/build/source/clang/include/clang/Analysis/FlowSensitive/CFGMatchSwitch.h

Bug Summary

File:	build/source/clang/include/clang/Analysis/FlowSensitive/CFGMatchSwitch.h
Warning:	line 71, column 12 Potential memory leak

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name UncheckedOptionalAccessModel.cpp -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mframe-pointer=none -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/build/source/build-llvm/tools/clang/stage2-bins -resource-dir /usr/lib/llvm-17/lib/clang/17 -D CLANG_REPOSITORY_STRING="++20230331100734+94a74b9dbb5c-1~exp1~20230331220852.1199" -D _DEBUG -D _GLIBCXX_ASSERTIONS -D _GNU_SOURCE -D _LIBCPP_ENABLE_ASSERTIONS -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I tools/clang/lib/Analysis/FlowSensitive/Models -I /build/source/clang/lib/Analysis/FlowSensitive/Models -I /build/source/clang/include -I tools/clang/include -I include -I /build/source/llvm/include -D _FORTIFY_SOURCE=2 -D NDEBUG -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/x86_64-linux-gnu/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/backward -internal-isystem /usr/lib/llvm-17/lib/clang/17/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/build/source/build-llvm/tools/clang/stage2-bins=build-llvm/tools/clang/stage2-bins -fmacro-prefix-map=/build/source/= -fcoverage-prefix-map=/build/source/build-llvm/tools/clang/stage2-bins=build-llvm/tools/clang/stage2-bins -fcoverage-prefix-map=/build/source/= -source-date-epoch 1680300532 -O2 -Wno-unused-command-line-argument -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-class-memaccess -Wno-redundant-move -Wno-pessimizing-move -Wno-noexcept-type -Wno-comment -Wno-misleading-indentation -std=c++17 -fdeprecated-macro -fdebug-compilation-dir=/build/source/build-llvm/tools/clang/stage2-bins -fdebug-prefix-map=/build/source/build-llvm/tools/clang/stage2-bins=build-llvm/tools/clang/stage2-bins -fdebug-prefix-map=/build/source/= -ferror-limit 19 -fvisibility-inlines-hidden -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2023-04-01-083001-16331-1 -x c++ /build/source/clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp

/build/source/clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp

→

1//===-- UncheckedOptionalAccessModel.cpp ------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9//  This file defines a dataflow analysis that detects unsafe uses of optional
10//  values.
11//
12//===----------------------------------------------------------------------===//

14#include "clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h"
15#include "clang/AST/ASTContext.h"
16#include "clang/AST/DeclCXX.h"
17#include "clang/AST/Expr.h"
18#include "clang/AST/ExprCXX.h"
19#include "clang/AST/Stmt.h"
20#include "clang/ASTMatchers/ASTMatchers.h"
21#include "clang/Analysis/CFG.h"
22#include "clang/Analysis/FlowSensitive/CFGMatchSwitch.h"
23#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
24#include "clang/Analysis/FlowSensitive/NoopLattice.h"
25#include "clang/Analysis/FlowSensitive/StorageLocation.h"
26#include "clang/Analysis/FlowSensitive/Value.h"
27#include "clang/Basic/SourceLocation.h"
28#include "llvm/ADT/StringRef.h"
29#include "llvm/Support/Casting.h"
30#include "llvm/Support/ErrorHandling.h"
31#include <cassert>
32#include <memory>
33#include <optional>
34#include <utility>
35#include <vector>

37namespace clang {
38namespace dataflow {
39namespace {

41using namespace ::clang::ast_matchers;
42using LatticeTransferState = TransferState<NoopLattice>;

44DeclarationMatcher optionalClass() {
return classTemplateSpecializationDecl(
    anyOf(hasName("std::optional"), hasName("std::__optional_storage_base"),
          hasName("__optional_destruct_base"), hasName("absl::optional"),
          hasName("base::Optional")),
    hasTemplateArgument(0, refersToType(type().bind("T"))));
50}

52auto optionalOrAliasType() {
return hasUnqualifiedDesugaredType(
    recordType(hasDeclaration(optionalClass())));
55}

57/// Matches any of the spellings of the optional types and sugar, aliases, etc.
58auto hasOptionalType() { return hasType(optionalOrAliasType()); }

60auto isOptionalMemberCallWithName(
  llvm::StringRef MemberName,
  const std::optional<StatementMatcher> &Ignorable = std::nullopt) {
auto Exception = unless(Ignorable ? expr(anyOf(*Ignorable, cxxThisExpr()))
                                  : cxxThisExpr());
return cxxMemberCallExpr(
    on(expr(Exception)),
    callee(cxxMethodDecl(hasName(MemberName), ofClass(optionalClass()))));
68}

70auto isOptionalOperatorCallWithName(
  llvm::StringRef operator_name,
  const std::optional<StatementMatcher> &Ignorable = std::nullopt) {
return cxxOperatorCallExpr(
    hasOverloadedOperatorName(operator_name),
    callee(cxxMethodDecl(ofClass(optionalClass()))),
    Ignorable ? callExpr(unless(hasArgument(0, *Ignorable))) : callExpr());
77}

79auto isMakeOptionalCall() {
return callExpr(
    callee(functionDecl(hasAnyName(
        "std::make_optional", "base::make_optional", "absl::make_optional"))),
    hasOptionalType());
84}

86auto nulloptTypeDecl() {
return namedDecl(
    hasAnyName("std::nullopt_t", "absl::nullopt_t", "base::nullopt_t"));
89}

91auto hasNulloptType() { return hasType(nulloptTypeDecl()); }

93// `optional` or `nullopt_t`
94auto hasAnyOptionalType() {
return hasType(hasUnqualifiedDesugaredType(
    recordType(hasDeclaration(anyOf(nulloptTypeDecl(), optionalClass())))));
97}


100auto inPlaceClass() {
return recordDecl(
    hasAnyName("std::in_place_t", "absl::in_place_t", "base::in_place_t"));
103}

105auto isOptionalNulloptConstructor() {
return cxxConstructExpr(
    hasOptionalType(),
    hasDeclaration(cxxConstructorDecl(parameterCountIs(1),
                                      hasParameter(0, hasNulloptType()))));
110}

112auto isOptionalInPlaceConstructor() {
return cxxConstructExpr(hasOptionalType(),
                        hasArgument(0, hasType(inPlaceClass())));
115}

117auto isOptionalValueOrConversionConstructor() {
return cxxConstructExpr(
    hasOptionalType(),
    unless(hasDeclaration(
        cxxConstructorDecl(anyOf(isCopyConstructor(), isMoveConstructor())))),
    argumentCountIs(1), hasArgument(0, unless(hasNulloptType())));
123}

125auto isOptionalValueOrConversionAssignment() {
return cxxOperatorCallExpr(
    hasOverloadedOperatorName("="),
    callee(cxxMethodDecl(ofClass(optionalClass()))),
    unless(hasDeclaration(cxxMethodDecl(
        anyOf(isCopyAssignmentOperator(), isMoveAssignmentOperator())))),
    argumentCountIs(2), hasArgument(1, unless(hasNulloptType())));
132}

134auto isNulloptConstructor() {
return cxxConstructExpr(hasNulloptType(), argumentCountIs(1),
                        hasArgument(0, hasNulloptType()));
137}

139auto isOptionalNulloptAssignment() {
return cxxOperatorCallExpr(hasOverloadedOperatorName("="),
                           callee(cxxMethodDecl(ofClass(optionalClass()))),
                           argumentCountIs(2),
                           hasArgument(1, hasNulloptType()));
144}

146auto isStdSwapCall() {
return callExpr(callee(functionDecl(hasName("std::swap"))),
                argumentCountIs(2), hasArgument(0, hasOptionalType()),
                hasArgument(1, hasOptionalType()));
150}

152constexpr llvm::StringLiteral ValueOrCallID = "ValueOrCall";

154auto isValueOrStringEmptyCall() {
// `opt.value_or("").empty()`
return cxxMemberCallExpr(
    callee(cxxMethodDecl(hasName("empty"))),
    onImplicitObjectArgument(ignoringImplicit(
        cxxMemberCallExpr(on(expr(unless(cxxThisExpr()))),
                          callee(cxxMethodDecl(hasName("value_or"),
                                               ofClass(optionalClass()))),
                          hasArgument(0, stringLiteral(hasSize(0))))
            .bind(ValueOrCallID))));
164}

166auto isValueOrNotEqX() {
auto ComparesToSame = [](ast_matchers::internal::Matcher<Stmt> Arg) {
  return hasOperands(
      ignoringImplicit(
          cxxMemberCallExpr(on(expr(unless(cxxThisExpr()))),
                            callee(cxxMethodDecl(hasName("value_or"),
                                                 ofClass(optionalClass()))),
                            hasArgument(0, Arg))
              .bind(ValueOrCallID)),
      ignoringImplicit(Arg));
};

// `opt.value_or(X) != X`, for X is `nullptr`, `""`, or `0`. Ideally, we'd
// support this pattern for any expression, but the AST does not have a
// generic expression comparison facility, so we specialize to common cases
// seen in practice.  FIXME: define a matcher that compares values across
// nodes, which would let us generalize this to any `X`.
return binaryOperation(hasOperatorName("!="),
                       anyOf(ComparesToSame(cxxNullPtrLiteralExpr()),
                             ComparesToSame(stringLiteral(hasSize(0))),
                             ComparesToSame(integerLiteral(equals(0)))));
187}

189auto isCallReturningOptional() {
return callExpr(hasType(qualType(anyOf(
    optionalOrAliasType(), referenceType(pointee(optionalOrAliasType()))))));
192}

194template <typename L, typename R>
195auto isComparisonOperatorCall(L lhs_arg_matcher, R rhs_arg_matcher) {
return cxxOperatorCallExpr(
    anyOf(hasOverloadedOperatorName("=="), hasOverloadedOperatorName("!=")),
    argumentCountIs(2), hasArgument(0, lhs_arg_matcher),
    hasArgument(1, rhs_arg_matcher));
200}

202// Ensures that `Expr` is mapped to a `BoolValue` and returns it.
203BoolValue &forceBoolValue(Environment &Env, const Expr &Expr) {
auto *Value = cast_or_null<BoolValue>(Env.getValue(Expr, SkipPast::None));
if (Value != nullptr)
  return *Value;

auto &Loc = Env.createStorageLocation(Expr);
Value = &Env.makeAtomicBoolValue();
Env.setValue(Loc, *Value);
Env.setStorageLocation(Expr, Loc);
return *Value;
213}

215/// Sets `HasValueVal` as the symbolic value that represents the "has_value"
216/// property of the optional value `OptionalVal`.
217void setHasValue(Value &OptionalVal, BoolValue &HasValueVal) {
OptionalVal.setProperty("has_value", HasValueVal);
219}

221/// Creates a symbolic value for an `optional` value using `HasValueVal` as the
222/// symbolic value of its "has_value" property.
223StructValue &createOptionalValue(Environment &Env, BoolValue &HasValueVal) {
auto OptionalVal = std::make_unique<StructValue>();
setHasValue(*OptionalVal, HasValueVal);
return Env.takeOwnership(std::move(OptionalVal));
227}

229/// Returns the symbolic value that represents the "has_value" property of the
230/// optional value `OptionalVal`. Returns null if `OptionalVal` is null.
231BoolValue *getHasValue(Environment &Env, Value *OptionalVal) {
if (OptionalVal != nullptr) {
  auto *HasValueVal =
      cast_or_null<BoolValue>(OptionalVal->getProperty("has_value"));
  if (HasValueVal == nullptr) {
    HasValueVal = &Env.makeAtomicBoolValue();
    OptionalVal->setProperty("has_value", *HasValueVal);
  }
  return HasValueVal;
}
return nullptr;
242}

244/// If `Type` is a reference type, returns the type of its pointee. Otherwise,
245/// returns `Type` itself.
246QualType stripReference(QualType Type) {
return Type->isReferenceType() ? Type->getPointeeType() : Type;
248}

250/// Returns true if and only if `Type` is an optional type.
251bool isOptionalType(QualType Type) {
if (!Type->isRecordType())
  return false;
// FIXME: Optimize this by avoiding the `getQualifiedNameAsString` call.
auto TypeName = Type->getAsCXXRecordDecl()->getQualifiedNameAsString();
return TypeName == "std::optional" || TypeName == "absl::optional" ||
       TypeName == "base::Optional";
258}

260/// Returns the number of optional wrappers in `Type`.
261///
262/// For example, if `Type` is `optional<optional<int>>`, the result of this
263/// function will be 2.
264int countOptionalWrappers(const ASTContext &ASTCtx, QualType Type) {
if (!isOptionalType(Type))
  return 0;
return 1 + countOptionalWrappers(
               ASTCtx,
               cast<ClassTemplateSpecializationDecl>(Type->getAsRecordDecl())
                   ->getTemplateArgs()
                   .get(0)
                   .getAsType()
                   .getDesugaredType(ASTCtx));
274}

276/// Tries to initialize the `optional`'s value (that is, contents), and return
277/// its location. Returns nullptr if the value can't be represented.
278StorageLocation *maybeInitializeOptionalValueMember(QualType Q,
                                                  Value &OptionalVal,
                                                  Environment &Env) {
// The "value" property represents a synthetic field. As such, it needs
// `StorageLocation`, like normal fields (and other variables). So, we model
// it with a `ReferenceValue`, since that includes a storage location.  Once
// the property is set, it will be shared by all environments that access the
// `Value` representing the optional (here, `OptionalVal`).
if (auto *ValueProp = OptionalVal.getProperty("value")) {
  auto *ValueRef = clang::cast<ReferenceValue>(ValueProp);
  auto &ValueLoc = ValueRef->getReferentLoc();
  if (Env.getValue(ValueLoc) == nullptr) {
    // The property was previously set, but the value has been lost. This can
    // happen, for example, because of an environment merge (where the two
    // environments mapped the property to different values, which resulted in
    // them both being discarded), or when two blocks in the CFG, with neither
    // a dominator of the other, visit the same optional value, or even when a
    // block is revisited during testing to collect per-statement state.
    // FIXME: This situation means that the optional contents are not shared
    // between branches and the like. Practically, this lack of sharing
    // reduces the precision of the model when the contents are relevant to
    // the check, like another optional or a boolean that influences control
    // flow.
    auto *ValueVal = Env.createValue(ValueLoc.getType());
    if (ValueVal == nullptr)
      return nullptr;
    Env.setValue(ValueLoc, *ValueVal);
  }
  return &ValueLoc;
}

auto Ty = stripReference(Q);
auto *ValueVal = Env.createValue(Ty);
if (ValueVal == nullptr)
  return nullptr;
auto &ValueLoc = Env.createStorageLocation(Ty);
Env.setValue(ValueLoc, *ValueVal);
auto ValueRef = std::make_unique<ReferenceValue>(ValueLoc);
OptionalVal.setProperty("value", Env.takeOwnership(std::move(ValueRef)));
return &ValueLoc;
318}

320void initializeOptionalReference(const Expr *OptionalExpr,
                               const MatchFinder::MatchResult &,
                               LatticeTransferState &State) {
if (auto *OptionalVal =
        State.Env.getValue(*OptionalExpr, SkipPast::Reference)) {
  if (OptionalVal->getProperty("has_value") == nullptr) {
    setHasValue(*OptionalVal, State.Env.makeAtomicBoolValue());
  }
}
329}

331/// Returns true if and only if `OptionalVal` is initialized and known to be
332/// empty in `Env.
333bool isEmptyOptional(const Value &OptionalVal, const Environment &Env) {
auto *HasValueVal =
    cast_or_null<BoolValue>(OptionalVal.getProperty("has_value"));
return HasValueVal != nullptr &&
       Env.flowConditionImplies(Env.makeNot(*HasValueVal));
338}

340/// Returns true if and only if `OptionalVal` is initialized and known to be
341/// non-empty in `Env.
342bool isNonEmptyOptional(const Value &OptionalVal, const Environment &Env) {
auto *HasValueVal =
    cast_or_null<BoolValue>(OptionalVal.getProperty("has_value"));
return HasValueVal != nullptr && Env.flowConditionImplies(*HasValueVal);
346}

348void transferUnwrapCall(const Expr *UnwrapExpr, const Expr *ObjectExpr,
                      LatticeTransferState &State) {
if (auto *OptionalVal =
        State.Env.getValue(*ObjectExpr, SkipPast::ReferenceThenPointer)) {
  if (State.Env.getStorageLocation(*UnwrapExpr, SkipPast::None) == nullptr)
    if (auto *Loc = maybeInitializeOptionalValueMember(
            UnwrapExpr->getType(), *OptionalVal, State.Env))
      State.Env.setStorageLocation(*UnwrapExpr, *Loc);
}
357}

359void transferMakeOptionalCall(const CallExpr *E,
                            const MatchFinder::MatchResult &,
                            LatticeTransferState &State) {
auto &Loc = State.Env.createStorageLocation(*E);
State.Env.setStorageLocation(*E, Loc);
State.Env.setValue(
    Loc, createOptionalValue(State.Env, State.Env.getBoolLiteralValue(true)));
366}

368void transferOptionalHasValueCall(const CXXMemberCallExpr *CallExpr,
                                const MatchFinder::MatchResult &,
                                LatticeTransferState &State) {
if (auto *HasValueVal = getHasValue(
        State.Env, State.Env.getValue(*CallExpr->getImplicitObjectArgument(),
                                      SkipPast::ReferenceThenPointer))) {
  auto &CallExprLoc = State.Env.createStorageLocation(*CallExpr);
  State.Env.setValue(CallExprLoc, *HasValueVal);
  State.Env.setStorageLocation(*CallExpr, CallExprLoc);
}
378}

380/// `ModelPred` builds a logical formula relating the predicate in
381/// `ValueOrPredExpr` to the optional's `has_value` property.
382void transferValueOrImpl(const clang::Expr *ValueOrPredExpr,
                       const MatchFinder::MatchResult &Result,
                       LatticeTransferState &State,
                       BoolValue &(*ModelPred)(Environment &Env,
                                               BoolValue &ExprVal,
                                               BoolValue &HasValueVal)) {
auto &Env = State.Env;

const auto *ObjectArgumentExpr =
    Result.Nodes.getNodeAs<clang::CXXMemberCallExpr>(ValueOrCallID)
        ->getImplicitObjectArgument();

auto *HasValueVal = getHasValue(
    State.Env,
    State.Env.getValue(*ObjectArgumentExpr, SkipPast::ReferenceThenPointer));
if (HasValueVal == nullptr)
  return;

Env.addToFlowCondition(
    ModelPred(Env, forceBoolValue(Env, *ValueOrPredExpr), *HasValueVal));
402}

404void transferValueOrStringEmptyCall(const clang::Expr *ComparisonExpr,
                                  const MatchFinder::MatchResult &Result,
                                  LatticeTransferState &State) {
return transferValueOrImpl(ComparisonExpr, Result, State,
                           [](Environment &Env, BoolValue &ExprVal,
                              BoolValue &HasValueVal) -> BoolValue & {
                             // If the result is *not* empty, then we know the
                             // optional must have been holding a value. If
                             // `ExprVal` is true, though, we don't learn
                             // anything definite about `has_value`, so we
                             // don't add any corresponding implications to
                             // the flow condition.
                             return Env.makeImplication(Env.makeNot(ExprVal),
                                                        HasValueVal);
                           });
419}

421void transferValueOrNotEqX(const Expr *ComparisonExpr,
                         const MatchFinder::MatchResult &Result,
                         LatticeTransferState &State) {
transferValueOrImpl(ComparisonExpr, Result, State,
                    [](Environment &Env, BoolValue &ExprVal,
                       BoolValue &HasValueVal) -> BoolValue & {
                      // We know that if `(opt.value_or(X) != X)` then
                      // `opt.hasValue()`, even without knowing further
                      // details about the contents of `opt`.
                      return Env.makeImplication(ExprVal, HasValueVal);
                    });
432}

434void transferCallReturningOptional(const CallExpr *E,
                                 const MatchFinder::MatchResult &Result,
                                 LatticeTransferState &State) {
if (State.Env.getStorageLocation(*E, SkipPast::None) != nullptr)
  return;

auto &Loc = State.Env.createStorageLocation(*E);
State.Env.setStorageLocation(*E, Loc);
State.Env.setValue(
    Loc, createOptionalValue(State.Env, State.Env.makeAtomicBoolValue()));
444}

446void assignOptionalValue(const Expr &E, Environment &Env,
                       BoolValue &HasValueVal) {
if (auto *OptionalLoc =
        Env.getStorageLocation(E, SkipPast::ReferenceThenPointer)) {
  Env.setValue(*OptionalLoc, createOptionalValue(Env, HasValueVal));
}
452}

454/// Returns a symbolic value for the "has_value" property of an `optional<T>`
455/// value that is constructed/assigned from a value of type `U` or `optional<U>`
456/// where `T` is constructible from `U`.
457BoolValue &valueOrConversionHasValue(const FunctionDecl &F, const Expr &E,
                                   const MatchFinder::MatchResult &MatchRes,
                                   LatticeTransferState &State) {
assert(F.getTemplateSpecializationArgs() != nullptr)(static_cast <bool> (F.getTemplateSpecializationArgs() !=
 nullptr) ? void (0) : __assert_fail ("F.getTemplateSpecializationArgs() != nullptr"
, "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 460, __extension__ __PRETTY_FUNCTION__));
assert(F.getTemplateSpecializationArgs()->size() > 0)(static_cast <bool> (F.getTemplateSpecializationArgs()->
size() > 0) ? void (0) : __assert_fail ("F.getTemplateSpecializationArgs()->size() > 0"
, "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 461, __extension__ __PRETTY_FUNCTION__));

const int TemplateParamOptionalWrappersCount = countOptionalWrappers(
    *MatchRes.Context,
    stripReference(F.getTemplateSpecializationArgs()->get(0).getAsType()));
const int ArgTypeOptionalWrappersCount =
    countOptionalWrappers(*MatchRes.Context, stripReference(E.getType()));

// Check if this is a constructor/assignment call for `optional<T>` with
// argument of type `U` such that `T` is constructible from `U`.
if (TemplateParamOptionalWrappersCount == ArgTypeOptionalWrappersCount)
  return State.Env.getBoolLiteralValue(true);

// This is a constructor/assignment call for `optional<T>` with argument of
// type `optional<U>` such that `T` is constructible from `U`.
if (auto *HasValueVal =
        getHasValue(State.Env, State.Env.getValue(E, SkipPast::Reference)))
  return *HasValueVal;
return State.Env.makeAtomicBoolValue();
480}

482void transferValueOrConversionConstructor(
  const CXXConstructExpr *E, const MatchFinder::MatchResult &MatchRes,
  LatticeTransferState &State) {
assert(E->getNumArgs() > 0)(static_cast <bool> (E->getNumArgs() > 0) ? void (
0) : __assert_fail ("E->getNumArgs() > 0", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 485, __extension__ __PRETTY_FUNCTION__));

assignOptionalValue(*E, State.Env,
                    valueOrConversionHasValue(*E->getConstructor(),
                                              *E->getArg(0), MatchRes,
                                              State));
491}

493void transferAssignment(const CXXOperatorCallExpr *E, BoolValue &HasValueVal,
                      LatticeTransferState &State) {
assert(E->getNumArgs() > 0)(static_cast <bool> (E->getNumArgs() > 0) ? void (
0) : __assert_fail ("E->getNumArgs() > 0", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 495, __extension__ __PRETTY_FUNCTION__));

auto *OptionalLoc =
    State.Env.getStorageLocation(*E->getArg(0), SkipPast::Reference);
if (OptionalLoc == nullptr)
  return;

State.Env.setValue(*OptionalLoc, createOptionalValue(State.Env, HasValueVal));

// Assign a storage location for the whole expression.
State.Env.setStorageLocation(*E, *OptionalLoc);
506}

508void transferValueOrConversionAssignment(
  const CXXOperatorCallExpr *E, const MatchFinder::MatchResult &MatchRes,
  LatticeTransferState &State) {
assert(E->getNumArgs() > 1)(static_cast <bool> (E->getNumArgs() > 1) ? void (
0) : __assert_fail ("E->getNumArgs() > 1", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 511, __extension__ __PRETTY_FUNCTION__));
transferAssignment(E,
                   valueOrConversionHasValue(*E->getDirectCallee(),
                                             *E->getArg(1), MatchRes, State),
                   State);
516}

518void transferNulloptAssignment(const CXXOperatorCallExpr *E,
                             const MatchFinder::MatchResult &,
                             LatticeTransferState &State) {
transferAssignment(E, State.Env.getBoolLiteralValue(false), State);
522}

524void transferSwap(const Expr &E1, SkipPast E1Skip, const Expr &E2,
                Environment &Env) {
// We account for cases where one or both of the optionals are not modeled,
// either lacking associated storage locations, or lacking values associated
// to such storage locations.
auto *Loc1 = Env.getStorageLocation(E1, E1Skip);
auto *Loc2 = Env.getStorageLocation(E2, SkipPast::Reference);

if (Loc1 == nullptr) {
  if (Loc2 != nullptr)
    Env.setValue(*Loc2, createOptionalValue(Env, Env.makeAtomicBoolValue()));
  return;
}
if (Loc2 == nullptr) {
  Env.setValue(*Loc1, createOptionalValue(Env, Env.makeAtomicBoolValue()));
  return;
}

// Both expressions have locations, though they may not have corresponding
// values. In that case, we create a fresh value at this point. Note that if
// two branches both do this, they will not share the value, but it at least
// allows for local reasoning about the value. To avoid the above, we would
// need *lazy* value allocation.
// FIXME: allocate values lazily, instead of just creating a fresh value.
auto *Val1 = Env.getValue(*Loc1);
if (Val1 == nullptr)
  Val1 = &createOptionalValue(Env, Env.makeAtomicBoolValue());

auto *Val2 = Env.getValue(*Loc2);
if (Val2 == nullptr)
  Val2 = &createOptionalValue(Env, Env.makeAtomicBoolValue());

Env.setValue(*Loc1, *Val2);
Env.setValue(*Loc2, *Val1);
558}

560void transferSwapCall(const CXXMemberCallExpr *E,
                    const MatchFinder::MatchResult &,
                    LatticeTransferState &State) {
assert(E->getNumArgs() == 1)(static_cast <bool> (E->getNumArgs() == 1) ? void (0
) : __assert_fail ("E->getNumArgs() == 1", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 563, __extension__ __PRETTY_FUNCTION__));
transferSwap(*E->getImplicitObjectArgument(), SkipPast::ReferenceThenPointer,
             *E->getArg(0), State.Env);
566}

568void transferStdSwapCall(const CallExpr *E, const MatchFinder::MatchResult &,
                       LatticeTransferState &State) {
assert(E->getNumArgs() == 2)(static_cast <bool> (E->getNumArgs() == 2) ? void (0
) : __assert_fail ("E->getNumArgs() == 2", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 570, __extension__ __PRETTY_FUNCTION__));
transferSwap(*E->getArg(0), SkipPast::Reference, *E->getArg(1), State.Env);
572}

574BoolValue &evaluateEquality(Environment &Env, BoolValue &EqVal, BoolValue &LHS,
                          BoolValue &RHS) {
// Logically, an optional<T> object is composed of two values - a `has_value`
// bit and a value of type T. Equality of optional objects compares both
// values. Therefore, merely comparing the `has_value` bits isn't sufficient:
// when two optional objects are engaged, the equality of their respective
// values of type T matters. Since we only track the `has_value` bits, we
// can't make any conclusions about equality when we know that two optional
// objects are engaged.
//
// We express this as two facts about the equality:
// a) EqVal => (LHS & RHS) v (!RHS & !LHS)
//    If they are equal, then either both are set or both are unset.
// b) (!LHS & !RHS) => EqVal
//    If neither is set, then they are equal.
// We rewrite b) as !EqVal => (LHS v RHS), for a more compact formula.
return Env.makeAnd(
    Env.makeImplication(
        EqVal, Env.makeOr(Env.makeAnd(LHS, RHS),
                          Env.makeAnd(Env.makeNot(LHS), Env.makeNot(RHS)))),
    Env.makeImplication(Env.makeNot(EqVal), Env.makeOr(LHS, RHS)));
595}

597void transferOptionalAndOptionalCmp(const clang::CXXOperatorCallExpr *CmpExpr,
                                  const MatchFinder::MatchResult &,
                                  LatticeTransferState &State) {
Environment &Env = State.Env;
auto *CmpValue = &forceBoolValue(Env, *CmpExpr);
if (auto *LHasVal = getHasValue(
        Env, Env.getValue(*CmpExpr->getArg(0), SkipPast::Reference)))
  if (auto *RHasVal = getHasValue(
          Env, Env.getValue(*CmpExpr->getArg(1), SkipPast::Reference))) {
    if (CmpExpr->getOperator() == clang::OO_ExclaimEqual)
      CmpValue = &State.Env.makeNot(*CmpValue);
    Env.addToFlowCondition(
        evaluateEquality(Env, *CmpValue, *LHasVal, *RHasVal));
  }
611}

613void transferOptionalAndValueCmp(const clang::CXXOperatorCallExpr *CmpExpr,
                               const clang::Expr *E, Environment &Env) {
auto *CmpValue = &forceBoolValue(Env, *CmpExpr);
if (auto *HasVal = getHasValue(Env, Env.getValue(*E, SkipPast::Reference))) {
  if (CmpExpr->getOperator() == clang::OO_ExclaimEqual)
    CmpValue = &Env.makeNot(*CmpValue);
  Env.addToFlowCondition(evaluateEquality(Env, *CmpValue, *HasVal,
                                          Env.getBoolLiteralValue(true)));
}
622}

624std::optional<StatementMatcher>
625ignorableOptional(const UncheckedOptionalAccessModelOptions &Options) {
if (Options.IgnoreSmartPointerDereference) {
  auto SmartPtrUse = expr(ignoringParenImpCasts(cxxOperatorCallExpr(
      anyOf(hasOverloadedOperatorName("->"), hasOverloadedOperatorName("*")),
      unless(hasArgument(0, expr(hasOptionalType()))))));
  return expr(
      anyOf(SmartPtrUse, memberExpr(hasObjectExpression(SmartPtrUse))));
}
return std::nullopt;
634}

636StatementMatcher
637valueCall(const std::optional<StatementMatcher> &IgnorableOptional) {
return isOptionalMemberCallWithName("value", IgnorableOptional);
639}

641StatementMatcher
642valueOperatorCall(const std::optional<StatementMatcher> &IgnorableOptional) {
return expr(anyOf(isOptionalOperatorCallWithName("*", IgnorableOptional),
                  isOptionalOperatorCallWithName("->", IgnorableOptional)));
645}

647auto buildTransferMatchSwitch() {
// FIXME: Evaluate the efficiency of matchers. If using matchers results in a
// lot of duplicated work (e.g. string comparisons), consider providing APIs
// that avoid it through memoization.
return CFGMatchSwitchBuilder<LatticeTransferState>()
    // Attach a symbolic "has_value" state to optional values that we see for
    // the first time.
    .CaseOfCFGStmt<Expr>(
        expr(anyOf(declRefExpr(), memberExpr()), hasOptionalType()),
        initializeOptionalReference)

    // make_optional
    .CaseOfCFGStmt<CallExpr>(isMakeOptionalCall(), transferMakeOptionalCall)

    // optional::optional (in place)
    .CaseOfCFGStmt<CXXConstructExpr>(
        isOptionalInPlaceConstructor(),
        [](const CXXConstructExpr *E, const MatchFinder::MatchResult &,
           LatticeTransferState &State) {
          assignOptionalValue(*E, State.Env,
                              State.Env.getBoolLiteralValue(true));
        })
    // nullopt_t::nullopt_t
    .CaseOfCFGStmt<CXXConstructExpr>(
        isNulloptConstructor(),
        [](const CXXConstructExpr *E, const MatchFinder::MatchResult &,
           LatticeTransferState &State) {
          assignOptionalValue(*E, State.Env,
                              State.Env.getBoolLiteralValue(false));
        })
    // optional::optional(nullopt_t)
    .CaseOfCFGStmt<CXXConstructExpr>(
        isOptionalNulloptConstructor(),
        [](const CXXConstructExpr *E, const MatchFinder::MatchResult &,
           LatticeTransferState &State) {
          assignOptionalValue(*E, State.Env,
                              State.Env.getBoolLiteralValue(false));
        })
    // optional::optional (value/conversion)
    .CaseOfCFGStmt<CXXConstructExpr>(isOptionalValueOrConversionConstructor(),
                                     transferValueOrConversionConstructor)


    // optional::operator=
    .CaseOfCFGStmt<CXXOperatorCallExpr>(
        isOptionalValueOrConversionAssignment(),
        transferValueOrConversionAssignment)
    .CaseOfCFGStmt<CXXOperatorCallExpr>(isOptionalNulloptAssignment(),
                                        transferNulloptAssignment)

    // optional::value
    .CaseOfCFGStmt<CXXMemberCallExpr>(
        valueCall(std::nullopt),
        [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
           LatticeTransferState &State) {
          transferUnwrapCall(E, E->getImplicitObjectArgument(), State);
        })

    // optional::operator*, optional::operator->
    .CaseOfCFGStmt<CallExpr>(valueOperatorCall(std::nullopt),
                             [](const CallExpr *E,
                                const MatchFinder::MatchResult &,
                                LatticeTransferState &State) {
                               transferUnwrapCall(E, E->getArg(0), State);
                             })

    // optional::has_value
    .CaseOfCFGStmt<CXXMemberCallExpr>(
        isOptionalMemberCallWithName("has_value"),
        transferOptionalHasValueCall)

    // optional::operator bool
    .CaseOfCFGStmt<CXXMemberCallExpr>(
        isOptionalMemberCallWithName("operator bool"),
        transferOptionalHasValueCall)

    // optional::emplace
    .CaseOfCFGStmt<CXXMemberCallExpr>(
        isOptionalMemberCallWithName("emplace"),
        [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
           LatticeTransferState &State) {
          assignOptionalValue(*E->getImplicitObjectArgument(), State.Env,
                              State.Env.getBoolLiteralValue(true));
        })

    // optional::reset
    .CaseOfCFGStmt<CXXMemberCallExpr>(
        isOptionalMemberCallWithName("reset"),
        [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
           LatticeTransferState &State) {
          assignOptionalValue(*E->getImplicitObjectArgument(), State.Env,
                              State.Env.getBoolLiteralValue(false));
        })

    // optional::swap
    .CaseOfCFGStmt<CXXMemberCallExpr>(isOptionalMemberCallWithName("swap"),
                                      transferSwapCall)

    // std::swap
    .CaseOfCFGStmt<CallExpr>(isStdSwapCall(), transferStdSwapCall)

    // opt.value_or("").empty()
    .CaseOfCFGStmt<Expr>(isValueOrStringEmptyCall(),
                         transferValueOrStringEmptyCall)

    // opt.value_or(X) != X
    .CaseOfCFGStmt<Expr>(isValueOrNotEqX(), transferValueOrNotEqX)

    // Comparisons (==, !=):
    .CaseOfCFGStmt<CXXOperatorCallExpr>(
        isComparisonOperatorCall(hasAnyOptionalType(), hasAnyOptionalType()),
        transferOptionalAndOptionalCmp)
    .CaseOfCFGStmt<CXXOperatorCallExpr>(
        isComparisonOperatorCall(hasOptionalType(),
                                 unless(hasAnyOptionalType())),
        [](const clang::CXXOperatorCallExpr *Cmp,
           const MatchFinder::MatchResult &, LatticeTransferState &State) {
          transferOptionalAndValueCmp(Cmp, Cmp->getArg(0), State.Env);
        })
    .CaseOfCFGStmt<CXXOperatorCallExpr>(
        isComparisonOperatorCall(unless(hasAnyOptionalType()),
                                 hasOptionalType()),
        [](const clang::CXXOperatorCallExpr *Cmp,
           const MatchFinder::MatchResult &, LatticeTransferState &State) {
          transferOptionalAndValueCmp(Cmp, Cmp->getArg(1), State.Env);
        })

    // returns optional
    .CaseOfCFGStmt<CallExpr>(isCallReturningOptional(),
                             transferCallReturningOptional)

    .Build();
779}

781std::vector<SourceLocation> diagnoseUnwrapCall(const Expr *UnwrapExpr,
                                             const Expr *ObjectExpr,
                                             const Environment &Env) {
if (auto *OptionalVal =
        Env.getValue(*ObjectExpr, SkipPast::ReferenceThenPointer)) {
  auto *Prop = OptionalVal->getProperty("has_value");
  if (auto *HasValueVal = cast_or_null<BoolValue>(Prop)) {
    if (Env.flowConditionImplies(*HasValueVal))
      return {};
  }
}

// Record that this unwrap is *not* provably safe.
// FIXME: include either the name of the optional (if applicable) or a source
// range of the access for easier interpretation of the result.
return {ObjectExpr->getBeginLoc()};
797}

799auto buildDiagnoseMatchSwitch(
  const UncheckedOptionalAccessModelOptions &Options) {
// FIXME: Evaluate the efficiency of matchers. If using matchers results in a
// lot of duplicated work (e.g. string comparisons), consider providing APIs
// that avoid it through memoization.
auto IgnorableOptional = ignorableOptional(Options);
return CFGMatchSwitchBuilder<const Environment, std::vector<SourceLocation>>()
2
←
Calling 'CFGMatchSwitchBuilder::Build'→
    // optional::value
    .CaseOfCFGStmt<CXXMemberCallExpr>(
        valueCall(IgnorableOptional),
        [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
           const Environment &Env) {
          return diagnoseUnwrapCall(E, E->getImplicitObjectArgument(), Env);
        })

    // optional::operator*, optional::operator->
    .CaseOfCFGStmt<CallExpr>(
        valueOperatorCall(IgnorableOptional),
        [](const CallExpr *E, const MatchFinder::MatchResult &,
           const Environment &Env) {
          return diagnoseUnwrapCall(E, E->getArg(0), Env);
        })
    .Build();
822}

824} // namespace

826ast_matchers::DeclarationMatcher
827UncheckedOptionalAccessModel::optionalClassDecl() {
return optionalClass();
829}

831UncheckedOptionalAccessModel::UncheckedOptionalAccessModel(ASTContext &Ctx)
  : DataflowAnalysis<UncheckedOptionalAccessModel, NoopLattice>(Ctx),
    TransferMatchSwitch(buildTransferMatchSwitch()) {}

835void UncheckedOptionalAccessModel::transfer(const CFGElement &Elt,
                                          NoopLattice &L, Environment &Env) {
LatticeTransferState State(L, Env);
TransferMatchSwitch(Elt, getASTContext(), State);
839}

841ComparisonResult UncheckedOptionalAccessModel::compare(
  QualType Type, const Value &Val1, const Environment &Env1,
  const Value &Val2, const Environment &Env2) {
if (!isOptionalType(Type))
  return ComparisonResult::Unknown;
bool MustNonEmpty1 = isNonEmptyOptional(Val1, Env1);
bool MustNonEmpty2 = isNonEmptyOptional(Val2, Env2);
if (MustNonEmpty1 && MustNonEmpty2) return ComparisonResult::Same;
// If exactly one is true, then they're different, no reason to check whether
// they're definitely empty.
if (MustNonEmpty1 || MustNonEmpty2) return ComparisonResult::Different;
// Check if they're both definitely empty.
return (isEmptyOptional(Val1, Env1) && isEmptyOptional(Val2, Env2))
           ? ComparisonResult::Same
           : ComparisonResult::Different;
856}

858bool UncheckedOptionalAccessModel::merge(QualType Type, const Value &Val1,
                                       const Environment &Env1,
                                       const Value &Val2,
                                       const Environment &Env2,
                                       Value &MergedVal,
                                       Environment &MergedEnv) {
if (!isOptionalType(Type))
  return true;
// FIXME: uses same approach as join for `BoolValues`. Requires non-const
// values, though, so will require updating the interface.
auto &HasValueVal = MergedEnv.makeAtomicBoolValue();
bool MustNonEmpty1 = isNonEmptyOptional(Val1, Env1);
bool MustNonEmpty2 = isNonEmptyOptional(Val2, Env2);
if (MustNonEmpty1 && MustNonEmpty2)
  MergedEnv.addToFlowCondition(HasValueVal);
else if (
    // Only make the costly calls to `isEmptyOptional` if we got "unknown"
    // (false) for both calls to `isNonEmptyOptional`.
    !MustNonEmpty1 && !MustNonEmpty2 && isEmptyOptional(Val1, Env1) &&
    isEmptyOptional(Val2, Env2))
  MergedEnv.addToFlowCondition(MergedEnv.makeNot(HasValueVal));
setHasValue(MergedVal, HasValueVal);
return true;
881}

883Value *UncheckedOptionalAccessModel::widen(QualType Type, Value &Prev,
                                         const Environment &PrevEnv,
                                         Value &Current,
                                         Environment &CurrentEnv) {
switch (compare(Type, Prev, PrevEnv, Current, CurrentEnv)) {
case ComparisonResult::Same:
  return &Prev;
case ComparisonResult::Different:
  if (auto *PrevHasVal =
          cast_or_null<BoolValue>(Prev.getProperty("has_value"))) {
    if (isa<TopBoolValue>(PrevHasVal))
      return &Prev;
  }
  if (auto *CurrentHasVal =
          cast_or_null<BoolValue>(Current.getProperty("has_value"))) {
    if (isa<TopBoolValue>(CurrentHasVal))
      return &Current;
  }
  return &createOptionalValue(CurrentEnv, CurrentEnv.makeTopBoolValue());
case ComparisonResult::Unknown:
  return nullptr;
}
llvm_unreachable("all cases covered in switch")::llvm::llvm_unreachable_internal("all cases covered in switch"
, "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 905);
906}

908UncheckedOptionalAccessDiagnoser::UncheckedOptionalAccessDiagnoser(
  UncheckedOptionalAccessModelOptions Options)
  : DiagnoseMatchSwitch(buildDiagnoseMatchSwitch(Options)) {}
1
Calling 'buildDiagnoseMatchSwitch'→

912std::vector<SourceLocation> UncheckedOptionalAccessDiagnoser::diagnose(
  ASTContext &Ctx, const CFGElement *Elt, const Environment &Env) {
return DiagnoseMatchSwitch(*Elt, Ctx, Env);
915}

917} // namespace dataflow
918} // namespace clang

←

/build/source/clang/include/clang/Analysis/FlowSensitive/CFGMatchSwitch.h

→

1//===---- CFGMatchSwitch.h --------------------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9//  This file defines the `CFGMatchSwitch` abstraction for building a "switch"
10//  statement for control flow graph elements. Each case of the switch is
11//  defined by an ASTMatcher which is applied on the AST node contained in the
12//  input `CFGElement`.
13//
14//  Currently, the `CFGMatchSwitch` only handles `CFGElement`s of
15//  `Kind::Statement` and `Kind::Initializer`.
16//
17//===----------------------------------------------------------------------===//
18 
19#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_CFGMATCHSWITCH_H_
20#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_CFGMATCHSWITCH_H_
21 
22#include "clang/AST/ASTContext.h"
23#include "clang/AST/Stmt.h"
24#include "clang/Analysis/CFG.h"
25#include "clang/Analysis/FlowSensitive/MatchSwitch.h"
26#include <functional>
27#include <utility>
28 
29namespace clang {
30namespace dataflow {
31 
32template <typename State, typename Result = void>
33using CFGMatchSwitch =
34    std::function<Result(const CFGElement &, ASTContext &, State &)>;
35 
36/// Collects cases of a "match switch": a collection of matchers paired with
37/// callbacks, which together define a switch that can be applied to an AST node
38/// contained in a CFG element.
39template <typename State, typename Result = void> class CFGMatchSwitchBuilder {
40public:
41  /// Registers an action `A` for `CFGStmt`s that will be triggered by the match
42  /// of the pattern `M` against the `Stmt` contained in the input `CFGStmt`.
43  ///
44  /// Requirements:
45  ///
46  ///  `NodeT` should be derived from `Stmt`.
47  template <typename NodeT>
48  CFGMatchSwitchBuilder &&
49  CaseOfCFGStmt(MatchSwitchMatcher<Stmt> M,
50                MatchSwitchAction<NodeT, State, Result> A) && {
51    std::move(StmtBuilder).template CaseOf<NodeT>(M, A);
52    return std::move(*this);
53  }
54 
55  /// Registers an action `A` for `CFGInitializer`s that will be triggered by
56  /// the match of the pattern `M` against the `CXXCtorInitializer` contained in
57  /// the input `CFGInitializer`.
58  ///
59  /// Requirements:
60  ///
61  ///  `NodeT` should be derived from `CXXCtorInitializer`.
62  template <typename NodeT>
63  CFGMatchSwitchBuilder &&
64  CaseOfCFGInit(MatchSwitchMatcher<CXXCtorInitializer> M,
65                MatchSwitchAction<NodeT, State, Result> A) && {
66    std::move(InitBuilder).template CaseOf<NodeT>(M, A);
67    return std::move(*this);
68  }
69 
70  CFGMatchSwitch<State, Result> Build() && {
71    return [StmtMS = std::move(StmtBuilder).Build(),
13
←
Potential memory leak
72            InitMS = std::move(InitBuilder).Build()](const CFGElement &Element,
3
←
Calling 'ASTMatchSwitchBuilder::Build'→
12
←
Returned allocated memory→
73                                                     ASTContext &Context,
74                                                     State &S) -> Result {
75      switch (Element.getKind()) {
76      case CFGElement::Initializer:
77        return InitMS(*Element.castAs<CFGInitializer>().getInitializer(),
78                      Context, S);
79      case CFGElement::Statement:
80      case CFGElement::Constructor:
81      case CFGElement::CXXRecordTypedCall:
82        return StmtMS(*Element.castAs<CFGStmt>().getStmt(), Context, S);
83      default:
84        // FIXME: Handle other kinds of CFGElement.
85        return Result();
86      }
87    };
88  }
89 
90private:
91  ASTMatchSwitchBuilder<Stmt, State, Result> StmtBuilder;
92  ASTMatchSwitchBuilder<CXXCtorInitializer, State, Result> InitBuilder;
93};
94 
95} // namespace dataflow
96} // namespace clang
97 
98#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_CFGMATCHSWITCH_H_

←

/build/source/clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h

→

1//===---- MatchSwitch.h -----------------------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9//  This file defines the `ASTMatchSwitch` abstraction for building a "switch"
10//  statement, where each case of the switch is defined by an AST matcher. The
11//  cases are considered in order, like pattern matching in functional
12//  languages.
13//
14//  Currently, the design is catered towards simplifying the implementation of
15//  `DataflowAnalysis` transfer functions. Based on experience here, this
16//  library may be generalized and moved to ASTMatchers.
17//
18//===----------------------------------------------------------------------===//
19//
20// FIXME: Rename to ASTMatchSwitch.h
21 
22#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_MATCHSWITCH_H_
23#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_MATCHSWITCH_H_
24 
25#include "clang/AST/ASTContext.h"
26#include "clang/AST/Stmt.h"
27#include "clang/ASTMatchers/ASTMatchFinder.h"
28#include "clang/ASTMatchers/ASTMatchers.h"
29#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
30#include "llvm/ADT/StringRef.h"
31#include <functional>
32#include <string>
33#include <type_traits>
34#include <utility>
35#include <vector>
36 
37namespace clang {
38namespace dataflow {
39 
40/// A common form of state shared between the cases of a transfer function.
41template <typename LatticeT> struct TransferState {
42  TransferState(LatticeT &Lattice, Environment &Env)
43      : Lattice(Lattice), Env(Env) {}
44 
45  /// Current lattice element.
46  LatticeT &Lattice;
47  Environment &Env;
48};
49 
50/// A read-only version of TransferState.
51template <typename LatticeT> struct TransferStateForDiagnostics {
52  TransferStateForDiagnostics(const LatticeT &Lattice, const Environment &Env)
53      : Lattice(Lattice), Env(Env) {}
54 
55  /// Current lattice element.
56  const LatticeT &Lattice;
57  const Environment &Env;
58};
59 
60template <typename T>
61using MatchSwitchMatcher = ast_matchers::internal::Matcher<T>;
62 
63template <typename T, typename State, typename Result = void>
64using MatchSwitchAction = std::function<Result(
65    const T *, const ast_matchers::MatchFinder::MatchResult &, State &)>;
66 
67template <typename BaseT, typename State, typename Result = void>
68using ASTMatchSwitch =
69    std::function<Result(const BaseT &, ASTContext &, State &)>;
70 
71/// Collects cases of a "match switch": a collection of matchers paired with
72/// callbacks, which together define a switch that can be applied to a node
73/// whose type derives from `BaseT`. This structure can simplify the definition
74/// of `transfer` functions that rely on pattern-matching.
75///
76/// For example, consider an analysis that handles particular function calls. It
77/// can define the `ASTMatchSwitch` once, in the constructor of the analysis,
78/// and then reuse it each time that `transfer` is called, with a fresh state
79/// value.
80///
81/// \code
82/// ASTMatchSwitch<Stmt, TransferState<MyLattice> BuildSwitch() {
83///   return ASTMatchSwitchBuilder<TransferState<MyLattice>>()
84///     .CaseOf(callExpr(callee(functionDecl(hasName("foo")))), TransferFooCall)
85///     .CaseOf(callExpr(argumentCountIs(2),
86///                      callee(functionDecl(hasName("bar")))),
87///             TransferBarCall)
88///     .Build();
89/// }
90/// \endcode
91template <typename BaseT, typename State, typename Result = void>
92class ASTMatchSwitchBuilder {
93public:
94  /// Registers an action that will be triggered by the match of a pattern
95  /// against the input statement.
96  ///
97  /// Requirements:
98  ///
99  ///  `NodeT` should be derived from `BaseT`.
100  template <typename NodeT>
101  ASTMatchSwitchBuilder &&CaseOf(MatchSwitchMatcher<BaseT> M,
102                                 MatchSwitchAction<NodeT, State, Result> A) && {
103    static_assert(std::is_base_of<BaseT, NodeT>::value,
104                  "NodeT must be derived from BaseT.");
105    Matchers.push_back(std::move(M));
106    Actions.push_back(
107        [A = std::move(A)](const BaseT *Node,
108                           const ast_matchers::MatchFinder::MatchResult &R,
109                           State &S) { return A(cast<NodeT>(Node), R, S); });
110    return std::move(*this);
111  }
112 
113  ASTMatchSwitch<BaseT, State, Result> Build() && {
114    return [Matcher = BuildMatcher(), Actions = std::move(Actions)](
4
←
Calling constructor for 'function<std::vector<clang::SourceLocation> (const clang::CXXCtorInitializer &, clang::ASTContext &, const clang::dataflow::Environment &)>'→
11
←
Returning from constructor for 'function<std::vector<clang::SourceLocation> (const clang::CXXCtorInitializer &, clang::ASTContext &, const clang::dataflow::Environment &)>'→
115               const BaseT &Node, ASTContext &Context, State &S) -> Result {
116      auto Results = ast_matchers::matchDynamic(Matcher, Node, Context);
117      if (Results.empty()) {
118        return Result();
119      }
120      // Look through the map for the first binding of the form "TagN..." use
121      // that to select the action.
122      for (const auto &Element : Results[0].getMap()) {
123        llvm::StringRef ID(Element.first);
124        size_t Index = 0;
125        if (ID.consume_front("Tag") && !ID.getAsInteger(10, Index) &&
126            Index < Actions.size()) {
127          return Actions[Index](
128              &Node,
129              ast_matchers::MatchFinder::MatchResult(Results[0], &Context), S);
130        }
131      }
132      return Result();
133    };
134  }
135 
136private:
137  ast_matchers::internal::DynTypedMatcher BuildMatcher() {
138    using ast_matchers::anything;
139    using ast_matchers::stmt;
140    using ast_matchers::unless;
141    using ast_matchers::internal::DynTypedMatcher;
142    if (Matchers.empty())
143      return stmt(unless(anything()));
144    for (int I = 0, N = Matchers.size(); I < N; ++I) {
145      std::string Tag = ("Tag" + llvm::Twine(I)).str();
146      // Many matchers are not bindable, so ensure that tryBind will work.
147      Matchers[I].setAllowBind(true);
148      auto M = *Matchers[I].tryBind(Tag);
149      // Each anyOf explicitly controls the traversal kind. The anyOf itself is
150      // set to `TK_AsIs` to ensure no nodes are skipped, thereby deferring to
151      // the kind of the branches. Then, each branch is either left as is, if
152      // the kind is already set, or explicitly set to `TK_AsIs`. We choose this
153      // setting because it is the default interpretation of matchers.
154      Matchers[I] =
155          !M.getTraversalKind() ? M.withTraversalKind(TK_AsIs) : std::move(M);
156    }
157    // The matcher type on the cases ensures that `Expr` kind is compatible with
158    // all of the matchers.
159    return DynTypedMatcher::constructVariadic(
160        DynTypedMatcher::VO_AnyOf, ASTNodeKind::getFromNodeKind<BaseT>(),
161        std::move(Matchers));
162  }
163 
164  std::vector<ast_matchers::internal::DynTypedMatcher> Matchers;
165  std::vector<MatchSwitchAction<BaseT, State, Result>> Actions;
166};
167 
168} // namespace dataflow
169} // namespace clang
170#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_MATCHSWITCH_H_

←

/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h

1// Implementation of std::function -*- C++ -*-

3// Copyright (C) 2004-2020 Free Software Foundation, Inc.
4//
5// This file is part of the GNU ISO C++ Library.  This library is free
6// software; you can redistribute it and/or modify it under the
7// terms of the GNU General Public License as published by the
8// Free Software Foundation; either version 3, or (at your option)
9// any later version.

11// This library is distributed in the hope that it will be useful,
12// but WITHOUT ANY WARRANTY; without even the implied warranty of
13// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14// GNU General Public License for more details.

16// Under Section 7 of GPL version 3, you are granted additional
17// permissions described in the GCC Runtime Library Exception, version
18// 3.1, as published by the Free Software Foundation.

20// You should have received a copy of the GNU General Public License and
21// a copy of the GCC Runtime Library Exception along with this program;
22// see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
23// <http://www.gnu.org/licenses/>.

25/** @file include/bits/std_function.h
*  This is an internal header file, included by other library headers.
*  Do not attempt to use it directly. @headername{functional}
*/

30#ifndef _GLIBCXX_STD_FUNCTION_H1
31#define _GLIBCXX_STD_FUNCTION_H1 1

33#pragma GCC system_header

35#if __cplusplus201703L < 201103L
36# include <bits/c++0x_warning.h>
37#else

39#if __cpp_rtti199711L
40# include <typeinfo>
41#endif
42#include <bits/stl_function.h>
43#include <bits/invoke.h>
44#include <bits/refwrap.h>
45#include <bits/functexcept.h>

47namespace std _GLIBCXX_VISIBILITY(default)__attribute__ ((__visibility__ ("default")))
48{
49_GLIBCXX_BEGIN_NAMESPACE_VERSION

/**
 *  @brief Exception class thrown when class template function's
 *  operator() is called with an empty target.
 *  @ingroup exceptions
 */
class bad_function_call : public std::exception
{
public:
  virtual ~bad_function_call() noexcept;

  const char* what() const noexcept;
};

/**
 *  Trait identifying "location-invariant" types, meaning that the
 *  address of the object (or any of its members) will not escape.
 *  Trivially copyable types are location-invariant and users can
 *  specialize this trait for other types.
 */
template<typename _Tp>
  struct __is_location_invariant
  : is_trivially_copyable<_Tp>::type
  { };

class _Undefined_class;

union _Nocopy_types
{
  void*       _M_object;
  const void* _M_const_object;
  void (*_M_function_pointer)();
  void (_Undefined_class::*_M_member_pointer)();
};

union [[gnu::may_alias]] _Any_data
{
  void*       _M_access()       { return &_M_pod_data[0]; }
  const void* _M_access() const { return &_M_pod_data[0]; }

  template<typename _Tp>
    _Tp&
    _M_access()
    { return *static_cast<_Tp*>(_M_access()); }

  template<typename _Tp>
    const _Tp&
    _M_access() const
    { return *static_cast<const _Tp*>(_M_access()); }

  _Nocopy_types _M_unused;
  char _M_pod_data[sizeof(_Nocopy_types)];
};

enum _Manager_operation
{
  __get_type_info,
  __get_functor_ptr,
  __clone_functor,
  __destroy_functor
};

template<typename _Signature>
  class function;

/// Base class of all polymorphic function object wrappers.
class _Function_base
{
public:
  static const size_t _M_max_size = sizeof(_Nocopy_types);
  static const size_t _M_max_align = __alignof__(_Nocopy_types);

  template<typename _Functor>
    class _Base_manager
    {
    protected:
static const bool __stored_locally =
(__is_location_invariant<_Functor>::value
&& sizeof(_Functor) <= _M_max_size
&& __alignof__(_Functor) <= _M_max_align
&& (_M_max_align % __alignof__(_Functor) == 0));

typedef integral_constant<bool, __stored_locally> _Local_storage;

// Retrieve a pointer to the function object
static _Functor*
_M_get_pointer(const _Any_data& __source)
{
 if _GLIBCXX17_CONSTEXPRconstexpr (__stored_locally)
   {
     const _Functor& __f = __source._M_access<_Functor>();
     return const_cast<_Functor*>(std::__addressof(__f));
   }
 else // have stored a pointer
   return __source._M_access<_Functor*>();
}

// Clone a location-invariant function object that fits within
// an _Any_data structure.
static void
_M_clone(_Any_data& __dest, const _Any_data& __source, true_type)
{
 ::new (__dest._M_access()) _Functor(__source._M_access<_Functor>());
}

// Clone a function object that is not location-invariant or
// that cannot fit into an _Any_data structure.
static void
_M_clone(_Any_data& __dest, const _Any_data& __source, false_type)
{
 __dest._M_access<_Functor*>() =
   new _Functor(*__source._M_access<const _Functor*>());
}

// Destroying a location-invariant object may still require
// destruction.
static void
_M_destroy(_Any_data& __victim, true_type)
{
 __victim._M_access<_Functor>().~_Functor();
}

// Destroying an object located on the heap.
static void
_M_destroy(_Any_data& __victim, false_type)
{
 delete __victim._M_access<_Functor*>();
}

    public:
static bool
_M_manager(_Any_data& __dest, const _Any_data& __source,
   _Manager_operation __op)
{
 switch (__op)
   {
186#if __cpp_rtti199711L
   case __get_type_info:
     __dest._M_access<const type_info*>() = &typeid(_Functor);
     break;
190#endif
   case __get_functor_ptr:
     __dest._M_access<_Functor*>() = _M_get_pointer(__source);
     break;

   case __clone_functor:
     _M_clone(__dest, __source, _Local_storage());
     break;

   case __destroy_functor:
     _M_destroy(__dest, _Local_storage());
     break;
   }
 return false;
}

static void
_M_init_functor(_Any_data& __functor, _Functor&& __f)
{ _M_init_functor(__functor, std::move(__f), _Local_storage()); }
7
←
Calling '_Base_manager::_M_init_functor'→
9
←
Returned allocated memory→

template<typename _Signature>
 static bool
 _M_not_empty_function(const function<_Signature>& __f)
 { return static_cast<bool>(__f); }

template<typename _Tp>
 static bool
 _M_not_empty_function(_Tp* __fp)
 { return __fp != nullptr; }

template<typename _Class, typename _Tp>
 static bool
 _M_not_empty_function(_Tp _Class::* __mp)
 { return __mp != nullptr; }

template<typename _Tp>
 static bool
 _M_not_empty_function(const _Tp&)
 { return true; }

    private:
static void
_M_init_functor(_Any_data& __functor, _Functor&& __f, true_type)
{ ::new (__functor._M_access()) _Functor(std::move(__f)); }

static void
_M_init_functor(_Any_data& __functor, _Functor&& __f, false_type)
{ __functor._M_access<_Functor*>() = new _Functor(std::move(__f)); }
8
←
Memory is allocated→
    };

  _Function_base() : _M_manager(nullptr) { }

  ~_Function_base()
  {
    if (_M_manager)
_M_manager(_M_functor, _M_functor, __destroy_functor);
  }

  bool _M_empty() const { return !_M_manager; }

  typedef bool (*_Manager_type)(_Any_data&, const _Any_data&,
		  _Manager_operation);

  _Any_data     _M_functor;
  _Manager_type _M_manager;
};

template<typename _Signature, typename _Functor>
  class _Function_handler;

template<typename _Res, typename _Functor, typename... _ArgTypes>
  class _Function_handler<_Res(_ArgTypes...), _Functor>
  : public _Function_base::_Base_manager<_Functor>
  {
    typedef _Function_base::_Base_manager<_Functor> _Base;

  public:
    static bool
    _M_manager(_Any_data& __dest, const _Any_data& __source,
 _Manager_operation __op)
    {
switch (__op)
 {
273#if __cpp_rtti199711L
 case __get_type_info:
   __dest._M_access<const type_info*>() = &typeid(_Functor);
   break;
277#endif
 case __get_functor_ptr:
   __dest._M_access<_Functor*>() = _Base::_M_get_pointer(__source);
   break;

 default:
   _Base::_M_manager(__dest, __source, __op);
 }
return false;
    }

    static _Res
    _M_invoke(const _Any_data& __functor, _ArgTypes&&... __args)
    {
return std::__invoke_r<_Res>(*_Base::_M_get_pointer(__functor),
		     std::forward<_ArgTypes>(__args)...);
    }
  };

/**
 *  @brief Primary class template for std::function.
 *  @ingroup functors
 *
 *  Polymorphic function wrapper.
 */
template<typename _Res, typename... _ArgTypes>
  class function<_Res(_ArgTypes...)>
  : public _Maybe_unary_or_binary_function<_Res, _ArgTypes...>,
    private _Function_base
  {
    template<typename _Func,
      typename _Res2 = __invoke_result<_Func&, _ArgTypes...>>
struct _Callable
: __is_invocable_impl<_Res2, _Res>::type
{ };

    // Used so the return type convertibility checks aren't done when
    // performing overload resolution for copy construction/assignment.
    template<typename _Tp>
struct _Callable<function, _Tp> : false_type { };

    template<typename _Cond, typename _Tp>
using _Requires = typename enable_if<_Cond::value, _Tp>::type;

  public:
    typedef _Res result_type;

    // [3.7.2.1] construct/copy/destroy

    /**
     *  @brief Default construct creates an empty function call wrapper.
     *  @post @c !(bool)*this
     */
    function() noexcept
    : _Function_base() { }

    /**
     *  @brief Creates an empty function call wrapper.
     *  @post @c !(bool)*this
     */
    function(nullptr_t) noexcept
    : _Function_base() { }

    /**
     *  @brief %Function copy constructor.
     *  @param __x A %function object with identical call signature.
     *  @post @c bool(*this) == bool(__x)
     *
     *  The newly-created %function contains a copy of the target of @a
     *  __x (if it has one).
     */
    function(const function& __x);

    /**
     *  @brief %Function move constructor.
     *  @param __x A %function object rvalue with identical call signature.
     *
     *  The newly-created %function contains the target of @a __x
     *  (if it has one).
     */
    function(function&& __x) noexcept : _Function_base()
    {
__x.swap(*this);
    }

    /**
     *  @brief Builds a %function that targets a copy of the incoming
     *  function object.
     *  @param __f A %function object that is callable with parameters of
     *  type @c T1, @c T2, ..., @c TN and returns a value convertible
     *  to @c Res.
     *
     *  The newly-created %function object will target a copy of
     *  @a __f. If @a __f is @c reference_wrapper<F>, then this function
     *  object will contain a reference to the function object @c
     *  __f.get(). If @a __f is a NULL function pointer or NULL
     *  pointer-to-member, the newly-created object will be empty.
     *
     *  If @a __f is a non-NULL function pointer or an object of type @c
     *  reference_wrapper<F>, this function will not throw.
     */
    template<typename _Functor,
      typename = _Requires<__not_<is_same<_Functor, function>>, void>,
      typename = _Requires<_Callable<_Functor>, void>>
function(_Functor);

    /**
     *  @brief %Function assignment operator.
     *  @param __x A %function with identical call signature.
     *  @post @c (bool)*this == (bool)x
     *  @returns @c *this
     *
     *  The target of @a __x is copied to @c *this. If @a __x has no
     *  target, then @c *this will be empty.
     *
     *  If @a __x targets a function pointer or a reference to a function
     *  object, then this operation will not throw an %exception.
     */
    function&
    operator=(const function& __x)
    {
function(__x).swap(*this);
return *this;
    }

    /**
     *  @brief %Function move-assignment operator.
     *  @param __x A %function rvalue with identical call signature.
     *  @returns @c *this
     *
     *  The target of @a __x is moved to @c *this. If @a __x has no
     *  target, then @c *this will be empty.
     *
     *  If @a __x targets a function pointer or a reference to a function
     *  object, then this operation will not throw an %exception.
     */
    function&
    operator=(function&& __x) noexcept
    {
function(std::move(__x)).swap(*this);
return *this;
    }

    /**
     *  @brief %Function assignment to zero.
     *  @post @c !(bool)*this
     *  @returns @c *this
     *
     *  The target of @c *this is deallocated, leaving it empty.
     */
    function&
    operator=(nullptr_t) noexcept
    {
if (_M_manager)
 {
   _M_manager(_M_functor, _M_functor, __destroy_functor);
   _M_manager = nullptr;
   _M_invoker = nullptr;
 }
return *this;
    }

    /**
     *  @brief %Function assignment to a new target.
     *  @param __f A %function object that is callable with parameters of
     *  type @c T1, @c T2, ..., @c TN and returns a value convertible
     *  to @c Res.
     *  @return @c *this
     *
     *  This  %function object wrapper will target a copy of @a
     *  __f. If @a __f is @c reference_wrapper<F>, then this function
     *  object will contain a reference to the function object @c
     *  __f.get(). If @a __f is a NULL function pointer or NULL
     *  pointer-to-member, @c this object will be empty.
     *
     *  If @a __f is a non-NULL function pointer or an object of type @c
     *  reference_wrapper<F>, this function will not throw.
     */
    template<typename _Functor>
_Requires<_Callable<typename decay<_Functor>::type>, function&>
operator=(_Functor&& __f)
{
 function(std::forward<_Functor>(__f)).swap(*this);
 return *this;
}

    /// @overload
    template<typename _Functor>
function&
operator=(reference_wrapper<_Functor> __f) noexcept
{
 function(__f).swap(*this);
 return *this;
}

    // [3.7.2.2] function modifiers

    /**
     *  @brief Swap the targets of two %function objects.
     *  @param __x A %function with identical call signature.
     *
     *  Swap the targets of @c this function object and @a __f. This
     *  function will not throw an %exception.
     */
    void swap(function& __x) noexcept
    {
std::swap(_M_functor, __x._M_functor);
std::swap(_M_manager, __x._M_manager);
std::swap(_M_invoker, __x._M_invoker);
    }

    // [3.7.2.3] function capacity

    /**
     *  @brief Determine if the %function wrapper has a target.
     *
     *  @return @c true when this %function object contains a target,
     *  or @c false when it is empty.
     *
     *  This function will not throw an %exception.
     */
    explicit operator bool() const noexcept
    { return !_M_empty(); }

    // [3.7.2.4] function invocation

    /**
     *  @brief Invokes the function targeted by @c *this.
     *  @returns the result of the target.
     *  @throws bad_function_call when @c !(bool)*this
     *
     *  The function call operator invokes the target function object
     *  stored by @c this.
     */
    _Res operator()(_ArgTypes... __args) const;

513#if __cpp_rtti199711L
    // [3.7.2.5] function target access
    /**
     *  @brief Determine the type of the target of this function object
     *  wrapper.
     *
     *  @returns the type identifier of the target function object, or
     *  @c typeid(void) if @c !(bool)*this.
     *
     *  This function will not throw an %exception.
     */
    const type_info& target_type() const noexcept;

    /**
     *  @brief Access the stored target function object.
     *
     *  @return Returns a pointer to the stored target function object,
     *  if @c typeid(_Functor).equals(target_type()); otherwise, a NULL
     *  pointer.
     *
     * This function does not throw exceptions.
     *
     * @{
     */
    template<typename _Functor>       _Functor* target() noexcept;

    template<typename _Functor> const _Functor* target() const noexcept;
    // @}
541#endif

  private:
    using _Invoker_type = _Res (*)(const _Any_data&, _ArgTypes&&...);
    _Invoker_type _M_invoker;
};

548#if __cpp_deduction_guides201703L >= 201606
template<typename>
  struct __function_guide_helper
  { };

template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
  struct __function_guide_helper<
    _Res (_Tp::*) (_Args...) noexcept(_Nx)
  >
  { using type = _Res(_Args...); };

template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
  struct __function_guide_helper<
    _Res (_Tp::*) (_Args...) & noexcept(_Nx)
  >
  { using type = _Res(_Args...); };

template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
  struct __function_guide_helper<
    _Res (_Tp::*) (_Args...) const noexcept(_Nx)
  >
  { using type = _Res(_Args...); };

template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
  struct __function_guide_helper<
    _Res (_Tp::*) (_Args...) const & noexcept(_Nx)
  >
  { using type = _Res(_Args...); };

template<typename _Res, typename... _ArgTypes>
  function(_Res(*)(_ArgTypes...)) -> function<_Res(_ArgTypes...)>;

template<typename _Functor, typename _Signature = typename
  __function_guide_helper<decltype(&_Functor::operator())>::type>
  function(_Functor) -> function<_Signature>;
583#endif

// Out-of-line member definitions.
template<typename _Res, typename... _ArgTypes>
  function<_Res(_ArgTypes...)>::
  function(const function& __x)
  : _Function_base()
  {
    if (static_cast<bool>(__x))
{
 __x._M_manager(_M_functor, __x._M_functor, __clone_functor);
 _M_invoker = __x._M_invoker;
 _M_manager = __x._M_manager;
}
  }

template<typename _Res, typename... _ArgTypes>
  template<typename _Functor, typename, typename>
    function<_Res(_ArgTypes...)>::
    function(_Functor __f)
    : _Function_base()
    {
typedef _Function_handler<_Res(_ArgTypes...), _Functor> _My_handler;

if (_My_handler::_M_not_empty_function(__f))
5
←
Taking true branch→
 {
   _My_handler::_M_init_functor(_M_functor, std::move(__f));
6
←
Calling '_Base_manager::_M_init_functor'→
10
←
Returned allocated memory→
   _M_invoker = &_My_handler::_M_invoke;
   _M_manager = &_My_handler::_M_manager;
 }
    }

template<typename _Res, typename... _ArgTypes>
  _Res
  function<_Res(_ArgTypes...)>::
  operator()(_ArgTypes... __args) const
  {
    if (_M_empty())
__throw_bad_function_call();
    return _M_invoker(_M_functor, std::forward<_ArgTypes>(__args)...);
  }

625#if __cpp_rtti199711L
template<typename _Res, typename... _ArgTypes>
  const type_info&
  function<_Res(_ArgTypes...)>::
  target_type() const noexcept
  {
    if (_M_manager)
{
 _Any_data __typeinfo_result;
 _M_manager(__typeinfo_result, _M_functor, __get_type_info);
 return *__typeinfo_result._M_access<const type_info*>();
}
    else
return typeid(void);
  }

template<typename _Res, typename... _ArgTypes>
  template<typename _Functor>
    _Functor*
    function<_Res(_ArgTypes...)>::
    target() noexcept
    {
const function* __const_this = this;
const _Functor* __func = __const_this->template target<_Functor>();
return const_cast<_Functor*>(__func);
    }

template<typename _Res, typename... _ArgTypes>
  template<typename _Functor>
    const _Functor*
    function<_Res(_ArgTypes...)>::
    target() const noexcept
    {
if (typeid(_Functor) == target_type() && _M_manager)
 {
   _Any_data __ptr;
   _M_manager(__ptr, _M_functor, __get_functor_ptr);
   return __ptr._M_access<const _Functor*>();
 }
else
 return nullptr;
    }
667#endif

// [20.7.15.2.6] null pointer comparisons

/**
 *  @brief Compares a polymorphic function object wrapper against 0
 *  (the NULL pointer).
 *  @returns @c true if the wrapper has no target, @c false otherwise
 *
 *  This function will not throw an %exception.
 */
template<typename _Res, typename... _Args>
  inline bool
  operator==(const function<_Res(_Args...)>& __f, nullptr_t) noexcept
  { return !static_cast<bool>(__f); }

683#if __cpp_impl_three_way_comparison < 201907L
/// @overload
template<typename _Res, typename... _Args>
  inline bool
  operator==(nullptr_t, const function<_Res(_Args...)>& __f) noexcept
  { return !static_cast<bool>(__f); }

/**
 *  @brief Compares a polymorphic function object wrapper against 0
 *  (the NULL pointer).
 *  @returns @c false if the wrapper has no target, @c true otherwise
 *
 *  This function will not throw an %exception.
 */
template<typename _Res, typename... _Args>
  inline bool
  operator!=(const function<_Res(_Args...)>& __f, nullptr_t) noexcept
  { return static_cast<bool>(__f); }

/// @overload
template<typename _Res, typename... _Args>
  inline bool
  operator!=(nullptr_t, const function<_Res(_Args...)>& __f) noexcept
  { return static_cast<bool>(__f); }
707#endif

// [20.7.15.2.7] specialized algorithms

/**
 *  @brief Swap the targets of two polymorphic function object wrappers.
 *
 *  This function will not throw an %exception.
 */
// _GLIBCXX_RESOLVE_LIB_DEFECTS
// 2062. Effect contradictions w/o no-throw guarantee of std::function swaps
template<typename _Res, typename... _Args>
  inline void
  swap(function<_Res(_Args...)>& __x, function<_Res(_Args...)>& __y) noexcept
  { __x.swap(__y); }

723#if __cplusplus201703L >= 201703L
namespace __detail::__variant
{
  template<typename> struct _Never_valueless_alt; // see <variant>

  // Provide the strong exception-safety guarantee when emplacing a
  // function into a variant.
  template<typename _Signature>
    struct _Never_valueless_alt<std::function<_Signature>>
    : std::true_type
    { };
}  // namespace __detail::__variant
735#endif // C++17

737_GLIBCXX_END_NAMESPACE_VERSION
738} // namespace std

740#endif // C++11
741#endif // _GLIBCXX_STD_FUNCTION_H