[clang][dataflow] Fix crash when having boolean-to-integral casts.

Since now we just ignore all (implicit) integral casts, treating the
resulting value as the same as the underlying value, it could

[clang][dataflow] Fix crash when having boolean-to-integral casts.

Since now we just ignore all (implicit) integral casts, treating the
resulting value as the same as the underlying value, it could cause
inconsistency between values after `Join` if in some paths the type
doesn't strictly match. This could cause intermittent crashes.

std::optional<bool> o;
int x;
if (o.has_value()) {
x = o.value();
}

Fixes: https://github.com/llvm/llvm-project/issues/59728

Signed-off-by: Jun Zhang <jun@junz.org>

Differential Revision: https://reviews.llvm.org/D140753

show more ...

[clang][dataflow] Account for global variables in constructor initializers.

Previously, the analysis modeled global variables appearing in the _body_ of
any function (including constructors). But, t

[clang][dataflow] Account for global variables in constructor initializers.

Previously, the analysis modeled global variables appearing in the _body_ of
any function (including constructors). But, that misses those appearing in
constructor _initializers_. This patch adds the initializers to the set of
expressions used to determine which globals to model.

Differential Revision: https://reviews.llvm.org/D140501

show more ...

[clang][dataflow][NFC] Fix comments related to widening.

The comments describing the API for analysis `widen` and the environment `widen`
were overly strict in the preconditions they assumed for the

[clang][dataflow][NFC] Fix comments related to widening.

The comments describing the API for analysis `widen` and the environment `widen`
were overly strict in the preconditions they assumed for the operation. In
particular, both assumed that the previous value preceded the current value in
the relevant ordering. However, that's not generally how widen operators work
and widening itself can violate this property. That is, when the previous value
is the result of a widening, it can easily be "greater" than the current value.

This patch updates the comments to accurately reflect the expectations.

Differential Revision: https://reviews.llvm.org/D140308

show more ...

[clang][dataflow] Remove stray lines from `Environment::join`

Removes an assertion and a useless line. The assertion seems left over from
earlier debugging and the line that follows is a stray line.

[clang][dataflow] Remove stray lines from `Environment::join`

Removes an assertion and a useless line. The assertion seems left over from
earlier debugging and the line that follows is a stray line.

Differential Revision: https://reviews.llvm.org/D140306

show more ...

[clang][dataflow] Add widening API and implement it for built-in boolean model.

* Adds API support for widening of lattice elements and environments,
* Updates the algorithm to apply widening where

[clang][dataflow] Add widening API and implement it for built-in boolean model.

* Adds API support for widening of lattice elements and environments,
* Updates the algorithm to apply widening where appropriate,
* Implements widening for boolean values. In the process, moves the unsoundness
of comparison from the default implementation of
`Environment::ValueModel::compare` to model-specific handling inside
`DataflowEnvironment::equivalentTo`. This change is intended to clarify
the source and location of unsoundess.

This patch is a replacement for, and was based substantially on, https://reviews.llvm.org/D131645.

Differential Revision: https://reviews.llvm.org/D137948

show more ...

[clang][dataflow] Generalize custom comparison to return tri-value result.

Currently, the API for a model's custom value comparison returns a
boolean. Therefore, models cannot distinguish between si

[clang][dataflow] Generalize custom comparison to return tri-value result.

Currently, the API for a model's custom value comparison returns a
boolean. Therefore, models cannot distinguish between situations where the
values are recognized by the model and different and those where the values are
just not recognized. This patch changes the return value to a tri-valued enum,
allowing models to express "don't know".

This patch is essentially a NFC -- no practical differences result from this
change in this patch. But, it prepares for future patches (particularly,
upcoming patches for widening) which will take advantage of the new flexibility.

Differential Revision: https://reviews.llvm.org/D137334

show more ...

[clang][dataflow] Add equivalence relation `Value` type.

Defines an equivalence relation on the `Value` type to standardize several
places in the code where we replicate the ~same equivalence compar

[clang][dataflow] Add equivalence relation `Value` type.

Defines an equivalence relation on the `Value` type to standardize several
places in the code where we replicate the ~same equivalence comparison.

Differential Revision: https://reviews.llvm.org/D135964

show more ...

[clang][dataflow] Add support for a Top value in boolean formulas.

Currently, our boolean formulas (`BoolValue`) don't form a lattice, since they
have no Top element. This patch adds such an element

[clang][dataflow] Add support for a Top value in boolean formulas.

Currently, our boolean formulas (`BoolValue`) don't form a lattice, since they
have no Top element. This patch adds such an element, thereby "completing" the
built-in model of bools to be a proper semi-lattice. It still has infinite
height, which is its own problem, but that can be solved separately, through
widening and the like.

Patch 1 for Issue #56931.

Differential Revision: https://reviews.llvm.org/D135397

show more ...

[clang][dataflow] Add support for nested method calls.

Extend the context-sensitive analysis to handle a call to a method (of the same
class) from within a method. That, is a member-call expression

[clang][dataflow] Add support for nested method calls.

Extend the context-sensitive analysis to handle a call to a method (of the same
class) from within a method. That, is a member-call expression through `this`.

Differential Revision: https://reviews.llvm.org/D134432

show more ...

[NFC] Remove a FIXME fixed by an earlier patch.

Commit 28bd7945eabdbde2b1fc071ab2f9b78e6e754a1a incidentally fixed the
associated FIXME, but didn't delete it.

Differential Revision: https://reviews

[NFC] Remove a FIXME fixed by an earlier patch.

Commit 28bd7945eabdbde2b1fc071ab2f9b78e6e754a1a incidentally fixed the
associated FIXME, but didn't delete it.

Differential Revision: https://reviews.llvm.org/D133588

show more ...

[clang][dataflow] Use llvm::is_contained()

Reviewed By: samestep, xazax.hun

Differential Revision: https://reviews.llvm.org/D131975

[clang][dataflow] Add an option for context-sensitive depth

This patch adds a `Depth` field (default value 2) to `ContextSensitiveOptions`, allowing context-sensitive analysis of functions that call

[clang][dataflow] Add an option for context-sensitive depth

This patch adds a `Depth` field (default value 2) to `ContextSensitiveOptions`, allowing context-sensitive analysis of functions that call other functions. This also requires replacing the `DeclCtx` field on `Environment` with a `CallString` field that contains a vector of decl contexts, to ensure that the analysis doesn't try to analyze recursive or mutually recursive calls (which would result in a crash, due to the way we handle `StorageLocation`s).

Reviewed By: xazax.hun

Differential Revision: https://reviews.llvm.org/D131809

show more ...

[clang][dataflow] Don't crash when caller args are missing storage locations

This patch modifies `Environment`'s `pushCall` method to pass over arguments that are missing storage locations, instead

[clang][dataflow] Don't crash when caller args are missing storage locations

This patch modifies `Environment`'s `pushCall` method to pass over arguments that are missing storage locations, instead of crashing.

Reviewed By: gribozavr2

Differential Revision: https://reviews.llvm.org/D131600

show more ...

[clang][dataflow] Analyze constructor bodies

This patch adds the ability to context-sensitively analyze constructor bodies, by changing `pushCall` to allow both `CallExpr` and `CXXConstructExpr`, an

[clang][dataflow] Analyze constructor bodies

This patch adds the ability to context-sensitively analyze constructor bodies, by changing `pushCall` to allow both `CallExpr` and `CXXConstructExpr`, and extracting the main context-sensitive logic out of `VisitCallExpr` into a new `transferInlineCall` method which is now also called at the end of `VisitCXXConstructExpr`.

Reviewed By: ymandel, sgatev, xazax.hun

Differential Revision: https://reviews.llvm.org/D131438

show more ...

[clang][dataflow] Store DeclContext of block being analysed in Environment if available.

Differential Revision: https://reviews.llvm.org/D131065

Revert "[clang][dataflow] Store DeclContext of block being analysed in Environment if available."

Use of uninitialized memory.
https://lab.llvm.org/buildbot/#/builders/74/builds/12713

This reverts

Revert "[clang][dataflow] Store DeclContext of block being analysed in Environment if available."

Use of uninitialized memory.
https://lab.llvm.org/buildbot/#/builders/74/builds/12713

This reverts commit 8a4c40bfe8e6605ffc9d866f8620618dfdde2875.

show more ...

Revert "[clang][dataflow] Analyze constructor bodies"

https://lab.llvm.org/buildbot/#/builders/74/builds/12713

This reverts commit 000c8fef86abb7f056cbea2de99f21dca4b81bf8.

Revert "[clang][dataflow] Don't crash when caller args are missing storage locations"

https://lab.llvm.org/buildbot/#/builders/74/builds/12713

This reverts commit 43b298ea1282f29d448fc0f6ca971bc5fa

Revert "[clang][dataflow] Don't crash when caller args are missing storage locations"

https://lab.llvm.org/buildbot/#/builders/74/builds/12713

This reverts commit 43b298ea1282f29d448fc0f6ca971bc5fa698355.

show more ...

[clang][dataflow] Don't crash when caller args are missing storage locations

This patch modifies `Environment`'s `pushCall` method to pass over arguments that are missing storage locations, instead

[clang][dataflow] Don't crash when caller args are missing storage locations

This patch modifies `Environment`'s `pushCall` method to pass over arguments that are missing storage locations, instead of crashing.

Reviewed By: gribozavr2

Differential Revision: https://reviews.llvm.org/D131600

show more ...

[clang][dataflow] Analyze constructor bodies

This patch adds the ability to context-sensitively analyze constructor bodies, by changing `pushCall` to allow both `CallExpr` and `CXXConstructExpr`, an

[clang][dataflow] Analyze constructor bodies

This patch adds the ability to context-sensitively analyze constructor bodies, by changing `pushCall` to allow both `CallExpr` and `CXXConstructExpr`, and extracting the main context-sensitive logic out of `VisitCallExpr` into a new `transferInlineCall` method which is now also called at the end of `VisitCXXConstructExpr`.

Reviewed By: ymandel, sgatev, xazax.hun

Differential Revision: https://reviews.llvm.org/D131438

show more ...

[clang][dataflow] Store DeclContext of block being analysed in Environment if available.

Differential Revision: https://reviews.llvm.org/D131065

[clang][dataflow] Analyze method bodies

This patch adds the ability to context-sensitively analyze method bodies, by moving `ThisPointeeLoc` from `DataflowAnalysisContext` to `Environment`, and addi

[clang][dataflow] Analyze method bodies

This patch adds the ability to context-sensitively analyze method bodies, by moving `ThisPointeeLoc` from `DataflowAnalysisContext` to `Environment`, and adding code in `pushCall` to set it.

Reviewed By: ymandel, sgatev, xazax.hun

Differential Revision: https://reviews.llvm.org/D131170

show more ...

[clang][dataflow] Handle return statements

This patch adds a `ReturnLoc` field to the `Environment`, serving a similar to the `ThisPointeeLoc` field in the `DataflowAnalysisContext`. It then uses th

[clang][dataflow] Handle return statements

This patch adds a `ReturnLoc` field to the `Environment`, serving a similar to the `ThisPointeeLoc` field in the `DataflowAnalysisContext`. It then uses that (along with a new `VisitReturnStmt` method in `TransferVisitor`) to handle non-`void`-returning functions in context-sensitive analysis.

Reviewed By: ymandel, sgatev

Differential Revision: https://reviews.llvm.org/D130600

show more ...

[clang][dataflow] Rename member to make it clear that it isn't stable

Rename `DataflowAnalysisContext::getStableStorageLocation(QualType)`
to `createStorageLocation`, to make it clear that it doesn'

[clang][dataflow] Rename member to make it clear that it isn't stable

Rename `DataflowAnalysisContext::getStableStorageLocation(QualType)`
to `createStorageLocation`, to make it clear that it doesn't return
a stable storage location.

Differential Revision: https://reviews.llvm.org/D131021

Reviewed-by: ymandel, xazax.hun, gribozavr2

show more ...

[clang][dataflow] Handle multiple context-sensitive calls to the same function

This patch enables context-sensitive analysis of multiple different calls to the same function (see the `ContextSensiti

[clang][dataflow] Handle multiple context-sensitive calls to the same function

This patch enables context-sensitive analysis of multiple different calls to the same function (see the `ContextSensitiveSetBothTrueAndFalse` example in the `TransferTest` suite) by replacing the `Environment` copy-assignment with a call to the new `popCall` method, which `std::move`s some fields but specifically does not move `DeclToLoc` and `ExprToLoc` from the callee back to the caller.

To enable this, the `StorageLocation` for a given parameter needs to be stable across different calls to the same function, so this patch also improves the modeling of parameter initialization, using `ReferenceValue` when necessary (for arguments passed by reference).

This approach explicitly does not work for recursive calls, because we currently only plan to use this context-sensitive machinery to support specialized analysis models we write, not analysis of arbitrary callees.

Reviewed By: ymandel, xazax.hun

Differential Revision: https://reviews.llvm.org/D130726

show more ...