ProgramState.h revision 5251abea41b446c26e3239c8dd6c7edea6fc335d
1//== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the state of the program along the analysisa path. 11// 12//===----------------------------------------------------------------------===// 13 14#ifndef LLVM_CLANG_GR_VALUESTATE_H 15#define LLVM_CLANG_GR_VALUESTATE_H 16 17#include "clang/Basic/LLVM.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" 19#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h" 20#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h" 21#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h" 22#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 23#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h" 24#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h" 25#include "llvm/ADT/FoldingSet.h" 26#include "llvm/ADT/ImmutableMap.h" 27#include "llvm/ADT/PointerIntPair.h" 28 29namespace llvm { 30class APSInt; 31class BumpPtrAllocator; 32} 33 34namespace clang { 35class ASTContext; 36 37namespace ento { 38 39class CallEvent; 40class CallEventManager; 41 42typedef ConstraintManager* (*ConstraintManagerCreator)(ProgramStateManager&, 43 SubEngine*); 44typedef StoreManager* (*StoreManagerCreator)(ProgramStateManager&); 45 46//===----------------------------------------------------------------------===// 47// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState. 48//===----------------------------------------------------------------------===// 49 50template <typename T> struct ProgramStatePartialTrait; 51 52template <typename T> struct ProgramStateTrait { 53 typedef typename T::data_type data_type; 54 static inline void *MakeVoidPtr(data_type D) { return (void*) D; } 55 static inline data_type MakeData(void *const* P) { 56 return P ? (data_type) *P : (data_type) 0; 57 } 58}; 59 60/// \class ProgramState 61/// ProgramState - This class encapsulates: 62/// 63/// 1. A mapping from expressions to values (Environment) 64/// 2. A mapping from locations to values (Store) 65/// 3. Constraints on symbolic values (GenericDataMap) 66/// 67/// Together these represent the "abstract state" of a program. 68/// 69/// ProgramState is intended to be used as a functional object; that is, 70/// once it is created and made "persistent" in a FoldingSet, its 71/// values will never change. 72class ProgramState : public llvm::FoldingSetNode { 73public: 74 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy; 75 typedef llvm::ImmutableMap<void*, void*> GenericDataMap; 76 77private: 78 void operator=(const ProgramState& R) LLVM_DELETED_FUNCTION; 79 80 friend class ProgramStateManager; 81 friend class ExplodedGraph; 82 friend class ExplodedNode; 83 84 ProgramStateManager *stateMgr; 85 Environment Env; // Maps a Stmt to its current SVal. 86 Store store; // Maps a location to its current value. 87 GenericDataMap GDM; // Custom data stored by a client of this class. 88 unsigned refCount; 89 90 /// makeWithStore - Return a ProgramState with the same values as the current 91 /// state with the exception of using the specified Store. 92 ProgramStateRef makeWithStore(const StoreRef &store) const; 93 94 void setStore(const StoreRef &storeRef); 95 96public: 97 /// This ctor is used when creating the first ProgramState object. 98 ProgramState(ProgramStateManager *mgr, const Environment& env, 99 StoreRef st, GenericDataMap gdm); 100 101 /// Copy ctor - We must explicitly define this or else the "Next" ptr 102 /// in FoldingSetNode will also get copied. 103 ProgramState(const ProgramState &RHS); 104 105 ~ProgramState(); 106 107 /// Return the ProgramStateManager associated with this state. 108 ProgramStateManager &getStateManager() const { 109 return *stateMgr; 110 } 111 112 /// Return the ConstraintManager. 113 ConstraintManager &getConstraintManager() const; 114 115 /// getEnvironment - Return the environment associated with this state. 116 /// The environment is the mapping from expressions to values. 117 const Environment& getEnvironment() const { return Env; } 118 119 /// Return the store associated with this state. The store 120 /// is a mapping from locations to values. 121 Store getStore() const { return store; } 122 123 124 /// getGDM - Return the generic data map associated with this state. 125 GenericDataMap getGDM() const { return GDM; } 126 127 void setGDM(GenericDataMap gdm) { GDM = gdm; } 128 129 /// Profile - Profile the contents of a ProgramState object for use in a 130 /// FoldingSet. Two ProgramState objects are considered equal if they 131 /// have the same Environment, Store, and GenericDataMap. 132 static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) { 133 V->Env.Profile(ID); 134 ID.AddPointer(V->store); 135 V->GDM.Profile(ID); 136 } 137 138 /// Profile - Used to profile the contents of this object for inclusion 139 /// in a FoldingSet. 140 void Profile(llvm::FoldingSetNodeID& ID) const { 141 Profile(ID, this); 142 } 143 144 BasicValueFactory &getBasicVals() const; 145 SymbolManager &getSymbolManager() const; 146 147 //==---------------------------------------------------------------------==// 148 // Constraints on values. 149 //==---------------------------------------------------------------------==// 150 // 151 // Each ProgramState records constraints on symbolic values. These constraints 152 // are managed using the ConstraintManager associated with a ProgramStateManager. 153 // As constraints gradually accrue on symbolic values, added constraints 154 // may conflict and indicate that a state is infeasible (as no real values 155 // could satisfy all the constraints). This is the principal mechanism 156 // for modeling path-sensitivity in ExprEngine/ProgramState. 157 // 158 // Various "assume" methods form the interface for adding constraints to 159 // symbolic values. A call to 'assume' indicates an assumption being placed 160 // on one or symbolic values. 'assume' methods take the following inputs: 161 // 162 // (1) A ProgramState object representing the current state. 163 // 164 // (2) The assumed constraint (which is specific to a given "assume" method). 165 // 166 // (3) A binary value "Assumption" that indicates whether the constraint is 167 // assumed to be true or false. 168 // 169 // The output of "assume*" is a new ProgramState object with the added constraints. 170 // If no new state is feasible, NULL is returned. 171 // 172 173 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const; 174 175 /// This method assumes both "true" and "false" for 'cond', and 176 /// returns both corresponding states. It's shorthand for doing 177 /// 'assume' twice. 178 std::pair<ProgramStateRef , ProgramStateRef > 179 assume(DefinedOrUnknownSVal cond) const; 180 181 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx, 182 DefinedOrUnknownSVal upperBound, 183 bool assumption, 184 QualType IndexType = QualType()) const; 185 186 /// Utility method for getting regions. 187 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const; 188 189 //==---------------------------------------------------------------------==// 190 // Binding and retrieving values to/from the environment and symbolic store. 191 //==---------------------------------------------------------------------==// 192 193 /// \brief Create a new state with the specified CompoundLiteral binding. 194 /// \param CL the compound literal expression (the binding key) 195 /// \param LC the LocationContext of the binding 196 /// \param V the value to bind. 197 ProgramStateRef bindCompoundLiteral(const CompoundLiteralExpr *CL, 198 const LocationContext *LC, 199 SVal V) const; 200 201 /// Create a new state by binding the value 'V' to the statement 'S' in the 202 /// state's environment. 203 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx, 204 SVal V, bool Invalidate = true) const; 205 206 ProgramStateRef bindLoc(Loc location, 207 SVal V, 208 bool notifyChanges = true) const; 209 210 ProgramStateRef bindLoc(SVal location, SVal V) const; 211 212 ProgramStateRef bindDefault(SVal loc, SVal V) const; 213 214 ProgramStateRef killBinding(Loc LV) const; 215 216 /// \brief Returns the state with bindings for the given regions 217 /// cleared from the store. 218 /// 219 /// Optionally invalidates global regions as well. 220 /// 221 /// \param Regions the set of regions to be invalidated. 222 /// \param E the expression that caused the invalidation. 223 /// \param BlockCount The number of times the current basic block has been 224 // visited. 225 /// \param CausesPointerEscape the flag is set to true when 226 /// the invalidation entails escape of a symbol (representing a 227 /// pointer). For example, due to it being passed as an argument in a 228 /// call. 229 /// \param IS the set of invalidated symbols. 230 /// \param Call if non-null, the invalidated regions represent parameters to 231 /// the call and should be considered directly invalidated. 232 ProgramStateRef invalidateRegions(ArrayRef<const MemRegion *> Regions, 233 const Expr *E, unsigned BlockCount, 234 const LocationContext *LCtx, 235 bool CausesPointerEscape, 236 InvalidatedSymbols *IS = 0, 237 const CallEvent *Call = 0) const; 238 239 /// enterStackFrame - Returns the state for entry to the given stack frame, 240 /// preserving the current state. 241 ProgramStateRef enterStackFrame(const CallEvent &Call, 242 const StackFrameContext *CalleeCtx) const; 243 244 /// Get the lvalue for a variable reference. 245 Loc getLValue(const VarDecl *D, const LocationContext *LC) const; 246 247 Loc getLValue(const CompoundLiteralExpr *literal, 248 const LocationContext *LC) const; 249 250 /// Get the lvalue for an ivar reference. 251 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const; 252 253 /// Get the lvalue for a field reference. 254 SVal getLValue(const FieldDecl *decl, SVal Base) const; 255 256 /// Get the lvalue for an indirect field reference. 257 SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const; 258 259 /// Get the lvalue for an array index. 260 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const; 261 262 /// Returns the SVal bound to the statement 'S' in the state's environment. 263 SVal getSVal(const Stmt *S, const LocationContext *LCtx) const; 264 265 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const; 266 267 /// \brief Return the value bound to the specified location. 268 /// Returns UnknownVal() if none found. 269 SVal getSVal(Loc LV, QualType T = QualType()) const; 270 271 /// Returns the "raw" SVal bound to LV before any value simplfication. 272 SVal getRawSVal(Loc LV, QualType T= QualType()) const; 273 274 /// \brief Return the value bound to the specified location. 275 /// Returns UnknownVal() if none found. 276 SVal getSVal(const MemRegion* R) const; 277 278 SVal getSValAsScalarOrLoc(const MemRegion *R) const; 279 280 /// \brief Visits the symbols reachable from the given SVal using the provided 281 /// SymbolVisitor. 282 /// 283 /// This is a convenience API. Consider using ScanReachableSymbols class 284 /// directly when making multiple scans on the same state with the same 285 /// visitor to avoid repeated initialization cost. 286 /// \sa ScanReachableSymbols 287 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const; 288 289 /// \brief Visits the symbols reachable from the SVals in the given range 290 /// using the provided SymbolVisitor. 291 bool scanReachableSymbols(const SVal *I, const SVal *E, 292 SymbolVisitor &visitor) const; 293 294 /// \brief Visits the symbols reachable from the regions in the given 295 /// MemRegions range using the provided SymbolVisitor. 296 bool scanReachableSymbols(const MemRegion * const *I, 297 const MemRegion * const *E, 298 SymbolVisitor &visitor) const; 299 300 template <typename CB> CB scanReachableSymbols(SVal val) const; 301 template <typename CB> CB scanReachableSymbols(const SVal *beg, 302 const SVal *end) const; 303 304 template <typename CB> CB 305 scanReachableSymbols(const MemRegion * const *beg, 306 const MemRegion * const *end) const; 307 308 /// Create a new state in which the statement is marked as tainted. 309 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx, 310 TaintTagType Kind = TaintTagGeneric) const; 311 312 /// Create a new state in which the symbol is marked as tainted. 313 ProgramStateRef addTaint(SymbolRef S, 314 TaintTagType Kind = TaintTagGeneric) const; 315 316 /// Create a new state in which the region symbol is marked as tainted. 317 ProgramStateRef addTaint(const MemRegion *R, 318 TaintTagType Kind = TaintTagGeneric) const; 319 320 /// Check if the statement is tainted in the current state. 321 bool isTainted(const Stmt *S, const LocationContext *LCtx, 322 TaintTagType Kind = TaintTagGeneric) const; 323 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const; 324 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const; 325 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const; 326 327 /// \brief Get dynamic type information for a region. 328 DynamicTypeInfo getDynamicTypeInfo(const MemRegion *Reg) const; 329 330 /// \brief Set dynamic type information of the region; return the new state. 331 ProgramStateRef setDynamicTypeInfo(const MemRegion *Reg, 332 DynamicTypeInfo NewTy) const; 333 334 /// \brief Set dynamic type information of the region; return the new state. 335 ProgramStateRef setDynamicTypeInfo(const MemRegion *Reg, 336 QualType NewTy, 337 bool CanBeSubClassed = true) const { 338 return setDynamicTypeInfo(Reg, DynamicTypeInfo(NewTy, CanBeSubClassed)); 339 } 340 341 //==---------------------------------------------------------------------==// 342 // Accessing the Generic Data Map (GDM). 343 //==---------------------------------------------------------------------==// 344 345 void *const* FindGDM(void *K) const; 346 347 template<typename T> 348 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const; 349 350 template <typename T> 351 typename ProgramStateTrait<T>::data_type 352 get() const { 353 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex())); 354 } 355 356 template<typename T> 357 typename ProgramStateTrait<T>::lookup_type 358 get(typename ProgramStateTrait<T>::key_type key) const { 359 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 360 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key); 361 } 362 363 template <typename T> 364 typename ProgramStateTrait<T>::context_type get_context() const; 365 366 367 template<typename T> 368 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const; 369 370 template<typename T> 371 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K, 372 typename ProgramStateTrait<T>::context_type C) const; 373 template <typename T> 374 ProgramStateRef remove() const; 375 376 template<typename T> 377 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const; 378 379 template<typename T> 380 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 381 typename ProgramStateTrait<T>::value_type E) const; 382 383 template<typename T> 384 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 385 typename ProgramStateTrait<T>::value_type E, 386 typename ProgramStateTrait<T>::context_type C) const; 387 388 template<typename T> 389 bool contains(typename ProgramStateTrait<T>::key_type key) const { 390 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 391 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key); 392 } 393 394 // Pretty-printing. 395 void print(raw_ostream &Out, const char *nl = "\n", 396 const char *sep = "") const; 397 void printDOT(raw_ostream &Out) const; 398 void printTaint(raw_ostream &Out, const char *nl = "\n", 399 const char *sep = "") const; 400 401 void dump() const; 402 void dumpTaint() const; 403 404private: 405 friend void ProgramStateRetain(const ProgramState *state); 406 friend void ProgramStateRelease(const ProgramState *state); 407 408 ProgramStateRef 409 invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, 410 const Expr *E, unsigned BlockCount, 411 const LocationContext *LCtx, 412 bool ResultsInSymbolEscape, 413 InvalidatedSymbols &IS, 414 const CallEvent *Call) const; 415}; 416 417//===----------------------------------------------------------------------===// 418// ProgramStateManager - Factory object for ProgramStates. 419//===----------------------------------------------------------------------===// 420 421class ProgramStateManager { 422 friend class ProgramState; 423 friend void ProgramStateRelease(const ProgramState *state); 424private: 425 /// Eng - The SubEngine that owns this state manager. 426 SubEngine *Eng; /* Can be null. */ 427 428 EnvironmentManager EnvMgr; 429 OwningPtr<StoreManager> StoreMgr; 430 OwningPtr<ConstraintManager> ConstraintMgr; 431 432 ProgramState::GenericDataMap::Factory GDMFactory; 433 434 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy; 435 GDMContextsTy GDMContexts; 436 437 /// StateSet - FoldingSet containing all the states created for analyzing 438 /// a particular function. This is used to unique states. 439 llvm::FoldingSet<ProgramState> StateSet; 440 441 /// Object that manages the data for all created SVals. 442 OwningPtr<SValBuilder> svalBuilder; 443 444 /// Manages memory for created CallEvents. 445 OwningPtr<CallEventManager> CallEventMgr; 446 447 /// A BumpPtrAllocator to allocate states. 448 llvm::BumpPtrAllocator &Alloc; 449 450 /// A vector of ProgramStates that we can reuse. 451 std::vector<ProgramState *> freeStates; 452 453public: 454 ProgramStateManager(ASTContext &Ctx, 455 StoreManagerCreator CreateStoreManager, 456 ConstraintManagerCreator CreateConstraintManager, 457 llvm::BumpPtrAllocator& alloc, 458 SubEngine *subeng); 459 460 ~ProgramStateManager(); 461 462 ProgramStateRef getInitialState(const LocationContext *InitLoc); 463 464 ASTContext &getContext() { return svalBuilder->getContext(); } 465 const ASTContext &getContext() const { return svalBuilder->getContext(); } 466 467 BasicValueFactory &getBasicVals() { 468 return svalBuilder->getBasicValueFactory(); 469 } 470 471 SValBuilder &getSValBuilder() { 472 return *svalBuilder; 473 } 474 475 SymbolManager &getSymbolManager() { 476 return svalBuilder->getSymbolManager(); 477 } 478 const SymbolManager &getSymbolManager() const { 479 return svalBuilder->getSymbolManager(); 480 } 481 482 llvm::BumpPtrAllocator& getAllocator() { return Alloc; } 483 484 MemRegionManager& getRegionManager() { 485 return svalBuilder->getRegionManager(); 486 } 487 const MemRegionManager& getRegionManager() const { 488 return svalBuilder->getRegionManager(); 489 } 490 491 CallEventManager &getCallEventManager() { return *CallEventMgr; } 492 493 StoreManager& getStoreManager() { return *StoreMgr; } 494 ConstraintManager& getConstraintManager() { return *ConstraintMgr; } 495 SubEngine* getOwningEngine() { return Eng; } 496 497 ProgramStateRef removeDeadBindings(ProgramStateRef St, 498 const StackFrameContext *LCtx, 499 SymbolReaper& SymReaper); 500 501public: 502 503 SVal ArrayToPointer(Loc Array) { 504 return StoreMgr->ArrayToPointer(Array); 505 } 506 507 // Methods that manipulate the GDM. 508 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data); 509 ProgramStateRef removeGDM(ProgramStateRef state, void *Key); 510 511 // Methods that query & manipulate the Store. 512 513 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) { 514 StoreMgr->iterBindings(state->getStore(), F); 515 } 516 517 ProgramStateRef getPersistentState(ProgramState &Impl); 518 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState, 519 ProgramStateRef GDMState); 520 521 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) { 522 return S1->Env == S2->Env; 523 } 524 525 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) { 526 return S1->store == S2->store; 527 } 528 529 //==---------------------------------------------------------------------==// 530 // Generic Data Map methods. 531 //==---------------------------------------------------------------------==// 532 // 533 // ProgramStateManager and ProgramState support a "generic data map" that allows 534 // different clients of ProgramState objects to embed arbitrary data within a 535 // ProgramState object. The generic data map is essentially an immutable map 536 // from a "tag" (that acts as the "key" for a client) and opaque values. 537 // Tags/keys and values are simply void* values. The typical way that clients 538 // generate unique tags are by taking the address of a static variable. 539 // Clients are responsible for ensuring that data values referred to by a 540 // the data pointer are immutable (and thus are essentially purely functional 541 // data). 542 // 543 // The templated methods below use the ProgramStateTrait<T> class 544 // to resolve keys into the GDM and to return data values to clients. 545 // 546 547 // Trait based GDM dispatch. 548 template <typename T> 549 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) { 550 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 551 ProgramStateTrait<T>::MakeVoidPtr(D)); 552 } 553 554 template<typename T> 555 ProgramStateRef set(ProgramStateRef st, 556 typename ProgramStateTrait<T>::key_type K, 557 typename ProgramStateTrait<T>::value_type V, 558 typename ProgramStateTrait<T>::context_type C) { 559 560 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 561 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C))); 562 } 563 564 template <typename T> 565 ProgramStateRef add(ProgramStateRef st, 566 typename ProgramStateTrait<T>::key_type K, 567 typename ProgramStateTrait<T>::context_type C) { 568 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 569 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C))); 570 } 571 572 template <typename T> 573 ProgramStateRef remove(ProgramStateRef st, 574 typename ProgramStateTrait<T>::key_type K, 575 typename ProgramStateTrait<T>::context_type C) { 576 577 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 578 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C))); 579 } 580 581 template <typename T> 582 ProgramStateRef remove(ProgramStateRef st) { 583 return removeGDM(st, ProgramStateTrait<T>::GDMIndex()); 584 } 585 586 void *FindGDMContext(void *index, 587 void *(*CreateContext)(llvm::BumpPtrAllocator&), 588 void (*DeleteContext)(void*)); 589 590 template <typename T> 591 typename ProgramStateTrait<T>::context_type get_context() { 592 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(), 593 ProgramStateTrait<T>::CreateContext, 594 ProgramStateTrait<T>::DeleteContext); 595 596 return ProgramStateTrait<T>::MakeContext(p); 597 } 598 599 void EndPath(ProgramStateRef St) { 600 ConstraintMgr->EndPath(St); 601 } 602}; 603 604 605//===----------------------------------------------------------------------===// 606// Out-of-line method definitions for ProgramState. 607//===----------------------------------------------------------------------===// 608 609inline ConstraintManager &ProgramState::getConstraintManager() const { 610 return stateMgr->getConstraintManager(); 611} 612 613inline const VarRegion* ProgramState::getRegion(const VarDecl *D, 614 const LocationContext *LC) const 615{ 616 return getStateManager().getRegionManager().getVarRegion(D, LC); 617} 618 619inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond, 620 bool Assumption) const { 621 if (Cond.isUnknown()) 622 return this; 623 624 return getStateManager().ConstraintMgr 625 ->assume(this, Cond.castAs<DefinedSVal>(), Assumption); 626} 627 628inline std::pair<ProgramStateRef , ProgramStateRef > 629ProgramState::assume(DefinedOrUnknownSVal Cond) const { 630 if (Cond.isUnknown()) 631 return std::make_pair(this, this); 632 633 return getStateManager().ConstraintMgr 634 ->assumeDual(this, Cond.castAs<DefinedSVal>()); 635} 636 637inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V) const { 638 if (llvm::Optional<Loc> L = LV.getAs<Loc>()) 639 return bindLoc(*L, V); 640 return this; 641} 642 643inline Loc ProgramState::getLValue(const VarDecl *VD, 644 const LocationContext *LC) const { 645 return getStateManager().StoreMgr->getLValueVar(VD, LC); 646} 647 648inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal, 649 const LocationContext *LC) const { 650 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC); 651} 652 653inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const { 654 return getStateManager().StoreMgr->getLValueIvar(D, Base); 655} 656 657inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const { 658 return getStateManager().StoreMgr->getLValueField(D, Base); 659} 660 661inline SVal ProgramState::getLValue(const IndirectFieldDecl *D, 662 SVal Base) const { 663 StoreManager &SM = *getStateManager().StoreMgr; 664 for (IndirectFieldDecl::chain_iterator I = D->chain_begin(), 665 E = D->chain_end(); 666 I != E; ++I) { 667 Base = SM.getLValueField(cast<FieldDecl>(*I), Base); 668 } 669 670 return Base; 671} 672 673inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{ 674 if (llvm::Optional<NonLoc> N = Idx.getAs<NonLoc>()) 675 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base); 676 return UnknownVal(); 677} 678 679inline SVal ProgramState::getSVal(const Stmt *Ex, 680 const LocationContext *LCtx) const{ 681 return Env.getSVal(EnvironmentEntry(Ex, LCtx), 682 *getStateManager().svalBuilder); 683} 684 685inline SVal 686ProgramState::getSValAsScalarOrLoc(const Stmt *S, 687 const LocationContext *LCtx) const { 688 if (const Expr *Ex = dyn_cast<Expr>(S)) { 689 QualType T = Ex->getType(); 690 if (Ex->isGLValue() || Loc::isLocType(T) || T->isIntegerType()) 691 return getSVal(S, LCtx); 692 } 693 694 return UnknownVal(); 695} 696 697inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const { 698 return getStateManager().StoreMgr->getBinding(getStore(), LV, T); 699} 700 701inline SVal ProgramState::getSVal(const MemRegion* R) const { 702 return getStateManager().StoreMgr->getBinding(getStore(), 703 loc::MemRegionVal(R)); 704} 705 706inline BasicValueFactory &ProgramState::getBasicVals() const { 707 return getStateManager().getBasicVals(); 708} 709 710inline SymbolManager &ProgramState::getSymbolManager() const { 711 return getStateManager().getSymbolManager(); 712} 713 714template<typename T> 715ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const { 716 return getStateManager().add<T>(this, K, get_context<T>()); 717} 718 719template <typename T> 720typename ProgramStateTrait<T>::context_type ProgramState::get_context() const { 721 return getStateManager().get_context<T>(); 722} 723 724template<typename T> 725ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const { 726 return getStateManager().remove<T>(this, K, get_context<T>()); 727} 728 729template<typename T> 730ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K, 731 typename ProgramStateTrait<T>::context_type C) const { 732 return getStateManager().remove<T>(this, K, C); 733} 734 735template <typename T> 736ProgramStateRef ProgramState::remove() const { 737 return getStateManager().remove<T>(this); 738} 739 740template<typename T> 741ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const { 742 return getStateManager().set<T>(this, D); 743} 744 745template<typename T> 746ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 747 typename ProgramStateTrait<T>::value_type E) const { 748 return getStateManager().set<T>(this, K, E, get_context<T>()); 749} 750 751template<typename T> 752ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 753 typename ProgramStateTrait<T>::value_type E, 754 typename ProgramStateTrait<T>::context_type C) const { 755 return getStateManager().set<T>(this, K, E, C); 756} 757 758template <typename CB> 759CB ProgramState::scanReachableSymbols(SVal val) const { 760 CB cb(this); 761 scanReachableSymbols(val, cb); 762 return cb; 763} 764 765template <typename CB> 766CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const { 767 CB cb(this); 768 scanReachableSymbols(beg, end, cb); 769 return cb; 770} 771 772template <typename CB> 773CB ProgramState::scanReachableSymbols(const MemRegion * const *beg, 774 const MemRegion * const *end) const { 775 CB cb(this); 776 scanReachableSymbols(beg, end, cb); 777 return cb; 778} 779 780/// \class ScanReachableSymbols 781/// A Utility class that allows to visit the reachable symbols using a custom 782/// SymbolVisitor. 783class ScanReachableSymbols { 784 typedef llvm::DenseMap<const void*, unsigned> VisitedItems; 785 786 VisitedItems visited; 787 ProgramStateRef state; 788 SymbolVisitor &visitor; 789public: 790 791 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor& v) 792 : state(st), visitor(v) {} 793 794 bool scan(nonloc::CompoundVal val); 795 bool scan(SVal val); 796 bool scan(const MemRegion *R); 797 bool scan(const SymExpr *sym); 798}; 799 800} // end ento namespace 801 802} // end clang namespace 803 804#endif 805