2016-07-08 18:50:51 +08:00
|
|
|
//===- unittests/Analysis/CFGTest.cpp - CFG tests -------------------------===//
|
|
|
|
|
//
|
2019-01-19 16:50:56 +08:00
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
2016-07-08 18:50:51 +08:00
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
#include "clang/ASTMatchers/ASTMatchFinder.h"
|
|
|
|
|
#include "clang/Analysis/CFG.h"
|
|
|
|
|
#include "clang/Tooling/Tooling.h"
|
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
namespace clang {
|
|
|
|
|
namespace analysis {
|
|
|
|
|
namespace {
|
|
|
|
|
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
class BuildResult {
|
|
|
|
|
public:
|
|
|
|
|
enum Status {
|
|
|
|
|
ToolFailed,
|
|
|
|
|
ToolRan,
|
|
|
|
|
SawFunctionBody,
|
|
|
|
|
BuiltCFG,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
BuildResult(Status S, std::unique_ptr<CFG> Cfg = nullptr)
|
|
|
|
|
: S(S), Cfg(std::move(Cfg)) {}
|
|
|
|
|
|
|
|
|
|
Status getStatus() const { return S; }
|
|
|
|
|
CFG *getCFG() const { return Cfg.get(); }
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
Status S;
|
|
|
|
|
std::unique_ptr<CFG> Cfg;
|
2016-12-05 19:33:19 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
class CFGCallback : public ast_matchers::MatchFinder::MatchCallback {
|
|
|
|
|
public:
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
BuildResult TheBuildResult = BuildResult::ToolRan;
|
2016-12-05 19:33:19 +08:00
|
|
|
|
|
|
|
|
void run(const ast_matchers::MatchFinder::MatchResult &Result) override {
|
|
|
|
|
const auto *Func = Result.Nodes.getNodeAs<FunctionDecl>("func");
|
|
|
|
|
Stmt *Body = Func->getBody();
|
|
|
|
|
if (!Body)
|
|
|
|
|
return;
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
TheBuildResult = BuildResult::SawFunctionBody;
|
2017-03-07 16:42:37 +08:00
|
|
|
CFG::BuildOptions Options;
|
|
|
|
|
Options.AddImplicitDtors = true;
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
if (std::unique_ptr<CFG> Cfg =
|
|
|
|
|
CFG::buildCFG(nullptr, Body, Result.Context, Options))
|
|
|
|
|
TheBuildResult = {BuildResult::BuiltCFG, std::move(Cfg)};
|
2016-12-05 19:33:19 +08:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
BuildResult BuildCFG(const char *Code) {
|
|
|
|
|
CFGCallback Callback;
|
|
|
|
|
|
|
|
|
|
ast_matchers::MatchFinder Finder;
|
|
|
|
|
Finder.addMatcher(ast_matchers::functionDecl().bind("func"), &Callback);
|
|
|
|
|
std::unique_ptr<tooling::FrontendActionFactory> Factory(
|
|
|
|
|
tooling::newFrontendActionFactory(&Finder));
|
|
|
|
|
std::vector<std::string> Args = {"-std=c++11", "-fno-delayed-template-parsing"};
|
|
|
|
|
if (!tooling::runToolOnCodeWithArgs(Factory->create(), Code, Args))
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
return BuildResult::ToolFailed;
|
|
|
|
|
return std::move(Callback.TheBuildResult);
|
2016-12-05 19:33:19 +08:00
|
|
|
}
|
|
|
|
|
|
2016-07-08 18:50:51 +08:00
|
|
|
// Constructing a CFG for a range-based for over a dependent type fails (but
|
|
|
|
|
// should not crash).
|
|
|
|
|
TEST(CFG, RangeBasedForOverDependentType) {
|
|
|
|
|
const char *Code = "class Foo;\n"
|
|
|
|
|
"template <typename T>\n"
|
|
|
|
|
"void f(const T &Range) {\n"
|
|
|
|
|
" for (const Foo *TheFoo : Range) {\n"
|
|
|
|
|
" }\n"
|
|
|
|
|
"}\n";
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
EXPECT_EQ(BuildResult::SawFunctionBody, BuildCFG(Code).getStatus());
|
2016-12-05 19:33:19 +08:00
|
|
|
}
|
2016-07-08 18:50:51 +08:00
|
|
|
|
2016-12-05 19:33:19 +08:00
|
|
|
// Constructing a CFG containing a delete expression on a dependent type should
|
|
|
|
|
// not crash.
|
|
|
|
|
TEST(CFG, DeleteExpressionOnDependentType) {
|
|
|
|
|
const char *Code = "template<class T>\n"
|
|
|
|
|
"void f(T t) {\n"
|
|
|
|
|
" delete t;\n"
|
|
|
|
|
"}\n";
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
EXPECT_EQ(BuildResult::BuiltCFG, BuildCFG(Code).getStatus());
|
2016-07-08 18:50:51 +08:00
|
|
|
}
|
|
|
|
|
|
2017-03-07 16:42:37 +08:00
|
|
|
// Constructing a CFG on a function template with a variable of incomplete type
|
|
|
|
|
// should not crash.
|
|
|
|
|
TEST(CFG, VariableOfIncompleteType) {
|
|
|
|
|
const char *Code = "template<class T> void f() {\n"
|
|
|
|
|
" class Undefined;\n"
|
|
|
|
|
" Undefined u;\n"
|
|
|
|
|
"}\n";
|
[analyzer] Treat functions without run-time branches as "small".
Currently we always inline functions that have no branches, i.e. have exactly
three CFG blocks: ENTRY, some code, EXIT. This makes sense because when there
are no branches, it means that there's no exponential complexity introduced
by inlining such function. Such functions also don't trigger various fundamental
problems with our inlining mechanism, such as the problem of inlined
defensive checks.
Sometimes the CFG may contain more blocks, but in practice it still has
linear structure because all directions (except, at most, one) of all branches
turned out to be unreachable. When this happens, still treat the function
as "small". This is useful, in particular, for dealing with C++17 if constexpr.
Differential Revision: https://reviews.llvm.org/D61051
llvm-svn: 359531
2019-04-30 11:01:02 +08:00
|
|
|
EXPECT_EQ(BuildResult::BuiltCFG, BuildCFG(Code).getStatus());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(CFG, IsLinear) {
|
|
|
|
|
auto expectLinear = [](bool IsLinear, const char *Code) {
|
|
|
|
|
BuildResult B = BuildCFG(Code);
|
|
|
|
|
EXPECT_EQ(BuildResult::BuiltCFG, B.getStatus());
|
|
|
|
|
EXPECT_EQ(IsLinear, B.getCFG()->isLinear());
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
expectLinear(true, "void foo() {}");
|
|
|
|
|
expectLinear(true, "void foo() { if (true) return; }");
|
|
|
|
|
expectLinear(true, "void foo() { if constexpr (false); }");
|
|
|
|
|
expectLinear(false, "void foo(bool coin) { if (coin) return; }");
|
|
|
|
|
expectLinear(false, "void foo() { for(;;); }");
|
|
|
|
|
expectLinear(false, "void foo() { do {} while (true); }");
|
|
|
|
|
expectLinear(true, "void foo() { do {} while (false); }");
|
|
|
|
|
expectLinear(true, "void foo() { foo(); }"); // Recursion is not our problem.
|
2017-03-07 16:42:37 +08:00
|
|
|
}
|
|
|
|
|
|
2019-07-05 17:52:00 +08:00
|
|
|
TEST(CFG, ConditionExpr) {
|
|
|
|
|
const char *Code = R"(void f(bool A, bool B, bool C) {
|
|
|
|
|
if (A && B && C)
|
|
|
|
|
int x;
|
|
|
|
|
})";
|
|
|
|
|
BuildResult Result = BuildCFG(Code);
|
|
|
|
|
EXPECT_EQ(BuildResult::BuiltCFG, Result.getStatus());
|
|
|
|
|
|
|
|
|
|
// [B5 (ENTRY)] -> [B4] -> [B3] -> [B2] -> [B1] -> [B0 (EXIT)]
|
|
|
|
|
// \ \ \ /
|
|
|
|
|
// ------------------------------->
|
|
|
|
|
|
|
|
|
|
CFG *cfg = Result.getCFG();
|
|
|
|
|
|
|
|
|
|
auto GetBlock = [cfg] (unsigned Index) -> CFGBlock * {
|
|
|
|
|
assert(Index < cfg->size());
|
|
|
|
|
return *(cfg->begin() + Index);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
auto GetExprText = [] (const Expr *E) -> std::string {
|
|
|
|
|
// It's very awkward trying to recover the actual expression text without
|
|
|
|
|
// a real source file, so use this as a workaround. We know that the
|
|
|
|
|
// condition expression looks like this:
|
|
|
|
|
//
|
|
|
|
|
// ImplicitCastExpr 0xd07bf8 '_Bool' <LValueToRValue>
|
|
|
|
|
// `-DeclRefExpr 0xd07bd8 '_Bool' lvalue ParmVar 0xd07960 'C' '_Bool'
|
|
|
|
|
|
|
|
|
|
assert(isa<ImplicitCastExpr>(E));
|
|
|
|
|
assert(++E->child_begin() == E->child_end());
|
|
|
|
|
const auto *D = dyn_cast<DeclRefExpr>(*E->child_begin());
|
|
|
|
|
return D->getFoundDecl()->getNameAsString();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(GetBlock(1)->getLastCondition(), nullptr);
|
|
|
|
|
EXPECT_EQ(GetExprText(GetBlock(4)->getLastCondition()), "A");
|
|
|
|
|
EXPECT_EQ(GetExprText(GetBlock(3)->getLastCondition()), "B");
|
|
|
|
|
EXPECT_EQ(GetExprText(GetBlock(2)->getLastCondition()), "C");
|
|
|
|
|
|
|
|
|
|
//===--------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
Code = R"(void foo(int x, int y) {
|
|
|
|
|
(void)(x + y);
|
|
|
|
|
})";
|
|
|
|
|
Result = BuildCFG(Code);
|
|
|
|
|
EXPECT_EQ(BuildResult::BuiltCFG, Result.getStatus());
|
|
|
|
|
|
|
|
|
|
// [B2 (ENTRY)] -> [B1] -> [B0 (EXIT)]
|
|
|
|
|
|
|
|
|
|
cfg = Result.getCFG();
|
|
|
|
|
EXPECT_EQ(GetBlock(1)->getLastCondition(), nullptr);
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-08 18:50:51 +08:00
|
|
|
} // namespace
|
|
|
|
|
} // namespace analysis
|
|
|
|
|
} // namespace clang
|
