CheckerContext.h revision 40d8551890bc8454c4e0a28c9072c9c1d1dd588a
16bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis//== CheckerContext.h - Context info for path-sensitive checkers--*- C++ -*--=// 26bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// 36bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// The LLVM Compiler Infrastructure 46bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// 56bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// This file is distributed under the University of Illinois Open Source 66bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// License. See LICENSE.TXT for details. 76bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// 86bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis//===----------------------------------------------------------------------===// 96bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// 106bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// This file defines CheckerContext that provides contextual info for 116bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// path-sensitive checkers. 126bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis// 136bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis//===----------------------------------------------------------------------===// 146bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 156bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis#ifndef LLVM_CLANG_SA_CORE_PATHSENSITIVE_CHECKERCONTEXT 166bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis#define LLVM_CLANG_SA_CORE_PATHSENSITIVE_CHECKERCONTEXT 176bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 186bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" 1940d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" 205ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks 216bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidisnamespace clang { 226bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidisnamespace ento { 236bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 2440d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// Declares an immutable map of type \p NameTy, suitable for placement into 2540d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// the ProgramState. 2640d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// 2740d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// The macro should not be used inside namespaces, or for traits that must 2840d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// be accessible from more than one translation unit. 2940d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose #define REGISTER_MAP_WITH_PROGRAMSTATE(Name, Key, Value) \ 3040d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose REGISTER_TRAIT_WITH_PROGRAMSTATE(Name, \ 3140d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose CLANG_ENTO_PROGRAMSTATE_MAP(Key, Value)) 3240d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose 3340d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// Declares an immutable list of type \p NameTy, suitable for placement into 3440d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// the ProgramState. 3540d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// 3640d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// The macro should not be used inside namespaces, or for traits that must 3740d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// be accessible from more than one translation unit. 3840d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose #define REGISTER_SET_WITH_PROGRAMSTATE(Name, Elem) \ 3940d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose REGISTER_TRAIT_WITH_PROGRAMSTATE(Name, llvm::ImmutableSet<Elem>) 4040d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose 4140d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// Declares an immutable list of type \p NameTy, suitable for placement into 4240d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// the ProgramState. 4340d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// 4440d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// The macro should not be used inside namespaces, or for traits that must 4540d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose /// be accessible from more than one translation unit. 4640d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose #define REGISTER_LIST_WITH_PROGRAMSTATE(Name, Elem) \ 4740d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose REGISTER_TRAIT_WITH_PROGRAMSTATE(Name, llvm::ImmutableList<Elem>) 4840d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose 4940d8551890bc8454c4e0a28c9072c9c1d1dd588aJordan Rose 506bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidisclass CheckerContext { 516bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis ExprEngine &Eng; 5257300760964904cc022a175643342f29f46b7e6bAnna Zaks /// The current exploded(symbolic execution) graph node. 536bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis ExplodedNode *Pred; 5457300760964904cc022a175643342f29f46b7e6bAnna Zaks /// The flag is true if the (state of the execution) has been modified 5557300760964904cc022a175643342f29f46b7e6bAnna Zaks /// by the checker using this context. For example, a new transition has been 5657300760964904cc022a175643342f29f46b7e6bAnna Zaks /// added or a bug report issued. 5757300760964904cc022a175643342f29f46b7e6bAnna Zaks bool Changed; 5857300760964904cc022a175643342f29f46b7e6bAnna Zaks /// The tagged location, which is used to generate all new nodes. 593f5e8d87dbf449d8b39fe96068415428594d370eAnna Zaks const ProgramPoint Location; 603152b3cb5b6a2f797d0972c81a5eb3fd69c0d620Anna Zaks NodeBuilder &NB; 61063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks 626bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidispublic: 63514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek /// If we are post visiting a call, this flag will be set if the 64514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek /// call was inlined. In all other cases it will be false. 65514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek const bool wasInlined; 66514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek 678ff5c41f2bde7ebbe568b4c15e59f14b8befae66Anna Zaks CheckerContext(NodeBuilder &builder, 6818c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek ExprEngine &eng, 6918c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek ExplodedNode *pred, 70514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek const ProgramPoint &loc, 71514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek bool wasInlined = false) 728ff5c41f2bde7ebbe568b4c15e59f14b8befae66Anna Zaks : Eng(eng), 7318c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek Pred(pred), 7457300760964904cc022a175643342f29f46b7e6bAnna Zaks Changed(false), 753f5e8d87dbf449d8b39fe96068415428594d370eAnna Zaks Location(loc), 76514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek NB(builder), 77514f2c9dcb9e04b52929c5b141a6fe88bd68b33fTed Kremenek wasInlined(wasInlined) { 78777d706547ebc751d998134774d9d5388fff8e02Anna Zaks assert(Pred->getState() && 79777d706547ebc751d998134774d9d5388fff8e02Anna Zaks "We should not call the checkers on an empty state."); 80777d706547ebc751d998134774d9d5388fff8e02Anna Zaks } 816bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 826bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis AnalysisManager &getAnalysisManager() { 836bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return Eng.getAnalysisManager(); 846bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 856bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 866bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis ConstraintManager &getConstraintManager() { 876bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return Eng.getConstraintManager(); 886bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 896bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 906bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis StoreManager &getStoreManager() { 916bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return Eng.getStoreManager(); 926bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 936bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 94255d4d4226b24036ceb11228fbb74286e58620f7Ted Kremenek const AnalyzerOptions::ConfigTable &getConfig() const { 95255d4d4226b24036ceb11228fbb74286e58620f7Ted Kremenek return Eng.getAnalysisManager().options.Config; 967b73e0832b20af1f43601a3d19e76d02d9f4dce5Ted Kremenek } 977b73e0832b20af1f43601a3d19e76d02d9f4dce5Ted Kremenek 98a2a860306e3697fcf7a12c5ba59551ca60578968Anna Zaks /// \brief Returns the previous node in the exploded graph, which includes 99a2a860306e3697fcf7a12c5ba59551ca60578968Anna Zaks /// the state of the program before the checker ran. Note, checkers should 100a2a860306e3697fcf7a12c5ba59551ca60578968Anna Zaks /// not retain the node in their state since the nodes might get invalidated. 10139ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks ExplodedNode *getPredecessor() { return Pred; } 1028bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef getState() const { return Pred->getState(); } 1036bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 10457300760964904cc022a175643342f29f46b7e6bAnna Zaks /// \brief Check if the checker changed the state of the execution; ex: added 10557300760964904cc022a175643342f29f46b7e6bAnna Zaks /// a new transition or a bug report. 10657300760964904cc022a175643342f29f46b7e6bAnna Zaks bool isDifferent() { return Changed; } 10757300760964904cc022a175643342f29f46b7e6bAnna Zaks 1085d0ea6d62e076c776ddad028c4eb615783be1323Anna Zaks /// \brief Returns the number of times the current block has been visited 1095d0ea6d62e076c776ddad028c4eb615783be1323Anna Zaks /// along the analyzed path. 11066c486f275531df6362b3511fc3af6563561801bTed Kremenek unsigned blockCount() const { 11166c486f275531df6362b3511fc3af6563561801bTed Kremenek return NB.getContext().blockCount(); 112ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks } 1135d0ea6d62e076c776ddad028c4eb615783be1323Anna Zaks 1146bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis ASTContext &getASTContext() { 1156bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return Eng.getContext(); 1166bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 117461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks 1184e4d08403ca5cfd4d558fa2936215d3a4e5a528dDavid Blaikie const LangOptions &getLangOpts() const { 1194e4d08403ca5cfd4d558fa2936215d3a4e5a528dDavid Blaikie return Eng.getContext().getLangOpts(); 120461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks } 121461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks 122eeea7c44a6986752fedee1ef1bcef855db373872Anna Zaks const LocationContext *getLocationContext() const { 12339ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks return Pred->getLocationContext(); 12439ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks } 12539ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks 126955cd444f445bcdbade1cdd3926254c8ee7890d8Anna Zaks const StackFrameContext *getStackFrame() const { 127955cd444f445bcdbade1cdd3926254c8ee7890d8Anna Zaks return Pred->getStackFrame(); 128c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks } 129c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks 130fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fecAnna Zaks /// Return true if the current LocationContext has no caller context. 131fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fecAnna Zaks bool inTopFrame() const { return getLocationContext()->inTopFrame(); } 132fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fecAnna Zaks 13305fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3Anna Zaks /// Returns true if the predecessor is within an inlined function/method. 13405fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3Anna Zaks bool isWithinInlined() { 135dc601f4a9f69315521abddbca04d4652deee5fdbAnna Zaks return (getStackFrame()->getParent() != 0); 13605fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3Anna Zaks } 13705fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3Anna Zaks 1386bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis BugReporter &getBugReporter() { 1396bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return Eng.getBugReporter(); 1406bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 1416bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 1426bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis SourceManager &getSourceManager() { 1436bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return getBugReporter().getSourceManager(); 1446bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 1456bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 1466bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis SValBuilder &getSValBuilder() { 1476bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return Eng.getSValBuilder(); 1486bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 1496bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 1503f10e32b15e54f507aed90cb72d73c7acaa500bbAnna Zaks SymbolManager &getSymbolManager() { 1513f10e32b15e54f507aed90cb72d73c7acaa500bbAnna Zaks return getSValBuilder().getSymbolManager(); 1523f10e32b15e54f507aed90cb72d73c7acaa500bbAnna Zaks } 1533f10e32b15e54f507aed90cb72d73c7acaa500bbAnna Zaks 154eeea7c44a6986752fedee1ef1bcef855db373872Anna Zaks bool isObjCGCEnabled() const { 15517a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose return Eng.isObjCGCEnabled(); 15617a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose } 15717a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose 1586a93bd526c5136ee5a26871e829cf5a8548a1c6aAnna Zaks ProgramStateManager &getStateManager() { 1596a93bd526c5136ee5a26871e829cf5a8548a1c6aAnna Zaks return Eng.getStateManager(); 1606a93bd526c5136ee5a26871e829cf5a8548a1c6aAnna Zaks } 1616a93bd526c5136ee5a26871e829cf5a8548a1c6aAnna Zaks 162063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks AnalysisDeclContext *getCurrentAnalysisDeclContext() const { 163063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks return Pred->getLocationContext()->getAnalysisDeclContext(); 164063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks } 165063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks 1663d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks /// \brief If the given node corresponds to a PostStore program point, retrieve 1673d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks /// the location region as it was uttered in the code. 1683d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks /// 1693d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks /// This utility can be useful for generating extensive diagnostics, for 1703d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks /// example, for finding variables that the given symbol was assigned to. 1713d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks static const MemRegion *getLocationRegionIfPostStore(const ExplodedNode *N) { 1723d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks ProgramPoint L = N->getLocation(); 1733d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks if (const PostStore *PSL = dyn_cast<PostStore>(&L)) 1743d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks return reinterpret_cast<const MemRegion*>(PSL->getLocationValue()); 1753d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks return 0; 1763d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks } 1773d7c44e01d568e5d5c0fac9c6ccb3f080157ba19Anna Zaks 178c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks /// \brief Get the value of arbitrary expressions at this point in the path. 179c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks SVal getSVal(const Stmt *S) const { 180c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks return getState()->getSVal(S, getLocationContext()); 181c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks } 182c7ecc43c33a21b82c49664910b19fcc1f555aa51Anna Zaks 1830bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// \brief Generates a new transition in the program state graph 1840bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// (ExplodedGraph). Uses the default CheckerContext predecessor node. 1850bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// 186fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose /// @param State The state of the generated node. If not specified, the state 187fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose /// will not be changed, but the new node will have the checker's tag. 1880bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// @param Tag The tag is used to uniquely identify the creation site. If no 1890bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// tag is specified, a default tag, unique to the given checker, 1900bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// will be used. Tags are used to prevent states generated at 1910bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// different sites from caching out. 192fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose ExplodedNode *addTransition(ProgramStateRef State = 0, 1930bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks const ProgramPointTag *Tag = 0) { 194fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose return addTransitionImpl(State ? State : getState(), false, 0, Tag); 195063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks } 196063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks 1970bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// \brief Generates a new transition with the given predecessor. 1988ba721428af297e540fb40b176eeeea0ee010c1fAnna Zaks /// Allows checkers to generate a chain of nodes. 1990bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// 2000bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// @param State The state of the generated node. 2010bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// @param Pred The transition will be generated from the specified Pred node 2020bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// to the newly generated node. 2030bd6b110e908892d4b5c8671a9f435a1d72ad16aAnna Zaks /// @param Tag The tag to uniquely identify the creation site. 2048bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ExplodedNode *addTransition(ProgramStateRef State, 205fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose ExplodedNode *Pred, 206fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose const ProgramPointTag *Tag = 0) { 207fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose return addTransitionImpl(State, false, Pred, Tag); 2086bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 2096bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 210fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose /// \brief Generate a sink node. Generating a sink stops exploration of the 2118ba721428af297e540fb40b176eeeea0ee010c1fAnna Zaks /// given path. 212fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose ExplodedNode *generateSink(ProgramStateRef State = 0, 213fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose ExplodedNode *Pred = 0, 214fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose const ProgramPointTag *Tag = 0) { 215fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose return addTransitionImpl(State ? State : getState(), true, Pred, Tag); 2166bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 2176bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 218063e0887ad65d666d23ee3178436ad6507abbd1bAnna Zaks /// \brief Emit the diagnostics report. 219785950e59424dca7ce0081bebf13c0acd2c4fff6Jordan Rose void emitReport(BugReport *R) { 22057300760964904cc022a175643342f29f46b7e6bAnna Zaks Changed = true; 221785950e59424dca7ce0081bebf13c0acd2c4fff6Jordan Rose Eng.getBugReporter().emitReport(R); 2226bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 2236bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 224b805c8ff133ef0c62df032fa711d6b13c5afd7f4Anna Zaks /// \brief Get the declaration of the called function (path-sensitive). 225b805c8ff133ef0c62df032fa711d6b13c5afd7f4Anna Zaks const FunctionDecl *getCalleeDecl(const CallExpr *CE) const; 226b805c8ff133ef0c62df032fa711d6b13c5afd7f4Anna Zaks 2270e12ebfd3ef9ad5d894466c6e4910ac5e6041034Anna Zaks /// \brief Get the name of the called function (path-sensitive). 2289b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks StringRef getCalleeName(const FunctionDecl *FunDecl) const; 2299b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks 2305ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks /// \brief Get the identifier of the called function (path-sensitive). 2315ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks const IdentifierInfo *getCalleeIdentifier(const CallExpr *CE) const { 2325ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks const FunctionDecl *FunDecl = getCalleeDecl(CE); 2335ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks if (FunDecl) 2345ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks return FunDecl->getIdentifier(); 2355ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks else 2365ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks return 0; 2375ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks } 2385ac1df3e15f91ed663826faec7efe2462c18d98cAnna Zaks 2399b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks /// \brief Get the name of the called function (path-sensitive). 2409b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks StringRef getCalleeName(const CallExpr *CE) const { 2419b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks const FunctionDecl *FunDecl = getCalleeDecl(CE); 2429b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks return getCalleeName(FunDecl); 2439b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks } 2449b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks 2452f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// \brief Returns true if the callee is an externally-visible function in the 2462f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// top-level namespace, such as \c malloc. 2472f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// 2482f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// If a name is provided, the function must additionally match the given 2492f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// name. 2502f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// 2512f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// Note that this deliberately excludes C++ library functions in the \c std 2522f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// namespace, but will include C library functions accessed through the 2532f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// \c std namespace. This also does not check if the function is declared 2542f3017f9cbd3774f690c979410bfec38423d03afJordan Rose /// as 'extern "C"', or if it uses C++ name mangling. 2552f3017f9cbd3774f690c979410bfec38423d03afJordan Rose static bool isCLibraryFunction(const FunctionDecl *FD, 2562f3017f9cbd3774f690c979410bfec38423d03afJordan Rose StringRef Name = StringRef()); 2570e12ebfd3ef9ad5d894466c6e4910ac5e6041034Anna Zaks 258461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// \brief Depending on wither the location corresponds to a macro, return 259461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// either the macro name or the token spelling. 260461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// 261461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// This could be useful when checkers' logic depends on whether a function 262461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// is called with a given macro argument. For example: 263461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// s = socket(AF_INET,..) 264461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// If AF_INET is a macro, the result should be treated as a source of taint. 265461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// 266461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks /// \sa clang::Lexer::getSpelling(), clang::Lexer::getImmediateMacroName(). 267461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks StringRef getMacroNameOrSpelling(SourceLocation &Loc); 268461af1e502c9bd88330bbf17d449a7593fc0d624Anna Zaks 2696bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidisprivate: 2708bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ExplodedNode *addTransitionImpl(ProgramStateRef State, 27139ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks bool MarkAsSink, 27239ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks ExplodedNode *P = 0, 27339ac1876f6f9a1a8e0070f0df61036c7ba05202bAnna Zaks const ProgramPointTag *Tag = 0) { 274c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks if (!State || (State == Pred->getState() && !Tag && !MarkAsSink)) 275df95d146c13cf02e106b32b01d147577d6d6b5a1Anna Zaks return Pred; 276df95d146c13cf02e106b32b01d147577d6d6b5a1Anna Zaks 27757300760964904cc022a175643342f29f46b7e6bAnna Zaks Changed = true; 278fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose const ProgramPoint &LocalLoc = (Tag ? Location.withTag(Tag) : Location); 279fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose if (!P) 280fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose P = Pred; 281fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose 282fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose ExplodedNode *node; 283fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose if (MarkAsSink) 284fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose node = NB.generateSink(LocalLoc, State, P); 285fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose else 286fa06f0464a04bb7fce1fcfb3780d151bb029e00cJordan Rose node = NB.generateNode(LocalLoc, State, P); 2876bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis return node; 2886bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis } 2896bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis}; 2906bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 29157300760964904cc022a175643342f29f46b7e6bAnna Zaks/// \brief A helper class which wraps a boolean value set to false by default. 29257300760964904cc022a175643342f29f46b7e6bAnna Zaksstruct DefaultBool { 29357300760964904cc022a175643342f29f46b7e6bAnna Zaks bool Val; 29457300760964904cc022a175643342f29f46b7e6bAnna Zaks DefaultBool() : Val(false) {} 29557300760964904cc022a175643342f29f46b7e6bAnna Zaks operator bool() const { return Val; } 29657300760964904cc022a175643342f29f46b7e6bAnna Zaks DefaultBool &operator=(bool b) { Val = b; return *this; } 29757300760964904cc022a175643342f29f46b7e6bAnna Zaks}; 29857300760964904cc022a175643342f29f46b7e6bAnna Zaks 2996bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis} // end GR namespace 3006bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 3016bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis} // end clang namespace 3026bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis 3036bcb48dc67e417e0ecce803f28d13bbea2ee0243Argyrios Kyrtzidis#endif 304