1 //===--- CFG.cpp - Classes for representing and building CFGs----*- C++ -*-===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file defines the CFG and CFGBuilder classes for representing and
11 // building Control-Flow Graphs (CFGs) from ASTs.
12 //
13 //===----------------------------------------------------------------------===//
14
15 #include "llvm/Support/SaveAndRestore.h"
16 #include "clang/Analysis/CFG.h"
17 #include "clang/AST/DeclCXX.h"
18 #include "clang/AST/StmtVisitor.h"
19 #include "clang/AST/PrettyPrinter.h"
20 #include "clang/AST/CharUnits.h"
21 #include "clang/Basic/AttrKinds.h"
22 #include "llvm/Support/GraphWriter.h"
23 #include "llvm/Support/Allocator.h"
24 #include "llvm/Support/Format.h"
25 #include "llvm/ADT/DenseMap.h"
26 #include "llvm/ADT/SmallPtrSet.h"
27 #include "llvm/ADT/OwningPtr.h"
28
29 using namespace clang;
30
31 namespace {
32
GetEndLoc(Decl * D)33 static SourceLocation GetEndLoc(Decl *D) {
34 if (VarDecl *VD = dyn_cast<VarDecl>(D))
35 if (Expr *Ex = VD->getInit())
36 return Ex->getSourceRange().getEnd();
37 return D->getLocation();
38 }
39
40 class CFGBuilder;
41
42 /// The CFG builder uses a recursive algorithm to build the CFG. When
43 /// we process an expression, sometimes we know that we must add the
44 /// subexpressions as block-level expressions. For example:
45 ///
46 /// exp1 || exp2
47 ///
48 /// When processing the '||' expression, we know that exp1 and exp2
49 /// need to be added as block-level expressions, even though they
50 /// might not normally need to be. AddStmtChoice records this
51 /// contextual information. If AddStmtChoice is 'NotAlwaysAdd', then
52 /// the builder has an option not to add a subexpression as a
53 /// block-level expression.
54 ///
55 class AddStmtChoice {
56 public:
57 enum Kind { NotAlwaysAdd = 0, AlwaysAdd = 1 };
58
AddStmtChoice(Kind a_kind=NotAlwaysAdd)59 AddStmtChoice(Kind a_kind = NotAlwaysAdd) : kind(a_kind) {}
60
61 bool alwaysAdd(CFGBuilder &builder,
62 const Stmt *stmt) const;
63
64 /// Return a copy of this object, except with the 'always-add' bit
65 /// set as specified.
withAlwaysAdd(bool alwaysAdd) const66 AddStmtChoice withAlwaysAdd(bool alwaysAdd) const {
67 return AddStmtChoice(alwaysAdd ? AlwaysAdd : NotAlwaysAdd);
68 }
69
70 private:
71 Kind kind;
72 };
73
74 /// LocalScope - Node in tree of local scopes created for C++ implicit
75 /// destructor calls generation. It contains list of automatic variables
76 /// declared in the scope and link to position in previous scope this scope
77 /// began in.
78 ///
79 /// The process of creating local scopes is as follows:
80 /// - Init CFGBuilder::ScopePos with invalid position (equivalent for null),
81 /// - Before processing statements in scope (e.g. CompoundStmt) create
82 /// LocalScope object using CFGBuilder::ScopePos as link to previous scope
83 /// and set CFGBuilder::ScopePos to the end of new scope,
84 /// - On every occurrence of VarDecl increase CFGBuilder::ScopePos if it points
85 /// at this VarDecl,
86 /// - For every normal (without jump) end of scope add to CFGBlock destructors
87 /// for objects in the current scope,
88 /// - For every jump add to CFGBlock destructors for objects
89 /// between CFGBuilder::ScopePos and local scope position saved for jump
90 /// target. Thanks to C++ restrictions on goto jumps we can be sure that
91 /// jump target position will be on the path to root from CFGBuilder::ScopePos
92 /// (adding any variable that doesn't need constructor to be called to
93 /// LocalScope can break this assumption),
94 ///
95 class LocalScope {
96 public:
97 typedef BumpVector<VarDecl*> AutomaticVarsTy;
98
99 /// const_iterator - Iterates local scope backwards and jumps to previous
100 /// scope on reaching the beginning of currently iterated scope.
101 class const_iterator {
102 const LocalScope* Scope;
103
104 /// VarIter is guaranteed to be greater then 0 for every valid iterator.
105 /// Invalid iterator (with null Scope) has VarIter equal to 0.
106 unsigned VarIter;
107
108 public:
109 /// Create invalid iterator. Dereferencing invalid iterator is not allowed.
110 /// Incrementing invalid iterator is allowed and will result in invalid
111 /// iterator.
const_iterator()112 const_iterator()
113 : Scope(NULL), VarIter(0) {}
114
115 /// Create valid iterator. In case when S.Prev is an invalid iterator and
116 /// I is equal to 0, this will create invalid iterator.
const_iterator(const LocalScope & S,unsigned I)117 const_iterator(const LocalScope& S, unsigned I)
118 : Scope(&S), VarIter(I) {
119 // Iterator to "end" of scope is not allowed. Handle it by going up
120 // in scopes tree possibly up to invalid iterator in the root.
121 if (VarIter == 0 && Scope)
122 *this = Scope->Prev;
123 }
124
operator ->() const125 VarDecl *const* operator->() const {
126 assert (Scope && "Dereferencing invalid iterator is not allowed");
127 assert (VarIter != 0 && "Iterator has invalid value of VarIter member");
128 return &Scope->Vars[VarIter - 1];
129 }
operator *() const130 VarDecl *operator*() const {
131 return *this->operator->();
132 }
133
operator ++()134 const_iterator &operator++() {
135 if (!Scope)
136 return *this;
137
138 assert (VarIter != 0 && "Iterator has invalid value of VarIter member");
139 --VarIter;
140 if (VarIter == 0)
141 *this = Scope->Prev;
142 return *this;
143 }
operator ++(int)144 const_iterator operator++(int) {
145 const_iterator P = *this;
146 ++*this;
147 return P;
148 }
149
operator ==(const const_iterator & rhs) const150 bool operator==(const const_iterator &rhs) const {
151 return Scope == rhs.Scope && VarIter == rhs.VarIter;
152 }
operator !=(const const_iterator & rhs) const153 bool operator!=(const const_iterator &rhs) const {
154 return !(*this == rhs);
155 }
156
operator bool() const157 operator bool() const {
158 return *this != const_iterator();
159 }
160
161 int distance(const_iterator L);
162 };
163
164 friend class const_iterator;
165
166 private:
167 BumpVectorContext ctx;
168
169 /// Automatic variables in order of declaration.
170 AutomaticVarsTy Vars;
171 /// Iterator to variable in previous scope that was declared just before
172 /// begin of this scope.
173 const_iterator Prev;
174
175 public:
176 /// Constructs empty scope linked to previous scope in specified place.
LocalScope(BumpVectorContext & ctx,const_iterator P)177 LocalScope(BumpVectorContext &ctx, const_iterator P)
178 : ctx(ctx), Vars(ctx, 4), Prev(P) {}
179
180 /// Begin of scope in direction of CFG building (backwards).
begin() const181 const_iterator begin() const { return const_iterator(*this, Vars.size()); }
182
addVar(VarDecl * VD)183 void addVar(VarDecl *VD) {
184 Vars.push_back(VD, ctx);
185 }
186 };
187
188 /// distance - Calculates distance from this to L. L must be reachable from this
189 /// (with use of ++ operator). Cost of calculating the distance is linear w.r.t.
190 /// number of scopes between this and L.
distance(LocalScope::const_iterator L)191 int LocalScope::const_iterator::distance(LocalScope::const_iterator L) {
192 int D = 0;
193 const_iterator F = *this;
194 while (F.Scope != L.Scope) {
195 assert (F != const_iterator()
196 && "L iterator is not reachable from F iterator.");
197 D += F.VarIter;
198 F = F.Scope->Prev;
199 }
200 D += F.VarIter - L.VarIter;
201 return D;
202 }
203
204 /// BlockScopePosPair - Structure for specifying position in CFG during its
205 /// build process. It consists of CFGBlock that specifies position in CFG graph
206 /// and LocalScope::const_iterator that specifies position in LocalScope graph.
207 struct BlockScopePosPair {
BlockScopePosPair__anon7207fde30111::BlockScopePosPair208 BlockScopePosPair() : block(0) {}
BlockScopePosPair__anon7207fde30111::BlockScopePosPair209 BlockScopePosPair(CFGBlock *b, LocalScope::const_iterator scopePos)
210 : block(b), scopePosition(scopePos) {}
211
212 CFGBlock *block;
213 LocalScope::const_iterator scopePosition;
214 };
215
216 /// TryResult - a class representing a variant over the values
217 /// 'true', 'false', or 'unknown'. This is returned by tryEvaluateBool,
218 /// and is used by the CFGBuilder to decide if a branch condition
219 /// can be decided up front during CFG construction.
220 class TryResult {
221 int X;
222 public:
TryResult(bool b)223 TryResult(bool b) : X(b ? 1 : 0) {}
TryResult()224 TryResult() : X(-1) {}
225
isTrue() const226 bool isTrue() const { return X == 1; }
isFalse() const227 bool isFalse() const { return X == 0; }
isKnown() const228 bool isKnown() const { return X >= 0; }
negate()229 void negate() {
230 assert(isKnown());
231 X ^= 0x1;
232 }
233 };
234
235 /// CFGBuilder - This class implements CFG construction from an AST.
236 /// The builder is stateful: an instance of the builder should be used to only
237 /// construct a single CFG.
238 ///
239 /// Example usage:
240 ///
241 /// CFGBuilder builder;
242 /// CFG* cfg = builder.BuildAST(stmt1);
243 ///
244 /// CFG construction is done via a recursive walk of an AST. We actually parse
245 /// the AST in reverse order so that the successor of a basic block is
246 /// constructed prior to its predecessor. This allows us to nicely capture
247 /// implicit fall-throughs without extra basic blocks.
248 ///
249 class CFGBuilder {
250 typedef BlockScopePosPair JumpTarget;
251 typedef BlockScopePosPair JumpSource;
252
253 ASTContext *Context;
254 OwningPtr<CFG> cfg;
255
256 CFGBlock *Block;
257 CFGBlock *Succ;
258 JumpTarget ContinueJumpTarget;
259 JumpTarget BreakJumpTarget;
260 CFGBlock *SwitchTerminatedBlock;
261 CFGBlock *DefaultCaseBlock;
262 CFGBlock *TryTerminatedBlock;
263
264 // Current position in local scope.
265 LocalScope::const_iterator ScopePos;
266
267 // LabelMap records the mapping from Label expressions to their jump targets.
268 typedef llvm::DenseMap<LabelDecl*, JumpTarget> LabelMapTy;
269 LabelMapTy LabelMap;
270
271 // A list of blocks that end with a "goto" that must be backpatched to their
272 // resolved targets upon completion of CFG construction.
273 typedef std::vector<JumpSource> BackpatchBlocksTy;
274 BackpatchBlocksTy BackpatchBlocks;
275
276 // A list of labels whose address has been taken (for indirect gotos).
277 typedef llvm::SmallPtrSet<LabelDecl*, 5> LabelSetTy;
278 LabelSetTy AddressTakenLabels;
279
280 bool badCFG;
281 const CFG::BuildOptions &BuildOpts;
282
283 // State to track for building switch statements.
284 bool switchExclusivelyCovered;
285 Expr::EvalResult *switchCond;
286
287 CFG::BuildOptions::ForcedBlkExprs::value_type *cachedEntry;
288 const Stmt *lastLookup;
289
290 // Caches boolean evaluations of expressions to avoid multiple re-evaluations
291 // during construction of branches for chained logical operators.
292 typedef llvm::DenseMap<Expr *, TryResult> CachedBoolEvalsTy;
293 CachedBoolEvalsTy CachedBoolEvals;
294
295 public:
CFGBuilder(ASTContext * astContext,const CFG::BuildOptions & buildOpts)296 explicit CFGBuilder(ASTContext *astContext,
297 const CFG::BuildOptions &buildOpts)
298 : Context(astContext), cfg(new CFG()), // crew a new CFG
299 Block(NULL), Succ(NULL),
300 SwitchTerminatedBlock(NULL), DefaultCaseBlock(NULL),
301 TryTerminatedBlock(NULL), badCFG(false), BuildOpts(buildOpts),
302 switchExclusivelyCovered(false), switchCond(0),
303 cachedEntry(0), lastLookup(0) {}
304
305 // buildCFG - Used by external clients to construct the CFG.
306 CFG* buildCFG(const Decl *D, Stmt *Statement);
307
308 bool alwaysAdd(const Stmt *stmt);
309
310 private:
311 // Visitors to walk an AST and construct the CFG.
312 CFGBlock *VisitAddrLabelExpr(AddrLabelExpr *A, AddStmtChoice asc);
313 CFGBlock *VisitBinaryOperator(BinaryOperator *B, AddStmtChoice asc);
314 CFGBlock *VisitBreakStmt(BreakStmt *B);
315 CFGBlock *VisitCXXCatchStmt(CXXCatchStmt *S);
316 CFGBlock *VisitExprWithCleanups(ExprWithCleanups *E,
317 AddStmtChoice asc);
318 CFGBlock *VisitCXXThrowExpr(CXXThrowExpr *T);
319 CFGBlock *VisitCXXTryStmt(CXXTryStmt *S);
320 CFGBlock *VisitCXXForRangeStmt(CXXForRangeStmt *S);
321 CFGBlock *VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E,
322 AddStmtChoice asc);
323 CFGBlock *VisitCXXConstructExpr(CXXConstructExpr *C, AddStmtChoice asc);
324 CFGBlock *VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E,
325 AddStmtChoice asc);
326 CFGBlock *VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C,
327 AddStmtChoice asc);
328 CFGBlock *VisitCallExpr(CallExpr *C, AddStmtChoice asc);
329 CFGBlock *VisitCaseStmt(CaseStmt *C);
330 CFGBlock *VisitChooseExpr(ChooseExpr *C, AddStmtChoice asc);
331 CFGBlock *VisitCompoundStmt(CompoundStmt *C);
332 CFGBlock *VisitConditionalOperator(AbstractConditionalOperator *C,
333 AddStmtChoice asc);
334 CFGBlock *VisitContinueStmt(ContinueStmt *C);
335 CFGBlock *VisitDeclStmt(DeclStmt *DS);
336 CFGBlock *VisitDeclSubExpr(DeclStmt *DS);
337 CFGBlock *VisitDefaultStmt(DefaultStmt *D);
338 CFGBlock *VisitDoStmt(DoStmt *D);
339 CFGBlock *VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc);
340 CFGBlock *VisitForStmt(ForStmt *F);
341 CFGBlock *VisitGotoStmt(GotoStmt *G);
342 CFGBlock *VisitIfStmt(IfStmt *I);
343 CFGBlock *VisitImplicitCastExpr(ImplicitCastExpr *E, AddStmtChoice asc);
344 CFGBlock *VisitIndirectGotoStmt(IndirectGotoStmt *I);
345 CFGBlock *VisitLabelStmt(LabelStmt *L);
346 CFGBlock *VisitLambdaExpr(LambdaExpr *L);
347 CFGBlock *VisitMemberExpr(MemberExpr *M, AddStmtChoice asc);
348 CFGBlock *VisitObjCAtCatchStmt(ObjCAtCatchStmt *S);
349 CFGBlock *VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S);
350 CFGBlock *VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S);
351 CFGBlock *VisitObjCAtThrowStmt(ObjCAtThrowStmt *S);
352 CFGBlock *VisitObjCAtTryStmt(ObjCAtTryStmt *S);
353 CFGBlock *VisitObjCForCollectionStmt(ObjCForCollectionStmt *S);
354 CFGBlock *VisitReturnStmt(ReturnStmt *R);
355 CFGBlock *VisitPseudoObjectExpr(PseudoObjectExpr *E);
356 CFGBlock *VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E,
357 AddStmtChoice asc);
358 CFGBlock *VisitStmtExpr(StmtExpr *S, AddStmtChoice asc);
359 CFGBlock *VisitSwitchStmt(SwitchStmt *S);
360 CFGBlock *VisitUnaryOperator(UnaryOperator *U, AddStmtChoice asc);
361 CFGBlock *VisitWhileStmt(WhileStmt *W);
362
363 CFGBlock *Visit(Stmt *S, AddStmtChoice asc = AddStmtChoice::NotAlwaysAdd);
364 CFGBlock *VisitStmt(Stmt *S, AddStmtChoice asc);
365 CFGBlock *VisitChildren(Stmt *S);
366 CFGBlock *VisitNoRecurse(Expr *E, AddStmtChoice asc);
367
368 // Visitors to walk an AST and generate destructors of temporaries in
369 // full expression.
370 CFGBlock *VisitForTemporaryDtors(Stmt *E, bool BindToTemporary = false);
371 CFGBlock *VisitChildrenForTemporaryDtors(Stmt *E);
372 CFGBlock *VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E);
373 CFGBlock *VisitCXXBindTemporaryExprForTemporaryDtors(CXXBindTemporaryExpr *E,
374 bool BindToTemporary);
375 CFGBlock *
376 VisitConditionalOperatorForTemporaryDtors(AbstractConditionalOperator *E,
377 bool BindToTemporary);
378
379 // NYS == Not Yet Supported
NYS()380 CFGBlock *NYS() {
381 badCFG = true;
382 return Block;
383 }
384
autoCreateBlock()385 void autoCreateBlock() { if (!Block) Block = createBlock(); }
386 CFGBlock *createBlock(bool add_successor = true);
387 CFGBlock *createNoReturnBlock();
388
addStmt(Stmt * S)389 CFGBlock *addStmt(Stmt *S) {
390 return Visit(S, AddStmtChoice::AlwaysAdd);
391 }
392 CFGBlock *addInitializer(CXXCtorInitializer *I);
393 void addAutomaticObjDtors(LocalScope::const_iterator B,
394 LocalScope::const_iterator E, Stmt *S);
395 void addImplicitDtorsForDestructor(const CXXDestructorDecl *DD);
396
397 // Local scopes creation.
398 LocalScope* createOrReuseLocalScope(LocalScope* Scope);
399
400 void addLocalScopeForStmt(Stmt *S);
401 LocalScope* addLocalScopeForDeclStmt(DeclStmt *DS, LocalScope* Scope = NULL);
402 LocalScope* addLocalScopeForVarDecl(VarDecl *VD, LocalScope* Scope = NULL);
403
404 void addLocalScopeAndDtors(Stmt *S);
405
406 // Interface to CFGBlock - adding CFGElements.
appendStmt(CFGBlock * B,const Stmt * S)407 void appendStmt(CFGBlock *B, const Stmt *S) {
408 if (alwaysAdd(S) && cachedEntry)
409 cachedEntry->second = B;
410
411 // All block-level expressions should have already been IgnoreParens()ed.
412 assert(!isa<Expr>(S) || cast<Expr>(S)->IgnoreParens() == S);
413 B->appendStmt(const_cast<Stmt*>(S), cfg->getBumpVectorContext());
414 }
appendInitializer(CFGBlock * B,CXXCtorInitializer * I)415 void appendInitializer(CFGBlock *B, CXXCtorInitializer *I) {
416 B->appendInitializer(I, cfg->getBumpVectorContext());
417 }
appendBaseDtor(CFGBlock * B,const CXXBaseSpecifier * BS)418 void appendBaseDtor(CFGBlock *B, const CXXBaseSpecifier *BS) {
419 B->appendBaseDtor(BS, cfg->getBumpVectorContext());
420 }
appendMemberDtor(CFGBlock * B,FieldDecl * FD)421 void appendMemberDtor(CFGBlock *B, FieldDecl *FD) {
422 B->appendMemberDtor(FD, cfg->getBumpVectorContext());
423 }
appendTemporaryDtor(CFGBlock * B,CXXBindTemporaryExpr * E)424 void appendTemporaryDtor(CFGBlock *B, CXXBindTemporaryExpr *E) {
425 B->appendTemporaryDtor(E, cfg->getBumpVectorContext());
426 }
appendAutomaticObjDtor(CFGBlock * B,VarDecl * VD,Stmt * S)427 void appendAutomaticObjDtor(CFGBlock *B, VarDecl *VD, Stmt *S) {
428 B->appendAutomaticObjDtor(VD, S, cfg->getBumpVectorContext());
429 }
430
431 void prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk,
432 LocalScope::const_iterator B, LocalScope::const_iterator E);
433
addSuccessor(CFGBlock * B,CFGBlock * S)434 void addSuccessor(CFGBlock *B, CFGBlock *S) {
435 B->addSuccessor(S, cfg->getBumpVectorContext());
436 }
437
438 /// Try and evaluate an expression to an integer constant.
tryEvaluate(Expr * S,Expr::EvalResult & outResult)439 bool tryEvaluate(Expr *S, Expr::EvalResult &outResult) {
440 if (!BuildOpts.PruneTriviallyFalseEdges)
441 return false;
442 return !S->isTypeDependent() &&
443 !S->isValueDependent() &&
444 S->EvaluateAsRValue(outResult, *Context);
445 }
446
447 /// tryEvaluateBool - Try and evaluate the Stmt and return 0 or 1
448 /// if we can evaluate to a known value, otherwise return -1.
tryEvaluateBool(Expr * S)449 TryResult tryEvaluateBool(Expr *S) {
450 if (!BuildOpts.PruneTriviallyFalseEdges ||
451 S->isTypeDependent() || S->isValueDependent())
452 return TryResult();
453
454 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(S)) {
455 if (Bop->isLogicalOp()) {
456 // Check the cache first.
457 CachedBoolEvalsTy::iterator I = CachedBoolEvals.find(S);
458 if (I != CachedBoolEvals.end())
459 return I->second; // already in map;
460
461 // Retrieve result at first, or the map might be updated.
462 TryResult Result = evaluateAsBooleanConditionNoCache(S);
463 CachedBoolEvals[S] = Result; // update or insert
464 return Result;
465 }
466 }
467
468 return evaluateAsBooleanConditionNoCache(S);
469 }
470
471 /// \brief Evaluate as boolean \param E without using the cache.
evaluateAsBooleanConditionNoCache(Expr * E)472 TryResult evaluateAsBooleanConditionNoCache(Expr *E) {
473 if (BinaryOperator *Bop = dyn_cast<BinaryOperator>(E)) {
474 if (Bop->isLogicalOp()) {
475 TryResult LHS = tryEvaluateBool(Bop->getLHS());
476 if (LHS.isKnown()) {
477 // We were able to evaluate the LHS, see if we can get away with not
478 // evaluating the RHS: 0 && X -> 0, 1 || X -> 1
479 if (LHS.isTrue() == (Bop->getOpcode() == BO_LOr))
480 return LHS.isTrue();
481
482 TryResult RHS = tryEvaluateBool(Bop->getRHS());
483 if (RHS.isKnown()) {
484 if (Bop->getOpcode() == BO_LOr)
485 return LHS.isTrue() || RHS.isTrue();
486 else
487 return LHS.isTrue() && RHS.isTrue();
488 }
489 } else {
490 TryResult RHS = tryEvaluateBool(Bop->getRHS());
491 if (RHS.isKnown()) {
492 // We can't evaluate the LHS; however, sometimes the result
493 // is determined by the RHS: X && 0 -> 0, X || 1 -> 1.
494 if (RHS.isTrue() == (Bop->getOpcode() == BO_LOr))
495 return RHS.isTrue();
496 }
497 }
498
499 return TryResult();
500 }
501 }
502
503 bool Result;
504 if (E->EvaluateAsBooleanCondition(Result, *Context))
505 return Result;
506
507 return TryResult();
508 }
509
510 };
511
alwaysAdd(CFGBuilder & builder,const Stmt * stmt) const512 inline bool AddStmtChoice::alwaysAdd(CFGBuilder &builder,
513 const Stmt *stmt) const {
514 return builder.alwaysAdd(stmt) || kind == AlwaysAdd;
515 }
516
alwaysAdd(const Stmt * stmt)517 bool CFGBuilder::alwaysAdd(const Stmt *stmt) {
518 bool shouldAdd = BuildOpts.alwaysAdd(stmt);
519
520 if (!BuildOpts.forcedBlkExprs)
521 return shouldAdd;
522
523 if (lastLookup == stmt) {
524 if (cachedEntry) {
525 assert(cachedEntry->first == stmt);
526 return true;
527 }
528 return shouldAdd;
529 }
530
531 lastLookup = stmt;
532
533 // Perform the lookup!
534 CFG::BuildOptions::ForcedBlkExprs *fb = *BuildOpts.forcedBlkExprs;
535
536 if (!fb) {
537 // No need to update 'cachedEntry', since it will always be null.
538 assert(cachedEntry == 0);
539 return shouldAdd;
540 }
541
542 CFG::BuildOptions::ForcedBlkExprs::iterator itr = fb->find(stmt);
543 if (itr == fb->end()) {
544 cachedEntry = 0;
545 return shouldAdd;
546 }
547
548 cachedEntry = &*itr;
549 return true;
550 }
551
552 // FIXME: Add support for dependent-sized array types in C++?
553 // Does it even make sense to build a CFG for an uninstantiated template?
FindVA(const Type * t)554 static const VariableArrayType *FindVA(const Type *t) {
555 while (const ArrayType *vt = dyn_cast<ArrayType>(t)) {
556 if (const VariableArrayType *vat = dyn_cast<VariableArrayType>(vt))
557 if (vat->getSizeExpr())
558 return vat;
559
560 t = vt->getElementType().getTypePtr();
561 }
562
563 return 0;
564 }
565
566 /// BuildCFG - Constructs a CFG from an AST (a Stmt*). The AST can represent an
567 /// arbitrary statement. Examples include a single expression or a function
568 /// body (compound statement). The ownership of the returned CFG is
569 /// transferred to the caller. If CFG construction fails, this method returns
570 /// NULL.
buildCFG(const Decl * D,Stmt * Statement)571 CFG* CFGBuilder::buildCFG(const Decl *D, Stmt *Statement) {
572 assert(cfg.get());
573 if (!Statement)
574 return NULL;
575
576 // Create an empty block that will serve as the exit block for the CFG. Since
577 // this is the first block added to the CFG, it will be implicitly registered
578 // as the exit block.
579 Succ = createBlock();
580 assert(Succ == &cfg->getExit());
581 Block = NULL; // the EXIT block is empty. Create all other blocks lazily.
582
583 if (BuildOpts.AddImplicitDtors)
584 if (const CXXDestructorDecl *DD = dyn_cast_or_null<CXXDestructorDecl>(D))
585 addImplicitDtorsForDestructor(DD);
586
587 // Visit the statements and create the CFG.
588 CFGBlock *B = addStmt(Statement);
589
590 if (badCFG)
591 return NULL;
592
593 // For C++ constructor add initializers to CFG.
594 if (const CXXConstructorDecl *CD = dyn_cast_or_null<CXXConstructorDecl>(D)) {
595 for (CXXConstructorDecl::init_const_reverse_iterator I = CD->init_rbegin(),
596 E = CD->init_rend(); I != E; ++I) {
597 B = addInitializer(*I);
598 if (badCFG)
599 return NULL;
600 }
601 }
602
603 if (B)
604 Succ = B;
605
606 // Backpatch the gotos whose label -> block mappings we didn't know when we
607 // encountered them.
608 for (BackpatchBlocksTy::iterator I = BackpatchBlocks.begin(),
609 E = BackpatchBlocks.end(); I != E; ++I ) {
610
611 CFGBlock *B = I->block;
612 GotoStmt *G = cast<GotoStmt>(B->getTerminator());
613 LabelMapTy::iterator LI = LabelMap.find(G->getLabel());
614
615 // If there is no target for the goto, then we are looking at an
616 // incomplete AST. Handle this by not registering a successor.
617 if (LI == LabelMap.end()) continue;
618
619 JumpTarget JT = LI->second;
620 prependAutomaticObjDtorsWithTerminator(B, I->scopePosition,
621 JT.scopePosition);
622 addSuccessor(B, JT.block);
623 }
624
625 // Add successors to the Indirect Goto Dispatch block (if we have one).
626 if (CFGBlock *B = cfg->getIndirectGotoBlock())
627 for (LabelSetTy::iterator I = AddressTakenLabels.begin(),
628 E = AddressTakenLabels.end(); I != E; ++I ) {
629
630 // Lookup the target block.
631 LabelMapTy::iterator LI = LabelMap.find(*I);
632
633 // If there is no target block that contains label, then we are looking
634 // at an incomplete AST. Handle this by not registering a successor.
635 if (LI == LabelMap.end()) continue;
636
637 addSuccessor(B, LI->second.block);
638 }
639
640 // Create an empty entry block that has no predecessors.
641 cfg->setEntry(createBlock());
642
643 return cfg.take();
644 }
645
646 /// createBlock - Used to lazily create blocks that are connected
647 /// to the current (global) succcessor.
createBlock(bool add_successor)648 CFGBlock *CFGBuilder::createBlock(bool add_successor) {
649 CFGBlock *B = cfg->createBlock();
650 if (add_successor && Succ)
651 addSuccessor(B, Succ);
652 return B;
653 }
654
655 /// createNoReturnBlock - Used to create a block is a 'noreturn' point in the
656 /// CFG. It is *not* connected to the current (global) successor, and instead
657 /// directly tied to the exit block in order to be reachable.
createNoReturnBlock()658 CFGBlock *CFGBuilder::createNoReturnBlock() {
659 CFGBlock *B = createBlock(false);
660 B->setHasNoReturnElement();
661 addSuccessor(B, &cfg->getExit());
662 return B;
663 }
664
665 /// addInitializer - Add C++ base or member initializer element to CFG.
addInitializer(CXXCtorInitializer * I)666 CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) {
667 if (!BuildOpts.AddInitializers)
668 return Block;
669
670 bool IsReference = false;
671 bool HasTemporaries = false;
672
673 // Destructors of temporaries in initialization expression should be called
674 // after initialization finishes.
675 Expr *Init = I->getInit();
676 if (Init) {
677 if (FieldDecl *FD = I->getAnyMember())
678 IsReference = FD->getType()->isReferenceType();
679 HasTemporaries = isa<ExprWithCleanups>(Init);
680
681 if (BuildOpts.AddImplicitDtors && HasTemporaries) {
682 // Generate destructors for temporaries in initialization expression.
683 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(),
684 IsReference);
685 }
686 }
687
688 autoCreateBlock();
689 appendInitializer(Block, I);
690
691 if (Init) {
692 if (HasTemporaries) {
693 // For expression with temporaries go directly to subexpression to omit
694 // generating destructors for the second time.
695 return Visit(cast<ExprWithCleanups>(Init)->getSubExpr());
696 }
697 return Visit(Init);
698 }
699
700 return Block;
701 }
702
703 /// \brief Retrieve the type of the temporary object whose lifetime was
704 /// extended by a local reference with the given initializer.
getReferenceInitTemporaryType(ASTContext & Context,const Expr * Init)705 static QualType getReferenceInitTemporaryType(ASTContext &Context,
706 const Expr *Init) {
707 while (true) {
708 // Skip parentheses.
709 Init = Init->IgnoreParens();
710
711 // Skip through cleanups.
712 if (const ExprWithCleanups *EWC = dyn_cast<ExprWithCleanups>(Init)) {
713 Init = EWC->getSubExpr();
714 continue;
715 }
716
717 // Skip through the temporary-materialization expression.
718 if (const MaterializeTemporaryExpr *MTE
719 = dyn_cast<MaterializeTemporaryExpr>(Init)) {
720 Init = MTE->GetTemporaryExpr();
721 continue;
722 }
723
724 // Skip derived-to-base and no-op casts.
725 if (const CastExpr *CE = dyn_cast<CastExpr>(Init)) {
726 if ((CE->getCastKind() == CK_DerivedToBase ||
727 CE->getCastKind() == CK_UncheckedDerivedToBase ||
728 CE->getCastKind() == CK_NoOp) &&
729 Init->getType()->isRecordType()) {
730 Init = CE->getSubExpr();
731 continue;
732 }
733 }
734
735 // Skip member accesses into rvalues.
736 if (const MemberExpr *ME = dyn_cast<MemberExpr>(Init)) {
737 if (!ME->isArrow() && ME->getBase()->isRValue()) {
738 Init = ME->getBase();
739 continue;
740 }
741 }
742
743 break;
744 }
745
746 return Init->getType();
747 }
748
749 /// addAutomaticObjDtors - Add to current block automatic objects destructors
750 /// for objects in range of local scope positions. Use S as trigger statement
751 /// for destructors.
addAutomaticObjDtors(LocalScope::const_iterator B,LocalScope::const_iterator E,Stmt * S)752 void CFGBuilder::addAutomaticObjDtors(LocalScope::const_iterator B,
753 LocalScope::const_iterator E, Stmt *S) {
754 if (!BuildOpts.AddImplicitDtors)
755 return;
756
757 if (B == E)
758 return;
759
760 // We need to append the destructors in reverse order, but any one of them
761 // may be a no-return destructor which changes the CFG. As a result, buffer
762 // this sequence up and replay them in reverse order when appending onto the
763 // CFGBlock(s).
764 SmallVector<VarDecl*, 10> Decls;
765 Decls.reserve(B.distance(E));
766 for (LocalScope::const_iterator I = B; I != E; ++I)
767 Decls.push_back(*I);
768
769 for (SmallVectorImpl<VarDecl*>::reverse_iterator I = Decls.rbegin(),
770 E = Decls.rend();
771 I != E; ++I) {
772 // If this destructor is marked as a no-return destructor, we need to
773 // create a new block for the destructor which does not have as a successor
774 // anything built thus far: control won't flow out of this block.
775 QualType Ty;
776 if ((*I)->getType()->isReferenceType()) {
777 Ty = getReferenceInitTemporaryType(*Context, (*I)->getInit());
778 } else {
779 Ty = Context->getBaseElementType((*I)->getType());
780 }
781
782 const CXXDestructorDecl *Dtor = Ty->getAsCXXRecordDecl()->getDestructor();
783 if (cast<FunctionType>(Dtor->getType())->getNoReturnAttr())
784 Block = createNoReturnBlock();
785 else
786 autoCreateBlock();
787
788 appendAutomaticObjDtor(Block, *I, S);
789 }
790 }
791
792 /// addImplicitDtorsForDestructor - Add implicit destructors generated for
793 /// base and member objects in destructor.
addImplicitDtorsForDestructor(const CXXDestructorDecl * DD)794 void CFGBuilder::addImplicitDtorsForDestructor(const CXXDestructorDecl *DD) {
795 assert (BuildOpts.AddImplicitDtors
796 && "Can be called only when dtors should be added");
797 const CXXRecordDecl *RD = DD->getParent();
798
799 // At the end destroy virtual base objects.
800 for (CXXRecordDecl::base_class_const_iterator VI = RD->vbases_begin(),
801 VE = RD->vbases_end(); VI != VE; ++VI) {
802 const CXXRecordDecl *CD = VI->getType()->getAsCXXRecordDecl();
803 if (!CD->hasTrivialDestructor()) {
804 autoCreateBlock();
805 appendBaseDtor(Block, VI);
806 }
807 }
808
809 // Before virtual bases destroy direct base objects.
810 for (CXXRecordDecl::base_class_const_iterator BI = RD->bases_begin(),
811 BE = RD->bases_end(); BI != BE; ++BI) {
812 if (!BI->isVirtual()) {
813 const CXXRecordDecl *CD = BI->getType()->getAsCXXRecordDecl();
814 if (!CD->hasTrivialDestructor()) {
815 autoCreateBlock();
816 appendBaseDtor(Block, BI);
817 }
818 }
819 }
820
821 // First destroy member objects.
822 for (CXXRecordDecl::field_iterator FI = RD->field_begin(),
823 FE = RD->field_end(); FI != FE; ++FI) {
824 // Check for constant size array. Set type to array element type.
825 QualType QT = FI->getType();
826 if (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) {
827 if (AT->getSize() == 0)
828 continue;
829 QT = AT->getElementType();
830 }
831
832 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl())
833 if (!CD->hasTrivialDestructor()) {
834 autoCreateBlock();
835 appendMemberDtor(Block, *FI);
836 }
837 }
838 }
839
840 /// createOrReuseLocalScope - If Scope is NULL create new LocalScope. Either
841 /// way return valid LocalScope object.
createOrReuseLocalScope(LocalScope * Scope)842 LocalScope* CFGBuilder::createOrReuseLocalScope(LocalScope* Scope) {
843 if (!Scope) {
844 llvm::BumpPtrAllocator &alloc = cfg->getAllocator();
845 Scope = alloc.Allocate<LocalScope>();
846 BumpVectorContext ctx(alloc);
847 new (Scope) LocalScope(ctx, ScopePos);
848 }
849 return Scope;
850 }
851
852 /// addLocalScopeForStmt - Add LocalScope to local scopes tree for statement
853 /// that should create implicit scope (e.g. if/else substatements).
addLocalScopeForStmt(Stmt * S)854 void CFGBuilder::addLocalScopeForStmt(Stmt *S) {
855 if (!BuildOpts.AddImplicitDtors)
856 return;
857
858 LocalScope *Scope = 0;
859
860 // For compound statement we will be creating explicit scope.
861 if (CompoundStmt *CS = dyn_cast<CompoundStmt>(S)) {
862 for (CompoundStmt::body_iterator BI = CS->body_begin(), BE = CS->body_end()
863 ; BI != BE; ++BI) {
864 Stmt *SI = (*BI)->stripLabelLikeStatements();
865 if (DeclStmt *DS = dyn_cast<DeclStmt>(SI))
866 Scope = addLocalScopeForDeclStmt(DS, Scope);
867 }
868 return;
869 }
870
871 // For any other statement scope will be implicit and as such will be
872 // interesting only for DeclStmt.
873 if (DeclStmt *DS = dyn_cast<DeclStmt>(S->stripLabelLikeStatements()))
874 addLocalScopeForDeclStmt(DS);
875 }
876
877 /// addLocalScopeForDeclStmt - Add LocalScope for declaration statement. Will
878 /// reuse Scope if not NULL.
addLocalScopeForDeclStmt(DeclStmt * DS,LocalScope * Scope)879 LocalScope* CFGBuilder::addLocalScopeForDeclStmt(DeclStmt *DS,
880 LocalScope* Scope) {
881 if (!BuildOpts.AddImplicitDtors)
882 return Scope;
883
884 for (DeclStmt::decl_iterator DI = DS->decl_begin(), DE = DS->decl_end()
885 ; DI != DE; ++DI) {
886 if (VarDecl *VD = dyn_cast<VarDecl>(*DI))
887 Scope = addLocalScopeForVarDecl(VD, Scope);
888 }
889 return Scope;
890 }
891
892 /// addLocalScopeForVarDecl - Add LocalScope for variable declaration. It will
893 /// create add scope for automatic objects and temporary objects bound to
894 /// const reference. Will reuse Scope if not NULL.
addLocalScopeForVarDecl(VarDecl * VD,LocalScope * Scope)895 LocalScope* CFGBuilder::addLocalScopeForVarDecl(VarDecl *VD,
896 LocalScope* Scope) {
897 if (!BuildOpts.AddImplicitDtors)
898 return Scope;
899
900 // Check if variable is local.
901 switch (VD->getStorageClass()) {
902 case SC_None:
903 case SC_Auto:
904 case SC_Register:
905 break;
906 default: return Scope;
907 }
908
909 // Check for const references bound to temporary. Set type to pointee.
910 QualType QT = VD->getType();
911 if (QT.getTypePtr()->isReferenceType()) {
912 if (!VD->extendsLifetimeOfTemporary())
913 return Scope;
914
915 QT = getReferenceInitTemporaryType(*Context, VD->getInit());
916 }
917
918 // Check for constant size array. Set type to array element type.
919 while (const ConstantArrayType *AT = Context->getAsConstantArrayType(QT)) {
920 if (AT->getSize() == 0)
921 return Scope;
922 QT = AT->getElementType();
923 }
924
925 // Check if type is a C++ class with non-trivial destructor.
926 if (const CXXRecordDecl *CD = QT->getAsCXXRecordDecl())
927 if (!CD->hasTrivialDestructor()) {
928 // Add the variable to scope
929 Scope = createOrReuseLocalScope(Scope);
930 Scope->addVar(VD);
931 ScopePos = Scope->begin();
932 }
933 return Scope;
934 }
935
936 /// addLocalScopeAndDtors - For given statement add local scope for it and
937 /// add destructors that will cleanup the scope. Will reuse Scope if not NULL.
addLocalScopeAndDtors(Stmt * S)938 void CFGBuilder::addLocalScopeAndDtors(Stmt *S) {
939 if (!BuildOpts.AddImplicitDtors)
940 return;
941
942 LocalScope::const_iterator scopeBeginPos = ScopePos;
943 addLocalScopeForStmt(S);
944 addAutomaticObjDtors(ScopePos, scopeBeginPos, S);
945 }
946
947 /// prependAutomaticObjDtorsWithTerminator - Prepend destructor CFGElements for
948 /// variables with automatic storage duration to CFGBlock's elements vector.
949 /// Elements will be prepended to physical beginning of the vector which
950 /// happens to be logical end. Use blocks terminator as statement that specifies
951 /// destructors call site.
952 /// FIXME: This mechanism for adding automatic destructors doesn't handle
953 /// no-return destructors properly.
prependAutomaticObjDtorsWithTerminator(CFGBlock * Blk,LocalScope::const_iterator B,LocalScope::const_iterator E)954 void CFGBuilder::prependAutomaticObjDtorsWithTerminator(CFGBlock *Blk,
955 LocalScope::const_iterator B, LocalScope::const_iterator E) {
956 BumpVectorContext &C = cfg->getBumpVectorContext();
957 CFGBlock::iterator InsertPos
958 = Blk->beginAutomaticObjDtorsInsert(Blk->end(), B.distance(E), C);
959 for (LocalScope::const_iterator I = B; I != E; ++I)
960 InsertPos = Blk->insertAutomaticObjDtor(InsertPos, *I,
961 Blk->getTerminator());
962 }
963
964 /// Visit - Walk the subtree of a statement and add extra
965 /// blocks for ternary operators, &&, and ||. We also process "," and
966 /// DeclStmts (which may contain nested control-flow).
Visit(Stmt * S,AddStmtChoice asc)967 CFGBlock *CFGBuilder::Visit(Stmt * S, AddStmtChoice asc) {
968 if (!S) {
969 badCFG = true;
970 return 0;
971 }
972
973 if (Expr *E = dyn_cast<Expr>(S))
974 S = E->IgnoreParens();
975
976 switch (S->getStmtClass()) {
977 default:
978 return VisitStmt(S, asc);
979
980 case Stmt::AddrLabelExprClass:
981 return VisitAddrLabelExpr(cast<AddrLabelExpr>(S), asc);
982
983 case Stmt::BinaryConditionalOperatorClass:
984 return VisitConditionalOperator(cast<BinaryConditionalOperator>(S), asc);
985
986 case Stmt::BinaryOperatorClass:
987 return VisitBinaryOperator(cast<BinaryOperator>(S), asc);
988
989 case Stmt::BlockExprClass:
990 return VisitNoRecurse(cast<Expr>(S), asc);
991
992 case Stmt::BreakStmtClass:
993 return VisitBreakStmt(cast<BreakStmt>(S));
994
995 case Stmt::CallExprClass:
996 case Stmt::CXXOperatorCallExprClass:
997 case Stmt::CXXMemberCallExprClass:
998 case Stmt::UserDefinedLiteralClass:
999 return VisitCallExpr(cast<CallExpr>(S), asc);
1000
1001 case Stmt::CaseStmtClass:
1002 return VisitCaseStmt(cast<CaseStmt>(S));
1003
1004 case Stmt::ChooseExprClass:
1005 return VisitChooseExpr(cast<ChooseExpr>(S), asc);
1006
1007 case Stmt::CompoundStmtClass:
1008 return VisitCompoundStmt(cast<CompoundStmt>(S));
1009
1010 case Stmt::ConditionalOperatorClass:
1011 return VisitConditionalOperator(cast<ConditionalOperator>(S), asc);
1012
1013 case Stmt::ContinueStmtClass:
1014 return VisitContinueStmt(cast<ContinueStmt>(S));
1015
1016 case Stmt::CXXCatchStmtClass:
1017 return VisitCXXCatchStmt(cast<CXXCatchStmt>(S));
1018
1019 case Stmt::ExprWithCleanupsClass:
1020 return VisitExprWithCleanups(cast<ExprWithCleanups>(S), asc);
1021
1022 case Stmt::CXXBindTemporaryExprClass:
1023 return VisitCXXBindTemporaryExpr(cast<CXXBindTemporaryExpr>(S), asc);
1024
1025 case Stmt::CXXConstructExprClass:
1026 return VisitCXXConstructExpr(cast<CXXConstructExpr>(S), asc);
1027
1028 case Stmt::CXXFunctionalCastExprClass:
1029 return VisitCXXFunctionalCastExpr(cast<CXXFunctionalCastExpr>(S), asc);
1030
1031 case Stmt::CXXTemporaryObjectExprClass:
1032 return VisitCXXTemporaryObjectExpr(cast<CXXTemporaryObjectExpr>(S), asc);
1033
1034 case Stmt::CXXThrowExprClass:
1035 return VisitCXXThrowExpr(cast<CXXThrowExpr>(S));
1036
1037 case Stmt::CXXTryStmtClass:
1038 return VisitCXXTryStmt(cast<CXXTryStmt>(S));
1039
1040 case Stmt::CXXForRangeStmtClass:
1041 return VisitCXXForRangeStmt(cast<CXXForRangeStmt>(S));
1042
1043 case Stmt::DeclStmtClass:
1044 return VisitDeclStmt(cast<DeclStmt>(S));
1045
1046 case Stmt::DefaultStmtClass:
1047 return VisitDefaultStmt(cast<DefaultStmt>(S));
1048
1049 case Stmt::DoStmtClass:
1050 return VisitDoStmt(cast<DoStmt>(S));
1051
1052 case Stmt::ForStmtClass:
1053 return VisitForStmt(cast<ForStmt>(S));
1054
1055 case Stmt::GotoStmtClass:
1056 return VisitGotoStmt(cast<GotoStmt>(S));
1057
1058 case Stmt::IfStmtClass:
1059 return VisitIfStmt(cast<IfStmt>(S));
1060
1061 case Stmt::ImplicitCastExprClass:
1062 return VisitImplicitCastExpr(cast<ImplicitCastExpr>(S), asc);
1063
1064 case Stmt::IndirectGotoStmtClass:
1065 return VisitIndirectGotoStmt(cast<IndirectGotoStmt>(S));
1066
1067 case Stmt::LabelStmtClass:
1068 return VisitLabelStmt(cast<LabelStmt>(S));
1069
1070 case Stmt::LambdaExprClass:
1071 return VisitLambdaExpr(cast<LambdaExpr>(S), asc);
1072
1073 case Stmt::AttributedStmtClass:
1074 return Visit(cast<AttributedStmt>(S)->getSubStmt(), asc);
1075
1076 case Stmt::MemberExprClass:
1077 return VisitMemberExpr(cast<MemberExpr>(S), asc);
1078
1079 case Stmt::NullStmtClass:
1080 return Block;
1081
1082 case Stmt::ObjCAtCatchStmtClass:
1083 return VisitObjCAtCatchStmt(cast<ObjCAtCatchStmt>(S));
1084
1085 case Stmt::ObjCAutoreleasePoolStmtClass:
1086 return VisitObjCAutoreleasePoolStmt(cast<ObjCAutoreleasePoolStmt>(S));
1087
1088 case Stmt::ObjCAtSynchronizedStmtClass:
1089 return VisitObjCAtSynchronizedStmt(cast<ObjCAtSynchronizedStmt>(S));
1090
1091 case Stmt::ObjCAtThrowStmtClass:
1092 return VisitObjCAtThrowStmt(cast<ObjCAtThrowStmt>(S));
1093
1094 case Stmt::ObjCAtTryStmtClass:
1095 return VisitObjCAtTryStmt(cast<ObjCAtTryStmt>(S));
1096
1097 case Stmt::ObjCForCollectionStmtClass:
1098 return VisitObjCForCollectionStmt(cast<ObjCForCollectionStmt>(S));
1099
1100 case Stmt::OpaqueValueExprClass:
1101 return Block;
1102
1103 case Stmt::PseudoObjectExprClass:
1104 return VisitPseudoObjectExpr(cast<PseudoObjectExpr>(S));
1105
1106 case Stmt::ReturnStmtClass:
1107 return VisitReturnStmt(cast<ReturnStmt>(S));
1108
1109 case Stmt::UnaryExprOrTypeTraitExprClass:
1110 return VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S),
1111 asc);
1112
1113 case Stmt::StmtExprClass:
1114 return VisitStmtExpr(cast<StmtExpr>(S), asc);
1115
1116 case Stmt::SwitchStmtClass:
1117 return VisitSwitchStmt(cast<SwitchStmt>(S));
1118
1119 case Stmt::UnaryOperatorClass:
1120 return VisitUnaryOperator(cast<UnaryOperator>(S), asc);
1121
1122 case Stmt::WhileStmtClass:
1123 return VisitWhileStmt(cast<WhileStmt>(S));
1124 }
1125 }
1126
VisitStmt(Stmt * S,AddStmtChoice asc)1127 CFGBlock *CFGBuilder::VisitStmt(Stmt *S, AddStmtChoice asc) {
1128 if (asc.alwaysAdd(*this, S)) {
1129 autoCreateBlock();
1130 appendStmt(Block, S);
1131 }
1132
1133 return VisitChildren(S);
1134 }
1135
1136 /// VisitChildren - Visit the children of a Stmt.
VisitChildren(Stmt * Terminator)1137 CFGBlock *CFGBuilder::VisitChildren(Stmt *Terminator) {
1138 CFGBlock *lastBlock = Block;
1139 for (Stmt::child_range I = Terminator->children(); I; ++I)
1140 if (Stmt *child = *I)
1141 if (CFGBlock *b = Visit(child))
1142 lastBlock = b;
1143
1144 return lastBlock;
1145 }
1146
VisitAddrLabelExpr(AddrLabelExpr * A,AddStmtChoice asc)1147 CFGBlock *CFGBuilder::VisitAddrLabelExpr(AddrLabelExpr *A,
1148 AddStmtChoice asc) {
1149 AddressTakenLabels.insert(A->getLabel());
1150
1151 if (asc.alwaysAdd(*this, A)) {
1152 autoCreateBlock();
1153 appendStmt(Block, A);
1154 }
1155
1156 return Block;
1157 }
1158
VisitUnaryOperator(UnaryOperator * U,AddStmtChoice asc)1159 CFGBlock *CFGBuilder::VisitUnaryOperator(UnaryOperator *U,
1160 AddStmtChoice asc) {
1161 if (asc.alwaysAdd(*this, U)) {
1162 autoCreateBlock();
1163 appendStmt(Block, U);
1164 }
1165
1166 return Visit(U->getSubExpr(), AddStmtChoice());
1167 }
1168
VisitBinaryOperator(BinaryOperator * B,AddStmtChoice asc)1169 CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B,
1170 AddStmtChoice asc) {
1171 if (B->isLogicalOp()) { // && or ||
1172 CFGBlock *ConfluenceBlock = Block ? Block : createBlock();
1173 appendStmt(ConfluenceBlock, B);
1174
1175 if (badCFG)
1176 return 0;
1177
1178 // create the block evaluating the LHS
1179 CFGBlock *LHSBlock = createBlock(false);
1180 LHSBlock->setTerminator(B);
1181
1182 // create the block evaluating the RHS
1183 Succ = ConfluenceBlock;
1184 Block = NULL;
1185 CFGBlock *RHSBlock = addStmt(B->getRHS());
1186
1187 if (RHSBlock) {
1188 if (badCFG)
1189 return 0;
1190 } else {
1191 // Create an empty block for cases where the RHS doesn't require
1192 // any explicit statements in the CFG.
1193 RHSBlock = createBlock();
1194 }
1195
1196 // Generate the blocks for evaluating the LHS.
1197 Block = LHSBlock;
1198 CFGBlock *EntryLHSBlock = addStmt(B->getLHS());
1199
1200 // See if this is a known constant.
1201 TryResult KnownVal = tryEvaluateBool(B->getLHS());
1202 if (KnownVal.isKnown() && (B->getOpcode() == BO_LOr))
1203 KnownVal.negate();
1204
1205 // Now link the LHSBlock with RHSBlock.
1206 if (B->getOpcode() == BO_LOr) {
1207 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock);
1208 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock);
1209 } else {
1210 assert(B->getOpcode() == BO_LAnd);
1211 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock);
1212 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock);
1213 }
1214
1215 return EntryLHSBlock;
1216 }
1217
1218 if (B->getOpcode() == BO_Comma) { // ,
1219 autoCreateBlock();
1220 appendStmt(Block, B);
1221 addStmt(B->getRHS());
1222 return addStmt(B->getLHS());
1223 }
1224
1225 if (B->isAssignmentOp()) {
1226 if (asc.alwaysAdd(*this, B)) {
1227 autoCreateBlock();
1228 appendStmt(Block, B);
1229 }
1230 Visit(B->getLHS());
1231 return Visit(B->getRHS());
1232 }
1233
1234 if (asc.alwaysAdd(*this, B)) {
1235 autoCreateBlock();
1236 appendStmt(Block, B);
1237 }
1238
1239 CFGBlock *RBlock = Visit(B->getRHS());
1240 CFGBlock *LBlock = Visit(B->getLHS());
1241 // If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr
1242 // containing a DoStmt, and the LHS doesn't create a new block, then we should
1243 // return RBlock. Otherwise we'll incorrectly return NULL.
1244 return (LBlock ? LBlock : RBlock);
1245 }
1246
VisitNoRecurse(Expr * E,AddStmtChoice asc)1247 CFGBlock *CFGBuilder::VisitNoRecurse(Expr *E, AddStmtChoice asc) {
1248 if (asc.alwaysAdd(*this, E)) {
1249 autoCreateBlock();
1250 appendStmt(Block, E);
1251 }
1252 return Block;
1253 }
1254
VisitBreakStmt(BreakStmt * B)1255 CFGBlock *CFGBuilder::VisitBreakStmt(BreakStmt *B) {
1256 // "break" is a control-flow statement. Thus we stop processing the current
1257 // block.
1258 if (badCFG)
1259 return 0;
1260
1261 // Now create a new block that ends with the break statement.
1262 Block = createBlock(false);
1263 Block->setTerminator(B);
1264
1265 // If there is no target for the break, then we are looking at an incomplete
1266 // AST. This means that the CFG cannot be constructed.
1267 if (BreakJumpTarget.block) {
1268 addAutomaticObjDtors(ScopePos, BreakJumpTarget.scopePosition, B);
1269 addSuccessor(Block, BreakJumpTarget.block);
1270 } else
1271 badCFG = true;
1272
1273
1274 return Block;
1275 }
1276
CanThrow(Expr * E,ASTContext & Ctx)1277 static bool CanThrow(Expr *E, ASTContext &Ctx) {
1278 QualType Ty = E->getType();
1279 if (Ty->isFunctionPointerType())
1280 Ty = Ty->getAs<PointerType>()->getPointeeType();
1281 else if (Ty->isBlockPointerType())
1282 Ty = Ty->getAs<BlockPointerType>()->getPointeeType();
1283
1284 const FunctionType *FT = Ty->getAs<FunctionType>();
1285 if (FT) {
1286 if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT))
1287 if (Proto->getExceptionSpecType() != EST_Uninstantiated &&
1288 Proto->isNothrow(Ctx))
1289 return false;
1290 }
1291 return true;
1292 }
1293
VisitCallExpr(CallExpr * C,AddStmtChoice asc)1294 CFGBlock *CFGBuilder::VisitCallExpr(CallExpr *C, AddStmtChoice asc) {
1295 // Compute the callee type.
1296 QualType calleeType = C->getCallee()->getType();
1297 if (calleeType == Context->BoundMemberTy) {
1298 QualType boundType = Expr::findBoundMemberType(C->getCallee());
1299
1300 // We should only get a null bound type if processing a dependent
1301 // CFG. Recover by assuming nothing.
1302 if (!boundType.isNull()) calleeType = boundType;
1303 }
1304
1305 // If this is a call to a no-return function, this stops the block here.
1306 bool NoReturn = getFunctionExtInfo(*calleeType).getNoReturn();
1307
1308 bool AddEHEdge = false;
1309
1310 // Languages without exceptions are assumed to not throw.
1311 if (Context->getLangOpts().Exceptions) {
1312 if (BuildOpts.AddEHEdges)
1313 AddEHEdge = true;
1314 }
1315
1316 if (FunctionDecl *FD = C->getDirectCallee()) {
1317 if (FD->hasAttr<NoReturnAttr>())
1318 NoReturn = true;
1319 if (FD->hasAttr<NoThrowAttr>())
1320 AddEHEdge = false;
1321 }
1322
1323 if (!CanThrow(C->getCallee(), *Context))
1324 AddEHEdge = false;
1325
1326 if (!NoReturn && !AddEHEdge)
1327 return VisitStmt(C, asc.withAlwaysAdd(true));
1328
1329 if (Block) {
1330 Succ = Block;
1331 if (badCFG)
1332 return 0;
1333 }
1334
1335 if (NoReturn)
1336 Block = createNoReturnBlock();
1337 else
1338 Block = createBlock();
1339
1340 appendStmt(Block, C);
1341
1342 if (AddEHEdge) {
1343 // Add exceptional edges.
1344 if (TryTerminatedBlock)
1345 addSuccessor(Block, TryTerminatedBlock);
1346 else
1347 addSuccessor(Block, &cfg->getExit());
1348 }
1349
1350 return VisitChildren(C);
1351 }
1352
VisitChooseExpr(ChooseExpr * C,AddStmtChoice asc)1353 CFGBlock *CFGBuilder::VisitChooseExpr(ChooseExpr *C,
1354 AddStmtChoice asc) {
1355 CFGBlock *ConfluenceBlock = Block ? Block : createBlock();
1356 appendStmt(ConfluenceBlock, C);
1357 if (badCFG)
1358 return 0;
1359
1360 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true);
1361 Succ = ConfluenceBlock;
1362 Block = NULL;
1363 CFGBlock *LHSBlock = Visit(C->getLHS(), alwaysAdd);
1364 if (badCFG)
1365 return 0;
1366
1367 Succ = ConfluenceBlock;
1368 Block = NULL;
1369 CFGBlock *RHSBlock = Visit(C->getRHS(), alwaysAdd);
1370 if (badCFG)
1371 return 0;
1372
1373 Block = createBlock(false);
1374 // See if this is a known constant.
1375 const TryResult& KnownVal = tryEvaluateBool(C->getCond());
1376 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock);
1377 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock);
1378 Block->setTerminator(C);
1379 return addStmt(C->getCond());
1380 }
1381
1382
VisitCompoundStmt(CompoundStmt * C)1383 CFGBlock *CFGBuilder::VisitCompoundStmt(CompoundStmt *C) {
1384 addLocalScopeAndDtors(C);
1385 CFGBlock *LastBlock = Block;
1386
1387 for (CompoundStmt::reverse_body_iterator I=C->body_rbegin(), E=C->body_rend();
1388 I != E; ++I ) {
1389 // If we hit a segment of code just containing ';' (NullStmts), we can
1390 // get a null block back. In such cases, just use the LastBlock
1391 if (CFGBlock *newBlock = addStmt(*I))
1392 LastBlock = newBlock;
1393
1394 if (badCFG)
1395 return NULL;
1396 }
1397
1398 return LastBlock;
1399 }
1400
VisitConditionalOperator(AbstractConditionalOperator * C,AddStmtChoice asc)1401 CFGBlock *CFGBuilder::VisitConditionalOperator(AbstractConditionalOperator *C,
1402 AddStmtChoice asc) {
1403 const BinaryConditionalOperator *BCO = dyn_cast<BinaryConditionalOperator>(C);
1404 const OpaqueValueExpr *opaqueValue = (BCO ? BCO->getOpaqueValue() : NULL);
1405
1406 // Create the confluence block that will "merge" the results of the ternary
1407 // expression.
1408 CFGBlock *ConfluenceBlock = Block ? Block : createBlock();
1409 appendStmt(ConfluenceBlock, C);
1410 if (badCFG)
1411 return 0;
1412
1413 AddStmtChoice alwaysAdd = asc.withAlwaysAdd(true);
1414
1415 // Create a block for the LHS expression if there is an LHS expression. A
1416 // GCC extension allows LHS to be NULL, causing the condition to be the
1417 // value that is returned instead.
1418 // e.g: x ?: y is shorthand for: x ? x : y;
1419 Succ = ConfluenceBlock;
1420 Block = NULL;
1421 CFGBlock *LHSBlock = 0;
1422 const Expr *trueExpr = C->getTrueExpr();
1423 if (trueExpr != opaqueValue) {
1424 LHSBlock = Visit(C->getTrueExpr(), alwaysAdd);
1425 if (badCFG)
1426 return 0;
1427 Block = NULL;
1428 }
1429 else
1430 LHSBlock = ConfluenceBlock;
1431
1432 // Create the block for the RHS expression.
1433 Succ = ConfluenceBlock;
1434 CFGBlock *RHSBlock = Visit(C->getFalseExpr(), alwaysAdd);
1435 if (badCFG)
1436 return 0;
1437
1438 // Create the block that will contain the condition.
1439 Block = createBlock(false);
1440
1441 // See if this is a known constant.
1442 const TryResult& KnownVal = tryEvaluateBool(C->getCond());
1443 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock);
1444 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock);
1445 Block->setTerminator(C);
1446 Expr *condExpr = C->getCond();
1447
1448 if (opaqueValue) {
1449 // Run the condition expression if it's not trivially expressed in
1450 // terms of the opaque value (or if there is no opaque value).
1451 if (condExpr != opaqueValue)
1452 addStmt(condExpr);
1453
1454 // Before that, run the common subexpression if there was one.
1455 // At least one of this or the above will be run.
1456 return addStmt(BCO->getCommon());
1457 }
1458
1459 return addStmt(condExpr);
1460 }
1461
VisitDeclStmt(DeclStmt * DS)1462 CFGBlock *CFGBuilder::VisitDeclStmt(DeclStmt *DS) {
1463 // Check if the Decl is for an __label__. If so, elide it from the
1464 // CFG entirely.
1465 if (isa<LabelDecl>(*DS->decl_begin()))
1466 return Block;
1467
1468 // This case also handles static_asserts.
1469 if (DS->isSingleDecl())
1470 return VisitDeclSubExpr(DS);
1471
1472 CFGBlock *B = 0;
1473
1474 // FIXME: Add a reverse iterator for DeclStmt to avoid this extra copy.
1475 typedef SmallVector<Decl*,10> BufTy;
1476 BufTy Buf(DS->decl_begin(), DS->decl_end());
1477
1478 for (BufTy::reverse_iterator I = Buf.rbegin(), E = Buf.rend(); I != E; ++I) {
1479 // Get the alignment of the new DeclStmt, padding out to >=8 bytes.
1480 unsigned A = llvm::AlignOf<DeclStmt>::Alignment < 8
1481 ? 8 : llvm::AlignOf<DeclStmt>::Alignment;
1482
1483 // Allocate the DeclStmt using the BumpPtrAllocator. It will get
1484 // automatically freed with the CFG.
1485 DeclGroupRef DG(*I);
1486 Decl *D = *I;
1487 void *Mem = cfg->getAllocator().Allocate(sizeof(DeclStmt), A);
1488 DeclStmt *DSNew = new (Mem) DeclStmt(DG, D->getLocation(), GetEndLoc(D));
1489
1490 // Append the fake DeclStmt to block.
1491 B = VisitDeclSubExpr(DSNew);
1492 }
1493
1494 return B;
1495 }
1496
1497 /// VisitDeclSubExpr - Utility method to add block-level expressions for
1498 /// DeclStmts and initializers in them.
VisitDeclSubExpr(DeclStmt * DS)1499 CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) {
1500 assert(DS->isSingleDecl() && "Can handle single declarations only.");
1501 Decl *D = DS->getSingleDecl();
1502
1503 if (isa<StaticAssertDecl>(D)) {
1504 // static_asserts aren't added to the CFG because they do not impact
1505 // runtime semantics.
1506 return Block;
1507 }
1508
1509 VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl());
1510
1511 if (!VD) {
1512 autoCreateBlock();
1513 appendStmt(Block, DS);
1514 return Block;
1515 }
1516
1517 bool IsReference = false;
1518 bool HasTemporaries = false;
1519
1520 // Destructors of temporaries in initialization expression should be called
1521 // after initialization finishes.
1522 Expr *Init = VD->getInit();
1523 if (Init) {
1524 IsReference = VD->getType()->isReferenceType();
1525 HasTemporaries = isa<ExprWithCleanups>(Init);
1526
1527 if (BuildOpts.AddImplicitDtors && HasTemporaries) {
1528 // Generate destructors for temporaries in initialization expression.
1529 VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(),
1530 IsReference);
1531 }
1532 }
1533
1534 autoCreateBlock();
1535 appendStmt(Block, DS);
1536
1537 // Keep track of the last non-null block, as 'Block' can be nulled out
1538 // if the initializer expression is something like a 'while' in a
1539 // statement-expression.
1540 CFGBlock *LastBlock = Block;
1541
1542 if (Init) {
1543 if (HasTemporaries) {
1544 // For expression with temporaries go directly to subexpression to omit
1545 // generating destructors for the second time.
1546 ExprWithCleanups *EC = cast<ExprWithCleanups>(Init);
1547 if (CFGBlock *newBlock = Visit(EC->getSubExpr()))
1548 LastBlock = newBlock;
1549 }
1550 else {
1551 if (CFGBlock *newBlock = Visit(Init))
1552 LastBlock = newBlock;
1553 }
1554 }
1555
1556 // If the type of VD is a VLA, then we must process its size expressions.
1557 for (const VariableArrayType* VA = FindVA(VD->getType().getTypePtr());
1558 VA != 0; VA = FindVA(VA->getElementType().getTypePtr()))
1559 Block = addStmt(VA->getSizeExpr());
1560
1561 // Remove variable from local scope.
1562 if (ScopePos && VD == *ScopePos)
1563 ++ScopePos;
1564
1565 return Block ? Block : LastBlock;
1566 }
1567
VisitIfStmt(IfStmt * I)1568 CFGBlock *CFGBuilder::VisitIfStmt(IfStmt *I) {
1569 // We may see an if statement in the middle of a basic block, or it may be the
1570 // first statement we are processing. In either case, we create a new basic
1571 // block. First, we create the blocks for the then...else statements, and
1572 // then we create the block containing the if statement. If we were in the
1573 // middle of a block, we stop processing that block. That block is then the
1574 // implicit successor for the "then" and "else" clauses.
1575
1576 // Save local scope position because in case of condition variable ScopePos
1577 // won't be restored when traversing AST.
1578 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
1579
1580 // Create local scope for possible condition variable.
1581 // Store scope position. Add implicit destructor.
1582 if (VarDecl *VD = I->getConditionVariable()) {
1583 LocalScope::const_iterator BeginScopePos = ScopePos;
1584 addLocalScopeForVarDecl(VD);
1585 addAutomaticObjDtors(ScopePos, BeginScopePos, I);
1586 }
1587
1588 // The block we were processing is now finished. Make it the successor
1589 // block.
1590 if (Block) {
1591 Succ = Block;
1592 if (badCFG)
1593 return 0;
1594 }
1595
1596 // Process the false branch.
1597 CFGBlock *ElseBlock = Succ;
1598
1599 if (Stmt *Else = I->getElse()) {
1600 SaveAndRestore<CFGBlock*> sv(Succ);
1601
1602 // NULL out Block so that the recursive call to Visit will
1603 // create a new basic block.
1604 Block = NULL;
1605
1606 // If branch is not a compound statement create implicit scope
1607 // and add destructors.
1608 if (!isa<CompoundStmt>(Else))
1609 addLocalScopeAndDtors(Else);
1610
1611 ElseBlock = addStmt(Else);
1612
1613 if (!ElseBlock) // Can occur when the Else body has all NullStmts.
1614 ElseBlock = sv.get();
1615 else if (Block) {
1616 if (badCFG)
1617 return 0;
1618 }
1619 }
1620
1621 // Process the true branch.
1622 CFGBlock *ThenBlock;
1623 {
1624 Stmt *Then = I->getThen();
1625 assert(Then);
1626 SaveAndRestore<CFGBlock*> sv(Succ);
1627 Block = NULL;
1628
1629 // If branch is not a compound statement create implicit scope
1630 // and add destructors.
1631 if (!isa<CompoundStmt>(Then))
1632 addLocalScopeAndDtors(Then);
1633
1634 ThenBlock = addStmt(Then);
1635
1636 if (!ThenBlock) {
1637 // We can reach here if the "then" body has all NullStmts.
1638 // Create an empty block so we can distinguish between true and false
1639 // branches in path-sensitive analyses.
1640 ThenBlock = createBlock(false);
1641 addSuccessor(ThenBlock, sv.get());
1642 } else if (Block) {
1643 if (badCFG)
1644 return 0;
1645 }
1646 }
1647
1648 // Now create a new block containing the if statement.
1649 Block = createBlock(false);
1650
1651 // Set the terminator of the new block to the If statement.
1652 Block->setTerminator(I);
1653
1654 // See if this is a known constant.
1655 const TryResult &KnownVal = tryEvaluateBool(I->getCond());
1656
1657 // Now add the successors.
1658 addSuccessor(Block, KnownVal.isFalse() ? NULL : ThenBlock);
1659 addSuccessor(Block, KnownVal.isTrue()? NULL : ElseBlock);
1660
1661 // Add the condition as the last statement in the new block. This may create
1662 // new blocks as the condition may contain control-flow. Any newly created
1663 // blocks will be pointed to be "Block".
1664 Block = addStmt(I->getCond());
1665
1666 // Finally, if the IfStmt contains a condition variable, add both the IfStmt
1667 // and the condition variable initialization to the CFG.
1668 if (VarDecl *VD = I->getConditionVariable()) {
1669 if (Expr *Init = VD->getInit()) {
1670 autoCreateBlock();
1671 appendStmt(Block, I->getConditionVariableDeclStmt());
1672 addStmt(Init);
1673 }
1674 }
1675
1676 return Block;
1677 }
1678
1679
VisitReturnStmt(ReturnStmt * R)1680 CFGBlock *CFGBuilder::VisitReturnStmt(ReturnStmt *R) {
1681 // If we were in the middle of a block we stop processing that block.
1682 //
1683 // NOTE: If a "return" appears in the middle of a block, this means that the
1684 // code afterwards is DEAD (unreachable). We still keep a basic block
1685 // for that code; a simple "mark-and-sweep" from the entry block will be
1686 // able to report such dead blocks.
1687
1688 // Create the new block.
1689 Block = createBlock(false);
1690
1691 // The Exit block is the only successor.
1692 addAutomaticObjDtors(ScopePos, LocalScope::const_iterator(), R);
1693 addSuccessor(Block, &cfg->getExit());
1694
1695 // Add the return statement to the block. This may create new blocks if R
1696 // contains control-flow (short-circuit operations).
1697 return VisitStmt(R, AddStmtChoice::AlwaysAdd);
1698 }
1699
VisitLabelStmt(LabelStmt * L)1700 CFGBlock *CFGBuilder::VisitLabelStmt(LabelStmt *L) {
1701 // Get the block of the labeled statement. Add it to our map.
1702 addStmt(L->getSubStmt());
1703 CFGBlock *LabelBlock = Block;
1704
1705 if (!LabelBlock) // This can happen when the body is empty, i.e.
1706 LabelBlock = createBlock(); // scopes that only contains NullStmts.
1707
1708 assert(LabelMap.find(L->getDecl()) == LabelMap.end() &&
1709 "label already in map");
1710 LabelMap[L->getDecl()] = JumpTarget(LabelBlock, ScopePos);
1711
1712 // Labels partition blocks, so this is the end of the basic block we were
1713 // processing (L is the block's label). Because this is label (and we have
1714 // already processed the substatement) there is no extra control-flow to worry
1715 // about.
1716 LabelBlock->setLabel(L);
1717 if (badCFG)
1718 return 0;
1719
1720 // We set Block to NULL to allow lazy creation of a new block (if necessary);
1721 Block = NULL;
1722
1723 // This block is now the implicit successor of other blocks.
1724 Succ = LabelBlock;
1725
1726 return LabelBlock;
1727 }
1728
VisitLambdaExpr(LambdaExpr * E,AddStmtChoice asc)1729 CFGBlock *CFGBuilder::VisitLambdaExpr(LambdaExpr *E, AddStmtChoice asc) {
1730 CFGBlock *LastBlock = VisitNoRecurse(E, asc);
1731 for (LambdaExpr::capture_init_iterator it = E->capture_init_begin(),
1732 et = E->capture_init_end(); it != et; ++it) {
1733 if (Expr *Init = *it) {
1734 CFGBlock *Tmp = Visit(Init);
1735 if (Tmp != 0)
1736 LastBlock = Tmp;
1737 }
1738 }
1739 return LastBlock;
1740 }
1741
VisitGotoStmt(GotoStmt * G)1742 CFGBlock *CFGBuilder::VisitGotoStmt(GotoStmt *G) {
1743 // Goto is a control-flow statement. Thus we stop processing the current
1744 // block and create a new one.
1745
1746 Block = createBlock(false);
1747 Block->setTerminator(G);
1748
1749 // If we already know the mapping to the label block add the successor now.
1750 LabelMapTy::iterator I = LabelMap.find(G->getLabel());
1751
1752 if (I == LabelMap.end())
1753 // We will need to backpatch this block later.
1754 BackpatchBlocks.push_back(JumpSource(Block, ScopePos));
1755 else {
1756 JumpTarget JT = I->second;
1757 addAutomaticObjDtors(ScopePos, JT.scopePosition, G);
1758 addSuccessor(Block, JT.block);
1759 }
1760
1761 return Block;
1762 }
1763
VisitForStmt(ForStmt * F)1764 CFGBlock *CFGBuilder::VisitForStmt(ForStmt *F) {
1765 CFGBlock *LoopSuccessor = NULL;
1766
1767 // Save local scope position because in case of condition variable ScopePos
1768 // won't be restored when traversing AST.
1769 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
1770
1771 // Create local scope for init statement and possible condition variable.
1772 // Add destructor for init statement and condition variable.
1773 // Store scope position for continue statement.
1774 if (Stmt *Init = F->getInit())
1775 addLocalScopeForStmt(Init);
1776 LocalScope::const_iterator LoopBeginScopePos = ScopePos;
1777
1778 if (VarDecl *VD = F->getConditionVariable())
1779 addLocalScopeForVarDecl(VD);
1780 LocalScope::const_iterator ContinueScopePos = ScopePos;
1781
1782 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), F);
1783
1784 // "for" is a control-flow statement. Thus we stop processing the current
1785 // block.
1786 if (Block) {
1787 if (badCFG)
1788 return 0;
1789 LoopSuccessor = Block;
1790 } else
1791 LoopSuccessor = Succ;
1792
1793 // Save the current value for the break targets.
1794 // All breaks should go to the code following the loop.
1795 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget);
1796 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
1797
1798 // Because of short-circuit evaluation, the condition of the loop can span
1799 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
1800 // evaluate the condition.
1801 CFGBlock *ExitConditionBlock = createBlock(false);
1802 CFGBlock *EntryConditionBlock = ExitConditionBlock;
1803
1804 // Set the terminator for the "exit" condition block.
1805 ExitConditionBlock->setTerminator(F);
1806
1807 // Now add the actual condition to the condition block. Because the condition
1808 // itself may contain control-flow, new blocks may be created.
1809 if (Stmt *C = F->getCond()) {
1810 Block = ExitConditionBlock;
1811 EntryConditionBlock = addStmt(C);
1812 if (badCFG)
1813 return 0;
1814 assert(Block == EntryConditionBlock ||
1815 (Block == 0 && EntryConditionBlock == Succ));
1816
1817 // If this block contains a condition variable, add both the condition
1818 // variable and initializer to the CFG.
1819 if (VarDecl *VD = F->getConditionVariable()) {
1820 if (Expr *Init = VD->getInit()) {
1821 autoCreateBlock();
1822 appendStmt(Block, F->getConditionVariableDeclStmt());
1823 EntryConditionBlock = addStmt(Init);
1824 assert(Block == EntryConditionBlock);
1825 }
1826 }
1827
1828 if (Block) {
1829 if (badCFG)
1830 return 0;
1831 }
1832 }
1833
1834 // The condition block is the implicit successor for the loop body as well as
1835 // any code above the loop.
1836 Succ = EntryConditionBlock;
1837
1838 // See if this is a known constant.
1839 TryResult KnownVal(true);
1840
1841 if (F->getCond())
1842 KnownVal = tryEvaluateBool(F->getCond());
1843
1844 // Now create the loop body.
1845 {
1846 assert(F->getBody());
1847
1848 // Save the current values for Block, Succ, and continue targets.
1849 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ);
1850 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget);
1851
1852 // Create a new block to contain the (bottom) of the loop body.
1853 Block = NULL;
1854
1855 // Loop body should end with destructor of Condition variable (if any).
1856 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, F);
1857
1858 if (Stmt *I = F->getInc()) {
1859 // Generate increment code in its own basic block. This is the target of
1860 // continue statements.
1861 Succ = addStmt(I);
1862 } else {
1863 // No increment code. Create a special, empty, block that is used as the
1864 // target block for "looping back" to the start of the loop.
1865 assert(Succ == EntryConditionBlock);
1866 Succ = Block ? Block : createBlock();
1867 }
1868
1869 // Finish up the increment (or empty) block if it hasn't been already.
1870 if (Block) {
1871 assert(Block == Succ);
1872 if (badCFG)
1873 return 0;
1874 Block = 0;
1875 }
1876
1877 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos);
1878
1879 // The starting block for the loop increment is the block that should
1880 // represent the 'loop target' for looping back to the start of the loop.
1881 ContinueJumpTarget.block->setLoopTarget(F);
1882
1883 // If body is not a compound statement create implicit scope
1884 // and add destructors.
1885 if (!isa<CompoundStmt>(F->getBody()))
1886 addLocalScopeAndDtors(F->getBody());
1887
1888 // Now populate the body block, and in the process create new blocks as we
1889 // walk the body of the loop.
1890 CFGBlock *BodyBlock = addStmt(F->getBody());
1891
1892 if (!BodyBlock)
1893 BodyBlock = ContinueJumpTarget.block;//can happen for "for (...;...;...);"
1894 else if (badCFG)
1895 return 0;
1896
1897 // This new body block is a successor to our "exit" condition block.
1898 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock);
1899 }
1900
1901 // Link up the condition block with the code that follows the loop. (the
1902 // false branch).
1903 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor);
1904
1905 // If the loop contains initialization, create a new block for those
1906 // statements. This block can also contain statements that precede the loop.
1907 if (Stmt *I = F->getInit()) {
1908 Block = createBlock();
1909 return addStmt(I);
1910 }
1911
1912 // There is no loop initialization. We are thus basically a while loop.
1913 // NULL out Block to force lazy block construction.
1914 Block = NULL;
1915 Succ = EntryConditionBlock;
1916 return EntryConditionBlock;
1917 }
1918
VisitMemberExpr(MemberExpr * M,AddStmtChoice asc)1919 CFGBlock *CFGBuilder::VisitMemberExpr(MemberExpr *M, AddStmtChoice asc) {
1920 if (asc.alwaysAdd(*this, M)) {
1921 autoCreateBlock();
1922 appendStmt(Block, M);
1923 }
1924 return Visit(M->getBase());
1925 }
1926
VisitObjCForCollectionStmt(ObjCForCollectionStmt * S)1927 CFGBlock *CFGBuilder::VisitObjCForCollectionStmt(ObjCForCollectionStmt *S) {
1928 // Objective-C fast enumeration 'for' statements:
1929 // http://developer.apple.com/documentation/Cocoa/Conceptual/ObjectiveC
1930 //
1931 // for ( Type newVariable in collection_expression ) { statements }
1932 //
1933 // becomes:
1934 //
1935 // prologue:
1936 // 1. collection_expression
1937 // T. jump to loop_entry
1938 // loop_entry:
1939 // 1. side-effects of element expression
1940 // 1. ObjCForCollectionStmt [performs binding to newVariable]
1941 // T. ObjCForCollectionStmt TB, FB [jumps to TB if newVariable != nil]
1942 // TB:
1943 // statements
1944 // T. jump to loop_entry
1945 // FB:
1946 // what comes after
1947 //
1948 // and
1949 //
1950 // Type existingItem;
1951 // for ( existingItem in expression ) { statements }
1952 //
1953 // becomes:
1954 //
1955 // the same with newVariable replaced with existingItem; the binding works
1956 // the same except that for one ObjCForCollectionStmt::getElement() returns
1957 // a DeclStmt and the other returns a DeclRefExpr.
1958 //
1959
1960 CFGBlock *LoopSuccessor = 0;
1961
1962 if (Block) {
1963 if (badCFG)
1964 return 0;
1965 LoopSuccessor = Block;
1966 Block = 0;
1967 } else
1968 LoopSuccessor = Succ;
1969
1970 // Build the condition blocks.
1971 CFGBlock *ExitConditionBlock = createBlock(false);
1972
1973 // Set the terminator for the "exit" condition block.
1974 ExitConditionBlock->setTerminator(S);
1975
1976 // The last statement in the block should be the ObjCForCollectionStmt, which
1977 // performs the actual binding to 'element' and determines if there are any
1978 // more items in the collection.
1979 appendStmt(ExitConditionBlock, S);
1980 Block = ExitConditionBlock;
1981
1982 // Walk the 'element' expression to see if there are any side-effects. We
1983 // generate new blocks as necessary. We DON'T add the statement by default to
1984 // the CFG unless it contains control-flow.
1985 CFGBlock *EntryConditionBlock = Visit(S->getElement(),
1986 AddStmtChoice::NotAlwaysAdd);
1987 if (Block) {
1988 if (badCFG)
1989 return 0;
1990 Block = 0;
1991 }
1992
1993 // The condition block is the implicit successor for the loop body as well as
1994 // any code above the loop.
1995 Succ = EntryConditionBlock;
1996
1997 // Now create the true branch.
1998 {
1999 // Save the current values for Succ, continue and break targets.
2000 SaveAndRestore<CFGBlock*> save_Succ(Succ);
2001 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget),
2002 save_break(BreakJumpTarget);
2003
2004 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
2005 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos);
2006
2007 CFGBlock *BodyBlock = addStmt(S->getBody());
2008
2009 if (!BodyBlock)
2010 BodyBlock = EntryConditionBlock; // can happen for "for (X in Y) ;"
2011 else if (Block) {
2012 if (badCFG)
2013 return 0;
2014 }
2015
2016 // This new body block is a successor to our "exit" condition block.
2017 addSuccessor(ExitConditionBlock, BodyBlock);
2018 }
2019
2020 // Link up the condition block with the code that follows the loop.
2021 // (the false branch).
2022 addSuccessor(ExitConditionBlock, LoopSuccessor);
2023
2024 // Now create a prologue block to contain the collection expression.
2025 Block = createBlock();
2026 return addStmt(S->getCollection());
2027 }
2028
VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt * S)2029 CFGBlock *CFGBuilder::VisitObjCAutoreleasePoolStmt(ObjCAutoreleasePoolStmt *S) {
2030 // Inline the body.
2031 return addStmt(S->getSubStmt());
2032 // TODO: consider adding cleanups for the end of @autoreleasepool scope.
2033 }
2034
VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt * S)2035 CFGBlock *CFGBuilder::VisitObjCAtSynchronizedStmt(ObjCAtSynchronizedStmt *S) {
2036 // FIXME: Add locking 'primitives' to CFG for @synchronized.
2037
2038 // Inline the body.
2039 CFGBlock *SyncBlock = addStmt(S->getSynchBody());
2040
2041 // The sync body starts its own basic block. This makes it a little easier
2042 // for diagnostic clients.
2043 if (SyncBlock) {
2044 if (badCFG)
2045 return 0;
2046
2047 Block = 0;
2048 Succ = SyncBlock;
2049 }
2050
2051 // Add the @synchronized to the CFG.
2052 autoCreateBlock();
2053 appendStmt(Block, S);
2054
2055 // Inline the sync expression.
2056 return addStmt(S->getSynchExpr());
2057 }
2058
VisitObjCAtTryStmt(ObjCAtTryStmt * S)2059 CFGBlock *CFGBuilder::VisitObjCAtTryStmt(ObjCAtTryStmt *S) {
2060 // FIXME
2061 return NYS();
2062 }
2063
VisitPseudoObjectExpr(PseudoObjectExpr * E)2064 CFGBlock *CFGBuilder::VisitPseudoObjectExpr(PseudoObjectExpr *E) {
2065 autoCreateBlock();
2066
2067 // Add the PseudoObject as the last thing.
2068 appendStmt(Block, E);
2069
2070 CFGBlock *lastBlock = Block;
2071
2072 // Before that, evaluate all of the semantics in order. In
2073 // CFG-land, that means appending them in reverse order.
2074 for (unsigned i = E->getNumSemanticExprs(); i != 0; ) {
2075 Expr *Semantic = E->getSemanticExpr(--i);
2076
2077 // If the semantic is an opaque value, we're being asked to bind
2078 // it to its source expression.
2079 if (OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(Semantic))
2080 Semantic = OVE->getSourceExpr();
2081
2082 if (CFGBlock *B = Visit(Semantic))
2083 lastBlock = B;
2084 }
2085
2086 return lastBlock;
2087 }
2088
VisitWhileStmt(WhileStmt * W)2089 CFGBlock *CFGBuilder::VisitWhileStmt(WhileStmt *W) {
2090 CFGBlock *LoopSuccessor = NULL;
2091
2092 // Save local scope position because in case of condition variable ScopePos
2093 // won't be restored when traversing AST.
2094 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
2095
2096 // Create local scope for possible condition variable.
2097 // Store scope position for continue statement.
2098 LocalScope::const_iterator LoopBeginScopePos = ScopePos;
2099 if (VarDecl *VD = W->getConditionVariable()) {
2100 addLocalScopeForVarDecl(VD);
2101 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W);
2102 }
2103
2104 // "while" is a control-flow statement. Thus we stop processing the current
2105 // block.
2106 if (Block) {
2107 if (badCFG)
2108 return 0;
2109 LoopSuccessor = Block;
2110 Block = 0;
2111 } else
2112 LoopSuccessor = Succ;
2113
2114 // Because of short-circuit evaluation, the condition of the loop can span
2115 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
2116 // evaluate the condition.
2117 CFGBlock *ExitConditionBlock = createBlock(false);
2118 CFGBlock *EntryConditionBlock = ExitConditionBlock;
2119
2120 // Set the terminator for the "exit" condition block.
2121 ExitConditionBlock->setTerminator(W);
2122
2123 // Now add the actual condition to the condition block. Because the condition
2124 // itself may contain control-flow, new blocks may be created. Thus we update
2125 // "Succ" after adding the condition.
2126 if (Stmt *C = W->getCond()) {
2127 Block = ExitConditionBlock;
2128 EntryConditionBlock = addStmt(C);
2129 // The condition might finish the current 'Block'.
2130 Block = EntryConditionBlock;
2131
2132 // If this block contains a condition variable, add both the condition
2133 // variable and initializer to the CFG.
2134 if (VarDecl *VD = W->getConditionVariable()) {
2135 if (Expr *Init = VD->getInit()) {
2136 autoCreateBlock();
2137 appendStmt(Block, W->getConditionVariableDeclStmt());
2138 EntryConditionBlock = addStmt(Init);
2139 assert(Block == EntryConditionBlock);
2140 }
2141 }
2142
2143 if (Block) {
2144 if (badCFG)
2145 return 0;
2146 }
2147 }
2148
2149 // The condition block is the implicit successor for the loop body as well as
2150 // any code above the loop.
2151 Succ = EntryConditionBlock;
2152
2153 // See if this is a known constant.
2154 const TryResult& KnownVal = tryEvaluateBool(W->getCond());
2155
2156 // Process the loop body.
2157 {
2158 assert(W->getBody());
2159
2160 // Save the current values for Block, Succ, and continue and break targets
2161 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ);
2162 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget),
2163 save_break(BreakJumpTarget);
2164
2165 // Create an empty block to represent the transition block for looping back
2166 // to the head of the loop.
2167 Block = 0;
2168 assert(Succ == EntryConditionBlock);
2169 Succ = createBlock();
2170 Succ->setLoopTarget(W);
2171 ContinueJumpTarget = JumpTarget(Succ, LoopBeginScopePos);
2172
2173 // All breaks should go to the code following the loop.
2174 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
2175
2176 // NULL out Block to force lazy instantiation of blocks for the body.
2177 Block = NULL;
2178
2179 // Loop body should end with destructor of Condition variable (if any).
2180 addAutomaticObjDtors(ScopePos, LoopBeginScopePos, W);
2181
2182 // If body is not a compound statement create implicit scope
2183 // and add destructors.
2184 if (!isa<CompoundStmt>(W->getBody()))
2185 addLocalScopeAndDtors(W->getBody());
2186
2187 // Create the body. The returned block is the entry to the loop body.
2188 CFGBlock *BodyBlock = addStmt(W->getBody());
2189
2190 if (!BodyBlock)
2191 BodyBlock = ContinueJumpTarget.block; // can happen for "while(...) ;"
2192 else if (Block) {
2193 if (badCFG)
2194 return 0;
2195 }
2196
2197 // Add the loop body entry as a successor to the condition.
2198 addSuccessor(ExitConditionBlock, KnownVal.isFalse() ? NULL : BodyBlock);
2199 }
2200
2201 // Link up the condition block with the code that follows the loop. (the
2202 // false branch).
2203 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor);
2204
2205 // There can be no more statements in the condition block since we loop back
2206 // to this block. NULL out Block to force lazy creation of another block.
2207 Block = NULL;
2208
2209 // Return the condition block, which is the dominating block for the loop.
2210 Succ = EntryConditionBlock;
2211 return EntryConditionBlock;
2212 }
2213
2214
VisitObjCAtCatchStmt(ObjCAtCatchStmt * S)2215 CFGBlock *CFGBuilder::VisitObjCAtCatchStmt(ObjCAtCatchStmt *S) {
2216 // FIXME: For now we pretend that @catch and the code it contains does not
2217 // exit.
2218 return Block;
2219 }
2220
VisitObjCAtThrowStmt(ObjCAtThrowStmt * S)2221 CFGBlock *CFGBuilder::VisitObjCAtThrowStmt(ObjCAtThrowStmt *S) {
2222 // FIXME: This isn't complete. We basically treat @throw like a return
2223 // statement.
2224
2225 // If we were in the middle of a block we stop processing that block.
2226 if (badCFG)
2227 return 0;
2228
2229 // Create the new block.
2230 Block = createBlock(false);
2231
2232 // The Exit block is the only successor.
2233 addSuccessor(Block, &cfg->getExit());
2234
2235 // Add the statement to the block. This may create new blocks if S contains
2236 // control-flow (short-circuit operations).
2237 return VisitStmt(S, AddStmtChoice::AlwaysAdd);
2238 }
2239
VisitCXXThrowExpr(CXXThrowExpr * T)2240 CFGBlock *CFGBuilder::VisitCXXThrowExpr(CXXThrowExpr *T) {
2241 // If we were in the middle of a block we stop processing that block.
2242 if (badCFG)
2243 return 0;
2244
2245 // Create the new block.
2246 Block = createBlock(false);
2247
2248 if (TryTerminatedBlock)
2249 // The current try statement is the only successor.
2250 addSuccessor(Block, TryTerminatedBlock);
2251 else
2252 // otherwise the Exit block is the only successor.
2253 addSuccessor(Block, &cfg->getExit());
2254
2255 // Add the statement to the block. This may create new blocks if S contains
2256 // control-flow (short-circuit operations).
2257 return VisitStmt(T, AddStmtChoice::AlwaysAdd);
2258 }
2259
VisitDoStmt(DoStmt * D)2260 CFGBlock *CFGBuilder::VisitDoStmt(DoStmt *D) {
2261 CFGBlock *LoopSuccessor = NULL;
2262
2263 // "do...while" is a control-flow statement. Thus we stop processing the
2264 // current block.
2265 if (Block) {
2266 if (badCFG)
2267 return 0;
2268 LoopSuccessor = Block;
2269 } else
2270 LoopSuccessor = Succ;
2271
2272 // Because of short-circuit evaluation, the condition of the loop can span
2273 // multiple basic blocks. Thus we need the "Entry" and "Exit" blocks that
2274 // evaluate the condition.
2275 CFGBlock *ExitConditionBlock = createBlock(false);
2276 CFGBlock *EntryConditionBlock = ExitConditionBlock;
2277
2278 // Set the terminator for the "exit" condition block.
2279 ExitConditionBlock->setTerminator(D);
2280
2281 // Now add the actual condition to the condition block. Because the condition
2282 // itself may contain control-flow, new blocks may be created.
2283 if (Stmt *C = D->getCond()) {
2284 Block = ExitConditionBlock;
2285 EntryConditionBlock = addStmt(C);
2286 if (Block) {
2287 if (badCFG)
2288 return 0;
2289 }
2290 }
2291
2292 // The condition block is the implicit successor for the loop body.
2293 Succ = EntryConditionBlock;
2294
2295 // See if this is a known constant.
2296 const TryResult &KnownVal = tryEvaluateBool(D->getCond());
2297
2298 // Process the loop body.
2299 CFGBlock *BodyBlock = NULL;
2300 {
2301 assert(D->getBody());
2302
2303 // Save the current values for Block, Succ, and continue and break targets
2304 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ);
2305 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget),
2306 save_break(BreakJumpTarget);
2307
2308 // All continues within this loop should go to the condition block
2309 ContinueJumpTarget = JumpTarget(EntryConditionBlock, ScopePos);
2310
2311 // All breaks should go to the code following the loop.
2312 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
2313
2314 // NULL out Block to force lazy instantiation of blocks for the body.
2315 Block = NULL;
2316
2317 // If body is not a compound statement create implicit scope
2318 // and add destructors.
2319 if (!isa<CompoundStmt>(D->getBody()))
2320 addLocalScopeAndDtors(D->getBody());
2321
2322 // Create the body. The returned block is the entry to the loop body.
2323 BodyBlock = addStmt(D->getBody());
2324
2325 if (!BodyBlock)
2326 BodyBlock = EntryConditionBlock; // can happen for "do ; while(...)"
2327 else if (Block) {
2328 if (badCFG)
2329 return 0;
2330 }
2331
2332 if (!KnownVal.isFalse()) {
2333 // Add an intermediate block between the BodyBlock and the
2334 // ExitConditionBlock to represent the "loop back" transition. Create an
2335 // empty block to represent the transition block for looping back to the
2336 // head of the loop.
2337 // FIXME: Can we do this more efficiently without adding another block?
2338 Block = NULL;
2339 Succ = BodyBlock;
2340 CFGBlock *LoopBackBlock = createBlock();
2341 LoopBackBlock->setLoopTarget(D);
2342
2343 // Add the loop body entry as a successor to the condition.
2344 addSuccessor(ExitConditionBlock, LoopBackBlock);
2345 }
2346 else
2347 addSuccessor(ExitConditionBlock, NULL);
2348 }
2349
2350 // Link up the condition block with the code that follows the loop.
2351 // (the false branch).
2352 addSuccessor(ExitConditionBlock, KnownVal.isTrue() ? NULL : LoopSuccessor);
2353
2354 // There can be no more statements in the body block(s) since we loop back to
2355 // the body. NULL out Block to force lazy creation of another block.
2356 Block = NULL;
2357
2358 // Return the loop body, which is the dominating block for the loop.
2359 Succ = BodyBlock;
2360 return BodyBlock;
2361 }
2362
VisitContinueStmt(ContinueStmt * C)2363 CFGBlock *CFGBuilder::VisitContinueStmt(ContinueStmt *C) {
2364 // "continue" is a control-flow statement. Thus we stop processing the
2365 // current block.
2366 if (badCFG)
2367 return 0;
2368
2369 // Now create a new block that ends with the continue statement.
2370 Block = createBlock(false);
2371 Block->setTerminator(C);
2372
2373 // If there is no target for the continue, then we are looking at an
2374 // incomplete AST. This means the CFG cannot be constructed.
2375 if (ContinueJumpTarget.block) {
2376 addAutomaticObjDtors(ScopePos, ContinueJumpTarget.scopePosition, C);
2377 addSuccessor(Block, ContinueJumpTarget.block);
2378 } else
2379 badCFG = true;
2380
2381 return Block;
2382 }
2383
VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr * E,AddStmtChoice asc)2384 CFGBlock *CFGBuilder::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E,
2385 AddStmtChoice asc) {
2386
2387 if (asc.alwaysAdd(*this, E)) {
2388 autoCreateBlock();
2389 appendStmt(Block, E);
2390 }
2391
2392 // VLA types have expressions that must be evaluated.
2393 CFGBlock *lastBlock = Block;
2394
2395 if (E->isArgumentType()) {
2396 for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr());
2397 VA != 0; VA = FindVA(VA->getElementType().getTypePtr()))
2398 lastBlock = addStmt(VA->getSizeExpr());
2399 }
2400 return lastBlock;
2401 }
2402
2403 /// VisitStmtExpr - Utility method to handle (nested) statement
2404 /// expressions (a GCC extension).
VisitStmtExpr(StmtExpr * SE,AddStmtChoice asc)2405 CFGBlock *CFGBuilder::VisitStmtExpr(StmtExpr *SE, AddStmtChoice asc) {
2406 if (asc.alwaysAdd(*this, SE)) {
2407 autoCreateBlock();
2408 appendStmt(Block, SE);
2409 }
2410 return VisitCompoundStmt(SE->getSubStmt());
2411 }
2412
VisitSwitchStmt(SwitchStmt * Terminator)2413 CFGBlock *CFGBuilder::VisitSwitchStmt(SwitchStmt *Terminator) {
2414 // "switch" is a control-flow statement. Thus we stop processing the current
2415 // block.
2416 CFGBlock *SwitchSuccessor = NULL;
2417
2418 // Save local scope position because in case of condition variable ScopePos
2419 // won't be restored when traversing AST.
2420 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
2421
2422 // Create local scope for possible condition variable.
2423 // Store scope position. Add implicit destructor.
2424 if (VarDecl *VD = Terminator->getConditionVariable()) {
2425 LocalScope::const_iterator SwitchBeginScopePos = ScopePos;
2426 addLocalScopeForVarDecl(VD);
2427 addAutomaticObjDtors(ScopePos, SwitchBeginScopePos, Terminator);
2428 }
2429
2430 if (Block) {
2431 if (badCFG)
2432 return 0;
2433 SwitchSuccessor = Block;
2434 } else SwitchSuccessor = Succ;
2435
2436 // Save the current "switch" context.
2437 SaveAndRestore<CFGBlock*> save_switch(SwitchTerminatedBlock),
2438 save_default(DefaultCaseBlock);
2439 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget);
2440
2441 // Set the "default" case to be the block after the switch statement. If the
2442 // switch statement contains a "default:", this value will be overwritten with
2443 // the block for that code.
2444 DefaultCaseBlock = SwitchSuccessor;
2445
2446 // Create a new block that will contain the switch statement.
2447 SwitchTerminatedBlock = createBlock(false);
2448
2449 // Now process the switch body. The code after the switch is the implicit
2450 // successor.
2451 Succ = SwitchSuccessor;
2452 BreakJumpTarget = JumpTarget(SwitchSuccessor, ScopePos);
2453
2454 // When visiting the body, the case statements should automatically get linked
2455 // up to the switch. We also don't keep a pointer to the body, since all
2456 // control-flow from the switch goes to case/default statements.
2457 assert(Terminator->getBody() && "switch must contain a non-NULL body");
2458 Block = NULL;
2459
2460 // For pruning unreachable case statements, save the current state
2461 // for tracking the condition value.
2462 SaveAndRestore<bool> save_switchExclusivelyCovered(switchExclusivelyCovered,
2463 false);
2464
2465 // Determine if the switch condition can be explicitly evaluated.
2466 assert(Terminator->getCond() && "switch condition must be non-NULL");
2467 Expr::EvalResult result;
2468 bool b = tryEvaluate(Terminator->getCond(), result);
2469 SaveAndRestore<Expr::EvalResult*> save_switchCond(switchCond,
2470 b ? &result : 0);
2471
2472 // If body is not a compound statement create implicit scope
2473 // and add destructors.
2474 if (!isa<CompoundStmt>(Terminator->getBody()))
2475 addLocalScopeAndDtors(Terminator->getBody());
2476
2477 addStmt(Terminator->getBody());
2478 if (Block) {
2479 if (badCFG)
2480 return 0;
2481 }
2482
2483 // If we have no "default:" case, the default transition is to the code
2484 // following the switch body. Moreover, take into account if all the
2485 // cases of a switch are covered (e.g., switching on an enum value).
2486 addSuccessor(SwitchTerminatedBlock,
2487 switchExclusivelyCovered || Terminator->isAllEnumCasesCovered()
2488 ? 0 : DefaultCaseBlock);
2489
2490 // Add the terminator and condition in the switch block.
2491 SwitchTerminatedBlock->setTerminator(Terminator);
2492 Block = SwitchTerminatedBlock;
2493 Block = addStmt(Terminator->getCond());
2494
2495 // Finally, if the SwitchStmt contains a condition variable, add both the
2496 // SwitchStmt and the condition variable initialization to the CFG.
2497 if (VarDecl *VD = Terminator->getConditionVariable()) {
2498 if (Expr *Init = VD->getInit()) {
2499 autoCreateBlock();
2500 appendStmt(Block, Terminator->getConditionVariableDeclStmt());
2501 addStmt(Init);
2502 }
2503 }
2504
2505 return Block;
2506 }
2507
shouldAddCase(bool & switchExclusivelyCovered,const Expr::EvalResult * switchCond,const CaseStmt * CS,ASTContext & Ctx)2508 static bool shouldAddCase(bool &switchExclusivelyCovered,
2509 const Expr::EvalResult *switchCond,
2510 const CaseStmt *CS,
2511 ASTContext &Ctx) {
2512 if (!switchCond)
2513 return true;
2514
2515 bool addCase = false;
2516
2517 if (!switchExclusivelyCovered) {
2518 if (switchCond->Val.isInt()) {
2519 // Evaluate the LHS of the case value.
2520 const llvm::APSInt &lhsInt = CS->getLHS()->EvaluateKnownConstInt(Ctx);
2521 const llvm::APSInt &condInt = switchCond->Val.getInt();
2522
2523 if (condInt == lhsInt) {
2524 addCase = true;
2525 switchExclusivelyCovered = true;
2526 }
2527 else if (condInt < lhsInt) {
2528 if (const Expr *RHS = CS->getRHS()) {
2529 // Evaluate the RHS of the case value.
2530 const llvm::APSInt &V2 = RHS->EvaluateKnownConstInt(Ctx);
2531 if (V2 <= condInt) {
2532 addCase = true;
2533 switchExclusivelyCovered = true;
2534 }
2535 }
2536 }
2537 }
2538 else
2539 addCase = true;
2540 }
2541 return addCase;
2542 }
2543
VisitCaseStmt(CaseStmt * CS)2544 CFGBlock *CFGBuilder::VisitCaseStmt(CaseStmt *CS) {
2545 // CaseStmts are essentially labels, so they are the first statement in a
2546 // block.
2547 CFGBlock *TopBlock = 0, *LastBlock = 0;
2548
2549 if (Stmt *Sub = CS->getSubStmt()) {
2550 // For deeply nested chains of CaseStmts, instead of doing a recursion
2551 // (which can blow out the stack), manually unroll and create blocks
2552 // along the way.
2553 while (isa<CaseStmt>(Sub)) {
2554 CFGBlock *currentBlock = createBlock(false);
2555 currentBlock->setLabel(CS);
2556
2557 if (TopBlock)
2558 addSuccessor(LastBlock, currentBlock);
2559 else
2560 TopBlock = currentBlock;
2561
2562 addSuccessor(SwitchTerminatedBlock,
2563 shouldAddCase(switchExclusivelyCovered, switchCond,
2564 CS, *Context)
2565 ? currentBlock : 0);
2566
2567 LastBlock = currentBlock;
2568 CS = cast<CaseStmt>(Sub);
2569 Sub = CS->getSubStmt();
2570 }
2571
2572 addStmt(Sub);
2573 }
2574
2575 CFGBlock *CaseBlock = Block;
2576 if (!CaseBlock)
2577 CaseBlock = createBlock();
2578
2579 // Cases statements partition blocks, so this is the top of the basic block we
2580 // were processing (the "case XXX:" is the label).
2581 CaseBlock->setLabel(CS);
2582
2583 if (badCFG)
2584 return 0;
2585
2586 // Add this block to the list of successors for the block with the switch
2587 // statement.
2588 assert(SwitchTerminatedBlock);
2589 addSuccessor(SwitchTerminatedBlock,
2590 shouldAddCase(switchExclusivelyCovered, switchCond,
2591 CS, *Context)
2592 ? CaseBlock : 0);
2593
2594 // We set Block to NULL to allow lazy creation of a new block (if necessary)
2595 Block = NULL;
2596
2597 if (TopBlock) {
2598 addSuccessor(LastBlock, CaseBlock);
2599 Succ = TopBlock;
2600 } else {
2601 // This block is now the implicit successor of other blocks.
2602 Succ = CaseBlock;
2603 }
2604
2605 return Succ;
2606 }
2607
VisitDefaultStmt(DefaultStmt * Terminator)2608 CFGBlock *CFGBuilder::VisitDefaultStmt(DefaultStmt *Terminator) {
2609 if (Terminator->getSubStmt())
2610 addStmt(Terminator->getSubStmt());
2611
2612 DefaultCaseBlock = Block;
2613
2614 if (!DefaultCaseBlock)
2615 DefaultCaseBlock = createBlock();
2616
2617 // Default statements partition blocks, so this is the top of the basic block
2618 // we were processing (the "default:" is the label).
2619 DefaultCaseBlock->setLabel(Terminator);
2620
2621 if (badCFG)
2622 return 0;
2623
2624 // Unlike case statements, we don't add the default block to the successors
2625 // for the switch statement immediately. This is done when we finish
2626 // processing the switch statement. This allows for the default case
2627 // (including a fall-through to the code after the switch statement) to always
2628 // be the last successor of a switch-terminated block.
2629
2630 // We set Block to NULL to allow lazy creation of a new block (if necessary)
2631 Block = NULL;
2632
2633 // This block is now the implicit successor of other blocks.
2634 Succ = DefaultCaseBlock;
2635
2636 return DefaultCaseBlock;
2637 }
2638
VisitCXXTryStmt(CXXTryStmt * Terminator)2639 CFGBlock *CFGBuilder::VisitCXXTryStmt(CXXTryStmt *Terminator) {
2640 // "try"/"catch" is a control-flow statement. Thus we stop processing the
2641 // current block.
2642 CFGBlock *TrySuccessor = NULL;
2643
2644 if (Block) {
2645 if (badCFG)
2646 return 0;
2647 TrySuccessor = Block;
2648 } else TrySuccessor = Succ;
2649
2650 CFGBlock *PrevTryTerminatedBlock = TryTerminatedBlock;
2651
2652 // Create a new block that will contain the try statement.
2653 CFGBlock *NewTryTerminatedBlock = createBlock(false);
2654 // Add the terminator in the try block.
2655 NewTryTerminatedBlock->setTerminator(Terminator);
2656
2657 bool HasCatchAll = false;
2658 for (unsigned h = 0; h <Terminator->getNumHandlers(); ++h) {
2659 // The code after the try is the implicit successor.
2660 Succ = TrySuccessor;
2661 CXXCatchStmt *CS = Terminator->getHandler(h);
2662 if (CS->getExceptionDecl() == 0) {
2663 HasCatchAll = true;
2664 }
2665 Block = NULL;
2666 CFGBlock *CatchBlock = VisitCXXCatchStmt(CS);
2667 if (CatchBlock == 0)
2668 return 0;
2669 // Add this block to the list of successors for the block with the try
2670 // statement.
2671 addSuccessor(NewTryTerminatedBlock, CatchBlock);
2672 }
2673 if (!HasCatchAll) {
2674 if (PrevTryTerminatedBlock)
2675 addSuccessor(NewTryTerminatedBlock, PrevTryTerminatedBlock);
2676 else
2677 addSuccessor(NewTryTerminatedBlock, &cfg->getExit());
2678 }
2679
2680 // The code after the try is the implicit successor.
2681 Succ = TrySuccessor;
2682
2683 // Save the current "try" context.
2684 SaveAndRestore<CFGBlock*> save_try(TryTerminatedBlock, NewTryTerminatedBlock);
2685 cfg->addTryDispatchBlock(TryTerminatedBlock);
2686
2687 assert(Terminator->getTryBlock() && "try must contain a non-NULL body");
2688 Block = NULL;
2689 Block = addStmt(Terminator->getTryBlock());
2690 return Block;
2691 }
2692
VisitCXXCatchStmt(CXXCatchStmt * CS)2693 CFGBlock *CFGBuilder::VisitCXXCatchStmt(CXXCatchStmt *CS) {
2694 // CXXCatchStmt are treated like labels, so they are the first statement in a
2695 // block.
2696
2697 // Save local scope position because in case of exception variable ScopePos
2698 // won't be restored when traversing AST.
2699 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
2700
2701 // Create local scope for possible exception variable.
2702 // Store scope position. Add implicit destructor.
2703 if (VarDecl *VD = CS->getExceptionDecl()) {
2704 LocalScope::const_iterator BeginScopePos = ScopePos;
2705 addLocalScopeForVarDecl(VD);
2706 addAutomaticObjDtors(ScopePos, BeginScopePos, CS);
2707 }
2708
2709 if (CS->getHandlerBlock())
2710 addStmt(CS->getHandlerBlock());
2711
2712 CFGBlock *CatchBlock = Block;
2713 if (!CatchBlock)
2714 CatchBlock = createBlock();
2715
2716 // CXXCatchStmt is more than just a label. They have semantic meaning
2717 // as well, as they implicitly "initialize" the catch variable. Add
2718 // it to the CFG as a CFGElement so that the control-flow of these
2719 // semantics gets captured.
2720 appendStmt(CatchBlock, CS);
2721
2722 // Also add the CXXCatchStmt as a label, to mirror handling of regular
2723 // labels.
2724 CatchBlock->setLabel(CS);
2725
2726 // Bail out if the CFG is bad.
2727 if (badCFG)
2728 return 0;
2729
2730 // We set Block to NULL to allow lazy creation of a new block (if necessary)
2731 Block = NULL;
2732
2733 return CatchBlock;
2734 }
2735
VisitCXXForRangeStmt(CXXForRangeStmt * S)2736 CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) {
2737 // C++0x for-range statements are specified as [stmt.ranged]:
2738 //
2739 // {
2740 // auto && __range = range-init;
2741 // for ( auto __begin = begin-expr,
2742 // __end = end-expr;
2743 // __begin != __end;
2744 // ++__begin ) {
2745 // for-range-declaration = *__begin;
2746 // statement
2747 // }
2748 // }
2749
2750 // Save local scope position before the addition of the implicit variables.
2751 SaveAndRestore<LocalScope::const_iterator> save_scope_pos(ScopePos);
2752
2753 // Create local scopes and destructors for range, begin and end variables.
2754 if (Stmt *Range = S->getRangeStmt())
2755 addLocalScopeForStmt(Range);
2756 if (Stmt *BeginEnd = S->getBeginEndStmt())
2757 addLocalScopeForStmt(BeginEnd);
2758 addAutomaticObjDtors(ScopePos, save_scope_pos.get(), S);
2759
2760 LocalScope::const_iterator ContinueScopePos = ScopePos;
2761
2762 // "for" is a control-flow statement. Thus we stop processing the current
2763 // block.
2764 CFGBlock *LoopSuccessor = NULL;
2765 if (Block) {
2766 if (badCFG)
2767 return 0;
2768 LoopSuccessor = Block;
2769 } else
2770 LoopSuccessor = Succ;
2771
2772 // Save the current value for the break targets.
2773 // All breaks should go to the code following the loop.
2774 SaveAndRestore<JumpTarget> save_break(BreakJumpTarget);
2775 BreakJumpTarget = JumpTarget(LoopSuccessor, ScopePos);
2776
2777 // The block for the __begin != __end expression.
2778 CFGBlock *ConditionBlock = createBlock(false);
2779 ConditionBlock->setTerminator(S);
2780
2781 // Now add the actual condition to the condition block.
2782 if (Expr *C = S->getCond()) {
2783 Block = ConditionBlock;
2784 CFGBlock *BeginConditionBlock = addStmt(C);
2785 if (badCFG)
2786 return 0;
2787 assert(BeginConditionBlock == ConditionBlock &&
2788 "condition block in for-range was unexpectedly complex");
2789 (void)BeginConditionBlock;
2790 }
2791
2792 // The condition block is the implicit successor for the loop body as well as
2793 // any code above the loop.
2794 Succ = ConditionBlock;
2795
2796 // See if this is a known constant.
2797 TryResult KnownVal(true);
2798
2799 if (S->getCond())
2800 KnownVal = tryEvaluateBool(S->getCond());
2801
2802 // Now create the loop body.
2803 {
2804 assert(S->getBody());
2805
2806 // Save the current values for Block, Succ, and continue targets.
2807 SaveAndRestore<CFGBlock*> save_Block(Block), save_Succ(Succ);
2808 SaveAndRestore<JumpTarget> save_continue(ContinueJumpTarget);
2809
2810 // Generate increment code in its own basic block. This is the target of
2811 // continue statements.
2812 Block = 0;
2813 Succ = addStmt(S->getInc());
2814 ContinueJumpTarget = JumpTarget(Succ, ContinueScopePos);
2815
2816 // The starting block for the loop increment is the block that should
2817 // represent the 'loop target' for looping back to the start of the loop.
2818 ContinueJumpTarget.block->setLoopTarget(S);
2819
2820 // Finish up the increment block and prepare to start the loop body.
2821 assert(Block);
2822 if (badCFG)
2823 return 0;
2824 Block = 0;
2825
2826
2827 // Add implicit scope and dtors for loop variable.
2828 addLocalScopeAndDtors(S->getLoopVarStmt());
2829
2830 // Populate a new block to contain the loop body and loop variable.
2831 Block = addStmt(S->getBody());
2832 if (badCFG)
2833 return 0;
2834 Block = addStmt(S->getLoopVarStmt());
2835 if (badCFG)
2836 return 0;
2837
2838 // This new body block is a successor to our condition block.
2839 addSuccessor(ConditionBlock, KnownVal.isFalse() ? 0 : Block);
2840 }
2841
2842 // Link up the condition block with the code that follows the loop (the
2843 // false branch).
2844 addSuccessor(ConditionBlock, KnownVal.isTrue() ? 0 : LoopSuccessor);
2845
2846 // Add the initialization statements.
2847 Block = createBlock();
2848 addStmt(S->getBeginEndStmt());
2849 return addStmt(S->getRangeStmt());
2850 }
2851
VisitExprWithCleanups(ExprWithCleanups * E,AddStmtChoice asc)2852 CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E,
2853 AddStmtChoice asc) {
2854 if (BuildOpts.AddImplicitDtors) {
2855 // If adding implicit destructors visit the full expression for adding
2856 // destructors of temporaries.
2857 VisitForTemporaryDtors(E->getSubExpr());
2858
2859 // Full expression has to be added as CFGStmt so it will be sequenced
2860 // before destructors of it's temporaries.
2861 asc = asc.withAlwaysAdd(true);
2862 }
2863 return Visit(E->getSubExpr(), asc);
2864 }
2865
VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr * E,AddStmtChoice asc)2866 CFGBlock *CFGBuilder::VisitCXXBindTemporaryExpr(CXXBindTemporaryExpr *E,
2867 AddStmtChoice asc) {
2868 if (asc.alwaysAdd(*this, E)) {
2869 autoCreateBlock();
2870 appendStmt(Block, E);
2871
2872 // We do not want to propagate the AlwaysAdd property.
2873 asc = asc.withAlwaysAdd(false);
2874 }
2875 return Visit(E->getSubExpr(), asc);
2876 }
2877
VisitCXXConstructExpr(CXXConstructExpr * C,AddStmtChoice asc)2878 CFGBlock *CFGBuilder::VisitCXXConstructExpr(CXXConstructExpr *C,
2879 AddStmtChoice asc) {
2880 autoCreateBlock();
2881 appendStmt(Block, C);
2882
2883 return VisitChildren(C);
2884 }
2885
VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr * E,AddStmtChoice asc)2886 CFGBlock *CFGBuilder::VisitCXXFunctionalCastExpr(CXXFunctionalCastExpr *E,
2887 AddStmtChoice asc) {
2888 if (asc.alwaysAdd(*this, E)) {
2889 autoCreateBlock();
2890 appendStmt(Block, E);
2891 // We do not want to propagate the AlwaysAdd property.
2892 asc = asc.withAlwaysAdd(false);
2893 }
2894 return Visit(E->getSubExpr(), asc);
2895 }
2896
VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr * C,AddStmtChoice asc)2897 CFGBlock *CFGBuilder::VisitCXXTemporaryObjectExpr(CXXTemporaryObjectExpr *C,
2898 AddStmtChoice asc) {
2899 autoCreateBlock();
2900 appendStmt(Block, C);
2901 return VisitChildren(C);
2902 }
2903
VisitImplicitCastExpr(ImplicitCastExpr * E,AddStmtChoice asc)2904 CFGBlock *CFGBuilder::VisitImplicitCastExpr(ImplicitCastExpr *E,
2905 AddStmtChoice asc) {
2906 if (asc.alwaysAdd(*this, E)) {
2907 autoCreateBlock();
2908 appendStmt(Block, E);
2909 }
2910 return Visit(E->getSubExpr(), AddStmtChoice());
2911 }
2912
VisitIndirectGotoStmt(IndirectGotoStmt * I)2913 CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) {
2914 // Lazily create the indirect-goto dispatch block if there isn't one already.
2915 CFGBlock *IBlock = cfg->getIndirectGotoBlock();
2916
2917 if (!IBlock) {
2918 IBlock = createBlock(false);
2919 cfg->setIndirectGotoBlock(IBlock);
2920 }
2921
2922 // IndirectGoto is a control-flow statement. Thus we stop processing the
2923 // current block and create a new one.
2924 if (badCFG)
2925 return 0;
2926
2927 Block = createBlock(false);
2928 Block->setTerminator(I);
2929 addSuccessor(Block, IBlock);
2930 return addStmt(I->getTarget());
2931 }
2932
VisitForTemporaryDtors(Stmt * E,bool BindToTemporary)2933 CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary) {
2934 tryAgain:
2935 if (!E) {
2936 badCFG = true;
2937 return NULL;
2938 }
2939 switch (E->getStmtClass()) {
2940 default:
2941 return VisitChildrenForTemporaryDtors(E);
2942
2943 case Stmt::BinaryOperatorClass:
2944 return VisitBinaryOperatorForTemporaryDtors(cast<BinaryOperator>(E));
2945
2946 case Stmt::CXXBindTemporaryExprClass:
2947 return VisitCXXBindTemporaryExprForTemporaryDtors(
2948 cast<CXXBindTemporaryExpr>(E), BindToTemporary);
2949
2950 case Stmt::BinaryConditionalOperatorClass:
2951 case Stmt::ConditionalOperatorClass:
2952 return VisitConditionalOperatorForTemporaryDtors(
2953 cast<AbstractConditionalOperator>(E), BindToTemporary);
2954
2955 case Stmt::ImplicitCastExprClass:
2956 // For implicit cast we want BindToTemporary to be passed further.
2957 E = cast<CastExpr>(E)->getSubExpr();
2958 goto tryAgain;
2959
2960 case Stmt::ParenExprClass:
2961 E = cast<ParenExpr>(E)->getSubExpr();
2962 goto tryAgain;
2963
2964 case Stmt::MaterializeTemporaryExprClass:
2965 E = cast<MaterializeTemporaryExpr>(E)->GetTemporaryExpr();
2966 goto tryAgain;
2967 }
2968 }
2969
VisitChildrenForTemporaryDtors(Stmt * E)2970 CFGBlock *CFGBuilder::VisitChildrenForTemporaryDtors(Stmt *E) {
2971 // When visiting children for destructors we want to visit them in reverse
2972 // order. Because there's no reverse iterator for children must to reverse
2973 // them in helper vector.
2974 typedef SmallVector<Stmt *, 4> ChildrenVect;
2975 ChildrenVect ChildrenRev;
2976 for (Stmt::child_range I = E->children(); I; ++I) {
2977 if (*I) ChildrenRev.push_back(*I);
2978 }
2979
2980 CFGBlock *B = Block;
2981 for (ChildrenVect::reverse_iterator I = ChildrenRev.rbegin(),
2982 L = ChildrenRev.rend(); I != L; ++I) {
2983 if (CFGBlock *R = VisitForTemporaryDtors(*I))
2984 B = R;
2985 }
2986 return B;
2987 }
2988
VisitBinaryOperatorForTemporaryDtors(BinaryOperator * E)2989 CFGBlock *CFGBuilder::VisitBinaryOperatorForTemporaryDtors(BinaryOperator *E) {
2990 if (E->isLogicalOp()) {
2991 // Destructors for temporaries in LHS expression should be called after
2992 // those for RHS expression. Even if this will unnecessarily create a block,
2993 // this block will be used at least by the full expression.
2994 autoCreateBlock();
2995 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getLHS());
2996 if (badCFG)
2997 return NULL;
2998
2999 Succ = ConfluenceBlock;
3000 Block = NULL;
3001 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS());
3002
3003 if (RHSBlock) {
3004 if (badCFG)
3005 return NULL;
3006
3007 // If RHS expression did produce destructors we need to connect created
3008 // blocks to CFG in same manner as for binary operator itself.
3009 CFGBlock *LHSBlock = createBlock(false);
3010 LHSBlock->setTerminator(CFGTerminator(E, true));
3011
3012 // For binary operator LHS block is before RHS in list of predecessors
3013 // of ConfluenceBlock.
3014 std::reverse(ConfluenceBlock->pred_begin(),
3015 ConfluenceBlock->pred_end());
3016
3017 // See if this is a known constant.
3018 TryResult KnownVal = tryEvaluateBool(E->getLHS());
3019 if (KnownVal.isKnown() && (E->getOpcode() == BO_LOr))
3020 KnownVal.negate();
3021
3022 // Link LHSBlock with RHSBlock exactly the same way as for binary operator
3023 // itself.
3024 if (E->getOpcode() == BO_LOr) {
3025 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock);
3026 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock);
3027 } else {
3028 assert (E->getOpcode() == BO_LAnd);
3029 addSuccessor(LHSBlock, KnownVal.isFalse() ? NULL : RHSBlock);
3030 addSuccessor(LHSBlock, KnownVal.isTrue() ? NULL : ConfluenceBlock);
3031 }
3032
3033 Block = LHSBlock;
3034 return LHSBlock;
3035 }
3036
3037 Block = ConfluenceBlock;
3038 return ConfluenceBlock;
3039 }
3040
3041 if (E->isAssignmentOp()) {
3042 // For assignment operator (=) LHS expression is visited
3043 // before RHS expression. For destructors visit them in reverse order.
3044 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS());
3045 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS());
3046 return LHSBlock ? LHSBlock : RHSBlock;
3047 }
3048
3049 // For any other binary operator RHS expression is visited before
3050 // LHS expression (order of children). For destructors visit them in reverse
3051 // order.
3052 CFGBlock *LHSBlock = VisitForTemporaryDtors(E->getLHS());
3053 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getRHS());
3054 return RHSBlock ? RHSBlock : LHSBlock;
3055 }
3056
VisitCXXBindTemporaryExprForTemporaryDtors(CXXBindTemporaryExpr * E,bool BindToTemporary)3057 CFGBlock *CFGBuilder::VisitCXXBindTemporaryExprForTemporaryDtors(
3058 CXXBindTemporaryExpr *E, bool BindToTemporary) {
3059 // First add destructors for temporaries in subexpression.
3060 CFGBlock *B = VisitForTemporaryDtors(E->getSubExpr());
3061 if (!BindToTemporary) {
3062 // If lifetime of temporary is not prolonged (by assigning to constant
3063 // reference) add destructor for it.
3064
3065 // If the destructor is marked as a no-return destructor, we need to create
3066 // a new block for the destructor which does not have as a successor
3067 // anything built thus far. Control won't flow out of this block.
3068 const CXXDestructorDecl *Dtor = E->getTemporary()->getDestructor();
3069 if (cast<FunctionType>(Dtor->getType())->getNoReturnAttr())
3070 Block = createNoReturnBlock();
3071 else
3072 autoCreateBlock();
3073
3074 appendTemporaryDtor(Block, E);
3075 B = Block;
3076 }
3077 return B;
3078 }
3079
VisitConditionalOperatorForTemporaryDtors(AbstractConditionalOperator * E,bool BindToTemporary)3080 CFGBlock *CFGBuilder::VisitConditionalOperatorForTemporaryDtors(
3081 AbstractConditionalOperator *E, bool BindToTemporary) {
3082 // First add destructors for condition expression. Even if this will
3083 // unnecessarily create a block, this block will be used at least by the full
3084 // expression.
3085 autoCreateBlock();
3086 CFGBlock *ConfluenceBlock = VisitForTemporaryDtors(E->getCond());
3087 if (badCFG)
3088 return NULL;
3089 if (BinaryConditionalOperator *BCO
3090 = dyn_cast<BinaryConditionalOperator>(E)) {
3091 ConfluenceBlock = VisitForTemporaryDtors(BCO->getCommon());
3092 if (badCFG)
3093 return NULL;
3094 }
3095
3096 // Try to add block with destructors for LHS expression.
3097 CFGBlock *LHSBlock = NULL;
3098 Succ = ConfluenceBlock;
3099 Block = NULL;
3100 LHSBlock = VisitForTemporaryDtors(E->getTrueExpr(), BindToTemporary);
3101 if (badCFG)
3102 return NULL;
3103
3104 // Try to add block with destructors for RHS expression;
3105 Succ = ConfluenceBlock;
3106 Block = NULL;
3107 CFGBlock *RHSBlock = VisitForTemporaryDtors(E->getFalseExpr(),
3108 BindToTemporary);
3109 if (badCFG)
3110 return NULL;
3111
3112 if (!RHSBlock && !LHSBlock) {
3113 // If neither LHS nor RHS expression had temporaries to destroy don't create
3114 // more blocks.
3115 Block = ConfluenceBlock;
3116 return Block;
3117 }
3118
3119 Block = createBlock(false);
3120 Block->setTerminator(CFGTerminator(E, true));
3121
3122 // See if this is a known constant.
3123 const TryResult &KnownVal = tryEvaluateBool(E->getCond());
3124
3125 if (LHSBlock) {
3126 addSuccessor(Block, KnownVal.isFalse() ? NULL : LHSBlock);
3127 } else if (KnownVal.isFalse()) {
3128 addSuccessor(Block, NULL);
3129 } else {
3130 addSuccessor(Block, ConfluenceBlock);
3131 std::reverse(ConfluenceBlock->pred_begin(), ConfluenceBlock->pred_end());
3132 }
3133
3134 if (!RHSBlock)
3135 RHSBlock = ConfluenceBlock;
3136 addSuccessor(Block, KnownVal.isTrue() ? NULL : RHSBlock);
3137
3138 return Block;
3139 }
3140
3141 } // end anonymous namespace
3142
3143 /// createBlock - Constructs and adds a new CFGBlock to the CFG. The block has
3144 /// no successors or predecessors. If this is the first block created in the
3145 /// CFG, it is automatically set to be the Entry and Exit of the CFG.
createBlock()3146 CFGBlock *CFG::createBlock() {
3147 bool first_block = begin() == end();
3148
3149 // Create the block.
3150 CFGBlock *Mem = getAllocator().Allocate<CFGBlock>();
3151 new (Mem) CFGBlock(NumBlockIDs++, BlkBVC, this);
3152 Blocks.push_back(Mem, BlkBVC);
3153
3154 // If this is the first block, set it as the Entry and Exit.
3155 if (first_block)
3156 Entry = Exit = &back();
3157
3158 // Return the block.
3159 return &back();
3160 }
3161
3162 /// buildCFG - Constructs a CFG from an AST. Ownership of the returned
3163 /// CFG is returned to the caller.
buildCFG(const Decl * D,Stmt * Statement,ASTContext * C,const BuildOptions & BO)3164 CFG* CFG::buildCFG(const Decl *D, Stmt *Statement, ASTContext *C,
3165 const BuildOptions &BO) {
3166 CFGBuilder Builder(C, BO);
3167 return Builder.buildCFG(D, Statement);
3168 }
3169
3170 const CXXDestructorDecl *
getDestructorDecl(ASTContext & astContext) const3171 CFGImplicitDtor::getDestructorDecl(ASTContext &astContext) const {
3172 switch (getKind()) {
3173 case CFGElement::Invalid:
3174 case CFGElement::Statement:
3175 case CFGElement::Initializer:
3176 llvm_unreachable("getDestructorDecl should only be used with "
3177 "ImplicitDtors");
3178 case CFGElement::AutomaticObjectDtor: {
3179 const VarDecl *var = cast<CFGAutomaticObjDtor>(this)->getVarDecl();
3180 QualType ty = var->getType();
3181 ty = ty.getNonReferenceType();
3182 while (const ArrayType *arrayType = astContext.getAsArrayType(ty)) {
3183 ty = arrayType->getElementType();
3184 }
3185 const RecordType *recordType = ty->getAs<RecordType>();
3186 const CXXRecordDecl *classDecl =
3187 cast<CXXRecordDecl>(recordType->getDecl());
3188 return classDecl->getDestructor();
3189 }
3190 case CFGElement::TemporaryDtor: {
3191 const CXXBindTemporaryExpr *bindExpr =
3192 cast<CFGTemporaryDtor>(this)->getBindTemporaryExpr();
3193 const CXXTemporary *temp = bindExpr->getTemporary();
3194 return temp->getDestructor();
3195 }
3196 case CFGElement::BaseDtor:
3197 case CFGElement::MemberDtor:
3198
3199 // Not yet supported.
3200 return 0;
3201 }
3202 llvm_unreachable("getKind() returned bogus value");
3203 }
3204
isNoReturn(ASTContext & astContext) const3205 bool CFGImplicitDtor::isNoReturn(ASTContext &astContext) const {
3206 if (const CXXDestructorDecl *cdecl = getDestructorDecl(astContext)) {
3207 QualType ty = cdecl->getType();
3208 return cast<FunctionType>(ty)->getNoReturnAttr();
3209 }
3210 return false;
3211 }
3212
3213 //===----------------------------------------------------------------------===//
3214 // CFG: Queries for BlkExprs.
3215 //===----------------------------------------------------------------------===//
3216
3217 namespace {
3218 typedef llvm::DenseMap<const Stmt*,unsigned> BlkExprMapTy;
3219 }
3220
FindSubExprAssignments(const Stmt * S,llvm::SmallPtrSet<const Expr *,50> & Set)3221 static void FindSubExprAssignments(const Stmt *S,
3222 llvm::SmallPtrSet<const Expr*,50>& Set) {
3223 if (!S)
3224 return;
3225
3226 for (Stmt::const_child_range I = S->children(); I; ++I) {
3227 const Stmt *child = *I;
3228 if (!child)
3229 continue;
3230
3231 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(child))
3232 if (B->isAssignmentOp()) Set.insert(B);
3233
3234 FindSubExprAssignments(child, Set);
3235 }
3236 }
3237
PopulateBlkExprMap(CFG & cfg)3238 static BlkExprMapTy* PopulateBlkExprMap(CFG& cfg) {
3239 BlkExprMapTy* M = new BlkExprMapTy();
3240
3241 // Look for assignments that are used as subexpressions. These are the only
3242 // assignments that we want to *possibly* register as a block-level
3243 // expression. Basically, if an assignment occurs both in a subexpression and
3244 // at the block-level, it is a block-level expression.
3245 llvm::SmallPtrSet<const Expr*,50> SubExprAssignments;
3246
3247 for (CFG::iterator I=cfg.begin(), E=cfg.end(); I != E; ++I)
3248 for (CFGBlock::iterator BI=(*I)->begin(), EI=(*I)->end(); BI != EI; ++BI)
3249 if (const CFGStmt *S = BI->getAs<CFGStmt>())
3250 FindSubExprAssignments(S->getStmt(), SubExprAssignments);
3251
3252 for (CFG::iterator I=cfg.begin(), E=cfg.end(); I != E; ++I) {
3253
3254 // Iterate over the statements again on identify the Expr* and Stmt* at the
3255 // block-level that are block-level expressions.
3256
3257 for (CFGBlock::iterator BI=(*I)->begin(), EI=(*I)->end(); BI != EI; ++BI) {
3258 const CFGStmt *CS = BI->getAs<CFGStmt>();
3259 if (!CS)
3260 continue;
3261 if (const Expr *Exp = dyn_cast<Expr>(CS->getStmt())) {
3262 assert((Exp->IgnoreParens() == Exp) && "No parens on block-level exps");
3263
3264 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(Exp)) {
3265 // Assignment expressions that are not nested within another
3266 // expression are really "statements" whose value is never used by
3267 // another expression.
3268 if (B->isAssignmentOp() && !SubExprAssignments.count(Exp))
3269 continue;
3270 } else if (const StmtExpr *SE = dyn_cast<StmtExpr>(Exp)) {
3271 // Special handling for statement expressions. The last statement in
3272 // the statement expression is also a block-level expr.
3273 const CompoundStmt *C = SE->getSubStmt();
3274 if (!C->body_empty()) {
3275 const Stmt *Last = C->body_back();
3276 if (const Expr *LastEx = dyn_cast<Expr>(Last))
3277 Last = LastEx->IgnoreParens();
3278 unsigned x = M->size();
3279 (*M)[Last] = x;
3280 }
3281 }
3282
3283 unsigned x = M->size();
3284 (*M)[Exp] = x;
3285 }
3286 }
3287
3288 // Look at terminators. The condition is a block-level expression.
3289
3290 Stmt *S = (*I)->getTerminatorCondition();
3291
3292 if (S && M->find(S) == M->end()) {
3293 unsigned x = M->size();
3294 (*M)[S] = x;
3295 }
3296 }
3297
3298 return M;
3299 }
3300
getBlkExprNum(const Stmt * S)3301 CFG::BlkExprNumTy CFG::getBlkExprNum(const Stmt *S) {
3302 assert(S != NULL);
3303 if (!BlkExprMap) { BlkExprMap = (void*) PopulateBlkExprMap(*this); }
3304
3305 BlkExprMapTy* M = reinterpret_cast<BlkExprMapTy*>(BlkExprMap);
3306 BlkExprMapTy::iterator I = M->find(S);
3307 return (I == M->end()) ? CFG::BlkExprNumTy() : CFG::BlkExprNumTy(I->second);
3308 }
3309
getNumBlkExprs()3310 unsigned CFG::getNumBlkExprs() {
3311 if (const BlkExprMapTy* M = reinterpret_cast<const BlkExprMapTy*>(BlkExprMap))
3312 return M->size();
3313
3314 // We assume callers interested in the number of BlkExprs will want
3315 // the map constructed if it doesn't already exist.
3316 BlkExprMap = (void*) PopulateBlkExprMap(*this);
3317 return reinterpret_cast<BlkExprMapTy*>(BlkExprMap)->size();
3318 }
3319
3320 //===----------------------------------------------------------------------===//
3321 // Filtered walking of the CFG.
3322 //===----------------------------------------------------------------------===//
3323
FilterEdge(const CFGBlock::FilterOptions & F,const CFGBlock * From,const CFGBlock * To)3324 bool CFGBlock::FilterEdge(const CFGBlock::FilterOptions &F,
3325 const CFGBlock *From, const CFGBlock *To) {
3326
3327 if (To && F.IgnoreDefaultsWithCoveredEnums) {
3328 // If the 'To' has no label or is labeled but the label isn't a
3329 // CaseStmt then filter this edge.
3330 if (const SwitchStmt *S =
3331 dyn_cast_or_null<SwitchStmt>(From->getTerminator().getStmt())) {
3332 if (S->isAllEnumCasesCovered()) {
3333 const Stmt *L = To->getLabel();
3334 if (!L || !isa<CaseStmt>(L))
3335 return true;
3336 }
3337 }
3338 }
3339
3340 return false;
3341 }
3342
3343 //===----------------------------------------------------------------------===//
3344 // Cleanup: CFG dstor.
3345 //===----------------------------------------------------------------------===//
3346
~CFG()3347 CFG::~CFG() {
3348 delete reinterpret_cast<const BlkExprMapTy*>(BlkExprMap);
3349 }
3350
3351 //===----------------------------------------------------------------------===//
3352 // CFG pretty printing
3353 //===----------------------------------------------------------------------===//
3354
3355 namespace {
3356
3357 class StmtPrinterHelper : public PrinterHelper {
3358 typedef llvm::DenseMap<const Stmt*,std::pair<unsigned,unsigned> > StmtMapTy;
3359 typedef llvm::DenseMap<const Decl*,std::pair<unsigned,unsigned> > DeclMapTy;
3360 StmtMapTy StmtMap;
3361 DeclMapTy DeclMap;
3362 signed currentBlock;
3363 unsigned currentStmt;
3364 const LangOptions &LangOpts;
3365 public:
3366
StmtPrinterHelper(const CFG * cfg,const LangOptions & LO)3367 StmtPrinterHelper(const CFG* cfg, const LangOptions &LO)
3368 : currentBlock(0), currentStmt(0), LangOpts(LO)
3369 {
3370 for (CFG::const_iterator I = cfg->begin(), E = cfg->end(); I != E; ++I ) {
3371 unsigned j = 1;
3372 for (CFGBlock::const_iterator BI = (*I)->begin(), BEnd = (*I)->end() ;
3373 BI != BEnd; ++BI, ++j ) {
3374 if (const CFGStmt *SE = BI->getAs<CFGStmt>()) {
3375 const Stmt *stmt= SE->getStmt();
3376 std::pair<unsigned, unsigned> P((*I)->getBlockID(), j);
3377 StmtMap[stmt] = P;
3378
3379 switch (stmt->getStmtClass()) {
3380 case Stmt::DeclStmtClass:
3381 DeclMap[cast<DeclStmt>(stmt)->getSingleDecl()] = P;
3382 break;
3383 case Stmt::IfStmtClass: {
3384 const VarDecl *var = cast<IfStmt>(stmt)->getConditionVariable();
3385 if (var)
3386 DeclMap[var] = P;
3387 break;
3388 }
3389 case Stmt::ForStmtClass: {
3390 const VarDecl *var = cast<ForStmt>(stmt)->getConditionVariable();
3391 if (var)
3392 DeclMap[var] = P;
3393 break;
3394 }
3395 case Stmt::WhileStmtClass: {
3396 const VarDecl *var =
3397 cast<WhileStmt>(stmt)->getConditionVariable();
3398 if (var)
3399 DeclMap[var] = P;
3400 break;
3401 }
3402 case Stmt::SwitchStmtClass: {
3403 const VarDecl *var =
3404 cast<SwitchStmt>(stmt)->getConditionVariable();
3405 if (var)
3406 DeclMap[var] = P;
3407 break;
3408 }
3409 case Stmt::CXXCatchStmtClass: {
3410 const VarDecl *var =
3411 cast<CXXCatchStmt>(stmt)->getExceptionDecl();
3412 if (var)
3413 DeclMap[var] = P;
3414 break;
3415 }
3416 default:
3417 break;
3418 }
3419 }
3420 }
3421 }
3422 }
3423
3424
~StmtPrinterHelper()3425 virtual ~StmtPrinterHelper() {}
3426
getLangOpts() const3427 const LangOptions &getLangOpts() const { return LangOpts; }
setBlockID(signed i)3428 void setBlockID(signed i) { currentBlock = i; }
setStmtID(unsigned i)3429 void setStmtID(unsigned i) { currentStmt = i; }
3430
handledStmt(Stmt * S,raw_ostream & OS)3431 virtual bool handledStmt(Stmt *S, raw_ostream &OS) {
3432 StmtMapTy::iterator I = StmtMap.find(S);
3433
3434 if (I == StmtMap.end())
3435 return false;
3436
3437 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock
3438 && I->second.second == currentStmt) {
3439 return false;
3440 }
3441
3442 OS << "[B" << I->second.first << "." << I->second.second << "]";
3443 return true;
3444 }
3445
handleDecl(const Decl * D,raw_ostream & OS)3446 bool handleDecl(const Decl *D, raw_ostream &OS) {
3447 DeclMapTy::iterator I = DeclMap.find(D);
3448
3449 if (I == DeclMap.end())
3450 return false;
3451
3452 if (currentBlock >= 0 && I->second.first == (unsigned) currentBlock
3453 && I->second.second == currentStmt) {
3454 return false;
3455 }
3456
3457 OS << "[B" << I->second.first << "." << I->second.second << "]";
3458 return true;
3459 }
3460 };
3461 } // end anonymous namespace
3462
3463
3464 namespace {
3465 class CFGBlockTerminatorPrint
3466 : public StmtVisitor<CFGBlockTerminatorPrint,void> {
3467
3468 raw_ostream &OS;
3469 StmtPrinterHelper* Helper;
3470 PrintingPolicy Policy;
3471 public:
CFGBlockTerminatorPrint(raw_ostream & os,StmtPrinterHelper * helper,const PrintingPolicy & Policy)3472 CFGBlockTerminatorPrint(raw_ostream &os, StmtPrinterHelper* helper,
3473 const PrintingPolicy &Policy)
3474 : OS(os), Helper(helper), Policy(Policy) {}
3475
VisitIfStmt(IfStmt * I)3476 void VisitIfStmt(IfStmt *I) {
3477 OS << "if ";
3478 I->getCond()->printPretty(OS,Helper,Policy);
3479 }
3480
3481 // Default case.
VisitStmt(Stmt * Terminator)3482 void VisitStmt(Stmt *Terminator) {
3483 Terminator->printPretty(OS, Helper, Policy);
3484 }
3485
VisitForStmt(ForStmt * F)3486 void VisitForStmt(ForStmt *F) {
3487 OS << "for (" ;
3488 if (F->getInit())
3489 OS << "...";
3490 OS << "; ";
3491 if (Stmt *C = F->getCond())
3492 C->printPretty(OS, Helper, Policy);
3493 OS << "; ";
3494 if (F->getInc())
3495 OS << "...";
3496 OS << ")";
3497 }
3498
VisitWhileStmt(WhileStmt * W)3499 void VisitWhileStmt(WhileStmt *W) {
3500 OS << "while " ;
3501 if (Stmt *C = W->getCond())
3502 C->printPretty(OS, Helper, Policy);
3503 }
3504
VisitDoStmt(DoStmt * D)3505 void VisitDoStmt(DoStmt *D) {
3506 OS << "do ... while ";
3507 if (Stmt *C = D->getCond())
3508 C->printPretty(OS, Helper, Policy);
3509 }
3510
VisitSwitchStmt(SwitchStmt * Terminator)3511 void VisitSwitchStmt(SwitchStmt *Terminator) {
3512 OS << "switch ";
3513 Terminator->getCond()->printPretty(OS, Helper, Policy);
3514 }
3515
VisitCXXTryStmt(CXXTryStmt * CS)3516 void VisitCXXTryStmt(CXXTryStmt *CS) {
3517 OS << "try ...";
3518 }
3519
VisitAbstractConditionalOperator(AbstractConditionalOperator * C)3520 void VisitAbstractConditionalOperator(AbstractConditionalOperator* C) {
3521 C->getCond()->printPretty(OS, Helper, Policy);
3522 OS << " ? ... : ...";
3523 }
3524
VisitChooseExpr(ChooseExpr * C)3525 void VisitChooseExpr(ChooseExpr *C) {
3526 OS << "__builtin_choose_expr( ";
3527 C->getCond()->printPretty(OS, Helper, Policy);
3528 OS << " )";
3529 }
3530
VisitIndirectGotoStmt(IndirectGotoStmt * I)3531 void VisitIndirectGotoStmt(IndirectGotoStmt *I) {
3532 OS << "goto *";
3533 I->getTarget()->printPretty(OS, Helper, Policy);
3534 }
3535
VisitBinaryOperator(BinaryOperator * B)3536 void VisitBinaryOperator(BinaryOperator* B) {
3537 if (!B->isLogicalOp()) {
3538 VisitExpr(B);
3539 return;
3540 }
3541
3542 B->getLHS()->printPretty(OS, Helper, Policy);
3543
3544 switch (B->getOpcode()) {
3545 case BO_LOr:
3546 OS << " || ...";
3547 return;
3548 case BO_LAnd:
3549 OS << " && ...";
3550 return;
3551 default:
3552 llvm_unreachable("Invalid logical operator.");
3553 }
3554 }
3555
VisitExpr(Expr * E)3556 void VisitExpr(Expr *E) {
3557 E->printPretty(OS, Helper, Policy);
3558 }
3559 };
3560 } // end anonymous namespace
3561
print_elem(raw_ostream & OS,StmtPrinterHelper * Helper,const CFGElement & E)3562 static void print_elem(raw_ostream &OS, StmtPrinterHelper* Helper,
3563 const CFGElement &E) {
3564 if (const CFGStmt *CS = E.getAs<CFGStmt>()) {
3565 const Stmt *S = CS->getStmt();
3566
3567 if (Helper) {
3568
3569 // special printing for statement-expressions.
3570 if (const StmtExpr *SE = dyn_cast<StmtExpr>(S)) {
3571 const CompoundStmt *Sub = SE->getSubStmt();
3572
3573 if (Sub->children()) {
3574 OS << "({ ... ; ";
3575 Helper->handledStmt(*SE->getSubStmt()->body_rbegin(),OS);
3576 OS << " })\n";
3577 return;
3578 }
3579 }
3580 // special printing for comma expressions.
3581 if (const BinaryOperator* B = dyn_cast<BinaryOperator>(S)) {
3582 if (B->getOpcode() == BO_Comma) {
3583 OS << "... , ";
3584 Helper->handledStmt(B->getRHS(),OS);
3585 OS << '\n';
3586 return;
3587 }
3588 }
3589 }
3590 S->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts()));
3591
3592 if (isa<CXXOperatorCallExpr>(S)) {
3593 OS << " (OperatorCall)";
3594 }
3595 else if (isa<CXXBindTemporaryExpr>(S)) {
3596 OS << " (BindTemporary)";
3597 }
3598 else if (const CXXConstructExpr *CCE = dyn_cast<CXXConstructExpr>(S)) {
3599 OS << " (CXXConstructExpr, " << CCE->getType().getAsString() << ")";
3600 }
3601 else if (const CastExpr *CE = dyn_cast<CastExpr>(S)) {
3602 OS << " (" << CE->getStmtClassName() << ", "
3603 << CE->getCastKindName()
3604 << ", " << CE->getType().getAsString()
3605 << ")";
3606 }
3607
3608 // Expressions need a newline.
3609 if (isa<Expr>(S))
3610 OS << '\n';
3611
3612 } else if (const CFGInitializer *IE = E.getAs<CFGInitializer>()) {
3613 const CXXCtorInitializer *I = IE->getInitializer();
3614 if (I->isBaseInitializer())
3615 OS << I->getBaseClass()->getAsCXXRecordDecl()->getName();
3616 else OS << I->getAnyMember()->getName();
3617
3618 OS << "(";
3619 if (Expr *IE = I->getInit())
3620 IE->printPretty(OS, Helper, PrintingPolicy(Helper->getLangOpts()));
3621 OS << ")";
3622
3623 if (I->isBaseInitializer())
3624 OS << " (Base initializer)\n";
3625 else OS << " (Member initializer)\n";
3626
3627 } else if (const CFGAutomaticObjDtor *DE = E.getAs<CFGAutomaticObjDtor>()){
3628 const VarDecl *VD = DE->getVarDecl();
3629 Helper->handleDecl(VD, OS);
3630
3631 const Type* T = VD->getType().getTypePtr();
3632 if (const ReferenceType* RT = T->getAs<ReferenceType>())
3633 T = RT->getPointeeType().getTypePtr();
3634 else if (const Type *ET = T->getArrayElementTypeNoTypeQual())
3635 T = ET;
3636
3637 OS << ".~" << T->getAsCXXRecordDecl()->getName().str() << "()";
3638 OS << " (Implicit destructor)\n";
3639
3640 } else if (const CFGBaseDtor *BE = E.getAs<CFGBaseDtor>()) {
3641 const CXXBaseSpecifier *BS = BE->getBaseSpecifier();
3642 OS << "~" << BS->getType()->getAsCXXRecordDecl()->getName() << "()";
3643 OS << " (Base object destructor)\n";
3644
3645 } else if (const CFGMemberDtor *ME = E.getAs<CFGMemberDtor>()) {
3646 const FieldDecl *FD = ME->getFieldDecl();
3647
3648 const Type *T = FD->getType().getTypePtr();
3649 if (const Type *ET = T->getArrayElementTypeNoTypeQual())
3650 T = ET;
3651
3652 OS << "this->" << FD->getName();
3653 OS << ".~" << T->getAsCXXRecordDecl()->getName() << "()";
3654 OS << " (Member object destructor)\n";
3655
3656 } else if (const CFGTemporaryDtor *TE = E.getAs<CFGTemporaryDtor>()) {
3657 const CXXBindTemporaryExpr *BT = TE->getBindTemporaryExpr();
3658 OS << "~" << BT->getType()->getAsCXXRecordDecl()->getName() << "()";
3659 OS << " (Temporary object destructor)\n";
3660 }
3661 }
3662
print_block(raw_ostream & OS,const CFG * cfg,const CFGBlock & B,StmtPrinterHelper * Helper,bool print_edges,bool ShowColors)3663 static void print_block(raw_ostream &OS, const CFG* cfg,
3664 const CFGBlock &B,
3665 StmtPrinterHelper* Helper, bool print_edges,
3666 bool ShowColors) {
3667
3668 if (Helper)
3669 Helper->setBlockID(B.getBlockID());
3670
3671 // Print the header.
3672 if (ShowColors)
3673 OS.changeColor(raw_ostream::YELLOW, true);
3674
3675 OS << "\n [B" << B.getBlockID();
3676
3677 if (&B == &cfg->getEntry())
3678 OS << " (ENTRY)]\n";
3679 else if (&B == &cfg->getExit())
3680 OS << " (EXIT)]\n";
3681 else if (&B == cfg->getIndirectGotoBlock())
3682 OS << " (INDIRECT GOTO DISPATCH)]\n";
3683 else
3684 OS << "]\n";
3685
3686 if (ShowColors)
3687 OS.resetColor();
3688
3689 // Print the label of this block.
3690 if (Stmt *Label = const_cast<Stmt*>(B.getLabel())) {
3691
3692 if (print_edges)
3693 OS << " ";
3694
3695 if (LabelStmt *L = dyn_cast<LabelStmt>(Label))
3696 OS << L->getName();
3697 else if (CaseStmt *C = dyn_cast<CaseStmt>(Label)) {
3698 OS << "case ";
3699 C->getLHS()->printPretty(OS, Helper,
3700 PrintingPolicy(Helper->getLangOpts()));
3701 if (C->getRHS()) {
3702 OS << " ... ";
3703 C->getRHS()->printPretty(OS, Helper,
3704 PrintingPolicy(Helper->getLangOpts()));
3705 }
3706 } else if (isa<DefaultStmt>(Label))
3707 OS << "default";
3708 else if (CXXCatchStmt *CS = dyn_cast<CXXCatchStmt>(Label)) {
3709 OS << "catch (";
3710 if (CS->getExceptionDecl())
3711 CS->getExceptionDecl()->print(OS, PrintingPolicy(Helper->getLangOpts()),
3712 0);
3713 else
3714 OS << "...";
3715 OS << ")";
3716
3717 } else
3718 llvm_unreachable("Invalid label statement in CFGBlock.");
3719
3720 OS << ":\n";
3721 }
3722
3723 // Iterate through the statements in the block and print them.
3724 unsigned j = 1;
3725
3726 for (CFGBlock::const_iterator I = B.begin(), E = B.end() ;
3727 I != E ; ++I, ++j ) {
3728
3729 // Print the statement # in the basic block and the statement itself.
3730 if (print_edges)
3731 OS << " ";
3732
3733 OS << llvm::format("%3d", j) << ": ";
3734
3735 if (Helper)
3736 Helper->setStmtID(j);
3737
3738 print_elem(OS, Helper, *I);
3739 }
3740
3741 // Print the terminator of this block.
3742 if (B.getTerminator()) {
3743 if (ShowColors)
3744 OS.changeColor(raw_ostream::GREEN);
3745
3746 OS << " T: ";
3747
3748 if (Helper) Helper->setBlockID(-1);
3749
3750 CFGBlockTerminatorPrint TPrinter(OS, Helper,
3751 PrintingPolicy(Helper->getLangOpts()));
3752 TPrinter.Visit(const_cast<Stmt*>(B.getTerminator().getStmt()));
3753 OS << '\n';
3754
3755 if (ShowColors)
3756 OS.resetColor();
3757 }
3758
3759 if (print_edges) {
3760 // Print the predecessors of this block.
3761 if (!B.pred_empty()) {
3762 const raw_ostream::Colors Color = raw_ostream::BLUE;
3763 if (ShowColors)
3764 OS.changeColor(Color);
3765 OS << " Preds " ;
3766 if (ShowColors)
3767 OS.resetColor();
3768 OS << '(' << B.pred_size() << "):";
3769 unsigned i = 0;
3770
3771 if (ShowColors)
3772 OS.changeColor(Color);
3773
3774 for (CFGBlock::const_pred_iterator I = B.pred_begin(), E = B.pred_end();
3775 I != E; ++I, ++i) {
3776
3777 if (i == 8 || (i-8) == 0)
3778 OS << "\n ";
3779
3780 OS << " B" << (*I)->getBlockID();
3781 }
3782
3783 if (ShowColors)
3784 OS.resetColor();
3785
3786 OS << '\n';
3787 }
3788
3789 // Print the successors of this block.
3790 if (!B.succ_empty()) {
3791 const raw_ostream::Colors Color = raw_ostream::MAGENTA;
3792 if (ShowColors)
3793 OS.changeColor(Color);
3794 OS << " Succs ";
3795 if (ShowColors)
3796 OS.resetColor();
3797 OS << '(' << B.succ_size() << "):";
3798 unsigned i = 0;
3799
3800 if (ShowColors)
3801 OS.changeColor(Color);
3802
3803 for (CFGBlock::const_succ_iterator I = B.succ_begin(), E = B.succ_end();
3804 I != E; ++I, ++i) {
3805
3806 if (i == 8 || (i-8) % 10 == 0)
3807 OS << "\n ";
3808
3809 if (*I)
3810 OS << " B" << (*I)->getBlockID();
3811 else
3812 OS << " NULL";
3813 }
3814
3815 if (ShowColors)
3816 OS.resetColor();
3817 OS << '\n';
3818 }
3819 }
3820 }
3821
3822
3823 /// dump - A simple pretty printer of a CFG that outputs to stderr.
dump(const LangOptions & LO,bool ShowColors) const3824 void CFG::dump(const LangOptions &LO, bool ShowColors) const {
3825 print(llvm::errs(), LO, ShowColors);
3826 }
3827
3828 /// print - A simple pretty printer of a CFG that outputs to an ostream.
print(raw_ostream & OS,const LangOptions & LO,bool ShowColors) const3829 void CFG::print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const {
3830 StmtPrinterHelper Helper(this, LO);
3831
3832 // Print the entry block.
3833 print_block(OS, this, getEntry(), &Helper, true, ShowColors);
3834
3835 // Iterate through the CFGBlocks and print them one by one.
3836 for (const_iterator I = Blocks.begin(), E = Blocks.end() ; I != E ; ++I) {
3837 // Skip the entry block, because we already printed it.
3838 if (&(**I) == &getEntry() || &(**I) == &getExit())
3839 continue;
3840
3841 print_block(OS, this, **I, &Helper, true, ShowColors);
3842 }
3843
3844 // Print the exit block.
3845 print_block(OS, this, getExit(), &Helper, true, ShowColors);
3846 OS << '\n';
3847 OS.flush();
3848 }
3849
3850 /// dump - A simply pretty printer of a CFGBlock that outputs to stderr.
dump(const CFG * cfg,const LangOptions & LO,bool ShowColors) const3851 void CFGBlock::dump(const CFG* cfg, const LangOptions &LO,
3852 bool ShowColors) const {
3853 print(llvm::errs(), cfg, LO, ShowColors);
3854 }
3855
3856 /// print - A simple pretty printer of a CFGBlock that outputs to an ostream.
3857 /// Generally this will only be called from CFG::print.
print(raw_ostream & OS,const CFG * cfg,const LangOptions & LO,bool ShowColors) const3858 void CFGBlock::print(raw_ostream &OS, const CFG* cfg,
3859 const LangOptions &LO, bool ShowColors) const {
3860 StmtPrinterHelper Helper(cfg, LO);
3861 print_block(OS, cfg, *this, &Helper, true, ShowColors);
3862 OS << '\n';
3863 }
3864
3865 /// printTerminator - A simple pretty printer of the terminator of a CFGBlock.
printTerminator(raw_ostream & OS,const LangOptions & LO) const3866 void CFGBlock::printTerminator(raw_ostream &OS,
3867 const LangOptions &LO) const {
3868 CFGBlockTerminatorPrint TPrinter(OS, NULL, PrintingPolicy(LO));
3869 TPrinter.Visit(const_cast<Stmt*>(getTerminator().getStmt()));
3870 }
3871
getTerminatorCondition()3872 Stmt *CFGBlock::getTerminatorCondition() {
3873 Stmt *Terminator = this->Terminator;
3874 if (!Terminator)
3875 return NULL;
3876
3877 Expr *E = NULL;
3878
3879 switch (Terminator->getStmtClass()) {
3880 default:
3881 break;
3882
3883 case Stmt::ForStmtClass:
3884 E = cast<ForStmt>(Terminator)->getCond();
3885 break;
3886
3887 case Stmt::WhileStmtClass:
3888 E = cast<WhileStmt>(Terminator)->getCond();
3889 break;
3890
3891 case Stmt::DoStmtClass:
3892 E = cast<DoStmt>(Terminator)->getCond();
3893 break;
3894
3895 case Stmt::IfStmtClass:
3896 E = cast<IfStmt>(Terminator)->getCond();
3897 break;
3898
3899 case Stmt::ChooseExprClass:
3900 E = cast<ChooseExpr>(Terminator)->getCond();
3901 break;
3902
3903 case Stmt::IndirectGotoStmtClass:
3904 E = cast<IndirectGotoStmt>(Terminator)->getTarget();
3905 break;
3906
3907 case Stmt::SwitchStmtClass:
3908 E = cast<SwitchStmt>(Terminator)->getCond();
3909 break;
3910
3911 case Stmt::BinaryConditionalOperatorClass:
3912 E = cast<BinaryConditionalOperator>(Terminator)->getCond();
3913 break;
3914
3915 case Stmt::ConditionalOperatorClass:
3916 E = cast<ConditionalOperator>(Terminator)->getCond();
3917 break;
3918
3919 case Stmt::BinaryOperatorClass: // '&&' and '||'
3920 E = cast<BinaryOperator>(Terminator)->getLHS();
3921 break;
3922
3923 case Stmt::ObjCForCollectionStmtClass:
3924 return Terminator;
3925 }
3926
3927 return E ? E->IgnoreParens() : NULL;
3928 }
3929
3930 //===----------------------------------------------------------------------===//
3931 // CFG Graphviz Visualization
3932 //===----------------------------------------------------------------------===//
3933
3934
3935 #ifndef NDEBUG
3936 static StmtPrinterHelper* GraphHelper;
3937 #endif
3938
viewCFG(const LangOptions & LO) const3939 void CFG::viewCFG(const LangOptions &LO) const {
3940 #ifndef NDEBUG
3941 StmtPrinterHelper H(this, LO);
3942 GraphHelper = &H;
3943 llvm::ViewGraph(this,"CFG");
3944 GraphHelper = NULL;
3945 #endif
3946 }
3947
3948 namespace llvm {
3949 template<>
3950 struct DOTGraphTraits<const CFG*> : public DefaultDOTGraphTraits {
3951
DOTGraphTraitsllvm::DOTGraphTraits3952 DOTGraphTraits (bool isSimple=false) : DefaultDOTGraphTraits(isSimple) {}
3953
getNodeLabelllvm::DOTGraphTraits3954 static std::string getNodeLabel(const CFGBlock *Node, const CFG* Graph) {
3955
3956 #ifndef NDEBUG
3957 std::string OutSStr;
3958 llvm::raw_string_ostream Out(OutSStr);
3959 print_block(Out,Graph, *Node, GraphHelper, false, false);
3960 std::string& OutStr = Out.str();
3961
3962 if (OutStr[0] == '\n') OutStr.erase(OutStr.begin());
3963
3964 // Process string output to make it nicer...
3965 for (unsigned i = 0; i != OutStr.length(); ++i)
3966 if (OutStr[i] == '\n') { // Left justify
3967 OutStr[i] = '\\';
3968 OutStr.insert(OutStr.begin()+i+1, 'l');
3969 }
3970
3971 return OutStr;
3972 #else
3973 return "";
3974 #endif
3975 }
3976 };
3977 } // end namespace llvm
3978