1 //===- CFG.h - Classes for representing and building CFGs -------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 //  This file defines the CFG and CFGBuilder classes for representing and
10 //  building Control-Flow Graphs (CFGs) from ASTs.
11 //
12 //===----------------------------------------------------------------------===//
13 
14 #ifndef LLVM_CLANG_ANALYSIS_CFG_H
15 #define LLVM_CLANG_ANALYSIS_CFG_H
16 
17 #include "clang/Analysis/Support/BumpVector.h"
18 #include "clang/Analysis/ConstructionContext.h"
19 #include "clang/AST/ExprCXX.h"
20 #include "clang/AST/ExprObjC.h"
21 #include "clang/Basic/LLVM.h"
22 #include "llvm/ADT/DenseMap.h"
23 #include "llvm/ADT/GraphTraits.h"
24 #include "llvm/ADT/None.h"
25 #include "llvm/ADT/Optional.h"
26 #include "llvm/ADT/PointerIntPair.h"
27 #include "llvm/ADT/iterator_range.h"
28 #include "llvm/Support/Allocator.h"
29 #include "llvm/Support/raw_ostream.h"
30 #include <bitset>
31 #include <cassert>
32 #include <cstddef>
33 #include <iterator>
34 #include <memory>
35 #include <vector>
36 
37 namespace clang {
38 
39 class ASTContext;
40 class BinaryOperator;
41 class CFG;
42 class CXXBaseSpecifier;
43 class CXXBindTemporaryExpr;
44 class CXXCtorInitializer;
45 class CXXDeleteExpr;
46 class CXXDestructorDecl;
47 class CXXNewExpr;
48 class CXXRecordDecl;
49 class Decl;
50 class FieldDecl;
51 class LangOptions;
52 class VarDecl;
53 
54 /// Represents a top-level expression in a basic block.
55 class CFGElement {
56 public:
57   enum Kind {
58     // main kind
59     Initializer,
60     ScopeBegin,
61     ScopeEnd,
62     NewAllocator,
63     LifetimeEnds,
64     LoopExit,
65     // stmt kind
66     Statement,
67     Constructor,
68     CXXRecordTypedCall,
69     STMT_BEGIN = Statement,
70     STMT_END = CXXRecordTypedCall,
71     // dtor kind
72     AutomaticObjectDtor,
73     DeleteDtor,
74     BaseDtor,
75     MemberDtor,
76     TemporaryDtor,
77     DTOR_BEGIN = AutomaticObjectDtor,
78     DTOR_END = TemporaryDtor
79   };
80 
81 protected:
82   // The int bits are used to mark the kind.
83   llvm::PointerIntPair<void *, 2> Data1;
84   llvm::PointerIntPair<void *, 2> Data2;
85 
86   CFGElement(Kind kind, const void *Ptr1, const void *Ptr2 = nullptr)
87       : Data1(const_cast<void*>(Ptr1), ((unsigned) kind) & 0x3),
88         Data2(const_cast<void*>(Ptr2), (((unsigned) kind) >> 2) & 0x3) {
89     assert(getKind() == kind);
90   }
91 
92   CFGElement() = default;
93 
94 public:
95   /// Convert to the specified CFGElement type, asserting that this
96   /// CFGElement is of the desired type.
97   template<typename T>
castAs()98   T castAs() const {
99     assert(T::isKind(*this));
100     T t;
101     CFGElement& e = t;
102     e = *this;
103     return t;
104   }
105 
106   /// Convert to the specified CFGElement type, returning None if this
107   /// CFGElement is not of the desired type.
108   template<typename T>
getAs()109   Optional<T> getAs() const {
110     if (!T::isKind(*this))
111       return None;
112     T t;
113     CFGElement& e = t;
114     e = *this;
115     return t;
116   }
117 
getKind()118   Kind getKind() const {
119     unsigned x = Data2.getInt();
120     x <<= 2;
121     x |= Data1.getInt();
122     return (Kind) x;
123   }
124 
125   void dumpToStream(llvm::raw_ostream &OS) const;
126 
dump()127   void dump() const {
128     dumpToStream(llvm::errs());
129   }
130 };
131 
132 class CFGStmt : public CFGElement {
133 public:
CFGElement(K,S)134   explicit CFGStmt(Stmt *S, Kind K = Statement) : CFGElement(K, S) {
135     assert(isKind(*this));
136   }
137 
getStmt()138   const Stmt *getStmt() const {
139     return static_cast<const Stmt *>(Data1.getPointer());
140   }
141 
142 private:
143   friend class CFGElement;
144 
isKind(const CFGElement & E)145   static bool isKind(const CFGElement &E) {
146     return E.getKind() >= STMT_BEGIN && E.getKind() <= STMT_END;
147   }
148 
149 protected:
150   CFGStmt() = default;
151 };
152 
153 /// Represents C++ constructor call. Maintains information necessary to figure
154 /// out what memory is being initialized by the constructor expression. For now
155 /// this is only used by the analyzer's CFG.
156 class CFGConstructor : public CFGStmt {
157 public:
CFGConstructor(CXXConstructExpr * CE,const ConstructionContext * C)158   explicit CFGConstructor(CXXConstructExpr *CE, const ConstructionContext *C)
159       : CFGStmt(CE, Constructor) {
160     assert(C);
161     Data2.setPointer(const_cast<ConstructionContext *>(C));
162   }
163 
getConstructionContext()164   const ConstructionContext *getConstructionContext() const {
165     return static_cast<ConstructionContext *>(Data2.getPointer());
166   }
167 
168 private:
169   friend class CFGElement;
170 
171   CFGConstructor() = default;
172 
isKind(const CFGElement & E)173   static bool isKind(const CFGElement &E) {
174     return E.getKind() == Constructor;
175   }
176 };
177 
178 /// Represents a function call that returns a C++ object by value. This, like
179 /// constructor, requires a construction context in order to understand the
180 /// storage of the returned object . In C such tracking is not necessary because
181 /// no additional effort is required for destroying the object or modeling copy
182 /// elision. Like CFGConstructor, this element is for now only used by the
183 /// analyzer's CFG.
184 class CFGCXXRecordTypedCall : public CFGStmt {
185 public:
186   /// Returns true when call expression \p CE needs to be represented
187   /// by CFGCXXRecordTypedCall, as opposed to a regular CFGStmt.
isCXXRecordTypedCall(Expr * E)188   static bool isCXXRecordTypedCall(Expr *E) {
189     assert(isa<CallExpr>(E) || isa<ObjCMessageExpr>(E));
190     // There is no such thing as reference-type expression. If the function
191     // returns a reference, it'll return the respective lvalue or xvalue
192     // instead, and we're only interested in objects.
193     return !E->isGLValue() &&
194            E->getType().getCanonicalType()->getAsCXXRecordDecl();
195   }
196 
CFGCXXRecordTypedCall(Expr * E,const ConstructionContext * C)197   explicit CFGCXXRecordTypedCall(Expr *E, const ConstructionContext *C)
198       : CFGStmt(E, CXXRecordTypedCall) {
199     assert(isCXXRecordTypedCall(E));
200     assert(C && (isa<TemporaryObjectConstructionContext>(C) ||
201                  // These are possible in C++17 due to mandatory copy elision.
202                  isa<ReturnedValueConstructionContext>(C) ||
203                  isa<VariableConstructionContext>(C) ||
204                  isa<ConstructorInitializerConstructionContext>(C) ||
205                  isa<ArgumentConstructionContext>(C)));
206     Data2.setPointer(const_cast<ConstructionContext *>(C));
207   }
208 
getConstructionContext()209   const ConstructionContext *getConstructionContext() const {
210     return static_cast<ConstructionContext *>(Data2.getPointer());
211   }
212 
213 private:
214   friend class CFGElement;
215 
216   CFGCXXRecordTypedCall() = default;
217 
isKind(const CFGElement & E)218   static bool isKind(const CFGElement &E) {
219     return E.getKind() == CXXRecordTypedCall;
220   }
221 };
222 
223 /// Represents C++ base or member initializer from constructor's initialization
224 /// list.
225 class CFGInitializer : public CFGElement {
226 public:
CFGInitializer(CXXCtorInitializer * initializer)227   explicit CFGInitializer(CXXCtorInitializer *initializer)
228       : CFGElement(Initializer, initializer) {}
229 
getInitializer()230   CXXCtorInitializer* getInitializer() const {
231     return static_cast<CXXCtorInitializer*>(Data1.getPointer());
232   }
233 
234 private:
235   friend class CFGElement;
236 
237   CFGInitializer() = default;
238 
isKind(const CFGElement & E)239   static bool isKind(const CFGElement &E) {
240     return E.getKind() == Initializer;
241   }
242 };
243 
244 /// Represents C++ allocator call.
245 class CFGNewAllocator : public CFGElement {
246 public:
CFGNewAllocator(const CXXNewExpr * S)247   explicit CFGNewAllocator(const CXXNewExpr *S)
248     : CFGElement(NewAllocator, S) {}
249 
250   // Get the new expression.
getAllocatorExpr()251   const CXXNewExpr *getAllocatorExpr() const {
252     return static_cast<CXXNewExpr *>(Data1.getPointer());
253   }
254 
255 private:
256   friend class CFGElement;
257 
258   CFGNewAllocator() = default;
259 
isKind(const CFGElement & elem)260   static bool isKind(const CFGElement &elem) {
261     return elem.getKind() == NewAllocator;
262   }
263 };
264 
265 /// Represents the point where a loop ends.
266 /// This element is is only produced when building the CFG for the static
267 /// analyzer and hidden behind the 'cfg-loopexit' analyzer config flag.
268 ///
269 /// Note: a loop exit element can be reached even when the loop body was never
270 /// entered.
271 class CFGLoopExit : public CFGElement {
272 public:
CFGLoopExit(const Stmt * stmt)273   explicit CFGLoopExit(const Stmt *stmt) : CFGElement(LoopExit, stmt) {}
274 
getLoopStmt()275   const Stmt *getLoopStmt() const {
276     return static_cast<Stmt *>(Data1.getPointer());
277   }
278 
279 private:
280   friend class CFGElement;
281 
282   CFGLoopExit() = default;
283 
isKind(const CFGElement & elem)284   static bool isKind(const CFGElement &elem) {
285     return elem.getKind() == LoopExit;
286   }
287 };
288 
289 /// Represents the point where the lifetime of an automatic object ends
290 class CFGLifetimeEnds : public CFGElement {
291 public:
CFGLifetimeEnds(const VarDecl * var,const Stmt * stmt)292   explicit CFGLifetimeEnds(const VarDecl *var, const Stmt *stmt)
293       : CFGElement(LifetimeEnds, var, stmt) {}
294 
getVarDecl()295   const VarDecl *getVarDecl() const {
296     return static_cast<VarDecl *>(Data1.getPointer());
297   }
298 
getTriggerStmt()299   const Stmt *getTriggerStmt() const {
300     return static_cast<Stmt *>(Data2.getPointer());
301   }
302 
303 private:
304   friend class CFGElement;
305 
306   CFGLifetimeEnds() = default;
307 
isKind(const CFGElement & elem)308   static bool isKind(const CFGElement &elem) {
309     return elem.getKind() == LifetimeEnds;
310   }
311 };
312 
313 /// Represents beginning of a scope implicitly generated
314 /// by the compiler on encountering a CompoundStmt
315 class CFGScopeBegin : public CFGElement {
316 public:
CFGScopeBegin()317   CFGScopeBegin() {}
CFGScopeBegin(const VarDecl * VD,const Stmt * S)318   CFGScopeBegin(const VarDecl *VD, const Stmt *S)
319       : CFGElement(ScopeBegin, VD, S) {}
320 
321   // Get statement that triggered a new scope.
getTriggerStmt()322   const Stmt *getTriggerStmt() const {
323     return static_cast<Stmt*>(Data2.getPointer());
324   }
325 
326   // Get VD that triggered a new scope.
getVarDecl()327   const VarDecl *getVarDecl() const {
328     return static_cast<VarDecl *>(Data1.getPointer());
329   }
330 
331 private:
332   friend class CFGElement;
isKind(const CFGElement & E)333   static bool isKind(const CFGElement &E) {
334     Kind kind = E.getKind();
335     return kind == ScopeBegin;
336   }
337 };
338 
339 /// Represents end of a scope implicitly generated by
340 /// the compiler after the last Stmt in a CompoundStmt's body
341 class CFGScopeEnd : public CFGElement {
342 public:
CFGScopeEnd()343   CFGScopeEnd() {}
CFGScopeEnd(const VarDecl * VD,const Stmt * S)344   CFGScopeEnd(const VarDecl *VD, const Stmt *S) : CFGElement(ScopeEnd, VD, S) {}
345 
getVarDecl()346   const VarDecl *getVarDecl() const {
347     return static_cast<VarDecl *>(Data1.getPointer());
348   }
349 
getTriggerStmt()350   const Stmt *getTriggerStmt() const {
351     return static_cast<Stmt *>(Data2.getPointer());
352   }
353 
354 private:
355   friend class CFGElement;
isKind(const CFGElement & E)356   static bool isKind(const CFGElement &E) {
357     Kind kind = E.getKind();
358     return kind == ScopeEnd;
359   }
360 };
361 
362 /// Represents C++ object destructor implicitly generated by compiler on various
363 /// occasions.
364 class CFGImplicitDtor : public CFGElement {
365 protected:
366   CFGImplicitDtor() = default;
367 
368   CFGImplicitDtor(Kind kind, const void *data1, const void *data2 = nullptr)
CFGElement(kind,data1,data2)369     : CFGElement(kind, data1, data2) {
370     assert(kind >= DTOR_BEGIN && kind <= DTOR_END);
371   }
372 
373 public:
374   const CXXDestructorDecl *getDestructorDecl(ASTContext &astContext) const;
375   bool isNoReturn(ASTContext &astContext) const;
376 
377 private:
378   friend class CFGElement;
379 
isKind(const CFGElement & E)380   static bool isKind(const CFGElement &E) {
381     Kind kind = E.getKind();
382     return kind >= DTOR_BEGIN && kind <= DTOR_END;
383   }
384 };
385 
386 /// Represents C++ object destructor implicitly generated for automatic object
387 /// or temporary bound to const reference at the point of leaving its local
388 /// scope.
389 class CFGAutomaticObjDtor: public CFGImplicitDtor {
390 public:
CFGAutomaticObjDtor(const VarDecl * var,const Stmt * stmt)391   CFGAutomaticObjDtor(const VarDecl *var, const Stmt *stmt)
392       : CFGImplicitDtor(AutomaticObjectDtor, var, stmt) {}
393 
getVarDecl()394   const VarDecl *getVarDecl() const {
395     return static_cast<VarDecl*>(Data1.getPointer());
396   }
397 
398   // Get statement end of which triggered the destructor call.
getTriggerStmt()399   const Stmt *getTriggerStmt() const {
400     return static_cast<Stmt*>(Data2.getPointer());
401   }
402 
403 private:
404   friend class CFGElement;
405 
406   CFGAutomaticObjDtor() = default;
407 
isKind(const CFGElement & elem)408   static bool isKind(const CFGElement &elem) {
409     return elem.getKind() == AutomaticObjectDtor;
410   }
411 };
412 
413 /// Represents C++ object destructor generated from a call to delete.
414 class CFGDeleteDtor : public CFGImplicitDtor {
415 public:
CFGDeleteDtor(const CXXRecordDecl * RD,const CXXDeleteExpr * DE)416   CFGDeleteDtor(const CXXRecordDecl *RD, const CXXDeleteExpr *DE)
417       : CFGImplicitDtor(DeleteDtor, RD, DE) {}
418 
getCXXRecordDecl()419   const CXXRecordDecl *getCXXRecordDecl() const {
420     return static_cast<CXXRecordDecl*>(Data1.getPointer());
421   }
422 
423   // Get Delete expression which triggered the destructor call.
getDeleteExpr()424   const CXXDeleteExpr *getDeleteExpr() const {
425     return static_cast<CXXDeleteExpr *>(Data2.getPointer());
426   }
427 
428 private:
429   friend class CFGElement;
430 
431   CFGDeleteDtor() = default;
432 
isKind(const CFGElement & elem)433   static bool isKind(const CFGElement &elem) {
434     return elem.getKind() == DeleteDtor;
435   }
436 };
437 
438 /// Represents C++ object destructor implicitly generated for base object in
439 /// destructor.
440 class CFGBaseDtor : public CFGImplicitDtor {
441 public:
CFGBaseDtor(const CXXBaseSpecifier * base)442   CFGBaseDtor(const CXXBaseSpecifier *base)
443       : CFGImplicitDtor(BaseDtor, base) {}
444 
getBaseSpecifier()445   const CXXBaseSpecifier *getBaseSpecifier() const {
446     return static_cast<const CXXBaseSpecifier*>(Data1.getPointer());
447   }
448 
449 private:
450   friend class CFGElement;
451 
452   CFGBaseDtor() = default;
453 
isKind(const CFGElement & E)454   static bool isKind(const CFGElement &E) {
455     return E.getKind() == BaseDtor;
456   }
457 };
458 
459 /// Represents C++ object destructor implicitly generated for member object in
460 /// destructor.
461 class CFGMemberDtor : public CFGImplicitDtor {
462 public:
CFGMemberDtor(const FieldDecl * field)463   CFGMemberDtor(const FieldDecl *field)
464       : CFGImplicitDtor(MemberDtor, field, nullptr) {}
465 
getFieldDecl()466   const FieldDecl *getFieldDecl() const {
467     return static_cast<const FieldDecl*>(Data1.getPointer());
468   }
469 
470 private:
471   friend class CFGElement;
472 
473   CFGMemberDtor() = default;
474 
isKind(const CFGElement & E)475   static bool isKind(const CFGElement &E) {
476     return E.getKind() == MemberDtor;
477   }
478 };
479 
480 /// Represents C++ object destructor implicitly generated at the end of full
481 /// expression for temporary object.
482 class CFGTemporaryDtor : public CFGImplicitDtor {
483 public:
CFGTemporaryDtor(CXXBindTemporaryExpr * expr)484   CFGTemporaryDtor(CXXBindTemporaryExpr *expr)
485       : CFGImplicitDtor(TemporaryDtor, expr, nullptr) {}
486 
getBindTemporaryExpr()487   const CXXBindTemporaryExpr *getBindTemporaryExpr() const {
488     return static_cast<const CXXBindTemporaryExpr *>(Data1.getPointer());
489   }
490 
491 private:
492   friend class CFGElement;
493 
494   CFGTemporaryDtor() = default;
495 
isKind(const CFGElement & E)496   static bool isKind(const CFGElement &E) {
497     return E.getKind() == TemporaryDtor;
498   }
499 };
500 
501 /// Represents CFGBlock terminator statement.
502 ///
503 class CFGTerminator {
504 public:
505   enum Kind {
506     /// A branch that corresponds to a statement in the code,
507     /// such as an if-statement.
508     StmtBranch,
509     /// A branch in control flow of destructors of temporaries. In this case
510     /// terminator statement is the same statement that branches control flow
511     /// in evaluation of matching full expression.
512     TemporaryDtorsBranch,
513     /// A shortcut around virtual base initializers. It gets taken when
514     /// virtual base classes have already been initialized by the constructor
515     /// of the most derived class while we're in the base class.
516     VirtualBaseBranch,
517 
518     /// Number of different kinds, for sanity checks. We subtract 1 so that
519     /// to keep receiving compiler warnings when we don't cover all enum values
520     /// in a switch.
521     NumKindsMinusOne = VirtualBaseBranch
522   };
523 
524 private:
525   static constexpr int KindBits = 2;
526   static_assert((1 << KindBits) > NumKindsMinusOne,
527                 "Not enough room for kind!");
528   llvm::PointerIntPair<Stmt *, KindBits> Data;
529 
530 public:
CFGTerminator()531   CFGTerminator() { assert(!isValid()); }
Data(S,K)532   CFGTerminator(Stmt *S, Kind K = StmtBranch) : Data(S, K) {}
533 
isValid()534   bool isValid() const { return Data.getOpaqueValue() != nullptr; }
getStmt()535   Stmt *getStmt() { return Data.getPointer(); }
getStmt()536   const Stmt *getStmt() const { return Data.getPointer(); }
getKind()537   Kind getKind() const { return static_cast<Kind>(Data.getInt()); }
538 
isStmtBranch()539   bool isStmtBranch() const {
540     return getKind() == StmtBranch;
541   }
isTemporaryDtorsBranch()542   bool isTemporaryDtorsBranch() const {
543     return getKind() == TemporaryDtorsBranch;
544   }
isVirtualBaseBranch()545   bool isVirtualBaseBranch() const {
546     return getKind() == VirtualBaseBranch;
547   }
548 };
549 
550 /// Represents a single basic block in a source-level CFG.
551 ///  It consists of:
552 ///
553 ///  (1) A set of statements/expressions (which may contain subexpressions).
554 ///  (2) A "terminator" statement (not in the set of statements).
555 ///  (3) A list of successors and predecessors.
556 ///
557 /// Terminator: The terminator represents the type of control-flow that occurs
558 /// at the end of the basic block.  The terminator is a Stmt* referring to an
559 /// AST node that has control-flow: if-statements, breaks, loops, etc.
560 /// If the control-flow is conditional, the condition expression will appear
561 /// within the set of statements in the block (usually the last statement).
562 ///
563 /// Predecessors: the order in the set of predecessors is arbitrary.
564 ///
565 /// Successors: the order in the set of successors is NOT arbitrary.  We
566 ///  currently have the following orderings based on the terminator:
567 ///
568 ///     Terminator     |   Successor Ordering
569 ///  ------------------|------------------------------------
570 ///       if           |  Then Block;  Else Block
571 ///     ? operator     |  LHS expression;  RHS expression
572 ///     logical and/or |  expression that consumes the op, RHS
573 ///     vbase inits    |  already handled by the most derived class; not yet
574 ///
575 /// But note that any of that may be NULL in case of optimized-out edges.
576 class CFGBlock {
577   class ElementList {
578     using ImplTy = BumpVector<CFGElement>;
579 
580     ImplTy Impl;
581 
582   public:
ElementList(BumpVectorContext & C)583     ElementList(BumpVectorContext &C) : Impl(C, 4) {}
584 
585     using iterator = std::reverse_iterator<ImplTy::iterator>;
586     using const_iterator = std::reverse_iterator<ImplTy::const_iterator>;
587     using reverse_iterator = ImplTy::iterator;
588     using const_reverse_iterator = ImplTy::const_iterator;
589     using const_reference = ImplTy::const_reference;
590 
push_back(CFGElement e,BumpVectorContext & C)591     void push_back(CFGElement e, BumpVectorContext &C) { Impl.push_back(e, C); }
592 
insert(reverse_iterator I,size_t Cnt,CFGElement E,BumpVectorContext & C)593     reverse_iterator insert(reverse_iterator I, size_t Cnt, CFGElement E,
594         BumpVectorContext &C) {
595       return Impl.insert(I, Cnt, E, C);
596     }
597 
front()598     const_reference front() const { return Impl.back(); }
back()599     const_reference back() const { return Impl.front(); }
600 
begin()601     iterator begin() { return Impl.rbegin(); }
end()602     iterator end() { return Impl.rend(); }
begin()603     const_iterator begin() const { return Impl.rbegin(); }
end()604     const_iterator end() const { return Impl.rend(); }
rbegin()605     reverse_iterator rbegin() { return Impl.begin(); }
rend()606     reverse_iterator rend() { return Impl.end(); }
rbegin()607     const_reverse_iterator rbegin() const { return Impl.begin(); }
rend()608     const_reverse_iterator rend() const { return Impl.end(); }
609 
610     CFGElement operator[](size_t i) const  {
611       assert(i < Impl.size());
612       return Impl[Impl.size() - 1 - i];
613     }
614 
size()615     size_t size() const { return Impl.size(); }
empty()616     bool empty() const { return Impl.empty(); }
617   };
618 
619   /// A convenience class for comparing CFGElements, since methods of CFGBlock
620   /// like operator[] return CFGElements by value. This is practically a wrapper
621   /// around a (CFGBlock, Index) pair.
622   template <bool IsConst> class ElementRefImpl {
623 
624     template <bool IsOtherConst> friend class ElementRefImpl;
625 
626     using CFGBlockPtr =
627         std::conditional_t<IsConst, const CFGBlock *, CFGBlock *>;
628 
629     using CFGElementPtr =
630         std::conditional_t<IsConst, const CFGElement *, CFGElement *>;
631 
632   protected:
633     CFGBlockPtr Parent;
634     size_t Index;
635 
636   public:
ElementRefImpl(CFGBlockPtr Parent,size_t Index)637     ElementRefImpl(CFGBlockPtr Parent, size_t Index)
638         : Parent(Parent), Index(Index) {}
639 
640     template <bool IsOtherConst>
ElementRefImpl(ElementRefImpl<IsOtherConst> Other)641     ElementRefImpl(ElementRefImpl<IsOtherConst> Other)
642         : ElementRefImpl(Other.Parent, Other.Index) {}
643 
getIndexInBlock()644     size_t getIndexInBlock() const { return Index; }
645 
getParent()646     CFGBlockPtr getParent() { return Parent; }
getParent()647     CFGBlockPtr getParent() const { return Parent; }
648 
649     bool operator<(ElementRefImpl Other) const {
650       return std::make_pair(Parent, Index) <
651              std::make_pair(Other.Parent, Other.Index);
652     }
653 
654     bool operator==(ElementRefImpl Other) const {
655       return Parent == Other.Parent && Index == Other.Index;
656     }
657 
658     bool operator!=(ElementRefImpl Other) const { return !(*this == Other); }
659     CFGElement operator*() const { return (*Parent)[Index]; }
660     CFGElementPtr operator->() const { return &*(Parent->begin() + Index); }
661 
dumpToStream(llvm::raw_ostream & OS)662     void dumpToStream(llvm::raw_ostream &OS) const {
663       OS << getIndexInBlock() + 1 << ": ";
664       (*this)->dumpToStream(OS);
665     }
666 
dump()667     void dump() const {
668       dumpToStream(llvm::errs());
669     }
670   };
671 
672   template <bool IsReverse, bool IsConst> class ElementRefIterator {
673 
674     template <bool IsOtherReverse, bool IsOtherConst>
675     friend class ElementRefIterator;
676 
677     using CFGBlockRef =
678         std::conditional_t<IsConst, const CFGBlock *, CFGBlock *>;
679 
680     using UnderlayingIteratorTy = std::conditional_t<
681         IsConst,
682         std::conditional_t<IsReverse, ElementList::const_reverse_iterator,
683                            ElementList::const_iterator>,
684         std::conditional_t<IsReverse, ElementList::reverse_iterator,
685                            ElementList::iterator>>;
686 
687     using IteratorTraits = typename std::iterator_traits<UnderlayingIteratorTy>;
688     using ElementRef = typename CFGBlock::ElementRefImpl<IsConst>;
689 
690   public:
691     using difference_type = typename IteratorTraits::difference_type;
692     using value_type = ElementRef;
693     using pointer = ElementRef *;
694     using iterator_category = typename IteratorTraits::iterator_category;
695 
696   private:
697     CFGBlockRef Parent;
698     UnderlayingIteratorTy Pos;
699 
700   public:
ElementRefIterator(CFGBlockRef Parent,UnderlayingIteratorTy Pos)701     ElementRefIterator(CFGBlockRef Parent, UnderlayingIteratorTy Pos)
702         : Parent(Parent), Pos(Pos) {}
703 
704     template <bool IsOtherConst>
ElementRefIterator(ElementRefIterator<false,IsOtherConst> E)705     ElementRefIterator(ElementRefIterator<false, IsOtherConst> E)
706         : ElementRefIterator(E.Parent, E.Pos.base()) {}
707 
708     template <bool IsOtherConst>
ElementRefIterator(ElementRefIterator<true,IsOtherConst> E)709     ElementRefIterator(ElementRefIterator<true, IsOtherConst> E)
710         : ElementRefIterator(E.Parent, llvm::make_reverse_iterator(E.Pos)) {}
711 
712     bool operator<(ElementRefIterator Other) const {
713       assert(Parent == Other.Parent);
714       return Pos < Other.Pos;
715     }
716 
717     bool operator==(ElementRefIterator Other) const {
718       return Parent == Other.Parent && Pos == Other.Pos;
719     }
720 
721     bool operator!=(ElementRefIterator Other) const {
722       return !(*this == Other);
723     }
724 
725   private:
726     template <bool IsOtherConst>
727     static size_t
getIndexInBlock(CFGBlock::ElementRefIterator<true,IsOtherConst> E)728     getIndexInBlock(CFGBlock::ElementRefIterator<true, IsOtherConst> E) {
729       return E.Parent->size() - (E.Pos - E.Parent->rbegin()) - 1;
730     }
731 
732     template <bool IsOtherConst>
733     static size_t
getIndexInBlock(CFGBlock::ElementRefIterator<false,IsOtherConst> E)734     getIndexInBlock(CFGBlock::ElementRefIterator<false, IsOtherConst> E) {
735       return E.Pos - E.Parent->begin();
736     }
737 
738   public:
739     value_type operator*() { return {Parent, getIndexInBlock(*this)}; }
740 
741     difference_type operator-(ElementRefIterator Other) const {
742       return Pos - Other.Pos;
743     }
744 
745     ElementRefIterator operator++() {
746       ++this->Pos;
747       return *this;
748     }
749     ElementRefIterator operator++(int) {
750       ElementRefIterator Ret = *this;
751       ++*this;
752       return Ret;
753     }
754     ElementRefIterator operator+(size_t count) {
755       this->Pos += count;
756       return *this;
757     }
758     ElementRefIterator operator-(size_t count) {
759       this->Pos -= count;
760       return *this;
761     }
762   };
763 
764 public:
765   /// The set of statements in the basic block.
766   ElementList Elements;
767 
768   /// An (optional) label that prefixes the executable statements in the block.
769   /// When this variable is non-NULL, it is either an instance of LabelStmt,
770   /// SwitchCase or CXXCatchStmt.
771   Stmt *Label = nullptr;
772 
773   /// The terminator for a basic block that indicates the type of control-flow
774   /// that occurs between a block and its successors.
775   CFGTerminator Terminator;
776 
777   /// Some blocks are used to represent the "loop edge" to the start of a loop
778   /// from within the loop body. This Stmt* will be refer to the loop statement
779   /// for such blocks (and be null otherwise).
780   const Stmt *LoopTarget = nullptr;
781 
782   /// A numerical ID assigned to a CFGBlock during construction of the CFG.
783   unsigned BlockID;
784 
785 public:
786   /// This class represents a potential adjacent block in the CFG.  It encodes
787   /// whether or not the block is actually reachable, or can be proved to be
788   /// trivially unreachable.  For some cases it allows one to encode scenarios
789   /// where a block was substituted because the original (now alternate) block
790   /// is unreachable.
791   class AdjacentBlock {
792     enum Kind {
793       AB_Normal,
794       AB_Unreachable,
795       AB_Alternate
796     };
797 
798     CFGBlock *ReachableBlock;
799     llvm::PointerIntPair<CFGBlock *, 2> UnreachableBlock;
800 
801   public:
802     /// Construct an AdjacentBlock with a possibly unreachable block.
803     AdjacentBlock(CFGBlock *B, bool IsReachable);
804 
805     /// Construct an AdjacentBlock with a reachable block and an alternate
806     /// unreachable block.
807     AdjacentBlock(CFGBlock *B, CFGBlock *AlternateBlock);
808 
809     /// Get the reachable block, if one exists.
getReachableBlock()810     CFGBlock *getReachableBlock() const {
811       return ReachableBlock;
812     }
813 
814     /// Get the potentially unreachable block.
getPossiblyUnreachableBlock()815     CFGBlock *getPossiblyUnreachableBlock() const {
816       return UnreachableBlock.getPointer();
817     }
818 
819     /// Provide an implicit conversion to CFGBlock* so that
820     /// AdjacentBlock can be substituted for CFGBlock*.
821     operator CFGBlock*() const {
822       return getReachableBlock();
823     }
824 
825     CFGBlock& operator *() const {
826       return *getReachableBlock();
827     }
828 
829     CFGBlock* operator ->() const {
830       return getReachableBlock();
831     }
832 
isReachable()833     bool isReachable() const {
834       Kind K = (Kind) UnreachableBlock.getInt();
835       return K == AB_Normal || K == AB_Alternate;
836     }
837   };
838 
839 private:
840   /// Keep track of the predecessor / successor CFG blocks.
841   using AdjacentBlocks = BumpVector<AdjacentBlock>;
842   AdjacentBlocks Preds;
843   AdjacentBlocks Succs;
844 
845   /// This bit is set when the basic block contains a function call
846   /// or implicit destructor that is attributed as 'noreturn'. In that case,
847   /// control cannot technically ever proceed past this block. All such blocks
848   /// will have a single immediate successor: the exit block. This allows them
849   /// to be easily reached from the exit block and using this bit quickly
850   /// recognized without scanning the contents of the block.
851   ///
852   /// Optimization Note: This bit could be profitably folded with Terminator's
853   /// storage if the memory usage of CFGBlock becomes an issue.
854   unsigned HasNoReturnElement : 1;
855 
856   /// The parent CFG that owns this CFGBlock.
857   CFG *Parent;
858 
859 public:
CFGBlock(unsigned blockid,BumpVectorContext & C,CFG * parent)860   explicit CFGBlock(unsigned blockid, BumpVectorContext &C, CFG *parent)
861       : Elements(C), Terminator(nullptr), BlockID(blockid), Preds(C, 1),
862         Succs(C, 1), HasNoReturnElement(false), Parent(parent) {}
863 
864   // Statement iterators
865   using iterator = ElementList::iterator;
866   using const_iterator = ElementList::const_iterator;
867   using reverse_iterator = ElementList::reverse_iterator;
868   using const_reverse_iterator = ElementList::const_reverse_iterator;
869 
870   size_t getIndexInCFG() const;
871 
front()872   CFGElement                 front()       const { return Elements.front();   }
back()873   CFGElement                 back()        const { return Elements.back();    }
874 
begin()875   iterator                   begin()             { return Elements.begin();   }
end()876   iterator                   end()               { return Elements.end();     }
begin()877   const_iterator             begin()       const { return Elements.begin();   }
end()878   const_iterator             end()         const { return Elements.end();     }
879 
rbegin()880   reverse_iterator           rbegin()            { return Elements.rbegin();  }
rend()881   reverse_iterator           rend()              { return Elements.rend();    }
rbegin()882   const_reverse_iterator     rbegin()      const { return Elements.rbegin();  }
rend()883   const_reverse_iterator     rend()        const { return Elements.rend();    }
884 
885   using CFGElementRef = ElementRefImpl<false>;
886   using ConstCFGElementRef = ElementRefImpl<true>;
887 
888   using ref_iterator = ElementRefIterator<false, false>;
889   using ref_iterator_range = llvm::iterator_range<ref_iterator>;
890   using const_ref_iterator = ElementRefIterator<false, true>;
891   using const_ref_iterator_range = llvm::iterator_range<const_ref_iterator>;
892 
893   using reverse_ref_iterator = ElementRefIterator<true, false>;
894   using reverse_ref_iterator_range = llvm::iterator_range<reverse_ref_iterator>;
895 
896   using const_reverse_ref_iterator = ElementRefIterator<true, true>;
897   using const_reverse_ref_iterator_range =
898       llvm::iterator_range<const_reverse_ref_iterator>;
899 
ref_begin()900   ref_iterator ref_begin() { return {this, begin()}; }
ref_end()901   ref_iterator ref_end() { return {this, end()}; }
ref_begin()902   const_ref_iterator ref_begin() const { return {this, begin()}; }
ref_end()903   const_ref_iterator ref_end() const { return {this, end()}; }
904 
rref_begin()905   reverse_ref_iterator rref_begin() { return {this, rbegin()}; }
rref_end()906   reverse_ref_iterator rref_end() { return {this, rend()}; }
rref_begin()907   const_reverse_ref_iterator rref_begin() const { return {this, rbegin()}; }
rref_end()908   const_reverse_ref_iterator rref_end() const { return {this, rend()}; }
909 
refs()910   ref_iterator_range refs() { return {ref_begin(), ref_end()}; }
refs()911   const_ref_iterator_range refs() const { return {ref_begin(), ref_end()}; }
rrefs()912   reverse_ref_iterator_range rrefs() { return {rref_begin(), rref_end()}; }
rrefs()913   const_reverse_ref_iterator_range rrefs() const {
914     return {rref_begin(), rref_end()};
915   }
916 
size()917   unsigned                   size()        const { return Elements.size();    }
empty()918   bool                       empty()       const { return Elements.empty();   }
919 
920   CFGElement operator[](size_t i) const  { return Elements[i]; }
921 
922   // CFG iterators
923   using pred_iterator = AdjacentBlocks::iterator;
924   using const_pred_iterator = AdjacentBlocks::const_iterator;
925   using pred_reverse_iterator = AdjacentBlocks::reverse_iterator;
926   using const_pred_reverse_iterator = AdjacentBlocks::const_reverse_iterator;
927   using pred_range = llvm::iterator_range<pred_iterator>;
928   using pred_const_range = llvm::iterator_range<const_pred_iterator>;
929 
930   using succ_iterator = AdjacentBlocks::iterator;
931   using const_succ_iterator = AdjacentBlocks::const_iterator;
932   using succ_reverse_iterator = AdjacentBlocks::reverse_iterator;
933   using const_succ_reverse_iterator = AdjacentBlocks::const_reverse_iterator;
934   using succ_range = llvm::iterator_range<succ_iterator>;
935   using succ_const_range = llvm::iterator_range<const_succ_iterator>;
936 
pred_begin()937   pred_iterator                pred_begin()        { return Preds.begin();   }
pred_end()938   pred_iterator                pred_end()          { return Preds.end();     }
pred_begin()939   const_pred_iterator          pred_begin()  const { return Preds.begin();   }
pred_end()940   const_pred_iterator          pred_end()    const { return Preds.end();     }
941 
pred_rbegin()942   pred_reverse_iterator        pred_rbegin()       { return Preds.rbegin();  }
pred_rend()943   pred_reverse_iterator        pred_rend()         { return Preds.rend();    }
pred_rbegin()944   const_pred_reverse_iterator  pred_rbegin() const { return Preds.rbegin();  }
pred_rend()945   const_pred_reverse_iterator  pred_rend()   const { return Preds.rend();    }
946 
preds()947   pred_range preds() {
948     return pred_range(pred_begin(), pred_end());
949   }
950 
preds()951   pred_const_range preds() const {
952     return pred_const_range(pred_begin(), pred_end());
953   }
954 
succ_begin()955   succ_iterator                succ_begin()        { return Succs.begin();   }
succ_end()956   succ_iterator                succ_end()          { return Succs.end();     }
succ_begin()957   const_succ_iterator          succ_begin()  const { return Succs.begin();   }
succ_end()958   const_succ_iterator          succ_end()    const { return Succs.end();     }
959 
succ_rbegin()960   succ_reverse_iterator        succ_rbegin()       { return Succs.rbegin();  }
succ_rend()961   succ_reverse_iterator        succ_rend()         { return Succs.rend();    }
succ_rbegin()962   const_succ_reverse_iterator  succ_rbegin() const { return Succs.rbegin();  }
succ_rend()963   const_succ_reverse_iterator  succ_rend()   const { return Succs.rend();    }
964 
succs()965   succ_range succs() {
966     return succ_range(succ_begin(), succ_end());
967   }
968 
succs()969   succ_const_range succs() const {
970     return succ_const_range(succ_begin(), succ_end());
971   }
972 
succ_size()973   unsigned                     succ_size()   const { return Succs.size();    }
succ_empty()974   bool                         succ_empty()  const { return Succs.empty();   }
975 
pred_size()976   unsigned                     pred_size()   const { return Preds.size();    }
pred_empty()977   bool                         pred_empty()  const { return Preds.empty();   }
978 
979 
980   class FilterOptions {
981   public:
982     unsigned IgnoreNullPredecessors : 1;
983     unsigned IgnoreDefaultsWithCoveredEnums : 1;
984 
FilterOptions()985     FilterOptions()
986         : IgnoreNullPredecessors(1), IgnoreDefaultsWithCoveredEnums(0) {}
987   };
988 
989   static bool FilterEdge(const FilterOptions &F, const CFGBlock *Src,
990        const CFGBlock *Dst);
991 
992   template <typename IMPL, bool IsPred>
993   class FilteredCFGBlockIterator {
994   private:
995     IMPL I, E;
996     const FilterOptions F;
997     const CFGBlock *From;
998 
999   public:
FilteredCFGBlockIterator(const IMPL & i,const IMPL & e,const CFGBlock * from,const FilterOptions & f)1000     explicit FilteredCFGBlockIterator(const IMPL &i, const IMPL &e,
1001                                       const CFGBlock *from,
1002                                       const FilterOptions &f)
1003         : I(i), E(e), F(f), From(from) {
1004       while (hasMore() && Filter(*I))
1005         ++I;
1006     }
1007 
hasMore()1008     bool hasMore() const { return I != E; }
1009 
1010     FilteredCFGBlockIterator &operator++() {
1011       do { ++I; } while (hasMore() && Filter(*I));
1012       return *this;
1013     }
1014 
1015     const CFGBlock *operator*() const { return *I; }
1016 
1017   private:
Filter(const CFGBlock * To)1018     bool Filter(const CFGBlock *To) {
1019       return IsPred ? FilterEdge(F, To, From) : FilterEdge(F, From, To);
1020     }
1021   };
1022 
1023   using filtered_pred_iterator =
1024       FilteredCFGBlockIterator<const_pred_iterator, true>;
1025 
1026   using filtered_succ_iterator =
1027       FilteredCFGBlockIterator<const_succ_iterator, false>;
1028 
filtered_pred_start_end(const FilterOptions & f)1029   filtered_pred_iterator filtered_pred_start_end(const FilterOptions &f) const {
1030     return filtered_pred_iterator(pred_begin(), pred_end(), this, f);
1031   }
1032 
filtered_succ_start_end(const FilterOptions & f)1033   filtered_succ_iterator filtered_succ_start_end(const FilterOptions &f) const {
1034     return filtered_succ_iterator(succ_begin(), succ_end(), this, f);
1035   }
1036 
1037   // Manipulation of block contents
1038 
setTerminator(CFGTerminator Term)1039   void setTerminator(CFGTerminator Term) { Terminator = Term; }
setLabel(Stmt * Statement)1040   void setLabel(Stmt *Statement) { Label = Statement; }
setLoopTarget(const Stmt * loopTarget)1041   void setLoopTarget(const Stmt *loopTarget) { LoopTarget = loopTarget; }
setHasNoReturnElement()1042   void setHasNoReturnElement() { HasNoReturnElement = true; }
1043 
1044   /// Returns true if the block would eventually end with a sink (a noreturn
1045   /// node).
1046   bool isInevitablySinking() const;
1047 
getTerminator()1048   CFGTerminator getTerminator() const { return Terminator; }
1049 
getTerminatorStmt()1050   Stmt *getTerminatorStmt() { return Terminator.getStmt(); }
getTerminatorStmt()1051   const Stmt *getTerminatorStmt() const { return Terminator.getStmt(); }
1052 
1053   /// \returns the last (\c rbegin()) condition, e.g. observe the following code
1054   /// snippet:
1055   ///   if (A && B && C)
1056   /// A block would be created for \c A, \c B, and \c C. For the latter,
1057   /// \c getTerminatorStmt() would retrieve the entire condition, rather than
1058   /// C itself, while this method would only return C.
1059   const Expr *getLastCondition() const;
1060 
1061   Stmt *getTerminatorCondition(bool StripParens = true);
1062 
1063   const Stmt *getTerminatorCondition(bool StripParens = true) const {
1064     return const_cast<CFGBlock*>(this)->getTerminatorCondition(StripParens);
1065   }
1066 
getLoopTarget()1067   const Stmt *getLoopTarget() const { return LoopTarget; }
1068 
getLabel()1069   Stmt *getLabel() { return Label; }
getLabel()1070   const Stmt *getLabel() const { return Label; }
1071 
hasNoReturnElement()1072   bool hasNoReturnElement() const { return HasNoReturnElement; }
1073 
getBlockID()1074   unsigned getBlockID() const { return BlockID; }
1075 
getParent()1076   CFG *getParent() const { return Parent; }
1077 
1078   void dump() const;
1079 
1080   void dump(const CFG *cfg, const LangOptions &LO, bool ShowColors = false) const;
1081   void print(raw_ostream &OS, const CFG* cfg, const LangOptions &LO,
1082              bool ShowColors) const;
1083 
1084   void printTerminator(raw_ostream &OS, const LangOptions &LO) const;
1085   void printTerminatorJson(raw_ostream &Out, const LangOptions &LO,
1086                            bool AddQuotes) const;
1087 
printAsOperand(raw_ostream & OS,bool)1088   void printAsOperand(raw_ostream &OS, bool /*PrintType*/) {
1089     OS << "BB#" << getBlockID();
1090   }
1091 
1092   /// Adds a (potentially unreachable) successor block to the current block.
1093   void addSuccessor(AdjacentBlock Succ, BumpVectorContext &C);
1094 
appendStmt(Stmt * statement,BumpVectorContext & C)1095   void appendStmt(Stmt *statement, BumpVectorContext &C) {
1096     Elements.push_back(CFGStmt(statement), C);
1097   }
1098 
appendConstructor(CXXConstructExpr * CE,const ConstructionContext * CC,BumpVectorContext & C)1099   void appendConstructor(CXXConstructExpr *CE, const ConstructionContext *CC,
1100                          BumpVectorContext &C) {
1101     Elements.push_back(CFGConstructor(CE, CC), C);
1102   }
1103 
appendCXXRecordTypedCall(Expr * E,const ConstructionContext * CC,BumpVectorContext & C)1104   void appendCXXRecordTypedCall(Expr *E,
1105                                 const ConstructionContext *CC,
1106                                 BumpVectorContext &C) {
1107     Elements.push_back(CFGCXXRecordTypedCall(E, CC), C);
1108   }
1109 
appendInitializer(CXXCtorInitializer * initializer,BumpVectorContext & C)1110   void appendInitializer(CXXCtorInitializer *initializer,
1111                         BumpVectorContext &C) {
1112     Elements.push_back(CFGInitializer(initializer), C);
1113   }
1114 
appendNewAllocator(CXXNewExpr * NE,BumpVectorContext & C)1115   void appendNewAllocator(CXXNewExpr *NE,
1116                           BumpVectorContext &C) {
1117     Elements.push_back(CFGNewAllocator(NE), C);
1118   }
1119 
appendScopeBegin(const VarDecl * VD,const Stmt * S,BumpVectorContext & C)1120   void appendScopeBegin(const VarDecl *VD, const Stmt *S,
1121                         BumpVectorContext &C) {
1122     Elements.push_back(CFGScopeBegin(VD, S), C);
1123   }
1124 
prependScopeBegin(const VarDecl * VD,const Stmt * S,BumpVectorContext & C)1125   void prependScopeBegin(const VarDecl *VD, const Stmt *S,
1126                          BumpVectorContext &C) {
1127     Elements.insert(Elements.rbegin(), 1, CFGScopeBegin(VD, S), C);
1128   }
1129 
appendScopeEnd(const VarDecl * VD,const Stmt * S,BumpVectorContext & C)1130   void appendScopeEnd(const VarDecl *VD, const Stmt *S, BumpVectorContext &C) {
1131     Elements.push_back(CFGScopeEnd(VD, S), C);
1132   }
1133 
prependScopeEnd(const VarDecl * VD,const Stmt * S,BumpVectorContext & C)1134   void prependScopeEnd(const VarDecl *VD, const Stmt *S, BumpVectorContext &C) {
1135     Elements.insert(Elements.rbegin(), 1, CFGScopeEnd(VD, S), C);
1136   }
1137 
appendBaseDtor(const CXXBaseSpecifier * BS,BumpVectorContext & C)1138   void appendBaseDtor(const CXXBaseSpecifier *BS, BumpVectorContext &C) {
1139     Elements.push_back(CFGBaseDtor(BS), C);
1140   }
1141 
appendMemberDtor(FieldDecl * FD,BumpVectorContext & C)1142   void appendMemberDtor(FieldDecl *FD, BumpVectorContext &C) {
1143     Elements.push_back(CFGMemberDtor(FD), C);
1144   }
1145 
appendTemporaryDtor(CXXBindTemporaryExpr * E,BumpVectorContext & C)1146   void appendTemporaryDtor(CXXBindTemporaryExpr *E, BumpVectorContext &C) {
1147     Elements.push_back(CFGTemporaryDtor(E), C);
1148   }
1149 
appendAutomaticObjDtor(VarDecl * VD,Stmt * S,BumpVectorContext & C)1150   void appendAutomaticObjDtor(VarDecl *VD, Stmt *S, BumpVectorContext &C) {
1151     Elements.push_back(CFGAutomaticObjDtor(VD, S), C);
1152   }
1153 
appendLifetimeEnds(VarDecl * VD,Stmt * S,BumpVectorContext & C)1154   void appendLifetimeEnds(VarDecl *VD, Stmt *S, BumpVectorContext &C) {
1155     Elements.push_back(CFGLifetimeEnds(VD, S), C);
1156   }
1157 
appendLoopExit(const Stmt * LoopStmt,BumpVectorContext & C)1158   void appendLoopExit(const Stmt *LoopStmt, BumpVectorContext &C) {
1159     Elements.push_back(CFGLoopExit(LoopStmt), C);
1160   }
1161 
appendDeleteDtor(CXXRecordDecl * RD,CXXDeleteExpr * DE,BumpVectorContext & C)1162   void appendDeleteDtor(CXXRecordDecl *RD, CXXDeleteExpr *DE, BumpVectorContext &C) {
1163     Elements.push_back(CFGDeleteDtor(RD, DE), C);
1164   }
1165 
1166   // Destructors must be inserted in reversed order. So insertion is in two
1167   // steps. First we prepare space for some number of elements, then we insert
1168   // the elements beginning at the last position in prepared space.
beginAutomaticObjDtorsInsert(iterator I,size_t Cnt,BumpVectorContext & C)1169   iterator beginAutomaticObjDtorsInsert(iterator I, size_t Cnt,
1170       BumpVectorContext &C) {
1171     return iterator(Elements.insert(I.base(), Cnt,
1172                                     CFGAutomaticObjDtor(nullptr, nullptr), C));
1173   }
insertAutomaticObjDtor(iterator I,VarDecl * VD,Stmt * S)1174   iterator insertAutomaticObjDtor(iterator I, VarDecl *VD, Stmt *S) {
1175     *I = CFGAutomaticObjDtor(VD, S);
1176     return ++I;
1177   }
1178 
1179   // Scope leaving must be performed in reversed order. So insertion is in two
1180   // steps. First we prepare space for some number of elements, then we insert
1181   // the elements beginning at the last position in prepared space.
beginLifetimeEndsInsert(iterator I,size_t Cnt,BumpVectorContext & C)1182   iterator beginLifetimeEndsInsert(iterator I, size_t Cnt,
1183                                    BumpVectorContext &C) {
1184     return iterator(
1185         Elements.insert(I.base(), Cnt, CFGLifetimeEnds(nullptr, nullptr), C));
1186   }
insertLifetimeEnds(iterator I,VarDecl * VD,Stmt * S)1187   iterator insertLifetimeEnds(iterator I, VarDecl *VD, Stmt *S) {
1188     *I = CFGLifetimeEnds(VD, S);
1189     return ++I;
1190   }
1191 
1192   // Scope leaving must be performed in reversed order. So insertion is in two
1193   // steps. First we prepare space for some number of elements, then we insert
1194   // the elements beginning at the last position in prepared space.
beginScopeEndInsert(iterator I,size_t Cnt,BumpVectorContext & C)1195   iterator beginScopeEndInsert(iterator I, size_t Cnt, BumpVectorContext &C) {
1196     return iterator(
1197         Elements.insert(I.base(), Cnt, CFGScopeEnd(nullptr, nullptr), C));
1198   }
insertScopeEnd(iterator I,VarDecl * VD,Stmt * S)1199   iterator insertScopeEnd(iterator I, VarDecl *VD, Stmt *S) {
1200     *I = CFGScopeEnd(VD, S);
1201     return ++I;
1202   }
1203 };
1204 
1205 /// CFGCallback defines methods that should be called when a logical
1206 /// operator error is found when building the CFG.
1207 class CFGCallback {
1208 public:
1209   CFGCallback() = default;
1210   virtual ~CFGCallback() = default;
1211 
compareAlwaysTrue(const BinaryOperator * B,bool isAlwaysTrue)1212   virtual void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) {}
compareBitwiseEquality(const BinaryOperator * B,bool isAlwaysTrue)1213   virtual void compareBitwiseEquality(const BinaryOperator *B,
1214                                       bool isAlwaysTrue) {}
compareBitwiseOr(const BinaryOperator * B)1215   virtual void compareBitwiseOr(const BinaryOperator *B) {}
1216 };
1217 
1218 /// Represents a source-level, intra-procedural CFG that represents the
1219 ///  control-flow of a Stmt.  The Stmt can represent an entire function body,
1220 ///  or a single expression.  A CFG will always contain one empty block that
1221 ///  represents the Exit point of the CFG.  A CFG will also contain a designated
1222 ///  Entry block.  The CFG solely represents control-flow; it consists of
1223 ///  CFGBlocks which are simply containers of Stmt*'s in the AST the CFG
1224 ///  was constructed from.
1225 class CFG {
1226 public:
1227   //===--------------------------------------------------------------------===//
1228   // CFG Construction & Manipulation.
1229   //===--------------------------------------------------------------------===//
1230 
1231   class BuildOptions {
1232     std::bitset<Stmt::lastStmtConstant> alwaysAddMask;
1233 
1234   public:
1235     using ForcedBlkExprs = llvm::DenseMap<const Stmt *, const CFGBlock *>;
1236 
1237     ForcedBlkExprs **forcedBlkExprs = nullptr;
1238     CFGCallback *Observer = nullptr;
1239     bool PruneTriviallyFalseEdges = true;
1240     bool AddEHEdges = false;
1241     bool AddInitializers = false;
1242     bool AddImplicitDtors = false;
1243     bool AddLifetime = false;
1244     bool AddLoopExit = false;
1245     bool AddTemporaryDtors = false;
1246     bool AddScopes = false;
1247     bool AddStaticInitBranches = false;
1248     bool AddCXXNewAllocator = false;
1249     bool AddCXXDefaultInitExprInCtors = false;
1250     bool AddCXXDefaultInitExprInAggregates = false;
1251     bool AddRichCXXConstructors = false;
1252     bool MarkElidedCXXConstructors = false;
1253     bool AddVirtualBaseBranches = false;
1254     bool OmitImplicitValueInitializers = false;
1255 
1256     BuildOptions() = default;
1257 
alwaysAdd(const Stmt * stmt)1258     bool alwaysAdd(const Stmt *stmt) const {
1259       return alwaysAddMask[stmt->getStmtClass()];
1260     }
1261 
1262     BuildOptions &setAlwaysAdd(Stmt::StmtClass stmtClass, bool val = true) {
1263       alwaysAddMask[stmtClass] = val;
1264       return *this;
1265     }
1266 
setAllAlwaysAdd()1267     BuildOptions &setAllAlwaysAdd() {
1268       alwaysAddMask.set();
1269       return *this;
1270     }
1271   };
1272 
1273   /// Builds a CFG from an AST.
1274   static std::unique_ptr<CFG> buildCFG(const Decl *D, Stmt *AST, ASTContext *C,
1275                                        const BuildOptions &BO);
1276 
1277   /// Create a new block in the CFG. The CFG owns the block; the caller should
1278   /// not directly free it.
1279   CFGBlock *createBlock();
1280 
1281   /// Set the entry block of the CFG. This is typically used only during CFG
1282   /// construction. Most CFG clients expect that the entry block has no
1283   /// predecessors and contains no statements.
setEntry(CFGBlock * B)1284   void setEntry(CFGBlock *B) { Entry = B; }
1285 
1286   /// Set the block used for indirect goto jumps. This is typically used only
1287   /// during CFG construction.
setIndirectGotoBlock(CFGBlock * B)1288   void setIndirectGotoBlock(CFGBlock *B) { IndirectGotoBlock = B; }
1289 
1290   //===--------------------------------------------------------------------===//
1291   // Block Iterators
1292   //===--------------------------------------------------------------------===//
1293 
1294   using CFGBlockListTy = BumpVector<CFGBlock *>;
1295   using iterator = CFGBlockListTy::iterator;
1296   using const_iterator = CFGBlockListTy::const_iterator;
1297   using reverse_iterator = std::reverse_iterator<iterator>;
1298   using const_reverse_iterator = std::reverse_iterator<const_iterator>;
1299 
front()1300   CFGBlock &                front()                { return *Blocks.front(); }
back()1301   CFGBlock &                back()                 { return *Blocks.back(); }
1302 
begin()1303   iterator                  begin()                { return Blocks.begin(); }
end()1304   iterator                  end()                  { return Blocks.end(); }
begin()1305   const_iterator            begin()       const    { return Blocks.begin(); }
end()1306   const_iterator            end()         const    { return Blocks.end(); }
1307 
nodes_begin()1308   iterator nodes_begin() { return iterator(Blocks.begin()); }
nodes_end()1309   iterator nodes_end() { return iterator(Blocks.end()); }
nodes_begin()1310   const_iterator nodes_begin() const { return const_iterator(Blocks.begin()); }
nodes_end()1311   const_iterator nodes_end() const { return const_iterator(Blocks.end()); }
1312 
rbegin()1313   reverse_iterator          rbegin()               { return Blocks.rbegin(); }
rend()1314   reverse_iterator          rend()                 { return Blocks.rend(); }
rbegin()1315   const_reverse_iterator    rbegin()      const    { return Blocks.rbegin(); }
rend()1316   const_reverse_iterator    rend()        const    { return Blocks.rend(); }
1317 
getEntry()1318   CFGBlock &                getEntry()             { return *Entry; }
getEntry()1319   const CFGBlock &          getEntry()    const    { return *Entry; }
getExit()1320   CFGBlock &                getExit()              { return *Exit; }
getExit()1321   const CFGBlock &          getExit()     const    { return *Exit; }
1322 
getIndirectGotoBlock()1323   CFGBlock *       getIndirectGotoBlock() { return IndirectGotoBlock; }
getIndirectGotoBlock()1324   const CFGBlock * getIndirectGotoBlock() const { return IndirectGotoBlock; }
1325 
1326   using try_block_iterator = std::vector<const CFGBlock *>::const_iterator;
1327 
try_blocks_begin()1328   try_block_iterator try_blocks_begin() const {
1329     return TryDispatchBlocks.begin();
1330   }
1331 
try_blocks_end()1332   try_block_iterator try_blocks_end() const {
1333     return TryDispatchBlocks.end();
1334   }
1335 
addTryDispatchBlock(const CFGBlock * block)1336   void addTryDispatchBlock(const CFGBlock *block) {
1337     TryDispatchBlocks.push_back(block);
1338   }
1339 
1340   /// Records a synthetic DeclStmt and the DeclStmt it was constructed from.
1341   ///
1342   /// The CFG uses synthetic DeclStmts when a single AST DeclStmt contains
1343   /// multiple decls.
addSyntheticDeclStmt(const DeclStmt * Synthetic,const DeclStmt * Source)1344   void addSyntheticDeclStmt(const DeclStmt *Synthetic,
1345                             const DeclStmt *Source) {
1346     assert(Synthetic->isSingleDecl() && "Can handle single declarations only");
1347     assert(Synthetic != Source && "Don't include original DeclStmts in map");
1348     assert(!SyntheticDeclStmts.count(Synthetic) && "Already in map");
1349     SyntheticDeclStmts[Synthetic] = Source;
1350   }
1351 
1352   using synthetic_stmt_iterator =
1353       llvm::DenseMap<const DeclStmt *, const DeclStmt *>::const_iterator;
1354   using synthetic_stmt_range = llvm::iterator_range<synthetic_stmt_iterator>;
1355 
1356   /// Iterates over synthetic DeclStmts in the CFG.
1357   ///
1358   /// Each element is a (synthetic statement, source statement) pair.
1359   ///
1360   /// \sa addSyntheticDeclStmt
synthetic_stmt_begin()1361   synthetic_stmt_iterator synthetic_stmt_begin() const {
1362     return SyntheticDeclStmts.begin();
1363   }
1364 
1365   /// \sa synthetic_stmt_begin
synthetic_stmt_end()1366   synthetic_stmt_iterator synthetic_stmt_end() const {
1367     return SyntheticDeclStmts.end();
1368   }
1369 
1370   /// \sa synthetic_stmt_begin
synthetic_stmts()1371   synthetic_stmt_range synthetic_stmts() const {
1372     return synthetic_stmt_range(synthetic_stmt_begin(), synthetic_stmt_end());
1373   }
1374 
1375   //===--------------------------------------------------------------------===//
1376   // Member templates useful for various batch operations over CFGs.
1377   //===--------------------------------------------------------------------===//
1378 
1379   template <typename CALLBACK>
VisitBlockStmts(CALLBACK & O)1380   void VisitBlockStmts(CALLBACK& O) const {
1381     for (const_iterator I = begin(), E = end(); I != E; ++I)
1382       for (CFGBlock::const_iterator BI = (*I)->begin(), BE = (*I)->end();
1383            BI != BE; ++BI) {
1384         if (Optional<CFGStmt> stmt = BI->getAs<CFGStmt>())
1385           O(const_cast<Stmt*>(stmt->getStmt()));
1386       }
1387   }
1388 
1389   //===--------------------------------------------------------------------===//
1390   // CFG Introspection.
1391   //===--------------------------------------------------------------------===//
1392 
1393   /// Returns the total number of BlockIDs allocated (which start at 0).
getNumBlockIDs()1394   unsigned getNumBlockIDs() const { return NumBlockIDs; }
1395 
1396   /// Return the total number of CFGBlocks within the CFG This is simply a
1397   /// renaming of the getNumBlockIDs(). This is necessary because the dominator
1398   /// implementation needs such an interface.
size()1399   unsigned size() const { return NumBlockIDs; }
1400 
1401   /// Returns true if the CFG has no branches. Usually it boils down to the CFG
1402   /// having exactly three blocks (entry, the actual code, exit), but sometimes
1403   /// more blocks appear due to having control flow that can be fully
1404   /// resolved in compile time.
1405   bool isLinear() const;
1406 
1407   //===--------------------------------------------------------------------===//
1408   // CFG Debugging: Pretty-Printing and Visualization.
1409   //===--------------------------------------------------------------------===//
1410 
1411   void viewCFG(const LangOptions &LO) const;
1412   void print(raw_ostream &OS, const LangOptions &LO, bool ShowColors) const;
1413   void dump(const LangOptions &LO, bool ShowColors) const;
1414 
1415   //===--------------------------------------------------------------------===//
1416   // Internal: constructors and data.
1417   //===--------------------------------------------------------------------===//
1418 
CFG()1419   CFG() : Blocks(BlkBVC, 10) {}
1420 
getAllocator()1421   llvm::BumpPtrAllocator& getAllocator() {
1422     return BlkBVC.getAllocator();
1423   }
1424 
getBumpVectorContext()1425   BumpVectorContext &getBumpVectorContext() {
1426     return BlkBVC;
1427   }
1428 
1429 private:
1430   CFGBlock *Entry = nullptr;
1431   CFGBlock *Exit = nullptr;
1432 
1433   // Special block to contain collective dispatch for indirect gotos
1434   CFGBlock* IndirectGotoBlock = nullptr;
1435 
1436   unsigned  NumBlockIDs = 0;
1437 
1438   BumpVectorContext BlkBVC;
1439 
1440   CFGBlockListTy Blocks;
1441 
1442   /// C++ 'try' statements are modeled with an indirect dispatch block.
1443   /// This is the collection of such blocks present in the CFG.
1444   std::vector<const CFGBlock *> TryDispatchBlocks;
1445 
1446   /// Collects DeclStmts synthesized for this CFG and maps each one back to its
1447   /// source DeclStmt.
1448   llvm::DenseMap<const DeclStmt *, const DeclStmt *> SyntheticDeclStmts;
1449 };
1450 
1451 } // namespace clang
1452 
1453 //===----------------------------------------------------------------------===//
1454 // GraphTraits specializations for CFG basic block graphs (source-level CFGs)
1455 //===----------------------------------------------------------------------===//
1456 
1457 namespace llvm {
1458 
1459 /// Implement simplify_type for CFGTerminator, so that we can dyn_cast from
1460 /// CFGTerminator to a specific Stmt class.
1461 template <> struct simplify_type< ::clang::CFGTerminator> {
1462   using SimpleType = ::clang::Stmt *;
1463 
1464   static SimpleType getSimplifiedValue(::clang::CFGTerminator Val) {
1465     return Val.getStmt();
1466   }
1467 };
1468 
1469 // Traits for: CFGBlock
1470 
1471 template <> struct GraphTraits< ::clang::CFGBlock *> {
1472   using NodeRef = ::clang::CFGBlock *;
1473   using ChildIteratorType = ::clang::CFGBlock::succ_iterator;
1474 
1475   static NodeRef getEntryNode(::clang::CFGBlock *BB) { return BB; }
1476   static ChildIteratorType child_begin(NodeRef N) { return N->succ_begin(); }
1477   static ChildIteratorType child_end(NodeRef N) { return N->succ_end(); }
1478 };
1479 
1480 template <> struct GraphTraits<clang::CFGBlock>
1481     : GraphTraits<clang::CFGBlock *> {};
1482 
1483 template <> struct GraphTraits< const ::clang::CFGBlock *> {
1484   using NodeRef = const ::clang::CFGBlock *;
1485   using ChildIteratorType = ::clang::CFGBlock::const_succ_iterator;
1486 
1487   static NodeRef getEntryNode(const clang::CFGBlock *BB) { return BB; }
1488   static ChildIteratorType child_begin(NodeRef N) { return N->succ_begin(); }
1489   static ChildIteratorType child_end(NodeRef N) { return N->succ_end(); }
1490 };
1491 
1492 template <> struct GraphTraits<const clang::CFGBlock>
1493     : GraphTraits<clang::CFGBlock *> {};
1494 
1495 template <> struct GraphTraits<Inverse< ::clang::CFGBlock *>> {
1496   using NodeRef = ::clang::CFGBlock *;
1497   using ChildIteratorType = ::clang::CFGBlock::const_pred_iterator;
1498 
1499   static NodeRef getEntryNode(Inverse<::clang::CFGBlock *> G) {
1500     return G.Graph;
1501   }
1502 
1503   static ChildIteratorType child_begin(NodeRef N) { return N->pred_begin(); }
1504   static ChildIteratorType child_end(NodeRef N) { return N->pred_end(); }
1505 };
1506 
1507 template <> struct GraphTraits<Inverse<clang::CFGBlock>>
1508     : GraphTraits<clang::CFGBlock *> {};
1509 
1510 template <> struct GraphTraits<Inverse<const ::clang::CFGBlock *>> {
1511   using NodeRef = const ::clang::CFGBlock *;
1512   using ChildIteratorType = ::clang::CFGBlock::const_pred_iterator;
1513 
1514   static NodeRef getEntryNode(Inverse<const ::clang::CFGBlock *> G) {
1515     return G.Graph;
1516   }
1517 
1518   static ChildIteratorType child_begin(NodeRef N) { return N->pred_begin(); }
1519   static ChildIteratorType child_end(NodeRef N) { return N->pred_end(); }
1520 };
1521 
1522 template <> struct GraphTraits<const Inverse<clang::CFGBlock>>
1523     : GraphTraits<clang::CFGBlock *> {};
1524 
1525 // Traits for: CFG
1526 
1527 template <> struct GraphTraits< ::clang::CFG* >
1528     : public GraphTraits< ::clang::CFGBlock *>  {
1529   using nodes_iterator = ::clang::CFG::iterator;
1530 
1531   static NodeRef getEntryNode(::clang::CFG *F) { return &F->getEntry(); }
1532   static nodes_iterator nodes_begin(::clang::CFG* F) { return F->nodes_begin();}
1533   static nodes_iterator   nodes_end(::clang::CFG* F) { return F->nodes_end(); }
1534   static unsigned              size(::clang::CFG* F) { return F->size(); }
1535 };
1536 
1537 template <> struct GraphTraits<const ::clang::CFG* >
1538     : public GraphTraits<const ::clang::CFGBlock *>  {
1539   using nodes_iterator = ::clang::CFG::const_iterator;
1540 
1541   static NodeRef getEntryNode(const ::clang::CFG *F) { return &F->getEntry(); }
1542 
1543   static nodes_iterator nodes_begin( const ::clang::CFG* F) {
1544     return F->nodes_begin();
1545   }
1546 
1547   static nodes_iterator nodes_end( const ::clang::CFG* F) {
1548     return F->nodes_end();
1549   }
1550 
1551   static unsigned size(const ::clang::CFG* F) {
1552     return F->size();
1553   }
1554 };
1555 
1556 template <> struct GraphTraits<Inverse< ::clang::CFG *>>
1557   : public GraphTraits<Inverse< ::clang::CFGBlock *>> {
1558   using nodes_iterator = ::clang::CFG::iterator;
1559 
1560   static NodeRef getEntryNode(::clang::CFG *F) { return &F->getExit(); }
1561   static nodes_iterator nodes_begin( ::clang::CFG* F) {return F->nodes_begin();}
1562   static nodes_iterator nodes_end( ::clang::CFG* F) { return F->nodes_end(); }
1563 };
1564 
1565 template <> struct GraphTraits<Inverse<const ::clang::CFG *>>
1566   : public GraphTraits<Inverse<const ::clang::CFGBlock *>> {
1567   using nodes_iterator = ::clang::CFG::const_iterator;
1568 
1569   static NodeRef getEntryNode(const ::clang::CFG *F) { return &F->getExit(); }
1570 
1571   static nodes_iterator nodes_begin(const ::clang::CFG* F) {
1572     return F->nodes_begin();
1573   }
1574 
1575   static nodes_iterator nodes_end(const ::clang::CFG* F) {
1576     return F->nodes_end();
1577   }
1578 };
1579 
1580 } // namespace llvm
1581 
1582 #endif // LLVM_CLANG_ANALYSIS_CFG_H
1583