1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
//===-- Value.h -------------------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file defines classes for values computed by abstract interpretation
// during dataflow analysis.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_VALUE_H
#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_VALUE_H
#include "clang/AST/Decl.h"
#include "clang/Analysis/FlowSensitive/Formula.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/StringMap.h"
#include "llvm/ADT/StringRef.h"
#include <cassert>
#include <utility>
namespace clang {
namespace dataflow {
/// Base class for all values computed by abstract interpretation.
///
/// Don't use `Value` instances by value. All `Value` instances are allocated
/// and owned by `DataflowAnalysisContext`.
class Value {
public:
enum class Kind {
Integer,
Pointer,
Record,
// TODO: Top values should not be need to be type-specific.
TopBool,
AtomicBool,
FormulaBool,
};
explicit Value(Kind ValKind) : ValKind(ValKind) {}
// Non-copyable because addresses of values are used as their identities
// throughout framework and user code. The framework is responsible for
// construction and destruction of values.
Value(const Value &) = delete;
Value &operator=(const Value &) = delete;
virtual ~Value() = default;
Kind getKind() const { return ValKind; }
/// Returns the value of the synthetic property with the given `Name` or null
/// if the property isn't assigned a value.
Value *getProperty(llvm::StringRef Name) const {
return Properties.lookup(Name);
}
/// Assigns `Val` as the value of the synthetic property with the given
/// `Name`.
///
/// Properties may not be set on `RecordValue`s; use synthetic fields instead
/// (for details, see documentation for `RecordStorageLocation`).
void setProperty(llvm::StringRef Name, Value &Val) {
assert(getKind() != Kind::Record);
Properties.insert_or_assign(Name, &Val);
}
llvm::iterator_range<llvm::StringMap<Value *>::const_iterator>
properties() const {
return {Properties.begin(), Properties.end()};
}
private:
Kind ValKind;
llvm::StringMap<Value *> Properties;
};
/// An equivalence relation for values. It obeys reflexivity, symmetry and
/// transitivity. It does *not* include comparison of `Properties`.
///
/// Computes equivalence for these subclasses:
/// * PointerValue -- pointee locations are equal. Does not compute deep
/// equality of `Value` at said location.
/// * TopBoolValue -- both are `TopBoolValue`s.
///
/// Otherwise, falls back to pointer equality.
bool areEquivalentValues(const Value &Val1, const Value &Val2);
/// Models a boolean.
class BoolValue : public Value {
const Formula *F;
public:
explicit BoolValue(Kind ValueKind, const Formula &F)
: Value(ValueKind), F(&F) {}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::TopBool ||
Val->getKind() == Kind::AtomicBool ||
Val->getKind() == Kind::FormulaBool;
}
const Formula &formula() const { return *F; }
};
/// A TopBoolValue represents a boolean that is explicitly unconstrained.
///
/// This is equivalent to an AtomicBoolValue that does not appear anywhere
/// else in a system of formula.
/// Knowing the value is unconstrained is useful when e.g. reasoning about
/// convergence.
class TopBoolValue final : public BoolValue {
public:
TopBoolValue(const Formula &F) : BoolValue(Kind::TopBool, F) {
assert(F.kind() == Formula::AtomRef);
}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::TopBool;
}
Atom getAtom() const { return formula().getAtom(); }
};
/// Models an atomic boolean.
///
/// FIXME: Merge this class into FormulaBoolValue.
/// When we want to specify atom identity, use Atom.
class AtomicBoolValue final : public BoolValue {
public:
explicit AtomicBoolValue(const Formula &F) : BoolValue(Kind::AtomicBool, F) {
assert(F.kind() == Formula::AtomRef);
}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::AtomicBool;
}
Atom getAtom() const { return formula().getAtom(); }
};
/// Models a compound boolean formula.
class FormulaBoolValue final : public BoolValue {
public:
explicit FormulaBoolValue(const Formula &F)
: BoolValue(Kind::FormulaBool, F) {
assert(F.kind() != Formula::AtomRef && "For now, use AtomicBoolValue");
}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::FormulaBool;
}
};
/// Models an integer.
class IntegerValue : public Value {
public:
explicit IntegerValue() : Value(Kind::Integer) {}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::Integer;
}
};
/// Models a symbolic pointer. Specifically, any value of type `T*`.
class PointerValue final : public Value {
public:
explicit PointerValue(StorageLocation &PointeeLoc)
: Value(Kind::Pointer), PointeeLoc(PointeeLoc) {}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::Pointer;
}
StorageLocation &getPointeeLoc() const { return PointeeLoc; }
private:
StorageLocation &PointeeLoc;
};
/// Models a value of `struct` or `class` type.
/// In C++, prvalues of class type serve only a limited purpose: They can only
/// be used to initialize a result object. It is not possible to access member
/// variables or call member functions on a prvalue of class type.
/// Correspondingly, `RecordValue` also serves only a limited purpose: It
/// conveys a prvalue of class type from the place where the object is
/// constructed to the result object that it initializes.
///
/// When creating a prvalue of class type, we already need a storage location
/// for `this`, even though prvalues are otherwise not associated with storage
/// locations. `RecordValue` is therefore essentially a wrapper for a storage
/// location, which is then used to set the storage location for the result
/// object when we process the AST node for that result object.
///
/// For example:
/// MyStruct S = MyStruct(3);
///
/// In this example, `MyStruct(3) is a prvalue, which is modeled as a
/// `RecordValue` that wraps a `RecordStorageLocation`. This
/// `RecordStorageLocation` is then used as the storage location for `S`.
///
/// Over time, we may eliminate `RecordValue` entirely. See also the discussion
/// here: https://reviews.llvm.org/D155204#inline-1503204
class RecordValue final : public Value {
public:
explicit RecordValue(RecordStorageLocation &Loc)
: Value(Kind::Record), Loc(Loc) {}
static bool classof(const Value *Val) {
return Val->getKind() == Kind::Record;
}
/// Returns the storage location that this `RecordValue` is associated with.
RecordStorageLocation &getLoc() const { return Loc; }
private:
RecordStorageLocation &Loc;
};
raw_ostream &operator<<(raw_ostream &OS, const Value &Val);
} // namespace dataflow
} // namespace clang
#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_VALUE_H
|
