OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity

Initial work on refactoring the CFRefCount checker so that it is more 

generic and handles reference counts for NSObjects.

llvm-svn: 50674
This commit is contained in:
Ted Kremenek 2008-05-05 22:11:16 +00:00
parent 4ead264c08
commit 00daccdd2a
1 changed files with 184 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

292
clang/lib/Analysis/CFRefCount.cpp
View File

@ -63,23 +63,25 @@ namespace {
class RetEffect {
public:
enum Kind { NoRet = 0x0, Alias = 0x1, OwnedSymbol = 0x2,
NotOwnedSymbol = 0x3 };
NotOwnedSymbol = 0x3, ReceiverAlias=0x4 };
private:
unsigned Data;
RetEffect(Kind k, unsigned D) { Data = (D << 2) | (unsigned) k; }
RetEffect(Kind k, unsigned D) { Data = (D << 3) | (unsigned) k; }
public:
Kind getKind() const { return (Kind) (Data & 0x3); }
Kind getKind() const { return (Kind) (Data & 0x7); }
unsigned getValue() const {
assert(getKind() == Alias);
return Data >> 2;
return Data >> 3;
}
static RetEffect MakeAlias(unsigned Idx) { return RetEffect(Alias, Idx); }
static RetEffect MakeReceiverAlias() { return RetEffect(ReceiverAlias, 0); }
static RetEffect MakeOwned() { return RetEffect(OwnedSymbol, 0); }
static RetEffect MakeNotOwned() { return RetEffect(NotOwnedSymbol, 0); }
@ -92,12 +94,12 @@ public:
};
class CFRefSummary : public llvm::FoldingSetNode {
class RetainSummary : public llvm::FoldingSetNode {
ArgEffects* Args;
RetEffect Ret;
public:
CFRefSummary(ArgEffects* A, RetEffect R) : Args(A), Ret(R) {}
RetainSummary(ArgEffects* A, RetEffect R) : Args(A), Ret(R) {}
unsigned getNumArgs() const { return Args->size(); }
@ -143,40 +145,86 @@ public:
};
class CFRefSummaryManager {
typedef llvm::FoldingSet<llvm::FoldingSetNodeWrapper<ArgEffects> > AESetTy;
typedef llvm::FoldingSet<CFRefSummary> SummarySetTy;
typedef llvm::DenseMap<FunctionDecl*, CFRefSummary*> SummaryMapTy;
class RetainSummaryManager {
//==-----------------------------------------------------------------==//
// Typedefs.
//==-----------------------------------------------------------------==//
typedef llvm::FoldingSet<llvm::FoldingSetNodeWrapper<ArgEffects> >
ArgEffectsSetTy;
typedef llvm::FoldingSet<RetainSummary>
SummarySetTy;
typedef llvm::DenseMap<FunctionDecl*, RetainSummary*>
FuncSummariesTy;
typedef llvm::DenseMap<Selector, RetainSummary*>
ObjCMethodSummariesTy;
//==-----------------------------------------------------------------==//
// Data.
//==-----------------------------------------------------------------==//
// Ctx - The ASTContext object for the analyzed ASTs.
ASTContext& Ctx;
// GCEnabled - Records whether or not the analyzed code runs in GC mode.
const bool GCEnabled;
// SummarySet - A FoldingSet of uniqued summaries.
SummarySetTy SummarySet;
SummaryMapTy SummaryMap;
AESetTy AESet;
llvm::BumpPtrAllocator BPAlloc;
ArgEffects ScratchArgs;
// FuncSummaries - A map from FunctionDecls to summaries.
FuncSummariesTy FuncSummaries;
// ObjCInstanceMethodSummaries - A map from selectors (for instance methods)
// to summaries.
ObjCMethodSummariesTy ObjCInstanceMethodSummaries;
// ObjCMethodSummaries - A map from selectors to summaries.
ObjCMethodSummariesTy ObjCMethodSummaries;
// ArgEffectsSet - A FoldingSet of uniqued ArgEffects.
ArgEffectsSetTy ArgEffectsSet;
// BPAlloc - A BumpPtrAllocator used for allocating summaries, ArgEffects,
// and all other data used by the checker.
llvm::BumpPtrAllocator BPAlloc;
// ScratchArgs - A holding buffer for construct ArgEffects.
ArgEffects ScratchArgs;
//==-----------------------------------------------------------------==//
// Methods.
//==-----------------------------------------------------------------==//
// getArgEffects - Returns a persistent ArgEffects object based on the
// data in ScratchArgs.
ArgEffects* getArgEffects();
enum UnaryFuncKind { cfretain, cfrelease, cfmakecollectable };
CFRefSummary* getUnarySummary(FunctionDecl* FD, UnaryFuncKind func);
RetainSummary* getUnarySummary(FunctionDecl* FD, UnaryFuncKind func);
CFRefSummary* getNSSummary(FunctionDecl* FD, const char* FName);
CFRefSummary* getCFSummary(FunctionDecl* FD, const char* FName);
RetainSummary* getNSSummary(FunctionDecl* FD, const char* FName);
RetainSummary* getCFSummary(FunctionDecl* FD, const char* FName);
CFRefSummary* getCFSummaryCreateRule(FunctionDecl* FD);
CFRefSummary* getCFSummaryGetRule(FunctionDecl* FD);
RetainSummary* getCFSummaryCreateRule(FunctionDecl* FD);
RetainSummary* getCFSummaryGetRule(FunctionDecl* FD);
CFRefSummary* getPersistentSummary(ArgEffects* AE, RetEffect RE);
RetainSummary* getPersistentSummary(ArgEffects* AE, RetEffect RE);
public:
CFRefSummaryManager(ASTContext& ctx, bool gcenabled)
RetainSummaryManager(ASTContext& ctx, bool gcenabled)
: Ctx(ctx), GCEnabled(gcenabled) {}
~CFRefSummaryManager();
~RetainSummaryManager();
CFRefSummary* getSummary(FunctionDecl* FD, ASTContext& Ctx);
RetainSummary* getSummary(FunctionDecl* FD, ASTContext& Ctx);
bool isGCEnabled() const { return GCEnabled; }
};
} // end anonymous namespace
@ -185,17 +233,17 @@ public:
// Implementation of checker data structures.
//===----------------------------------------------------------------------===//
CFRefSummaryManager::~CFRefSummaryManager() {
RetainSummaryManager::~RetainSummaryManager() {
// FIXME: The ArgEffects could eventually be allocated from BPAlloc,
// mitigating the need to do explicit cleanup of the
// Argument-Effect summaries.
for (AESetTy::iterator I = AESet.begin(), E = AESet.end(); I!=E; ++I)
for (ArgEffectsSetTy::iterator I = ArgEffectsSet.begin(), E = ArgEffectsSet.end(); I!=E; ++I)
I->getValue().~ArgEffects();
}
ArgEffects* CFRefSummaryManager::getArgEffects() {
ArgEffects* RetainSummaryManager::getArgEffects() {
if (ScratchArgs.empty())
return NULL;
@ -210,7 +258,7 @@ ArgEffects* CFRefSummaryManager::getArgEffects() {
// Look up the uniqued copy, or create a new one.
llvm::FoldingSetNodeWrapper<ArgEffects>* E =
AESet.FindNodeOrInsertPos(profile, InsertPos);
ArgEffectsSet.FindNodeOrInsertPos(profile, InsertPos);
if (E) {
ScratchArgs.clear();
@ -221,36 +269,39 @@ ArgEffects* CFRefSummaryManager::getArgEffects() {
BPAlloc.Allocate<llvm::FoldingSetNodeWrapper<ArgEffects> >();
new (E) llvm::FoldingSetNodeWrapper<ArgEffects>(ScratchArgs);
AESet.InsertNode(E, InsertPos);
ArgEffectsSet.InsertNode(E, InsertPos);
ScratchArgs.clear();
return &E->getValue();
}
CFRefSummary* CFRefSummaryManager::getPersistentSummary(ArgEffects* AE,
RetainSummary* RetainSummaryManager::getPersistentSummary(ArgEffects* AE,
RetEffect RE) {
// Generate a profile for the summary.
llvm::FoldingSetNodeID profile;
CFRefSummary::Profile(profile, AE, RE);
RetainSummary::Profile(profile, AE, RE);
// Look up the uniqued summary, or create one if it doesn't exist.
void* InsertPos;
CFRefSummary* Summ = SummarySet.FindNodeOrInsertPos(profile, InsertPos);
RetainSummary* Summ = SummarySet.FindNodeOrInsertPos(profile, InsertPos);
if (Summ)
return Summ;
// Create the summary and return it.
Summ = (CFRefSummary*) BPAlloc.Allocate<CFRefSummary>();
new (Summ) CFRefSummary(AE, RE);
Summ = (RetainSummary*) BPAlloc.Allocate<RetainSummary>();
new (Summ) RetainSummary(AE, RE);
SummarySet.InsertNode(Summ, InsertPos);
return Summ;
}
//===----------------------------------------------------------------------===//
// Summary creation for functions (largely uses of Core Foundation).
//===----------------------------------------------------------------------===//
CFRefSummary* CFRefSummaryManager::getSummary(FunctionDecl* FD,
RetainSummary* RetainSummaryManager::getSummary(FunctionDecl* FD,
ASTContext& Ctx) {
SourceLocation Loc = FD->getLocation();
@ -259,26 +310,26 @@ CFRefSummary* CFRefSummaryManager::getSummary(FunctionDecl* FD,
return NULL;
// Look up a summary in our cache of FunctionDecls -> Summaries.
SummaryMapTy::iterator I = SummaryMap.find(FD);
FuncSummariesTy::iterator I = FuncSummaries.find(FD);
if (I != SummaryMap.end())
if (I != FuncSummaries.end())
return I->second;
// No summary. Generate one.
const char* FName = FD->getIdentifier()->getName();
CFRefSummary *S = 0;
RetainSummary *S = 0;
if (FName[0] == 'C' && FName[1] == 'F')
S = getCFSummary(FD, FName);
else if (FName[0] == 'N' && FName[1] == 'S')
S = getNSSummary(FD, FName);
SummaryMap[FD] = S;
FuncSummaries[FD] = S;
return S;
}
CFRefSummary* CFRefSummaryManager::getNSSummary(FunctionDecl* FD,
RetainSummary* RetainSummaryManager::getNSSummary(FunctionDecl* FD,
const char* FName) {
FName += 2;
@ -288,7 +339,7 @@ CFRefSummary* CFRefSummaryManager::getNSSummary(FunctionDecl* FD,
return 0;
}
CFRefSummary* CFRefSummaryManager::getCFSummary(FunctionDecl* FD,
RetainSummary* RetainSummaryManager::getCFSummary(FunctionDecl* FD,
const char* FName) {
FName += 2;
@ -311,8 +362,8 @@ CFRefSummary* CFRefSummaryManager::getCFSummary(FunctionDecl* FD,
return 0;
}
CFRefSummary*
CFRefSummaryManager::getUnarySummary(FunctionDecl* FD, UnaryFuncKind func) {
RetainSummary*
RetainSummaryManager::getUnarySummary(FunctionDecl* FD, UnaryFuncKind func) {
FunctionTypeProto* FT =
dyn_cast<FunctionTypeProto>(FD->getType().getTypePtr());
@ -330,7 +381,7 @@ CFRefSummaryManager::getUnarySummary(FunctionDecl* FD, UnaryFuncKind func) {
if (!ArgT->isPointerType())
return NULL;
}
assert (ScratchArgs.empty());
switch (func) {
@ -380,8 +431,7 @@ static bool isCFRefType(QualType T) {
return true;
}
CFRefSummary*
CFRefSummaryManager::getCFSummaryCreateRule(FunctionDecl* FD) {
RetainSummary* RetainSummaryManager::getCFSummaryCreateRule(FunctionDecl* FD) {
FunctionTypeProto* FT =
dyn_cast<FunctionTypeProto>(FD->getType().getTypePtr());
@ -396,8 +446,7 @@ CFRefSummaryManager::getCFSummaryCreateRule(FunctionDecl* FD) {
return getPersistentSummary(getArgEffects(), RetEffect::MakeOwned());
}
CFRefSummary*
CFRefSummaryManager::getCFSummaryGetRule(FunctionDecl* FD) {
RetainSummary* RetainSummaryManager::getCFSummaryGetRule(FunctionDecl* FD) {
FunctionTypeProto* FT =
dyn_cast<FunctionTypeProto>(FD->getType().getTypePtr());
@ -422,6 +471,13 @@ CFRefSummaryManager::getCFSummaryGetRule(FunctionDecl* FD) {
return getPersistentSummary(getArgEffects(), RetEffect::MakeNotOwned());
}
//===----------------------------------------------------------------------===//
// Summary creation for Selectors.
//===----------------------------------------------------------------------===//
//===----------------------------------------------------------------------===//
// Reference-counting logic (typestate + counts).
//===----------------------------------------------------------------------===//
@ -610,11 +666,10 @@ public:
private:
// Instance variables.
CFRefSummaryManager Summaries;
const bool GCEnabled;
const bool EmitStandardWarnings;
const LangOptions& LOpts;
RefBFactoryTy RefBFactory;
RetainSummaryManager Summaries;
const bool EmitStandardWarnings;
const LangOptions& LOpts;
RefBFactoryTy RefBFactory;
UseAfterReleasesTy UseAfterReleases;
ReleasesNotOwnedTy ReleasesNotOwned;
@ -663,7 +718,6 @@ public:
CFRefCount(ASTContext& Ctx, bool gcenabled, bool StandardWarnings,
const LangOptions& lopts)
: Summaries(Ctx, gcenabled),
GCEnabled(gcenabled),
EmitStandardWarnings(StandardWarnings),
LOpts(lopts),
RetainSelector(GetNullarySelector("retain", Ctx)),
@ -681,17 +735,27 @@ public:
return &Printer;
}
bool isGCEnabled() const { return GCEnabled; }
bool isGCEnabled() const { return Summaries.isGCEnabled(); }
const LangOptions& getLangOptions() const { return LOpts; }
// Calls.
void EvalSummary(ExplodedNodeSet<ValueState>& Dst,
GRExprEngine& Eng,
GRStmtNodeBuilder<ValueState>& Builder,
Expr* Ex,
Expr* Receiver,
RetainSummary* Summ,
Expr** arg_beg, Expr** arg_end,
ExplodedNode<ValueState>* Pred);
virtual void EvalCall(ExplodedNodeSet<ValueState>& Dst,
GRExprEngine& Eng,
GRStmtNodeBuilder<ValueState>& Builder,
CallExpr* CE, RVal L,
ExplodedNode<ValueState>* Pred);
virtual void EvalObjCMessageExpr(ExplodedNodeSet<ValueState>& Dst,
GRExprEngine& Engine,
GRStmtNodeBuilder<ValueState>& Builder,
@ -772,11 +836,11 @@ void CFRefCount::BindingsPrinter::PrintCheckerState(std::ostream& Out,
}
}
static inline ArgEffect GetArgE(CFRefSummary* Summ, unsigned idx) {
static inline ArgEffect GetArgE(RetainSummary* Summ, unsigned idx) {
return Summ ? Summ->getArg(idx) : DoNothing;
}
static inline RetEffect GetRetE(CFRefSummary* Summ) {
static inline RetEffect GetRetE(RetainSummary* Summ) {
return Summ ? Summ->getRet() : RetEffect::MakeNoRet();
}
@ -803,33 +867,25 @@ void CFRefCount::ProcessNonLeakError(ExplodedNodeSet<ValueState>& Dst,
}
}
void CFRefCount::EvalCall(ExplodedNodeSet<ValueState>& Dst,
GRExprEngine& Eng,
GRStmtNodeBuilder<ValueState>& Builder,
CallExpr* CE, RVal L,
ExplodedNode<ValueState>* Pred) {
void CFRefCount::EvalSummary(ExplodedNodeSet<ValueState>& Dst,
GRExprEngine& Eng,
GRStmtNodeBuilder<ValueState>& Builder,
Expr* Ex,
Expr* Receiver,
RetainSummary* Summ,
Expr** arg_beg, Expr** arg_end,
ExplodedNode<ValueState>* Pred) {
ValueStateManager& StateMgr = Eng.getStateManager();
CFRefSummary* Summ = NULL;
// Get the summary.
if (isa<lval::FuncVal>(L)) {
lval::FuncVal FV = cast<lval::FuncVal>(L);
FunctionDecl* FD = FV.getDecl();
Summ = Summaries.getSummary(FD, Eng.getContext());
}
// Get the state.
ValueStateManager& StateMgr = Eng.getStateManager();
ValueState* St = Builder.GetState(Pred);
// Evaluate the effects of the call.
ValueState StVals = *St;
RefVal::Kind hasErr = (RefVal::Kind) 0;
// This function has a summary. Evaluate the effect of the arguments.
unsigned idx = 0;
@ -837,8 +893,7 @@ void CFRefCount::EvalCall(ExplodedNodeSet<ValueState>& Dst,
Expr* ErrorExpr = NULL;
SymbolID ErrorSym = 0;
for (CallExpr::arg_iterator I = CE->arg_begin(), E = CE->arg_end();
I != E; ++I, ++idx) {
for (Expr **I = arg_beg, **E = arg_end; I != E; ++I, ++idx) {
RVal V = StateMgr.GetRVal(St, *I);
@ -857,24 +912,22 @@ void CFRefCount::EvalCall(ExplodedNodeSet<ValueState>& Dst,
}
}
}
else if (isa<LVal>(V)) { // Nuke all arguments passed by reference.
// FIXME: This is basically copy-and-paste from GRSimpleVals. We
// should compose behavior, not copy it.
else if (isa<LVal>(V)) {
// Nuke all arguments passed by reference.
StateMgr.Unbind(StVals, cast<LVal>(V));
}
else if (isa<nonlval::LValAsInteger>(V))
StateMgr.Unbind(StVals, cast<nonlval::LValAsInteger>(V).getLVal());
}
}
St = StateMgr.getPersistentState(StVals);
if (hasErr) {
ProcessNonLeakError(Dst, Builder, CE, ErrorExpr, Pred, St,
ProcessNonLeakError(Dst, Builder, Ex, ErrorExpr, Pred, St,
hasErr, ErrorSym);
return;
}
// Finally, consult the summary for the return value.
RetEffect RE = GetRetE(Summ);
@ -882,66 +935,89 @@ void CFRefCount::EvalCall(ExplodedNodeSet<ValueState>& Dst,
switch (RE.getKind()) {
default:
assert (false && "Unhandled RetEffect."); break;
case RetEffect::NoRet:
// Make up a symbol for the return value (not reference counted).
// FIXME: This is basically copy-and-paste from GRSimpleVals. We
// should compose behavior, not copy it.
if (CE->getType() != Eng.getContext().VoidTy) {
if (Ex->getType() != Eng.getContext().VoidTy) {
unsigned Count = Builder.getCurrentBlockCount();
SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(Ex, Count);
RVal X = CE->getType()->isPointerType()
? cast<RVal>(lval::SymbolVal(Sym))
: cast<RVal>(nonlval::SymbolVal(Sym));
RVal X = Ex->getType()->isPointerType()
? cast<RVal>(lval::SymbolVal(Sym))
: cast<RVal>(nonlval::SymbolVal(Sym));
St = StateMgr.SetRVal(St, CE, X, Eng.getCFG().isBlkExpr(CE), false);
St = StateMgr.SetRVal(St, Ex, X, Eng.getCFG().isBlkExpr(Ex), false);
}
break;
case RetEffect::Alias: {
unsigned idx = RE.getValue();
assert (idx < CE->getNumArgs());
RVal V = StateMgr.GetRVal(St, CE->getArg(idx));
St = StateMgr.SetRVal(St, CE, V, Eng.getCFG().isBlkExpr(CE), false);
assert ((arg_end - arg_beg) >= 0);
assert (idx < (unsigned) (arg_end - arg_beg));
RVal V = StateMgr.GetRVal(St, arg_beg[idx]);
St = StateMgr.SetRVal(St, Ex, V, Eng.getCFG().isBlkExpr(Ex), false);
break;
}
case RetEffect::OwnedSymbol: {
unsigned Count = Builder.getCurrentBlockCount();
SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(Ex, Count);
ValueState StImpl = *St;
RefBindings B = GetRefBindings(StImpl);
SetRefBindings(StImpl, RefBFactory.Add(B, Sym, RefVal::makeOwned()));
St = StateMgr.SetRVal(StateMgr.getPersistentState(StImpl),
CE, lval::SymbolVal(Sym),
Eng.getCFG().isBlkExpr(CE), false);
Ex, lval::SymbolVal(Sym),
Eng.getCFG().isBlkExpr(Ex), false);
break;
}
case RetEffect::NotOwnedSymbol: {
unsigned Count = Builder.getCurrentBlockCount();
SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(Ex, Count);
ValueState StImpl = *St;
RefBindings B = GetRefBindings(StImpl);
SetRefBindings(StImpl, RefBFactory.Add(B, Sym, RefVal::makeNotOwned()));
St = StateMgr.SetRVal(StateMgr.getPersistentState(StImpl),
CE, lval::SymbolVal(Sym),
Eng.getCFG().isBlkExpr(CE), false);
Ex, lval::SymbolVal(Sym),
Eng.getCFG().isBlkExpr(Ex), false);
break;
}
}
Builder.MakeNode(Dst, CE, Pred, St);
Builder.MakeNode(Dst, Ex, Pred, St);
}
void CFRefCount::EvalCall(ExplodedNodeSet<ValueState>& Dst,
GRExprEngine& Eng,
GRStmtNodeBuilder<ValueState>& Builder,
CallExpr* CE, RVal L,
ExplodedNode<ValueState>* Pred) {
RetainSummary* Summ = NULL;
// Get the summary.
if (isa<lval::FuncVal>(L)) {
lval::FuncVal FV = cast<lval::FuncVal>(L);
FunctionDecl* FD = FV.getDecl();
Summ = Summaries.getSummary(FD, Eng.getContext());
}
EvalSummary(Dst, Eng, Builder, CE, 0, Summ,
CE->arg_begin(), CE->arg_end(), Pred);
}
@ -996,7 +1072,7 @@ bool CFRefCount::EvalObjCMessageExprAux(ExplodedNodeSet<ValueState>& Dst,
ObjCMessageExpr* ME,
ExplodedNode<ValueState>* Pred) {
if (GCEnabled)
if (isGCEnabled())
return true;
// Handle "toll-free bridging" of calls to "Release" and "Retain".
@ -1344,7 +1420,7 @@ CFRefCount::RefBindings CFRefCount::Update(RefBindings B, SymbolID sym,
assert (false && "Unhandled CFRef transition.");
case DoNothing:
if (!GCEnabled && V.getKind() == RefVal::Released) {
if (!isGCEnabled() && V.getKind() == RefVal::Released) {
V = RefVal::makeUseAfterRelease();
hasErr = V.getKind();
break;
@ -1366,7 +1442,7 @@ CFRefCount::RefBindings CFRefCount::Update(RefBindings B, SymbolID sym,
break;
case RefVal::Released:
if (GCEnabled)
if (isGCEnabled())
V = RefVal::makeOwned();
else {
V = RefVal::makeUseAfterRelease();