CFG.cpp revision 95ab9e306f4deefeabd89ea61987f4a8d67e0890
1 //===--- CFG.cpp - Classes for representing and building CFGs----*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the CFG and CFGBuilder classes for representing and 11// building Control-Flow Graphs (CFGs) from ASTs. 12// 13//===----------------------------------------------------------------------===// 14 15#include "clang/Analysis/CFG.h" 16#include "clang/AST/ASTContext.h" 17#include "clang/AST/Attr.h" 18#include "clang/AST/CharUnits.h" 19#include "clang/AST/DeclCXX.h" 20#include "clang/AST/PrettyPrinter.h" 21#include "clang/AST/StmtVisitor.h" 22#include "clang/Basic/Builtins.h" 23#include "llvm/ADT/DenseMap.h" 24#include "llvm/ADT/OwningPtr.h" 25#include "llvm/ADT/SmallPtrSet.h" 26#include "llvm/Support/Allocator.h" 27#include "llvm/Support/Format.h" 28#include "llvm/Support/GraphWriter.h" 29#include "llvm/Support/SaveAndRestore.h" 30 31using namespace clang; 32 33namespace { 34 35static SourceLocation GetEndLoc(Decl *D) { 36 if (VarDecl *VD = dyn_cast<VarDecl>(D)) 37 if (Expr *Ex = VD->getInit()) 38 return Ex->getSourceRange().getEnd(); 39 return D->getLocation(); 40} 41 42class CFGBuilder; 43 44/// The CFG builder uses a recursive algorithm to build the CFG. When 45/// we process an expression, sometimes we know that we must add the 46/// subexpressions as block-level expressions. For example: 47/// 48/// exp1 || exp2 49/// 50/// When processing the '||' expression, we know that exp1 and exp2 51/// need to be added as block-level expressions, even though they 52/// might not normally need to be. AddStmtChoice records this 53/// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then 54/// the builder has an option not to add a subexpression as a 55/// block-level expression. 56/// 57class AddStmtChoice { 58public: 59 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 }; 60 61 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {} 62 63 bool alwaysAdd(CFGBuilder &builder, 64 const Stmt *stmt) const; 65 66 /// Return a copy of this object, except with the 'always-add' bit 67 /// set as specified. 68 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const { 69 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd); 70 } 71 72private: 73 Kind kind; 74}; 75 76/// LocalScope - Node in tree of local scopes created for C++ implicit 77/// destructor calls generation. It contains list of automatic variables 78/// declared in the scope and link to position in previous scope this scope 79/// began in. 80/// 81/// The process of creating local scopes is as follows: 82/// - Init CFGBuilder::ScopePos with invalid position (equivalent for null), 83/// - Before processing statements in scope (e.g. CompoundStmt) create 84/// LocalScope object using CFGBuilder::ScopePos as link to previous scope 85/// and set CFGBuilder::ScopePos to the end of new scope, 86/// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points 87/// at this VarDecl, 88/// - For every normal (without jump) end of scope add to CFGBlock destructors 89/// for objects in the current scope, 90/// - For every jump add to CFGBlock destructors for objects 91/// between CFGBuilder::ScopePos and local scope position saved for jump 92/// target. Thanks to C++ restrictions on goto jumps we can be sure that 93/// jump target position will be on the path to root from CFGBuilder::ScopePos 94/// (adding any variable that doesn't need constructor to be called to 95/// LocalScope can break this assumption), 96/// 97class LocalScope { 98public: 99 typedef BumpVector<VarDecl*> AutomaticVarsTy; 100 101 /// const_iterator - Iterates local scope backwards and jumps to previous 102 /// scope on reaching the beginning of currently iterated scope. 103 class const_iterator { 104 const LocalScope* Scope; 105 106 /// VarIter is guaranteed to be greater then 0 for every valid iterator. 107 /// Invalid iterator (with null Scope) has VarIter equal to 0. 108 unsigned VarIter; 109 110 public: 111 /// Create invalid iterator. Dereferencing invalid iterator is not allowed. 112 /// Incrementing invalid iterator is allowed and will result in invalid 113 /// iterator. 114 const_iterator() 115 : Scope(NULL), VarIter(0) {} 116 117 /// Create valid iterator. In case when S.Prev is an invalid iterator and 118 /// I is equal to 0, this will create invalid iterator. 119 const_iterator(const LocalScope& S, unsigned I) 120 : Scope(&S), VarIter(I) { 121 // Iterator to "end" of scope is not allowed. Handle it by going up 122 // in scopes tree possibly up to invalid iterator in the root. 123 if (VarIter == 0 && Scope) 124 *this = Scope->Prev; 125 } 126 127 VarDecl *const* operator->() const { 128 assert (Scope && "Dereferencing invalid iterator is not allowed"); 129 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 130 return &Scope->Vars[VarIter - 1]; 131 } 132 VarDecl *operator*() const { 133 return *this->operator->(); 134 } 135 136 const_iterator &operator++() { 137 if (!Scope) 138 return *this; 139 140 assert (VarIter != 0 && "Iterator has invalid value of VarIter member"); 141 --VarIter; 142 if (VarIter == 0) 143 *this = Scope->Prev; 144 return *this; 145 } 146 const_iterator operator++(int) { 147 const_iterator P = *this; 148 ++*this; 149 return P; 150 } 151 152 bool operator==(const const_iterator &rhs) const { 153 return Scope == rhs.Scope && VarIter == rhs.VarIter; 154 } 155 bool operator!=(const const_iterator &rhs) const { 156 return !(*this == rhs); 157 } 158 159 LLVM_EXPLICIT operator bool() const { 160 return *this != const_iterator(); 161 } 162 163 int distance(const_iterator L); 164 }; 165 166 friend class const_iterator; 167 168private: 169 BumpVectorContext ctx; 170 171 /// Automatic variables in order of declaration. 172 AutomaticVarsTy Vars; 173 /// Iterator to variable in previous scope that was declared just before 174 /// begin of this scope. 175 const_iterator Prev; 176 177public: 178 /// Constructs empty scope linked to previous scope in specified place. 179 LocalScope(BumpVectorContext &ctx, const_iterator P) 180 : ctx(ctx), Vars(ctx, 4), Prev(P) {} 181 182 /// Begin of scope in direction of CFG building (backwards). 183 const_iterator begin() const { return const_iterator(*this, Vars.size()); } 184 185 void addVar(VarDecl *VD) { 186 Vars.push_back(VD, ctx); 187 } 188}; 189 190/// distance - Calculates distance from this to L. L must be reachable from this 191/// (with use of ++ operator). Cost of calculating the distance is linear w.r.t. 192/// number of scopes between this and L. 193int LocalScope::const_iterator::distance(LocalScope::const_iterator L) { 194 int D = 0; 195 const_iterator F = *this; 196 while (F.Scope != L.Scope) { 197 assert (F != const_iterator() 198 && "L iterator is not reachable from F iterator."); 199 D += F.VarIter; 200 F = F.Scope->Prev; 201 } 202 D += F.VarIter - L.VarIter; 203 return D; 204} 205 206/// BlockScopePosPair - Structure for specifying position in CFG during its 207/// build process. It consists of CFGBlock that specifies position in CFG graph 208/// and LocalScope::const_iterator that specifies position in LocalScope graph. 209struct BlockScopePosPair { 210 BlockScopePosPair() : block(0) {} 211 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos) 212 : block(b), scopePosition(scopePos) {} 213 214 CFGBlock *block; 215 LocalScope::const_iterator scopePosition; 216}; 217 218/// TryResult - a class representing a variant over the values 219/// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool, 220/// and is used by the CFGBuilder to decide if a branch condition 221/// can be decided up front during CFG construction. 222class TryResult { 223 int X; 224public: 225 TryResult(bool b) : X(b ? 1 : 0) {} 226 TryResult() : X(-1) {} 227 228 bool isTrue() const { return X == 1; } 229 bool isFalse() const { return X == 0; } 230 bool isKnown() const { return X >= 0; } 231 void negate() { 232 assert(isKnown()); 233 X ^= 0x1; 234 } 235}; 236 237class reverse_children { 238 llvm::SmallVector<Stmt *, 12> childrenBuf; 239 ArrayRef<Stmt*> children; 240public: 241 reverse_children(Stmt *S); 242 243 typedef ArrayRef<Stmt*>::reverse_iterator iterator; 244 iterator begin() const { return children.rbegin(); } 245 iterator end() const { return children.rend(); } 246}; 247 248 249reverse_children::reverse_children(Stmt *S) { 250 if (CallExpr *CE = dyn_cast<CallExpr>(S)) { 251 children = CE->getRawSubExprs(); 252 return; 253 } 254 switch (S->getStmtClass()) { 255 // Note: Fill in this switch with more cases we want to optimize. 256 case Stmt::InitListExprClass: { 257 InitListExpr *IE = cast<InitListExpr>(S); 258 children = llvm::makeArrayRef(reinterpret_cast<Stmt**>(IE->getInits()), 259 IE->getNumInits()); 260 return; 261 } 262 default: 263 break; 264 } 265 266 // Default case for all other statements. 267 for (Stmt::child_range I = S->children(); I; ++I) { 268 childrenBuf.push_back(*I); 269 } 270 271 // This needs to be done *after* childrenBuf has been populated. 272 children = childrenBuf; 273} 274 275/// CFGBuilder - This class implements CFG construction from an AST. 276/// The builder is stateful: an instance of the builder should be used to only 277/// construct a single CFG. 278/// 279/// Example usage: 280/// 281/// CFGBuilder builder; 282/// CFG* cfg = builder.BuildAST(stmt1); 283/// 284/// CFG construction is done via a recursive walk of an AST. We actually parse 285/// the AST in reverse order so that the successor of a basic block is 286/// constructed prior to its predecessor. This allows us to nicely capture 287/// implicit fall-throughs without extra basic blocks. 288/// 289class CFGBuilder { 290 typedef BlockScopePosPair JumpTarget; 291 typedef BlockScopePosPair JumpSource; 292 293 ASTContext *Context; 294 OwningPtr<CFG> cfg; 295 296 CFGBlock *Block; 297 CFGBlock *Succ; 298 JumpTarget ContinueJumpTarget; 299 JumpTarget BreakJumpTarget; 300 CFGBlock *SwitchTerminatedBlock; 301 CFGBlock *DefaultCaseBlock; 302 CFGBlock *TryTerminatedBlock; 303 304 // Current position in local scope. 305 LocalScope::const_iterator ScopePos; 306 307 // LabelMap records the mapping from Label expressions to their jump targets. 308 typedef llvm::DenseMap<LabelDecl*, JumpTarget> LabelMapTy; 309 LabelMapTy LabelMap; 310 311 // A list of blocks that end with a "goto" that must be backpatched to their 312 // resolved targets upon completion of CFG construction. 313 typedef std::vector<JumpSource> BackpatchBlocksTy; 314 BackpatchBlocksTy BackpatchBlocks; 315 316 // A list of labels whose address has been taken (for indirect gotos). 317 typedef llvm::SmallPtrSet<LabelDecl*, 5> LabelSetTy; 318 LabelSetTy AddressTakenLabels; 319 320 bool badCFG; 321 const CFG::BuildOptions &BuildOpts; 322 323 // State to track for building switch statements. 324 bool switchExclusivelyCovered; 325 Expr::EvalResult *switchCond; 326 327 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry; 328 const Stmt *lastLookup; 329 330 // Caches boolean evaluations of expressions to avoid multiple re-evaluations 331 // during construction of branches for chained logical operators. 332 typedef llvm::DenseMap<Expr *, TryResult> CachedBoolEvalsTy; 333 CachedBoolEvalsTy CachedBoolEvals; 334 335public: 336 explicit CFGBuilder(ASTContext *astContext, 337 const CFG::BuildOptions &buildOpts) 338 : Context(astContext), cfg(new CFG()), // crew a new CFG 339 Block(NULL), Succ(NULL), 340 SwitchTerminatedBlock(NULL), DefaultCaseBlock(NULL), 341 TryTerminatedBlock(NULL), badCFG(false), BuildOpts(buildOpts), 342 switchExclusivelyCovered(false), switchCond(0), 343 cachedEntry(0), lastLookup(0) {} 344 345 // buildCFG - Used by external clients to construct the CFG. 346 CFG* buildCFG(const Decl *D, Stmt *Statement); 347 348 bool alwaysAdd(const Stmt *stmt); 349 350private: 351 // Visitors to walk an AST and construct the CFG. 352 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc); 353 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc); 354 CFGBlock *VisitBreakStmt(BreakStmt *B); 355 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc); 356 CFGBlock *VisitCaseStmt(CaseStmt *C); 357 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc); 358 CFGBlock *VisitCompoundStmt(CompoundStmt *C); 359 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C, 360 AddStmtChoice asc); 361 CFGBlock *VisitContinueStmt(ContinueStmt *C); 362 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 363 AddStmtChoice asc); 364 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S); 365 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc); 366 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S); 367 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 368 AddStmtChoice asc); 369 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 370 AddStmtChoice asc); 371 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T); 372 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S); 373 CFGBlock *VisitDeclStmt(DeclStmt *DS); 374 CFGBlock *VisitDeclSubExpr(DeclStmt *DS); 375 CFGBlock *VisitDefaultStmt(DefaultStmt *D); 376 CFGBlock *VisitDoStmt(DoStmt *D); 377 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E, AddStmtChoice asc); 378 CFGBlock *VisitForStmt(ForStmt *F); 379 CFGBlock *VisitGotoStmt(GotoStmt *G); 380 CFGBlock *VisitIfStmt(IfStmt *I); 381 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc); 382 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I); 383 CFGBlock *VisitLabelStmt(LabelStmt *L); 384 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc); 385 CFGBlock *VisitLogicalOperator(BinaryOperator *B); 386 std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B, 387 Stmt *Term, 388 CFGBlock *TrueBlock, 389 CFGBlock *FalseBlock); 390 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc); 391 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S); 392 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S); 393 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S); 394 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S); 395 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S); 396 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S); 397 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E); 398 CFGBlock *VisitReturnStmt(ReturnStmt *R); 399 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc); 400 CFGBlock *VisitSwitchStmt(SwitchStmt *S); 401 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 402 AddStmtChoice asc); 403 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc); 404 CFGBlock *VisitWhileStmt(WhileStmt *W); 405 406 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd); 407 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc); 408 CFGBlock *VisitChildren(Stmt *S); 409 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc); 410 411 // Visitors to walk an AST and generate destructors of temporaries in 412 // full expression. 413 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary = false); 414 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E); 415 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E); 416 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors(CXXBindTemporaryExpr *E, 417 bool BindToTemporary); 418 CFGBlock * 419 VisitConditionalOperatorForTemporaryDtors(AbstractConditionalOperator *E, 420 bool BindToTemporary); 421 422 // NYS == Not Yet Supported 423 CFGBlock *NYS() { 424 badCFG = true; 425 return Block; 426 } 427 428 void autoCreateBlock() { if (!Block) Block = createBlock(); } 429 CFGBlock *createBlock(bool add_successor = true); 430 CFGBlock *createNoReturnBlock(); 431 432 CFGBlock *addStmt(Stmt *S) { 433 return Visit(S, AddStmtChoice::AlwaysAdd); 434 } 435 CFGBlock *addInitializer(CXXCtorInitializer *I); 436 void addAutomaticObjDtors(LocalScope::const_iterator B, 437 LocalScope::const_iterator E, Stmt *S); 438 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD); 439 440 // Local scopes creation. 441 LocalScope* createOrReuseLocalScope(LocalScope* Scope); 442 443 void addLocalScopeForStmt(Stmt *S); 444 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, LocalScope* Scope = NULL); 445 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = NULL); 446 447 void addLocalScopeAndDtors(Stmt *S); 448 449 // Interface to CFGBlock - adding CFGElements. 450 void appendStmt(CFGBlock *B, const Stmt *S) { 451 if (alwaysAdd(S) && cachedEntry) 452 cachedEntry->second = B; 453 454 // All block-level expressions should have already been IgnoreParens()ed. 455 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S); 456 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext()); 457 } 458 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) { 459 B->appendInitializer(I, cfg->getBumpVectorContext()); 460 } 461 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) { 462 B->appendBaseDtor(BS, cfg->getBumpVectorContext()); 463 } 464 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) { 465 B->appendMemberDtor(FD, cfg->getBumpVectorContext()); 466 } 467 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) { 468 B->appendTemporaryDtor(E, cfg->getBumpVectorContext()); 469 } 470 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) { 471 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext()); 472 } 473 474 void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 475 LocalScope::const_iterator B, LocalScope::const_iterator E); 476 477 void addSuccessor(CFGBlock *B, CFGBlock *S) { 478 B->addSuccessor(S, cfg->getBumpVectorContext()); 479 } 480 481 /// Try and evaluate an expression to an integer constant. 482 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) { 483 if (!BuildOpts.PruneTriviallyFalseEdges) 484 return false; 485 return !S->isTypeDependent() && 486 !S->isValueDependent() && 487 S->EvaluateAsRValue(outResult, *Context); 488 } 489 490 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1 491 /// if we can evaluate to a known value, otherwise return -1. 492 TryResult tryEvaluateBool(Expr *S) { 493 if (!BuildOpts.PruneTriviallyFalseEdges || 494 S->isTypeDependent() || S->isValueDependent()) 495 return TryResult(); 496 497 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) { 498 if (Bop->isLogicalOp()) { 499 // Check the cache first. 500 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S); 501 if (I != CachedBoolEvals.end()) 502 return I->second; // already in map; 503 504 // Retrieve result at first, or the map might be updated. 505 TryResult Result = evaluateAsBooleanConditionNoCache(S); 506 CachedBoolEvals[S] = Result; // update or insert 507 return Result; 508 } 509 else { 510 switch (Bop->getOpcode()) { 511 default: break; 512 // For 'x & 0' and 'x * 0', we can determine that 513 // the value is always false. 514 case BO_Mul: 515 case BO_And: { 516 // If either operand is zero, we know the value 517 // must be false. 518 llvm::APSInt IntVal; 519 if (Bop->getLHS()->EvaluateAsInt(IntVal, *Context)) { 520 if (IntVal.getBoolValue() == false) { 521 return TryResult(false); 522 } 523 } 524 if (Bop->getRHS()->EvaluateAsInt(IntVal, *Context)) { 525 if (IntVal.getBoolValue() == false) { 526 return TryResult(false); 527 } 528 } 529 } 530 break; 531 } 532 } 533 } 534 535 return evaluateAsBooleanConditionNoCache(S); 536 } 537 538 /// \brief Evaluate as boolean \param E without using the cache. 539 TryResult evaluateAsBooleanConditionNoCache(Expr *E) { 540 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) { 541 if (Bop->isLogicalOp()) { 542 TryResult LHS = tryEvaluateBool(Bop->getLHS()); 543 if (LHS.isKnown()) { 544 // We were able to evaluate the LHS, see if we can get away with not 545 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1 546 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 547 return LHS.isTrue(); 548 549 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 550 if (RHS.isKnown()) { 551 if (Bop->getOpcode() == BO_LOr) 552 return LHS.isTrue() || RHS.isTrue(); 553 else 554 return LHS.isTrue() && RHS.isTrue(); 555 } 556 } else { 557 TryResult RHS = tryEvaluateBool(Bop->getRHS()); 558 if (RHS.isKnown()) { 559 // We can't evaluate the LHS; however, sometimes the result 560 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1. 561 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr)) 562 return RHS.isTrue(); 563 } 564 } 565 566 return TryResult(); 567 } 568 } 569 570 bool Result; 571 if (E->EvaluateAsBooleanCondition(Result, *Context)) 572 return Result; 573 574 return TryResult(); 575 } 576 577}; 578 579inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder, 580 const Stmt *stmt) const { 581 return builder.alwaysAdd(stmt) || kind == AlwaysAdd; 582} 583 584bool CFGBuilder::alwaysAdd(const Stmt *stmt) { 585 bool shouldAdd = BuildOpts.alwaysAdd(stmt); 586 587 if (!BuildOpts.forcedBlkExprs) 588 return shouldAdd; 589 590 if (lastLookup == stmt) { 591 if (cachedEntry) { 592 assert(cachedEntry->first == stmt); 593 return true; 594 } 595 return shouldAdd; 596 } 597 598 lastLookup = stmt; 599 600 // Perform the lookup! 601 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs; 602 603 if (!fb) { 604 // No need to update 'cachedEntry', since it will always be null. 605 assert(cachedEntry == 0); 606 return shouldAdd; 607 } 608 609 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt); 610 if (itr == fb->end()) { 611 cachedEntry = 0; 612 return shouldAdd; 613 } 614 615 cachedEntry = &*itr; 616 return true; 617} 618 619// FIXME: Add support for dependent-sized array types in C++? 620// Does it even make sense to build a CFG for an uninstantiated template? 621static const VariableArrayType *FindVA(const Type *t) { 622 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) { 623 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt)) 624 if (vat->getSizeExpr()) 625 return vat; 626 627 t = vt->getElementType().getTypePtr(); 628 } 629 630 return 0; 631} 632 633/// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an 634/// arbitrary statement. Examples include a single expression or a function 635/// body (compound statement). The ownership of the returned CFG is 636/// transferred to the caller. If CFG construction fails, this method returns 637/// NULL. 638CFG* CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) { 639 assert(cfg.get()); 640 if (!Statement) 641 return NULL; 642 643 // Create an empty block that will serve as the exit block for the CFG. Since 644 // this is the first block added to the CFG, it will be implicitly registered 645 // as the exit block. 646 Succ = createBlock(); 647 assert(Succ == &cfg->getExit()); 648 Block = NULL; // the EXIT block is empty. Create all other blocks lazily. 649 650 if (BuildOpts.AddImplicitDtors) 651 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D)) 652 addImplicitDtorsForDestructor(DD); 653 654 // Visit the statements and create the CFG. 655 CFGBlock *B = addStmt(Statement); 656 657 if (badCFG) 658 return NULL; 659 660 // For C++ constructor add initializers to CFG. 661 if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) { 662 for (CXXConstructorDecl::init_const_reverse_iterator I = CD->init_rbegin(), 663 E = CD->init_rend(); I != E; ++I) { 664 B = addInitializer(*I); 665 if (badCFG) 666 return NULL; 667 } 668 } 669 670 if (B) 671 Succ = B; 672 673 // Backpatch the gotos whose label -> block mappings we didn't know when we 674 // encountered them. 675 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(), 676 E = BackpatchBlocks.end(); I != E; ++I ) { 677 678 CFGBlock *B = I->block; 679 const GotoStmt *G = cast<GotoStmt>(B->getTerminator()); 680 LabelMapTy::iterator LI = LabelMap.find(G->getLabel()); 681 682 // If there is no target for the goto, then we are looking at an 683 // incomplete AST. Handle this by not registering a successor. 684 if (LI == LabelMap.end()) continue; 685 686 JumpTarget JT = LI->second; 687 prependAutomaticObjDtorsWithTerminator(B, I->scopePosition, 688 JT.scopePosition); 689 addSuccessor(B, JT.block); 690 } 691 692 // Add successors to the Indirect Goto Dispatch block (if we have one). 693 if (CFGBlock *B = cfg->getIndirectGotoBlock()) 694 for (LabelSetTy::iterator I = AddressTakenLabels.begin(), 695 E = AddressTakenLabels.end(); I != E; ++I ) { 696 697 // Lookup the target block. 698 LabelMapTy::iterator LI = LabelMap.find(*I); 699 700 // If there is no target block that contains label, then we are looking 701 // at an incomplete AST. Handle this by not registering a successor. 702 if (LI == LabelMap.end()) continue; 703 704 addSuccessor(B, LI->second.block); 705 } 706 707 // Create an empty entry block that has no predecessors. 708 cfg->setEntry(createBlock()); 709 710 return cfg.take(); 711} 712 713/// createBlock - Used to lazily create blocks that are connected 714/// to the current (global) succcessor. 715CFGBlock *CFGBuilder::createBlock(bool add_successor) { 716 CFGBlock *B = cfg->createBlock(); 717 if (add_successor && Succ) 718 addSuccessor(B, Succ); 719 return B; 720} 721 722/// createNoReturnBlock - Used to create a block is a 'noreturn' point in the 723/// CFG. It is *not* connected to the current (global) successor, and instead 724/// directly tied to the exit block in order to be reachable. 725CFGBlock *CFGBuilder::createNoReturnBlock() { 726 CFGBlock *B = createBlock(false); 727 B->setHasNoReturnElement(); 728 addSuccessor(B, &cfg->getExit()); 729 return B; 730} 731 732/// addInitializer - Add C++ base or member initializer element to CFG. 733CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) { 734 if (!BuildOpts.AddInitializers) 735 return Block; 736 737 bool IsReference = false; 738 bool HasTemporaries = false; 739 740 // Destructors of temporaries in initialization expression should be called 741 // after initialization finishes. 742 Expr *Init = I->getInit(); 743 if (Init) { 744 if (FieldDecl *FD = I->getAnyMember()) 745 IsReference = FD->getType()->isReferenceType(); 746 HasTemporaries = isa<ExprWithCleanups>(Init); 747 748 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 749 // Generate destructors for temporaries in initialization expression. 750 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 751 IsReference); 752 } 753 } 754 755 autoCreateBlock(); 756 appendInitializer(Block, I); 757 758 if (Init) { 759 if (HasTemporaries) { 760 // For expression with temporaries go directly to subexpression to omit 761 // generating destructors for the second time. 762 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr()); 763 } 764 return Visit(Init); 765 } 766 767 return Block; 768} 769 770/// \brief Retrieve the type of the temporary object whose lifetime was 771/// extended by a local reference with the given initializer. 772static QualType getReferenceInitTemporaryType(ASTContext &Context, 773 const Expr *Init) { 774 while (true) { 775 // Skip parentheses. 776 Init = Init->IgnoreParens(); 777 778 // Skip through cleanups. 779 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) { 780 Init = EWC->getSubExpr(); 781 continue; 782 } 783 784 // Skip through the temporary-materialization expression. 785 if (const MaterializeTemporaryExpr *MTE 786 = dyn_cast<MaterializeTemporaryExpr>(Init)) { 787 Init = MTE->GetTemporaryExpr(); 788 continue; 789 } 790 791 // Skip derived-to-base and no-op casts. 792 if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) { 793 if ((CE->getCastKind() == CK_DerivedToBase || 794 CE->getCastKind() == CK_UncheckedDerivedToBase || 795 CE->getCastKind() == CK_NoOp) && 796 Init->getType()->isRecordType()) { 797 Init = CE->getSubExpr(); 798 continue; 799 } 800 } 801 802 // Skip member accesses into rvalues. 803 if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) { 804 if (!ME->isArrow() && ME->getBase()->isRValue()) { 805 Init = ME->getBase(); 806 continue; 807 } 808 } 809 810 break; 811 } 812 813 return Init->getType(); 814} 815 816/// addAutomaticObjDtors - Add to current block automatic objects destructors 817/// for objects in range of local scope positions. Use S as trigger statement 818/// for destructors. 819void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B, 820 LocalScope::const_iterator E, Stmt *S) { 821 if (!BuildOpts.AddImplicitDtors) 822 return; 823 824 if (B == E) 825 return; 826 827 // We need to append the destructors in reverse order, but any one of them 828 // may be a no-return destructor which changes the CFG. As a result, buffer 829 // this sequence up and replay them in reverse order when appending onto the 830 // CFGBlock(s). 831 SmallVector<VarDecl*, 10> Decls; 832 Decls.reserve(B.distance(E)); 833 for (LocalScope::const_iterator I = B; I != E; ++I) 834 Decls.push_back(*I); 835 836 for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(), 837 E = Decls.rend(); 838 I != E; ++I) { 839 // If this destructor is marked as a no-return destructor, we need to 840 // create a new block for the destructor which does not have as a successor 841 // anything built thus far: control won't flow out of this block. 842 QualType Ty = (*I)->getType(); 843 if (Ty->isReferenceType()) { 844 Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit()); 845 } 846 Ty = Context->getBaseElementType(Ty); 847 848 const CXXDestructorDecl *Dtor = Ty->getAsCXXRecordDecl()->getDestructor(); 849 if (Dtor->isNoReturn()) 850 Block = createNoReturnBlock(); 851 else 852 autoCreateBlock(); 853 854 appendAutomaticObjDtor(Block, *I, S); 855 } 856} 857 858/// addImplicitDtorsForDestructor - Add implicit destructors generated for 859/// base and member objects in destructor. 860void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) { 861 assert (BuildOpts.AddImplicitDtors 862 && "Can be called only when dtors should be added"); 863 const CXXRecordDecl *RD = DD->getParent(); 864 865 // At the end destroy virtual base objects. 866 for (CXXRecordDecl::base_class_const_iterator VI = RD->vbases_begin(), 867 VE = RD->vbases_end(); VI != VE; ++VI) { 868 const CXXRecordDecl *CD = VI->getType()->getAsCXXRecordDecl(); 869 if (!CD->hasTrivialDestructor()) { 870 autoCreateBlock(); 871 appendBaseDtor(Block, VI); 872 } 873 } 874 875 // Before virtual bases destroy direct base objects. 876 for (CXXRecordDecl::base_class_const_iterator BI = RD->bases_begin(), 877 BE = RD->bases_end(); BI != BE; ++BI) { 878 if (!BI->isVirtual()) { 879 const CXXRecordDecl *CD = BI->getType()->getAsCXXRecordDecl(); 880 if (!CD->hasTrivialDestructor()) { 881 autoCreateBlock(); 882 appendBaseDtor(Block, BI); 883 } 884 } 885 } 886 887 // First destroy member objects. 888 for (CXXRecordDecl::field_iterator FI = RD->field_begin(), 889 FE = RD->field_end(); FI != FE; ++FI) { 890 // Check for constant size array. Set type to array element type. 891 QualType QT = FI->getType(); 892 if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 893 if (AT->getSize() == 0) 894 continue; 895 QT = AT->getElementType(); 896 } 897 898 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 899 if (!CD->hasTrivialDestructor()) { 900 autoCreateBlock(); 901 appendMemberDtor(Block, *FI); 902 } 903 } 904} 905 906/// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either 907/// way return valid LocalScope object. 908LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) { 909 if (!Scope) { 910 llvm::BumpPtrAllocator &alloc = cfg->getAllocator(); 911 Scope = alloc.Allocate<LocalScope>(); 912 BumpVectorContext ctx(alloc); 913 new (Scope) LocalScope(ctx, ScopePos); 914 } 915 return Scope; 916} 917 918/// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement 919/// that should create implicit scope (e.g. if/else substatements). 920void CFGBuilder::addLocalScopeForStmt(Stmt *S) { 921 if (!BuildOpts.AddImplicitDtors) 922 return; 923 924 LocalScope *Scope = 0; 925 926 // For compound statement we will be creating explicit scope. 927 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) { 928 for (CompoundStmt::body_iterator BI = CS->body_begin(), BE = CS->body_end() 929 ; BI != BE; ++BI) { 930 Stmt *SI = (*BI)->stripLabelLikeStatements(); 931 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI)) 932 Scope = addLocalScopeForDeclStmt(DS, Scope); 933 } 934 return; 935 } 936 937 // For any other statement scope will be implicit and as such will be 938 // interesting only for DeclStmt. 939 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements())) 940 addLocalScopeForDeclStmt(DS); 941} 942 943/// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will 944/// reuse Scope if not NULL. 945LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS, 946 LocalScope* Scope) { 947 if (!BuildOpts.AddImplicitDtors) 948 return Scope; 949 950 for (DeclStmt::decl_iterator DI = DS->decl_begin(), DE = DS->decl_end() 951 ; DI != DE; ++DI) { 952 if (VarDecl *VD = dyn_cast<VarDecl>(*DI)) 953 Scope = addLocalScopeForVarDecl(VD, Scope); 954 } 955 return Scope; 956} 957 958/// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will 959/// create add scope for automatic objects and temporary objects bound to 960/// const reference. Will reuse Scope if not NULL. 961LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD, 962 LocalScope* Scope) { 963 if (!BuildOpts.AddImplicitDtors) 964 return Scope; 965 966 // Check if variable is local. 967 switch (VD->getStorageClass()) { 968 case SC_None: 969 case SC_Auto: 970 case SC_Register: 971 break; 972 default: return Scope; 973 } 974 975 // Check for const references bound to temporary. Set type to pointee. 976 QualType QT = VD->getType(); 977 if (QT.getTypePtr()->isReferenceType()) { 978 // Attempt to determine whether this declaration lifetime-extends a 979 // temporary. 980 // 981 // FIXME: This is incorrect. Non-reference declarations can lifetime-extend 982 // temporaries, and a single declaration can extend multiple temporaries. 983 // We should look at the storage duration on each nested 984 // MaterializeTemporaryExpr instead. 985 const Expr *Init = VD->getInit(); 986 if (!Init) 987 return Scope; 988 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) 989 Init = EWC->getSubExpr(); 990 if (!isa<MaterializeTemporaryExpr>(Init)) 991 return Scope; 992 993 // Lifetime-extending a temporary. 994 QT = getReferenceInitTemporaryType(*Context, Init); 995 } 996 997 // Check for constant size array. Set type to array element type. 998 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) { 999 if (AT->getSize() == 0) 1000 return Scope; 1001 QT = AT->getElementType(); 1002 } 1003 1004 // Check if type is a C++ class with non-trivial destructor. 1005 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl()) 1006 if (!CD->hasTrivialDestructor()) { 1007 // Add the variable to scope 1008 Scope = createOrReuseLocalScope(Scope); 1009 Scope->addVar(VD); 1010 ScopePos = Scope->begin(); 1011 } 1012 return Scope; 1013} 1014 1015/// addLocalScopeAndDtors - For given statement add local scope for it and 1016/// add destructors that will cleanup the scope. Will reuse Scope if not NULL. 1017void CFGBuilder::addLocalScopeAndDtors(Stmt *S) { 1018 if (!BuildOpts.AddImplicitDtors) 1019 return; 1020 1021 LocalScope::const_iterator scopeBeginPos = ScopePos; 1022 addLocalScopeForStmt(S); 1023 addAutomaticObjDtors(ScopePos, scopeBeginPos, S); 1024} 1025 1026/// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for 1027/// variables with automatic storage duration to CFGBlock's elements vector. 1028/// Elements will be prepended to physical beginning of the vector which 1029/// happens to be logical end. Use blocks terminator as statement that specifies 1030/// destructors call site. 1031/// FIXME: This mechanism for adding automatic destructors doesn't handle 1032/// no-return destructors properly. 1033void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk, 1034 LocalScope::const_iterator B, LocalScope::const_iterator E) { 1035 BumpVectorContext &C = cfg->getBumpVectorContext(); 1036 CFGBlock::iterator InsertPos 1037 = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C); 1038 for (LocalScope::const_iterator I = B; I != E; ++I) 1039 InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I, 1040 Blk->getTerminator()); 1041} 1042 1043/// Visit - Walk the subtree of a statement and add extra 1044/// blocks for ternary operators, &&, and ||. We also process "," and 1045/// DeclStmts (which may contain nested control-flow). 1046CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) { 1047 if (!S) { 1048 badCFG = true; 1049 return 0; 1050 } 1051 1052 if (Expr *E = dyn_cast<Expr>(S)) 1053 S = E->IgnoreParens(); 1054 1055 switch (S->getStmtClass()) { 1056 default: 1057 return VisitStmt(S, asc); 1058 1059 case Stmt::AddrLabelExprClass: 1060 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc); 1061 1062 case Stmt::BinaryConditionalOperatorClass: 1063 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc); 1064 1065 case Stmt::BinaryOperatorClass: 1066 return VisitBinaryOperator(cast<BinaryOperator>(S), asc); 1067 1068 case Stmt::BlockExprClass: 1069 return VisitNoRecurse(cast<Expr>(S), asc); 1070 1071 case Stmt::BreakStmtClass: 1072 return VisitBreakStmt(cast<BreakStmt>(S)); 1073 1074 case Stmt::CallExprClass: 1075 case Stmt::CXXOperatorCallExprClass: 1076 case Stmt::CXXMemberCallExprClass: 1077 case Stmt::UserDefinedLiteralClass: 1078 return VisitCallExpr(cast<CallExpr>(S), asc); 1079 1080 case Stmt::CaseStmtClass: 1081 return VisitCaseStmt(cast<CaseStmt>(S)); 1082 1083 case Stmt::ChooseExprClass: 1084 return VisitChooseExpr(cast<ChooseExpr>(S), asc); 1085 1086 case Stmt::CompoundStmtClass: 1087 return VisitCompoundStmt(cast<CompoundStmt>(S)); 1088 1089 case Stmt::ConditionalOperatorClass: 1090 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc); 1091 1092 case Stmt::ContinueStmtClass: 1093 return VisitContinueStmt(cast<ContinueStmt>(S)); 1094 1095 case Stmt::CXXCatchStmtClass: 1096 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S)); 1097 1098 case Stmt::ExprWithCleanupsClass: 1099 return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc); 1100 1101 case Stmt::CXXDefaultArgExprClass: 1102 case Stmt::CXXDefaultInitExprClass: 1103 // FIXME: The expression inside a CXXDefaultArgExpr is owned by the 1104 // called function's declaration, not by the caller. If we simply add 1105 // this expression to the CFG, we could end up with the same Expr 1106 // appearing multiple times. 1107 // PR13385 / <rdar://problem/12156507> 1108 // 1109 // It's likewise possible for multiple CXXDefaultInitExprs for the same 1110 // expression to be used in the same function (through aggregate 1111 // initialization). 1112 return VisitStmt(S, asc); 1113 1114 case Stmt::CXXBindTemporaryExprClass: 1115 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc); 1116 1117 case Stmt::CXXConstructExprClass: 1118 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc); 1119 1120 case Stmt::CXXFunctionalCastExprClass: 1121 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc); 1122 1123 case Stmt::CXXTemporaryObjectExprClass: 1124 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc); 1125 1126 case Stmt::CXXThrowExprClass: 1127 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S)); 1128 1129 case Stmt::CXXTryStmtClass: 1130 return VisitCXXTryStmt(cast<CXXTryStmt>(S)); 1131 1132 case Stmt::CXXForRangeStmtClass: 1133 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S)); 1134 1135 case Stmt::DeclStmtClass: 1136 return VisitDeclStmt(cast<DeclStmt>(S)); 1137 1138 case Stmt::DefaultStmtClass: 1139 return VisitDefaultStmt(cast<DefaultStmt>(S)); 1140 1141 case Stmt::DoStmtClass: 1142 return VisitDoStmt(cast<DoStmt>(S)); 1143 1144 case Stmt::ForStmtClass: 1145 return VisitForStmt(cast<ForStmt>(S)); 1146 1147 case Stmt::GotoStmtClass: 1148 return VisitGotoStmt(cast<GotoStmt>(S)); 1149 1150 case Stmt::IfStmtClass: 1151 return VisitIfStmt(cast<IfStmt>(S)); 1152 1153 case Stmt::ImplicitCastExprClass: 1154 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc); 1155 1156 case Stmt::IndirectGotoStmtClass: 1157 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S)); 1158 1159 case Stmt::LabelStmtClass: 1160 return VisitLabelStmt(cast<LabelStmt>(S)); 1161 1162 case Stmt::LambdaExprClass: 1163 return VisitLambdaExpr(cast<LambdaExpr>(S), asc); 1164 1165 case Stmt::MemberExprClass: 1166 return VisitMemberExpr(cast<MemberExpr>(S), asc); 1167 1168 case Stmt::NullStmtClass: 1169 return Block; 1170 1171 case Stmt::ObjCAtCatchStmtClass: 1172 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S)); 1173 1174 case Stmt::ObjCAutoreleasePoolStmtClass: 1175 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S)); 1176 1177 case Stmt::ObjCAtSynchronizedStmtClass: 1178 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S)); 1179 1180 case Stmt::ObjCAtThrowStmtClass: 1181 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S)); 1182 1183 case Stmt::ObjCAtTryStmtClass: 1184 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S)); 1185 1186 case Stmt::ObjCForCollectionStmtClass: 1187 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S)); 1188 1189 case Stmt::OpaqueValueExprClass: 1190 return Block; 1191 1192 case Stmt::PseudoObjectExprClass: 1193 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S)); 1194 1195 case Stmt::ReturnStmtClass: 1196 return VisitReturnStmt(cast<ReturnStmt>(S)); 1197 1198 case Stmt::UnaryExprOrTypeTraitExprClass: 1199 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S), 1200 asc); 1201 1202 case Stmt::StmtExprClass: 1203 return VisitStmtExpr(cast<StmtExpr>(S), asc); 1204 1205 case Stmt::SwitchStmtClass: 1206 return VisitSwitchStmt(cast<SwitchStmt>(S)); 1207 1208 case Stmt::UnaryOperatorClass: 1209 return VisitUnaryOperator(cast<UnaryOperator>(S), asc); 1210 1211 case Stmt::WhileStmtClass: 1212 return VisitWhileStmt(cast<WhileStmt>(S)); 1213 } 1214} 1215 1216CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) { 1217 if (asc.alwaysAdd(*this, S)) { 1218 autoCreateBlock(); 1219 appendStmt(Block, S); 1220 } 1221 1222 return VisitChildren(S); 1223} 1224 1225/// VisitChildren - Visit the children of a Stmt. 1226CFGBlock *CFGBuilder::VisitChildren(Stmt *S) { 1227 CFGBlock *B = Block; 1228 1229 // Visit the children in their reverse order so that they appear in 1230 // left-to-right (natural) order in the CFG. 1231 reverse_children RChildren(S); 1232 for (reverse_children::iterator I = RChildren.begin(), E = RChildren.end(); 1233 I != E; ++I) { 1234 if (Stmt *Child = *I) 1235 if (CFGBlock *R = Visit(Child)) 1236 B = R; 1237 } 1238 return B; 1239} 1240 1241CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A, 1242 AddStmtChoice asc) { 1243 AddressTakenLabels.insert(A->getLabel()); 1244 1245 if (asc.alwaysAdd(*this, A)) { 1246 autoCreateBlock(); 1247 appendStmt(Block, A); 1248 } 1249 1250 return Block; 1251} 1252 1253CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, 1254 AddStmtChoice asc) { 1255 if (asc.alwaysAdd(*this, U)) { 1256 autoCreateBlock(); 1257 appendStmt(Block, U); 1258 } 1259 1260 return Visit(U->getSubExpr(), AddStmtChoice()); 1261} 1262 1263CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) { 1264 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1265 appendStmt(ConfluenceBlock, B); 1266 1267 if (badCFG) 1268 return 0; 1269 1270 return VisitLogicalOperator(B, 0, ConfluenceBlock, ConfluenceBlock).first; 1271} 1272 1273std::pair<CFGBlock*, CFGBlock*> 1274CFGBuilder::VisitLogicalOperator(BinaryOperator *B, 1275 Stmt *Term, 1276 CFGBlock *TrueBlock, 1277 CFGBlock *FalseBlock) { 1278 1279 // Introspect the RHS. If it is a nested logical operation, we recursively 1280 // build the CFG using this function. Otherwise, resort to default 1281 // CFG construction behavior. 1282 Expr *RHS = B->getRHS()->IgnoreParens(); 1283 CFGBlock *RHSBlock, *ExitBlock; 1284 1285 do { 1286 if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS)) 1287 if (B_RHS->isLogicalOp()) { 1288 llvm::tie(RHSBlock, ExitBlock) = 1289 VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock); 1290 break; 1291 } 1292 1293 // The RHS is not a nested logical operation. Don't push the terminator 1294 // down further, but instead visit RHS and construct the respective 1295 // pieces of the CFG, and link up the RHSBlock with the terminator 1296 // we have been provided. 1297 ExitBlock = RHSBlock = createBlock(false); 1298 1299 if (!Term) { 1300 assert(TrueBlock == FalseBlock); 1301 addSuccessor(RHSBlock, TrueBlock); 1302 } 1303 else { 1304 RHSBlock->setTerminator(Term); 1305 TryResult KnownVal = tryEvaluateBool(RHS); 1306 addSuccessor(RHSBlock, KnownVal.isFalse() ? NULL : TrueBlock); 1307 addSuccessor(RHSBlock, KnownVal.isTrue() ? NULL : FalseBlock); 1308 } 1309 1310 Block = RHSBlock; 1311 RHSBlock = addStmt(RHS); 1312 } 1313 while (false); 1314 1315 if (badCFG) 1316 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1317 1318 // Generate the blocks for evaluating the LHS. 1319 Expr *LHS = B->getLHS()->IgnoreParens(); 1320 1321 if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS)) 1322 if (B_LHS->isLogicalOp()) { 1323 if (B->getOpcode() == BO_LOr) 1324 FalseBlock = RHSBlock; 1325 else 1326 TrueBlock = RHSBlock; 1327 1328 // For the LHS, treat 'B' as the terminator that we want to sink 1329 // into the nested branch. The RHS always gets the top-most 1330 // terminator. 1331 return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock); 1332 } 1333 1334 // Create the block evaluating the LHS. 1335 // This contains the '&&' or '||' as the terminator. 1336 CFGBlock *LHSBlock = createBlock(false); 1337 LHSBlock->setTerminator(B); 1338 1339 Block = LHSBlock; 1340 CFGBlock *EntryLHSBlock = addStmt(LHS); 1341 1342 if (badCFG) 1343 return std::make_pair((CFGBlock*)0, (CFGBlock*)0); 1344 1345 // See if this is a known constant. 1346 TryResult KnownVal = tryEvaluateBool(LHS); 1347 1348 // Now link the LHSBlock with RHSBlock. 1349 if (B->getOpcode() == BO_LOr) { 1350 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : TrueBlock); 1351 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : RHSBlock); 1352 } else { 1353 assert(B->getOpcode() == BO_LAnd); 1354 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 1355 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : FalseBlock); 1356 } 1357 1358 return std::make_pair(EntryLHSBlock, ExitBlock); 1359} 1360 1361 1362CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B, 1363 AddStmtChoice asc) { 1364 // && or || 1365 if (B->isLogicalOp()) 1366 return VisitLogicalOperator(B); 1367 1368 if (B->getOpcode() == BO_Comma) { // , 1369 autoCreateBlock(); 1370 appendStmt(Block, B); 1371 addStmt(B->getRHS()); 1372 return addStmt(B->getLHS()); 1373 } 1374 1375 if (B->isAssignmentOp()) { 1376 if (asc.alwaysAdd(*this, B)) { 1377 autoCreateBlock(); 1378 appendStmt(Block, B); 1379 } 1380 Visit(B->getLHS()); 1381 return Visit(B->getRHS()); 1382 } 1383 1384 if (asc.alwaysAdd(*this, B)) { 1385 autoCreateBlock(); 1386 appendStmt(Block, B); 1387 } 1388 1389 CFGBlock *RBlock = Visit(B->getRHS()); 1390 CFGBlock *LBlock = Visit(B->getLHS()); 1391 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr 1392 // containing a DoStmt, and the LHS doesn't create a new block, then we should 1393 // return RBlock. Otherwise we'll incorrectly return NULL. 1394 return (LBlock ? LBlock : RBlock); 1395} 1396 1397CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) { 1398 if (asc.alwaysAdd(*this, E)) { 1399 autoCreateBlock(); 1400 appendStmt(Block, E); 1401 } 1402 return Block; 1403} 1404 1405CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) { 1406 // "break" is a control-flow statement. Thus we stop processing the current 1407 // block. 1408 if (badCFG) 1409 return 0; 1410 1411 // Now create a new block that ends with the break statement. 1412 Block = createBlock(false); 1413 Block->setTerminator(B); 1414 1415 // If there is no target for the break, then we are looking at an incomplete 1416 // AST. This means that the CFG cannot be constructed. 1417 if (BreakJumpTarget.block) { 1418 addAutomaticObjDtors(ScopePos, BreakJumpTarget.scopePosition, B); 1419 addSuccessor(Block, BreakJumpTarget.block); 1420 } else 1421 badCFG = true; 1422 1423 1424 return Block; 1425} 1426 1427static bool CanThrow(Expr *E, ASTContext &Ctx) { 1428 QualType Ty = E->getType(); 1429 if (Ty->isFunctionPointerType()) 1430 Ty = Ty->getAs<PointerType>()->getPointeeType(); 1431 else if (Ty->isBlockPointerType()) 1432 Ty = Ty->getAs<BlockPointerType>()->getPointeeType(); 1433 1434 const FunctionType *FT = Ty->getAs<FunctionType>(); 1435 if (FT) { 1436 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT)) 1437 if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) && 1438 Proto->isNothrow(Ctx)) 1439 return false; 1440 } 1441 return true; 1442} 1443 1444CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) { 1445 // Compute the callee type. 1446 QualType calleeType = C->getCallee()->getType(); 1447 if (calleeType == Context->BoundMemberTy) { 1448 QualType boundType = Expr::findBoundMemberType(C->getCallee()); 1449 1450 // We should only get a null bound type if processing a dependent 1451 // CFG. Recover by assuming nothing. 1452 if (!boundType.isNull()) calleeType = boundType; 1453 } 1454 1455 // If this is a call to a no-return function, this stops the block here. 1456 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn(); 1457 1458 bool AddEHEdge = false; 1459 1460 // Languages without exceptions are assumed to not throw. 1461 if (Context->getLangOpts().Exceptions) { 1462 if (BuildOpts.AddEHEdges) 1463 AddEHEdge = true; 1464 } 1465 1466 // If this is a call to a builtin function, it might not actually evaluate 1467 // its arguments. Don't add them to the CFG if this is the case. 1468 bool OmitArguments = false; 1469 1470 if (FunctionDecl *FD = C->getDirectCallee()) { 1471 if (FD->isNoReturn()) 1472 NoReturn = true; 1473 if (FD->hasAttr<NoThrowAttr>()) 1474 AddEHEdge = false; 1475 if (FD->getBuiltinID() == Builtin::BI__builtin_object_size) 1476 OmitArguments = true; 1477 } 1478 1479 if (!CanThrow(C->getCallee(), *Context)) 1480 AddEHEdge = false; 1481 1482 if (OmitArguments) { 1483 assert(!NoReturn && "noreturn calls with unevaluated args not implemented"); 1484 assert(!AddEHEdge && "EH calls with unevaluated args not implemented"); 1485 autoCreateBlock(); 1486 appendStmt(Block, C); 1487 return Visit(C->getCallee()); 1488 } 1489 1490 if (!NoReturn && !AddEHEdge) { 1491 return VisitStmt(C, asc.withAlwaysAdd(true)); 1492 } 1493 1494 if (Block) { 1495 Succ = Block; 1496 if (badCFG) 1497 return 0; 1498 } 1499 1500 if (NoReturn) 1501 Block = createNoReturnBlock(); 1502 else 1503 Block = createBlock(); 1504 1505 appendStmt(Block, C); 1506 1507 if (AddEHEdge) { 1508 // Add exceptional edges. 1509 if (TryTerminatedBlock) 1510 addSuccessor(Block, TryTerminatedBlock); 1511 else 1512 addSuccessor(Block, &cfg->getExit()); 1513 } 1514 1515 return VisitChildren(C); 1516} 1517 1518CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C, 1519 AddStmtChoice asc) { 1520 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1521 appendStmt(ConfluenceBlock, C); 1522 if (badCFG) 1523 return 0; 1524 1525 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1526 Succ = ConfluenceBlock; 1527 Block = NULL; 1528 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd); 1529 if (badCFG) 1530 return 0; 1531 1532 Succ = ConfluenceBlock; 1533 Block = NULL; 1534 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd); 1535 if (badCFG) 1536 return 0; 1537 1538 Block = createBlock(false); 1539 // See if this is a known constant. 1540 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1541 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1542 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1543 Block->setTerminator(C); 1544 return addStmt(C->getCond()); 1545} 1546 1547 1548CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) { 1549 addLocalScopeAndDtors(C); 1550 CFGBlock *LastBlock = Block; 1551 1552 for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend(); 1553 I != E; ++I ) { 1554 // If we hit a segment of code just containing ';' (NullStmts), we can 1555 // get a null block back. In such cases, just use the LastBlock 1556 if (CFGBlock *newBlock = addStmt(*I)) 1557 LastBlock = newBlock; 1558 1559 if (badCFG) 1560 return NULL; 1561 } 1562 1563 return LastBlock; 1564} 1565 1566CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C, 1567 AddStmtChoice asc) { 1568 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C); 1569 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : NULL); 1570 1571 // Create the confluence block that will "merge" the results of the ternary 1572 // expression. 1573 CFGBlock *ConfluenceBlock = Block ? Block : createBlock(); 1574 appendStmt(ConfluenceBlock, C); 1575 if (badCFG) 1576 return 0; 1577 1578 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true); 1579 1580 // Create a block for the LHS expression if there is an LHS expression. A 1581 // GCC extension allows LHS to be NULL, causing the condition to be the 1582 // value that is returned instead. 1583 // e.g: x ?: y is shorthand for: x ? x : y; 1584 Succ = ConfluenceBlock; 1585 Block = NULL; 1586 CFGBlock *LHSBlock = 0; 1587 const Expr *trueExpr = C->getTrueExpr(); 1588 if (trueExpr != opaqueValue) { 1589 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd); 1590 if (badCFG) 1591 return 0; 1592 Block = NULL; 1593 } 1594 else 1595 LHSBlock = ConfluenceBlock; 1596 1597 // Create the block for the RHS expression. 1598 Succ = ConfluenceBlock; 1599 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd); 1600 if (badCFG) 1601 return 0; 1602 1603 // If the condition is a logical '&&' or '||', build a more accurate CFG. 1604 if (BinaryOperator *Cond = 1605 dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens())) 1606 if (Cond->isLogicalOp()) 1607 return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first; 1608 1609 // Create the block that will contain the condition. 1610 Block = createBlock(false); 1611 1612 // See if this is a known constant. 1613 const TryResult& KnownVal = tryEvaluateBool(C->getCond()); 1614 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 1615 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 1616 Block->setTerminator(C); 1617 Expr *condExpr = C->getCond(); 1618 1619 if (opaqueValue) { 1620 // Run the condition expression if it's not trivially expressed in 1621 // terms of the opaque value (or if there is no opaque value). 1622 if (condExpr != opaqueValue) 1623 addStmt(condExpr); 1624 1625 // Before that, run the common subexpression if there was one. 1626 // At least one of this or the above will be run. 1627 return addStmt(BCO->getCommon()); 1628 } 1629 1630 return addStmt(condExpr); 1631} 1632 1633CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) { 1634 // Check if the Decl is for an __label__. If so, elide it from the 1635 // CFG entirely. 1636 if (isa<LabelDecl>(*DS->decl_begin())) 1637 return Block; 1638 1639 // This case also handles static_asserts. 1640 if (DS->isSingleDecl()) 1641 return VisitDeclSubExpr(DS); 1642 1643 CFGBlock *B = 0; 1644 1645 // Build an individual DeclStmt for each decl. 1646 for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(), 1647 E = DS->decl_rend(); 1648 I != E; ++I) { 1649 // Get the alignment of the new DeclStmt, padding out to >=8 bytes. 1650 unsigned A = llvm::AlignOf<DeclStmt>::Alignment < 8 1651 ? 8 : llvm::AlignOf<DeclStmt>::Alignment; 1652 1653 // Allocate the DeclStmt using the BumpPtrAllocator. It will get 1654 // automatically freed with the CFG. 1655 DeclGroupRef DG(*I); 1656 Decl *D = *I; 1657 void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A); 1658 DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D)); 1659 cfg->addSyntheticDeclStmt(DSNew, DS); 1660 1661 // Append the fake DeclStmt to block. 1662 B = VisitDeclSubExpr(DSNew); 1663 } 1664 1665 return B; 1666} 1667 1668/// VisitDeclSubExpr - Utility method to add block-level expressions for 1669/// DeclStmts and initializers in them. 1670CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) { 1671 assert(DS->isSingleDecl() && "Can handle single declarations only."); 1672 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); 1673 1674 if (!VD) { 1675 // Of everything that can be declared in a DeclStmt, only VarDecls impact 1676 // runtime semantics. 1677 return Block; 1678 } 1679 1680 bool IsReference = false; 1681 bool HasTemporaries = false; 1682 1683 // Guard static initializers under a branch. 1684 CFGBlock *blockAfterStaticInit = 0; 1685 1686 if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) { 1687 // For static variables, we need to create a branch to track 1688 // whether or not they are initialized. 1689 if (Block) { 1690 Succ = Block; 1691 Block = 0; 1692 if (badCFG) 1693 return 0; 1694 } 1695 blockAfterStaticInit = Succ; 1696 } 1697 1698 // Destructors of temporaries in initialization expression should be called 1699 // after initialization finishes. 1700 Expr *Init = VD->getInit(); 1701 if (Init) { 1702 IsReference = VD->getType()->isReferenceType(); 1703 HasTemporaries = isa<ExprWithCleanups>(Init); 1704 1705 if (BuildOpts.AddTemporaryDtors && HasTemporaries) { 1706 // Generate destructors for temporaries in initialization expression. 1707 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(), 1708 IsReference); 1709 } 1710 } 1711 1712 autoCreateBlock(); 1713 appendStmt(Block, DS); 1714 1715 // Keep track of the last non-null block, as 'Block' can be nulled out 1716 // if the initializer expression is something like a 'while' in a 1717 // statement-expression. 1718 CFGBlock *LastBlock = Block; 1719 1720 if (Init) { 1721 if (HasTemporaries) { 1722 // For expression with temporaries go directly to subexpression to omit 1723 // generating destructors for the second time. 1724 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init); 1725 if (CFGBlock *newBlock = Visit(EC->getSubExpr())) 1726 LastBlock = newBlock; 1727 } 1728 else { 1729 if (CFGBlock *newBlock = Visit(Init)) 1730 LastBlock = newBlock; 1731 } 1732 } 1733 1734 // If the type of VD is a VLA, then we must process its size expressions. 1735 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr()); 1736 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) { 1737 if (CFGBlock *newBlock = addStmt(VA->getSizeExpr())) 1738 LastBlock = newBlock; 1739 } 1740 1741 // Remove variable from local scope. 1742 if (ScopePos && VD == *ScopePos) 1743 ++ScopePos; 1744 1745 CFGBlock *B = LastBlock; 1746 if (blockAfterStaticInit) { 1747 Succ = B; 1748 Block = createBlock(false); 1749 Block->setTerminator(DS); 1750 addSuccessor(Block, blockAfterStaticInit); 1751 addSuccessor(Block, B); 1752 B = Block; 1753 } 1754 1755 return B; 1756} 1757 1758CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) { 1759 // We may see an if statement in the middle of a basic block, or it may be the 1760 // first statement we are processing. In either case, we create a new basic 1761 // block. First, we create the blocks for the then...else statements, and 1762 // then we create the block containing the if statement. If we were in the 1763 // middle of a block, we stop processing that block. That block is then the 1764 // implicit successor for the "then" and "else" clauses. 1765 1766 // Save local scope position because in case of condition variable ScopePos 1767 // won't be restored when traversing AST. 1768 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1769 1770 // Create local scope for possible condition variable. 1771 // Store scope position. Add implicit destructor. 1772 if (VarDecl *VD = I->getConditionVariable()) { 1773 LocalScope::const_iterator BeginScopePos = ScopePos; 1774 addLocalScopeForVarDecl(VD); 1775 addAutomaticObjDtors(ScopePos, BeginScopePos, I); 1776 } 1777 1778 // The block we were processing is now finished. Make it the successor 1779 // block. 1780 if (Block) { 1781 Succ = Block; 1782 if (badCFG) 1783 return 0; 1784 } 1785 1786 // Process the false branch. 1787 CFGBlock *ElseBlock = Succ; 1788 1789 if (Stmt *Else = I->getElse()) { 1790 SaveAndRestore<CFGBlock*> sv(Succ); 1791 1792 // NULL out Block so that the recursive call to Visit will 1793 // create a new basic block. 1794 Block = NULL; 1795 1796 // If branch is not a compound statement create implicit scope 1797 // and add destructors. 1798 if (!isa<CompoundStmt>(Else)) 1799 addLocalScopeAndDtors(Else); 1800 1801 ElseBlock = addStmt(Else); 1802 1803 if (!ElseBlock) // Can occur when the Else body has all NullStmts. 1804 ElseBlock = sv.get(); 1805 else if (Block) { 1806 if (badCFG) 1807 return 0; 1808 } 1809 } 1810 1811 // Process the true branch. 1812 CFGBlock *ThenBlock; 1813 { 1814 Stmt *Then = I->getThen(); 1815 assert(Then); 1816 SaveAndRestore<CFGBlock*> sv(Succ); 1817 Block = NULL; 1818 1819 // If branch is not a compound statement create implicit scope 1820 // and add destructors. 1821 if (!isa<CompoundStmt>(Then)) 1822 addLocalScopeAndDtors(Then); 1823 1824 ThenBlock = addStmt(Then); 1825 1826 if (!ThenBlock) { 1827 // We can reach here if the "then" body has all NullStmts. 1828 // Create an empty block so we can distinguish between true and false 1829 // branches in path-sensitive analyses. 1830 ThenBlock = createBlock(false); 1831 addSuccessor(ThenBlock, sv.get()); 1832 } else if (Block) { 1833 if (badCFG) 1834 return 0; 1835 } 1836 } 1837 1838 // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by 1839 // having these handle the actual control-flow jump. Note that 1840 // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)" 1841 // we resort to the old control-flow behavior. This special handling 1842 // removes infeasible paths from the control-flow graph by having the 1843 // control-flow transfer of '&&' or '||' go directly into the then/else 1844 // blocks directly. 1845 if (!I->getConditionVariable()) 1846 if (BinaryOperator *Cond = 1847 dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens())) 1848 if (Cond->isLogicalOp()) 1849 return VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first; 1850 1851 // Now create a new block containing the if statement. 1852 Block = createBlock(false); 1853 1854 // Set the terminator of the new block to the If statement. 1855 Block->setTerminator(I); 1856 1857 // See if this is a known constant. 1858 const TryResult &KnownVal = tryEvaluateBool(I->getCond()); 1859 1860 // Now add the successors. 1861 addSuccessor(Block, KnownVal.isFalse() ? NULL : ThenBlock); 1862 addSuccessor(Block, KnownVal.isTrue()? NULL : ElseBlock); 1863 1864 // Add the condition as the last statement in the new block. This may create 1865 // new blocks as the condition may contain control-flow. Any newly created 1866 // blocks will be pointed to be "Block". 1867 CFGBlock *LastBlock = addStmt(I->getCond()); 1868 1869 // Finally, if the IfStmt contains a condition variable, add both the IfStmt 1870 // and the condition variable initialization to the CFG. 1871 if (VarDecl *VD = I->getConditionVariable()) { 1872 if (Expr *Init = VD->getInit()) { 1873 autoCreateBlock(); 1874 appendStmt(Block, I->getConditionVariableDeclStmt()); 1875 LastBlock = addStmt(Init); 1876 } 1877 } 1878 1879 return LastBlock; 1880} 1881 1882 1883CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) { 1884 // If we were in the middle of a block we stop processing that block. 1885 // 1886 // NOTE: If a "return" appears in the middle of a block, this means that the 1887 // code afterwards is DEAD (unreachable). We still keep a basic block 1888 // for that code; a simple "mark-and-sweep" from the entry block will be 1889 // able to report such dead blocks. 1890 1891 // Create the new block. 1892 Block = createBlock(false); 1893 1894 // The Exit block is the only successor. 1895 addAutomaticObjDtors(ScopePos, LocalScope::const_iterator(), R); 1896 addSuccessor(Block, &cfg->getExit()); 1897 1898 // Add the return statement to the block. This may create new blocks if R 1899 // contains control-flow (short-circuit operations). 1900 return VisitStmt(R, AddStmtChoice::AlwaysAdd); 1901} 1902 1903CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) { 1904 // Get the block of the labeled statement. Add it to our map. 1905 addStmt(L->getSubStmt()); 1906 CFGBlock *LabelBlock = Block; 1907 1908 if (!LabelBlock) // This can happen when the body is empty, i.e. 1909 LabelBlock = createBlock(); // scopes that only contains NullStmts. 1910 1911 assert(LabelMap.find(L->getDecl()) == LabelMap.end() && 1912 "label already in map"); 1913 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos); 1914 1915 // Labels partition blocks, so this is the end of the basic block we were 1916 // processing (L is the block's label). Because this is label (and we have 1917 // already processed the substatement) there is no extra control-flow to worry 1918 // about. 1919 LabelBlock->setLabel(L); 1920 if (badCFG) 1921 return 0; 1922 1923 // We set Block to NULL to allow lazy creation of a new block (if necessary); 1924 Block = NULL; 1925 1926 // This block is now the implicit successor of other blocks. 1927 Succ = LabelBlock; 1928 1929 return LabelBlock; 1930} 1931 1932CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) { 1933 CFGBlock *LastBlock = VisitNoRecurse(E, asc); 1934 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(), 1935 et = E->capture_init_end(); it != et; ++it) { 1936 if (Expr *Init = *it) { 1937 CFGBlock *Tmp = Visit(Init); 1938 if (Tmp != 0) 1939 LastBlock = Tmp; 1940 } 1941 } 1942 return LastBlock; 1943} 1944 1945CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) { 1946 // Goto is a control-flow statement. Thus we stop processing the current 1947 // block and create a new one. 1948 1949 Block = createBlock(false); 1950 Block->setTerminator(G); 1951 1952 // If we already know the mapping to the label block add the successor now. 1953 LabelMapTy::iterator I = LabelMap.find(G->getLabel()); 1954 1955 if (I == LabelMap.end()) 1956 // We will need to backpatch this block later. 1957 BackpatchBlocks.push_back(JumpSource(Block, ScopePos)); 1958 else { 1959 JumpTarget JT = I->second; 1960 addAutomaticObjDtors(ScopePos, JT.scopePosition, G); 1961 addSuccessor(Block, JT.block); 1962 } 1963 1964 return Block; 1965} 1966 1967CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) { 1968 CFGBlock *LoopSuccessor = NULL; 1969 1970 // Save local scope position because in case of condition variable ScopePos 1971 // won't be restored when traversing AST. 1972 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 1973 1974 // Create local scope for init statement and possible condition variable. 1975 // Add destructor for init statement and condition variable. 1976 // Store scope position for continue statement. 1977 if (Stmt *Init = F->getInit()) 1978 addLocalScopeForStmt(Init); 1979 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 1980 1981 if (VarDecl *VD = F->getConditionVariable()) 1982 addLocalScopeForVarDecl(VD); 1983 LocalScope::const_iterator ContinueScopePos = ScopePos; 1984 1985 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), F); 1986 1987 // "for" is a control-flow statement. Thus we stop processing the current 1988 // block. 1989 if (Block) { 1990 if (badCFG) 1991 return 0; 1992 LoopSuccessor = Block; 1993 } else 1994 LoopSuccessor = Succ; 1995 1996 // Save the current value for the break targets. 1997 // All breaks should go to the code following the loop. 1998 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 1999 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2000 2001 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 2002 2003 // Now create the loop body. 2004 { 2005 assert(F->getBody()); 2006 2007 // Save the current values for Block, Succ, continue and break targets. 2008 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2009 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 2010 2011 // Create an empty block to represent the transition block for looping back 2012 // to the head of the loop. If we have increment code, it will 2013 // go in this block as well. 2014 Block = Succ = TransitionBlock = createBlock(false); 2015 TransitionBlock->setLoopTarget(F); 2016 2017 if (Stmt *I = F->getInc()) { 2018 // Generate increment code in its own basic block. This is the target of 2019 // continue statements. 2020 Succ = addStmt(I); 2021 } 2022 2023 // Finish up the increment (or empty) block if it hasn't been already. 2024 if (Block) { 2025 assert(Block == Succ); 2026 if (badCFG) 2027 return 0; 2028 Block = 0; 2029 } 2030 2031 // The starting block for the loop increment is the block that should 2032 // represent the 'loop target' for looping back to the start of the loop. 2033 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 2034 ContinueJumpTarget.block->setLoopTarget(F); 2035 2036 // Loop body should end with destructor of Condition variable (if any). 2037 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, F); 2038 2039 // If body is not a compound statement create implicit scope 2040 // and add destructors. 2041 if (!isa<CompoundStmt>(F->getBody())) 2042 addLocalScopeAndDtors(F->getBody()); 2043 2044 // Now populate the body block, and in the process create new blocks as we 2045 // walk the body of the loop. 2046 BodyBlock = addStmt(F->getBody()); 2047 2048 if (!BodyBlock) { 2049 // In the case of "for (...;...;...);" we can have a null BodyBlock. 2050 // Use the continue jump target as the proxy for the body. 2051 BodyBlock = ContinueJumpTarget.block; 2052 } 2053 else if (badCFG) 2054 return 0; 2055 } 2056 2057 // Because of short-circuit evaluation, the condition of the loop can span 2058 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2059 // evaluate the condition. 2060 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2061 2062 do { 2063 Expr *C = F->getCond(); 2064 2065 // Specially handle logical operators, which have a slightly 2066 // more optimal CFG representation. 2067 if (BinaryOperator *Cond = 2068 dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : 0)) 2069 if (Cond->isLogicalOp()) { 2070 llvm::tie(EntryConditionBlock, ExitConditionBlock) = 2071 VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor); 2072 break; 2073 } 2074 2075 // The default case when not handling logical operators. 2076 EntryConditionBlock = ExitConditionBlock = createBlock(false); 2077 ExitConditionBlock->setTerminator(F); 2078 2079 // See if this is a known constant. 2080 TryResult KnownVal(true); 2081 2082 if (C) { 2083 // Now add the actual condition to the condition block. 2084 // Because the condition itself may contain control-flow, new blocks may 2085 // be created. Thus we update "Succ" after adding the condition. 2086 Block = ExitConditionBlock; 2087 EntryConditionBlock = addStmt(C); 2088 2089 // If this block contains a condition variable, add both the condition 2090 // variable and initializer to the CFG. 2091 if (VarDecl *VD = F->getConditionVariable()) { 2092 if (Expr *Init = VD->getInit()) { 2093 autoCreateBlock(); 2094 appendStmt(Block, F->getConditionVariableDeclStmt()); 2095 EntryConditionBlock = addStmt(Init); 2096 assert(Block == EntryConditionBlock); 2097 } 2098 } 2099 2100 if (Block && badCFG) 2101 return 0; 2102 2103 KnownVal = tryEvaluateBool(C); 2104 } 2105 2106 // Add the loop body entry as a successor to the condition. 2107 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2108 // Link up the condition block with the code that follows the loop. (the 2109 // false branch). 2110 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2111 2112 } while (false); 2113 2114 // Link up the loop-back block to the entry condition block. 2115 addSuccessor(TransitionBlock, EntryConditionBlock); 2116 2117 // The condition block is the implicit successor for any code above the loop. 2118 Succ = EntryConditionBlock; 2119 2120 // If the loop contains initialization, create a new block for those 2121 // statements. This block can also contain statements that precede the loop. 2122 if (Stmt *I = F->getInit()) { 2123 Block = createBlock(); 2124 return addStmt(I); 2125 } 2126 2127 // There is no loop initialization. We are thus basically a while loop. 2128 // NULL out Block to force lazy block construction. 2129 Block = NULL; 2130 Succ = EntryConditionBlock; 2131 return EntryConditionBlock; 2132} 2133 2134CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) { 2135 if (asc.alwaysAdd(*this, M)) { 2136 autoCreateBlock(); 2137 appendStmt(Block, M); 2138 } 2139 return Visit(M->getBase()); 2140} 2141 2142CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) { 2143 // Objective-C fast enumeration 'for' statements: 2144 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC 2145 // 2146 // for ( Type newVariable in collection_expression ) { statements } 2147 // 2148 // becomes: 2149 // 2150 // prologue: 2151 // 1. collection_expression 2152 // T. jump to loop_entry 2153 // loop_entry: 2154 // 1. side-effects of element expression 2155 // 1. ObjCForCollectionStmt [performs binding to newVariable] 2156 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil] 2157 // TB: 2158 // statements 2159 // T. jump to loop_entry 2160 // FB: 2161 // what comes after 2162 // 2163 // and 2164 // 2165 // Type existingItem; 2166 // for ( existingItem in expression ) { statements } 2167 // 2168 // becomes: 2169 // 2170 // the same with newVariable replaced with existingItem; the binding works 2171 // the same except that for one ObjCForCollectionStmt::getElement() returns 2172 // a DeclStmt and the other returns a DeclRefExpr. 2173 // 2174 2175 CFGBlock *LoopSuccessor = 0; 2176 2177 if (Block) { 2178 if (badCFG) 2179 return 0; 2180 LoopSuccessor = Block; 2181 Block = 0; 2182 } else 2183 LoopSuccessor = Succ; 2184 2185 // Build the condition blocks. 2186 CFGBlock *ExitConditionBlock = createBlock(false); 2187 2188 // Set the terminator for the "exit" condition block. 2189 ExitConditionBlock->setTerminator(S); 2190 2191 // The last statement in the block should be the ObjCForCollectionStmt, which 2192 // performs the actual binding to 'element' and determines if there are any 2193 // more items in the collection. 2194 appendStmt(ExitConditionBlock, S); 2195 Block = ExitConditionBlock; 2196 2197 // Walk the 'element' expression to see if there are any side-effects. We 2198 // generate new blocks as necessary. We DON'T add the statement by default to 2199 // the CFG unless it contains control-flow. 2200 CFGBlock *EntryConditionBlock = Visit(S->getElement(), 2201 AddStmtChoice::NotAlwaysAdd); 2202 if (Block) { 2203 if (badCFG) 2204 return 0; 2205 Block = 0; 2206 } 2207 2208 // The condition block is the implicit successor for the loop body as well as 2209 // any code above the loop. 2210 Succ = EntryConditionBlock; 2211 2212 // Now create the true branch. 2213 { 2214 // Save the current values for Succ, continue and break targets. 2215 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2216 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2217 save_break(BreakJumpTarget); 2218 2219 // Add an intermediate block between the BodyBlock and the 2220 // EntryConditionBlock to represent the "loop back" transition, for looping 2221 // back to the head of the loop. 2222 CFGBlock *LoopBackBlock = 0; 2223 Succ = LoopBackBlock = createBlock(); 2224 LoopBackBlock->setLoopTarget(S); 2225 2226 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2227 ContinueJumpTarget = JumpTarget(Succ, ScopePos); 2228 2229 CFGBlock *BodyBlock = addStmt(S->getBody()); 2230 2231 if (!BodyBlock) 2232 BodyBlock = ContinueJumpTarget.block; // can happen for "for (X in Y) ;" 2233 else if (Block) { 2234 if (badCFG) 2235 return 0; 2236 } 2237 2238 // This new body block is a successor to our "exit" condition block. 2239 addSuccessor(ExitConditionBlock, BodyBlock); 2240 } 2241 2242 // Link up the condition block with the code that follows the loop. 2243 // (the false branch). 2244 addSuccessor(ExitConditionBlock, LoopSuccessor); 2245 2246 // Now create a prologue block to contain the collection expression. 2247 Block = createBlock(); 2248 return addStmt(S->getCollection()); 2249} 2250 2251CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) { 2252 // Inline the body. 2253 return addStmt(S->getSubStmt()); 2254 // TODO: consider adding cleanups for the end of @autoreleasepool scope. 2255} 2256 2257CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) { 2258 // FIXME: Add locking 'primitives' to CFG for @synchronized. 2259 2260 // Inline the body. 2261 CFGBlock *SyncBlock = addStmt(S->getSynchBody()); 2262 2263 // The sync body starts its own basic block. This makes it a little easier 2264 // for diagnostic clients. 2265 if (SyncBlock) { 2266 if (badCFG) 2267 return 0; 2268 2269 Block = 0; 2270 Succ = SyncBlock; 2271 } 2272 2273 // Add the @synchronized to the CFG. 2274 autoCreateBlock(); 2275 appendStmt(Block, S); 2276 2277 // Inline the sync expression. 2278 return addStmt(S->getSynchExpr()); 2279} 2280 2281CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *S) { 2282 // FIXME 2283 return NYS(); 2284} 2285 2286CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) { 2287 autoCreateBlock(); 2288 2289 // Add the PseudoObject as the last thing. 2290 appendStmt(Block, E); 2291 2292 CFGBlock *lastBlock = Block; 2293 2294 // Before that, evaluate all of the semantics in order. In 2295 // CFG-land, that means appending them in reverse order. 2296 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) { 2297 Expr *Semantic = E->getSemanticExpr(--i); 2298 2299 // If the semantic is an opaque value, we're being asked to bind 2300 // it to its source expression. 2301 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic)) 2302 Semantic = OVE->getSourceExpr(); 2303 2304 if (CFGBlock *B = Visit(Semantic)) 2305 lastBlock = B; 2306 } 2307 2308 return lastBlock; 2309} 2310 2311CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) { 2312 CFGBlock *LoopSuccessor = NULL; 2313 2314 // Save local scope position because in case of condition variable ScopePos 2315 // won't be restored when traversing AST. 2316 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2317 2318 // Create local scope for possible condition variable. 2319 // Store scope position for continue statement. 2320 LocalScope::const_iterator LoopBeginScopePos = ScopePos; 2321 if (VarDecl *VD = W->getConditionVariable()) { 2322 addLocalScopeForVarDecl(VD); 2323 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2324 } 2325 2326 // "while" is a control-flow statement. Thus we stop processing the current 2327 // block. 2328 if (Block) { 2329 if (badCFG) 2330 return 0; 2331 LoopSuccessor = Block; 2332 Block = 0; 2333 } else { 2334 LoopSuccessor = Succ; 2335 } 2336 2337 CFGBlock *BodyBlock = 0, *TransitionBlock = 0; 2338 2339 // Process the loop body. 2340 { 2341 assert(W->getBody()); 2342 2343 // Save the current values for Block, Succ, continue and break targets. 2344 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2345 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2346 save_break(BreakJumpTarget); 2347 2348 // Create an empty block to represent the transition block for looping back 2349 // to the head of the loop. 2350 Succ = TransitionBlock = createBlock(false); 2351 TransitionBlock->setLoopTarget(W); 2352 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos); 2353 2354 // All breaks should go to the code following the loop. 2355 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2356 2357 // Loop body should end with destructor of Condition variable (if any). 2358 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W); 2359 2360 // If body is not a compound statement create implicit scope 2361 // and add destructors. 2362 if (!isa<CompoundStmt>(W->getBody())) 2363 addLocalScopeAndDtors(W->getBody()); 2364 2365 // Create the body. The returned block is the entry to the loop body. 2366 BodyBlock = addStmt(W->getBody()); 2367 2368 if (!BodyBlock) 2369 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;" 2370 else if (Block && badCFG) 2371 return 0; 2372 } 2373 2374 // Because of short-circuit evaluation, the condition of the loop can span 2375 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2376 // evaluate the condition. 2377 CFGBlock *EntryConditionBlock = 0, *ExitConditionBlock = 0; 2378 2379 do { 2380 Expr *C = W->getCond(); 2381 2382 // Specially handle logical operators, which have a slightly 2383 // more optimal CFG representation. 2384 if (BinaryOperator *Cond = dyn_cast<BinaryOperator>(C->IgnoreParens())) 2385 if (Cond->isLogicalOp()) { 2386 llvm::tie(EntryConditionBlock, ExitConditionBlock) = 2387 VisitLogicalOperator(Cond, W, BodyBlock, 2388 LoopSuccessor); 2389 break; 2390 } 2391 2392 // The default case when not handling logical operators. 2393 ExitConditionBlock = createBlock(false); 2394 ExitConditionBlock->setTerminator(W); 2395 2396 // Now add the actual condition to the condition block. 2397 // Because the condition itself may contain control-flow, new blocks may 2398 // be created. Thus we update "Succ" after adding the condition. 2399 Block = ExitConditionBlock; 2400 Block = EntryConditionBlock = addStmt(C); 2401 2402 // If this block contains a condition variable, add both the condition 2403 // variable and initializer to the CFG. 2404 if (VarDecl *VD = W->getConditionVariable()) { 2405 if (Expr *Init = VD->getInit()) { 2406 autoCreateBlock(); 2407 appendStmt(Block, W->getConditionVariableDeclStmt()); 2408 EntryConditionBlock = addStmt(Init); 2409 assert(Block == EntryConditionBlock); 2410 } 2411 } 2412 2413 if (Block && badCFG) 2414 return 0; 2415 2416 // See if this is a known constant. 2417 const TryResult& KnownVal = tryEvaluateBool(C); 2418 2419 // Add the loop body entry as a successor to the condition. 2420 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock); 2421 // Link up the condition block with the code that follows the loop. (the 2422 // false branch). 2423 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2424 2425 } while(false); 2426 2427 // Link up the loop-back block to the entry condition block. 2428 addSuccessor(TransitionBlock, EntryConditionBlock); 2429 2430 // There can be no more statements in the condition block since we loop back 2431 // to this block. NULL out Block to force lazy creation of another block. 2432 Block = NULL; 2433 2434 // Return the condition block, which is the dominating block for the loop. 2435 Succ = EntryConditionBlock; 2436 return EntryConditionBlock; 2437} 2438 2439 2440CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *S) { 2441 // FIXME: For now we pretend that @catch and the code it contains does not 2442 // exit. 2443 return Block; 2444} 2445 2446CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) { 2447 // FIXME: This isn't complete. We basically treat @throw like a return 2448 // statement. 2449 2450 // If we were in the middle of a block we stop processing that block. 2451 if (badCFG) 2452 return 0; 2453 2454 // Create the new block. 2455 Block = createBlock(false); 2456 2457 // The Exit block is the only successor. 2458 addSuccessor(Block, &cfg->getExit()); 2459 2460 // Add the statement to the block. This may create new blocks if S contains 2461 // control-flow (short-circuit operations). 2462 return VisitStmt(S, AddStmtChoice::AlwaysAdd); 2463} 2464 2465CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) { 2466 // If we were in the middle of a block we stop processing that block. 2467 if (badCFG) 2468 return 0; 2469 2470 // Create the new block. 2471 Block = createBlock(false); 2472 2473 if (TryTerminatedBlock) 2474 // The current try statement is the only successor. 2475 addSuccessor(Block, TryTerminatedBlock); 2476 else 2477 // otherwise the Exit block is the only successor. 2478 addSuccessor(Block, &cfg->getExit()); 2479 2480 // Add the statement to the block. This may create new blocks if S contains 2481 // control-flow (short-circuit operations). 2482 return VisitStmt(T, AddStmtChoice::AlwaysAdd); 2483} 2484 2485CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) { 2486 CFGBlock *LoopSuccessor = NULL; 2487 2488 // "do...while" is a control-flow statement. Thus we stop processing the 2489 // current block. 2490 if (Block) { 2491 if (badCFG) 2492 return 0; 2493 LoopSuccessor = Block; 2494 } else 2495 LoopSuccessor = Succ; 2496 2497 // Because of short-circuit evaluation, the condition of the loop can span 2498 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that 2499 // evaluate the condition. 2500 CFGBlock *ExitConditionBlock = createBlock(false); 2501 CFGBlock *EntryConditionBlock = ExitConditionBlock; 2502 2503 // Set the terminator for the "exit" condition block. 2504 ExitConditionBlock->setTerminator(D); 2505 2506 // Now add the actual condition to the condition block. Because the condition 2507 // itself may contain control-flow, new blocks may be created. 2508 if (Stmt *C = D->getCond()) { 2509 Block = ExitConditionBlock; 2510 EntryConditionBlock = addStmt(C); 2511 if (Block) { 2512 if (badCFG) 2513 return 0; 2514 } 2515 } 2516 2517 // The condition block is the implicit successor for the loop body. 2518 Succ = EntryConditionBlock; 2519 2520 // See if this is a known constant. 2521 const TryResult &KnownVal = tryEvaluateBool(D->getCond()); 2522 2523 // Process the loop body. 2524 CFGBlock *BodyBlock = NULL; 2525 { 2526 assert(D->getBody()); 2527 2528 // Save the current values for Block, Succ, and continue and break targets 2529 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 2530 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget), 2531 save_break(BreakJumpTarget); 2532 2533 // All continues within this loop should go to the condition block 2534 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos); 2535 2536 // All breaks should go to the code following the loop. 2537 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 2538 2539 // NULL out Block to force lazy instantiation of blocks for the body. 2540 Block = NULL; 2541 2542 // If body is not a compound statement create implicit scope 2543 // and add destructors. 2544 if (!isa<CompoundStmt>(D->getBody())) 2545 addLocalScopeAndDtors(D->getBody()); 2546 2547 // Create the body. The returned block is the entry to the loop body. 2548 BodyBlock = addStmt(D->getBody()); 2549 2550 if (!BodyBlock) 2551 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)" 2552 else if (Block) { 2553 if (badCFG) 2554 return 0; 2555 } 2556 2557 if (!KnownVal.isFalse()) { 2558 // Add an intermediate block between the BodyBlock and the 2559 // ExitConditionBlock to represent the "loop back" transition. Create an 2560 // empty block to represent the transition block for looping back to the 2561 // head of the loop. 2562 // FIXME: Can we do this more efficiently without adding another block? 2563 Block = NULL; 2564 Succ = BodyBlock; 2565 CFGBlock *LoopBackBlock = createBlock(); 2566 LoopBackBlock->setLoopTarget(D); 2567 2568 // Add the loop body entry as a successor to the condition. 2569 addSuccessor(ExitConditionBlock, LoopBackBlock); 2570 } 2571 else 2572 addSuccessor(ExitConditionBlock, NULL); 2573 } 2574 2575 // Link up the condition block with the code that follows the loop. 2576 // (the false branch). 2577 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor); 2578 2579 // There can be no more statements in the body block(s) since we loop back to 2580 // the body. NULL out Block to force lazy creation of another block. 2581 Block = NULL; 2582 2583 // Return the loop body, which is the dominating block for the loop. 2584 Succ = BodyBlock; 2585 return BodyBlock; 2586} 2587 2588CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) { 2589 // "continue" is a control-flow statement. Thus we stop processing the 2590 // current block. 2591 if (badCFG) 2592 return 0; 2593 2594 // Now create a new block that ends with the continue statement. 2595 Block = createBlock(false); 2596 Block->setTerminator(C); 2597 2598 // If there is no target for the continue, then we are looking at an 2599 // incomplete AST. This means the CFG cannot be constructed. 2600 if (ContinueJumpTarget.block) { 2601 addAutomaticObjDtors(ScopePos, ContinueJumpTarget.scopePosition, C); 2602 addSuccessor(Block, ContinueJumpTarget.block); 2603 } else 2604 badCFG = true; 2605 2606 return Block; 2607} 2608 2609CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E, 2610 AddStmtChoice asc) { 2611 2612 if (asc.alwaysAdd(*this, E)) { 2613 autoCreateBlock(); 2614 appendStmt(Block, E); 2615 } 2616 2617 // VLA types have expressions that must be evaluated. 2618 CFGBlock *lastBlock = Block; 2619 2620 if (E->isArgumentType()) { 2621 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr()); 2622 VA != 0; VA = FindVA(VA->getElementType().getTypePtr())) 2623 lastBlock = addStmt(VA->getSizeExpr()); 2624 } 2625 return lastBlock; 2626} 2627 2628/// VisitStmtExpr - Utility method to handle (nested) statement 2629/// expressions (a GCC extension). 2630CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) { 2631 if (asc.alwaysAdd(*this, SE)) { 2632 autoCreateBlock(); 2633 appendStmt(Block, SE); 2634 } 2635 return VisitCompoundStmt(SE->getSubStmt()); 2636} 2637 2638CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) { 2639 // "switch" is a control-flow statement. Thus we stop processing the current 2640 // block. 2641 CFGBlock *SwitchSuccessor = NULL; 2642 2643 // Save local scope position because in case of condition variable ScopePos 2644 // won't be restored when traversing AST. 2645 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2646 2647 // Create local scope for possible condition variable. 2648 // Store scope position. Add implicit destructor. 2649 if (VarDecl *VD = Terminator->getConditionVariable()) { 2650 LocalScope::const_iterator SwitchBeginScopePos = ScopePos; 2651 addLocalScopeForVarDecl(VD); 2652 addAutomaticObjDtors(ScopePos, SwitchBeginScopePos, Terminator); 2653 } 2654 2655 if (Block) { 2656 if (badCFG) 2657 return 0; 2658 SwitchSuccessor = Block; 2659 } else SwitchSuccessor = Succ; 2660 2661 // Save the current "switch" context. 2662 SaveAndRestore<CFGBlock*> save_switch(SwitchTerminatedBlock), 2663 save_default(DefaultCaseBlock); 2664 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 2665 2666 // Set the "default" case to be the block after the switch statement. If the 2667 // switch statement contains a "default:", this value will be overwritten with 2668 // the block for that code. 2669 DefaultCaseBlock = SwitchSuccessor; 2670 2671 // Create a new block that will contain the switch statement. 2672 SwitchTerminatedBlock = createBlock(false); 2673 2674 // Now process the switch body. The code after the switch is the implicit 2675 // successor. 2676 Succ = SwitchSuccessor; 2677 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos); 2678 2679 // When visiting the body, the case statements should automatically get linked 2680 // up to the switch. We also don't keep a pointer to the body, since all 2681 // control-flow from the switch goes to case/default statements. 2682 assert(Terminator->getBody() && "switch must contain a non-NULL body"); 2683 Block = NULL; 2684 2685 // For pruning unreachable case statements, save the current state 2686 // for tracking the condition value. 2687 SaveAndRestore<bool> save_switchExclusivelyCovered(switchExclusivelyCovered, 2688 false); 2689 2690 // Determine if the switch condition can be explicitly evaluated. 2691 assert(Terminator->getCond() && "switch condition must be non-NULL"); 2692 Expr::EvalResult result; 2693 bool b = tryEvaluate(Terminator->getCond(), result); 2694 SaveAndRestore<Expr::EvalResult*> save_switchCond(switchCond, 2695 b ? &result : 0); 2696 2697 // If body is not a compound statement create implicit scope 2698 // and add destructors. 2699 if (!isa<CompoundStmt>(Terminator->getBody())) 2700 addLocalScopeAndDtors(Terminator->getBody()); 2701 2702 addStmt(Terminator->getBody()); 2703 if (Block) { 2704 if (badCFG) 2705 return 0; 2706 } 2707 2708 // If we have no "default:" case, the default transition is to the code 2709 // following the switch body. Moreover, take into account if all the 2710 // cases of a switch are covered (e.g., switching on an enum value). 2711 // 2712 // Note: We add a successor to a switch that is considered covered yet has no 2713 // case statements if the enumeration has no enumerators. 2714 bool SwitchAlwaysHasSuccessor = false; 2715 SwitchAlwaysHasSuccessor |= switchExclusivelyCovered; 2716 SwitchAlwaysHasSuccessor |= Terminator->isAllEnumCasesCovered() && 2717 Terminator->getSwitchCaseList(); 2718 addSuccessor(SwitchTerminatedBlock, 2719 SwitchAlwaysHasSuccessor ? 0 : DefaultCaseBlock); 2720 2721 // Add the terminator and condition in the switch block. 2722 SwitchTerminatedBlock->setTerminator(Terminator); 2723 Block = SwitchTerminatedBlock; 2724 CFGBlock *LastBlock = addStmt(Terminator->getCond()); 2725 2726 // Finally, if the SwitchStmt contains a condition variable, add both the 2727 // SwitchStmt and the condition variable initialization to the CFG. 2728 if (VarDecl *VD = Terminator->getConditionVariable()) { 2729 if (Expr *Init = VD->getInit()) { 2730 autoCreateBlock(); 2731 appendStmt(Block, Terminator->getConditionVariableDeclStmt()); 2732 LastBlock = addStmt(Init); 2733 } 2734 } 2735 2736 return LastBlock; 2737} 2738 2739static bool shouldAddCase(bool &switchExclusivelyCovered, 2740 const Expr::EvalResult *switchCond, 2741 const CaseStmt *CS, 2742 ASTContext &Ctx) { 2743 if (!switchCond) 2744 return true; 2745 2746 bool addCase = false; 2747 2748 if (!switchExclusivelyCovered) { 2749 if (switchCond->Val.isInt()) { 2750 // Evaluate the LHS of the case value. 2751 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx); 2752 const llvm::APSInt &condInt = switchCond->Val.getInt(); 2753 2754 if (condInt == lhsInt) { 2755 addCase = true; 2756 switchExclusivelyCovered = true; 2757 } 2758 else if (condInt < lhsInt) { 2759 if (const Expr *RHS = CS->getRHS()) { 2760 // Evaluate the RHS of the case value. 2761 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx); 2762 if (V2 <= condInt) { 2763 addCase = true; 2764 switchExclusivelyCovered = true; 2765 } 2766 } 2767 } 2768 } 2769 else 2770 addCase = true; 2771 } 2772 return addCase; 2773} 2774 2775CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) { 2776 // CaseStmts are essentially labels, so they are the first statement in a 2777 // block. 2778 CFGBlock *TopBlock = 0, *LastBlock = 0; 2779 2780 if (Stmt *Sub = CS->getSubStmt()) { 2781 // For deeply nested chains of CaseStmts, instead of doing a recursion 2782 // (which can blow out the stack), manually unroll and create blocks 2783 // along the way. 2784 while (isa<CaseStmt>(Sub)) { 2785 CFGBlock *currentBlock = createBlock(false); 2786 currentBlock->setLabel(CS); 2787 2788 if (TopBlock) 2789 addSuccessor(LastBlock, currentBlock); 2790 else 2791 TopBlock = currentBlock; 2792 2793 addSuccessor(SwitchTerminatedBlock, 2794 shouldAddCase(switchExclusivelyCovered, switchCond, 2795 CS, *Context) 2796 ? currentBlock : 0); 2797 2798 LastBlock = currentBlock; 2799 CS = cast<CaseStmt>(Sub); 2800 Sub = CS->getSubStmt(); 2801 } 2802 2803 addStmt(Sub); 2804 } 2805 2806 CFGBlock *CaseBlock = Block; 2807 if (!CaseBlock) 2808 CaseBlock = createBlock(); 2809 2810 // Cases statements partition blocks, so this is the top of the basic block we 2811 // were processing (the "case XXX:" is the label). 2812 CaseBlock->setLabel(CS); 2813 2814 if (badCFG) 2815 return 0; 2816 2817 // Add this block to the list of successors for the block with the switch 2818 // statement. 2819 assert(SwitchTerminatedBlock); 2820 addSuccessor(SwitchTerminatedBlock, 2821 shouldAddCase(switchExclusivelyCovered, switchCond, 2822 CS, *Context) 2823 ? CaseBlock : 0); 2824 2825 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2826 Block = NULL; 2827 2828 if (TopBlock) { 2829 addSuccessor(LastBlock, CaseBlock); 2830 Succ = TopBlock; 2831 } else { 2832 // This block is now the implicit successor of other blocks. 2833 Succ = CaseBlock; 2834 } 2835 2836 return Succ; 2837} 2838 2839CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) { 2840 if (Terminator->getSubStmt()) 2841 addStmt(Terminator->getSubStmt()); 2842 2843 DefaultCaseBlock = Block; 2844 2845 if (!DefaultCaseBlock) 2846 DefaultCaseBlock = createBlock(); 2847 2848 // Default statements partition blocks, so this is the top of the basic block 2849 // we were processing (the "default:" is the label). 2850 DefaultCaseBlock->setLabel(Terminator); 2851 2852 if (badCFG) 2853 return 0; 2854 2855 // Unlike case statements, we don't add the default block to the successors 2856 // for the switch statement immediately. This is done when we finish 2857 // processing the switch statement. This allows for the default case 2858 // (including a fall-through to the code after the switch statement) to always 2859 // be the last successor of a switch-terminated block. 2860 2861 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2862 Block = NULL; 2863 2864 // This block is now the implicit successor of other blocks. 2865 Succ = DefaultCaseBlock; 2866 2867 return DefaultCaseBlock; 2868} 2869 2870CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) { 2871 // "try"/"catch" is a control-flow statement. Thus we stop processing the 2872 // current block. 2873 CFGBlock *TrySuccessor = NULL; 2874 2875 if (Block) { 2876 if (badCFG) 2877 return 0; 2878 TrySuccessor = Block; 2879 } else TrySuccessor = Succ; 2880 2881 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock; 2882 2883 // Create a new block that will contain the try statement. 2884 CFGBlock *NewTryTerminatedBlock = createBlock(false); 2885 // Add the terminator in the try block. 2886 NewTryTerminatedBlock->setTerminator(Terminator); 2887 2888 bool HasCatchAll = false; 2889 for (unsigned h = 0; h <Terminator->getNumHandlers(); ++h) { 2890 // The code after the try is the implicit successor. 2891 Succ = TrySuccessor; 2892 CXXCatchStmt *CS = Terminator->getHandler(h); 2893 if (CS->getExceptionDecl() == 0) { 2894 HasCatchAll = true; 2895 } 2896 Block = NULL; 2897 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS); 2898 if (CatchBlock == 0) 2899 return 0; 2900 // Add this block to the list of successors for the block with the try 2901 // statement. 2902 addSuccessor(NewTryTerminatedBlock, CatchBlock); 2903 } 2904 if (!HasCatchAll) { 2905 if (PrevTryTerminatedBlock) 2906 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock); 2907 else 2908 addSuccessor(NewTryTerminatedBlock, &cfg->getExit()); 2909 } 2910 2911 // The code after the try is the implicit successor. 2912 Succ = TrySuccessor; 2913 2914 // Save the current "try" context. 2915 SaveAndRestore<CFGBlock*> save_try(TryTerminatedBlock, NewTryTerminatedBlock); 2916 cfg->addTryDispatchBlock(TryTerminatedBlock); 2917 2918 assert(Terminator->getTryBlock() && "try must contain a non-NULL body"); 2919 Block = NULL; 2920 return addStmt(Terminator->getTryBlock()); 2921} 2922 2923CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) { 2924 // CXXCatchStmt are treated like labels, so they are the first statement in a 2925 // block. 2926 2927 // Save local scope position because in case of exception variable ScopePos 2928 // won't be restored when traversing AST. 2929 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2930 2931 // Create local scope for possible exception variable. 2932 // Store scope position. Add implicit destructor. 2933 if (VarDecl *VD = CS->getExceptionDecl()) { 2934 LocalScope::const_iterator BeginScopePos = ScopePos; 2935 addLocalScopeForVarDecl(VD); 2936 addAutomaticObjDtors(ScopePos, BeginScopePos, CS); 2937 } 2938 2939 if (CS->getHandlerBlock()) 2940 addStmt(CS->getHandlerBlock()); 2941 2942 CFGBlock *CatchBlock = Block; 2943 if (!CatchBlock) 2944 CatchBlock = createBlock(); 2945 2946 // CXXCatchStmt is more than just a label. They have semantic meaning 2947 // as well, as they implicitly "initialize" the catch variable. Add 2948 // it to the CFG as a CFGElement so that the control-flow of these 2949 // semantics gets captured. 2950 appendStmt(CatchBlock, CS); 2951 2952 // Also add the CXXCatchStmt as a label, to mirror handling of regular 2953 // labels. 2954 CatchBlock->setLabel(CS); 2955 2956 // Bail out if the CFG is bad. 2957 if (badCFG) 2958 return 0; 2959 2960 // We set Block to NULL to allow lazy creation of a new block (if necessary) 2961 Block = NULL; 2962 2963 return CatchBlock; 2964} 2965 2966CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) { 2967 // C++0x for-range statements are specified as [stmt.ranged]: 2968 // 2969 // { 2970 // auto && __range = range-init; 2971 // for ( auto __begin = begin-expr, 2972 // __end = end-expr; 2973 // __begin != __end; 2974 // ++__begin ) { 2975 // for-range-declaration = *__begin; 2976 // statement 2977 // } 2978 // } 2979 2980 // Save local scope position before the addition of the implicit variables. 2981 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos); 2982 2983 // Create local scopes and destructors for range, begin and end variables. 2984 if (Stmt *Range = S->getRangeStmt()) 2985 addLocalScopeForStmt(Range); 2986 if (Stmt *BeginEnd = S->getBeginEndStmt()) 2987 addLocalScopeForStmt(BeginEnd); 2988 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), S); 2989 2990 LocalScope::const_iterator ContinueScopePos = ScopePos; 2991 2992 // "for" is a control-flow statement. Thus we stop processing the current 2993 // block. 2994 CFGBlock *LoopSuccessor = NULL; 2995 if (Block) { 2996 if (badCFG) 2997 return 0; 2998 LoopSuccessor = Block; 2999 } else 3000 LoopSuccessor = Succ; 3001 3002 // Save the current value for the break targets. 3003 // All breaks should go to the code following the loop. 3004 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget); 3005 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos); 3006 3007 // The block for the __begin != __end expression. 3008 CFGBlock *ConditionBlock = createBlock(false); 3009 ConditionBlock->setTerminator(S); 3010 3011 // Now add the actual condition to the condition block. 3012 if (Expr *C = S->getCond()) { 3013 Block = ConditionBlock; 3014 CFGBlock *BeginConditionBlock = addStmt(C); 3015 if (badCFG) 3016 return 0; 3017 assert(BeginConditionBlock == ConditionBlock && 3018 "condition block in for-range was unexpectedly complex"); 3019 (void)BeginConditionBlock; 3020 } 3021 3022 // The condition block is the implicit successor for the loop body as well as 3023 // any code above the loop. 3024 Succ = ConditionBlock; 3025 3026 // See if this is a known constant. 3027 TryResult KnownVal(true); 3028 3029 if (S->getCond()) 3030 KnownVal = tryEvaluateBool(S->getCond()); 3031 3032 // Now create the loop body. 3033 { 3034 assert(S->getBody()); 3035 3036 // Save the current values for Block, Succ, and continue targets. 3037 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ); 3038 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget); 3039 3040 // Generate increment code in its own basic block. This is the target of 3041 // continue statements. 3042 Block = 0; 3043 Succ = addStmt(S->getInc()); 3044 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos); 3045 3046 // The starting block for the loop increment is the block that should 3047 // represent the 'loop target' for looping back to the start of the loop. 3048 ContinueJumpTarget.block->setLoopTarget(S); 3049 3050 // Finish up the increment block and prepare to start the loop body. 3051 assert(Block); 3052 if (badCFG) 3053 return 0; 3054 Block = 0; 3055 3056 3057 // Add implicit scope and dtors for loop variable. 3058 addLocalScopeAndDtors(S->getLoopVarStmt()); 3059 3060 // Populate a new block to contain the loop body and loop variable. 3061 addStmt(S->getBody()); 3062 if (badCFG) 3063 return 0; 3064 CFGBlock *LoopVarStmtBlock = addStmt(S->getLoopVarStmt()); 3065 if (badCFG) 3066 return 0; 3067 3068 // This new body block is a successor to our condition block. 3069 addSuccessor(ConditionBlock, KnownVal.isFalse() ? 0 : LoopVarStmtBlock); 3070 } 3071 3072 // Link up the condition block with the code that follows the loop (the 3073 // false branch). 3074 addSuccessor(ConditionBlock, KnownVal.isTrue() ? 0 : LoopSuccessor); 3075 3076 // Add the initialization statements. 3077 Block = createBlock(); 3078 addStmt(S->getBeginEndStmt()); 3079 return addStmt(S->getRangeStmt()); 3080} 3081 3082CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E, 3083 AddStmtChoice asc) { 3084 if (BuildOpts.AddTemporaryDtors) { 3085 // If adding implicit destructors visit the full expression for adding 3086 // destructors of temporaries. 3087 VisitForTemporaryDtors(E->getSubExpr()); 3088 3089 // Full expression has to be added as CFGStmt so it will be sequenced 3090 // before destructors of it's temporaries. 3091 asc = asc.withAlwaysAdd(true); 3092 } 3093 return Visit(E->getSubExpr(), asc); 3094} 3095 3096CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E, 3097 AddStmtChoice asc) { 3098 if (asc.alwaysAdd(*this, E)) { 3099 autoCreateBlock(); 3100 appendStmt(Block, E); 3101 3102 // We do not want to propagate the AlwaysAdd property. 3103 asc = asc.withAlwaysAdd(false); 3104 } 3105 return Visit(E->getSubExpr(), asc); 3106} 3107 3108CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C, 3109 AddStmtChoice asc) { 3110 autoCreateBlock(); 3111 appendStmt(Block, C); 3112 3113 return VisitChildren(C); 3114} 3115 3116CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E, 3117 AddStmtChoice asc) { 3118 if (asc.alwaysAdd(*this, E)) { 3119 autoCreateBlock(); 3120 appendStmt(Block, E); 3121 // We do not want to propagate the AlwaysAdd property. 3122 asc = asc.withAlwaysAdd(false); 3123 } 3124 return Visit(E->getSubExpr(), asc); 3125} 3126 3127CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C, 3128 AddStmtChoice asc) { 3129 autoCreateBlock(); 3130 appendStmt(Block, C); 3131 return VisitChildren(C); 3132} 3133 3134CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E, 3135 AddStmtChoice asc) { 3136 if (asc.alwaysAdd(*this, E)) { 3137 autoCreateBlock(); 3138 appendStmt(Block, E); 3139 } 3140 return Visit(E->getSubExpr(), AddStmtChoice()); 3141} 3142 3143CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3144 // Lazily create the indirect-goto dispatch block if there isn't one already. 3145 CFGBlock *IBlock = cfg->getIndirectGotoBlock(); 3146 3147 if (!IBlock) { 3148 IBlock = createBlock(false); 3149 cfg->setIndirectGotoBlock(IBlock); 3150 } 3151 3152 // IndirectGoto is a control-flow statement. Thus we stop processing the 3153 // current block and create a new one. 3154 if (badCFG) 3155 return 0; 3156 3157 Block = createBlock(false); 3158 Block->setTerminator(I); 3159 addSuccessor(Block, IBlock); 3160 return addStmt(I->getTarget()); 3161} 3162 3163CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary) { 3164 assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors); 3165 3166tryAgain: 3167 if (!E) { 3168 badCFG = true; 3169 return NULL; 3170 } 3171 switch (E->getStmtClass()) { 3172 default: 3173 return VisitChildrenForTemporaryDtors(E); 3174 3175 case Stmt::BinaryOperatorClass: 3176 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E)); 3177 3178 case Stmt::CXXBindTemporaryExprClass: 3179 return VisitCXXBindTemporaryExprForTemporaryDtors( 3180 cast<CXXBindTemporaryExpr>(E), BindToTemporary); 3181 3182 case Stmt::BinaryConditionalOperatorClass: 3183 case Stmt::ConditionalOperatorClass: 3184 return VisitConditionalOperatorForTemporaryDtors( 3185 cast<AbstractConditionalOperator>(E), BindToTemporary); 3186 3187 case Stmt::ImplicitCastExprClass: 3188 // For implicit cast we want BindToTemporary to be passed further. 3189 E = cast<CastExpr>(E)->getSubExpr(); 3190 goto tryAgain; 3191 3192 case Stmt::ParenExprClass: 3193 E = cast<ParenExpr>(E)->getSubExpr(); 3194 goto tryAgain; 3195 3196 case Stmt::MaterializeTemporaryExprClass: 3197 E = cast<MaterializeTemporaryExpr>(E)->GetTemporaryExpr(); 3198 goto tryAgain; 3199 } 3200} 3201 3202CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E) { 3203 // When visiting children for destructors we want to visit them in reverse 3204 // order that they will appear in the CFG. Because the CFG is built 3205 // bottom-up, this means we visit them in their natural order, which 3206 // reverses them in the CFG. 3207 CFGBlock *B = Block; 3208 for (Stmt::child_range I = E->children(); I; ++I) { 3209 if (Stmt *Child = *I) 3210 if (CFGBlock *R = VisitForTemporaryDtors(Child)) 3211 B = R; 3212 } 3213 return B; 3214} 3215 3216CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E) { 3217 if (E->isLogicalOp()) { 3218 // Destructors for temporaries in LHS expression should be called after 3219 // those for RHS expression. Even if this will unnecessarily create a block, 3220 // this block will be used at least by the full expression. 3221 autoCreateBlock(); 3222 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getLHS()); 3223 if (badCFG) 3224 return NULL; 3225 3226 Succ = ConfluenceBlock; 3227 Block = NULL; 3228 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3229 3230 if (RHSBlock) { 3231 if (badCFG) 3232 return NULL; 3233 3234 // If RHS expression did produce destructors we need to connect created 3235 // blocks to CFG in same manner as for binary operator itself. 3236 CFGBlock *LHSBlock = createBlock(false); 3237 LHSBlock->setTerminator(CFGTerminator(E, true)); 3238 3239 // For binary operator LHS block is before RHS in list of predecessors 3240 // of ConfluenceBlock. 3241 std::reverse(ConfluenceBlock->pred_begin(), 3242 ConfluenceBlock->pred_end()); 3243 3244 // See if this is a known constant. 3245 TryResult KnownVal = tryEvaluateBool(E->getLHS()); 3246 if (KnownVal.isKnown() && (E->getOpcode() == BO_LOr)) 3247 KnownVal.negate(); 3248 3249 // Link LHSBlock with RHSBlock exactly the same way as for binary operator 3250 // itself. 3251 if (E->getOpcode() == BO_LOr) { 3252 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3253 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3254 } else { 3255 assert (E->getOpcode() == BO_LAnd); 3256 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock); 3257 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock); 3258 } 3259 3260 Block = LHSBlock; 3261 return LHSBlock; 3262 } 3263 3264 Block = ConfluenceBlock; 3265 return ConfluenceBlock; 3266 } 3267 3268 if (E->isAssignmentOp()) { 3269 // For assignment operator (=) LHS expression is visited 3270 // before RHS expression. For destructors visit them in reverse order. 3271 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3272 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3273 return LHSBlock ? LHSBlock : RHSBlock; 3274 } 3275 3276 // For any other binary operator RHS expression is visited before 3277 // LHS expression (order of children). For destructors visit them in reverse 3278 // order. 3279 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS()); 3280 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS()); 3281 return RHSBlock ? RHSBlock : LHSBlock; 3282} 3283 3284CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors( 3285 CXXBindTemporaryExpr *E, bool BindToTemporary) { 3286 // First add destructors for temporaries in subexpression. 3287 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr()); 3288 if (!BindToTemporary) { 3289 // If lifetime of temporary is not prolonged (by assigning to constant 3290 // reference) add destructor for it. 3291 3292 // If the destructor is marked as a no-return destructor, we need to create 3293 // a new block for the destructor which does not have as a successor 3294 // anything built thus far. Control won't flow out of this block. 3295 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor(); 3296 if (Dtor->isNoReturn()) 3297 Block = createNoReturnBlock(); 3298 else 3299 autoCreateBlock(); 3300 3301 appendTemporaryDtor(Block, E); 3302 B = Block; 3303 } 3304 return B; 3305} 3306 3307CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors( 3308 AbstractConditionalOperator *E, bool BindToTemporary) { 3309 // First add destructors for condition expression. Even if this will 3310 // unnecessarily create a block, this block will be used at least by the full 3311 // expression. 3312 autoCreateBlock(); 3313 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getCond()); 3314 if (badCFG) 3315 return NULL; 3316 if (BinaryConditionalOperator *BCO 3317 = dyn_cast<BinaryConditionalOperator>(E)) { 3318 ConfluenceBlock = VisitForTemporaryDtors(BCO->getCommon()); 3319 if (badCFG) 3320 return NULL; 3321 } 3322 3323 // Try to add block with destructors for LHS expression. 3324 CFGBlock *LHSBlock = NULL; 3325 Succ = ConfluenceBlock; 3326 Block = NULL; 3327 LHSBlock = VisitForTemporaryDtors(E->getTrueExpr(), BindToTemporary); 3328 if (badCFG) 3329 return NULL; 3330 3331 // Try to add block with destructors for RHS expression; 3332 Succ = ConfluenceBlock; 3333 Block = NULL; 3334 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getFalseExpr(), 3335 BindToTemporary); 3336 if (badCFG) 3337 return NULL; 3338 3339 if (!RHSBlock && !LHSBlock) { 3340 // If neither LHS nor RHS expression had temporaries to destroy don't create 3341 // more blocks. 3342 Block = ConfluenceBlock; 3343 return Block; 3344 } 3345 3346 Block = createBlock(false); 3347 Block->setTerminator(CFGTerminator(E, true)); 3348 3349 // See if this is a known constant. 3350 const TryResult &KnownVal = tryEvaluateBool(E->getCond()); 3351 3352 if (LHSBlock) { 3353 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock); 3354 } else if (KnownVal.isFalse()) { 3355 addSuccessor(Block, NULL); 3356 } else { 3357 addSuccessor(Block, ConfluenceBlock); 3358 std::reverse(ConfluenceBlock->pred_begin(), ConfluenceBlock->pred_end()); 3359 } 3360 3361 if (!RHSBlock) 3362 RHSBlock = ConfluenceBlock; 3363 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock); 3364 3365 return Block; 3366} 3367 3368} // end anonymous namespace 3369 3370/// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has 3371/// no successors or predecessors. If this is the first block created in the 3372/// CFG, it is automatically set to be the Entry and Exit of the CFG. 3373CFGBlock *CFG::createBlock() { 3374 bool first_block = begin() == end(); 3375 3376 // Create the block. 3377 CFGBlock *Mem = getAllocator().Allocate<CFGBlock>(); 3378 new (Mem) CFGBlock(NumBlockIDs++, BlkBVC, this); 3379 Blocks.push_back(Mem, BlkBVC); 3380 3381 // If this is the first block, set it as the Entry and Exit. 3382 if (first_block) 3383 Entry = Exit = &back(); 3384 3385 // Return the block. 3386 return &back(); 3387} 3388 3389/// buildCFG - Constructs a CFG from an AST. Ownership of the returned 3390/// CFG is returned to the caller. 3391CFG* CFG::buildCFG(const Decl *D, Stmt *Statement, ASTContext *C, 3392 const BuildOptions &BO) { 3393 CFGBuilder Builder(C, BO); 3394 return Builder.buildCFG(D, Statement); 3395} 3396 3397const CXXDestructorDecl * 3398CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const { 3399 switch (getKind()) { 3400 case CFGElement::Statement: 3401 case CFGElement::Initializer: 3402 llvm_unreachable("getDestructorDecl should only be used with " 3403 "ImplicitDtors"); 3404 case CFGElement::AutomaticObjectDtor: { 3405 const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl(); 3406 QualType ty = var->getType(); 3407 ty = ty.getNonReferenceType(); 3408 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) { 3409 ty = arrayType->getElementType(); 3410 } 3411 const RecordType *recordType = ty->getAs<RecordType>(); 3412 const CXXRecordDecl *classDecl = 3413 cast<CXXRecordDecl>(recordType->getDecl()); 3414 return classDecl->getDestructor(); 3415 } 3416 case CFGElement::TemporaryDtor: { 3417 const CXXBindTemporaryExpr *bindExpr = 3418 castAs<CFGTemporaryDtor>().getBindTemporaryExpr(); 3419 const CXXTemporary *temp = bindExpr->getTemporary(); 3420 return temp->getDestructor(); 3421 } 3422 case CFGElement::BaseDtor: 3423 case CFGElement::MemberDtor: 3424 3425 // Not yet supported. 3426 return 0; 3427 } 3428 llvm_unreachable("getKind() returned bogus value"); 3429} 3430 3431bool CFGImplicitDtor::isNoReturn(ASTContext &astContext) const { 3432 if (const CXXDestructorDecl *DD = getDestructorDecl(astContext)) 3433 return DD->isNoReturn(); 3434 return false; 3435} 3436 3437//===----------------------------------------------------------------------===// 3438// Filtered walking of the CFG. 3439//===----------------------------------------------------------------------===// 3440 3441bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F, 3442 const CFGBlock *From, const CFGBlock *To) { 3443 3444 if (To && F.IgnoreDefaultsWithCoveredEnums) { 3445 // If the 'To' has no label or is labeled but the label isn't a 3446 // CaseStmt then filter this edge. 3447 if (const SwitchStmt *S = 3448 dyn_cast_or_null<SwitchStmt>(From->getTerminator().getStmt())) { 3449 if (S->isAllEnumCasesCovered()) { 3450 const Stmt *L = To->getLabel(); 3451 if (!L || !isa<CaseStmt>(L)) 3452 return true; 3453 } 3454 } 3455 } 3456 3457 return false; 3458} 3459 3460//===----------------------------------------------------------------------===// 3461// CFG pretty printing 3462//===----------------------------------------------------------------------===// 3463 3464namespace { 3465 3466class StmtPrinterHelper : public PrinterHelper { 3467 typedef llvm::DenseMap<const Stmt*,std::pair<unsigned,unsigned> > StmtMapTy; 3468 typedef llvm::DenseMap<const Decl*,std::pair<unsigned,unsigned> > DeclMapTy; 3469 StmtMapTy StmtMap; 3470 DeclMapTy DeclMap; 3471 signed currentBlock; 3472 unsigned currStmt; 3473 const LangOptions &LangOpts; 3474public: 3475 3476 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO) 3477 : currentBlock(0), currStmt(0), LangOpts(LO) 3478 { 3479 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) { 3480 unsigned j = 1; 3481 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ; 3482 BI != BEnd; ++BI, ++j ) { 3483 if (Optional<CFGStmt> SE = BI->getAs<CFGStmt>()) { 3484 const Stmt *stmt= SE->getStmt(); 3485 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j); 3486 StmtMap[stmt] = P; 3487 3488 switch (stmt->getStmtClass()) { 3489 case Stmt::DeclStmtClass: 3490 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P; 3491 break; 3492 case Stmt::IfStmtClass: { 3493 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable(); 3494 if (var) 3495 DeclMap[var] = P; 3496 break; 3497 } 3498 case Stmt::ForStmtClass: { 3499 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable(); 3500 if (var) 3501 DeclMap[var] = P; 3502 break; 3503 } 3504 case Stmt::WhileStmtClass: { 3505 const VarDecl *var = 3506 cast<WhileStmt>(stmt)->getConditionVariable(); 3507 if (var) 3508 DeclMap[var] = P; 3509 break; 3510 } 3511 case Stmt::SwitchStmtClass: { 3512 const VarDecl *var = 3513 cast<SwitchStmt>(stmt)->getConditionVariable(); 3514 if (var) 3515 DeclMap[var] = P; 3516 break; 3517 } 3518 case Stmt::CXXCatchStmtClass: { 3519 const VarDecl *var = 3520 cast<CXXCatchStmt>(stmt)->getExceptionDecl(); 3521 if (var) 3522 DeclMap[var] = P; 3523 break; 3524 } 3525 default: 3526 break; 3527 } 3528 } 3529 } 3530 } 3531 } 3532 3533 3534 virtual ~StmtPrinterHelper() {} 3535 3536 const LangOptions &getLangOpts() const { return LangOpts; } 3537 void setBlockID(signed i) { currentBlock = i; } 3538 void setStmtID(unsigned i) { currStmt = i; } 3539 3540 virtual bool handledStmt(Stmt *S, raw_ostream &OS) { 3541 StmtMapTy::iterator I = StmtMap.find(S); 3542 3543 if (I == StmtMap.end()) 3544 return false; 3545 3546 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3547 && I->second.second == currStmt) { 3548 return false; 3549 } 3550 3551 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3552 return true; 3553 } 3554 3555 bool handleDecl(const Decl *D, raw_ostream &OS) { 3556 DeclMapTy::iterator I = DeclMap.find(D); 3557 3558 if (I == DeclMap.end()) 3559 return false; 3560 3561 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock 3562 && I->second.second == currStmt) { 3563 return false; 3564 } 3565 3566 OS << "[B" << I->second.first << "." << I->second.second << "]"; 3567 return true; 3568 } 3569}; 3570} // end anonymous namespace 3571 3572 3573namespace { 3574class CFGBlockTerminatorPrint 3575 : public StmtVisitor<CFGBlockTerminatorPrint,void> { 3576 3577 raw_ostream &OS; 3578 StmtPrinterHelper* Helper; 3579 PrintingPolicy Policy; 3580public: 3581 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper, 3582 const PrintingPolicy &Policy) 3583 : OS(os), Helper(helper), Policy(Policy) {} 3584 3585 void VisitIfStmt(IfStmt *I) { 3586 OS << "if "; 3587 I->getCond()->printPretty(OS,Helper,Policy); 3588 } 3589 3590 // Default case. 3591 void VisitStmt(Stmt *Terminator) { 3592 Terminator->printPretty(OS, Helper, Policy); 3593 } 3594 3595 void VisitDeclStmt(DeclStmt *DS) { 3596 VarDecl *VD = cast<VarDecl>(DS->getSingleDecl()); 3597 OS << "static init " << VD->getName(); 3598 } 3599 3600 void VisitForStmt(ForStmt *F) { 3601 OS << "for (" ; 3602 if (F->getInit()) 3603 OS << "..."; 3604 OS << "; "; 3605 if (Stmt *C = F->getCond()) 3606 C->printPretty(OS, Helper, Policy); 3607 OS << "; "; 3608 if (F->getInc()) 3609 OS << "..."; 3610 OS << ")"; 3611 } 3612 3613 void VisitWhileStmt(WhileStmt *W) { 3614 OS << "while " ; 3615 if (Stmt *C = W->getCond()) 3616 C->printPretty(OS, Helper, Policy); 3617 } 3618 3619 void VisitDoStmt(DoStmt *D) { 3620 OS << "do ... while "; 3621 if (Stmt *C = D->getCond()) 3622 C->printPretty(OS, Helper, Policy); 3623 } 3624 3625 void VisitSwitchStmt(SwitchStmt *Terminator) { 3626 OS << "switch "; 3627 Terminator->getCond()->printPretty(OS, Helper, Policy); 3628 } 3629 3630 void VisitCXXTryStmt(CXXTryStmt *CS) { 3631 OS << "try ..."; 3632 } 3633 3634 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) { 3635 C->getCond()->printPretty(OS, Helper, Policy); 3636 OS << " ? ... : ..."; 3637 } 3638 3639 void VisitChooseExpr(ChooseExpr *C) { 3640 OS << "__builtin_choose_expr( "; 3641 C->getCond()->printPretty(OS, Helper, Policy); 3642 OS << " )"; 3643 } 3644 3645 void VisitIndirectGotoStmt(IndirectGotoStmt *I) { 3646 OS << "goto *"; 3647 I->getTarget()->printPretty(OS, Helper, Policy); 3648 } 3649 3650 void VisitBinaryOperator(BinaryOperator* B) { 3651 if (!B->isLogicalOp()) { 3652 VisitExpr(B); 3653 return; 3654 } 3655 3656 B->getLHS()->printPretty(OS, Helper, Policy); 3657 3658 switch (B->getOpcode()) { 3659 case BO_LOr: 3660 OS << " || ..."; 3661 return; 3662 case BO_LAnd: 3663 OS << " && ..."; 3664 return; 3665 default: 3666 llvm_unreachable("Invalid logical operator."); 3667 } 3668 } 3669 3670 void VisitExpr(Expr *E) { 3671 E->printPretty(OS, Helper, Policy); 3672 } 3673}; 3674} // end anonymous namespace 3675 3676static void print_elem(raw_ostream &OS, StmtPrinterHelper* Helper, 3677 const CFGElement &E) { 3678 if (Optional<CFGStmt> CS = E.getAs<CFGStmt>()) { 3679 const Stmt *S = CS->getStmt(); 3680 3681 if (Helper) { 3682 3683 // special printing for statement-expressions. 3684 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) { 3685 const CompoundStmt *Sub = SE->getSubStmt(); 3686 3687 if (Sub->children()) { 3688 OS << "({ ... ; "; 3689 Helper->handledStmt(*SE->getSubStmt()->body_rbegin(),OS); 3690 OS << " })\n"; 3691 return; 3692 } 3693 } 3694 // special printing for comma expressions. 3695 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) { 3696 if (B->getOpcode() == BO_Comma) { 3697 OS << "... , "; 3698 Helper->handledStmt(B->getRHS(),OS); 3699 OS << '\n'; 3700 return; 3701 } 3702 } 3703 } 3704 S->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts())); 3705 3706 if (isa<CXXOperatorCallExpr>(S)) { 3707 OS << " (OperatorCall)"; 3708 } 3709 else if (isa<CXXBindTemporaryExpr>(S)) { 3710 OS << " (BindTemporary)"; 3711 } 3712 else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) { 3713 OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")"; 3714 } 3715 else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) { 3716 OS << " (" << CE->getStmtClassName() << ", " 3717 << CE->getCastKindName() 3718 << ", " << CE->getType().getAsString() 3719 << ")"; 3720 } 3721 3722 // Expressions need a newline. 3723 if (isa<Expr>(S)) 3724 OS << '\n'; 3725 3726 } else if (Optional<CFGInitializer> IE = E.getAs<CFGInitializer>()) { 3727 const CXXCtorInitializer *I = IE->getInitializer(); 3728 if (I->isBaseInitializer()) 3729 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName(); 3730 else OS << I->getAnyMember()->getName(); 3731 3732 OS << "("; 3733 if (Expr *IE = I->getInit()) 3734 IE->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts())); 3735 OS << ")"; 3736 3737 if (I->isBaseInitializer()) 3738 OS << " (Base initializer)\n"; 3739 else OS << " (Member initializer)\n"; 3740 3741 } else if (Optional<CFGAutomaticObjDtor> DE = 3742 E.getAs<CFGAutomaticObjDtor>()) { 3743 const VarDecl *VD = DE->getVarDecl(); 3744 Helper->handleDecl(VD, OS); 3745 3746 const Type* T = VD->getType().getTypePtr(); 3747 if (const ReferenceType* RT = T->getAs<ReferenceType>()) 3748 T = RT->getPointeeType().getTypePtr(); 3749 T = T->getBaseElementTypeUnsafe(); 3750 3751 OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()"; 3752 OS << " (Implicit destructor)\n"; 3753 3754 } else if (Optional<CFGBaseDtor> BE = E.getAs<CFGBaseDtor>()) { 3755 const CXXBaseSpecifier *BS = BE->getBaseSpecifier(); 3756 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()"; 3757 OS << " (Base object destructor)\n"; 3758 3759 } else if (Optional<CFGMemberDtor> ME = E.getAs<CFGMemberDtor>()) { 3760 const FieldDecl *FD = ME->getFieldDecl(); 3761 const Type *T = FD->getType()->getBaseElementTypeUnsafe(); 3762 OS << "this->" << FD->getName(); 3763 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()"; 3764 OS << " (Member object destructor)\n"; 3765 3766 } else if (Optional<CFGTemporaryDtor> TE = E.getAs<CFGTemporaryDtor>()) { 3767 const CXXBindTemporaryExpr *BT = TE->getBindTemporaryExpr(); 3768 OS << "~"; 3769 BT->getType().print(OS, PrintingPolicy(Helper->getLangOpts())); 3770 OS << "() (Temporary object destructor)\n"; 3771 } 3772} 3773 3774static void print_block(raw_ostream &OS, const CFG* cfg, 3775 const CFGBlock &B, 3776 StmtPrinterHelper* Helper, bool print_edges, 3777 bool ShowColors) { 3778 3779 if (Helper) 3780 Helper->setBlockID(B.getBlockID()); 3781 3782 // Print the header. 3783 if (ShowColors) 3784 OS.changeColor(raw_ostream::YELLOW, true); 3785 3786 OS << "\n [B" << B.getBlockID(); 3787 3788 if (&B == &cfg->getEntry()) 3789 OS << " (ENTRY)]\n"; 3790 else if (&B == &cfg->getExit()) 3791 OS << " (EXIT)]\n"; 3792 else if (&B == cfg->getIndirectGotoBlock()) 3793 OS << " (INDIRECT GOTO DISPATCH)]\n"; 3794 else 3795 OS << "]\n"; 3796 3797 if (ShowColors) 3798 OS.resetColor(); 3799 3800 // Print the label of this block. 3801 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) { 3802 3803 if (print_edges) 3804 OS << " "; 3805 3806 if (LabelStmt *L = dyn_cast<LabelStmt>(Label)) 3807 OS << L->getName(); 3808 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) { 3809 OS << "case "; 3810 C->getLHS()->printPretty(OS, Helper, 3811 PrintingPolicy(Helper->getLangOpts())); 3812 if (C->getRHS()) { 3813 OS << " ... "; 3814 C->getRHS()->printPretty(OS, Helper, 3815 PrintingPolicy(Helper->getLangOpts())); 3816 } 3817 } else if (isa<DefaultStmt>(Label)) 3818 OS << "default"; 3819 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) { 3820 OS << "catch ("; 3821 if (CS->getExceptionDecl()) 3822 CS->getExceptionDecl()->print(OS, PrintingPolicy(Helper->getLangOpts()), 3823 0); 3824 else 3825 OS << "..."; 3826 OS << ")"; 3827 3828 } else 3829 llvm_unreachable("Invalid label statement in CFGBlock."); 3830 3831 OS << ":\n"; 3832 } 3833 3834 // Iterate through the statements in the block and print them. 3835 unsigned j = 1; 3836 3837 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ; 3838 I != E ; ++I, ++j ) { 3839 3840 // Print the statement # in the basic block and the statement itself. 3841 if (print_edges) 3842 OS << " "; 3843 3844 OS << llvm::format("%3d", j) << ": "; 3845 3846 if (Helper) 3847 Helper->setStmtID(j); 3848 3849 print_elem(OS, Helper, *I); 3850 } 3851 3852 // Print the terminator of this block. 3853 if (B.getTerminator()) { 3854 if (ShowColors) 3855 OS.changeColor(raw_ostream::GREEN); 3856 3857 OS << " T: "; 3858 3859 if (Helper) Helper->setBlockID(-1); 3860 3861 PrintingPolicy PP(Helper ? Helper->getLangOpts() : LangOptions()); 3862 CFGBlockTerminatorPrint TPrinter(OS, Helper, PP); 3863 TPrinter.Visit(const_cast<Stmt*>(B.getTerminator().getStmt())); 3864 OS << '\n'; 3865 3866 if (ShowColors) 3867 OS.resetColor(); 3868 } 3869 3870 if (print_edges) { 3871 // Print the predecessors of this block. 3872 if (!B.pred_empty()) { 3873 const raw_ostream::Colors Color = raw_ostream::BLUE; 3874 if (ShowColors) 3875 OS.changeColor(Color); 3876 OS << " Preds " ; 3877 if (ShowColors) 3878 OS.resetColor(); 3879 OS << '(' << B.pred_size() << "):"; 3880 unsigned i = 0; 3881 3882 if (ShowColors) 3883 OS.changeColor(Color); 3884 3885 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end(); 3886 I != E; ++I, ++i) { 3887 3888 if (i % 10 == 8) 3889 OS << "\n "; 3890 3891 OS << " B" << (*I)->getBlockID(); 3892 } 3893 3894 if (ShowColors) 3895 OS.resetColor(); 3896 3897 OS << '\n'; 3898 } 3899 3900 // Print the successors of this block. 3901 if (!B.succ_empty()) { 3902 const raw_ostream::Colors Color = raw_ostream::MAGENTA; 3903 if (ShowColors) 3904 OS.changeColor(Color); 3905 OS << " Succs "; 3906 if (ShowColors) 3907 OS.resetColor(); 3908 OS << '(' << B.succ_size() << "):"; 3909 unsigned i = 0; 3910 3911 if (ShowColors) 3912 OS.changeColor(Color); 3913 3914 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end(); 3915 I != E; ++I, ++i) { 3916 3917 if (i % 10 == 8) 3918 OS << "\n "; 3919 3920 if (*I) 3921 OS << " B" << (*I)->getBlockID(); 3922 else 3923 OS << " NULL"; 3924 } 3925 3926 if (ShowColors) 3927 OS.resetColor(); 3928 OS << '\n'; 3929 } 3930 } 3931} 3932 3933 3934/// dump - A simple pretty printer of a CFG that outputs to stderr. 3935void CFG::dump(const LangOptions &LO, bool ShowColors) const { 3936 print(llvm::errs(), LO, ShowColors); 3937} 3938 3939/// print - A simple pretty printer of a CFG that outputs to an ostream. 3940void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const { 3941 StmtPrinterHelper Helper(this, LO); 3942 3943 // Print the entry block. 3944 print_block(OS, this, getEntry(), &Helper, true, ShowColors); 3945 3946 // Iterate through the CFGBlocks and print them one by one. 3947 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) { 3948 // Skip the entry block, because we already printed it. 3949 if (&(**I) == &getEntry() || &(**I) == &getExit()) 3950 continue; 3951 3952 print_block(OS, this, **I, &Helper, true, ShowColors); 3953 } 3954 3955 // Print the exit block. 3956 print_block(OS, this, getExit(), &Helper, true, ShowColors); 3957 OS << '\n'; 3958 OS.flush(); 3959} 3960 3961/// dump - A simply pretty printer of a CFGBlock that outputs to stderr. 3962void CFGBlock::dump(const CFG* cfg, const LangOptions &LO, 3963 bool ShowColors) const { 3964 print(llvm::errs(), cfg, LO, ShowColors); 3965} 3966 3967/// print - A simple pretty printer of a CFGBlock that outputs to an ostream. 3968/// Generally this will only be called from CFG::print. 3969void CFGBlock::print(raw_ostream &OS, const CFG* cfg, 3970 const LangOptions &LO, bool ShowColors) const { 3971 StmtPrinterHelper Helper(cfg, LO); 3972 print_block(OS, cfg, *this, &Helper, true, ShowColors); 3973 OS << '\n'; 3974} 3975 3976/// printTerminator - A simple pretty printer of the terminator of a CFGBlock. 3977void CFGBlock::printTerminator(raw_ostream &OS, 3978 const LangOptions &LO) const { 3979 CFGBlockTerminatorPrint TPrinter(OS, NULL, PrintingPolicy(LO)); 3980 TPrinter.Visit(const_cast<Stmt*>(getTerminator().getStmt())); 3981} 3982 3983Stmt *CFGBlock::getTerminatorCondition() { 3984 Stmt *Terminator = this->Terminator; 3985 if (!Terminator) 3986 return NULL; 3987 3988 Expr *E = NULL; 3989 3990 switch (Terminator->getStmtClass()) { 3991 default: 3992 break; 3993 3994 case Stmt::CXXForRangeStmtClass: 3995 E = cast<CXXForRangeStmt>(Terminator)->getCond(); 3996 break; 3997 3998 case Stmt::ForStmtClass: 3999 E = cast<ForStmt>(Terminator)->getCond(); 4000 break; 4001 4002 case Stmt::WhileStmtClass: 4003 E = cast<WhileStmt>(Terminator)->getCond(); 4004 break; 4005 4006 case Stmt::DoStmtClass: 4007 E = cast<DoStmt>(Terminator)->getCond(); 4008 break; 4009 4010 case Stmt::IfStmtClass: 4011 E = cast<IfStmt>(Terminator)->getCond(); 4012 break; 4013 4014 case Stmt::ChooseExprClass: 4015 E = cast<ChooseExpr>(Terminator)->getCond(); 4016 break; 4017 4018 case Stmt::IndirectGotoStmtClass: 4019 E = cast<IndirectGotoStmt>(Terminator)->getTarget(); 4020 break; 4021 4022 case Stmt::SwitchStmtClass: 4023 E = cast<SwitchStmt>(Terminator)->getCond(); 4024 break; 4025 4026 case Stmt::BinaryConditionalOperatorClass: 4027 E = cast<BinaryConditionalOperator>(Terminator)->getCond(); 4028 break; 4029 4030 case Stmt::ConditionalOperatorClass: 4031 E = cast<ConditionalOperator>(Terminator)->getCond(); 4032 break; 4033 4034 case Stmt::BinaryOperatorClass: // '&&' and '||' 4035 E = cast<BinaryOperator>(Terminator)->getLHS(); 4036 break; 4037 4038 case Stmt::ObjCForCollectionStmtClass: 4039 return Terminator; 4040 } 4041 4042 return E ? E->IgnoreParens() : NULL; 4043} 4044 4045//===----------------------------------------------------------------------===// 4046// CFG Graphviz Visualization 4047//===----------------------------------------------------------------------===// 4048 4049 4050#ifndef NDEBUG 4051static StmtPrinterHelper* GraphHelper; 4052#endif 4053 4054void CFG::viewCFG(const LangOptions &LO) const { 4055#ifndef NDEBUG 4056 StmtPrinterHelper H(this, LO); 4057 GraphHelper = &H; 4058 llvm::ViewGraph(this,"CFG"); 4059 GraphHelper = NULL; 4060#endif 4061} 4062 4063namespace llvm { 4064template<> 4065struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits { 4066 4067 DOTGraphTraits (bool isSimple=false) : DefaultDOTGraphTraits(isSimple) {} 4068 4069 static std::string getNodeLabel(const CFGBlock *Node, const CFG* Graph) { 4070 4071#ifndef NDEBUG 4072 std::string OutSStr; 4073 llvm::raw_string_ostream Out(OutSStr); 4074 print_block(Out,Graph, *Node, GraphHelper, false, false); 4075 std::string& OutStr = Out.str(); 4076 4077 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin()); 4078 4079 // Process string output to make it nicer... 4080 for (unsigned i = 0; i != OutStr.length(); ++i) 4081 if (OutStr[i] == '\n') { // Left justify 4082 OutStr[i] = '\\'; 4083 OutStr.insert(OutStr.begin()+i+1, 'l'); 4084 } 4085 4086 return OutStr; 4087#else 4088 return ""; 4089#endif 4090 } 4091}; 4092} // end namespace llvm 4093