xref: /freebsd/contrib/llvm-project/clang/lib/Analysis/ThreadSafetyCommon.cpp (revision c57c26179033f64c2011a2d2a904ee3fa62e826a)
1 //===- ThreadSafetyCommon.cpp ---------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Implementation of the interfaces declared in ThreadSafetyCommon.h
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "clang/Analysis/Analyses/ThreadSafetyCommon.h"
14 #include "clang/AST/Attr.h"
15 #include "clang/AST/Decl.h"
16 #include "clang/AST/DeclCXX.h"
17 #include "clang/AST/DeclGroup.h"
18 #include "clang/AST/DeclObjC.h"
19 #include "clang/AST/Expr.h"
20 #include "clang/AST/ExprCXX.h"
21 #include "clang/AST/OperationKinds.h"
22 #include "clang/AST/Stmt.h"
23 #include "clang/AST/Type.h"
24 #include "clang/Analysis/Analyses/ThreadSafetyTIL.h"
25 #include "clang/Analysis/CFG.h"
26 #include "clang/Basic/LLVM.h"
27 #include "clang/Basic/OperatorKinds.h"
28 #include "clang/Basic/Specifiers.h"
29 #include "llvm/ADT/StringExtras.h"
30 #include "llvm/ADT/StringRef.h"
31 #include "llvm/Support/Casting.h"
32 #include <algorithm>
33 #include <cassert>
34 #include <string>
35 #include <utility>
36 
37 using namespace clang;
38 using namespace threadSafety;
39 
40 // From ThreadSafetyUtil.h
41 std::string threadSafety::getSourceLiteralString(const Expr *CE) {
42   switch (CE->getStmtClass()) {
43     case Stmt::IntegerLiteralClass:
44       return toString(cast<IntegerLiteral>(CE)->getValue(), 10, true);
45     case Stmt::StringLiteralClass: {
46       std::string ret("\"");
47       ret += cast<StringLiteral>(CE)->getString();
48       ret += "\"";
49       return ret;
50     }
51     case Stmt::CharacterLiteralClass:
52     case Stmt::CXXNullPtrLiteralExprClass:
53     case Stmt::GNUNullExprClass:
54     case Stmt::CXXBoolLiteralExprClass:
55     case Stmt::FloatingLiteralClass:
56     case Stmt::ImaginaryLiteralClass:
57     case Stmt::ObjCStringLiteralClass:
58     default:
59       return "#lit";
60   }
61 }
62 
63 // Return true if E is a variable that points to an incomplete Phi node.
64 static bool isIncompletePhi(const til::SExpr *E) {
65   if (const auto *Ph = dyn_cast<til::Phi>(E))
66     return Ph->status() == til::Phi::PH_Incomplete;
67   return false;
68 }
69 
70 using CallingContext = SExprBuilder::CallingContext;
71 
72 til::SExpr *SExprBuilder::lookupStmt(const Stmt *S) { return SMap.lookup(S); }
73 
74 til::SCFG *SExprBuilder::buildCFG(CFGWalker &Walker) {
75   Walker.walk(*this);
76   return Scfg;
77 }
78 
79 static bool isCalleeArrow(const Expr *E) {
80   const auto *ME = dyn_cast<MemberExpr>(E->IgnoreParenCasts());
81   return ME ? ME->isArrow() : false;
82 }
83 
84 static StringRef ClassifyDiagnostic(const CapabilityAttr *A) {
85   return A->getName();
86 }
87 
88 static StringRef ClassifyDiagnostic(QualType VDT) {
89   // We need to look at the declaration of the type of the value to determine
90   // which it is. The type should either be a record or a typedef, or a pointer
91   // or reference thereof.
92   if (const auto *RT = VDT->getAs<RecordType>()) {
93     if (const auto *RD = RT->getDecl())
94       if (const auto *CA = RD->getAttr<CapabilityAttr>())
95         return ClassifyDiagnostic(CA);
96   } else if (const auto *TT = VDT->getAs<TypedefType>()) {
97     if (const auto *TD = TT->getDecl())
98       if (const auto *CA = TD->getAttr<CapabilityAttr>())
99         return ClassifyDiagnostic(CA);
100   } else if (VDT->isPointerType() || VDT->isReferenceType())
101     return ClassifyDiagnostic(VDT->getPointeeType());
102 
103   return "mutex";
104 }
105 
106 /// Translate a clang expression in an attribute to a til::SExpr.
107 /// Constructs the context from D, DeclExp, and SelfDecl.
108 ///
109 /// \param AttrExp The expression to translate.
110 /// \param D       The declaration to which the attribute is attached.
111 /// \param DeclExp An expression involving the Decl to which the attribute
112 ///                is attached.  E.g. the call to a function.
113 /// \param Self    S-expression to substitute for a \ref CXXThisExpr in a call,
114 ///                or argument to a cleanup function.
115 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp,
116                                                const NamedDecl *D,
117                                                const Expr *DeclExp,
118                                                til::SExpr *Self) {
119   // If we are processing a raw attribute expression, with no substitutions.
120   if (!DeclExp && !Self)
121     return translateAttrExpr(AttrExp, nullptr);
122 
123   CallingContext Ctx(nullptr, D);
124 
125   // Examine DeclExp to find SelfArg and FunArgs, which are used to substitute
126   // for formal parameters when we call buildMutexID later.
127   if (!DeclExp)
128     /* We'll use Self. */;
129   else if (const auto *ME = dyn_cast<MemberExpr>(DeclExp)) {
130     Ctx.SelfArg   = ME->getBase();
131     Ctx.SelfArrow = ME->isArrow();
132   } else if (const auto *CE = dyn_cast<CXXMemberCallExpr>(DeclExp)) {
133     Ctx.SelfArg   = CE->getImplicitObjectArgument();
134     Ctx.SelfArrow = isCalleeArrow(CE->getCallee());
135     Ctx.NumArgs   = CE->getNumArgs();
136     Ctx.FunArgs   = CE->getArgs();
137   } else if (const auto *CE = dyn_cast<CallExpr>(DeclExp)) {
138     Ctx.NumArgs = CE->getNumArgs();
139     Ctx.FunArgs = CE->getArgs();
140   } else if (const auto *CE = dyn_cast<CXXConstructExpr>(DeclExp)) {
141     Ctx.SelfArg = nullptr;  // Will be set below
142     Ctx.NumArgs = CE->getNumArgs();
143     Ctx.FunArgs = CE->getArgs();
144   }
145 
146   if (Self) {
147     assert(!Ctx.SelfArg && "Ambiguous self argument");
148     assert(isa<FunctionDecl>(D) && "Self argument requires function");
149     if (isa<CXXMethodDecl>(D))
150       Ctx.SelfArg = Self;
151     else
152       Ctx.FunArgs = Self;
153 
154     // If the attribute has no arguments, then assume the argument is "this".
155     if (!AttrExp)
156       return CapabilityExpr(
157           Self,
158           ClassifyDiagnostic(
159               cast<CXXMethodDecl>(D)->getFunctionObjectParameterType()),
160           false);
161     else  // For most attributes.
162       return translateAttrExpr(AttrExp, &Ctx);
163   }
164 
165   // If the attribute has no arguments, then assume the argument is "this".
166   if (!AttrExp)
167     return translateAttrExpr(cast<const Expr *>(Ctx.SelfArg), nullptr);
168   else  // For most attributes.
169     return translateAttrExpr(AttrExp, &Ctx);
170 }
171 
172 /// Translate a clang expression in an attribute to a til::SExpr.
173 // This assumes a CallingContext has already been created.
174 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp,
175                                                CallingContext *Ctx) {
176   if (!AttrExp)
177     return CapabilityExpr();
178 
179   if (const auto* SLit = dyn_cast<StringLiteral>(AttrExp)) {
180     if (SLit->getString() == StringRef("*"))
181       // The "*" expr is a universal lock, which essentially turns off
182       // checks until it is removed from the lockset.
183       return CapabilityExpr(new (Arena) til::Wildcard(), StringRef("wildcard"),
184                             false);
185     else
186       // Ignore other string literals for now.
187       return CapabilityExpr();
188   }
189 
190   bool Neg = false;
191   if (const auto *OE = dyn_cast<CXXOperatorCallExpr>(AttrExp)) {
192     if (OE->getOperator() == OO_Exclaim) {
193       Neg = true;
194       AttrExp = OE->getArg(0);
195     }
196   }
197   else if (const auto *UO = dyn_cast<UnaryOperator>(AttrExp)) {
198     if (UO->getOpcode() == UO_LNot) {
199       Neg = true;
200       AttrExp = UO->getSubExpr();
201     }
202   }
203 
204   til::SExpr *E = translate(AttrExp, Ctx);
205 
206   // Trap mutex expressions like nullptr, or 0.
207   // Any literal value is nonsense.
208   if (!E || isa<til::Literal>(E))
209     return CapabilityExpr();
210 
211   StringRef Kind = ClassifyDiagnostic(AttrExp->getType());
212 
213   // Hack to deal with smart pointers -- strip off top-level pointer casts.
214   if (const auto *CE = dyn_cast<til::Cast>(E)) {
215     if (CE->castOpcode() == til::CAST_objToPtr)
216       return CapabilityExpr(CE->expr(), Kind, Neg);
217   }
218   return CapabilityExpr(E, Kind, Neg);
219 }
220 
221 til::LiteralPtr *SExprBuilder::createVariable(const VarDecl *VD) {
222   return new (Arena) til::LiteralPtr(VD);
223 }
224 
225 std::pair<til::LiteralPtr *, StringRef>
226 SExprBuilder::createThisPlaceholder(const Expr *Exp) {
227   return {new (Arena) til::LiteralPtr(nullptr),
228           ClassifyDiagnostic(Exp->getType())};
229 }
230 
231 // Translate a clang statement or expression to a TIL expression.
232 // Also performs substitution of variables; Ctx provides the context.
233 // Dispatches on the type of S.
234 til::SExpr *SExprBuilder::translate(const Stmt *S, CallingContext *Ctx) {
235   if (!S)
236     return nullptr;
237 
238   // Check if S has already been translated and cached.
239   // This handles the lookup of SSA names for DeclRefExprs here.
240   if (til::SExpr *E = lookupStmt(S))
241     return E;
242 
243   switch (S->getStmtClass()) {
244   case Stmt::DeclRefExprClass:
245     return translateDeclRefExpr(cast<DeclRefExpr>(S), Ctx);
246   case Stmt::CXXThisExprClass:
247     return translateCXXThisExpr(cast<CXXThisExpr>(S), Ctx);
248   case Stmt::MemberExprClass:
249     return translateMemberExpr(cast<MemberExpr>(S), Ctx);
250   case Stmt::ObjCIvarRefExprClass:
251     return translateObjCIVarRefExpr(cast<ObjCIvarRefExpr>(S), Ctx);
252   case Stmt::CallExprClass:
253     return translateCallExpr(cast<CallExpr>(S), Ctx);
254   case Stmt::CXXMemberCallExprClass:
255     return translateCXXMemberCallExpr(cast<CXXMemberCallExpr>(S), Ctx);
256   case Stmt::CXXOperatorCallExprClass:
257     return translateCXXOperatorCallExpr(cast<CXXOperatorCallExpr>(S), Ctx);
258   case Stmt::UnaryOperatorClass:
259     return translateUnaryOperator(cast<UnaryOperator>(S), Ctx);
260   case Stmt::BinaryOperatorClass:
261   case Stmt::CompoundAssignOperatorClass:
262     return translateBinaryOperator(cast<BinaryOperator>(S), Ctx);
263 
264   case Stmt::ArraySubscriptExprClass:
265     return translateArraySubscriptExpr(cast<ArraySubscriptExpr>(S), Ctx);
266   case Stmt::ConditionalOperatorClass:
267     return translateAbstractConditionalOperator(
268              cast<ConditionalOperator>(S), Ctx);
269   case Stmt::BinaryConditionalOperatorClass:
270     return translateAbstractConditionalOperator(
271              cast<BinaryConditionalOperator>(S), Ctx);
272 
273   // We treat these as no-ops
274   case Stmt::ConstantExprClass:
275     return translate(cast<ConstantExpr>(S)->getSubExpr(), Ctx);
276   case Stmt::ParenExprClass:
277     return translate(cast<ParenExpr>(S)->getSubExpr(), Ctx);
278   case Stmt::ExprWithCleanupsClass:
279     return translate(cast<ExprWithCleanups>(S)->getSubExpr(), Ctx);
280   case Stmt::CXXBindTemporaryExprClass:
281     return translate(cast<CXXBindTemporaryExpr>(S)->getSubExpr(), Ctx);
282   case Stmt::MaterializeTemporaryExprClass:
283     return translate(cast<MaterializeTemporaryExpr>(S)->getSubExpr(), Ctx);
284 
285   // Collect all literals
286   case Stmt::CharacterLiteralClass:
287   case Stmt::CXXNullPtrLiteralExprClass:
288   case Stmt::GNUNullExprClass:
289   case Stmt::CXXBoolLiteralExprClass:
290   case Stmt::FloatingLiteralClass:
291   case Stmt::ImaginaryLiteralClass:
292   case Stmt::IntegerLiteralClass:
293   case Stmt::StringLiteralClass:
294   case Stmt::ObjCStringLiteralClass:
295     return new (Arena) til::Literal(cast<Expr>(S));
296 
297   case Stmt::DeclStmtClass:
298     return translateDeclStmt(cast<DeclStmt>(S), Ctx);
299   default:
300     break;
301   }
302   if (const auto *CE = dyn_cast<CastExpr>(S))
303     return translateCastExpr(CE, Ctx);
304 
305   return new (Arena) til::Undefined(S);
306 }
307 
308 til::SExpr *SExprBuilder::translateDeclRefExpr(const DeclRefExpr *DRE,
309                                                CallingContext *Ctx) {
310   const auto *VD = cast<ValueDecl>(DRE->getDecl()->getCanonicalDecl());
311 
312   // Function parameters require substitution and/or renaming.
313   if (const auto *PV = dyn_cast<ParmVarDecl>(VD)) {
314     unsigned I = PV->getFunctionScopeIndex();
315     const DeclContext *D = PV->getDeclContext();
316     if (Ctx && Ctx->FunArgs) {
317       const Decl *Canonical = Ctx->AttrDecl->getCanonicalDecl();
318       if (isa<FunctionDecl>(D)
319               ? (cast<FunctionDecl>(D)->getCanonicalDecl() == Canonical)
320               : (cast<ObjCMethodDecl>(D)->getCanonicalDecl() == Canonical)) {
321         // Substitute call arguments for references to function parameters
322         if (const Expr *const *FunArgs =
323                 Ctx->FunArgs.dyn_cast<const Expr *const *>()) {
324           assert(I < Ctx->NumArgs);
325           return translate(FunArgs[I], Ctx->Prev);
326         }
327 
328         assert(I == 0);
329         return Ctx->FunArgs.get<til::SExpr *>();
330       }
331     }
332     // Map the param back to the param of the original function declaration
333     // for consistent comparisons.
334     VD = isa<FunctionDecl>(D)
335              ? cast<FunctionDecl>(D)->getCanonicalDecl()->getParamDecl(I)
336              : cast<ObjCMethodDecl>(D)->getCanonicalDecl()->getParamDecl(I);
337   }
338 
339   // For non-local variables, treat it as a reference to a named object.
340   return new (Arena) til::LiteralPtr(VD);
341 }
342 
343 til::SExpr *SExprBuilder::translateCXXThisExpr(const CXXThisExpr *TE,
344                                                CallingContext *Ctx) {
345   // Substitute for 'this'
346   if (Ctx && Ctx->SelfArg) {
347     if (const auto *SelfArg = dyn_cast<const Expr *>(Ctx->SelfArg))
348       return translate(SelfArg, Ctx->Prev);
349     else
350       return cast<til::SExpr *>(Ctx->SelfArg);
351   }
352   assert(SelfVar && "We have no variable for 'this'!");
353   return SelfVar;
354 }
355 
356 static const ValueDecl *getValueDeclFromSExpr(const til::SExpr *E) {
357   if (const auto *V = dyn_cast<til::Variable>(E))
358     return V->clangDecl();
359   if (const auto *Ph = dyn_cast<til::Phi>(E))
360     return Ph->clangDecl();
361   if (const auto *P = dyn_cast<til::Project>(E))
362     return P->clangDecl();
363   if (const auto *L = dyn_cast<til::LiteralPtr>(E))
364     return L->clangDecl();
365   return nullptr;
366 }
367 
368 static bool hasAnyPointerType(const til::SExpr *E) {
369   auto *VD = getValueDeclFromSExpr(E);
370   if (VD && VD->getType()->isAnyPointerType())
371     return true;
372   if (const auto *C = dyn_cast<til::Cast>(E))
373     return C->castOpcode() == til::CAST_objToPtr;
374 
375   return false;
376 }
377 
378 // Grab the very first declaration of virtual method D
379 static const CXXMethodDecl *getFirstVirtualDecl(const CXXMethodDecl *D) {
380   while (true) {
381     D = D->getCanonicalDecl();
382     auto OverriddenMethods = D->overridden_methods();
383     if (OverriddenMethods.begin() == OverriddenMethods.end())
384       return D;  // Method does not override anything
385     // FIXME: this does not work with multiple inheritance.
386     D = *OverriddenMethods.begin();
387   }
388   return nullptr;
389 }
390 
391 til::SExpr *SExprBuilder::translateMemberExpr(const MemberExpr *ME,
392                                               CallingContext *Ctx) {
393   til::SExpr *BE = translate(ME->getBase(), Ctx);
394   til::SExpr *E  = new (Arena) til::SApply(BE);
395 
396   const auto *D = cast<ValueDecl>(ME->getMemberDecl()->getCanonicalDecl());
397   if (const auto *VD = dyn_cast<CXXMethodDecl>(D))
398     D = getFirstVirtualDecl(VD);
399 
400   til::Project *P = new (Arena) til::Project(E, D);
401   if (hasAnyPointerType(BE))
402     P->setArrow(true);
403   return P;
404 }
405 
406 til::SExpr *SExprBuilder::translateObjCIVarRefExpr(const ObjCIvarRefExpr *IVRE,
407                                                    CallingContext *Ctx) {
408   til::SExpr *BE = translate(IVRE->getBase(), Ctx);
409   til::SExpr *E = new (Arena) til::SApply(BE);
410 
411   const auto *D = cast<ObjCIvarDecl>(IVRE->getDecl()->getCanonicalDecl());
412 
413   til::Project *P = new (Arena) til::Project(E, D);
414   if (hasAnyPointerType(BE))
415     P->setArrow(true);
416   return P;
417 }
418 
419 til::SExpr *SExprBuilder::translateCallExpr(const CallExpr *CE,
420                                             CallingContext *Ctx,
421                                             const Expr *SelfE) {
422   if (CapabilityExprMode) {
423     // Handle LOCK_RETURNED
424     if (const FunctionDecl *FD = CE->getDirectCallee()) {
425       FD = FD->getMostRecentDecl();
426       if (LockReturnedAttr *At = FD->getAttr<LockReturnedAttr>()) {
427         CallingContext LRCallCtx(Ctx);
428         LRCallCtx.AttrDecl = CE->getDirectCallee();
429         LRCallCtx.SelfArg = SelfE;
430         LRCallCtx.NumArgs = CE->getNumArgs();
431         LRCallCtx.FunArgs = CE->getArgs();
432         return const_cast<til::SExpr *>(
433             translateAttrExpr(At->getArg(), &LRCallCtx).sexpr());
434       }
435     }
436   }
437 
438   til::SExpr *E = translate(CE->getCallee(), Ctx);
439   for (const auto *Arg : CE->arguments()) {
440     til::SExpr *A = translate(Arg, Ctx);
441     E = new (Arena) til::Apply(E, A);
442   }
443   return new (Arena) til::Call(E, CE);
444 }
445 
446 til::SExpr *SExprBuilder::translateCXXMemberCallExpr(
447     const CXXMemberCallExpr *ME, CallingContext *Ctx) {
448   if (CapabilityExprMode) {
449     // Ignore calls to get() on smart pointers.
450     if (ME->getMethodDecl()->getNameAsString() == "get" &&
451         ME->getNumArgs() == 0) {
452       auto *E = translate(ME->getImplicitObjectArgument(), Ctx);
453       return new (Arena) til::Cast(til::CAST_objToPtr, E);
454       // return E;
455     }
456   }
457   return translateCallExpr(cast<CallExpr>(ME), Ctx,
458                            ME->getImplicitObjectArgument());
459 }
460 
461 til::SExpr *SExprBuilder::translateCXXOperatorCallExpr(
462     const CXXOperatorCallExpr *OCE, CallingContext *Ctx) {
463   if (CapabilityExprMode) {
464     // Ignore operator * and operator -> on smart pointers.
465     OverloadedOperatorKind k = OCE->getOperator();
466     if (k == OO_Star || k == OO_Arrow) {
467       auto *E = translate(OCE->getArg(0), Ctx);
468       return new (Arena) til::Cast(til::CAST_objToPtr, E);
469       // return E;
470     }
471   }
472   return translateCallExpr(cast<CallExpr>(OCE), Ctx);
473 }
474 
475 til::SExpr *SExprBuilder::translateUnaryOperator(const UnaryOperator *UO,
476                                                  CallingContext *Ctx) {
477   switch (UO->getOpcode()) {
478   case UO_PostInc:
479   case UO_PostDec:
480   case UO_PreInc:
481   case UO_PreDec:
482     return new (Arena) til::Undefined(UO);
483 
484   case UO_AddrOf:
485     if (CapabilityExprMode) {
486       // interpret &Graph::mu_ as an existential.
487       if (const auto *DRE = dyn_cast<DeclRefExpr>(UO->getSubExpr())) {
488         if (DRE->getDecl()->isCXXInstanceMember()) {
489           // This is a pointer-to-member expression, e.g. &MyClass::mu_.
490           // We interpret this syntax specially, as a wildcard.
491           auto *W = new (Arena) til::Wildcard();
492           return new (Arena) til::Project(W, DRE->getDecl());
493         }
494       }
495     }
496     // otherwise, & is a no-op
497     return translate(UO->getSubExpr(), Ctx);
498 
499   // We treat these as no-ops
500   case UO_Deref:
501   case UO_Plus:
502     return translate(UO->getSubExpr(), Ctx);
503 
504   case UO_Minus:
505     return new (Arena)
506       til::UnaryOp(til::UOP_Minus, translate(UO->getSubExpr(), Ctx));
507   case UO_Not:
508     return new (Arena)
509       til::UnaryOp(til::UOP_BitNot, translate(UO->getSubExpr(), Ctx));
510   case UO_LNot:
511     return new (Arena)
512       til::UnaryOp(til::UOP_LogicNot, translate(UO->getSubExpr(), Ctx));
513 
514   // Currently unsupported
515   case UO_Real:
516   case UO_Imag:
517   case UO_Extension:
518   case UO_Coawait:
519     return new (Arena) til::Undefined(UO);
520   }
521   return new (Arena) til::Undefined(UO);
522 }
523 
524 til::SExpr *SExprBuilder::translateBinOp(til::TIL_BinaryOpcode Op,
525                                          const BinaryOperator *BO,
526                                          CallingContext *Ctx, bool Reverse) {
527    til::SExpr *E0 = translate(BO->getLHS(), Ctx);
528    til::SExpr *E1 = translate(BO->getRHS(), Ctx);
529    if (Reverse)
530      return new (Arena) til::BinaryOp(Op, E1, E0);
531    else
532      return new (Arena) til::BinaryOp(Op, E0, E1);
533 }
534 
535 til::SExpr *SExprBuilder::translateBinAssign(til::TIL_BinaryOpcode Op,
536                                              const BinaryOperator *BO,
537                                              CallingContext *Ctx,
538                                              bool Assign) {
539   const Expr *LHS = BO->getLHS();
540   const Expr *RHS = BO->getRHS();
541   til::SExpr *E0 = translate(LHS, Ctx);
542   til::SExpr *E1 = translate(RHS, Ctx);
543 
544   const ValueDecl *VD = nullptr;
545   til::SExpr *CV = nullptr;
546   if (const auto *DRE = dyn_cast<DeclRefExpr>(LHS)) {
547     VD = DRE->getDecl();
548     CV = lookupVarDecl(VD);
549   }
550 
551   if (!Assign) {
552     til::SExpr *Arg = CV ? CV : new (Arena) til::Load(E0);
553     E1 = new (Arena) til::BinaryOp(Op, Arg, E1);
554     E1 = addStatement(E1, nullptr, VD);
555   }
556   if (VD && CV)
557     return updateVarDecl(VD, E1);
558   return new (Arena) til::Store(E0, E1);
559 }
560 
561 til::SExpr *SExprBuilder::translateBinaryOperator(const BinaryOperator *BO,
562                                                   CallingContext *Ctx) {
563   switch (BO->getOpcode()) {
564   case BO_PtrMemD:
565   case BO_PtrMemI:
566     return new (Arena) til::Undefined(BO);
567 
568   case BO_Mul:  return translateBinOp(til::BOP_Mul, BO, Ctx);
569   case BO_Div:  return translateBinOp(til::BOP_Div, BO, Ctx);
570   case BO_Rem:  return translateBinOp(til::BOP_Rem, BO, Ctx);
571   case BO_Add:  return translateBinOp(til::BOP_Add, BO, Ctx);
572   case BO_Sub:  return translateBinOp(til::BOP_Sub, BO, Ctx);
573   case BO_Shl:  return translateBinOp(til::BOP_Shl, BO, Ctx);
574   case BO_Shr:  return translateBinOp(til::BOP_Shr, BO, Ctx);
575   case BO_LT:   return translateBinOp(til::BOP_Lt,  BO, Ctx);
576   case BO_GT:   return translateBinOp(til::BOP_Lt,  BO, Ctx, true);
577   case BO_LE:   return translateBinOp(til::BOP_Leq, BO, Ctx);
578   case BO_GE:   return translateBinOp(til::BOP_Leq, BO, Ctx, true);
579   case BO_EQ:   return translateBinOp(til::BOP_Eq,  BO, Ctx);
580   case BO_NE:   return translateBinOp(til::BOP_Neq, BO, Ctx);
581   case BO_Cmp:  return translateBinOp(til::BOP_Cmp, BO, Ctx);
582   case BO_And:  return translateBinOp(til::BOP_BitAnd,   BO, Ctx);
583   case BO_Xor:  return translateBinOp(til::BOP_BitXor,   BO, Ctx);
584   case BO_Or:   return translateBinOp(til::BOP_BitOr,    BO, Ctx);
585   case BO_LAnd: return translateBinOp(til::BOP_LogicAnd, BO, Ctx);
586   case BO_LOr:  return translateBinOp(til::BOP_LogicOr,  BO, Ctx);
587 
588   case BO_Assign:    return translateBinAssign(til::BOP_Eq,  BO, Ctx, true);
589   case BO_MulAssign: return translateBinAssign(til::BOP_Mul, BO, Ctx);
590   case BO_DivAssign: return translateBinAssign(til::BOP_Div, BO, Ctx);
591   case BO_RemAssign: return translateBinAssign(til::BOP_Rem, BO, Ctx);
592   case BO_AddAssign: return translateBinAssign(til::BOP_Add, BO, Ctx);
593   case BO_SubAssign: return translateBinAssign(til::BOP_Sub, BO, Ctx);
594   case BO_ShlAssign: return translateBinAssign(til::BOP_Shl, BO, Ctx);
595   case BO_ShrAssign: return translateBinAssign(til::BOP_Shr, BO, Ctx);
596   case BO_AndAssign: return translateBinAssign(til::BOP_BitAnd, BO, Ctx);
597   case BO_XorAssign: return translateBinAssign(til::BOP_BitXor, BO, Ctx);
598   case BO_OrAssign:  return translateBinAssign(til::BOP_BitOr,  BO, Ctx);
599 
600   case BO_Comma:
601     // The clang CFG should have already processed both sides.
602     return translate(BO->getRHS(), Ctx);
603   }
604   return new (Arena) til::Undefined(BO);
605 }
606 
607 til::SExpr *SExprBuilder::translateCastExpr(const CastExpr *CE,
608                                             CallingContext *Ctx) {
609   CastKind K = CE->getCastKind();
610   switch (K) {
611   case CK_LValueToRValue: {
612     if (const auto *DRE = dyn_cast<DeclRefExpr>(CE->getSubExpr())) {
613       til::SExpr *E0 = lookupVarDecl(DRE->getDecl());
614       if (E0)
615         return E0;
616     }
617     til::SExpr *E0 = translate(CE->getSubExpr(), Ctx);
618     return E0;
619     // FIXME!! -- get Load working properly
620     // return new (Arena) til::Load(E0);
621   }
622   case CK_NoOp:
623   case CK_DerivedToBase:
624   case CK_UncheckedDerivedToBase:
625   case CK_ArrayToPointerDecay:
626   case CK_FunctionToPointerDecay: {
627     til::SExpr *E0 = translate(CE->getSubExpr(), Ctx);
628     return E0;
629   }
630   default: {
631     // FIXME: handle different kinds of casts.
632     til::SExpr *E0 = translate(CE->getSubExpr(), Ctx);
633     if (CapabilityExprMode)
634       return E0;
635     return new (Arena) til::Cast(til::CAST_none, E0);
636   }
637   }
638 }
639 
640 til::SExpr *
641 SExprBuilder::translateArraySubscriptExpr(const ArraySubscriptExpr *E,
642                                           CallingContext *Ctx) {
643   til::SExpr *E0 = translate(E->getBase(), Ctx);
644   til::SExpr *E1 = translate(E->getIdx(), Ctx);
645   return new (Arena) til::ArrayIndex(E0, E1);
646 }
647 
648 til::SExpr *
649 SExprBuilder::translateAbstractConditionalOperator(
650     const AbstractConditionalOperator *CO, CallingContext *Ctx) {
651   auto *C = translate(CO->getCond(), Ctx);
652   auto *T = translate(CO->getTrueExpr(), Ctx);
653   auto *E = translate(CO->getFalseExpr(), Ctx);
654   return new (Arena) til::IfThenElse(C, T, E);
655 }
656 
657 til::SExpr *
658 SExprBuilder::translateDeclStmt(const DeclStmt *S, CallingContext *Ctx) {
659   DeclGroupRef DGrp = S->getDeclGroup();
660   for (auto *I : DGrp) {
661     if (auto *VD = dyn_cast_or_null<VarDecl>(I)) {
662       Expr *E = VD->getInit();
663       til::SExpr* SE = translate(E, Ctx);
664 
665       // Add local variables with trivial type to the variable map
666       QualType T = VD->getType();
667       if (T.isTrivialType(VD->getASTContext()))
668         return addVarDecl(VD, SE);
669       else {
670         // TODO: add alloca
671       }
672     }
673   }
674   return nullptr;
675 }
676 
677 // If (E) is non-trivial, then add it to the current basic block, and
678 // update the statement map so that S refers to E.  Returns a new variable
679 // that refers to E.
680 // If E is trivial returns E.
681 til::SExpr *SExprBuilder::addStatement(til::SExpr* E, const Stmt *S,
682                                        const ValueDecl *VD) {
683   if (!E || !CurrentBB || E->block() || til::ThreadSafetyTIL::isTrivial(E))
684     return E;
685   if (VD)
686     E = new (Arena) til::Variable(E, VD);
687   CurrentInstructions.push_back(E);
688   if (S)
689     insertStmt(S, E);
690   return E;
691 }
692 
693 // Returns the current value of VD, if known, and nullptr otherwise.
694 til::SExpr *SExprBuilder::lookupVarDecl(const ValueDecl *VD) {
695   auto It = LVarIdxMap.find(VD);
696   if (It != LVarIdxMap.end()) {
697     assert(CurrentLVarMap[It->second].first == VD);
698     return CurrentLVarMap[It->second].second;
699   }
700   return nullptr;
701 }
702 
703 // if E is a til::Variable, update its clangDecl.
704 static void maybeUpdateVD(til::SExpr *E, const ValueDecl *VD) {
705   if (!E)
706     return;
707   if (auto *V = dyn_cast<til::Variable>(E)) {
708     if (!V->clangDecl())
709       V->setClangDecl(VD);
710   }
711 }
712 
713 // Adds a new variable declaration.
714 til::SExpr *SExprBuilder::addVarDecl(const ValueDecl *VD, til::SExpr *E) {
715   maybeUpdateVD(E, VD);
716   LVarIdxMap.insert(std::make_pair(VD, CurrentLVarMap.size()));
717   CurrentLVarMap.makeWritable();
718   CurrentLVarMap.push_back(std::make_pair(VD, E));
719   return E;
720 }
721 
722 // Updates a current variable declaration.  (E.g. by assignment)
723 til::SExpr *SExprBuilder::updateVarDecl(const ValueDecl *VD, til::SExpr *E) {
724   maybeUpdateVD(E, VD);
725   auto It = LVarIdxMap.find(VD);
726   if (It == LVarIdxMap.end()) {
727     til::SExpr *Ptr = new (Arena) til::LiteralPtr(VD);
728     til::SExpr *St  = new (Arena) til::Store(Ptr, E);
729     return St;
730   }
731   CurrentLVarMap.makeWritable();
732   CurrentLVarMap.elem(It->second).second = E;
733   return E;
734 }
735 
736 // Make a Phi node in the current block for the i^th variable in CurrentVarMap.
737 // If E != null, sets Phi[CurrentBlockInfo->ArgIndex] = E.
738 // If E == null, this is a backedge and will be set later.
739 void SExprBuilder::makePhiNodeVar(unsigned i, unsigned NPreds, til::SExpr *E) {
740   unsigned ArgIndex = CurrentBlockInfo->ProcessedPredecessors;
741   assert(ArgIndex > 0 && ArgIndex < NPreds);
742 
743   til::SExpr *CurrE = CurrentLVarMap[i].second;
744   if (CurrE->block() == CurrentBB) {
745     // We already have a Phi node in the current block,
746     // so just add the new variable to the Phi node.
747     auto *Ph = dyn_cast<til::Phi>(CurrE);
748     assert(Ph && "Expecting Phi node.");
749     if (E)
750       Ph->values()[ArgIndex] = E;
751     return;
752   }
753 
754   // Make a new phi node: phi(..., E)
755   // All phi args up to the current index are set to the current value.
756   til::Phi *Ph = new (Arena) til::Phi(Arena, NPreds);
757   Ph->values().setValues(NPreds, nullptr);
758   for (unsigned PIdx = 0; PIdx < ArgIndex; ++PIdx)
759     Ph->values()[PIdx] = CurrE;
760   if (E)
761     Ph->values()[ArgIndex] = E;
762   Ph->setClangDecl(CurrentLVarMap[i].first);
763   // If E is from a back-edge, or either E or CurrE are incomplete, then
764   // mark this node as incomplete; we may need to remove it later.
765   if (!E || isIncompletePhi(E) || isIncompletePhi(CurrE))
766     Ph->setStatus(til::Phi::PH_Incomplete);
767 
768   // Add Phi node to current block, and update CurrentLVarMap[i]
769   CurrentArguments.push_back(Ph);
770   if (Ph->status() == til::Phi::PH_Incomplete)
771     IncompleteArgs.push_back(Ph);
772 
773   CurrentLVarMap.makeWritable();
774   CurrentLVarMap.elem(i).second = Ph;
775 }
776 
777 // Merge values from Map into the current variable map.
778 // This will construct Phi nodes in the current basic block as necessary.
779 void SExprBuilder::mergeEntryMap(LVarDefinitionMap Map) {
780   assert(CurrentBlockInfo && "Not processing a block!");
781 
782   if (!CurrentLVarMap.valid()) {
783     // Steal Map, using copy-on-write.
784     CurrentLVarMap = std::move(Map);
785     return;
786   }
787   if (CurrentLVarMap.sameAs(Map))
788     return;  // Easy merge: maps from different predecessors are unchanged.
789 
790   unsigned NPreds = CurrentBB->numPredecessors();
791   unsigned ESz = CurrentLVarMap.size();
792   unsigned MSz = Map.size();
793   unsigned Sz  = std::min(ESz, MSz);
794 
795   for (unsigned i = 0; i < Sz; ++i) {
796     if (CurrentLVarMap[i].first != Map[i].first) {
797       // We've reached the end of variables in common.
798       CurrentLVarMap.makeWritable();
799       CurrentLVarMap.downsize(i);
800       break;
801     }
802     if (CurrentLVarMap[i].second != Map[i].second)
803       makePhiNodeVar(i, NPreds, Map[i].second);
804   }
805   if (ESz > MSz) {
806     CurrentLVarMap.makeWritable();
807     CurrentLVarMap.downsize(Map.size());
808   }
809 }
810 
811 // Merge a back edge into the current variable map.
812 // This will create phi nodes for all variables in the variable map.
813 void SExprBuilder::mergeEntryMapBackEdge() {
814   // We don't have definitions for variables on the backedge, because we
815   // haven't gotten that far in the CFG.  Thus, when encountering a back edge,
816   // we conservatively create Phi nodes for all variables.  Unnecessary Phi
817   // nodes will be marked as incomplete, and stripped out at the end.
818   //
819   // An Phi node is unnecessary if it only refers to itself and one other
820   // variable, e.g. x = Phi(y, y, x)  can be reduced to x = y.
821 
822   assert(CurrentBlockInfo && "Not processing a block!");
823 
824   if (CurrentBlockInfo->HasBackEdges)
825     return;
826   CurrentBlockInfo->HasBackEdges = true;
827 
828   CurrentLVarMap.makeWritable();
829   unsigned Sz = CurrentLVarMap.size();
830   unsigned NPreds = CurrentBB->numPredecessors();
831 
832   for (unsigned i = 0; i < Sz; ++i)
833     makePhiNodeVar(i, NPreds, nullptr);
834 }
835 
836 // Update the phi nodes that were initially created for a back edge
837 // once the variable definitions have been computed.
838 // I.e., merge the current variable map into the phi nodes for Blk.
839 void SExprBuilder::mergePhiNodesBackEdge(const CFGBlock *Blk) {
840   til::BasicBlock *BB = lookupBlock(Blk);
841   unsigned ArgIndex = BBInfo[Blk->getBlockID()].ProcessedPredecessors;
842   assert(ArgIndex > 0 && ArgIndex < BB->numPredecessors());
843 
844   for (til::SExpr *PE : BB->arguments()) {
845     auto *Ph = dyn_cast_or_null<til::Phi>(PE);
846     assert(Ph && "Expecting Phi Node.");
847     assert(Ph->values()[ArgIndex] == nullptr && "Wrong index for back edge.");
848 
849     til::SExpr *E = lookupVarDecl(Ph->clangDecl());
850     assert(E && "Couldn't find local variable for Phi node.");
851     Ph->values()[ArgIndex] = E;
852   }
853 }
854 
855 void SExprBuilder::enterCFG(CFG *Cfg, const NamedDecl *D,
856                             const CFGBlock *First) {
857   // Perform initial setup operations.
858   unsigned NBlocks = Cfg->getNumBlockIDs();
859   Scfg = new (Arena) til::SCFG(Arena, NBlocks);
860 
861   // allocate all basic blocks immediately, to handle forward references.
862   BBInfo.resize(NBlocks);
863   BlockMap.resize(NBlocks, nullptr);
864   // create map from clang blockID to til::BasicBlocks
865   for (auto *B : *Cfg) {
866     auto *BB = new (Arena) til::BasicBlock(Arena);
867     BB->reserveInstructions(B->size());
868     BlockMap[B->getBlockID()] = BB;
869   }
870 
871   CurrentBB = lookupBlock(&Cfg->getEntry());
872   auto Parms = isa<ObjCMethodDecl>(D) ? cast<ObjCMethodDecl>(D)->parameters()
873                                       : cast<FunctionDecl>(D)->parameters();
874   for (auto *Pm : Parms) {
875     QualType T = Pm->getType();
876     if (!T.isTrivialType(Pm->getASTContext()))
877       continue;
878 
879     // Add parameters to local variable map.
880     // FIXME: right now we emulate params with loads; that should be fixed.
881     til::SExpr *Lp = new (Arena) til::LiteralPtr(Pm);
882     til::SExpr *Ld = new (Arena) til::Load(Lp);
883     til::SExpr *V  = addStatement(Ld, nullptr, Pm);
884     addVarDecl(Pm, V);
885   }
886 }
887 
888 void SExprBuilder::enterCFGBlock(const CFGBlock *B) {
889   // Initialize TIL basic block and add it to the CFG.
890   CurrentBB = lookupBlock(B);
891   CurrentBB->reservePredecessors(B->pred_size());
892   Scfg->add(CurrentBB);
893 
894   CurrentBlockInfo = &BBInfo[B->getBlockID()];
895 
896   // CurrentLVarMap is moved to ExitMap on block exit.
897   // FIXME: the entry block will hold function parameters.
898   // assert(!CurrentLVarMap.valid() && "CurrentLVarMap already initialized.");
899 }
900 
901 void SExprBuilder::handlePredecessor(const CFGBlock *Pred) {
902   // Compute CurrentLVarMap on entry from ExitMaps of predecessors
903 
904   CurrentBB->addPredecessor(BlockMap[Pred->getBlockID()]);
905   BlockInfo *PredInfo = &BBInfo[Pred->getBlockID()];
906   assert(PredInfo->UnprocessedSuccessors > 0);
907 
908   if (--PredInfo->UnprocessedSuccessors == 0)
909     mergeEntryMap(std::move(PredInfo->ExitMap));
910   else
911     mergeEntryMap(PredInfo->ExitMap.clone());
912 
913   ++CurrentBlockInfo->ProcessedPredecessors;
914 }
915 
916 void SExprBuilder::handlePredecessorBackEdge(const CFGBlock *Pred) {
917   mergeEntryMapBackEdge();
918 }
919 
920 void SExprBuilder::enterCFGBlockBody(const CFGBlock *B) {
921   // The merge*() methods have created arguments.
922   // Push those arguments onto the basic block.
923   CurrentBB->arguments().reserve(
924     static_cast<unsigned>(CurrentArguments.size()), Arena);
925   for (auto *A : CurrentArguments)
926     CurrentBB->addArgument(A);
927 }
928 
929 void SExprBuilder::handleStatement(const Stmt *S) {
930   til::SExpr *E = translate(S, nullptr);
931   addStatement(E, S);
932 }
933 
934 void SExprBuilder::handleDestructorCall(const VarDecl *VD,
935                                         const CXXDestructorDecl *DD) {
936   til::SExpr *Sf = new (Arena) til::LiteralPtr(VD);
937   til::SExpr *Dr = new (Arena) til::LiteralPtr(DD);
938   til::SExpr *Ap = new (Arena) til::Apply(Dr, Sf);
939   til::SExpr *E = new (Arena) til::Call(Ap);
940   addStatement(E, nullptr);
941 }
942 
943 void SExprBuilder::exitCFGBlockBody(const CFGBlock *B) {
944   CurrentBB->instructions().reserve(
945     static_cast<unsigned>(CurrentInstructions.size()), Arena);
946   for (auto *V : CurrentInstructions)
947     CurrentBB->addInstruction(V);
948 
949   // Create an appropriate terminator
950   unsigned N = B->succ_size();
951   auto It = B->succ_begin();
952   if (N == 1) {
953     til::BasicBlock *BB = *It ? lookupBlock(*It) : nullptr;
954     // TODO: set index
955     unsigned Idx = BB ? BB->findPredecessorIndex(CurrentBB) : 0;
956     auto *Tm = new (Arena) til::Goto(BB, Idx);
957     CurrentBB->setTerminator(Tm);
958   }
959   else if (N == 2) {
960     til::SExpr *C = translate(B->getTerminatorCondition(true), nullptr);
961     til::BasicBlock *BB1 = *It ? lookupBlock(*It) : nullptr;
962     ++It;
963     til::BasicBlock *BB2 = *It ? lookupBlock(*It) : nullptr;
964     // FIXME: make sure these aren't critical edges.
965     auto *Tm = new (Arena) til::Branch(C, BB1, BB2);
966     CurrentBB->setTerminator(Tm);
967   }
968 }
969 
970 void SExprBuilder::handleSuccessor(const CFGBlock *Succ) {
971   ++CurrentBlockInfo->UnprocessedSuccessors;
972 }
973 
974 void SExprBuilder::handleSuccessorBackEdge(const CFGBlock *Succ) {
975   mergePhiNodesBackEdge(Succ);
976   ++BBInfo[Succ->getBlockID()].ProcessedPredecessors;
977 }
978 
979 void SExprBuilder::exitCFGBlock(const CFGBlock *B) {
980   CurrentArguments.clear();
981   CurrentInstructions.clear();
982   CurrentBlockInfo->ExitMap = std::move(CurrentLVarMap);
983   CurrentBB = nullptr;
984   CurrentBlockInfo = nullptr;
985 }
986 
987 void SExprBuilder::exitCFG(const CFGBlock *Last) {
988   for (auto *Ph : IncompleteArgs) {
989     if (Ph->status() == til::Phi::PH_Incomplete)
990       simplifyIncompleteArg(Ph);
991   }
992 
993   CurrentArguments.clear();
994   CurrentInstructions.clear();
995   IncompleteArgs.clear();
996 }
997 
998 /*
999 namespace {
1000 
1001 class TILPrinter :
1002     public til::PrettyPrinter<TILPrinter, llvm::raw_ostream> {};
1003 
1004 } // namespace
1005 
1006 namespace clang {
1007 namespace threadSafety {
1008 
1009 void printSCFG(CFGWalker &Walker) {
1010   llvm::BumpPtrAllocator Bpa;
1011   til::MemRegionRef Arena(&Bpa);
1012   SExprBuilder SxBuilder(Arena);
1013   til::SCFG *Scfg = SxBuilder.buildCFG(Walker);
1014   TILPrinter::print(Scfg, llvm::errs());
1015 }
1016 
1017 } // namespace threadSafety
1018 } // namespace clang
1019 */
1020