[clang][dataflow] Add transfer functions for assignment

This is part of the implementation of the dataflow analysis framework. See "[RFC] A dataflow analysis framework for Clang AST" on cfe-dev. Differential Revision: https://reviews.llvm.org/D116596
llvm · Jan 10, 2022 · e7481f6 · e7481f6
1 parent f5b3879
commit e7481f6
Show file tree

Hide file tree

Showing 5 changed files with 495 additions and 62 deletions.
diff --git a/clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h b/clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
@@ -16,6 +16,7 @@
 #define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWANALYSISCONTEXT_H
 
 #include "clang/AST/Decl.h"
+#include "clang/AST/Expr.h"
 #include "clang/Analysis/FlowSensitive/StorageLocation.h"
 #include "clang/Analysis/FlowSensitive/Value.h"
 #include "llvm/ADT/DenseMap.h"
@@ -70,6 +71,23 @@ class DataflowAnalysisContext {
     return It == DeclToLoc.end() ? nullptr : It->second;
   }
 
+  /// Assigns `Loc` as the storage location of `E`.
+  ///
+  /// Requirements:
+  ///
+  ///  `E` must not be assigned a storage location.
+  void setStorageLocation(const Expr &E, StorageLocation &Loc) {
+    assert(ExprToLoc.find(&E) == ExprToLoc.end());
+    ExprToLoc[&E] = &Loc;
+  }
+
+  /// Returns the storage location assigned to `E` or null if `E` has no
+  /// assigned storage location.
+  StorageLocation *getStorageLocation(const Expr &E) const {
+    auto It = ExprToLoc.find(&E);
+    return It == ExprToLoc.end() ? nullptr : It->second;
+  }
+
 private:
   // Storage for the state of a program.
   std::vector<std::unique_ptr<StorageLocation>> Locs;
@@ -81,7 +99,7 @@ class DataflowAnalysisContext {
   // basic blocks are evaluated multiple times. The storage locations that are
   // in scope for a particular basic block are stored in `Environment`.
   llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc;
-  // FIXME: Add `Expr` to `StorageLocation` map.
+  llvm::DenseMap<const Expr *, StorageLocation *> ExprToLoc;
 
   // FIXME: Add `StorageLocation` for `this`.
 

diff --git a/clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h b/clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
@@ -16,6 +16,7 @@
 #define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_DATAFLOWENVIRONMENT_H
 
 #include "clang/AST/Decl.h"
+#include "clang/AST/Expr.h"
 #include "clang/AST/Type.h"
 #include "clang/AST/TypeOrdering.h"
 #include "clang/Analysis/FlowSensitive/DataflowAnalysisContext.h"
@@ -28,6 +29,18 @@
 namespace clang {
 namespace dataflow {
 
+/// Indicates what kind of indirections should be skipped past when retrieving
+/// storage locations or values.
+///
+/// FIXME: Consider renaming this or replacing it with a more appropriate model.
+/// See the discussion in https://reviews.llvm.org/D116596 for context.
+enum class SkipPast {
+  /// No indirections should be skipped past.
+  None,
+  /// An optional reference should be skipped past.
+  Reference,
+};
+
 /// Holds the state of the program (store and heap) at a given program point.
 class Environment {
 public:
@@ -50,16 +63,34 @@ class Environment {
   /// returned storage location in the environment.
   StorageLocation &createStorageLocation(const VarDecl &D);
 
+  /// Creates a storage location for `E`. Does not assign the returned storage
+  /// location to `E` in the environment. Does not assign a value to the
+  /// returned storage location in the environment.
+  StorageLocation &createStorageLocation(const Expr &E);
+
   /// Assigns `Loc` as the storage location of `D` in the environment.
   ///
   /// Requirements:
   ///
   ///  `D` must not be assigned a storage location in the environment.
   void setStorageLocation(const ValueDecl &D, StorageLocation &Loc);
 
-  /// Returns the storage location assigned to `D` in the environment or null if
-  /// `D` isn't assigned a storage location in the environment.
-  StorageLocation *getStorageLocation(const ValueDecl &D) const;
+  /// Returns the storage location assigned to `D` in the environment, applying
+  /// the `SP` policy for skipping past indirections, or null if `D` isn't
+  /// assigned a storage location in the environment.
+  StorageLocation *getStorageLocation(const ValueDecl &D, SkipPast SP) const;
+
+  /// Assigns `Loc` as the storage location of `E` in the environment.
+  ///
+  /// Requirements:
+  ///
+  ///  `E` must not be assigned a storage location in the environment.
+  void setStorageLocation(const Expr &E, StorageLocation &Loc);
+
+  /// Returns the storage location assigned to `E` in the environment, applying
+  /// the `SP` policy for skipping past indirections, or null if `E` isn't
+  /// assigned a storage location in the environment.
+  StorageLocation *getStorageLocation(const Expr &E, SkipPast SP) const;
 
   /// Creates a value appropriate for `Type`, assigns it to `Loc`, and returns
   /// it, if `Type` is supported, otherwise return null. If `Type` is a pointer
@@ -78,6 +109,22 @@ class Environment {
   /// isn't assigned a value in the environment.
   Value *getValue(const StorageLocation &Loc) const;
 
+  /// Equivalent to `getValue(getStorageLocation(D, SP), SkipPast::None)` if `D`
+  /// is assigned a storage location in the environment, otherwise returns null.
+  Value *getValue(const ValueDecl &D, SkipPast SP) const;
+
+  /// Equivalent to `getValue(getStorageLocation(E, SP), SkipPast::None)` if `E`
+  /// is assigned a storage location in the environment, otherwise returns null.
+  Value *getValue(const Expr &E, SkipPast SP) const;
+
+  /// Transfers ownership of `Loc` to the analysis context and returns a
+  /// reference to `Loc`.
+  StorageLocation &takeOwnership(std::unique_ptr<StorageLocation> Loc);
+
+  /// Transfers ownership of `Val` to the analysis context and returns a
+  /// reference to `Val`.
+  Value &takeOwnership(std::unique_ptr<Value> Val);
+
 private:
   /// Returns the value assigned to `Loc` in the environment or null if `Type`
   /// isn't supported.
@@ -94,14 +141,18 @@ class Environment {
       const StorageLocation &Loc, QualType Type,
       llvm::DenseSet<QualType> &Visited);
 
+  StorageLocation &skip(StorageLocation &Loc, SkipPast SP) const;
+  const StorageLocation &skip(const StorageLocation &Loc, SkipPast SP) const;
+
+  // `DACtx` is not null and not owned by this object.
   DataflowAnalysisContext *DACtx;
 
   // Maps from program declarations and statements to storage locations that are
   // assigned to them. Unlike the maps in `DataflowAnalysisContext`, these
   // include only storage locations that are in scope for a particular basic
   // block.
   llvm::DenseMap<const ValueDecl *, StorageLocation *> DeclToLoc;
-  // FIXME: Add `Expr` to `StorageLocation` map.
+  llvm::DenseMap<const Expr *, StorageLocation *> ExprToLoc;
 
   llvm::DenseMap<const StorageLocation *, Value *> LocToVal;
 

diff --git a/clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp b/clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
@@ -20,6 +20,7 @@
 #include "clang/Analysis/FlowSensitive/Value.h"
 #include "llvm/ADT/DenseMap.h"
 #include "llvm/ADT/DenseSet.h"
+#include "llvm/Support/ErrorHandling.h"
 #include <memory>
 #include <utility>
 
@@ -73,10 +74,10 @@ StorageLocation &Environment::createStorageLocation(QualType Type) {
     for (const FieldDecl *Field : Type->getAsRecordDecl()->fields()) {
       FieldLocs.insert({Field, &createStorageLocation(Field->getType())});
     }
-    return DACtx->takeOwnership(
+    return takeOwnership(
         std::make_unique<AggregateStorageLocation>(Type, std::move(FieldLocs)));
   }
-  return DACtx->takeOwnership(std::make_unique<ScalarStorageLocation>(Type));
+  return takeOwnership(std::make_unique<ScalarStorageLocation>(Type));
 }
 
 StorageLocation &Environment::createStorageLocation(const VarDecl &D) {
@@ -90,14 +91,37 @@ StorageLocation &Environment::createStorageLocation(const VarDecl &D) {
   return Loc;
 }
 
+StorageLocation &Environment::createStorageLocation(const Expr &E) {
+  // Evaluated expressions are always assigned the same storage locations to
+  // ensure that the environment stabilizes across loop iterations. Storage
+  // locations for evaluated expressions are stored in the analysis context.
+  if (auto *Loc = DACtx->getStorageLocation(E))
+    return *Loc;
+  auto &Loc = createStorageLocation(E.getType());
+  DACtx->setStorageLocation(E, Loc);
+  return Loc;
+}
+
 void Environment::setStorageLocation(const ValueDecl &D, StorageLocation &Loc) {
   assert(DeclToLoc.find(&D) == DeclToLoc.end());
   DeclToLoc[&D] = &Loc;
 }
 
-StorageLocation *Environment::getStorageLocation(const ValueDecl &D) const {
+StorageLocation *Environment::getStorageLocation(const ValueDecl &D,
+                                                 SkipPast SP) const {
   auto It = DeclToLoc.find(&D);
-  return It == DeclToLoc.end() ? nullptr : It->second;
+  return It == DeclToLoc.end() ? nullptr : &skip(*It->second, SP);
+}
+
+void Environment::setStorageLocation(const Expr &E, StorageLocation &Loc) {
+  assert(ExprToLoc.find(&E) == ExprToLoc.end());
+  ExprToLoc[&E] = &Loc;
+}
+
+StorageLocation *Environment::getStorageLocation(const Expr &E,
+                                                 SkipPast SP) const {
+  auto It = ExprToLoc.find(&E);
+  return It == ExprToLoc.end() ? nullptr : &skip(*It->second, SP);
 }
 
 void Environment::setValue(const StorageLocation &Loc, Value &Value) {
@@ -109,6 +133,20 @@ Value *Environment::getValue(const StorageLocation &Loc) const {
   return It == LocToVal.end() ? nullptr : It->second;
 }
 
+Value *Environment::getValue(const ValueDecl &D, SkipPast SP) const {
+  auto *Loc = getStorageLocation(D, SP);
+  if (Loc == nullptr)
+    return nullptr;
+  return getValue(*Loc);
+}
+
+Value *Environment::getValue(const Expr &E, SkipPast SP) const {
+  auto *Loc = getStorageLocation(E, SP);
+  if (Loc == nullptr)
+    return nullptr;
+  return getValue(*Loc);
+}
+
 Value *Environment::initValueInStorageLocation(const StorageLocation &Loc,
                                                QualType Type) {
   llvm::DenseSet<QualType> Visited;
@@ -121,9 +159,9 @@ Value *Environment::initValueInStorageLocationUnlessSelfReferential(
   assert(!Type.isNull());
 
   if (Type->isIntegerType()) {
-    auto &Value = DACtx->takeOwnership(std::make_unique<IntegerValue>());
-    setValue(Loc, Value);
-    return &Value;
+    auto &Val = takeOwnership(std::make_unique<IntegerValue>());
+    setValue(Loc, Val);
+    return &Val;
   }
 
   if (Type->isReferenceType()) {
@@ -137,10 +175,9 @@ Value *Environment::initValueInStorageLocationUnlessSelfReferential(
       Visited.erase(PointeeType.getCanonicalType());
     }
 
-    auto &Value =
-        DACtx->takeOwnership(std::make_unique<ReferenceValue>(PointeeLoc));
-    setValue(Loc, Value);
-    return &Value;
+    auto &Val = takeOwnership(std::make_unique<ReferenceValue>(PointeeLoc));
+    setValue(Loc, Val);
+    return &Val;
   }
 
   if (Type->isPointerType()) {
@@ -154,10 +191,9 @@ Value *Environment::initValueInStorageLocationUnlessSelfReferential(
       Visited.erase(PointeeType.getCanonicalType());
     }
 
-    auto &Value =
-        DACtx->takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
-    setValue(Loc, Value);
-    return &Value;
+    auto &Val = takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
+    setValue(Loc, Val);
+    return &Val;
   }
 
   if (Type->isStructureOrClassType()) {
@@ -178,14 +214,42 @@ Value *Environment::initValueInStorageLocationUnlessSelfReferential(
       Visited.erase(FieldType.getCanonicalType());
     }
 
-    auto &Value = DACtx->takeOwnership(
-        std::make_unique<StructValue>(std::move(FieldValues)));
-    setValue(Loc, Value);
-    return &Value;
+    auto &Val =
+        takeOwnership(std::make_unique<StructValue>(std::move(FieldValues)));
+    setValue(Loc, Val);
+    return &Val;
   }
 
   return nullptr;
 }
 
+StorageLocation &
+Environment::takeOwnership(std::unique_ptr<StorageLocation> Loc) {
+  return DACtx->takeOwnership(std::move(Loc));
+}
+
+Value &Environment::takeOwnership(std::unique_ptr<Value> Val) {
+  return DACtx->takeOwnership(std::move(Val));
+}
+
+StorageLocation &Environment::skip(StorageLocation &Loc, SkipPast SP) const {
+  switch (SP) {
+  case SkipPast::None:
+    return Loc;
+  case SkipPast::Reference:
+    // References cannot be chained so we only need to skip past one level of
+    // indirection.
+    if (auto *Val = dyn_cast_or_null<ReferenceValue>(getValue(Loc)))
+      return Val->getPointeeLoc();
+    return Loc;
+  }
+  llvm_unreachable("bad SkipPast kind");
+}
+
+const StorageLocation &Environment::skip(const StorageLocation &Loc,
+                                         SkipPast SP) const {
+  return skip(*const_cast<StorageLocation *>(&Loc), SP);
+}
+
 } // namespace dataflow
 } // namespace clang