1740d490593e0de8732a697c9f77b90ddd463863bJordan Rose//===- Calls.cpp - Wrapper for all function and method calls ------*- C++ -*--// 2740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 3740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// The LLVM Compiler Infrastructure 4740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 5740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// This file is distributed under the University of Illinois Open Source 6740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// License. See LICENSE.TXT for details. 7740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 8740d490593e0de8732a697c9f77b90ddd463863bJordan Rose//===----------------------------------------------------------------------===// 9740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 10740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// \file This file defines CallEvent and its subclasses, which represent path- 11740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// sensitive instances of different kinds of function and method calls 12740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// (C, C++, and Objective-C). 13740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 14740d490593e0de8732a697c9f77b90ddd463863bJordan Rose//===----------------------------------------------------------------------===// 15740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 16f540c54701e3eeb34cb619a3a4eb18f1ac70ef2dJordan Rose#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 17b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose#include "clang/AST/ParentMap.h" 1855fc873017f10f6f566b182b70f6fc22aefa3464Chandler Carruth#include "clang/Analysis/ProgramPoint.h" 1955fc873017f10f6f566b182b70f6fc22aefa3464Chandler Carruth#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 20740d490593e0de8732a697c9f77b90ddd463863bJordan Rose#include "llvm/ADT/SmallSet.h" 21de507eaf3cb54d3cb234dc14499c10ab3373d15fJordan Rose#include "llvm/ADT/StringExtras.h" 22a93d0f280693b8418bc88cf7a8c93325f7fcf4c6Benjamin Kramer#include "llvm/Support/raw_ostream.h" 23740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 24740d490593e0de8732a697c9f77b90ddd463863bJordan Roseusing namespace clang; 25740d490593e0de8732a697c9f77b90ddd463863bJordan Roseusing namespace ento; 26740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 27740d490593e0de8732a697c9f77b90ddd463863bJordan RoseQualType CallEvent::getResultType() const { 285699f62df144545702b91e91836a63db4e5f2627Jordan Rose const Expr *E = getOriginExpr(); 295699f62df144545702b91e91836a63db4e5f2627Jordan Rose assert(E && "Calls without origin expressions do not have results"); 305699f62df144545702b91e91836a63db4e5f2627Jordan Rose QualType ResultTy = E->getType(); 31740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 325699f62df144545702b91e91836a63db4e5f2627Jordan Rose ASTContext &Ctx = getState()->getStateManager().getContext(); 335699f62df144545702b91e91836a63db4e5f2627Jordan Rose 345699f62df144545702b91e91836a63db4e5f2627Jordan Rose // A function that returns a reference to 'int' will have a result type 355699f62df144545702b91e91836a63db4e5f2627Jordan Rose // of simply 'int'. Check the origin expr's value kind to recover the 365699f62df144545702b91e91836a63db4e5f2627Jordan Rose // proper type. 375699f62df144545702b91e91836a63db4e5f2627Jordan Rose switch (E->getValueKind()) { 385699f62df144545702b91e91836a63db4e5f2627Jordan Rose case VK_LValue: 395699f62df144545702b91e91836a63db4e5f2627Jordan Rose ResultTy = Ctx.getLValueReferenceType(ResultTy); 405699f62df144545702b91e91836a63db4e5f2627Jordan Rose break; 415699f62df144545702b91e91836a63db4e5f2627Jordan Rose case VK_XValue: 425699f62df144545702b91e91836a63db4e5f2627Jordan Rose ResultTy = Ctx.getRValueReferenceType(ResultTy); 435699f62df144545702b91e91836a63db4e5f2627Jordan Rose break; 445699f62df144545702b91e91836a63db4e5f2627Jordan Rose case VK_RValue: 455699f62df144545702b91e91836a63db4e5f2627Jordan Rose // No adjustment is necessary. 465699f62df144545702b91e91836a63db4e5f2627Jordan Rose break; 475699f62df144545702b91e91836a63db4e5f2627Jordan Rose } 48740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 49740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return ResultTy; 50740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 51740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 52740d490593e0de8732a697c9f77b90ddd463863bJordan Rosestatic bool isCallbackArg(SVal V, QualType T) { 53740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If the parameter is 0, it's harmless. 54740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (V.isZeroConstant()) 55740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 56740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 57740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If a parameter is a block or a callback, assume it can modify pointer. 58740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (T->isBlockPointerType() || 59740d490593e0de8732a697c9f77b90ddd463863bJordan Rose T->isFunctionPointerType() || 60740d490593e0de8732a697c9f77b90ddd463863bJordan Rose T->isObjCSelType()) 61740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 62740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 63740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Check if a callback is passed inside a struct (for both, struct passed by 64740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // reference and by value). Dig just one level into the struct for now. 65740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 664e45dba1c0234eec7b7c348dbbf568c5ac9fc471Jordan Rose if (T->isAnyPointerType() || T->isReferenceType()) 67740d490593e0de8732a697c9f77b90ddd463863bJordan Rose T = T->getPointeeType(); 68740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 69740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const RecordType *RT = T->getAsStructureType()) { 70740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const RecordDecl *RD = RT->getDecl(); 71740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (RecordDecl::field_iterator I = RD->field_begin(), E = RD->field_end(); 72740d490593e0de8732a697c9f77b90ddd463863bJordan Rose I != E; ++I) { 73740d490593e0de8732a697c9f77b90ddd463863bJordan Rose QualType FieldT = I->getType(); 74740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (FieldT->isBlockPointerType() || FieldT->isFunctionPointerType()) 75740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 76740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 77740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 78740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 79740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 80740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 81740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 82740d490593e0de8732a697c9f77b90ddd463863bJordan Rosebool CallEvent::hasNonZeroCallbackArg() const { 83740d490593e0de8732a697c9f77b90ddd463863bJordan Rose unsigned NumOfArgs = getNumArgs(); 84740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 85740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If calling using a function pointer, assume the function does not 86740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // have a callback. TODO: We could check the types of the arguments here. 87740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!getDecl()) 88740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 89740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 90740d490593e0de8732a697c9f77b90ddd463863bJordan Rose unsigned Idx = 0; 91740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (CallEvent::param_type_iterator I = param_type_begin(), 92740d490593e0de8732a697c9f77b90ddd463863bJordan Rose E = param_type_end(); 93740d490593e0de8732a697c9f77b90ddd463863bJordan Rose I != E && Idx < NumOfArgs; ++I, ++Idx) { 94740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (NumOfArgs <= Idx) 95740d490593e0de8732a697c9f77b90ddd463863bJordan Rose break; 96740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 97740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (isCallbackArg(getArgSVal(Idx), *I)) 98740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 99740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 100740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 101740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 102740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 103740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 1042f3017f9cbd3774f690c979410bfec38423d03afJordan Rosebool CallEvent::isGlobalCFunction(StringRef FunctionName) const { 1052f3017f9cbd3774f690c979410bfec38423d03afJordan Rose const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(getDecl()); 1062f3017f9cbd3774f690c979410bfec38423d03afJordan Rose if (!FD) 1072f3017f9cbd3774f690c979410bfec38423d03afJordan Rose return false; 1082f3017f9cbd3774f690c979410bfec38423d03afJordan Rose 1092f3017f9cbd3774f690c979410bfec38423d03afJordan Rose return CheckerContext::isCLibraryFunction(FD, FunctionName); 1102f3017f9cbd3774f690c979410bfec38423d03afJordan Rose} 1112f3017f9cbd3774f690c979410bfec38423d03afJordan Rose 112740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// \brief Returns true if a type is a pointer-to-const or reference-to-const 113740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// with no further indirection. 114740d490593e0de8732a697c9f77b90ddd463863bJordan Rosestatic bool isPointerToConst(QualType Ty) { 115740d490593e0de8732a697c9f77b90ddd463863bJordan Rose QualType PointeeTy = Ty->getPointeeType(); 116740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (PointeeTy == QualType()) 117740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 118740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!PointeeTy.isConstQualified()) 119740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 120740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (PointeeTy->isAnyPointerType()) 121740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 122740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 123740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 124740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 125740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// Try to retrieve the function declaration and find the function parameter 126740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// types which are pointers/references to a non-pointer const. 12785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose// We will not invalidate the corresponding argument regions. 128740d490593e0de8732a697c9f77b90ddd463863bJordan Rosestatic void findPtrToConstParams(llvm::SmallSet<unsigned, 1> &PreserveArgs, 129740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const CallEvent &Call) { 130740d490593e0de8732a697c9f77b90ddd463863bJordan Rose unsigned Idx = 0; 131740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (CallEvent::param_type_iterator I = Call.param_type_begin(), 13285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose E = Call.param_type_end(); 133740d490593e0de8732a697c9f77b90ddd463863bJordan Rose I != E; ++I, ++Idx) { 134740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (isPointerToConst(*I)) 135740d490593e0de8732a697c9f77b90ddd463863bJordan Rose PreserveArgs.insert(Idx); 136740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 137740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 138740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 139740d490593e0de8732a697c9f77b90ddd463863bJordan RoseProgramStateRef CallEvent::invalidateRegions(unsigned BlockCount, 140740d490593e0de8732a697c9f77b90ddd463863bJordan Rose ProgramStateRef Orig) const { 141b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose ProgramStateRef Result = (Orig ? Orig : getState()); 142740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 143740d490593e0de8732a697c9f77b90ddd463863bJordan Rose SmallVector<const MemRegion *, 8> RegionsToInvalidate; 1444b3918e9534e46f9ac067c6e0018f94613292efaJordan Rose getExtraInvalidatedRegions(RegionsToInvalidate); 145740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 146740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Indexes of arguments whose values will be preserved by the call. 147740d490593e0de8732a697c9f77b90ddd463863bJordan Rose llvm::SmallSet<unsigned, 1> PreserveArgs; 14885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (!argumentsMayEscape()) 14985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose findPtrToConstParams(PreserveArgs, *this); 150740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 151740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (unsigned Idx = 0, Count = getNumArgs(); Idx != Count; ++Idx) { 152740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (PreserveArgs.count(Idx)) 153740d490593e0de8732a697c9f77b90ddd463863bJordan Rose continue; 154740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 155740d490593e0de8732a697c9f77b90ddd463863bJordan Rose SVal V = getArgSVal(Idx); 156740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 157740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If we are passing a location wrapped as an integer, unwrap it and 158740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // invalidate the values referred by the location. 159dc84cd5efdd3430efb22546b4ac656aa0540b210David Blaikie if (Optional<nonloc::LocAsInteger> Wrapped = 1605251abea41b446c26e3239c8dd6c7edea6fc335dDavid Blaikie V.getAs<nonloc::LocAsInteger>()) 161740d490593e0de8732a697c9f77b90ddd463863bJordan Rose V = Wrapped->getLoc(); 1625251abea41b446c26e3239c8dd6c7edea6fc335dDavid Blaikie else if (!V.getAs<Loc>()) 163740d490593e0de8732a697c9f77b90ddd463863bJordan Rose continue; 164740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 165740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const MemRegion *R = V.getAsRegion()) { 166740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Invalidate the value of the variable passed by reference. 167740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 168740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Are we dealing with an ElementRegion? If the element type is 169740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // a basic integer type (e.g., char, int) and the underlying region 170740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // is a variable region then strip off the ElementRegion. 171740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // FIXME: We really need to think about this for the general case 172740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // as sometimes we are reasoning about arrays and other times 173740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // about (char*), etc., is just a form of passing raw bytes. 174740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // e.g., void *p = alloca(); foo((char*)p); 175740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) { 176740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Checking for 'integral type' is probably too promiscuous, but 177740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // we'll leave it in for now until we have a systematic way of 178740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // handling all of these cases. Eventually we need to come up 179740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // with an interface to StoreManager so that this logic can be 180740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // appropriately delegated to the respective StoreManagers while 181740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // still allowing us to do checker-specific logic (e.g., 182740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // invalidating reference counts), probably via callbacks. 183740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (ER->getElementType()->isIntegralOrEnumerationType()) { 184740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const MemRegion *superReg = ER->getSuperRegion(); 185740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (isa<VarRegion>(superReg) || isa<FieldRegion>(superReg) || 186740d490593e0de8732a697c9f77b90ddd463863bJordan Rose isa<ObjCIvarRegion>(superReg)) 187740d490593e0de8732a697c9f77b90ddd463863bJordan Rose R = cast<TypedRegion>(superReg); 188740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 189740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // FIXME: What about layers of ElementRegions? 190740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 191740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 192740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Mark this region for invalidation. We batch invalidate regions 193740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // below for efficiency. 194740d490593e0de8732a697c9f77b90ddd463863bJordan Rose RegionsToInvalidate.push_back(R); 195740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 196740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 197740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 198740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Invalidate designated regions using the batch invalidation API. 199740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // NOTE: Even if RegionsToInvalidate is empty, we may still invalidate 200740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // global variables. 201740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return Result->invalidateRegions(RegionsToInvalidate, getOriginExpr(), 202b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose BlockCount, getLocationContext(), 2031655bcd052a67a3050fc55df8ecce57342352e68Anna Zaks /*CausedByPointerEscape*/ true, 204b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose /*Symbols=*/0, this); 205740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 206740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 20728038f33aa2db4833881fea757a1f0daf85ac02bJordan RoseProgramPoint CallEvent::getProgramPoint(bool IsPreVisit, 20828038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose const ProgramPointTag *Tag) const { 20928038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose if (const Expr *E = getOriginExpr()) { 21028038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose if (IsPreVisit) 211b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PreStmt(E, getLocationContext(), Tag); 212b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PostStmt(E, getLocationContext(), Tag); 21328038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose } 21428038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 21528038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose const Decl *D = getDecl(); 21628038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose assert(D && "Cannot get a program point without a statement or decl"); 21728038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 21828038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose SourceLocation Loc = getSourceRange().getBegin(); 21928038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose if (IsPreVisit) 220b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PreImplicitCall(D, Loc, getLocationContext(), Tag); 221b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PostImplicitCall(D, Loc, getLocationContext(), Tag); 22228038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose} 22328038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 2247c99aa385178c630e29f671299cdd9c104f1c885Jordan RoseSVal CallEvent::getArgSVal(unsigned Index) const { 2257c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose const Expr *ArgE = getArgExpr(Index); 2267c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (!ArgE) 2277c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return UnknownVal(); 2287c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return getSVal(ArgE); 2297c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose} 2307c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2317c99aa385178c630e29f671299cdd9c104f1c885Jordan RoseSourceRange CallEvent::getArgSourceRange(unsigned Index) const { 2327c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose const Expr *ArgE = getArgExpr(Index); 2337c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (!ArgE) 2347c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return SourceRange(); 2357c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return ArgE->getSourceRange(); 2367c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose} 2377c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2382f3017f9cbd3774f690c979410bfec38423d03afJordan RoseSVal CallEvent::getReturnValue() const { 2392f3017f9cbd3774f690c979410bfec38423d03afJordan Rose const Expr *E = getOriginExpr(); 2402f3017f9cbd3774f690c979410bfec38423d03afJordan Rose if (!E) 2412f3017f9cbd3774f690c979410bfec38423d03afJordan Rose return UndefinedVal(); 2422f3017f9cbd3774f690c979410bfec38423d03afJordan Rose return getSVal(E); 2432f3017f9cbd3774f690c979410bfec38423d03afJordan Rose} 2442f3017f9cbd3774f690c979410bfec38423d03afJordan Rose 24542c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramervoid CallEvent::dump() const { 24642c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramer dump(llvm::errs()); 24742c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramer} 24842c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramer 2497c99aa385178c630e29f671299cdd9c104f1c885Jordan Rosevoid CallEvent::dump(raw_ostream &Out) const { 2507c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose ASTContext &Ctx = getState()->getStateManager().getContext(); 2517c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (const Expr *E = getOriginExpr()) { 252d1420c6fa788669e49f21e184927c7833881e399Richard Smith E->printPretty(Out, 0, Ctx.getPrintingPolicy()); 2537c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose Out << "\n"; 2547c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return; 2557c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose } 2567c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2577c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (const Decl *D = getDecl()) { 2587c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose Out << "Call to "; 2597c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose D->print(Out, Ctx.getPrintingPolicy()); 2607c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return; 2617c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose } 2627c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2637c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose // FIXME: a string representation of the kind would be nice. 2647c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose Out << "Unknown call (type " << getKind() << ")"; 2657c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose} 2667c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 26728038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 2686062334cc388bce69fb3978c4ecb26c6485a5c2bJordan Rosebool CallEvent::isCallStmt(const Stmt *S) { 2697c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return isa<CallExpr>(S) || isa<ObjCMessageExpr>(S) 2706062334cc388bce69fb3978c4ecb26c6485a5c2bJordan Rose || isa<CXXConstructExpr>(S) 2716062334cc388bce69fb3978c4ecb26c6485a5c2bJordan Rose || isa<CXXNewExpr>(S); 27285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose} 27316e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks 27416e6a7cb41319459ded69b4d47f405c1035dd347Anna ZaksQualType CallEvent::getDeclaredResultType(const Decl *D) { 27516e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks assert(D); 27616e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks if (const FunctionDecl* FD = dyn_cast<FunctionDecl>(D)) 27716e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks return FD->getResultType(); 27816e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks else if (const ObjCMethodDecl* MD = dyn_cast<ObjCMethodDecl>(D)) 27916e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks return MD->getResultType(); 28016e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks return QualType(); 28116e6a7cb41319459ded69b4d47f405c1035dd347Anna Zaks} 28285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 283ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosestatic void addParameterValuesToBindings(const StackFrameContext *CalleeCtx, 284ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose CallEvent::BindingsTy &Bindings, 285ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB, 286ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const CallEvent &Call, 287ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose CallEvent::param_iterator I, 288ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose CallEvent::param_iterator E) { 289ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose MemRegionManager &MRMgr = SVB.getRegionManager(); 29085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 291ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose unsigned Idx = 0; 292ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose for (; I != E; ++I, ++Idx) { 293ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ParmVarDecl *ParamDecl = *I; 294ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose assert(ParamDecl && "Formal parameter has no decl?"); 295ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 296ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal ArgVal = Call.getArgSVal(Idx); 297ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!ArgVal.isUnknown()) { 298ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc ParamLoc = SVB.makeLoc(MRMgr.getVarRegion(ParamDecl, CalleeCtx)); 299ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Bindings.push_back(std::make_pair(ParamLoc, ArgVal)); 300ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 301ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 302ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 303ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose // FIXME: Variadic arguments are not handled at all right now. 304ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 305ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 306ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 307ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator AnyFunctionCall::param_begin() const { 308ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const FunctionDecl *D = getDecl(); 309740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 310740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 311740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 312ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_begin(); 313740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 314740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 315ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator AnyFunctionCall::param_end() const { 316ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const FunctionDecl *D = getDecl(); 317740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 318740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 319740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 320ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_end(); 321ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 322ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 323ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid AnyFunctionCall::getInitialStackFrameContents( 324ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 325ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 326ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const FunctionDecl *D = cast<FunctionDecl>(CalleeCtx->getDecl()); 327ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 328ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose addParameterValuesToBindings(CalleeCtx, Bindings, SVB, *this, 329ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose D->param_begin(), D->param_end()); 330740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 331740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 33285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rosebool AnyFunctionCall::argumentsMayEscape() const { 333b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (hasNonZeroCallbackArg()) 33485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 33585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 33685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose const FunctionDecl *D = getDecl(); 33785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (!D) 33885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 33985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 34085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose const IdentifierInfo *II = D->getIdentifier(); 34185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (!II) 3423719ed248b7b7e239b1b435dd569b007aaea9d26Anna Zaks return false; 34385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 34485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // This set of "escaping" APIs is 34585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 34685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - 'int pthread_setspecific(ptheread_key k, const void *)' stores a 34785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // value into thread local storage. The value can later be retrieved with 34885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // 'void *ptheread_getspecific(pthread_key)'. So even thought the 34985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // parameter is 'const void *', the region escapes through the call. 35085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (II->isStr("pthread_setspecific")) 35185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 35285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 35385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - xpc_connection_set_context stores a value which can be retrieved later 35485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // with xpc_connection_get_context. 35585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (II->isStr("xpc_connection_set_context")) 35685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 35785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 35885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - funopen - sets a buffer for future IO calls. 35985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (II->isStr("funopen")) 36085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 36185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 36285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StringRef FName = II->getName(); 36385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 36485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - CoreFoundation functions that end with "NoCopy" can free a passed-in 36585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // buffer even if it is const. 36685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (FName.endswith("NoCopy")) 36785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 36885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 36985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - NSXXInsertXX, for example NSMapInsertIfAbsent, since they can 37085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // be deallocated by NSMapRemove. 37185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (FName.startswith("NS") && (FName.find("Insert") != StringRef::npos)) 37285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 37385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 37485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - Many CF containers allow objects to escape through custom 37585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // allocators/deallocators upon container construction. (PR12101) 37685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (FName.startswith("CF") || FName.startswith("CG")) { 37785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return StrInStrNoCase(FName, "InsertValue") != StringRef::npos || 37885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "AddValue") != StringRef::npos || 37985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "SetValue") != StringRef::npos || 38085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "WithData") != StringRef::npos || 38185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "AppendValue") != StringRef::npos || 38285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "SetAttribute") != StringRef::npos; 38385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose } 38485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 38585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return false; 38685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose} 38785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 38885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 389740d490593e0de8732a697c9f77b90ddd463863bJordan Roseconst FunctionDecl *SimpleCall::getDecl() const { 390b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose const FunctionDecl *D = getOriginExpr()->getDirectCallee(); 391740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (D) 392740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return D; 393740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 394b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return getSVal(getOriginExpr()->getCallee()).getAsFunctionDecl(); 395740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 396740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 39785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 398645baeed6800f952e9ad1d5666e01080385531a2Jordan Roseconst FunctionDecl *CXXInstanceCall::getDecl() const { 399645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose const CallExpr *CE = cast_or_null<CallExpr>(getOriginExpr()); 400645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose if (!CE) 401645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return AnyFunctionCall::getDecl(); 402645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose 403645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose const FunctionDecl *D = CE->getDirectCallee(); 404645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose if (D) 405645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return D; 406645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose 407645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return getSVal(CE->getCallee()).getAsFunctionDecl(); 408645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose} 409645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose 4104b3918e9534e46f9ac067c6e0018f94613292efaJordan Rosevoid CXXInstanceCall::getExtraInvalidatedRegions(RegionList &Regions) const { 411c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose if (const MemRegion *R = getCXXThisVal().getAsRegion()) 412c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose Regions.push_back(R); 413c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose} 414c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4156ebea89be233eaba5e29de8cf3524ad150c860bbJordan RoseSVal CXXInstanceCall::getCXXThisVal() const { 4166ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose const Expr *Base = getCXXThisExpr(); 4176ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose // FIXME: This doesn't handle an overloaded ->* operator. 4186ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose if (!Base) 4196ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose return UnknownVal(); 4206ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose 4216ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose SVal ThisVal = getSVal(Base); 4225251abea41b446c26e3239c8dd6c7edea6fc335dDavid Blaikie assert(ThisVal.isUnknownOrUndef() || ThisVal.getAs<Loc>()); 4236ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose return ThisVal; 4246ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose} 4256ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose 426c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 427ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted KremenekRuntimeDefinition CXXInstanceCall::getRuntimeDefinition() const { 4280ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Do we have a decl at all? 4299584f67b6da17283a31dedf0a1cab2d83a3d121cJordan Rose const Decl *D = getDecl(); 430c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose if (!D) 431e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks return RuntimeDefinition(); 432c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4330ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // If the method is non-virtual, we know we can inline it. 434c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose const CXXMethodDecl *MD = cast<CXXMethodDecl>(D); 435c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose if (!MD->isVirtual()) 436ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted Kremenek return AnyFunctionCall::getRuntimeDefinition(); 437c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4380ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Do we know the implicit 'this' object being called? 4390ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose const MemRegion *R = getCXXThisVal().getAsRegion(); 4400ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (!R) 4410ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 4420ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4430ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Do we know anything about the type of 'this'? 4440ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose DynamicTypeInfo DynType = getState()->getDynamicTypeInfo(R); 4450ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (!DynType.isValid()) 4460ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 4470ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4480ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Is the type a C++ class? (This is mostly a defensive check.) 4490ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose QualType RegionType = DynType.getType()->getPointeeType(); 4504e45dba1c0234eec7b7c348dbbf568c5ac9fc471Jordan Rose assert(!RegionType.isNull() && "DynamicTypeInfo should always be a pointer."); 4514e45dba1c0234eec7b7c348dbbf568c5ac9fc471Jordan Rose 4520ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose const CXXRecordDecl *RD = RegionType->getAsCXXRecordDecl(); 453fc87350ce0b279c82b1c9d2647063f4acf48a978Jordan Rose if (!RD || !RD->hasDefinition()) 4540ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 4550ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 456fe3769dbb448edf8e5ece13b14017608558d4763Jordan Rose // Find the decl for this method in that class. 457fe3769dbb448edf8e5ece13b14017608558d4763Jordan Rose const CXXMethodDecl *Result = MD->getCorrespondingMethodInClass(RD, true); 4588f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose if (!Result) { 4598f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose // We might not even get the original statically-resolved method due to 4608f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose // some particularly nasty casting (e.g. casts to sister classes). 4618f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose // However, we should at least be able to search up and down our own class 4628f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose // hierarchy, and some real bugs have been caught by checking this. 4638f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose assert(!RD->isDerivedFrom(MD->getParent()) && "Couldn't find known method"); 464d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose 465d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose // FIXME: This is checking that our DynamicTypeInfo is at least as good as 466d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose // the static type. However, because we currently don't update 467d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose // DynamicTypeInfo when an object is cast, we can't actually be sure the 468d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose // DynamicTypeInfo is up to date. This assert should be re-enabled once 469d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose // this is fixed. <rdar://problem/12287087> 470d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose //assert(!MD->getParent()->isDerivedFrom(RD) && "Bad DynamicTypeInfo"); 471d66b3c56a5da1cbaf5ec12811ee7221231b6c301Jordan Rose 4728f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose return RuntimeDefinition(); 4738f0d0fef5f90b16600cdb802d5d7344417c34aadJordan Rose } 4740ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4750ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Does the decl that we found have an implementation? 4760ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose const FunctionDecl *Definition; 4770ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (!Result->hasBody(Definition)) 4780ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 479c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4800ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // We found a definition. If we're not sure that this devirtualization is 4810ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // actually what will happen at runtime, make sure to provide the region so 4820ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // that ExprEngine can decide what to do with it. 4830ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (DynType.canBeASubClass()) 4840ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(Definition, R->StripCasts()); 4850ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(Definition, /*DispatchRegion=*/0); 486c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose} 487c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 488ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid CXXInstanceCall::getInitialStackFrameContents( 489ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 490ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 491ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings); 492ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 493b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose // Handle the binding of 'this' in the new stack frame. 494ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal ThisVal = getCXXThisVal(); 495ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!ThisVal.isUnknown()) { 496b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose ProgramStateManager &StateMgr = getState()->getStateManager(); 497b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose SValBuilder &SVB = StateMgr.getSValBuilder(); 4989f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose 499ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const CXXMethodDecl *MD = cast<CXXMethodDecl>(CalleeCtx->getDecl()); 500ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc ThisLoc = SVB.getCXXThis(MD, CalleeCtx); 501b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose 5029f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose // If we devirtualized to a different member function, we need to make sure 5039f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose // we have the proper layering of CXXBaseObjectRegions. 5049f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose if (MD->getCanonicalDecl() != getDecl()->getCanonicalDecl()) { 5058ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose ASTContext &Ctx = SVB.getContext(); 506b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose const CXXRecordDecl *Class = MD->getParent(); 5078ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose QualType Ty = Ctx.getPointerType(Ctx.getRecordType(Class)); 508b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose 5098ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose // FIXME: CallEvent maybe shouldn't be directly accessing StoreManager. 5108ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose bool Failed; 5118ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose ThisVal = StateMgr.getStoreManager().evalDynamicCast(ThisVal, Ty, Failed); 5128ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose assert(!Failed && "Calling an incorrectly devirtualized method"); 513b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose } 514b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose 5159f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose if (!ThisVal.isUnknown()) 5169f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose Bindings.push_back(std::make_pair(ThisLoc, ThisVal)); 517ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 518ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 519ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 520ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 521c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 5229da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Roseconst Expr *CXXMemberCall::getCXXThisExpr() const { 5239da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Rose return getOriginExpr()->getImplicitObjectArgument(); 524e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 525e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 526ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted KremenekRuntimeDefinition CXXMemberCall::getRuntimeDefinition() const { 52700b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose // C++11 [expr.call]p1: ...If the selected function is non-virtual, or if the 52800b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose // id-expression in the class member access expression is a qualified-id, 52900b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose // that function is called. Otherwise, its final overrider in the dynamic type 53000b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose // of the object expression is called. 53100b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose if (const MemberExpr *ME = dyn_cast<MemberExpr>(getOriginExpr()->getCallee())) 53200b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose if (ME->hasQualifier()) 533ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted Kremenek return AnyFunctionCall::getRuntimeDefinition(); 53400b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose 535ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted Kremenek return CXXInstanceCall::getRuntimeDefinition(); 53600b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose} 53700b4f64ecb26b031c1f4888f39be6c706156356aJordan Rose 53885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 5399da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Roseconst Expr *CXXMemberOperatorCall::getCXXThisExpr() const { 5409da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Rose return getOriginExpr()->getArg(0); 541e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 542e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 543fdaa33818cf9bad8d092136e73bd2e489cb821baJordan Rose 544740d490593e0de8732a697c9f77b90ddd463863bJordan Roseconst BlockDataRegion *BlockCall::getBlockRegion() const { 545740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const Expr *Callee = getOriginExpr()->getCallee(); 546740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const MemRegion *DataReg = getSVal(Callee).getAsRegion(); 547740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 54869f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return dyn_cast_or_null<BlockDataRegion>(DataReg); 549740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 550740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 551ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator BlockCall::param_begin() const { 55269f87c956b3ac2b80124fd9604af012e1061473aJordan Rose const BlockDecl *D = getBlockDecl(); 55369f87c956b3ac2b80124fd9604af012e1061473aJordan Rose if (!D) 55469f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return 0; 55569f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return D->param_begin(); 556740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 557740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 558ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator BlockCall::param_end() const { 55969f87c956b3ac2b80124fd9604af012e1061473aJordan Rose const BlockDecl *D = getBlockDecl(); 56069f87c956b3ac2b80124fd9604af012e1061473aJordan Rose if (!D) 56169f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return 0; 56269f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return D->param_end(); 563740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 564740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 5654b3918e9534e46f9ac067c6e0018f94613292efaJordan Rosevoid BlockCall::getExtraInvalidatedRegions(RegionList &Regions) const { 56669f87c956b3ac2b80124fd9604af012e1061473aJordan Rose // FIXME: This also needs to invalidate captured globals. 56769f87c956b3ac2b80124fd9604af012e1061473aJordan Rose if (const MemRegion *R = getBlockRegion()) 56869f87c956b3ac2b80124fd9604af012e1061473aJordan Rose Regions.push_back(R); 569740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 570740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 571ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid BlockCall::getInitialStackFrameContents(const StackFrameContext *CalleeCtx, 572ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 573ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const BlockDecl *D = cast<BlockDecl>(CalleeCtx->getDecl()); 574ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 575ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose addParameterValuesToBindings(CalleeCtx, Bindings, SVB, *this, 576ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose D->param_begin(), D->param_end()); 577ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 578ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 579ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 580e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan RoseSVal CXXConstructorCall::getCXXThisVal() const { 581b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (Data) 582b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return loc::MemRegionVal(static_cast<const MemRegion *>(Data)); 583e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose return UnknownVal(); 584e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 585e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 5864b3918e9534e46f9ac067c6e0018f94613292efaJordan Rosevoid CXXConstructorCall::getExtraInvalidatedRegions(RegionList &Regions) const { 587b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (Data) 588b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose Regions.push_back(static_cast<const MemRegion *>(Data)); 589740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 590740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 591ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid CXXConstructorCall::getInitialStackFrameContents( 592ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 593ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 594ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings); 595ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 596ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal ThisVal = getCXXThisVal(); 597ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!ThisVal.isUnknown()) { 598ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 599ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const CXXMethodDecl *MD = cast<CXXMethodDecl>(CalleeCtx->getDecl()); 600ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc ThisLoc = SVB.getCXXThis(MD, CalleeCtx); 601ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Bindings.push_back(std::make_pair(ThisLoc, ThisVal)); 602ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 603ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 604ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 605ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 60685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 607e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan RoseSVal CXXDestructorCall::getCXXThisVal() const { 608b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (Data) 609200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose return loc::MemRegionVal(DtorDataTy::getFromOpaqueValue(Data).getPointer()); 610e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose return UnknownVal(); 611e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 612e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 613ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted KremenekRuntimeDefinition CXXDestructorCall::getRuntimeDefinition() const { 614200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose // Base destructors are always called non-virtually. 615200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose // Skip CXXInstanceCall's devirtualization logic in this case. 616200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose if (isBaseDestructor()) 617ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted Kremenek return AnyFunctionCall::getRuntimeDefinition(); 618200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose 619ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted Kremenek return CXXInstanceCall::getRuntimeDefinition(); 620200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose} 621200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose 622ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 623ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator ObjCMethodCall::param_begin() const { 624ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ObjCMethodDecl *D = getDecl(); 625740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 626740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 627740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 628ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_begin(); 629740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 630740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 631ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator ObjCMethodCall::param_end() const { 632ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ObjCMethodDecl *D = getDecl(); 633740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 634740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 635740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 636ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_end(); 637740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 638740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 639740d490593e0de8732a697c9f77b90ddd463863bJordan Rosevoid 6404b3918e9534e46f9ac067c6e0018f94613292efaJordan RoseObjCMethodCall::getExtraInvalidatedRegions(RegionList &Regions) const { 641740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const MemRegion *R = getReceiverSVal().getAsRegion()) 642740d490593e0de8732a697c9f77b90ddd463863bJordan Rose Regions.push_back(R); 643740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 644740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 6455a90193ad825656d4a03099cd5e9c928d1782b5eAnna ZaksSVal ObjCMethodCall::getSelfSVal() const { 6465a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks const LocationContext *LCtx = getLocationContext(); 6475a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks const ImplicitParamDecl *SelfDecl = LCtx->getSelfDecl(); 6485a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks if (!SelfDecl) 6495a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return SVal(); 6505a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return getState()->getSVal(getState()->getRegion(SelfDecl, LCtx)); 6515a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks} 6525a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 653cde8cdbd6a662c636164465ad309b5f17ff01064Jordan RoseSVal ObjCMethodCall::getReceiverSVal() const { 654740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // FIXME: Is this the best way to handle class receivers? 655740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!isInstanceMessage()) 656740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return UnknownVal(); 657740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 658c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks if (const Expr *RecE = getOriginExpr()->getInstanceReceiver()) 659c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks return getSVal(RecE); 660740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 661740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // An instance message with no expression means we are sending to super. 662740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // In this case the object reference is the same as 'self'. 6635a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks assert(getOriginExpr()->getReceiverKind() == ObjCMessageExpr::SuperInstance); 6645a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks SVal SelfVal = getSelfSVal(); 6655a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks assert(SelfVal.isValid() && "Calling super but not in ObjC method"); 6665a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return SelfVal; 6675a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks} 6685a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6695a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaksbool ObjCMethodCall::isReceiverSelfOrSuper() const { 6705a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks if (getOriginExpr()->getReceiverKind() == ObjCMessageExpr::SuperInstance || 6715a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks getOriginExpr()->getReceiverKind() == ObjCMessageExpr::SuperClass) 6725a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return true; 6735a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6745a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks if (!isInstanceMessage()) 6755a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return false; 6765a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6775a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks SVal RecVal = getSVal(getOriginExpr()->getInstanceReceiver()); 6785a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6795a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return (RecVal == getSelfSVal()); 680b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose} 681b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose 6828919e688dc610d1f632a4d43f7f1489f67255476Jordan RoseSourceRange ObjCMethodCall::getSourceRange() const { 6838919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose switch (getMessageKind()) { 6848919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case OCM_Message: 6858919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return getOriginExpr()->getSourceRange(); 6868919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case OCM_PropertyAccess: 6878919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case OCM_Subscript: 6888919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return getContainingPseudoObjectExpr()->getSourceRange(); 6898919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 6907c30427afb4c2171ee4d336477f5e4d7c277ccb4Richard Smith llvm_unreachable("unknown message kind"); 6918919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose} 6928919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6938919e688dc610d1f632a4d43f7f1489f67255476Jordan Rosetypedef llvm::PointerIntPair<const PseudoObjectExpr *, 2> ObjCMessageDataTy; 6948919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6958919e688dc610d1f632a4d43f7f1489f67255476Jordan Roseconst PseudoObjectExpr *ObjCMethodCall::getContainingPseudoObjectExpr() const { 6968919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(Data != 0 && "Lazy lookup not yet performed."); 6978919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(getMessageKind() != OCM_Message && "Explicit message send."); 6988919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return ObjCMessageDataTy::getFromOpaqueValue(Data).getPointer(); 6998919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose} 7008919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 7018919e688dc610d1f632a4d43f7f1489f67255476Jordan RoseObjCMessageKind ObjCMethodCall::getMessageKind() const { 7028919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (Data == 0) { 7038919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose ParentMap &PM = getLocationContext()->getParentMap(); 7048919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const Stmt *S = PM.getParent(getOriginExpr()); 7058919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (const PseudoObjectExpr *POE = dyn_cast_or_null<PseudoObjectExpr>(S)) { 7068919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const Expr *Syntactic = POE->getSyntacticForm(); 7078919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 7088919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose // This handles the funny case of assigning to the result of a getter. 7098919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose // This can happen if the getter returns a non-const reference. 7108919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (const BinaryOperator *BO = dyn_cast<BinaryOperator>(Syntactic)) 7118919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose Syntactic = BO->getLHS(); 7128919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 7138919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose ObjCMessageKind K; 7148919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose switch (Syntactic->getStmtClass()) { 7158919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case Stmt::ObjCPropertyRefExprClass: 7168919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose K = OCM_PropertyAccess; 7178919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose break; 7188919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case Stmt::ObjCSubscriptRefExprClass: 7198919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose K = OCM_Subscript; 7208919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose break; 7218919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose default: 7228919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose // FIXME: Can this ever happen? 7238919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose K = OCM_Message; 7248919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose break; 7258919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 7268919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 7278919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (K != OCM_Message) { 7288919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const_cast<ObjCMethodCall *>(this)->Data 7298919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose = ObjCMessageDataTy(POE, K).getOpaqueValue(); 7308919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(getMessageKind() == K); 7318919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return K; 7328919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 7338919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 7348919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 7358919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const_cast<ObjCMethodCall *>(this)->Data 7368919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose = ObjCMessageDataTy(0, 1).getOpaqueValue(); 7378919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(getMessageKind() == OCM_Message); 7388919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return OCM_Message; 7398919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 7408919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 7418919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose ObjCMessageDataTy Info = ObjCMessageDataTy::getFromOpaqueValue(Data); 7428919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (!Info.getPointer()) 7438919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return OCM_Message; 7448919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return static_cast<ObjCMessageKind>(Info.getInt()); 745740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 7469dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks 7473f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7483f558af01643787d209a133215b0abec81b5fe30Anna Zaksbool ObjCMethodCall::canBeOverridenInSubclass(ObjCInterfaceDecl *IDecl, 7493f558af01643787d209a133215b0abec81b5fe30Anna Zaks Selector Sel) const { 7503f558af01643787d209a133215b0abec81b5fe30Anna Zaks assert(IDecl); 7513f558af01643787d209a133215b0abec81b5fe30Anna Zaks const SourceManager &SM = 7523f558af01643787d209a133215b0abec81b5fe30Anna Zaks getState()->getStateManager().getContext().getSourceManager(); 7533f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7543f558af01643787d209a133215b0abec81b5fe30Anna Zaks // If the class interface is declared inside the main file, assume it is not 7553f558af01643787d209a133215b0abec81b5fe30Anna Zaks // subcassed. 7563f558af01643787d209a133215b0abec81b5fe30Anna Zaks // TODO: It could actually be subclassed if the subclass is private as well. 7573f558af01643787d209a133215b0abec81b5fe30Anna Zaks // This is probably very rare. 7583f558af01643787d209a133215b0abec81b5fe30Anna Zaks SourceLocation InterfLoc = IDecl->getEndOfDefinitionLoc(); 7593f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (InterfLoc.isValid() && SM.isFromMainFile(InterfLoc)) 7603f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7613f558af01643787d209a133215b0abec81b5fe30Anna Zaks 76238aee3bb4ffe14c8323785ae2fafed6f627fb577Anna Zaks // Assume that property accessors are not overridden. 76338aee3bb4ffe14c8323785ae2fafed6f627fb577Anna Zaks if (getMessageKind() == OCM_PropertyAccess) 76438aee3bb4ffe14c8323785ae2fafed6f627fb577Anna Zaks return false; 7653f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7663f558af01643787d209a133215b0abec81b5fe30Anna Zaks // We assume that if the method is public (declared outside of main file) or 7673f558af01643787d209a133215b0abec81b5fe30Anna Zaks // has a parent which publicly declares the method, the method could be 7683f558af01643787d209a133215b0abec81b5fe30Anna Zaks // overridden in a subclass. 7693f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7703f558af01643787d209a133215b0abec81b5fe30Anna Zaks // Find the first declaration in the class hierarchy that declares 7713f558af01643787d209a133215b0abec81b5fe30Anna Zaks // the selector. 7723f558af01643787d209a133215b0abec81b5fe30Anna Zaks ObjCMethodDecl *D = 0; 7733f558af01643787d209a133215b0abec81b5fe30Anna Zaks while (true) { 7743f558af01643787d209a133215b0abec81b5fe30Anna Zaks D = IDecl->lookupMethod(Sel, true); 7753f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7763f558af01643787d209a133215b0abec81b5fe30Anna Zaks // Cannot find a public definition. 7773f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (!D) 7783f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7793f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7803f558af01643787d209a133215b0abec81b5fe30Anna Zaks // If outside the main file, 7813f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (D->getLocation().isValid() && !SM.isFromMainFile(D->getLocation())) 7823f558af01643787d209a133215b0abec81b5fe30Anna Zaks return true; 7833f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7843f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (D->isOverriding()) { 7853f558af01643787d209a133215b0abec81b5fe30Anna Zaks // Search in the superclass on the next iteration. 7863f558af01643787d209a133215b0abec81b5fe30Anna Zaks IDecl = D->getClassInterface(); 7873f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (!IDecl) 7883f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7893f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7903f558af01643787d209a133215b0abec81b5fe30Anna Zaks IDecl = IDecl->getSuperClass(); 7913f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (!IDecl) 7923f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7933f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7943f558af01643787d209a133215b0abec81b5fe30Anna Zaks continue; 7953f558af01643787d209a133215b0abec81b5fe30Anna Zaks } 7963f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7973f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7983f558af01643787d209a133215b0abec81b5fe30Anna Zaks }; 7993f558af01643787d209a133215b0abec81b5fe30Anna Zaks 8003f558af01643787d209a133215b0abec81b5fe30Anna Zaks llvm_unreachable("The while loop should always terminate."); 8013f558af01643787d209a133215b0abec81b5fe30Anna Zaks} 8023f558af01643787d209a133215b0abec81b5fe30Anna Zaks 803ddc0c4814788dda4ef224cd4d22d07154a6ede49Ted KremenekRuntimeDefinition ObjCMethodCall::getRuntimeDefinition() const { 8042d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks const ObjCMessageExpr *E = getOriginExpr(); 8052d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks assert(E); 806f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks Selector Sel = E->getSelector(); 8072d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks 8082d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks if (E->isInstanceMessage()) { 809f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks 810f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks // Find the the receiver type. 811f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks const ObjCObjectPointerType *ReceiverT = 0; 81254918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks bool CanBeSubClassed = false; 813f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks QualType SupersType = E->getSuperType(); 814e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks const MemRegion *Receiver = 0; 815e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks 816f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks if (!SupersType.isNull()) { 817e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks // Super always means the type of immediate predecessor to the method 818e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks // where the call occurs. 8198ed21ef726be89ef7151b5ff397631379bd8a537Anna Zaks ReceiverT = cast<ObjCObjectPointerType>(SupersType); 820f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks } else { 821e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks Receiver = getReceiverSVal().getAsRegion(); 8224fe64ad383c056774087113561063429103ac9a6Jordan Rose if (!Receiver) 823e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks return RuntimeDefinition(); 8244fe64ad383c056774087113561063429103ac9a6Jordan Rose 82554918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks DynamicTypeInfo DTI = getState()->getDynamicTypeInfo(Receiver); 82654918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks QualType DynType = DTI.getType(); 82754918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks CanBeSubClassed = DTI.canBeASubClass(); 8288ed21ef726be89ef7151b5ff397631379bd8a537Anna Zaks ReceiverT = dyn_cast<ObjCObjectPointerType>(DynType); 82954918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks 83054918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (ReceiverT && CanBeSubClassed) 83154918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (ObjCInterfaceDecl *IDecl = ReceiverT->getInterfaceDecl()) 83254918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (!canBeOverridenInSubclass(IDecl, Sel)) 83354918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks CanBeSubClassed = false; 8349dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks } 8359dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks 836f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks // Lookup the method implementation. 837f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks if (ReceiverT) 8383f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (ObjCInterfaceDecl *IDecl = ReceiverT->getInterfaceDecl()) { 839bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // Repeatedly calling lookupPrivateMethod() is expensive, especially 840bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // when in many cases it returns null. We cache the results so 841bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // that repeated queries on the same ObjCIntefaceDecl and Selector 842bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // don't incur the same cost. On some test cases, we can see the 843bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // same query being issued thousands of times. 844bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // 845bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // NOTE: This cache is essentially a "global" variable, but it 846bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // only gets lazily created when we get here. The value of the 847bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // cache probably comes from it being global across ExprEngines, 848bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // where the same queries may get issued. If we are worried about 849bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // concurrency, or possibly loading/unloading ASTs, etc., we may 850bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // need to revisit this someday. In terms of memory, this table 851bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // stays around until clang quits, which also may be bad if we 852bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // need to release memory. 853bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek typedef std::pair<const ObjCInterfaceDecl*, Selector> 854bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek PrivateMethodKey; 855bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek typedef llvm::DenseMap<PrivateMethodKey, 856dc84cd5efdd3430efb22546b4ac656aa0540b210David Blaikie Optional<const ObjCMethodDecl *> > 857bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek PrivateMethodCache; 858bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek 859bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek static PrivateMethodCache PMC; 860dc84cd5efdd3430efb22546b4ac656aa0540b210David Blaikie Optional<const ObjCMethodDecl *> &Val = PMC[std::make_pair(IDecl, Sel)]; 861bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek 862bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek // Query lookupPrivateMethod() if the cache does not hit. 863bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek if (!Val.hasValue()) 864bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek Val = IDecl->lookupPrivateMethod(Sel); 865bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek 866bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972aTed Kremenek const ObjCMethodDecl *MD = Val.getValue(); 86754918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (CanBeSubClassed) 86854918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks return RuntimeDefinition(MD, Receiver); 8693f558af01643787d209a133215b0abec81b5fe30Anna Zaks else 87054918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks return RuntimeDefinition(MD, 0); 8713f558af01643787d209a133215b0abec81b5fe30Anna Zaks } 872f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks 8732d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks } else { 8742d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // This is a class method. 8752d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // If we have type info for the receiver class, we are calling via 8762d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // class name. 8772d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks if (ObjCInterfaceDecl *IDecl = E->getReceiverInterface()) { 8782d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // Find/Return the method implementation. 8795960f4aeac9760198c80e05d70d8dadb1db0ff0eAnna Zaks return RuntimeDefinition(IDecl->lookupPrivateClassMethod(Sel)); 8802d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks } 8819dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks } 8822d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks 883e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks return RuntimeDefinition(); 8849dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks} 8859dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks 886ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid ObjCMethodCall::getInitialStackFrameContents( 887ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 888ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 889ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ObjCMethodDecl *D = cast<ObjCMethodDecl>(CalleeCtx->getDecl()); 890ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 891ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose addParameterValuesToBindings(CalleeCtx, Bindings, SVB, *this, 892ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose D->param_begin(), D->param_end()); 893ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 894ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal SelfVal = getReceiverSVal(); 895ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!SelfVal.isUnknown()) { 896ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const VarDecl *SelfD = CalleeCtx->getAnalysisDeclContext()->getSelfDecl(); 897ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose MemRegionManager &MRMgr = SVB.getRegionManager(); 898ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc SelfLoc = SVB.makeLoc(MRMgr.getVarRegion(SelfD, CalleeCtx)); 899ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Bindings.push_back(std::make_pair(SelfLoc, SelfVal)); 900ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 901ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 902ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 903645baeed6800f952e9ad1d5666e01080385531a2Jordan RoseCallEventRef<> 904d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan RoseCallEventManager::getSimpleCall(const CallExpr *CE, ProgramStateRef State, 905d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose const LocationContext *LCtx) { 906d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE)) 907d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<CXXMemberCall>(MCE, State, LCtx); 908d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose 909d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (const CXXOperatorCallExpr *OpCE = dyn_cast<CXXOperatorCallExpr>(CE)) { 910d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose const FunctionDecl *DirectCallee = OpCE->getDirectCallee(); 911d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(DirectCallee)) 912d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (MD->isInstance()) 913d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<CXXMemberOperatorCall>(OpCE, State, LCtx); 914d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose 915d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose } else if (CE->getCallee()->getType()->isBlockPointerType()) { 916d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<BlockCall>(CE, State, LCtx); 917d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose } 918d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose 919d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose // Otherwise, it's a normal function call, static member function call, or 920d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose // something we can't reason about. 921d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<FunctionCall>(CE, State, LCtx); 922d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose} 92357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 92457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 92557c033621dacd8720ac9ff65a09025f14f70e22fJordan RoseCallEventRef<> 92657c033621dacd8720ac9ff65a09025f14f70e22fJordan RoseCallEventManager::getCaller(const StackFrameContext *CalleeCtx, 92757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose ProgramStateRef State) { 92857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const LocationContext *ParentCtx = CalleeCtx->getParent(); 92957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const LocationContext *CallerCtx = ParentCtx->getCurrentStackFrame(); 93057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose assert(CallerCtx && "This should not be used for top-level stack frames"); 93157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 93257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const Stmt *CallSite = CalleeCtx->getCallSite(); 93357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 93457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose if (CallSite) { 93557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose if (const CallExpr *CE = dyn_cast<CallExpr>(CallSite)) 93657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getSimpleCall(CE, State, CallerCtx); 93757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 93857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose switch (CallSite->getStmtClass()) { 939827eeb63614309bafac9d77a5a3a7ca81f1e4751Jordan Rose case Stmt::CXXConstructExprClass: 940827eeb63614309bafac9d77a5a3a7ca81f1e4751Jordan Rose case Stmt::CXXTemporaryObjectExprClass: { 94157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SValBuilder &SVB = State->getStateManager().getSValBuilder(); 94257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const CXXMethodDecl *Ctor = cast<CXXMethodDecl>(CalleeCtx->getDecl()); 94357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Loc ThisPtr = SVB.getCXXThis(Ctor, CalleeCtx); 94457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SVal ThisVal = State->getSVal(ThisPtr); 94557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 94657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getCXXConstructorCall(cast<CXXConstructExpr>(CallSite), 94757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose ThisVal.getAsRegion(), State, CallerCtx); 94857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose } 94957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose case Stmt::CXXNewExprClass: 95057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getCXXAllocatorCall(cast<CXXNewExpr>(CallSite), State, CallerCtx); 95157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose case Stmt::ObjCMessageExprClass: 95257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getObjCMethodCall(cast<ObjCMessageExpr>(CallSite), 95357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose State, CallerCtx); 95457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose default: 95557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose llvm_unreachable("This is not an inlineable statement."); 95657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose } 95757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose } 95857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 95957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose // Fall back to the CFG. The only thing we haven't handled yet is 96057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose // destructors, though this could change in the future. 96157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const CFGBlock *B = CalleeCtx->getCallSiteBlock(); 96257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose CFGElement E = (*B)[CalleeCtx->getIndex()]; 963fdf6a279c9a75c778eba382d9a156697092982a1David Blaikie assert(E.getAs<CFGImplicitDtor>() && 964fdf6a279c9a75c778eba382d9a156697092982a1David Blaikie "All other CFG elements should have exprs"); 965fdf6a279c9a75c778eba382d9a156697092982a1David Blaikie assert(!E.getAs<CFGTemporaryDtor>() && "We don't handle temporaries yet"); 96657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 96757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SValBuilder &SVB = State->getStateManager().getSValBuilder(); 96857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CalleeCtx->getDecl()); 96957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Loc ThisPtr = SVB.getCXXThis(Dtor, CalleeCtx); 97057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SVal ThisVal = State->getSVal(ThisPtr); 97157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 97257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const Stmt *Trigger; 973b07805485c603be3d8011f72611465324c9e664bDavid Blaikie if (Optional<CFGAutomaticObjDtor> AutoDtor = E.getAs<CFGAutomaticObjDtor>()) 974b07805485c603be3d8011f72611465324c9e664bDavid Blaikie Trigger = AutoDtor->getTriggerStmt(); 97557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose else 97657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Trigger = Dtor->getBody(); 97757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 97857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getCXXDestructorCall(Dtor, Trigger, ThisVal.getAsRegion(), 979b07805485c603be3d8011f72611465324c9e664bDavid Blaikie E.getAs<CFGBaseDtor>().hasValue(), State, 980b07805485c603be3d8011f72611465324c9e664bDavid Blaikie CallerCtx); 98157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose} 982