From ee158bc29bc12ce544996f7cdfde14aba63acf4d Mon Sep 17 00:00:00 2001
From: Jordan Rose <jordan_rose@apple.com>
Date: Mon, 9 Jul 2012 16:54:49 +0000
Subject: [PATCH] [analyzer] When inlining, make sure we use the definition
 decl.

This was a regression introduced during the CallEvent changes; a call to
FunctionDecl::hasBody was also being used to replace the decl found by
lookup with the actual definition. To keep from making this mistake again
(particularly if/when we start inlining Objective-C methods), this commit
adds a "getDefinition()" method to CallEvent, which should do the right
thing under any circumstances.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159940 91177308-0d34-0410-b5e6-96231b3b80d8
---
 .../StaticAnalyzer/Core/PathSensitive/Calls.h | 28 +++++++++++++++++++
 .../Core/ExprEngineCallAndReturn.cpp          | 13 +++++----
 test/Analysis/inline.c                        | 15 +++++++++-
 3 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/Calls.h b/include/clang/StaticAnalyzer/Core/PathSensitive/Calls.h
index 84d9b19c86e..332addce161 100644
--- a/include/clang/StaticAnalyzer/Core/PathSensitive/Calls.h
+++ b/include/clang/StaticAnalyzer/Core/PathSensitive/Calls.h
@@ -80,6 +80,12 @@ public:
   /// called. May be null.
   virtual const Decl *getDecl() const = 0;
 
+  /// \brief Returns the definition of the function or method that will be
+  /// called. May be null.
+  ///
+  /// This is used when deciding how to inline the call.
+  virtual const Decl *getDefinition() const { return getDecl(); }
+
   /// \brief Returns the expression whose value will be the result of this call.
   /// May be null.
   virtual const Expr *getOriginExpr() const = 0;
@@ -194,6 +200,14 @@ protected:
 public:
   virtual const FunctionDecl *getDecl() const = 0;
 
+  const Decl *getDefinition() const {
+    const FunctionDecl *FD = getDecl();
+    // Note that hasBody() will fill FD with the definition FunctionDecl.
+    if (FD && FD->hasBody(FD))
+      return FD;
+    return 0;
+  }
+
   bool argumentsMayEscape() const;
 
   static bool classof(const CallEvent *CA) {
@@ -325,6 +339,10 @@ public:
     return BR->getDecl();
   }
 
+  const Decl *getDefinition() const {
+    return getBlockDecl();
+  }
+
   static bool classof(const CallEvent *CA) {
     return CA->getKind() == CE_Block;
   }
@@ -452,6 +470,16 @@ public:
     return Msg->getReceiverRange();
   }
 
+  const Decl *getDefinition() const {
+    const ObjCMethodDecl *MD = getDecl();
+    for (Decl::redecl_iterator I = MD->redecls_begin(), E = MD->redecls_end();
+         I != E; ++I) {
+      if (cast<ObjCMethodDecl>(*I)->isThisDeclarationADefinition())
+        return *I;
+    }
+    return 0;
+  }
+
   static bool classof(const CallEvent *CA) {
     return CA->getKind() >= CE_BEG_OBJC_CALLS &&
            CA->getKind() <= CE_END_OBJC_CALLS;
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
index b2b1ab561b0..6fb41930d35 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -274,7 +274,10 @@ bool ExprEngine::inlineCall(ExplodedNodeSet &Dst,
   const StackFrameContext *CallerSFC =
     Pred->getLocationContext()->getCurrentStackFrame();
 
-  const Decl *D = Call.getDecl();
+  const Decl *D = Call.getDefinition();
+  if (!D)
+    return false;
+
   const LocationContext *ParentOfCallee = 0;
 
   switch (Call.getKind()) {
@@ -298,9 +301,7 @@ bool ExprEngine::inlineCall(ExplodedNodeSet &Dst,
     return false;
   case CE_Block: {
     const BlockDataRegion *BR = cast<BlockCall>(Call).getBlockRegion();
-    if (!BR)
-      return false;
-    D = BR->getDecl();
+    assert(BR && "If we have the block definition we should have its region");
     AnalysisDeclContext *BlockCtx = AMgr.getAnalysisDeclContext(D);
     ParentOfCallee = BlockCtx->getBlockInvocationContext(CallerSFC,
                                                          cast<BlockDecl>(D),
@@ -313,8 +314,8 @@ bool ExprEngine::inlineCall(ExplodedNodeSet &Dst,
     // that a particular method will be called at runtime.
     return false;
   }
-  
-  if (!D || !shouldInlineDecl(D, Pred))
+
+  if (!shouldInlineDecl(D, Pred))
     return false;
   
   if (!ParentOfCallee)
diff --git a/test/Analysis/inline.c b/test/Analysis/inline.c
index 0827d934614..73d629a04ad 100644
--- a/test/Analysis/inline.c
+++ b/test/Analysis/inline.c
@@ -1,4 +1,6 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-ipa=inlining -analyzer-store region -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,debug.ExprInspection -analyzer-ipa=inlining -analyzer-store region -verify %s
+
+void clang_analyzer_eval(int);
 
 int test1_f1() {
   int y = 1;
@@ -90,3 +92,14 @@ int test_rdar10977037() {
 }
 
 
+// Test inlining a forward-declared function.
+// This regressed when CallEvent was first introduced.
+int plus1(int x);
+void test() {
+  clang_analyzer_eval(plus1(2) == 3); // expected-warning{{TRUE}}
+}
+
+int plus1(int x) {
+  return x + 1;
+}
+
-- 
GitLab