Merge branch 'master' of github.com:microsoft/checkedc-clang

Author: mattmccutchen-cci

clang/include/clang/AST/CanonBounds.h

@@ -123,6 +123,12 @@ namespace clang {
     /// expressions are equivalent semantically.
     bool CompareExprSemantically(const Expr *E1, const Expr *E2);
 
+    /// \brief Given the upper bound expr and the dereference expr for an
+    /// _Nt_array_ptr gets the offset by which the pointer is dereferenced.
+    /// The boolean return value indicates whether a valid offset exists.
+    bool GetDerefOffset(const Expr *UpperExpr, const Expr *DerefExpr,
+                        llvm::APSInt &Offset);
+
     /// \brief Compare declarations that may be used by expressions or
     /// or types.
     Result CompareDecl(const NamedDecl *D1, const NamedDecl *D2) const;

clang/include/clang/AST/PreorderAST.h

@@ -118,9 +118,17 @@ namespace clang {
     // this to control when to stop recursive constant folding.
     void ConstantFold(Node *N, bool &Changed);
 
-    // Normalize expressions which do not have any integer constants.
-    // @param[in] N is current node of the AST. Initial value is Root.
-    void NormalizeExprsWithoutConst(Node *N);
+    // Get the deref offset from the DerefExpr. The offset represents the
+    // possible amount by which the bounds of an ntptr could be widened.
+    // @param[in] UpperExpr is the upper bounds expr for the ntptr.
+    // @param[in] DerefExpr is the dereferenced expr for the ntptr.
+    // @param[out] Offset is the offset from the base by which the pointer is
+    // dereferenced.
+    // return Returns a boolean indicating whether a valid offset exists. True
+    // means a valid offset was found and is present in the "Offset" parameter.
+    // False means a valid offset was not found.
+    bool GetDerefOffset(Node *UpperExpr, Node *DerefExpr,
+                        llvm::APSInt &Offset);
 
     // Check if the two AST nodes N1 and N2 are equal.
     // @param[in] N1 is the first node.
@@ -151,6 +159,17 @@ namespace clang {
     // transformation of the AST.
     void Normalize();
 
+    // Get the offset by which a pointer is dereferenced. This function is
+    // intended to be called from outside this class.
+    // @param[in] this is the first AST.
+    // @param[in] P is the second AST.
+    // @param[out] Offset is the dereference offset.
+    // @return Returns a bool indicating whether a valid dereference offset
+    // exists.
+    bool GetDerefOffset(PreorderAST &P, llvm::APSInt &Offset) {
+      return GetDerefOffset(/*UpperExpr*/ Root, /*DerefExpr*/ P.Root, Offset);
+    }
+
     // Check if the two ASTs are equal. This is intended to be called from
     // outside this class and invokes IsEqual on the root nodes of the two ASTs
     // to recursively compare the AST nodes.

clang/include/clang/Sema/BoundsAnalysis.h

@@ -244,10 +244,10 @@ namespace clang {
     void FillGenSet(Expr *E, ElevatedCFGBlock *EB, ElevatedCFGBlock *SuccEB);
 
     // Uniformize the expr, fill Gen set for the edge EB->SuccEB.
-    // @param[in] E is an ntptr dereference or array subscript expr.
+    // @param[in] DerefExpr is an ntptr dereference or array subscript expr.
     // @param[in] Source block for the edge for which the Gen set is updated.
     // @param[in] Dest block for the edge for which the Gen set is updated.
-    void FillGenSetForEdge(const Expr *E,
+    void FillGenSetForEdge(const Expr *DerefExpr,
                            ElevatedCFGBlock *EB,
                            ElevatedCFGBlock *SuccEB);
 
@@ -301,14 +301,6 @@ namespace clang {
     // @return The DeclRefExpr from the expression E or nullptr.
     DeclRefExpr *GetDeclOperand(const Expr *E);
 
-    // Make an expression uniform by moving all DeclRefExpr to the LHS and all
-    // IntegerLiterals to the RHS.
-    // @param[in] E is the expression which should be made uniform.
-    // @return A pair of an expression and an integer constant. The expression
-    // contains all DeclRefExprs of E and the integer constant contains all
-    // IntegerLiterals of E.
-    ExprIntPairTy SplitIntoBaseOffset(const Expr *E);
-
     // Collect all ntptrs in scope. Currently, this simply collects all ntptrs
     // defined in all blocks in the current function. This function inserts the
     // VarDecls for the ntptrs in NtPtrsInScope.

clang/lib/AST/CanonBounds.cpp

@@ -248,6 +248,32 @@ bool Lexicographic::CompareExprSemantically(const Expr *Arg1,
   return Res;
 }
 
+bool Lexicographic::GetDerefOffset(const Expr *UpperExpr,
+                                   const Expr *DerefExpr,
+                                   llvm::APSInt &Offset) {
+  Expr *E1 = const_cast<Expr *>(UpperExpr);
+  Expr *E2 = const_cast<Expr *>(DerefExpr);
+
+  PreorderAST P1(Context, E1);
+  P1.Normalize();
+  if (P1.GetError()) {
+    P1.Cleanup();
+    return false;
+  }
+
+  PreorderAST P2(Context, E2);
+  P2.Normalize();
+  if (P2.GetError()) {
+    P2.Cleanup();
+    return false;
+  }
+
+  bool Res = P1.GetDerefOffset(P2, Offset);
+  P1.Cleanup();
+  P2.Cleanup();
+  return Res;
+}
+
 Result Lexicographic::CompareExpr(const Expr *Arg1, const Expr *Arg2) {
    if (Trace) {
      raw_ostream &OS = llvm::outs();

clang/lib/AST/PreorderAST.cpp

@@ -82,7 +82,25 @@ void PreorderAST::Create(Expr *E, Node *Parent) {
 
   E = Lex.IgnoreValuePreservingOperations(Ctx, E->IgnoreParens());
 
-  if (const auto *BO = dyn_cast<BinaryOperator>(E)) {
+  if (!Parent) {
+    // The invariant is that the root node must be a BinaryNode with an
+    // addition operator. So for expressions like "if (*p)", we don't have a
+    // BinaryOperator. So when we enter this function there is no root and the
+    // parent is null. So we create a new BinaryNode with + as the operator and
+    // add 0 as a LeafNodeExpr child of this BinaryNode. This helps us compare
+    // expressions like "p" and "p + 1" by normalizing "p" to "p + 0".
+
+    auto *N = new BinaryNode(BO_Add, Parent);
+    AddNode(N, Parent);
+
+    llvm::APInt Zero(Ctx.getTargetInfo().getIntWidth(), 0);
+    auto *ZeroLiteral = new (Ctx) IntegerLiteral(Ctx, Zero, Ctx.IntTy,
+                                                 SourceLocation());
+    auto *L = new LeafExprNode(ZeroLiteral, N);
+    AddNode(L, /*Parent*/ N);
+    Create(E, /*Parent*/ N);
+
+  } else if (const auto *BO = dyn_cast<BinaryOperator>(E)) {
     BinaryOperator::Opcode BinOp = BO->getOpcode();
     Expr *LHS = BO->getLHS();
     Expr *RHS = BO->getRHS();
@@ -130,19 +148,6 @@ void PreorderAST::Create(Expr *E, Node *Parent) {
     Create(LHS, /*Parent*/ N);
     Create(RHS, /*Parent*/ N);
 
-  } else if (!Parent) {
-    // The invariant is that the root node must be a BinaryNode. So for
-    // expressions like "if (*p)", we don't have a BinaryOperator. So when we
-    // enter this function there is no root and the parent is null. So we
-    // create a new BinaryNode with + as the operator and add "p" as a
-    // LeafNodeExpr child of this BinaryNode. Later, in the function
-    // NormalizeExprsWithoutConst we normalize "p" to "p + 0" by adding 0 as a
-    // sibling of "p".
-
-    auto *N = new BinaryNode(BO_Add, Parent);
-    AddNode(N, Parent);
-    Create(E, /*Parent*/ N);
-
   } else {
     auto *N = new LeafExprNode(E, Parent);
     AddNode(N, Parent);
@@ -331,50 +336,80 @@ void PreorderAST::ConstantFold(Node *N, bool &Changed) {
   Changed = true;
 }
 
-void PreorderAST::NormalizeExprsWithoutConst(Node *N) {
-  // Consider the following case:
-  // Upper bound expr: p
-  // Deref expr: p + 1
-  // In this case, we would not able able to extract the offset from the deref
-  // expression because the upper bound expression does not contain a constant.
-  // This is because the node-by-node comparison of the two expressions would
-  // fail. So we require that expressions be of the form "(variable + constant)".
-  // So, we normalize expressions by adding an integer constant to expressions
-  // which do not have one. For example:
-  // p ==> (p + 0)
-  // (p + i) ==> (p + i + 0)
-  // (p * i) ==> (p * i * 1)
+bool PreorderAST::GetDerefOffset(Node *UpperNode, Node *DerefNode,
+				 llvm::APSInt &Offset) {
+  // Extract the offset by which a pointer is dereferenced. For the pointer we
+  // compare the dereference expr with the declared upper bound expr. If the
+  // non-integer parts of the two exprs are not equal we say that a valid
+  // offset does not exist and return false. If the non-integer parts of the
+  // two exprs are equal the offset is calculated as:
+  // (integer part of deref expr - integer part of upper bound expr).
+
+  // Since we have already normalized exprs like "*p" to "*(p + 0)" we require
+  // that the root of the preorder AST is a BinaryNode.
+  auto *B1 = dyn_cast_or_null<BinaryNode>(UpperNode);
+  auto *B2 = dyn_cast_or_null<BinaryNode>(DerefNode);
+
+  if (!B1 || !B2)
+    return false;
 
-  auto *B = dyn_cast_or_null<BinaryNode>(N);
-  if (!B)
-    return;
+  // If the opcodes mismatch we cannot have a valid offset.
+  if (B1->Opc != B2->Opc)
+    return false;
 
-  for (auto *Child : B->Children) {
-    // Recursively normalize constants in the children of a BinaryNode.
-    if (isa<BinaryNode>(Child))
-      NormalizeExprsWithoutConst(Child);
+  // We have already constant folded the constants. So return false if the
+  // number of children mismatch.
+  if (B1->Children.size() != B2->Children.size())
+    return false;
 
-    else if (auto *ChildLeafNode = dyn_cast<LeafExprNode>(Child)) {
-      if (ChildLeafNode->E->isIntegerConstantExpr(Ctx))
-        return;
-    }
-  }
+  // Check if the children are equivalent.
+  for (size_t I = 0; I != B1->Children.size(); ++I) {
+    auto *Child1 = B1->Children[I];
+    auto *Child2 = B2->Children[I];
 
-  llvm::APInt IntConst;
-  switch(B->Opc) {
-    default: return;
-    case BO_Add:
-      IntConst = llvm::APInt(Ctx.getTargetInfo().getIntWidth(), 0);
-      break;
-    case BO_Mul:
-      IntConst = llvm::APInt(Ctx.getTargetInfo().getIntWidth(), 1);
-      break;
+    if (IsEqual(Child1, Child2))
+      continue;
+
+    // If the children are not equal we require that they be integer constant
+    // leaf nodes. Otherwise we cannot have a valid offset.
+    auto *L1 = dyn_cast_or_null<LeafExprNode>(Child1);
+    auto *L2 = dyn_cast_or_null<LeafExprNode>(Child2);
+
+    if (!L1 || !L2)
+      return false;
+
+    // Return false if either of the leaf nodes is not an integer constant.
+    llvm::APSInt UpperOffset;
+    if (!L1->E->isIntegerConstantExpr(UpperOffset, Ctx))
+      return false;
+
+    llvm::APSInt DerefOffset;
+    if (!L2->E->isIntegerConstantExpr(DerefOffset, Ctx))
+      return false;
+
+    // Offset should always be of the form (ptr + offset). So we check for
+    // addition.
+    // Note: We have already converted (ptr - offset) to (ptr + -offset). So
+    // its okay to only check for addition.
+    if (B1->Opc != BO_Add)
+      return false;
+
+    // This guards us from a case where the constants were not folded for
+    // some reason. In theory this should never happen. But we are adding this
+    // check just in case.
+    llvm::APSInt Zero(Ctx.getTargetInfo().getIntWidth(), 0);
+    if (llvm::APSInt::compareValues(Offset, Zero) != 0)
+      return false;
+
+    // offset = deref offset - declared upper bound offset.
+    // Return false if we encounter an overflow.
+    bool Overflow;
+    Offset = DerefOffset.ssub_ov(UpperOffset, Overflow);
+    if (Overflow)
+      return false;
   }
 
-  auto *IntLiteral = new (Ctx) IntegerLiteral(Ctx, IntConst, Ctx.IntTy,
-                                              SourceLocation());
-  auto *L = new LeafExprNode(IntLiteral, B);
-  AddNode(L, B);
+  return true;
 }
 
 bool PreorderAST::IsEqual(Node *N1, Node *N2) {
@@ -438,7 +473,6 @@ void PreorderAST::Normalize() {
     ConstantFold(Root, Changed);
     if (Error)
       break;
-    NormalizeExprsWithoutConst(Root);
   }
 
   if (Ctx.getLangOpts().DumpPreorderAST) {