search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[ELF] Avoid make in elf::writeARMCmseImportLib
[llvm-project.git] / clang / lib / Analysis / CFG.cpp
blob304bbb2b422c61d9cba416d7712ca60ab365f5d0
1 //===- CFG.cpp - Classes for representing and building CFGs ---------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the CFG and CFGBuilder classes for representing and
10 // building Control-Flow Graphs (CFGs) from ASTs.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "clang/Analysis/CFG.h"
15 #include "clang/AST/ASTContext.h"
16 #include "clang/AST/Attr.h"
17 #include "clang/AST/Decl.h"
18 #include "clang/AST/DeclBase.h"
19 #include "clang/AST/DeclCXX.h"
20 #include "clang/AST/DeclGroup.h"
21 #include "clang/AST/Expr.h"
22 #include "clang/AST/ExprCXX.h"
23 #include "clang/AST/OperationKinds.h"
24 #include "clang/AST/PrettyPrinter.h"
25 #include "clang/AST/Stmt.h"
26 #include "clang/AST/StmtCXX.h"
27 #include "clang/AST/StmtObjC.h"
28 #include "clang/AST/StmtVisitor.h"
29 #include "clang/AST/Type.h"
30 #include "clang/Analysis/ConstructionContext.h"
31 #include "clang/Analysis/Support/BumpVector.h"
32 #include "clang/Basic/Builtins.h"
33 #include "clang/Basic/ExceptionSpecificationType.h"
34 #include "clang/Basic/JsonSupport.h"
35 #include "clang/Basic/LLVM.h"
36 #include "clang/Basic/LangOptions.h"
37 #include "clang/Basic/SourceLocation.h"
38 #include "clang/Basic/Specifiers.h"
39 #include "llvm/ADT/APInt.h"
40 #include "llvm/ADT/APSInt.h"
41 #include "llvm/ADT/ArrayRef.h"
42 #include "llvm/ADT/DenseMap.h"
43 #include "llvm/ADT/STLExtras.h"
44 #include "llvm/ADT/SetVector.h"
45 #include "llvm/ADT/SmallPtrSet.h"
46 #include "llvm/ADT/SmallVector.h"
47 #include "llvm/Support/Allocator.h"
48 #include "llvm/Support/Casting.h"
49 #include "llvm/Support/Compiler.h"
50 #include "llvm/Support/DOTGraphTraits.h"
51 #include "llvm/Support/ErrorHandling.h"
52 #include "llvm/Support/Format.h"
53 #include "llvm/Support/GraphWriter.h"
54 #include "llvm/Support/SaveAndRestore.h"
55 #include "llvm/Support/raw_ostream.h"
56 #include <cassert>
57 #include <memory>
58 #include <optional>
59 #include <string>
60 #include <tuple>
61 #include <utility>
62 #include <vector>
63
64 using namespace clang;
65
66 static SourceLocation GetEndLoc(Decl *D) {
67 if (VarDecl *VD = dyn_cast<VarDecl>(D))
68 if (Expr *Ex = VD->getInit())
69 return Ex->getSourceRange().getEnd();
70 return D->getLocation();
71 }
72
73 /// Returns true on constant values based around a single IntegerLiteral.
74 /// Allow for use of parentheses, integer casts, and negative signs.
75 /// FIXME: it would be good to unify this function with
76 /// getIntegerLiteralSubexpressionValue at some point given the similarity
77 /// between the functions.
78
79 static bool IsIntegerLiteralConstantExpr(const Expr *E) {
80 // Allow parentheses
81 E = E->IgnoreParens();
82
83 // Allow conversions to different integer kind.
84 if (const auto *CE = dyn_cast<CastExpr>(E)) {
85 if (CE->getCastKind() != CK_IntegralCast)
86 return false;
87 E = CE->getSubExpr();
88 }
89
90 // Allow negative numbers.
91 if (const auto *UO = dyn_cast<UnaryOperator>(E)) {
92 if (UO->getOpcode() != UO_Minus)
93 return false;
94 E = UO->getSubExpr();
95 }
96
97 return isa<IntegerLiteral>(E);
98 }
99
100 /// Helper for tryNormalizeBinaryOperator. Attempts to extract an IntegerLiteral
101 /// constant expression or EnumConstantDecl from the given Expr. If it fails,
102 /// returns nullptr.
103 static const Expr *tryTransformToIntOrEnumConstant(const Expr *E) {
104 E = E->IgnoreParens();
105 if (IsIntegerLiteralConstantExpr(E))
106 return E;
107 if (auto *DR = dyn_cast<DeclRefExpr>(E->IgnoreParenImpCasts()))
108 return isa<EnumConstantDecl>(DR->getDecl()) ? DR : nullptr;
109 return nullptr;
110 }
111
112 /// Tries to interpret a binary operator into `Expr Op NumExpr` form, if
113 /// NumExpr is an integer literal or an enum constant.
114 ///
115 /// If this fails, at least one of the returned DeclRefExpr or Expr will be
116 /// null.
117 static std::tuple<const Expr *, BinaryOperatorKind, const Expr *>
118 tryNormalizeBinaryOperator(const BinaryOperator *B) {
119 BinaryOperatorKind Op = B->getOpcode();
120
121 const Expr *MaybeDecl = B->getLHS();
122 const Expr *Constant = tryTransformToIntOrEnumConstant(B->getRHS());
123 // Expr looked like `0 == Foo` instead of `Foo == 0`
124 if (Constant == nullptr) {
125 // Flip the operator
126 if (Op == BO_GT)
127 Op = BO_LT;
128 else if (Op == BO_GE)
129 Op = BO_LE;
130 else if (Op == BO_LT)
131 Op = BO_GT;
132 else if (Op == BO_LE)
133 Op = BO_GE;
134
135 MaybeDecl = B->getRHS();
136 Constant = tryTransformToIntOrEnumConstant(B->getLHS());
137 }
138
139 return std::make_tuple(MaybeDecl, Op, Constant);
140 }
141
142 /// For an expression `x == Foo && x == Bar`, this determines whether the
143 /// `Foo` and `Bar` are either of the same enumeration type, or both integer
144 /// literals.
145 ///
146 /// It's an error to pass this arguments that are not either IntegerLiterals
147 /// or DeclRefExprs (that have decls of type EnumConstantDecl)
148 static bool areExprTypesCompatible(const Expr *E1, const Expr *E2) {
149 // User intent isn't clear if they're mixing int literals with enum
150 // constants.
151 if (isa<DeclRefExpr>(E1) != isa<DeclRefExpr>(E2))
152 return false;
153
154 // Integer literal comparisons, regardless of literal type, are acceptable.
155 if (!isa<DeclRefExpr>(E1))
156 return true;
157
158 // IntegerLiterals are handled above and only EnumConstantDecls are expected
159 // beyond this point
160 assert(isa<DeclRefExpr>(E1) && isa<DeclRefExpr>(E2));
161 auto *Decl1 = cast<DeclRefExpr>(E1)->getDecl();
162 auto *Decl2 = cast<DeclRefExpr>(E2)->getDecl();
163
164 assert(isa<EnumConstantDecl>(Decl1) && isa<EnumConstantDecl>(Decl2));
165 const DeclContext *DC1 = Decl1->getDeclContext();
166 const DeclContext *DC2 = Decl2->getDeclContext();
167
168 assert(isa<EnumDecl>(DC1) && isa<EnumDecl>(DC2));
169 return DC1 == DC2;
170 }
171
172 namespace {
173
174 class CFGBuilder;
175
176 /// The CFG builder uses a recursive algorithm to build the CFG. When
177 /// we process an expression, sometimes we know that we must add the
178 /// subexpressions as block-level expressions. For example:
179 ///
180 /// exp1 || exp2
181 ///
182 /// When processing the '||' expression, we know that exp1 and exp2
183 /// need to be added as block-level expressions, even though they
184 /// might not normally need to be. AddStmtChoice records this
185 /// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then
186 /// the builder has an option not to add a subexpression as a
187 /// block-level expression.
188 class AddStmtChoice {
189 public:
190 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 };
191
192 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {}
193
194 bool alwaysAdd(CFGBuilder &builder,
195 const Stmt *stmt) const;
196
197 /// Return a copy of this object, except with the 'always-add' bit
198 /// set as specified.
199 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const {
200 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd);
201 }
202
203 private:
204 Kind kind;
205 };
206
207 /// LocalScope - Node in tree of local scopes created for C++ implicit
208 /// destructor calls generation. It contains list of automatic variables
209 /// declared in the scope and link to position in previous scope this scope
210 /// began in.
211 ///
212 /// The process of creating local scopes is as follows:
213 /// - Init CFGBuilder::ScopePos with invalid position (equivalent for null),
214 /// - Before processing statements in scope (e.g. CompoundStmt) create
215 /// LocalScope object using CFGBuilder::ScopePos as link to previous scope
216 /// and set CFGBuilder::ScopePos to the end of new scope,
217 /// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points
218 /// at this VarDecl,
219 /// - For every normal (without jump) end of scope add to CFGBlock destructors
220 /// for objects in the current scope,
221 /// - For every jump add to CFGBlock destructors for objects
222 /// between CFGBuilder::ScopePos and local scope position saved for jump
223 /// target. Thanks to C++ restrictions on goto jumps we can be sure that
224 /// jump target position will be on the path to root from CFGBuilder::ScopePos
225 /// (adding any variable that doesn't need constructor to be called to
226 /// LocalScope can break this assumption),
227 ///
228 class LocalScope {
229 public:
230 using AutomaticVarsTy = BumpVector<VarDecl *>;
231
232 /// const_iterator - Iterates local scope backwards and jumps to previous
233 /// scope on reaching the beginning of currently iterated scope.
234 class const_iterator {
235 const LocalScope* Scope = nullptr;
236
237 /// VarIter is guaranteed to be greater then 0 for every valid iterator.
238 /// Invalid iterator (with null Scope) has VarIter equal to 0.
239 unsigned VarIter = 0;
240
241 public:
242 /// Create invalid iterator. Dereferencing invalid iterator is not allowed.
243 /// Incrementing invalid iterator is allowed and will result in invalid
244 /// iterator.
245 const_iterator() = default;
246
247 /// Create valid iterator. In case when S.Prev is an invalid iterator and
248 /// I is equal to 0, this will create invalid iterator.
249 const_iterator(const LocalScope& S, unsigned I)
250 : Scope(&S), VarIter(I) {
251 // Iterator to "end" of scope is not allowed. Handle it by going up
252 // in scopes tree possibly up to invalid iterator in the root.
253 if (VarIter == 0 && Scope)
254 *this = Scope->Prev;
255 }
256
257 VarDecl *const* operator->() const {
258 assert(Scope && "Dereferencing invalid iterator is not allowed");
259 assert(VarIter != 0 && "Iterator has invalid value of VarIter member");
260 return &Scope->Vars[VarIter - 1];
261 }
262
263 const VarDecl *getFirstVarInScope() const {
264 assert(Scope && "Dereferencing invalid iterator is not allowed");
265 assert(VarIter != 0 && "Iterator has invalid value of VarIter member");
266 return Scope->Vars[0];
267 }
268
269 VarDecl *operator*() const {
270 return *this->operator->();
271 }
272
273 const_iterator &operator++() {
274 if (!Scope)
275 return *this;
276
277 assert(VarIter != 0 && "Iterator has invalid value of VarIter member");
278 --VarIter;
279 if (VarIter == 0)
280 *this = Scope->Prev;
281 return *this;
282 }
283 const_iterator operator++(int) {
284 const_iterator P = *this;
285 ++*this;
286 return P;
287 }
288
289 bool operator==(const const_iterator &rhs) const {
290 return Scope == rhs.Scope && VarIter == rhs.VarIter;
291 }
292 bool operator!=(const const_iterator &rhs) const {
293 return !(*this == rhs);
294 }
295
296 explicit operator bool() const {
297 return *this != const_iterator();
298 }
299
300 int distance(const_iterator L);
301 const_iterator shared_parent(const_iterator L);
302 bool pointsToFirstDeclaredVar() { return VarIter == 1; }
303 bool inSameLocalScope(const_iterator rhs) { return Scope == rhs.Scope; }
304 };
305
306 private:
307 BumpVectorContext ctx;
308
309 /// Automatic variables in order of declaration.
310 AutomaticVarsTy Vars;
311
312 /// Iterator to variable in previous scope that was declared just before
313 /// begin of this scope.
314 const_iterator Prev;
315
316 public:
317 /// Constructs empty scope linked to previous scope in specified place.
318 LocalScope(BumpVectorContext ctx, const_iterator P)
319 : ctx(std::move(ctx)), Vars(this->ctx, 4), Prev(P) {}
320
321 /// Begin of scope in direction of CFG building (backwards).
322 const_iterator begin() const { return const_iterator(*this, Vars.size()); }
323
324 void addVar(VarDecl *VD) {
325 Vars.push_back(VD, ctx);
326 }
327 };
328
329 } // namespace
330
331 /// distance - Calculates distance from this to L. L must be reachable from this
332 /// (with use of ++ operator). Cost of calculating the distance is linear w.r.t.
333 /// number of scopes between this and L.
334 int LocalScope::const_iterator::distance(LocalScope::const_iterator L) {
335 int D = 0;
336 const_iterator F = *this;
337 while (F.Scope != L.Scope) {
338 assert(F != const_iterator() &&
339 "L iterator is not reachable from F iterator.");
340 D += F.VarIter;
341 F = F.Scope->Prev;
342 }
343 D += F.VarIter - L.VarIter;
344 return D;
345 }
346
347 /// Calculates the closest parent of this iterator
348 /// that is in a scope reachable through the parents of L.
349 /// I.e. when using 'goto' from this to L, the lifetime of all variables
350 /// between this and shared_parent(L) end.
351 LocalScope::const_iterator
352 LocalScope::const_iterator::shared_parent(LocalScope::const_iterator L) {
353 // one of iterators is not valid (we are not in scope), so common
354 // parent is const_iterator() (i.e. sentinel).
355 if ((*this == const_iterator()) || (L == const_iterator())) {
356 return const_iterator();
357 }
358
359 const_iterator F = *this;
360 if (F.inSameLocalScope(L)) {
361 // Iterators are in the same scope, get common subset of variables.
362 F.VarIter = std::min(F.VarIter, L.VarIter);
363 return F;
364 }
365
366 llvm::SmallDenseMap<const LocalScope *, unsigned, 4> ScopesOfL;
367 while (true) {
368 ScopesOfL.try_emplace(L.Scope, L.VarIter);
369 if (L == const_iterator())
370 break;
371 L = L.Scope->Prev;
372 }
373
374 while (true) {
375 if (auto LIt = ScopesOfL.find(F.Scope); LIt != ScopesOfL.end()) {
376 // Get common subset of variables in given scope
377 F.VarIter = std::min(F.VarIter, LIt->getSecond());
378 return F;
379 }
380 assert(F != const_iterator() &&
381 "L iterator is not reachable from F iterator.");
382 F = F.Scope->Prev;
383 }
384 }
385
386 namespace {
387
388 /// Structure for specifying position in CFG during its build process. It
389 /// consists of CFGBlock that specifies position in CFG and
390 /// LocalScope::const_iterator that specifies position in LocalScope graph.
391 struct BlockScopePosPair {
392 CFGBlock *block = nullptr;
393 LocalScope::const_iterator scopePosition;
394
395 BlockScopePosPair() = default;
396 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos)
397 : block(b), scopePosition(scopePos) {}
398 };
399
400 /// TryResult - a class representing a variant over the values
401 /// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool,
402 /// and is used by the CFGBuilder to decide if a branch condition
403 /// can be decided up front during CFG construction.
404 class TryResult {
405 int X = -1;
406
407 public:
408 TryResult() = default;
409 TryResult(bool b) : X(b ? 1 : 0) {}
410
411 bool isTrue() const { return X == 1; }
412 bool isFalse() const { return X == 0; }
413 bool isKnown() const { return X >= 0; }
414
415 void negate() {
416 assert(isKnown());
417 X ^= 0x1;
418 }
419 };
420
421 } // namespace
422
423 static TryResult bothKnownTrue(TryResult R1, TryResult R2) {
424 if (!R1.isKnown() || !R2.isKnown())
425 return TryResult();
426 return TryResult(R1.isTrue() && R2.isTrue());
427 }
428
429 namespace {
430
431 class reverse_children {
432 llvm::SmallVector<Stmt *, 12> childrenBuf;
433 ArrayRef<Stmt *> children;
434
435 public:
436 reverse_children(Stmt *S);
437
438 using iterator = ArrayRef<Stmt *>::reverse_iterator;
439
440 iterator begin() const { return children.rbegin(); }
441 iterator end() const { return children.rend(); }
442 };
443
444 } // namespace
445
446 reverse_children::reverse_children(Stmt *S) {
447 if (CallExpr *CE = dyn_cast<CallExpr>(S)) {
448 children = CE->getRawSubExprs();
449 return;
450 }
451 switch (S->getStmtClass()) {
452 // Note: Fill in this switch with more cases we want to optimize.
453 case Stmt::InitListExprClass: {
454 InitListExpr *IE = cast<InitListExpr>(S);
455 children = llvm::ArrayRef(reinterpret_cast<Stmt **>(IE->getInits()),
456 IE->getNumInits());
457 return;
458 }
459 default:
460 break;
461 }
462
463 // Default case for all other statements.
464 llvm::append_range(childrenBuf, S->children());
465
466 // This needs to be done *after* childrenBuf has been populated.
467 children = childrenBuf;
468 }
469
470 namespace {
471
472 /// CFGBuilder - This class implements CFG construction from an AST.
473 /// The builder is stateful: an instance of the builder should be used to only
474 /// construct a single CFG.
475 ///
476 /// Example usage:
477 ///
478 /// CFGBuilder builder;
479 /// std::unique_ptr<CFG> cfg = builder.buildCFG(decl, stmt1);
480 ///
481 /// CFG construction is done via a recursive walk of an AST. We actually parse
482 /// the AST in reverse order so that the successor of a basic block is
483 /// constructed prior to its predecessor. This allows us to nicely capture
484 /// implicit fall-throughs without extra basic blocks.
485 class CFGBuilder {
486 using JumpTarget = BlockScopePosPair;
487 using JumpSource = BlockScopePosPair;
488
489 ASTContext *Context;
490 std::unique_ptr<CFG> cfg;
491
492 // Current block.
493 CFGBlock *Block = nullptr;
494
495 // Block after the current block.
496 CFGBlock *Succ = nullptr;
497
498 JumpTarget ContinueJumpTarget;
499 JumpTarget BreakJumpTarget;
500 JumpTarget SEHLeaveJumpTarget;
501 CFGBlock *SwitchTerminatedBlock = nullptr;
502 CFGBlock *DefaultCaseBlock = nullptr;
503
504 // This can point to either a C++ try, an Objective-C @try, or an SEH __try.
505 // try and @try can be mixed and generally work the same.
506 // The frontend forbids mixing SEH __try with either try or @try.
507 // So having one for all three is enough.
508 CFGBlock *TryTerminatedBlock = nullptr;
509
510 // Current position in local scope.
511 LocalScope::const_iterator ScopePos;
512
513 // LabelMap records the mapping from Label expressions to their jump targets.
514 using LabelMapTy = llvm::DenseMap<LabelDecl *, JumpTarget>;
515 LabelMapTy LabelMap;
516
517 // A list of blocks that end with a "goto" that must be backpatched to their
518 // resolved targets upon completion of CFG construction.
519 using BackpatchBlocksTy = std::vector<JumpSource>;
520 BackpatchBlocksTy BackpatchBlocks;
521
522 // A list of labels whose address has been taken (for indirect gotos).
523 using LabelSetTy = llvm::SmallSetVector<LabelDecl *, 8>;
524 LabelSetTy AddressTakenLabels;
525
526 // Information about the currently visited C++ object construction site.
527 // This is set in the construction trigger and read when the constructor
528 // or a function that returns an object by value is being visited.
529 llvm::DenseMap<Expr *, const ConstructionContextLayer *>
530 ConstructionContextMap;
531
532 bool badCFG = false;
533 const CFG::BuildOptions &BuildOpts;
534
535 // State to track for building switch statements.
536 bool switchExclusivelyCovered = false;
537 Expr::EvalResult *switchCond = nullptr;
538
539 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry = nullptr;
540 const Stmt *lastLookup = nullptr;
541
542 // Caches boolean evaluations of expressions to avoid multiple re-evaluations
543 // during construction of branches for chained logical operators.
544 using CachedBoolEvalsTy = llvm::DenseMap<Expr *, TryResult>;
545 CachedBoolEvalsTy CachedBoolEvals;
546
547 public:
548 explicit CFGBuilder(ASTContext *astContext,
549 const CFG::BuildOptions &buildOpts)
550 : Context(astContext), cfg(new CFG()), BuildOpts(buildOpts) {}
551
552 // buildCFG - Used by external clients to construct the CFG.
553 std::unique_ptr<CFG> buildCFG(const Decl *D, Stmt *Statement);
554
555 bool alwaysAdd(const Stmt *stmt);
556
557 private:
558 // Visitors to walk an AST and construct the CFG.
559 CFGBlock *VisitInitListExpr(InitListExpr *ILE, AddStmtChoice asc);
560 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc);
561 CFGBlock *VisitAttributedStmt(AttributedStmt *A, AddStmtChoice asc);
562 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc);
563 CFGBlock *VisitBreakStmt(BreakStmt *B);
564 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc);
565 CFGBlock *VisitCaseStmt(CaseStmt *C);
566 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc);
567 CFGBlock *VisitCompoundStmt(CompoundStmt *C, bool ExternallyDestructed);
568 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C,
569 AddStmtChoice asc);
570 CFGBlock *VisitContinueStmt(ContinueStmt *C);
571 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E,
572 AddStmtChoice asc);
573 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S);
574 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc);
575 CFGBlock *VisitCXXNewExpr(CXXNewExpr *DE, AddStmtChoice asc);
576 CFGBlock *VisitCXXDeleteExpr(CXXDeleteExpr *DE, AddStmtChoice asc);
577 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S);
578 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E,
579 AddStmtChoice asc);
580 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C,
581 AddStmtChoice asc);
582 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T);
583 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S);
584 CFGBlock *VisitCXXTypeidExpr(CXXTypeidExpr *S, AddStmtChoice asc);
585 CFGBlock *VisitDeclStmt(DeclStmt *DS);
586 CFGBlock *VisitDeclSubExpr(DeclStmt *DS);
587 CFGBlock *VisitDefaultStmt(DefaultStmt *D);
588 CFGBlock *VisitDoStmt(DoStmt *D);
589 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E,
590 AddStmtChoice asc, bool ExternallyDestructed);
591 CFGBlock *VisitForStmt(ForStmt *F);
592 CFGBlock *VisitGotoStmt(GotoStmt *G);
593 CFGBlock *VisitGCCAsmStmt(GCCAsmStmt *G, AddStmtChoice asc);
594 CFGBlock *VisitIfStmt(IfStmt *I);
595 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc);
596 CFGBlock *VisitConstantExpr(ConstantExpr *E, AddStmtChoice asc);
597 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I);
598 CFGBlock *VisitLabelStmt(LabelStmt *L);
599 CFGBlock *VisitBlockExpr(BlockExpr *E, AddStmtChoice asc);
600 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc);
601 CFGBlock *VisitLogicalOperator(BinaryOperator *B);
602 std::pair<CFGBlock *, CFGBlock *> VisitLogicalOperator(BinaryOperator *B,
603 Stmt *Term,
604 CFGBlock *TrueBlock,
605 CFGBlock *FalseBlock);
606 CFGBlock *VisitMaterializeTemporaryExpr(MaterializeTemporaryExpr *MTE,
607 AddStmtChoice asc);
608 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc);
609 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S);
610 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S);
611 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S);
612 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S);
613 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S);
614 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S);
615 CFGBlock *VisitObjCMessageExpr(ObjCMessageExpr *E, AddStmtChoice asc);
616 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E);
617 CFGBlock *VisitReturnStmt(Stmt *S);
618 CFGBlock *VisitCoroutineSuspendExpr(CoroutineSuspendExpr *S,
619 AddStmtChoice asc);
620 CFGBlock *VisitSEHExceptStmt(SEHExceptStmt *S);
621 CFGBlock *VisitSEHFinallyStmt(SEHFinallyStmt *S);
622 CFGBlock *VisitSEHLeaveStmt(SEHLeaveStmt *S);
623 CFGBlock *VisitSEHTryStmt(SEHTryStmt *S);
624 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc);
625 CFGBlock *VisitSwitchStmt(SwitchStmt *S);
626 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E,
627 AddStmtChoice asc);
628 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc);
629 CFGBlock *VisitWhileStmt(WhileStmt *W);
630 CFGBlock *VisitArrayInitLoopExpr(ArrayInitLoopExpr *A, AddStmtChoice asc);
631
632 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd,
633 bool ExternallyDestructed = false);
634 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc);
635 CFGBlock *VisitChildren(Stmt *S);
636 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc);
637 CFGBlock *VisitOMPExecutableDirective(OMPExecutableDirective *D,
638 AddStmtChoice asc);
639
640 void maybeAddScopeBeginForVarDecl(CFGBlock *B, const VarDecl *VD,
641 const Stmt *S) {
642 if (ScopePos && (VD == ScopePos.getFirstVarInScope()))
643 appendScopeBegin(B, VD, S);
644 }
645
646 /// When creating the CFG for temporary destructors, we want to mirror the
647 /// branch structure of the corresponding constructor calls.
648 /// Thus, while visiting a statement for temporary destructors, we keep a
649 /// context to keep track of the following information:
650 /// - whether a subexpression is executed unconditionally
651 /// - if a subexpression is executed conditionally, the first
652 /// CXXBindTemporaryExpr we encounter in that subexpression (which
653 /// corresponds to the last temporary destructor we have to call for this
654 /// subexpression) and the CFG block at that point (which will become the
655 /// successor block when inserting the decision point).
656 ///
657 /// That way, we can build the branch structure for temporary destructors as
658 /// follows:
659 /// 1. If a subexpression is executed unconditionally, we add the temporary
660 /// destructor calls to the current block.
661 /// 2. If a subexpression is executed conditionally, when we encounter a
662 /// CXXBindTemporaryExpr:
663 /// a) If it is the first temporary destructor call in the subexpression,
664 /// we remember the CXXBindTemporaryExpr and the current block in the
665 /// TempDtorContext; we start a new block, and insert the temporary
666 /// destructor call.
667 /// b) Otherwise, add the temporary destructor call to the current block.
668 /// 3. When we finished visiting a conditionally executed subexpression,
669 /// and we found at least one temporary constructor during the visitation
670 /// (2.a has executed), we insert a decision block that uses the
671 /// CXXBindTemporaryExpr as terminator, and branches to the current block
672 /// if the CXXBindTemporaryExpr was marked executed, and otherwise
673 /// branches to the stored successor.
674 struct TempDtorContext {
675 TempDtorContext() = default;
676 TempDtorContext(TryResult KnownExecuted)
677 : IsConditional(true), KnownExecuted(KnownExecuted) {}
678
679 /// Returns whether we need to start a new branch for a temporary destructor
680 /// call. This is the case when the temporary destructor is
681 /// conditionally executed, and it is the first one we encounter while
682 /// visiting a subexpression - other temporary destructors at the same level
683 /// will be added to the same block and are executed under the same
684 /// condition.
685 bool needsTempDtorBranch() const {
686 return IsConditional && !TerminatorExpr;
687 }
688
689 /// Remember the successor S of a temporary destructor decision branch for
690 /// the corresponding CXXBindTemporaryExpr E.
691 void setDecisionPoint(CFGBlock *S, CXXBindTemporaryExpr *E) {
692 Succ = S;
693 TerminatorExpr = E;
694 }
695
696 const bool IsConditional = false;
697 const TryResult KnownExecuted = true;
698 CFGBlock *Succ = nullptr;
699 CXXBindTemporaryExpr *TerminatorExpr = nullptr;
700 };
701
702 // Visitors to walk an AST and generate destructors of temporaries in
703 // full expression.
704 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool ExternallyDestructed,
705 TempDtorContext &Context);
706 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E, bool ExternallyDestructed,
707 TempDtorContext &Context);
708 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E,
709 bool ExternallyDestructed,
710 TempDtorContext &Context);
711 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors(
712 CXXBindTemporaryExpr *E, bool ExternallyDestructed, TempDtorContext &Context);
713 CFGBlock *VisitConditionalOperatorForTemporaryDtors(
714 AbstractConditionalOperator *E, bool ExternallyDestructed,
715 TempDtorContext &Context);
716 void InsertTempDtorDecisionBlock(const TempDtorContext &Context,
717 CFGBlock *FalseSucc = nullptr);
718
719 // NYS == Not Yet Supported
720 CFGBlock *NYS() {
721 badCFG = true;
722 return Block;
723 }
724
725 // Remember to apply the construction context based on the current \p Layer
726 // when constructing the CFG element for \p CE.
727 void consumeConstructionContext(const ConstructionContextLayer *Layer,
728 Expr *E);
729
730 // Scan \p Child statement to find constructors in it, while keeping in mind
731 // that its parent statement is providing a partial construction context
732 // described by \p Layer. If a constructor is found, it would be assigned
733 // the context based on the layer. If an additional construction context layer
734 // is found, the function recurses into that.
735 void findConstructionContexts(const ConstructionContextLayer *Layer,
736 Stmt *Child);
737
738 // Scan all arguments of a call expression for a construction context.
739 // These sorts of call expressions don't have a common superclass,
740 // hence strict duck-typing.
741 template <typename CallLikeExpr,
742 typename = std::enable_if_t<
743 std::is_base_of_v<CallExpr, CallLikeExpr> ||
744 std::is_base_of_v<CXXConstructExpr, CallLikeExpr> ||
745 std::is_base_of_v<ObjCMessageExpr, CallLikeExpr>>>
746 void findConstructionContextsForArguments(CallLikeExpr *E) {
747 for (unsigned i = 0, e = E->getNumArgs(); i != e; ++i) {
748 Expr *Arg = E->getArg(i);
749 if (Arg->getType()->getAsCXXRecordDecl() && !Arg->isGLValue())
750 findConstructionContexts(
751 ConstructionContextLayer::create(cfg->getBumpVectorContext(),
752 ConstructionContextItem(E, i)),
753 Arg);
754 }
755 }
756
757 // Unset the construction context after consuming it. This is done immediately
758 // after adding the CFGConstructor or CFGCXXRecordTypedCall element, so
759 // there's no need to do this manually in every Visit... function.
760 void cleanupConstructionContext(Expr *E);
761
762 void autoCreateBlock() { if (!Block) Block = createBlock(); }
763
764 CFGBlock *createBlock(bool add_successor = true);
765 CFGBlock *createNoReturnBlock();
766
767 CFGBlock *addStmt(Stmt *S) {
768 return Visit(S, AddStmtChoice::AlwaysAdd);
769 }
770
771 CFGBlock *addInitializer(CXXCtorInitializer *I);
772 void addLoopExit(const Stmt *LoopStmt);
773 void addAutomaticObjHandling(LocalScope::const_iterator B,
774 LocalScope::const_iterator E, Stmt *S);
775 void addAutomaticObjDestruction(LocalScope::const_iterator B,
776 LocalScope::const_iterator E, Stmt *S);
777 void addScopeExitHandling(LocalScope::const_iterator B,
778 LocalScope::const_iterator E, Stmt *S);
779 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD);
780 void addScopeChangesHandling(LocalScope::const_iterator SrcPos,
781 LocalScope::const_iterator DstPos,
782 Stmt *S);
783 CFGBlock *createScopeChangesHandlingBlock(LocalScope::const_iterator SrcPos,
784 CFGBlock *SrcBlk,
785 LocalScope::const_iterator DstPost,
786 CFGBlock *DstBlk);
787
788 // Local scopes creation.
789 LocalScope* createOrReuseLocalScope(LocalScope* Scope);
790
791 void addLocalScopeForStmt(Stmt *S);
792 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS,
793 LocalScope* Scope = nullptr);
794 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = nullptr);
795
796 void addLocalScopeAndDtors(Stmt *S);
797
798 const ConstructionContext *retrieveAndCleanupConstructionContext(Expr *E) {
799 if (!BuildOpts.AddRichCXXConstructors)
800 return nullptr;
801
802 const ConstructionContextLayer *Layer = ConstructionContextMap.lookup(E);
803 if (!Layer)
804 return nullptr;
805
806 cleanupConstructionContext(E);
807 return ConstructionContext::createFromLayers(cfg->getBumpVectorContext(),
808 Layer);
809 }
810
811 // Interface to CFGBlock - adding CFGElements.
812
813 void appendStmt(CFGBlock *B, const Stmt *S) {
814 if (alwaysAdd(S) && cachedEntry)
815 cachedEntry->second = B;
816
817 // All block-level expressions should have already been IgnoreParens()ed.
818 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S);
819 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext());
820 }
821
822 void appendConstructor(CXXConstructExpr *CE) {
823 CXXConstructorDecl *C = CE->getConstructor();
824 if (C && C->isNoReturn())
825 Block = createNoReturnBlock();
826 else
827 autoCreateBlock();
828
829 if (const ConstructionContext *CC =
830 retrieveAndCleanupConstructionContext(CE)) {
831 Block->appendConstructor(CE, CC, cfg->getBumpVectorContext());
832 return;
833 }
834
835 // No valid construction context found. Fall back to statement.
836 Block->appendStmt(CE, cfg->getBumpVectorContext());
837 }
838
839 void appendCall(CFGBlock *B, CallExpr *CE) {
840 if (alwaysAdd(CE) && cachedEntry)
841 cachedEntry->second = B;
842
843 if (const ConstructionContext *CC =
844 retrieveAndCleanupConstructionContext(CE)) {
845 B->appendCXXRecordTypedCall(CE, CC, cfg->getBumpVectorContext());
846 return;
847 }
848
849 // No valid construction context found. Fall back to statement.
850 B->appendStmt(CE, cfg->getBumpVectorContext());
851 }
852
853 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) {
854 B->appendInitializer(I, cfg->getBumpVectorContext());
855 }
856
857 void appendNewAllocator(CFGBlock *B, CXXNewExpr *NE) {
858 B->appendNewAllocator(NE, cfg->getBumpVectorContext());
859 }
860
861 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) {
862 B->appendBaseDtor(BS, cfg->getBumpVectorContext());
863 }
864
865 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) {
866 B->appendMemberDtor(FD, cfg->getBumpVectorContext());
867 }
868
869 void appendObjCMessage(CFGBlock *B, ObjCMessageExpr *ME) {
870 if (alwaysAdd(ME) && cachedEntry)
871 cachedEntry->second = B;
872
873 if (const ConstructionContext *CC =
874 retrieveAndCleanupConstructionContext(ME)) {
875 B->appendCXXRecordTypedCall(ME, CC, cfg->getBumpVectorContext());
876 return;
877 }
878
879 B->appendStmt(const_cast<ObjCMessageExpr *>(ME),
880 cfg->getBumpVectorContext());
881 }
882
883 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) {
884 B->appendTemporaryDtor(E, cfg->getBumpVectorContext());
885 }
886
887 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) {
888 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext());
889 }
890
891 void appendCleanupFunction(CFGBlock *B, VarDecl *VD) {
892 B->appendCleanupFunction(VD, cfg->getBumpVectorContext());
893 }
894
895 void appendLifetimeEnds(CFGBlock *B, VarDecl *VD, Stmt *S) {
896 B->appendLifetimeEnds(VD, S, cfg->getBumpVectorContext());
897 }
898
899 void appendLoopExit(CFGBlock *B, const Stmt *LoopStmt) {
900 B->appendLoopExit(LoopStmt, cfg->getBumpVectorContext());
901 }
902
903 void appendDeleteDtor(CFGBlock *B, CXXRecordDecl *RD, CXXDeleteExpr *DE) {
904 B->appendDeleteDtor(RD, DE, cfg->getBumpVectorContext());
905 }
906
907 void addSuccessor(CFGBlock *B, CFGBlock *S, bool IsReachable = true) {
908 B->addSuccessor(CFGBlock::AdjacentBlock(S, IsReachable),
909 cfg->getBumpVectorContext());
910 }
911
912 /// Add a reachable successor to a block, with the alternate variant that is
913 /// unreachable.
914 void addSuccessor(CFGBlock *B, CFGBlock *ReachableBlock, CFGBlock *AltBlock) {
915 B->addSuccessor(CFGBlock::AdjacentBlock(ReachableBlock, AltBlock),
916 cfg->getBumpVectorContext());
917 }
918
919 void appendScopeBegin(CFGBlock *B, const VarDecl *VD, const Stmt *S) {
920 if (BuildOpts.AddScopes)
921 B->appendScopeBegin(VD, S, cfg->getBumpVectorContext());
922 }
923
924 void appendScopeEnd(CFGBlock *B, const VarDecl *VD, const Stmt *S) {
925 if (BuildOpts.AddScopes)
926 B->appendScopeEnd(VD, S, cfg->getBumpVectorContext());
927 }
928
929 /// Find a relational comparison with an expression evaluating to a
930 /// boolean and a constant other than 0 and 1.
931 /// e.g. if ((x < y) == 10)
932 TryResult checkIncorrectRelationalOperator(const BinaryOperator *B) {
933 const Expr *LHSExpr = B->getLHS()->IgnoreParens();
934 const Expr *RHSExpr = B->getRHS()->IgnoreParens();
935
936 const IntegerLiteral *IntLiteral = dyn_cast<IntegerLiteral>(LHSExpr);
937 const Expr *BoolExpr = RHSExpr;
938 bool IntFirst = true;
939 if (!IntLiteral) {
940 IntLiteral = dyn_cast<IntegerLiteral>(RHSExpr);
941 BoolExpr = LHSExpr;
942 IntFirst = false;
943 }
944
945 if (!IntLiteral || !BoolExpr->isKnownToHaveBooleanValue())
946 return TryResult();
947
948 llvm::APInt IntValue = IntLiteral->getValue();
949 if ((IntValue == 1) || (IntValue == 0))
950 return TryResult();
951
952 bool IntLarger = IntLiteral->getType()->isUnsignedIntegerType() ||
953 !IntValue.isNegative();
954
955 BinaryOperatorKind Bok = B->getOpcode();
956 if (Bok == BO_GT || Bok == BO_GE) {
957 // Always true for 10 > bool and bool > -1
958 // Always false for -1 > bool and bool > 10
959 return TryResult(IntFirst == IntLarger);
960 } else {
961 // Always true for -1 < bool and bool < 10
962 // Always false for 10 < bool and bool < -1
963 return TryResult(IntFirst != IntLarger);
964 }
965 }
966
967 /// Find an incorrect equality comparison. Either with an expression
968 /// evaluating to a boolean and a constant other than 0 and 1.
969 /// e.g. if (!x == 10) or a bitwise and/or operation that always evaluates to
970 /// true/false e.q. (x & 8) == 4.
971 TryResult checkIncorrectEqualityOperator(const BinaryOperator *B) {
972 const Expr *LHSExpr = B->getLHS()->IgnoreParens();
973 const Expr *RHSExpr = B->getRHS()->IgnoreParens();
974
975 std::optional<llvm::APInt> IntLiteral1 =
976 getIntegerLiteralSubexpressionValue(LHSExpr);
977 const Expr *BoolExpr = RHSExpr;
978
979 if (!IntLiteral1) {
980 IntLiteral1 = getIntegerLiteralSubexpressionValue(RHSExpr);
981 BoolExpr = LHSExpr;
982 }
983
984 if (!IntLiteral1)
985 return TryResult();
986
987 const BinaryOperator *BitOp = dyn_cast<BinaryOperator>(BoolExpr);
988 if (BitOp && (BitOp->getOpcode() == BO_And ||
989 BitOp->getOpcode() == BO_Or)) {
990 const Expr *LHSExpr2 = BitOp->getLHS()->IgnoreParens();
991 const Expr *RHSExpr2 = BitOp->getRHS()->IgnoreParens();
992
993 std::optional<llvm::APInt> IntLiteral2 =
994 getIntegerLiteralSubexpressionValue(LHSExpr2);
995
996 if (!IntLiteral2)
997 IntLiteral2 = getIntegerLiteralSubexpressionValue(RHSExpr2);
998
999 if (!IntLiteral2)
1000 return TryResult();
1001
1002 if ((BitOp->getOpcode() == BO_And &&
1003 (*IntLiteral2 & *IntLiteral1) != *IntLiteral1) ||
1004 (BitOp->getOpcode() == BO_Or &&
1005 (*IntLiteral2 | *IntLiteral1) != *IntLiteral1)) {
1006 if (BuildOpts.Observer)
1007 BuildOpts.Observer->compareBitwiseEquality(B,
1008 B->getOpcode() != BO_EQ);
1009 return TryResult(B->getOpcode() != BO_EQ);
1010 }
1011 } else if (BoolExpr->isKnownToHaveBooleanValue()) {
1012 if ((*IntLiteral1 == 1) || (*IntLiteral1 == 0)) {
1013 return TryResult();
1014 }
1015 return TryResult(B->getOpcode() != BO_EQ);
1016 }
1017
1018 return TryResult();
1019 }
1020
1021 // Helper function to get an APInt from an expression. Supports expressions
1022 // which are an IntegerLiteral or a UnaryOperator and returns the value with
1023 // all operations performed on it.
1024 // FIXME: it would be good to unify this function with
1025 // IsIntegerLiteralConstantExpr at some point given the similarity between the
1026 // functions.
1027 std::optional<llvm::APInt>
1028 getIntegerLiteralSubexpressionValue(const Expr *E) {
1029
1030 // If unary.
1031 if (const auto *UnOp = dyn_cast<UnaryOperator>(E->IgnoreParens())) {
1032 // Get the sub expression of the unary expression and get the Integer
1033 // Literal.
1034 const Expr *SubExpr = UnOp->getSubExpr()->IgnoreParens();
1035
1036 if (const auto *IntLiteral = dyn_cast<IntegerLiteral>(SubExpr)) {
1037
1038 llvm::APInt Value = IntLiteral->getValue();
1039
1040 // Perform the operation manually.
1041 switch (UnOp->getOpcode()) {
1042 case UO_Plus:
1043 return Value;
1044 case UO_Minus:
1045 return -Value;
1046 case UO_Not:
1047 return ~Value;
1048 case UO_LNot:
1049 return llvm::APInt(Context->getTypeSize(Context->IntTy), !Value);
1050 default:
1051 assert(false && "Unexpected unary operator!");
1052 return std::nullopt;
1053 }
1054 }
1055 } else if (const auto *IntLiteral =
1056 dyn_cast<IntegerLiteral>(E->IgnoreParens()))
1057 return IntLiteral->getValue();
1058
1059 return std::nullopt;
1060 }
1061
1062 TryResult analyzeLogicOperatorCondition(BinaryOperatorKind Relation,
1063 const llvm::APSInt &Value1,
1064 const llvm::APSInt &Value2) {
1065 assert(Value1.isSigned() == Value2.isSigned());
1066 switch (Relation) {
1067 default:
1068 return TryResult();
1069 case BO_EQ:
1070 return TryResult(Value1 == Value2);
1071 case BO_NE:
1072 return TryResult(Value1 != Value2);
1073 case BO_LT:
1074 return TryResult(Value1 < Value2);
1075 case BO_LE:
1076 return TryResult(Value1 <= Value2);
1077 case BO_GT:
1078 return TryResult(Value1 > Value2);
1079 case BO_GE:
1080 return TryResult(Value1 >= Value2);
1081 }
1082 }
1083
1084 /// There are two checks handled by this function:
1085 /// 1. Find a law-of-excluded-middle or law-of-noncontradiction expression
1086 /// e.g. if (x || !x), if (x && !x)
1087 /// 2. Find a pair of comparison expressions with or without parentheses
1088 /// with a shared variable and constants and a logical operator between them
1089 /// that always evaluates to either true or false.
1090 /// e.g. if (x != 3 || x != 4)
1091 TryResult checkIncorrectLogicOperator(const BinaryOperator *B) {
1092 assert(B->isLogicalOp());
1093 const Expr *LHSExpr = B->getLHS()->IgnoreParens();
1094 const Expr *RHSExpr = B->getRHS()->IgnoreParens();
1095
1096 auto CheckLogicalOpWithNegatedVariable = [this, B](const Expr *E1,
1097 const Expr *E2) {
1098 if (const auto *Negate = dyn_cast<UnaryOperator>(E1)) {
1099 if (Negate->getOpcode() == UO_LNot &&
1100 Expr::isSameComparisonOperand(Negate->getSubExpr(), E2)) {
1101 bool AlwaysTrue = B->getOpcode() == BO_LOr;
1102 if (BuildOpts.Observer)
1103 BuildOpts.Observer->logicAlwaysTrue(B, AlwaysTrue);
1104 return TryResult(AlwaysTrue);
1105 }
1106 }
1107 return TryResult();
1108 };
1109
1110 TryResult Result = CheckLogicalOpWithNegatedVariable(LHSExpr, RHSExpr);
1111 if (Result.isKnown())
1112 return Result;
1113 Result = CheckLogicalOpWithNegatedVariable(RHSExpr, LHSExpr);
1114 if (Result.isKnown())
1115 return Result;
1116
1117 const auto *LHS = dyn_cast<BinaryOperator>(LHSExpr);
1118 const auto *RHS = dyn_cast<BinaryOperator>(RHSExpr);
1119 if (!LHS || !RHS)
1120 return {};
1121
1122 if (!LHS->isComparisonOp() || !RHS->isComparisonOp())
1123 return {};
1124
1125 const Expr *DeclExpr1;
1126 const Expr *NumExpr1;
1127 BinaryOperatorKind BO1;
1128 std::tie(DeclExpr1, BO1, NumExpr1) = tryNormalizeBinaryOperator(LHS);
1129
1130 if (!DeclExpr1 || !NumExpr1)
1131 return {};
1132
1133 const Expr *DeclExpr2;
1134 const Expr *NumExpr2;
1135 BinaryOperatorKind BO2;
1136 std::tie(DeclExpr2, BO2, NumExpr2) = tryNormalizeBinaryOperator(RHS);
1137
1138 if (!DeclExpr2 || !NumExpr2)
1139 return {};
1140
1141 // Check that it is the same variable on both sides.
1142 if (!Expr::isSameComparisonOperand(DeclExpr1, DeclExpr2))
1143 return {};
1144
1145 // Make sure the user's intent is clear (e.g. they're comparing against two
1146 // int literals, or two things from the same enum)
1147 if (!areExprTypesCompatible(NumExpr1, NumExpr2))
1148 return {};
1149
1150 Expr::EvalResult L1Result, L2Result;
1151 if (!NumExpr1->EvaluateAsInt(L1Result, *Context) ||
1152 !NumExpr2->EvaluateAsInt(L2Result, *Context))
1153 return {};
1154
1155 llvm::APSInt L1 = L1Result.Val.getInt();
1156 llvm::APSInt L2 = L2Result.Val.getInt();
1157
1158 // Can't compare signed with unsigned or with different bit width.
1159 if (L1.isSigned() != L2.isSigned() || L1.getBitWidth() != L2.getBitWidth())
1160 return {};
1161
1162 // Values that will be used to determine if result of logical
1163 // operator is always true/false
1164 const llvm::APSInt Values[] = {
1165 // Value less than both Value1 and Value2
1166 llvm::APSInt::getMinValue(L1.getBitWidth(), L1.isUnsigned()),
1167 // L1
1168 L1,
1169 // Value between Value1 and Value2
1170 ((L1 < L2) ? L1 : L2) + llvm::APSInt(llvm::APInt(L1.getBitWidth(), 1),
1171 L1.isUnsigned()),
1172 // L2
1173 L2,
1174 // Value greater than both Value1 and Value2
1175 llvm::APSInt::getMaxValue(L1.getBitWidth(), L1.isUnsigned()),
1176 };
1177
1178 // Check whether expression is always true/false by evaluating the following
1179 // * variable x is less than the smallest literal.
1180 // * variable x is equal to the smallest literal.
1181 // * Variable x is between smallest and largest literal.
1182 // * Variable x is equal to the largest literal.
1183 // * Variable x is greater than largest literal.
1184 bool AlwaysTrue = true, AlwaysFalse = true;
1185 // Track value of both subexpressions. If either side is always
1186 // true/false, another warning should have already been emitted.
1187 bool LHSAlwaysTrue = true, LHSAlwaysFalse = true;
1188 bool RHSAlwaysTrue = true, RHSAlwaysFalse = true;
1189 for (const llvm::APSInt &Value : Values) {
1190 TryResult Res1, Res2;
1191 Res1 = analyzeLogicOperatorCondition(BO1, Value, L1);
1192 Res2 = analyzeLogicOperatorCondition(BO2, Value, L2);
1193
1194 if (!Res1.isKnown() || !Res2.isKnown())
1195 return {};
1196
1197 if (B->getOpcode() == BO_LAnd) {
1198 AlwaysTrue &= (Res1.isTrue() && Res2.isTrue());
1199 AlwaysFalse &= !(Res1.isTrue() && Res2.isTrue());
1200 } else {
1201 AlwaysTrue &= (Res1.isTrue() || Res2.isTrue());
1202 AlwaysFalse &= !(Res1.isTrue() || Res2.isTrue());
1203 }
1204
1205 LHSAlwaysTrue &= Res1.isTrue();
1206 LHSAlwaysFalse &= Res1.isFalse();
1207 RHSAlwaysTrue &= Res2.isTrue();
1208 RHSAlwaysFalse &= Res2.isFalse();
1209 }
1210
1211 if (AlwaysTrue || AlwaysFalse) {
1212 if (!LHSAlwaysTrue && !LHSAlwaysFalse && !RHSAlwaysTrue &&
1213 !RHSAlwaysFalse && BuildOpts.Observer)
1214 BuildOpts.Observer->compareAlwaysTrue(B, AlwaysTrue);
1215 return TryResult(AlwaysTrue);
1216 }
1217 return {};
1218 }
1219
1220 /// A bitwise-or with a non-zero constant always evaluates to true.
1221 TryResult checkIncorrectBitwiseOrOperator(const BinaryOperator *B) {
1222 const Expr *LHSConstant =
1223 tryTransformToIntOrEnumConstant(B->getLHS()->IgnoreParenImpCasts());
1224 const Expr *RHSConstant =
1225 tryTransformToIntOrEnumConstant(B->getRHS()->IgnoreParenImpCasts());
1226
1227 if ((LHSConstant && RHSConstant) || (!LHSConstant && !RHSConstant))
1228 return {};
1229
1230 const Expr *Constant = LHSConstant ? LHSConstant : RHSConstant;
1231
1232 Expr::EvalResult Result;
1233 if (!Constant->EvaluateAsInt(Result, *Context))
1234 return {};
1235
1236 if (Result.Val.getInt() == 0)
1237 return {};
1238
1239 if (BuildOpts.Observer)
1240 BuildOpts.Observer->compareBitwiseOr(B);
1241
1242 return TryResult(true);
1243 }
1244
1245 /// Try and evaluate an expression to an integer constant.
1246 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) {
1247 if (!BuildOpts.PruneTriviallyFalseEdges)
1248 return false;
1249 return !S->isTypeDependent() &&
1250 !S->isValueDependent() &&
1251 S->EvaluateAsRValue(outResult, *Context);
1252 }
1253
1254 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1
1255 /// if we can evaluate to a known value, otherwise return -1.
1256 TryResult tryEvaluateBool(Expr *S) {
1257 if (!BuildOpts.PruneTriviallyFalseEdges ||
1258 S->isTypeDependent() || S->isValueDependent())
1259 return {};
1260
1261 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) {
1262 if (Bop->isLogicalOp() || Bop->isEqualityOp()) {
1263 // Check the cache first.
1264 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S);
1265 if (I != CachedBoolEvals.end())
1266 return I->second; // already in map;
1267
1268 // Retrieve result at first, or the map might be updated.
1269 TryResult Result = evaluateAsBooleanConditionNoCache(S);
1270 CachedBoolEvals[S] = Result; // update or insert
1271 return Result;
1272 }
1273 else {
1274 switch (Bop->getOpcode()) {
1275 default: break;
1276 // For 'x & 0' and 'x * 0', we can determine that
1277 // the value is always false.
1278 case BO_Mul:
1279 case BO_And: {
1280 // If either operand is zero, we know the value
1281 // must be false.
1282 Expr::EvalResult LHSResult;
1283 if (Bop->getLHS()->EvaluateAsInt(LHSResult, *Context)) {
1284 llvm::APSInt IntVal = LHSResult.Val.getInt();
1285 if (!IntVal.getBoolValue()) {
1286 return TryResult(false);
1287 }
1288 }
1289 Expr::EvalResult RHSResult;
1290 if (Bop->getRHS()->EvaluateAsInt(RHSResult, *Context)) {
1291 llvm::APSInt IntVal = RHSResult.Val.getInt();
1292 if (!IntVal.getBoolValue()) {
1293 return TryResult(false);
1294 }
1295 }
1296 }
1297 break;
1298 }
1299 }
1300 }
1301
1302 return evaluateAsBooleanConditionNoCache(S);
1303 }
1304
1305 /// Evaluate as boolean \param E without using the cache.
1306 TryResult evaluateAsBooleanConditionNoCache(Expr *E) {
1307 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) {
1308 if (Bop->isLogicalOp()) {
1309 TryResult LHS = tryEvaluateBool(Bop->getLHS());
1310 if (LHS.isKnown()) {
1311 // We were able to evaluate the LHS, see if we can get away with not
1312 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1
1313 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr))
1314 return LHS.isTrue();
1315
1316 TryResult RHS = tryEvaluateBool(Bop->getRHS());
1317 if (RHS.isKnown()) {
1318 if (Bop->getOpcode() == BO_LOr)
1319 return LHS.isTrue() || RHS.isTrue();
1320 else
1321 return LHS.isTrue() && RHS.isTrue();
1322 }
1323 } else {
1324 TryResult RHS = tryEvaluateBool(Bop->getRHS());
1325 if (RHS.isKnown()) {
1326 // We can't evaluate the LHS; however, sometimes the result
1327 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1.
1328 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr))
1329 return RHS.isTrue();
1330 } else {
1331 TryResult BopRes = checkIncorrectLogicOperator(Bop);
1332 if (BopRes.isKnown())
1333 return BopRes.isTrue();
1334 }
1335 }
1336
1337 return {};
1338 } else if (Bop->isEqualityOp()) {
1339 TryResult BopRes = checkIncorrectEqualityOperator(Bop);
1340 if (BopRes.isKnown())
1341 return BopRes.isTrue();
1342 } else if (Bop->isRelationalOp()) {
1343 TryResult BopRes = checkIncorrectRelationalOperator(Bop);
1344 if (BopRes.isKnown())
1345 return BopRes.isTrue();
1346 } else if (Bop->getOpcode() == BO_Or) {
1347 TryResult BopRes = checkIncorrectBitwiseOrOperator(Bop);
1348 if (BopRes.isKnown())
1349 return BopRes.isTrue();
1350 }
1351 }
1352
1353 bool Result;
1354 if (E->EvaluateAsBooleanCondition(Result, *Context))
1355 return Result;
1356
1357 return {};
1358 }
1359
1360 bool hasTrivialDestructor(const VarDecl *VD) const;
1361 bool needsAutomaticDestruction(const VarDecl *VD) const;
1362 };
1363
1364 } // namespace
1365
1366 Expr *
1367 clang::extractElementInitializerFromNestedAILE(const ArrayInitLoopExpr *AILE) {
1368 if (!AILE)
1369 return nullptr;
1370
1371 Expr *AILEInit = AILE->getSubExpr();
1372 while (const auto *E = dyn_cast<ArrayInitLoopExpr>(AILEInit))
1373 AILEInit = E->getSubExpr();
1374
1375 return AILEInit;
1376 }
1377
1378 inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder,
1379 const Stmt *stmt) const {
1380 return builder.alwaysAdd(stmt) || kind == AlwaysAdd;
1381 }
1382
1383 bool CFGBuilder::alwaysAdd(const Stmt *stmt) {
1384 bool shouldAdd = BuildOpts.alwaysAdd(stmt);
1385
1386 if (!BuildOpts.forcedBlkExprs)
1387 return shouldAdd;
1388
1389 if (lastLookup == stmt) {
1390 if (cachedEntry) {
1391 assert(cachedEntry->first == stmt);
1392 return true;
1393 }
1394 return shouldAdd;
1395 }
1396
1397 lastLookup = stmt;
1398
1399 // Perform the lookup!
1400 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs;
1401
1402 if (!fb) {
1403 // No need to update 'cachedEntry', since it will always be null.
1404 assert(!cachedEntry);
1405 return shouldAdd;
1406 }
1407
1408 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt);
1409 if (itr == fb->end()) {
1410 cachedEntry = nullptr;
1411 return shouldAdd;
1412 }
1413
1414 cachedEntry = &*itr;
1415 return true;
1416 }
1417
1418 // FIXME: Add support for dependent-sized array types in C++?
1419 // Does it even make sense to build a CFG for an uninstantiated template?
1420 static const VariableArrayType *FindVA(const Type *t) {
1421 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) {
1422 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt))
1423 if (vat->getSizeExpr())
1424 return vat;
1425
1426 t = vt->getElementType().getTypePtr();
1427 }
1428
1429 return nullptr;
1430 }
1431
1432 void CFGBuilder::consumeConstructionContext(
1433 const ConstructionContextLayer *Layer, Expr *E) {
1434 assert((isa<CXXConstructExpr>(E) || isa<CallExpr>(E) ||
1435 isa<ObjCMessageExpr>(E)) && "Expression cannot construct an object!");
1436 if (const ConstructionContextLayer *PreviouslyStoredLayer =
1437 ConstructionContextMap.lookup(E)) {
1438 (void)PreviouslyStoredLayer;
1439 // We might have visited this child when we were finding construction
1440 // contexts within its parents.
1441 assert(PreviouslyStoredLayer->isStrictlyMoreSpecificThan(Layer) &&
1442 "Already within a different construction context!");
1443 } else {
1444 ConstructionContextMap[E] = Layer;
1445 }
1446 }
1447
1448 void CFGBuilder::findConstructionContexts(
1449 const ConstructionContextLayer *Layer, Stmt *Child) {
1450 if (!BuildOpts.AddRichCXXConstructors)
1451 return;
1452
1453 if (!Child)
1454 return;
1455
1456 auto withExtraLayer = [this, Layer](const ConstructionContextItem &Item) {
1457 return ConstructionContextLayer::create(cfg->getBumpVectorContext(), Item,
1458 Layer);
1459 };
1460
1461 switch(Child->getStmtClass()) {
1462 case Stmt::CXXConstructExprClass:
1463 case Stmt::CXXTemporaryObjectExprClass: {
1464 // Support pre-C++17 copy elision AST.
1465 auto *CE = cast<CXXConstructExpr>(Child);
1466 if (BuildOpts.MarkElidedCXXConstructors && CE->isElidable()) {
1467 findConstructionContexts(withExtraLayer(CE), CE->getArg(0));
1468 }
1469
1470 consumeConstructionContext(Layer, CE);
1471 break;
1472 }
1473 // FIXME: This, like the main visit, doesn't support CUDAKernelCallExpr.
1474 // FIXME: An isa<> would look much better but this whole switch is a
1475 // workaround for an internal compiler error in MSVC 2015 (see r326021).
1476 case Stmt::CallExprClass:
1477 case Stmt::CXXMemberCallExprClass:
1478 case Stmt::CXXOperatorCallExprClass:
1479 case Stmt::UserDefinedLiteralClass:
1480 case Stmt::ObjCMessageExprClass: {
1481 auto *E = cast<Expr>(Child);
1482 if (CFGCXXRecordTypedCall::isCXXRecordTypedCall(E))
1483 consumeConstructionContext(Layer, E);
1484 break;
1485 }
1486 case Stmt::ExprWithCleanupsClass: {
1487 auto *Cleanups = cast<ExprWithCleanups>(Child);
1488 findConstructionContexts(Layer, Cleanups->getSubExpr());
1489 break;
1490 }
1491 case Stmt::CXXFunctionalCastExprClass: {
1492 auto *Cast = cast<CXXFunctionalCastExpr>(Child);
1493 findConstructionContexts(Layer, Cast->getSubExpr());
1494 break;
1495 }
1496 case Stmt::ImplicitCastExprClass: {
1497 auto *Cast = cast<ImplicitCastExpr>(Child);
1498 // Should we support other implicit cast kinds?
1499 switch (Cast->getCastKind()) {
1500 case CK_NoOp:
1501 case CK_ConstructorConversion:
1502 findConstructionContexts(Layer, Cast->getSubExpr());
1503 break;
1504 default:
1505 break;
1506 }
1507 break;
1508 }
1509 case Stmt::CXXBindTemporaryExprClass: {
1510 auto *BTE = cast<CXXBindTemporaryExpr>(Child);
1511 findConstructionContexts(withExtraLayer(BTE), BTE->getSubExpr());
1512 break;
1513 }
1514 case Stmt::MaterializeTemporaryExprClass: {
1515 // Normally we don't want to search in MaterializeTemporaryExpr because
1516 // it indicates the beginning of a temporary object construction context,
1517 // so it shouldn't be found in the middle. However, if it is the beginning
1518 // of an elidable copy or move construction context, we need to include it.
1519 if (Layer->getItem().getKind() ==
1520 ConstructionContextItem::ElidableConstructorKind) {
1521 auto *MTE = cast<MaterializeTemporaryExpr>(Child);
1522 findConstructionContexts(withExtraLayer(MTE), MTE->getSubExpr());
1523 }
1524 break;
1525 }
1526 case Stmt::ConditionalOperatorClass: {
1527 auto *CO = cast<ConditionalOperator>(Child);
1528 if (Layer->getItem().getKind() !=
1529 ConstructionContextItem::MaterializationKind) {
1530 // If the object returned by the conditional operator is not going to be a
1531 // temporary object that needs to be immediately materialized, then
1532 // it must be C++17 with its mandatory copy elision. Do not yet promise
1533 // to support this case.
1534 assert(!CO->getType()->getAsCXXRecordDecl() || CO->isGLValue() ||
1535 Context->getLangOpts().CPlusPlus17);
1536 break;
1537 }
1538 findConstructionContexts(Layer, CO->getLHS());
1539 findConstructionContexts(Layer, CO->getRHS());
1540 break;
1541 }
1542 case Stmt::InitListExprClass: {
1543 auto *ILE = cast<InitListExpr>(Child);
1544 if (ILE->isTransparent()) {
1545 findConstructionContexts(Layer, ILE->getInit(0));
1546 break;
1547 }
1548 // TODO: Handle other cases. For now, fail to find construction contexts.
1549 break;
1550 }
1551 case Stmt::ParenExprClass: {
1552 // If expression is placed into parenthesis we should propagate the parent
1553 // construction context to subexpressions.
1554 auto *PE = cast<ParenExpr>(Child);
1555 findConstructionContexts(Layer, PE->getSubExpr());
1556 break;
1557 }
1558 default:
1559 break;
1560 }
1561 }
1562
1563 void CFGBuilder::cleanupConstructionContext(Expr *E) {
1564 assert(BuildOpts.AddRichCXXConstructors &&
1565 "We should not be managing construction contexts!");
1566 assert(ConstructionContextMap.count(E) &&
1567 "Cannot exit construction context without the context!");
1568 ConstructionContextMap.erase(E);
1569 }
1570
1571 /// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an
1572 /// arbitrary statement. Examples include a single expression or a function
1573 /// body (compound statement). The ownership of the returned CFG is
1574 /// transferred to the caller. If CFG construction fails, this method returns
1575 /// NULL.
1576 std::unique_ptr<CFG> CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) {
1577 assert(cfg.get());
1578 if (!Statement)
1579 return nullptr;
1580
1581 // Create an empty block that will serve as the exit block for the CFG. Since
1582 // this is the first block added to the CFG, it will be implicitly registered
1583 // as the exit block.
1584 Succ = createBlock();
1585 assert(Succ == &cfg->getExit());
1586 Block = nullptr; // the EXIT block is empty. Create all other blocks lazily.
1587
1588 if (BuildOpts.AddImplicitDtors)
1589 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D))
1590 addImplicitDtorsForDestructor(DD);
1591
1592 // Visit the statements and create the CFG.
1593 CFGBlock *B = addStmt(Statement);
1594
1595 if (badCFG)
1596 return nullptr;
1597
1598 // For C++ constructor add initializers to CFG. Constructors of virtual bases
1599 // are ignored unless the object is of the most derived class.
1600 // class VBase { VBase() = default; VBase(int) {} };
1601 // class A : virtual public VBase { A() : VBase(0) {} };
1602 // class B : public A {};
1603 // B b; // Constructor calls in order: VBase(), A(), B().
1604 // // VBase(0) is ignored because A isn't the most derived class.
1605 // This may result in the virtual base(s) being already initialized at this
1606 // point, in which case we should jump right onto non-virtual bases and
1607 // fields. To handle this, make a CFG branch. We only need to add one such
1608 // branch per constructor, since the Standard states that all virtual bases
1609 // shall be initialized before non-virtual bases and direct data members.
1610 if (const auto *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) {
1611 CFGBlock *VBaseSucc = nullptr;
1612 for (auto *I : llvm::reverse(CD->inits())) {
1613 if (BuildOpts.AddVirtualBaseBranches && !VBaseSucc &&
1614 I->isBaseInitializer() && I->isBaseVirtual()) {
1615 // We've reached the first virtual base init while iterating in reverse
1616 // order. Make a new block for virtual base initializers so that we
1617 // could skip them.
1618 VBaseSucc = Succ = B ? B : &cfg->getExit();
1619 Block = createBlock();
1620 }
1621 B = addInitializer(I);
1622 if (badCFG)
1623 return nullptr;
1624 }
1625 if (VBaseSucc) {
1626 // Make a branch block for potentially skipping virtual base initializers.
1627 Succ = VBaseSucc;
1628 B = createBlock();
1629 B->setTerminator(
1630 CFGTerminator(nullptr, CFGTerminator::VirtualBaseBranch));
1631 addSuccessor(B, Block, true);
1632 }
1633 }
1634
1635 if (B)
1636 Succ = B;
1637
1638 // Backpatch the gotos whose label -> block mappings we didn't know when we
1639 // encountered them.
1640 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(),
1641 E = BackpatchBlocks.end(); I != E; ++I ) {
1642
1643 CFGBlock *B = I->block;
1644 if (auto *G = dyn_cast<GotoStmt>(B->getTerminator())) {
1645 LabelMapTy::iterator LI = LabelMap.find(G->getLabel());
1646 // If there is no target for the goto, then we are looking at an
1647 // incomplete AST. Handle this by not registering a successor.
1648 if (LI == LabelMap.end())
1649 continue;
1650 JumpTarget JT = LI->second;
1651
1652 CFGBlock *SuccBlk = createScopeChangesHandlingBlock(
1653 I->scopePosition, B, JT.scopePosition, JT.block);
1654 addSuccessor(B, SuccBlk);
1655 } else if (auto *G = dyn_cast<GCCAsmStmt>(B->getTerminator())) {
1656 CFGBlock *Successor = (I+1)->block;
1657 for (auto *L : G->labels()) {
1658 LabelMapTy::iterator LI = LabelMap.find(L->getLabel());
1659 // If there is no target for the goto, then we are looking at an
1660 // incomplete AST. Handle this by not registering a successor.
1661 if (LI == LabelMap.end())
1662 continue;
1663 JumpTarget JT = LI->second;
1664 // Successor has been added, so skip it.
1665 if (JT.block == Successor)
1666 continue;
1667 addSuccessor(B, JT.block);
1668 }
1669 I++;
1670 }
1671 }
1672
1673 // Add successors to the Indirect Goto Dispatch block (if we have one).
1674 if (CFGBlock *B = cfg->getIndirectGotoBlock())
1675 for (LabelSetTy::iterator I = AddressTakenLabels.begin(),
1676 E = AddressTakenLabels.end(); I != E; ++I ) {
1677 // Lookup the target block.
1678 LabelMapTy::iterator LI = LabelMap.find(*I);
1679
1680 // If there is no target block that contains label, then we are looking
1681 // at an incomplete AST. Handle this by not registering a successor.
1682 if (LI == LabelMap.end()) continue;
1683
1684 addSuccessor(B, LI->second.block);
1685 }
1686
1687 // Create an empty entry block that has no predecessors.
1688 cfg->setEntry(createBlock());
1689
1690 if (BuildOpts.AddRichCXXConstructors)
1691 assert(ConstructionContextMap.empty() &&
1692 "Not all construction contexts were cleaned up!");
1693
1694 return std::move(cfg);
1695 }
1696
1697 /// createBlock - Used to lazily create blocks that are connected
1698 /// to the current (global) successor.
1699 CFGBlock *CFGBuilder::createBlock(bool add_successor) {
1700 CFGBlock *B = cfg->createBlock();
1701 if (add_successor && Succ)
1702 addSuccessor(B, Succ);
1703 return B;
1704 }
1705
1706 /// createNoReturnBlock - Used to create a block is a 'noreturn' point in the
1707 /// CFG. It is *not* connected to the current (global) successor, and instead
1708 /// directly tied to the exit block in order to be reachable.
1709 CFGBlock *CFGBuilder::createNoReturnBlock() {
1710 CFGBlock *B = createBlock(false);
1711 B->setHasNoReturnElement();
1712 addSuccessor(B, &cfg->getExit(), Succ);
1713 return B;
1714 }
1715
1716 /// addInitializer - Add C++ base or member initializer element to CFG.
1717 CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) {
1718 if (!BuildOpts.AddInitializers)
1719 return Block;
1720
1721 bool HasTemporaries = false;
1722
1723 // Destructors of temporaries in initialization expression should be called
1724 // after initialization finishes.
1725 Expr *Init = I->getInit();
1726 if (Init) {
1727 HasTemporaries = isa<ExprWithCleanups>(Init);
1728
1729 if (BuildOpts.AddTemporaryDtors && HasTemporaries) {
1730 // Generate destructors for temporaries in initialization expression.
1731 TempDtorContext Context;
1732 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(),
1733 /*ExternallyDestructed=*/false, Context);
1734 }
1735 }
1736
1737 autoCreateBlock();
1738 appendInitializer(Block, I);
1739
1740 if (Init) {
1741 // If the initializer is an ArrayInitLoopExpr, we want to extract the
1742 // initializer, that's used for each element.
1743 auto *AILEInit = extractElementInitializerFromNestedAILE(
1744 dyn_cast<ArrayInitLoopExpr>(Init));
1745
1746 findConstructionContexts(
1747 ConstructionContextLayer::create(cfg->getBumpVectorContext(), I),
1748 AILEInit ? AILEInit : Init);
1749
1750 if (HasTemporaries) {
1751 // For expression with temporaries go directly to subexpression to omit
1752 // generating destructors for the second time.
1753 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr());
1754 }
1755 if (BuildOpts.AddCXXDefaultInitExprInCtors) {
1756 if (CXXDefaultInitExpr *Default = dyn_cast<CXXDefaultInitExpr>(Init)) {
1757 // In general, appending the expression wrapped by a CXXDefaultInitExpr
1758 // may cause the same Expr to appear more than once in the CFG. Doing it
1759 // here is safe because there's only one initializer per field.
1760 autoCreateBlock();
1761 appendStmt(Block, Default);
1762 if (Stmt *Child = Default->getExpr())
1763 if (CFGBlock *R = Visit(Child))
1764 Block = R;
1765 return Block;
1766 }
1767 }
1768 return Visit(Init);
1769 }
1770
1771 return Block;
1772 }
1773
1774 /// Retrieve the type of the temporary object whose lifetime was
1775 /// extended by a local reference with the given initializer.
1776 static QualType getReferenceInitTemporaryType(const Expr *Init,
1777 bool *FoundMTE = nullptr) {
1778 while (true) {
1779 // Skip parentheses.
1780 Init = Init->IgnoreParens();
1781
1782 // Skip through cleanups.
1783 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) {
1784 Init = EWC->getSubExpr();
1785 continue;
1786 }
1787
1788 // Skip through the temporary-materialization expression.
1789 if (const MaterializeTemporaryExpr *MTE
1790 = dyn_cast<MaterializeTemporaryExpr>(Init)) {
1791 Init = MTE->getSubExpr();
1792 if (FoundMTE)
1793 *FoundMTE = true;
1794 continue;
1795 }
1796
1797 // Skip sub-object accesses into rvalues.
1798 const Expr *SkippedInit = Init->skipRValueSubobjectAdjustments();
1799 if (SkippedInit != Init) {
1800 Init = SkippedInit;
1801 continue;
1802 }
1803
1804 break;
1805 }
1806
1807 return Init->getType();
1808 }
1809
1810 // TODO: Support adding LoopExit element to the CFG in case where the loop is
1811 // ended by ReturnStmt, GotoStmt or ThrowExpr.
1812 void CFGBuilder::addLoopExit(const Stmt *LoopStmt){
1813 if(!BuildOpts.AddLoopExit)
1814 return;
1815 autoCreateBlock();
1816 appendLoopExit(Block, LoopStmt);
1817 }
1818
1819 /// Adds the CFG elements for leaving the scope of automatic objects in
1820 /// range [B, E). This include following:
1821 /// * AutomaticObjectDtor for variables with non-trivial destructor
1822 /// * LifetimeEnds for all variables
1823 /// * ScopeEnd for each scope left
1824 void CFGBuilder::addAutomaticObjHandling(LocalScope::const_iterator B,
1825 LocalScope::const_iterator E,
1826 Stmt *S) {
1827 if (!BuildOpts.AddScopes && !BuildOpts.AddImplicitDtors &&
1828 !BuildOpts.AddLifetime)
1829 return;
1830
1831 if (B == E)
1832 return;
1833
1834 // Not leaving the scope, only need to handle destruction and lifetime
1835 if (B.inSameLocalScope(E)) {
1836 addAutomaticObjDestruction(B, E, S);
1837 return;
1838 }
1839
1840 // Extract information about all local scopes that are left
1841 SmallVector<LocalScope::const_iterator, 10> LocalScopeEndMarkers;
1842 LocalScopeEndMarkers.push_back(B);
1843 for (LocalScope::const_iterator I = B; I != E; ++I) {
1844 if (!I.inSameLocalScope(LocalScopeEndMarkers.back()))
1845 LocalScopeEndMarkers.push_back(I);
1846 }
1847 LocalScopeEndMarkers.push_back(E);
1848
1849 // We need to leave the scope in reverse order, so we reverse the end
1850 // markers
1851 std::reverse(LocalScopeEndMarkers.begin(), LocalScopeEndMarkers.end());
1852 auto Pairwise =
1853 llvm::zip(LocalScopeEndMarkers, llvm::drop_begin(LocalScopeEndMarkers));
1854 for (auto [E, B] : Pairwise) {
1855 if (!B.inSameLocalScope(E))
1856 addScopeExitHandling(B, E, S);
1857 addAutomaticObjDestruction(B, E, S);
1858 }
1859 }
1860
1861 /// Add CFG elements corresponding to call destructor and end of lifetime
1862 /// of all automatic variables with non-trivial destructor in range [B, E).
1863 /// This include AutomaticObjectDtor and LifetimeEnds elements.
1864 void CFGBuilder::addAutomaticObjDestruction(LocalScope::const_iterator B,
1865 LocalScope::const_iterator E,
1866 Stmt *S) {
1867 if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime)
1868 return;
1869
1870 if (B == E)
1871 return;
1872
1873 SmallVector<VarDecl *, 10> DeclsNeedDestruction;
1874 DeclsNeedDestruction.reserve(B.distance(E));
1875
1876 for (VarDecl* D : llvm::make_range(B, E))
1877 if (needsAutomaticDestruction(D))
1878 DeclsNeedDestruction.push_back(D);
1879
1880 for (VarDecl *VD : llvm::reverse(DeclsNeedDestruction)) {
1881 if (BuildOpts.AddImplicitDtors) {
1882 // If this destructor is marked as a no-return destructor, we need to
1883 // create a new block for the destructor which does not have as a
1884 // successor anything built thus far: control won't flow out of this
1885 // block.
1886 QualType Ty = VD->getType();
1887 if (Ty->isReferenceType())
1888 Ty = getReferenceInitTemporaryType(VD->getInit());
1889 Ty = Context->getBaseElementType(Ty);
1890
1891 const CXXRecordDecl *CRD = Ty->getAsCXXRecordDecl();
1892 if (CRD && CRD->isAnyDestructorNoReturn())
1893 Block = createNoReturnBlock();
1894 }
1895
1896 autoCreateBlock();
1897
1898 // Add LifetimeEnd after automatic obj with non-trivial destructors,
1899 // as they end their lifetime when the destructor returns. For trivial
1900 // objects, we end lifetime with scope end.
1901 if (BuildOpts.AddLifetime)
1902 appendLifetimeEnds(Block, VD, S);
1903 if (BuildOpts.AddImplicitDtors && !hasTrivialDestructor(VD))
1904 appendAutomaticObjDtor(Block, VD, S);
1905 if (VD->hasAttr<CleanupAttr>())
1906 appendCleanupFunction(Block, VD);
1907 }
1908 }
1909
1910 /// Add CFG elements corresponding to leaving a scope.
1911 /// Assumes that range [B, E) corresponds to single scope.
1912 /// This add following elements:
1913 /// * LifetimeEnds for all variables with non-trivial destructor
1914 /// * ScopeEnd for each scope left
1915 void CFGBuilder::addScopeExitHandling(LocalScope::const_iterator B,
1916 LocalScope::const_iterator E, Stmt *S) {
1917 assert(!B.inSameLocalScope(E));
1918 if (!BuildOpts.AddLifetime && !BuildOpts.AddScopes)
1919 return;
1920
1921 if (BuildOpts.AddScopes) {
1922 autoCreateBlock();
1923 appendScopeEnd(Block, B.getFirstVarInScope(), S);
1924 }
1925
1926 if (!BuildOpts.AddLifetime)
1927 return;
1928
1929 // We need to perform the scope leaving in reverse order
1930 SmallVector<VarDecl *, 10> DeclsTrivial;
1931 DeclsTrivial.reserve(B.distance(E));
1932
1933 // Objects with trivial destructor ends their lifetime when their storage
1934 // is destroyed, for automatic variables, this happens when the end of the
1935 // scope is added.
1936 for (VarDecl* D : llvm::make_range(B, E))
1937 if (!needsAutomaticDestruction(D))
1938 DeclsTrivial.push_back(D);
1939
1940 if (DeclsTrivial.empty())
1941 return;
1942
1943 autoCreateBlock();
1944 for (VarDecl *VD : llvm::reverse(DeclsTrivial))
1945 appendLifetimeEnds(Block, VD, S);
1946 }
1947
1948 /// addScopeChangesHandling - appends information about destruction, lifetime
1949 /// and cfgScopeEnd for variables in the scope that was left by the jump, and
1950 /// appends cfgScopeBegin for all scopes that where entered.
1951 /// We insert the cfgScopeBegin at the end of the jump node, as depending on
1952 /// the sourceBlock, each goto, may enter different amount of scopes.
1953 void CFGBuilder::addScopeChangesHandling(LocalScope::const_iterator SrcPos,
1954 LocalScope::const_iterator DstPos,
1955 Stmt *S) {
1956 assert(Block && "Source block should be always crated");
1957 if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
1958 !BuildOpts.AddScopes) {
1959 return;
1960 }
1961
1962 if (SrcPos == DstPos)
1963 return;
1964
1965 // Get common scope, the jump leaves all scopes [SrcPos, BasePos), and
1966 // enter all scopes between [DstPos, BasePos)
1967 LocalScope::const_iterator BasePos = SrcPos.shared_parent(DstPos);
1968
1969 // Append scope begins for scopes entered by goto
1970 if (BuildOpts.AddScopes && !DstPos.inSameLocalScope(BasePos)) {
1971 for (LocalScope::const_iterator I = DstPos; I != BasePos; ++I)
1972 if (I.pointsToFirstDeclaredVar())
1973 appendScopeBegin(Block, *I, S);
1974 }
1975
1976 // Append scopeEnds, destructor and lifetime with the terminator for
1977 // block left by goto.
1978 addAutomaticObjHandling(SrcPos, BasePos, S);
1979 }
1980
1981 /// createScopeChangesHandlingBlock - Creates a block with cfgElements
1982 /// corresponding to changing the scope from the source scope of the GotoStmt,
1983 /// to destination scope. Add destructor, lifetime and cfgScopeEnd
1984 /// CFGElements to newly created CFGBlock, that will have the CFG terminator
1985 /// transferred.
1986 CFGBlock *CFGBuilder::createScopeChangesHandlingBlock(
1987 LocalScope::const_iterator SrcPos, CFGBlock *SrcBlk,
1988 LocalScope::const_iterator DstPos, CFGBlock *DstBlk) {
1989 if (SrcPos == DstPos)
1990 return DstBlk;
1991
1992 if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
1993 (!BuildOpts.AddScopes || SrcPos.inSameLocalScope(DstPos)))
1994 return DstBlk;
1995
1996 // We will update CFBBuilder when creating new block, restore the
1997 // previous state at exit.
1998 SaveAndRestore save_Block(Block), save_Succ(Succ);
1999
2000 // Create a new block, and transfer terminator
2001 Block = createBlock(false);
2002 Block->setTerminator(SrcBlk->getTerminator());
2003 SrcBlk->setTerminator(CFGTerminator());
2004 addSuccessor(Block, DstBlk);
2005
2006 // Fill the created Block with the required elements.
2007 addScopeChangesHandling(SrcPos, DstPos, Block->getTerminatorStmt());
2008
2009 assert(Block && "There should be at least one scope changing Block");
2010 return Block;
2011 }
2012
2013 /// addImplicitDtorsForDestructor - Add implicit destructors generated for
2014 /// base and member objects in destructor.
2015 void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) {
2016 assert(BuildOpts.AddImplicitDtors &&
2017 "Can be called only when dtors should be added");
2018 const CXXRecordDecl *RD = DD->getParent();
2019
2020 // At the end destroy virtual base objects.
2021 for (const auto &VI : RD->vbases()) {
2022 // TODO: Add a VirtualBaseBranch to see if the most derived class
2023 // (which is different from the current class) is responsible for
2024 // destroying them.
2025 const CXXRecordDecl *CD = VI.getType()->getAsCXXRecordDecl();
2026 if (CD && !CD->hasTrivialDestructor()) {
2027 autoCreateBlock();
2028 appendBaseDtor(Block, &VI);
2029 }
2030 }
2031
2032 // Before virtual bases destroy direct base objects.
2033 for (const auto &BI : RD->bases()) {
2034 if (!BI.isVirtual()) {
2035 const CXXRecordDecl *CD = BI.getType()->getAsCXXRecordDecl();
2036 if (CD && !CD->hasTrivialDestructor()) {
2037 autoCreateBlock();
2038 appendBaseDtor(Block, &BI);
2039 }
2040 }
2041 }
2042
2043 // First destroy member objects.
2044 for (auto *FI : RD->fields()) {
2045 // Check for constant size array. Set type to array element type.
2046 QualType QT = FI->getType();
2047 // It may be a multidimensional array.
2048 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) {
2049 if (AT->isZeroSize())
2050 break;
2051 QT = AT->getElementType();
2052 }
2053
2054 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl())
2055 if (!CD->hasTrivialDestructor()) {
2056 autoCreateBlock();
2057 appendMemberDtor(Block, FI);
2058 }
2059 }
2060 }
2061
2062 /// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either
2063 /// way return valid LocalScope object.
2064 LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) {
2065 if (Scope)
2066 return Scope;
2067 llvm::BumpPtrAllocator &alloc = cfg->getAllocator();
2068 return new (alloc) LocalScope(BumpVectorContext(alloc), ScopePos);
2069 }
2070
2071 /// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement
2072 /// that should create implicit scope (e.g. if/else substatements).
2073 void CFGBuilder::addLocalScopeForStmt(Stmt *S) {
2074 if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
2075 !BuildOpts.AddScopes)
2076 return;
2077
2078 LocalScope *Scope = nullptr;
2079
2080 // For compound statement we will be creating explicit scope.
2081 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) {
2082 for (auto *BI : CS->body()) {
2083 Stmt *SI = BI->stripLabelLikeStatements();
2084 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI))
2085 Scope = addLocalScopeForDeclStmt(DS, Scope);
2086 }
2087 return;
2088 }
2089
2090 // For any other statement scope will be implicit and as such will be
2091 // interesting only for DeclStmt.
2092 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements()))
2093 addLocalScopeForDeclStmt(DS);
2094 }
2095
2096 /// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will
2097 /// reuse Scope if not NULL.
2098 LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS,
2099 LocalScope* Scope) {
2100 if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
2101 !BuildOpts.AddScopes)
2102 return Scope;
2103
2104 for (auto *DI : DS->decls())
2105 if (VarDecl *VD = dyn_cast<VarDecl>(DI))
2106 Scope = addLocalScopeForVarDecl(VD, Scope);
2107 return Scope;
2108 }
2109
2110 bool CFGBuilder::needsAutomaticDestruction(const VarDecl *VD) const {
2111 return !hasTrivialDestructor(VD) || VD->hasAttr<CleanupAttr>();
2112 }
2113
2114 bool CFGBuilder::hasTrivialDestructor(const VarDecl *VD) const {
2115 // Check for const references bound to temporary. Set type to pointee.
2116 QualType QT = VD->getType();
2117 if (QT->isReferenceType()) {
2118 // Attempt to determine whether this declaration lifetime-extends a
2119 // temporary.
2120 //
2121 // FIXME: This is incorrect. Non-reference declarations can lifetime-extend
2122 // temporaries, and a single declaration can extend multiple temporaries.
2123 // We should look at the storage duration on each nested
2124 // MaterializeTemporaryExpr instead.
2125
2126 const Expr *Init = VD->getInit();
2127 if (!Init) {
2128 // Probably an exception catch-by-reference variable.
2129 // FIXME: It doesn't really mean that the object has a trivial destructor.
2130 // Also are there other cases?
2131 return true;
2132 }
2133
2134 // Lifetime-extending a temporary?
2135 bool FoundMTE = false;
2136 QT = getReferenceInitTemporaryType(Init, &FoundMTE);
2137 if (!FoundMTE)
2138 return true;
2139 }
2140
2141 // Check for constant size array. Set type to array element type.
2142 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) {
2143 if (AT->isZeroSize())
2144 return true;
2145 QT = AT->getElementType();
2146 }
2147
2148 // Check if type is a C++ class with non-trivial destructor.
2149 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl())
2150 return !CD->hasDefinition() || CD->hasTrivialDestructor();
2151 return true;
2152 }
2153
2154 /// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will
2155 /// create add scope for automatic objects and temporary objects bound to
2156 /// const reference. Will reuse Scope if not NULL.
2157 LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD,
2158 LocalScope* Scope) {
2159 if (!BuildOpts.AddImplicitDtors && !BuildOpts.AddLifetime &&
2160 !BuildOpts.AddScopes)
2161 return Scope;
2162
2163 // Check if variable is local.
2164 if (!VD->hasLocalStorage())
2165 return Scope;
2166
2167 if (!BuildOpts.AddLifetime && !BuildOpts.AddScopes &&
2168 !needsAutomaticDestruction(VD)) {
2169 assert(BuildOpts.AddImplicitDtors);
2170 return Scope;
2171 }
2172
2173 // Add the variable to scope
2174 Scope = createOrReuseLocalScope(Scope);
2175 Scope->addVar(VD);
2176 ScopePos = Scope->begin();
2177 return Scope;
2178 }
2179
2180 /// addLocalScopeAndDtors - For given statement add local scope for it and
2181 /// add destructors that will cleanup the scope. Will reuse Scope if not NULL.
2182 void CFGBuilder::addLocalScopeAndDtors(Stmt *S) {
2183 LocalScope::const_iterator scopeBeginPos = ScopePos;
2184 addLocalScopeForStmt(S);
2185 addAutomaticObjHandling(ScopePos, scopeBeginPos, S);
2186 }
2187
2188 /// Visit - Walk the subtree of a statement and add extra
2189 /// blocks for ternary operators, &&, and ||. We also process "," and
2190 /// DeclStmts (which may contain nested control-flow).
2191 CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc,
2192 bool ExternallyDestructed) {
2193 if (!S) {
2194 badCFG = true;
2195 return nullptr;
2196 }
2197
2198 if (Expr *E = dyn_cast<Expr>(S))
2199 S = E->IgnoreParens();
2200
2201 if (Context->getLangOpts().OpenMP)
2202 if (auto *D = dyn_cast<OMPExecutableDirective>(S))
2203 return VisitOMPExecutableDirective(D, asc);
2204
2205 switch (S->getStmtClass()) {
2206 default:
2207 return VisitStmt(S, asc);
2208
2209 case Stmt::ImplicitValueInitExprClass:
2210 if (BuildOpts.OmitImplicitValueInitializers)
2211 return Block;
2212 return VisitStmt(S, asc);
2213
2214 case Stmt::InitListExprClass:
2215 return VisitInitListExpr(cast<InitListExpr>(S), asc);
2216
2217 case Stmt::AttributedStmtClass:
2218 return VisitAttributedStmt(cast<AttributedStmt>(S), asc);
2219
2220 case Stmt::AddrLabelExprClass:
2221 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc);
2222
2223 case Stmt::BinaryConditionalOperatorClass:
2224 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc);
2225
2226 case Stmt::BinaryOperatorClass:
2227 return VisitBinaryOperator(cast<BinaryOperator>(S), asc);
2228
2229 case Stmt::BlockExprClass:
2230 return VisitBlockExpr(cast<BlockExpr>(S), asc);
2231
2232 case Stmt::BreakStmtClass:
2233 return VisitBreakStmt(cast<BreakStmt>(S));
2234
2235 case Stmt::CallExprClass:
2236 case Stmt::CXXOperatorCallExprClass:
2237 case Stmt::CXXMemberCallExprClass:
2238 case Stmt::UserDefinedLiteralClass:
2239 return VisitCallExpr(cast<CallExpr>(S), asc);
2240
2241 case Stmt::CaseStmtClass:
2242 return VisitCaseStmt(cast<CaseStmt>(S));
2243
2244 case Stmt::ChooseExprClass:
2245 return VisitChooseExpr(cast<ChooseExpr>(S), asc);
2246
2247 case Stmt::CompoundStmtClass:
2248 return VisitCompoundStmt(cast<CompoundStmt>(S), ExternallyDestructed);
2249
2250 case Stmt::ConditionalOperatorClass:
2251 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc);
2252
2253 case Stmt::ContinueStmtClass:
2254 return VisitContinueStmt(cast<ContinueStmt>(S));
2255
2256 case Stmt::CXXCatchStmtClass:
2257 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S));
2258
2259 case Stmt::ExprWithCleanupsClass:
2260 return VisitExprWithCleanups(cast<ExprWithCleanups>(S),
2261 asc, ExternallyDestructed);
2262
2263 case Stmt::CXXDefaultArgExprClass:
2264 case Stmt::CXXDefaultInitExprClass:
2265 // FIXME: The expression inside a CXXDefaultArgExpr is owned by the
2266 // called function's declaration, not by the caller. If we simply add
2267 // this expression to the CFG, we could end up with the same Expr
2268 // appearing multiple times (PR13385).
2269 //
2270 // It's likewise possible for multiple CXXDefaultInitExprs for the same
2271 // expression to be used in the same function (through aggregate
2272 // initialization).
2273 return VisitStmt(S, asc);
2274
2275 case Stmt::CXXBindTemporaryExprClass:
2276 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc);
2277
2278 case Stmt::CXXConstructExprClass:
2279 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc);
2280
2281 case Stmt::CXXNewExprClass:
2282 return VisitCXXNewExpr(cast<CXXNewExpr>(S), asc);
2283
2284 case Stmt::CXXDeleteExprClass:
2285 return VisitCXXDeleteExpr(cast<CXXDeleteExpr>(S), asc);
2286
2287 case Stmt::CXXFunctionalCastExprClass:
2288 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc);
2289
2290 case Stmt::CXXTemporaryObjectExprClass:
2291 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc);
2292
2293 case Stmt::CXXThrowExprClass:
2294 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S));
2295
2296 case Stmt::CXXTryStmtClass:
2297 return VisitCXXTryStmt(cast<CXXTryStmt>(S));
2298
2299 case Stmt::CXXTypeidExprClass:
2300 return VisitCXXTypeidExpr(cast<CXXTypeidExpr>(S), asc);
2301
2302 case Stmt::CXXForRangeStmtClass:
2303 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S));
2304
2305 case Stmt::DeclStmtClass:
2306 return VisitDeclStmt(cast<DeclStmt>(S));
2307
2308 case Stmt::DefaultStmtClass:
2309 return VisitDefaultStmt(cast<DefaultStmt>(S));
2310
2311 case Stmt::DoStmtClass:
2312 return VisitDoStmt(cast<DoStmt>(S));
2313
2314 case Stmt::ForStmtClass:
2315 return VisitForStmt(cast<ForStmt>(S));
2316
2317 case Stmt::GotoStmtClass:
2318 return VisitGotoStmt(cast<GotoStmt>(S));
2319
2320 case Stmt::GCCAsmStmtClass:
2321 return VisitGCCAsmStmt(cast<GCCAsmStmt>(S), asc);
2322
2323 case Stmt::IfStmtClass:
2324 return VisitIfStmt(cast<IfStmt>(S));
2325
2326 case Stmt::ImplicitCastExprClass:
2327 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc);
2328
2329 case Stmt::ConstantExprClass:
2330 return VisitConstantExpr(cast<ConstantExpr>(S), asc);
2331
2332 case Stmt::IndirectGotoStmtClass:
2333 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S));
2334
2335 case Stmt::LabelStmtClass:
2336 return VisitLabelStmt(cast<LabelStmt>(S));
2337
2338 case Stmt::LambdaExprClass:
2339 return VisitLambdaExpr(cast<LambdaExpr>(S), asc);
2340
2341 case Stmt::MaterializeTemporaryExprClass:
2342 return VisitMaterializeTemporaryExpr(cast<MaterializeTemporaryExpr>(S),
2343 asc);
2344
2345 case Stmt::MemberExprClass:
2346 return VisitMemberExpr(cast<MemberExpr>(S), asc);
2347
2348 case Stmt::NullStmtClass:
2349 return Block;
2350
2351 case Stmt::ObjCAtCatchStmtClass:
2352 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S));
2353
2354 case Stmt::ObjCAutoreleasePoolStmtClass:
2355 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S));
2356
2357 case Stmt::ObjCAtSynchronizedStmtClass:
2358 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S));
2359
2360 case Stmt::ObjCAtThrowStmtClass:
2361 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S));
2362
2363 case Stmt::ObjCAtTryStmtClass:
2364 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S));
2365
2366 case Stmt::ObjCForCollectionStmtClass:
2367 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S));
2368
2369 case Stmt::ObjCMessageExprClass:
2370 return VisitObjCMessageExpr(cast<ObjCMessageExpr>(S), asc);
2371
2372 case Stmt::OpaqueValueExprClass:
2373 return Block;
2374
2375 case Stmt::PseudoObjectExprClass:
2376 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S));
2377
2378 case Stmt::ReturnStmtClass:
2379 case Stmt::CoreturnStmtClass:
2380 return VisitReturnStmt(S);
2381
2382 case Stmt::CoyieldExprClass:
2383 case Stmt::CoawaitExprClass:
2384 return VisitCoroutineSuspendExpr(cast<CoroutineSuspendExpr>(S), asc);
2385
2386 case Stmt::SEHExceptStmtClass:
2387 return VisitSEHExceptStmt(cast<SEHExceptStmt>(S));
2388
2389 case Stmt::SEHFinallyStmtClass:
2390 return VisitSEHFinallyStmt(cast<SEHFinallyStmt>(S));
2391
2392 case Stmt::SEHLeaveStmtClass:
2393 return VisitSEHLeaveStmt(cast<SEHLeaveStmt>(S));
2394
2395 case Stmt::SEHTryStmtClass:
2396 return VisitSEHTryStmt(cast<SEHTryStmt>(S));
2397
2398 case Stmt::UnaryExprOrTypeTraitExprClass:
2399 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S),
2400 asc);
2401
2402 case Stmt::StmtExprClass:
2403 return VisitStmtExpr(cast<StmtExpr>(S), asc);
2404
2405 case Stmt::SwitchStmtClass:
2406 return VisitSwitchStmt(cast<SwitchStmt>(S));
2407
2408 case Stmt::UnaryOperatorClass:
2409 return VisitUnaryOperator(cast<UnaryOperator>(S), asc);
2410
2411 case Stmt::WhileStmtClass:
2412 return VisitWhileStmt(cast<WhileStmt>(S));
2413
2414 case Stmt::ArrayInitLoopExprClass:
2415 return VisitArrayInitLoopExpr(cast<ArrayInitLoopExpr>(S), asc);
2416 }
2417 }
2418
2419 CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) {
2420 if (asc.alwaysAdd(*this, S)) {
2421 autoCreateBlock();
2422 appendStmt(Block, S);
2423 }
2424
2425 return VisitChildren(S);
2426 }
2427
2428 /// VisitChildren - Visit the children of a Stmt.
2429 CFGBlock *CFGBuilder::VisitChildren(Stmt *S) {
2430 CFGBlock *B = Block;
2431
2432 // Visit the children in their reverse order so that they appear in
2433 // left-to-right (natural) order in the CFG.
2434 reverse_children RChildren(S);
2435 for (Stmt *Child : RChildren) {
2436 if (Child)
2437 if (CFGBlock *R = Visit(Child))
2438 B = R;
2439 }
2440 return B;
2441 }
2442
2443 CFGBlock *CFGBuilder::VisitInitListExpr(InitListExpr *ILE, AddStmtChoice asc) {
2444 if (asc.alwaysAdd(*this, ILE)) {
2445 autoCreateBlock();
2446 appendStmt(Block, ILE);
2447 }
2448 CFGBlock *B = Block;
2449
2450 reverse_children RChildren(ILE);
2451 for (Stmt *Child : RChildren) {
2452 if (!Child)
2453 continue;
2454 if (CFGBlock *R = Visit(Child))
2455 B = R;
2456 if (BuildOpts.AddCXXDefaultInitExprInAggregates) {
2457 if (auto *DIE = dyn_cast<CXXDefaultInitExpr>(Child))
2458 if (Stmt *Child = DIE->getExpr())
2459 if (CFGBlock *R = Visit(Child))
2460 B = R;
2461 }
2462 }
2463 return B;
2464 }
2465
2466 CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A,
2467 AddStmtChoice asc) {
2468 AddressTakenLabels.insert(A->getLabel());
2469
2470 if (asc.alwaysAdd(*this, A)) {
2471 autoCreateBlock();
2472 appendStmt(Block, A);
2473 }
2474
2475 return Block;
2476 }
2477
2478 static bool isFallthroughStatement(const AttributedStmt *A) {
2479 bool isFallthrough = hasSpecificAttr<FallThroughAttr>(A->getAttrs());
2480 assert((!isFallthrough || isa<NullStmt>(A->getSubStmt())) &&
2481 "expected fallthrough not to have children");
2482 return isFallthrough;
2483 }
2484
2485 CFGBlock *CFGBuilder::VisitAttributedStmt(AttributedStmt *A,
2486 AddStmtChoice asc) {
2487 // AttributedStmts for [[likely]] can have arbitrary statements as children,
2488 // and the current visitation order here would add the AttributedStmts
2489 // for [[likely]] after the child nodes, which is undesirable: For example,
2490 // if the child contains an unconditional return, the [[likely]] would be
2491 // considered unreachable.
2492 // So only add the AttributedStmt for FallThrough, which has CFG effects and
2493 // also no children, and omit the others. None of the other current StmtAttrs
2494 // have semantic meaning for the CFG.
2495 if (isFallthroughStatement(A) && asc.alwaysAdd(*this, A)) {
2496 autoCreateBlock();
2497 appendStmt(Block, A);
2498 }
2499
2500 return VisitChildren(A);
2501 }
2502
2503 CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc) {
2504 if (asc.alwaysAdd(*this, U)) {
2505 autoCreateBlock();
2506 appendStmt(Block, U);
2507 }
2508
2509 if (U->getOpcode() == UO_LNot)
2510 tryEvaluateBool(U->getSubExpr()->IgnoreParens());
2511
2512 return Visit(U->getSubExpr(), AddStmtChoice());
2513 }
2514
2515 CFGBlock *CFGBuilder::VisitLogicalOperator(BinaryOperator *B) {
2516 CFGBlock *ConfluenceBlock = Block ? Block : createBlock();
2517 appendStmt(ConfluenceBlock, B);
2518
2519 if (badCFG)
2520 return nullptr;
2521
2522 return VisitLogicalOperator(B, nullptr, ConfluenceBlock,
2523 ConfluenceBlock).first;
2524 }
2525
2526 std::pair<CFGBlock*, CFGBlock*>
2527 CFGBuilder::VisitLogicalOperator(BinaryOperator *B,
2528 Stmt *Term,
2529 CFGBlock *TrueBlock,
2530 CFGBlock *FalseBlock) {
2531 // Introspect the RHS. If it is a nested logical operation, we recursively
2532 // build the CFG using this function. Otherwise, resort to default
2533 // CFG construction behavior.
2534 Expr *RHS = B->getRHS()->IgnoreParens();
2535 CFGBlock *RHSBlock, *ExitBlock;
2536
2537 do {
2538 if (BinaryOperator *B_RHS = dyn_cast<BinaryOperator>(RHS))
2539 if (B_RHS->isLogicalOp()) {
2540 std::tie(RHSBlock, ExitBlock) =
2541 VisitLogicalOperator(B_RHS, Term, TrueBlock, FalseBlock);
2542 break;
2543 }
2544
2545 // The RHS is not a nested logical operation. Don't push the terminator
2546 // down further, but instead visit RHS and construct the respective
2547 // pieces of the CFG, and link up the RHSBlock with the terminator
2548 // we have been provided.
2549 ExitBlock = RHSBlock = createBlock(false);
2550
2551 // Even though KnownVal is only used in the else branch of the next
2552 // conditional, tryEvaluateBool performs additional checking on the
2553 // Expr, so it should be called unconditionally.
2554 TryResult KnownVal = tryEvaluateBool(RHS);
2555 if (!KnownVal.isKnown())
2556 KnownVal = tryEvaluateBool(B);
2557
2558 if (!Term) {
2559 assert(TrueBlock == FalseBlock);
2560 addSuccessor(RHSBlock, TrueBlock);
2561 }
2562 else {
2563 RHSBlock->setTerminator(Term);
2564 addSuccessor(RHSBlock, TrueBlock, !KnownVal.isFalse());
2565 addSuccessor(RHSBlock, FalseBlock, !KnownVal.isTrue());
2566 }
2567
2568 Block = RHSBlock;
2569 RHSBlock = addStmt(RHS);
2570 }
2571 while (false);
2572
2573 if (badCFG)
2574 return std::make_pair(nullptr, nullptr);
2575
2576 // Generate the blocks for evaluating the LHS.
2577 Expr *LHS = B->getLHS()->IgnoreParens();
2578
2579 if (BinaryOperator *B_LHS = dyn_cast<BinaryOperator>(LHS))
2580 if (B_LHS->isLogicalOp()) {
2581 if (B->getOpcode() == BO_LOr)
2582 FalseBlock = RHSBlock;
2583 else
2584 TrueBlock = RHSBlock;
2585
2586 // For the LHS, treat 'B' as the terminator that we want to sink
2587 // into the nested branch. The RHS always gets the top-most
2588 // terminator.
2589 return VisitLogicalOperator(B_LHS, B, TrueBlock, FalseBlock);
2590 }
2591
2592 // Create the block evaluating the LHS.
2593 // This contains the '&&' or '||' as the terminator.
2594 CFGBlock *LHSBlock = createBlock(false);
2595 LHSBlock->setTerminator(B);
2596
2597 Block = LHSBlock;
2598 CFGBlock *EntryLHSBlock = addStmt(LHS);
2599
2600 if (badCFG)
2601 return std::make_pair(nullptr, nullptr);
2602
2603 // See if this is a known constant.
2604 TryResult KnownVal = tryEvaluateBool(LHS);
2605
2606 // Now link the LHSBlock with RHSBlock.
2607 if (B->getOpcode() == BO_LOr) {
2608 addSuccessor(LHSBlock, TrueBlock, !KnownVal.isFalse());
2609 addSuccessor(LHSBlock, RHSBlock, !KnownVal.isTrue());
2610 } else {
2611 assert(B->getOpcode() == BO_LAnd);
2612 addSuccessor(LHSBlock, RHSBlock, !KnownVal.isFalse());
2613 addSuccessor(LHSBlock, FalseBlock, !KnownVal.isTrue());
2614 }
2615
2616 return std::make_pair(EntryLHSBlock, ExitBlock);
2617 }
2618
2619 CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B,
2620 AddStmtChoice asc) {
2621 // && or ||
2622 if (B->isLogicalOp())
2623 return VisitLogicalOperator(B);
2624
2625 if (B->getOpcode() == BO_Comma) { // ,
2626 autoCreateBlock();
2627 appendStmt(Block, B);
2628 addStmt(B->getRHS());
2629 return addStmt(B->getLHS());
2630 }
2631
2632 if (B->isAssignmentOp()) {
2633 if (asc.alwaysAdd(*this, B)) {
2634 autoCreateBlock();
2635 appendStmt(Block, B);
2636 }
2637 Visit(B->getLHS());
2638 return Visit(B->getRHS());
2639 }
2640
2641 if (asc.alwaysAdd(*this, B)) {
2642 autoCreateBlock();
2643 appendStmt(Block, B);
2644 }
2645
2646 if (B->isEqualityOp() || B->isRelationalOp())
2647 tryEvaluateBool(B);
2648
2649 CFGBlock *RBlock = Visit(B->getRHS());
2650 CFGBlock *LBlock = Visit(B->getLHS());
2651 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr
2652 // containing a DoStmt, and the LHS doesn't create a new block, then we should
2653 // return RBlock. Otherwise we'll incorrectly return NULL.
2654 return (LBlock ? LBlock : RBlock);
2655 }
2656
2657 CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) {
2658 if (asc.alwaysAdd(*this, E)) {
2659 autoCreateBlock();
2660 appendStmt(Block, E);
2661 }
2662 return Block;
2663 }
2664
2665 CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) {
2666 // "break" is a control-flow statement. Thus we stop processing the current
2667 // block.
2668 if (badCFG)
2669 return nullptr;
2670
2671 // Now create a new block that ends with the break statement.
2672 Block = createBlock(false);
2673 Block->setTerminator(B);
2674
2675 // If there is no target for the break, then we are looking at an incomplete
2676 // AST. This means that the CFG cannot be constructed.
2677 if (BreakJumpTarget.block) {
2678 addAutomaticObjHandling(ScopePos, BreakJumpTarget.scopePosition, B);
2679 addSuccessor(Block, BreakJumpTarget.block);
2680 } else
2681 badCFG = true;
2682
2683 return Block;
2684 }
2685
2686 static bool CanThrow(Expr *E, ASTContext &Ctx) {
2687 QualType Ty = E->getType();
2688 if (Ty->isFunctionPointerType() || Ty->isBlockPointerType())
2689 Ty = Ty->getPointeeType();
2690
2691 const FunctionType *FT = Ty->getAs<FunctionType>();
2692 if (FT) {
2693 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT))
2694 if (!isUnresolvedExceptionSpec(Proto->getExceptionSpecType()) &&
2695 Proto->isNothrow())
2696 return false;
2697 }
2698 return true;
2699 }
2700
2701 CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) {
2702 // Compute the callee type.
2703 QualType calleeType = C->getCallee()->getType();
2704 if (calleeType == Context->BoundMemberTy) {
2705 QualType boundType = Expr::findBoundMemberType(C->getCallee());
2706
2707 // We should only get a null bound type if processing a dependent
2708 // CFG. Recover by assuming nothing.
2709 if (!boundType.isNull()) calleeType = boundType;
2710 }
2711
2712 // If this is a call to a no-return function, this stops the block here.
2713 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn();
2714
2715 bool AddEHEdge = false;
2716
2717 // Languages without exceptions are assumed to not throw.
2718 if (Context->getLangOpts().Exceptions) {
2719 if (BuildOpts.AddEHEdges)
2720 AddEHEdge = true;
2721 }
2722
2723 // If this is a call to a builtin function, it might not actually evaluate
2724 // its arguments. Don't add them to the CFG if this is the case.
2725 bool OmitArguments = false;
2726
2727 if (FunctionDecl *FD = C->getDirectCallee()) {
2728 // TODO: Support construction contexts for variadic function arguments.
2729 // These are a bit problematic and not very useful because passing
2730 // C++ objects as C-style variadic arguments doesn't work in general
2731 // (see [expr.call]).
2732 if (!FD->isVariadic())
2733 findConstructionContextsForArguments(C);
2734
2735 if (FD->isNoReturn() || C->isBuiltinAssumeFalse(*Context))
2736 NoReturn = true;
2737 if (FD->hasAttr<NoThrowAttr>())
2738 AddEHEdge = false;
2739 if (FD->getBuiltinID() == Builtin::BI__builtin_object_size ||
2740 FD->getBuiltinID() == Builtin::BI__builtin_dynamic_object_size)
2741 OmitArguments = true;
2742 }
2743
2744 if (!CanThrow(C->getCallee(), *Context))
2745 AddEHEdge = false;
2746
2747 if (OmitArguments) {
2748 assert(!NoReturn && "noreturn calls with unevaluated args not implemented");
2749 assert(!AddEHEdge && "EH calls with unevaluated args not implemented");
2750 autoCreateBlock();
2751 appendStmt(Block, C);
2752 return Visit(C->getCallee());
2753 }
2754
2755 if (!NoReturn && !AddEHEdge) {
2756 autoCreateBlock();
2757 appendCall(Block, C);
2758
2759 return VisitChildren(C);
2760 }
2761
2762 if (Block) {
2763 Succ = Block;
2764 if (badCFG)
2765 return nullptr;
2766 }
2767
2768 if (NoReturn)
2769 Block = createNoReturnBlock();
2770 else
2771 Block = createBlock();
2772
2773 appendCall(Block, C);
2774
2775 if (AddEHEdge) {
2776 // Add exceptional edges.
2777 if (TryTerminatedBlock)
2778 addSuccessor(Block, TryTerminatedBlock);
2779 else
2780 addSuccessor(Block, &cfg->getExit());
2781 }
2782
2783 return VisitChildren(C);
2784 }
2785
2786 CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C,
2787 AddStmtChoice asc) {
2788 CFGBlock *ConfluenceBlock = Block ? Block : createBlock();
2789 appendStmt(ConfluenceBlock, C);
2790 if (badCFG)
2791 return nullptr;
2792
2793 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true);
2794 Succ = ConfluenceBlock;
2795 Block = nullptr;
2796 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd);
2797 if (badCFG)
2798 return nullptr;
2799
2800 Succ = ConfluenceBlock;
2801 Block = nullptr;
2802 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd);
2803 if (badCFG)
2804 return nullptr;
2805
2806 Block = createBlock(false);
2807 // See if this is a known constant.
2808 const TryResult& KnownVal = tryEvaluateBool(C->getCond());
2809 addSuccessor(Block, KnownVal.isFalse() ? nullptr : LHSBlock);
2810 addSuccessor(Block, KnownVal.isTrue() ? nullptr : RHSBlock);
2811 Block->setTerminator(C);
2812 return addStmt(C->getCond());
2813 }
2814
2815 CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C,
2816 bool ExternallyDestructed) {
2817 LocalScope::const_iterator scopeBeginPos = ScopePos;
2818 addLocalScopeForStmt(C);
2819
2820 if (!C->body_empty() && !isa<ReturnStmt>(*C->body_rbegin())) {
2821 // If the body ends with a ReturnStmt, the dtors will be added in
2822 // VisitReturnStmt.
2823 addAutomaticObjHandling(ScopePos, scopeBeginPos, C);
2824 }
2825
2826 CFGBlock *LastBlock = Block;
2827
2828 for (Stmt *S : llvm::reverse(C->body())) {
2829 // If we hit a segment of code just containing ';' (NullStmts), we can
2830 // get a null block back. In such cases, just use the LastBlock
2831 CFGBlock *newBlock = Visit(S, AddStmtChoice::AlwaysAdd,
2832 ExternallyDestructed);
2833
2834 if (newBlock)
2835 LastBlock = newBlock;
2836
2837 if (badCFG)
2838 return nullptr;
2839
2840 ExternallyDestructed = false;
2841 }
2842
2843 return LastBlock;
2844 }
2845
2846 CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C,
2847 AddStmtChoice asc) {
2848 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C);
2849 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : nullptr);
2850
2851 // Create the confluence block that will "merge" the results of the ternary
2852 // expression.
2853 CFGBlock *ConfluenceBlock = Block ? Block : createBlock();
2854 appendStmt(ConfluenceBlock, C);
2855 if (badCFG)
2856 return nullptr;
2857
2858 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true);
2859
2860 // Create a block for the LHS expression if there is an LHS expression. A
2861 // GCC extension allows LHS to be NULL, causing the condition to be the
2862 // value that is returned instead.
2863 // e.g: x ?: y is shorthand for: x ? x : y;
2864 Succ = ConfluenceBlock;
2865 Block = nullptr;
2866 CFGBlock *LHSBlock = nullptr;
2867 const Expr *trueExpr = C->getTrueExpr();
2868 if (trueExpr != opaqueValue) {
2869 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd);
2870 if (badCFG)
2871 return nullptr;
2872 Block = nullptr;
2873 }
2874 else
2875 LHSBlock = ConfluenceBlock;
2876
2877 // Create the block for the RHS expression.
2878 Succ = ConfluenceBlock;
2879 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd);
2880 if (badCFG)
2881 return nullptr;
2882
2883 // If the condition is a logical '&&' or '||', build a more accurate CFG.
2884 if (BinaryOperator *Cond =
2885 dyn_cast<BinaryOperator>(C->getCond()->IgnoreParens()))
2886 if (Cond->isLogicalOp())
2887 return VisitLogicalOperator(Cond, C, LHSBlock, RHSBlock).first;
2888
2889 // Create the block that will contain the condition.
2890 Block = createBlock(false);
2891
2892 // See if this is a known constant.
2893 const TryResult& KnownVal = tryEvaluateBool(C->getCond());
2894 addSuccessor(Block, LHSBlock, !KnownVal.isFalse());
2895 addSuccessor(Block, RHSBlock, !KnownVal.isTrue());
2896 Block->setTerminator(C);
2897 Expr *condExpr = C->getCond();
2898
2899 if (opaqueValue) {
2900 // Run the condition expression if it's not trivially expressed in
2901 // terms of the opaque value (or if there is no opaque value).
2902 if (condExpr != opaqueValue)
2903 addStmt(condExpr);
2904
2905 // Before that, run the common subexpression if there was one.
2906 // At least one of this or the above will be run.
2907 return addStmt(BCO->getCommon());
2908 }
2909
2910 return addStmt(condExpr);
2911 }
2912
2913 CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) {
2914 // Check if the Decl is for an __label__. If so, elide it from the
2915 // CFG entirely.
2916 if (isa<LabelDecl>(*DS->decl_begin()))
2917 return Block;
2918
2919 // This case also handles static_asserts.
2920 if (DS->isSingleDecl())
2921 return VisitDeclSubExpr(DS);
2922
2923 CFGBlock *B = nullptr;
2924
2925 // Build an individual DeclStmt for each decl.
2926 for (DeclStmt::reverse_decl_iterator I = DS->decl_rbegin(),
2927 E = DS->decl_rend();
2928 I != E; ++I) {
2929
2930 // Allocate the DeclStmt using the BumpPtrAllocator. It will get
2931 // automatically freed with the CFG.
2932 DeclGroupRef DG(*I);
2933 Decl *D = *I;
2934 DeclStmt *DSNew = new (Context) DeclStmt(DG, D->getLocation(), GetEndLoc(D));
2935 cfg->addSyntheticDeclStmt(DSNew, DS);
2936
2937 // Append the fake DeclStmt to block.
2938 B = VisitDeclSubExpr(DSNew);
2939 }
2940
2941 return B;
2942 }
2943
2944 /// VisitDeclSubExpr - Utility method to add block-level expressions for
2945 /// DeclStmts and initializers in them.
2946 CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) {
2947 assert(DS->isSingleDecl() && "Can handle single declarations only.");
2948
2949 if (const auto *TND = dyn_cast<TypedefNameDecl>(DS->getSingleDecl())) {
2950 // If we encounter a VLA, process its size expressions.
2951 const Type *T = TND->getUnderlyingType().getTypePtr();
2952 if (!T->isVariablyModifiedType())
2953 return Block;
2954
2955 autoCreateBlock();
2956 appendStmt(Block, DS);
2957
2958 CFGBlock *LastBlock = Block;
2959 for (const VariableArrayType *VA = FindVA(T); VA != nullptr;
2960 VA = FindVA(VA->getElementType().getTypePtr())) {
2961 if (CFGBlock *NewBlock = addStmt(VA->getSizeExpr()))
2962 LastBlock = NewBlock;
2963 }
2964 return LastBlock;
2965 }
2966
2967 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl());
2968
2969 if (!VD) {
2970 // Of everything that can be declared in a DeclStmt, only VarDecls and the
2971 // exceptions above impact runtime semantics.
2972 return Block;
2973 }
2974
2975 bool HasTemporaries = false;
2976
2977 // Guard static initializers under a branch.
2978 CFGBlock *blockAfterStaticInit = nullptr;
2979
2980 if (BuildOpts.AddStaticInitBranches && VD->isStaticLocal()) {
2981 // For static variables, we need to create a branch to track
2982 // whether or not they are initialized.
2983 if (Block) {
2984 Succ = Block;
2985 Block = nullptr;
2986 if (badCFG)
2987 return nullptr;
2988 }
2989 blockAfterStaticInit = Succ;
2990 }
2991
2992 // Destructors of temporaries in initialization expression should be called
2993 // after initialization finishes.
2994 Expr *Init = VD->getInit();
2995 if (Init) {
2996 HasTemporaries = isa<ExprWithCleanups>(Init);
2997
2998 if (BuildOpts.AddTemporaryDtors && HasTemporaries) {
2999 // Generate destructors for temporaries in initialization expression.
3000 TempDtorContext Context;
3001 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(),
3002 /*ExternallyDestructed=*/true, Context);
3003 }
3004 }
3005
3006 // If we bind to a tuple-like type, we iterate over the HoldingVars, and
3007 // create a DeclStmt for each of them.
3008 if (const auto *DD = dyn_cast<DecompositionDecl>(VD)) {
3009 for (auto *BD : llvm::reverse(DD->bindings())) {
3010 if (auto *VD = BD->getHoldingVar()) {
3011 DeclGroupRef DG(VD);
3012 DeclStmt *DSNew =
3013 new (Context) DeclStmt(DG, VD->getLocation(), GetEndLoc(VD));
3014 cfg->addSyntheticDeclStmt(DSNew, DS);
3015 Block = VisitDeclSubExpr(DSNew);
3016 }
3017 }
3018 }
3019
3020 autoCreateBlock();
3021 appendStmt(Block, DS);
3022
3023 // If the initializer is an ArrayInitLoopExpr, we want to extract the
3024 // initializer, that's used for each element.
3025 const auto *AILE = dyn_cast_or_null<ArrayInitLoopExpr>(Init);
3026
3027 findConstructionContexts(
3028 ConstructionContextLayer::create(cfg->getBumpVectorContext(), DS),
3029 AILE ? AILE->getSubExpr() : Init);
3030
3031 // Keep track of the last non-null block, as 'Block' can be nulled out
3032 // if the initializer expression is something like a 'while' in a
3033 // statement-expression.
3034 CFGBlock *LastBlock = Block;
3035
3036 if (Init) {
3037 if (HasTemporaries) {
3038 // For expression with temporaries go directly to subexpression to omit
3039 // generating destructors for the second time.
3040 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init);
3041 if (CFGBlock *newBlock = Visit(EC->getSubExpr()))
3042 LastBlock = newBlock;
3043 }
3044 else {
3045 if (CFGBlock *newBlock = Visit(Init))
3046 LastBlock = newBlock;
3047 }
3048 }
3049
3050 // If the type of VD is a VLA, then we must process its size expressions.
3051 // FIXME: This does not find the VLA if it is embedded in other types,
3052 // like here: `int (*p_vla)[x];`
3053 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr());
3054 VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr())) {
3055 if (CFGBlock *newBlock = addStmt(VA->getSizeExpr()))
3056 LastBlock = newBlock;
3057 }
3058
3059 maybeAddScopeBeginForVarDecl(Block, VD, DS);
3060
3061 // Remove variable from local scope.
3062 if (ScopePos && VD == *ScopePos)
3063 ++ScopePos;
3064
3065 CFGBlock *B = LastBlock;
3066 if (blockAfterStaticInit) {
3067 Succ = B;
3068 Block = createBlock(false);
3069 Block->setTerminator(DS);
3070 addSuccessor(Block, blockAfterStaticInit);
3071 addSuccessor(Block, B);
3072 B = Block;
3073 }
3074
3075 return B;
3076 }
3077
3078 CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) {
3079 // We may see an if statement in the middle of a basic block, or it may be the
3080 // first statement we are processing. In either case, we create a new basic
3081 // block. First, we create the blocks for the then...else statements, and
3082 // then we create the block containing the if statement. If we were in the
3083 // middle of a block, we stop processing that block. That block is then the
3084 // implicit successor for the "then" and "else" clauses.
3085
3086 // Save local scope position because in case of condition variable ScopePos
3087 // won't be restored when traversing AST.
3088 SaveAndRestore save_scope_pos(ScopePos);
3089
3090 // Create local scope for C++17 if init-stmt if one exists.
3091 if (Stmt *Init = I->getInit())
3092 addLocalScopeForStmt(Init);
3093
3094 // Create local scope for possible condition variable.
3095 // Store scope position. Add implicit destructor.
3096 if (VarDecl *VD = I->getConditionVariable())
3097 addLocalScopeForVarDecl(VD);
3098
3099 addAutomaticObjHandling(ScopePos, save_scope_pos.get(), I);
3100
3101 // The block we were processing is now finished. Make it the successor
3102 // block.
3103 if (Block) {
3104 Succ = Block;
3105 if (badCFG)
3106 return nullptr;
3107 }
3108
3109 // Process the false branch.
3110 CFGBlock *ElseBlock = Succ;
3111
3112 if (Stmt *Else = I->getElse()) {
3113 SaveAndRestore sv(Succ);
3114
3115 // NULL out Block so that the recursive call to Visit will
3116 // create a new basic block.
3117 Block = nullptr;
3118
3119 // If branch is not a compound statement create implicit scope
3120 // and add destructors.
3121 if (!isa<CompoundStmt>(Else))
3122 addLocalScopeAndDtors(Else);
3123
3124 ElseBlock = addStmt(Else);
3125
3126 if (!ElseBlock) // Can occur when the Else body has all NullStmts.
3127 ElseBlock = sv.get();
3128 else if (Block) {
3129 if (badCFG)
3130 return nullptr;
3131 }
3132 }
3133
3134 // Process the true branch.
3135 CFGBlock *ThenBlock;
3136 {
3137 Stmt *Then = I->getThen();
3138 assert(Then);
3139 SaveAndRestore sv(Succ);
3140 Block = nullptr;
3141
3142 // If branch is not a compound statement create implicit scope
3143 // and add destructors.
3144 if (!isa<CompoundStmt>(Then))
3145 addLocalScopeAndDtors(Then);
3146
3147 ThenBlock = addStmt(Then);
3148
3149 if (!ThenBlock) {
3150 // We can reach here if the "then" body has all NullStmts.
3151 // Create an empty block so we can distinguish between true and false
3152 // branches in path-sensitive analyses.
3153 ThenBlock = createBlock(false);
3154 addSuccessor(ThenBlock, sv.get());
3155 } else if (Block) {
3156 if (badCFG)
3157 return nullptr;
3158 }
3159 }
3160
3161 // Specially handle "if (expr1 || ...)" and "if (expr1 && ...)" by
3162 // having these handle the actual control-flow jump. Note that
3163 // if we introduce a condition variable, e.g. "if (int x = exp1 || exp2)"
3164 // we resort to the old control-flow behavior. This special handling
3165 // removes infeasible paths from the control-flow graph by having the
3166 // control-flow transfer of '&&' or '||' go directly into the then/else
3167 // blocks directly.
3168 BinaryOperator *Cond =
3169 (I->isConsteval() || I->getConditionVariable())
3170 ? nullptr
3171 : dyn_cast<BinaryOperator>(I->getCond()->IgnoreParens());
3172 CFGBlock *LastBlock;
3173 if (Cond && Cond->isLogicalOp())
3174 LastBlock = VisitLogicalOperator(Cond, I, ThenBlock, ElseBlock).first;
3175 else {
3176 // Now create a new block containing the if statement.
3177 Block = createBlock(false);
3178
3179 // Set the terminator of the new block to the If statement.
3180 Block->setTerminator(I);
3181
3182 // See if this is a known constant.
3183 TryResult KnownVal;
3184 if (!I->isConsteval())
3185 KnownVal = tryEvaluateBool(I->getCond());
3186
3187 // Add the successors. If we know that specific branches are
3188 // unreachable, inform addSuccessor() of that knowledge.
3189 addSuccessor(Block, ThenBlock, /* IsReachable = */ !KnownVal.isFalse());
3190 addSuccessor(Block, ElseBlock, /* IsReachable = */ !KnownVal.isTrue());
3191
3192 if (I->isConsteval())
3193 return Block;
3194
3195 // Add the condition as the last statement in the new block. This may
3196 // create new blocks as the condition may contain control-flow. Any newly
3197 // created blocks will be pointed to be "Block".
3198 LastBlock = addStmt(I->getCond());
3199
3200 // If the IfStmt contains a condition variable, add it and its
3201 // initializer to the CFG.
3202 if (const DeclStmt* DS = I->getConditionVariableDeclStmt()) {
3203 autoCreateBlock();
3204 LastBlock = addStmt(const_cast<DeclStmt *>(DS));
3205 }
3206 }
3207
3208 // Finally, if the IfStmt contains a C++17 init-stmt, add it to the CFG.
3209 if (Stmt *Init = I->getInit()) {
3210 autoCreateBlock();
3211 LastBlock = addStmt(Init);
3212 }
3213
3214 return LastBlock;
3215 }
3216
3217 CFGBlock *CFGBuilder::VisitReturnStmt(Stmt *S) {
3218 // If we were in the middle of a block we stop processing that block.
3219 //
3220 // NOTE: If a "return" or "co_return" appears in the middle of a block, this
3221 // means that the code afterwards is DEAD (unreachable). We still keep
3222 // a basic block for that code; a simple "mark-and-sweep" from the entry
3223 // block will be able to report such dead blocks.
3224 assert(isa<ReturnStmt>(S) || isa<CoreturnStmt>(S));
3225
3226 // Create the new block.
3227 Block = createBlock(false);
3228
3229 addAutomaticObjHandling(ScopePos, LocalScope::const_iterator(), S);
3230
3231 if (auto *R = dyn_cast<ReturnStmt>(S))
3232 findConstructionContexts(
3233 ConstructionContextLayer::create(cfg->getBumpVectorContext(), R),
3234 R->getRetValue());
3235
3236 // If the one of the destructors does not return, we already have the Exit
3237 // block as a successor.
3238 if (!Block->hasNoReturnElement())
3239 addSuccessor(Block, &cfg->getExit());
3240
3241 // Add the return statement to the block.
3242 appendStmt(Block, S);
3243
3244 // Visit children
3245 if (ReturnStmt *RS = dyn_cast<ReturnStmt>(S)) {
3246 if (Expr *O = RS->getRetValue())
3247 return Visit(O, AddStmtChoice::AlwaysAdd, /*ExternallyDestructed=*/true);
3248 return Block;
3249 }
3250
3251 CoreturnStmt *CRS = cast<CoreturnStmt>(S);
3252 auto *B = Block;
3253 if (CFGBlock *R = Visit(CRS->getPromiseCall()))
3254 B = R;
3255
3256 if (Expr *RV = CRS->getOperand())
3257 if (RV->getType()->isVoidType() && !isa<InitListExpr>(RV))
3258 // A non-initlist void expression.
3259 if (CFGBlock *R = Visit(RV))
3260 B = R;
3261
3262 return B;
3263 }
3264
3265 CFGBlock *CFGBuilder::VisitCoroutineSuspendExpr(CoroutineSuspendExpr *E,
3266 AddStmtChoice asc) {
3267 // We're modelling the pre-coro-xform CFG. Thus just evalate the various
3268 // active components of the co_await or co_yield. Note we do not model the
3269 // edge from the builtin_suspend to the exit node.
3270 if (asc.alwaysAdd(*this, E)) {
3271 autoCreateBlock();
3272 appendStmt(Block, E);
3273 }
3274 CFGBlock *B = Block;
3275 if (auto *R = Visit(E->getResumeExpr()))
3276 B = R;
3277 if (auto *R = Visit(E->getSuspendExpr()))
3278 B = R;
3279 if (auto *R = Visit(E->getReadyExpr()))
3280 B = R;
3281 if (auto *R = Visit(E->getCommonExpr()))
3282 B = R;
3283 return B;
3284 }
3285
3286 CFGBlock *CFGBuilder::VisitSEHExceptStmt(SEHExceptStmt *ES) {
3287 // SEHExceptStmt are treated like labels, so they are the first statement in a
3288 // block.
3289
3290 // Save local scope position because in case of exception variable ScopePos
3291 // won't be restored when traversing AST.
3292 SaveAndRestore save_scope_pos(ScopePos);
3293
3294 addStmt(ES->getBlock());
3295 CFGBlock *SEHExceptBlock = Block;
3296 if (!SEHExceptBlock)
3297 SEHExceptBlock = createBlock();
3298
3299 appendStmt(SEHExceptBlock, ES);
3300
3301 // Also add the SEHExceptBlock as a label, like with regular labels.
3302 SEHExceptBlock->setLabel(ES);
3303
3304 // Bail out if the CFG is bad.
3305 if (badCFG)
3306 return nullptr;
3307
3308 // We set Block to NULL to allow lazy creation of a new block (if necessary).
3309 Block = nullptr;
3310
3311 return SEHExceptBlock;
3312 }
3313
3314 CFGBlock *CFGBuilder::VisitSEHFinallyStmt(SEHFinallyStmt *FS) {
3315 return VisitCompoundStmt(FS->getBlock(), /*ExternallyDestructed=*/false);
3316 }
3317
3318 CFGBlock *CFGBuilder::VisitSEHLeaveStmt(SEHLeaveStmt *LS) {
3319 // "__leave" is a control-flow statement. Thus we stop processing the current
3320 // block.
3321 if (badCFG)
3322 return nullptr;
3323
3324 // Now create a new block that ends with the __leave statement.
3325 Block = createBlock(false);
3326 Block->setTerminator(LS);
3327
3328 // If there is no target for the __leave, then we are looking at an incomplete
3329 // AST. This means that the CFG cannot be constructed.
3330 if (SEHLeaveJumpTarget.block) {
3331 addAutomaticObjHandling(ScopePos, SEHLeaveJumpTarget.scopePosition, LS);
3332 addSuccessor(Block, SEHLeaveJumpTarget.block);
3333 } else
3334 badCFG = true;
3335
3336 return Block;
3337 }
3338
3339 CFGBlock *CFGBuilder::VisitSEHTryStmt(SEHTryStmt *Terminator) {
3340 // "__try"/"__except"/"__finally" is a control-flow statement. Thus we stop
3341 // processing the current block.
3342 CFGBlock *SEHTrySuccessor = nullptr;
3343
3344 if (Block) {
3345 if (badCFG)
3346 return nullptr;
3347 SEHTrySuccessor = Block;
3348 } else SEHTrySuccessor = Succ;
3349
3350 // FIXME: Implement __finally support.
3351 if (Terminator->getFinallyHandler())
3352 return NYS();
3353
3354 CFGBlock *PrevSEHTryTerminatedBlock = TryTerminatedBlock;
3355
3356 // Create a new block that will contain the __try statement.
3357 CFGBlock *NewTryTerminatedBlock = createBlock(false);
3358
3359 // Add the terminator in the __try block.
3360 NewTryTerminatedBlock->setTerminator(Terminator);
3361
3362 if (SEHExceptStmt *Except = Terminator->getExceptHandler()) {
3363 // The code after the try is the implicit successor if there's an __except.
3364 Succ = SEHTrySuccessor;
3365 Block = nullptr;
3366 CFGBlock *ExceptBlock = VisitSEHExceptStmt(Except);
3367 if (!ExceptBlock)
3368 return nullptr;
3369 // Add this block to the list of successors for the block with the try
3370 // statement.
3371 addSuccessor(NewTryTerminatedBlock, ExceptBlock);
3372 }
3373 if (PrevSEHTryTerminatedBlock)
3374 addSuccessor(NewTryTerminatedBlock, PrevSEHTryTerminatedBlock);
3375 else
3376 addSuccessor(NewTryTerminatedBlock, &cfg->getExit());
3377
3378 // The code after the try is the implicit successor.
3379 Succ = SEHTrySuccessor;
3380
3381 // Save the current "__try" context.
3382 SaveAndRestore SaveTry(TryTerminatedBlock, NewTryTerminatedBlock);
3383 cfg->addTryDispatchBlock(TryTerminatedBlock);
3384
3385 // Save the current value for the __leave target.
3386 // All __leaves should go to the code following the __try
3387 // (FIXME: or if the __try has a __finally, to the __finally.)
3388 SaveAndRestore save_break(SEHLeaveJumpTarget);
3389 SEHLeaveJumpTarget = JumpTarget(SEHTrySuccessor, ScopePos);
3390
3391 assert(Terminator->getTryBlock() && "__try must contain a non-NULL body");
3392 Block = nullptr;
3393 return addStmt(Terminator->getTryBlock());
3394 }
3395
3396 CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) {
3397 // Get the block of the labeled statement. Add it to our map.
3398 addStmt(L->getSubStmt());
3399 CFGBlock *LabelBlock = Block;
3400
3401 if (!LabelBlock) // This can happen when the body is empty, i.e.
3402 LabelBlock = createBlock(); // scopes that only contains NullStmts.
3403
3404 assert(!LabelMap.contains(L->getDecl()) && "label already in map");
3405 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos);
3406
3407 // Labels partition blocks, so this is the end of the basic block we were
3408 // processing (L is the block's label). Because this is label (and we have
3409 // already processed the substatement) there is no extra control-flow to worry
3410 // about.
3411 LabelBlock->setLabel(L);
3412 if (badCFG)
3413 return nullptr;
3414
3415 // We set Block to NULL to allow lazy creation of a new block (if necessary).
3416 Block = nullptr;
3417
3418 // This block is now the implicit successor of other blocks.
3419 Succ = LabelBlock;
3420
3421 return LabelBlock;
3422 }
3423
3424 CFGBlock *CFGBuilder::VisitBlockExpr(BlockExpr *E, AddStmtChoice asc) {
3425 CFGBlock *LastBlock = VisitNoRecurse(E, asc);
3426 for (const BlockDecl::Capture &CI : E->getBlockDecl()->captures()) {
3427 if (Expr *CopyExpr = CI.getCopyExpr()) {
3428 CFGBlock *Tmp = Visit(CopyExpr);
3429 if (Tmp)
3430 LastBlock = Tmp;
3431 }
3432 }
3433 return LastBlock;
3434 }
3435
3436 CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) {
3437 CFGBlock *LastBlock = VisitNoRecurse(E, asc);
3438
3439 unsigned Idx = 0;
3440 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(),
3441 et = E->capture_init_end();
3442 it != et; ++it, ++Idx) {
3443 if (Expr *Init = *it) {
3444 // If the initializer is an ArrayInitLoopExpr, we want to extract the
3445 // initializer, that's used for each element.
3446 auto *AILEInit = extractElementInitializerFromNestedAILE(
3447 dyn_cast<ArrayInitLoopExpr>(Init));
3448
3449 findConstructionContexts(ConstructionContextLayer::create(
3450 cfg->getBumpVectorContext(), {E, Idx}),
3451 AILEInit ? AILEInit : Init);
3452
3453 CFGBlock *Tmp = Visit(Init);
3454 if (Tmp)
3455 LastBlock = Tmp;
3456 }
3457 }
3458 return LastBlock;
3459 }
3460
3461 CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) {
3462 // Goto is a control-flow statement. Thus we stop processing the current
3463 // block and create a new one.
3464
3465 Block = createBlock(false);
3466 Block->setTerminator(G);
3467
3468 // If we already know the mapping to the label block add the successor now.
3469 LabelMapTy::iterator I = LabelMap.find(G->getLabel());
3470
3471 if (I == LabelMap.end())
3472 // We will need to backpatch this block later.
3473 BackpatchBlocks.push_back(JumpSource(Block, ScopePos));
3474 else {
3475 JumpTarget JT = I->second;
3476 addSuccessor(Block, JT.block);
3477 addScopeChangesHandling(ScopePos, JT.scopePosition, G);
3478 }
3479
3480 return Block;
3481 }
3482
3483 CFGBlock *CFGBuilder::VisitGCCAsmStmt(GCCAsmStmt *G, AddStmtChoice asc) {
3484 // Goto is a control-flow statement. Thus we stop processing the current
3485 // block and create a new one.
3486
3487 if (!G->isAsmGoto())
3488 return VisitStmt(G, asc);
3489
3490 if (Block) {
3491 Succ = Block;
3492 if (badCFG)
3493 return nullptr;
3494 }
3495 Block = createBlock();
3496 Block->setTerminator(G);
3497 // We will backpatch this block later for all the labels.
3498 BackpatchBlocks.push_back(JumpSource(Block, ScopePos));
3499 // Save "Succ" in BackpatchBlocks. In the backpatch processing, "Succ" is
3500 // used to avoid adding "Succ" again.
3501 BackpatchBlocks.push_back(JumpSource(Succ, ScopePos));
3502 return VisitChildren(G);
3503 }
3504
3505 CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) {
3506 CFGBlock *LoopSuccessor = nullptr;
3507
3508 // Save local scope position because in case of condition variable ScopePos
3509 // won't be restored when traversing AST.
3510 SaveAndRestore save_scope_pos(ScopePos);
3511
3512 // Create local scope for init statement and possible condition variable.
3513 // Add destructor for init statement and condition variable.
3514 // Store scope position for continue statement.
3515 if (Stmt *Init = F->getInit())
3516 addLocalScopeForStmt(Init);
3517 LocalScope::const_iterator LoopBeginScopePos = ScopePos;
3518
3519 if (VarDecl *VD = F->getConditionVariable())
3520 addLocalScopeForVarDecl(VD);
3521 LocalScope::const_iterator ContinueScopePos = ScopePos;
3522
3523 addAutomaticObjHandling(ScopePos, save_scope_pos.get(), F);
3524
3525 addLoopExit(F);
3526
3527 // "for" is a control-flow statement. Thus we stop processing the current
3528 // block.
3529 if (Block) {
3530 if (badCFG)
3531 return nullptr;
3532 LoopSuccessor = Block;
3533 } else
3534 LoopSuccessor = Succ;
3535
3536 // Save the current value for the break targets.
3537 // All breaks should go to the code following the loop.
3538 SaveAndRestore save_break(BreakJumpTarget);
3539 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
3540
3541 CFGBlock *BodyBlock = nullptr, *TransitionBlock = nullptr;
3542
3543 // Now create the loop body.
3544 {
3545 assert(F->getBody());
3546
3547 // Save the current values for Block, Succ, continue and break targets.
3548 SaveAndRestore save_Block(Block), save_Succ(Succ);
3549 SaveAndRestore save_continue(ContinueJumpTarget);
3550
3551 // Create an empty block to represent the transition block for looping back
3552 // to the head of the loop. If we have increment code, it will
3553 // go in this block as well.
3554 Block = Succ = TransitionBlock = createBlock(false);
3555 TransitionBlock->setLoopTarget(F);
3556
3557
3558 // Loop iteration (after increment) should end with destructor of Condition
3559 // variable (if any).
3560 addAutomaticObjHandling(ScopePos, LoopBeginScopePos, F);
3561
3562 if (Stmt *I = F->getInc()) {
3563 // Generate increment code in its own basic block. This is the target of
3564 // continue statements.
3565 Succ = addStmt(I);
3566 }
3567
3568 // Finish up the increment (or empty) block if it hasn't been already.
3569 if (Block) {
3570 assert(Block == Succ);
3571 if (badCFG)
3572 return nullptr;
3573 Block = nullptr;
3574 }
3575
3576 // The starting block for the loop increment is the block that should
3577 // represent the 'loop target' for looping back to the start of the loop.
3578 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos);
3579 ContinueJumpTarget.block->setLoopTarget(F);
3580
3581
3582 // If body is not a compound statement create implicit scope
3583 // and add destructors.
3584 if (!isa<CompoundStmt>(F->getBody()))
3585 addLocalScopeAndDtors(F->getBody());
3586
3587 // Now populate the body block, and in the process create new blocks as we
3588 // walk the body of the loop.
3589 BodyBlock = addStmt(F->getBody());
3590
3591 if (!BodyBlock) {
3592 // In the case of "for (...;...;...);" we can have a null BodyBlock.
3593 // Use the continue jump target as the proxy for the body.
3594 BodyBlock = ContinueJumpTarget.block;
3595 }
3596 else if (badCFG)
3597 return nullptr;
3598 }
3599
3600 // Because of short-circuit evaluation, the condition of the loop can span
3601 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
3602 // evaluate the condition.
3603 CFGBlock *EntryConditionBlock = nullptr, *ExitConditionBlock = nullptr;
3604
3605 do {
3606 Expr *C = F->getCond();
3607 SaveAndRestore save_scope_pos(ScopePos);
3608
3609 // Specially handle logical operators, which have a slightly
3610 // more optimal CFG representation.
3611 if (BinaryOperator *Cond =
3612 dyn_cast_or_null<BinaryOperator>(C ? C->IgnoreParens() : nullptr))
3613 if (Cond->isLogicalOp()) {
3614 std::tie(EntryConditionBlock, ExitConditionBlock) =
3615 VisitLogicalOperator(Cond, F, BodyBlock, LoopSuccessor);
3616 break;
3617 }
3618
3619 // The default case when not handling logical operators.
3620 EntryConditionBlock = ExitConditionBlock = createBlock(false);
3621 ExitConditionBlock->setTerminator(F);
3622
3623 // See if this is a known constant.
3624 TryResult KnownVal(true);
3625
3626 if (C) {
3627 // Now add the actual condition to the condition block.
3628 // Because the condition itself may contain control-flow, new blocks may
3629 // be created. Thus we update "Succ" after adding the condition.
3630 Block = ExitConditionBlock;
3631 EntryConditionBlock = addStmt(C);
3632
3633 // If this block contains a condition variable, add both the condition
3634 // variable and initializer to the CFG.
3635 if (VarDecl *VD = F->getConditionVariable()) {
3636 if (Expr *Init = VD->getInit()) {
3637 autoCreateBlock();
3638 const DeclStmt *DS = F->getConditionVariableDeclStmt();
3639 assert(DS->isSingleDecl());
3640 findConstructionContexts(
3641 ConstructionContextLayer::create(cfg->getBumpVectorContext(), DS),
3642 Init);
3643 appendStmt(Block, DS);
3644 EntryConditionBlock = addStmt(Init);
3645 assert(Block == EntryConditionBlock);
3646 maybeAddScopeBeginForVarDecl(EntryConditionBlock, VD, C);
3647 }
3648 }
3649
3650 if (Block && badCFG)
3651 return nullptr;
3652
3653 KnownVal = tryEvaluateBool(C);
3654 }
3655
3656 // Add the loop body entry as a successor to the condition.
3657 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? nullptr : BodyBlock);
3658 // Link up the condition block with the code that follows the loop. (the
3659 // false branch).
3660 addSuccessor(ExitConditionBlock,
3661 KnownVal.isTrue() ? nullptr : LoopSuccessor);
3662 } while (false);
3663
3664 // Link up the loop-back block to the entry condition block.
3665 addSuccessor(TransitionBlock, EntryConditionBlock);
3666
3667 // The condition block is the implicit successor for any code above the loop.
3668 Succ = EntryConditionBlock;
3669
3670 // If the loop contains initialization, create a new block for those
3671 // statements. This block can also contain statements that precede the loop.
3672 if (Stmt *I = F->getInit()) {
3673 SaveAndRestore save_scope_pos(ScopePos);
3674 ScopePos = LoopBeginScopePos;
3675 Block = createBlock();
3676 return addStmt(I);
3677 }
3678
3679 // There is no loop initialization. We are thus basically a while loop.
3680 // NULL out Block to force lazy block construction.
3681 Block = nullptr;
3682 Succ = EntryConditionBlock;
3683 return EntryConditionBlock;
3684 }
3685
3686 CFGBlock *
3687 CFGBuilder::VisitMaterializeTemporaryExpr(MaterializeTemporaryExpr *MTE,
3688 AddStmtChoice asc) {
3689 findConstructionContexts(
3690 ConstructionContextLayer::create(cfg->getBumpVectorContext(), MTE),
3691 MTE->getSubExpr());
3692
3693 return VisitStmt(MTE, asc);
3694 }
3695
3696 CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) {
3697 if (asc.alwaysAdd(*this, M)) {
3698 autoCreateBlock();
3699 appendStmt(Block, M);
3700 }
3701 return Visit(M->getBase());
3702 }
3703
3704 CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) {
3705 // Objective-C fast enumeration 'for' statements:
3706 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC
3707 //
3708 // for ( Type newVariable in collection_expression ) { statements }
3709 //
3710 // becomes:
3711 //
3712 // prologue:
3713 // 1. collection_expression
3714 // T. jump to loop_entry
3715 // loop_entry:
3716 // 1. side-effects of element expression
3717 // 1. ObjCForCollectionStmt [performs binding to newVariable]
3718 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil]
3719 // TB:
3720 // statements
3721 // T. jump to loop_entry
3722 // FB:
3723 // what comes after
3724 //
3725 // and
3726 //
3727 // Type existingItem;
3728 // for ( existingItem in expression ) { statements }
3729 //
3730 // becomes:
3731 //
3732 // the same with newVariable replaced with existingItem; the binding works
3733 // the same except that for one ObjCForCollectionStmt::getElement() returns
3734 // a DeclStmt and the other returns a DeclRefExpr.
3735
3736 CFGBlock *LoopSuccessor = nullptr;
3737
3738 if (Block) {
3739 if (badCFG)
3740 return nullptr;
3741 LoopSuccessor = Block;
3742 Block = nullptr;
3743 } else
3744 LoopSuccessor = Succ;
3745
3746 // Build the condition blocks.
3747 CFGBlock *ExitConditionBlock = createBlock(false);
3748
3749 // Set the terminator for the "exit" condition block.
3750 ExitConditionBlock->setTerminator(S);
3751
3752 // The last statement in the block should be the ObjCForCollectionStmt, which
3753 // performs the actual binding to 'element' and determines if there are any
3754 // more items in the collection.
3755 appendStmt(ExitConditionBlock, S);
3756 Block = ExitConditionBlock;
3757
3758 // Walk the 'element' expression to see if there are any side-effects. We
3759 // generate new blocks as necessary. We DON'T add the statement by default to
3760 // the CFG unless it contains control-flow.
3761 CFGBlock *EntryConditionBlock = Visit(S->getElement(),
3762 AddStmtChoice::NotAlwaysAdd);
3763 if (Block) {
3764 if (badCFG)
3765 return nullptr;
3766 Block = nullptr;
3767 }
3768
3769 // The condition block is the implicit successor for the loop body as well as
3770 // any code above the loop.
3771 Succ = EntryConditionBlock;
3772
3773 // Now create the true branch.
3774 {
3775 // Save the current values for Succ, continue and break targets.
3776 SaveAndRestore save_Block(Block), save_Succ(Succ);
3777 SaveAndRestore save_continue(ContinueJumpTarget),
3778 save_break(BreakJumpTarget);
3779
3780 // Add an intermediate block between the BodyBlock and the
3781 // EntryConditionBlock to represent the "loop back" transition, for looping
3782 // back to the head of the loop.
3783 CFGBlock *LoopBackBlock = nullptr;
3784 Succ = LoopBackBlock = createBlock();
3785 LoopBackBlock->setLoopTarget(S);
3786
3787 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
3788 ContinueJumpTarget = JumpTarget(Succ, ScopePos);
3789
3790 CFGBlock *BodyBlock = addStmt(S->getBody());
3791
3792 if (!BodyBlock)
3793 BodyBlock = ContinueJumpTarget.block; // can happen for "for (X in Y) ;"
3794 else if (Block) {
3795 if (badCFG)
3796 return nullptr;
3797 }
3798
3799 // This new body block is a successor to our "exit" condition block.
3800 addSuccessor(ExitConditionBlock, BodyBlock);
3801 }
3802
3803 // Link up the condition block with the code that follows the loop.
3804 // (the false branch).
3805 addSuccessor(ExitConditionBlock, LoopSuccessor);
3806
3807 // Now create a prologue block to contain the collection expression.
3808 Block = createBlock();
3809 return addStmt(S->getCollection());
3810 }
3811
3812 CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) {
3813 // Inline the body.
3814 return addStmt(S->getSubStmt());
3815 // TODO: consider adding cleanups for the end of @autoreleasepool scope.
3816 }
3817
3818 CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) {
3819 // FIXME: Add locking 'primitives' to CFG for @synchronized.
3820
3821 // Inline the body.
3822 CFGBlock *SyncBlock = addStmt(S->getSynchBody());
3823
3824 // The sync body starts its own basic block. This makes it a little easier
3825 // for diagnostic clients.
3826 if (SyncBlock) {
3827 if (badCFG)
3828 return nullptr;
3829
3830 Block = nullptr;
3831 Succ = SyncBlock;
3832 }
3833
3834 // Add the @synchronized to the CFG.
3835 autoCreateBlock();
3836 appendStmt(Block, S);
3837
3838 // Inline the sync expression.
3839 return addStmt(S->getSynchExpr());
3840 }
3841
3842 CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) {
3843 autoCreateBlock();
3844
3845 // Add the PseudoObject as the last thing.
3846 appendStmt(Block, E);
3847
3848 CFGBlock *lastBlock = Block;
3849
3850 // Before that, evaluate all of the semantics in order. In
3851 // CFG-land, that means appending them in reverse order.
3852 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) {
3853 Expr *Semantic = E->getSemanticExpr(--i);
3854
3855 // If the semantic is an opaque value, we're being asked to bind
3856 // it to its source expression.
3857 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic))
3858 Semantic = OVE->getSourceExpr();
3859
3860 if (CFGBlock *B = Visit(Semantic))
3861 lastBlock = B;
3862 }
3863
3864 return lastBlock;
3865 }
3866
3867 CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) {
3868 CFGBlock *LoopSuccessor = nullptr;
3869
3870 // Save local scope position because in case of condition variable ScopePos
3871 // won't be restored when traversing AST.
3872 SaveAndRestore save_scope_pos(ScopePos);
3873
3874 // Create local scope for possible condition variable.
3875 // Store scope position for continue statement.
3876 LocalScope::const_iterator LoopBeginScopePos = ScopePos;
3877 if (VarDecl *VD = W->getConditionVariable()) {
3878 addLocalScopeForVarDecl(VD);
3879 addAutomaticObjHandling(ScopePos, LoopBeginScopePos, W);
3880 }
3881 addLoopExit(W);
3882
3883 // "while" is a control-flow statement. Thus we stop processing the current
3884 // block.
3885 if (Block) {
3886 if (badCFG)
3887 return nullptr;
3888 LoopSuccessor = Block;
3889 Block = nullptr;
3890 } else {
3891 LoopSuccessor = Succ;
3892 }
3893
3894 CFGBlock *BodyBlock = nullptr, *TransitionBlock = nullptr;
3895
3896 // Process the loop body.
3897 {
3898 assert(W->getBody());
3899
3900 // Save the current values for Block, Succ, continue and break targets.
3901 SaveAndRestore save_Block(Block), save_Succ(Succ);
3902 SaveAndRestore save_continue(ContinueJumpTarget),
3903 save_break(BreakJumpTarget);
3904
3905 // Create an empty block to represent the transition block for looping back
3906 // to the head of the loop.
3907 Succ = TransitionBlock = createBlock(false);
3908 TransitionBlock->setLoopTarget(W);
3909 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos);
3910
3911 // All breaks should go to the code following the loop.
3912 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
3913
3914 // Loop body should end with destructor of Condition variable (if any).
3915 addAutomaticObjHandling(ScopePos, LoopBeginScopePos, W);
3916
3917 // If body is not a compound statement create implicit scope
3918 // and add destructors.
3919 if (!isa<CompoundStmt>(W->getBody()))
3920 addLocalScopeAndDtors(W->getBody());
3921
3922 // Create the body. The returned block is the entry to the loop body.
3923 BodyBlock = addStmt(W->getBody());
3924
3925 if (!BodyBlock)
3926 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;"
3927 else if (Block && badCFG)
3928 return nullptr;
3929 }
3930
3931 // Because of short-circuit evaluation, the condition of the loop can span
3932 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
3933 // evaluate the condition.
3934 CFGBlock *EntryConditionBlock = nullptr, *ExitConditionBlock = nullptr;
3935
3936 do {
3937 Expr *C = W->getCond();
3938
3939 // Specially handle logical operators, which have a slightly
3940 // more optimal CFG representation.
3941 if (BinaryOperator *Cond = dyn_cast<BinaryOperator>(C->IgnoreParens()))
3942 if (Cond->isLogicalOp()) {
3943 std::tie(EntryConditionBlock, ExitConditionBlock) =
3944 VisitLogicalOperator(Cond, W, BodyBlock, LoopSuccessor);
3945 break;
3946 }
3947
3948 // The default case when not handling logical operators.
3949 ExitConditionBlock = createBlock(false);
3950 ExitConditionBlock->setTerminator(W);
3951
3952 // Now add the actual condition to the condition block.
3953 // Because the condition itself may contain control-flow, new blocks may
3954 // be created. Thus we update "Succ" after adding the condition.
3955 Block = ExitConditionBlock;
3956 Block = EntryConditionBlock = addStmt(C);
3957
3958 // If this block contains a condition variable, add both the condition
3959 // variable and initializer to the CFG.
3960 if (VarDecl *VD = W->getConditionVariable()) {
3961 if (Expr *Init = VD->getInit()) {
3962 autoCreateBlock();
3963 const DeclStmt *DS = W->getConditionVariableDeclStmt();
3964 assert(DS->isSingleDecl());
3965 findConstructionContexts(
3966 ConstructionContextLayer::create(cfg->getBumpVectorContext(),
3967 const_cast<DeclStmt *>(DS)),
3968 Init);
3969 appendStmt(Block, DS);
3970 EntryConditionBlock = addStmt(Init);
3971 assert(Block == EntryConditionBlock);
3972 maybeAddScopeBeginForVarDecl(EntryConditionBlock, VD, C);
3973 }
3974 }
3975
3976 if (Block && badCFG)
3977 return nullptr;
3978
3979 // See if this is a known constant.
3980 const TryResult& KnownVal = tryEvaluateBool(C);
3981
3982 // Add the loop body entry as a successor to the condition.
3983 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? nullptr : BodyBlock);
3984 // Link up the condition block with the code that follows the loop. (the
3985 // false branch).
3986 addSuccessor(ExitConditionBlock,
3987 KnownVal.isTrue() ? nullptr : LoopSuccessor);
3988 } while(false);
3989
3990 // Link up the loop-back block to the entry condition block.
3991 addSuccessor(TransitionBlock, EntryConditionBlock);
3992
3993 // There can be no more statements in the condition block since we loop back
3994 // to this block. NULL out Block to force lazy creation of another block.
3995 Block = nullptr;
3996
3997 // Return the condition block, which is the dominating block for the loop.
3998 Succ = EntryConditionBlock;
3999 return EntryConditionBlock;
4000 }
4001
4002 CFGBlock *CFGBuilder::VisitArrayInitLoopExpr(ArrayInitLoopExpr *A,
4003 AddStmtChoice asc) {
4004 if (asc.alwaysAdd(*this, A)) {
4005 autoCreateBlock();
4006 appendStmt(Block, A);
4007 }
4008
4009 CFGBlock *B = Block;
4010
4011 if (CFGBlock *R = Visit(A->getSubExpr()))
4012 B = R;
4013
4014 auto *OVE = dyn_cast<OpaqueValueExpr>(A->getCommonExpr());
4015 assert(OVE && "ArrayInitLoopExpr->getCommonExpr() should be wrapped in an "
4016 "OpaqueValueExpr!");
4017 if (CFGBlock *R = Visit(OVE->getSourceExpr()))
4018 B = R;
4019
4020 return B;
4021 }
4022
4023 CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *CS) {
4024 // ObjCAtCatchStmt are treated like labels, so they are the first statement
4025 // in a block.
4026
4027 // Save local scope position because in case of exception variable ScopePos
4028 // won't be restored when traversing AST.
4029 SaveAndRestore save_scope_pos(ScopePos);
4030
4031 if (CS->getCatchBody())
4032 addStmt(CS->getCatchBody());
4033
4034 CFGBlock *CatchBlock = Block;
4035 if (!CatchBlock)
4036 CatchBlock = createBlock();
4037
4038 appendStmt(CatchBlock, CS);
4039
4040 // Also add the ObjCAtCatchStmt as a label, like with regular labels.
4041 CatchBlock->setLabel(CS);
4042
4043 // Bail out if the CFG is bad.
4044 if (badCFG)
4045 return nullptr;
4046
4047 // We set Block to NULL to allow lazy creation of a new block (if necessary).
4048 Block = nullptr;
4049
4050 return CatchBlock;
4051 }
4052
4053 CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) {
4054 // If we were in the middle of a block we stop processing that block.
4055 if (badCFG)
4056 return nullptr;
4057
4058 // Create the new block.
4059 Block = createBlock(false);
4060
4061 if (TryTerminatedBlock)
4062 // The current try statement is the only successor.
4063 addSuccessor(Block, TryTerminatedBlock);
4064 else
4065 // otherwise the Exit block is the only successor.
4066 addSuccessor(Block, &cfg->getExit());
4067
4068 // Add the statement to the block. This may create new blocks if S contains
4069 // control-flow (short-circuit operations).
4070 return VisitStmt(S, AddStmtChoice::AlwaysAdd);
4071 }
4072
4073 CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *Terminator) {
4074 // "@try"/"@catch" is a control-flow statement. Thus we stop processing the
4075 // current block.
4076 CFGBlock *TrySuccessor = nullptr;
4077
4078 if (Block) {
4079 if (badCFG)
4080 return nullptr;
4081 TrySuccessor = Block;
4082 } else
4083 TrySuccessor = Succ;
4084
4085 // FIXME: Implement @finally support.
4086 if (Terminator->getFinallyStmt())
4087 return NYS();
4088
4089 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock;
4090
4091 // Create a new block that will contain the try statement.
4092 CFGBlock *NewTryTerminatedBlock = createBlock(false);
4093 // Add the terminator in the try block.
4094 NewTryTerminatedBlock->setTerminator(Terminator);
4095
4096 bool HasCatchAll = false;
4097 for (ObjCAtCatchStmt *CS : Terminator->catch_stmts()) {
4098 // The code after the try is the implicit successor.
4099 Succ = TrySuccessor;
4100 if (CS->hasEllipsis()) {
4101 HasCatchAll = true;
4102 }
4103 Block = nullptr;
4104 CFGBlock *CatchBlock = VisitObjCAtCatchStmt(CS);
4105 if (!CatchBlock)
4106 return nullptr;
4107 // Add this block to the list of successors for the block with the try
4108 // statement.
4109 addSuccessor(NewTryTerminatedBlock, CatchBlock);
4110 }
4111
4112 // FIXME: This needs updating when @finally support is added.
4113 if (!HasCatchAll) {
4114 if (PrevTryTerminatedBlock)
4115 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock);
4116 else
4117 addSuccessor(NewTryTerminatedBlock, &cfg->getExit());
4118 }
4119
4120 // The code after the try is the implicit successor.
4121 Succ = TrySuccessor;
4122
4123 // Save the current "try" context.
4124 SaveAndRestore SaveTry(TryTerminatedBlock, NewTryTerminatedBlock);
4125 cfg->addTryDispatchBlock(TryTerminatedBlock);
4126
4127 assert(Terminator->getTryBody() && "try must contain a non-NULL body");
4128 Block = nullptr;
4129 return addStmt(Terminator->getTryBody());
4130 }
4131
4132 CFGBlock *CFGBuilder::VisitObjCMessageExpr(ObjCMessageExpr *ME,
4133 AddStmtChoice asc) {
4134 findConstructionContextsForArguments(ME);
4135
4136 autoCreateBlock();
4137 appendObjCMessage(Block, ME);
4138
4139 return VisitChildren(ME);
4140 }
4141
4142 CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) {
4143 // If we were in the middle of a block we stop processing that block.
4144 if (badCFG)
4145 return nullptr;
4146
4147 // Create the new block.
4148 Block = createBlock(false);
4149
4150 if (TryTerminatedBlock)
4151 // The current try statement is the only successor.
4152 addSuccessor(Block, TryTerminatedBlock);
4153 else
4154 // otherwise the Exit block is the only successor.
4155 addSuccessor(Block, &cfg->getExit());
4156
4157 // Add the statement to the block. This may create new blocks if S contains
4158 // control-flow (short-circuit operations).
4159 return VisitStmt(T, AddStmtChoice::AlwaysAdd);
4160 }
4161
4162 CFGBlock *CFGBuilder::VisitCXXTypeidExpr(CXXTypeidExpr *S, AddStmtChoice asc) {
4163 if (asc.alwaysAdd(*this, S)) {
4164 autoCreateBlock();
4165 appendStmt(Block, S);
4166 }
4167
4168 // C++ [expr.typeid]p3:
4169 // When typeid is applied to an expression other than an glvalue of a
4170 // polymorphic class type [...] [the] expression is an unevaluated
4171 // operand. [...]
4172 // We add only potentially evaluated statements to the block to avoid
4173 // CFG generation for unevaluated operands.
4174 if (!S->isTypeDependent() && S->isPotentiallyEvaluated())
4175 return VisitChildren(S);
4176
4177 // Return block without CFG for unevaluated operands.
4178 return Block;
4179 }
4180
4181 CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) {
4182 CFGBlock *LoopSuccessor = nullptr;
4183
4184 addLoopExit(D);
4185
4186 // "do...while" is a control-flow statement. Thus we stop processing the
4187 // current block.
4188 if (Block) {
4189 if (badCFG)
4190 return nullptr;
4191 LoopSuccessor = Block;
4192 } else
4193 LoopSuccessor = Succ;
4194
4195 // Because of short-circuit evaluation, the condition of the loop can span
4196 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
4197 // evaluate the condition.
4198 CFGBlock *ExitConditionBlock = createBlock(false);
4199 CFGBlock *EntryConditionBlock = ExitConditionBlock;
4200
4201 // Set the terminator for the "exit" condition block.
4202 ExitConditionBlock->setTerminator(D);
4203
4204 // Now add the actual condition to the condition block. Because the condition
4205 // itself may contain control-flow, new blocks may be created.
4206 if (Stmt *C = D->getCond()) {
4207 Block = ExitConditionBlock;
4208 EntryConditionBlock = addStmt(C);
4209 if (Block) {
4210 if (badCFG)
4211 return nullptr;
4212 }
4213 }
4214
4215 // The condition block is the implicit successor for the loop body.
4216 Succ = EntryConditionBlock;
4217
4218 // See if this is a known constant.
4219 const TryResult &KnownVal = tryEvaluateBool(D->getCond());
4220
4221 // Process the loop body.
4222 CFGBlock *BodyBlock = nullptr;
4223 {
4224 assert(D->getBody());
4225
4226 // Save the current values for Block, Succ, and continue and break targets
4227 SaveAndRestore save_Block(Block), save_Succ(Succ);
4228 SaveAndRestore save_continue(ContinueJumpTarget),
4229 save_break(BreakJumpTarget);
4230
4231 // All continues within this loop should go to the condition block
4232 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos);
4233
4234 // All breaks should go to the code following the loop.
4235 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
4236
4237 // NULL out Block to force lazy instantiation of blocks for the body.
4238 Block = nullptr;
4239
4240 // If body is not a compound statement create implicit scope
4241 // and add destructors.
4242 if (!isa<CompoundStmt>(D->getBody()))
4243 addLocalScopeAndDtors(D->getBody());
4244
4245 // Create the body. The returned block is the entry to the loop body.
4246 BodyBlock = addStmt(D->getBody());
4247
4248 if (!BodyBlock)
4249 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)"
4250 else if (Block) {
4251 if (badCFG)
4252 return nullptr;
4253 }
4254
4255 // Add an intermediate block between the BodyBlock and the
4256 // ExitConditionBlock to represent the "loop back" transition. Create an
4257 // empty block to represent the transition block for looping back to the
4258 // head of the loop.
4259 // FIXME: Can we do this more efficiently without adding another block?
4260 Block = nullptr;
4261 Succ = BodyBlock;
4262 CFGBlock *LoopBackBlock = createBlock();
4263 LoopBackBlock->setLoopTarget(D);
4264
4265 if (!KnownVal.isFalse())
4266 // Add the loop body entry as a successor to the condition.
4267 addSuccessor(ExitConditionBlock, LoopBackBlock);
4268 else
4269 addSuccessor(ExitConditionBlock, nullptr);
4270 }
4271
4272 // Link up the condition block with the code that follows the loop.
4273 // (the false branch).
4274 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? nullptr : LoopSuccessor);
4275
4276 // There can be no more statements in the body block(s) since we loop back to
4277 // the body. NULL out Block to force lazy creation of another block.
4278 Block = nullptr;
4279
4280 // Return the loop body, which is the dominating block for the loop.
4281 Succ = BodyBlock;
4282 return BodyBlock;
4283 }
4284
4285 CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) {
4286 // "continue" is a control-flow statement. Thus we stop processing the
4287 // current block.
4288 if (badCFG)
4289 return nullptr;
4290
4291 // Now create a new block that ends with the continue statement.
4292 Block = createBlock(false);
4293 Block->setTerminator(C);
4294
4295 // If there is no target for the continue, then we are looking at an
4296 // incomplete AST. This means the CFG cannot be constructed.
4297 if (ContinueJumpTarget.block) {
4298 addAutomaticObjHandling(ScopePos, ContinueJumpTarget.scopePosition, C);
4299 addSuccessor(Block, ContinueJumpTarget.block);
4300 } else
4301 badCFG = true;
4302
4303 return Block;
4304 }
4305
4306 CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E,
4307 AddStmtChoice asc) {
4308 if (asc.alwaysAdd(*this, E)) {
4309 autoCreateBlock();
4310 appendStmt(Block, E);
4311 }
4312
4313 // VLA types have expressions that must be evaluated.
4314 // Evaluation is done only for `sizeof`.
4315
4316 if (E->getKind() != UETT_SizeOf)
4317 return Block;
4318
4319 CFGBlock *lastBlock = Block;
4320
4321 if (E->isArgumentType()) {
4322 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr());
4323 VA != nullptr; VA = FindVA(VA->getElementType().getTypePtr()))
4324 lastBlock = addStmt(VA->getSizeExpr());
4325 }
4326 return lastBlock;
4327 }
4328
4329 /// VisitStmtExpr - Utility method to handle (nested) statement
4330 /// expressions (a GCC extension).
4331 CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) {
4332 if (asc.alwaysAdd(*this, SE)) {
4333 autoCreateBlock();
4334 appendStmt(Block, SE);
4335 }
4336 return VisitCompoundStmt(SE->getSubStmt(), /*ExternallyDestructed=*/true);
4337 }
4338
4339 CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) {
4340 // "switch" is a control-flow statement. Thus we stop processing the current
4341 // block.
4342 CFGBlock *SwitchSuccessor = nullptr;
4343
4344 // Save local scope position because in case of condition variable ScopePos
4345 // won't be restored when traversing AST.
4346 SaveAndRestore save_scope_pos(ScopePos);
4347
4348 // Create local scope for C++17 switch init-stmt if one exists.
4349 if (Stmt *Init = Terminator->getInit())
4350 addLocalScopeForStmt(Init);
4351
4352 // Create local scope for possible condition variable.
4353 // Store scope position. Add implicit destructor.
4354 if (VarDecl *VD = Terminator->getConditionVariable())
4355 addLocalScopeForVarDecl(VD);
4356
4357 addAutomaticObjHandling(ScopePos, save_scope_pos.get(), Terminator);
4358
4359 if (Block) {
4360 if (badCFG)
4361 return nullptr;
4362 SwitchSuccessor = Block;
4363 } else SwitchSuccessor = Succ;
4364
4365 // Save the current "switch" context.
4366 SaveAndRestore save_switch(SwitchTerminatedBlock),
4367 save_default(DefaultCaseBlock);
4368 SaveAndRestore save_break(BreakJumpTarget);
4369
4370 // Set the "default" case to be the block after the switch statement. If the
4371 // switch statement contains a "default:", this value will be overwritten with
4372 // the block for that code.
4373 DefaultCaseBlock = SwitchSuccessor;
4374
4375 // Create a new block that will contain the switch statement.
4376 SwitchTerminatedBlock = createBlock(false);
4377
4378 // Now process the switch body. The code after the switch is the implicit
4379 // successor.
4380 Succ = SwitchSuccessor;
4381 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos);
4382
4383 // When visiting the body, the case statements should automatically get linked
4384 // up to the switch. We also don't keep a pointer to the body, since all
4385 // control-flow from the switch goes to case/default statements.
4386 assert(Terminator->getBody() && "switch must contain a non-NULL body");
4387 Block = nullptr;
4388
4389 // For pruning unreachable case statements, save the current state
4390 // for tracking the condition value.
4391 SaveAndRestore save_switchExclusivelyCovered(switchExclusivelyCovered, false);
4392
4393 // Determine if the switch condition can be explicitly evaluated.
4394 assert(Terminator->getCond() && "switch condition must be non-NULL");
4395 Expr::EvalResult result;
4396 bool b = tryEvaluate(Terminator->getCond(), result);
4397 SaveAndRestore save_switchCond(switchCond, b ? &result : nullptr);
4398
4399 // If body is not a compound statement create implicit scope
4400 // and add destructors.
4401 if (!isa<CompoundStmt>(Terminator->getBody()))
4402 addLocalScopeAndDtors(Terminator->getBody());
4403
4404 addStmt(Terminator->getBody());
4405 if (Block) {
4406 if (badCFG)
4407 return nullptr;
4408 }
4409
4410 // If we have no "default:" case, the default transition is to the code
4411 // following the switch body. Moreover, take into account if all the
4412 // cases of a switch are covered (e.g., switching on an enum value).
4413 //
4414 // Note: We add a successor to a switch that is considered covered yet has no
4415 // case statements if the enumeration has no enumerators.
4416 bool SwitchAlwaysHasSuccessor = false;
4417 SwitchAlwaysHasSuccessor |= switchExclusivelyCovered;
4418 SwitchAlwaysHasSuccessor |= Terminator->isAllEnumCasesCovered() &&
4419 Terminator->getSwitchCaseList();
4420 addSuccessor(SwitchTerminatedBlock, DefaultCaseBlock,
4421 !SwitchAlwaysHasSuccessor);
4422
4423 // Add the terminator and condition in the switch block.
4424 SwitchTerminatedBlock->setTerminator(Terminator);
4425 Block = SwitchTerminatedBlock;
4426 CFGBlock *LastBlock = addStmt(Terminator->getCond());
4427
4428 // If the SwitchStmt contains a condition variable, add both the
4429 // SwitchStmt and the condition variable initialization to the CFG.
4430 if (VarDecl *VD = Terminator->getConditionVariable()) {
4431 if (Expr *Init = VD->getInit()) {
4432 autoCreateBlock();
4433 appendStmt(Block, Terminator->getConditionVariableDeclStmt());
4434 LastBlock = addStmt(Init);
4435 maybeAddScopeBeginForVarDecl(LastBlock, VD, Init);
4436 }
4437 }
4438
4439 // Finally, if the SwitchStmt contains a C++17 init-stmt, add it to the CFG.
4440 if (Stmt *Init = Terminator->getInit()) {
4441 autoCreateBlock();
4442 LastBlock = addStmt(Init);
4443 }
4444
4445 return LastBlock;
4446 }
4447
4448 static bool shouldAddCase(bool &switchExclusivelyCovered,
4449 const Expr::EvalResult *switchCond,
4450 const CaseStmt *CS,
4451 ASTContext &Ctx) {
4452 if (!switchCond)
4453 return true;
4454
4455 bool addCase = false;
4456
4457 if (!switchExclusivelyCovered) {
4458 if (switchCond->Val.isInt()) {
4459 // Evaluate the LHS of the case value.
4460 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx);
4461 const llvm::APSInt &condInt = switchCond->Val.getInt();
4462
4463 if (condInt == lhsInt) {
4464 addCase = true;
4465 switchExclusivelyCovered = true;
4466 }
4467 else if (condInt > lhsInt) {
4468 if (const Expr *RHS = CS->getRHS()) {
4469 // Evaluate the RHS of the case value.
4470 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx);
4471 if (V2 >= condInt) {
4472 addCase = true;
4473 switchExclusivelyCovered = true;
4474 }
4475 }
4476 }
4477 }
4478 else
4479 addCase = true;
4480 }
4481 return addCase;
4482 }
4483
4484 CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) {
4485 // CaseStmts are essentially labels, so they are the first statement in a
4486 // block.
4487 CFGBlock *TopBlock = nullptr, *LastBlock = nullptr;
4488
4489 if (Stmt *Sub = CS->getSubStmt()) {
4490 // For deeply nested chains of CaseStmts, instead of doing a recursion
4491 // (which can blow out the stack), manually unroll and create blocks
4492 // along the way.
4493 while (isa<CaseStmt>(Sub)) {
4494 CFGBlock *currentBlock = createBlock(false);
4495 currentBlock->setLabel(CS);
4496
4497 if (TopBlock)
4498 addSuccessor(LastBlock, currentBlock);
4499 else
4500 TopBlock = currentBlock;
4501
4502 addSuccessor(SwitchTerminatedBlock,
4503 shouldAddCase(switchExclusivelyCovered, switchCond,
4504 CS, *Context)
4505 ? currentBlock : nullptr);
4506
4507 LastBlock = currentBlock;
4508 CS = cast<CaseStmt>(Sub);
4509 Sub = CS->getSubStmt();
4510 }
4511
4512 addStmt(Sub);
4513 }
4514
4515 CFGBlock *CaseBlock = Block;
4516 if (!CaseBlock)
4517 CaseBlock = createBlock();
4518
4519 // Cases statements partition blocks, so this is the top of the basic block we
4520 // were processing (the "case XXX:" is the label).
4521 CaseBlock->setLabel(CS);
4522
4523 if (badCFG)
4524 return nullptr;
4525
4526 // Add this block to the list of successors for the block with the switch
4527 // statement.
4528 assert(SwitchTerminatedBlock);
4529 addSuccessor(SwitchTerminatedBlock, CaseBlock,
4530 shouldAddCase(switchExclusivelyCovered, switchCond,
4531 CS, *Context));
4532
4533 // We set Block to NULL to allow lazy creation of a new block (if necessary).
4534 Block = nullptr;
4535
4536 if (TopBlock) {
4537 addSuccessor(LastBlock, CaseBlock);
4538 Succ = TopBlock;
4539 } else {
4540 // This block is now the implicit successor of other blocks.
4541 Succ = CaseBlock;
4542 }
4543
4544 return Succ;
4545 }
4546
4547 CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) {
4548 if (Terminator->getSubStmt())
4549 addStmt(Terminator->getSubStmt());
4550
4551 DefaultCaseBlock = Block;
4552
4553 if (!DefaultCaseBlock)
4554 DefaultCaseBlock = createBlock();
4555
4556 // Default statements partition blocks, so this is the top of the basic block
4557 // we were processing (the "default:" is the label).
4558 DefaultCaseBlock->setLabel(Terminator);
4559
4560 if (badCFG)
4561 return nullptr;
4562
4563 // Unlike case statements, we don't add the default block to the successors
4564 // for the switch statement immediately. This is done when we finish
4565 // processing the switch statement. This allows for the default case
4566 // (including a fall-through to the code after the switch statement) to always
4567 // be the last successor of a switch-terminated block.
4568
4569 // We set Block to NULL to allow lazy creation of a new block (if necessary).
4570 Block = nullptr;
4571
4572 // This block is now the implicit successor of other blocks.
4573 Succ = DefaultCaseBlock;
4574
4575 return DefaultCaseBlock;
4576 }
4577
4578 CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) {
4579 // "try"/"catch" is a control-flow statement. Thus we stop processing the
4580 // current block.
4581 CFGBlock *TrySuccessor = nullptr;
4582
4583 if (Block) {
4584 if (badCFG)
4585 return nullptr;
4586 TrySuccessor = Block;
4587 } else
4588 TrySuccessor = Succ;
4589
4590 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock;
4591
4592 // Create a new block that will contain the try statement.
4593 CFGBlock *NewTryTerminatedBlock = createBlock(false);
4594 // Add the terminator in the try block.
4595 NewTryTerminatedBlock->setTerminator(Terminator);
4596
4597 bool HasCatchAll = false;
4598 for (unsigned I = 0, E = Terminator->getNumHandlers(); I != E; ++I) {
4599 // The code after the try is the implicit successor.
4600 Succ = TrySuccessor;
4601 CXXCatchStmt *CS = Terminator->getHandler(I);
4602 if (CS->getExceptionDecl() == nullptr) {
4603 HasCatchAll = true;
4604 }
4605 Block = nullptr;
4606 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS);
4607 if (!CatchBlock)
4608 return nullptr;
4609 // Add this block to the list of successors for the block with the try
4610 // statement.
4611 addSuccessor(NewTryTerminatedBlock, CatchBlock);
4612 }
4613 if (!HasCatchAll) {
4614 if (PrevTryTerminatedBlock)
4615 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock);
4616 else
4617 addSuccessor(NewTryTerminatedBlock, &cfg->getExit());
4618 }
4619
4620 // The code after the try is the implicit successor.
4621 Succ = TrySuccessor;
4622
4623 // Save the current "try" context.
4624 SaveAndRestore SaveTry(TryTerminatedBlock, NewTryTerminatedBlock);
4625 cfg->addTryDispatchBlock(TryTerminatedBlock);
4626
4627 assert(Terminator->getTryBlock() && "try must contain a non-NULL body");
4628 Block = nullptr;
4629 return addStmt(Terminator->getTryBlock());
4630 }
4631
4632 CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) {
4633 // CXXCatchStmt are treated like labels, so they are the first statement in a
4634 // block.
4635
4636 // Save local scope position because in case of exception variable ScopePos
4637 // won't be restored when traversing AST.
4638 SaveAndRestore save_scope_pos(ScopePos);
4639
4640 // Create local scope for possible exception variable.
4641 // Store scope position. Add implicit destructor.
4642 if (VarDecl *VD = CS->getExceptionDecl()) {
4643 LocalScope::const_iterator BeginScopePos = ScopePos;
4644 addLocalScopeForVarDecl(VD);
4645 addAutomaticObjHandling(ScopePos, BeginScopePos, CS);
4646 }
4647
4648 if (CS->getHandlerBlock())
4649 addStmt(CS->getHandlerBlock());
4650
4651 CFGBlock *CatchBlock = Block;
4652 if (!CatchBlock)
4653 CatchBlock = createBlock();
4654
4655 // CXXCatchStmt is more than just a label. They have semantic meaning
4656 // as well, as they implicitly "initialize" the catch variable. Add
4657 // it to the CFG as a CFGElement so that the control-flow of these
4658 // semantics gets captured.
4659 appendStmt(CatchBlock, CS);
4660
4661 // Also add the CXXCatchStmt as a label, to mirror handling of regular
4662 // labels.
4663 CatchBlock->setLabel(CS);
4664
4665 // Bail out if the CFG is bad.
4666 if (badCFG)
4667 return nullptr;
4668
4669 // We set Block to NULL to allow lazy creation of a new block (if necessary).
4670 Block = nullptr;
4671
4672 return CatchBlock;
4673 }
4674
4675 CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) {
4676 // C++0x for-range statements are specified as [stmt.ranged]:
4677 //
4678 // {
4679 // auto && __range = range-init;
4680 // for ( auto __begin = begin-expr,
4681 // __end = end-expr;
4682 // __begin != __end;
4683 // ++__begin ) {
4684 // for-range-declaration = *__begin;
4685 // statement
4686 // }
4687 // }
4688
4689 // Save local scope position before the addition of the implicit variables.
4690 SaveAndRestore save_scope_pos(ScopePos);
4691
4692 // Create local scopes and destructors for range, begin and end variables.
4693 if (Stmt *Range = S->getRangeStmt())
4694 addLocalScopeForStmt(Range);
4695 if (Stmt *Begin = S->getBeginStmt())
4696 addLocalScopeForStmt(Begin);
4697 if (Stmt *End = S->getEndStmt())
4698 addLocalScopeForStmt(End);
4699 addAutomaticObjHandling(ScopePos, save_scope_pos.get(), S);
4700
4701 LocalScope::const_iterator ContinueScopePos = ScopePos;
4702
4703 // "for" is a control-flow statement. Thus we stop processing the current
4704 // block.
4705 CFGBlock *LoopSuccessor = nullptr;
4706 if (Block) {
4707 if (badCFG)
4708 return nullptr;
4709 LoopSuccessor = Block;
4710 } else
4711 LoopSuccessor = Succ;
4712
4713 // Save the current value for the break targets.
4714 // All breaks should go to the code following the loop.
4715 SaveAndRestore save_break(BreakJumpTarget);
4716 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
4717
4718 // The block for the __begin != __end expression.
4719 CFGBlock *ConditionBlock = createBlock(false);
4720 ConditionBlock->setTerminator(S);
4721
4722 // Now add the actual condition to the condition block.
4723 if (Expr *C = S->getCond()) {
4724 Block = ConditionBlock;
4725 CFGBlock *BeginConditionBlock = addStmt(C);
4726 if (badCFG)
4727 return nullptr;
4728 assert(BeginConditionBlock == ConditionBlock &&
4729 "condition block in for-range was unexpectedly complex");
4730 (void)BeginConditionBlock;
4731 }
4732
4733 // The condition block is the implicit successor for the loop body as well as
4734 // any code above the loop.
4735 Succ = ConditionBlock;
4736
4737 // See if this is a known constant.
4738 TryResult KnownVal(true);
4739
4740 if (S->getCond())
4741 KnownVal = tryEvaluateBool(S->getCond());
4742
4743 // Now create the loop body.
4744 {
4745 assert(S->getBody());
4746
4747 // Save the current values for Block, Succ, and continue targets.
4748 SaveAndRestore save_Block(Block), save_Succ(Succ);
4749 SaveAndRestore save_continue(ContinueJumpTarget);
4750
4751 // Generate increment code in its own basic block. This is the target of
4752 // continue statements.
4753 Block = nullptr;
4754 Succ = addStmt(S->getInc());
4755 if (badCFG)
4756 return nullptr;
4757 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos);
4758
4759 // The starting block for the loop increment is the block that should
4760 // represent the 'loop target' for looping back to the start of the loop.
4761 ContinueJumpTarget.block->setLoopTarget(S);
4762
4763 // Finish up the increment block and prepare to start the loop body.
4764 assert(Block);
4765 if (badCFG)
4766 return nullptr;
4767 Block = nullptr;
4768
4769 // Add implicit scope and dtors for loop variable.
4770 addLocalScopeAndDtors(S->getLoopVarStmt());
4771
4772 // If body is not a compound statement create implicit scope
4773 // and add destructors.
4774 if (!isa<CompoundStmt>(S->getBody()))
4775 addLocalScopeAndDtors(S->getBody());
4776
4777 // Populate a new block to contain the loop body and loop variable.
4778 addStmt(S->getBody());
4779
4780 if (badCFG)
4781 return nullptr;
4782 CFGBlock *LoopVarStmtBlock = addStmt(S->getLoopVarStmt());
4783 if (badCFG)
4784 return nullptr;
4785
4786 // This new body block is a successor to our condition block.
4787 addSuccessor(ConditionBlock,
4788 KnownVal.isFalse() ? nullptr : LoopVarStmtBlock);
4789 }
4790
4791 // Link up the condition block with the code that follows the loop (the
4792 // false branch).
4793 addSuccessor(ConditionBlock, KnownVal.isTrue() ? nullptr : LoopSuccessor);
4794
4795 // Add the initialization statements.
4796 Block = createBlock();
4797 addStmt(S->getBeginStmt());
4798 addStmt(S->getEndStmt());
4799 CFGBlock *Head = addStmt(S->getRangeStmt());
4800 if (S->getInit())
4801 Head = addStmt(S->getInit());
4802 return Head;
4803 }
4804
4805 CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E,
4806 AddStmtChoice asc, bool ExternallyDestructed) {
4807 if (BuildOpts.AddTemporaryDtors) {
4808 // If adding implicit destructors visit the full expression for adding
4809 // destructors of temporaries.
4810 TempDtorContext Context;
4811 VisitForTemporaryDtors(E->getSubExpr(), ExternallyDestructed, Context);
4812
4813 // Full expression has to be added as CFGStmt so it will be sequenced
4814 // before destructors of it's temporaries.
4815 asc = asc.withAlwaysAdd(true);
4816 }
4817 return Visit(E->getSubExpr(), asc);
4818 }
4819
4820 CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E,
4821 AddStmtChoice asc) {
4822 if (asc.alwaysAdd(*this, E)) {
4823 autoCreateBlock();
4824 appendStmt(Block, E);
4825
4826 findConstructionContexts(
4827 ConstructionContextLayer::create(cfg->getBumpVectorContext(), E),
4828 E->getSubExpr());
4829
4830 // We do not want to propagate the AlwaysAdd property.
4831 asc = asc.withAlwaysAdd(false);
4832 }
4833 return Visit(E->getSubExpr(), asc);
4834 }
4835
4836 CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C,
4837 AddStmtChoice asc) {
4838 // If the constructor takes objects as arguments by value, we need to properly
4839 // construct these objects. Construction contexts we find here aren't for the
4840 // constructor C, they're for its arguments only.
4841 findConstructionContextsForArguments(C);
4842 appendConstructor(C);
4843
4844 return VisitChildren(C);
4845 }
4846
4847 CFGBlock *CFGBuilder::VisitCXXNewExpr(CXXNewExpr *NE,
4848 AddStmtChoice asc) {
4849 autoCreateBlock();
4850 appendStmt(Block, NE);
4851
4852 findConstructionContexts(
4853 ConstructionContextLayer::create(cfg->getBumpVectorContext(), NE),
4854 const_cast<CXXConstructExpr *>(NE->getConstructExpr()));
4855
4856 if (NE->getInitializer())
4857 Block = Visit(NE->getInitializer());
4858
4859 if (BuildOpts.AddCXXNewAllocator)
4860 appendNewAllocator(Block, NE);
4861
4862 if (NE->isArray() && *NE->getArraySize())
4863 Block = Visit(*NE->getArraySize());
4864
4865 for (CXXNewExpr::arg_iterator I = NE->placement_arg_begin(),
4866 E = NE->placement_arg_end(); I != E; ++I)
4867 Block = Visit(*I);
4868
4869 return Block;
4870 }
4871
4872 CFGBlock *CFGBuilder::VisitCXXDeleteExpr(CXXDeleteExpr *DE,
4873 AddStmtChoice asc) {
4874 autoCreateBlock();
4875 appendStmt(Block, DE);
4876 QualType DTy = DE->getDestroyedType();
4877 if (!DTy.isNull()) {
4878 DTy = DTy.getNonReferenceType();
4879 CXXRecordDecl *RD = Context->getBaseElementType(DTy)->getAsCXXRecordDecl();
4880 if (RD) {
4881 if (RD->isCompleteDefinition() && !RD->hasTrivialDestructor())
4882 appendDeleteDtor(Block, RD, DE);
4883 }
4884 }
4885
4886 return VisitChildren(DE);
4887 }
4888
4889 CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E,
4890 AddStmtChoice asc) {
4891 if (asc.alwaysAdd(*this, E)) {
4892 autoCreateBlock();
4893 appendStmt(Block, E);
4894 // We do not want to propagate the AlwaysAdd property.
4895 asc = asc.withAlwaysAdd(false);
4896 }
4897 return Visit(E->getSubExpr(), asc);
4898 }
4899
4900 CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *E,
4901 AddStmtChoice asc) {
4902 // If the constructor takes objects as arguments by value, we need to properly
4903 // construct these objects. Construction contexts we find here aren't for the
4904 // constructor C, they're for its arguments only.
4905 findConstructionContextsForArguments(E);
4906 appendConstructor(E);
4907
4908 return VisitChildren(E);
4909 }
4910
4911 CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E,
4912 AddStmtChoice asc) {
4913 if (asc.alwaysAdd(*this, E)) {
4914 autoCreateBlock();
4915 appendStmt(Block, E);
4916 }
4917
4918 if (E->getCastKind() == CK_IntegralToBoolean)
4919 tryEvaluateBool(E->getSubExpr()->IgnoreParens());
4920
4921 return Visit(E->getSubExpr(), AddStmtChoice());
4922 }
4923
4924 CFGBlock *CFGBuilder::VisitConstantExpr(ConstantExpr *E, AddStmtChoice asc) {
4925 return Visit(E->getSubExpr(), AddStmtChoice());
4926 }
4927
4928 CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) {
4929 // Lazily create the indirect-goto dispatch block if there isn't one already.
4930 CFGBlock *IBlock = cfg->getIndirectGotoBlock();
4931
4932 if (!IBlock) {
4933 IBlock = createBlock(false);
4934 cfg->setIndirectGotoBlock(IBlock);
4935 }
4936
4937 // IndirectGoto is a control-flow statement. Thus we stop processing the
4938 // current block and create a new one.
4939 if (badCFG)
4940 return nullptr;
4941
4942 Block = createBlock(false);
4943 Block->setTerminator(I);
4944 addSuccessor(Block, IBlock);
4945 return addStmt(I->getTarget());
4946 }
4947
4948 CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool ExternallyDestructed,
4949 TempDtorContext &Context) {
4950 assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors);
4951
4952 tryAgain:
4953 if (!E) {
4954 badCFG = true;
4955 return nullptr;
4956 }
4957 switch (E->getStmtClass()) {
4958 default:
4959 return VisitChildrenForTemporaryDtors(E, false, Context);
4960
4961 case Stmt::InitListExprClass:
4962 return VisitChildrenForTemporaryDtors(E, ExternallyDestructed, Context);
4963
4964 case Stmt::BinaryOperatorClass:
4965 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E),
4966 ExternallyDestructed,
4967 Context);
4968
4969 case Stmt::CXXBindTemporaryExprClass:
4970 return VisitCXXBindTemporaryExprForTemporaryDtors(
4971 cast<CXXBindTemporaryExpr>(E), ExternallyDestructed, Context);
4972
4973 case Stmt::BinaryConditionalOperatorClass:
4974 case Stmt::ConditionalOperatorClass:
4975 return VisitConditionalOperatorForTemporaryDtors(
4976 cast<AbstractConditionalOperator>(E), ExternallyDestructed, Context);
4977
4978 case Stmt::ImplicitCastExprClass:
4979 // For implicit cast we want ExternallyDestructed to be passed further.
4980 E = cast<CastExpr>(E)->getSubExpr();
4981 goto tryAgain;
4982
4983 case Stmt::CXXFunctionalCastExprClass:
4984 // For functional cast we want ExternallyDestructed to be passed further.
4985 E = cast<CXXFunctionalCastExpr>(E)->getSubExpr();
4986 goto tryAgain;
4987
4988 case Stmt::ConstantExprClass:
4989 E = cast<ConstantExpr>(E)->getSubExpr();
4990 goto tryAgain;
4991
4992 case Stmt::ParenExprClass:
4993 E = cast<ParenExpr>(E)->getSubExpr();
4994 goto tryAgain;
4995
4996 case Stmt::MaterializeTemporaryExprClass: {
4997 const MaterializeTemporaryExpr* MTE = cast<MaterializeTemporaryExpr>(E);
4998 ExternallyDestructed = (MTE->getStorageDuration() != SD_FullExpression);
4999 SmallVector<const Expr *, 2> CommaLHSs;
5000 SmallVector<SubobjectAdjustment, 2> Adjustments;
5001 // Find the expression whose lifetime needs to be extended.
5002 E = const_cast<Expr *>(
5003 cast<MaterializeTemporaryExpr>(E)
5004 ->getSubExpr()
5005 ->skipRValueSubobjectAdjustments(CommaLHSs, Adjustments));
5006 // Visit the skipped comma operator left-hand sides for other temporaries.
5007 for (const Expr *CommaLHS : CommaLHSs) {
5008 VisitForTemporaryDtors(const_cast<Expr *>(CommaLHS),
5009 /*ExternallyDestructed=*/false, Context);
5010 }
5011 goto tryAgain;
5012 }
5013
5014 case Stmt::BlockExprClass:
5015 // Don't recurse into blocks; their subexpressions don't get evaluated
5016 // here.
5017 return Block;
5018
5019 case Stmt::LambdaExprClass: {
5020 // For lambda expressions, only recurse into the capture initializers,
5021 // and not the body.
5022 auto *LE = cast<LambdaExpr>(E);
5023 CFGBlock *B = Block;
5024 for (Expr *Init : LE->capture_inits()) {
5025 if (Init) {
5026 if (CFGBlock *R = VisitForTemporaryDtors(
5027 Init, /*ExternallyDestructed=*/true, Context))
5028 B = R;
5029 }
5030 }
5031 return B;
5032 }
5033
5034 case Stmt::StmtExprClass:
5035 // Don't recurse into statement expressions; any cleanups inside them
5036 // will be wrapped in their own ExprWithCleanups.
5037 return Block;
5038
5039 case Stmt::CXXDefaultArgExprClass:
5040 E = cast<CXXDefaultArgExpr>(E)->getExpr();
5041 goto tryAgain;
5042
5043 case Stmt::CXXDefaultInitExprClass:
5044 E = cast<CXXDefaultInitExpr>(E)->getExpr();
5045 goto tryAgain;
5046 }
5047 }
5048
5049 CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E,
5050 bool ExternallyDestructed,
5051 TempDtorContext &Context) {
5052 if (isa<LambdaExpr>(E)) {
5053 // Do not visit the children of lambdas; they have their own CFGs.
5054 return Block;
5055 }
5056
5057 // When visiting children for destructors we want to visit them in reverse
5058 // order that they will appear in the CFG. Because the CFG is built
5059 // bottom-up, this means we visit them in their natural order, which
5060 // reverses them in the CFG.
5061 CFGBlock *B = Block;
5062 for (Stmt *Child : E->children())
5063 if (Child)
5064 if (CFGBlock *R = VisitForTemporaryDtors(Child, ExternallyDestructed, Context))
5065 B = R;
5066
5067 return B;
5068 }
5069
5070 CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors(
5071 BinaryOperator *E, bool ExternallyDestructed, TempDtorContext &Context) {
5072 if (E->isCommaOp()) {
5073 // For the comma operator, the LHS expression is evaluated before the RHS
5074 // expression, so prepend temporary destructors for the LHS first.
5075 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS(), false, Context);
5076 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS(), ExternallyDestructed, Context);
5077 return RHSBlock ? RHSBlock : LHSBlock;
5078 }
5079
5080 if (E->isLogicalOp()) {
5081 VisitForTemporaryDtors(E->getLHS(), false, Context);
5082 TryResult RHSExecuted = tryEvaluateBool(E->getLHS());
5083 if (RHSExecuted.isKnown() && E->getOpcode() == BO_LOr)
5084 RHSExecuted.negate();
5085
5086 // We do not know at CFG-construction time whether the right-hand-side was
5087 // executed, thus we add a branch node that depends on the temporary
5088 // constructor call.
5089 TempDtorContext RHSContext(
5090 bothKnownTrue(Context.KnownExecuted, RHSExecuted));
5091 VisitForTemporaryDtors(E->getRHS(), false, RHSContext);
5092 InsertTempDtorDecisionBlock(RHSContext);
5093
5094 return Block;
5095 }
5096
5097 if (E->isAssignmentOp()) {
5098 // For assignment operators, the RHS expression is evaluated before the LHS
5099 // expression, so prepend temporary destructors for the RHS first.
5100 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS(), false, Context);
5101 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS(), false, Context);
5102 return LHSBlock ? LHSBlock : RHSBlock;
5103 }
5104
5105 // Any other operator is visited normally.
5106 return VisitChildrenForTemporaryDtors(E, ExternallyDestructed, Context);
5107 }
5108
5109 CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors(
5110 CXXBindTemporaryExpr *E, bool ExternallyDestructed, TempDtorContext &Context) {
5111 // First add destructors for temporaries in subexpression.
5112 // Because VisitCXXBindTemporaryExpr calls setDestructed:
5113 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr(), true, Context);
5114 if (!ExternallyDestructed) {
5115 // If lifetime of temporary is not prolonged (by assigning to constant
5116 // reference) add destructor for it.
5117
5118 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor();
5119
5120 if (Dtor->getParent()->isAnyDestructorNoReturn()) {
5121 // If the destructor is marked as a no-return destructor, we need to
5122 // create a new block for the destructor which does not have as a
5123 // successor anything built thus far. Control won't flow out of this
5124 // block.
5125 if (B) Succ = B;
5126 Block = createNoReturnBlock();
5127 } else if (Context.needsTempDtorBranch()) {
5128 // If we need to introduce a branch, we add a new block that we will hook
5129 // up to a decision block later.
5130 if (B) Succ = B;
5131 Block = createBlock();
5132 } else {
5133 autoCreateBlock();
5134 }
5135 if (Context.needsTempDtorBranch()) {
5136 Context.setDecisionPoint(Succ, E);
5137 }
5138 appendTemporaryDtor(Block, E);
5139
5140 B = Block;
5141 }
5142 return B;
5143 }
5144
5145 void CFGBuilder::InsertTempDtorDecisionBlock(const TempDtorContext &Context,
5146 CFGBlock *FalseSucc) {
5147 if (!Context.TerminatorExpr) {
5148 // If no temporary was found, we do not need to insert a decision point.
5149 return;
5150 }
5151 assert(Context.TerminatorExpr);
5152 CFGBlock *Decision = createBlock(false);
5153 Decision->setTerminator(CFGTerminator(Context.TerminatorExpr,
5154 CFGTerminator::TemporaryDtorsBranch));
5155 addSuccessor(Decision, Block, !Context.KnownExecuted.isFalse());
5156 addSuccessor(Decision, FalseSucc ? FalseSucc : Context.Succ,
5157 !Context.KnownExecuted.isTrue());
5158 Block = Decision;
5159 }
5160
5161 CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors(
5162 AbstractConditionalOperator *E, bool ExternallyDestructed,
5163 TempDtorContext &Context) {
5164 VisitForTemporaryDtors(E->getCond(), false, Context);
5165 CFGBlock *ConditionBlock = Block;
5166 CFGBlock *ConditionSucc = Succ;
5167 TryResult ConditionVal = tryEvaluateBool(E->getCond());
5168 TryResult NegatedVal = ConditionVal;
5169 if (NegatedVal.isKnown()) NegatedVal.negate();
5170
5171 TempDtorContext TrueContext(
5172 bothKnownTrue(Context.KnownExecuted, ConditionVal));
5173 VisitForTemporaryDtors(E->getTrueExpr(), ExternallyDestructed, TrueContext);
5174 CFGBlock *TrueBlock = Block;
5175
5176 Block = ConditionBlock;
5177 Succ = ConditionSucc;
5178 TempDtorContext FalseContext(
5179 bothKnownTrue(Context.KnownExecuted, NegatedVal));
5180 VisitForTemporaryDtors(E->getFalseExpr(), ExternallyDestructed, FalseContext);
5181
5182 if (TrueContext.TerminatorExpr && FalseContext.TerminatorExpr) {
5183 InsertTempDtorDecisionBlock(FalseContext, TrueBlock);
5184 } else if (TrueContext.TerminatorExpr) {
5185 Block = TrueBlock;
5186 InsertTempDtorDecisionBlock(TrueContext);
5187 } else {
5188 InsertTempDtorDecisionBlock(FalseContext);
5189 }
5190 return Block;
5191 }
5192
5193 CFGBlock *CFGBuilder::VisitOMPExecutableDirective(OMPExecutableDirective *D,
5194 AddStmtChoice asc) {
5195 if (asc.alwaysAdd(*this, D)) {
5196 autoCreateBlock();
5197 appendStmt(Block, D);
5198 }
5199
5200 // Iterate over all used expression in clauses.
5201 CFGBlock *B = Block;
5202
5203 // Reverse the elements to process them in natural order. Iterators are not
5204 // bidirectional, so we need to create temp vector.
5205 SmallVector<Stmt *, 8> Used(
5206 OMPExecutableDirective::used_clauses_children(D->clauses()));
5207 for (Stmt *S : llvm::reverse(Used)) {
5208 assert(S && "Expected non-null used-in-clause child.");
5209 if (CFGBlock *R = Visit(S))
5210 B = R;
5211 }
5212 // Visit associated structured block if any.
5213 if (!D->isStandaloneDirective()) {
5214 Stmt *S = D->getRawStmt();
5215 if (!isa<CompoundStmt>(S))
5216 addLocalScopeAndDtors(S);
5217 if (CFGBlock *R = addStmt(S))
5218 B = R;
5219 }
5220
5221 return B;
5222 }
5223
5224 /// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has
5225 /// no successors or predecessors. If this is the first block created in the
5226 /// CFG, it is automatically set to be the Entry and Exit of the CFG.
5227 CFGBlock *CFG::createBlock() {
5228 bool first_block = begin() == end();
5229
5230 // Create the block.
5231 CFGBlock *Mem = new (getAllocator()) CFGBlock(NumBlockIDs++, BlkBVC, this);
5232 Blocks.push_back(Mem, BlkBVC);
5233
5234 // If this is the first block, set it as the Entry and Exit.
5235 if (first_block)
5236 Entry = Exit = &back();
5237
5238 // Return the block.
5239 return &back();
5240 }
5241
5242 /// buildCFG - Constructs a CFG from an AST.
5243 std::unique_ptr<CFG> CFG::buildCFG(const Decl *D, Stmt *Statement,
5244 ASTContext *C, const BuildOptions &BO) {
5245 CFGBuilder Builder(C, BO);
5246 return Builder.buildCFG(D, Statement);
5247 }
5248
5249 bool CFG::isLinear() const {
5250 // Quick path: if we only have the ENTRY block, the EXIT block, and some code
5251 // in between, then we have no room for control flow.
5252 if (size() <= 3)
5253 return true;
5254
5255 // Traverse the CFG until we find a branch.
5256 // TODO: While this should still be very fast,
5257 // maybe we should cache the answer.
5258 llvm::SmallPtrSet<const CFGBlock *, 4> Visited;
5259 const CFGBlock *B = Entry;
5260 while (B != Exit) {
5261 auto IteratorAndFlag = Visited.insert(B);
5262 if (!IteratorAndFlag.second) {
5263 // We looped back to a block that we've already visited. Not linear.
5264 return false;
5265 }
5266
5267 // Iterate over reachable successors.
5268 const CFGBlock *FirstReachableB = nullptr;
5269 for (const CFGBlock::AdjacentBlock &AB : B->succs()) {
5270 if (!AB.isReachable())
5271 continue;
5272
5273 if (FirstReachableB == nullptr) {
5274 FirstReachableB = &*AB;
5275 } else {
5276 // We've encountered a branch. It's not a linear CFG.
5277 return false;
5278 }
5279 }
5280
5281 if (!FirstReachableB) {
5282 // We reached a dead end. EXIT is unreachable. This is linear enough.
5283 return true;
5284 }
5285
5286 // There's only one way to move forward. Proceed.
5287 B = FirstReachableB;
5288 }
5289
5290 // We reached EXIT and found no branches.
5291 return true;
5292 }
5293
5294 const CXXDestructorDecl *
5295 CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const {
5296 switch (getKind()) {
5297 case CFGElement::Initializer:
5298 case CFGElement::NewAllocator:
5299 case CFGElement::LoopExit:
5300 case CFGElement::LifetimeEnds:
5301 case CFGElement::Statement:
5302 case CFGElement::Constructor:
5303 case CFGElement::CXXRecordTypedCall:
5304 case CFGElement::ScopeBegin:
5305 case CFGElement::ScopeEnd:
5306 case CFGElement::CleanupFunction:
5307 llvm_unreachable("getDestructorDecl should only be used with "
5308 "ImplicitDtors");
5309 case CFGElement::AutomaticObjectDtor: {
5310 const VarDecl *var = castAs<CFGAutomaticObjDtor>().getVarDecl();
5311 QualType ty = var->getType();
5312
5313 // FIXME: See CFGBuilder::addLocalScopeForVarDecl.
5314 //
5315 // Lifetime-extending constructs are handled here. This works for a single
5316 // temporary in an initializer expression.
5317 if (ty->isReferenceType()) {
5318 if (const Expr *Init = var->getInit()) {
5319 ty = getReferenceInitTemporaryType(Init);
5320 }
5321 }
5322
5323 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) {
5324 ty = arrayType->getElementType();
5325 }
5326
5327 // The situation when the type of the lifetime-extending reference
5328 // does not correspond to the type of the object is supposed
5329 // to be handled by now. In particular, 'ty' is now the unwrapped
5330 // record type.
5331 const CXXRecordDecl *classDecl = ty->getAsCXXRecordDecl();
5332 assert(classDecl);
5333 return classDecl->getDestructor();
5334 }
5335 case CFGElement::DeleteDtor: {
5336 const CXXDeleteExpr *DE = castAs<CFGDeleteDtor>().getDeleteExpr();
5337 QualType DTy = DE->getDestroyedType();
5338 DTy = DTy.getNonReferenceType();
5339 const CXXRecordDecl *classDecl =
5340 astContext.getBaseElementType(DTy)->getAsCXXRecordDecl();
5341 return classDecl->getDestructor();
5342 }
5343 case CFGElement::TemporaryDtor: {
5344 const CXXBindTemporaryExpr *bindExpr =
5345 castAs<CFGTemporaryDtor>().getBindTemporaryExpr();
5346 const CXXTemporary *temp = bindExpr->getTemporary();
5347 return temp->getDestructor();
5348 }
5349 case CFGElement::MemberDtor: {
5350 const FieldDecl *field = castAs<CFGMemberDtor>().getFieldDecl();
5351 QualType ty = field->getType();
5352
5353 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) {
5354 ty = arrayType->getElementType();
5355 }
5356
5357 const CXXRecordDecl *classDecl = ty->getAsCXXRecordDecl();
5358 assert(classDecl);
5359 return classDecl->getDestructor();
5360 }
5361 case CFGElement::BaseDtor:
5362 // Not yet supported.
5363 return nullptr;
5364 }
5365 llvm_unreachable("getKind() returned bogus value");
5366 }
5367
5368 //===----------------------------------------------------------------------===//
5369 // CFGBlock operations.
5370 //===----------------------------------------------------------------------===//
5371
5372 CFGBlock::AdjacentBlock::AdjacentBlock(CFGBlock *B, bool IsReachable)
5373 : ReachableBlock(IsReachable ? B : nullptr),
5374 UnreachableBlock(!IsReachable ? B : nullptr,
5375 B && IsReachable ? AB_Normal : AB_Unreachable) {}
5376
5377 CFGBlock::AdjacentBlock::AdjacentBlock(CFGBlock *B, CFGBlock *AlternateBlock)
5378 : ReachableBlock(B),
5379 UnreachableBlock(B == AlternateBlock ? nullptr : AlternateBlock,
5380 B == AlternateBlock ? AB_Alternate : AB_Normal) {}
5381
5382 void CFGBlock::addSuccessor(AdjacentBlock Succ,
5383 BumpVectorContext &C) {
5384 if (CFGBlock *B = Succ.getReachableBlock())
5385 B->Preds.push_back(AdjacentBlock(this, Succ.isReachable()), C);
5386
5387 if (CFGBlock *UnreachableB = Succ.getPossiblyUnreachableBlock())
5388 UnreachableB->Preds.push_back(AdjacentBlock(this, false), C);
5389
5390 Succs.push_back(Succ, C);
5391 }
5392
5393 bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F,
5394 const CFGBlock *From, const CFGBlock *To) {
5395 if (F.IgnoreNullPredecessors && !From)
5396 return true;
5397
5398 if (To && From && F.IgnoreDefaultsWithCoveredEnums) {
5399 // If the 'To' has no label or is labeled but the label isn't a
5400 // CaseStmt then filter this edge.
5401 if (const SwitchStmt *S =
5402 dyn_cast_or_null<SwitchStmt>(From->getTerminatorStmt())) {
5403 if (S->isAllEnumCasesCovered()) {
5404 const Stmt *L = To->getLabel();
5405 if (!L || !isa<CaseStmt>(L))
5406 return true;
5407 }
5408 }
5409 }
5410
5411 return false;
5412 }
5413
5414 //===----------------------------------------------------------------------===//
5415 // CFG pretty printing
5416 //===----------------------------------------------------------------------===//
5417
5418 namespace {
5419
5420 class StmtPrinterHelper : public PrinterHelper {
5421 using StmtMapTy = llvm::DenseMap<const Stmt *, std::pair<unsigned, unsigned>>;
5422 using DeclMapTy = llvm::DenseMap<const Decl *, std::pair<unsigned, unsigned>>;
5423
5424 StmtMapTy StmtMap;
5425 DeclMapTy DeclMap;
5426 signed currentBlock = 0;
5427 unsigned currStmt = 0;
5428 const LangOptions &LangOpts;
5429
5430 public:
5431 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO)
5432 : LangOpts(LO) {
5433 if (!cfg)
5434 return;
5435 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) {
5436 unsigned j = 1;
5437 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ;
5438 BI != BEnd; ++BI, ++j ) {
5439 if (std::optional<CFGStmt> SE = BI->getAs<CFGStmt>()) {
5440 const Stmt *stmt= SE->getStmt();
5441 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j);
5442 StmtMap[stmt] = P;
5443
5444 switch (stmt->getStmtClass()) {
5445 case Stmt::DeclStmtClass:
5446 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P;
5447 break;
5448 case Stmt::IfStmtClass: {
5449 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable();
5450 if (var)
5451 DeclMap[var] = P;
5452 break;
5453 }
5454 case Stmt::ForStmtClass: {
5455 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable();
5456 if (var)
5457 DeclMap[var] = P;
5458 break;
5459 }
5460 case Stmt::WhileStmtClass: {
5461 const VarDecl *var =
5462 cast<WhileStmt>(stmt)->getConditionVariable();
5463 if (var)
5464 DeclMap[var] = P;
5465 break;
5466 }
5467 case Stmt::SwitchStmtClass: {
5468 const VarDecl *var =
5469 cast<SwitchStmt>(stmt)->getConditionVariable();
5470 if (var)
5471 DeclMap[var] = P;
5472 break;
5473 }
5474 case Stmt::CXXCatchStmtClass: {
5475 const VarDecl *var =
5476 cast<CXXCatchStmt>(stmt)->getExceptionDecl();
5477 if (var)
5478 DeclMap[var] = P;
5479 break;
5480 }
5481 default:
5482 break;
5483 }
5484 }
5485 }
5486 }
5487 }
5488
5489 ~StmtPrinterHelper() override = default;
5490
5491 const LangOptions &getLangOpts() const { return LangOpts; }
5492 void setBlockID(signed i) { currentBlock = i; }
5493 void setStmtID(unsigned i) { currStmt = i; }
5494
5495 bool handledStmt(Stmt *S, raw_ostream &OS) override {
5496 StmtMapTy::iterator I = StmtMap.find(S);
5497
5498 if (I == StmtMap.end())
5499 return false;
5500
5501 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock
5502 && I->second.second == currStmt) {
5503 return false;
5504 }
5505
5506 OS << "[B" << I->second.first << "." << I->second.second << "]";
5507 return true;
5508 }
5509
5510 bool handleDecl(const Decl *D, raw_ostream &OS) {
5511 DeclMapTy::iterator I = DeclMap.find(D);
5512
5513 if (I == DeclMap.end())
5514 return false;
5515
5516 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock
5517 && I->second.second == currStmt) {
5518 return false;
5519 }
5520
5521 OS << "[B" << I->second.first << "." << I->second.second << "]";
5522 return true;
5523 }
5524 };
5525
5526 class CFGBlockTerminatorPrint
5527 : public StmtVisitor<CFGBlockTerminatorPrint,void> {
5528 raw_ostream &OS;
5529 StmtPrinterHelper* Helper;
5530 PrintingPolicy Policy;
5531
5532 public:
5533 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper,
5534 const PrintingPolicy &Policy)
5535 : OS(os), Helper(helper), Policy(Policy) {
5536 this->Policy.IncludeNewlines = false;
5537 }
5538
5539 void VisitIfStmt(IfStmt *I) {
5540 OS << "if ";
5541 if (Stmt *C = I->getCond())
5542 C->printPretty(OS, Helper, Policy);
5543 }
5544
5545 // Default case.
5546 void VisitStmt(Stmt *Terminator) {
5547 Terminator->printPretty(OS, Helper, Policy);
5548 }
5549
5550 void VisitDeclStmt(DeclStmt *DS) {
5551 VarDecl *VD = cast<VarDecl>(DS->getSingleDecl());
5552 OS << "static init " << VD->getName();
5553 }
5554
5555 void VisitForStmt(ForStmt *F) {
5556 OS << "for (" ;
5557 if (F->getInit())
5558 OS << "...";
5559 OS << "; ";
5560 if (Stmt *C = F->getCond())
5561 C->printPretty(OS, Helper, Policy);
5562 OS << "; ";
5563 if (F->getInc())
5564 OS << "...";
5565 OS << ")";
5566 }
5567
5568 void VisitWhileStmt(WhileStmt *W) {
5569 OS << "while " ;
5570 if (Stmt *C = W->getCond())
5571 C->printPretty(OS, Helper, Policy);
5572 }
5573
5574 void VisitDoStmt(DoStmt *D) {
5575 OS << "do ... while ";
5576 if (Stmt *C = D->getCond())
5577 C->printPretty(OS, Helper, Policy);
5578 }
5579
5580 void VisitSwitchStmt(SwitchStmt *Terminator) {
5581 OS << "switch ";
5582 Terminator->getCond()->printPretty(OS, Helper, Policy);
5583 }
5584
5585 void VisitCXXTryStmt(CXXTryStmt *) { OS << "try ..."; }
5586
5587 void VisitObjCAtTryStmt(ObjCAtTryStmt *) { OS << "@try ..."; }
5588
5589 void VisitSEHTryStmt(SEHTryStmt *CS) { OS << "__try ..."; }
5590
5591 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) {
5592 if (Stmt *Cond = C->getCond())
5593 Cond->printPretty(OS, Helper, Policy);
5594 OS << " ? ... : ...";
5595 }
5596
5597 void VisitChooseExpr(ChooseExpr *C) {
5598 OS << "__builtin_choose_expr( ";
5599 if (Stmt *Cond = C->getCond())
5600 Cond->printPretty(OS, Helper, Policy);
5601 OS << " )";
5602 }
5603
5604 void VisitIndirectGotoStmt(IndirectGotoStmt *I) {
5605 OS << "goto *";
5606 if (Stmt *T = I->getTarget())
5607 T->printPretty(OS, Helper, Policy);
5608 }
5609
5610 void VisitBinaryOperator(BinaryOperator* B) {
5611 if (!B->isLogicalOp()) {
5612 VisitExpr(B);
5613 return;
5614 }
5615
5616 if (B->getLHS())
5617 B->getLHS()->printPretty(OS, Helper, Policy);
5618
5619 switch (B->getOpcode()) {
5620 case BO_LOr:
5621 OS << " || ...";
5622 return;
5623 case BO_LAnd:
5624 OS << " && ...";
5625 return;
5626 default:
5627 llvm_unreachable("Invalid logical operator.");
5628 }
5629 }
5630
5631 void VisitExpr(Expr *E) {
5632 E->printPretty(OS, Helper, Policy);
5633 }
5634
5635 public:
5636 void print(CFGTerminator T) {
5637 switch (T.getKind()) {
5638 case CFGTerminator::StmtBranch:
5639 Visit(T.getStmt());
5640 break;
5641 case CFGTerminator::TemporaryDtorsBranch:
5642 OS << "(Temp Dtor) ";
5643 Visit(T.getStmt());
5644 break;
5645 case CFGTerminator::VirtualBaseBranch:
5646 OS << "(See if most derived ctor has already initialized vbases)";
5647 break;
5648 }
5649 }
5650 };
5651
5652 } // namespace
5653
5654 static void print_initializer(raw_ostream &OS, StmtPrinterHelper &Helper,
5655 const CXXCtorInitializer *I) {
5656 if (I->isBaseInitializer())
5657 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName();
5658 else if (I->isDelegatingInitializer())
5659 OS << I->getTypeSourceInfo()->getType()->getAsCXXRecordDecl()->getName();
5660 else
5661 OS << I->getAnyMember()->getName();
5662 OS << "(";
5663 if (Expr *IE = I->getInit())
5664 IE->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts()));
5665 OS << ")";
5666
5667 if (I->isBaseInitializer())
5668 OS << " (Base initializer)";
5669 else if (I->isDelegatingInitializer())
5670 OS << " (Delegating initializer)";
5671 else
5672 OS << " (Member initializer)";
5673 }
5674
5675 static void print_construction_context(raw_ostream &OS,
5676 StmtPrinterHelper &Helper,
5677 const ConstructionContext *CC) {
5678 SmallVector<const Stmt *, 3> Stmts;
5679 switch (CC->getKind()) {
5680 case ConstructionContext::SimpleConstructorInitializerKind: {
5681 OS << ", ";
5682 const auto *SICC = cast<SimpleConstructorInitializerConstructionContext>(CC);
5683 print_initializer(OS, Helper, SICC->getCXXCtorInitializer());
5684 return;
5685 }
5686 case ConstructionContext::CXX17ElidedCopyConstructorInitializerKind: {
5687 OS << ", ";
5688 const auto *CICC =
5689 cast<CXX17ElidedCopyConstructorInitializerConstructionContext>(CC);
5690 print_initializer(OS, Helper, CICC->getCXXCtorInitializer());
5691 Stmts.push_back(CICC->getCXXBindTemporaryExpr());
5692 break;
5693 }
5694 case ConstructionContext::SimpleVariableKind: {
5695 const auto *SDSCC = cast<SimpleVariableConstructionContext>(CC);
5696 Stmts.push_back(SDSCC->getDeclStmt());
5697 break;
5698 }
5699 case ConstructionContext::CXX17ElidedCopyVariableKind: {
5700 const auto *CDSCC = cast<CXX17ElidedCopyVariableConstructionContext>(CC);
5701 Stmts.push_back(CDSCC->getDeclStmt());
5702 Stmts.push_back(CDSCC->getCXXBindTemporaryExpr());
5703 break;
5704 }
5705 case ConstructionContext::NewAllocatedObjectKind: {
5706 const auto *NECC = cast<NewAllocatedObjectConstructionContext>(CC);
5707 Stmts.push_back(NECC->getCXXNewExpr());
5708 break;
5709 }
5710 case ConstructionContext::SimpleReturnedValueKind: {
5711 const auto *RSCC = cast<SimpleReturnedValueConstructionContext>(CC);
5712 Stmts.push_back(RSCC->getReturnStmt());
5713 break;
5714 }
5715 case ConstructionContext::CXX17ElidedCopyReturnedValueKind: {
5716 const auto *RSCC =
5717 cast<CXX17ElidedCopyReturnedValueConstructionContext>(CC);
5718 Stmts.push_back(RSCC->getReturnStmt());
5719 Stmts.push_back(RSCC->getCXXBindTemporaryExpr());
5720 break;
5721 }
5722 case ConstructionContext::SimpleTemporaryObjectKind: {
5723 const auto *TOCC = cast<SimpleTemporaryObjectConstructionContext>(CC);
5724 Stmts.push_back(TOCC->getCXXBindTemporaryExpr());
5725 Stmts.push_back(TOCC->getMaterializedTemporaryExpr());
5726 break;
5727 }
5728 case ConstructionContext::ElidedTemporaryObjectKind: {
5729 const auto *TOCC = cast<ElidedTemporaryObjectConstructionContext>(CC);
5730 Stmts.push_back(TOCC->getCXXBindTemporaryExpr());
5731 Stmts.push_back(TOCC->getMaterializedTemporaryExpr());
5732 Stmts.push_back(TOCC->getConstructorAfterElision());
5733 break;
5734 }
5735 case ConstructionContext::LambdaCaptureKind: {
5736 const auto *LCC = cast<LambdaCaptureConstructionContext>(CC);
5737 Helper.handledStmt(const_cast<LambdaExpr *>(LCC->getLambdaExpr()), OS);
5738 OS << "+" << LCC->getIndex();
5739 return;
5740 }
5741 case ConstructionContext::ArgumentKind: {
5742 const auto *ACC = cast<ArgumentConstructionContext>(CC);
5743 if (const Stmt *BTE = ACC->getCXXBindTemporaryExpr()) {
5744 OS << ", ";
5745 Helper.handledStmt(const_cast<Stmt *>(BTE), OS);
5746 }
5747 OS << ", ";
5748 Helper.handledStmt(const_cast<Expr *>(ACC->getCallLikeExpr()), OS);
5749 OS << "+" << ACC->getIndex();
5750 return;
5751 }
5752 }
5753 for (auto I: Stmts)
5754 if (I) {
5755 OS << ", ";
5756 Helper.handledStmt(const_cast<Stmt *>(I), OS);
5757 }
5758 }
5759
5760 static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper,
5761 const CFGElement &E);
5762
5763 void CFGElement::dumpToStream(llvm::raw_ostream &OS) const {
5764 LangOptions LangOpts;
5765 StmtPrinterHelper Helper(nullptr, LangOpts);
5766 print_elem(OS, Helper, *this);
5767 }
5768
5769 static void print_elem(raw_ostream &OS, StmtPrinterHelper &Helper,
5770 const CFGElement &E) {
5771 switch (E.getKind()) {
5772 case CFGElement::Kind::Statement:
5773 case CFGElement::Kind::CXXRecordTypedCall:
5774 case CFGElement::Kind::Constructor: {
5775 CFGStmt CS = E.castAs<CFGStmt>();
5776 const Stmt *S = CS.getStmt();
5777 assert(S != nullptr && "Expecting non-null Stmt");
5778
5779 // special printing for statement-expressions.
5780 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) {
5781 const CompoundStmt *Sub = SE->getSubStmt();
5782
5783 auto Children = Sub->children();
5784 if (Children.begin() != Children.end()) {
5785 OS << "({ ... ; ";
5786 Helper.handledStmt(*SE->getSubStmt()->body_rbegin(),OS);
5787 OS << " })\n";
5788 return;
5789 }
5790 }
5791 // special printing for comma expressions.
5792 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) {
5793 if (B->getOpcode() == BO_Comma) {
5794 OS << "... , ";
5795 Helper.handledStmt(B->getRHS(),OS);
5796 OS << '\n';
5797 return;
5798 }
5799 }
5800 S->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts()));
5801
5802 if (auto VTC = E.getAs<CFGCXXRecordTypedCall>()) {
5803 if (isa<CXXOperatorCallExpr>(S))
5804 OS << " (OperatorCall)";
5805 OS << " (CXXRecordTypedCall";
5806 print_construction_context(OS, Helper, VTC->getConstructionContext());
5807 OS << ")";
5808 } else if (isa<CXXOperatorCallExpr>(S)) {
5809 OS << " (OperatorCall)";
5810 } else if (isa<CXXBindTemporaryExpr>(S)) {
5811 OS << " (BindTemporary)";
5812 } else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) {
5813 OS << " (CXXConstructExpr";
5814 if (std::optional<CFGConstructor> CE = E.getAs<CFGConstructor>()) {
5815 print_construction_context(OS, Helper, CE->getConstructionContext());
5816 }
5817 OS << ", " << CCE->getType() << ")";
5818 } else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) {
5819 OS << " (" << CE->getStmtClassName() << ", " << CE->getCastKindName()
5820 << ", " << CE->getType() << ")";
5821 }
5822
5823 // Expressions need a newline.
5824 if (isa<Expr>(S))
5825 OS << '\n';
5826
5827 break;
5828 }
5829
5830 case CFGElement::Kind::Initializer:
5831 print_initializer(OS, Helper, E.castAs<CFGInitializer>().getInitializer());
5832 OS << '\n';
5833 break;
5834
5835 case CFGElement::Kind::AutomaticObjectDtor: {
5836 CFGAutomaticObjDtor DE = E.castAs<CFGAutomaticObjDtor>();
5837 const VarDecl *VD = DE.getVarDecl();
5838 Helper.handleDecl(VD, OS);
5839
5840 QualType T = VD->getType();
5841 if (T->isReferenceType())
5842 T = getReferenceInitTemporaryType(VD->getInit(), nullptr);
5843
5844 OS << ".~";
5845 T.getUnqualifiedType().print(OS, PrintingPolicy(Helper.getLangOpts()));
5846 OS << "() (Implicit destructor)\n";
5847 break;
5848 }
5849
5850 case CFGElement::Kind::CleanupFunction:
5851 OS << "CleanupFunction ("
5852 << E.castAs<CFGCleanupFunction>().getFunctionDecl()->getName() << ")\n";
5853 break;
5854
5855 case CFGElement::Kind::LifetimeEnds:
5856 Helper.handleDecl(E.castAs<CFGLifetimeEnds>().getVarDecl(), OS);
5857 OS << " (Lifetime ends)\n";
5858 break;
5859
5860 case CFGElement::Kind::LoopExit:
5861 OS << E.castAs<CFGLoopExit>().getLoopStmt()->getStmtClassName() << " (LoopExit)\n";
5862 break;
5863
5864 case CFGElement::Kind::ScopeBegin:
5865 OS << "CFGScopeBegin(";
5866 if (const VarDecl *VD = E.castAs<CFGScopeBegin>().getVarDecl())
5867 OS << VD->getQualifiedNameAsString();
5868 OS << ")\n";
5869 break;
5870
5871 case CFGElement::Kind::ScopeEnd:
5872 OS << "CFGScopeEnd(";
5873 if (const VarDecl *VD = E.castAs<CFGScopeEnd>().getVarDecl())
5874 OS << VD->getQualifiedNameAsString();
5875 OS << ")\n";
5876 break;
5877
5878 case CFGElement::Kind::NewAllocator:
5879 OS << "CFGNewAllocator(";
5880 if (const CXXNewExpr *AllocExpr = E.castAs<CFGNewAllocator>().getAllocatorExpr())
5881 AllocExpr->getType().print(OS, PrintingPolicy(Helper.getLangOpts()));
5882 OS << ")\n";
5883 break;
5884
5885 case CFGElement::Kind::DeleteDtor: {
5886 CFGDeleteDtor DE = E.castAs<CFGDeleteDtor>();
5887 const CXXRecordDecl *RD = DE.getCXXRecordDecl();
5888 if (!RD)
5889 return;
5890 CXXDeleteExpr *DelExpr =
5891 const_cast<CXXDeleteExpr*>(DE.getDeleteExpr());
5892 Helper.handledStmt(cast<Stmt>(DelExpr->getArgument()), OS);
5893 OS << "->~" << RD->getName().str() << "()";
5894 OS << " (Implicit destructor)\n";
5895 break;
5896 }
5897
5898 case CFGElement::Kind::BaseDtor: {
5899 const CXXBaseSpecifier *BS = E.castAs<CFGBaseDtor>().getBaseSpecifier();
5900 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()";
5901 OS << " (Base object destructor)\n";
5902 break;
5903 }
5904
5905 case CFGElement::Kind::MemberDtor: {
5906 const FieldDecl *FD = E.castAs<CFGMemberDtor>().getFieldDecl();
5907 const Type *T = FD->getType()->getBaseElementTypeUnsafe();
5908 OS << "this->" << FD->getName();
5909 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()";
5910 OS << " (Member object destructor)\n";
5911 break;
5912 }
5913
5914 case CFGElement::Kind::TemporaryDtor: {
5915 const CXXBindTemporaryExpr *BT =
5916 E.castAs<CFGTemporaryDtor>().getBindTemporaryExpr();
5917 OS << "~";
5918 BT->getType().print(OS, PrintingPolicy(Helper.getLangOpts()));
5919 OS << "() (Temporary object destructor)\n";
5920 break;
5921 }
5922 }
5923 }
5924
5925 static void print_block(raw_ostream &OS, const CFG* cfg,
5926 const CFGBlock &B,
5927 StmtPrinterHelper &Helper, bool print_edges,
5928 bool ShowColors) {
5929 Helper.setBlockID(B.getBlockID());
5930
5931 // Print the header.
5932 if (ShowColors)
5933 OS.changeColor(raw_ostream::YELLOW, true);
5934
5935 OS << "\n [B" << B.getBlockID();
5936
5937 if (&B == &cfg->getEntry())
5938 OS << " (ENTRY)]\n";
5939 else if (&B == &cfg->getExit())
5940 OS << " (EXIT)]\n";
5941 else if (&B == cfg->getIndirectGotoBlock())
5942 OS << " (INDIRECT GOTO DISPATCH)]\n";
5943 else if (B.hasNoReturnElement())
5944 OS << " (NORETURN)]\n";
5945 else
5946 OS << "]\n";
5947
5948 if (ShowColors)
5949 OS.resetColor();
5950
5951 // Print the label of this block.
5952 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) {
5953 if (print_edges)
5954 OS << " ";
5955
5956 if (LabelStmt *L = dyn_cast<LabelStmt>(Label))
5957 OS << L->getName();
5958 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) {
5959 OS << "case ";
5960 if (const Expr *LHS = C->getLHS())
5961 LHS->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts()));
5962 if (const Expr *RHS = C->getRHS()) {
5963 OS << " ... ";
5964 RHS->printPretty(OS, &Helper, PrintingPolicy(Helper.getLangOpts()));
5965 }
5966 } else if (isa<DefaultStmt>(Label))
5967 OS << "default";
5968 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) {
5969 OS << "catch (";
5970 if (const VarDecl *ED = CS->getExceptionDecl())
5971 ED->print(OS, PrintingPolicy(Helper.getLangOpts()), 0);
5972 else
5973 OS << "...";
5974 OS << ")";
5975 } else if (ObjCAtCatchStmt *CS = dyn_cast<ObjCAtCatchStmt>(Label)) {
5976 OS << "@catch (";
5977 if (const VarDecl *PD = CS->getCatchParamDecl())
5978 PD->print(OS, PrintingPolicy(Helper.getLangOpts()), 0);
5979 else
5980 OS << "...";
5981 OS << ")";
5982 } else if (SEHExceptStmt *ES = dyn_cast<SEHExceptStmt>(Label)) {
5983 OS << "__except (";
5984 ES->getFilterExpr()->printPretty(OS, &Helper,
5985 PrintingPolicy(Helper.getLangOpts()), 0);
5986 OS << ")";
5987 } else
5988 llvm_unreachable("Invalid label statement in CFGBlock.");
5989
5990 OS << ":\n";
5991 }
5992
5993 // Iterate through the statements in the block and print them.
5994 unsigned j = 1;
5995
5996 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ;
5997 I != E ; ++I, ++j ) {
5998 // Print the statement # in the basic block and the statement itself.
5999 if (print_edges)
6000 OS << " ";
6001
6002 OS << llvm::format("%3d", j) << ": ";
6003
6004 Helper.setStmtID(j);
6005
6006 print_elem(OS, Helper, *I);
6007 }
6008
6009 // Print the terminator of this block.
6010 if (B.getTerminator().isValid()) {
6011 if (ShowColors)
6012 OS.changeColor(raw_ostream::GREEN);
6013
6014 OS << " T: ";
6015
6016 Helper.setBlockID(-1);
6017
6018 PrintingPolicy PP(Helper.getLangOpts());
6019 CFGBlockTerminatorPrint TPrinter(OS, &Helper, PP);
6020 TPrinter.print(B.getTerminator());
6021 OS << '\n';
6022
6023 if (ShowColors)
6024 OS.resetColor();
6025 }
6026
6027 if (print_edges) {
6028 // Print the predecessors of this block.
6029 if (!B.pred_empty()) {
6030 const raw_ostream::Colors Color = raw_ostream::BLUE;
6031 if (ShowColors)
6032 OS.changeColor(Color);
6033 OS << " Preds " ;
6034 if (ShowColors)
6035 OS.resetColor();
6036 OS << '(' << B.pred_size() << "):";
6037 unsigned i = 0;
6038
6039 if (ShowColors)
6040 OS.changeColor(Color);
6041
6042 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end();
6043 I != E; ++I, ++i) {
6044 if (i % 10 == 8)
6045 OS << "\n ";
6046
6047 CFGBlock *B = *I;
6048 bool Reachable = true;
6049 if (!B) {
6050 Reachable = false;
6051 B = I->getPossiblyUnreachableBlock();
6052 }
6053
6054 OS << " B" << B->getBlockID();
6055 if (!Reachable)
6056 OS << "(Unreachable)";
6057 }
6058
6059 if (ShowColors)
6060 OS.resetColor();
6061
6062 OS << '\n';
6063 }
6064
6065 // Print the successors of this block.
6066 if (!B.succ_empty()) {
6067 const raw_ostream::Colors Color = raw_ostream::MAGENTA;
6068 if (ShowColors)
6069 OS.changeColor(Color);
6070 OS << " Succs ";
6071 if (ShowColors)
6072 OS.resetColor();
6073 OS << '(' << B.succ_size() << "):";
6074 unsigned i = 0;
6075
6076 if (ShowColors)
6077 OS.changeColor(Color);
6078
6079 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end();
6080 I != E; ++I, ++i) {
6081 if (i % 10 == 8)
6082 OS << "\n ";
6083
6084 CFGBlock *B = *I;
6085
6086 bool Reachable = true;
6087 if (!B) {
6088 Reachable = false;
6089 B = I->getPossiblyUnreachableBlock();
6090 }
6091
6092 if (B) {
6093 OS << " B" << B->getBlockID();
6094 if (!Reachable)
6095 OS << "(Unreachable)";
6096 }
6097 else {
6098 OS << " NULL";
6099 }
6100 }
6101
6102 if (ShowColors)
6103 OS.resetColor();
6104 OS << '\n';
6105 }
6106 }
6107 }
6108
6109 /// dump - A simple pretty printer of a CFG that outputs to stderr.
6110 void CFG::dump(const LangOptions &LO, bool ShowColors) const {
6111 print(llvm::errs(), LO, ShowColors);
6112 }
6113
6114 /// print - A simple pretty printer of a CFG that outputs to an ostream.
6115 void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const {
6116 StmtPrinterHelper Helper(this, LO);
6117
6118 // Print the entry block.
6119 print_block(OS, this, getEntry(), Helper, true, ShowColors);
6120
6121 // Iterate through the CFGBlocks and print them one by one.
6122 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) {
6123 // Skip the entry block, because we already printed it.
6124 if (&(**I) == &getEntry() || &(**I) == &getExit())
6125 continue;
6126
6127 print_block(OS, this, **I, Helper, true, ShowColors);
6128 }
6129
6130 // Print the exit block.
6131 print_block(OS, this, getExit(), Helper, true, ShowColors);
6132 OS << '\n';
6133 OS.flush();
6134 }
6135
6136 size_t CFGBlock::getIndexInCFG() const {
6137 return llvm::find(*getParent(), this) - getParent()->begin();
6138 }
6139
6140 /// dump - A simply pretty printer of a CFGBlock that outputs to stderr.
6141 void CFGBlock::dump(const CFG* cfg, const LangOptions &LO,
6142 bool ShowColors) const {
6143 print(llvm::errs(), cfg, LO, ShowColors);
6144 }
6145
6146 LLVM_DUMP_METHOD void CFGBlock::dump() const {
6147 dump(getParent(), LangOptions(), false);
6148 }
6149
6150 /// print - A simple pretty printer of a CFGBlock that outputs to an ostream.
6151 /// Generally this will only be called from CFG::print.
6152 void CFGBlock::print(raw_ostream &OS, const CFG* cfg,
6153 const LangOptions &LO, bool ShowColors) const {
6154 StmtPrinterHelper Helper(cfg, LO);
6155 print_block(OS, cfg, *this, Helper, true, ShowColors);
6156 OS << '\n';
6157 }
6158
6159 /// printTerminator - A simple pretty printer of the terminator of a CFGBlock.
6160 void CFGBlock::printTerminator(raw_ostream &OS,
6161 const LangOptions &LO) const {
6162 CFGBlockTerminatorPrint TPrinter(OS, nullptr, PrintingPolicy(LO));
6163 TPrinter.print(getTerminator());
6164 }
6165
6166 /// printTerminatorJson - Pretty-prints the terminator in JSON format.
6167 void CFGBlock::printTerminatorJson(raw_ostream &Out, const LangOptions &LO,
6168 bool AddQuotes) const {
6169 std::string Buf;
6170 llvm::raw_string_ostream TempOut(Buf);
6171
6172 printTerminator(TempOut, LO);
6173
6174 Out << JsonFormat(Buf, AddQuotes);
6175 }
6176
6177 // Returns true if by simply looking at the block, we can be sure that it
6178 // results in a sink during analysis. This is useful to know when the analysis
6179 // was interrupted, and we try to figure out if it would sink eventually.
6180 // There may be many more reasons why a sink would appear during analysis
6181 // (eg. checkers may generate sinks arbitrarily), but here we only consider
6182 // sinks that would be obvious by looking at the CFG.
6183 static bool isImmediateSinkBlock(const CFGBlock *Blk) {
6184 if (Blk->hasNoReturnElement())
6185 return true;
6186
6187 // FIXME: Throw-expressions are currently generating sinks during analysis:
6188 // they're not supported yet, and also often used for actually terminating
6189 // the program. So we should treat them as sinks in this analysis as well,
6190 // at least for now, but once we have better support for exceptions,
6191 // we'd need to carefully handle the case when the throw is being
6192 // immediately caught.
6193 if (llvm::any_of(*Blk, [](const CFGElement &Elm) {
6194 if (std::optional<CFGStmt> StmtElm = Elm.getAs<CFGStmt>())
6195 if (isa<CXXThrowExpr>(StmtElm->getStmt()))
6196 return true;
6197 return false;
6198 }))
6199 return true;
6200
6201 return false;
6202 }
6203
6204 bool CFGBlock::isInevitablySinking() const {
6205 const CFG &Cfg = *getParent();
6206
6207 const CFGBlock *StartBlk = this;
6208 if (isImmediateSinkBlock(StartBlk))
6209 return true;
6210
6211 llvm::SmallVector<const CFGBlock *, 32> DFSWorkList;
6212 llvm::SmallPtrSet<const CFGBlock *, 32> Visited;
6213
6214 DFSWorkList.push_back(StartBlk);
6215 while (!DFSWorkList.empty()) {
6216 const CFGBlock *Blk = DFSWorkList.back();
6217 DFSWorkList.pop_back();
6218 Visited.insert(Blk);
6219
6220 // If at least one path reaches the CFG exit, it means that control is
6221 // returned to the caller. For now, say that we are not sure what
6222 // happens next. If necessary, this can be improved to analyze
6223 // the parent StackFrameContext's call site in a similar manner.
6224 if (Blk == &Cfg.getExit())
6225 return false;
6226
6227 for (const auto &Succ : Blk->succs()) {
6228 if (const CFGBlock *SuccBlk = Succ.getReachableBlock()) {
6229 if (!isImmediateSinkBlock(SuccBlk) && !Visited.count(SuccBlk)) {
6230 // If the block has reachable child blocks that aren't no-return,
6231 // add them to the worklist.
6232 DFSWorkList.push_back(SuccBlk);
6233 }
6234 }
6235 }
6236 }
6237
6238 // Nothing reached the exit. It can only mean one thing: there's no return.
6239 return true;
6240 }
6241
6242 const Expr *CFGBlock::getLastCondition() const {
6243 // If the terminator is a temporary dtor or a virtual base, etc, we can't
6244 // retrieve a meaningful condition, bail out.
6245 if (Terminator.getKind() != CFGTerminator::StmtBranch)
6246 return nullptr;
6247
6248 // Also, if this method was called on a block that doesn't have 2 successors,
6249 // this block doesn't have retrievable condition.
6250 if (succ_size() < 2)
6251 return nullptr;
6252
6253 // FIXME: Is there a better condition expression we can return in this case?
6254 if (size() == 0)
6255 return nullptr;
6256
6257 auto StmtElem = rbegin()->getAs<CFGStmt>();
6258 if (!StmtElem)
6259 return nullptr;
6260
6261 const Stmt *Cond = StmtElem->getStmt();
6262 if (isa<ObjCForCollectionStmt>(Cond) || isa<DeclStmt>(Cond))
6263 return nullptr;
6264
6265 // Only ObjCForCollectionStmt is known not to be a non-Expr terminator, hence
6266 // the cast<>.
6267 return cast<Expr>(Cond)->IgnoreParens();
6268 }
6269
6270 Stmt *CFGBlock::getTerminatorCondition(bool StripParens) {
6271 Stmt *Terminator = getTerminatorStmt();
6272 if (!Terminator)
6273 return nullptr;
6274
6275 Expr *E = nullptr;
6276
6277 switch (Terminator->getStmtClass()) {
6278 default:
6279 break;
6280
6281 case Stmt::CXXForRangeStmtClass:
6282 E = cast<CXXForRangeStmt>(Terminator)->getCond();
6283 break;
6284
6285 case Stmt::ForStmtClass:
6286 E = cast<ForStmt>(Terminator)->getCond();
6287 break;
6288
6289 case Stmt::WhileStmtClass:
6290 E = cast<WhileStmt>(Terminator)->getCond();
6291 break;
6292
6293 case Stmt::DoStmtClass:
6294 E = cast<DoStmt>(Terminator)->getCond();
6295 break;
6296
6297 case Stmt::IfStmtClass:
6298 E = cast<IfStmt>(Terminator)->getCond();
6299 break;
6300
6301 case Stmt::ChooseExprClass:
6302 E = cast<ChooseExpr>(Terminator)->getCond();
6303 break;
6304
6305 case Stmt::IndirectGotoStmtClass:
6306 E = cast<IndirectGotoStmt>(Terminator)->getTarget();
6307 break;
6308
6309 case Stmt::SwitchStmtClass:
6310 E = cast<SwitchStmt>(Terminator)->getCond();
6311 break;
6312
6313 case Stmt::BinaryConditionalOperatorClass:
6314 E = cast<BinaryConditionalOperator>(Terminator)->getCond();
6315 break;
6316
6317 case Stmt::ConditionalOperatorClass:
6318 E = cast<ConditionalOperator>(Terminator)->getCond();
6319 break;
6320
6321 case Stmt::BinaryOperatorClass: // '&&' and '||'
6322 E = cast<BinaryOperator>(Terminator)->getLHS();
6323 break;
6324
6325 case Stmt::ObjCForCollectionStmtClass:
6326 return Terminator;
6327 }
6328
6329 if (!StripParens)
6330 return E;
6331
6332 return E ? E->IgnoreParens() : nullptr;
6333 }
6334
6335 //===----------------------------------------------------------------------===//
6336 // CFG Graphviz Visualization
6337 //===----------------------------------------------------------------------===//
6338
6339 static StmtPrinterHelper *GraphHelper;
6340
6341 void CFG::viewCFG(const LangOptions &LO) const {
6342 StmtPrinterHelper H(this, LO);
6343 GraphHelper = &H;
6344 llvm::ViewGraph(this,"CFG");
6345 GraphHelper = nullptr;
6346 }
6347
6348 namespace llvm {
6349
6350 template<>
6351 struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits {
6352 DOTGraphTraits(bool isSimple = false) : DefaultDOTGraphTraits(isSimple) {}
6353
6354 static std::string getNodeLabel(const CFGBlock *Node, const CFG *Graph) {
6355 std::string OutStr;
6356 llvm::raw_string_ostream Out(OutStr);
6357 print_block(Out,Graph, *Node, *GraphHelper, false, false);
6358
6359 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin());
6360
6361 // Process string output to make it nicer...
6362 for (unsigned i = 0; i != OutStr.length(); ++i)
6363 if (OutStr[i] == '\n') { // Left justify
6364 OutStr[i] = '\\';
6365 OutStr.insert(OutStr.begin()+i+1, 'l');
6366 }
6367
6368 return OutStr;
6369 }
6370 };
6371
6372 } // namespace llvm
LLVM monorepo