[closures preanalysis] [1/n] Adding first step of preanalysis to specialize methods with concrete closures they are called with

This preanalysis in general aims to create specialized clones of methods that have blocks as arguments and that are called with concrete closures, and then call these clone methods instead of the original ones.

One complication is what happens with the captured variables in the closure. What we do is we add them to the formals of the cloned method and passed them through to the concrete blocks.

We do this transformation in two steps:
1. Go through all the callers of methods with blocks as parameters, and create the clone methods. In this preanalysis we only create the attributes for the new method, not the code. We also update the call instructions in the callers to represent a call to the cloned method with updated arguments: we don't need to pass closures arguments anymore, we instead pass the captured variables as new arguments.
2. We add the corresponding code to the newly created clones: this means swapping the call to the block variable with a call to the corresponding block.  Moreover, we add some of the new formals (that correspond to the captured variables) to the arguments of the call.

This diff implements step 1 of the analysis.  The next diff D23216021 implements step 2.

@ -48,10 +48,14 @@ let rename ~f {plain; mangled} =
{plain; mangled}
module Set = Caml.Set.Make (struct
module Set = PrettyPrintable.MakePPSet (struct
type nonrec t = t [@@deriving compare]
let pp = pp
module Map = Caml.Map.Make (struct
module Map = PrettyPrintable.MakePPMap (struct
type nonrec t = t [@@deriving compare]
let pp = pp

@ -43,7 +43,7 @@ val rename : f:(string -> string) -> t -> t
(** Maps over both the plain and the mangled components. *)
(** Set of Mangled. *)
module Set : Caml.Set.S with type elt = t
module Set : PrettyPrintable.PPSet with type elt = t
(** Map with Mangled as key *)
module Map : Caml.Map.S with type key = t
module Map : PrettyPrintable.PPMap with type key = t

@ -38,6 +38,11 @@ let pp_var_data fmt {name; typ; modify_in_block; is_declared_unused} =
Mangled.pp name (Typ.pp_full Pp.text) typ modify_in_block is_declared_unused
type specialized_with_blocks_info =
{ orig_proc: Procname.t
; formals_to_procs_and_new_formals: (Procname.t * (Mangled.t * Typ.t) list) Mangled.Map.t }
[@@deriving compare]
type t =
{ access: PredSymb.access (** visibility access *)
; captured: (Mangled.t * Typ.t * Pvar.capture_mode) list
@ -58,6 +63,10 @@ type t =
; is_synthetic_method: bool (** the procedure is a synthetic method *)
; is_variadic: bool (** the procedure is variadic, only supported for Clang procedures *)
; sentinel_attr: (int * int) option (** __attribute__((sentinel(int, int))) *)
; specialized_with_blocks_info: specialized_with_blocks_info option
(** the procedure is a clone specialized with calls to concrete closures, with link to the
original procedure, and a map that links the original formals to the elements of the
closure used to specialize the procedure. *)
; clang_method_kind: ClangMethodKind.t (** the kind of method the procedure is *)
; loc: Location.t (** location of this procedure in the source code *)
; translation_unit: SourceFile.t (** translation unit to which the procedure belongs *)
@ -102,6 +111,7 @@ let default translation_unit proc_name =
; passed_as_noescape_block_to= None
; is_no_return= false
; is_specialized= false
; specialized_with_blocks_info= None
; is_synthetic_method= false
; is_variadic= false
; sentinel_attr= None
@ -120,6 +130,16 @@ let pp_parameters =
Pp.semicolon_seq ~print_env:Pp.text_break (Pp.pair ~fst:Mangled.pp ~snd:(Typ.pp_full Pp.text))
let pp_specialized_with_blocks_info fmt info =
let pp_new_formal fmt el =
F.fprintf fmt "%a:%a" Mangled.pp (fst el) (Typ.pp_full Pp.text) (snd el)
let pp_new_formals = Pp.semicolon_seq ~print_env:Pp.text_break pp_new_formal in
F.fprintf fmt "orig_procname=%a, formals_to_procs_and_new_formals=%a" Procname.pp info.orig_proc
(Mangled.Map.pp ~pp_value:(Pp.pair ~fst:Procname.pp ~snd:pp_new_formals))
let pp_captured_var fmt (var, typ, mode) =
F.fprintf fmt "(%a,@,%a,@,%s)" Mangled.pp var (Typ.pp_full Pp.text) typ
(Pvar.string_of_capture_mode mode)
@ -141,6 +161,7 @@ let pp f
; passed_as_noescape_block_to
; is_no_return
; is_specialized
; specialized_with_blocks_info
; is_synthetic_method
; is_variadic
; sentinel_attr
@ -188,6 +209,14 @@ let pp f
passed_as_noescape_block_to ;
pp_bool_default ~default:default.is_no_return "is_no_return" is_no_return f () ;
pp_bool_default ~default:default.is_specialized "is_specialized" is_specialized f () ;
([%compare.equal: specialized_with_blocks_info option] default.specialized_with_blocks_info
F.fprintf f "; specialized_with_blocks_info %a@,"
(Pp.option pp_specialized_with_blocks_info)
specialized_with_blocks_info ;
pp_bool_default ~default:default.is_synthetic_method "is_synthetic_method" is_synthetic_method f
() ;
pp_bool_default ~default:default.is_variadic "is_variadic" is_variadic f () ;

@ -20,6 +20,11 @@ type var_data =
; is_constexpr: bool
; is_declared_unused: bool (** variable declared with attribute [unused] *) }
type specialized_with_blocks_info =
{ orig_proc: Procname.t
; formals_to_procs_and_new_formals: (Procname.t * (Mangled.t * Typ.t) list) Mangled.Map.t }
[@@deriving compare]
type t =
{ access: PredSymb.access (** visibility access *)
; captured: (Mangled.t * Typ.t * Pvar.capture_mode) list
@ -40,6 +45,10 @@ type t =
; is_synthetic_method: bool (** the procedure is a synthetic method *)
; is_variadic: bool (** the procedure is variadic, only supported for Clang procedures *)
; sentinel_attr: (int * int) option (** __attribute__((sentinel(int, int))) *)
; specialized_with_blocks_info: specialized_with_blocks_info option
(** the procedure is a clone specialized with calls to concrete closures, with link to the
original procedure, and a map that links the original formals to the elements of the
closure used to specialize the procedure. *)
; clang_method_kind: ClangMethodKind.t (** the kind of method the procedure is *)
; loc: Location.t (** location of this procedure in the source code *)
; translation_unit: SourceFile.t (** source file where the procedure was captured *)

@ -553,6 +553,13 @@ let get_global_name_of_initializer = function
let pp_with_block_parameters pp fmt base blocks =
pp fmt base ;
F.pp_print_string fmt "[" ;
Pp.seq ~sep:"^" F.pp_print_string fmt blocks ;
F.pp_print_string fmt "]"
(** Very verbose representation of an existing Procname.t *)
let rec pp_unique_id fmt = function
| Java j ->
@ -566,9 +573,7 @@ let rec pp_unique_id fmt = function
| WithBlockParameters (base, []) ->
pp_unique_id fmt base
| WithBlockParameters (base, (_ :: _ as blocks)) ->
pp_unique_id fmt base ;
F.pp_print_string fmt "_" ;
Pp.seq ~sep:"_" F.pp_print_string fmt blocks
pp_with_block_parameters pp_unique_id fmt base blocks
| Linters_dummy_method ->
F.pp_print_string fmt "Linters_dummy_method"
@ -588,9 +593,7 @@ let rec pp fmt = function
| WithBlockParameters (base, []) ->
pp fmt base
| WithBlockParameters (base, (_ :: _ as blocks)) ->
pp fmt base ;
F.pp_print_string fmt "_" ;
Pp.seq ~sep:"_" F.pp_print_string fmt blocks
pp_with_block_parameters pp fmt base blocks
| Linters_dummy_method ->
pp_unique_id fmt Linters_dummy_method

@ -35,10 +35,13 @@ type pvar_kind =
(** Names for program variables. *)
type t = {pv_hash: int; pv_name: Mangled.t; pv_kind: pvar_kind} [@@deriving compare]
let get_name_of_local_with_procname var =
let build_formal_from_pvar var =
match var.pv_kind with
| Local_var pname ->
Mangled.from_string (F.asprintf "%s_%a" (Mangled.to_string var.pv_name) Procname.pp pname)
(F.asprintf "%s[%a]" (Mangled.to_string var.pv_name)
(Procname.pp_simplified_string ~withclass:false)
| _ ->

@ -161,9 +161,9 @@ val is_pod : t -> bool
val get_initializer_pname : t -> Procname.t option
(** Get the procname of the initializer function for the given global variable *)
val get_name_of_local_with_procname : t -> Mangled.t
(** [get_name_of_local_with_procname var] Return a name that is composed of the name of var and the
name of the procname in case of locals *)
val build_formal_from_pvar : t -> Mangled.t
(** [build_formal_from_pvar var] Return a name that is composed of the name of var (and the name of
the procname in case of locals) *)
val materialized_cpp_temporary : string

@ -307,7 +307,7 @@ let with_block_args callee_pdesc pname_with_block_args block_args =
~f:(fun (_, var, typ, _) ->
(* Here we create fresh names for the new formals, based on the names of the captured
variables annotated with the name of the caller method *)
(Pvar.get_name_of_local_with_procname var, typ) )
(Pvar.build_formal_from_pvar var, typ) )
Mangled.Map.add param_name (cl.name, formals_from_captured) subts

@ -0,0 +1,172 @@
* Copyright (c) Facebook, Inc. and its affiliates.
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
open! IStd
module F = Format
type formal_annot = {formal_type: Mangled.t * Typ.t; formal_annot: Annot.Item.t}
[@@deriving compare]
type formal_actual = {formal: formal_annot; actual: Exp.t * Typ.t [@ignore]} [@@deriving compare]
let pp_formal_annot fmt formal =
F.fprintf fmt "(formal_type=%a, formal_annot=%a)"
(Pp.pair ~fst:Mangled.pp ~snd:(Typ.pp Pp.text))
formal.formal_type Annot.Item.pp formal.formal_annot
let pp_formal_actual fmt formal_actual =
F.fprintf fmt "(formal=%a, actual=%a)" pp_formal_annot formal_actual.formal
(Pp.pair ~fst:Exp.pp ~snd:(Typ.pp Pp.text))
module FormalsMap = PrettyPrintable.MakePPMap (struct
type t = formal_annot [@@deriving compare]
let pp = pp_formal_annot
module FormalsActualsSet = PrettyPrintable.MakePPSet (struct
type t = formal_actual [@@deriving compare]
let pp = pp_formal_actual
let formals_actuals_map formals annotations actual_params =
let rec formals_actuals_map_inner acc formals annotations actual_params =
match (formals, annotations, actual_params) with
| [], [], [] ->
Some acc
| fml :: fmls, an :: ans, act :: acts ->
let acc = FormalsMap.add {formal_type= fml; formal_annot= an} act acc in
formals_actuals_map_inner acc fmls ans acts
| _, _, _ ->
formals_actuals_map_inner FormalsMap.empty formals annotations actual_params
let formals_actuals_new_set map =
(fun formal actual set ->
match actual with
| Exp.Closure closure, _ ->
List.fold_left closure.Exp.captured_vars ~init:set ~f:(fun set (exp, var, typ, _) ->
let formal_annot =
{formal_type= (Pvar.build_formal_from_pvar var, typ); formal_annot= Annot.Item.empty}
let formal_actual = {formal= formal_annot; actual= (exp, typ)} in
FormalsActualsSet.add formal_actual set )
| actual ->
FormalsActualsSet.add {formal; actual} set )
map FormalsActualsSet.empty
let formals_annots_actuals_lists new_formals_actuals =
(fun {formal; actual} (fs, ans, acts) ->
(formal.formal_type :: fs, formal.formal_annot :: ans, actual :: acts) )
new_formals_actuals ([], [], [])
let has_closure actual_params =
List.exists actual_params ~f:(fun (exp, _) ->
match exp with Exp.Closure c -> Procname.is_objc_block c.name | _ -> false )
let should_specialize actual_params call_flags =
let block_is_receiver actual_params =
Int.equal (List.length actual_params) 1 && call_flags.CallFlags.cf_virtual
has_closure actual_params && not (block_is_receiver actual_params)
(* name for the specialized method instantiated with closure arguments *)
let pname_with_closure_args callee_pname actual_params =
let block_name_args =
List.filter_map actual_params ~f:(function
| Exp.Closure cl, _ when Procname.is_objc_block cl.name ->
Some (Procname.block_name_of_procname cl.name)
| _ ->
None )
Procname.with_block_parameters callee_pname block_name_args
let formals_closures_map map =
(fun formal actual new_map ->
match actual with
| Exp.Closure closure, _ ->
let captured_as_formals =
~f:(fun (_, var, typ, _) -> (Pvar.build_formal_from_pvar var, typ))
Mangled.Map.add (fst formal.formal_type) (closure.name, captured_as_formals) new_map
| _ ->
new_map )
map Mangled.Map.empty
let is_objc_setter proc_desc =
let attributes = Procdesc.get_attributes proc_desc in
match attributes.ProcAttributes.objc_accessor with Some (Objc_setter _) -> true | _ -> false
let is_initializer proc_desc =
let proc_name = Procdesc.get_proc_name proc_desc in
Procname.is_constructor proc_name
let replace_with_specialize_methods cfg _node instr =
match instr with
| Sil.Call (ret, Exp.Const (Const.Cfun callee_pname), actual_params, loc, flags)
when should_specialize actual_params flags -> (
match Procname.Hash.find_opt cfg callee_pname with
(*TODO(T74127433): This specialization works well only when the we specialize methods that take a block
parameter and then run the block. It doesn't work well when the block is instead stored in
a field. This case will be left as future work, and we won't specialize common cases where this
happens such as setters or initializers. *)
| Some proc_desc when (not (is_objc_setter proc_desc)) && not (is_initializer proc_desc) -> (
let callee_attributes = Procdesc.get_attributes proc_desc in
formals_actuals_map callee_attributes.formals callee_attributes.method_annotation.params
| Some map ->
let set = formals_actuals_new_set map in
let new_formals, new_annots, new_actuals = formals_annots_actuals_lists set in
let annot = callee_attributes.method_annotation in
let specialized_pname = pname_with_closure_args callee_pname actual_params in
let new_attributes =
{ callee_attributes with
{ orig_proc= callee_pname
; formals_to_procs_and_new_formals= formals_closures_map map }
; is_defined= true
; formals= new_formals
; method_annotation= {annot with params= new_annots}
; proc_name= specialized_pname }
Cfg.create_proc_desc cfg new_attributes |> ignore ;
Sil.Call (ret, Exp.Const (Const.Cfun specialized_pname), new_actuals, loc, flags)
| None ->
instr )
| _ ->
instr )
| _ ->
let process cfg =
let process_pdesc _proc_name proc_desc =
Procdesc.replace_instrs proc_desc ~f:(replace_with_specialize_methods cfg) |> ignore
Procname.Hash.iter process_pdesc cfg

@ -0,0 +1,10 @@
* Copyright (c) Facebook, Inc. and its affiliates.
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
open! IStd
val process : Cfg.t -> unit

@ -52,6 +52,7 @@ let do_source_file (translation_unit_context : CFrontend_config.translation_unit
let cfg = compute_icfg translation_unit_context tenv ast in
CAddImplicitDeallocImpl.process cfg tenv ;
CAddImplicitGettersSetters.process cfg ;
CCallSpecializedWithClosures.process cfg ;
L.(debug Capture Verbose) "@\n End building call/cfg graph for '%a'.@\n" SourceFile.pp source_file ;
NullabilityPreanalysis.analysis cfg tenv ;
SourceFiles.add source_file cfg (Tenv.FileLocal tenv) (Some integer_type_widths) ;

@ -104,6 +104,7 @@ SOURCES_ARC = \
npe/nullable.m \
property/ExplicitIvarName.m \
shared/block/dispatch_examples.m \
specialized_methods_with_blocks/BlockAsReceiver.m \
subtyping/KindOfClassExample.m \
variadic_methods/premature_nil_termination.m \

@ -0,0 +1,31 @@
* Copyright (c) Facebook, Inc. and its affiliates.
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
#include <Foundation/Foundation.h>
@interface BlockAsReceiver : NSObject
@implementation BlockAsReceiver
static bool _isAppStartingUp() { return true; }
/* This program would crash if we would specialize NSObject.copy
here because it would become a virtual call without receiver,
as the receiver is the block parameter. Blocks as also objects! */
static void setupTimerOk() {
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
dispatch_block_t _timerBlock = [^{
if (_isAppStartingUp()) {
} copy];

