Newer
Older
//===-- GRConstants.cpp - Simple, Path-Sens. Constant Prop. ------*- C++ -*-==//
//
Ted Kremenek
committed
// The LLValM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// Constant Propagation via Graph Reachability
//
// This files defines a simple analysis that performs path-sensitive
// constant propagation within a function. An example use of this analysis
// is to perform simple checks for NULL dereferences.
//
//===----------------------------------------------------------------------===//
#include "clang/Analysis/PathSensitive/GREngine.h"
#include "clang/AST/Expr.h"
#include "clang/AST/ASTContext.h"
#include "clang/Analysis/Analyses/LiveVariables.h"
#include "llvm/Support/Casting.h"
#include "llvm/Support/DataTypes.h"
#include "llvm/ADT/APSInt.h"
#include "llvm/ADT/FoldingSet.h"
#include "llvm/ADT/ImmutableMap.h"
#include "llvm/ADT/SmallVector.h"
Ted Kremenek
committed
#include "llvm/Support/Allocator.h"
#include "llvm/Support/Compiler.h"
Ted Kremenek
committed
#include "llvm/Support/Streams.h"
#ifndef NDEBUG
#include "llvm/Support/GraphWriter.h"
#include <sstream>
#endif
using namespace clang;
using llvm::dyn_cast;
using llvm::cast;
//===----------------------------------------------------------------------===//
Ted Kremenek
committed
/// ValueKey - A variant smart pointer that wraps either a ValueDecl* or a
/// Stmt*. Use cast<> or dyn_cast<> to get actual pointer type
//===----------------------------------------------------------------------===//
namespace {
Ted Kremenek
committed
class VISIBILITY_HIDDEN ValueKey {
public:
enum Kind { IsSubExp=0x0, IsBlkExpr=0x1, IsDecl=0x2, Flags=0x3 };
inline void* getPtr() const { return reinterpret_cast<void*>(Raw & ~Flags); }
Ted Kremenek
committed
inline Kind getKind() const { return (Kind) (Raw & Flags); }
Ted Kremenek
committed
ValueKey(const ValueDecl* VD)
: Raw(reinterpret_cast<uintptr_t>(VD) | IsDecl) {}
ValueKey(Stmt* S, bool isBlkExpr = false)
Ted Kremenek
committed
: Raw(reinterpret_cast<uintptr_t>(S) | (isBlkExpr ? IsBlkExpr : IsSubExp)){}
bool isSubExpr() const { return getKind() == IsSubExp; }
Ted Kremenek
committed
bool isDecl() const { return getKind() == IsDecl; }
inline void Profile(llvm::FoldingSetNodeID& ID) const {
ID.AddPointer(getPtr());
ID.AddInteger((unsigned) getKind());
Ted Kremenek
committed
}
inline bool operator==(const ValueKey& X) const {
return getPtr() == X.getPtr();
Ted Kremenek
committed
}
inline bool operator!=(const ValueKey& X) const {
return !operator==(X);
}
inline bool operator<(const ValueKey& X) const {
Kind k = getKind(), Xk = X.getKind();
if (k == IsDecl) {
if (Xk != IsDecl)
return false;
}
else {
if (Xk == IsDecl)
return true;
}
Ted Kremenek
committed
return getPtr() < X.getPtr();
};
} // end anonymous namespace
Ted Kremenek
committed
// Machinery to get cast<> and dyn_cast<> working with ValueKey.
namespace llvm {
Ted Kremenek
committed
template<> inline bool isa<ValueDecl,ValueKey>(const ValueKey& V) {
return V.getKind() == ValueKey::IsDecl;
Ted Kremenek
committed
template<> inline bool isa<Stmt,ValueKey>(const ValueKey& V) {
return ((unsigned) V.getKind()) != ValueKey::IsDecl;
Ted Kremenek
committed
template<> struct VISIBILITY_HIDDEN cast_retty_impl<ValueDecl,ValueKey> {
typedef const ValueDecl* ret_type;
Ted Kremenek
committed
template<> struct VISIBILITY_HIDDEN cast_retty_impl<Stmt,ValueKey> {
typedef const Stmt* ret_type;
};
Ted Kremenek
committed
template<> struct VISIBILITY_HIDDEN simplify_type<ValueKey> {
typedef void* SimpleType;
Ted Kremenek
committed
static inline SimpleType getSimplifiedValue(const ValueKey &V) {
return V.getPtr();
}
};
} // end llvm namespace
//===----------------------------------------------------------------------===//
Ted Kremenek
committed
// ValueManager.
//===----------------------------------------------------------------------===//
Ted Kremenek
committed
namespace {
typedef llvm::ImmutableSet<llvm::APSInt > APSIntSetTy;
class VISIBILITY_HIDDEN ValueManager {
APSIntSetTy::Factory APSIntSetFactory;
ASTContext* Ctx;
Ted Kremenek
committed
public:
ValueManager() {}
~ValueManager() {}
void setContext(ASTContext* ctx) { Ctx = ctx; }
ASTContext* getContext() const { return Ctx; }
Ted Kremenek
committed
APSIntSetTy GetEmptyAPSIntSet() {
return APSIntSetFactory.GetEmptySet();
}
APSIntSetTy AddToSet(const APSIntSetTy& Set, const llvm::APSInt& Val) {
return APSIntSetFactory.Add(Set, Val);
}
};
} // end anonymous namespace
Ted Kremenek
committed
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
//===----------------------------------------------------------------------===//
// Expression Values.
//===----------------------------------------------------------------------===//
namespace {
class VISIBILITY_HIDDEN ExprValue {
public:
enum Kind { // L-Values.
LValueDeclKind = 0x0,
// Special "Invalid" value.
InvalidValueKind = 0x1,
// R-Values.
RValueMayEqualSetKind = 0x2,
// Note that the Lvalue and RValue "kinds" overlap;
// the "InvalidValue" class can be used either as
// an LValue or RValue.
MinLValueKind = 0x0, MaxLValueKind = 0x1,
MinRValueKind = 0x1, MaxRValueKind = 0x2 };
private:
enum Kind kind;
void* Data;
protected:
ExprValue(Kind k, void* d) : kind(k), Data(d) {}
void* getRawPtr() const { return Data; }
public:
~ExprValue() {};
ExprValue EvalCast(ValueManager& ValMgr, Expr* CastExpr) const;
Ted Kremenek
committed
void Profile(llvm::FoldingSetNodeID& ID) const {
ID.AddInteger((unsigned) getKind());
ID.AddPointer(Data);
}
bool operator==(const ExprValue& RHS) const {
return kind == RHS.kind && Data == RHS.Data;
Ted Kremenek
committed
Kind getKind() const { return kind; }
bool isValid() const { return getKind() != InvalidValueKind; }
void print(std::ostream& OS) const;
void print() const { print(*llvm::cerr.stream()); }
// Implement isa<T> support.
static inline bool classof(const ExprValue*) { return true; }
};
class VISIBILITY_HIDDEN InvalidValue : public ExprValue {
public:
InvalidValue() : ExprValue(InvalidValueKind, NULL) {}
static inline bool classof(const ExprValue* V) {
return V->getKind() == InvalidValueKind;
}
Ted Kremenek
committed
} // end anonymous namespace
//===----------------------------------------------------------------------===//
Ted Kremenek
committed
// "R-Values": Interface.
//===----------------------------------------------------------------------===//
namespace {
Ted Kremenek
committed
class VISIBILITY_HIDDEN RValue : public ExprValue {
protected:
RValue(Kind k, void* d) : ExprValue(k,d) {}
public:
RValue EvalAdd(ValueManager& ValMgr, const RValue& RHS) const;
RValue EvalSub(ValueManager& ValMgr, const RValue& RHS) const;
RValue EvalMul(ValueManager& ValMgr, const RValue& RHS) const;
RValue EvalMinus(ValueManager& ValMgr, UnaryOperator* U) const;
Ted Kremenek
committed
static RValue GetRValue(ValueManager& ValMgr, const llvm::APSInt& V);
static RValue GetRValue(ValueManager& ValMgr, IntegerLiteral* I);
Ted Kremenek
committed
// Implement isa<T> support.
static inline bool classof(const ExprValue* V) {
return V->getKind() >= MinRValueKind;
}
};
class VISIBILITY_HIDDEN RValueMayEqualSet : public RValue {
public:
RValueMayEqualSet(const APSIntSetTy& S)
: RValue(RValueMayEqualSetKind, S.getRoot()) {}
APSIntSetTy GetValues() const {
return APSIntSetTy(reinterpret_cast<APSIntSetTy::TreeTy*>(getRawPtr()));
}
RValueMayEqualSet EvalAdd(ValueManager& ValMgr,
const RValueMayEqualSet& V) const;
RValueMayEqualSet EvalSub(ValueManager& ValMgr,
const RValueMayEqualSet& V) const;
RValueMayEqualSet EvalMul(ValueManager& ValMgr,
const RValueMayEqualSet& V) const;
RValueMayEqualSet EvalCast(ValueManager& ValMgr, Expr* CastExpr) const;
RValueMayEqualSet EvalMinus(ValueManager& ValMgr, UnaryOperator* U) const;
Ted Kremenek
committed
// Implement isa<T> support.
static inline bool classof(const ExprValue* V) {
return V->getKind() == RValueMayEqualSetKind;
Ted Kremenek
committed
};
} // end anonymous namespace
//===----------------------------------------------------------------------===//
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
// Transfer functions: Casts.
//===----------------------------------------------------------------------===//
ExprValue ExprValue::EvalCast(ValueManager& ValMgr, Expr* CastExpr) const {
switch (getKind()) {
case RValueMayEqualSetKind:
return cast<RValueMayEqualSet>(this)->EvalCast(ValMgr, CastExpr);
default:
return InvalidValue();
}
}
RValueMayEqualSet
RValueMayEqualSet::EvalCast(ValueManager& ValMgr, Expr* CastExpr) const {
QualType T = CastExpr->getType();
assert (T->isIntegerType());
APSIntSetTy S1 = GetValues();
APSIntSetTy S2 = ValMgr.GetEmptyAPSIntSet();
for (APSIntSetTy::iterator I=S1.begin(), E=S1.end(); I!=E; ++I) {
llvm::APSInt X = *I;
X.setIsSigned(T->isSignedIntegerType());
X.extOrTrunc(ValMgr.getContext()->getTypeSize(T,CastExpr->getLocStart()));
S2 = ValMgr.AddToSet(S2, X);
}
return S2;
}
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
//===----------------------------------------------------------------------===//
// Transfer functions: Unary Operations over R-Values.
//===----------------------------------------------------------------------===//
RValue RValue::EvalMinus(ValueManager& ValMgr, UnaryOperator* U) const {
switch (getKind()) {
case RValueMayEqualSetKind:
return cast<RValueMayEqualSet>(this)->EvalMinus(ValMgr, U);
default:
return cast<RValue>(InvalidValue());
}
}
RValueMayEqualSet
RValueMayEqualSet::EvalMinus(ValueManager& ValMgr, UnaryOperator* U) const {
assert (U->getType() == U->getSubExpr()->getType());
assert (U->getType()->isIntegerType());
APSIntSetTy S1 = GetValues();
APSIntSetTy S2 = ValMgr.GetEmptyAPSIntSet();
for (APSIntSetTy::iterator I=S1.begin(), E=S1.end(); I!=E; ++I) {
assert ((*I).isSigned());
// FIXME: Shouldn't operator- on APSInt return an APSInt with the proper
// sign?
llvm::APSInt X(-(*I));
X.setIsSigned(true);
S2 = ValMgr.AddToSet(S2, X);
}
return S2;
}
//===----------------------------------------------------------------------===//
// Transfer functions: Binary Operations over R-Values.
Ted Kremenek
committed
//===----------------------------------------------------------------------===//
#define RVALUE_DISPATCH_CASE(k1,k2,Op)\
case ((k1##Kind+(MaxRValueKind-MinRValueKind))+(k2##Kind - MinRValueKind)):\
return cast<k1>(*this).Eval##Op(ValMgr,cast<k2>(RHS));
Ted Kremenek
committed
#define RVALUE_DISPATCH(Op)\
switch (getKind()+(MaxRValueKind-MinRValueKind)+(RHS.getKind()-MinRValueKind)){\
RVALUE_DISPATCH_CASE(RValueMayEqualSet,RValueMayEqualSet,Op)\
default:\
assert (!isValid() || !RHS.isValid() && "Missing case.");\
break;\
}\
return cast<RValue>(InvalidValue());
RValue RValue::EvalAdd(ValueManager& ValMgr, const RValue& RHS) const {
Ted Kremenek
committed
RVALUE_DISPATCH(Add)
}
RValue RValue::EvalSub(ValueManager& ValMgr, const RValue& RHS) const {
Ted Kremenek
committed
RVALUE_DISPATCH(Sub)
}
RValue RValue::EvalMul(ValueManager& ValMgr, const RValue& RHS) const {
RVALUE_DISPATCH(Mul)
}
Ted Kremenek
committed
#undef RVALUE_DISPATCH_CASE
#undef RVALUE_DISPATCH
RValueMayEqualSet
RValueMayEqualSet::EvalAdd(ValueManager& ValMgr,
const RValueMayEqualSet& RHS) const {
Ted Kremenek
committed
APSIntSetTy S1 = GetValues();
APSIntSetTy S2 = RHS.GetValues();
APSIntSetTy M = ValMgr.GetEmptyAPSIntSet();
for (APSIntSetTy::iterator I1=S1.begin(), E1=S2.end(); I1!=E1; ++I1)
for (APSIntSetTy::iterator I2=S2.begin(), E2=S2.end(); I2!=E2; ++I2) {
// FIXME: operator- on APSInt is really operator* on APInt, which loses
// the "signess" information (although the bits are correct).
const llvm::APSInt& X = *I1;
llvm::APSInt Y = X + *I2;
Y.setIsSigned(X.isSigned());
M = ValMgr.AddToSet(M, Y);
}
Ted Kremenek
committed
return M;
}
RValueMayEqualSet
RValueMayEqualSet::EvalSub(ValueManager& ValMgr,
const RValueMayEqualSet& RHS) const {
Ted Kremenek
committed
APSIntSetTy S1 = GetValues();
APSIntSetTy S2 = RHS.GetValues();
APSIntSetTy M = ValMgr.GetEmptyAPSIntSet();
for (APSIntSetTy::iterator I1=S1.begin(), E1=S2.end(); I1!=E1; ++I1)
for (APSIntSetTy::iterator I2=S2.begin(), E2=S2.end(); I2!=E2; ++I2) {
// FIXME: operator- on APSInt is really operator* on APInt, which loses
// the "signess" information (although the bits are correct).
const llvm::APSInt& X = *I1;
llvm::APSInt Y = X - *I2;
Y.setIsSigned(X.isSigned());
M = ValMgr.AddToSet(M, Y);
}
Ted Kremenek
committed
return M;
}
RValueMayEqualSet::EvalMul(ValueManager& ValMgr,
const RValueMayEqualSet& RHS) const {
APSIntSetTy S1 = GetValues();
APSIntSetTy S2 = RHS.GetValues();
APSIntSetTy M = ValMgr.GetEmptyAPSIntSet();
for (APSIntSetTy::iterator I1=S1.begin(), E1=S2.end(); I1!=E1; ++I1)
for (APSIntSetTy::iterator I2=S2.begin(), E2=S2.end(); I2!=E2; ++I2) {
// FIXME: operator* on APSInt is really operator* on APInt, which loses
// the "signess" information (although the bits are correct).
const llvm::APSInt& X = *I1;
llvm::APSInt Y = X * *I2;
Y.setIsSigned(X.isSigned());
M = ValMgr.AddToSet(M, Y);
}
return M;
}
RValue RValue::GetRValue(ValueManager& ValMgr, const llvm::APSInt& V) {
return RValueMayEqualSet(ValMgr.AddToSet(ValMgr.GetEmptyAPSIntSet(), V));
}
RValue RValue::GetRValue(ValueManager& ValMgr, IntegerLiteral* I) {
llvm::APSInt X(I->getValue());
X.setIsSigned(I->getType()->isSignedIntegerType());
return GetRValue(ValMgr, X);
}
Ted Kremenek
committed
//===----------------------------------------------------------------------===//
// "L-Values".
//===----------------------------------------------------------------------===//
namespace {
Ted Kremenek
committed
class VISIBILITY_HIDDEN LValue : public ExprValue {
protected:
LValue(Kind k, void* D) : ExprValue(k, D) {}
public:
// Implement isa<T> support.
static inline bool classof(const ExprValue* V) {
return V->getKind() <= MaxLValueKind;
}
Ted Kremenek
committed
class VISIBILITY_HIDDEN LValueDecl : public LValue {
public:
LValueDecl(ValueDecl* vd) : LValue(LValueDeclKind,vd) {}
ValueDecl* getDecl() const {
return static_cast<ValueDecl*>(getRawPtr());
}
// Implement isa<T> support.
static inline bool classof(const ExprValue* V) {
return V->getKind() == LValueDeclKind;
}
};
} // end anonymous namespace
Ted Kremenek
committed
//===----------------------------------------------------------------------===//
// Pretty-Printing.
//===----------------------------------------------------------------------===//
void ExprValue::print(std::ostream& Out) const {
switch (getKind()) {
case InvalidValueKind:
Out << "Invalid"; break;
case RValueMayEqualSetKind: {
APSIntSetTy S = cast<RValueMayEqualSet>(this)->GetValues();
Ted Kremenek
committed
bool first = true;
Ted Kremenek
committed
Ted Kremenek
committed
for (APSIntSetTy::iterator I=S.begin(), E=S.end(); I!=E; ++I) {
if (first) first = false;
else Out << " | ";
Out << (*I).toString();
}
Ted Kremenek
committed
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
break;
}
default:
assert (false && "Pretty-printed not implemented for this ExprValue.");
break;
}
}
//===----------------------------------------------------------------------===//
// ValueMapTy - A ImmutableMap type Stmt*/Decl* to ExprValues.
//===----------------------------------------------------------------------===//
typedef llvm::ImmutableMap<ValueKey,ExprValue> ValueMapTy;
namespace clang {
template<>
struct VISIBILITY_HIDDEN GRTrait<ValueMapTy> {
static inline void* toPtr(ValueMapTy M) {
return reinterpret_cast<void*>(M.getRoot());
}
static inline ValueMapTy toState(void* P) {
return ValueMapTy(static_cast<ValueMapTy::TreeTy*>(P));
}
};
}
//===----------------------------------------------------------------------===//
// The Checker!
//===----------------------------------------------------------------------===//
namespace {
Ted Kremenek
committed
class VISIBILITY_HIDDEN GRConstants {
public:
Ted Kremenek
committed
typedef ValueMapTy StateTy;
typedef GRNodeBuilder<GRConstants> NodeBuilder;
typedef ExplodedNode<StateTy> NodeTy;
Ted Kremenek
committed
class NodeSet {
typedef llvm::SmallVector<NodeTy*,3> ImplTy;
ImplTy Impl;
public:
NodeSet() {}
NodeSet(NodeTy* N) { assert (N && !N->isInfeasible()); Impl.push_back(N); }
void Add(NodeTy* N) { if (N && !N->isInfeasible()) Impl.push_back(N); }
typedef ImplTy::iterator iterator;
typedef ImplTy::const_iterator const_iterator;
unsigned size() const { return Impl.size(); }
iterator begin() { return Impl.begin(); }
iterator end() { return Impl.end(); }
const_iterator begin() const { return Impl.begin(); }
const_iterator end() const { return Impl.end(); }
};
protected:
Ted Kremenek
committed
/// Liveness - live-variables information the ValueDecl* and block-level
/// Expr* in the CFG. Used to prune out dead state.
LiveVariables* Liveness;
Ted Kremenek
committed
/// Builder - The current GRNodeBuilder which is used when building the nodes
/// for a given statement.
NodeBuilder* Builder;
Ted Kremenek
committed
/// StateMgr - Object that manages the data for all created states.
ValueMapTy::Factory StateMgr;
/// ValueMgr - Object that manages the data for all created ExprValues.
ValueManager ValMgr;
Ted Kremenek
committed
/// cfg - the current CFG.
CFG* cfg;
Ted Kremenek
committed
/// StmtEntryNode - The immediate predecessor node.
NodeTy* StmtEntryNode;
/// CurrentStmt - The current block-level statement.
Stmt* CurrentStmt;
bool StateCleaned;
ASTContext* getContext() const { return ValMgr.getContext(); }
public:
Ted Kremenek
committed
GRConstants() : Liveness(NULL), Builder(NULL), cfg(NULL),
StmtEntryNode(NULL), CurrentStmt(NULL) {}
~GRConstants() { delete Liveness; }
Ted Kremenek
committed
/// getCFG - Returns the CFG associated with this analysis.
CFG& getCFG() { assert (cfg); return *cfg; }
Ted Kremenek
committed
/// Initialize - Initialize the checker's state based on the specified
/// CFG. This results in liveness information being computed for
/// each block-level statement in the CFG.
void Initialize(CFG& c, ASTContext& ctx) {
cfg = &c;
ValMgr.setContext(&ctx);
Liveness = new LiveVariables(c);
Liveness->runOnCFG(c);
Liveness->runOnAllBlocks(c, NULL, true);
Ted Kremenek
committed
/// getInitialState - Return the initial state used for the root vertex
/// in the ExplodedGraph.
StateTy getInitialState() {
return StateMgr.GetEmptyMap();
Ted Kremenek
committed
/// ProcessStmt - Called by GREngine. Used to generate new successor
/// nodes by processing the 'effects' of a block-level statement.
void ProcessStmt(Stmt* S, NodeBuilder& builder);
Ted Kremenek
committed
/// RemoveDeadBindings - Return a new state that is the same as 'M' except
/// that all subexpression mappings are removed and that any
/// block-level expressions that are not live at 'S' also have their
/// mappings removed.
StateTy RemoveDeadBindings(Stmt* S, StateTy M);
Ted Kremenek
committed
StateTy SetValue(StateTy St, Stmt* S, const ExprValue& V);
Ted Kremenek
committed
StateTy SetValue(StateTy St, const LValue& LV, const ExprValue& V);
Ted Kremenek
committed
ExprValue GetValue(const StateTy& St, Stmt* S);
ExprValue GetValue(const StateTy& St, const LValue& LV);
LValue GetLValue(const StateTy& St, Stmt* S);
Ted Kremenek
committed
void Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred, StateTy St);
Ted Kremenek
committed
/// Visit - Transfer function logic for all statements. Dispatches to
/// other functions that handle specific kinds of statements.
void Visit(Stmt* S, NodeTy* Pred, NodeSet& Dst);
/// VisitCast - Transfer function logic for all casts (implicit and explicit).
void VisitCast(Expr* CastE, Expr* E, NodeTy* Pred, NodeSet& Dst);
Ted Kremenek
committed
/// VisitUnaryOperator - Transfer function logic for unary operators.
void VisitUnaryOperator(UnaryOperator* B, NodeTy* Pred, NodeSet& Dst);
Ted Kremenek
committed
/// VisitBinaryOperator - Transfer function logic for binary operators.
void VisitBinaryOperator(BinaryOperator* B, NodeTy* Pred, NodeSet& Dst);
};
} // end anonymous namespace
Ted Kremenek
committed
void GRConstants::ProcessStmt(Stmt* S, NodeBuilder& builder) {
Builder = &builder;
Ted Kremenek
committed
StmtEntryNode = builder.getLastNode();
CurrentStmt = S;
NodeSet Dst;
StateCleaned = false;
Visit(S, StmtEntryNode, Dst);
// If no nodes were generated, generate a new node that has all the
// dead mappings removed.
if (Dst.size() == 1 && *Dst.begin() == StmtEntryNode) {
StateTy St = RemoveDeadBindings(S, StmtEntryNode->getState());
builder.generateNode(S, St, StmtEntryNode);
}
Ted Kremenek
committed
CurrentStmt = NULL;
StmtEntryNode = NULL;
Builder = NULL;
Ted Kremenek
committed
ExprValue GRConstants::GetValue(const StateTy& St, const LValue& LV) {
switch (LV.getKind()) {
case ExprValue::LValueDeclKind: {
StateTy::TreeTy* T = St.SlimFind(cast<LValueDecl>(LV).getDecl());
return T ? T->getValue().second : InvalidValue();
}
default:
assert (false && "Invalid LValue.");
break;
}
Ted Kremenek
committed
return InvalidValue();
}
ExprValue GRConstants::GetValue(const StateTy& St, Stmt* S) {
for (;;) {
switch (S->getStmtClass()) {
case Stmt::ParenExprClass:
S = cast<ParenExpr>(S)->getSubExpr();
continue;
case Stmt::DeclRefExprClass:
return GetValue(St, LValueDecl(cast<DeclRefExpr>(S)->getDecl()));
case Stmt::IntegerLiteralClass:
return RValue::GetRValue(ValMgr, cast<IntegerLiteral>(S));
case Stmt::ImplicitCastExprClass: {
ImplicitCastExpr* C = cast<ImplicitCastExpr>(S);
if (C->getType() == C->getSubExpr()->getType()) {
S = C->getSubExpr();
continue;
}
break;
}
case Stmt::CastExprClass: {
CastExpr* C = cast<CastExpr>(S);
if (C->getType() == C->getSubExpr()->getType()) {
S = C->getSubExpr();
continue;
}
break;
}
default:
break;
};
break;
}
StateTy::TreeTy* T = St.SlimFind(S);
Ted Kremenek
committed
return T ? T->getValue().second : InvalidValue();
Ted Kremenek
committed
LValue GRConstants::GetLValue(const StateTy& St, Stmt* S) {
if (Expr* E = dyn_cast<Expr>(S))
S = E->IgnoreParens();
if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(S))
return LValueDecl(DR->getDecl());
return cast<LValue>(GetValue(St, S));
Ted Kremenek
committed
GRConstants::StateTy GRConstants::SetValue(StateTy St, Stmt* S,
Ted Kremenek
committed
const ExprValue& V) {
Ted Kremenek
committed
if (!StateCleaned) {
St = RemoveDeadBindings(CurrentStmt, St);
StateCleaned = true;
}
Ted Kremenek
committed
bool isBlkExpr = S == CurrentStmt && getCFG().isBlkExpr(S);
Ted Kremenek
committed
return V.isValid() ? StateMgr.Add(St, ValueKey(S,isBlkExpr), V)
: St;
Ted Kremenek
committed
GRConstants::StateTy GRConstants::SetValue(StateTy St, const LValue& LV,
const ExprValue& V) {
if (!LV.isValid())
return St;
if (!StateCleaned) {
St = RemoveDeadBindings(CurrentStmt, St);
StateCleaned = true;
}
switch (LV.getKind()) {
case ExprValue::LValueDeclKind:
return V.isValid() ? StateMgr.Add(St, cast<LValueDecl>(LV).getDecl(), V)
: StateMgr.Remove(St, cast<LValueDecl>(LV).getDecl());
default:
assert ("SetValue for given LValue type not yet implemented.");
return St;
}
Ted Kremenek
committed
GRConstants::StateTy GRConstants::RemoveDeadBindings(Stmt* Loc, StateTy M) {
// Note: in the code below, we can assign a new map to M since the
// iterators are iterating over the tree of the *original* map.
StateTy::iterator I = M.begin(), E = M.end();
// Remove old bindings for subexpressions and "dead" block-level expressions.
for (; I!=E && !I.getKey().isDecl(); ++I) {
if (I.getKey().isSubExpr() || !Liveness->isLive(Loc,cast<Stmt>(I.getKey())))
M = StateMgr.Remove(M, I.getKey());
}
Ted Kremenek
committed
// Remove bindings for "dead" decls.
for (; I!=E ; ++I) {
assert (I.getKey().isDecl());
Ted Kremenek
committed
if (VarDecl* V = dyn_cast<VarDecl>(cast<ValueDecl>(I.getKey())))
if (!Liveness->isLive(Loc, V))
M = StateMgr.Remove(M, I.getKey());
return M;
}
Ted Kremenek
committed
void GRConstants::Nodify(NodeSet& Dst, Stmt* S, GRConstants::NodeTy* Pred,
GRConstants::StateTy St) {
// If the state hasn't changed, don't generate a new node.
if (St == Pred->getState())
return;
Ted Kremenek
committed
Dst.Add(Builder->generateNode(S, St, Pred));
}
void GRConstants::VisitCast(Expr* CastE, Expr* E, GRConstants::NodeTy* Pred,
GRConstants::NodeSet& Dst) {
QualType T = CastE->getType();
// Check for redundant casts.
if (E->getType() == T) {
Dst.Add(Pred);
return;
}
NodeSet S1;
Visit(E, Pred, S1);
for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
NodeTy* N = *I1;
StateTy St = N->getState();
const ExprValue& V = GetValue(St, E);
Nodify(Dst, CastE, N, SetValue(St, CastE, V.EvalCast(ValMgr, CastE)));
}
}
void GRConstants::VisitUnaryOperator(UnaryOperator* U,
GRConstants::NodeTy* Pred,
GRConstants::NodeSet& Dst) {
NodeSet S1;
Visit(U->getSubExpr(), Pred, S1);
for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
NodeTy* N1 = *I1;
StateTy St = N1->getState();
switch (U->getOpcode()) {
case UnaryOperator::PostInc: {
const LValue& L1 = GetLValue(St, U->getSubExpr());
RValue R1 = cast<RValue>(GetValue(St, L1));
QualType T = U->getType();
unsigned bits = getContext()->getTypeSize(T, U->getLocStart());
llvm::APSInt One(llvm::APInt(bits, 1), T->isUnsignedIntegerType());
RValue R2 = RValue::GetRValue(ValMgr, One);
RValue Result = R1.EvalAdd(ValMgr, R2);
Nodify(Dst, U, N1, SetValue(SetValue(St, U, R1), L1, Result));
break;
}
case UnaryOperator::PostDec: {
const LValue& L1 = GetLValue(St, U->getSubExpr());
RValue R1 = cast<RValue>(GetValue(St, L1));
QualType T = U->getType();
unsigned bits = getContext()->getTypeSize(T, U->getLocStart());
llvm::APSInt One(llvm::APInt(bits, 1), T->isUnsignedIntegerType());
RValue R2 = RValue::GetRValue(ValMgr, One);
RValue Result = R1.EvalSub(ValMgr, R2);
Nodify(Dst, U, N1, SetValue(SetValue(St, U, R1), L1, Result));
break;
}
case UnaryOperator::PreInc: {
const LValue& L1 = GetLValue(St, U->getSubExpr());
RValue R1 = cast<RValue>(GetValue(St, L1));
QualType T = U->getType();
unsigned bits = getContext()->getTypeSize(T, U->getLocStart());
llvm::APSInt One(llvm::APInt(bits, 1), T->isUnsignedIntegerType());
RValue R2 = RValue::GetRValue(ValMgr, One);
RValue Result = R1.EvalAdd(ValMgr, R2);
Nodify(Dst, U, N1, SetValue(SetValue(St, U, Result), L1, Result));
break;
}
case UnaryOperator::PreDec: {
const LValue& L1 = GetLValue(St, U->getSubExpr());
RValue R1 = cast<RValue>(GetValue(St, L1));
QualType T = U->getType();
unsigned bits = getContext()->getTypeSize(T, U->getLocStart());
llvm::APSInt One(llvm::APInt(bits, 1), T->isUnsignedIntegerType());
RValue R2 = RValue::GetRValue(ValMgr, One);
RValue Result = R1.EvalSub(ValMgr, R2);
Nodify(Dst, U, N1, SetValue(SetValue(St, U, Result), L1, Result));
break;
}
case UnaryOperator::Minus: {
const RValue& R1 = cast<RValue>(GetValue(St, U->getSubExpr()));
Nodify(Dst, U, N1, SetValue(St, U, R1.EvalMinus(ValMgr, U)));
break;
}
default: ;
assert (false && "Not implemented.");
}
}
}
Ted Kremenek
committed
void GRConstants::VisitBinaryOperator(BinaryOperator* B,
GRConstants::NodeTy* Pred,
GRConstants::NodeSet& Dst) {
NodeSet S1;
Visit(B->getLHS(), Pred, S1);
Ted Kremenek
committed
for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
NodeTy* N1 = *I1;
Ted Kremenek
committed
// When getting the value for the LHS, check if we are in an assignment.
// In such cases, we want to (initially) treat the LHS as an LValue,
// so we use GetLValue instead of GetValue so that DeclRefExpr's are
// evaluated to LValueDecl's instead of to an RValue.
const ExprValue& V1 =
B->isAssignmentOp() ? GetLValue(N1->getState(), B->getLHS())
: GetValue(N1->getState(), B->getLHS());
Ted Kremenek
committed
NodeSet S2;
Visit(B->getRHS(), N1, S2);
for (NodeSet::iterator I2=S2.begin(), E2=S2.end(); I2 != E2; ++I2) {
NodeTy* N2 = *I2;
StateTy St = N2->getState();
const ExprValue& V2 = GetValue(St, B->getRHS());
switch (B->getOpcode()) {
case BinaryOperator::Add: {
const RValue& R1 = cast<RValue>(V1);
const RValue& R2 = cast<RValue>(V2);
Nodify(Dst, B, N2, SetValue(St, B, R1.EvalAdd(ValMgr, R2)));
Ted Kremenek
committed
break;
}
case BinaryOperator::Sub: {
const RValue& R1 = cast<RValue>(V1);
const RValue& R2 = cast<RValue>(V2);
Nodify(Dst, B, N2, SetValue(St, B, R1.EvalSub(ValMgr, R2)));
Ted Kremenek
committed
break;
}
case BinaryOperator::Mul: {
const RValue& R1 = cast<RValue>(V1);
const RValue& R2 = cast<RValue>(V2);
Nodify(Dst, B, N2, SetValue(St, B, R1.EvalMul(ValMgr, R2)));
Ted Kremenek
committed
case BinaryOperator::Assign: {
const LValue& L1 = cast<LValue>(V1);
const RValue& R2 = cast<RValue>(V2);
Nodify(Dst, B, N2, SetValue(SetValue(St, B, R2), L1, R2));
break;
}
case BinaryOperator::AddAssign: {
const LValue& L1 = cast<LValue>(V1);
RValue R1 = cast<RValue>(GetValue(N1->getState(), L1));
RValue Result = R1.EvalAdd(ValMgr, cast<RValue>(V2));
Nodify(Dst, B, N2, SetValue(SetValue(St, B, Result), L1, Result));
break;
}
case BinaryOperator::SubAssign: {
const LValue& L1 = cast<LValue>(V1);
RValue R1 = cast<RValue>(GetValue(N1->getState(), L1));
RValue Result = R1.EvalSub(ValMgr, cast<RValue>(V2));
Nodify(Dst, B, N2, SetValue(SetValue(St, B, Result), L1, Result));
break;
}
case BinaryOperator::MulAssign: {
const LValue& L1 = cast<LValue>(V1);
RValue R1 = cast<RValue>(GetValue(N1->getState(), L1));
RValue Result = R1.EvalMul(ValMgr, cast<RValue>(V2));
Nodify(Dst, B, N2, SetValue(SetValue(St, B, Result), L1, Result));
break;
}
Ted Kremenek
committed
default:
Dst.Add(N2);
break;
}
}
}
}
Ted Kremenek
committed
void GRConstants::Visit(Stmt* S, GRConstants::NodeTy* Pred,
GRConstants::NodeSet& Dst) {
Ted Kremenek
committed
// FIXME: add metadata to the CFG so that we can disable
// this check when we KNOW that there is no block-level subexpression.
// The motivation is that this check requires a hashtable lookup.
Ted Kremenek
committed
if (S != CurrentStmt && getCFG().isBlkExpr(S)) {
Dst.Add(Pred);