| blob | e54fb2a01ddeead491a158484b41973cfe97f9ee |
1 //===- TypeErasedDataflowAnalysis.cpp -------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines type-erased base types and functions for building dataflow
10 // analyses that run over Control-Flow Graphs (CFGs).
11 //
12 //===----------------------------------------------------------------------===//
14 #include <algorithm>
15 #include <optional>
16 #include <system_error>
17 #include <utility>
18 #include <vector>
45 /// Returns the index of `Block` in the successors of `Pred`.
51 });
53 }
55 // A "backedge" node is a block introduced in the CFG exclusively to indicate a
56 // loop backedge. They are exactly identified by the presence of a non-null
57 // pointer to the entry block of the loop condition. Note that this is not
58 // necessarily the block with the loop statement as terminator, because
59 // short-circuit operators will result in multiple blocks encoding the loop
60 // condition, only one of which will contain the loop statement as terminator.
63 }
67 // The return type of the visit functions in TerminatorVisitor. The first
68 // element represents the terminator expression (that is the conditional
69 // expression in case of a path split in the CFG). The second element
70 // represents whether the condition was true or false.
73 /// Extends the flow condition of an environment based on a terminator
74 /// statement.
75 class TerminatorVisitor
86 }
92 }
98 }
105 }
108 // Don't do anything special for CXXForRangeStmt, because the condition
109 // (being implicitly generated) isn't visible from the loop body.
111 }
118 }
120 TerminatorVisitorRetTy
125 }
129 // The terminator sub-expression might not be evaluated.
134 // Value merging depends on flow conditions from different environments
135 // being mutually exclusive -- that is, they cannot both be true in their
136 // entirety (even if they may share some clauses). So, we need *some* value
137 // for the condition expression, even if just an atom.
141 }
144 // The condition must be inverted for the successor that encompasses the
145 // "else" branch, if such exists.
149 }
153 }
158 };
160 /// Holds data structures required for running dataflow analysis.
166 BlockStates)
171 }
174 /// Contains the CFG being analyzed.
176 /// The analysis to be run.
178 /// Initial state to start the analysis.
181 /// Stores the state of a CFG block if it has been evaluated by the analysis.
182 /// The indices correspond to the block IDs.
184 };
197 }
202 };
217 }
218 }
225 };
227 // Builds a joined TypeErasedDataflowAnalysisState from 0 or more sources,
228 // each of which may be owned (built as part of the join) or external (a
229 // reference to an Environment that will outlive the builder).
230 // Avoids unneccesary copies of the environment.
236 TypeErasedDataflowAnalysisState
241 }
249 }
252 }
255 // FIXME: Consider passing `Block` to Analysis.typeErasedInitialElement
256 // to enable building analyses like computation of dominators that
257 // initialize the state of each basic block differently.
266 }
267 };
271 /// Computes the input state for a given basic block by joining the output
272 /// states of its predecessors.
273 ///
274 /// Requirements:
275 ///
276 /// All predecessors of `Block` except those with loop back edges must have
277 /// already been transferred. States in `AC.BlockStates` that are set to
278 /// `std::nullopt` represent basic blocks that are not evaluated yet.
279 static TypeErasedDataflowAnalysisState
283 // This handles a special case where the code that produced the CFG includes
284 // a conditional operator with a branch that constructs a temporary and
285 // calls a destructor annotated as noreturn. The CFG models this as follows:
286 //
287 // B1 (contains the condition of the conditional operator) - succs: B2, B3
288 // B2 (contains code that does not call a noreturn destructor) - succs: B4
289 // B3 (contains code that calls a noreturn destructor) - succs: B4
290 // B4 (has temporary destructor terminator) - succs: B5, B6
291 // B5 (noreturn block that is associated with the noreturn destructor call)
292 // B6 (contains code that follows the conditional operator statement)
293 //
294 // The first successor (B5 above) of a basic block with a temporary
295 // destructor terminator (B4 above) is the block that evaluates the
296 // destructor. If that block has a noreturn element then the predecessor
297 // block that constructed the temporary object (B3 above) is effectively a
298 // noreturn block and its state should not be used as input for the state
299 // of the block that has a temporary destructor terminator (B4 above). This
300 // holds regardless of which branch of the ternary operator calls the
301 // noreturn destructor. However, it doesn't cases where a nested ternary
302 // operator includes a branch that contains a noreturn destructor call.
303 //
304 // See `NoreturnDestructorTest` for concrete examples.
311 }
312 }
316 // Skip if the `Block` is unreachable or control flow cannot get past it.
320 // Skip if `Pred` was not evaluated yet. This could happen if `Pred` has a
321 // loop back edge to `Block`.
329 // We have a terminator: we need to mutate an environment to describe
330 // when the terminator is taken. Copy now.
339 // FIXME: Call transferBranchTypeErased even if BuiltinTransferOpts
340 // are not set.
345 }
346 }
348 }
350 }
352 /// Built-in transfer function for `CFGStmt`.
353 static void
360 }
362 /// Built-in transfer function for `CFGInitializer`.
363 static void
373 // FIXME: Handle base initialization
393 }
394 }
398 // FIXME: Instead of these case distinctions, we would ideally want to be able
399 // to simply use `Environment::createObject()` here, the same way that we do
400 // this in `TransferVisitor::VisitInitListExpr()`. However, this would require
401 // us to be able to build a list of fields that we then use to initialize an
402 // `RecordStorageLocation` -- and the problem is that, when we get here,
403 // the `RecordStorageLocation` already exists. We should explore if there's
404 // anything that we can do to change this.
414 // FIXME: Rather than performing a copy here, we should really be
415 // initializing the field in place. This would require us to propagate the
416 // storage location of the field to the AST node that creates the
417 // `RecordValue`.
422 }
423 }
424 }
437 // Removing declarations when their lifetime ends serves two purposes:
438 // - Eliminate unnecessary clutter from `Environment::DeclToLoc`
439 // - Allow us to assert that, when joining two `Environment`s, the two
440 // `DeclToLoc` maps never contain entries that map the same declaration to
441 // different storage locations.
446 // FIXME: Evaluate other kinds of `CFGElement`
448 }
449 }
451 /// Transfers `State` by evaluating each element in the `Block` based on the
452 /// `AC.Analysis` specified.
453 ///
454 /// Built-in transfer functions (if the option for `ApplyBuiltinTransfer` is set
455 /// by the analysis) will be applied to the element before evaluation by the
456 /// user-specified analysis.
457 /// `PostVisitCFG` (if provided) will be applied to the element after evaluation
458 /// by the user-specified analysis.
459 static TypeErasedDataflowAnalysisState
473 // Built-in analysis
476 }
478 // User-provided analysis
481 // Post processing
484 }
486 }
488 }
496 PostVisitCFG) {
506 // The entry basic block doesn't contain statements so it can be skipped.
514 // Bugs in lattices and transfer functions can prevent the analysis from
515 // converging. To limit the damage (infinite loops) that these bugs can cause,
516 // limit the number of iterations.
517 // FIXME: Consider making the maximum number of iterations configurable.
518 // FIXME: Consider restricting the number of backedges followed, rather than
519 // iterations.
520 // FIXME: Set up statistics (see llvm/ADT/Statistic.h) to count average number
521 // of iterations, number of functions that time out, etc.
535 }
539 TypeErasedDataflowAnalysisState NewBlockState =
544 });
550 });
554 LatticeJoinEffect Effect2 =
558 // The state of `Block` didn't change from widening so there's no need
559 // to revisit its successors.
562 }
566 // The state of `Block` didn't change after transfer so there's no need
567 // to revisit its successors.
570 }
571 }
575 // Do not add unreachable successor blocks to `Worklist`.
580 }
581 // FIXME: Consider evaluating unreachable basic blocks (those that have a
582 // state set to `std::nullopt` at this point) to also analyze dead code.
586 // Skip blocks that were not evaluated.
590 }
591 }
594 }