for the loop body as well as 3042 // any code above the loop. 3043 Succ = ConditionBlock; 3044 3045 // See if this is a known constant. 3046 TryResult KnownVal(true); 3047 3048 if (S->getCond()) 3049 KnownVal = tryEvaluateBool(S->getCond()); 3050 3051 // Now create the loop body. 3052 { 3053 assert(S->getBody()); 3054 3055 // Save the current values for Block, Succ, and continue targets. 3056 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 3057 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 3058 3059 // Generate increment code in its own basic block. This is the target of 3060 // continue statements. 3061 Block = 0; 3062 Succ = addStmt(S->getInc()); 3063 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 3064 3065 // The starting block for the loop increment is the block that should 3066 // represent the 'loop target' for looping back to the start of the loop. 3067 ContinueJumpTarget.block->setLoopTarget(S); 3068 3069 // Finish up the increment block and prepare to start the loop body. 3070 assert(Block); 3071 if (badCFG) 3072 return 0; 3073 Block = 0; 3074 3075 3076 // Add implicit scope and dtors for loop variable. 3077 addLocalScopeAndDtors(S->getLoopVarStmt()); 3078 3079 // Populate a new block to contain the loop body and loop variable. 3080 addStmt(S->getBody()); 3081 if (badCFG) 3082 return 0; 3083 CFGBlock *LoopVarStmtBlock = addStmt(S->getLoopVarStmt()); 3084 if (badCFG) 3085 return 0; 3086 3087 // This new body block is a successor to our condition block. 3088 addSuccessor(ConditionBlock, KnownVal.isFalse() ? 0 : LoopVarStmtBlock); 3089 } 3090 3091 // Link up the condition block with the code that follows the loop (the 3092 // false branch). 3093 addSuccessor(ConditionBlock, KnownVal.isTrue() ? 0 : LoopSuccessor); 3094 3095 // Add the initialization statements. 3096 Block = createBlock(); 3097 addStmt(S->getBeginEndStmt()); 3098 return addStmt(S->getRangeStmt()); 3099} 3100 3101CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E, 3102 AddStmtChoice asc) { 3103 if (BuildOpts.AddTemporaryDtors) { 3104 // If adding implicit destructors visit the full expression for adding 3105 // destructors of temporaries. 3106 VisitForTemporaryDtors(E->getSubExpr()); 3107 3108 // Full expression has to be added as CFGStmt so it will be sequenced 3109 // before destructors of it's temporaries. 3110 asc = asc.withAlwaysAdd(true); 3111 } 3112 return Visit(E->getSubExpr(), asc); 3113} 3114 3115CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 3116 AddStmtChoice asc) { 3117 if (asc.alwaysAdd(*this, E)) { 3118 autoCreateBlock(); 3119 appendStmt(Block, E); 3120 3121 // We do not want to propagate the AlwaysAdd property. 3122 asc = asc.withAlwaysAdd(false); 3123 } 3124 return Visit(E->getSubExpr(), asc); 3125} 3126 3127CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C, 3128 AddStmtChoice asc) { 3129 autoCreateBlock(); 3130 appendStmt(Block, C); 3131 3132 return VisitChildren(C); 3133} 3134 3135CFGBlock *CFGBuilder::VisitCXXNewExpr(CXXNewExpr *NE, 3136 AddStmtChoice asc) { 3137 3138 autoCreateBlock(); 3139 appendStmt(Block, NE); 3140 3141 if (NE->getInitializer()) 3142 Block = Visit(NE->getInitializer()); 3143 if (BuildOpts.AddCXXNewAllocator) 3144 appendNewAllocator(Block, NE); 3145 if (NE->isArray()) 3146 Block = Visit(NE->getArraySize()); 3147 for (CXXNewExpr::arg_iterator I = NE->placement_arg_begin(), 3148 E = NE->placement_arg_end(); I != E; ++I) 3149 Block = Visit(*I); 3150 return Block; 3151} 3152 3153CFGBlock *CFGBuilder::VisitCXXDeleteExpr(CXXDeleteExpr *DE, 3154 AddStmtChoice asc) { 3155 autoCreateBlock(); 3156 appendStmt(Block, DE); 3157 QualType DTy = DE->getDestroyedType(); 3158 DTy = DTy.getNonReferenceType(); 3159 CXXRecordDecl *RD = Context->getBaseElementType(DTy)->getAsCXXRecordDecl(); 3160 if (RD) { 3161 if (RD->isCompleteDefinition() && !RD->hasTrivialDestructor()) 3162 appendDeleteDtor(Block, RD, DE); 3163 } 3164 3165 return VisitChildren(DE); 3166} 3167 3168CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 3169 AddStmtChoice asc) { 3170 if (asc.alwaysAdd(*this, E)) { 3171 autoCreateBlock(); 3172 appendStmt(Block, E); 3173 // We do not want to propagate the AlwaysAdd property. 3174 asc = asc.withAlwaysAdd(false); 3175 } 3176 return Visit(E->getSubExpr(), asc); 3177} 3178 3179CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 3180 AddStmtChoice asc) { 3181 autoCreateBlock(); 3182 appendStmt(Block, C); 3183 return VisitChildren(C); 3184} 3185 3186CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E, 3187 AddStmtChoice asc) { 3188 if (asc.alwaysAdd(*this, E)) { 3189 autoCreateBlock(); 3190 appendStmt(Block, E); 3191 } 3192 return Visit(E->getSubExpr(), AddStmtChoice()); 3193} 3194 3195CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3196 // Lazily create the indirect-goto dispatch block if there isn't one already. 3197 CFGBlock *IBlock = cfg->getIndirectGotoBlock(); 3198 3199 if (!IBlock) { 3200 IBlock = createBlock(false); 3201 cfg->setIndirectGotoBlock(IBlock); 3202 } 3203 3204 // IndirectGoto is a control-flow statement. Thus we stop processing the 3205 // current block and create a new one. 3206 if (badCFG) 3207 return 0; 3208 3209 Block = createBlock(false); 3210 Block->setTerminator(I); 3211 addSuccessor(Block, IBlock); 3212 return addStmt(I->getTarget()); 3213} 3214 3215CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary) { 3216 assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors); 3217 3218tryAgain: 3219 if (!E) { 3220 badCFG = true; 3221 return NULL; 3222 } 3223 switch (E->getStmtClass()) { 3224 default: 3225 return VisitChildrenForTemporaryDtors(E); 3226 3227 case Stmt::BinaryOperatorClass: 3228 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E)); 3229 3230 case Stmt::CXXBindTemporaryExprClass: 3231 return VisitCXXBindTemporaryExprForTemporaryDtors( 3232 cast<CXXBindTemporaryExpr>(E), BindToTemporary); 3233 3234 case Stmt::BinaryConditionalOperatorClass: 3235 case Stmt::ConditionalOperatorClass: 3236 return VisitConditionalOperatorForTemporaryDtors( 3237 cast<AbstractConditionalOperator>(E), BindToTemporary); 3238 3239 case Stmt::ImplicitCastExprClass: 3240 // For implicit cast we want BindToTemporary to be passed further. 3241 E = cast<CastExpr>(E)->getSubExpr(); 3242 goto tryAgain; 3243 3244 case Stmt::ParenExprClass: 3245 E = cast<ParenExpr>(E)->getSubExpr(); 3246 goto tryAgain; 3247 3248 case Stmt::MaterializeTemporaryExprClass: 3249 E = cast<MaterializeTemporaryExpr>(E)->GetTemporaryExpr(); 3250 goto tryAgain; 3251 } 3252} 3253 3254CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E) { 3255 // When visiting children for destructors we want to visit them in reverse 3256 // order that they will appear in the CFG. Because the CFG is built 3257 // bottom-up, this means we visit them in their natural order, which 3258 // reverses them in the CFG. 3259 CFGBlock *B = Block; 3260 for (Stmt::child_range I = E->children(); I; ++I) { 3261 if (Stmt *Child = *I) 3262 if (CFGBlock *R = VisitForTemporaryDtors(Child)) 3263 B = R; 3264 } 3265 return B; 3266} 3267 3268CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E) { 3269 if (E->isLogicalOp()) { 3270 // Destructors for temporaries in LHS expression should be called after 3271 // those for RHS expression. Even if this will unnecessarily create a block, 3272 // this block will be used at least by the full expression. 3273 autoCreateBlock(); 3274 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getLHS()); 3275 if (badCFG) 3276 return NULL; 3277 3278 Succ = ConfluenceBlock; 3279 Block = NULL; 3280 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3281 3282 if (RHSBlock) { 3283 if (badCFG) 3284 return NULL; 3285 3286 // If RHS expression did produce destructors we need to connect created 3287 // blocks to CFG in same manner as for binary operator itself. 3288 CFGBlock *LHSBlock = createBlock(false); 3289 LHSBlock->setTerminator(CFGTerminator(E, true)); 3290 3291 // For binary operator LHS block is before RHS in list of predecessors 3292 // of ConfluenceBlock. 3293 std::reverse(ConfluenceBlock->pred_begin(), 3294 ConfluenceBlock->pred_end()); 3295 3296 // See if this is a known constant. 3297 TryResult KnownVal = tryEvaluateBool(E->getLHS()); 3298 if (KnownVal.isKnown() && (E->getOpcode() == BO_LOr)) 3299 KnownVal.negate(); 3300 3301 // Link LHSBlock with RHSBlock exactly the same way as for binary operator 3302 // itself. 3303 if (E->getOpcode() == BO_LOr) { 3304 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3305 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3306 } else { 3307 assert (E->getOpcode() == BO_LAnd); 3308 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3309 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3310 } 3311 3312 Block = LHSBlock; 3313 return LHSBlock; 3314 } 3315 3316 Block = ConfluenceBlock; 3317 return ConfluenceBlock; 3318 } 3319 3320 if (E->isAssignmentOp()) { 3321 // For assignment operator (=) LHS expression is visited 3322 // before RHS expression. For destructors visit them in reverse order. 3323 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3324 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3325 return LHSBlock ? LHSBlock : RHSBlock; 3326 } 3327 3328 // For any other binary operator RHS expression is visited before 3329 // LHS expression (order of children). For destructors visit them in reverse 3330 // order. 3331 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3332 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3333 return RHSBlock ? RHSBlock : LHSBlock; 3334} 3335 3336CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors( 3337 CXXBindTemporaryExpr *E, bool BindToTemporary) { 3338 // First add destructors for temporaries in subexpression. 3339 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr()); 3340 if (!BindToTemporary) { 3341 // If lifetime of temporary is not prolonged (by assigning to constant 3342 // reference) add destructor for it. 3343 3344 // If the destructor is marked as a no-return destructor, we need to create 3345 // a new block for the destructor which does not have as a successor 3346 // anything built thus far. Control won't flow out of this block. 3347 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor(); 3348 if (Dtor->isNoReturn()) { 3349 Succ = B; 3350 Block = createNoReturnBlock(); 3351 } else { 3352 autoCreateBlock(); 3353 } 3354 3355 appendTemporaryDtor(Block, E); 3356 B = Block; 3357 } 3358 return B; 3359} 3360 3361CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors( 3362 AbstractConditionalOperator *E, bool BindToTemporary) { 3363 // First add destructors for condition expression. Even if this will 3364 // unnecessarily create a block, this block will be used at least by the full 3365 // expression. 3366 autoCreateBlock(); 3367 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getCond()); 3368 if (badCFG) 3369 return NULL; 3370 if (BinaryConditionalOperator *BCO 3371 = dyn_cast<BinaryConditionalOperator>(E)) { 3372 ConfluenceBlock = VisitForTemporaryDtors(BCO->getCommon()); 3373 if (badCFG) 3374 return NULL; 3375 } 3376 3377 // Try to add block with destructors for LHS expression. 3378 CFGBlock *LHSBlock = NULL; 3379 Succ = ConfluenceBlock; 3380 Block = NULL; 3381 LHSBlock = VisitForTemporaryDtors(E->getTrueExpr(), BindToTemporary); 3382 if (badCFG) 3383 return NULL; 3384 3385 // Try to add block with destructors for RHS expression; 3386 Succ = ConfluenceBlock; 3387 Block = NULL; 3388 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getFalseExpr(), 3389 BindToTemporary); 3390 if (badCFG) 3391 return NULL; 3392 3393 if (!RHSBlock && !LHSBlock) { 3394 // If neither LHS nor RHS expression had temporaries to destroy don't create 3395 // more blocks. 3396 Block = ConfluenceBlock; 3397 return Block; 3398 } 3399 3400 Block = createBlock(false); 3401 Block->setTerminator(CFGTerminator(E, true)); 3402 assert(Block->getTerminator().isTemporaryDtorsBranch()); 3403 3404 // See if this is a known constant. 3405 const TryResult &KnownVal = tryEvaluateBool(E->getCond()); 3406 3407 if (LHSBlock) { 3408 addSuccessor(Block, LHSBlock, !KnownVal.isFalse()); 3409 } else if (KnownVal.isFalse()) { 3410 addSuccessor(Block, NULL); 3411 } else { 3412 addSuccessor(Block, ConfluenceBlock); 3413 std::reverse(ConfluenceBlock->pred_begin(), ConfluenceBlock->pred_end()); 3414 } 3415 3416 if (!RHSBlock) 3417 RHSBlock = ConfluenceBlock; 3418 3419 addSuccessor(Block, RHSBlock, !KnownVal.isTrue()); 3420 3421 return Block; 3422} 3423 3424} // end anonymous namespace 3425 3426/// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has 3427/// no successors or predecessors. If this is the first block created in the 3428/// CFG, it is automatically set to be the Entry and Exit of the CFG. 3429CFGBlock *CFG::createBlock() { 3430 bool first_block = begin() == end(); 3431 3432 // Create the block. 3433 CFGBlock *Mem = getAllocator().Allocate<CFGBlock>(); 3434 new (Mem) CFGBlock(NumBlockIDs++, BlkBVC, this); 3435 Blocks.push_back(Mem, BlkBVC); 3436 3437 // If this is the first block, set it as the Entry and Exit. 3438 if (first_block) 3439 Entry = Exit = &back(); 3440 3441 // Return the block. 3442 return &back(); 3443} 3444 3445/// buildCFG - Constructs a CFG from an AST. Ownership of the returned 3446/// CFG is returned to the caller. 3447CFG* CFG::buildCFG(const Decl *D, Stmt *Statement, ASTContext *C, 3448 const BuildOptions &BO) { 3449 CFGBuilder Builder(C, BO); 3450 return Builder.buildCFG(D, Statement); 3451} 3452 3453const CXXDestructorDecl * 3454CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const { 3455 switch (getKind()) { 3456 case CFGElement::Statement: 3457 case CFGElement::Initializer: 3458 case CFGElement::NewAllocator: 3459 llvm_unreachable("getDestructorDecl should only be used with " 3460 "ImplicitDtors"); 3461 case CFGElement::AutomaticObjectDtor: { 3462 const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl(); 3463 QualType ty = var->getType(); 3464 ty = ty.getNonReferenceType(); 3465 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) { 3466 ty = arrayType->getElementType(); 3467 } 3468 const RecordType *recordType = ty->getAs<RecordType>(); 3469 const CXXRecordDecl *classDecl = 3470 cast<CXXRecordDecl>(recordType->getDecl()); 3471 return classDecl->getDestructor(); 3472 } 3473 case CFGElement::DeleteDtor: { 3474 const CXXDeleteExpr *DE = castAs<CFGDeleteDtor>().getDeleteExpr(); 3475 QualType DTy = DE->getDestroyedType(); 3476 DTy = DTy.getNonReferenceType(); 3477 const CXXRecordDecl *classDecl = 3478 astContext.getBaseElementType(DTy)->getAsCXXRecordDecl(); 3479 return classDecl->getDestructor(); 3480 } 3481 case CFGElement::TemporaryDtor: { 3482 const CXXBindTemporaryExpr *bindExpr = 3483 castAs<CFGTemporaryDtor>().getBindTemporaryExpr(); 3484 const CXXTemporary *temp = bindExpr->getTemporary(); 3485 return temp->getDestructor(); 3486 } 3487 case CFGElement::BaseDtor: 3488 case CFGElement::MemberDtor: 3489 3490 // Not yet supported. 3491 return 0; 3492 } 3493 llvm_unreachable("getKind() returned bogus value"); 3494} 3495 3496bool CFGImplicitDtor::isNoReturn(ASTContext &astContext) const { 3497 if (const CXXDestructorDecl *DD = getDestructorDecl(astContext)) 3498 return DD->isNoReturn(); 3499 return false; 3500} 3501 3502//===----------------------------------------------------------------------===// 3503// CFGBlock operations. 3504//===----------------------------------------------------------------------===// 3505 3506CFGBlock::AdjacentBlock::AdjacentBlock(CFGBlock *B, bool IsReachable) 3507 : ReachableBlock(IsReachable ? B : 0), 3508 UnreachableBlock(!IsReachable ? B : 0, 3509 B && IsReachable ? AB_Normal : AB_Unreachable) {} 3510 3511CFGBlock::AdjacentBlock::AdjacentBlock(CFGBlock *B, CFGBlock *AlternateBlock) 3512 : ReachableBlock(B), 3513 UnreachableBlock(B == AlternateBlock ? 0 : AlternateBlock, 3514 B == AlternateBlock ? AB_Alternate : AB_Normal) {} 3515 3516void CFGBlock::addSuccessor(AdjacentBlock Succ, 3517 BumpVectorContext &C) { 3518 if (CFGBlock *B = Succ.getReachableBlock()) 3519 B->Preds.push_back(AdjacentBlock(this, Succ.isReachable()), C); 3520 3521 if (CFGBlock *UnreachableB = Succ.getPossiblyUnreachableBlock()) 3522 UnreachableB->Preds.push_back(AdjacentBlock(this, false), C); 3523 3524 Succs.push_back(Succ, C); 3525} 3526 3527bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F, 3528 const CFGBlock *From, const CFGBlock *To) { 3529 3530 if (F.IgnoreNullPredecessors && !From) 3531 return true; 3532 3533 if (To && From && F.IgnoreDefaultsWithCoveredEnums) { 3534 // If the 'To' has no label or is labeled but the label isn't a 3535 // CaseStmt then filter this edge. 3536 if (const SwitchStmt *S = 3537 dyn_cast_or_null<SwitchStmt>(From->getTerminator().getStmt())) { 3538 if (S->isAllEnumCasesCovered()) { 3539 const Stmt *L = To->getLabel(); 3540 if (!L || !isa<CaseStmt>(L)) 3541 return true; 3542 } 3543 } 3544 } 3545 3546 return false; 3547} 3548 3549//===----------------------------------------------------------------------===// 3550// CFG pretty printing 3551//===----------------------------------------------------------------------===// 3552 3553namespace { 3554 3555class StmtPrinterHelper : public PrinterHelper { 3556 typedef llvm::DenseMap<const Stmt*,std::pair<unsigned,unsigned> > StmtMapTy; 3557 typedef llvm::DenseMap<const Decl*,std::pair<unsigned,unsigned> > DeclMapTy; 3558 StmtMapTy StmtMap; 3559 DeclMapTy DeclMap; 3560 signed currentBlock; 3561 unsigned currStmt; 3562 const LangOptions &LangOpts; 3563public: 3564 3565 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO) 3566 : currentBlock(0), currStmt(0), LangOpts(LO) 3567 { 3568 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) { 3569 unsigned j = 1; 3570 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ; 3571 BI != BEnd; ++BI, ++j ) { 3572 if (Optional<CFGStmt> SE = BI->getAs<CFGStmt>()) { 3573 const Stmt *stmt= SE->getStmt(); 3574 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j); 3575 StmtMap[stmt] = P; 3576 3577 switch (stmt->getStmtClass()) { 3578 case Stmt::DeclStmtClass: 3579 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P; 3580 break; 3581 case Stmt::IfStmtClass: { 3582 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable(); 3583 if (var) 3584 DeclMap[var] = P; 3585 break; 3586 } 3587 case Stmt::ForStmtClass: { 3588 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable(); 3589 if (var) 3590 DeclMap[var] = P; 3591 break; 3592 } 3593 case Stmt::WhileStmtClass: { 3594 const VarDecl *var = 3595 cast<WhileStmt>(stmt)->getConditionVariable(); 3596 if (var) 3597 DeclMap[var] = P; 3598 break; 3599 } 3600 case Stmt::SwitchStmtClass: { 3601 const VarDecl *var = 3602 cast<SwitchStmt>(stmt)->getConditionVariable(); 3603 if (var) 3604 DeclMap[var] = P; 3605 break; 3606 } 3607 case Stmt::CXXCatchStmtClass: { 3608 const VarDecl *var = 3609 cast<CXXCatchStmt>(stmt)->getExceptionDecl(); 3610 if (var) 3611 DeclMap[var] = P; 3612 break; 3613 } 3614 default: 3615 break; 3616 } 3617 } 3618 } 3619 } 3620 } 3621 3622 3623 virtual ~StmtPrinterHelper() {} 3624 3625 const LangOptions &getLangOpts() const { return LangOpts; } 3626 void setBlockID(signed i) { currentBlock = i; } 3627 void setStmtID(unsigned i) { currStmt = i; } 3628 3629 bool handledStmt(Stmt *S, raw_ostream &OS) override { 3630 StmtMapTy::iterator I = StmtMap.find(S); 3631 3632 if (I == StmtMap.end()) 3633 return false; 3634 3635 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3636 && I->second.second == currStmt) { 3637 return false; 3638 } 3639 3640 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3641 return true; 3642 } 3643 3644 bool handleDecl(const Decl *D, raw_ostream &OS) { 3645 DeclMapTy::iterator I = DeclMap.find(D); 3646 3647 if (I == DeclMap.end()) 3648 return false; 3649 3650 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3651 && I->second.second == currStmt) { 3652 return false; 3653 } 3654 3655 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3656 return true; 3657 } 3658}; 3659} // end anonymous namespace 3660 3661 3662namespace { 3663class CFGBlockTerminatorPrint 3664 : public StmtVisitor<CFGBlockTerminatorPrint,void> { 3665 3666 raw_ostream &OS; 3667 StmtPrinterHelper* Helper; 3668 PrintingPolicy Policy; 3669public: 3670 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper, 3671 const PrintingPolicy &Policy) 3672 : OS(os), Helper(helper), Policy(Policy) { 3673 this->Policy.IncludeNewlines = false; 3674 } 3675 3676 void VisitIfStmt(IfStmt *I) { 3677 OS << "if "; 3678 I->getCond()->printPretty(OS,Helper,Policy); 3679 } 3680 3681 // Default case. 3682 void VisitStmt(Stmt *Terminator) { 3683 Terminator->printPretty(OS, Helper, Policy); 3684 } 3685 3686 void VisitDeclStmt(DeclStmt *DS) { 3687 VarDecl *VD = cast<VarDecl>(DS->getSingleDecl()); 3688 OS << "static init " << VD->getName(); 3689 } 3690 3691 void VisitForStmt(ForStmt *F) { 3692 OS << "for (" ; 3693 if (F->getInit()) 3694 OS << "..."; 3695 OS << "; "; 3696 if (Stmt *C = F->getCond()) 3697 C->printPretty(OS, Helper, Policy); 3698 OS << "; "; 3699 if (F->getInc()) 3700 OS << "..."; 3701 OS << ")"; 3702 } 3703 3704 void VisitWhileStmt(WhileStmt *W) { 3705 OS << "while " ; 3706 if (Stmt *C = W->getCond()) 3707 C->printPretty(OS, Helper, Policy); 3708 } 3709 3710 void VisitDoStmt(DoStmt *D) { 3711 OS << "do ... while "; 3712 if (Stmt *C = D->getCond()) 3713 C->printPretty(OS, Helper, Policy); 3714 } 3715 3716 void VisitSwitchStmt(SwitchStmt *Terminator) { 3717 OS << "switch "; 3718 Terminator->getCond()->printPretty(OS, Helper, Policy); 3719 } 3720 3721 void VisitCXXTryStmt(CXXTryStmt *CS) { 3722 OS << "try ..."; 3723 } 3724 3725 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) { 3726 C->getCond()->printPretty(OS, Helper, Policy); 3727 OS << " ? ... : ..."; 3728 } 3729 3730 void VisitChooseExpr(ChooseExpr *C) { 3731 OS << "__builtin_choose_expr( "; 3732 C->getCond()->printPretty(OS, Helper, Policy); 3733 OS << " )"; 3734 } 3735 3736 void VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3737 OS << "goto *"; 3738 I->getTarget()->printPretty(OS, Helper, Policy); 3739 } 3740 3741 void VisitBinaryOperator(BinaryOperator* B) { 3742 if (!B->isLogicalOp()) { 3743 VisitExpr(B); 3744 return; 3745 } 3746 3747 B->getLHS()->printPretty(OS, Helper, Policy); 3748 3749 switch (B->getOpcode()) { 3750 case BO_LOr: 3751 OS << " || ..."; 3752 return; 3753 case BO_LAnd: 3754 OS << " && ..."; 3755 return; 3756 default: 3757 llvm_unreachable("Invalid logical operator."); 3758 } 3759 } 3760 3761 void VisitExpr(Expr *E) { 3762 E->printPretty(OS, Helper, Policy); 3763 } 3764 3765public: 3766 void print(CFGTerminator T) { 3767 if (T.isTemporaryDtorsBranch()) 3768 OS << "(Temp Dtor) "; 3769 Visit(T.getStmt()); 3770 } 3771}; 3772} // end anonymous namespace 3773 3774static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper, 3775 const CFGElement &E) { 3776 if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) { 3777 const Stmt *S = CS->getStmt(); 3778 3779 // special printing for statement-expressions. 3780 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) { 3781 const CompoundStmt *Sub = SE->getSubStmt(); 3782 3783 if (Sub->children()) { 3784 OS << "({ ... ; "; 3785 Helper.handledStmt(*SE->getSubStmt()->body_rbegin(),OS); 3786 OS << " })\n"; 3787 return; 3788 } 3789 } 3790 // special printing for comma expressions. 3791 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) { 3792 if (B->getOpcode() == BO_Comma) { 3793 OS << "... , "; 3794 Helper.handledStmt(B->getRHS(),OS); 3795 OS << '\n'; 3796 return; 3797 } 3798 } 3799 S->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts())); 3800 3801 if (isa<CXXOperatorCallExpr>(S)) { 3802 OS << " (OperatorCall)"; 3803 } 3804 else if (isa<CXXBindTemporaryExpr>(S)) { 3805 OS << " (BindTemporary)"; 3806 } 3807 else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) { 3808 OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")"; 3809 } 3810 else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) { 3811 OS << " (" << CE->getStmtClassName() << ", " 3812 << CE->getCastKindName() 3813 << ", " << CE->getType().getAsString() 3814 << ")"; 3815 } 3816 3817 // Expressions need a newline. 3818 if (isa<Expr>(S)) 3819 OS << '\n'; 3820 3821 } else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) { 3822 const CXXCtorInitializer *I = IE->getInitializer(); 3823 if (I->isBaseInitializer()) 3824 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName(); 3825 else if (I->isDelegatingInitializer()) 3826 OS << I->getTypeSourceInfo()->getType()->getAsCXXRecordDecl()->getName(); 3827 else OS << I->getAnyMember()->getName(); 3828 3829 OS << "("; 3830 if (Expr *IE = I->getInit()) 3831 IE->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts())); 3832 OS << ")"; 3833 3834 if (I->isBaseInitializer()) 3835 OS << " (Base initializer)\n"; 3836 else if (I->isDelegatingInitializer()) 3837 OS << " (Delegating initializer)\n"; 3838 else OS << " (Member initializer)\n"; 3839 3840 } else if (Optional<CFGAutomaticObjDtor> DE = 3841 E.getAs<CFGAutomaticObjDtor>()) { 3842 const VarDecl *VD = DE->getVarDecl(); 3843 Helper.handleDecl(VD, OS); 3844 3845 const Type* T = VD->getType().getTypePtr(); 3846 if (const ReferenceType* RT = T->getAs<ReferenceType>()) 3847 T = RT->getPointeeType().getTypePtr(); 3848 T = T->getBaseElementTypeUnsafe(); 3849 3850 OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()"; 3851 OS << " (Implicit destructor)\n"; 3852 3853 } else if (Optional<CFGNewAllocator> NE = E.getAs<CFGNewAllocator>()) { 3854 OS << "CFGNewAllocator("; 3855 if (const CXXNewExpr *AllocExpr = NE->getAllocatorExpr()) 3856 AllocExpr->getType().print(OS, PrintingPolicy(Helper.getLangOpts())); 3857 OS << ")\n"; 3858 } else if (Optional<CFGDeleteDtor> DE = E.getAs<CFGDeleteDtor>()) { 3859 const CXXRecordDecl *RD = DE->getCXXRecordDecl(); 3860 if (!RD) 3861 return; 3862 CXXDeleteExpr *DelExpr = 3863 const_cast<CXXDeleteExpr*>(DE->getDeleteExpr()); 3864 Helper.handledStmt(cast<Stmt>(DelExpr->getArgument()), OS); 3865 OS << "->~" << RD->getName().str() << "()"; 3866 OS << " (Implicit destructor)\n"; 3867 } else if (Optional<CFGBaseDtor> BE = E.getAs<CFGBaseDtor>()) { 3868 const CXXBaseSpecifier *BS = BE->getBaseSpecifier(); 3869 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()"; 3870 OS << " (Base object destructor)\n"; 3871 3872 } else if (Optional<CFGMemberDtor> ME = E.getAs<CFGMemberDtor>()) { 3873 const FieldDecl *FD = ME->getFieldDecl(); 3874 const Type *T = FD->getType()->getBaseElementTypeUnsafe(); 3875 OS << "this->" << FD->getName(); 3876 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()"; 3877 OS << " (Member object destructor)\n"; 3878 3879 } else if (Optional<CFGTemporaryDtor> TE = E.getAs<CFGTemporaryDtor>()) { 3880 const CXXBindTemporaryExpr *BT = TE->getBindTemporaryExpr(); 3881 OS << "~"; 3882 BT->getType().print(OS, PrintingPolicy(Helper.getLangOpts())); 3883 OS << "() (Temporary object destructor)\n"; 3884 } 3885} 3886 3887static void print_block(raw_ostream &OS, const CFG* cfg, 3888 const CFGBlock &B, 3889 StmtPrinterHelper &Helper, bool print_edges, 3890 bool ShowColors) { 3891 3892 Helper.setBlockID(B.getBlockID()); 3893 3894 // Print the header. 3895 if (ShowColors) 3896 OS.changeColor(raw_ostream::YELLOW, true); 3897 3898 OS << "\n [B" << B.getBlockID(); 3899 3900 if (&B == &cfg->getEntry()) 3901 OS << " (ENTRY)]\n"; 3902 else if (&B == &cfg->getExit()) 3903 OS << " (EXIT)]\n"; 3904 else if (&B == cfg->getIndirectGotoBlock()) 3905 OS << " (INDIRECT GOTO DISPATCH)]\n"; 3906 else if (B.hasNoReturnElement()) 3907 OS << " (NORETURN)]\n"; 3908 else 3909 OS << "]\n"; 3910 3911 if (ShowColors) 3912 OS.resetColor(); 3913 3914 // Print the label of this block. 3915 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) { 3916 3917 if (print_edges) 3918 OS << " "; 3919 3920 if (LabelStmt *L = dyn_cast<LabelStmt>(Label)) 3921 OS << L->getName(); 3922 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) { 3923 OS << "case "; 3924 C->getLHS()->printPretty(OS, &Helper, 3925 PrintingPolicy(Helper.getLangOpts())); 3926 if (C->getRHS()) { 3927 OS << " ... "; 3928 C->getRHS()->printPretty(OS, &Helper, 3929 PrintingPolicy(Helper.getLangOpts())); 3930 } 3931 } else if (isa<DefaultStmt>(Label)) 3932 OS << "default"; 3933 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) { 3934 OS << "catch ("; 3935 if (CS->getExceptionDecl()) 3936 CS->getExceptionDecl()->print(OS, PrintingPolicy(Helper.getLangOpts()), 3937 0); 3938 else 3939 OS << "..."; 3940 OS << ")"; 3941 3942 } else 3943 llvm_unreachable("Invalid label statement in CFGBlock."); 3944 3945 OS << ":\n"; 3946 } 3947 3948 // Iterate through the statements in the block and print them. 3949 unsigned j = 1; 3950 3951 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ; 3952 I != E ; ++I, ++j ) { 3953 3954 // Print the statement # in the basic block and the statement itself. 3955 if (print_edges) 3956 OS << " "; 3957 3958 OS << llvm::format("%3d", j) << ": "; 3959 3960 Helper.setStmtID(j); 3961 3962 print_elem(OS, Helper, *I); 3963 } 3964 3965 // Print the terminator of this block. 3966 if (B.getTerminator()) { 3967 if (ShowColors) 3968 OS.changeColor(raw_ostream::GREEN); 3969 3970 OS << " T: "; 3971 3972 Helper.setBlockID(-1); 3973 3974 PrintingPolicy PP(Helper.getLangOpts()); 3975 CFGBlockTerminatorPrint TPrinter(OS, &Helper, PP); 3976 TPrinter.print(B.getTerminator()); 3977 OS << '\n'; 3978 3979 if (ShowColors) 3980 OS.resetColor(); 3981 } 3982 3983 if (print_edges) { 3984 // Print the predecessors of this block. 3985 if (!B.pred_empty()) { 3986 const raw_ostream::Colors Color = raw_ostream::BLUE; 3987 if (ShowColors) 3988 OS.changeColor(Color); 3989 OS << " Preds " ; 3990 if (ShowColors) 3991 OS.resetColor(); 3992 OS << '(' << B.pred_size() << "):"; 3993 unsigned i = 0; 3994 3995 if (ShowColors) 3996 OS.changeColor(Color); 3997 3998 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end(); 3999 I != E; ++I, ++i) { 4000 4001 if (i % 10 == 8) 4002 OS << "\n "; 4003 4004 CFGBlock *B = *I; 4005 bool Reachable = true; 4006 if (!B) { 4007 Reachable = false; 4008 B = I->getPossiblyUnreachableBlock(); 4009 } 4010 4011 OS << " B" << B->getBlockID(); 4012 if (!Reachable) 4013 OS << "(Unreachable)"; 4014 } 4015 4016 if (ShowColors) 4017 OS.resetColor(); 4018 4019 OS << '\n'; 4020 } 4021 4022 // Print the successors of this block. 4023 if (!B.succ_empty()) { 4024 const raw_ostream::Colors Color = raw_ostream::MAGENTA; 4025 if (ShowColors) 4026 OS.changeColor(Color); 4027 OS << " Succs "; 4028 if (ShowColors) 4029 OS.resetColor(); 4030 OS << '(' << B.succ_size() << "):"; 4031 unsigned i = 0; 4032 4033 if (ShowColors) 4034 OS.changeColor(Color); 4035 4036 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end(); 4037 I != E; ++I, ++i) { 4038 4039 if (i % 10 == 8) 4040 OS << "\n "; 4041 4042 CFGBlock *B = *I; 4043 4044 bool Reachable = true; 4045 if (!B) { 4046 Reachable = false; 4047 B = I->getPossiblyUnreachableBlock(); 4048 } 4049 4050 if (B) { 4051 OS << " B" << B->getBlockID(); 4052 if (!Reachable) 4053 OS << "(Unreachable)"; 4054 } 4055 else { 4056 OS << " NULL"; 4057 } 4058 } 4059 4060 if (ShowColors) 4061 OS.resetColor(); 4062 OS << '\n'; 4063 } 4064 } 4065} 4066 4067 4068/// dump - A simple pretty printer of a CFG that outputs to stderr. 4069void CFG::dump(const LangOptions &LO, bool ShowColors) const { 4070 print(llvm::errs(), LO, ShowColors); 4071} 4072 4073/// print - A simple pretty printer of a CFG that outputs to an ostream. 4074void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const { 4075 StmtPrinterHelper Helper(this, LO); 4076 4077 // Print the entry block. 4078 print_block(OS, this, getEntry(), Helper, true, ShowColors); 4079 4080 // Iterate through the CFGBlocks and print them one by one. 4081 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) { 4082 // Skip the entry block, because we already printed it. 4083 if (&(**I) == &getEntry() || &(**I) == &getExit()) 4084 continue; 4085 4086 print_block(OS, this, **I, Helper, true, ShowColors); 4087 } 4088 4089 // Print the exit block. 4090 print_block(OS, this, getExit(), Helper, true, ShowColors); 4091 OS << '\n'; 4092 OS.flush(); 4093} 4094 4095/// dump - A simply pretty printer of a CFGBlock that outputs to stderr. 4096void CFGBlock::dump(const CFG* cfg, const LangOptions &LO, 4097 bool ShowColors) const { 4098 print(llvm::errs(), cfg, LO, ShowColors); 4099} 4100 4101/// print - A simple pretty printer of a CFGBlock that outputs to an ostream. 4102/// Generally this will only be called from CFG::print. 4103void CFGBlock::print(raw_ostream &OS, const CFG* cfg, 4104 const LangOptions &LO, bool ShowColors) const { 4105 StmtPrinterHelper Helper(cfg, LO); 4106 print_block(OS, cfg, *this, Helper, true, ShowColors); 4107 OS << '\n'; 4108} 4109 4110/// printTerminator - A simple pretty printer of the terminator of a CFGBlock. 4111void CFGBlock::printTerminator(raw_ostream &OS, 4112 const LangOptions &LO) const { 4113 CFGBlockTerminatorPrint TPrinter(OS, NULL, PrintingPolicy(LO)); 4114 TPrinter.print(getTerminator()); 4115} 4116 4117Stmt *CFGBlock::getTerminatorCondition(bool StripParens) { 4118 Stmt *Terminator = this->Terminator; 4119 if (!Terminator) 4120 return NULL; 4121 4122 Expr *E = NULL; 4123 4124 switch (Terminator->getStmtClass()) { 4125 default: 4126 break; 4127 4128 case Stmt::CXXForRangeStmtClass: 4129 E = cast<CXXForRangeStmt>(Terminator)->getCond(); 4130 break; 4131 4132 case Stmt::ForStmtClass: 4133 E = cast<ForStmt>(Terminator)->getCond(); 4134 break; 4135 4136 case Stmt::WhileStmtClass: 4137 E = cast<WhileStmt>(Terminator)->getCond(); 4138 break; 4139 4140 case Stmt::DoStmtClass: 4141 E = cast<DoStmt>(Terminator)->getCond(); 4142 break; 4143 4144 case Stmt::IfStmtClass: 4145 E = cast<IfStmt>(Terminator)->getCond(); 4146 break; 4147 4148 case Stmt::ChooseExprClass: 4149 E = cast<ChooseExpr>(Terminator)->getCond(); 4150 break; 4151 4152 case Stmt::IndirectGotoStmtClass: 4153 E = cast<IndirectGotoStmt>(Terminator)->getTarget(); 4154 break; 4155 4156 case Stmt::SwitchStmtClass: 4157 E = cast<SwitchStmt>(Terminator)->getCond(); 4158 break; 4159 4160 case Stmt::BinaryConditionalOperatorClass: 4161 E = cast<BinaryConditionalOperator>(Terminator)->getCond(); 4162 break; 4163 4164 case Stmt::ConditionalOperatorClass: 4165 E = cast<ConditionalOperator>(Terminator)->getCond(); 4166 break; 4167 4168 case Stmt::BinaryOperatorClass: // '&&' and '||' 4169 E = cast<BinaryOperator>(Terminator)->getLHS(); 4170 break; 4171 4172 case Stmt::ObjCForCollectionStmtClass: 4173 return Terminator; 4174 } 4175 4176 if (!StripParens) 4177 return E; 4178 4179 return E ? E->IgnoreParens() : NULL; 4180} 4181 4182//===----------------------------------------------------------------------===// 4183// CFG Graphviz Visualization 4184//===----------------------------------------------------------------------===// 4185 4186 4187#ifndef NDEBUG 4188static StmtPrinterHelper* GraphHelper; 4189#endif 4190 4191void CFG::viewCFG(const LangOptions &LO) const { 4192#ifndef NDEBUG 4193 StmtPrinterHelper H(this, LO); 4194 GraphHelper = &H; 4195 llvm::ViewGraph(this,"CFG"); 4196 GraphHelper = NULL; 4197#endif 4198} 4199 4200namespace llvm { 4201template<> 4202struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits { 4203 4204 DOTGraphTraits (bool isSimple=false) : DefaultDOTGraphTraits(isSimple) {} 4205 4206 static std::string getNodeLabel(const CFGBlock *Node, const CFG* Graph) { 4207 4208#ifndef NDEBUG 4209 std::string OutSStr; 4210 llvm::raw_string_ostream Out(OutSStr); 4211 print_block(Out,Graph, *Node, *GraphHelper, false, false); 4212 std::string& OutStr = Out.str(); 4213 4214 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin()); 4215 4216 // Process string output to make it nicer... 4217 for (unsigned i = 0; i != OutStr.length(); ++i) 4218 if (OutStr[i] == '\n') { // Left justify 4219 OutStr[i] = '\\'; 4220 OutStr.insert(OutStr.begin()+i+1, 'l'); 4221 } 4222 4223 return OutStr; 4224#else 4225 return ""; 4226#endif 4227 } 4228}; 4229} // end namespace llvm 4230