CFG.cpp revision 7247c88d1e41514a41085f83ebf03dd5220e054a
1 //===--- CFG.cpp - Classes for representing and building CFGs----*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the CFG and CFGBuilder classes for representing and 11// building Control-Flow Graphs (CFGs) from ASTs. 12// 13//===----------------------------------------------------------------------===// 14 15#include "clang/Analysis/CFG.h" 16#include "clang/AST/ASTContext.h" 17#include "clang/AST/Attr.h" 18#include "clang/AST/CharUnits.h" 19#include "clang/AST/DeclCXX.h" 20#include "clang/AST/PrettyPrinter.h" 21#include "clang/AST/StmtVisitor.h" 22#include "llvm/ADT/DenseMap.h" 23#include "llvm/ADT/OwningPtr.h" 24#include "llvm/ADT/SmallPtrSet.h" 25#include "llvm/Support/Allocator.h" 26#include "llvm/Support/Format.h" 27#include "llvm/Support/GraphWriter.h" 28#include "llvm/Support/SaveAndRestore.h" 29 30using namespace clang; 31 32namespace { 33 34static SourceLocation GetEndLoc(Decl *D) { 35 if (VarDecl *VD = dyn_cast<VarDecl>(D)) 36 if (Expr *Ex = VD->getInit()) 37 return Ex->getSourceRange().getEnd(); 38 return D->getLocation(); 39} 40 41class CFGBuilder; 42 43/// The CFG builder uses a recursive algorithm to build the CFG. When 44/// we process an expression, sometimes we know that we must add the 45/// subexpressions as block-level expressions. For example: 46/// 47/// exp1 || exp2 48/// 49/// When processing the '||' expression, we know that exp1 and exp2 50/// need to be added as block-level expressions, even though they 51/// might not normally need to be. AddStmtChoice records this 52/// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then 53/// the builder has an option not to add a subexpression as a 54/// block-level expression. 55/// 56class AddStmtChoice { 57public: 58 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 }; 59 60 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {} 61 62 bool alwaysAdd(CFGBuilder &builder, 63 const Stmt *stmt) const; 64 65 /// Return a copy of this object, except with the 'always-add' bit 66 /// set as specified. 67 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const { 68 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd); 69 } 70 71private: 72 Kind kind; 73}; 74 75/// LocalScope - Node in tree of local scopes created for C++ implicit 76/// destructor calls generation. It contains list of automatic variables 77/// declared in the scope and link to position in previous scope this scope 78/// began in. 79/// 80/// The process of creating local scopes is as follows: 81/// - Init CFGBuilder::ScopePos with invalid position (equivalent for null), 82/// - Before processing statements in scope (e.g. CompoundStmt) create 83/// LocalScope object using CFGBuilder::ScopePos as link to previous scope 84/// and set CFGBuilder::ScopePos to the end of new scope, 85/// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points 86/// at this VarDecl, 87/// - For every normal (without jump) end of scope add to CFGBlock destructors 88/// for objects in the current scope, 89/// - For every jump add to CFGBlock destructors for objects 90/// between CFGBuilder::ScopePos and local scope position saved for jump 91/// target. Thanks to C++ restrictions on goto jumps we can be sure that 92/// jump target position will be on the path to root from CFGBuilder::ScopePos 93/// (adding any variable that doesn't need constructor to be called to 94/// LocalScope can break this assumption), 95/// 96class LocalScope { 97public: 98 typedef BumpVector<VarDecl*> AutomaticVarsTy; 99 100 /// const_iterator - Iterates local scope backwards and jumps to previous 101 /// scope on reaching the beginning of currently iterated scope. 102 class const_iterator { 103 const LocalScope* Scope; 104 105 /// VarIter is guaranteed to be greater then 0 for every valid iterator. 106 /// Invalid iterator (with null Scope) has VarIter equal to 0. 107 unsigned VarIter; 108 109 public: 110 /// Create invalid iterator. Dereferencing invalid iterator is not allowed. 111 /// Incrementing invalid iterator is allowed and will result in invalid 112 /// iterator. 113 const_iterator() 114 : Scope(NULL), VarIter(0) {} 115 116 /// Create valid iterator. In case when S.Prev is an invalid iterator and 117 /// I is equal to 0, this will create invalid iterator. 118 const_iterator(const LocalScope& S, unsigned I) 119 : Scope(&S), VarIter(I) { 120 // Iterator to "end" of scope is not allowed. Handle it by going up 121 // in scopes tree possibly up to invalid iterator in the root. 122 if (VarIter == 0 && Scope) 123 *this = Scope->Prev; 124 } 125 126 VarDecl *const* operator->() const { 127 assert (Scope && "Dereferencing invalid iterator is not allowed"); 128 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 129 return &Scope->Vars[VarIter - 1]; 130 } 131 VarDecl *operator*() const { 132 return *this->operator->(); 133 } 134 135 const_iterator &operator++() { 136 if (!Scope) 137 return *this; 138 139 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 140 --VarIter; 141 if (VarIter == 0) 142 *this = Scope->Prev; 143 return *this; 144 } 145 const_iterator operator++(int) { 146 const_iterator P = *this; 147 ++*this; 148 return P; 149 } 150 151 bool operator==(const const_iterator &rhs) const { 152 return Scope == rhs.Scope && VarIter == rhs.VarIter; 153 } 154 bool operator!=(const const_iterator &rhs) const { 155 return !(*this == rhs); 156 } 157 158 LLVM_EXPLICIT operator bool() const { 159 return *this != const_iterator(); 160 } 161 162 int distance(const_iterator L); 163 }; 164 165 friend class const_iterator; 166 167private: 168 BumpVectorContext ctx; 169 170 /// Automatic variables in order of declaration. 171 AutomaticVarsTy Vars; 172 /// Iterator to variable in previous scope that was declared just before 173 /// begin of this scope. 174 const_iterator Prev; 175 176public: 177 /// Constructs empty scope linked to previous scope in specified place. 178 LocalScope(BumpVectorContext &ctx, const_iterator P) 179 : ctx(ctx), Vars(ctx, 4), Prev(P) {} 180 181 /// Begin of scope in direction of CFG building (backwards). 182 const_iterator begin() const { return const_iterator(*this, Vars.size()); } 183 184 void addVar(VarDecl *VD) { 185 Vars.push_back(VD, ctx); 186 } 187}; 188 189/// distance - Calculates distance from this to L. L must be reachable from this 190/// (with use of ++ operator). Cost of calculating the distance is linear w.r.t. 191/// number of scopes between this and L. 192int LocalScope::const_iterator::distance(LocalScope::const_iterator L) { 193 int D = 0; 194 const_iterator F = *this; 195 while (F.Scope != L.Scope) { 196 assert (F != const_iterator() 197 && "L iterator is not reachable from F iterator."); 198 D += F.VarIter; 199 F = F.Scope->Prev; 200 } 201 D += F.VarIter - L.VarIter; 202 return D; 203} 204 205/// BlockScopePosPair - Structure for specifying position in CFG during its 206/// build process. It consists of CFGBlock that specifies position in CFG graph 207/// and LocalScope::const_iterator that specifies position in LocalScope graph. 208struct BlockScopePosPair { 209 BlockScopePosPair() : block(0) {} 210 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos) 211 : block(b), scopePosition(scopePos) {} 212 213 CFGBlock *block; 214 LocalScope::const_iterator scopePosition; 215}; 216 217/// TryResult - a class representing a variant over the values 218/// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool, 219/// and is used by the CFGBuilder to decide if a branch condition 220/// can be decided up front during CFG construction. 221class TryResult { 222 int X; 223public: 224 TryResult(bool b) : X(b ? 1 : 0) {} 225 TryResult() : X(-1) {} 226 227 bool isTrue() const { return X == 1; } 228 bool isFalse() const { return X == 0; } 229 bool isKnown() const { return X >= 0; } 230 void negate() { 231 assert(isKnown()); 232 X ^= 0x1; 233 } 234}; 235 236class reverse_children { 237 llvm::SmallVector<Stmt *, 12> childrenBuf; 238 ArrayRef<Stmt*> children; 239public: 240 reverse_children(Stmt *S); 241 242 typedef ArrayRef<Stmt*>::reverse_iterator iterator; 243 iterator begin() const { return children.rbegin(); } 244 iterator end() const { return children.rend(); } 245}; 246 247 248reverse_children::reverse_children(Stmt *S) { 249 if (CallExpr *CE = dyn_cast<CallExpr>(S)) { 250 children = CE->getRawSubExprs(); 251 return; 252 } 253 switch (S->getStmtClass()) { 254 // Note: Fill in this switch with more cases we want to optimize. 255 case Stmt::InitListExprClass: { 256 InitListExpr *IE = cast<InitListExpr>(S); 257 children = llvm::makeArrayRef(reinterpret_cast<Stmt**>(IE->getInits()), 258 IE->getNumInits()); 259 return; 260 } 261 default: 262 break; 263 } 264 265 // Default case for all other statements. 266 for (Stmt::child_range I = S->children(); I; ++I) { 267 childrenBuf.push_back(*I); 268 } 269 270 // This needs to be done *after* childrenBuf has been populated. 271 children = childrenBuf; 272} 273 274/// CFGBuilder - This class implements CFG construction from an AST. 275/// The builder is stateful: an instance of the builder should be used to only 276/// construct a single CFG. 277/// 278/// Example usage: 279/// 280/// CFGBuilder builder; 281/// CFG* cfg = builder.BuildAST(stmt1); 282/// 283/// CFG construction is done via a recursive walk of an AST. We actually parse 284/// the AST in reverse order so that the successor of a basic block is 285/// constructed prior to its predecessor. This allows us to nicely capture 286/// implicit fall-throughs without extra basic blocks. 287/// 288class CFGBuilder { 289 typedef BlockScopePosPair JumpTarget; 290 typedef BlockScopePosPair JumpSource; 291 292 ASTContext *Context; 293 OwningPtr<CFG> cfg; 294 295 CFGBlock *Block; 296 CFGBlock *Succ; 297 JumpTarget ContinueJumpTarget; 298 JumpTarget BreakJumpTarget; 299 CFGBlock *SwitchTerminatedBlock; 300 CFGBlock *DefaultCaseBlock; 301 CFGBlock *TryTerminatedBlock; 302 303 // Current position in local scope. 304 LocalScope::const_iterator ScopePos; 305 306 // LabelMap records the mapping from Label expressions to their jump targets. 307 typedef llvm::DenseMap<LabelDecl*, JumpTarget> LabelMapTy; 308 LabelMapTy LabelMap; 309 310 // A list of blocks that end with a "goto" that must be backpatched to their 311 // resolved targets upon completion of CFG construction. 312 typedef std::vector<JumpSource> BackpatchBlocksTy; 313 BackpatchBlocksTy BackpatchBlocks; 314 315 // A list of labels whose address has been taken (for indirect gotos). 316 typedef llvm::SmallPtrSet<LabelDecl*, 5> LabelSetTy; 317 LabelSetTy AddressTakenLabels; 318 319 bool badCFG; 320 const CFG::BuildOptions &BuildOpts; 321 322 // State to track for building switch statements. 323 bool switchExclusivelyCovered; 324 Expr::EvalResult *switchCond; 325 326 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry; 327 const Stmt *lastLookup; 328 329 // Caches boolean evaluations of expressions to avoid multiple re-evaluations 330 // during construction of branches for chained logical operators. 331 typedef llvm::DenseMap<Expr *, TryResult> CachedBoolEvalsTy; 332 CachedBoolEvalsTy CachedBoolEvals; 333 334public: 335 explicit CFGBuilder(ASTContext *astContext, 336 const CFG::BuildOptions &buildOpts) 337 : Context(astContext), cfg(new CFG()), // crew a new CFG 338 Block(NULL), Succ(NULL), 339 SwitchTerminatedBlock(NULL), DefaultCaseBlock(NULL), 340 TryTerminatedBlock(NULL), badCFG(false), BuildOpts(buildOpts), 341 switchExclusivelyCovered(false), switchCond(0), 342 cachedEntry(0), lastLookup(0) {} 343 344 // buildCFG - Used by external clients to construct the CFG. 345 CFG* buildCFG(const Decl *D, Stmt *Statement); 346 347 bool alwaysAdd(const Stmt *stmt); 348 349private: 350 // Visitors to walk an AST and construct the CFG. 351 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc); 352 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc); 353 CFGBlock *VisitBreakStmt(BreakStmt *B); 354 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc); 355 CFGBlock *VisitCaseStmt(CaseStmt *C); 356 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc); 357 CFGBlock *VisitCompoundStmt(CompoundStmt *C); 358 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C, 359 AddStmtChoice asc); 360 CFGBlock *VisitContinueStmt(ContinueStmt *C); 361 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 362 AddStmtChoice asc); 363 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S); 364 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc); 365 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S); 366 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 367 AddStmtChoice asc); 368 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 369 AddStmtChoice asc); 370 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T); 371 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S); 372 CFGBlock *VisitDeclStmt(DeclStmt *DS); 373 CFGBlock *VisitDeclSubExpr(DeclStmt *DS); 374 CFGBlock *VisitDefaultStmt(DefaultStmt *D); 375 CFGBlock *VisitDoStmt(DoStmt *D); 376 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E, AddStmtChoice asc); 377 CFGBlock *VisitForStmt(ForStmt *F); 378 CFGBlock *VisitGotoStmt(GotoStmt *G); 379 CFGBlock *VisitIfStmt(IfStmt *I); 380 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc); 381 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I); 382 CFGBlock *VisitLabelStmt(LabelStmt *L); 383 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc); 384 CFGBlock *VisitLogicalOperator(BinaryOperator *B); 385 std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B, 386 Stmt *Term, 387 CFGBlock *TrueBlock, 388 CFGBlock *FalseBlock); 389 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc); 390 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S); 391 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S); 392 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S); 393 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S); 394 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S); 395 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S); 396 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E); 397 CFGBlock *VisitReturnStmt(ReturnStmt *R); 398 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc); 399 CFGBlock *VisitSwitchStmt(SwitchStmt *S); 400 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 401 AddStmtChoice asc); 402 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc); 403 CFGBlock *VisitWhileStmt(WhileStmt *W); 404 405 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd); 406 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc); 407 CFGBlock *VisitChildren(Stmt *S); 408 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc); 409 410 // Visitors to walk an AST and generate destructors of temporaries in 411 // full expression. 412 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary = false); 413 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E); 414 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E); 415 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors(CXXBindTemporaryExpr *E, 416 bool BindToTemporary); 417 CFGBlock * 418 VisitConditionalOperatorForTemporaryDtors(AbstractConditionalOperator *E, 419 bool BindToTemporary); 420 421 // NYS == Not Yet Supported 422 CFGBlock *NYS() { 423 badCFG = true; 424 return Block; 425 } 426 427 void autoCreateBlock() { if (!Block) Block = createBlock(); } 428 CFGBlock *createBlock(bool add_successor = true); 429 CFGBlock *createNoReturnBlock(); 430 431 CFGBlock *addStmt(Stmt *S) { 432 return Visit(S, AddStmtChoice::AlwaysAdd); 433 } 434 CFGBlock *addInitializer(CXXCtorInitializer *I); 435 void addAutomaticObjDtors(LocalScope::const_iterator B, 436 LocalScope::const_iterator E, Stmt *S); 437 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD); 438 439 // Local scopes creation. 440 LocalScope* createOrReuseLocalScope(LocalScope* Scope); 441 442 void addLocalScopeForStmt(Stmt *S); 443 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, LocalScope* Scope = NULL); 444 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = NULL); 445 446 void addLocalScopeAndDtors(Stmt *S); 447 448 // Interface to CFGBlock - adding CFGElements. 449 void appendStmt(CFGBlock *B, const Stmt *S) { 450 if (alwaysAdd(S) && cachedEntry) 451 cachedEntry->second = B; 452 453 // All block-level expressions should have already been IgnoreParens()ed. 454 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); 455 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); 456 } 457 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) { 458 B->appendInitializer(I, cfg->getBumpVectorContext()); 459 } 460 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) { 461 B->appendBaseDtor(BS, cfg->getBumpVectorContext()); 462 } 463 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) { 464 B->appendMemberDtor(FD, cfg->getBumpVectorContext()); 465 } 466 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) { 467 B->appendTemporaryDtor(E, cfg->getBumpVectorContext()); 468 } 469 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) { 470 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext()); 471 } 472 473 void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 474 LocalScope::const_iterator B, LocalScope::const_iterator E); 475 476 void addSuccessor(CFGBlock *B, CFGBlock *S) { 477 B->addSuccessor(S, cfg->getBumpVectorContext()); 478 } 479 480 /// Try and evaluate an expression to an integer constant. 481 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) { 482 if (!BuildOpts.PruneTriviallyFalseEdges) 483 return false; 484 return !S->isTypeDependent() && 485 !S->isValueDependent() && 486 S->EvaluateAsRValue(outResult, *Context); 487 } 488 489 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1 490 /// if we can evaluate to a known value, otherwise return -1. 491 TryResult tryEvaluateBool(Expr *S) { 492 if (!BuildOpts.PruneTriviallyFalseEdges || 493 S->isTypeDependent() || S->isValueDependent()) 494 return TryResult(); 495 496 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) { 497 if (Bop->isLogicalOp()) { 498 // Check the cache first. 499 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S); 500 if (I != CachedBoolEvals.end()) 501 return I->second; // already in map; 502 503 // Retrieve result at first, or the map might be updated. 504 TryResult Result = evaluateAsBooleanConditionNoCache(S); 505 CachedBoolEvals[S] = Result; // update or insert 506 return Result; 507 } 508 else { 509 switch (Bop->getOpcode()) { 510 default: break; 511 // For 'x & 0' and 'x * 0', we can determine that 512 // the value is always false. 513 case BO_Mul: 514 case BO_And: { 515 // If either operand is zero, we know the value 516 // must be false. 517 llvm::APSInt IntVal; 518 if (Bop->getLHS()->EvaluateAsInt(IntVal, *Context)) { 519 if (IntVal.getBoolValue() == false) { 520 return TryResult(false); 521 } 522 } 523 if (Bop->getRHS()->EvaluateAsInt(IntVal, *Context)) { 524 if (IntVal.getBoolValue() == false) { 525 return TryResult(false); 526 } 527 } 528 } 529 break; 530 } 531 } 532 } 533 534 return evaluateAsBooleanConditionNoCache(S); 535 } 536 537 /// \brief Evaluate as boolean \param E without using the cache. 538 TryResult evaluateAsBooleanConditionNoCache(Expr *E) { 539 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) { 540 if (Bop->isLogicalOp()) { 541 TryResult LHS = tryEvaluateBool(Bop->getLHS()); 542 if (LHS.isKnown()) { 543 // We were able to evaluate the LHS, see if we can get away with not 544 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1 545 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 546 return LHS.isTrue(); 547 548 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 549 if (RHS.isKnown()) { 550 if (Bop->getOpcode() == BO_LOr) 551 return LHS.isTrue() || RHS.isTrue(); 552 else 553 return LHS.isTrue() && RHS.isTrue(); 554 } 555 } else { 556 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 557 if (RHS.isKnown()) { 558 // We can't evaluate the LHS; however, sometimes the result 559 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1. 560 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 561 return RHS.isTrue(); 562 } 563 } 564 565 return TryResult(); 566 } 567 } 568 569 bool Result; 570 if (E->EvaluateAsBooleanCondition(Result, *Context)) 571 return Result; 572 573 return TryResult(); 574 } 575 576}; 577 578inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder, 579 const Stmt *stmt) const { 580 return builder.alwaysAdd(stmt) || kind == AlwaysAdd; 581} 582 583bool CFGBuilder::alwaysAdd(const Stmt *stmt) { 584 bool shouldAdd = BuildOpts.alwaysAdd(stmt); 585 586 if (!BuildOpts.forcedBlkExprs) 587 return shouldAdd; 588 589 if (lastLookup == stmt) { 590 if (cachedEntry) { 591 assert(cachedEntry->first == stmt); 592 return true; 593 } 594 return shouldAdd; 595 } 596 597 lastLookup = stmt; 598 599 // Perform the lookup! 600 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs; 601 602 if (!fb) { 603 // No need to update 'cachedEntry', since it will always be null. 604 assert(cachedEntry == 0); 605 return shouldAdd; 606 } 607 608 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt); 609 if (itr == fb->end()) { 610 cachedEntry = 0; 611 return shouldAdd; 612 } 613 614 cachedEntry = &*itr; 615 return true; 616} 617 618// FIXME: Add support for dependent-sized array types in C++? 619// Does it even make sense to build a CFG for an uninstantiated template? 620static const VariableArrayType *FindVA(const Type *t) { 621 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) { 622 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt)) 623 if (vat->getSizeExpr()) 624 return vat; 625 626 t = vt->getElementType().getTypePtr(); 627 } 628 629 return 0; 630} 631 632/// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an 633/// arbitrary statement. Examples include a single expression or a function 634/// body (compound statement). The ownership of the returned CFG is 635/// transferred to the caller. If CFG construction fails, this method returns 636/// NULL. 637CFG* CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) { 638 assert(cfg.get()); 639 if (!Statement) 640 return NULL; 641 642 // Create an empty block that will serve as the exit block for the CFG. Since 643 // this is the first block added to the CFG, it will be implicitly registered 644 // as the exit block. 645 Succ = createBlock(); 646 assert(Succ == &cfg->getExit()); 647 Block = NULL; // the EXIT block is empty. Create all other blocks lazily. 648 649 if (BuildOpts.AddImplicitDtors) 650 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D)) 651 addImplicitDtorsForDestructor(DD); 652 653 // Visit the statements and create the CFG. 654 CFGBlock *B = addStmt(Statement); 655 656 if (badCFG) 657 return NULL; 658 659 // For C++ constructor add initializers to CFG. 660 if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) { 661 for (CXXConstructorDecl::init_const_reverse_iterator I = CD->init_rbegin(), 662 E = CD->init_rend(); I != E; ++I) { 663 B = addInitializer(*I); 664 if (badCFG) 665 return NULL; 666 } 667 } 668 669 if (B) 670 Succ = B; 671 672 // Backpatch the gotos whose label -> block mappings we didn't know when we 673 // encountered them. 674 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(), 675 E = BackpatchBlocks.end(); I != E; ++I ) { 676 677 CFGBlock *B = I->block; 678 const GotoStmt *G = cast<GotoStmt>(B->getTerminator()); 679 LabelMapTy::iterator LI = LabelMap.find(G->getLabel()); 680 681 // If there is no target for the goto, then we are looking at an 682 // incomplete AST. Handle this by not registering a successor. 683 if (LI == LabelMap.end()) continue; 684 685 JumpTarget JT = LI->second; 686 prependAutomaticObjDtorsWithTerminator(B, I->scopePosition, 687 JT.scopePosition); 688 addSuccessor(B, JT.block); 689 } 690 691 // Add successors to the Indirect Goto Dispatch block (if we have one). 692 if (CFGBlock *B = cfg->getIndirectGotoBlock()) 693 for (LabelSetTy::iterator I = AddressTakenLabels.begin(), 694 E = AddressTakenLabels.end(); I != E; ++I ) { 695 696 // Lookup the target block. 697 LabelMapTy::iterator LI = LabelMap.find(*I); 698 699 // If there is no target block that contains label, then we are looking 700 // at an incomplete AST. Handle this by not registering a successor. 701 if (LI == LabelMap.end()) continue; 702 703 addSuccessor(B, LI->second.block); 704 } 705 706 // Create an empty entry block that has no predecessors. 707 cfg->setEntry(createBlock()); 708 709 return cfg.take(); 710} 711 712/// createBlock - Used to lazily create blocks that are connected 713/// to the current (global) succcessor. 714CFGBlock *CFGBuilder::createBlock(bool add_successor) { 715 CFGBlock *B = cfg->createBlock(); 716 if (add_successor && Succ) 717 addSuccessor(B, Succ); 718 return B; 719} 720 721/// createNoReturnBlock - Used to create a block is a 'noreturn' point in the 722/// CFG. It is *not* connected to the current (global) successor, and instead 723/// directly tied to the exit block in order to be reachable. 724CFGBlock *CFGBuilder::createNoReturnBlock() { 725 CFGBlock *B = createBlock(false); 726 B->setHasNoReturnElement(); 727 addSuccessor(B, &cfg->getExit()); 728 return B; 729} 730 731/// addInitializer - Add C++ base or member initializer element to CFG. 732CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) { 733 if (!BuildOpts.AddInitializers) 734 return Block; 735 736 bool IsReference = false; 737 bool HasTemporaries = false; 738 739 // Destructors of temporaries in initialization expression should be called 740 // after initialization finishes. 741 Expr *Init = I->getInit(); 742 if (Init) { 743 if (FieldDecl *FD = I->getAnyMember()) 744 IsReference = FD->getType()->isReferenceType(); 745 HasTemporaries = isa<ExprWithCleanups>(Init); 746 747 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 748 // Generate destructors for temporaries in initialization expression. 749 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 750 IsReference); 751 } 752 } 753 754 autoCreateBlock(); 755 appendInitializer(Block, I); 756 757 if (Init) { 758 if (HasTemporaries) { 759 // For expression with temporaries go directly to subexpression to omit 760 // generating destructors for the second time. 761 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); 762 } 763 return Visit(Init); 764 } 765 766 return Block; 767} 768 769/// \brief Retrieve the type of the temporary object whose lifetime was 770/// extended by a local reference with the given initializer. 771static QualType getReferenceInitTemporaryType(ASTContext &Context, 772 const Expr *Init) { 773 while (true) { 774 // Skip parentheses. 775 Init = Init->IgnoreParens(); 776 777 // Skip through cleanups. 778 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { 779 Init = EWC->getSubExpr(); 780 continue; 781 } 782 783 // Skip through the temporary-materialization expression. 784 if (const MaterializeTemporaryExpr *MTE 785 = dyn_cast<MaterializeTemporaryExpr>(Init)) { 786 Init = MTE->GetTemporaryExpr(); 787 continue; 788 } 789 790 // Skip derived-to-base and no-op casts. 791 if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { 792 if ((CE->getCastKind() == CK_DerivedToBase || 793 CE->getCastKind() == CK_UncheckedDerivedToBase || 794 CE->getCastKind() == CK_NoOp) && 795 Init->getType()->isRecordType()) { 796 Init = CE->getSubExpr(); 797 continue; 798 } 799 } 800 801 // Skip member accesses into rvalues. 802 if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) { 803 if (!ME->isArrow() && ME->getBase()->isRValue()) { 804 Init = ME->getBase(); 805 continue; 806 } 807 } 808 809 break; 810 } 811 812 return Init->getType(); 813} 814 815/// addAutomaticObjDtors - Add to current block automatic objects destructors 816/// for objects in range of local scope positions. Use S as trigger statement 817/// for destructors. 818void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B, 819 LocalScope::const_iterator E, Stmt *S) { 820 if (!BuildOpts.AddImplicitDtors) 821 return; 822 823 if (B == E) 824 return; 825 826 // We need to append the destructors in reverse order, but any one of them 827 // may be a no-return destructor which changes the CFG. As a result, buffer 828 // this sequence up and replay them in reverse order when appending onto the 829 // CFGBlock(s). 830 SmallVector<VarDecl*, 10> Decls; 831 Decls.reserve(B.distance(E)); 832 for (LocalScope::const_iterator I = B; I != E; ++I) 833 Decls.push_back(*I); 834 835 for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(), 836 E = Decls.rend(); 837 I != E; ++I) { 838 // If this destructor is marked as a no-return destructor, we need to 839 // create a new block for the destructor which does not have as a successor 840 // anything built thus far: control won't flow out of this block. 841 QualType Ty = (*I)->getType(); 842 if (Ty->isReferenceType()) { 843 Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); 844 } 845 Ty = Context->getBaseElementType(Ty); 846 847 const CXXDestructorDecl *Dtor = Ty->getAsCXXRecordDecl()->getDestructor(); 848 if (Dtor->isNoReturn()) 849 Block = createNoReturnBlock(); 850 else 851 autoCreateBlock(); 852 853 appendAutomaticObjDtor(Block, *I, S); 854 } 855} 856 857/// addImplicitDtorsForDestructor - Add implicit destructors generated for 858/// base and member objects in destructor. 859void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) { 860 assert (BuildOpts.AddImplicitDtors 861 && "Can be called only when dtors should be added"); 862 const CXXRecordDecl *RD = DD->getParent(); 863 864 // At the end destroy virtual base objects. 865 for (CXXRecordDecl::base_class_const_iterator VI = RD->vbases_begin(), 866 VE = RD->vbases_end(); VI != VE; ++VI) { 867 const CXXRecordDecl *CD = VI->getType()->getAsCXXRecordDecl(); 868 if (!CD->hasTrivialDestructor()) { 869 autoCreateBlock(); 870 appendBaseDtor(Block, VI); 871 } 872 } 873 874 // Before virtual bases destroy direct base objects. 875 for (CXXRecordDecl::base_class_const_iterator BI = RD->bases_begin(), 876 BE = RD->bases_end(); BI != BE; ++BI) { 877 if (!BI->isVirtual()) { 878 const CXXRecordDecl *CD = BI->getType()->getAsCXXRecordDecl(); 879 if (!CD->hasTrivialDestructor()) { 880 autoCreateBlock(); 881 appendBaseDtor(Block, BI); 882 } 883 } 884 } 885 886 // First destroy member objects. 887 for (CXXRecordDecl::field_iterator FI = RD->field_begin(), 888 FE = RD->field_end(); FI != FE; ++FI) { 889 // Check for constant size array. Set type to array element type. 890 QualType QT = FI->getType(); 891 if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 892 if (AT->getSize() == 0) 893 continue; 894 QT = AT->getElementType(); 895 } 896 897 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 898 if (!CD->hasTrivialDestructor()) { 899 autoCreateBlock(); 900 appendMemberDtor(Block, *FI); 901 } 902 } 903} 904 905/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either 906/// way return valid LocalScope object. 907LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) { 908 if (!Scope) { 909 llvm::BumpPtrAllocator &alloc = cfg->getAllocator(); 910 Scope = alloc.Allocate<LocalScope>(); 911 BumpVectorContext ctx(alloc); 912 new (Scope) LocalScope(ctx, ScopePos); 913 } 914 return Scope; 915} 916 917/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement 918/// that should create implicit scope (e.g. if/else substatements). 919void CFGBuilder::addLocalScopeForStmt(Stmt *S) { 920 if (!BuildOpts.AddImplicitDtors) 921 return; 922 923 LocalScope *Scope = 0; 924 925 // For compound statement we will be creating explicit scope. 926 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) { 927 for (CompoundStmt::body_iterator BI = CS->body_begin(), BE = CS->body_end() 928 ; BI != BE; ++BI) { 929 Stmt *SI = (*BI)->stripLabelLikeStatements(); 930 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI)) 931 Scope = addLocalScopeForDeclStmt(DS, Scope); 932 } 933 return; 934 } 935 936 // For any other statement scope will be implicit and as such will be 937 // interesting only for DeclStmt. 938 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements())) 939 addLocalScopeForDeclStmt(DS); 940} 941 942/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will 943/// reuse Scope if not NULL. 944LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS, 945 LocalScope* Scope) { 946 if (!BuildOpts.AddImplicitDtors) 947 return Scope; 948 949 for (DeclStmt::decl_iterator DI = DS->decl_begin(), DE = DS->decl_end() 950 ; DI != DE; ++DI) { 951 if (VarDecl *VD = dyn_cast<VarDecl>(*DI)) 952 Scope = addLocalScopeForVarDecl(VD, Scope); 953 } 954 return Scope; 955} 956 957/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will 958/// create add scope for automatic objects and temporary objects bound to 959/// const reference. Will reuse Scope if not NULL. 960LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD, 961 LocalScope* Scope) { 962 if (!BuildOpts.AddImplicitDtors) 963 return Scope; 964 965 // Check if variable is local. 966 switch (VD->getStorageClass()) { 967 case SC_None: 968 case SC_Auto: 969 case SC_Register: 970 break; 971 default: return Scope; 972 } 973 974 // Check for const references bound to temporary. Set type to pointee. 975 QualType QT = VD->getType(); 976 if (QT.getTypePtr()->isReferenceType()) { 977 if (!VD->extendsLifetimeOfTemporary()) 978 return Scope; 979 980 QT = getReferenceInitTemporaryType(*Context, VD->getInit()); 981 } 982 983 // Check for constant size array. Set type to array element type. 984 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 985 if (AT->getSize() == 0) 986 return Scope; 987 QT = AT->getElementType(); 988 } 989 990 // Check if type is a C++ class with non-trivial destructor. 991 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 992 if (!CD->hasTrivialDestructor()) { 993 // Add the variable to scope 994 Scope = createOrReuseLocalScope(Scope); 995 Scope->addVar(VD); 996 ScopePos = Scope->begin(); 997 } 998 return Scope; 999} 1000 1001/// addLocalScopeAndDtors - For given statement add local scope for it and 1002/// add destructors that will cleanup the scope. Will reuse Scope if not NULL. 1003void CFGBuilder::addLocalScopeAndDtors(Stmt *S) { 1004 if (!BuildOpts.AddImplicitDtors) 1005 return; 1006 1007 LocalScope::const_iterator scopeBeginPos = ScopePos; 1008 addLocalScopeForStmt(S); 1009 addAutomaticObjDtors(ScopePos, scopeBeginPos, S); 1010} 1011 1012/// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for 1013/// variables with automatic storage duration to CFGBlock's elements vector. 1014/// Elements will be prepended to physical beginning of the vector which 1015/// happens to be logical end. Use blocks terminator as statement that specifies 1016/// destructors call site. 1017/// FIXME: This mechanism for adding automatic destructors doesn't handle 1018/// no-return destructors properly. 1019void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 1020 LocalScope::const_iterator B, LocalScope::const_iterator E) { 1021 BumpVectorContext &C = cfg->getBumpVectorContext(); 1022 CFGBlock::iterator InsertPos 1023 = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C); 1024 for (LocalScope::const_iterator I = B; I != E; ++I) 1025 InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I, 1026 Blk->getTerminator()); 1027} 1028 1029/// Visit - Walk the subtree of a statement and add extra 1030/// blocks for ternary operators, &&, and ||. We also process "," and 1031/// DeclStmts (which may contain nested control-flow). 1032CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) { 1033 if (!S) { 1034 badCFG = true; 1035 return 0; 1036 } 1037 1038 if (Expr *E = dyn_cast<Expr>(S)) 1039 S = E->IgnoreParens(); 1040 1041 switch (S->getStmtClass()) { 1042 default: 1043 return VisitStmt(S, asc); 1044 1045 case Stmt::AddrLabelExprClass: 1046 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc); 1047 1048 case Stmt::BinaryConditionalOperatorClass: 1049 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc); 1050 1051 case Stmt::BinaryOperatorClass: 1052 return VisitBinaryOperator(cast<BinaryOperator>(S), asc); 1053 1054 case Stmt::BlockExprClass: 1055 return VisitNoRecurse(cast<Expr>(S), asc); 1056 1057 case Stmt::BreakStmtClass: 1058 return VisitBreakStmt(cast<BreakStmt>(S)); 1059 1060 case Stmt::CallExprClass: 1061 case Stmt::CXXOperatorCallExprClass: 1062 case Stmt::CXXMemberCallExprClass: 1063 case Stmt::UserDefinedLiteralClass: 1064 return VisitCallExpr(cast<CallExpr>(S), asc); 1065 1066 case Stmt::CaseStmtClass: 1067 return VisitCaseStmt(cast<CaseStmt>(S)); 1068 1069 case Stmt::ChooseExprClass: 1070 return VisitChooseExpr(cast<ChooseExpr>(S), asc); 1071 1072 case Stmt::CompoundStmtClass: 1073 return VisitCompoundStmt(cast<CompoundStmt>(S)); 1074 1075 case Stmt::ConditionalOperatorClass: 1076 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc); 1077 1078 case Stmt::ContinueStmtClass: 1079 return VisitContinueStmt(cast<ContinueStmt>(S)); 1080 1081 case Stmt::CXXCatchStmtClass: 1082 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S)); 1083 1084 case Stmt::ExprWithCleanupsClass: 1085 return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc); 1086 1087 case Stmt::CXXDefaultArgExprClass: 1088 case Stmt::CXXDefaultInitExprClass: 1089 // FIXME: The expression inside a CXXDefaultArgExpr is owned by the 1090 // called function's declaration, not by the caller. If we simply add 1091 // this expression to the CFG, we could end up with the same Expr 1092 // appearing multiple times. 1093 // PR13385 / <rdar://problem/12156507> 1094 // 1095 // It's likewise possible for multiple CXXDefaultInitExprs for the same 1096 // expression to be used in the same function (through aggregate 1097 // initialization). 1098 return VisitStmt(S, asc); 1099 1100 case Stmt::CXXBindTemporaryExprClass: 1101 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc); 1102 1103 case Stmt::CXXConstructExprClass: 1104 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc); 1105 1106 case Stmt::CXXFunctionalCastExprClass: 1107 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc); 1108 1109 case Stmt::CXXTemporaryObjectExprClass: 1110 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc); 1111 1112 case Stmt::CXXThrowExprClass: 1113 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S)); 1114 1115 case Stmt::CXXTryStmtClass: 1116 return VisitCXXTryStmt(cast<CXXTryStmt>(S)); 1117 1118 case Stmt::CXXForRangeStmtClass: 1119 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S)); 1120 1121 case Stmt::DeclStmtClass: 1122 return VisitDeclStmt(cast<DeclStmt>(S)); 1123 1124 case Stmt::DefaultStmtClass: 1125 return VisitDefaultStmt(cast<DefaultStmt>(S)); 1126 1127 case Stmt::DoStmtClass: 1128 return VisitDoStmt(cast<DoStmt>(S)); 1129 1130 case Stmt::ForStmtClass: 1131 return VisitForStmt(cast<ForStmt>(S)); 1132 1133 case Stmt::GotoStmtClass: 1134 return VisitGotoStmt(cast<GotoStmt>(S)); 1135 1136 case Stmt::IfStmtClass: 1137 return VisitIfStmt(cast<IfStmt>(S)); 1138 1139 case Stmt::ImplicitCastExprClass: 1140 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc); 1141 1142 case Stmt::IndirectGotoStmtClass: 1143 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S)); 1144 1145 case Stmt::LabelStmtClass: 1146 return VisitLabelStmt(cast<LabelStmt>(S)); 1147 1148 case Stmt::LambdaExprClass: 1149 return VisitLambdaExpr(cast<LambdaExpr>(S), asc); 1150 1151 case Stmt::MemberExprClass: 1152 return VisitMemberExpr(cast<MemberExpr>(S), asc); 1153 1154 case Stmt::NullStmtClass: 1155 return Block; 1156 1157 case Stmt::ObjCAtCatchStmtClass: 1158 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S)); 1159 1160 case Stmt::ObjCAutoreleasePoolStmtClass: 1161 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S)); 1162 1163 case Stmt::ObjCAtSynchronizedStmtClass: 1164 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S)); 1165 1166 case Stmt::ObjCAtThrowStmtClass: 1167 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S)); 1168 1169 case Stmt::ObjCAtTryStmtClass: 1170 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S)); 1171 1172 case Stmt::ObjCForCollectionStmtClass: 1173 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S)); 1174 1175 case Stmt::OpaqueValueExprClass: 1176 return Block; 1177 1178 case Stmt::PseudoObjectExprClass: 1179 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S)); 1180 1181 case Stmt::ReturnStmtClass: 1182 return VisitReturnStmt(cast<ReturnStmt>(S)); 1183 1184 case Stmt::UnaryExprOrTypeTraitExprClass: 1185 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S), 1186 asc); 1187 1188 case Stmt::StmtExprClass: 1189 return VisitStmtExpr(cast<StmtExpr>(S), asc); 1190 1191 case Stmt::SwitchStmtClass: 1192 return VisitSwitchStmt(cast<SwitchStmt>(S)); 1193 1194 case Stmt::UnaryOperatorClass: 1195 return VisitUnaryOperator(cast<UnaryOperator>(S), asc); 1196 1197 case Stmt::WhileStmtClass: 1198 return VisitWhileStmt(cast<WhileStmt>(S)); 1199 } 1200} 1201 1202CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) { 1203 if (asc.alwaysAdd(*this, S)) { 1204 autoCreateBlock(); 1205 appendStmt(Block, S); 1206 } 1207 1208 return VisitChildren(S); 1209} 1210 1211/// VisitChildren - Visit the children of a Stmt. 1212CFGBlock *CFGBuilder::VisitChildren(Stmt *S) { 1213 CFGBlock *B = Block; 1214 1215 // Visit the children in their reverse order so that they appear in 1216 // left-to-right (natural) order in the CFG. 1217 reverse_children RChildren(S); 1218 for (reverse_children::iterator I = RChildren.begin(), E = RChildren.end(); 1219 I != E; ++I) { 1220 if (Stmt *Child = *I) 1221 if (CFGBlock *R = Visit(Child)) 1222 B = R; 1223 } 1224 return B; 1225} 1226 1227CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A, 1228 AddStmtChoice asc) { 1229 AddressTakenLabels.insert(A->getLabel()); 1230 1231 if (asc.alwaysAdd(*this, A)) { 1232 autoCreateBlock(); 1233 appendStmt(Block, A); 1234 } 1235 1236 return Block; 1237} 1238 1239CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, 1240 AddStmtChoice asc) { 1241 if (asc.alwaysAdd(*this, U)) { 1242 autoCreateBlock(); 1243 appendStmt(Block, U); 1244 } 1245 1246 return Visit(U->getSubExpr(), AddStmtChoice()); 1247} 1248 1249CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) { 1250 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1251 appendStmt(ConfluenceBlock, B); 1252 1253 if (badCFG) 1254 return 0; 1255 1256 return VisitLogicalOperator(B, 0, ConfluenceBlock, ConfluenceBlock).first; 1257} 1258 1259std::pair<CFGBlock*, CFGBlock*> 1260CFGBuilder::VisitLogicalOperator(BinaryOperator *B, 1261 Stmt *Term, 1262 CFGBlock *TrueBlock, 1263 CFGBlock *FalseBlock) { 1264 1265 // Introspect the RHS. If it is a nested logical operation, we recursively 1266 // build the CFG using this function. Otherwise, resort to default 1267 // CFG construction behavior. 1268 Expr *RHS = B->getRHS()->IgnoreParens(); 1269 CFGBlock *RHSBlock, *ExitBlock; 1270 1271 do { 1272 if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS)) 1273 if (B_RHS->isLogicalOp()) { 1274 llvm::tie(RHSBlock, ExitBlock) = 1275 VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock); 1276 break; 1277 } 1278 1279 // The RHS is not a nested logical operation. Don't push the terminator 1280 // down further, but instead visit RHS and construct the respective 1281 // pieces of the CFG, and link up the RHSBlock with the terminator 1282 // we have been provided. 1283 ExitBlock = RHSBlock = createBlock(false); 1284 1285 if (!Term) { 1286 assert(TrueBlock == FalseBlock); 1287 addSuccessor(RHSBlock, TrueBlock); 1288 } 1289 else { 1290 RHSBlock->setTerminator(Term); 1291 TryResult KnownVal = tryEvaluateBool(RHS); 1292 addSuccessor(RHSBlock, KnownVal.isFalse() ? NULL : TrueBlock); 1293 addSuccessor(RHSBlock, KnownVal.isTrue() ? NULL : FalseBlock); 1294 } 1295 1296 Block = RHSBlock; 1297 RHSBlock = addStmt(RHS); 1298 } 1299 while (false); 1300 1301 if (badCFG) 1302 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1303 1304 // Generate the blocks for evaluating the LHS. 1305 Expr *LHS = B->getLHS()->IgnoreParens(); 1306 1307 if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS)) 1308 if (B_LHS->isLogicalOp()) { 1309 if (B->getOpcode() == BO_LOr) 1310 FalseBlock = RHSBlock; 1311 else 1312 TrueBlock = RHSBlock; 1313 1314 // For the LHS, treat 'B' as the terminator that we want to sink 1315 // into the nested branch. The RHS always gets the top-most 1316 // terminator. 1317 return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock); 1318 } 1319 1320 // Create the block evaluating the LHS. 1321 // This contains the '&&' or '||' as the terminator. 1322 CFGBlock *LHSBlock = createBlock(false); 1323 LHSBlock->setTerminator(B); 1324 1325 Block = LHSBlock; 1326 CFGBlock *EntryLHSBlock = addStmt(LHS); 1327 1328 if (badCFG) 1329 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1330 1331 // See if this is a known constant. 1332 TryResult KnownVal = tryEvaluateBool(LHS); 1333 1334 // Now link the LHSBlock with RHSBlock. 1335 if (B->getOpcode() == BO_LOr) { 1336 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : TrueBlock); 1337 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : RHSBlock); 1338 } else { 1339 assert(B->getOpcode() == BO_LAnd); 1340 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 1341 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : FalseBlock); 1342 } 1343 1344 return std::make_pair(EntryLHSBlock, ExitBlock); 1345} 1346 1347 1348CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B, 1349 AddStmtChoice asc) { 1350 // && or || 1351 if (B->isLogicalOp()) 1352 return VisitLogicalOperator(B); 1353 1354 if (B->getOpcode() == BO_Comma) { // , 1355 autoCreateBlock(); 1356 appendStmt(Block, B); 1357 addStmt(B->getRHS()); 1358 return addStmt(B->getLHS()); 1359 } 1360 1361 if (B->isAssignmentOp()) { 1362 if (asc.alwaysAdd(*this, B)) { 1363 autoCreateBlock(); 1364 appendStmt(Block, B); 1365 } 1366 Visit(B->getLHS()); 1367 return Visit(B->getRHS()); 1368 } 1369 1370 if (asc.alwaysAdd(*this, B)) { 1371 autoCreateBlock(); 1372 appendStmt(Block, B); 1373 } 1374 1375 CFGBlock *RBlock = Visit(B->getRHS()); 1376 CFGBlock *LBlock = Visit(B->getLHS()); 1377 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr 1378 // containing a DoStmt, and the LHS doesn't create a new block, then we should 1379 // return RBlock. Otherwise we'll incorrectly return NULL. 1380 return (LBlock ? LBlock : RBlock); 1381} 1382 1383CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) { 1384 if (asc.alwaysAdd(*this, E)) { 1385 autoCreateBlock(); 1386 appendStmt(Block, E); 1387 } 1388 return Block; 1389} 1390 1391CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) { 1392 // "break" is a control-flow statement. Thus we stop processing the current 1393 // block. 1394 if (badCFG) 1395 return 0; 1396 1397 // Now create a new block that ends with the break statement. 1398 Block = createBlock(false); 1399 Block->setTerminator(B); 1400 1401 // If there is no target for the break, then we are looking at an incomplete 1402 // AST. This means that the CFG cannot be constructed. 1403 if (BreakJumpTarget.block) { 1404 addAutomaticObjDtors(ScopePos, BreakJumpTarget.scopePosition, B); 1405 addSuccessor(Block, BreakJumpTarget.block); 1406 } else 1407 badCFG = true; 1408 1409 1410 return Block; 1411} 1412 1413static bool CanThrow(Expr *E, ASTContext &Ctx) { 1414 QualType Ty = E->getType(); 1415 if (Ty->isFunctionPointerType()) 1416 Ty = Ty->getAs<PointerType>()->getPointeeType(); 1417 else if (Ty->isBlockPointerType()) 1418 Ty = Ty->getAs<BlockPointerType>()->getPointeeType(); 1419 1420 const FunctionType *FT = Ty->getAs<FunctionType>(); 1421 if (FT) { 1422 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT)) 1423 if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) && 1424 Proto->isNothrow(Ctx)) 1425 return false; 1426 } 1427 return true; 1428} 1429 1430CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) { 1431 // Compute the callee type. 1432 QualType calleeType = C->getCallee()->getType(); 1433 if (calleeType == Context->BoundMemberTy) { 1434 QualType boundType = Expr::findBoundMemberType(C->getCallee()); 1435 1436 // We should only get a null bound type if processing a dependent 1437 // CFG. Recover by assuming nothing. 1438 if (!boundType.isNull()) calleeType = boundType; 1439 } 1440 1441 // If this is a call to a no-return function, this stops the block here. 1442 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn(); 1443 1444 bool AddEHEdge = false; 1445 1446 // Languages without exceptions are assumed to not throw. 1447 if (Context->getLangOpts().Exceptions) { 1448 if (BuildOpts.AddEHEdges) 1449 AddEHEdge = true; 1450 } 1451 1452 if (FunctionDecl *FD = C->getDirectCallee()) { 1453 if (FD->isNoReturn()) 1454 NoReturn = true; 1455 if (FD->hasAttr<NoThrowAttr>()) 1456 AddEHEdge = false; 1457 } 1458 1459 if (!CanThrow(C->getCallee(), *Context)) 1460 AddEHEdge = false; 1461 1462 if (!NoReturn && !AddEHEdge) 1463 return VisitStmt(C, asc.withAlwaysAdd(true)); 1464 1465 if (Block) { 1466 Succ = Block; 1467 if (badCFG) 1468 return 0; 1469 } 1470 1471 if (NoReturn) 1472 Block = createNoReturnBlock(); 1473 else 1474 Block = createBlock(); 1475 1476 appendStmt(Block, C); 1477 1478 if (AddEHEdge) { 1479 // Add exceptional edges. 1480 if (TryTerminatedBlock) 1481 addSuccessor(Block, TryTerminatedBlock); 1482 else 1483 addSuccessor(Block, &cfg->getExit()); 1484 } 1485 1486 return VisitChildren(C); 1487} 1488 1489CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C, 1490 AddStmtChoice asc) { 1491 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1492 appendStmt(ConfluenceBlock, C); 1493 if (badCFG) 1494 return 0; 1495 1496 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1497 Succ = ConfluenceBlock; 1498 Block = NULL; 1499 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd); 1500 if (badCFG) 1501 return 0; 1502 1503 Succ = ConfluenceBlock; 1504 Block = NULL; 1505 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd); 1506 if (badCFG) 1507 return 0; 1508 1509 Block = createBlock(false); 1510 // See if this is a known constant. 1511 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1512 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1513 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1514 Block->setTerminator(C); 1515 return addStmt(C->getCond()); 1516} 1517 1518 1519CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) { 1520 addLocalScopeAndDtors(C); 1521 CFGBlock *LastBlock = Block; 1522 1523 for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend(); 1524 I != E; ++I ) { 1525 // If we hit a segment of code just containing ';' (NullStmts), we can 1526 // get a null block back. In such cases, just use the LastBlock 1527 if (CFGBlock *newBlock = addStmt(*I)) 1528 LastBlock = newBlock; 1529 1530 if (badCFG) 1531 return NULL; 1532 } 1533 1534 return LastBlock; 1535} 1536 1537CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C, 1538 AddStmtChoice asc) { 1539 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C); 1540 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : NULL); 1541 1542 // Create the confluence block that will "merge" the results of the ternary 1543 // expression. 1544 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1545 appendStmt(ConfluenceBlock, C); 1546 if (badCFG) 1547 return 0; 1548 1549 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1550 1551 // Create a block for the LHS expression if there is an LHS expression. A 1552 // GCC extension allows LHS to be NULL, causing the condition to be the 1553 // value that is returned instead. 1554 // e.g: x ?: y is shorthand for: x ? x : y; 1555 Succ = ConfluenceBlock; 1556 Block = NULL; 1557 CFGBlock *LHSBlock = 0; 1558 const Expr *trueExpr = C->getTrueExpr(); 1559 if (trueExpr != opaqueValue) { 1560 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd); 1561 if (badCFG) 1562 return 0; 1563 Block = NULL; 1564 } 1565 else 1566 LHSBlock = ConfluenceBlock; 1567 1568 // Create the block for the RHS expression. 1569 Succ = ConfluenceBlock; 1570 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd); 1571 if (badCFG) 1572 return 0; 1573 1574 // If the condition is a logical '&&' or '||', build a more accurate CFG. 1575 if (BinaryOperator *Cond = 1576 dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens())) 1577 if (Cond->isLogicalOp()) 1578 return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first; 1579 1580 // Create the block that will contain the condition. 1581 Block = createBlock(false); 1582 1583 // See if this is a known constant. 1584 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1585 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1586 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1587 Block->setTerminator(C); 1588 Expr *condExpr = C->getCond(); 1589 1590 if (opaqueValue) { 1591 // Run the condition expression if it's not trivially expressed in 1592 // terms of the opaque value (or if there is no opaque value). 1593 if (condExpr != opaqueValue) 1594 addStmt(condExpr); 1595 1596 // Before that, run the common subexpression if there was one. 1597 // At least one of this or the above will be run. 1598 return addStmt(BCO->getCommon()); 1599 } 1600 1601 return addStmt(condExpr); 1602} 1603 1604CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) { 1605 // Check if the Decl is for an __label__. If so, elide it from the 1606 // CFG entirely. 1607 if (isa<LabelDecl>(*DS->decl_begin())) 1608 return Block; 1609 1610 // This case also handles static_asserts. 1611 if (DS->isSingleDecl()) 1612 return VisitDeclSubExpr(DS); 1613 1614 CFGBlock *B = 0; 1615 1616 // Build an individual DeclStmt for each decl. 1617 for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(), 1618 E = DS->decl_rend(); 1619 I != E; ++I) { 1620 // Get the alignment of the new DeclStmt, padding out to >=8 bytes. 1621 unsigned A = llvm::AlignOf<DeclStmt>::Alignment < 8 1622 ? 8 : llvm::AlignOf<DeclStmt>::Alignment; 1623 1624 // Allocate the DeclStmt using the BumpPtrAllocator. It will get 1625 // automatically freed with the CFG. 1626 DeclGroupRef DG(*I); 1627 Decl *D = *I; 1628 void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A); 1629 DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D)); 1630 1631 // Append the fake DeclStmt to block. 1632 B = VisitDeclSubExpr(DSNew); 1633 } 1634 1635 return B; 1636} 1637 1638/// VisitDeclSubExpr - Utility method to add block-level expressions for 1639/// DeclStmts and initializers in them. 1640CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) { 1641 assert(DS->isSingleDecl() && "Can handle single declarations only."); 1642 Decl *D = DS->getSingleDecl(); 1643 1644 if (isa<StaticAssertDecl>(D)) { 1645 // static_asserts aren't added to the CFG because they do not impact 1646 // runtime semantics. 1647 return Block; 1648 } 1649 1650 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); 1651 1652 if (!VD) { 1653 autoCreateBlock(); 1654 appendStmt(Block, DS); 1655 return Block; 1656 } 1657 1658 bool IsReference = false; 1659 bool HasTemporaries = false; 1660 1661 // Guard static initializers under a branch. 1662 CFGBlock *blockAfterStaticInit = 0; 1663 1664 if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) { 1665 // For static variables, we need to create a branch to track 1666 // whether or not they are initialized. 1667 if (Block) { 1668 Succ = Block; 1669 Block = 0; 1670 if (badCFG) 1671 return 0; 1672 } 1673 blockAfterStaticInit = Succ; 1674 } 1675 1676 // Destructors of temporaries in initialization expression should be called 1677 // after initialization finishes. 1678 Expr *Init = VD->getInit(); 1679 if (Init) { 1680 IsReference = VD->getType()->isReferenceType(); 1681 HasTemporaries = isa<ExprWithCleanups>(Init); 1682 1683 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 1684 // Generate destructors for temporaries in initialization expression. 1685 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 1686 IsReference); 1687 } 1688 } 1689 1690 autoCreateBlock(); 1691 appendStmt(Block, DS); 1692 1693 // Keep track of the last non-null block, as 'Block' can be nulled out 1694 // if the initializer expression is something like a 'while' in a 1695 // statement-expression. 1696 CFGBlock *LastBlock = Block; 1697 1698 if (Init) { 1699 if (HasTemporaries) { 1700 // For expression with temporaries go directly to subexpression to omit 1701 // generating destructors for the second time. 1702 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init); 1703 if (CFGBlock *newBlock = Visit(EC->getSubExpr())) 1704 LastBlock = newBlock; 1705 } 1706 else { 1707 if (CFGBlock *newBlock = Visit(Init)) 1708 LastBlock = newBlock; 1709 } 1710 } 1711 1712 // If the type of VD is a VLA, then we must process its size expressions. 1713 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr()); 1714 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) { 1715 if (CFGBlock *newBlock = addStmt(VA->getSizeExpr())) 1716 LastBlock = newBlock; 1717 } 1718 1719 // Remove variable from local scope. 1720 if (ScopePos && VD == *ScopePos) 1721 ++ScopePos; 1722 1723 CFGBlock *B = LastBlock; 1724 if (blockAfterStaticInit) { 1725 Succ = B; 1726 Block = createBlock(false); 1727 Block->setTerminator(DS); 1728 addSuccessor(Block, blockAfterStaticInit); 1729 addSuccessor(Block, B); 1730 B = Block; 1731 } 1732 1733 return B; 1734} 1735 1736CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) { 1737 // We may see an if statement in the middle of a basic block, or it may be the 1738 // first statement we are processing. In either case, we create a new basic 1739 // block. First, we create the blocks for the then...else statements, and 1740 // then we create the block containing the if statement. If we were in the 1741 // middle of a block, we stop processing that block. That block is then the 1742 // implicit successor for the "then" and "else" clauses. 1743 1744 // Save local scope position because in case of condition variable ScopePos 1745 // won't be restored when traversing AST. 1746 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1747 1748 // Create local scope for possible condition variable. 1749 // Store scope position. Add implicit destructor. 1750 if (VarDecl *VD = I->getConditionVariable()) { 1751 LocalScope::const_iterator BeginScopePos = ScopePos; 1752 addLocalScopeForVarDecl(VD); 1753 addAutomaticObjDtors(ScopePos, BeginScopePos, I); 1754 } 1755 1756 // The block we were processing is now finished. Make it the successor 1757 // block. 1758 if (Block) { 1759 Succ = Block; 1760 if (badCFG) 1761 return 0; 1762 } 1763 1764 // Process the false branch. 1765 CFGBlock *ElseBlock = Succ; 1766 1767 if (Stmt *Else = I->getElse()) { 1768 SaveAndRestore<CFGBlock*> sv(Succ); 1769 1770 // NULL out Block so that the recursive call to Visit will 1771 // create a new basic block. 1772 Block = NULL; 1773 1774 // If branch is not a compound statement create implicit scope 1775 // and add destructors. 1776 if (!isa<CompoundStmt>(Else)) 1777 addLocalScopeAndDtors(Else); 1778 1779 ElseBlock = addStmt(Else); 1780 1781 if (!ElseBlock) // Can occur when the Else body has all NullStmts. 1782 ElseBlock = sv.get(); 1783 else if (Block) { 1784 if (badCFG) 1785 return 0; 1786 } 1787 } 1788 1789 // Process the true branch. 1790 CFGBlock *ThenBlock; 1791 { 1792 Stmt *Then = I->getThen(); 1793 assert(Then); 1794 SaveAndRestore<CFGBlock*> sv(Succ); 1795 Block = NULL; 1796 1797 // If branch is not a compound statement create implicit scope 1798 // and add destructors. 1799 if (!isa<CompoundStmt>(Then)) 1800 addLocalScopeAndDtors(Then); 1801 1802 ThenBlock = addStmt(Then); 1803 1804 if (!ThenBlock) { 1805 // We can reach here if the "then" body has all NullStmts. 1806 // Create an empty block so we can distinguish between true and false 1807 // branches in path-sensitive analyses. 1808 ThenBlock = createBlock(false); 1809 addSuccessor(ThenBlock, sv.get()); 1810 } else if (Block) { 1811 if (badCFG) 1812 return 0; 1813 } 1814 } 1815 1816 // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by 1817 // having these handle the actual control-flow jump. Note that 1818 // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)" 1819 // we resort to the old control-flow behavior. This special handling 1820 // removes infeasible paths from the control-flow graph by having the 1821 // control-flow transfer of '&&' or '||' go directly into the then/else 1822 // blocks directly. 1823 if (!I->getConditionVariable()) 1824 if (BinaryOperator *Cond = 1825 dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens())) 1826 if (Cond->isLogicalOp()) 1827 return VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first; 1828 1829 // Now create a new block containing the if statement. 1830 Block = createBlock(false); 1831 1832 // Set the terminator of the new block to the If statement. 1833 Block->setTerminator(I); 1834 1835 // See if this is a known constant. 1836 const TryResult &KnownVal = tryEvaluateBool(I->getCond()); 1837 1838 // Now add the successors. 1839 addSuccessor(Block, KnownVal.isFalse() ? NULL : ThenBlock); 1840 addSuccessor(Block, KnownVal.isTrue()? NULL : ElseBlock); 1841 1842 // Add the condition as the last statement in the new block. This may create 1843 // new blocks as the condition may contain control-flow. Any newly created 1844 // blocks will be pointed to be "Block". 1845 CFGBlock *LastBlock = addStmt(I->getCond()); 1846 1847 // Finally, if the IfStmt contains a condition variable, add both the IfStmt 1848 // and the condition variable initialization to the CFG. 1849 if (VarDecl *VD = I->getConditionVariable()) { 1850 if (Expr *Init = VD->getInit()) { 1851 autoCreateBlock(); 1852 appendStmt(Block, I->getConditionVariableDeclStmt()); 1853 LastBlock = addStmt(Init); 1854 } 1855 } 1856 1857 return LastBlock; 1858} 1859 1860 1861CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) { 1862 // If we were in the middle of a block we stop processing that block. 1863 // 1864 // NOTE: If a "return" appears in the middle of a block, this means that the 1865 // code afterwards is DEAD (unreachable). We still keep a basic block 1866 // for that code; a simple "mark-and-sweep" from the entry block will be 1867 // able to report such dead blocks. 1868 1869 // Create the new block. 1870 Block = createBlock(false); 1871 1872 // The Exit block is the only successor. 1873 addAutomaticObjDtors(ScopePos, LocalScope::const_iterator(), R); 1874 addSuccessor(Block, &cfg->getExit()); 1875 1876 // Add the return statement to the block. This may create new blocks if R 1877 // contains control-flow (short-circuit operations). 1878 return VisitStmt(R, AddStmtChoice::AlwaysAdd); 1879} 1880 1881CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) { 1882 // Get the block of the labeled statement. Add it to our map. 1883 addStmt(L->getSubStmt()); 1884 CFGBlock *LabelBlock = Block; 1885 1886 if (!LabelBlock) // This can happen when the body is empty, i.e. 1887 LabelBlock = createBlock(); // scopes that only contains NullStmts. 1888 1889 assert(LabelMap.find(L->getDecl()) == LabelMap.end() && 1890 "label already in map"); 1891 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos); 1892 1893 // Labels partition blocks, so this is the end of the basic block we were 1894 // processing (L is the block's label). Because this is label (and we have 1895 // already processed the substatement) there is no extra control-flow to worry 1896 // about. 1897 LabelBlock->setLabel(L); 1898 if (badCFG) 1899 return 0; 1900 1901 // We set Block to NULL to allow lazy creation of a new block (if necessary); 1902 Block = NULL; 1903 1904 // This block is now the implicit successor of other blocks. 1905 Succ = LabelBlock; 1906 1907 return LabelBlock; 1908} 1909 1910CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) { 1911 CFGBlock *LastBlock = VisitNoRecurse(E, asc); 1912 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(), 1913 et = E->capture_init_end(); it != et; ++it) { 1914 if (Expr *Init = *it) { 1915 CFGBlock *Tmp = Visit(Init); 1916 if (Tmp != 0) 1917 LastBlock = Tmp; 1918 } 1919 } 1920 return LastBlock; 1921} 1922 1923CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) { 1924 // Goto is a control-flow statement. Thus we stop processing the current 1925 // block and create a new one. 1926 1927 Block = createBlock(false); 1928 Block->setTerminator(G); 1929 1930 // If we already know the mapping to the label block add the successor now. 1931 LabelMapTy::iterator I = LabelMap.find(G->getLabel()); 1932 1933 if (I == LabelMap.end()) 1934 // We will need to backpatch this block later. 1935 BackpatchBlocks.push_back(JumpSource(Block, ScopePos)); 1936 else { 1937 JumpTarget JT = I->second; 1938 addAutomaticObjDtors(ScopePos, JT.scopePosition, G); 1939 addSuccessor(Block, JT.block); 1940 } 1941 1942 return Block; 1943} 1944 1945CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) { 1946 CFGBlock *LoopSuccessor = NULL; 1947 1948 // Save local scope position because in case of condition variable ScopePos 1949 // won't be restored when traversing AST. 1950 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1951 1952 // Create local scope for init statement and possible condition variable. 1953 // Add destructor for init statement and condition variable. 1954 // Store scope position for continue statement. 1955 if (Stmt *Init = F->getInit()) 1956 addLocalScopeForStmt(Init); 1957 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 1958 1959 if (VarDecl *VD = F->getConditionVariable()) 1960 addLocalScopeForVarDecl(VD); 1961 LocalScope::const_iterator ContinueScopePos = ScopePos; 1962 1963 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), F); 1964 1965 // "for" is a control-flow statement. Thus we stop processing the current 1966 // block. 1967 if (Block) { 1968 if (badCFG) 1969 return 0; 1970 LoopSuccessor = Block; 1971 } else 1972 LoopSuccessor = Succ; 1973 1974 // Save the current value for the break targets. 1975 // All breaks should go to the code following the loop. 1976 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 1977 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 1978 1979 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 1980 1981 // Now create the loop body. 1982 { 1983 assert(F->getBody()); 1984 1985 // Save the current values for Block, Succ, continue and break targets. 1986 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 1987 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 1988 1989 // Create an empty block to represent the transition block for looping back 1990 // to the head of the loop. If we have increment code, it will 1991 // go in this block as well. 1992 Block = Succ = TransitionBlock = createBlock(false); 1993 TransitionBlock->setLoopTarget(F); 1994 1995 if (Stmt *I = F->getInc()) { 1996 // Generate increment code in its own basic block. This is the target of 1997 // continue statements. 1998 Succ = addStmt(I); 1999 } 2000 2001 // Finish up the increment (or empty) block if it hasn't been already. 2002 if (Block) { 2003 assert(Block == Succ); 2004 if (badCFG) 2005 return 0; 2006 Block = 0; 2007 } 2008 2009 // The starting block for the loop increment is the block that should 2010 // represent the 'loop target' for looping back to the start of the loop. 2011 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 2012 ContinueJumpTarget.block->setLoopTarget(F); 2013 2014 // Loop body should end with destructor of Condition variable (if any). 2015 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, F); 2016 2017 // If body is not a compound statement create implicit scope 2018 // and add destructors. 2019 if (!isa<CompoundStmt>(F->getBody())) 2020 addLocalScopeAndDtors(F->getBody()); 2021 2022 // Now populate the body block, and in the process create new blocks as we 2023 // walk the body of the loop. 2024 BodyBlock = addStmt(F->getBody()); 2025 2026 if (!BodyBlock) { 2027 // In the case of "for (...;...;...);" we can have a null BodyBlock. 2028 // Use the continue jump target as the proxy for the body. 2029 BodyBlock = ContinueJumpTarget.block; 2030 } 2031 else if (badCFG) 2032 return 0; 2033 } 2034 2035 // Because of short-circuit evaluation, the condition of the loop can span 2036 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2037 // evaluate the condition. 2038 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2039 2040 do { 2041 Expr *C = F->getCond(); 2042 2043 // Specially handle logical operators, which have a slightly 2044 // more optimal CFG representation. 2045 if (BinaryOperator *Cond = 2046 dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : 0)) 2047 if (Cond->isLogicalOp()) { 2048 llvm::tie(EntryConditionBlock, ExitConditionBlock) = 2049 VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor); 2050 break; 2051 } 2052 2053 // The default case when not handling logical operators. 2054 EntryConditionBlock = ExitConditionBlock = createBlock(false); 2055 ExitConditionBlock->setTerminator(F); 2056 2057 // See if this is a known constant. 2058 TryResult KnownVal(true); 2059 2060 if (C) { 2061 // Now add the actual condition to the condition block. 2062 // Because the condition itself may contain control-flow, new blocks may 2063 // be created. Thus we update "Succ" after adding the condition. 2064 Block = ExitConditionBlock; 2065 EntryConditionBlock = addStmt(C); 2066 2067 // If this block contains a condition variable, add both the condition 2068 // variable and initializer to the CFG. 2069 if (VarDecl *VD = F->getConditionVariable()) { 2070 if (Expr *Init = VD->getInit()) { 2071 autoCreateBlock(); 2072 appendStmt(Block, F->getConditionVariableDeclStmt()); 2073 EntryConditionBlock = addStmt(Init); 2074 assert(Block == EntryConditionBlock); 2075 } 2076 } 2077 2078 if (Block && badCFG) 2079 return 0; 2080 2081 KnownVal = tryEvaluateBool(C); 2082 } 2083 2084 // Add the loop body entry as a successor to the condition. 2085 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2086 // Link up the condition block with the code that follows the loop. (the 2087 // false branch). 2088 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2089 2090 } while (false); 2091 2092 // Link up the loop-back block to the entry condition block. 2093 addSuccessor(TransitionBlock, EntryConditionBlock); 2094 2095 // The condition block is the implicit successor for any code above the loop. 2096 Succ = EntryConditionBlock; 2097 2098 // If the loop contains initialization, create a new block for those 2099 // statements. This block can also contain statements that precede the loop. 2100 if (Stmt *I = F->getInit()) { 2101 Block = createBlock(); 2102 return addStmt(I); 2103 } 2104 2105 // There is no loop initialization. We are thus basically a while loop. 2106 // NULL out Block to force lazy block construction. 2107 Block = NULL; 2108 Succ = EntryConditionBlock; 2109 return EntryConditionBlock; 2110} 2111 2112CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) { 2113 if (asc.alwaysAdd(*this, M)) { 2114 autoCreateBlock(); 2115 appendStmt(Block, M); 2116 } 2117 return Visit(M->getBase()); 2118} 2119 2120CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) { 2121 // Objective-C fast enumeration 'for' statements: 2122 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC 2123 // 2124 // for ( Type newVariable in collection_expression ) { statements } 2125 // 2126 // becomes: 2127 // 2128 // prologue: 2129 // 1. collection_expression 2130 // T. jump to loop_entry 2131 // loop_entry: 2132 // 1. side-effects of element expression 2133 // 1. ObjCForCollectionStmt [performs binding to newVariable] 2134 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil] 2135 // TB: 2136 // statements 2137 // T. jump to loop_entry 2138 // FB: 2139 // what comes after 2140 // 2141 // and 2142 // 2143 // Type existingItem; 2144 // for ( existingItem in expression ) { statements } 2145 // 2146 // becomes: 2147 // 2148 // the same with newVariable replaced with existingItem; the binding works 2149 // the same except that for one ObjCForCollectionStmt::getElement() returns 2150 // a DeclStmt and the other returns a DeclRefExpr. 2151 // 2152 2153 CFGBlock *LoopSuccessor = 0; 2154 2155 if (Block) { 2156 if (badCFG) 2157 return 0; 2158 LoopSuccessor = Block; 2159 Block = 0; 2160 } else 2161 LoopSuccessor = Succ; 2162 2163 // Build the condition blocks. 2164 CFGBlock *ExitConditionBlock = createBlock(false); 2165 2166 // Set the terminator for the "exit" condition block. 2167 ExitConditionBlock->setTerminator(S); 2168 2169 // The last statement in the block should be the ObjCForCollectionStmt, which 2170 // performs the actual binding to 'element' and determines if there are any 2171 // more items in the collection. 2172 appendStmt(ExitConditionBlock, S); 2173 Block = ExitConditionBlock; 2174 2175 // Walk the 'element' expression to see if there are any side-effects. We 2176 // generate new blocks as necessary. We DON'T add the statement by default to 2177 // the CFG unless it contains control-flow. 2178 CFGBlock *EntryConditionBlock = Visit(S->getElement(), 2179 AddStmtChoice::NotAlwaysAdd); 2180 if (Block) { 2181 if (badCFG) 2182 return 0; 2183 Block = 0; 2184 } 2185 2186 // The condition block is the implicit successor for the loop body as well as 2187 // any code above the loop. 2188 Succ = EntryConditionBlock; 2189 2190 // Now create the true branch. 2191 { 2192 // Save the current values for Succ, continue and break targets. 2193 SaveAndRestore<CFGBlock*> save_Succ(Succ); 2194 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2195 save_break(BreakJumpTarget); 2196 2197 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2198 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos); 2199 2200 CFGBlock *BodyBlock = addStmt(S->getBody()); 2201 2202 if (!BodyBlock) 2203 BodyBlock = EntryConditionBlock; // can happen for "for (X in Y) ;" 2204 else if (Block) { 2205 if (badCFG) 2206 return 0; 2207 } 2208 2209 // This new body block is a successor to our "exit" condition block. 2210 addSuccessor(ExitConditionBlock, BodyBlock); 2211 } 2212 2213 // Link up the condition block with the code that follows the loop. 2214 // (the false branch). 2215 addSuccessor(ExitConditionBlock, LoopSuccessor); 2216 2217 // Now create a prologue block to contain the collection expression. 2218 Block = createBlock(); 2219 return addStmt(S->getCollection()); 2220} 2221 2222CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) { 2223 // Inline the body. 2224 return addStmt(S->getSubStmt()); 2225 // TODO: consider adding cleanups for the end of @autoreleasepool scope. 2226} 2227 2228CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) { 2229 // FIXME: Add locking 'primitives' to CFG for @synchronized. 2230 2231 // Inline the body. 2232 CFGBlock *SyncBlock = addStmt(S->getSynchBody()); 2233 2234 // The sync body starts its own basic block. This makes it a little easier 2235 // for diagnostic clients. 2236 if (SyncBlock) { 2237 if (badCFG) 2238 return 0; 2239 2240 Block = 0; 2241 Succ = SyncBlock; 2242 } 2243 2244 // Add the @synchronized to the CFG. 2245 autoCreateBlock(); 2246 appendStmt(Block, S); 2247 2248 // Inline the sync expression. 2249 return addStmt(S->getSynchExpr()); 2250} 2251 2252CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *S) { 2253 // FIXME 2254 return NYS(); 2255} 2256 2257CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) { 2258 autoCreateBlock(); 2259 2260 // Add the PseudoObject as the last thing. 2261 appendStmt(Block, E); 2262 2263 CFGBlock *lastBlock = Block; 2264 2265 // Before that, evaluate all of the semantics in order. In 2266 // CFG-land, that means appending them in reverse order. 2267 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) { 2268 Expr *Semantic = E->getSemanticExpr(--i); 2269 2270 // If the semantic is an opaque value, we're being asked to bind 2271 // it to its source expression. 2272 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic)) 2273 Semantic = OVE->getSourceExpr(); 2274 2275 if (CFGBlock *B = Visit(Semantic)) 2276 lastBlock = B; 2277 } 2278 2279 return lastBlock; 2280} 2281 2282CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) { 2283 CFGBlock *LoopSuccessor = NULL; 2284 2285 // Save local scope position because in case of condition variable ScopePos 2286 // won't be restored when traversing AST. 2287 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2288 2289 // Create local scope for possible condition variable. 2290 // Store scope position for continue statement. 2291 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2292 if (VarDecl *VD = W->getConditionVariable()) { 2293 addLocalScopeForVarDecl(VD); 2294 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2295 } 2296 2297 // "while" is a control-flow statement. Thus we stop processing the current 2298 // block. 2299 if (Block) { 2300 if (badCFG) 2301 return 0; 2302 LoopSuccessor = Block; 2303 Block = 0; 2304 } else { 2305 LoopSuccessor = Succ; 2306 } 2307 2308 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 2309 2310 // Process the loop body. 2311 { 2312 assert(W->getBody()); 2313 2314 // Save the current values for Block, Succ, continue and break targets. 2315 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2316 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2317 save_break(BreakJumpTarget); 2318 2319 // Create an empty block to represent the transition block for looping back 2320 // to the head of the loop. 2321 Succ = TransitionBlock = createBlock(false); 2322 TransitionBlock->setLoopTarget(W); 2323 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos); 2324 2325 // All breaks should go to the code following the loop. 2326 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2327 2328 // Loop body should end with destructor of Condition variable (if any). 2329 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2330 2331 // If body is not a compound statement create implicit scope 2332 // and add destructors. 2333 if (!isa<CompoundStmt>(W->getBody())) 2334 addLocalScopeAndDtors(W->getBody()); 2335 2336 // Create the body. The returned block is the entry to the loop body. 2337 BodyBlock = addStmt(W->getBody()); 2338 2339 if (!BodyBlock) 2340 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;" 2341 else if (Block && badCFG) 2342 return 0; 2343 } 2344 2345 // Because of short-circuit evaluation, the condition of the loop can span 2346 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2347 // evaluate the condition. 2348 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2349 2350 do { 2351 Expr *C = W->getCond(); 2352 2353 // Specially handle logical operators, which have a slightly 2354 // more optimal CFG representation. 2355 if (BinaryOperator *Cond = dyn_cast<BinaryOperator>(C->IgnoreParens())) 2356 if (Cond->isLogicalOp()) { 2357 llvm::tie(EntryConditionBlock, ExitConditionBlock) = 2358 VisitLogicalOperator(Cond, W, BodyBlock, 2359 LoopSuccessor); 2360 break; 2361 } 2362 2363 // The default case when not handling logical operators. 2364 ExitConditionBlock = createBlock(false); 2365 ExitConditionBlock->setTerminator(W); 2366 2367 // Now add the actual condition to the condition block. 2368 // Because the condition itself may contain control-flow, new blocks may 2369 // be created. Thus we update "Succ" after adding the condition. 2370 Block = ExitConditionBlock; 2371 Block = EntryConditionBlock = addStmt(C); 2372 2373 // If this block contains a condition variable, add both the condition 2374 // variable and initializer to the CFG. 2375 if (VarDecl *VD = W->getConditionVariable()) { 2376 if (Expr *Init = VD->getInit()) { 2377 autoCreateBlock(); 2378 appendStmt(Block, W->getConditionVariableDeclStmt()); 2379 EntryConditionBlock = addStmt(Init); 2380 assert(Block == EntryConditionBlock); 2381 } 2382 } 2383 2384 if (Block && badCFG) 2385 return 0; 2386 2387 // See if this is a known constant. 2388 const TryResult& KnownVal = tryEvaluateBool(C); 2389 2390 // Add the loop body entry as a successor to the condition. 2391 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2392 // Link up the condition block with the code that follows the loop. (the 2393 // false branch). 2394 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2395 2396 } while(false); 2397 2398 // Link up the loop-back block to the entry condition block. 2399 addSuccessor(TransitionBlock, EntryConditionBlock); 2400 2401 // There can be no more statements in the condition block since we loop back 2402 // to this block. NULL out Block to force lazy creation of another block. 2403 Block = NULL; 2404 2405 // Return the condition block, which is the dominating block for the loop. 2406 Succ = EntryConditionBlock; 2407 return EntryConditionBlock; 2408} 2409 2410 2411CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *S) { 2412 // FIXME: For now we pretend that @catch and the code it contains does not 2413 // exit. 2414 return Block; 2415} 2416 2417CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) { 2418 // FIXME: This isn't complete. We basically treat @throw like a return 2419 // statement. 2420 2421 // If we were in the middle of a block we stop processing that block. 2422 if (badCFG) 2423 return 0; 2424 2425 // Create the new block. 2426 Block = createBlock(false); 2427 2428 // The Exit block is the only successor. 2429 addSuccessor(Block, &cfg->getExit()); 2430 2431 // Add the statement to the block. This may create new blocks if S contains 2432 // control-flow (short-circuit operations). 2433 return VisitStmt(S, AddStmtChoice::AlwaysAdd); 2434} 2435 2436CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) { 2437 // If we were in the middle of a block we stop processing that block. 2438 if (badCFG) 2439 return 0; 2440 2441 // Create the new block. 2442 Block = createBlock(false); 2443 2444 if (TryTerminatedBlock) 2445 // The current try statement is the only successor. 2446 addSuccessor(Block, TryTerminatedBlock); 2447 else 2448 // otherwise the Exit block is the only successor. 2449 addSuccessor(Block, &cfg->getExit()); 2450 2451 // Add the statement to the block. This may create new blocks if S contains 2452 // control-flow (short-circuit operations). 2453 return VisitStmt(T, AddStmtChoice::AlwaysAdd); 2454} 2455 2456CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) { 2457 CFGBlock *LoopSuccessor = NULL; 2458 2459 // "do...while" is a control-flow statement. Thus we stop processing the 2460 // current block. 2461 if (Block) { 2462 if (badCFG) 2463 return 0; 2464 LoopSuccessor = Block; 2465 } else 2466 LoopSuccessor = Succ; 2467 2468 // Because of short-circuit evaluation, the condition of the loop can span 2469 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2470 // evaluate the condition. 2471 CFGBlock *ExitConditionBlock = createBlock(false); 2472 CFGBlock *EntryConditionBlock = ExitConditionBlock; 2473 2474 // Set the terminator for the "exit" condition block. 2475 ExitConditionBlock->setTerminator(D); 2476 2477 // Now add the actual condition to the condition block. Because the condition 2478 // itself may contain control-flow, new blocks may be created. 2479 if (Stmt *C = D->getCond()) { 2480 Block = ExitConditionBlock; 2481 EntryConditionBlock = addStmt(C); 2482 if (Block) { 2483 if (badCFG) 2484 return 0; 2485 } 2486 } 2487 2488 // The condition block is the implicit successor for the loop body. 2489 Succ = EntryConditionBlock; 2490 2491 // See if this is a known constant. 2492 const TryResult &KnownVal = tryEvaluateBool(D->getCond()); 2493 2494 // Process the loop body. 2495 CFGBlock *BodyBlock = NULL; 2496 { 2497 assert(D->getBody()); 2498 2499 // Save the current values for Block, Succ, and continue and break targets 2500 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2501 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2502 save_break(BreakJumpTarget); 2503 2504 // All continues within this loop should go to the condition block 2505 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos); 2506 2507 // All breaks should go to the code following the loop. 2508 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2509 2510 // NULL out Block to force lazy instantiation of blocks for the body. 2511 Block = NULL; 2512 2513 // If body is not a compound statement create implicit scope 2514 // and add destructors. 2515 if (!isa<CompoundStmt>(D->getBody())) 2516 addLocalScopeAndDtors(D->getBody()); 2517 2518 // Create the body. The returned block is the entry to the loop body. 2519 BodyBlock = addStmt(D->getBody()); 2520 2521 if (!BodyBlock) 2522 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)" 2523 else if (Block) { 2524 if (badCFG) 2525 return 0; 2526 } 2527 2528 if (!KnownVal.isFalse()) { 2529 // Add an intermediate block between the BodyBlock and the 2530 // ExitConditionBlock to represent the "loop back" transition. Create an 2531 // empty block to represent the transition block for looping back to the 2532 // head of the loop. 2533 // FIXME: Can we do this more efficiently without adding another block? 2534 Block = NULL; 2535 Succ = BodyBlock; 2536 CFGBlock *LoopBackBlock = createBlock(); 2537 LoopBackBlock->setLoopTarget(D); 2538 2539 // Add the loop body entry as a successor to the condition. 2540 addSuccessor(ExitConditionBlock, LoopBackBlock); 2541 } 2542 else 2543 addSuccessor(ExitConditionBlock, NULL); 2544 } 2545 2546 // Link up the condition block with the code that follows the loop. 2547 // (the false branch). 2548 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2549 2550 // There can be no more statements in the body block(s) since we loop back to 2551 // the body. NULL out Block to force lazy creation of another block. 2552 Block = NULL; 2553 2554 // Return the loop body, which is the dominating block for the loop. 2555 Succ = BodyBlock; 2556 return BodyBlock; 2557} 2558 2559CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) { 2560 // "continue" is a control-flow statement. Thus we stop processing the 2561 // current block. 2562 if (badCFG) 2563 return 0; 2564 2565 // Now create a new block that ends with the continue statement. 2566 Block = createBlock(false); 2567 Block->setTerminator(C); 2568 2569 // If there is no target for the continue, then we are looking at an 2570 // incomplete AST. This means the CFG cannot be constructed. 2571 if (ContinueJumpTarget.block) { 2572 addAutomaticObjDtors(ScopePos, ContinueJumpTarget.scopePosition, C); 2573 addSuccessor(Block, ContinueJumpTarget.block); 2574 } else 2575 badCFG = true; 2576 2577 return Block; 2578} 2579 2580CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 2581 AddStmtChoice asc) { 2582 2583 if (asc.alwaysAdd(*this, E)) { 2584 autoCreateBlock(); 2585 appendStmt(Block, E); 2586 } 2587 2588 // VLA types have expressions that must be evaluated. 2589 CFGBlock *lastBlock = Block; 2590 2591 if (E->isArgumentType()) { 2592 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr()); 2593 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) 2594 lastBlock = addStmt(VA->getSizeExpr()); 2595 } 2596 return lastBlock; 2597} 2598 2599/// VisitStmtExpr - Utility method to handle (nested) statement 2600/// expressions (a GCC extension). 2601CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) { 2602 if (asc.alwaysAdd(*this, SE)) { 2603 autoCreateBlock(); 2604 appendStmt(Block, SE); 2605 } 2606 return VisitCompoundStmt(SE->getSubStmt()); 2607} 2608 2609CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) { 2610 // "switch" is a control-flow statement. Thus we stop processing the current 2611 // block. 2612 CFGBlock *SwitchSuccessor = NULL; 2613 2614 // Save local scope position because in case of condition variable ScopePos 2615 // won't be restored when traversing AST. 2616 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2617 2618 // Create local scope for possible condition variable. 2619 // Store scope position. Add implicit destructor. 2620 if (VarDecl *VD = Terminator->getConditionVariable()) { 2621 LocalScope::const_iterator SwitchBeginScopePos = ScopePos; 2622 addLocalScopeForVarDecl(VD); 2623 addAutomaticObjDtors(ScopePos, SwitchBeginScopePos, Terminator); 2624 } 2625 2626 if (Block) { 2627 if (badCFG) 2628 return 0; 2629 SwitchSuccessor = Block; 2630 } else SwitchSuccessor = Succ; 2631 2632 // Save the current "switch" context. 2633 SaveAndRestore<CFGBlock*> save_switch(SwitchTerminatedBlock), 2634 save_default(DefaultCaseBlock); 2635 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2636 2637 // Set the "default" case to be the block after the switch statement. If the 2638 // switch statement contains a "default:", this value will be overwritten with 2639 // the block for that code. 2640 DefaultCaseBlock = SwitchSuccessor; 2641 2642 // Create a new block that will contain the switch statement. 2643 SwitchTerminatedBlock = createBlock(false); 2644 2645 // Now process the switch body. The code after the switch is the implicit 2646 // successor. 2647 Succ = SwitchSuccessor; 2648 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos); 2649 2650 // When visiting the body, the case statements should automatically get linked 2651 // up to the switch. We also don't keep a pointer to the body, since all 2652 // control-flow from the switch goes to case/default statements. 2653 assert(Terminator->getBody() && "switch must contain a non-NULL body"); 2654 Block = NULL; 2655 2656 // For pruning unreachable case statements, save the current state 2657 // for tracking the condition value. 2658 SaveAndRestore<bool> save_switchExclusivelyCovered(switchExclusivelyCovered, 2659 false); 2660 2661 // Determine if the switch condition can be explicitly evaluated. 2662 assert(Terminator->getCond() && "switch condition must be non-NULL"); 2663 Expr::EvalResult result; 2664 bool b = tryEvaluate(Terminator->getCond(), result); 2665 SaveAndRestore<Expr::EvalResult*> save_switchCond(switchCond, 2666 b ? &result : 0); 2667 2668 // If body is not a compound statement create implicit scope 2669 // and add destructors. 2670 if (!isa<CompoundStmt>(Terminator->getBody())) 2671 addLocalScopeAndDtors(Terminator->getBody()); 2672 2673 addStmt(Terminator->getBody()); 2674 if (Block) { 2675 if (badCFG) 2676 return 0; 2677 } 2678 2679 // If we have no "default:" case, the default transition is to the code 2680 // following the switch body. Moreover, take into account if all the 2681 // cases of a switch are covered (e.g., switching on an enum value). 2682 addSuccessor(SwitchTerminatedBlock, 2683 switchExclusivelyCovered || Terminator->isAllEnumCasesCovered() 2684 ? 0 : DefaultCaseBlock); 2685 2686 // Add the terminator and condition in the switch block. 2687 SwitchTerminatedBlock->setTerminator(Terminator); 2688 Block = SwitchTerminatedBlock; 2689 CFGBlock *LastBlock = addStmt(Terminator->getCond()); 2690 2691 // Finally, if the SwitchStmt contains a condition variable, add both the 2692 // SwitchStmt and the condition variable initialization to the CFG. 2693 if (VarDecl *VD = Terminator->getConditionVariable()) { 2694 if (Expr *Init = VD->getInit()) { 2695 autoCreateBlock(); 2696 appendStmt(Block, Terminator->getConditionVariableDeclStmt()); 2697 LastBlock = addStmt(Init); 2698 } 2699 } 2700 2701 return LastBlock; 2702} 2703 2704static bool shouldAddCase(bool &switchExclusivelyCovered, 2705 const Expr::EvalResult *switchCond, 2706 const CaseStmt *CS, 2707 ASTContext &Ctx) { 2708 if (!switchCond) 2709 return true; 2710 2711 bool addCase = false; 2712 2713 if (!switchExclusivelyCovered) { 2714 if (switchCond->Val.isInt()) { 2715 // Evaluate the LHS of the case value. 2716 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx); 2717 const llvm::APSInt &condInt = switchCond->Val.getInt(); 2718 2719 if (condInt == lhsInt) { 2720 addCase = true; 2721 switchExclusivelyCovered = true; 2722 } 2723 else if (condInt < lhsInt) { 2724 if (const Expr *RHS = CS->getRHS()) { 2725 // Evaluate the RHS of the case value. 2726 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx); 2727 if (V2 <= condInt) { 2728 addCase = true; 2729 switchExclusivelyCovered = true; 2730 } 2731 } 2732 } 2733 } 2734 else 2735 addCase = true; 2736 } 2737 return addCase; 2738} 2739 2740CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) { 2741 // CaseStmts are essentially labels, so they are the first statement in a 2742 // block. 2743 CFGBlock *TopBlock = 0, *LastBlock = 0; 2744 2745 if (Stmt *Sub = CS->getSubStmt()) { 2746 // For deeply nested chains of CaseStmts, instead of doing a recursion 2747 // (which can blow out the stack), manually unroll and create blocks 2748 // along the way. 2749 while (isa<CaseStmt>(Sub)) { 2750 CFGBlock *currentBlock = createBlock(false); 2751 currentBlock->setLabel(CS); 2752 2753 if (TopBlock) 2754 addSuccessor(LastBlock, currentBlock); 2755 else 2756 TopBlock = currentBlock; 2757 2758 addSuccessor(SwitchTerminatedBlock, 2759 shouldAddCase(switchExclusivelyCovered, switchCond, 2760 CS, *Context) 2761 ? currentBlock : 0); 2762 2763 LastBlock = currentBlock; 2764 CS = cast<CaseStmt>(Sub); 2765 Sub = CS->getSubStmt(); 2766 } 2767 2768 addStmt(Sub); 2769 } 2770 2771 CFGBlock *CaseBlock = Block; 2772 if (!CaseBlock) 2773 CaseBlock = createBlock(); 2774 2775 // Cases statements partition blocks, so this is the top of the basic block we 2776 // were processing (the "case XXX:" is the label). 2777 CaseBlock->setLabel(CS); 2778 2779 if (badCFG) 2780 return 0; 2781 2782 // Add this block to the list of successors for the block with the switch 2783 // statement. 2784 assert(SwitchTerminatedBlock); 2785 addSuccessor(SwitchTerminatedBlock, 2786 shouldAddCase(switchExclusivelyCovered, switchCond, 2787 CS, *Context) 2788 ? CaseBlock : 0); 2789 2790 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2791 Block = NULL; 2792 2793 if (TopBlock) { 2794 addSuccessor(LastBlock, CaseBlock); 2795 Succ = TopBlock; 2796 } else { 2797 // This block is now the implicit successor of other blocks. 2798 Succ = CaseBlock; 2799 } 2800 2801 return Succ; 2802} 2803 2804CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) { 2805 if (Terminator->getSubStmt()) 2806 addStmt(Terminator->getSubStmt()); 2807 2808 DefaultCaseBlock = Block; 2809 2810 if (!DefaultCaseBlock) 2811 DefaultCaseBlock = createBlock(); 2812 2813 // Default statements partition blocks, so this is the top of the basic block 2814 // we were processing (the "default:" is the label). 2815 DefaultCaseBlock->setLabel(Terminator); 2816 2817 if (badCFG) 2818 return 0; 2819 2820 // Unlike case statements, we don't add the default block to the successors 2821 // for the switch statement immediately. This is done when we finish 2822 // processing the switch statement. This allows for the default case 2823 // (including a fall-through to the code after the switch statement) to always 2824 // be the last successor of a switch-terminated block. 2825 2826 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2827 Block = NULL; 2828 2829 // This block is now the implicit successor of other blocks. 2830 Succ = DefaultCaseBlock; 2831 2832 return DefaultCaseBlock; 2833} 2834 2835CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) { 2836 // "try"/"catch" is a control-flow statement. Thus we stop processing the 2837 // current block. 2838 CFGBlock *TrySuccessor = NULL; 2839 2840 if (Block) { 2841 if (badCFG) 2842 return 0; 2843 TrySuccessor = Block; 2844 } else TrySuccessor = Succ; 2845 2846 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock; 2847 2848 // Create a new block that will contain the try statement. 2849 CFGBlock *NewTryTerminatedBlock = createBlock(false); 2850 // Add the terminator in the try block. 2851 NewTryTerminatedBlock->setTerminator(Terminator); 2852 2853 bool HasCatchAll = false; 2854 for (unsigned h = 0; h <Terminator->getNumHandlers(); ++h) { 2855 // The code after the try is the implicit successor. 2856 Succ = TrySuccessor; 2857 CXXCatchStmt *CS = Terminator->getHandler(h); 2858 if (CS->getExceptionDecl() == 0) { 2859 HasCatchAll = true; 2860 } 2861 Block = NULL; 2862 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS); 2863 if (CatchBlock == 0) 2864 return 0; 2865 // Add this block to the list of successors for the block with the try 2866 // statement. 2867 addSuccessor(NewTryTerminatedBlock, CatchBlock); 2868 } 2869 if (!HasCatchAll) { 2870 if (PrevTryTerminatedBlock) 2871 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock); 2872 else 2873 addSuccessor(NewTryTerminatedBlock, &cfg->getExit()); 2874 } 2875 2876 // The code after the try is the implicit successor. 2877 Succ = TrySuccessor; 2878 2879 // Save the current "try" context. 2880 SaveAndRestore<CFGBlock*> save_try(TryTerminatedBlock, NewTryTerminatedBlock); 2881 cfg->addTryDispatchBlock(TryTerminatedBlock); 2882 2883 assert(Terminator->getTryBlock() && "try must contain a non-NULL body"); 2884 Block = NULL; 2885 return addStmt(Terminator->getTryBlock()); 2886} 2887 2888CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) { 2889 // CXXCatchStmt are treated like labels, so they are the first statement in a 2890 // block. 2891 2892 // Save local scope position because in case of exception variable ScopePos 2893 // won't be restored when traversing AST. 2894 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2895 2896 // Create local scope for possible exception variable. 2897 // Store scope position. Add implicit destructor. 2898 if (VarDecl *VD = CS->getExceptionDecl()) { 2899 LocalScope::const_iterator BeginScopePos = ScopePos; 2900 addLocalScopeForVarDecl(VD); 2901 addAutomaticObjDtors(ScopePos, BeginScopePos, CS); 2902 } 2903 2904 if (CS->getHandlerBlock()) 2905 addStmt(CS->getHandlerBlock()); 2906 2907 CFGBlock *CatchBlock = Block; 2908 if (!CatchBlock) 2909 CatchBlock = createBlock(); 2910 2911 // CXXCatchStmt is more than just a label. They have semantic meaning 2912 // as well, as they implicitly "initialize" the catch variable. Add 2913 // it to the CFG as a CFGElement so that the control-flow of these 2914 // semantics gets captured. 2915 appendStmt(CatchBlock, CS); 2916 2917 // Also add the CXXCatchStmt as a label, to mirror handling of regular 2918 // labels. 2919 CatchBlock->setLabel(CS); 2920 2921 // Bail out if the CFG is bad. 2922 if (badCFG) 2923 return 0; 2924 2925 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2926 Block = NULL; 2927 2928 return CatchBlock; 2929} 2930 2931CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) { 2932 // C++0x for-range statements are specified as [stmt.ranged]: 2933 // 2934 // { 2935 // auto && __range = range-init; 2936 // for ( auto __begin = begin-expr, 2937 // __end = end-expr; 2938 // __begin != __end; 2939 // ++__begin ) { 2940 // for-range-declaration = *__begin; 2941 // statement 2942 // } 2943 // } 2944 2945 // Save local scope position before the addition of the implicit variables. 2946 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2947 2948 // Create local scopes and destructors for range, begin and end variables. 2949 if (Stmt *Range = S->getRangeStmt()) 2950 addLocalScopeForStmt(Range); 2951 if (Stmt *BeginEnd = S->getBeginEndStmt()) 2952 addLocalScopeForStmt(BeginEnd); 2953 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), S); 2954 2955 LocalScope::const_iterator ContinueScopePos = ScopePos; 2956 2957 // "for" is a control-flow statement. Thus we stop processing the current 2958 // block. 2959 CFGBlock *LoopSuccessor = NULL; 2960 if (Block) { 2961 if (badCFG) 2962 return 0; 2963 LoopSuccessor = Block; 2964 } else 2965 LoopSuccessor = Succ; 2966 2967 // Save the current value for the break targets. 2968 // All breaks should go to the code following the loop. 2969 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2970 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2971 2972 // The block for the __begin != __end expression. 2973 CFGBlock *ConditionBlock = createBlock(false); 2974 ConditionBlock->setTerminator(S); 2975 2976 // Now add the actual condition to the condition block. 2977 if (Expr *C = S->getCond()) { 2978 Block = ConditionBlock; 2979 CFGBlock *BeginConditionBlock = addStmt(C); 2980 if (badCFG) 2981 return 0; 2982 assert(BeginConditionBlock == ConditionBlock && 2983 "condition block in for-range was unexpectedly complex"); 2984 (void)BeginConditionBlock; 2985 } 2986 2987 // The condition block is the implicit successor for the loop body as well as 2988 // any code above the loop. 2989 Succ = ConditionBlock; 2990 2991 // See if this is a known constant. 2992 TryResult KnownVal(true); 2993 2994 if (S->getCond()) 2995 KnownVal = tryEvaluateBool(S->getCond()); 2996 2997 // Now create the loop body. 2998 { 2999 assert(S->getBody()); 3000 3001 // Save the current values for Block, Succ, and continue targets. 3002 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 3003 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 3004 3005 // Generate increment code in its own basic block. This is the target of 3006 // continue statements. 3007 Block = 0; 3008 Succ = addStmt(S->getInc()); 3009 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 3010 3011 // The starting block for the loop increment is the block that should 3012 // represent the 'loop target' for looping back to the start of the loop. 3013 ContinueJumpTarget.block->setLoopTarget(S); 3014 3015 // Finish up the increment block and prepare to start the loop body. 3016 assert(Block); 3017 if (badCFG) 3018 return 0; 3019 Block = 0; 3020 3021 3022 // Add implicit scope and dtors for loop variable. 3023 addLocalScopeAndDtors(S->getLoopVarStmt()); 3024 3025 // Populate a new block to contain the loop body and loop variable. 3026 addStmt(S->getBody()); 3027 if (badCFG) 3028 return 0; 3029 CFGBlock *LoopVarStmtBlock = addStmt(S->getLoopVarStmt()); 3030 if (badCFG) 3031 return 0; 3032 3033 // This new body block is a successor to our condition block. 3034 addSuccessor(ConditionBlock, KnownVal.isFalse() ? 0 : LoopVarStmtBlock); 3035 } 3036 3037 // Link up the condition block with the code that follows the loop (the 3038 // false branch). 3039 addSuccessor(ConditionBlock, KnownVal.isTrue() ? 0 : LoopSuccessor); 3040 3041 // Add the initialization statements. 3042 Block = createBlock(); 3043 addStmt(S->getBeginEndStmt()); 3044 return addStmt(S->getRangeStmt()); 3045} 3046 3047CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E, 3048 AddStmtChoice asc) { 3049 if (BuildOpts.AddTemporaryDtors) { 3050 // If adding implicit destructors visit the full expression for adding 3051 // destructors of temporaries. 3052 VisitForTemporaryDtors(E->getSubExpr()); 3053 3054 // Full expression has to be added as CFGStmt so it will be sequenced 3055 // before destructors of it's temporaries. 3056 asc = asc.withAlwaysAdd(true); 3057 } 3058 return Visit(E->getSubExpr(), asc); 3059} 3060 3061CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 3062 AddStmtChoice asc) { 3063 if (asc.alwaysAdd(*this, E)) { 3064 autoCreateBlock(); 3065 appendStmt(Block, E); 3066 3067 // We do not want to propagate the AlwaysAdd property. 3068 asc = asc.withAlwaysAdd(false); 3069 } 3070 return Visit(E->getSubExpr(), asc); 3071} 3072 3073CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C, 3074 AddStmtChoice asc) { 3075 autoCreateBlock(); 3076 appendStmt(Block, C); 3077 3078 return VisitChildren(C); 3079} 3080 3081CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 3082 AddStmtChoice asc) { 3083 if (asc.alwaysAdd(*this, E)) { 3084 autoCreateBlock(); 3085 appendStmt(Block, E); 3086 // We do not want to propagate the AlwaysAdd property. 3087 asc = asc.withAlwaysAdd(false); 3088 } 3089 return Visit(E->getSubExpr(), asc); 3090} 3091 3092CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 3093 AddStmtChoice asc) { 3094 autoCreateBlock(); 3095 appendStmt(Block, C); 3096 return VisitChildren(C); 3097} 3098 3099CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E, 3100 AddStmtChoice asc) { 3101 if (asc.alwaysAdd(*this, E)) { 3102 autoCreateBlock(); 3103 appendStmt(Block, E); 3104 } 3105 return Visit(E->getSubExpr(), AddStmtChoice()); 3106} 3107 3108CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3109 // Lazily create the indirect-goto dispatch block if there isn't one already. 3110 CFGBlock *IBlock = cfg->getIndirectGotoBlock(); 3111 3112 if (!IBlock) { 3113 IBlock = createBlock(false); 3114 cfg->setIndirectGotoBlock(IBlock); 3115 } 3116 3117 // IndirectGoto is a control-flow statement. Thus we stop processing the 3118 // current block and create a new one. 3119 if (badCFG) 3120 return 0; 3121 3122 Block = createBlock(false); 3123 Block->setTerminator(I); 3124 addSuccessor(Block, IBlock); 3125 return addStmt(I->getTarget()); 3126} 3127 3128CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary) { 3129 assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors); 3130 3131tryAgain: 3132 if (!E) { 3133 badCFG = true; 3134 return NULL; 3135 } 3136 switch (E->getStmtClass()) { 3137 default: 3138 return VisitChildrenForTemporaryDtors(E); 3139 3140 case Stmt::BinaryOperatorClass: 3141 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E)); 3142 3143 case Stmt::CXXBindTemporaryExprClass: 3144 return VisitCXXBindTemporaryExprForTemporaryDtors( 3145 cast<CXXBindTemporaryExpr>(E), BindToTemporary); 3146 3147 case Stmt::BinaryConditionalOperatorClass: 3148 case Stmt::ConditionalOperatorClass: 3149 return VisitConditionalOperatorForTemporaryDtors( 3150 cast<AbstractConditionalOperator>(E), BindToTemporary); 3151 3152 case Stmt::ImplicitCastExprClass: 3153 // For implicit cast we want BindToTemporary to be passed further. 3154 E = cast<CastExpr>(E)->getSubExpr(); 3155 goto tryAgain; 3156 3157 case Stmt::ParenExprClass: 3158 E = cast<ParenExpr>(E)->getSubExpr(); 3159 goto tryAgain; 3160 3161 case Stmt::MaterializeTemporaryExprClass: 3162 E = cast<MaterializeTemporaryExpr>(E)->GetTemporaryExpr(); 3163 goto tryAgain; 3164 } 3165} 3166 3167CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E) { 3168 // When visiting children for destructors we want to visit them in reverse 3169 // order that they will appear in the CFG. Because the CFG is built 3170 // bottom-up, this means we visit them in their natural order, which 3171 // reverses them in the CFG. 3172 CFGBlock *B = Block; 3173 for (Stmt::child_range I = E->children(); I; ++I) { 3174 if (Stmt *Child = *I) 3175 if (CFGBlock *R = VisitForTemporaryDtors(Child)) 3176 B = R; 3177 } 3178 return B; 3179} 3180 3181CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E) { 3182 if (E->isLogicalOp()) { 3183 // Destructors for temporaries in LHS expression should be called after 3184 // those for RHS expression. Even if this will unnecessarily create a block, 3185 // this block will be used at least by the full expression. 3186 autoCreateBlock(); 3187 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getLHS()); 3188 if (badCFG) 3189 return NULL; 3190 3191 Succ = ConfluenceBlock; 3192 Block = NULL; 3193 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3194 3195 if (RHSBlock) { 3196 if (badCFG) 3197 return NULL; 3198 3199 // If RHS expression did produce destructors we need to connect created 3200 // blocks to CFG in same manner as for binary operator itself. 3201 CFGBlock *LHSBlock = createBlock(false); 3202 LHSBlock->setTerminator(CFGTerminator(E, true)); 3203 3204 // For binary operator LHS block is before RHS in list of predecessors 3205 // of ConfluenceBlock. 3206 std::reverse(ConfluenceBlock->pred_begin(), 3207 ConfluenceBlock->pred_end()); 3208 3209 // See if this is a known constant. 3210 TryResult KnownVal = tryEvaluateBool(E->getLHS()); 3211 if (KnownVal.isKnown() && (E->getOpcode() == BO_LOr)) 3212 KnownVal.negate(); 3213 3214 // Link LHSBlock with RHSBlock exactly the same way as for binary operator 3215 // itself. 3216 if (E->getOpcode() == BO_LOr) { 3217 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3218 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3219 } else { 3220 assert (E->getOpcode() == BO_LAnd); 3221 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3222 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3223 } 3224 3225 Block = LHSBlock; 3226 return LHSBlock; 3227 } 3228 3229 Block = ConfluenceBlock; 3230 return ConfluenceBlock; 3231 } 3232 3233 if (E->isAssignmentOp()) { 3234 // For assignment operator (=) LHS expression is visited 3235 // before RHS expression. For destructors visit them in reverse order. 3236 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3237 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3238 return LHSBlock ? LHSBlock : RHSBlock; 3239 } 3240 3241 // For any other binary operator RHS expression is visited before 3242 // LHS expression (order of children). For destructors visit them in reverse 3243 // order. 3244 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3245 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3246 return RHSBlock ? RHSBlock : LHSBlock; 3247} 3248 3249CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors( 3250 CXXBindTemporaryExpr *E, bool BindToTemporary) { 3251 // First add destructors for temporaries in subexpression. 3252 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr()); 3253 if (!BindToTemporary) { 3254 // If lifetime of temporary is not prolonged (by assigning to constant 3255 // reference) add destructor for it. 3256 3257 // If the destructor is marked as a no-return destructor, we need to create 3258 // a new block for the destructor which does not have as a successor 3259 // anything built thus far. Control won't flow out of this block. 3260 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor(); 3261 if (Dtor->isNoReturn()) 3262 Block = createNoReturnBlock(); 3263 else 3264 autoCreateBlock(); 3265 3266 appendTemporaryDtor(Block, E); 3267 B = Block; 3268 } 3269 return B; 3270} 3271 3272CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors( 3273 AbstractConditionalOperator *E, bool BindToTemporary) { 3274 // First add destructors for condition expression. Even if this will 3275 // unnecessarily create a block, this block will be used at least by the full 3276 // expression. 3277 autoCreateBlock(); 3278 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getCond()); 3279 if (badCFG) 3280 return NULL; 3281 if (BinaryConditionalOperator *BCO 3282 = dyn_cast<BinaryConditionalOperator>(E)) { 3283 ConfluenceBlock = VisitForTemporaryDtors(BCO->getCommon()); 3284 if (badCFG) 3285 return NULL; 3286 } 3287 3288 // Try to add block with destructors for LHS expression. 3289 CFGBlock *LHSBlock = NULL; 3290 Succ = ConfluenceBlock; 3291 Block = NULL; 3292 LHSBlock = VisitForTemporaryDtors(E->getTrueExpr(), BindToTemporary); 3293 if (badCFG) 3294 return NULL; 3295 3296 // Try to add block with destructors for RHS expression; 3297 Succ = ConfluenceBlock; 3298 Block = NULL; 3299 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getFalseExpr(), 3300 BindToTemporary); 3301 if (badCFG) 3302 return NULL; 3303 3304 if (!RHSBlock && !LHSBlock) { 3305 // If neither LHS nor RHS expression had temporaries to destroy don't create 3306 // more blocks. 3307 Block = ConfluenceBlock; 3308 return Block; 3309 } 3310 3311 Block = createBlock(false); 3312 Block->setTerminator(CFGTerminator(E, true)); 3313 3314 // See if this is a known constant. 3315 const TryResult &KnownVal = tryEvaluateBool(E->getCond()); 3316 3317 if (LHSBlock) { 3318 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 3319 } else if (KnownVal.isFalse()) { 3320 addSuccessor(Block, NULL); 3321 } else { 3322 addSuccessor(Block, ConfluenceBlock); 3323 std::reverse(ConfluenceBlock->pred_begin(), ConfluenceBlock->pred_end()); 3324 } 3325 3326 if (!RHSBlock) 3327 RHSBlock = ConfluenceBlock; 3328 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 3329 3330 return Block; 3331} 3332 3333} // end anonymous namespace 3334 3335/// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has 3336/// no successors or predecessors. If this is the first block created in the 3337/// CFG, it is automatically set to be the Entry and Exit of the CFG. 3338CFGBlock *CFG::createBlock() { 3339 bool first_block = begin() == end(); 3340 3341 // Create the block. 3342 CFGBlock *Mem = getAllocator().Allocate<CFGBlock>(); 3343 new (Mem) CFGBlock(NumBlockIDs++, BlkBVC, this); 3344 Blocks.push_back(Mem, BlkBVC); 3345 3346 // If this is the first block, set it as the Entry and Exit. 3347 if (first_block) 3348 Entry = Exit = &back(); 3349 3350 // Return the block. 3351 return &back(); 3352} 3353 3354/// buildCFG - Constructs a CFG from an AST. Ownership of the returned 3355/// CFG is returned to the caller. 3356CFG* CFG::buildCFG(const Decl *D, Stmt *Statement, ASTContext *C, 3357 const BuildOptions &BO) { 3358 CFGBuilder Builder(C, BO); 3359 return Builder.buildCFG(D, Statement); 3360} 3361 3362const CXXDestructorDecl * 3363CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const { 3364 switch (getKind()) { 3365 case CFGElement::Statement: 3366 case CFGElement::Initializer: 3367 llvm_unreachable("getDestructorDecl should only be used with " 3368 "ImplicitDtors"); 3369 case CFGElement::AutomaticObjectDtor: { 3370 const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl(); 3371 QualType ty = var->getType(); 3372 ty = ty.getNonReferenceType(); 3373 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) { 3374 ty = arrayType->getElementType(); 3375 } 3376 const RecordType *recordType = ty->getAs<RecordType>(); 3377 const CXXRecordDecl *classDecl = 3378 cast<CXXRecordDecl>(recordType->getDecl()); 3379 return classDecl->getDestructor(); 3380 } 3381 case CFGElement::TemporaryDtor: { 3382 const CXXBindTemporaryExpr *bindExpr = 3383 castAs<CFGTemporaryDtor>().getBindTemporaryExpr(); 3384 const CXXTemporary *temp = bindExpr->getTemporary(); 3385 return temp->getDestructor(); 3386 } 3387 case CFGElement::BaseDtor: 3388 case CFGElement::MemberDtor: 3389 3390 // Not yet supported. 3391 return 0; 3392 } 3393 llvm_unreachable("getKind() returned bogus value"); 3394} 3395 3396bool CFGImplicitDtor::isNoReturn(ASTContext &astContext) const { 3397 if (const CXXDestructorDecl *DD = getDestructorDecl(astContext)) 3398 return DD->isNoReturn(); 3399 return false; 3400} 3401 3402//===----------------------------------------------------------------------===// 3403// CFG: Queries for BlkExprs. 3404//===----------------------------------------------------------------------===// 3405 3406namespace { 3407 typedef llvm::DenseMap<const Stmt*,unsigned> BlkExprMapTy; 3408} 3409 3410static void FindSubExprAssignments(const Stmt *S, 3411 llvm::SmallPtrSet<const Expr*,50>& Set) { 3412 if (!S) 3413 return; 3414 3415 for (Stmt::const_child_range I = S->children(); I; ++I) { 3416 const Stmt *child = *I; 3417 if (!child) 3418 continue; 3419 3420 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(child)) 3421 if (B->isAssignmentOp()) Set.insert(B); 3422 3423 FindSubExprAssignments(child, Set); 3424 } 3425} 3426 3427static BlkExprMapTy* PopulateBlkExprMap(CFG& cfg) { 3428 BlkExprMapTy* M = new BlkExprMapTy(); 3429 3430 // Look for assignments that are used as subexpressions. These are the only 3431 // assignments that we want to *possibly* register as a block-level 3432 // expression. Basically, if an assignment occurs both in a subexpression and 3433 // at the block-level, it is a block-level expression. 3434 llvm::SmallPtrSet<const Expr*,50> SubExprAssignments; 3435 3436 for (CFG::iterator I=cfg.begin(), E=cfg.end(); I != E; ++I) 3437 for (CFGBlock::iterator BI=(*I)->begin(), EI=(*I)->end(); BI != EI; ++BI) 3438 if (Optional<CFGStmt> S = BI->getAs<CFGStmt>()) 3439 FindSubExprAssignments(S->getStmt(), SubExprAssignments); 3440 3441 for (CFG::iterator I=cfg.begin(), E=cfg.end(); I != E; ++I) { 3442 3443 // Iterate over the statements again on identify the Expr* and Stmt* at the 3444 // block-level that are block-level expressions. 3445 3446 for (CFGBlock::iterator BI=(*I)->begin(), EI=(*I)->end(); BI != EI; ++BI) { 3447 Optional<CFGStmt> CS = BI->getAs<CFGStmt>(); 3448 if (!CS) 3449 continue; 3450 if (const Expr *Exp = dyn_cast<Expr>(CS->getStmt())) { 3451 assert((Exp->IgnoreParens() == Exp) && "No parens on block-level exps"); 3452 3453 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(Exp)) { 3454 // Assignment expressions that are not nested within another 3455 // expression are really "statements" whose value is never used by 3456 // another expression. 3457 if (B->isAssignmentOp() && !SubExprAssignments.count(Exp)) 3458 continue; 3459 } else if (const StmtExpr *SE = dyn_cast<StmtExpr>(Exp)) { 3460 // Special handling for statement expressions. The last statement in 3461 // the statement expression is also a block-level expr. 3462 const CompoundStmt *C = SE->getSubStmt(); 3463 if (!C->body_empty()) { 3464 const Stmt *Last = C->body_back(); 3465 if (const Expr *LastEx = dyn_cast<Expr>(Last)) 3466 Last = LastEx->IgnoreParens(); 3467 unsigned x = M->size(); 3468 (*M)[Last] = x; 3469 } 3470 } 3471 3472 unsigned x = M->size(); 3473 (*M)[Exp] = x; 3474 } 3475 } 3476 3477 // Look at terminators. The condition is a block-level expression. 3478 3479 Stmt *S = (*I)->getTerminatorCondition(); 3480 3481 if (S && M->find(S) == M->end()) { 3482 unsigned x = M->size(); 3483 (*M)[S] = x; 3484 } 3485 } 3486 3487 return M; 3488} 3489 3490CFG::BlkExprNumTy CFG::getBlkExprNum(const Stmt *S) { 3491 assert(S != NULL); 3492 if (!BlkExprMap) { BlkExprMap = (void*) PopulateBlkExprMap(*this); } 3493 3494 BlkExprMapTy* M = reinterpret_cast<BlkExprMapTy*>(BlkExprMap); 3495 BlkExprMapTy::iterator I = M->find(S); 3496 return (I == M->end()) ? CFG::BlkExprNumTy() : CFG::BlkExprNumTy(I->second); 3497} 3498 3499unsigned CFG::getNumBlkExprs() { 3500 if (const BlkExprMapTy* M = reinterpret_cast<const BlkExprMapTy*>(BlkExprMap)) 3501 return M->size(); 3502 3503 // We assume callers interested in the number of BlkExprs will want 3504 // the map constructed if it doesn't already exist. 3505 BlkExprMap = (void*) PopulateBlkExprMap(*this); 3506 return reinterpret_cast<BlkExprMapTy*>(BlkExprMap)->size(); 3507} 3508 3509//===----------------------------------------------------------------------===// 3510// Filtered walking of the CFG. 3511//===----------------------------------------------------------------------===// 3512 3513bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F, 3514 const CFGBlock *From, const CFGBlock *To) { 3515 3516 if (To && F.IgnoreDefaultsWithCoveredEnums) { 3517 // If the 'To' has no label or is labeled but the label isn't a 3518 // CaseStmt then filter this edge. 3519 if (const SwitchStmt *S = 3520 dyn_cast_or_null<SwitchStmt>(From->getTerminator().getStmt())) { 3521 if (S->isAllEnumCasesCovered()) { 3522 const Stmt *L = To->getLabel(); 3523 if (!L || !isa<CaseStmt>(L)) 3524 return true; 3525 } 3526 } 3527 } 3528 3529 return false; 3530} 3531 3532//===----------------------------------------------------------------------===// 3533// Cleanup: CFG dstor. 3534//===----------------------------------------------------------------------===// 3535 3536CFG::~CFG() { 3537 delete reinterpret_cast<const BlkExprMapTy*>(BlkExprMap); 3538} 3539 3540//===----------------------------------------------------------------------===// 3541// CFG pretty printing 3542//===----------------------------------------------------------------------===// 3543 3544namespace { 3545 3546class StmtPrinterHelper : public PrinterHelper { 3547 typedef llvm::DenseMap<const Stmt*,std::pair<unsigned,unsigned> > StmtMapTy; 3548 typedef llvm::DenseMap<const Decl*,std::pair<unsigned,unsigned> > DeclMapTy; 3549 StmtMapTy StmtMap; 3550 DeclMapTy DeclMap; 3551 signed currentBlock; 3552 unsigned currStmt; 3553 const LangOptions &LangOpts; 3554public: 3555 3556 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO) 3557 : currentBlock(0), currStmt(0), LangOpts(LO) 3558 { 3559 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) { 3560 unsigned j = 1; 3561 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ; 3562 BI != BEnd; ++BI, ++j ) { 3563 if (Optional<CFGStmt> SE = BI->getAs<CFGStmt>()) { 3564 const Stmt *stmt= SE->getStmt(); 3565 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j); 3566 StmtMap[stmt] = P; 3567 3568 switch (stmt->getStmtClass()) { 3569 case Stmt::DeclStmtClass: 3570 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P; 3571 break; 3572 case Stmt::IfStmtClass: { 3573 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable(); 3574 if (var) 3575 DeclMap[var] = P; 3576 break; 3577 } 3578 case Stmt::ForStmtClass: { 3579 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable(); 3580 if (var) 3581 DeclMap[var] = P; 3582 break; 3583 } 3584 case Stmt::WhileStmtClass: { 3585 const VarDecl *var = 3586 cast<WhileStmt>(stmt)->getConditionVariable(); 3587 if (var) 3588 DeclMap[var] = P; 3589 break; 3590 } 3591 case Stmt::SwitchStmtClass: { 3592 const VarDecl *var = 3593 cast<SwitchStmt>(stmt)->getConditionVariable(); 3594 if (var) 3595 DeclMap[var] = P; 3596 break; 3597 } 3598 case Stmt::CXXCatchStmtClass: { 3599 const VarDecl *var = 3600 cast<CXXCatchStmt>(stmt)->getExceptionDecl(); 3601 if (var) 3602 DeclMap[var] = P; 3603 break; 3604 } 3605 default: 3606 break; 3607 } 3608 } 3609 } 3610 } 3611 } 3612 3613 3614 virtual ~StmtPrinterHelper() {} 3615 3616 const LangOptions &getLangOpts() const { return LangOpts; } 3617 void setBlockID(signed i) { currentBlock = i; } 3618 void setStmtID(unsigned i) { currStmt = i; } 3619 3620 virtual bool handledStmt(Stmt *S, raw_ostream &OS) { 3621 StmtMapTy::iterator I = StmtMap.find(S); 3622 3623 if (I == StmtMap.end()) 3624 return false; 3625 3626 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3627 && I->second.second == currStmt) { 3628 return false; 3629 } 3630 3631 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3632 return true; 3633 } 3634 3635 bool handleDecl(const Decl *D, raw_ostream &OS) { 3636 DeclMapTy::iterator I = DeclMap.find(D); 3637 3638 if (I == DeclMap.end()) 3639 return false; 3640 3641 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3642 && I->second.second == currStmt) { 3643 return false; 3644 } 3645 3646 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3647 return true; 3648 } 3649}; 3650} // end anonymous namespace 3651 3652 3653namespace { 3654class CFGBlockTerminatorPrint 3655 : public StmtVisitor<CFGBlockTerminatorPrint,void> { 3656 3657 raw_ostream &OS; 3658 StmtPrinterHelper* Helper; 3659 PrintingPolicy Policy; 3660public: 3661 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper, 3662 const PrintingPolicy &Policy) 3663 : OS(os), Helper(helper), Policy(Policy) {} 3664 3665 void VisitIfStmt(IfStmt *I) { 3666 OS << "if "; 3667 I->getCond()->printPretty(OS,Helper,Policy); 3668 } 3669 3670 // Default case. 3671 void VisitStmt(Stmt *Terminator) { 3672 Terminator->printPretty(OS, Helper, Policy); 3673 } 3674 3675 void VisitDeclStmt(DeclStmt *DS) { 3676 VarDecl *VD = cast<VarDecl>(DS->getSingleDecl()); 3677 OS << "static init " << VD->getName(); 3678 } 3679 3680 void VisitForStmt(ForStmt *F) { 3681 OS << "for (" ; 3682 if (F->getInit()) 3683 OS << "..."; 3684 OS << "; "; 3685 if (Stmt *C = F->getCond()) 3686 C->printPretty(OS, Helper, Policy); 3687 OS << "; "; 3688 if (F->getInc()) 3689 OS << "..."; 3690 OS << ")"; 3691 } 3692 3693 void VisitWhileStmt(WhileStmt *W) { 3694 OS << "while " ; 3695 if (Stmt *C = W->getCond()) 3696 C->printPretty(OS, Helper, Policy); 3697 } 3698 3699 void VisitDoStmt(DoStmt *D) { 3700 OS << "do ... while "; 3701 if (Stmt *C = D->getCond()) 3702 C->printPretty(OS, Helper, Policy); 3703 } 3704 3705 void VisitSwitchStmt(SwitchStmt *Terminator) { 3706 OS << "switch "; 3707 Terminator->getCond()->printPretty(OS, Helper, Policy); 3708 } 3709 3710 void VisitCXXTryStmt(CXXTryStmt *CS) { 3711 OS << "try ..."; 3712 } 3713 3714 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) { 3715 C->getCond()->printPretty(OS, Helper, Policy); 3716 OS << " ? ... : ..."; 3717 } 3718 3719 void VisitChooseExpr(ChooseExpr *C) { 3720 OS << "__builtin_choose_expr( "; 3721 C->getCond()->printPretty(OS, Helper, Policy); 3722 OS << " )"; 3723 } 3724 3725 void VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3726 OS << "goto *"; 3727 I->getTarget()->printPretty(OS, Helper, Policy); 3728 } 3729 3730 void VisitBinaryOperator(BinaryOperator* B) { 3731 if (!B->isLogicalOp()) { 3732 VisitExpr(B); 3733 return; 3734 } 3735 3736 B->getLHS()->printPretty(OS, Helper, Policy); 3737 3738 switch (B->getOpcode()) { 3739 case BO_LOr: 3740 OS << " || ..."; 3741 return; 3742 case BO_LAnd: 3743 OS << " && ..."; 3744 return; 3745 default: 3746 llvm_unreachable("Invalid logical operator."); 3747 } 3748 } 3749 3750 void VisitExpr(Expr *E) { 3751 E->printPretty(OS, Helper, Policy); 3752 } 3753}; 3754} // end anonymous namespace 3755 3756static void print_elem(raw_ostream &OS, StmtPrinterHelper* Helper, 3757 const CFGElement &E) { 3758 if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) { 3759 const Stmt *S = CS->getStmt(); 3760 3761 if (Helper) { 3762 3763 // special printing for statement-expressions. 3764 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) { 3765 const CompoundStmt *Sub = SE->getSubStmt(); 3766 3767 if (Sub->children()) { 3768 OS << "({ ... ; "; 3769 Helper->handledStmt(*SE->getSubStmt()->body_rbegin(),OS); 3770 OS << " })\n"; 3771 return; 3772 } 3773 } 3774 // special printing for comma expressions. 3775 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) { 3776 if (B->getOpcode() == BO_Comma) { 3777 OS << "... , "; 3778 Helper->handledStmt(B->getRHS(),OS); 3779 OS << '\n'; 3780 return; 3781 } 3782 } 3783 } 3784 S->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts())); 3785 3786 if (isa<CXXOperatorCallExpr>(S)) { 3787 OS << " (OperatorCall)"; 3788 } 3789 else if (isa<CXXBindTemporaryExpr>(S)) { 3790 OS << " (BindTemporary)"; 3791 } 3792 else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) { 3793 OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")"; 3794 } 3795 else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) { 3796 OS << " (" << CE->getStmtClassName() << ", " 3797 << CE->getCastKindName() 3798 << ", " << CE->getType().getAsString() 3799 << ")"; 3800 } 3801 3802 // Expressions need a newline. 3803 if (isa<Expr>(S)) 3804 OS << '\n'; 3805 3806 } else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) { 3807 const CXXCtorInitializer *I = IE->getInitializer(); 3808 if (I->isBaseInitializer()) 3809 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName(); 3810 else OS << I->getAnyMember()->getName(); 3811 3812 OS << "("; 3813 if (Expr *IE = I->getInit()) 3814 IE->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts())); 3815 OS << ")"; 3816 3817 if (I->isBaseInitializer()) 3818 OS << " (Base initializer)\n"; 3819 else OS << " (Member initializer)\n"; 3820 3821 } else if (Optional<CFGAutomaticObjDtor> DE = 3822 E.getAs<CFGAutomaticObjDtor>()) { 3823 const VarDecl *VD = DE->getVarDecl(); 3824 Helper->handleDecl(VD, OS); 3825 3826 const Type* T = VD->getType().getTypePtr(); 3827 if (const ReferenceType* RT = T->getAs<ReferenceType>()) 3828 T = RT->getPointeeType().getTypePtr(); 3829 T = T->getBaseElementTypeUnsafe(); 3830 3831 OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()"; 3832 OS << " (Implicit destructor)\n"; 3833 3834 } else if (Optional<CFGBaseDtor> BE = E.getAs<CFGBaseDtor>()) { 3835 const CXXBaseSpecifier *BS = BE->getBaseSpecifier(); 3836 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()"; 3837 OS << " (Base object destructor)\n"; 3838 3839 } else if (Optional<CFGMemberDtor> ME = E.getAs<CFGMemberDtor>()) { 3840 const FieldDecl *FD = ME->getFieldDecl(); 3841 const Type *T = FD->getType()->getBaseElementTypeUnsafe(); 3842 OS << "this->" << FD->getName(); 3843 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()"; 3844 OS << " (Member object destructor)\n"; 3845 3846 } else if (Optional<CFGTemporaryDtor> TE = E.getAs<CFGTemporaryDtor>()) { 3847 const CXXBindTemporaryExpr *BT = TE->getBindTemporaryExpr(); 3848 OS << "~" << BT->getType()->getAsCXXRecordDecl()->getName() << "()"; 3849 OS << " (Temporary object destructor)\n"; 3850 } 3851} 3852 3853static void print_block(raw_ostream &OS, const CFG* cfg, 3854 const CFGBlock &B, 3855 StmtPrinterHelper* Helper, bool print_edges, 3856 bool ShowColors) { 3857 3858 if (Helper) 3859 Helper->setBlockID(B.getBlockID()); 3860 3861 // Print the header. 3862 if (ShowColors) 3863 OS.changeColor(raw_ostream::YELLOW, true); 3864 3865 OS << "\n [B" << B.getBlockID(); 3866 3867 if (&B == &cfg->getEntry()) 3868 OS << " (ENTRY)]\n"; 3869 else if (&B == &cfg->getExit()) 3870 OS << " (EXIT)]\n"; 3871 else if (&B == cfg->getIndirectGotoBlock()) 3872 OS << " (INDIRECT GOTO DISPATCH)]\n"; 3873 else 3874 OS << "]\n"; 3875 3876 if (ShowColors) 3877 OS.resetColor(); 3878 3879 // Print the label of this block. 3880 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) { 3881 3882 if (print_edges) 3883 OS << " "; 3884 3885 if (LabelStmt *L = dyn_cast<LabelStmt>(Label)) 3886 OS << L->getName(); 3887 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) { 3888 OS << "case "; 3889 C->getLHS()->printPretty(OS, Helper, 3890 PrintingPolicy(Helper->getLangOpts())); 3891 if (C->getRHS()) { 3892 OS << " ... "; 3893 C->getRHS()->printPretty(OS, Helper, 3894 PrintingPolicy(Helper->getLangOpts())); 3895 } 3896 } else if (isa<DefaultStmt>(Label)) 3897 OS << "default"; 3898 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) { 3899 OS << "catch ("; 3900 if (CS->getExceptionDecl()) 3901 CS->getExceptionDecl()->print(OS, PrintingPolicy(Helper->getLangOpts()), 3902 0); 3903 else 3904 OS << "..."; 3905 OS << ")"; 3906 3907 } else 3908 llvm_unreachable("Invalid label statement in CFGBlock."); 3909 3910 OS << ":\n"; 3911 } 3912 3913 // Iterate through the statements in the block and print them. 3914 unsigned j = 1; 3915 3916 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ; 3917 I != E ; ++I, ++j ) { 3918 3919 // Print the statement # in the basic block and the statement itself. 3920 if (print_edges) 3921 OS << " "; 3922 3923 OS << llvm::format("%3d", j) << ": "; 3924 3925 if (Helper) 3926 Helper->setStmtID(j); 3927 3928 print_elem(OS, Helper, *I); 3929 } 3930 3931 // Print the terminator of this block. 3932 if (B.getTerminator()) { 3933 if (ShowColors) 3934 OS.changeColor(raw_ostream::GREEN); 3935 3936 OS << " T: "; 3937 3938 if (Helper) Helper->setBlockID(-1); 3939 3940 PrintingPolicy PP(Helper ? Helper->getLangOpts() : LangOptions()); 3941 CFGBlockTerminatorPrint TPrinter(OS, Helper, PP); 3942 TPrinter.Visit(const_cast<Stmt*>(B.getTerminator().getStmt())); 3943 OS << '\n'; 3944 3945 if (ShowColors) 3946 OS.resetColor(); 3947 } 3948 3949 if (print_edges) { 3950 // Print the predecessors of this block. 3951 if (!B.pred_empty()) { 3952 const raw_ostream::Colors Color = raw_ostream::BLUE; 3953 if (ShowColors) 3954 OS.changeColor(Color); 3955 OS << " Preds " ; 3956 if (ShowColors) 3957 OS.resetColor(); 3958 OS << '(' << B.pred_size() << "):"; 3959 unsigned i = 0; 3960 3961 if (ShowColors) 3962 OS.changeColor(Color); 3963 3964 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end(); 3965 I != E; ++I, ++i) { 3966 3967 if (i % 10 == 8) 3968 OS << "\n "; 3969 3970 OS << " B" << (*I)->getBlockID(); 3971 } 3972 3973 if (ShowColors) 3974 OS.resetColor(); 3975 3976 OS << '\n'; 3977 } 3978 3979 // Print the successors of this block. 3980 if (!B.succ_empty()) { 3981 const raw_ostream::Colors Color = raw_ostream::MAGENTA; 3982 if (ShowColors) 3983 OS.changeColor(Color); 3984 OS << " Succs "; 3985 if (ShowColors) 3986 OS.resetColor(); 3987 OS << '(' << B.succ_size() << "):"; 3988 unsigned i = 0; 3989 3990 if (ShowColors) 3991 OS.changeColor(Color); 3992 3993 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end(); 3994 I != E; ++I, ++i) { 3995 3996 if (i % 10 == 8) 3997 OS << "\n "; 3998 3999 if (*I) 4000 OS << " B" << (*I)->getBlockID(); 4001 else 4002 OS << " NULL"; 4003 } 4004 4005 if (ShowColors) 4006 OS.resetColor(); 4007 OS << '\n'; 4008 } 4009 } 4010} 4011 4012 4013/// dump - A simple pretty printer of a CFG that outputs to stderr. 4014void CFG::dump(const LangOptions &LO, bool ShowColors) const { 4015 print(llvm::errs(), LO, ShowColors); 4016} 4017 4018/// print - A simple pretty printer of a CFG that outputs to an ostream. 4019void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const { 4020 StmtPrinterHelper Helper(this, LO); 4021 4022 // Print the entry block. 4023 print_block(OS, this, getEntry(), &Helper, true, ShowColors); 4024 4025 // Iterate through the CFGBlocks and print them one by one. 4026 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) { 4027 // Skip the entry block, because we already printed it. 4028 if (&(**I) == &getEntry() || &(**I) == &getExit()) 4029 continue; 4030 4031 print_block(OS, this, **I, &Helper, true, ShowColors); 4032 } 4033 4034 // Print the exit block. 4035 print_block(OS, this, getExit(), &Helper, true, ShowColors); 4036 OS << '\n'; 4037 OS.flush(); 4038} 4039 4040/// dump - A simply pretty printer of a CFGBlock that outputs to stderr. 4041void CFGBlock::dump(const CFG* cfg, const LangOptions &LO, 4042 bool ShowColors) const { 4043 print(llvm::errs(), cfg, LO, ShowColors); 4044} 4045 4046/// print - A simple pretty printer of a CFGBlock that outputs to an ostream. 4047/// Generally this will only be called from CFG::print. 4048void CFGBlock::print(raw_ostream &OS, const CFG* cfg, 4049 const LangOptions &LO, bool ShowColors) const { 4050 StmtPrinterHelper Helper(cfg, LO); 4051 print_block(OS, cfg, *this, &Helper, true, ShowColors); 4052 OS << '\n'; 4053} 4054 4055/// printTerminator - A simple pretty printer of the terminator of a CFGBlock. 4056void CFGBlock::printTerminator(raw_ostream &OS, 4057 const LangOptions &LO) const { 4058 CFGBlockTerminatorPrint TPrinter(OS, NULL, PrintingPolicy(LO)); 4059 TPrinter.Visit(const_cast<Stmt*>(getTerminator().getStmt())); 4060} 4061 4062Stmt *CFGBlock::getTerminatorCondition() { 4063 Stmt *Terminator = this->Terminator; 4064 if (!Terminator) 4065 return NULL; 4066 4067 Expr *E = NULL; 4068 4069 switch (Terminator->getStmtClass()) { 4070 default: 4071 break; 4072 4073 case Stmt::ForStmtClass: 4074 E = cast<ForStmt>(Terminator)->getCond(); 4075 break; 4076 4077 case Stmt::WhileStmtClass: 4078 E = cast<WhileStmt>(Terminator)->getCond(); 4079 break; 4080 4081 case Stmt::DoStmtClass: 4082 E = cast<DoStmt>(Terminator)->getCond(); 4083 break; 4084 4085 case Stmt::IfStmtClass: 4086 E = cast<IfStmt>(Terminator)->getCond(); 4087 break; 4088 4089 case Stmt::ChooseExprClass: 4090 E = cast<ChooseExpr>(Terminator)->getCond(); 4091 break; 4092 4093 case Stmt::IndirectGotoStmtClass: 4094 E = cast<IndirectGotoStmt>(Terminator)->getTarget(); 4095 break; 4096 4097 case Stmt::SwitchStmtClass: 4098 E = cast<SwitchStmt>(Terminator)->getCond(); 4099 break; 4100 4101 case Stmt::BinaryConditionalOperatorClass: 4102 E = cast<BinaryConditionalOperator>(Terminator)->getCond(); 4103 break; 4104 4105 case Stmt::ConditionalOperatorClass: 4106 E = cast<ConditionalOperator>(Terminator)->getCond(); 4107 break; 4108 4109 case Stmt::BinaryOperatorClass: // '&&' and '||' 4110 E = cast<BinaryOperator>(Terminator)->getLHS(); 4111 break; 4112 4113 case Stmt::ObjCForCollectionStmtClass: 4114 return Terminator; 4115 } 4116 4117 return E ? E->IgnoreParens() : NULL; 4118} 4119 4120//===----------------------------------------------------------------------===// 4121// CFG Graphviz Visualization 4122//===----------------------------------------------------------------------===// 4123 4124 4125#ifndef NDEBUG 4126static StmtPrinterHelper* GraphHelper; 4127#endif 4128 4129void CFG::viewCFG(const LangOptions &LO) const { 4130#ifndef NDEBUG 4131 StmtPrinterHelper H(this, LO); 4132 GraphHelper = &H; 4133 llvm::ViewGraph(this,"CFG"); 4134 GraphHelper = NULL; 4135#endif 4136} 4137 4138namespace llvm { 4139template<> 4140struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits { 4141 4142 DOTGraphTraits (bool isSimple=false) : DefaultDOTGraphTraits(isSimple) {} 4143 4144 static std::string getNodeLabel(const CFGBlock *Node, const CFG* Graph) { 4145 4146#ifndef NDEBUG 4147 std::string OutSStr; 4148 llvm::raw_string_ostream Out(OutSStr); 4149 print_block(Out,Graph, *Node, GraphHelper, false, false); 4150 std::string& OutStr = Out.str(); 4151 4152 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin()); 4153 4154 // Process string output to make it nicer... 4155 for (unsigned i = 0; i != OutStr.length(); ++i) 4156 if (OutStr[i] == '\n') { // Left justify 4157 OutStr[i] = '\\'; 4158 OutStr.insert(OutStr.begin()+i+1, 'l'); 4159 } 4160 4161 return OutStr; 4162#else 4163 return ""; 4164#endif 4165 } 4166}; 4167} // end namespace llvm 4168