clang 22.0.0git
FactsGenerator.h
Go to the documentation of this file.
1//===- FactsGenerator.h - Lifetime Facts Generation -------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines the FactsGenerator, which traverses the AST to generate
10// lifetime-relevant facts (such as loan issuance, expiration, origin flow,
11// and use) from CFG statements. These facts are used by the dataflow analyses
12// to track pointer lifetimes and detect use-after-free errors.
13//
14//===----------------------------------------------------------------------===//
15#ifndef LLVM_CLANG_ANALYSIS_ANALYSES_LIFETIMESAFETY_FACTSGENERATOR_H
16#define LLVM_CLANG_ANALYSIS_ANALYSES_LIFETIMESAFETY_FACTSGENERATOR_H
17
18#include "clang/AST/StmtVisitor.h"
19#include "clang/Analysis/Analyses/LifetimeSafety/Facts.h"
20#include "clang/Analysis/Analyses/LifetimeSafety/Origins.h"
21#include "clang/Analysis/AnalysisDeclContext.h"
22#include "clang/Analysis/CFG.h"
23#include "llvm/ADT/SmallVector.h"
24
25namespace clang::lifetimes::internal {
26
27class FactsGenerator : public ConstStmtVisitor<FactsGenerator> {
28 using Base = ConstStmtVisitor<FactsGenerator>;
29
30public:
31 FactsGenerator(FactManager &FactMgr, AnalysisDeclContext &AC)
32 : FactMgr(FactMgr), AC(AC) {}
33
34 void run();
35
36 void VisitDeclStmt(const DeclStmt *DS);
37 void VisitDeclRefExpr(const DeclRefExpr *DRE);
38 void VisitCXXConstructExpr(const CXXConstructExpr *CCE);
39 void VisitCXXMemberCallExpr(const CXXMemberCallExpr *MCE);
40 void VisitCallExpr(const CallExpr *CE);
41 void VisitCXXNullPtrLiteralExpr(const CXXNullPtrLiteralExpr *N);
42 void VisitImplicitCastExpr(const ImplicitCastExpr *ICE);
43 void VisitUnaryOperator(const UnaryOperator *UO);
44 void VisitReturnStmt(const ReturnStmt *RS);
45 void VisitBinaryOperator(const BinaryOperator *BO);
46 void VisitCXXOperatorCallExpr(const CXXOperatorCallExpr *OCE);
47 void VisitCXXFunctionalCastExpr(const CXXFunctionalCastExpr *FCE);
48 void VisitInitListExpr(const InitListExpr *ILE);
49 void VisitMaterializeTemporaryExpr(const MaterializeTemporaryExpr *MTE);
50
51private:
52 void handleDestructor(const CFGAutomaticObjDtor &DtorOpt);
53
54 void handleGSLPointerConstruction(const CXXConstructExpr *CCE);
55
56 /// Checks if a call-like expression creates a borrow by passing a value to a
57 /// reference parameter, creating an IssueFact if it does.
58 /// \param IsGslConstruction True if this is a GSL construction where all
59 /// argument origins should flow to the returned origin.
60 void handleFunctionCall(const Expr *Call, const FunctionDecl *FD,
61 ArrayRef<const Expr *> Args,
62 bool IsGslConstruction = false);
63
64 template <typename Destination, typename Source>
65 void flowOrigin(const Destination &D, const Source &S) {
66 OriginID DestOID = FactMgr.getOriginMgr().getOrCreate(D);
67 OriginID SrcOID = FactMgr.getOriginMgr().get(S);
68 CurrentBlockFacts.push_back(FactMgr.createFact<OriginFlowFact>(
69 DestOID, SrcOID, /*KillDest=*/false));
70 }
71
72 template <typename Destination, typename Source>
73 void killAndFlowOrigin(const Destination &D, const Source &S) {
74 OriginID DestOID = FactMgr.getOriginMgr().getOrCreate(D);
75 OriginID SrcOID = FactMgr.getOriginMgr().get(S);
76 CurrentBlockFacts.push_back(
77 FactMgr.createFact<OriginFlowFact>(DestOID, SrcOID, /*KillDest=*/true));
78 }
79
80 /// Checks if the expression is a `void("__lifetime_test_point_...")` cast.
81 /// If so, creates a `TestPointFact` and returns true.
82 bool handleTestPoint(const CXXFunctionalCastExpr *FCE);
83
84 void handleAssignment(const Expr *LHSExpr, const Expr *RHSExpr);
85
86 // A DeclRefExpr will be treated as a use of the referenced decl. It will be
87 // checked for use-after-free unless it is later marked as being written to
88 // (e.g. on the left-hand side of an assignment).
89 void handleUse(const DeclRefExpr *DRE);
90
91 void markUseAsWrite(const DeclRefExpr *DRE);
92
93 FactManager &FactMgr;
94 AnalysisDeclContext &AC;
95 llvm::SmallVector<Fact *> CurrentBlockFacts;
96 // To distinguish between reads and writes for use-after-free checks, this map
97 // stores the `UseFact` for each `DeclRefExpr`. We initially identify all
98 // `DeclRefExpr`s as "read" uses. When an assignment is processed, the use
99 // corresponding to the left-hand side is updated to be a "write", thereby
100 // exempting it from the check.
101 llvm::DenseMap<const DeclRefExpr *, UseFact *> UseFacts;
102};
103
104} // namespace clang::lifetimes::internal
105
106#endif // LLVM_CLANG_ANALYSIS_ANALYSES_LIFETIMESAFETY_FACTSGENERATOR_H
AnalysisDeclContext.h
This file defines AnalysisDeclContext, a class that manages the analysis context data for context sen...
handleAssignment
static bool handleAssignment(EvalInfo &Info, const Expr *E, const LValue &LVal, QualType LValType, APValue &Val)
Perform an assignment of Val to LVal. Takes ownership of Val.
Definition ExprConstant.cpp:4639
clang::AnalysisDeclContext
AnalysisDeclContext contains the context data for the function, method or block under analysis.
Definition AnalysisDeclContext.h:72
clang::BinaryOperator
A builtin binary operation expression such as "x + y" or "x <= y".
Definition Expr.h:3972
clang::CFGAutomaticObjDtor
Represents C++ object destructor implicitly generated for automatic object or temporary bound to cons...
Definition CFG.h:418
clang::CXXConstructExpr
Represents a call to a C++ constructor.
Definition ExprCXX.h:1549
clang::CXXFunctionalCastExpr
Represents an explicit C++ type conversion that uses "functional" notation (C++ [expr....
Definition ExprCXX.h:1833
clang::CXXMemberCallExpr
Represents a call to a member function that may be written either with member call syntax (e....
Definition ExprCXX.h:179
clang::CXXNullPtrLiteralExpr
The null pointer literal (C++11 [lex.nullptr])
Definition ExprCXX.h:768
clang::CXXOperatorCallExpr
A call to an overloaded operator written using operator syntax.
Definition ExprCXX.h:84
clang::CallExpr
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition Expr.h:2877
clang::ConstStmtVisitor
ConstStmtVisitor - This class implements a simple visitor for Stmt subclasses.
Definition StmtVisitor.h:196
clang::DeclRefExpr
A reference to a declared variable, function, enum, etc.
Definition Expr.h:1270
clang::DeclStmt
DeclStmt - Adaptor class for mixing declarations with statements and expressions.
Definition Stmt.h:1611
clang::Expr
This represents one expression.
Definition Expr.h:112
clang::FunctionDecl
Represents a function declaration or definition.
Definition Decl.h:2000
clang::ImplicitCastExpr
ImplicitCastExpr - Allows us to explicitly represent implicit type conversions, which have no direct ...
Definition Expr.h:3787
clang::InitListExpr
Describes an C or C++ initializer list.
Definition Expr.h:5233
clang::MaterializeTemporaryExpr
Represents a prvalue temporary that is written into memory so that a reference can bind to it.
Definition ExprCXX.h:4922
clang::ReturnStmt
ReturnStmt - This represents a return, optionally of an expression: return; return 4;.
Definition Stmt.h:3160
clang::UnaryOperator
UnaryOperator - This represents the unary-expression's (except sizeof and alignof),...
Definition Expr.h:2244
clang::lifetimes::internal::FactManager::createFact
FactType * createFact(Args &&...args)
Definition Facts.h:200
clang::lifetimes::internal::FactsGenerator::VisitDeclRefExpr
void VisitDeclRefExpr(const DeclRefExpr *DRE)
Definition FactsGenerator.cpp:79
clang::lifetimes::internal::FactsGenerator::VisitBinaryOperator
void VisitBinaryOperator(const BinaryOperator *BO)
Definition FactsGenerator.cpp:172
clang::lifetimes::internal::FactsGenerator::VisitMaterializeTemporaryExpr
void VisitMaterializeTemporaryExpr(const MaterializeTemporaryExpr *MTE)
Definition FactsGenerator.cpp:208
clang::lifetimes::internal::FactsGenerator::FactsGenerator
FactsGenerator(FactManager &FactMgr, AnalysisDeclContext &AC)
Definition FactsGenerator.h:31
clang::lifetimes::internal::FactsGenerator::VisitCXXConstructExpr
void VisitCXXConstructExpr(const CXXConstructExpr *CCE)
Definition FactsGenerator.cpp:100
clang::lifetimes::internal::FactsGenerator::VisitImplicitCastExpr
void VisitImplicitCastExpr(const ImplicitCastExpr *ICE)
Definition FactsGenerator.cpp:140
clang::lifetimes::internal::FactsGenerator::VisitCXXFunctionalCastExpr
void VisitCXXFunctionalCastExpr(const CXXFunctionalCastExpr *FCE)
Definition FactsGenerator.cpp:189
clang::lifetimes::internal::FactsGenerator::VisitInitListExpr
void VisitInitListExpr(const InitListExpr *ILE)
Definition FactsGenerator.cpp:199
clang::lifetimes::internal::FactsGenerator::VisitCXXNullPtrLiteralExpr
void VisitCXXNullPtrLiteralExpr(const CXXNullPtrLiteralExpr *N)
Definition FactsGenerator.cpp:133
clang::lifetimes::internal::FactsGenerator::VisitCXXOperatorCallExpr
void VisitCXXOperatorCallExpr(const CXXOperatorCallExpr *OCE)
Definition FactsGenerator.cpp:177
clang::lifetimes::internal::FactsGenerator::VisitUnaryOperator
void VisitUnaryOperator(const UnaryOperator *UO)
Definition FactsGenerator.cpp:148
clang::lifetimes::internal::FactsGenerator::VisitCXXMemberCallExpr
void VisitCXXMemberCallExpr(const CXXMemberCallExpr *MCE)
Definition FactsGenerator.cpp:107
clang::lifetimes::internal::OriginManager::getOrCreate
OriginID getOrCreate(const Expr &E)
Definition Origins.cpp:63
clang::lifetimes::internal::OriginID
utils::ID< struct OriginTag > OriginID
Definition Origins.h:23
Generated on for clang by doxygen 1.14.0