[clang] fa68972 - [dataflow] document flow condition
Sam McCall via cfe-commits
cfe-commits at lists.llvm.org
Tue Jul 11 22:20:55 PDT 2023
Author: Sam McCall
Date: 2023-07-12T07:20:46+02:00
New Revision: fa689726768b7b5cae01970cce2e59a72a0229b4
URL: https://github.com/llvm/llvm-project/commit/fa689726768b7b5cae01970cce2e59a72a0229b4
DIFF: https://github.com/llvm/llvm-project/commit/fa689726768b7b5cae01970cce2e59a72a0229b4.diff
LOG: [dataflow] document flow condition
There's some documentation of this concept at
https://clang.llvm.org/docs/DataFlowAnalysisIntro.html
but it would be nice to have it closer to the code.
I also was laboring under an obvious but wrong mental model that
the flow condition token represented "execution reached this point",
I'd like to explicitly call that out as wrong.
Differential Revision: https://reviews.llvm.org/D154969
Added:
Modified:
clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
Removed:
################################################################################
diff --git a/clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h b/clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
index 5bd2e5518a5463..512f66073da457 100644
--- a/clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
+++ b/clang/include/clang/Analysis/FlowSensitive/DataflowEnvironment.h
@@ -22,6 +22,7 @@
#include "clang/Analysis/FlowSensitive/ControlFlowContext.h"
#include "clang/Analysis/FlowSensitive/DataflowAnalysisContext.h"
#include "clang/Analysis/FlowSensitive/DataflowLattice.h"
+#include "clang/Analysis/FlowSensitive/Formula.h"
#include "clang/Analysis/FlowSensitive/Logger.h"
#include "clang/Analysis/FlowSensitive/StorageLocation.h"
#include "clang/Analysis/FlowSensitive/Value.h"
@@ -524,16 +525,30 @@ class Environment {
arena().makeEquals(LHS.formula(), RHS.formula()));
}
- /// Returns the token that identifies the flow condition of the environment.
+ /// Returns a boolean variable that identifies the flow condition (FC).
+ ///
+ /// The flow condition is a set of facts that are necessarily true when the
+ /// program reaches the current point, expressed as boolean formulas.
+ /// The flow condition token is equivalent to the AND of these facts.
+ ///
+ /// These may e.g. constrain the value of certain variables. A pointer
+ /// variable may have a consistent modeled PointerValue throughout, but at a
+ /// given point the Environment may tell us that the value must be non-null.
+ ///
+ /// The FC is necessary but not sufficient for this point to be reachable.
+ /// In particular, where the FC token appears in flow conditions of successor
+ /// environments, it means "point X may have been reached", not
+ /// "point X was reached".
Atom getFlowConditionToken() const { return FlowConditionToken; }
- /// Adds `Val` to the set of clauses that constitute the flow condition.
+ /// Record a fact that must be true if this point in the program is reached.
void addToFlowCondition(const Formula &);
/// Deprecated: Use Formula version instead.
void addToFlowCondition(BoolValue &Val);
- /// Returns true if and only if the clauses that constitute the flow condition
- /// imply that `Val` is true.
+ /// Returns true if the formula is always true when this point is reached.
+ /// Returns false if the formula may be false, or if the flow condition isn't
+ /// sufficiently precise to prove that it is true.
bool flowConditionImplies(const Formula &) const;
/// Deprecated: Use Formula version instead.
bool flowConditionImplies(BoolValue &Val) const;
More information about the cfe-commits
mailing list