This revision was automatically updated to reflect the committed changes.
Closed by commit rGb611376e7eb5: [clang][dataflow] Singleton pointer values for
null pointers. (authored by wyt, committed by gribozavr).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D128056/new/
https://reviews.llvm.org/D128056
Files:
clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp
clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
clang/lib/Analysis/FlowSensitive/Transfer.cpp
clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
Index: clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
===================================================================
--- clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -2214,6 +2214,93 @@
});
}
+TEST_F(TransferTest, NullToPointerCast) {
+ std::string Code = R"(
+ struct Baz {};
+ void target() {
+ int *FooX = nullptr;
+ int *FooY = nullptr;
+ bool **Bar = nullptr;
+ Baz *Baz = nullptr;
+ // [[p]]
+ }
+ )";
+ runDataflow(Code,
+ [](llvm::ArrayRef<
+ std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
+ Results,
+ ASTContext &ASTCtx) {
+ ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
+ const Environment &Env = Results[0].second.Env;
+
+ const ValueDecl *FooXDecl = findValueDecl(ASTCtx, "FooX");
+ ASSERT_THAT(FooXDecl, NotNull());
+
+ const ValueDecl *FooYDecl = findValueDecl(ASTCtx, "FooY");
+ ASSERT_THAT(FooYDecl, NotNull());
+
+ const ValueDecl *BarDecl = findValueDecl(ASTCtx, "Bar");
+ ASSERT_THAT(BarDecl, NotNull());
+
+ const ValueDecl *BazDecl = findValueDecl(ASTCtx, "Baz");
+ ASSERT_THAT(BazDecl, NotNull());
+
+ const auto *FooXVal =
+ cast<PointerValue>(Env.getValue(*FooXDecl, SkipPast::None));
+ const auto *FooYVal =
+ cast<PointerValue>(Env.getValue(*FooYDecl, SkipPast::None));
+ const auto *BarVal =
+ cast<PointerValue>(Env.getValue(*BarDecl, SkipPast::None));
+ const auto *BazVal =
+ cast<PointerValue>(Env.getValue(*BazDecl, SkipPast::None));
+
+ EXPECT_EQ(FooXVal, FooYVal);
+ EXPECT_NE(FooXVal, BarVal);
+ EXPECT_NE(FooXVal, BazVal);
+ EXPECT_NE(BarVal, BazVal);
+
+ const StorageLocation &FooPointeeLoc = FooXVal->getPointeeLoc();
+ EXPECT_TRUE(isa<ScalarStorageLocation>(FooPointeeLoc));
+ EXPECT_THAT(Env.getValue(FooPointeeLoc), IsNull());
+
+ const StorageLocation &BarPointeeLoc = BarVal->getPointeeLoc();
+ EXPECT_TRUE(isa<ScalarStorageLocation>(BarPointeeLoc));
+ EXPECT_THAT(Env.getValue(BarPointeeLoc), IsNull());
+
+ const StorageLocation &BazPointeeLoc = BazVal->getPointeeLoc();
+ EXPECT_TRUE(isa<AggregateStorageLocation>(BazPointeeLoc));
+ EXPECT_THAT(Env.getValue(BazPointeeLoc), IsNull());
+ });
+}
+
+TEST_F(TransferTest, NullToMemberPointerCast) {
+ std::string Code = R"(
+ struct Foo {};
+ void target(Foo *Foo) {
+ int Foo::*MemberPointer = nullptr;
+ // [[p]]
+ }
+ )";
+ runDataflow(
+ Code, [](llvm::ArrayRef<
+ std::pair<std::string, DataflowAnalysisState<NoopLattice>>>
+ Results,
+ ASTContext &ASTCtx) {
+ ASSERT_THAT(Results, ElementsAre(Pair("p", _)));
+ const Environment &Env = Results[0].second.Env;
+
+ const ValueDecl *MemberPointerDecl =
+ findValueDecl(ASTCtx, "MemberPointer");
+ ASSERT_THAT(MemberPointerDecl, NotNull());
+
+ const auto *MemberPointerVal = cast<PointerValue>(
+ Env.getValue(*MemberPointerDecl, SkipPast::None));
+
+ const StorageLocation &MemberLoc = MemberPointerVal->getPointeeLoc();
+ EXPECT_THAT(Env.getValue(MemberLoc), IsNull());
+ });
+}
+
TEST_F(TransferTest, AddrOfValue) {
std::string Code = R"(
void target() {
Index: clang/lib/Analysis/FlowSensitive/Transfer.cpp
===================================================================
--- clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -251,6 +251,16 @@
Env.setStorageLocation(*S, *SubExprLoc);
break;
}
+ case CK_NullToPointer:
+ case CK_NullToMemberPointer: {
+ auto &Loc = Env.createStorageLocation(S->getType());
+ Env.setStorageLocation(*S, Loc);
+
+ auto &NullPointerVal =
+ Env.getOrCreateNullPointerValue(S->getType()->getPointeeType());
+ Env.setValue(Loc, NullPointerVal);
+ break;
+ }
default:
break;
}
Index: clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
===================================================================
--- clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
+++ clang/lib/Analysis/FlowSensitive/DataflowEnvironment.cpp
@@ -332,6 +332,10 @@
return DACtx->getThisPointeeStorageLocation();
}
+PointerValue &Environment::getOrCreateNullPointerValue(QualType PointeeType) {
+ return DACtx->getOrCreateNullPointerValue(PointeeType);
+}
+
void Environment::setValue(const StorageLocation &Loc, Value &Val) {
LocToVal[&Loc] = &Val;
Index: clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp
===================================================================
--- clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp
+++ clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp
@@ -55,6 +55,19 @@
return Loc;
}
+PointerValue &
+DataflowAnalysisContext::getOrCreateNullPointerValue(QualType PointeeType) {
+ assert(!PointeeType.isNull());
+ auto CanonicalPointeeType = PointeeType.getCanonicalType();
+ auto Res = NullPointerVals.try_emplace(CanonicalPointeeType, nullptr);
+ if (Res.second) {
+ auto &PointeeLoc = getStableStorageLocation(CanonicalPointeeType);
+ Res.first->second =
+ &takeOwnership(std::make_unique<PointerValue>(PointeeLoc));
+ }
+ return *Res.first->second;
+}
+
static std::pair<BoolValue *, BoolValue *>
makeCanonicalBoolValuePair(BoolValue &LHS, BoolValue &RHS) {
auto Res = std::make_pair(&LHS, &RHS);
Index: clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
===================================================================
--- clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
+++ clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
@@ -203,6 +203,10 @@
/// in the environment.
StorageLocation *getThisPointeeStorageLocation() const;
+ /// Returns a pointer value that represents a null pointer. Calls with
+ /// `PointeeType` that are canonically equivalent will return the same result.
+ PointerValue &getOrCreateNullPointerValue(QualType PointeeType);
+
/// Creates a value appropriate for `Type`, if `Type` is supported, otherwise
/// return null. If `Type` is a pointer or reference type, creates all the
/// necessary storage locations and values for indirections until it finds a
Index: clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
===================================================================
--- clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
+++ clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
@@ -17,6 +17,7 @@
#include "clang/AST/Decl.h"
#include "clang/AST/Expr.h"
+#include "clang/AST/TypeOrdering.h"
#include "clang/Analysis/FlowSensitive/Solver.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "clang/Analysis/FlowSensitive/Value.h"
@@ -152,6 +153,10 @@
return ThisPointeeLoc;
}
+ /// Returns a pointer value that represents a null pointer. Calls with
+ /// `PointeeType` that are canonically equivalent will return the same result.
+ PointerValue &getOrCreateNullPointerValue(QualType PointeeType);
+
/// Returns a symbolic boolean value that models a boolean literal equal to
/// `Value`.
AtomicBoolValue &getBoolLiteralValue(bool Value) const {
@@ -300,6 +305,14 @@
StorageLocation *ThisPointeeLoc = nullptr;
+ // Null pointer values, keyed by the canonical pointee type.
+ //
+ // FIXME: The pointer values are indexed by the pointee types which are
+ // required to initialize the `PointeeLoc` field in `PointerValue`. Consider
+ // creating a type-independent `NullPointerValue` without a `PointeeLoc`
+ // field.
+ llvm::DenseMap<QualType, PointerValue *> NullPointerVals;
+
AtomicBoolValue &TrueVal;
AtomicBoolValue &FalseVal;
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
