ExprEngine.h revision d7b83148ac0a537f5ec9be9d87bbec62b75435f4
1167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org//===-- ExprEngine.h - Path-Sensitive Expression-Level Dataflow ---*- C++ -*-=// 2167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// 3167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// The LLVM Compiler Infrastructure 4167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// 5167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// This file is distributed under the University of Illinois Open Source 6167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// License. See LICENSE.TXT for details. 7167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// 8167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org//===----------------------------------------------------------------------===// 9167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// 10167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// This file defines a meta-engine for path-sensitive dataflow analysis that 11167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// is built on CoreEngine, but provides the boilerplate to execute transfer 12167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// functions and build the ExplodedGraph at the expression level. 13167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org// 14167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org//===----------------------------------------------------------------------===// 15167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 16167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#ifndef LLVM_CLANG_GR_EXPRENGINE 17167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#define LLVM_CLANG_GR_EXPRENGINE 18167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 19167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 20167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h" 21167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h" 22167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 23167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 24167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/AST/Expr.h" 25167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org#include "clang/AST/Type.h" 26167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 27167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgnamespace clang { 28167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 29167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass AnalysisDeclContextManager; 30167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CXXCatchStmt; 31167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CXXConstructExpr; 32167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CXXDeleteExpr; 33167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CXXNewExpr; 34167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CXXTemporaryObjectExpr; 35167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CXXThisExpr; 36167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass MaterializeTemporaryExpr; 37167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass ObjCAtSynchronizedStmt; 38167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass ObjCForCollectionStmt; 39167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 40167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgnamespace ento { 41167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 42167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass AnalysisManager; 43167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass CallOrObjCMessage; 44167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass ObjCMessage; 45167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 46167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.orgclass ExprEngine : public SubEngine { 47167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org AnalysisManager &AMgr; 48167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 49167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org AnalysisDeclContextManager &AnalysisDeclContexts; 50167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 51167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org CoreEngine Engine; 52167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org 53167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org /// G - the simulation graph. 54167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org ExplodedGraph& G; 550d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 56167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org /// StateMgr - Object that manages the data for all created states. 57167514562bbce1eb0566271d6cb41d90d2b5ffa0hclam@chromium.org ProgramStateManager StateMgr; 580d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 590d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// SymMgr - Object that manages the symbol information. 600d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SymbolManager& SymMgr; 610d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 620d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// svalBuilder - SValBuilder object that creates SVals from expressions. 630d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SValBuilder &svalBuilder; 640d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 650d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// EntryNode - The immediate predecessor node. 660d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *EntryNode; 670d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 680d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// CleanedState - The state for EntryNode "cleaned" of all dead 690d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// variables and symbols (as determined by a liveness analysis). 700d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef CleanedState; 710d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 720d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// currentStmt - The current block-level statement. 730d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const Stmt *currentStmt; 740d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org unsigned int currentStmtIdx; 750d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const NodeBuilderContext *currentBuilderContext; 760d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 770d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Obj-C Class Identifiers. 780d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org IdentifierInfo* NSExceptionII; 790d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 800d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Obj-C Selectors. 810d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org Selector* NSExceptionInstanceRaiseSelectors; 820d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org Selector RaiseSel; 830d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 840d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Whether or not GC is enabled in this analysis. 850d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool ObjCGCEnabled; 860d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 870d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// The BugReporter associated with this engine. It is important that 880d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// this object be placed at the very end of member variables so that its 890d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// destructor is called before the rest of the ExprEngine is destroyed. 900d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org GRBugReporter BR; 910d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 920d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.orgpublic: 930d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExprEngine(AnalysisManager &mgr, bool gcEnabled, SetOfDecls *VisitedCallees); 940d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 950d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ~ExprEngine(); 960d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 970d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ExecuteWorkList(const LocationContext *L, unsigned Steps = 150000) { 980d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org Engine.ExecuteWorkList(L, Steps, 0); 990d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 1000d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1010d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Execute the work list with an initial state. Nodes that reaches the exit 1020d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// of the function are added into the Dst set, which represent the exit 1030d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// state of the function call. 1040d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ExecuteWorkListWithInitialState(const LocationContext *L, unsigned Steps, 1050d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef InitState, 1060d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst) { 1070d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org Engine.ExecuteWorkListWithInitialState(L, Steps, InitState, Dst); 1080d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 1090d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1100d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// getContext - Return the ASTContext associated with this analysis. 1110d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ASTContext &getContext() const { return AMgr.getASTContext(); } 1120d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1130d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org virtual AnalysisManager &getAnalysisManager() { return AMgr; } 1140d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1150d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org CheckerManager &getCheckerManager() const { 1160d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return *AMgr.getCheckerManager(); 1170d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 1180d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1190d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SValBuilder &getSValBuilder() { return svalBuilder; } 1200d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1210d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org BugReporter& getBugReporter() { return BR; } 1220d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1230d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const NodeBuilderContext &getBuilderContext() { 1240d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org assert(currentBuilderContext); 1250d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return *currentBuilderContext; 1260d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 1270d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1280d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool isObjCGCEnabled() { return ObjCGCEnabled; } 1290d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1300d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const Stmt *getStmt() const; 1310d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1320d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void GenerateAutoTransition(ExplodedNode *N); 1330d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void enqueueEndOfPath(ExplodedNodeSet &S); 1340d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void GenerateCallExitNode(ExplodedNode *N); 1350d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1360d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// ViewGraph - Visualize the ExplodedGraph created by executing the 1370d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// simulation. 1380d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ViewGraph(bool trim = false); 1390d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1400d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ViewGraph(ExplodedNode** Beg, ExplodedNode** End); 1410d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1420d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// getInitialState - Return the initial state used for the root vertex 1430d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// in the ExplodedGraph. 1440d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef getInitialState(const LocationContext *InitLoc); 1450d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1460d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedGraph& getGraph() { return G; } 1470d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const ExplodedGraph& getGraph() const { return G; } 1480d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1490d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// processCFGElement - Called by CoreEngine. Used to generate new successor 1500d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// nodes by processing the 'effects' of a CFG element. 1510d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processCFGElement(const CFGElement E, ExplodedNode *Pred, 1520d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org unsigned StmtIdx, NodeBuilderContext *Ctx); 1530d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1540d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessStmt(const CFGStmt S, ExplodedNode *Pred); 1550d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1560d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessInitializer(const CFGInitializer I, ExplodedNode *Pred); 1570d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1580d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessImplicitDtor(const CFGImplicitDtor D, ExplodedNode *Pred); 1590d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1600d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessAutomaticObjDtor(const CFGAutomaticObjDtor D, 1610d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 1620d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessBaseDtor(const CFGBaseDtor D, 1630d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 1640d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessMemberDtor(const CFGMemberDtor D, 1650d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 1660d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void ProcessTemporaryDtor(const CFGTemporaryDtor D, 1670d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 1680d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1690d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Called by CoreEngine when processing the entrance of a CFGBlock. 1700d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org virtual void processCFGBlockEntrance(NodeBuilderWithSinks &nodeBuilder); 1710d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1720d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// ProcessBranch - Called by CoreEngine. Used to generate successor 1730d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// nodes by processing the 'effects' of a branch condition. 1740d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processBranch(const Stmt *Condition, const Stmt *Term, 1750d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org NodeBuilderContext& BuilderCtx, 1760d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, 1770d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst, 1780d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CFGBlock *DstT, 1790d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CFGBlock *DstF); 1800d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1810d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// processIndirectGoto - Called by CoreEngine. Used to generate successor 1820d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// nodes by processing the 'effects' of a computed goto jump. 1830d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processIndirectGoto(IndirectGotoNodeBuilder& builder); 1840d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1850d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// ProcessSwitch - Called by CoreEngine. Used to generate successor 1860d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// nodes by processing the 'effects' of a switch statement. 1870d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processSwitch(SwitchNodeBuilder& builder); 1880d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1890d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// ProcessEndPath - Called by CoreEngine. Used to generate end-of-path 1900d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// nodes when the control reaches the end of a function. 1910d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processEndOfFunction(NodeBuilderContext& BC); 1920d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1930d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Generate the entry node of the callee. 1940d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processCallEnter(CallEnter CE, ExplodedNode *Pred); 1950d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1960d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Generate the first post callsite node. 1970d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processCallExit(ExplodedNode *Pred); 1980d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 1990d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Called by CoreEngine when the analysis worklist has terminated. 2000d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void processEndWorklist(bool hasWorkRemaining); 2010d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2020d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// evalAssume - Callback function invoked by the ConstraintManager when 2030d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// making assumptions about state values. 2040d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef processAssume(ProgramStateRef state, SVal cond,bool assumption); 2050d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2060d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a 2070d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// region change should trigger a processRegionChanges update. 2080d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool wantsRegionChangeUpdate(ProgramStateRef state); 2090d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2100d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// processRegionChanges - Called by ProgramStateManager whenever a change is made 2110d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// to the store. Used to update checkers that track region values. 2120d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef 2130d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org processRegionChanges(ProgramStateRef state, 2140d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const StoreManager::InvalidatedSymbols *invalidated, 2150d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ArrayRef<const MemRegion *> ExplicitRegions, 2160d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ArrayRef<const MemRegion *> Regions, 2170d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CallOrObjCMessage *Call); 2180d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2190d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// printState - Called by ProgramStateManager to print checker-specific data. 2200d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void printState(raw_ostream &Out, ProgramStateRef State, 2210d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const char *NL, const char *Sep); 2220d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2230d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org virtual ProgramStateManager& getStateManager() { return StateMgr; } 2240d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2250d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org StoreManager& getStoreManager() { return StateMgr.getStoreManager(); } 2260d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2270d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ConstraintManager& getConstraintManager() { 2280d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return StateMgr.getConstraintManager(); 2290d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 2300d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2310d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // FIXME: Remove when we migrate over to just using SValBuilder. 2320d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org BasicValueFactory& getBasicVals() { 2330d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return StateMgr.getBasicVals(); 2340d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 2350d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const BasicValueFactory& getBasicVals() const { 2360d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return StateMgr.getBasicVals(); 2370d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 2380d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2390d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // FIXME: Remove when we migrate over to just using ValueManager. 2400d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SymbolManager& getSymbolManager() { return SymMgr; } 2410d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const SymbolManager& getSymbolManager() const { return SymMgr; } 2420d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2430d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // Functions for external checking of whether we have unfinished work 2440d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool wasBlocksExhausted() const { return Engine.wasBlocksExhausted(); } 2450d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool hasEmptyWorkList() const { return !Engine.getWorkList()->hasWork(); } 2460d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool hasWorkRemaining() const { return Engine.hasWorkRemaining(); } 2470d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2480d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CoreEngine &getCoreEngine() const { return Engine; } 2490d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2500d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.orgpublic: 2510d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Visit - Transfer function logic for all statements. Dispatches to 2520d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// other functions that handle specific kinds of statements. 2530d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void Visit(const Stmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst); 2540d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2550d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitArraySubscriptExpr - Transfer function for array accesses. 2560d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitLvalArraySubscriptExpr(const ArraySubscriptExpr *Ex, 2570d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, 2580d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2590d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2600d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitAsmStmt - Transfer function logic for inline asm. 2610d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitAsmStmt(const AsmStmt *A, ExplodedNode *Pred, ExplodedNodeSet &Dst); 2620d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2630d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitBlockExpr - Transfer function logic for BlockExprs. 2640d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitBlockExpr(const BlockExpr *BE, ExplodedNode *Pred, 2650d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2660d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2670d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitBinaryOperator - Transfer function logic for binary operators. 2680d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitBinaryOperator(const BinaryOperator* B, ExplodedNode *Pred, 2690d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2700d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2710d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2720d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitCall - Transfer function for function calls. 2730d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCallExpr(const CallExpr *CE, ExplodedNode *Pred, 2740d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2750d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2760d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitCast - Transfer function logic for all casts (implicit and explicit). 2770d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCast(const CastExpr *CastE, const Expr *Ex, ExplodedNode *Pred, 2780d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2790d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2800d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitCompoundLiteralExpr - Transfer function logic for compound literals. 2810d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCompoundLiteralExpr(const CompoundLiteralExpr *CL, 2820d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 2830d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2840d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Transfer function logic for DeclRefExprs and BlockDeclRefExprs. 2850d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCommonDeclRefExpr(const Expr *DR, const NamedDecl *D, 2860d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 2870d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2880d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitDeclStmt - Transfer function logic for DeclStmts. 2890d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitDeclStmt(const DeclStmt *DS, ExplodedNode *Pred, 2900d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2910d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2920d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitGuardedExpr - Transfer function logic for ?, __builtin_choose 2930d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitGuardedExpr(const Expr *Ex, const Expr *L, const Expr *R, 2940d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 2950d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2960d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitInitListExpr(const InitListExpr *E, ExplodedNode *Pred, 2970d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 2980d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 2990d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitLogicalExpr - Transfer function logic for '&&', '||' 3000d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitLogicalExpr(const BinaryOperator* B, ExplodedNode *Pred, 3010d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3020d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3030d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitMemberExpr - Transfer function for member expressions. 3040d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred, 3050d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3060d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3070d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Transfer function logic for ObjCAtSynchronizedStmts. 3080d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitObjCAtSynchronizedStmt(const ObjCAtSynchronizedStmt *S, 3090d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 3100d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3110d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Transfer function logic for computing the lvalue of an Objective-C ivar. 3120d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitLvalObjCIvarRefExpr(const ObjCIvarRefExpr *DR, ExplodedNode *Pred, 3130d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3140d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3150d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitObjCForCollectionStmt - Transfer function logic for 3160d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// ObjCForCollectionStmt. 3170d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitObjCForCollectionStmt(const ObjCForCollectionStmt *S, 3180d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 3190d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3200d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitObjCMessage(const ObjCMessage &msg, ExplodedNode *Pred, 3210d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3220d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3230d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitReturnStmt - Transfer function logic for return statements. 3240d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitReturnStmt(const ReturnStmt *R, ExplodedNode *Pred, 3250d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3260d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3270d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitOffsetOfExpr - Transfer function for offsetof. 3280d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitOffsetOfExpr(const OffsetOfExpr *Ex, ExplodedNode *Pred, 3290d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3300d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3310d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof. 3320d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex, 3330d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 3340d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3350d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// VisitUnaryOperator - Transfer function logic for unary operators. 3360d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitUnaryOperator(const UnaryOperator* B, ExplodedNode *Pred, 3370d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3380d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3390d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Handle ++ and -- (both pre- and post-increment). 3400d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitIncrementDecrementOperator(const UnaryOperator* U, 3410d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, 3420d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3430d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3440d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXCatchStmt(const CXXCatchStmt *CS, ExplodedNode *Pred, 3450d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3460d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3470d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXThisExpr(const CXXThisExpr *TE, ExplodedNode *Pred, 3480d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet & Dst); 3490d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3500d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXTemporaryObjectExpr(const CXXTemporaryObjectExpr *expr, 3510d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 3520d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3530d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXConstructExpr(const CXXConstructExpr *E, const MemRegion *Dest, 3540d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 3550d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3560d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXDestructor(const CXXDestructorDecl *DD, 3570d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const MemRegion *Dest, const Stmt *S, 3580d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ExplodedNodeSet &Dst); 3590d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3600d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, 3610d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3620d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3630d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void VisitCXXDeleteExpr(const CXXDeleteExpr *CDE, ExplodedNode *Pred, 3640d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3650d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3660d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Create a C++ temporary object for an rvalue. 3670d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void CreateCXXTemporaryObject(const MaterializeTemporaryExpr *ME, 3680d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, 3690d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNodeSet &Dst); 3700d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3710d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Synthesize CXXThisRegion. 3720d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CXXThisRegion *getCXXThisRegion(const CXXRecordDecl *RD, 3730d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const StackFrameContext *SFC); 3740d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3750d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CXXThisRegion *getCXXThisRegion(const CXXMethodDecl *decl, 3760d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const StackFrameContext *frameCtx); 3770d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3780d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// evalEagerlyAssume - Given the nodes in 'Src', eagerly assume symbolic 3790d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// expressions of the form 'x != 0' and generate new nodes (stored in Dst) 3800d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// with those assumptions. 3810d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalEagerlyAssume(ExplodedNodeSet &Dst, ExplodedNodeSet &Src, 3820d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const Expr *Ex); 3830d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3840d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org std::pair<const ProgramPointTag *, const ProgramPointTag*> 3850d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org getEagerlyAssumeTags(); 3860d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3870d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal evalMinus(SVal X) { 3880d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return X.isValid() ? svalBuilder.evalMinus(cast<NonLoc>(X)) : X; 3890d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 3900d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3910d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal evalComplement(SVal X) { 3920d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return X.isValid() ? svalBuilder.evalComplement(cast<NonLoc>(X)) : X; 3930d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 3940d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3950d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.orgpublic: 3960d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 3970d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 3980d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org NonLoc L, NonLoc R, QualType T) { 3990d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return svalBuilder.evalBinOpNN(state, op, L, R, T); 4000d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 4010d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4020d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 4030d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org NonLoc L, SVal R, QualType T) { 4040d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return R.isValid() ? svalBuilder.evalBinOpNN(state,op,L, cast<NonLoc>(R), T) : R; 4050d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 4060d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4070d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal evalBinOp(ProgramStateRef ST, BinaryOperator::Opcode Op, 4080d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal LHS, SVal RHS, QualType T) { 4090d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org return svalBuilder.evalBinOp(ST, Op, LHS, RHS, T); 4100d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org } 4110d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4120d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.orgprotected: 4130d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalObjCMessage(StmtNodeBuilder &Bldr, const ObjCMessage &msg, 4140d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ProgramStateRef state, 4150d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool GenSink); 4160d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4170d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef invalidateArguments(ProgramStateRef State, 4180d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const CallOrObjCMessage &Call, 4190d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const LocationContext *LC); 4200d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4210d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef MarkBranch(ProgramStateRef state, 4220d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const Stmt *Terminator, 4230d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const LocationContext *LCtx, 4240d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool branchTaken); 4250d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4260d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// evalBind - Handle the semantics of binding a value to a specific location. 4270d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// This method is used by evalStore, VisitDeclStmt, and others. 4280d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalBind(ExplodedNodeSet &Dst, const Stmt *StoreE, ExplodedNode *Pred, 4290d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org SVal location, SVal Val, bool atDeclInit = false, 4300d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramPoint::Kind PP = ProgramPoint::PostStmtKind); 4310d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4320d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.orgpublic: 4330d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // FIXME: 'tag' should be removed, and a LocationContext should be used 4340d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // instead. 4350d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // FIXME: Comment on the meaning of the arguments, when 'St' may not 4360d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // be the same as Pred->state, and when 'location' may not be the 4370d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // same as state->getLValue(Ex). 4380d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org /// Simulate a read of the result of Ex. 4390d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalLoad(ExplodedNodeSet &Dst, const Expr *Ex, ExplodedNode *Pred, 4400d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef St, SVal location, const ProgramPointTag *tag = 0, 4410d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org QualType LoadTy = QualType()); 4420d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4430d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // FIXME: 'tag' should be removed, and a LocationContext should be used 4440d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // instead. 4450d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalStore(ExplodedNodeSet &Dst, const Expr *AssignE, const Expr *StoreE, 4460d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ExplodedNode *Pred, ProgramStateRef St, SVal TargetLV, SVal Val, 4470d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const ProgramPointTag *tag = 0); 4480d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.orgprivate: 4490d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalLoadCommon(ExplodedNodeSet &Dst, const Expr *Ex, ExplodedNode *Pred, 4500d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef St, SVal location, const ProgramPointTag *tag, 4510d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org QualType LoadTy); 4520d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4530d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // FIXME: 'tag' should be removed, and a LocationContext should be used 4540d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org // instead. 4550d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org void evalLocation(ExplodedNodeSet &Dst, const Stmt *S, ExplodedNode *Pred, 4560d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org ProgramStateRef St, SVal location, 4570d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org const ProgramPointTag *tag, bool isLoad); 4580d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4590d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org bool InlineCall(ExplodedNodeSet &Dst, const CallExpr *CE, ExplodedNode *Pred); 4600d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org}; 4610d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4620d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org} // end ento namespace 4630d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4640d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org} // end clang namespace 4650d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org 4660d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org#endif 4670d106b34dc08439a7c6887d1316a3e1a35f8f0cajohannkoenig@chromium.org