1 //===- ThreadSafetyCommon.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Implementation of the interfaces declared in ThreadSafetyCommon.h 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/Analysis/Analyses/ThreadSafetyCommon.h" 14 #include "clang/AST/Attr.h" 15 #include "clang/AST/Decl.h" 16 #include "clang/AST/DeclCXX.h" 17 #include "clang/AST/DeclGroup.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/Expr.h" 20 #include "clang/AST/ExprCXX.h" 21 #include "clang/AST/OperationKinds.h" 22 #include "clang/AST/Stmt.h" 23 #include "clang/AST/Type.h" 24 #include "clang/Analysis/Analyses/ThreadSafetyTIL.h" 25 #include "clang/Analysis/CFG.h" 26 #include "clang/Basic/LLVM.h" 27 #include "clang/Basic/OperatorKinds.h" 28 #include "clang/Basic/Specifiers.h" 29 #include "llvm/ADT/StringRef.h" 30 #include "llvm/Support/Casting.h" 31 #include <algorithm> 32 #include <cassert> 33 #include <string> 34 #include <utility> 35 36 using namespace clang; 37 using namespace threadSafety; 38 39 // From ThreadSafetyUtil.h 40 std::string threadSafety::getSourceLiteralString(const Expr *CE) { 41 switch (CE->getStmtClass()) { 42 case Stmt::IntegerLiteralClass: 43 return cast<IntegerLiteral>(CE)->getValue().toString(10, true); 44 case Stmt::StringLiteralClass: { 45 std::string ret("\""); 46 ret += cast<StringLiteral>(CE)->getString(); 47 ret += "\""; 48 return ret; 49 } 50 case Stmt::CharacterLiteralClass: 51 case Stmt::CXXNullPtrLiteralExprClass: 52 case Stmt::GNUNullExprClass: 53 case Stmt::CXXBoolLiteralExprClass: 54 case Stmt::FloatingLiteralClass: 55 case Stmt::ImaginaryLiteralClass: 56 case Stmt::ObjCStringLiteralClass: 57 default: 58 return "#lit"; 59 } 60 } 61 62 // Return true if E is a variable that points to an incomplete Phi node. 63 static bool isIncompletePhi(const til::SExpr *E) { 64 if (const auto *Ph = dyn_cast<til::Phi>(E)) 65 return Ph->status() == til::Phi::PH_Incomplete; 66 return false; 67 } 68 69 using CallingContext = SExprBuilder::CallingContext; 70 71 til::SExpr *SExprBuilder::lookupStmt(const Stmt *S) { 72 auto It = SMap.find(S); 73 if (It != SMap.end()) 74 return It->second; 75 return nullptr; 76 } 77 78 til::SCFG *SExprBuilder::buildCFG(CFGWalker &Walker) { 79 Walker.walk(*this); 80 return Scfg; 81 } 82 83 static bool isCalleeArrow(const Expr *E) { 84 const auto *ME = dyn_cast<MemberExpr>(E->IgnoreParenCasts()); 85 return ME ? ME->isArrow() : false; 86 } 87 88 /// Translate a clang expression in an attribute to a til::SExpr. 89 /// Constructs the context from D, DeclExp, and SelfDecl. 90 /// 91 /// \param AttrExp The expression to translate. 92 /// \param D The declaration to which the attribute is attached. 93 /// \param DeclExp An expression involving the Decl to which the attribute 94 /// is attached. E.g. the call to a function. 95 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp, 96 const NamedDecl *D, 97 const Expr *DeclExp, 98 VarDecl *SelfDecl) { 99 // If we are processing a raw attribute expression, with no substitutions. 100 if (!DeclExp) 101 return translateAttrExpr(AttrExp, nullptr); 102 103 CallingContext Ctx(nullptr, D); 104 105 // Examine DeclExp to find SelfArg and FunArgs, which are used to substitute 106 // for formal parameters when we call buildMutexID later. 107 if (const auto *ME = dyn_cast<MemberExpr>(DeclExp)) { 108 Ctx.SelfArg = ME->getBase(); 109 Ctx.SelfArrow = ME->isArrow(); 110 } else if (const auto *CE = dyn_cast<CXXMemberCallExpr>(DeclExp)) { 111 Ctx.SelfArg = CE->getImplicitObjectArgument(); 112 Ctx.SelfArrow = isCalleeArrow(CE->getCallee()); 113 Ctx.NumArgs = CE->getNumArgs(); 114 Ctx.FunArgs = CE->getArgs(); 115 } else if (const auto *CE = dyn_cast<CallExpr>(DeclExp)) { 116 Ctx.NumArgs = CE->getNumArgs(); 117 Ctx.FunArgs = CE->getArgs(); 118 } else if (const auto *CE = dyn_cast<CXXConstructExpr>(DeclExp)) { 119 Ctx.SelfArg = nullptr; // Will be set below 120 Ctx.NumArgs = CE->getNumArgs(); 121 Ctx.FunArgs = CE->getArgs(); 122 } else if (D && isa<CXXDestructorDecl>(D)) { 123 // There's no such thing as a "destructor call" in the AST. 124 Ctx.SelfArg = DeclExp; 125 } 126 127 // Hack to handle constructors, where self cannot be recovered from 128 // the expression. 129 if (SelfDecl && !Ctx.SelfArg) { 130 DeclRefExpr SelfDRE(SelfDecl->getASTContext(), SelfDecl, false, 131 SelfDecl->getType(), VK_LValue, 132 SelfDecl->getLocation()); 133 Ctx.SelfArg = &SelfDRE; 134 135 // If the attribute has no arguments, then assume the argument is "this". 136 if (!AttrExp) 137 return translateAttrExpr(Ctx.SelfArg, nullptr); 138 else // For most attributes. 139 return translateAttrExpr(AttrExp, &Ctx); 140 } 141 142 // If the attribute has no arguments, then assume the argument is "this". 143 if (!AttrExp) 144 return translateAttrExpr(Ctx.SelfArg, nullptr); 145 else // For most attributes. 146 return translateAttrExpr(AttrExp, &Ctx); 147 } 148 149 /// Translate a clang expression in an attribute to a til::SExpr. 150 // This assumes a CallingContext has already been created. 151 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp, 152 CallingContext *Ctx) { 153 if (!AttrExp) 154 return CapabilityExpr(nullptr, false); 155 156 if (const auto* SLit = dyn_cast<StringLiteral>(AttrExp)) { 157 if (SLit->getString() == StringRef("*")) 158 // The "*" expr is a universal lock, which essentially turns off 159 // checks until it is removed from the lockset. 160 return CapabilityExpr(new (Arena) til::Wildcard(), false); 161 else 162 // Ignore other string literals for now. 163 return CapabilityExpr(nullptr, false); 164 } 165 166 bool Neg = false; 167 if (const auto *OE = dyn_cast<CXXOperatorCallExpr>(AttrExp)) { 168 if (OE->getOperator() == OO_Exclaim) { 169 Neg = true; 170 AttrExp = OE->getArg(0); 171 } 172 } 173 else if (const auto *UO = dyn_cast<UnaryOperator>(AttrExp)) { 174 if (UO->getOpcode() == UO_LNot) { 175 Neg = true; 176 AttrExp = UO->getSubExpr(); 177 } 178 } 179 180 til::SExpr *E = translate(AttrExp, Ctx); 181 182 // Trap mutex expressions like nullptr, or 0. 183 // Any literal value is nonsense. 184 if (!E || isa<til::Literal>(E)) 185 return CapabilityExpr(nullptr, false); 186 187 // Hack to deal with smart pointers -- strip off top-level pointer casts. 188 if (const auto *CE = dyn_cast<til::Cast>(E)) { 189 if (CE->castOpcode() == til::CAST_objToPtr) 190 return CapabilityExpr(CE->expr(), Neg); 191 } 192 return CapabilityExpr(E, Neg); 193 } 194 195 // Translate a clang statement or expression to a TIL expression. 196 // Also performs substitution of variables; Ctx provides the context. 197 // Dispatches on the type of S. 198 til::SExpr *SExprBuilder::translate(const Stmt *S, CallingContext *Ctx) { 199 if (!S) 200 return nullptr; 201 202 // Check if S has already been translated and cached. 203 // This handles the lookup of SSA names for DeclRefExprs here. 204 if (til::SExpr *E = lookupStmt(S)) 205 return E; 206 207 switch (S->getStmtClass()) { 208 case Stmt::DeclRefExprClass: 209 return translateDeclRefExpr(cast<DeclRefExpr>(S), Ctx); 210 case Stmt::CXXThisExprClass: 211 return translateCXXThisExpr(cast<CXXThisExpr>(S), Ctx); 212 case Stmt::MemberExprClass: 213 return translateMemberExpr(cast<MemberExpr>(S), Ctx); 214 case Stmt::ObjCIvarRefExprClass: 215 return translateObjCIVarRefExpr(cast<ObjCIvarRefExpr>(S), Ctx); 216 case Stmt::CallExprClass: 217 return translateCallExpr(cast<CallExpr>(S), Ctx); 218 case Stmt::CXXMemberCallExprClass: 219 return translateCXXMemberCallExpr(cast<CXXMemberCallExpr>(S), Ctx); 220 case Stmt::CXXOperatorCallExprClass: 221 return translateCXXOperatorCallExpr(cast<CXXOperatorCallExpr>(S), Ctx); 222 case Stmt::UnaryOperatorClass: 223 return translateUnaryOperator(cast<UnaryOperator>(S), Ctx); 224 case Stmt::BinaryOperatorClass: 225 case Stmt::CompoundAssignOperatorClass: 226 return translateBinaryOperator(cast<BinaryOperator>(S), Ctx); 227 228 case Stmt::ArraySubscriptExprClass: 229 return translateArraySubscriptExpr(cast<ArraySubscriptExpr>(S), Ctx); 230 case Stmt::ConditionalOperatorClass: 231 return translateAbstractConditionalOperator( 232 cast<ConditionalOperator>(S), Ctx); 233 case Stmt::BinaryConditionalOperatorClass: 234 return translateAbstractConditionalOperator( 235 cast<BinaryConditionalOperator>(S), Ctx); 236 237 // We treat these as no-ops 238 case Stmt::ConstantExprClass: 239 return translate(cast<ConstantExpr>(S)->getSubExpr(), Ctx); 240 case Stmt::ParenExprClass: 241 return translate(cast<ParenExpr>(S)->getSubExpr(), Ctx); 242 case Stmt::ExprWithCleanupsClass: 243 return translate(cast<ExprWithCleanups>(S)->getSubExpr(), Ctx); 244 case Stmt::CXXBindTemporaryExprClass: 245 return translate(cast<CXXBindTemporaryExpr>(S)->getSubExpr(), Ctx); 246 case Stmt::MaterializeTemporaryExprClass: 247 return translate(cast<MaterializeTemporaryExpr>(S)->getSubExpr(), Ctx); 248 249 // Collect all literals 250 case Stmt::CharacterLiteralClass: 251 case Stmt::CXXNullPtrLiteralExprClass: 252 case Stmt::GNUNullExprClass: 253 case Stmt::CXXBoolLiteralExprClass: 254 case Stmt::FloatingLiteralClass: 255 case Stmt::ImaginaryLiteralClass: 256 case Stmt::IntegerLiteralClass: 257 case Stmt::StringLiteralClass: 258 case Stmt::ObjCStringLiteralClass: 259 return new (Arena) til::Literal(cast<Expr>(S)); 260 261 case Stmt::DeclStmtClass: 262 return translateDeclStmt(cast<DeclStmt>(S), Ctx); 263 default: 264 break; 265 } 266 if (const auto *CE = dyn_cast<CastExpr>(S)) 267 return translateCastExpr(CE, Ctx); 268 269 return new (Arena) til::Undefined(S); 270 } 271 272 til::SExpr *SExprBuilder::translateDeclRefExpr(const DeclRefExpr *DRE, 273 CallingContext *Ctx) { 274 const auto *VD = cast<ValueDecl>(DRE->getDecl()->getCanonicalDecl()); 275 276 // Function parameters require substitution and/or renaming. 277 if (const auto *PV = dyn_cast<ParmVarDecl>(VD)) { 278 unsigned I = PV->getFunctionScopeIndex(); 279 const DeclContext *D = PV->getDeclContext(); 280 if (Ctx && Ctx->FunArgs) { 281 const Decl *Canonical = Ctx->AttrDecl->getCanonicalDecl(); 282 if (isa<FunctionDecl>(D) 283 ? (cast<FunctionDecl>(D)->getCanonicalDecl() == Canonical) 284 : (cast<ObjCMethodDecl>(D)->getCanonicalDecl() == Canonical)) { 285 // Substitute call arguments for references to function parameters 286 assert(I < Ctx->NumArgs); 287 return translate(Ctx->FunArgs[I], Ctx->Prev); 288 } 289 } 290 // Map the param back to the param of the original function declaration 291 // for consistent comparisons. 292 VD = isa<FunctionDecl>(D) 293 ? cast<FunctionDecl>(D)->getCanonicalDecl()->getParamDecl(I) 294 : cast<ObjCMethodDecl>(D)->getCanonicalDecl()->getParamDecl(I); 295 } 296 297 // For non-local variables, treat it as a reference to a named object. 298 return new (Arena) til::LiteralPtr(VD); 299 } 300 301 til::SExpr *SExprBuilder::translateCXXThisExpr(const CXXThisExpr *TE, 302 CallingContext *Ctx) { 303 // Substitute for 'this' 304 if (Ctx && Ctx->SelfArg) 305 return translate(Ctx->SelfArg, Ctx->Prev); 306 assert(SelfVar && "We have no variable for 'this'!"); 307 return SelfVar; 308 } 309 310 static const ValueDecl *getValueDeclFromSExpr(const til::SExpr *E) { 311 if (const auto *V = dyn_cast<til::Variable>(E)) 312 return V->clangDecl(); 313 if (const auto *Ph = dyn_cast<til::Phi>(E)) 314 return Ph->clangDecl(); 315 if (const auto *P = dyn_cast<til::Project>(E)) 316 return P->clangDecl(); 317 if (const auto *L = dyn_cast<til::LiteralPtr>(E)) 318 return L->clangDecl(); 319 return nullptr; 320 } 321 322 static bool hasAnyPointerType(const til::SExpr *E) { 323 auto *VD = getValueDeclFromSExpr(E); 324 if (VD && VD->getType()->isAnyPointerType()) 325 return true; 326 if (const auto *C = dyn_cast<til::Cast>(E)) 327 return C->castOpcode() == til::CAST_objToPtr; 328 329 return false; 330 } 331 332 // Grab the very first declaration of virtual method D 333 static const CXXMethodDecl *getFirstVirtualDecl(const CXXMethodDecl *D) { 334 while (true) { 335 D = D->getCanonicalDecl(); 336 auto OverriddenMethods = D->overridden_methods(); 337 if (OverriddenMethods.begin() == OverriddenMethods.end()) 338 return D; // Method does not override anything 339 // FIXME: this does not work with multiple inheritance. 340 D = *OverriddenMethods.begin(); 341 } 342 return nullptr; 343 } 344 345 til::SExpr *SExprBuilder::translateMemberExpr(const MemberExpr *ME, 346 CallingContext *Ctx) { 347 til::SExpr *BE = translate(ME->getBase(), Ctx); 348 til::SExpr *E = new (Arena) til::SApply(BE); 349 350 const auto *D = cast<ValueDecl>(ME->getMemberDecl()->getCanonicalDecl()); 351 if (const auto *VD = dyn_cast<CXXMethodDecl>(D)) 352 D = getFirstVirtualDecl(VD); 353 354 til::Project *P = new (Arena) til::Project(E, D); 355 if (hasAnyPointerType(BE)) 356 P->setArrow(true); 357 return P; 358 } 359 360 til::SExpr *SExprBuilder::translateObjCIVarRefExpr(const ObjCIvarRefExpr *IVRE, 361 CallingContext *Ctx) { 362 til::SExpr *BE = translate(IVRE->getBase(), Ctx); 363 til::SExpr *E = new (Arena) til::SApply(BE); 364 365 const auto *D = cast<ObjCIvarDecl>(IVRE->getDecl()->getCanonicalDecl()); 366 367 til::Project *P = new (Arena) til::Project(E, D); 368 if (hasAnyPointerType(BE)) 369 P->setArrow(true); 370 return P; 371 } 372 373 til::SExpr *SExprBuilder::translateCallExpr(const CallExpr *CE, 374 CallingContext *Ctx, 375 const Expr *SelfE) { 376 if (CapabilityExprMode) { 377 // Handle LOCK_RETURNED 378 if (const FunctionDecl *FD = CE->getDirectCallee()) { 379 FD = FD->getMostRecentDecl(); 380 if (LockReturnedAttr *At = FD->getAttr<LockReturnedAttr>()) { 381 CallingContext LRCallCtx(Ctx); 382 LRCallCtx.AttrDecl = CE->getDirectCallee(); 383 LRCallCtx.SelfArg = SelfE; 384 LRCallCtx.NumArgs = CE->getNumArgs(); 385 LRCallCtx.FunArgs = CE->getArgs(); 386 return const_cast<til::SExpr *>( 387 translateAttrExpr(At->getArg(), &LRCallCtx).sexpr()); 388 } 389 } 390 } 391 392 til::SExpr *E = translate(CE->getCallee(), Ctx); 393 for (const auto *Arg : CE->arguments()) { 394 til::SExpr *A = translate(Arg, Ctx); 395 E = new (Arena) til::Apply(E, A); 396 } 397 return new (Arena) til::Call(E, CE); 398 } 399 400 til::SExpr *SExprBuilder::translateCXXMemberCallExpr( 401 const CXXMemberCallExpr *ME, CallingContext *Ctx) { 402 if (CapabilityExprMode) { 403 // Ignore calls to get() on smart pointers. 404 if (ME->getMethodDecl()->getNameAsString() == "get" && 405 ME->getNumArgs() == 0) { 406 auto *E = translate(ME->getImplicitObjectArgument(), Ctx); 407 return new (Arena) til::Cast(til::CAST_objToPtr, E); 408 // return E; 409 } 410 } 411 return translateCallExpr(cast<CallExpr>(ME), Ctx, 412 ME->getImplicitObjectArgument()); 413 } 414 415 til::SExpr *SExprBuilder::translateCXXOperatorCallExpr( 416 const CXXOperatorCallExpr *OCE, CallingContext *Ctx) { 417 if (CapabilityExprMode) { 418 // Ignore operator * and operator -> on smart pointers. 419 OverloadedOperatorKind k = OCE->getOperator(); 420 if (k == OO_Star || k == OO_Arrow) { 421 auto *E = translate(OCE->getArg(0), Ctx); 422 return new (Arena) til::Cast(til::CAST_objToPtr, E); 423 // return E; 424 } 425 } 426 return translateCallExpr(cast<CallExpr>(OCE), Ctx); 427 } 428 429 til::SExpr *SExprBuilder::translateUnaryOperator(const UnaryOperator *UO, 430 CallingContext *Ctx) { 431 switch (UO->getOpcode()) { 432 case UO_PostInc: 433 case UO_PostDec: 434 case UO_PreInc: 435 case UO_PreDec: 436 return new (Arena) til::Undefined(UO); 437 438 case UO_AddrOf: 439 if (CapabilityExprMode) { 440 // interpret &Graph::mu_ as an existential. 441 if (const auto *DRE = dyn_cast<DeclRefExpr>(UO->getSubExpr())) { 442 if (DRE->getDecl()->isCXXInstanceMember()) { 443 // This is a pointer-to-member expression, e.g. &MyClass::mu_. 444 // We interpret this syntax specially, as a wildcard. 445 auto *W = new (Arena) til::Wildcard(); 446 return new (Arena) til::Project(W, DRE->getDecl()); 447 } 448 } 449 } 450 // otherwise, & is a no-op 451 return translate(UO->getSubExpr(), Ctx); 452 453 // We treat these as no-ops 454 case UO_Deref: 455 case UO_Plus: 456 return translate(UO->getSubExpr(), Ctx); 457 458 case UO_Minus: 459 return new (Arena) 460 til::UnaryOp(til::UOP_Minus, translate(UO->getSubExpr(), Ctx)); 461 case UO_Not: 462 return new (Arena) 463 til::UnaryOp(til::UOP_BitNot, translate(UO->getSubExpr(), Ctx)); 464 case UO_LNot: 465 return new (Arena) 466 til::UnaryOp(til::UOP_LogicNot, translate(UO->getSubExpr(), Ctx)); 467 468 // Currently unsupported 469 case UO_Real: 470 case UO_Imag: 471 case UO_Extension: 472 case UO_Coawait: 473 return new (Arena) til::Undefined(UO); 474 } 475 return new (Arena) til::Undefined(UO); 476 } 477 478 til::SExpr *SExprBuilder::translateBinOp(til::TIL_BinaryOpcode Op, 479 const BinaryOperator *BO, 480 CallingContext *Ctx, bool Reverse) { 481 til::SExpr *E0 = translate(BO->getLHS(), Ctx); 482 til::SExpr *E1 = translate(BO->getRHS(), Ctx); 483 if (Reverse) 484 return new (Arena) til::BinaryOp(Op, E1, E0); 485 else 486 return new (Arena) til::BinaryOp(Op, E0, E1); 487 } 488 489 til::SExpr *SExprBuilder::translateBinAssign(til::TIL_BinaryOpcode Op, 490 const BinaryOperator *BO, 491 CallingContext *Ctx, 492 bool Assign) { 493 const Expr *LHS = BO->getLHS(); 494 const Expr *RHS = BO->getRHS(); 495 til::SExpr *E0 = translate(LHS, Ctx); 496 til::SExpr *E1 = translate(RHS, Ctx); 497 498 const ValueDecl *VD = nullptr; 499 til::SExpr *CV = nullptr; 500 if (const auto *DRE = dyn_cast<DeclRefExpr>(LHS)) { 501 VD = DRE->getDecl(); 502 CV = lookupVarDecl(VD); 503 } 504 505 if (!Assign) { 506 til::SExpr *Arg = CV ? CV : new (Arena) til::Load(E0); 507 E1 = new (Arena) til::BinaryOp(Op, Arg, E1); 508 E1 = addStatement(E1, nullptr, VD); 509 } 510 if (VD && CV) 511 return updateVarDecl(VD, E1); 512 return new (Arena) til::Store(E0, E1); 513 } 514 515 til::SExpr *SExprBuilder::translateBinaryOperator(const BinaryOperator *BO, 516 CallingContext *Ctx) { 517 switch (BO->getOpcode()) { 518 case BO_PtrMemD: 519 case BO_PtrMemI: 520 return new (Arena) til::Undefined(BO); 521 522 case BO_Mul: return translateBinOp(til::BOP_Mul, BO, Ctx); 523 case BO_Div: return translateBinOp(til::BOP_Div, BO, Ctx); 524 case BO_Rem: return translateBinOp(til::BOP_Rem, BO, Ctx); 525 case BO_Add: return translateBinOp(til::BOP_Add, BO, Ctx); 526 case BO_Sub: return translateBinOp(til::BOP_Sub, BO, Ctx); 527 case BO_Shl: return translateBinOp(til::BOP_Shl, BO, Ctx); 528 case BO_Shr: return translateBinOp(til::BOP_Shr, BO, Ctx); 529 case BO_LT: return translateBinOp(til::BOP_Lt, BO, Ctx); 530 case BO_GT: return translateBinOp(til::BOP_Lt, BO, Ctx, true); 531 case BO_LE: return translateBinOp(til::BOP_Leq, BO, Ctx); 532 case BO_GE: return translateBinOp(til::BOP_Leq, BO, Ctx, true); 533 case BO_EQ: return translateBinOp(til::BOP_Eq, BO, Ctx); 534 case BO_NE: return translateBinOp(til::BOP_Neq, BO, Ctx); 535 case BO_Cmp: return translateBinOp(til::BOP_Cmp, BO, Ctx); 536 case BO_And: return translateBinOp(til::BOP_BitAnd, BO, Ctx); 537 case BO_Xor: return translateBinOp(til::BOP_BitXor, BO, Ctx); 538 case BO_Or: return translateBinOp(til::BOP_BitOr, BO, Ctx); 539 case BO_LAnd: return translateBinOp(til::BOP_LogicAnd, BO, Ctx); 540 case BO_LOr: return translateBinOp(til::BOP_LogicOr, BO, Ctx); 541 542 case BO_Assign: return translateBinAssign(til::BOP_Eq, BO, Ctx, true); 543 case BO_MulAssign: return translateBinAssign(til::BOP_Mul, BO, Ctx); 544 case BO_DivAssign: return translateBinAssign(til::BOP_Div, BO, Ctx); 545 case BO_RemAssign: return translateBinAssign(til::BOP_Rem, BO, Ctx); 546 case BO_AddAssign: return translateBinAssign(til::BOP_Add, BO, Ctx); 547 case BO_SubAssign: return translateBinAssign(til::BOP_Sub, BO, Ctx); 548 case BO_ShlAssign: return translateBinAssign(til::BOP_Shl, BO, Ctx); 549 case BO_ShrAssign: return translateBinAssign(til::BOP_Shr, BO, Ctx); 550 case BO_AndAssign: return translateBinAssign(til::BOP_BitAnd, BO, Ctx); 551 case BO_XorAssign: return translateBinAssign(til::BOP_BitXor, BO, Ctx); 552 case BO_OrAssign: return translateBinAssign(til::BOP_BitOr, BO, Ctx); 553 554 case BO_Comma: 555 // The clang CFG should have already processed both sides. 556 return translate(BO->getRHS(), Ctx); 557 } 558 return new (Arena) til::Undefined(BO); 559 } 560 561 til::SExpr *SExprBuilder::translateCastExpr(const CastExpr *CE, 562 CallingContext *Ctx) { 563 CastKind K = CE->getCastKind(); 564 switch (K) { 565 case CK_LValueToRValue: { 566 if (const auto *DRE = dyn_cast<DeclRefExpr>(CE->getSubExpr())) { 567 til::SExpr *E0 = lookupVarDecl(DRE->getDecl()); 568 if (E0) 569 return E0; 570 } 571 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx); 572 return E0; 573 // FIXME!! -- get Load working properly 574 // return new (Arena) til::Load(E0); 575 } 576 case CK_NoOp: 577 case CK_DerivedToBase: 578 case CK_UncheckedDerivedToBase: 579 case CK_ArrayToPointerDecay: 580 case CK_FunctionToPointerDecay: { 581 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx); 582 return E0; 583 } 584 default: { 585 // FIXME: handle different kinds of casts. 586 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx); 587 if (CapabilityExprMode) 588 return E0; 589 return new (Arena) til::Cast(til::CAST_none, E0); 590 } 591 } 592 } 593 594 til::SExpr * 595 SExprBuilder::translateArraySubscriptExpr(const ArraySubscriptExpr *E, 596 CallingContext *Ctx) { 597 til::SExpr *E0 = translate(E->getBase(), Ctx); 598 til::SExpr *E1 = translate(E->getIdx(), Ctx); 599 return new (Arena) til::ArrayIndex(E0, E1); 600 } 601 602 til::SExpr * 603 SExprBuilder::translateAbstractConditionalOperator( 604 const AbstractConditionalOperator *CO, CallingContext *Ctx) { 605 auto *C = translate(CO->getCond(), Ctx); 606 auto *T = translate(CO->getTrueExpr(), Ctx); 607 auto *E = translate(CO->getFalseExpr(), Ctx); 608 return new (Arena) til::IfThenElse(C, T, E); 609 } 610 611 til::SExpr * 612 SExprBuilder::translateDeclStmt(const DeclStmt *S, CallingContext *Ctx) { 613 DeclGroupRef DGrp = S->getDeclGroup(); 614 for (auto I : DGrp) { 615 if (auto *VD = dyn_cast_or_null<VarDecl>(I)) { 616 Expr *E = VD->getInit(); 617 til::SExpr* SE = translate(E, Ctx); 618 619 // Add local variables with trivial type to the variable map 620 QualType T = VD->getType(); 621 if (T.isTrivialType(VD->getASTContext())) 622 return addVarDecl(VD, SE); 623 else { 624 // TODO: add alloca 625 } 626 } 627 } 628 return nullptr; 629 } 630 631 // If (E) is non-trivial, then add it to the current basic block, and 632 // update the statement map so that S refers to E. Returns a new variable 633 // that refers to E. 634 // If E is trivial returns E. 635 til::SExpr *SExprBuilder::addStatement(til::SExpr* E, const Stmt *S, 636 const ValueDecl *VD) { 637 if (!E || !CurrentBB || E->block() || til::ThreadSafetyTIL::isTrivial(E)) 638 return E; 639 if (VD) 640 E = new (Arena) til::Variable(E, VD); 641 CurrentInstructions.push_back(E); 642 if (S) 643 insertStmt(S, E); 644 return E; 645 } 646 647 // Returns the current value of VD, if known, and nullptr otherwise. 648 til::SExpr *SExprBuilder::lookupVarDecl(const ValueDecl *VD) { 649 auto It = LVarIdxMap.find(VD); 650 if (It != LVarIdxMap.end()) { 651 assert(CurrentLVarMap[It->second].first == VD); 652 return CurrentLVarMap[It->second].second; 653 } 654 return nullptr; 655 } 656 657 // if E is a til::Variable, update its clangDecl. 658 static void maybeUpdateVD(til::SExpr *E, const ValueDecl *VD) { 659 if (!E) 660 return; 661 if (auto *V = dyn_cast<til::Variable>(E)) { 662 if (!V->clangDecl()) 663 V->setClangDecl(VD); 664 } 665 } 666 667 // Adds a new variable declaration. 668 til::SExpr *SExprBuilder::addVarDecl(const ValueDecl *VD, til::SExpr *E) { 669 maybeUpdateVD(E, VD); 670 LVarIdxMap.insert(std::make_pair(VD, CurrentLVarMap.size())); 671 CurrentLVarMap.makeWritable(); 672 CurrentLVarMap.push_back(std::make_pair(VD, E)); 673 return E; 674 } 675 676 // Updates a current variable declaration. (E.g. by assignment) 677 til::SExpr *SExprBuilder::updateVarDecl(const ValueDecl *VD, til::SExpr *E) { 678 maybeUpdateVD(E, VD); 679 auto It = LVarIdxMap.find(VD); 680 if (It == LVarIdxMap.end()) { 681 til::SExpr *Ptr = new (Arena) til::LiteralPtr(VD); 682 til::SExpr *St = new (Arena) til::Store(Ptr, E); 683 return St; 684 } 685 CurrentLVarMap.makeWritable(); 686 CurrentLVarMap.elem(It->second).second = E; 687 return E; 688 } 689 690 // Make a Phi node in the current block for the i^th variable in CurrentVarMap. 691 // If E != null, sets Phi[CurrentBlockInfo->ArgIndex] = E. 692 // If E == null, this is a backedge and will be set later. 693 void SExprBuilder::makePhiNodeVar(unsigned i, unsigned NPreds, til::SExpr *E) { 694 unsigned ArgIndex = CurrentBlockInfo->ProcessedPredecessors; 695 assert(ArgIndex > 0 && ArgIndex < NPreds); 696 697 til::SExpr *CurrE = CurrentLVarMap[i].second; 698 if (CurrE->block() == CurrentBB) { 699 // We already have a Phi node in the current block, 700 // so just add the new variable to the Phi node. 701 auto *Ph = dyn_cast<til::Phi>(CurrE); 702 assert(Ph && "Expecting Phi node."); 703 if (E) 704 Ph->values()[ArgIndex] = E; 705 return; 706 } 707 708 // Make a new phi node: phi(..., E) 709 // All phi args up to the current index are set to the current value. 710 til::Phi *Ph = new (Arena) til::Phi(Arena, NPreds); 711 Ph->values().setValues(NPreds, nullptr); 712 for (unsigned PIdx = 0; PIdx < ArgIndex; ++PIdx) 713 Ph->values()[PIdx] = CurrE; 714 if (E) 715 Ph->values()[ArgIndex] = E; 716 Ph->setClangDecl(CurrentLVarMap[i].first); 717 // If E is from a back-edge, or either E or CurrE are incomplete, then 718 // mark this node as incomplete; we may need to remove it later. 719 if (!E || isIncompletePhi(E) || isIncompletePhi(CurrE)) 720 Ph->setStatus(til::Phi::PH_Incomplete); 721 722 // Add Phi node to current block, and update CurrentLVarMap[i] 723 CurrentArguments.push_back(Ph); 724 if (Ph->status() == til::Phi::PH_Incomplete) 725 IncompleteArgs.push_back(Ph); 726 727 CurrentLVarMap.makeWritable(); 728 CurrentLVarMap.elem(i).second = Ph; 729 } 730 731 // Merge values from Map into the current variable map. 732 // This will construct Phi nodes in the current basic block as necessary. 733 void SExprBuilder::mergeEntryMap(LVarDefinitionMap Map) { 734 assert(CurrentBlockInfo && "Not processing a block!"); 735 736 if (!CurrentLVarMap.valid()) { 737 // Steal Map, using copy-on-write. 738 CurrentLVarMap = std::move(Map); 739 return; 740 } 741 if (CurrentLVarMap.sameAs(Map)) 742 return; // Easy merge: maps from different predecessors are unchanged. 743 744 unsigned NPreds = CurrentBB->numPredecessors(); 745 unsigned ESz = CurrentLVarMap.size(); 746 unsigned MSz = Map.size(); 747 unsigned Sz = std::min(ESz, MSz); 748 749 for (unsigned i = 0; i < Sz; ++i) { 750 if (CurrentLVarMap[i].first != Map[i].first) { 751 // We've reached the end of variables in common. 752 CurrentLVarMap.makeWritable(); 753 CurrentLVarMap.downsize(i); 754 break; 755 } 756 if (CurrentLVarMap[i].second != Map[i].second) 757 makePhiNodeVar(i, NPreds, Map[i].second); 758 } 759 if (ESz > MSz) { 760 CurrentLVarMap.makeWritable(); 761 CurrentLVarMap.downsize(Map.size()); 762 } 763 } 764 765 // Merge a back edge into the current variable map. 766 // This will create phi nodes for all variables in the variable map. 767 void SExprBuilder::mergeEntryMapBackEdge() { 768 // We don't have definitions for variables on the backedge, because we 769 // haven't gotten that far in the CFG. Thus, when encountering a back edge, 770 // we conservatively create Phi nodes for all variables. Unnecessary Phi 771 // nodes will be marked as incomplete, and stripped out at the end. 772 // 773 // An Phi node is unnecessary if it only refers to itself and one other 774 // variable, e.g. x = Phi(y, y, x) can be reduced to x = y. 775 776 assert(CurrentBlockInfo && "Not processing a block!"); 777 778 if (CurrentBlockInfo->HasBackEdges) 779 return; 780 CurrentBlockInfo->HasBackEdges = true; 781 782 CurrentLVarMap.makeWritable(); 783 unsigned Sz = CurrentLVarMap.size(); 784 unsigned NPreds = CurrentBB->numPredecessors(); 785 786 for (unsigned i = 0; i < Sz; ++i) 787 makePhiNodeVar(i, NPreds, nullptr); 788 } 789 790 // Update the phi nodes that were initially created for a back edge 791 // once the variable definitions have been computed. 792 // I.e., merge the current variable map into the phi nodes for Blk. 793 void SExprBuilder::mergePhiNodesBackEdge(const CFGBlock *Blk) { 794 til::BasicBlock *BB = lookupBlock(Blk); 795 unsigned ArgIndex = BBInfo[Blk->getBlockID()].ProcessedPredecessors; 796 assert(ArgIndex > 0 && ArgIndex < BB->numPredecessors()); 797 798 for (til::SExpr *PE : BB->arguments()) { 799 auto *Ph = dyn_cast_or_null<til::Phi>(PE); 800 assert(Ph && "Expecting Phi Node."); 801 assert(Ph->values()[ArgIndex] == nullptr && "Wrong index for back edge."); 802 803 til::SExpr *E = lookupVarDecl(Ph->clangDecl()); 804 assert(E && "Couldn't find local variable for Phi node."); 805 Ph->values()[ArgIndex] = E; 806 } 807 } 808 809 void SExprBuilder::enterCFG(CFG *Cfg, const NamedDecl *D, 810 const CFGBlock *First) { 811 // Perform initial setup operations. 812 unsigned NBlocks = Cfg->getNumBlockIDs(); 813 Scfg = new (Arena) til::SCFG(Arena, NBlocks); 814 815 // allocate all basic blocks immediately, to handle forward references. 816 BBInfo.resize(NBlocks); 817 BlockMap.resize(NBlocks, nullptr); 818 // create map from clang blockID to til::BasicBlocks 819 for (auto *B : *Cfg) { 820 auto *BB = new (Arena) til::BasicBlock(Arena); 821 BB->reserveInstructions(B->size()); 822 BlockMap[B->getBlockID()] = BB; 823 } 824 825 CurrentBB = lookupBlock(&Cfg->getEntry()); 826 auto Parms = isa<ObjCMethodDecl>(D) ? cast<ObjCMethodDecl>(D)->parameters() 827 : cast<FunctionDecl>(D)->parameters(); 828 for (auto *Pm : Parms) { 829 QualType T = Pm->getType(); 830 if (!T.isTrivialType(Pm->getASTContext())) 831 continue; 832 833 // Add parameters to local variable map. 834 // FIXME: right now we emulate params with loads; that should be fixed. 835 til::SExpr *Lp = new (Arena) til::LiteralPtr(Pm); 836 til::SExpr *Ld = new (Arena) til::Load(Lp); 837 til::SExpr *V = addStatement(Ld, nullptr, Pm); 838 addVarDecl(Pm, V); 839 } 840 } 841 842 void SExprBuilder::enterCFGBlock(const CFGBlock *B) { 843 // Initialize TIL basic block and add it to the CFG. 844 CurrentBB = lookupBlock(B); 845 CurrentBB->reservePredecessors(B->pred_size()); 846 Scfg->add(CurrentBB); 847 848 CurrentBlockInfo = &BBInfo[B->getBlockID()]; 849 850 // CurrentLVarMap is moved to ExitMap on block exit. 851 // FIXME: the entry block will hold function parameters. 852 // assert(!CurrentLVarMap.valid() && "CurrentLVarMap already initialized."); 853 } 854 855 void SExprBuilder::handlePredecessor(const CFGBlock *Pred) { 856 // Compute CurrentLVarMap on entry from ExitMaps of predecessors 857 858 CurrentBB->addPredecessor(BlockMap[Pred->getBlockID()]); 859 BlockInfo *PredInfo = &BBInfo[Pred->getBlockID()]; 860 assert(PredInfo->UnprocessedSuccessors > 0); 861 862 if (--PredInfo->UnprocessedSuccessors == 0) 863 mergeEntryMap(std::move(PredInfo->ExitMap)); 864 else 865 mergeEntryMap(PredInfo->ExitMap.clone()); 866 867 ++CurrentBlockInfo->ProcessedPredecessors; 868 } 869 870 void SExprBuilder::handlePredecessorBackEdge(const CFGBlock *Pred) { 871 mergeEntryMapBackEdge(); 872 } 873 874 void SExprBuilder::enterCFGBlockBody(const CFGBlock *B) { 875 // The merge*() methods have created arguments. 876 // Push those arguments onto the basic block. 877 CurrentBB->arguments().reserve( 878 static_cast<unsigned>(CurrentArguments.size()), Arena); 879 for (auto *A : CurrentArguments) 880 CurrentBB->addArgument(A); 881 } 882 883 void SExprBuilder::handleStatement(const Stmt *S) { 884 til::SExpr *E = translate(S, nullptr); 885 addStatement(E, S); 886 } 887 888 void SExprBuilder::handleDestructorCall(const VarDecl *VD, 889 const CXXDestructorDecl *DD) { 890 til::SExpr *Sf = new (Arena) til::LiteralPtr(VD); 891 til::SExpr *Dr = new (Arena) til::LiteralPtr(DD); 892 til::SExpr *Ap = new (Arena) til::Apply(Dr, Sf); 893 til::SExpr *E = new (Arena) til::Call(Ap); 894 addStatement(E, nullptr); 895 } 896 897 void SExprBuilder::exitCFGBlockBody(const CFGBlock *B) { 898 CurrentBB->instructions().reserve( 899 static_cast<unsigned>(CurrentInstructions.size()), Arena); 900 for (auto *V : CurrentInstructions) 901 CurrentBB->addInstruction(V); 902 903 // Create an appropriate terminator 904 unsigned N = B->succ_size(); 905 auto It = B->succ_begin(); 906 if (N == 1) { 907 til::BasicBlock *BB = *It ? lookupBlock(*It) : nullptr; 908 // TODO: set index 909 unsigned Idx = BB ? BB->findPredecessorIndex(CurrentBB) : 0; 910 auto *Tm = new (Arena) til::Goto(BB, Idx); 911 CurrentBB->setTerminator(Tm); 912 } 913 else if (N == 2) { 914 til::SExpr *C = translate(B->getTerminatorCondition(true), nullptr); 915 til::BasicBlock *BB1 = *It ? lookupBlock(*It) : nullptr; 916 ++It; 917 til::BasicBlock *BB2 = *It ? lookupBlock(*It) : nullptr; 918 // FIXME: make sure these aren't critical edges. 919 auto *Tm = new (Arena) til::Branch(C, BB1, BB2); 920 CurrentBB->setTerminator(Tm); 921 } 922 } 923 924 void SExprBuilder::handleSuccessor(const CFGBlock *Succ) { 925 ++CurrentBlockInfo->UnprocessedSuccessors; 926 } 927 928 void SExprBuilder::handleSuccessorBackEdge(const CFGBlock *Succ) { 929 mergePhiNodesBackEdge(Succ); 930 ++BBInfo[Succ->getBlockID()].ProcessedPredecessors; 931 } 932 933 void SExprBuilder::exitCFGBlock(const CFGBlock *B) { 934 CurrentArguments.clear(); 935 CurrentInstructions.clear(); 936 CurrentBlockInfo->ExitMap = std::move(CurrentLVarMap); 937 CurrentBB = nullptr; 938 CurrentBlockInfo = nullptr; 939 } 940 941 void SExprBuilder::exitCFG(const CFGBlock *Last) { 942 for (auto *Ph : IncompleteArgs) { 943 if (Ph->status() == til::Phi::PH_Incomplete) 944 simplifyIncompleteArg(Ph); 945 } 946 947 CurrentArguments.clear(); 948 CurrentInstructions.clear(); 949 IncompleteArgs.clear(); 950 } 951 952 /* 953 namespace { 954 955 class TILPrinter : 956 public til::PrettyPrinter<TILPrinter, llvm::raw_ostream> {}; 957 958 } // namespace 959 960 namespace clang { 961 namespace threadSafety { 962 963 void printSCFG(CFGWalker &Walker) { 964 llvm::BumpPtrAllocator Bpa; 965 til::MemRegionRef Arena(&Bpa); 966 SExprBuilder SxBuilder(Arena); 967 til::SCFG *Scfg = SxBuilder.buildCFG(Walker); 968 TILPrinter::print(Scfg, llvm::errs()); 969 } 970 971 } // namespace threadSafety 972 } // namespace clang 973 */ 974