1 //===- ThreadSafetyCommon.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Implementation of the interfaces declared in ThreadSafetyCommon.h 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/Analysis/Analyses/ThreadSafetyCommon.h" 14 #include "clang/AST/Attr.h" 15 #include "clang/AST/Decl.h" 16 #include "clang/AST/DeclCXX.h" 17 #include "clang/AST/DeclGroup.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/Expr.h" 20 #include "clang/AST/ExprCXX.h" 21 #include "clang/AST/OperationKinds.h" 22 #include "clang/AST/Stmt.h" 23 #include "clang/AST/Type.h" 24 #include "clang/Analysis/Analyses/ThreadSafetyTIL.h" 25 #include "clang/Analysis/CFG.h" 26 #include "clang/Basic/LLVM.h" 27 #include "clang/Basic/OperatorKinds.h" 28 #include "clang/Basic/Specifiers.h" 29 #include "llvm/ADT/StringExtras.h" 30 #include "llvm/ADT/StringRef.h" 31 #include "llvm/Support/Casting.h" 32 #include <algorithm> 33 #include <cassert> 34 #include <string> 35 #include <utility> 36 37 using namespace clang; 38 using namespace threadSafety; 39 40 // From ThreadSafetyUtil.h 41 std::string threadSafety::getSourceLiteralString(const Expr *CE) { 42 switch (CE->getStmtClass()) { 43 case Stmt::IntegerLiteralClass: 44 return toString(cast<IntegerLiteral>(CE)->getValue(), 10, true); 45 case Stmt::StringLiteralClass: { 46 std::string ret("\""); 47 ret += cast<StringLiteral>(CE)->getString(); 48 ret += "\""; 49 return ret; 50 } 51 case Stmt::CharacterLiteralClass: 52 case Stmt::CXXNullPtrLiteralExprClass: 53 case Stmt::GNUNullExprClass: 54 case Stmt::CXXBoolLiteralExprClass: 55 case Stmt::FloatingLiteralClass: 56 case Stmt::ImaginaryLiteralClass: 57 case Stmt::ObjCStringLiteralClass: 58 default: 59 return "#lit"; 60 } 61 } 62 63 // Return true if E is a variable that points to an incomplete Phi node. 64 static bool isIncompletePhi(const til::SExpr *E) { 65 if (const auto *Ph = dyn_cast<til::Phi>(E)) 66 return Ph->status() == til::Phi::PH_Incomplete; 67 return false; 68 } 69 70 using CallingContext = SExprBuilder::CallingContext; 71 72 til::SExpr *SExprBuilder::lookupStmt(const Stmt *S) { return SMap.lookup(S); } 73 74 til::SCFG *SExprBuilder::buildCFG(CFGWalker &Walker) { 75 Walker.walk(*this); 76 return Scfg; 77 } 78 79 static bool isCalleeArrow(const Expr *E) { 80 const auto *ME = dyn_cast<MemberExpr>(E->IgnoreParenCasts()); 81 return ME ? ME->isArrow() : false; 82 } 83 84 static StringRef ClassifyDiagnostic(const CapabilityAttr *A) { 85 return A->getName(); 86 } 87 88 static StringRef ClassifyDiagnostic(QualType VDT) { 89 // We need to look at the declaration of the type of the value to determine 90 // which it is. The type should either be a record or a typedef, or a pointer 91 // or reference thereof. 92 if (const auto *RT = VDT->getAs<RecordType>()) { 93 if (const auto *RD = RT->getDecl()) 94 if (const auto *CA = RD->getAttr<CapabilityAttr>()) 95 return ClassifyDiagnostic(CA); 96 } else if (const auto *TT = VDT->getAs<TypedefType>()) { 97 if (const auto *TD = TT->getDecl()) 98 if (const auto *CA = TD->getAttr<CapabilityAttr>()) 99 return ClassifyDiagnostic(CA); 100 } else if (VDT->isPointerType() || VDT->isReferenceType()) 101 return ClassifyDiagnostic(VDT->getPointeeType()); 102 103 return "mutex"; 104 } 105 106 /// Translate a clang expression in an attribute to a til::SExpr. 107 /// Constructs the context from D, DeclExp, and SelfDecl. 108 /// 109 /// \param AttrExp The expression to translate. 110 /// \param D The declaration to which the attribute is attached. 111 /// \param DeclExp An expression involving the Decl to which the attribute 112 /// is attached. E.g. the call to a function. 113 /// \param Self S-expression to substitute for a \ref CXXThisExpr in a call, 114 /// or argument to a cleanup function. 115 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp, 116 const NamedDecl *D, 117 const Expr *DeclExp, 118 til::SExpr *Self) { 119 // If we are processing a raw attribute expression, with no substitutions. 120 if (!DeclExp && !Self) 121 return translateAttrExpr(AttrExp, nullptr); 122 123 CallingContext Ctx(nullptr, D); 124 125 // Examine DeclExp to find SelfArg and FunArgs, which are used to substitute 126 // for formal parameters when we call buildMutexID later. 127 if (!DeclExp) 128 /* We'll use Self. */; 129 else if (const auto *ME = dyn_cast<MemberExpr>(DeclExp)) { 130 Ctx.SelfArg = ME->getBase(); 131 Ctx.SelfArrow = ME->isArrow(); 132 } else if (const auto *CE = dyn_cast<CXXMemberCallExpr>(DeclExp)) { 133 Ctx.SelfArg = CE->getImplicitObjectArgument(); 134 Ctx.SelfArrow = isCalleeArrow(CE->getCallee()); 135 Ctx.NumArgs = CE->getNumArgs(); 136 Ctx.FunArgs = CE->getArgs(); 137 } else if (const auto *CE = dyn_cast<CallExpr>(DeclExp)) { 138 Ctx.NumArgs = CE->getNumArgs(); 139 Ctx.FunArgs = CE->getArgs(); 140 } else if (const auto *CE = dyn_cast<CXXConstructExpr>(DeclExp)) { 141 Ctx.SelfArg = nullptr; // Will be set below 142 Ctx.NumArgs = CE->getNumArgs(); 143 Ctx.FunArgs = CE->getArgs(); 144 } 145 146 if (Self) { 147 assert(!Ctx.SelfArg && "Ambiguous self argument"); 148 assert(isa<FunctionDecl>(D) && "Self argument requires function"); 149 if (isa<CXXMethodDecl>(D)) 150 Ctx.SelfArg = Self; 151 else 152 Ctx.FunArgs = Self; 153 154 // If the attribute has no arguments, then assume the argument is "this". 155 if (!AttrExp) 156 return CapabilityExpr( 157 Self, 158 ClassifyDiagnostic( 159 cast<CXXMethodDecl>(D)->getFunctionObjectParameterType()), 160 false); 161 else // For most attributes. 162 return translateAttrExpr(AttrExp, &Ctx); 163 } 164 165 // If the attribute has no arguments, then assume the argument is "this". 166 if (!AttrExp) 167 return translateAttrExpr(cast<const Expr *>(Ctx.SelfArg), nullptr); 168 else // For most attributes. 169 return translateAttrExpr(AttrExp, &Ctx); 170 } 171 172 /// Translate a clang expression in an attribute to a til::SExpr. 173 // This assumes a CallingContext has already been created. 174 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp, 175 CallingContext *Ctx) { 176 if (!AttrExp) 177 return CapabilityExpr(); 178 179 if (const auto* SLit = dyn_cast<StringLiteral>(AttrExp)) { 180 if (SLit->getString() == StringRef("*")) 181 // The "*" expr is a universal lock, which essentially turns off 182 // checks until it is removed from the lockset. 183 return CapabilityExpr(new (Arena) til::Wildcard(), StringRef("wildcard"), 184 false); 185 else 186 // Ignore other string literals for now. 187 return CapabilityExpr(); 188 } 189 190 bool Neg = false; 191 if (const auto *OE = dyn_cast<CXXOperatorCallExpr>(AttrExp)) { 192 if (OE->getOperator() == OO_Exclaim) { 193 Neg = true; 194 AttrExp = OE->getArg(0); 195 } 196 } 197 else if (const auto *UO = dyn_cast<UnaryOperator>(AttrExp)) { 198 if (UO->getOpcode() == UO_LNot) { 199 Neg = true; 200 AttrExp = UO->getSubExpr(); 201 } 202 } 203 204 til::SExpr *E = translate(AttrExp, Ctx); 205 206 // Trap mutex expressions like nullptr, or 0. 207 // Any literal value is nonsense. 208 if (!E || isa<til::Literal>(E)) 209 return CapabilityExpr(); 210 211 StringRef Kind = ClassifyDiagnostic(AttrExp->getType()); 212 213 // Hack to deal with smart pointers -- strip off top-level pointer casts. 214 if (const auto *CE = dyn_cast<til::Cast>(E)) { 215 if (CE->castOpcode() == til::CAST_objToPtr) 216 return CapabilityExpr(CE->expr(), Kind, Neg); 217 } 218 return CapabilityExpr(E, Kind, Neg); 219 } 220 221 til::LiteralPtr *SExprBuilder::createVariable(const VarDecl *VD) { 222 return new (Arena) til::LiteralPtr(VD); 223 } 224 225 std::pair<til::LiteralPtr *, StringRef> 226 SExprBuilder::createThisPlaceholder(const Expr *Exp) { 227 return {new (Arena) til::LiteralPtr(nullptr), 228 ClassifyDiagnostic(Exp->getType())}; 229 } 230 231 // Translate a clang statement or expression to a TIL expression. 232 // Also performs substitution of variables; Ctx provides the context. 233 // Dispatches on the type of S. 234 til::SExpr *SExprBuilder::translate(const Stmt *S, CallingContext *Ctx) { 235 if (!S) 236 return nullptr; 237 238 // Check if S has already been translated and cached. 239 // This handles the lookup of SSA names for DeclRefExprs here. 240 if (til::SExpr *E = lookupStmt(S)) 241 return E; 242 243 switch (S->getStmtClass()) { 244 case Stmt::DeclRefExprClass: 245 return translateDeclRefExpr(cast<DeclRefExpr>(S), Ctx); 246 case Stmt::CXXThisExprClass: 247 return translateCXXThisExpr(cast<CXXThisExpr>(S), Ctx); 248 case Stmt::MemberExprClass: 249 return translateMemberExpr(cast<MemberExpr>(S), Ctx); 250 case Stmt::ObjCIvarRefExprClass: 251 return translateObjCIVarRefExpr(cast<ObjCIvarRefExpr>(S), Ctx); 252 case Stmt::CallExprClass: 253 return translateCallExpr(cast<CallExpr>(S), Ctx); 254 case Stmt::CXXMemberCallExprClass: 255 return translateCXXMemberCallExpr(cast<CXXMemberCallExpr>(S), Ctx); 256 case Stmt::CXXOperatorCallExprClass: 257 return translateCXXOperatorCallExpr(cast<CXXOperatorCallExpr>(S), Ctx); 258 case Stmt::UnaryOperatorClass: 259 return translateUnaryOperator(cast<UnaryOperator>(S), Ctx); 260 case Stmt::BinaryOperatorClass: 261 case Stmt::CompoundAssignOperatorClass: 262 return translateBinaryOperator(cast<BinaryOperator>(S), Ctx); 263 264 case Stmt::ArraySubscriptExprClass: 265 return translateArraySubscriptExpr(cast<ArraySubscriptExpr>(S), Ctx); 266 case Stmt::ConditionalOperatorClass: 267 return translateAbstractConditionalOperator( 268 cast<ConditionalOperator>(S), Ctx); 269 case Stmt::BinaryConditionalOperatorClass: 270 return translateAbstractConditionalOperator( 271 cast<BinaryConditionalOperator>(S), Ctx); 272 273 // We treat these as no-ops 274 case Stmt::ConstantExprClass: 275 return translate(cast<ConstantExpr>(S)->getSubExpr(), Ctx); 276 case Stmt::ParenExprClass: 277 return translate(cast<ParenExpr>(S)->getSubExpr(), Ctx); 278 case Stmt::ExprWithCleanupsClass: 279 return translate(cast<ExprWithCleanups>(S)->getSubExpr(), Ctx); 280 case Stmt::CXXBindTemporaryExprClass: 281 return translate(cast<CXXBindTemporaryExpr>(S)->getSubExpr(), Ctx); 282 case Stmt::MaterializeTemporaryExprClass: 283 return translate(cast<MaterializeTemporaryExpr>(S)->getSubExpr(), Ctx); 284 285 // Collect all literals 286 case Stmt::CharacterLiteralClass: 287 case Stmt::CXXNullPtrLiteralExprClass: 288 case Stmt::GNUNullExprClass: 289 case Stmt::CXXBoolLiteralExprClass: 290 case Stmt::FloatingLiteralClass: 291 case Stmt::ImaginaryLiteralClass: 292 case Stmt::IntegerLiteralClass: 293 case Stmt::StringLiteralClass: 294 case Stmt::ObjCStringLiteralClass: 295 return new (Arena) til::Literal(cast<Expr>(S)); 296 297 case Stmt::DeclStmtClass: 298 return translateDeclStmt(cast<DeclStmt>(S), Ctx); 299 default: 300 break; 301 } 302 if (const auto *CE = dyn_cast<CastExpr>(S)) 303 return translateCastExpr(CE, Ctx); 304 305 return new (Arena) til::Undefined(S); 306 } 307 308 til::SExpr *SExprBuilder::translateDeclRefExpr(const DeclRefExpr *DRE, 309 CallingContext *Ctx) { 310 const auto *VD = cast<ValueDecl>(DRE->getDecl()->getCanonicalDecl()); 311 312 // Function parameters require substitution and/or renaming. 313 if (const auto *PV = dyn_cast<ParmVarDecl>(VD)) { 314 unsigned I = PV->getFunctionScopeIndex(); 315 const DeclContext *D = PV->getDeclContext(); 316 if (Ctx && Ctx->FunArgs) { 317 const Decl *Canonical = Ctx->AttrDecl->getCanonicalDecl(); 318 if (isa<FunctionDecl>(D) 319 ? (cast<FunctionDecl>(D)->getCanonicalDecl() == Canonical) 320 : (cast<ObjCMethodDecl>(D)->getCanonicalDecl() == Canonical)) { 321 // Substitute call arguments for references to function parameters 322 if (const Expr *const *FunArgs = 323 Ctx->FunArgs.dyn_cast<const Expr *const *>()) { 324 assert(I < Ctx->NumArgs); 325 return translate(FunArgs[I], Ctx->Prev); 326 } 327 328 assert(I == 0); 329 return Ctx->FunArgs.get<til::SExpr *>(); 330 } 331 } 332 // Map the param back to the param of the original function declaration 333 // for consistent comparisons. 334 VD = isa<FunctionDecl>(D) 335 ? cast<FunctionDecl>(D)->getCanonicalDecl()->getParamDecl(I) 336 : cast<ObjCMethodDecl>(D)->getCanonicalDecl()->getParamDecl(I); 337 } 338 339 // For non-local variables, treat it as a reference to a named object. 340 return new (Arena) til::LiteralPtr(VD); 341 } 342 343 til::SExpr *SExprBuilder::translateCXXThisExpr(const CXXThisExpr *TE, 344 CallingContext *Ctx) { 345 // Substitute for 'this' 346 if (Ctx && Ctx->SelfArg) { 347 if (const auto *SelfArg = dyn_cast<const Expr *>(Ctx->SelfArg)) 348 return translate(SelfArg, Ctx->Prev); 349 else 350 return cast<til::SExpr *>(Ctx->SelfArg); 351 } 352 assert(SelfVar && "We have no variable for 'this'!"); 353 return SelfVar; 354 } 355 356 static const ValueDecl *getValueDeclFromSExpr(const til::SExpr *E) { 357 if (const auto *V = dyn_cast<til::Variable>(E)) 358 return V->clangDecl(); 359 if (const auto *Ph = dyn_cast<til::Phi>(E)) 360 return Ph->clangDecl(); 361 if (const auto *P = dyn_cast<til::Project>(E)) 362 return P->clangDecl(); 363 if (const auto *L = dyn_cast<til::LiteralPtr>(E)) 364 return L->clangDecl(); 365 return nullptr; 366 } 367 368 static bool hasAnyPointerType(const til::SExpr *E) { 369 auto *VD = getValueDeclFromSExpr(E); 370 if (VD && VD->getType()->isAnyPointerType()) 371 return true; 372 if (const auto *C = dyn_cast<til::Cast>(E)) 373 return C->castOpcode() == til::CAST_objToPtr; 374 375 return false; 376 } 377 378 // Grab the very first declaration of virtual method D 379 static const CXXMethodDecl *getFirstVirtualDecl(const CXXMethodDecl *D) { 380 while (true) { 381 D = D->getCanonicalDecl(); 382 auto OverriddenMethods = D->overridden_methods(); 383 if (OverriddenMethods.begin() == OverriddenMethods.end()) 384 return D; // Method does not override anything 385 // FIXME: this does not work with multiple inheritance. 386 D = *OverriddenMethods.begin(); 387 } 388 return nullptr; 389 } 390 391 til::SExpr *SExprBuilder::translateMemberExpr(const MemberExpr *ME, 392 CallingContext *Ctx) { 393 til::SExpr *BE = translate(ME->getBase(), Ctx); 394 til::SExpr *E = new (Arena) til::SApply(BE); 395 396 const auto *D = cast<ValueDecl>(ME->getMemberDecl()->getCanonicalDecl()); 397 if (const auto *VD = dyn_cast<CXXMethodDecl>(D)) 398 D = getFirstVirtualDecl(VD); 399 400 til::Project *P = new (Arena) til::Project(E, D); 401 if (hasAnyPointerType(BE)) 402 P->setArrow(true); 403 return P; 404 } 405 406 til::SExpr *SExprBuilder::translateObjCIVarRefExpr(const ObjCIvarRefExpr *IVRE, 407 CallingContext *Ctx) { 408 til::SExpr *BE = translate(IVRE->getBase(), Ctx); 409 til::SExpr *E = new (Arena) til::SApply(BE); 410 411 const auto *D = cast<ObjCIvarDecl>(IVRE->getDecl()->getCanonicalDecl()); 412 413 til::Project *P = new (Arena) til::Project(E, D); 414 if (hasAnyPointerType(BE)) 415 P->setArrow(true); 416 return P; 417 } 418 419 til::SExpr *SExprBuilder::translateCallExpr(const CallExpr *CE, 420 CallingContext *Ctx, 421 const Expr *SelfE) { 422 if (CapabilityExprMode) { 423 // Handle LOCK_RETURNED 424 if (const FunctionDecl *FD = CE->getDirectCallee()) { 425 FD = FD->getMostRecentDecl(); 426 if (LockReturnedAttr *At = FD->getAttr<LockReturnedAttr>()) { 427 CallingContext LRCallCtx(Ctx); 428 LRCallCtx.AttrDecl = CE->getDirectCallee(); 429 LRCallCtx.SelfArg = SelfE; 430 LRCallCtx.NumArgs = CE->getNumArgs(); 431 LRCallCtx.FunArgs = CE->getArgs(); 432 return const_cast<til::SExpr *>( 433 translateAttrExpr(At->getArg(), &LRCallCtx).sexpr()); 434 } 435 } 436 } 437 438 til::SExpr *E = translate(CE->getCallee(), Ctx); 439 for (const auto *Arg : CE->arguments()) { 440 til::SExpr *A = translate(Arg, Ctx); 441 E = new (Arena) til::Apply(E, A); 442 } 443 return new (Arena) til::Call(E, CE); 444 } 445 446 til::SExpr *SExprBuilder::translateCXXMemberCallExpr( 447 const CXXMemberCallExpr *ME, CallingContext *Ctx) { 448 if (CapabilityExprMode) { 449 // Ignore calls to get() on smart pointers. 450 if (ME->getMethodDecl()->getNameAsString() == "get" && 451 ME->getNumArgs() == 0) { 452 auto *E = translate(ME->getImplicitObjectArgument(), Ctx); 453 return new (Arena) til::Cast(til::CAST_objToPtr, E); 454 // return E; 455 } 456 } 457 return translateCallExpr(cast<CallExpr>(ME), Ctx, 458 ME->getImplicitObjectArgument()); 459 } 460 461 til::SExpr *SExprBuilder::translateCXXOperatorCallExpr( 462 const CXXOperatorCallExpr *OCE, CallingContext *Ctx) { 463 if (CapabilityExprMode) { 464 // Ignore operator * and operator -> on smart pointers. 465 OverloadedOperatorKind k = OCE->getOperator(); 466 if (k == OO_Star || k == OO_Arrow) { 467 auto *E = translate(OCE->getArg(0), Ctx); 468 return new (Arena) til::Cast(til::CAST_objToPtr, E); 469 // return E; 470 } 471 } 472 return translateCallExpr(cast<CallExpr>(OCE), Ctx); 473 } 474 475 til::SExpr *SExprBuilder::translateUnaryOperator(const UnaryOperator *UO, 476 CallingContext *Ctx) { 477 switch (UO->getOpcode()) { 478 case UO_PostInc: 479 case UO_PostDec: 480 case UO_PreInc: 481 case UO_PreDec: 482 return new (Arena) til::Undefined(UO); 483 484 case UO_AddrOf: 485 if (CapabilityExprMode) { 486 // interpret &Graph::mu_ as an existential. 487 if (const auto *DRE = dyn_cast<DeclRefExpr>(UO->getSubExpr())) { 488 if (DRE->getDecl()->isCXXInstanceMember()) { 489 // This is a pointer-to-member expression, e.g. &MyClass::mu_. 490 // We interpret this syntax specially, as a wildcard. 491 auto *W = new (Arena) til::Wildcard(); 492 return new (Arena) til::Project(W, DRE->getDecl()); 493 } 494 } 495 } 496 // otherwise, & is a no-op 497 return translate(UO->getSubExpr(), Ctx); 498 499 // We treat these as no-ops 500 case UO_Deref: 501 case UO_Plus: 502 return translate(UO->getSubExpr(), Ctx); 503 504 case UO_Minus: 505 return new (Arena) 506 til::UnaryOp(til::UOP_Minus, translate(UO->getSubExpr(), Ctx)); 507 case UO_Not: 508 return new (Arena) 509 til::UnaryOp(til::UOP_BitNot, translate(UO->getSubExpr(), Ctx)); 510 case UO_LNot: 511 return new (Arena) 512 til::UnaryOp(til::UOP_LogicNot, translate(UO->getSubExpr(), Ctx)); 513 514 // Currently unsupported 515 case UO_Real: 516 case UO_Imag: 517 case UO_Extension: 518 case UO_Coawait: 519 return new (Arena) til::Undefined(UO); 520 } 521 return new (Arena) til::Undefined(UO); 522 } 523 524 til::SExpr *SExprBuilder::translateBinOp(til::TIL_BinaryOpcode Op, 525 const BinaryOperator *BO, 526 CallingContext *Ctx, bool Reverse) { 527 til::SExpr *E0 = translate(BO->getLHS(), Ctx); 528 til::SExpr *E1 = translate(BO->getRHS(), Ctx); 529 if (Reverse) 530 return new (Arena) til::BinaryOp(Op, E1, E0); 531 else 532 return new (Arena) til::BinaryOp(Op, E0, E1); 533 } 534 535 til::SExpr *SExprBuilder::translateBinAssign(til::TIL_BinaryOpcode Op, 536 const BinaryOperator *BO, 537 CallingContext *Ctx, 538 bool Assign) { 539 const Expr *LHS = BO->getLHS(); 540 const Expr *RHS = BO->getRHS(); 541 til::SExpr *E0 = translate(LHS, Ctx); 542 til::SExpr *E1 = translate(RHS, Ctx); 543 544 const ValueDecl *VD = nullptr; 545 til::SExpr *CV = nullptr; 546 if (const auto *DRE = dyn_cast<DeclRefExpr>(LHS)) { 547 VD = DRE->getDecl(); 548 CV = lookupVarDecl(VD); 549 } 550 551 if (!Assign) { 552 til::SExpr *Arg = CV ? CV : new (Arena) til::Load(E0); 553 E1 = new (Arena) til::BinaryOp(Op, Arg, E1); 554 E1 = addStatement(E1, nullptr, VD); 555 } 556 if (VD && CV) 557 return updateVarDecl(VD, E1); 558 return new (Arena) til::Store(E0, E1); 559 } 560 561 til::SExpr *SExprBuilder::translateBinaryOperator(const BinaryOperator *BO, 562 CallingContext *Ctx) { 563 switch (BO->getOpcode()) { 564 case BO_PtrMemD: 565 case BO_PtrMemI: 566 return new (Arena) til::Undefined(BO); 567 568 case BO_Mul: return translateBinOp(til::BOP_Mul, BO, Ctx); 569 case BO_Div: return translateBinOp(til::BOP_Div, BO, Ctx); 570 case BO_Rem: return translateBinOp(til::BOP_Rem, BO, Ctx); 571 case BO_Add: return translateBinOp(til::BOP_Add, BO, Ctx); 572 case BO_Sub: return translateBinOp(til::BOP_Sub, BO, Ctx); 573 case BO_Shl: return translateBinOp(til::BOP_Shl, BO, Ctx); 574 case BO_Shr: return translateBinOp(til::BOP_Shr, BO, Ctx); 575 case BO_LT: return translateBinOp(til::BOP_Lt, BO, Ctx); 576 case BO_GT: return translateBinOp(til::BOP_Lt, BO, Ctx, true); 577 case BO_LE: return translateBinOp(til::BOP_Leq, BO, Ctx); 578 case BO_GE: return translateBinOp(til::BOP_Leq, BO, Ctx, true); 579 case BO_EQ: return translateBinOp(til::BOP_Eq, BO, Ctx); 580 case BO_NE: return translateBinOp(til::BOP_Neq, BO, Ctx); 581 case BO_Cmp: return translateBinOp(til::BOP_Cmp, BO, Ctx); 582 case BO_And: return translateBinOp(til::BOP_BitAnd, BO, Ctx); 583 case BO_Xor: return translateBinOp(til::BOP_BitXor, BO, Ctx); 584 case BO_Or: return translateBinOp(til::BOP_BitOr, BO, Ctx); 585 case BO_LAnd: return translateBinOp(til::BOP_LogicAnd, BO, Ctx); 586 case BO_LOr: return translateBinOp(til::BOP_LogicOr, BO, Ctx); 587 588 case BO_Assign: return translateBinAssign(til::BOP_Eq, BO, Ctx, true); 589 case BO_MulAssign: return translateBinAssign(til::BOP_Mul, BO, Ctx); 590 case BO_DivAssign: return translateBinAssign(til::BOP_Div, BO, Ctx); 591 case BO_RemAssign: return translateBinAssign(til::BOP_Rem, BO, Ctx); 592 case BO_AddAssign: return translateBinAssign(til::BOP_Add, BO, Ctx); 593 case BO_SubAssign: return translateBinAssign(til::BOP_Sub, BO, Ctx); 594 case BO_ShlAssign: return translateBinAssign(til::BOP_Shl, BO, Ctx); 595 case BO_ShrAssign: return translateBinAssign(til::BOP_Shr, BO, Ctx); 596 case BO_AndAssign: return translateBinAssign(til::BOP_BitAnd, BO, Ctx); 597 case BO_XorAssign: return translateBinAssign(til::BOP_BitXor, BO, Ctx); 598 case BO_OrAssign: return translateBinAssign(til::BOP_BitOr, BO, Ctx); 599 600 case BO_Comma: 601 // The clang CFG should have already processed both sides. 602 return translate(BO->getRHS(), Ctx); 603 } 604 return new (Arena) til::Undefined(BO); 605 } 606 607 til::SExpr *SExprBuilder::translateCastExpr(const CastExpr *CE, 608 CallingContext *Ctx) { 609 CastKind K = CE->getCastKind(); 610 switch (K) { 611 case CK_LValueToRValue: { 612 if (const auto *DRE = dyn_cast<DeclRefExpr>(CE->getSubExpr())) { 613 til::SExpr *E0 = lookupVarDecl(DRE->getDecl()); 614 if (E0) 615 return E0; 616 } 617 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx); 618 return E0; 619 // FIXME!! -- get Load working properly 620 // return new (Arena) til::Load(E0); 621 } 622 case CK_NoOp: 623 case CK_DerivedToBase: 624 case CK_UncheckedDerivedToBase: 625 case CK_ArrayToPointerDecay: 626 case CK_FunctionToPointerDecay: { 627 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx); 628 return E0; 629 } 630 default: { 631 // FIXME: handle different kinds of casts. 632 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx); 633 if (CapabilityExprMode) 634 return E0; 635 return new (Arena) til::Cast(til::CAST_none, E0); 636 } 637 } 638 } 639 640 til::SExpr * 641 SExprBuilder::translateArraySubscriptExpr(const ArraySubscriptExpr *E, 642 CallingContext *Ctx) { 643 til::SExpr *E0 = translate(E->getBase(), Ctx); 644 til::SExpr *E1 = translate(E->getIdx(), Ctx); 645 return new (Arena) til::ArrayIndex(E0, E1); 646 } 647 648 til::SExpr * 649 SExprBuilder::translateAbstractConditionalOperator( 650 const AbstractConditionalOperator *CO, CallingContext *Ctx) { 651 auto *C = translate(CO->getCond(), Ctx); 652 auto *T = translate(CO->getTrueExpr(), Ctx); 653 auto *E = translate(CO->getFalseExpr(), Ctx); 654 return new (Arena) til::IfThenElse(C, T, E); 655 } 656 657 til::SExpr * 658 SExprBuilder::translateDeclStmt(const DeclStmt *S, CallingContext *Ctx) { 659 DeclGroupRef DGrp = S->getDeclGroup(); 660 for (auto *I : DGrp) { 661 if (auto *VD = dyn_cast_or_null<VarDecl>(I)) { 662 Expr *E = VD->getInit(); 663 til::SExpr* SE = translate(E, Ctx); 664 665 // Add local variables with trivial type to the variable map 666 QualType T = VD->getType(); 667 if (T.isTrivialType(VD->getASTContext())) 668 return addVarDecl(VD, SE); 669 else { 670 // TODO: add alloca 671 } 672 } 673 } 674 return nullptr; 675 } 676 677 // If (E) is non-trivial, then add it to the current basic block, and 678 // update the statement map so that S refers to E. Returns a new variable 679 // that refers to E. 680 // If E is trivial returns E. 681 til::SExpr *SExprBuilder::addStatement(til::SExpr* E, const Stmt *S, 682 const ValueDecl *VD) { 683 if (!E || !CurrentBB || E->block() || til::ThreadSafetyTIL::isTrivial(E)) 684 return E; 685 if (VD) 686 E = new (Arena) til::Variable(E, VD); 687 CurrentInstructions.push_back(E); 688 if (S) 689 insertStmt(S, E); 690 return E; 691 } 692 693 // Returns the current value of VD, if known, and nullptr otherwise. 694 til::SExpr *SExprBuilder::lookupVarDecl(const ValueDecl *VD) { 695 auto It = LVarIdxMap.find(VD); 696 if (It != LVarIdxMap.end()) { 697 assert(CurrentLVarMap[It->second].first == VD); 698 return CurrentLVarMap[It->second].second; 699 } 700 return nullptr; 701 } 702 703 // if E is a til::Variable, update its clangDecl. 704 static void maybeUpdateVD(til::SExpr *E, const ValueDecl *VD) { 705 if (!E) 706 return; 707 if (auto *V = dyn_cast<til::Variable>(E)) { 708 if (!V->clangDecl()) 709 V->setClangDecl(VD); 710 } 711 } 712 713 // Adds a new variable declaration. 714 til::SExpr *SExprBuilder::addVarDecl(const ValueDecl *VD, til::SExpr *E) { 715 maybeUpdateVD(E, VD); 716 LVarIdxMap.insert(std::make_pair(VD, CurrentLVarMap.size())); 717 CurrentLVarMap.makeWritable(); 718 CurrentLVarMap.push_back(std::make_pair(VD, E)); 719 return E; 720 } 721 722 // Updates a current variable declaration. (E.g. by assignment) 723 til::SExpr *SExprBuilder::updateVarDecl(const ValueDecl *VD, til::SExpr *E) { 724 maybeUpdateVD(E, VD); 725 auto It = LVarIdxMap.find(VD); 726 if (It == LVarIdxMap.end()) { 727 til::SExpr *Ptr = new (Arena) til::LiteralPtr(VD); 728 til::SExpr *St = new (Arena) til::Store(Ptr, E); 729 return St; 730 } 731 CurrentLVarMap.makeWritable(); 732 CurrentLVarMap.elem(It->second).second = E; 733 return E; 734 } 735 736 // Make a Phi node in the current block for the i^th variable in CurrentVarMap. 737 // If E != null, sets Phi[CurrentBlockInfo->ArgIndex] = E. 738 // If E == null, this is a backedge and will be set later. 739 void SExprBuilder::makePhiNodeVar(unsigned i, unsigned NPreds, til::SExpr *E) { 740 unsigned ArgIndex = CurrentBlockInfo->ProcessedPredecessors; 741 assert(ArgIndex > 0 && ArgIndex < NPreds); 742 743 til::SExpr *CurrE = CurrentLVarMap[i].second; 744 if (CurrE->block() == CurrentBB) { 745 // We already have a Phi node in the current block, 746 // so just add the new variable to the Phi node. 747 auto *Ph = dyn_cast<til::Phi>(CurrE); 748 assert(Ph && "Expecting Phi node."); 749 if (E) 750 Ph->values()[ArgIndex] = E; 751 return; 752 } 753 754 // Make a new phi node: phi(..., E) 755 // All phi args up to the current index are set to the current value. 756 til::Phi *Ph = new (Arena) til::Phi(Arena, NPreds); 757 Ph->values().setValues(NPreds, nullptr); 758 for (unsigned PIdx = 0; PIdx < ArgIndex; ++PIdx) 759 Ph->values()[PIdx] = CurrE; 760 if (E) 761 Ph->values()[ArgIndex] = E; 762 Ph->setClangDecl(CurrentLVarMap[i].first); 763 // If E is from a back-edge, or either E or CurrE are incomplete, then 764 // mark this node as incomplete; we may need to remove it later. 765 if (!E || isIncompletePhi(E) || isIncompletePhi(CurrE)) 766 Ph->setStatus(til::Phi::PH_Incomplete); 767 768 // Add Phi node to current block, and update CurrentLVarMap[i] 769 CurrentArguments.push_back(Ph); 770 if (Ph->status() == til::Phi::PH_Incomplete) 771 IncompleteArgs.push_back(Ph); 772 773 CurrentLVarMap.makeWritable(); 774 CurrentLVarMap.elem(i).second = Ph; 775 } 776 777 // Merge values from Map into the current variable map. 778 // This will construct Phi nodes in the current basic block as necessary. 779 void SExprBuilder::mergeEntryMap(LVarDefinitionMap Map) { 780 assert(CurrentBlockInfo && "Not processing a block!"); 781 782 if (!CurrentLVarMap.valid()) { 783 // Steal Map, using copy-on-write. 784 CurrentLVarMap = std::move(Map); 785 return; 786 } 787 if (CurrentLVarMap.sameAs(Map)) 788 return; // Easy merge: maps from different predecessors are unchanged. 789 790 unsigned NPreds = CurrentBB->numPredecessors(); 791 unsigned ESz = CurrentLVarMap.size(); 792 unsigned MSz = Map.size(); 793 unsigned Sz = std::min(ESz, MSz); 794 795 for (unsigned i = 0; i < Sz; ++i) { 796 if (CurrentLVarMap[i].first != Map[i].first) { 797 // We've reached the end of variables in common. 798 CurrentLVarMap.makeWritable(); 799 CurrentLVarMap.downsize(i); 800 break; 801 } 802 if (CurrentLVarMap[i].second != Map[i].second) 803 makePhiNodeVar(i, NPreds, Map[i].second); 804 } 805 if (ESz > MSz) { 806 CurrentLVarMap.makeWritable(); 807 CurrentLVarMap.downsize(Map.size()); 808 } 809 } 810 811 // Merge a back edge into the current variable map. 812 // This will create phi nodes for all variables in the variable map. 813 void SExprBuilder::mergeEntryMapBackEdge() { 814 // We don't have definitions for variables on the backedge, because we 815 // haven't gotten that far in the CFG. Thus, when encountering a back edge, 816 // we conservatively create Phi nodes for all variables. Unnecessary Phi 817 // nodes will be marked as incomplete, and stripped out at the end. 818 // 819 // An Phi node is unnecessary if it only refers to itself and one other 820 // variable, e.g. x = Phi(y, y, x) can be reduced to x = y. 821 822 assert(CurrentBlockInfo && "Not processing a block!"); 823 824 if (CurrentBlockInfo->HasBackEdges) 825 return; 826 CurrentBlockInfo->HasBackEdges = true; 827 828 CurrentLVarMap.makeWritable(); 829 unsigned Sz = CurrentLVarMap.size(); 830 unsigned NPreds = CurrentBB->numPredecessors(); 831 832 for (unsigned i = 0; i < Sz; ++i) 833 makePhiNodeVar(i, NPreds, nullptr); 834 } 835 836 // Update the phi nodes that were initially created for a back edge 837 // once the variable definitions have been computed. 838 // I.e., merge the current variable map into the phi nodes for Blk. 839 void SExprBuilder::mergePhiNodesBackEdge(const CFGBlock *Blk) { 840 til::BasicBlock *BB = lookupBlock(Blk); 841 unsigned ArgIndex = BBInfo[Blk->getBlockID()].ProcessedPredecessors; 842 assert(ArgIndex > 0 && ArgIndex < BB->numPredecessors()); 843 844 for (til::SExpr *PE : BB->arguments()) { 845 auto *Ph = dyn_cast_or_null<til::Phi>(PE); 846 assert(Ph && "Expecting Phi Node."); 847 assert(Ph->values()[ArgIndex] == nullptr && "Wrong index for back edge."); 848 849 til::SExpr *E = lookupVarDecl(Ph->clangDecl()); 850 assert(E && "Couldn't find local variable for Phi node."); 851 Ph->values()[ArgIndex] = E; 852 } 853 } 854 855 void SExprBuilder::enterCFG(CFG *Cfg, const NamedDecl *D, 856 const CFGBlock *First) { 857 // Perform initial setup operations. 858 unsigned NBlocks = Cfg->getNumBlockIDs(); 859 Scfg = new (Arena) til::SCFG(Arena, NBlocks); 860 861 // allocate all basic blocks immediately, to handle forward references. 862 BBInfo.resize(NBlocks); 863 BlockMap.resize(NBlocks, nullptr); 864 // create map from clang blockID to til::BasicBlocks 865 for (auto *B : *Cfg) { 866 auto *BB = new (Arena) til::BasicBlock(Arena); 867 BB->reserveInstructions(B->size()); 868 BlockMap[B->getBlockID()] = BB; 869 } 870 871 CurrentBB = lookupBlock(&Cfg->getEntry()); 872 auto Parms = isa<ObjCMethodDecl>(D) ? cast<ObjCMethodDecl>(D)->parameters() 873 : cast<FunctionDecl>(D)->parameters(); 874 for (auto *Pm : Parms) { 875 QualType T = Pm->getType(); 876 if (!T.isTrivialType(Pm->getASTContext())) 877 continue; 878 879 // Add parameters to local variable map. 880 // FIXME: right now we emulate params with loads; that should be fixed. 881 til::SExpr *Lp = new (Arena) til::LiteralPtr(Pm); 882 til::SExpr *Ld = new (Arena) til::Load(Lp); 883 til::SExpr *V = addStatement(Ld, nullptr, Pm); 884 addVarDecl(Pm, V); 885 } 886 } 887 888 void SExprBuilder::enterCFGBlock(const CFGBlock *B) { 889 // Initialize TIL basic block and add it to the CFG. 890 CurrentBB = lookupBlock(B); 891 CurrentBB->reservePredecessors(B->pred_size()); 892 Scfg->add(CurrentBB); 893 894 CurrentBlockInfo = &BBInfo[B->getBlockID()]; 895 896 // CurrentLVarMap is moved to ExitMap on block exit. 897 // FIXME: the entry block will hold function parameters. 898 // assert(!CurrentLVarMap.valid() && "CurrentLVarMap already initialized."); 899 } 900 901 void SExprBuilder::handlePredecessor(const CFGBlock *Pred) { 902 // Compute CurrentLVarMap on entry from ExitMaps of predecessors 903 904 CurrentBB->addPredecessor(BlockMap[Pred->getBlockID()]); 905 BlockInfo *PredInfo = &BBInfo[Pred->getBlockID()]; 906 assert(PredInfo->UnprocessedSuccessors > 0); 907 908 if (--PredInfo->UnprocessedSuccessors == 0) 909 mergeEntryMap(std::move(PredInfo->ExitMap)); 910 else 911 mergeEntryMap(PredInfo->ExitMap.clone()); 912 913 ++CurrentBlockInfo->ProcessedPredecessors; 914 } 915 916 void SExprBuilder::handlePredecessorBackEdge(const CFGBlock *Pred) { 917 mergeEntryMapBackEdge(); 918 } 919 920 void SExprBuilder::enterCFGBlockBody(const CFGBlock *B) { 921 // The merge*() methods have created arguments. 922 // Push those arguments onto the basic block. 923 CurrentBB->arguments().reserve( 924 static_cast<unsigned>(CurrentArguments.size()), Arena); 925 for (auto *A : CurrentArguments) 926 CurrentBB->addArgument(A); 927 } 928 929 void SExprBuilder::handleStatement(const Stmt *S) { 930 til::SExpr *E = translate(S, nullptr); 931 addStatement(E, S); 932 } 933 934 void SExprBuilder::handleDestructorCall(const VarDecl *VD, 935 const CXXDestructorDecl *DD) { 936 til::SExpr *Sf = new (Arena) til::LiteralPtr(VD); 937 til::SExpr *Dr = new (Arena) til::LiteralPtr(DD); 938 til::SExpr *Ap = new (Arena) til::Apply(Dr, Sf); 939 til::SExpr *E = new (Arena) til::Call(Ap); 940 addStatement(E, nullptr); 941 } 942 943 void SExprBuilder::exitCFGBlockBody(const CFGBlock *B) { 944 CurrentBB->instructions().reserve( 945 static_cast<unsigned>(CurrentInstructions.size()), Arena); 946 for (auto *V : CurrentInstructions) 947 CurrentBB->addInstruction(V); 948 949 // Create an appropriate terminator 950 unsigned N = B->succ_size(); 951 auto It = B->succ_begin(); 952 if (N == 1) { 953 til::BasicBlock *BB = *It ? lookupBlock(*It) : nullptr; 954 // TODO: set index 955 unsigned Idx = BB ? BB->findPredecessorIndex(CurrentBB) : 0; 956 auto *Tm = new (Arena) til::Goto(BB, Idx); 957 CurrentBB->setTerminator(Tm); 958 } 959 else if (N == 2) { 960 til::SExpr *C = translate(B->getTerminatorCondition(true), nullptr); 961 til::BasicBlock *BB1 = *It ? lookupBlock(*It) : nullptr; 962 ++It; 963 til::BasicBlock *BB2 = *It ? lookupBlock(*It) : nullptr; 964 // FIXME: make sure these aren't critical edges. 965 auto *Tm = new (Arena) til::Branch(C, BB1, BB2); 966 CurrentBB->setTerminator(Tm); 967 } 968 } 969 970 void SExprBuilder::handleSuccessor(const CFGBlock *Succ) { 971 ++CurrentBlockInfo->UnprocessedSuccessors; 972 } 973 974 void SExprBuilder::handleSuccessorBackEdge(const CFGBlock *Succ) { 975 mergePhiNodesBackEdge(Succ); 976 ++BBInfo[Succ->getBlockID()].ProcessedPredecessors; 977 } 978 979 void SExprBuilder::exitCFGBlock(const CFGBlock *B) { 980 CurrentArguments.clear(); 981 CurrentInstructions.clear(); 982 CurrentBlockInfo->ExitMap = std::move(CurrentLVarMap); 983 CurrentBB = nullptr; 984 CurrentBlockInfo = nullptr; 985 } 986 987 void SExprBuilder::exitCFG(const CFGBlock *Last) { 988 for (auto *Ph : IncompleteArgs) { 989 if (Ph->status() == til::Phi::PH_Incomplete) 990 simplifyIncompleteArg(Ph); 991 } 992 993 CurrentArguments.clear(); 994 CurrentInstructions.clear(); 995 IncompleteArgs.clear(); 996 } 997 998 /* 999 namespace { 1000 1001 class TILPrinter : 1002 public til::PrettyPrinter<TILPrinter, llvm::raw_ostream> {}; 1003 1004 } // namespace 1005 1006 namespace clang { 1007 namespace threadSafety { 1008 1009 void printSCFG(CFGWalker &Walker) { 1010 llvm::BumpPtrAllocator Bpa; 1011 til::MemRegionRef Arena(&Bpa); 1012 SExprBuilder SxBuilder(Arena); 1013 til::SCFG *Scfg = SxBuilder.buildCFG(Walker); 1014 TILPrinter::print(Scfg, llvm::errs()); 1015 } 1016 1017 } // namespace threadSafety 1018 } // namespace clang 1019 */ 1020