1 //===- ThreadSafetyCommon.cpp ---------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Implementation of the interfaces declared in ThreadSafetyCommon.h
10 //
11 //===----------------------------------------------------------------------===//
12
13 #include "clang/Analysis/Analyses/ThreadSafetyCommon.h"
14 #include "clang/AST/Attr.h"
15 #include "clang/AST/Decl.h"
16 #include "clang/AST/DeclCXX.h"
17 #include "clang/AST/DeclGroup.h"
18 #include "clang/AST/DeclObjC.h"
19 #include "clang/AST/Expr.h"
20 #include "clang/AST/ExprCXX.h"
21 #include "clang/AST/OperationKinds.h"
22 #include "clang/AST/Stmt.h"
23 #include "clang/AST/Type.h"
24 #include "clang/Analysis/Analyses/ThreadSafetyTIL.h"
25 #include "clang/Analysis/CFG.h"
26 #include "clang/Basic/LLVM.h"
27 #include "clang/Basic/OperatorKinds.h"
28 #include "clang/Basic/Specifiers.h"
29 #include "llvm/ADT/StringExtras.h"
30 #include "llvm/ADT/StringRef.h"
31 #include "llvm/Support/Casting.h"
32 #include <algorithm>
33 #include <cassert>
34 #include <string>
35 #include <utility>
36
37 using namespace clang;
38 using namespace threadSafety;
39
40 // From ThreadSafetyUtil.h
getSourceLiteralString(const Expr * CE)41 std::string threadSafety::getSourceLiteralString(const Expr *CE) {
42 switch (CE->getStmtClass()) {
43 case Stmt::IntegerLiteralClass:
44 return toString(cast<IntegerLiteral>(CE)->getValue(), 10, true);
45 case Stmt::StringLiteralClass: {
46 std::string ret("\"");
47 ret += cast<StringLiteral>(CE)->getString();
48 ret += "\"";
49 return ret;
50 }
51 case Stmt::CharacterLiteralClass:
52 case Stmt::CXXNullPtrLiteralExprClass:
53 case Stmt::GNUNullExprClass:
54 case Stmt::CXXBoolLiteralExprClass:
55 case Stmt::FloatingLiteralClass:
56 case Stmt::ImaginaryLiteralClass:
57 case Stmt::ObjCStringLiteralClass:
58 default:
59 return "#lit";
60 }
61 }
62
63 // Return true if E is a variable that points to an incomplete Phi node.
isIncompletePhi(const til::SExpr * E)64 static bool isIncompletePhi(const til::SExpr *E) {
65 if (const auto *Ph = dyn_cast<til::Phi>(E))
66 return Ph->status() == til::Phi::PH_Incomplete;
67 return false;
68 }
69
70 using CallingContext = SExprBuilder::CallingContext;
71
lookupStmt(const Stmt * S)72 til::SExpr *SExprBuilder::lookupStmt(const Stmt *S) {
73 auto It = SMap.find(S);
74 if (It != SMap.end())
75 return It->second;
76 return nullptr;
77 }
78
buildCFG(CFGWalker & Walker)79 til::SCFG *SExprBuilder::buildCFG(CFGWalker &Walker) {
80 Walker.walk(*this);
81 return Scfg;
82 }
83
isCalleeArrow(const Expr * E)84 static bool isCalleeArrow(const Expr *E) {
85 const auto *ME = dyn_cast<MemberExpr>(E->IgnoreParenCasts());
86 return ME ? ME->isArrow() : false;
87 }
88
ClassifyDiagnostic(const CapabilityAttr * A)89 static StringRef ClassifyDiagnostic(const CapabilityAttr *A) {
90 return A->getName();
91 }
92
ClassifyDiagnostic(QualType VDT)93 static StringRef ClassifyDiagnostic(QualType VDT) {
94 // We need to look at the declaration of the type of the value to determine
95 // which it is. The type should either be a record or a typedef, or a pointer
96 // or reference thereof.
97 if (const auto *RT = VDT->getAs<RecordType>()) {
98 if (const auto *RD = RT->getDecl())
99 if (const auto *CA = RD->getAttr<CapabilityAttr>())
100 return ClassifyDiagnostic(CA);
101 } else if (const auto *TT = VDT->getAs<TypedefType>()) {
102 if (const auto *TD = TT->getDecl())
103 if (const auto *CA = TD->getAttr<CapabilityAttr>())
104 return ClassifyDiagnostic(CA);
105 } else if (VDT->isPointerType() || VDT->isReferenceType())
106 return ClassifyDiagnostic(VDT->getPointeeType());
107
108 return "mutex";
109 }
110
111 /// Translate a clang expression in an attribute to a til::SExpr.
112 /// Constructs the context from D, DeclExp, and SelfDecl.
113 ///
114 /// \param AttrExp The expression to translate.
115 /// \param D The declaration to which the attribute is attached.
116 /// \param DeclExp An expression involving the Decl to which the attribute
117 /// is attached. E.g. the call to a function.
118 /// \param Self S-expression to substitute for a \ref CXXThisExpr.
translateAttrExpr(const Expr * AttrExp,const NamedDecl * D,const Expr * DeclExp,til::SExpr * Self)119 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp,
120 const NamedDecl *D,
121 const Expr *DeclExp,
122 til::SExpr *Self) {
123 // If we are processing a raw attribute expression, with no substitutions.
124 if (!DeclExp && !Self)
125 return translateAttrExpr(AttrExp, nullptr);
126
127 CallingContext Ctx(nullptr, D);
128
129 // Examine DeclExp to find SelfArg and FunArgs, which are used to substitute
130 // for formal parameters when we call buildMutexID later.
131 if (!DeclExp)
132 /* We'll use Self. */;
133 else if (const auto *ME = dyn_cast<MemberExpr>(DeclExp)) {
134 Ctx.SelfArg = ME->getBase();
135 Ctx.SelfArrow = ME->isArrow();
136 } else if (const auto *CE = dyn_cast<CXXMemberCallExpr>(DeclExp)) {
137 Ctx.SelfArg = CE->getImplicitObjectArgument();
138 Ctx.SelfArrow = isCalleeArrow(CE->getCallee());
139 Ctx.NumArgs = CE->getNumArgs();
140 Ctx.FunArgs = CE->getArgs();
141 } else if (const auto *CE = dyn_cast<CallExpr>(DeclExp)) {
142 Ctx.NumArgs = CE->getNumArgs();
143 Ctx.FunArgs = CE->getArgs();
144 } else if (const auto *CE = dyn_cast<CXXConstructExpr>(DeclExp)) {
145 Ctx.SelfArg = nullptr; // Will be set below
146 Ctx.NumArgs = CE->getNumArgs();
147 Ctx.FunArgs = CE->getArgs();
148 }
149
150 if (Self) {
151 assert(!Ctx.SelfArg && "Ambiguous self argument");
152 Ctx.SelfArg = Self;
153
154 // If the attribute has no arguments, then assume the argument is "this".
155 if (!AttrExp)
156 return CapabilityExpr(
157 Self, ClassifyDiagnostic(cast<CXXMethodDecl>(D)->getThisObjectType()),
158 false);
159 else // For most attributes.
160 return translateAttrExpr(AttrExp, &Ctx);
161 }
162
163 // If the attribute has no arguments, then assume the argument is "this".
164 if (!AttrExp)
165 return translateAttrExpr(cast<const Expr *>(Ctx.SelfArg), nullptr);
166 else // For most attributes.
167 return translateAttrExpr(AttrExp, &Ctx);
168 }
169
170 /// Translate a clang expression in an attribute to a til::SExpr.
171 // This assumes a CallingContext has already been created.
translateAttrExpr(const Expr * AttrExp,CallingContext * Ctx)172 CapabilityExpr SExprBuilder::translateAttrExpr(const Expr *AttrExp,
173 CallingContext *Ctx) {
174 if (!AttrExp)
175 return CapabilityExpr();
176
177 if (const auto* SLit = dyn_cast<StringLiteral>(AttrExp)) {
178 if (SLit->getString() == StringRef("*"))
179 // The "*" expr is a universal lock, which essentially turns off
180 // checks until it is removed from the lockset.
181 return CapabilityExpr(new (Arena) til::Wildcard(), StringRef("wildcard"),
182 false);
183 else
184 // Ignore other string literals for now.
185 return CapabilityExpr();
186 }
187
188 bool Neg = false;
189 if (const auto *OE = dyn_cast<CXXOperatorCallExpr>(AttrExp)) {
190 if (OE->getOperator() == OO_Exclaim) {
191 Neg = true;
192 AttrExp = OE->getArg(0);
193 }
194 }
195 else if (const auto *UO = dyn_cast<UnaryOperator>(AttrExp)) {
196 if (UO->getOpcode() == UO_LNot) {
197 Neg = true;
198 AttrExp = UO->getSubExpr();
199 }
200 }
201
202 til::SExpr *E = translate(AttrExp, Ctx);
203
204 // Trap mutex expressions like nullptr, or 0.
205 // Any literal value is nonsense.
206 if (!E || isa<til::Literal>(E))
207 return CapabilityExpr();
208
209 StringRef Kind = ClassifyDiagnostic(AttrExp->getType());
210
211 // Hack to deal with smart pointers -- strip off top-level pointer casts.
212 if (const auto *CE = dyn_cast<til::Cast>(E)) {
213 if (CE->castOpcode() == til::CAST_objToPtr)
214 return CapabilityExpr(CE->expr(), Kind, Neg);
215 }
216 return CapabilityExpr(E, Kind, Neg);
217 }
218
createVariable(const VarDecl * VD)219 til::LiteralPtr *SExprBuilder::createVariable(const VarDecl *VD) {
220 return new (Arena) til::LiteralPtr(VD);
221 }
222
223 std::pair<til::LiteralPtr *, StringRef>
createThisPlaceholder(const Expr * Exp)224 SExprBuilder::createThisPlaceholder(const Expr *Exp) {
225 return {new (Arena) til::LiteralPtr(nullptr),
226 ClassifyDiagnostic(Exp->getType())};
227 }
228
229 // Translate a clang statement or expression to a TIL expression.
230 // Also performs substitution of variables; Ctx provides the context.
231 // Dispatches on the type of S.
translate(const Stmt * S,CallingContext * Ctx)232 til::SExpr *SExprBuilder::translate(const Stmt *S, CallingContext *Ctx) {
233 if (!S)
234 return nullptr;
235
236 // Check if S has already been translated and cached.
237 // This handles the lookup of SSA names for DeclRefExprs here.
238 if (til::SExpr *E = lookupStmt(S))
239 return E;
240
241 switch (S->getStmtClass()) {
242 case Stmt::DeclRefExprClass:
243 return translateDeclRefExpr(cast<DeclRefExpr>(S), Ctx);
244 case Stmt::CXXThisExprClass:
245 return translateCXXThisExpr(cast<CXXThisExpr>(S), Ctx);
246 case Stmt::MemberExprClass:
247 return translateMemberExpr(cast<MemberExpr>(S), Ctx);
248 case Stmt::ObjCIvarRefExprClass:
249 return translateObjCIVarRefExpr(cast<ObjCIvarRefExpr>(S), Ctx);
250 case Stmt::CallExprClass:
251 return translateCallExpr(cast<CallExpr>(S), Ctx);
252 case Stmt::CXXMemberCallExprClass:
253 return translateCXXMemberCallExpr(cast<CXXMemberCallExpr>(S), Ctx);
254 case Stmt::CXXOperatorCallExprClass:
255 return translateCXXOperatorCallExpr(cast<CXXOperatorCallExpr>(S), Ctx);
256 case Stmt::UnaryOperatorClass:
257 return translateUnaryOperator(cast<UnaryOperator>(S), Ctx);
258 case Stmt::BinaryOperatorClass:
259 case Stmt::CompoundAssignOperatorClass:
260 return translateBinaryOperator(cast<BinaryOperator>(S), Ctx);
261
262 case Stmt::ArraySubscriptExprClass:
263 return translateArraySubscriptExpr(cast<ArraySubscriptExpr>(S), Ctx);
264 case Stmt::ConditionalOperatorClass:
265 return translateAbstractConditionalOperator(
266 cast<ConditionalOperator>(S), Ctx);
267 case Stmt::BinaryConditionalOperatorClass:
268 return translateAbstractConditionalOperator(
269 cast<BinaryConditionalOperator>(S), Ctx);
270
271 // We treat these as no-ops
272 case Stmt::ConstantExprClass:
273 return translate(cast<ConstantExpr>(S)->getSubExpr(), Ctx);
274 case Stmt::ParenExprClass:
275 return translate(cast<ParenExpr>(S)->getSubExpr(), Ctx);
276 case Stmt::ExprWithCleanupsClass:
277 return translate(cast<ExprWithCleanups>(S)->getSubExpr(), Ctx);
278 case Stmt::CXXBindTemporaryExprClass:
279 return translate(cast<CXXBindTemporaryExpr>(S)->getSubExpr(), Ctx);
280 case Stmt::MaterializeTemporaryExprClass:
281 return translate(cast<MaterializeTemporaryExpr>(S)->getSubExpr(), Ctx);
282
283 // Collect all literals
284 case Stmt::CharacterLiteralClass:
285 case Stmt::CXXNullPtrLiteralExprClass:
286 case Stmt::GNUNullExprClass:
287 case Stmt::CXXBoolLiteralExprClass:
288 case Stmt::FloatingLiteralClass:
289 case Stmt::ImaginaryLiteralClass:
290 case Stmt::IntegerLiteralClass:
291 case Stmt::StringLiteralClass:
292 case Stmt::ObjCStringLiteralClass:
293 return new (Arena) til::Literal(cast<Expr>(S));
294
295 case Stmt::DeclStmtClass:
296 return translateDeclStmt(cast<DeclStmt>(S), Ctx);
297 default:
298 break;
299 }
300 if (const auto *CE = dyn_cast<CastExpr>(S))
301 return translateCastExpr(CE, Ctx);
302
303 return new (Arena) til::Undefined(S);
304 }
305
translateDeclRefExpr(const DeclRefExpr * DRE,CallingContext * Ctx)306 til::SExpr *SExprBuilder::translateDeclRefExpr(const DeclRefExpr *DRE,
307 CallingContext *Ctx) {
308 const auto *VD = cast<ValueDecl>(DRE->getDecl()->getCanonicalDecl());
309
310 // Function parameters require substitution and/or renaming.
311 if (const auto *PV = dyn_cast<ParmVarDecl>(VD)) {
312 unsigned I = PV->getFunctionScopeIndex();
313 const DeclContext *D = PV->getDeclContext();
314 if (Ctx && Ctx->FunArgs) {
315 const Decl *Canonical = Ctx->AttrDecl->getCanonicalDecl();
316 if (isa<FunctionDecl>(D)
317 ? (cast<FunctionDecl>(D)->getCanonicalDecl() == Canonical)
318 : (cast<ObjCMethodDecl>(D)->getCanonicalDecl() == Canonical)) {
319 // Substitute call arguments for references to function parameters
320 assert(I < Ctx->NumArgs);
321 return translate(Ctx->FunArgs[I], Ctx->Prev);
322 }
323 }
324 // Map the param back to the param of the original function declaration
325 // for consistent comparisons.
326 VD = isa<FunctionDecl>(D)
327 ? cast<FunctionDecl>(D)->getCanonicalDecl()->getParamDecl(I)
328 : cast<ObjCMethodDecl>(D)->getCanonicalDecl()->getParamDecl(I);
329 }
330
331 // For non-local variables, treat it as a reference to a named object.
332 return new (Arena) til::LiteralPtr(VD);
333 }
334
translateCXXThisExpr(const CXXThisExpr * TE,CallingContext * Ctx)335 til::SExpr *SExprBuilder::translateCXXThisExpr(const CXXThisExpr *TE,
336 CallingContext *Ctx) {
337 // Substitute for 'this'
338 if (Ctx && Ctx->SelfArg) {
339 if (const auto *SelfArg = dyn_cast<const Expr *>(Ctx->SelfArg))
340 return translate(SelfArg, Ctx->Prev);
341 else
342 return cast<til::SExpr *>(Ctx->SelfArg);
343 }
344 assert(SelfVar && "We have no variable for 'this'!");
345 return SelfVar;
346 }
347
getValueDeclFromSExpr(const til::SExpr * E)348 static const ValueDecl *getValueDeclFromSExpr(const til::SExpr *E) {
349 if (const auto *V = dyn_cast<til::Variable>(E))
350 return V->clangDecl();
351 if (const auto *Ph = dyn_cast<til::Phi>(E))
352 return Ph->clangDecl();
353 if (const auto *P = dyn_cast<til::Project>(E))
354 return P->clangDecl();
355 if (const auto *L = dyn_cast<til::LiteralPtr>(E))
356 return L->clangDecl();
357 return nullptr;
358 }
359
hasAnyPointerType(const til::SExpr * E)360 static bool hasAnyPointerType(const til::SExpr *E) {
361 auto *VD = getValueDeclFromSExpr(E);
362 if (VD && VD->getType()->isAnyPointerType())
363 return true;
364 if (const auto *C = dyn_cast<til::Cast>(E))
365 return C->castOpcode() == til::CAST_objToPtr;
366
367 return false;
368 }
369
370 // Grab the very first declaration of virtual method D
getFirstVirtualDecl(const CXXMethodDecl * D)371 static const CXXMethodDecl *getFirstVirtualDecl(const CXXMethodDecl *D) {
372 while (true) {
373 D = D->getCanonicalDecl();
374 auto OverriddenMethods = D->overridden_methods();
375 if (OverriddenMethods.begin() == OverriddenMethods.end())
376 return D; // Method does not override anything
377 // FIXME: this does not work with multiple inheritance.
378 D = *OverriddenMethods.begin();
379 }
380 return nullptr;
381 }
382
translateMemberExpr(const MemberExpr * ME,CallingContext * Ctx)383 til::SExpr *SExprBuilder::translateMemberExpr(const MemberExpr *ME,
384 CallingContext *Ctx) {
385 til::SExpr *BE = translate(ME->getBase(), Ctx);
386 til::SExpr *E = new (Arena) til::SApply(BE);
387
388 const auto *D = cast<ValueDecl>(ME->getMemberDecl()->getCanonicalDecl());
389 if (const auto *VD = dyn_cast<CXXMethodDecl>(D))
390 D = getFirstVirtualDecl(VD);
391
392 til::Project *P = new (Arena) til::Project(E, D);
393 if (hasAnyPointerType(BE))
394 P->setArrow(true);
395 return P;
396 }
397
translateObjCIVarRefExpr(const ObjCIvarRefExpr * IVRE,CallingContext * Ctx)398 til::SExpr *SExprBuilder::translateObjCIVarRefExpr(const ObjCIvarRefExpr *IVRE,
399 CallingContext *Ctx) {
400 til::SExpr *BE = translate(IVRE->getBase(), Ctx);
401 til::SExpr *E = new (Arena) til::SApply(BE);
402
403 const auto *D = cast<ObjCIvarDecl>(IVRE->getDecl()->getCanonicalDecl());
404
405 til::Project *P = new (Arena) til::Project(E, D);
406 if (hasAnyPointerType(BE))
407 P->setArrow(true);
408 return P;
409 }
410
translateCallExpr(const CallExpr * CE,CallingContext * Ctx,const Expr * SelfE)411 til::SExpr *SExprBuilder::translateCallExpr(const CallExpr *CE,
412 CallingContext *Ctx,
413 const Expr *SelfE) {
414 if (CapabilityExprMode) {
415 // Handle LOCK_RETURNED
416 if (const FunctionDecl *FD = CE->getDirectCallee()) {
417 FD = FD->getMostRecentDecl();
418 if (LockReturnedAttr *At = FD->getAttr<LockReturnedAttr>()) {
419 CallingContext LRCallCtx(Ctx);
420 LRCallCtx.AttrDecl = CE->getDirectCallee();
421 LRCallCtx.SelfArg = SelfE;
422 LRCallCtx.NumArgs = CE->getNumArgs();
423 LRCallCtx.FunArgs = CE->getArgs();
424 return const_cast<til::SExpr *>(
425 translateAttrExpr(At->getArg(), &LRCallCtx).sexpr());
426 }
427 }
428 }
429
430 til::SExpr *E = translate(CE->getCallee(), Ctx);
431 for (const auto *Arg : CE->arguments()) {
432 til::SExpr *A = translate(Arg, Ctx);
433 E = new (Arena) til::Apply(E, A);
434 }
435 return new (Arena) til::Call(E, CE);
436 }
437
translateCXXMemberCallExpr(const CXXMemberCallExpr * ME,CallingContext * Ctx)438 til::SExpr *SExprBuilder::translateCXXMemberCallExpr(
439 const CXXMemberCallExpr *ME, CallingContext *Ctx) {
440 if (CapabilityExprMode) {
441 // Ignore calls to get() on smart pointers.
442 if (ME->getMethodDecl()->getNameAsString() == "get" &&
443 ME->getNumArgs() == 0) {
444 auto *E = translate(ME->getImplicitObjectArgument(), Ctx);
445 return new (Arena) til::Cast(til::CAST_objToPtr, E);
446 // return E;
447 }
448 }
449 return translateCallExpr(cast<CallExpr>(ME), Ctx,
450 ME->getImplicitObjectArgument());
451 }
452
translateCXXOperatorCallExpr(const CXXOperatorCallExpr * OCE,CallingContext * Ctx)453 til::SExpr *SExprBuilder::translateCXXOperatorCallExpr(
454 const CXXOperatorCallExpr *OCE, CallingContext *Ctx) {
455 if (CapabilityExprMode) {
456 // Ignore operator * and operator -> on smart pointers.
457 OverloadedOperatorKind k = OCE->getOperator();
458 if (k == OO_Star || k == OO_Arrow) {
459 auto *E = translate(OCE->getArg(0), Ctx);
460 return new (Arena) til::Cast(til::CAST_objToPtr, E);
461 // return E;
462 }
463 }
464 return translateCallExpr(cast<CallExpr>(OCE), Ctx);
465 }
466
translateUnaryOperator(const UnaryOperator * UO,CallingContext * Ctx)467 til::SExpr *SExprBuilder::translateUnaryOperator(const UnaryOperator *UO,
468 CallingContext *Ctx) {
469 switch (UO->getOpcode()) {
470 case UO_PostInc:
471 case UO_PostDec:
472 case UO_PreInc:
473 case UO_PreDec:
474 return new (Arena) til::Undefined(UO);
475
476 case UO_AddrOf:
477 if (CapabilityExprMode) {
478 // interpret &Graph::mu_ as an existential.
479 if (const auto *DRE = dyn_cast<DeclRefExpr>(UO->getSubExpr())) {
480 if (DRE->getDecl()->isCXXInstanceMember()) {
481 // This is a pointer-to-member expression, e.g. &MyClass::mu_.
482 // We interpret this syntax specially, as a wildcard.
483 auto *W = new (Arena) til::Wildcard();
484 return new (Arena) til::Project(W, DRE->getDecl());
485 }
486 }
487 }
488 // otherwise, & is a no-op
489 return translate(UO->getSubExpr(), Ctx);
490
491 // We treat these as no-ops
492 case UO_Deref:
493 case UO_Plus:
494 return translate(UO->getSubExpr(), Ctx);
495
496 case UO_Minus:
497 return new (Arena)
498 til::UnaryOp(til::UOP_Minus, translate(UO->getSubExpr(), Ctx));
499 case UO_Not:
500 return new (Arena)
501 til::UnaryOp(til::UOP_BitNot, translate(UO->getSubExpr(), Ctx));
502 case UO_LNot:
503 return new (Arena)
504 til::UnaryOp(til::UOP_LogicNot, translate(UO->getSubExpr(), Ctx));
505
506 // Currently unsupported
507 case UO_Real:
508 case UO_Imag:
509 case UO_Extension:
510 case UO_Coawait:
511 return new (Arena) til::Undefined(UO);
512 }
513 return new (Arena) til::Undefined(UO);
514 }
515
translateBinOp(til::TIL_BinaryOpcode Op,const BinaryOperator * BO,CallingContext * Ctx,bool Reverse)516 til::SExpr *SExprBuilder::translateBinOp(til::TIL_BinaryOpcode Op,
517 const BinaryOperator *BO,
518 CallingContext *Ctx, bool Reverse) {
519 til::SExpr *E0 = translate(BO->getLHS(), Ctx);
520 til::SExpr *E1 = translate(BO->getRHS(), Ctx);
521 if (Reverse)
522 return new (Arena) til::BinaryOp(Op, E1, E0);
523 else
524 return new (Arena) til::BinaryOp(Op, E0, E1);
525 }
526
translateBinAssign(til::TIL_BinaryOpcode Op,const BinaryOperator * BO,CallingContext * Ctx,bool Assign)527 til::SExpr *SExprBuilder::translateBinAssign(til::TIL_BinaryOpcode Op,
528 const BinaryOperator *BO,
529 CallingContext *Ctx,
530 bool Assign) {
531 const Expr *LHS = BO->getLHS();
532 const Expr *RHS = BO->getRHS();
533 til::SExpr *E0 = translate(LHS, Ctx);
534 til::SExpr *E1 = translate(RHS, Ctx);
535
536 const ValueDecl *VD = nullptr;
537 til::SExpr *CV = nullptr;
538 if (const auto *DRE = dyn_cast<DeclRefExpr>(LHS)) {
539 VD = DRE->getDecl();
540 CV = lookupVarDecl(VD);
541 }
542
543 if (!Assign) {
544 til::SExpr *Arg = CV ? CV : new (Arena) til::Load(E0);
545 E1 = new (Arena) til::BinaryOp(Op, Arg, E1);
546 E1 = addStatement(E1, nullptr, VD);
547 }
548 if (VD && CV)
549 return updateVarDecl(VD, E1);
550 return new (Arena) til::Store(E0, E1);
551 }
552
translateBinaryOperator(const BinaryOperator * BO,CallingContext * Ctx)553 til::SExpr *SExprBuilder::translateBinaryOperator(const BinaryOperator *BO,
554 CallingContext *Ctx) {
555 switch (BO->getOpcode()) {
556 case BO_PtrMemD:
557 case BO_PtrMemI:
558 return new (Arena) til::Undefined(BO);
559
560 case BO_Mul: return translateBinOp(til::BOP_Mul, BO, Ctx);
561 case BO_Div: return translateBinOp(til::BOP_Div, BO, Ctx);
562 case BO_Rem: return translateBinOp(til::BOP_Rem, BO, Ctx);
563 case BO_Add: return translateBinOp(til::BOP_Add, BO, Ctx);
564 case BO_Sub: return translateBinOp(til::BOP_Sub, BO, Ctx);
565 case BO_Shl: return translateBinOp(til::BOP_Shl, BO, Ctx);
566 case BO_Shr: return translateBinOp(til::BOP_Shr, BO, Ctx);
567 case BO_LT: return translateBinOp(til::BOP_Lt, BO, Ctx);
568 case BO_GT: return translateBinOp(til::BOP_Lt, BO, Ctx, true);
569 case BO_LE: return translateBinOp(til::BOP_Leq, BO, Ctx);
570 case BO_GE: return translateBinOp(til::BOP_Leq, BO, Ctx, true);
571 case BO_EQ: return translateBinOp(til::BOP_Eq, BO, Ctx);
572 case BO_NE: return translateBinOp(til::BOP_Neq, BO, Ctx);
573 case BO_Cmp: return translateBinOp(til::BOP_Cmp, BO, Ctx);
574 case BO_And: return translateBinOp(til::BOP_BitAnd, BO, Ctx);
575 case BO_Xor: return translateBinOp(til::BOP_BitXor, BO, Ctx);
576 case BO_Or: return translateBinOp(til::BOP_BitOr, BO, Ctx);
577 case BO_LAnd: return translateBinOp(til::BOP_LogicAnd, BO, Ctx);
578 case BO_LOr: return translateBinOp(til::BOP_LogicOr, BO, Ctx);
579
580 case BO_Assign: return translateBinAssign(til::BOP_Eq, BO, Ctx, true);
581 case BO_MulAssign: return translateBinAssign(til::BOP_Mul, BO, Ctx);
582 case BO_DivAssign: return translateBinAssign(til::BOP_Div, BO, Ctx);
583 case BO_RemAssign: return translateBinAssign(til::BOP_Rem, BO, Ctx);
584 case BO_AddAssign: return translateBinAssign(til::BOP_Add, BO, Ctx);
585 case BO_SubAssign: return translateBinAssign(til::BOP_Sub, BO, Ctx);
586 case BO_ShlAssign: return translateBinAssign(til::BOP_Shl, BO, Ctx);
587 case BO_ShrAssign: return translateBinAssign(til::BOP_Shr, BO, Ctx);
588 case BO_AndAssign: return translateBinAssign(til::BOP_BitAnd, BO, Ctx);
589 case BO_XorAssign: return translateBinAssign(til::BOP_BitXor, BO, Ctx);
590 case BO_OrAssign: return translateBinAssign(til::BOP_BitOr, BO, Ctx);
591
592 case BO_Comma:
593 // The clang CFG should have already processed both sides.
594 return translate(BO->getRHS(), Ctx);
595 }
596 return new (Arena) til::Undefined(BO);
597 }
598
translateCastExpr(const CastExpr * CE,CallingContext * Ctx)599 til::SExpr *SExprBuilder::translateCastExpr(const CastExpr *CE,
600 CallingContext *Ctx) {
601 CastKind K = CE->getCastKind();
602 switch (K) {
603 case CK_LValueToRValue: {
604 if (const auto *DRE = dyn_cast<DeclRefExpr>(CE->getSubExpr())) {
605 til::SExpr *E0 = lookupVarDecl(DRE->getDecl());
606 if (E0)
607 return E0;
608 }
609 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx);
610 return E0;
611 // FIXME!! -- get Load working properly
612 // return new (Arena) til::Load(E0);
613 }
614 case CK_NoOp:
615 case CK_DerivedToBase:
616 case CK_UncheckedDerivedToBase:
617 case CK_ArrayToPointerDecay:
618 case CK_FunctionToPointerDecay: {
619 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx);
620 return E0;
621 }
622 default: {
623 // FIXME: handle different kinds of casts.
624 til::SExpr *E0 = translate(CE->getSubExpr(), Ctx);
625 if (CapabilityExprMode)
626 return E0;
627 return new (Arena) til::Cast(til::CAST_none, E0);
628 }
629 }
630 }
631
632 til::SExpr *
translateArraySubscriptExpr(const ArraySubscriptExpr * E,CallingContext * Ctx)633 SExprBuilder::translateArraySubscriptExpr(const ArraySubscriptExpr *E,
634 CallingContext *Ctx) {
635 til::SExpr *E0 = translate(E->getBase(), Ctx);
636 til::SExpr *E1 = translate(E->getIdx(), Ctx);
637 return new (Arena) til::ArrayIndex(E0, E1);
638 }
639
640 til::SExpr *
translateAbstractConditionalOperator(const AbstractConditionalOperator * CO,CallingContext * Ctx)641 SExprBuilder::translateAbstractConditionalOperator(
642 const AbstractConditionalOperator *CO, CallingContext *Ctx) {
643 auto *C = translate(CO->getCond(), Ctx);
644 auto *T = translate(CO->getTrueExpr(), Ctx);
645 auto *E = translate(CO->getFalseExpr(), Ctx);
646 return new (Arena) til::IfThenElse(C, T, E);
647 }
648
649 til::SExpr *
translateDeclStmt(const DeclStmt * S,CallingContext * Ctx)650 SExprBuilder::translateDeclStmt(const DeclStmt *S, CallingContext *Ctx) {
651 DeclGroupRef DGrp = S->getDeclGroup();
652 for (auto *I : DGrp) {
653 if (auto *VD = dyn_cast_or_null<VarDecl>(I)) {
654 Expr *E = VD->getInit();
655 til::SExpr* SE = translate(E, Ctx);
656
657 // Add local variables with trivial type to the variable map
658 QualType T = VD->getType();
659 if (T.isTrivialType(VD->getASTContext()))
660 return addVarDecl(VD, SE);
661 else {
662 // TODO: add alloca
663 }
664 }
665 }
666 return nullptr;
667 }
668
669 // If (E) is non-trivial, then add it to the current basic block, and
670 // update the statement map so that S refers to E. Returns a new variable
671 // that refers to E.
672 // If E is trivial returns E.
addStatement(til::SExpr * E,const Stmt * S,const ValueDecl * VD)673 til::SExpr *SExprBuilder::addStatement(til::SExpr* E, const Stmt *S,
674 const ValueDecl *VD) {
675 if (!E || !CurrentBB || E->block() || til::ThreadSafetyTIL::isTrivial(E))
676 return E;
677 if (VD)
678 E = new (Arena) til::Variable(E, VD);
679 CurrentInstructions.push_back(E);
680 if (S)
681 insertStmt(S, E);
682 return E;
683 }
684
685 // Returns the current value of VD, if known, and nullptr otherwise.
lookupVarDecl(const ValueDecl * VD)686 til::SExpr *SExprBuilder::lookupVarDecl(const ValueDecl *VD) {
687 auto It = LVarIdxMap.find(VD);
688 if (It != LVarIdxMap.end()) {
689 assert(CurrentLVarMap[It->second].first == VD);
690 return CurrentLVarMap[It->second].second;
691 }
692 return nullptr;
693 }
694
695 // if E is a til::Variable, update its clangDecl.
maybeUpdateVD(til::SExpr * E,const ValueDecl * VD)696 static void maybeUpdateVD(til::SExpr *E, const ValueDecl *VD) {
697 if (!E)
698 return;
699 if (auto *V = dyn_cast<til::Variable>(E)) {
700 if (!V->clangDecl())
701 V->setClangDecl(VD);
702 }
703 }
704
705 // Adds a new variable declaration.
addVarDecl(const ValueDecl * VD,til::SExpr * E)706 til::SExpr *SExprBuilder::addVarDecl(const ValueDecl *VD, til::SExpr *E) {
707 maybeUpdateVD(E, VD);
708 LVarIdxMap.insert(std::make_pair(VD, CurrentLVarMap.size()));
709 CurrentLVarMap.makeWritable();
710 CurrentLVarMap.push_back(std::make_pair(VD, E));
711 return E;
712 }
713
714 // Updates a current variable declaration. (E.g. by assignment)
updateVarDecl(const ValueDecl * VD,til::SExpr * E)715 til::SExpr *SExprBuilder::updateVarDecl(const ValueDecl *VD, til::SExpr *E) {
716 maybeUpdateVD(E, VD);
717 auto It = LVarIdxMap.find(VD);
718 if (It == LVarIdxMap.end()) {
719 til::SExpr *Ptr = new (Arena) til::LiteralPtr(VD);
720 til::SExpr *St = new (Arena) til::Store(Ptr, E);
721 return St;
722 }
723 CurrentLVarMap.makeWritable();
724 CurrentLVarMap.elem(It->second).second = E;
725 return E;
726 }
727
728 // Make a Phi node in the current block for the i^th variable in CurrentVarMap.
729 // If E != null, sets Phi[CurrentBlockInfo->ArgIndex] = E.
730 // If E == null, this is a backedge and will be set later.
makePhiNodeVar(unsigned i,unsigned NPreds,til::SExpr * E)731 void SExprBuilder::makePhiNodeVar(unsigned i, unsigned NPreds, til::SExpr *E) {
732 unsigned ArgIndex = CurrentBlockInfo->ProcessedPredecessors;
733 assert(ArgIndex > 0 && ArgIndex < NPreds);
734
735 til::SExpr *CurrE = CurrentLVarMap[i].second;
736 if (CurrE->block() == CurrentBB) {
737 // We already have a Phi node in the current block,
738 // so just add the new variable to the Phi node.
739 auto *Ph = dyn_cast<til::Phi>(CurrE);
740 assert(Ph && "Expecting Phi node.");
741 if (E)
742 Ph->values()[ArgIndex] = E;
743 return;
744 }
745
746 // Make a new phi node: phi(..., E)
747 // All phi args up to the current index are set to the current value.
748 til::Phi *Ph = new (Arena) til::Phi(Arena, NPreds);
749 Ph->values().setValues(NPreds, nullptr);
750 for (unsigned PIdx = 0; PIdx < ArgIndex; ++PIdx)
751 Ph->values()[PIdx] = CurrE;
752 if (E)
753 Ph->values()[ArgIndex] = E;
754 Ph->setClangDecl(CurrentLVarMap[i].first);
755 // If E is from a back-edge, or either E or CurrE are incomplete, then
756 // mark this node as incomplete; we may need to remove it later.
757 if (!E || isIncompletePhi(E) || isIncompletePhi(CurrE))
758 Ph->setStatus(til::Phi::PH_Incomplete);
759
760 // Add Phi node to current block, and update CurrentLVarMap[i]
761 CurrentArguments.push_back(Ph);
762 if (Ph->status() == til::Phi::PH_Incomplete)
763 IncompleteArgs.push_back(Ph);
764
765 CurrentLVarMap.makeWritable();
766 CurrentLVarMap.elem(i).second = Ph;
767 }
768
769 // Merge values from Map into the current variable map.
770 // This will construct Phi nodes in the current basic block as necessary.
mergeEntryMap(LVarDefinitionMap Map)771 void SExprBuilder::mergeEntryMap(LVarDefinitionMap Map) {
772 assert(CurrentBlockInfo && "Not processing a block!");
773
774 if (!CurrentLVarMap.valid()) {
775 // Steal Map, using copy-on-write.
776 CurrentLVarMap = std::move(Map);
777 return;
778 }
779 if (CurrentLVarMap.sameAs(Map))
780 return; // Easy merge: maps from different predecessors are unchanged.
781
782 unsigned NPreds = CurrentBB->numPredecessors();
783 unsigned ESz = CurrentLVarMap.size();
784 unsigned MSz = Map.size();
785 unsigned Sz = std::min(ESz, MSz);
786
787 for (unsigned i = 0; i < Sz; ++i) {
788 if (CurrentLVarMap[i].first != Map[i].first) {
789 // We've reached the end of variables in common.
790 CurrentLVarMap.makeWritable();
791 CurrentLVarMap.downsize(i);
792 break;
793 }
794 if (CurrentLVarMap[i].second != Map[i].second)
795 makePhiNodeVar(i, NPreds, Map[i].second);
796 }
797 if (ESz > MSz) {
798 CurrentLVarMap.makeWritable();
799 CurrentLVarMap.downsize(Map.size());
800 }
801 }
802
803 // Merge a back edge into the current variable map.
804 // This will create phi nodes for all variables in the variable map.
mergeEntryMapBackEdge()805 void SExprBuilder::mergeEntryMapBackEdge() {
806 // We don't have definitions for variables on the backedge, because we
807 // haven't gotten that far in the CFG. Thus, when encountering a back edge,
808 // we conservatively create Phi nodes for all variables. Unnecessary Phi
809 // nodes will be marked as incomplete, and stripped out at the end.
810 //
811 // An Phi node is unnecessary if it only refers to itself and one other
812 // variable, e.g. x = Phi(y, y, x) can be reduced to x = y.
813
814 assert(CurrentBlockInfo && "Not processing a block!");
815
816 if (CurrentBlockInfo->HasBackEdges)
817 return;
818 CurrentBlockInfo->HasBackEdges = true;
819
820 CurrentLVarMap.makeWritable();
821 unsigned Sz = CurrentLVarMap.size();
822 unsigned NPreds = CurrentBB->numPredecessors();
823
824 for (unsigned i = 0; i < Sz; ++i)
825 makePhiNodeVar(i, NPreds, nullptr);
826 }
827
828 // Update the phi nodes that were initially created for a back edge
829 // once the variable definitions have been computed.
830 // I.e., merge the current variable map into the phi nodes for Blk.
mergePhiNodesBackEdge(const CFGBlock * Blk)831 void SExprBuilder::mergePhiNodesBackEdge(const CFGBlock *Blk) {
832 til::BasicBlock *BB = lookupBlock(Blk);
833 unsigned ArgIndex = BBInfo[Blk->getBlockID()].ProcessedPredecessors;
834 assert(ArgIndex > 0 && ArgIndex < BB->numPredecessors());
835
836 for (til::SExpr *PE : BB->arguments()) {
837 auto *Ph = dyn_cast_or_null<til::Phi>(PE);
838 assert(Ph && "Expecting Phi Node.");
839 assert(Ph->values()[ArgIndex] == nullptr && "Wrong index for back edge.");
840
841 til::SExpr *E = lookupVarDecl(Ph->clangDecl());
842 assert(E && "Couldn't find local variable for Phi node.");
843 Ph->values()[ArgIndex] = E;
844 }
845 }
846
enterCFG(CFG * Cfg,const NamedDecl * D,const CFGBlock * First)847 void SExprBuilder::enterCFG(CFG *Cfg, const NamedDecl *D,
848 const CFGBlock *First) {
849 // Perform initial setup operations.
850 unsigned NBlocks = Cfg->getNumBlockIDs();
851 Scfg = new (Arena) til::SCFG(Arena, NBlocks);
852
853 // allocate all basic blocks immediately, to handle forward references.
854 BBInfo.resize(NBlocks);
855 BlockMap.resize(NBlocks, nullptr);
856 // create map from clang blockID to til::BasicBlocks
857 for (auto *B : *Cfg) {
858 auto *BB = new (Arena) til::BasicBlock(Arena);
859 BB->reserveInstructions(B->size());
860 BlockMap[B->getBlockID()] = BB;
861 }
862
863 CurrentBB = lookupBlock(&Cfg->getEntry());
864 auto Parms = isa<ObjCMethodDecl>(D) ? cast<ObjCMethodDecl>(D)->parameters()
865 : cast<FunctionDecl>(D)->parameters();
866 for (auto *Pm : Parms) {
867 QualType T = Pm->getType();
868 if (!T.isTrivialType(Pm->getASTContext()))
869 continue;
870
871 // Add parameters to local variable map.
872 // FIXME: right now we emulate params with loads; that should be fixed.
873 til::SExpr *Lp = new (Arena) til::LiteralPtr(Pm);
874 til::SExpr *Ld = new (Arena) til::Load(Lp);
875 til::SExpr *V = addStatement(Ld, nullptr, Pm);
876 addVarDecl(Pm, V);
877 }
878 }
879
enterCFGBlock(const CFGBlock * B)880 void SExprBuilder::enterCFGBlock(const CFGBlock *B) {
881 // Initialize TIL basic block and add it to the CFG.
882 CurrentBB = lookupBlock(B);
883 CurrentBB->reservePredecessors(B->pred_size());
884 Scfg->add(CurrentBB);
885
886 CurrentBlockInfo = &BBInfo[B->getBlockID()];
887
888 // CurrentLVarMap is moved to ExitMap on block exit.
889 // FIXME: the entry block will hold function parameters.
890 // assert(!CurrentLVarMap.valid() && "CurrentLVarMap already initialized.");
891 }
892
handlePredecessor(const CFGBlock * Pred)893 void SExprBuilder::handlePredecessor(const CFGBlock *Pred) {
894 // Compute CurrentLVarMap on entry from ExitMaps of predecessors
895
896 CurrentBB->addPredecessor(BlockMap[Pred->getBlockID()]);
897 BlockInfo *PredInfo = &BBInfo[Pred->getBlockID()];
898 assert(PredInfo->UnprocessedSuccessors > 0);
899
900 if (--PredInfo->UnprocessedSuccessors == 0)
901 mergeEntryMap(std::move(PredInfo->ExitMap));
902 else
903 mergeEntryMap(PredInfo->ExitMap.clone());
904
905 ++CurrentBlockInfo->ProcessedPredecessors;
906 }
907
handlePredecessorBackEdge(const CFGBlock * Pred)908 void SExprBuilder::handlePredecessorBackEdge(const CFGBlock *Pred) {
909 mergeEntryMapBackEdge();
910 }
911
enterCFGBlockBody(const CFGBlock * B)912 void SExprBuilder::enterCFGBlockBody(const CFGBlock *B) {
913 // The merge*() methods have created arguments.
914 // Push those arguments onto the basic block.
915 CurrentBB->arguments().reserve(
916 static_cast<unsigned>(CurrentArguments.size()), Arena);
917 for (auto *A : CurrentArguments)
918 CurrentBB->addArgument(A);
919 }
920
handleStatement(const Stmt * S)921 void SExprBuilder::handleStatement(const Stmt *S) {
922 til::SExpr *E = translate(S, nullptr);
923 addStatement(E, S);
924 }
925
handleDestructorCall(const VarDecl * VD,const CXXDestructorDecl * DD)926 void SExprBuilder::handleDestructorCall(const VarDecl *VD,
927 const CXXDestructorDecl *DD) {
928 til::SExpr *Sf = new (Arena) til::LiteralPtr(VD);
929 til::SExpr *Dr = new (Arena) til::LiteralPtr(DD);
930 til::SExpr *Ap = new (Arena) til::Apply(Dr, Sf);
931 til::SExpr *E = new (Arena) til::Call(Ap);
932 addStatement(E, nullptr);
933 }
934
exitCFGBlockBody(const CFGBlock * B)935 void SExprBuilder::exitCFGBlockBody(const CFGBlock *B) {
936 CurrentBB->instructions().reserve(
937 static_cast<unsigned>(CurrentInstructions.size()), Arena);
938 for (auto *V : CurrentInstructions)
939 CurrentBB->addInstruction(V);
940
941 // Create an appropriate terminator
942 unsigned N = B->succ_size();
943 auto It = B->succ_begin();
944 if (N == 1) {
945 til::BasicBlock *BB = *It ? lookupBlock(*It) : nullptr;
946 // TODO: set index
947 unsigned Idx = BB ? BB->findPredecessorIndex(CurrentBB) : 0;
948 auto *Tm = new (Arena) til::Goto(BB, Idx);
949 CurrentBB->setTerminator(Tm);
950 }
951 else if (N == 2) {
952 til::SExpr *C = translate(B->getTerminatorCondition(true), nullptr);
953 til::BasicBlock *BB1 = *It ? lookupBlock(*It) : nullptr;
954 ++It;
955 til::BasicBlock *BB2 = *It ? lookupBlock(*It) : nullptr;
956 // FIXME: make sure these aren't critical edges.
957 auto *Tm = new (Arena) til::Branch(C, BB1, BB2);
958 CurrentBB->setTerminator(Tm);
959 }
960 }
961
handleSuccessor(const CFGBlock * Succ)962 void SExprBuilder::handleSuccessor(const CFGBlock *Succ) {
963 ++CurrentBlockInfo->UnprocessedSuccessors;
964 }
965
handleSuccessorBackEdge(const CFGBlock * Succ)966 void SExprBuilder::handleSuccessorBackEdge(const CFGBlock *Succ) {
967 mergePhiNodesBackEdge(Succ);
968 ++BBInfo[Succ->getBlockID()].ProcessedPredecessors;
969 }
970
exitCFGBlock(const CFGBlock * B)971 void SExprBuilder::exitCFGBlock(const CFGBlock *B) {
972 CurrentArguments.clear();
973 CurrentInstructions.clear();
974 CurrentBlockInfo->ExitMap = std::move(CurrentLVarMap);
975 CurrentBB = nullptr;
976 CurrentBlockInfo = nullptr;
977 }
978
exitCFG(const CFGBlock * Last)979 void SExprBuilder::exitCFG(const CFGBlock *Last) {
980 for (auto *Ph : IncompleteArgs) {
981 if (Ph->status() == til::Phi::PH_Incomplete)
982 simplifyIncompleteArg(Ph);
983 }
984
985 CurrentArguments.clear();
986 CurrentInstructions.clear();
987 IncompleteArgs.clear();
988 }
989
990 /*
991 namespace {
992
993 class TILPrinter :
994 public til::PrettyPrinter<TILPrinter, llvm::raw_ostream> {};
995
996 } // namespace
997
998 namespace clang {
999 namespace threadSafety {
1000
1001 void printSCFG(CFGWalker &Walker) {
1002 llvm::BumpPtrAllocator Bpa;
1003 til::MemRegionRef Arena(&Bpa);
1004 SExprBuilder SxBuilder(Arena);
1005 til::SCFG *Scfg = SxBuilder.buildCFG(Walker);
1006 TILPrinter::print(Scfg, llvm::errs());
1007 }
1008
1009 } // namespace threadSafety
1010 } // namespace clang
1011 */
1012