ExprEngine.h revision 4ea9b89ff6dc50d5404eb56cad5e5870bce49ef2
1d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis//===-- ExprEngine.h - Path-Sensitive Expression-Level Dataflow ---*- C++ -*-=// 277349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 377349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// The LLVM Compiler Infrastructure 477349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 577349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// This file is distributed under the University of Illinois Open Source 677349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// License. See LICENSE.TXT for details. 777349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 877349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek//===----------------------------------------------------------------------===// 977349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 10b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek// This file defines a meta-engine for path-sensitive dataflow analysis that 11d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis// is built on CoreEngine, but provides the boilerplate to execute transfer 12b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek// functions and build the ExplodedGraph at the expression level. 1377349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 1477349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek//===----------------------------------------------------------------------===// 1577349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek 16d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis#ifndef LLVM_CLANG_GR_EXPRENGINE 17d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis#define LLVM_CLANG_GR_EXPRENGINE 18d065d6080f0620bb80b933f3f5d52d37bb2ea770Ted Kremenek 199b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 209b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h" 219b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h" 2218c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 235903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" 249b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 25c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramer#include "clang/AST/Expr.h" 26c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek#include "clang/AST/Type.h" 2777349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek 281eb4433ac451dc16f4133a88af2d002ac26c58efMike Stumpnamespace clang { 295a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 301d26f48dc2eea1c07431ca1519d7034a21b9bcffTed Kremenekclass AnalysisDeclContextManager; 31337e4dbc6859589b8878146a88bebf754e916702Ted Kremenekclass CXXCatchStmt; 32c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXConstructExpr; 33c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXDeleteExpr; 34c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXNewExpr; 35c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXTemporaryObjectExpr; 36c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXThisExpr; 37c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass MaterializeTemporaryExpr; 38c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass ObjCAtSynchronizedStmt; 395a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidisclass ObjCForCollectionStmt; 40b1b5daf30d2597e066936772bd206500232d7d65Ted Kremenek 419ef6537a894c33003359b1f9b9676e9178e028b7Ted Kremeneknamespace ento { 425a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 435e2d2c2ee3cf410643e0f9a5701708e51409d973Benjamin Kramerclass AnalysisManager; 44740d490593e0de8732a697c9f77b90ddd463863bJordan Roseclass CallEvent; 4569f87c956b3ac2b80124fd9604af012e1061473aJordan Roseclass SimpleCall; 46f494b579b22f9950f5af021f0bf9879a91bb8b41Steve Naroff 47d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidisclass ExprEngine : public SubEngine { 4825e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu AnalysisManager &AMgr; 49b1b5daf30d2597e066936772bd206500232d7d65Ted Kremenek 501d26f48dc2eea1c07431ca1519d7034a21b9bcffTed Kremenek AnalysisDeclContextManager &AnalysisDeclContexts; 5125e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu 52d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis CoreEngine Engine; 531eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 54b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// G - the simulation graph. 55031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedGraph& G; 561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 57b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// StateMgr - Object that manages the data for all created states. 5818c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek ProgramStateManager StateMgr; 59cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek 60b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// SymMgr - Object that manages the symbol information. 61b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek SymbolManager& SymMgr; 621eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 63846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek /// svalBuilder - SValBuilder object that creates SVals from expressions. 64846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek SValBuilder &svalBuilder; 651eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 66846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek /// EntryNode - The immediate predecessor node. 679c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *EntryNode; 68846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek 69846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek /// CleanedState - The state for EntryNode "cleaned" of all dead 700d093d3005dd583675a45a85bd688063572cc8afTed Kremenek /// variables and symbols (as determined by a liveness analysis). 718bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef CleanedState; 721eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 7366c486f275531df6362b3511fc3af6563561801bTed Kremenek /// currStmt - The current block-level statement. 7466c486f275531df6362b3511fc3af6563561801bTed Kremenek const Stmt *currStmt; 7566c486f275531df6362b3511fc3af6563561801bTed Kremenek unsigned int currStmtIdx; 7666c486f275531df6362b3511fc3af6563561801bTed Kremenek const NodeBuilderContext *currBldrCtx; 771eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 78a81fffe678107d49a9f1c03d80adf85f18a9867fAnna Zaks /// Obj-C Class Identifiers. 79e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek IdentifierInfo* NSExceptionII; 801eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 81a81fffe678107d49a9f1c03d80adf85f18a9867fAnna Zaks /// Obj-C Selectors. 82e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek Selector* NSExceptionInstanceRaiseSelectors; 83e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek Selector RaiseSel; 8417a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose 8517a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose /// Whether or not GC is enabled in this analysis. 8617a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose bool ObjCGCEnabled; 871eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 889e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// The BugReporter associated with this engine. It is important that 899e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// this object be placed at the very end of member variables so that its 90d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// destructor is called before the rest of the ExprEngine is destroyed. 91cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek GRBugReporter BR; 921eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 93fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks /// The functions which have been analyzed through inlining. This is owned by 94fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks /// AnalysisConsumer. It can be null. 95fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks SetOfConstDecls *VisitedCallees; 96fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks 97b22d589e2ccd09cada0bcea136f0966883a8bb11Ted Kremenekpublic: 986a86082f3a06a2dcceaaf63f78a0e52d64bcbaa3Anna Zaks ExprEngine(AnalysisManager &mgr, bool gcEnabled, 99fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks SetOfConstDecls *VisitedCalleesIn, 1003bbd8cd831788c506f2980293eb3c7e1b3ca2501Anna Zaks FunctionSummariesTy *FS); 101cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek 102d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis ~ExprEngine(); 1031eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 104253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks /// Returns true if there is still simulation state on the worklist. 105253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks bool ExecuteWorkList(const LocationContext *L, unsigned Steps = 150000) { 106253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks return Engine.ExecuteWorkList(L, Steps, 0); 1072ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu } 1082ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu 1092ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// Execute the work list with an initial state. Nodes that reaches the exit 1102ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// of the function are added into the Dst set, which represent the exit 111253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks /// state of the function call. Returns true if there is still simulation 112253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks /// state on the worklist. 113253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks bool ExecuteWorkListWithInitialState(const LocationContext *L, unsigned Steps, 1148bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef InitState, 1152ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu ExplodedNodeSet &Dst) { 116253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks return Engine.ExecuteWorkListWithInitialState(L, Steps, InitState, Dst); 117b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek } 1181eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 119b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// getContext - Return the ASTContext associated with this analysis. 1209c378f705405d37f49795d5e915989de774fe11fTed Kremenek ASTContext &getContext() const { return AMgr.getASTContext(); } 1215032ffe4259e7d436f2eb19e5a29fdae559e7c12Zhongxing Xu 1222ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu virtual AnalysisManager &getAnalysisManager() { return AMgr; } 1231eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 124769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis CheckerManager &getCheckerManager() const { 125769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis return *AMgr.getCheckerManager(); 126769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis } 127769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis 128846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek SValBuilder &getSValBuilder() { return svalBuilder; } 1291eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 130cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek BugReporter& getBugReporter() { return BR; } 1311eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 1321aae01a8308d2f8e31adab3f4d7ac35543aac680Anna Zaks const NodeBuilderContext &getBuilderContext() { 13366c486f275531df6362b3511fc3af6563561801bTed Kremenek assert(currBldrCtx); 13466c486f275531df6362b3511fc3af6563561801bTed Kremenek return *currBldrCtx; 1351aae01a8308d2f8e31adab3f4d7ac35543aac680Anna Zaks } 136ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu 13717a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose bool isObjCGCEnabled() { return ObjCGCEnabled; } 1381eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 139ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks const Stmt *getStmt() const; 140ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks 141ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void GenerateAutoTransition(ExplodedNode *N); 142af498a28797c075c48d7e943df5f5a8e78ed8eb0Anna Zaks void enqueueEndOfPath(ExplodedNodeSet &S); 143af498a28797c075c48d7e943df5f5a8e78ed8eb0Anna Zaks void GenerateCallExitNode(ExplodedNode *N); 144ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks 145e01c98767dfd7153c3c84637c36659e3bbe16ff7Ted Kremenek /// ViewGraph - Visualize the ExplodedGraph created by executing the 146e01c98767dfd7153c3c84637c36659e3bbe16ff7Ted Kremenek /// simulation. 147ffe0f43806d4823271c2406c1fccc2373115c36aTed Kremenek void ViewGraph(bool trim = false); 1481eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 149031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu void ViewGraph(ExplodedNode** Beg, ExplodedNode** End); 1501eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 151b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// getInitialState - Return the initial state used for the root vertex 152b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// in the ExplodedGraph. 1538bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef getInitialState(const LocationContext *InitLoc); 1541eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 155031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedGraph& getGraph() { return G; } 156031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu const ExplodedGraph& getGraph() const { return G; } 15750a6d0ce344c02782e0207574005c3b2aaa5077cTed Kremenek 1580b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \brief Run the analyzer's garbage collection - remove dead symbols and 1590b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// bindings. 1600b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// 1610b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \param Node - The predecessor node, from which the processing should 1620b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// start. 1630b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \param Out - The returned set of output nodes. 1640b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \param ReferenceStmt - Run garbage collection using the symbols, 1650b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// which are live before the given statement. 1660b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \param LC - The location context of the ReferenceStmt. 1670b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \param DiagnosticStmt - the statement used to associate the diagnostic 1680b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// message, if any warnings should occur while removing the dead (leaks 1690b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// are usually reported here). 1700b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \param K - In some cases it is possible to use PreStmt kind. (Do 1710b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// not use it unless you know what you are doing.) 1720b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks void removeDead(ExplodedNode *Node, ExplodedNodeSet &Out, 1730b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks const Stmt *ReferenceStmt, const LocationContext *LC, 1740b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks const Stmt *DiagnosticStmt, 1750b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks ProgramPoint::Kind K = ProgramPoint::PreStmtPurgeDeadSymbolsKind); 1760b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks 177e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processCFGElement - Called by CoreEngine. Used to generate new successor 1789c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu /// nodes by processing the 'effects' of a CFG element. 179ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void processCFGElement(const CFGElement E, ExplodedNode *Pred, 180ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks unsigned StmtIdx, NodeBuilderContext *Ctx); 1819c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 182ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void ProcessStmt(const CFGStmt S, ExplodedNode *Pred); 1839c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 184ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void ProcessInitializer(const CFGInitializer I, ExplodedNode *Pred); 1859c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 186ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void ProcessImplicitDtor(const CFGImplicitDtor D, ExplodedNode *Pred); 1871eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 1884ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu void ProcessAutomaticObjDtor(const CFGAutomaticObjDtor D, 189056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 190056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks void ProcessBaseDtor(const CFGBaseDtor D, 191056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 192056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks void ProcessMemberDtor(const CFGMemberDtor D, 193056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 1944ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu void ProcessTemporaryDtor(const CFGTemporaryDtor D, 195056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 1964ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu 19727c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek /// Called by CoreEngine when processing the entrance of a CFGBlock. 198253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks virtual void processCFGBlockEntrance(const BlockEdge &L, 199253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks NodeBuilderWithSinks &nodeBuilder); 20027c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek 201d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessBranch - Called by CoreEngine. Used to generate successor 202b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a branch condition. 2039c378f705405d37f49795d5e915989de774fe11fTed Kremenek void processBranch(const Stmt *Condition, const Stmt *Term, 204a19f4af7a94835ce4693bfe12d6270754e79eb56Anna Zaks NodeBuilderContext& BuilderCtx, 205ad62deeb70e97da6bd514dd390ea1ce6af6ad81dAnna Zaks ExplodedNode *Pred, 2061aae01a8308d2f8e31adab3f4d7ac35543aac680Anna Zaks ExplodedNodeSet &Dst, 207a19f4af7a94835ce4693bfe12d6270754e79eb56Anna Zaks const CFGBlock *DstT, 208a19f4af7a94835ce4693bfe12d6270754e79eb56Anna Zaks const CFGBlock *DstF); 2091eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 210e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processIndirectGoto - Called by CoreEngine. Used to generate successor 211b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a computed goto jump. 212e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processIndirectGoto(IndirectGotoNodeBuilder& builder); 2131eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 214d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessSwitch - Called by CoreEngine. Used to generate successor 215b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a switch statement. 216e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processSwitch(SwitchNodeBuilder& builder); 2171eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 218d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessEndPath - Called by CoreEngine. Used to generate end-of-path 21911062b118476368fa5b294954713e5df97d8599fTed Kremenek /// nodes when the control reaches the end of a function. 220af498a28797c075c48d7e943df5f5a8e78ed8eb0Anna Zaks void processEndOfFunction(NodeBuilderContext& BC); 221102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 222ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek /// Generate the entry node of the callee. 2233070e13dca5bbefa32acb80ce4a7b217a6220983Ted Kremenek void processCallEnter(CallEnter CE, ExplodedNode *Pred); 224102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 2250b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// Generate the sequence of nodes that simulate the call exit and the post 2260b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// visit for CallExpr. 227894212e9510299abb203801e014fec76b7926a05Ted Kremenek void processCallExit(ExplodedNode *Pred); 228102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 229d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// Called by CoreEngine when the analysis worklist has terminated. 230e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processEndWorklist(bool hasWorkRemaining); 231ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek 2329c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalAssume - Callback function invoked by the ConstraintManager when 23332a58084a4c53e6938dd81bfce224db25a5976d1Ted Kremenek /// making assumptions about state values. 2348bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef processAssume(ProgramStateRef state, SVal cond,bool assumption); 2351eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 23618c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek /// wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a 237e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// region change should trigger a processRegionChanges update. 2388bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek bool wantsRegionChangeUpdate(ProgramStateRef state); 239c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose 24018c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek /// processRegionChanges - Called by ProgramStateManager whenever a change is made 241c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose /// to the store. Used to update checkers that track region values. 2428bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef 2438bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek processRegionChanges(ProgramStateRef state, 24435bdbf40624beba3fc00cb72ab444659939c1a6bTed Kremenek const StoreManager::InvalidatedSymbols *invalidated, 245537716ad8dd10f984b6cfe6985afade1185c5e3cJordy Rose ArrayRef<const MemRegion *> ExplicitRegions, 24666c40400e7d6272b0cd675ada18dd62c1f0362c7Anna Zaks ArrayRef<const MemRegion *> Regions, 247740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const CallEvent *Call); 248c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose 249dbd658e139b3e0bf084f75feaea8d844af9e319fJordy Rose /// printState - Called by ProgramStateManager to print checker-specific data. 2508bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek void printState(raw_ostream &Out, ProgramStateRef State, 251dbd658e139b3e0bf084f75feaea8d844af9e319fJordy Rose const char *NL, const char *Sep); 252dbd658e139b3e0bf084f75feaea8d844af9e319fJordy Rose 25318c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek virtual ProgramStateManager& getStateManager() { return StateMgr; } 25490e72e4106a0c3efa7575e9f9cba0c775bb54552Zhongxing Xu 25590e72e4106a0c3efa7575e9f9cba0c775bb54552Zhongxing Xu StoreManager& getStoreManager() { return StateMgr.getStoreManager(); } 2561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 257a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek ConstraintManager& getConstraintManager() { 258a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek return StateMgr.getConstraintManager(); 259a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek } 2601eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 261c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // FIXME: Remove when we migrate over to just using SValBuilder. 2626297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek BasicValueFactory& getBasicVals() { 2636297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek return StateMgr.getBasicVals(); 2646297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 2656297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek const BasicValueFactory& getBasicVals() const { 2666297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek return StateMgr.getBasicVals(); 2676297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 2681eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 269044b6f0417cb98741f277602fabf5f07ec9a02c0Ted Kremenek // FIXME: Remove when we migrate over to just using ValueManager. 27000a3a5f024ac54088ab887712b292171188064f0Ted Kremenek SymbolManager& getSymbolManager() { return SymMgr; } 27100a3a5f024ac54088ab887712b292171188064f0Ted Kremenek const SymbolManager& getSymbolManager() const { return SymMgr; } 2721eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 273bc42c533e7d3d946704a49e242939dd232f33072Tom Care // Functions for external checking of whether we have unfinished work 274422ab7a49a9a4252dbc6350e49d7a5708337b9c7Ted Kremenek bool wasBlocksExhausted() const { return Engine.wasBlocksExhausted(); } 275d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis bool hasEmptyWorkList() const { return !Engine.getWorkList()->hasWork(); } 276422ab7a49a9a4252dbc6350e49d7a5708337b9c7Ted Kremenek bool hasWorkRemaining() const { return Engine.hasWorkRemaining(); } 277bc42c533e7d3d946704a49e242939dd232f33072Tom Care 278d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis const CoreEngine &getCoreEngine() const { return Engine; } 279bc42c533e7d3d946704a49e242939dd232f33072Tom Care 2801670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 281b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// Visit - Transfer function logic for all statements. Dispatches to 282b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// other functions that handle specific kinds of statements. 2839c378f705405d37f49795d5e915989de774fe11fTed Kremenek void Visit(const Stmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst); 2841eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 285c5b1bf10133a8ecbfe9e6b3ec92bae84e3d927e8Ted Kremenek /// VisitArraySubscriptExpr - Transfer function for array accesses. 2869c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitLvalArraySubscriptExpr(const ArraySubscriptExpr *Ex, 2879c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, 2889c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 2891eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 290df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier /// VisitGCCAsmStmt - Transfer function logic for inline asm. 291df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier void VisitGCCAsmStmt(const GCCAsmStmt *A, ExplodedNode *Pred, 292df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier ExplodedNodeSet &Dst); 2938cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier 2948cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier /// VisitMSAsmStmt - Transfer function logic for MS inline asm. 2958cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier void VisitMSAsmStmt(const MSAsmStmt *A, ExplodedNode *Pred, 2968cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier ExplodedNodeSet &Dst); 297df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier 298c95ad9ff6e574aecdd759542d5578bc65d586d93Ted Kremenek /// VisitBlockExpr - Transfer function logic for BlockExprs. 29903509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitBlockExpr(const BlockExpr *BE, ExplodedNode *Pred, 30003509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNodeSet &Dst); 3011eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 302b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitBinaryOperator - Transfer function logic for binary operators. 3039c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitBinaryOperator(const BinaryOperator* B, ExplodedNode *Pred, 3049c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 305469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek 3061eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 307de43424560f1a744de6214dab6bbee28ad8437f5Ted Kremenek /// VisitCall - Transfer function for function calls. 3089c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitCallExpr(const CallExpr *CE, ExplodedNode *Pred, 3099c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3101eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 311b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitCast - Transfer function logic for all casts (implicit and explicit). 31203509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCast(const CastExpr *CastE, const Expr *Ex, ExplodedNode *Pred, 313892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet &Dst); 314e1c2a675e0c089e1f53cbd55d2197a8beaa852aeTed Kremenek 3154f09027385466f1f4c382c80ca77157e2aef97d9Ted Kremenek /// VisitCompoundLiteralExpr - Transfer function logic for compound literals. 3169c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitCompoundLiteralExpr(const CompoundLiteralExpr *CL, 3179c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3181eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 319892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek /// Transfer function logic for DeclRefExprs and BlockDeclRefExprs. 3209c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitCommonDeclRefExpr(const Expr *DR, const NamedDecl *D, 3219c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 32267d1287035767f4f6c8ca0c2bb755990012a44caTed Kremenek 323b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitDeclStmt - Transfer function logic for DeclStmts. 3249c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitDeclStmt(const DeclStmt *DS, ExplodedNode *Pred, 3259c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3261eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 327b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitGuardedExpr - Transfer function logic for ?, __builtin_choose 3289c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitGuardedExpr(const Expr *Ex, const Expr *L, const Expr *R, 3299c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 33061dfbecd8e6181b2ba42ffb5feede27a2bab3b8aTed Kremenek 3319c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitInitListExpr(const InitListExpr *E, ExplodedNode *Pred, 3329c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 333c4f8706b6539e06a5de153bd72850bb2e0a71456Zhongxing Xu 334b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitLogicalExpr - Transfer function logic for '&&', '||' 3359c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitLogicalExpr(const BinaryOperator* B, ExplodedNode *Pred, 3369c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3371eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 338469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek /// VisitMemberExpr - Transfer function for member expressions. 3399c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred, 3409c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3411eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 3424beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek /// Transfer function logic for ObjCAtSynchronizedStmts. 3434beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek void VisitObjCAtSynchronizedStmt(const ObjCAtSynchronizedStmt *S, 3444beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3454beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek 346892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek /// Transfer function logic for computing the lvalue of an Objective-C ivar. 3479c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitLvalObjCIvarRefExpr(const ObjCIvarRefExpr *DR, ExplodedNode *Pred, 3489c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 349af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek 350af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek /// VisitObjCForCollectionStmt - Transfer function logic for 351af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek /// ObjCForCollectionStmt. 3529c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitObjCForCollectionStmt(const ObjCForCollectionStmt *S, 3539c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3541eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 355d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose void VisitObjCMessage(const ObjCMessageExpr *ME, ExplodedNode *Pred, 3569c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3571eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 35802737ed29d7fff2206f7c7ee958cdf0665e35542Ted Kremenek /// VisitReturnStmt - Transfer function logic for return statements. 3599c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitReturnStmt(const ReturnStmt *R, ExplodedNode *Pred, 3609c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3618ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 3628ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor /// VisitOffsetOfExpr - Transfer function for offsetof. 3639c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitOffsetOfExpr(const OffsetOfExpr *Ex, ExplodedNode *Pred, 3649c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3651eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 366f4e3cfbe8abd124be6341ef5d714819b4fbd9082Peter Collingbourne /// VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof. 3679c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex, 3689c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3691eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 370b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitUnaryOperator - Transfer function logic for unary operators. 3719c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitUnaryOperator(const UnaryOperator* B, ExplodedNode *Pred, 3729c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 373bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu 3748ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks /// Handle ++ and -- (both pre- and post-increment). 3758ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks void VisitIncrementDecrementOperator(const UnaryOperator* U, 3768ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks ExplodedNode *Pred, 3778ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks ExplodedNodeSet &Dst); 378337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 379337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek void VisitCXXCatchStmt(const CXXCatchStmt *CS, ExplodedNode *Pred, 380337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek ExplodedNodeSet &Dst); 3818ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks 38203509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXThisExpr(const CXXThisExpr *TE, ExplodedNode *Pred, 383bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu ExplodedNodeSet & Dst); 384d706434b0231c76fd9acf30060646a7aa8f69aefZhongxing Xu 385888c90ac0ef6baf7d47e86cf5cc4715707d223b1Jordan Rose void VisitCXXConstructExpr(const CXXConstructExpr *E, ExplodedNode *Pred, 386888c90ac0ef6baf7d47e86cf5cc4715707d223b1Jordan Rose ExplodedNodeSet &Dst); 387950db87e5efe2ff0c7234116929f8637aaf7ae7aZhongxing Xu 388200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose void VisitCXXDestructor(QualType ObjectType, const MemRegion *Dest, 389200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose const Stmt *S, bool IsBaseDtor, 390b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu ExplodedNode *Pred, ExplodedNodeSet &Dst); 391b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu 39203509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, 393856c6bcaea56e05255e9f3997ddd56b5c18a14f0Zhongxing Xu ExplodedNodeSet &Dst); 394856c6bcaea56e05255e9f3997ddd56b5c18a14f0Zhongxing Xu 39503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXDeleteExpr(const CXXDeleteExpr *CDE, ExplodedNode *Pred, 3966b8513829895e56a7b97e787ea74520bc626512eZhongxing Xu ExplodedNodeSet &Dst); 3976b8513829895e56a7b97e787ea74520bc626512eZhongxing Xu 398bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu /// Create a C++ temporary object for an rvalue. 399eea72a925f294225391ecec876a342771c09b635Ted Kremenek void CreateCXXTemporaryObject(const MaterializeTemporaryExpr *ME, 400eea72a925f294225391ecec876a342771c09b635Ted Kremenek ExplodedNode *Pred, 401bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu ExplodedNodeSet &Dst); 402b277159055933e610bbc80262b600d3ad7e0595cTed Kremenek 4030caa2d47b84337e942b3f6652adfafe4ae506cfeTed Kremenek /// evalEagerlyAssumeBinOpBifurcation - Given the nodes in 'Src', eagerly assume symbolic 40448af2a9c1ed3259512f2d1431720add1fbe8fb5fTed Kremenek /// expressions of the form 'x != 0' and generate new nodes (stored in Dst) 40548af2a9c1ed3259512f2d1431720add1fbe8fb5fTed Kremenek /// with those assumptions. 4060caa2d47b84337e942b3f6652adfafe4ae506cfeTed Kremenek void evalEagerlyAssumeBinOpBifurcation(ExplodedNodeSet &Dst, ExplodedNodeSet &Src, 40703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu const Expr *Ex); 4086c7511db998817e64f2e124013e7d7c9a430c580Ted Kremenek 4096c7511db998817e64f2e124013e7d7c9a430c580Ted Kremenek std::pair<const ProgramPointTag *, const ProgramPointTag*> 4100caa2d47b84337e942b3f6652adfafe4ae506cfeTed Kremenek geteagerlyAssumeBinOpBifurcationTags(); 4111eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4129c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalMinus(SVal X) { 4139c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return X.isValid() ? svalBuilder.evalMinus(cast<NonLoc>(X)) : X; 414b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek } 4151eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4169c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalComplement(SVal X) { 4179c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return X.isValid() ? svalBuilder.evalComplement(cast<NonLoc>(X)) : X; 41890e420321f60860f4c4e7a68ca9f7567824b46ecTed Kremenek } 419248072a8b9cd956c4ac63172fc2af09790f7c6a9Zhongxing Xu 4201670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 4211eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4228bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 423cd8f6ac9b613e1fe962ebf9c87d822ce765275e6Ted Kremenek NonLoc L, NonLoc R, QualType T) { 4249c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return svalBuilder.evalBinOpNN(state, op, L, R, T); 4256297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 42610c16657eec144def180ee53d1e0249c9ed2b3b5Ted Kremenek 4278bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 428cd8f6ac9b613e1fe962ebf9c87d822ce765275e6Ted Kremenek NonLoc L, SVal R, QualType T) { 4299c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return R.isValid() ? svalBuilder.evalBinOpNN(state,op,L, cast<NonLoc>(R), T) : R; 430b640b3b5dfccaf259967cb2cb6755c9aa20d4423Ted Kremenek } 4311eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4328bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek SVal evalBinOp(ProgramStateRef ST, BinaryOperator::Opcode Op, 433ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek SVal LHS, SVal RHS, QualType T) { 4349c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return svalBuilder.evalBinOp(ST, Op, LHS, RHS, T); 435ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek } 4365b9bd2137ebef350af803c634e3fdf5d74678100Ted Kremenek 4371670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekprotected: 4389c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalBind - Handle the semantics of binding a value to a specific location. 4399c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// This method is used by evalStore, VisitDeclStmt, and others. 4409c378f705405d37f49795d5e915989de774fe11fTed Kremenek void evalBind(ExplodedNodeSet &Dst, const Stmt *StoreE, ExplodedNode *Pred, 4413682f1ea9c7fddc7dcbc590891158ba40f7fca16Jordan Rose SVal location, SVal Val, bool atDeclInit = false, 4423682f1ea9c7fddc7dcbc590891158ba40f7fca16Jordan Rose const ProgramPoint *PP = 0); 4431eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4441670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 445b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 446b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // instead. 447834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // FIXME: Comment on the meaning of the arguments, when 'St' may not 448834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // be the same as Pred->state, and when 'location' may not be the 449834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // same as state->getLValue(Ex). 450834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan /// Simulate a read of the result of Ex. 451bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek void evalLoad(ExplodedNodeSet &Dst, 452bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *NodeEx, /* Eventually will be a CFGStmt */ 453bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *BoundExpr, 454bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ExplodedNode *Pred, 455bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ProgramStateRef St, 456bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek SVal location, 457bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const ProgramPointTag *tag = 0, 458652be346f74feba027bcbdeb6a3e3f4755a0e62cZhongxing Xu QualType LoadTy = QualType()); 4591eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 460b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 461b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // instead. 4629c378f705405d37f49795d5e915989de774fe11fTed Kremenek void evalStore(ExplodedNodeSet &Dst, const Expr *AssignE, const Expr *StoreE, 4638bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ExplodedNode *Pred, ProgramStateRef St, SVal TargetLV, SVal Val, 464ca804539d908d3a0e8c72a0df5f1f571d29490bbTed Kremenek const ProgramPointTag *tag = 0); 46569f87c956b3ac2b80124fd9604af012e1061473aJordan Rose 466e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks /// \brief Create a new state in which the call return value is binded to the 467e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks /// call origin expression. 468e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks ProgramStateRef bindReturnValue(const CallEvent &Call, 469e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks const LocationContext *LCtx, 470e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks ProgramStateRef State); 471e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks 472645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose /// Evaluate a call, running pre- and post-call checks and allowing checkers 473645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose /// to be responsible for handling the evaluation of the call itself. 47469f87c956b3ac2b80124fd9604af012e1061473aJordan Rose void evalCall(ExplodedNodeSet &Dst, ExplodedNode *Pred, 475645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose const CallEvent &Call); 476e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks 4779dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks /// \brief Default implementation of call evaluation. 478e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks void defaultEvalCall(NodeBuilder &B, ExplodedNode *Pred, 47969f87c956b3ac2b80124fd9604af012e1061473aJordan Rose const CallEvent &Call); 480834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wanprivate: 481bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek void evalLoadCommon(ExplodedNodeSet &Dst, 482bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *NodeEx, /* Eventually will be a CFGStmt */ 483bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *BoundEx, 484bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ExplodedNode *Pred, 485bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ProgramStateRef St, 486bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek SVal location, 487bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const ProgramPointTag *tag, 488852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek QualType LoadTy); 489852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek 490852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 491852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek // instead. 492bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek void evalLocation(ExplodedNodeSet &Dst, 493bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Stmt *NodeEx, /* This will eventually be a CFGStmt */ 494bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Stmt *BoundEx, 495bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ExplodedNode *Pred, 4968bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef St, SVal location, 497ca804539d908d3a0e8c72a0df5f1f571d29490bbTed Kremenek const ProgramPointTag *tag, bool isLoad); 4981c625f25055331bf76ab5479a8060d2b0f61e8b8Zhongxing Xu 4994ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks /// Count the stack depth and determine if the call is recursive. 5004ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks void examineStackFrames(const Decl *D, const LocationContext *LCtx, 5014ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks bool &IsRecursive, unsigned &StackDepth); 5024ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks 5037fa9b4f258636d89342eda28f21a986c8ac353b1Ted Kremenek bool shouldInlineDecl(const Decl *D, ExplodedNode *Pred); 504e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks bool inlineCall(const CallEvent &Call, const Decl *D, NodeBuilder &Bldr, 505e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks ExplodedNode *Pred, ProgramStateRef State); 506e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks 507e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// \brief Conservatively evaluate call by invalidating regions and binding 508e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// a conjured return value. 509e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks void conservativeEvalCall(const CallEvent &Call, NodeBuilder &Bldr, 510e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks ExplodedNode *Pred, ProgramStateRef State); 511e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks 512e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// \brief Either inline or process the call conservatively (or both), based 513e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// on DynamicDispatchBifurcation data. 514e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks void BifurcateCall(const MemRegion *BifurReg, 515e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks const CallEvent &Call, const Decl *D, NodeBuilder &Bldr, 516e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks ExplodedNode *Pred); 5175903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks 5185903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks bool replayWithoutInlining(ExplodedNode *P, const LocationContext *CalleeLC); 5195903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks}; 5205903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks 5215903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks/// Traits for storing the call processing policy inside GDM. 5225903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks/// The GDM stores the corresponding CallExpr pointer. 5235903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaksstruct ReplayWithoutInlining{}; 5245903a373db3d27794c90b25687e0dd6adb0e497dAnna Zakstemplate <> 5255903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaksstruct ProgramStateTrait<ReplayWithoutInlining> : 5265903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks public ProgramStatePartialTrait<void*> { 5275903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks static void *GDMIndex() { static int index = 0; return &index; } 528b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek}; 5291eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 53065423aeb996a296cf2964f136ce4a4a937bd1687Zhongxing Xu} // end ento namespace 5315a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 532c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek} // end clang namespace 533c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek 534d065d6080f0620bb80b933f3f5d52d37bb2ea770Ted Kremenek#endif 535