ExprEngine.h revision bc403861bc4e6f7ad1371e9e129f0f25b38b3a9a
1d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis//===-- ExprEngine.h - Path-Sensitive Expression-Level Dataflow ---*- C++ -*-=// 277349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 377349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// The LLVM Compiler Infrastructure 477349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 577349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// This file is distributed under the University of Illinois Open Source 677349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// License. See LICENSE.TXT for details. 777349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 877349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek//===----------------------------------------------------------------------===// 977349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 10b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek// This file defines a meta-engine for path-sensitive dataflow analysis that 11d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis// is built on CoreEngine, but provides the boilerplate to execute transfer 12b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek// functions and build the ExplodedGraph at the expression level. 1377349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 1477349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek//===----------------------------------------------------------------------===// 1577349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek 16d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis#ifndef LLVM_CLANG_GR_EXPRENGINE 17d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis#define LLVM_CLANG_GR_EXPRENGINE 18d065d6080f0620bb80b933f3f5d52d37bb2ea770Ted Kremenek 1930a2e16f6c27f888dd11eba6bbbae1e980078fcbChandler Carruth#include "clang/AST/Expr.h" 2030a2e16f6c27f888dd11eba6bbbae1e980078fcbChandler Carruth#include "clang/AST/Type.h" 214ef19205b6912316296db74a9073ad6fa60e4ccaTed Kremenek#include "clang/Analysis/DomainSpecific/ObjCNoReturn.h" 2230a2e16f6c27f888dd11eba6bbbae1e980078fcbChandler Carruth#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 239b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 249b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h" 2518c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 265903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" 2730a2e16f6c27f888dd11eba6bbbae1e980078fcbChandler Carruth#include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h" 2877349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek 291eb4433ac451dc16f4133a88af2d002ac26c58efMike Stumpnamespace clang { 305a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 311d26f48dc2eea1c07431ca1519d7034a21b9bcffTed Kremenekclass AnalysisDeclContextManager; 32337e4dbc6859589b8878146a88bebf754e916702Ted Kremenekclass CXXCatchStmt; 33c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXConstructExpr; 34c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXDeleteExpr; 35c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXNewExpr; 36c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXTemporaryObjectExpr; 37c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass CXXThisExpr; 38c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass MaterializeTemporaryExpr; 39c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramerclass ObjCAtSynchronizedStmt; 405a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidisclass ObjCForCollectionStmt; 41b1b5daf30d2597e066936772bd206500232d7d65Ted Kremenek 429ef6537a894c33003359b1f9b9676e9178e028b7Ted Kremeneknamespace ento { 435a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 445e2d2c2ee3cf410643e0f9a5701708e51409d973Benjamin Kramerclass AnalysisManager; 45740d490593e0de8732a697c9f77b90ddd463863bJordan Roseclass CallEvent; 4669f87c956b3ac2b80124fd9604af012e1061473aJordan Roseclass SimpleCall; 47bc403861bc4e6f7ad1371e9e129f0f25b38b3a9aJordan Roseclass CXXConstructorCall; 48f494b579b22f9950f5af021f0bf9879a91bb8b41Steve Naroff 49d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidisclass ExprEngine : public SubEngine { 5075f31c4862643ab09479c979fabf754e7ffe1460Anna Zakspublic: 5175f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks /// The modes of inlining. 5275f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks enum InliningModes { 5375f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks /// Do not inline any of the callees. 5475f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks Inline_None = 0, 5575f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks /// Inline all callees. 5675f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks Inline_All = 0x1 5775f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks } ; 5875f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks 5975f31c4862643ab09479c979fabf754e7ffe1460Anna Zaksprivate: 6025e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu AnalysisManager &AMgr; 61b1b5daf30d2597e066936772bd206500232d7d65Ted Kremenek 621d26f48dc2eea1c07431ca1519d7034a21b9bcffTed Kremenek AnalysisDeclContextManager &AnalysisDeclContexts; 6325e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu 64d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis CoreEngine Engine; 651eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 66b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// G - the simulation graph. 67031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedGraph& G; 681eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 69b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// StateMgr - Object that manages the data for all created states. 7018c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek ProgramStateManager StateMgr; 71cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek 72b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// SymMgr - Object that manages the symbol information. 73b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek SymbolManager& SymMgr; 741eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 75846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek /// svalBuilder - SValBuilder object that creates SVals from expressions. 76846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek SValBuilder &svalBuilder; 771eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 7866c486f275531df6362b3511fc3af6563561801bTed Kremenek unsigned int currStmtIdx; 7966c486f275531df6362b3511fc3af6563561801bTed Kremenek const NodeBuilderContext *currBldrCtx; 804ef19205b6912316296db74a9073ad6fa60e4ccaTed Kremenek 814ef19205b6912316296db74a9073ad6fa60e4ccaTed Kremenek /// Helper object to determine if an Objective-C message expression 824ef19205b6912316296db74a9073ad6fa60e4ccaTed Kremenek /// implicitly never returns. 834ef19205b6912316296db74a9073ad6fa60e4ccaTed Kremenek ObjCNoReturn ObjCNoRet; 8417a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose 8517a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose /// Whether or not GC is enabled in this analysis. 8617a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose bool ObjCGCEnabled; 871eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 889e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// The BugReporter associated with this engine. It is important that 899e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// this object be placed at the very end of member variables so that its 90d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// destructor is called before the rest of the ExprEngine is destroyed. 91cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek GRBugReporter BR; 921eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 93fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks /// The functions which have been analyzed through inlining. This is owned by 94fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks /// AnalysisConsumer. It can be null. 95fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks SetOfConstDecls *VisitedCallees; 96fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks 9775f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks /// The flag, which specifies the mode of inlining for the engine. 9875f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks InliningModes HowToInline; 9975f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks 100b22d589e2ccd09cada0bcea136f0966883a8bb11Ted Kremenekpublic: 1016a86082f3a06a2dcceaaf63f78a0e52d64bcbaa3Anna Zaks ExprEngine(AnalysisManager &mgr, bool gcEnabled, 102fbcb3f11fc90e9f00e6074e9b118b8dc11ca604cAnna Zaks SetOfConstDecls *VisitedCalleesIn, 10375f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks FunctionSummariesTy *FS, 10475f31c4862643ab09479c979fabf754e7ffe1460Anna Zaks InliningModes HowToInlineIn); 105cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek 106d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis ~ExprEngine(); 1071eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 108253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks /// Returns true if there is still simulation state on the worklist. 109253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks bool ExecuteWorkList(const LocationContext *L, unsigned Steps = 150000) { 110253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks return Engine.ExecuteWorkList(L, Steps, 0); 1112ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu } 1122ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu 1132ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// Execute the work list with an initial state. Nodes that reaches the exit 1142ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// of the function are added into the Dst set, which represent the exit 115253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks /// state of the function call. Returns true if there is still simulation 116253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks /// state on the worklist. 117253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks bool ExecuteWorkListWithInitialState(const LocationContext *L, unsigned Steps, 1188bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef InitState, 1192ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu ExplodedNodeSet &Dst) { 120253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks return Engine.ExecuteWorkListWithInitialState(L, Steps, InitState, Dst); 121b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek } 1221eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 123b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// getContext - Return the ASTContext associated with this analysis. 1249c378f705405d37f49795d5e915989de774fe11fTed Kremenek ASTContext &getContext() const { return AMgr.getASTContext(); } 1255032ffe4259e7d436f2eb19e5a29fdae559e7c12Zhongxing Xu 1262ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu virtual AnalysisManager &getAnalysisManager() { return AMgr; } 1271eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 128769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis CheckerManager &getCheckerManager() const { 129769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis return *AMgr.getCheckerManager(); 130769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis } 131769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5Argyrios Kyrtzidis 132846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek SValBuilder &getSValBuilder() { return svalBuilder; } 1331eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 134cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek BugReporter& getBugReporter() { return BR; } 1351eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 1361aae01a8308d2f8e31adab3f4d7ac35543aac680Anna Zaks const NodeBuilderContext &getBuilderContext() { 13766c486f275531df6362b3511fc3af6563561801bTed Kremenek assert(currBldrCtx); 13866c486f275531df6362b3511fc3af6563561801bTed Kremenek return *currBldrCtx; 1391aae01a8308d2f8e31adab3f4d7ac35543aac680Anna Zaks } 140ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu 14117a38e2636a8b1ce473fc6504c4b16cb09db29f4Jordy Rose bool isObjCGCEnabled() { return ObjCGCEnabled; } 1421eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 143ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks const Stmt *getStmt() const; 144ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks 145ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void GenerateAutoTransition(ExplodedNode *N); 146af498a28797c075c48d7e943df5f5a8e78ed8eb0Anna Zaks void enqueueEndOfPath(ExplodedNodeSet &S); 147af498a28797c075c48d7e943df5f5a8e78ed8eb0Anna Zaks void GenerateCallExitNode(ExplodedNode *N); 148ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks 149e01c98767dfd7153c3c84637c36659e3bbe16ff7Ted Kremenek /// ViewGraph - Visualize the ExplodedGraph created by executing the 150e01c98767dfd7153c3c84637c36659e3bbe16ff7Ted Kremenek /// simulation. 151ffe0f43806d4823271c2406c1fccc2373115c36aTed Kremenek void ViewGraph(bool trim = false); 1521eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 153031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu void ViewGraph(ExplodedNode** Beg, ExplodedNode** End); 1541eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 155b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// getInitialState - Return the initial state used for the root vertex 156b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// in the ExplodedGraph. 1578bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef getInitialState(const LocationContext *InitLoc); 1581eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 159031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedGraph& getGraph() { return G; } 160031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu const ExplodedGraph& getGraph() const { return G; } 16150a6d0ce344c02782e0207574005c3b2aaa5077cTed Kremenek 1620b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// \brief Run the analyzer's garbage collection - remove dead symbols and 16384c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// bindings from the state. 1640b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// 16584c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// Checkers can participate in this process with two callbacks: 16684c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \c checkLiveSymbols and \c checkDeadSymbols. See the CheckerDocumentation 16784c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// class for more information. 16884c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// 16984c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \param Node The predecessor node, from which the processing should start. 17084c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \param Out The returned set of output nodes. 17184c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \param ReferenceStmt The statement which is about to be processed. 17284c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// Everything needed for this statement should be considered live. 17384c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// A null statement means that everything in child LocationContexts 17484c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// is dead. 17584c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \param LC The location context of the \p ReferenceStmt. A null location 17684c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// context means that we have reached the end of analysis and that 17784c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// all statements and local variables should be considered dead. 17884c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \param DiagnosticStmt Used as a location for any warnings that should 17984c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// occur while removing the dead (e.g. leaks). By default, the 18084c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \p ReferenceStmt is used. 18184c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \param K Denotes whether this is a pre- or post-statement purge. This 18284c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// must only be ProgramPoint::PostStmtPurgeDeadSymbolsKind if an 18384c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// entire location context is being cleared, in which case the 18484c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// \p ReferenceStmt must either be a ReturnStmt or \c NULL. Otherwise, 18584c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// it must be ProgramPoint::PreStmtPurgeDeadSymbolsKind (the default) 18684c484545c5906ba55143e212b4a5275ab55889fJordan Rose /// and \p ReferenceStmt must be valid (non-null). 1870b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks void removeDead(ExplodedNode *Node, ExplodedNodeSet &Out, 18884c484545c5906ba55143e212b4a5275ab55889fJordan Rose const Stmt *ReferenceStmt, const LocationContext *LC, 18984c484545c5906ba55143e212b4a5275ab55889fJordan Rose const Stmt *DiagnosticStmt = 0, 1900b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks ProgramPoint::Kind K = ProgramPoint::PreStmtPurgeDeadSymbolsKind); 1910b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks 192e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processCFGElement - Called by CoreEngine. Used to generate new successor 1939c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu /// nodes by processing the 'effects' of a CFG element. 194ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void processCFGElement(const CFGElement E, ExplodedNode *Pred, 195ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks unsigned StmtIdx, NodeBuilderContext *Ctx); 1969c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 197ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void ProcessStmt(const CFGStmt S, ExplodedNode *Pred); 1989c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 199ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void ProcessInitializer(const CFGInitializer I, ExplodedNode *Pred); 2009c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 201ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14Anna Zaks void ProcessImplicitDtor(const CFGImplicitDtor D, ExplodedNode *Pred); 2021eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 2034ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu void ProcessAutomaticObjDtor(const CFGAutomaticObjDtor D, 204056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 205056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks void ProcessBaseDtor(const CFGBaseDtor D, 206056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 207056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks void ProcessMemberDtor(const CFGMemberDtor D, 208056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 2094ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu void ProcessTemporaryDtor(const CFGTemporaryDtor D, 210056c4b46335a3bd2612414735d5749ee159c0165Anna Zaks ExplodedNode *Pred, ExplodedNodeSet &Dst); 2114ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu 21227c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek /// Called by CoreEngine when processing the entrance of a CFGBlock. 213253955ca25c7e7049963b5db613c0cd15d66e4f8Anna Zaks virtual void processCFGBlockEntrance(const BlockEdge &L, 214b355be838a22a511d078504b2277f70aea52ca85Anna Zaks NodeBuilderWithSinks &nodeBuilder, 215b355be838a22a511d078504b2277f70aea52ca85Anna Zaks ExplodedNode *Pred); 21627c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek 217d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessBranch - Called by CoreEngine. Used to generate successor 218b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a branch condition. 2199c378f705405d37f49795d5e915989de774fe11fTed Kremenek void processBranch(const Stmt *Condition, const Stmt *Term, 220a19f4af7a94835ce4693bfe12d6270754e79eb56Anna Zaks NodeBuilderContext& BuilderCtx, 221ad62deeb70e97da6bd514dd390ea1ce6af6ad81dAnna Zaks ExplodedNode *Pred, 2221aae01a8308d2f8e31adab3f4d7ac35543aac680Anna Zaks ExplodedNodeSet &Dst, 223a19f4af7a94835ce4693bfe12d6270754e79eb56Anna Zaks const CFGBlock *DstT, 224a19f4af7a94835ce4693bfe12d6270754e79eb56Anna Zaks const CFGBlock *DstF); 2251eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 226e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processIndirectGoto - Called by CoreEngine. Used to generate successor 227b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a computed goto jump. 228e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processIndirectGoto(IndirectGotoNodeBuilder& builder); 2291eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 230d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessSwitch - Called by CoreEngine. Used to generate successor 231b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a switch statement. 232e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processSwitch(SwitchNodeBuilder& builder); 2331eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 234344c77aac25e5d960aced3f45fbaa09853383f6dAnna Zaks /// Called by CoreEngine. Used to generate end-of-path 235344c77aac25e5d960aced3f45fbaa09853383f6dAnna Zaks /// nodes when the control reaches the end of a function. 236b355be838a22a511d078504b2277f70aea52ca85Anna Zaks void processEndOfFunction(NodeBuilderContext& BC, 237b355be838a22a511d078504b2277f70aea52ca85Anna Zaks ExplodedNode *Pred); 238102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 2398501b7a1c4c4a9ba0ea6cb8e500e601ef3759debAnna Zaks /// Remove dead bindings/symbols before exiting a function. 2408501b7a1c4c4a9ba0ea6cb8e500e601ef3759debAnna Zaks void removeDeadOnEndOfFunction(NodeBuilderContext& BC, 2418501b7a1c4c4a9ba0ea6cb8e500e601ef3759debAnna Zaks ExplodedNode *Pred, 2428501b7a1c4c4a9ba0ea6cb8e500e601ef3759debAnna Zaks ExplodedNodeSet &Dst); 2438501b7a1c4c4a9ba0ea6cb8e500e601ef3759debAnna Zaks 244ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek /// Generate the entry node of the callee. 2453070e13dca5bbefa32acb80ce4a7b217a6220983Ted Kremenek void processCallEnter(CallEnter CE, ExplodedNode *Pred); 246102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 2470b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// Generate the sequence of nodes that simulate the call exit and the post 2480b3ade86a1c60cf0c7b56aa238aff458eb7f5974Anna Zaks /// visit for CallExpr. 249894212e9510299abb203801e014fec76b7926a05Ted Kremenek void processCallExit(ExplodedNode *Pred); 250102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 251d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// Called by CoreEngine when the analysis worklist has terminated. 252e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processEndWorklist(bool hasWorkRemaining); 253ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek 2549c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalAssume - Callback function invoked by the ConstraintManager when 25532a58084a4c53e6938dd81bfce224db25a5976d1Ted Kremenek /// making assumptions about state values. 2568bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef processAssume(ProgramStateRef state, SVal cond,bool assumption); 2571eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 25818c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek /// wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a 259e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// region change should trigger a processRegionChanges update. 2608bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek bool wantsRegionChangeUpdate(ProgramStateRef state); 261c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose 26218c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek /// processRegionChanges - Called by ProgramStateManager whenever a change is made 263c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose /// to the store. Used to update checkers that track region values. 2648bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef 2658bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek processRegionChanges(ProgramStateRef state, 266bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks const InvalidatedSymbols *invalidated, 267537716ad8dd10f984b6cfe6985afade1185c5e3cJordy Rose ArrayRef<const MemRegion *> ExplicitRegions, 26866c40400e7d6272b0cd675ada18dd62c1f0362c7Anna Zaks ArrayRef<const MemRegion *> Regions, 269740d490593e0de8732a697c9f77b90ddd463863bJordan Rose const CallEvent *Call); 270c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose 271dbd658e139b3e0bf084f75feaea8d844af9e319fJordy Rose /// printState - Called by ProgramStateManager to print checker-specific data. 2728bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek void printState(raw_ostream &Out, ProgramStateRef State, 273dbd658e139b3e0bf084f75feaea8d844af9e319fJordy Rose const char *NL, const char *Sep); 274dbd658e139b3e0bf084f75feaea8d844af9e319fJordy Rose 27518c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek virtual ProgramStateManager& getStateManager() { return StateMgr; } 27690e72e4106a0c3efa7575e9f9cba0c775bb54552Zhongxing Xu 27790e72e4106a0c3efa7575e9f9cba0c775bb54552Zhongxing Xu StoreManager& getStoreManager() { return StateMgr.getStoreManager(); } 2781eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 279a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek ConstraintManager& getConstraintManager() { 280a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek return StateMgr.getConstraintManager(); 281a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek } 2821eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 283c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // FIXME: Remove when we migrate over to just using SValBuilder. 2846297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek BasicValueFactory& getBasicVals() { 2856297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek return StateMgr.getBasicVals(); 2866297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 2871eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 288044b6f0417cb98741f277602fabf5f07ec9a02c0Ted Kremenek // FIXME: Remove when we migrate over to just using ValueManager. 28900a3a5f024ac54088ab887712b292171188064f0Ted Kremenek SymbolManager& getSymbolManager() { return SymMgr; } 29000a3a5f024ac54088ab887712b292171188064f0Ted Kremenek const SymbolManager& getSymbolManager() const { return SymMgr; } 2911eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 292bc42c533e7d3d946704a49e242939dd232f33072Tom Care // Functions for external checking of whether we have unfinished work 293422ab7a49a9a4252dbc6350e49d7a5708337b9c7Ted Kremenek bool wasBlocksExhausted() const { return Engine.wasBlocksExhausted(); } 294d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis bool hasEmptyWorkList() const { return !Engine.getWorkList()->hasWork(); } 295422ab7a49a9a4252dbc6350e49d7a5708337b9c7Ted Kremenek bool hasWorkRemaining() const { return Engine.hasWorkRemaining(); } 296bc42c533e7d3d946704a49e242939dd232f33072Tom Care 297d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis const CoreEngine &getCoreEngine() const { return Engine; } 298bc42c533e7d3d946704a49e242939dd232f33072Tom Care 2991670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 300b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// Visit - Transfer function logic for all statements. Dispatches to 301b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// other functions that handle specific kinds of statements. 3029c378f705405d37f49795d5e915989de774fe11fTed Kremenek void Visit(const Stmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst); 3031eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 304c5b1bf10133a8ecbfe9e6b3ec92bae84e3d927e8Ted Kremenek /// VisitArraySubscriptExpr - Transfer function for array accesses. 3059c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitLvalArraySubscriptExpr(const ArraySubscriptExpr *Ex, 3069c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, 3079c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3081eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 309df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier /// VisitGCCAsmStmt - Transfer function logic for inline asm. 310df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier void VisitGCCAsmStmt(const GCCAsmStmt *A, ExplodedNode *Pred, 311df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier ExplodedNodeSet &Dst); 3128cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier 3138cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier /// VisitMSAsmStmt - Transfer function logic for MS inline asm. 3148cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier void VisitMSAsmStmt(const MSAsmStmt *A, ExplodedNode *Pred, 3158cd64b4c5553fa6284d248336cb7c82dc960a394Chad Rosier ExplodedNodeSet &Dst); 316df5faf5e7ae6823d0af0b801c4ac26d47f2cee97Chad Rosier 317c95ad9ff6e574aecdd759542d5578bc65d586d93Ted Kremenek /// VisitBlockExpr - Transfer function logic for BlockExprs. 31803509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitBlockExpr(const BlockExpr *BE, ExplodedNode *Pred, 31903509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNodeSet &Dst); 3201eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 321b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitBinaryOperator - Transfer function logic for binary operators. 3229c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitBinaryOperator(const BinaryOperator* B, ExplodedNode *Pred, 3239c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 324469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek 3251eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 326de43424560f1a744de6214dab6bbee28ad8437f5Ted Kremenek /// VisitCall - Transfer function for function calls. 3279c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitCallExpr(const CallExpr *CE, ExplodedNode *Pred, 3289c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3291eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 330b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitCast - Transfer function logic for all casts (implicit and explicit). 33103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCast(const CastExpr *CastE, const Expr *Ex, ExplodedNode *Pred, 332892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet &Dst); 333e1c2a675e0c089e1f53cbd55d2197a8beaa852aeTed Kremenek 3344f09027385466f1f4c382c80ca77157e2aef97d9Ted Kremenek /// VisitCompoundLiteralExpr - Transfer function logic for compound literals. 3359c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitCompoundLiteralExpr(const CompoundLiteralExpr *CL, 3369c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3371eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 338892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek /// Transfer function logic for DeclRefExprs and BlockDeclRefExprs. 3399c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitCommonDeclRefExpr(const Expr *DR, const NamedDecl *D, 3409c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 34167d1287035767f4f6c8ca0c2bb755990012a44caTed Kremenek 342b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitDeclStmt - Transfer function logic for DeclStmts. 3439c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitDeclStmt(const DeclStmt *DS, ExplodedNode *Pred, 3449c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3451eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 346b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitGuardedExpr - Transfer function logic for ?, __builtin_choose 3479c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitGuardedExpr(const Expr *Ex, const Expr *L, const Expr *R, 3489c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 34961dfbecd8e6181b2ba42ffb5feede27a2bab3b8aTed Kremenek 3509c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitInitListExpr(const InitListExpr *E, ExplodedNode *Pred, 3519c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 352c4f8706b6539e06a5de153bd72850bb2e0a71456Zhongxing Xu 353b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitLogicalExpr - Transfer function logic for '&&', '||' 3549c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitLogicalExpr(const BinaryOperator* B, ExplodedNode *Pred, 3559c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 357469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek /// VisitMemberExpr - Transfer function for member expressions. 3589c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred, 3599c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3601eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 3614beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek /// Transfer function logic for ObjCAtSynchronizedStmts. 3624beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek void VisitObjCAtSynchronizedStmt(const ObjCAtSynchronizedStmt *S, 3634beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3644beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek 365892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek /// Transfer function logic for computing the lvalue of an Objective-C ivar. 3669c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitLvalObjCIvarRefExpr(const ObjCIvarRefExpr *DR, ExplodedNode *Pred, 3679c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 368af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek 369af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek /// VisitObjCForCollectionStmt - Transfer function logic for 370af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek /// ObjCForCollectionStmt. 3719c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitObjCForCollectionStmt(const ObjCForCollectionStmt *S, 3729c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3731eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 374d563d3fb73879df7147b8a5302c3bf0e1402ba18Jordan Rose void VisitObjCMessage(const ObjCMessageExpr *ME, ExplodedNode *Pred, 3759c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3761eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 37702737ed29d7fff2206f7c7ee958cdf0665e35542Ted Kremenek /// VisitReturnStmt - Transfer function logic for return statements. 3789c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitReturnStmt(const ReturnStmt *R, ExplodedNode *Pred, 3799c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3808ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 3818ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor /// VisitOffsetOfExpr - Transfer function for offsetof. 3829c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitOffsetOfExpr(const OffsetOfExpr *Ex, ExplodedNode *Pred, 3839c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 3841eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 385f4e3cfbe8abd124be6341ef5d714819b4fbd9082Peter Collingbourne /// VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof. 3869c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex, 3879c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3881eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 389b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitUnaryOperator - Transfer function logic for unary operators. 3909c378f705405d37f49795d5e915989de774fe11fTed Kremenek void VisitUnaryOperator(const UnaryOperator* B, ExplodedNode *Pred, 3919c378f705405d37f49795d5e915989de774fe11fTed Kremenek ExplodedNodeSet &Dst); 392bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu 3938ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks /// Handle ++ and -- (both pre- and post-increment). 3948ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks void VisitIncrementDecrementOperator(const UnaryOperator* U, 3958ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks ExplodedNode *Pred, 3968ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks ExplodedNodeSet &Dst); 397337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 398337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek void VisitCXXCatchStmt(const CXXCatchStmt *CS, ExplodedNode *Pred, 399337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek ExplodedNodeSet &Dst); 4008ad8c546372fe602708cb7ceeaf0ebbb866735c6Anna Zaks 40103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXThisExpr(const CXXThisExpr *TE, ExplodedNode *Pred, 402bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu ExplodedNodeSet & Dst); 403d706434b0231c76fd9acf30060646a7aa8f69aefZhongxing Xu 404888c90ac0ef6baf7d47e86cf5cc4715707d223b1Jordan Rose void VisitCXXConstructExpr(const CXXConstructExpr *E, ExplodedNode *Pred, 405888c90ac0ef6baf7d47e86cf5cc4715707d223b1Jordan Rose ExplodedNodeSet &Dst); 406950db87e5efe2ff0c7234116929f8637aaf7ae7aZhongxing Xu 407200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose void VisitCXXDestructor(QualType ObjectType, const MemRegion *Dest, 408200fa2e70d52ae6d620e81cd45536071fdde70c0Jordan Rose const Stmt *S, bool IsBaseDtor, 409b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu ExplodedNode *Pred, ExplodedNodeSet &Dst); 410b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu 41103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, 412856c6bcaea56e05255e9f3997ddd56b5c18a14f0Zhongxing Xu ExplodedNodeSet &Dst); 413856c6bcaea56e05255e9f3997ddd56b5c18a14f0Zhongxing Xu 41403509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXDeleteExpr(const CXXDeleteExpr *CDE, ExplodedNode *Pred, 4156b8513829895e56a7b97e787ea74520bc626512eZhongxing Xu ExplodedNodeSet &Dst); 4166b8513829895e56a7b97e787ea74520bc626512eZhongxing Xu 417bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu /// Create a C++ temporary object for an rvalue. 418eea72a925f294225391ecec876a342771c09b635Ted Kremenek void CreateCXXTemporaryObject(const MaterializeTemporaryExpr *ME, 419eea72a925f294225391ecec876a342771c09b635Ted Kremenek ExplodedNode *Pred, 420bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu ExplodedNodeSet &Dst); 421b277159055933e610bbc80262b600d3ad7e0595cTed Kremenek 4220caa2d47b84337e942b3f6652adfafe4ae506cfeTed Kremenek /// evalEagerlyAssumeBinOpBifurcation - Given the nodes in 'Src', eagerly assume symbolic 42348af2a9c1ed3259512f2d1431720add1fbe8fb5fTed Kremenek /// expressions of the form 'x != 0' and generate new nodes (stored in Dst) 42448af2a9c1ed3259512f2d1431720add1fbe8fb5fTed Kremenek /// with those assumptions. 4250caa2d47b84337e942b3f6652adfafe4ae506cfeTed Kremenek void evalEagerlyAssumeBinOpBifurcation(ExplodedNodeSet &Dst, ExplodedNodeSet &Src, 42603509aea098772644bf4662dc1c88634818ceeccZhongxing Xu const Expr *Ex); 4276c7511db998817e64f2e124013e7d7c9a430c580Ted Kremenek 4286c7511db998817e64f2e124013e7d7c9a430c580Ted Kremenek std::pair<const ProgramPointTag *, const ProgramPointTag*> 4290caa2d47b84337e942b3f6652adfafe4ae506cfeTed Kremenek geteagerlyAssumeBinOpBifurcationTags(); 4301eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4319c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalMinus(SVal X) { 4329c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return X.isValid() ? svalBuilder.evalMinus(cast<NonLoc>(X)) : X; 433b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek } 4341eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4359c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalComplement(SVal X) { 4369c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return X.isValid() ? svalBuilder.evalComplement(cast<NonLoc>(X)) : X; 43790e420321f60860f4c4e7a68ca9f7567824b46ecTed Kremenek } 438248072a8b9cd956c4ac63172fc2af09790f7c6a9Zhongxing Xu 4391670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 4401eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4418bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 442cd8f6ac9b613e1fe962ebf9c87d822ce765275e6Ted Kremenek NonLoc L, NonLoc R, QualType T) { 4439c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return svalBuilder.evalBinOpNN(state, op, L, R, T); 4446297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 44510c16657eec144def180ee53d1e0249c9ed2b3b5Ted Kremenek 4468bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 447cd8f6ac9b613e1fe962ebf9c87d822ce765275e6Ted Kremenek NonLoc L, SVal R, QualType T) { 4489c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return R.isValid() ? svalBuilder.evalBinOpNN(state,op,L, cast<NonLoc>(R), T) : R; 449b640b3b5dfccaf259967cb2cb6755c9aa20d4423Ted Kremenek } 4501eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4518bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek SVal evalBinOp(ProgramStateRef ST, BinaryOperator::Opcode Op, 452ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek SVal LHS, SVal RHS, QualType T) { 4539c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return svalBuilder.evalBinOp(ST, Op, LHS, RHS, T); 454ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek } 4555b9bd2137ebef350af803c634e3fdf5d74678100Ted Kremenek 4561670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekprotected: 4579c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalBind - Handle the semantics of binding a value to a specific location. 4589c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// This method is used by evalStore, VisitDeclStmt, and others. 4599c378f705405d37f49795d5e915989de774fe11fTed Kremenek void evalBind(ExplodedNodeSet &Dst, const Stmt *StoreE, ExplodedNode *Pred, 4603682f1ea9c7fddc7dcbc590891158ba40f7fca16Jordan Rose SVal location, SVal Val, bool atDeclInit = false, 4613682f1ea9c7fddc7dcbc590891158ba40f7fca16Jordan Rose const ProgramPoint *PP = 0); 4621eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4631655bcd052a67a3050fc55df8ecce57342352e68Anna Zaks /// Call PointerEscape callback when a value escapes as a result of bind. 464bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks ProgramStateRef processPointerEscapedOnBind(ProgramStateRef State, 465bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks SVal Loc, SVal Val); 4661655bcd052a67a3050fc55df8ecce57342352e68Anna Zaks /// Call PointerEscape callback when a value escapes as a result of 4671655bcd052a67a3050fc55df8ecce57342352e68Anna Zaks /// region invalidation. 468bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks ProgramStateRef processPointerEscapedOnInvalidateRegions( 469bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks ProgramStateRef State, 470bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks const InvalidatedSymbols *Invalidated, 471bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks ArrayRef<const MemRegion *> ExplicitRegions, 472bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks ArrayRef<const MemRegion *> Regions, 473bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks const CallEvent *Call); 474bf53dfac8195835028bd6347433f7dbebcc29fc1Anna Zaks 4751670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 476b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 477b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // instead. 478834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // FIXME: Comment on the meaning of the arguments, when 'St' may not 479834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // be the same as Pred->state, and when 'location' may not be the 480834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // same as state->getLValue(Ex). 481834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan /// Simulate a read of the result of Ex. 482bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek void evalLoad(ExplodedNodeSet &Dst, 483bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *NodeEx, /* Eventually will be a CFGStmt */ 484bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *BoundExpr, 485bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ExplodedNode *Pred, 486bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ProgramStateRef St, 487bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek SVal location, 488bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const ProgramPointTag *tag = 0, 489652be346f74feba027bcbdeb6a3e3f4755a0e62cZhongxing Xu QualType LoadTy = QualType()); 4901eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 491b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 492b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // instead. 4939c378f705405d37f49795d5e915989de774fe11fTed Kremenek void evalStore(ExplodedNodeSet &Dst, const Expr *AssignE, const Expr *StoreE, 4948bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ExplodedNode *Pred, ProgramStateRef St, SVal TargetLV, SVal Val, 495ca804539d908d3a0e8c72a0df5f1f571d29490bbTed Kremenek const ProgramPointTag *tag = 0); 49669f87c956b3ac2b80124fd9604af012e1061473aJordan Rose 497e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks /// \brief Create a new state in which the call return value is binded to the 498e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks /// call origin expression. 499e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks ProgramStateRef bindReturnValue(const CallEvent &Call, 500e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks const LocationContext *LCtx, 501e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks ProgramStateRef State); 502e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks 503645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose /// Evaluate a call, running pre- and post-call checks and allowing checkers 504645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose /// to be responsible for handling the evaluation of the call itself. 50569f87c956b3ac2b80124fd9604af012e1061473aJordan Rose void evalCall(ExplodedNodeSet &Dst, ExplodedNode *Pred, 506645baeed6800f952e9ad1d5666e01080385531a2Jordan Rose const CallEvent &Call); 507e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks 5089dc5167e4017ef4c8b327abb6f72225eec2e0f19Anna Zaks /// \brief Default implementation of call evaluation. 509e81ce256b62717dd846bd19aecc4115a0dcd4995Anna Zaks void defaultEvalCall(NodeBuilder &B, ExplodedNode *Pred, 51069f87c956b3ac2b80124fd9604af012e1061473aJordan Rose const CallEvent &Call); 511834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wanprivate: 512bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek void evalLoadCommon(ExplodedNodeSet &Dst, 513bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *NodeEx, /* Eventually will be a CFGStmt */ 514bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Expr *BoundEx, 515bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ExplodedNode *Pred, 516bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ProgramStateRef St, 517bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek SVal location, 518bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const ProgramPointTag *tag, 519852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek QualType LoadTy); 520852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek 521852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 522852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek // instead. 523bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek void evalLocation(ExplodedNodeSet &Dst, 524bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Stmt *NodeEx, /* This will eventually be a CFGStmt */ 525bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek const Stmt *BoundEx, 526bd613137499b1d4c3b63dccd0aa21f6add243f4fTed Kremenek ExplodedNode *Pred, 5278bef8238181a30e52dea380789a7e2d760eac532Ted Kremenek ProgramStateRef St, SVal location, 528ca804539d908d3a0e8c72a0df5f1f571d29490bbTed Kremenek const ProgramPointTag *tag, bool isLoad); 5291c625f25055331bf76ab5479a8060d2b0f61e8b8Zhongxing Xu 5304ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks /// Count the stack depth and determine if the call is recursive. 5314ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks void examineStackFrames(const Decl *D, const LocationContext *LCtx, 5324ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks bool &IsRecursive, unsigned &StackDepth); 5334ea9b89ff6dc50d5404eb56cad5e5870bce49ef2Anna Zaks 5347fa9b4f258636d89342eda28f21a986c8ac353b1Ted Kremenek bool shouldInlineDecl(const Decl *D, ExplodedNode *Pred); 535e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks bool inlineCall(const CallEvent &Call, const Decl *D, NodeBuilder &Bldr, 536e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks ExplodedNode *Pred, ProgramStateRef State); 537e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks 538e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// \brief Conservatively evaluate call by invalidating regions and binding 539e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// a conjured return value. 540e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks void conservativeEvalCall(const CallEvent &Call, NodeBuilder &Bldr, 541e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks ExplodedNode *Pred, ProgramStateRef State); 542e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks 543e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// \brief Either inline or process the call conservatively (or both), based 544e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks /// on DynamicDispatchBifurcation data. 545e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks void BifurcateCall(const MemRegion *BifurReg, 546e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks const CallEvent &Call, const Decl *D, NodeBuilder &Bldr, 547e90d3f847dcce76237078b67db8895eb7a24189eAnna Zaks ExplodedNode *Pred); 5485903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks 5495903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks bool replayWithoutInlining(ExplodedNode *P, const LocationContext *CalleeLC); 550bc403861bc4e6f7ad1371e9e129f0f25b38b3a9aJordan Rose 551bc403861bc4e6f7ad1371e9e129f0f25b38b3a9aJordan Rose /// Models a trivial copy or move constructor call with a simple bind. 552bc403861bc4e6f7ad1371e9e129f0f25b38b3a9aJordan Rose void performTrivialCopy(NodeBuilder &Bldr, ExplodedNode *Pred, 553bc403861bc4e6f7ad1371e9e129f0f25b38b3a9aJordan Rose const CXXConstructorCall &Call); 5545903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks}; 5555903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks 5565903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks/// Traits for storing the call processing policy inside GDM. 5575903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks/// The GDM stores the corresponding CallExpr pointer. 558466224fd068a0a0084968a7f521a690a51c3b226Jordan Rose// FIXME: This does not use the nice trait macros because it must be accessible 559466224fd068a0a0084968a7f521a690a51c3b226Jordan Rose// from multiple translation units. 5605903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaksstruct ReplayWithoutInlining{}; 5615903a373db3d27794c90b25687e0dd6adb0e497dAnna Zakstemplate <> 5625903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaksstruct ProgramStateTrait<ReplayWithoutInlining> : 563bdc691f1d61765dd806d5ae3b75ae004f676a7c9Jordan Rose public ProgramStatePartialTrait<const void*> { 5645903a373db3d27794c90b25687e0dd6adb0e497dAnna Zaks static void *GDMIndex() { static int index = 0; return &index; } 565b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek}; 5661eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 56765423aeb996a296cf2964f136ce4a4a937bd1687Zhongxing Xu} // end ento namespace 5685a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 569c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek} // end clang namespace 570c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek 571d065d6080f0620bb80b933f3f5d52d37bb2ea770Ted Kremenek#endif 572