CallEvent.cpp revision 200fa2e70d52ae6d620e81cd45536071fdde70c0
1740d490593e0de8732a697c9f77b90ddd463863bJordan Rose//===- Calls.cpp - Wrapper for all function and method calls ------*- C++ -*--// 2740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 3740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// The LLVM Compiler Infrastructure 4740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 5740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// This file is distributed under the University of Illinois Open Source 6740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// License. See LICENSE.TXT for details. 7740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 8740d490593e0de8732a697c9f77b90ddd463863bJordan Rose//===----------------------------------------------------------------------===// 9740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 10740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// \file This file defines CallEvent and its subclasses, which represent path- 11740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// sensitive instances of different kinds of function and method calls 12740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// (C, C++, and Objective-C). 13740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// 14740d490593e0de8732a697c9f77b90ddd463863bJordan Rose//===----------------------------------------------------------------------===// 15740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 16f540c54701e3eeb34cb619a3a4eb18f1ac70ef2dJordan Rose#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 1728038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose#include "clang/Analysis/ProgramPoint.h" 18b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose#include "clang/AST/ParentMap.h" 19740d490593e0de8732a697c9f77b90ddd463863bJordan Rose#include "llvm/ADT/SmallSet.h" 20de507eaf3cb54d3cb234dc14499c10ab3373d15fJordan Rose#include "llvm/ADT/StringExtras.h" 21740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 22740d490593e0de8732a697c9f77b90ddd463863bJordan Roseusing namespace clang; 23740d490593e0de8732a697c9f77b90ddd463863bJordan Roseusing namespace ento; 24740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 25740d490593e0de8732a697c9f77b90ddd463863bJordan RoseQualType CallEvent::getResultType() const { 265699f62df144545702b91e91836a63db4e5f2627Jordan Rose const Expr *E = getOriginExpr(); 275699f62df144545702b91e91836a63db4e5f2627Jordan Rose assert(E && "Calls without origin expressions do not have results"); 285699f62df144545702b91e91836a63db4e5f2627Jordan Rose QualType ResultTy = E->getType(); 29740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 305699f62df144545702b91e91836a63db4e5f2627Jordan Rose ASTContext &Ctx = getState()->getStateManager().getContext(); 315699f62df144545702b91e91836a63db4e5f2627Jordan Rose 325699f62df144545702b91e91836a63db4e5f2627Jordan Rose // A function that returns a reference to 'int' will have a result type 335699f62df144545702b91e91836a63db4e5f2627Jordan Rose // of simply 'int'. Check the origin expr's value kind to recover the 345699f62df144545702b91e91836a63db4e5f2627Jordan Rose // proper type. 355699f62df144545702b91e91836a63db4e5f2627Jordan Rose switch (E->getValueKind()) { 365699f62df144545702b91e91836a63db4e5f2627Jordan Rose case VK_LValue: 375699f62df144545702b91e91836a63db4e5f2627Jordan Rose ResultTy = Ctx.getLValueReferenceType(ResultTy); 385699f62df144545702b91e91836a63db4e5f2627Jordan Rose break; 395699f62df144545702b91e91836a63db4e5f2627Jordan Rose case VK_XValue: 405699f62df144545702b91e91836a63db4e5f2627Jordan Rose ResultTy = Ctx.getRValueReferenceType(ResultTy); 415699f62df144545702b91e91836a63db4e5f2627Jordan Rose break; 425699f62df144545702b91e91836a63db4e5f2627Jordan Rose case VK_RValue: 435699f62df144545702b91e91836a63db4e5f2627Jordan Rose // No adjustment is necessary. 445699f62df144545702b91e91836a63db4e5f2627Jordan Rose break; 455699f62df144545702b91e91836a63db4e5f2627Jordan Rose } 46740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 47740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return ResultTy; 48740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 49740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 50740d490593e0de8732a697c9f77b90ddd463863bJordan Rosestatic bool isCallbackArg(SVal V, QualType T) { 51740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If the parameter is 0, it's harmless. 52740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (V.isZeroConstant()) 53740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 54740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 55740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If a parameter is a block or a callback, assume it can modify pointer. 56740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (T->isBlockPointerType() || 57740d490593e0de8732a697c9f77b90ddd463863bJordan Rose T->isFunctionPointerType() || 58740d490593e0de8732a697c9f77b90ddd463863bJordan Rose T->isObjCSelType()) 59740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 60740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 61740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Check if a callback is passed inside a struct (for both, struct passed by 62740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // reference and by value). Dig just one level into the struct for now. 63740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 644e45dba1c0234eec7b7c348dbbf568c5ac9fc471Jordan Rose if (T->isAnyPointerType() || T->isReferenceType()) 65740d490593e0de8732a697c9f77b90ddd463863bJordan Rose T = T->getPointeeType(); 66740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 67740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const RecordType *RT = T->getAsStructureType()) { 68740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const RecordDecl *RD = RT->getDecl(); 69740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (RecordDecl::field_iterator I = RD->field_begin(), E = RD->field_end(); 70740d490593e0de8732a697c9f77b90ddd463863bJordan Rose I != E; ++I) { 71740d490593e0de8732a697c9f77b90ddd463863bJordan Rose QualType FieldT = I->getType(); 72740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (FieldT->isBlockPointerType() || FieldT->isFunctionPointerType()) 73740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 74740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 75740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 76740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 77740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 78740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 79740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 80740d490593e0de8732a697c9f77b90ddd463863bJordan Rosebool CallEvent::hasNonZeroCallbackArg() const { 81740d490593e0de8732a697c9f77b90ddd463863bJordan Rose unsigned NumOfArgs = getNumArgs(); 82740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 83740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If calling using a function pointer, assume the function does not 84740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // have a callback. TODO: We could check the types of the arguments here. 85740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!getDecl()) 86740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 87740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 88740d490593e0de8732a697c9f77b90ddd463863bJordan Rose unsigned Idx = 0; 89740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (CallEvent::param_type_iterator I = param_type_begin(), 90740d490593e0de8732a697c9f77b90ddd463863bJordan Rose E = param_type_end(); 91740d490593e0de8732a697c9f77b90ddd463863bJordan Rose I != E && Idx < NumOfArgs; ++I, ++Idx) { 92740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (NumOfArgs <= Idx) 93740d490593e0de8732a697c9f77b90ddd463863bJordan Rose break; 94740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 95740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (isCallbackArg(getArgSVal(Idx), *I)) 96740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 97740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 98740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 99740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 100740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 101740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 102740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// \brief Returns true if a type is a pointer-to-const or reference-to-const 103740d490593e0de8732a697c9f77b90ddd463863bJordan Rose/// with no further indirection. 104740d490593e0de8732a697c9f77b90ddd463863bJordan Rosestatic bool isPointerToConst(QualType Ty) { 105740d490593e0de8732a697c9f77b90ddd463863bJordan Rose QualType PointeeTy = Ty->getPointeeType(); 106740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (PointeeTy == QualType()) 107740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 108740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!PointeeTy.isConstQualified()) 109740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 110740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (PointeeTy->isAnyPointerType()) 111740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return false; 112740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return true; 113740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 114740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 115740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// Try to retrieve the function declaration and find the function parameter 116740d490593e0de8732a697c9f77b90ddd463863bJordan Rose// types which are pointers/references to a non-pointer const. 11785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose// We will not invalidate the corresponding argument regions. 118740d490593e0de8732a697c9f77b90ddd463863bJordan Rosestatic void findPtrToConstParams(llvm::SmallSet<unsigned, 1> &PreserveArgs, 119740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const CallEvent &Call) { 120740d490593e0de8732a697c9f77b90ddd463863bJordan Rose unsigned Idx = 0; 121740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (CallEvent::param_type_iterator I = Call.param_type_begin(), 12285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose E = Call.param_type_end(); 123740d490593e0de8732a697c9f77b90ddd463863bJordan Rose I != E; ++I, ++Idx) { 124740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (isPointerToConst(*I)) 125740d490593e0de8732a697c9f77b90ddd463863bJordan Rose PreserveArgs.insert(Idx); 126740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 127740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 128740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 129740d490593e0de8732a697c9f77b90ddd463863bJordan RoseProgramStateRef CallEvent::invalidateRegions(unsigned BlockCount, 130740d490593e0de8732a697c9f77b90ddd463863bJordan Rose ProgramStateRef Orig) const { 131b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose ProgramStateRef Result = (Orig ? Orig : getState()); 132740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 133740d490593e0de8732a697c9f77b90ddd463863bJordan Rose SmallVector<const MemRegion *, 8> RegionsToInvalidate; 1344b3918e9534e46f9ac067c6e0018f94613292efaJordan Rose getExtraInvalidatedRegions(RegionsToInvalidate); 135740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 136740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Indexes of arguments whose values will be preserved by the call. 137740d490593e0de8732a697c9f77b90ddd463863bJordan Rose llvm::SmallSet<unsigned, 1> PreserveArgs; 13885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (!argumentsMayEscape()) 13985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose findPtrToConstParams(PreserveArgs, *this); 140740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 141740d490593e0de8732a697c9f77b90ddd463863bJordan Rose for (unsigned Idx = 0, Count = getNumArgs(); Idx != Count; ++Idx) { 142740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (PreserveArgs.count(Idx)) 143740d490593e0de8732a697c9f77b90ddd463863bJordan Rose continue; 144740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 145740d490593e0de8732a697c9f77b90ddd463863bJordan Rose SVal V = getArgSVal(Idx); 146740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 147740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // If we are passing a location wrapped as an integer, unwrap it and 148740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // invalidate the values referred by the location. 149740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (nonloc::LocAsInteger *Wrapped = dyn_cast<nonloc::LocAsInteger>(&V)) 150740d490593e0de8732a697c9f77b90ddd463863bJordan Rose V = Wrapped->getLoc(); 151740d490593e0de8732a697c9f77b90ddd463863bJordan Rose else if (!isa<Loc>(V)) 152740d490593e0de8732a697c9f77b90ddd463863bJordan Rose continue; 153740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 154740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const MemRegion *R = V.getAsRegion()) { 155740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Invalidate the value of the variable passed by reference. 156740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 157740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Are we dealing with an ElementRegion? If the element type is 158740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // a basic integer type (e.g., char, int) and the underlying region 159740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // is a variable region then strip off the ElementRegion. 160740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // FIXME: We really need to think about this for the general case 161740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // as sometimes we are reasoning about arrays and other times 162740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // about (char*), etc., is just a form of passing raw bytes. 163740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // e.g., void *p = alloca(); foo((char*)p); 164740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) { 165740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Checking for 'integral type' is probably too promiscuous, but 166740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // we'll leave it in for now until we have a systematic way of 167740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // handling all of these cases. Eventually we need to come up 168740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // with an interface to StoreManager so that this logic can be 169740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // appropriately delegated to the respective StoreManagers while 170740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // still allowing us to do checker-specific logic (e.g., 171740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // invalidating reference counts), probably via callbacks. 172740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (ER->getElementType()->isIntegralOrEnumerationType()) { 173740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const MemRegion *superReg = ER->getSuperRegion(); 174740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (isa<VarRegion>(superReg) || isa<FieldRegion>(superReg) || 175740d490593e0de8732a697c9f77b90ddd463863bJordan Rose isa<ObjCIvarRegion>(superReg)) 176740d490593e0de8732a697c9f77b90ddd463863bJordan Rose R = cast<TypedRegion>(superReg); 177740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 178740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // FIXME: What about layers of ElementRegions? 179740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 180740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 181740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Mark this region for invalidation. We batch invalidate regions 182740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // below for efficiency. 183740d490593e0de8732a697c9f77b90ddd463863bJordan Rose RegionsToInvalidate.push_back(R); 184740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 185740d490593e0de8732a697c9f77b90ddd463863bJordan Rose } 186740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 187740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // Invalidate designated regions using the batch invalidation API. 188740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // NOTE: Even if RegionsToInvalidate is empty, we may still invalidate 189740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // global variables. 190740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return Result->invalidateRegions(RegionsToInvalidate, getOriginExpr(), 191b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose BlockCount, getLocationContext(), 192b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose /*Symbols=*/0, this); 193740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 194740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 19528038f33aa2db4833881fea757a1f0daf85ac02bJordan RoseProgramPoint CallEvent::getProgramPoint(bool IsPreVisit, 19628038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose const ProgramPointTag *Tag) const { 19728038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose if (const Expr *E = getOriginExpr()) { 19828038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose if (IsPreVisit) 199b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PreStmt(E, getLocationContext(), Tag); 200b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PostStmt(E, getLocationContext(), Tag); 20128038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose } 20228038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 20328038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose const Decl *D = getDecl(); 20428038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose assert(D && "Cannot get a program point without a statement or decl"); 20528038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 20628038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose SourceLocation Loc = getSourceRange().getBegin(); 20728038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose if (IsPreVisit) 208b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PreImplicitCall(D, Loc, getLocationContext(), Tag); 209b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return PostImplicitCall(D, Loc, getLocationContext(), Tag); 21028038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose} 21128038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 2127c99aa385178c630e29f671299cdd9c104f1c885Jordan RoseSVal CallEvent::getArgSVal(unsigned Index) const { 2137c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose const Expr *ArgE = getArgExpr(Index); 2147c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (!ArgE) 2157c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return UnknownVal(); 2167c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return getSVal(ArgE); 2177c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose} 2187c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2197c99aa385178c630e29f671299cdd9c104f1c885Jordan RoseSourceRange CallEvent::getArgSourceRange(unsigned Index) const { 2207c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose const Expr *ArgE = getArgExpr(Index); 2217c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (!ArgE) 2227c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return SourceRange(); 2237c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return ArgE->getSourceRange(); 2247c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose} 2257c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 22642c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramervoid CallEvent::dump() const { 22742c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramer dump(llvm::errs()); 22842c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramer} 22942c72c258e08ca79c9267346b4badcddd8fcd001Benjamin Kramer 2307c99aa385178c630e29f671299cdd9c104f1c885Jordan Rosevoid CallEvent::dump(raw_ostream &Out) const { 2317c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose ASTContext &Ctx = getState()->getStateManager().getContext(); 2327c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (const Expr *E = getOriginExpr()) { 233d1420c6fa788669e49f21e184927c7833881e399Richard Smith E->printPretty(Out, 0, Ctx.getPrintingPolicy()); 2347c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose Out << "\n"; 2357c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return; 2367c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose } 2377c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2387c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose if (const Decl *D = getDecl()) { 2397c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose Out << "Call to "; 2407c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose D->print(Out, Ctx.getPrintingPolicy()); 2417c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return; 2427c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose } 2437c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 2447c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose // FIXME: a string representation of the kind would be nice. 2457c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose Out << "Unknown call (type " << getKind() << ")"; 2467c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose} 2477c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose 24828038f33aa2db4833881fea757a1f0daf85ac02bJordan Rose 2496062334cc388bce69fb3978c4ecb26c6485a5c2bJordan Rosebool CallEvent::isCallStmt(const Stmt *S) { 2507c99aa385178c630e29f671299cdd9c104f1c885Jordan Rose return isa<CallExpr>(S) || isa<ObjCMessageExpr>(S) 2516062334cc388bce69fb3978c4ecb26c6485a5c2bJordan Rose || isa<CXXConstructExpr>(S) 2526062334cc388bce69fb3978c4ecb26c6485a5c2bJordan Rose || isa<CXXNewExpr>(S); 25385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose} 25485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 255ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosestatic void addParameterValuesToBindings(const StackFrameContext *CalleeCtx, 256ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose CallEvent::BindingsTy &Bindings, 257ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB, 258ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const CallEvent &Call, 259ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose CallEvent::param_iterator I, 260ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose CallEvent::param_iterator E) { 261ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose MemRegionManager &MRMgr = SVB.getRegionManager(); 26285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 263ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose unsigned Idx = 0; 264ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose for (; I != E; ++I, ++Idx) { 265ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ParmVarDecl *ParamDecl = *I; 266ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose assert(ParamDecl && "Formal parameter has no decl?"); 267ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 268ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal ArgVal = Call.getArgSVal(Idx); 269ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!ArgVal.isUnknown()) { 270ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc ParamLoc = SVB.makeLoc(MRMgr.getVarRegion(ParamDecl, CalleeCtx)); 271ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Bindings.push_back(std::make_pair(ParamLoc, ArgVal)); 272ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 273ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 274ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 275ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose // FIXME: Variadic arguments are not handled at all right now. 276ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 277ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 278ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 279ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator AnyFunctionCall::param_begin() const { 280ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const FunctionDecl *D = getDecl(); 281740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 282740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 283740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 284ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_begin(); 285740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 286740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 287ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator AnyFunctionCall::param_end() const { 288ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const FunctionDecl *D = getDecl(); 289740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 290740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 291740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 292ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_end(); 293ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 294ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 295ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid AnyFunctionCall::getInitialStackFrameContents( 296ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 297ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 298ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const FunctionDecl *D = cast<FunctionDecl>(CalleeCtx->getDecl()); 299ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 300ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose addParameterValuesToBindings(CalleeCtx, Bindings, SVB, *this, 301ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose D->param_begin(), D->param_end()); 302740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 303740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 30485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rosebool AnyFunctionCall::argumentsMayEscape() const { 305b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (hasNonZeroCallbackArg()) 30685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 30785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 30885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose const FunctionDecl *D = getDecl(); 30985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (!D) 31085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 31185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 31285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose const IdentifierInfo *II = D->getIdentifier(); 31385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (!II) 31485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 31585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 31685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // This set of "escaping" APIs is 31785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 31885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - 'int pthread_setspecific(ptheread_key k, const void *)' stores a 31985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // value into thread local storage. The value can later be retrieved with 32085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // 'void *ptheread_getspecific(pthread_key)'. So even thought the 32185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // parameter is 'const void *', the region escapes through the call. 32285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (II->isStr("pthread_setspecific")) 32385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 32485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 32585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - xpc_connection_set_context stores a value which can be retrieved later 32685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // with xpc_connection_get_context. 32785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (II->isStr("xpc_connection_set_context")) 32885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 32985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 33085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - funopen - sets a buffer for future IO calls. 33185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (II->isStr("funopen")) 33285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 33385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 33485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StringRef FName = II->getName(); 33585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 33685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - CoreFoundation functions that end with "NoCopy" can free a passed-in 33785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // buffer even if it is const. 33885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (FName.endswith("NoCopy")) 33985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 34085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 34185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - NSXXInsertXX, for example NSMapInsertIfAbsent, since they can 34285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // be deallocated by NSMapRemove. 34385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (FName.startswith("NS") && (FName.find("Insert") != StringRef::npos)) 34485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return true; 34585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 34685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // - Many CF containers allow objects to escape through custom 34785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose // allocators/deallocators upon container construction. (PR12101) 34885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (FName.startswith("CF") || FName.startswith("CG")) { 34985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return StrInStrNoCase(FName, "InsertValue") != StringRef::npos || 35085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "AddValue") != StringRef::npos || 35185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "SetValue") != StringRef::npos || 35285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "WithData") != StringRef::npos || 35385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "AppendValue") != StringRef::npos || 35485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose StrInStrNoCase(FName, "SetAttribute") != StringRef::npos; 35585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose } 35685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 35785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return false; 35885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose} 35985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 36085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 361740d490593e0de8732a697c9f77b90ddd463863bJordan Roseconst FunctionDecl *SimpleCall::getDecl() const { 362b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose const FunctionDecl *D = getOriginExpr()->getDirectCallee(); 363740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (D) 364740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return D; 365740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 366b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return getSVal(getOriginExpr()->getCallee()).getAsFunctionDecl(); 367740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 368740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 36985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 370645baeed6800f952e9ad1d5666e01080385531a2Jordan Roseconst FunctionDecl *CXXInstanceCall::getDecl() const { 371645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose const CallExpr *CE = cast_or_null<CallExpr>(getOriginExpr()); 372645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose if (!CE) 373645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return AnyFunctionCall::getDecl(); 374645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose 375645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose const FunctionDecl *D = CE->getDirectCallee(); 376645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose if (D) 377645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return D; 378645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose 379645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return getSVal(CE->getCallee()).getAsFunctionDecl(); 380645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose} 381645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose 3824b3918e9534e46f9ac067c6e0018f94613292efaJordan Rosevoid CXXInstanceCall::getExtraInvalidatedRegions(RegionList &Regions) const { 383c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose if (const MemRegion *R = getCXXThisVal().getAsRegion()) 384c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose Regions.push_back(R); 385c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose} 386c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 3876ebea89be233eaba5e29de8cf3524ad150c860bbJordan RoseSVal CXXInstanceCall::getCXXThisVal() const { 3886ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose const Expr *Base = getCXXThisExpr(); 3896ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose // FIXME: This doesn't handle an overloaded ->* operator. 3906ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose if (!Base) 3916ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose return UnknownVal(); 3926ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose 3936ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose SVal ThisVal = getSVal(Base); 3946ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose 3956ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose // FIXME: This is only necessary because we can call member functions on 3966ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose // struct rvalues, which do not have regions we can use for a 'this' pointer. 3976ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose // Ideally this should eventually be changed to an assert, i.e. all 3986ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose // non-Unknown, non-null 'this' values should be loc::MemRegionVals. 3996ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose if (isa<DefinedSVal>(ThisVal)) 4006ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose if (!ThisVal.getAsRegion() && !ThisVal.isConstant()) 4016ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose return UnknownVal(); 4026ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose 4036ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose return ThisVal; 4046ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose} 4056ebea89be233eaba5e29de8cf3524ad150c860bbJordan Rose 406c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 407e90d3f847dcce76237078b67db8895eb7a24189eAnna ZaksRuntimeDefinition CXXInstanceCall::getRuntimeDefinition() const { 4080ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Do we have a decl at all? 4099584f67b6da17283a31dedf0a1cab2d83a3d121cJordan Rose const Decl *D = getDecl(); 410c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose if (!D) 411e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks return RuntimeDefinition(); 412c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4130ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // If the method is non-virtual, we know we can inline it. 414c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose const CXXMethodDecl *MD = cast<CXXMethodDecl>(D); 415c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose if (!MD->isVirtual()) 416645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose return AnyFunctionCall::getRuntimeDefinition(); 417c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4180ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Do we know the implicit 'this' object being called? 4190ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose const MemRegion *R = getCXXThisVal().getAsRegion(); 4200ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (!R) 4210ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 4220ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4230ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Do we know anything about the type of 'this'? 4240ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose DynamicTypeInfo DynType = getState()->getDynamicTypeInfo(R); 4250ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (!DynType.isValid()) 4260ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 4270ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4280ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Is the type a C++ class? (This is mostly a defensive check.) 4290ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose QualType RegionType = DynType.getType()->getPointeeType(); 4304e45dba1c0234eec7b7c348dbbf568c5ac9fc471Jordan Rose assert(!RegionType.isNull() && "DynamicTypeInfo should always be a pointer."); 4314e45dba1c0234eec7b7c348dbbf568c5ac9fc471Jordan Rose 4320ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose const CXXRecordDecl *RD = RegionType->getAsCXXRecordDecl(); 433fc87350ce0b279c82b1c9d2647063f4acf48a978Jordan Rose if (!RD || !RD->hasDefinition()) 4340ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 4350ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4360ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Find the decl for this method in that class. 4374e79fdfe22db1c982e8fdf8397fee426a8c57821Jordan Rose const CXXMethodDecl *Result = MD->getCorrespondingMethodInClass(RD, true); 4380ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose assert(Result && "At the very least the static decl should show up."); 4390ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose 4400ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // Does the decl that we found have an implementation? 4410ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose const FunctionDecl *Definition; 4420ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (!Result->hasBody(Definition)) 4430ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(); 444c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4450ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // We found a definition. If we're not sure that this devirtualization is 4460ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // actually what will happen at runtime, make sure to provide the region so 4470ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose // that ExprEngine can decide what to do with it. 4480ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose if (DynType.canBeASubClass()) 4490ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(Definition, R->StripCasts()); 4500ad36baedc516005cb6ea97d96327517ebfe5138Jordan Rose return RuntimeDefinition(Definition, /*DispatchRegion=*/0); 451c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose} 452c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 453ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid CXXInstanceCall::getInitialStackFrameContents( 454ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 455ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 456ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings); 457ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 458b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose // Handle the binding of 'this' in the new stack frame. 459ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal ThisVal = getCXXThisVal(); 460ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!ThisVal.isUnknown()) { 461b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose ProgramStateManager &StateMgr = getState()->getStateManager(); 462b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose SValBuilder &SVB = StateMgr.getSValBuilder(); 4639f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose 464ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const CXXMethodDecl *MD = cast<CXXMethodDecl>(CalleeCtx->getDecl()); 465ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc ThisLoc = SVB.getCXXThis(MD, CalleeCtx); 466b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose 4679f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose // If we devirtualized to a different member function, we need to make sure 4689f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose // we have the proper layering of CXXBaseObjectRegions. 4699f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose if (MD->getCanonicalDecl() != getDecl()->getCanonicalDecl()) { 4708ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose ASTContext &Ctx = SVB.getContext(); 471b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose const CXXRecordDecl *Class = MD->getParent(); 4728ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose QualType Ty = Ctx.getPointerType(Ctx.getRecordType(Class)); 473b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose 4748ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose // FIXME: CallEvent maybe shouldn't be directly accessing StoreManager. 4758ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose bool Failed; 4768ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose ThisVal = StateMgr.getStoreManager().evalDynamicCast(ThisVal, Ty, Failed); 4778ec104b9fffb917924c495ce3dd25694e4e3087aJordan Rose assert(!Failed && "Calling an incorrectly devirtualized method"); 478b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose } 479b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53Jordan Rose 4809f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose if (!ThisVal.isUnknown()) 4819f6441ad92c30028032eb3df6f4a7f2ebe393a68Jordan Rose Bindings.push_back(std::make_pair(ThisLoc, ThisVal)); 482ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 483ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 484ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 485ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 486c36b30c92c78b95fd29fb5d9d6214d737b3bcb02Jordan Rose 4879da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Roseconst Expr *CXXMemberCall::getCXXThisExpr() const { 4889da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Rose return getOriginExpr()->getImplicitObjectArgument(); 489e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 490e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 49185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 4929da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Roseconst Expr *CXXMemberOperatorCall::getCXXThisExpr() const { 4939da59a67a27a4d3fc9d59552f07808a32f85e9d3Jordan Rose return getOriginExpr()->getArg(0); 494e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 495e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 496fdaa33818cf9bad8d092136e73bd2e489cb821baJordan Rose 497740d490593e0de8732a697c9f77b90ddd463863bJordan Roseconst BlockDataRegion *BlockCall::getBlockRegion() const { 498740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const Expr *Callee = getOriginExpr()->getCallee(); 499740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const MemRegion *DataReg = getSVal(Callee).getAsRegion(); 500740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 50169f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return dyn_cast_or_null<BlockDataRegion>(DataReg); 502740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 503740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 504ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator BlockCall::param_begin() const { 50569f87c956b3ac2b80124fd9604af012e1061473aJordan Rose const BlockDecl *D = getBlockDecl(); 50669f87c956b3ac2b80124fd9604af012e1061473aJordan Rose if (!D) 50769f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return 0; 50869f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return D->param_begin(); 509740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 510740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 511ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator BlockCall::param_end() const { 51269f87c956b3ac2b80124fd9604af012e1061473aJordan Rose const BlockDecl *D = getBlockDecl(); 51369f87c956b3ac2b80124fd9604af012e1061473aJordan Rose if (!D) 51469f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return 0; 51569f87c956b3ac2b80124fd9604af012e1061473aJordan Rose return D->param_end(); 516740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 517740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 5184b3918e9534e46f9ac067c6e0018f94613292efaJordan Rosevoid BlockCall::getExtraInvalidatedRegions(RegionList &Regions) const { 51969f87c956b3ac2b80124fd9604af012e1061473aJordan Rose // FIXME: This also needs to invalidate captured globals. 52069f87c956b3ac2b80124fd9604af012e1061473aJordan Rose if (const MemRegion *R = getBlockRegion()) 52169f87c956b3ac2b80124fd9604af012e1061473aJordan Rose Regions.push_back(R); 522740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 523740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 524ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid BlockCall::getInitialStackFrameContents(const StackFrameContext *CalleeCtx, 525ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 526ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const BlockDecl *D = cast<BlockDecl>(CalleeCtx->getDecl()); 527ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 528ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose addParameterValuesToBindings(CalleeCtx, Bindings, SVB, *this, 529ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose D->param_begin(), D->param_end()); 530ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 531ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 532ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 533e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan RoseSVal CXXConstructorCall::getCXXThisVal() const { 534b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (Data) 535b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose return loc::MemRegionVal(static_cast<const MemRegion *>(Data)); 536e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose return UnknownVal(); 537e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 538e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 5394b3918e9534e46f9ac067c6e0018f94613292efaJordan Rosevoid CXXConstructorCall::getExtraInvalidatedRegions(RegionList &Regions) const { 540b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (Data) 541b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose Regions.push_back(static_cast<const MemRegion *>(Data)); 542740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 543740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 544ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid CXXConstructorCall::getInitialStackFrameContents( 545ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 546ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 547ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings); 548ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 549ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal ThisVal = getCXXThisVal(); 550ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!ThisVal.isUnknown()) { 551ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 552ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const CXXMethodDecl *MD = cast<CXXMethodDecl>(CalleeCtx->getDecl()); 553ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc ThisLoc = SVB.getCXXThis(MD, CalleeCtx); 554ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Bindings.push_back(std::make_pair(ThisLoc, ThisVal)); 555ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 556ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 557ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 558ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 55985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 560e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan RoseSVal CXXDestructorCall::getCXXThisVal() const { 561b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose if (Data) 562200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose return loc::MemRegionVal(DtorDataTy::getFromOpaqueValue(Data).getPointer()); 563e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose return UnknownVal(); 564e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose} 565e54cfc7b9990acffd0a8a4ba381717b4bb9f3011Jordan Rose 566200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan RoseRuntimeDefinition CXXDestructorCall::getRuntimeDefinition() const { 567200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose // Base destructors are always called non-virtually. 568200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose // Skip CXXInstanceCall's devirtualization logic in this case. 569200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose if (isBaseDestructor()) 570200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose return AnyFunctionCall::getRuntimeDefinition(); 571200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose 572200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose return CXXInstanceCall::getRuntimeDefinition(); 573200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose} 574200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose 575ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 576ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator ObjCMethodCall::param_begin() const { 577ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ObjCMethodDecl *D = getDecl(); 578740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 579740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 580740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 581ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_begin(); 582740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 583740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 584ef15831780b705475e7b237ac16418e9b53cb7a6Jordan RoseCallEvent::param_iterator ObjCMethodCall::param_end() const { 585ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ObjCMethodDecl *D = getDecl(); 586740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!D) 587740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return 0; 588740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 589ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose return D->param_end(); 590740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 591740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 592740d490593e0de8732a697c9f77b90ddd463863bJordan Rosevoid 5934b3918e9534e46f9ac067c6e0018f94613292efaJordan RoseObjCMethodCall::getExtraInvalidatedRegions(RegionList &Regions) const { 594740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (const MemRegion *R = getReceiverSVal().getAsRegion()) 595740d490593e0de8732a697c9f77b90ddd463863bJordan Rose Regions.push_back(R); 596740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 597740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 5985a90193ad825656d4a03099cd5e9c928d1782b5eAnna ZaksSVal ObjCMethodCall::getSelfSVal() const { 5995a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks const LocationContext *LCtx = getLocationContext(); 6005a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks const ImplicitParamDecl *SelfDecl = LCtx->getSelfDecl(); 6015a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks if (!SelfDecl) 6025a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return SVal(); 6035a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return getState()->getSVal(getState()->getRegion(SelfDecl, LCtx)); 6045a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks} 6055a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 606cde8cdbd6a662c636164465ad309b5f17ff01064Jordan RoseSVal ObjCMethodCall::getReceiverSVal() const { 607740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // FIXME: Is this the best way to handle class receivers? 608740d490593e0de8732a697c9f77b90ddd463863bJordan Rose if (!isInstanceMessage()) 609740d490593e0de8732a697c9f77b90ddd463863bJordan Rose return UnknownVal(); 610740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 611c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks if (const Expr *RecE = getOriginExpr()->getInstanceReceiver()) 612c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks return getSVal(RecE); 613740d490593e0de8732a697c9f77b90ddd463863bJordan Rose 614740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // An instance message with no expression means we are sending to super. 615740d490593e0de8732a697c9f77b90ddd463863bJordan Rose // In this case the object reference is the same as 'self'. 6165a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks assert(getOriginExpr()->getReceiverKind() == ObjCMessageExpr::SuperInstance); 6175a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks SVal SelfVal = getSelfSVal(); 6185a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks assert(SelfVal.isValid() && "Calling super but not in ObjC method"); 6195a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return SelfVal; 6205a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks} 6215a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6225a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaksbool ObjCMethodCall::isReceiverSelfOrSuper() const { 6235a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks if (getOriginExpr()->getReceiverKind() == ObjCMessageExpr::SuperInstance || 6245a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks getOriginExpr()->getReceiverKind() == ObjCMessageExpr::SuperClass) 6255a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return true; 6265a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6275a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks if (!isInstanceMessage()) 6285a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return false; 6295a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6305a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks SVal RecVal = getSVal(getOriginExpr()->getInstanceReceiver()); 6315a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks 6325a90193ad825656d4a03099cd5e9c928d1782b5eAnna Zaks return (RecVal == getSelfSVal()); 633b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose} 634b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7Jordan Rose 6358919e688dc610d1f632a4d43f7f1489f67255476Jordan RoseSourceRange ObjCMethodCall::getSourceRange() const { 6368919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose switch (getMessageKind()) { 6378919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case OCM_Message: 6388919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return getOriginExpr()->getSourceRange(); 6398919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case OCM_PropertyAccess: 6408919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case OCM_Subscript: 6418919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return getContainingPseudoObjectExpr()->getSourceRange(); 6428919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 6437c30427afb4c2171ee4d336477f5e4d7c277ccb4Richard Smith llvm_unreachable("unknown message kind"); 6448919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose} 6458919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6468919e688dc610d1f632a4d43f7f1489f67255476Jordan Rosetypedef llvm::PointerIntPair<const PseudoObjectExpr *, 2> ObjCMessageDataTy; 6478919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6488919e688dc610d1f632a4d43f7f1489f67255476Jordan Roseconst PseudoObjectExpr *ObjCMethodCall::getContainingPseudoObjectExpr() const { 6498919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(Data != 0 && "Lazy lookup not yet performed."); 6508919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(getMessageKind() != OCM_Message && "Explicit message send."); 6518919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return ObjCMessageDataTy::getFromOpaqueValue(Data).getPointer(); 6528919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose} 6538919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6548919e688dc610d1f632a4d43f7f1489f67255476Jordan RoseObjCMessageKind ObjCMethodCall::getMessageKind() const { 6558919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (Data == 0) { 6568919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose ParentMap &PM = getLocationContext()->getParentMap(); 6578919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const Stmt *S = PM.getParent(getOriginExpr()); 6588919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (const PseudoObjectExpr *POE = dyn_cast_or_null<PseudoObjectExpr>(S)) { 6598919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const Expr *Syntactic = POE->getSyntacticForm(); 6608919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6618919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose // This handles the funny case of assigning to the result of a getter. 6628919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose // This can happen if the getter returns a non-const reference. 6638919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (const BinaryOperator *BO = dyn_cast<BinaryOperator>(Syntactic)) 6648919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose Syntactic = BO->getLHS(); 6658919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6668919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose ObjCMessageKind K; 6678919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose switch (Syntactic->getStmtClass()) { 6688919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case Stmt::ObjCPropertyRefExprClass: 6698919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose K = OCM_PropertyAccess; 6708919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose break; 6718919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose case Stmt::ObjCSubscriptRefExprClass: 6728919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose K = OCM_Subscript; 6738919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose break; 6748919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose default: 6758919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose // FIXME: Can this ever happen? 6768919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose K = OCM_Message; 6778919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose break; 6788919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 6798919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6808919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (K != OCM_Message) { 6818919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const_cast<ObjCMethodCall *>(this)->Data 6828919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose = ObjCMessageDataTy(POE, K).getOpaqueValue(); 6838919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(getMessageKind() == K); 6848919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return K; 6858919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 6868919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 6878919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6888919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose const_cast<ObjCMethodCall *>(this)->Data 6898919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose = ObjCMessageDataTy(0, 1).getOpaqueValue(); 6908919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose assert(getMessageKind() == OCM_Message); 6918919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return OCM_Message; 6928919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose } 6938919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose 6948919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose ObjCMessageDataTy Info = ObjCMessageDataTy::getFromOpaqueValue(Data); 6958919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose if (!Info.getPointer()) 6968919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return OCM_Message; 6978919e688dc610d1f632a4d43f7f1489f67255476Jordan Rose return static_cast<ObjCMessageKind>(Info.getInt()); 698740d490593e0de8732a697c9f77b90ddd463863bJordan Rose} 6999dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks 7003f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7013f558af01643787d209a133215b0abec81b5fe30Anna Zaksbool ObjCMethodCall::canBeOverridenInSubclass(ObjCInterfaceDecl *IDecl, 7023f558af01643787d209a133215b0abec81b5fe30Anna Zaks Selector Sel) const { 7033f558af01643787d209a133215b0abec81b5fe30Anna Zaks assert(IDecl); 7043f558af01643787d209a133215b0abec81b5fe30Anna Zaks const SourceManager &SM = 7053f558af01643787d209a133215b0abec81b5fe30Anna Zaks getState()->getStateManager().getContext().getSourceManager(); 7063f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7073f558af01643787d209a133215b0abec81b5fe30Anna Zaks // If the class interface is declared inside the main file, assume it is not 7083f558af01643787d209a133215b0abec81b5fe30Anna Zaks // subcassed. 7093f558af01643787d209a133215b0abec81b5fe30Anna Zaks // TODO: It could actually be subclassed if the subclass is private as well. 7103f558af01643787d209a133215b0abec81b5fe30Anna Zaks // This is probably very rare. 7113f558af01643787d209a133215b0abec81b5fe30Anna Zaks SourceLocation InterfLoc = IDecl->getEndOfDefinitionLoc(); 7123f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (InterfLoc.isValid() && SM.isFromMainFile(InterfLoc)) 7133f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7143f558af01643787d209a133215b0abec81b5fe30Anna Zaks 71538aee3bb4ffe14c8323785ae2fafed6f627fb577Anna Zaks // Assume that property accessors are not overridden. 71638aee3bb4ffe14c8323785ae2fafed6f627fb577Anna Zaks if (getMessageKind() == OCM_PropertyAccess) 71738aee3bb4ffe14c8323785ae2fafed6f627fb577Anna Zaks return false; 7183f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7193f558af01643787d209a133215b0abec81b5fe30Anna Zaks // We assume that if the method is public (declared outside of main file) or 7203f558af01643787d209a133215b0abec81b5fe30Anna Zaks // has a parent which publicly declares the method, the method could be 7213f558af01643787d209a133215b0abec81b5fe30Anna Zaks // overridden in a subclass. 7223f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7233f558af01643787d209a133215b0abec81b5fe30Anna Zaks // Find the first declaration in the class hierarchy that declares 7243f558af01643787d209a133215b0abec81b5fe30Anna Zaks // the selector. 7253f558af01643787d209a133215b0abec81b5fe30Anna Zaks ObjCMethodDecl *D = 0; 7263f558af01643787d209a133215b0abec81b5fe30Anna Zaks while (true) { 7273f558af01643787d209a133215b0abec81b5fe30Anna Zaks D = IDecl->lookupMethod(Sel, true); 7283f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7293f558af01643787d209a133215b0abec81b5fe30Anna Zaks // Cannot find a public definition. 7303f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (!D) 7313f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7323f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7333f558af01643787d209a133215b0abec81b5fe30Anna Zaks // If outside the main file, 7343f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (D->getLocation().isValid() && !SM.isFromMainFile(D->getLocation())) 7353f558af01643787d209a133215b0abec81b5fe30Anna Zaks return true; 7363f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7373f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (D->isOverriding()) { 7383f558af01643787d209a133215b0abec81b5fe30Anna Zaks // Search in the superclass on the next iteration. 7393f558af01643787d209a133215b0abec81b5fe30Anna Zaks IDecl = D->getClassInterface(); 7403f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (!IDecl) 7413f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7423f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7433f558af01643787d209a133215b0abec81b5fe30Anna Zaks IDecl = IDecl->getSuperClass(); 7443f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (!IDecl) 7453f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7463f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7473f558af01643787d209a133215b0abec81b5fe30Anna Zaks continue; 7483f558af01643787d209a133215b0abec81b5fe30Anna Zaks } 7493f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7503f558af01643787d209a133215b0abec81b5fe30Anna Zaks return false; 7513f558af01643787d209a133215b0abec81b5fe30Anna Zaks }; 7523f558af01643787d209a133215b0abec81b5fe30Anna Zaks 7533f558af01643787d209a133215b0abec81b5fe30Anna Zaks llvm_unreachable("The while loop should always terminate."); 7543f558af01643787d209a133215b0abec81b5fe30Anna Zaks} 7553f558af01643787d209a133215b0abec81b5fe30Anna Zaks 756e90d3f847dcce76237078b67db8895eb7a24189eAnna ZaksRuntimeDefinition ObjCMethodCall::getRuntimeDefinition() const { 7572d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks const ObjCMessageExpr *E = getOriginExpr(); 7582d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks assert(E); 759f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks Selector Sel = E->getSelector(); 7602d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks 7612d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks if (E->isInstanceMessage()) { 762f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks 763f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks // Find the the receiver type. 764f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks const ObjCObjectPointerType *ReceiverT = 0; 76554918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks bool CanBeSubClassed = false; 766f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks QualType SupersType = E->getSuperType(); 767e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks const MemRegion *Receiver = 0; 768e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks 769f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks if (!SupersType.isNull()) { 770e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks // Super always means the type of immediate predecessor to the method 771e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks // where the call occurs. 7728ed21ef726be89ef7151b5ff397631379bd8a537Anna Zaks ReceiverT = cast<ObjCObjectPointerType>(SupersType); 773f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks } else { 774e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks Receiver = getReceiverSVal().getAsRegion(); 7754fe64ad383c056774087113561063429103ac9a6Jordan Rose if (!Receiver) 776e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks return RuntimeDefinition(); 7774fe64ad383c056774087113561063429103ac9a6Jordan Rose 77854918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks DynamicTypeInfo DTI = getState()->getDynamicTypeInfo(Receiver); 77954918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks QualType DynType = DTI.getType(); 78054918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks CanBeSubClassed = DTI.canBeASubClass(); 7818ed21ef726be89ef7151b5ff397631379bd8a537Anna Zaks ReceiverT = dyn_cast<ObjCObjectPointerType>(DynType); 78254918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks 78354918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (ReceiverT && CanBeSubClassed) 78454918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (ObjCInterfaceDecl *IDecl = ReceiverT->getInterfaceDecl()) 78554918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (!canBeOverridenInSubclass(IDecl, Sel)) 78654918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks CanBeSubClassed = false; 7879dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks } 7889dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks 789f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks // Lookup the method implementation. 790f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks if (ReceiverT) 7913f558af01643787d209a133215b0abec81b5fe30Anna Zaks if (ObjCInterfaceDecl *IDecl = ReceiverT->getInterfaceDecl()) { 79254918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks const ObjCMethodDecl *MD = IDecl->lookupPrivateMethod(Sel); 79354918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks if (CanBeSubClassed) 79454918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks return RuntimeDefinition(MD, Receiver); 7953f558af01643787d209a133215b0abec81b5fe30Anna Zaks else 79654918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9Anna Zaks return RuntimeDefinition(MD, 0); 7973f558af01643787d209a133215b0abec81b5fe30Anna Zaks } 798f0324d33967f28758f7243c7bb1a469c5a0394b6Anna Zaks 7992d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks } else { 8002d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // This is a class method. 8012d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // If we have type info for the receiver class, we are calling via 8022d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // class name. 8032d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks if (ObjCInterfaceDecl *IDecl = E->getReceiverInterface()) { 8042d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks // Find/Return the method implementation. 8055960f4aeac9760198c80e05d70d8dadb1db0ff0eAnna Zaks return RuntimeDefinition(IDecl->lookupPrivateClassMethod(Sel)); 8062d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks } 8079dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks } 8082d18419a7c8f9a2975d4ed74a202de6467308ad1Anna Zaks 809e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks return RuntimeDefinition(); 8109dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks} 8119dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks 812ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rosevoid ObjCMethodCall::getInitialStackFrameContents( 813ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const StackFrameContext *CalleeCtx, 814ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose BindingsTy &Bindings) const { 815ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const ObjCMethodDecl *D = cast<ObjCMethodDecl>(CalleeCtx->getDecl()); 816ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SValBuilder &SVB = getState()->getStateManager().getSValBuilder(); 817ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose addParameterValuesToBindings(CalleeCtx, Bindings, SVB, *this, 818ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose D->param_begin(), D->param_end()); 819ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 820ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose SVal SelfVal = getReceiverSVal(); 821ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose if (!SelfVal.isUnknown()) { 822ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose const VarDecl *SelfD = CalleeCtx->getAnalysisDeclContext()->getSelfDecl(); 823ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose MemRegionManager &MRMgr = SVB.getRegionManager(); 824ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Loc SelfLoc = SVB.makeLoc(MRMgr.getVarRegion(SelfD, CalleeCtx)); 825ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose Bindings.push_back(std::make_pair(SelfLoc, SelfVal)); 826ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose } 827ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose} 828ef15831780b705475e7b237ac16418e9b53cb7a6Jordan Rose 829645baeed6800f952e9ad1d5666e01080385531a2Jordan RoseCallEventRef<> 830d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan RoseCallEventManager::getSimpleCall(const CallExpr *CE, ProgramStateRef State, 831d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose const LocationContext *LCtx) { 832d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE)) 833d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<CXXMemberCall>(MCE, State, LCtx); 834d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose 835d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (const CXXOperatorCallExpr *OpCE = dyn_cast<CXXOperatorCallExpr>(CE)) { 836d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose const FunctionDecl *DirectCallee = OpCE->getDirectCallee(); 837d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(DirectCallee)) 838d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose if (MD->isInstance()) 839d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<CXXMemberOperatorCall>(OpCE, State, LCtx); 840d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose 841d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose } else if (CE->getCallee()->getType()->isBlockPointerType()) { 842d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<BlockCall>(CE, State, LCtx); 843d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose } 844d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose 845d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose // Otherwise, it's a normal function call, static member function call, or 846d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose // something we can't reason about. 847d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose return create<FunctionCall>(CE, State, LCtx); 848d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose} 84957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 85057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 85157c033621dacd8720ac9ff65a09025f14f70e22fJordan RoseCallEventRef<> 85257c033621dacd8720ac9ff65a09025f14f70e22fJordan RoseCallEventManager::getCaller(const StackFrameContext *CalleeCtx, 85357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose ProgramStateRef State) { 85457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const LocationContext *ParentCtx = CalleeCtx->getParent(); 85557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const LocationContext *CallerCtx = ParentCtx->getCurrentStackFrame(); 85657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose assert(CallerCtx && "This should not be used for top-level stack frames"); 85757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 85857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const Stmt *CallSite = CalleeCtx->getCallSite(); 85957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 86057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose if (CallSite) { 86157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose if (const CallExpr *CE = dyn_cast<CallExpr>(CallSite)) 86257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getSimpleCall(CE, State, CallerCtx); 86357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 86457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose switch (CallSite->getStmtClass()) { 865827eeb63614309bafac9d77a5a3a7ca81f1e4751Jordan Rose case Stmt::CXXConstructExprClass: 866827eeb63614309bafac9d77a5a3a7ca81f1e4751Jordan Rose case Stmt::CXXTemporaryObjectExprClass: { 86757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SValBuilder &SVB = State->getStateManager().getSValBuilder(); 86857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const CXXMethodDecl *Ctor = cast<CXXMethodDecl>(CalleeCtx->getDecl()); 86957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Loc ThisPtr = SVB.getCXXThis(Ctor, CalleeCtx); 87057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SVal ThisVal = State->getSVal(ThisPtr); 87157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 87257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getCXXConstructorCall(cast<CXXConstructExpr>(CallSite), 87357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose ThisVal.getAsRegion(), State, CallerCtx); 87457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose } 87557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose case Stmt::CXXNewExprClass: 87657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getCXXAllocatorCall(cast<CXXNewExpr>(CallSite), State, CallerCtx); 87757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose case Stmt::ObjCMessageExprClass: 87857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getObjCMethodCall(cast<ObjCMessageExpr>(CallSite), 87957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose State, CallerCtx); 88057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose default: 88157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose llvm_unreachable("This is not an inlineable statement."); 88257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose } 88357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose } 88457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 88557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose // Fall back to the CFG. The only thing we haven't handled yet is 88657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose // destructors, though this could change in the future. 88757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const CFGBlock *B = CalleeCtx->getCallSiteBlock(); 88857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose CFGElement E = (*B)[CalleeCtx->getIndex()]; 88957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose assert(isa<CFGImplicitDtor>(E) && "All other CFG elements should have exprs"); 89057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose assert(!isa<CFGTemporaryDtor>(E) && "We don't handle temporaries yet"); 89157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 89257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SValBuilder &SVB = State->getStateManager().getSValBuilder(); 89357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CalleeCtx->getDecl()); 89457c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Loc ThisPtr = SVB.getCXXThis(Dtor, CalleeCtx); 89557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose SVal ThisVal = State->getSVal(ThisPtr); 89657c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 89757c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose const Stmt *Trigger; 89857c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose if (const CFGAutomaticObjDtor *AutoDtor = dyn_cast<CFGAutomaticObjDtor>(&E)) 89957c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Trigger = AutoDtor->getTriggerStmt(); 90057c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose else 90157c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose Trigger = Dtor->getBody(); 90257c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose 90357c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose return getCXXDestructorCall(Dtor, Trigger, ThisVal.getAsRegion(), 904200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose isa<CFGBaseDtor>(E), State, CallerCtx); 90557c033621dacd8720ac9ff65a09025f14f70e22fJordan Rose} 906