ProgramState.h revision 54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9
1//== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines SymbolRef, ExprBindKey, and ProgramState*. 11// 12//===----------------------------------------------------------------------===// 13 14#ifndef LLVM_CLANG_GR_VALUESTATE_H 15#define LLVM_CLANG_GR_VALUESTATE_H 16 17#include "clang/Basic/LLVM.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" 19#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h" 20#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h" 21#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 22#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h" 23#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h" 24#include "llvm/ADT/PointerIntPair.h" 25#include "llvm/ADT/FoldingSet.h" 26#include "llvm/ADT/ImmutableMap.h" 27 28namespace llvm { 29class APSInt; 30class BumpPtrAllocator; 31} 32 33namespace clang { 34class ASTContext; 35 36namespace ento { 37 38class CallEvent; 39class CallEventManager; 40 41typedef ConstraintManager* (*ConstraintManagerCreator)(ProgramStateManager&, 42 SubEngine&); 43typedef StoreManager* (*StoreManagerCreator)(ProgramStateManager&); 44 45//===----------------------------------------------------------------------===// 46// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState. 47//===----------------------------------------------------------------------===// 48 49template <typename T> struct ProgramStatePartialTrait; 50 51template <typename T> struct ProgramStateTrait { 52 typedef typename T::data_type data_type; 53 static inline void *MakeVoidPtr(data_type D) { return (void*) D; } 54 static inline data_type MakeData(void *const* P) { 55 return P ? (data_type) *P : (data_type) 0; 56 } 57}; 58 59/// \class Stores the dynamic type information. 60/// Information about type of an object at runtime. This is used by dynamic 61/// dispatch implementation. 62class DynamicTypeInfo { 63 QualType T; 64 bool CanBeASubClass; 65 66public: 67 DynamicTypeInfo() : T(QualType()) {} 68 DynamicTypeInfo(QualType WithType, bool CanBeSub = true): 69 T(WithType), CanBeASubClass(CanBeSub) {} 70 QualType getType() { return T; } 71 bool canBeASubClass() { return CanBeASubClass; } 72 void Profile(llvm::FoldingSetNodeID &ID) const { 73 T.Profile(ID); 74 ID.AddInteger((unsigned)CanBeASubClass); 75 } 76 bool operator==(const DynamicTypeInfo &X) const { 77 return T == X.T && CanBeASubClass == X.CanBeASubClass; 78 } 79}; 80 81/// \class ProgramState 82/// ProgramState - This class encapsulates: 83/// 84/// 1. A mapping from expressions to values (Environment) 85/// 2. A mapping from locations to values (Store) 86/// 3. Constraints on symbolic values (GenericDataMap) 87/// 88/// Together these represent the "abstract state" of a program. 89/// 90/// ProgramState is intended to be used as a functional object; that is, 91/// once it is created and made "persistent" in a FoldingSet, its 92/// values will never change. 93class ProgramState : public llvm::FoldingSetNode { 94public: 95 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy; 96 typedef llvm::ImmutableMap<void*, void*> GenericDataMap; 97 98private: 99 void operator=(const ProgramState& R) const; // Do not implement. 100 101 friend class ProgramStateManager; 102 friend class ExplodedGraph; 103 friend class ExplodedNode; 104 105 ProgramStateManager *stateMgr; 106 Environment Env; // Maps a Stmt to its current SVal. 107 Store store; // Maps a location to its current value. 108 GenericDataMap GDM; // Custom data stored by a client of this class. 109 unsigned refCount; 110 111 /// makeWithStore - Return a ProgramState with the same values as the current 112 /// state with the exception of using the specified Store. 113 ProgramStateRef makeWithStore(const StoreRef &store) const; 114 115 void setStore(const StoreRef &storeRef); 116 117public: 118 /// This ctor is used when creating the first ProgramState object. 119 ProgramState(ProgramStateManager *mgr, const Environment& env, 120 StoreRef st, GenericDataMap gdm); 121 122 /// Copy ctor - We must explicitly define this or else the "Next" ptr 123 /// in FoldingSetNode will also get copied. 124 ProgramState(const ProgramState &RHS); 125 126 ~ProgramState(); 127 128 /// Return the ProgramStateManager associated with this state. 129 ProgramStateManager &getStateManager() const { return *stateMgr; } 130 131 /// getEnvironment - Return the environment associated with this state. 132 /// The environment is the mapping from expressions to values. 133 const Environment& getEnvironment() const { return Env; } 134 135 /// Return the store associated with this state. The store 136 /// is a mapping from locations to values. 137 Store getStore() const { return store; } 138 139 140 /// getGDM - Return the generic data map associated with this state. 141 GenericDataMap getGDM() const { return GDM; } 142 143 void setGDM(GenericDataMap gdm) { GDM = gdm; } 144 145 /// Profile - Profile the contents of a ProgramState object for use in a 146 /// FoldingSet. Two ProgramState objects are considered equal if they 147 /// have the same Environment, Store, and GenericDataMap. 148 static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) { 149 V->Env.Profile(ID); 150 ID.AddPointer(V->store); 151 V->GDM.Profile(ID); 152 } 153 154 /// Profile - Used to profile the contents of this object for inclusion 155 /// in a FoldingSet. 156 void Profile(llvm::FoldingSetNodeID& ID) const { 157 Profile(ID, this); 158 } 159 160 BasicValueFactory &getBasicVals() const; 161 SymbolManager &getSymbolManager() const; 162 163 //==---------------------------------------------------------------------==// 164 // Constraints on values. 165 //==---------------------------------------------------------------------==// 166 // 167 // Each ProgramState records constraints on symbolic values. These constraints 168 // are managed using the ConstraintManager associated with a ProgramStateManager. 169 // As constraints gradually accrue on symbolic values, added constraints 170 // may conflict and indicate that a state is infeasible (as no real values 171 // could satisfy all the constraints). This is the principal mechanism 172 // for modeling path-sensitivity in ExprEngine/ProgramState. 173 // 174 // Various "assume" methods form the interface for adding constraints to 175 // symbolic values. A call to 'assume' indicates an assumption being placed 176 // on one or symbolic values. 'assume' methods take the following inputs: 177 // 178 // (1) A ProgramState object representing the current state. 179 // 180 // (2) The assumed constraint (which is specific to a given "assume" method). 181 // 182 // (3) A binary value "Assumption" that indicates whether the constraint is 183 // assumed to be true or false. 184 // 185 // The output of "assume*" is a new ProgramState object with the added constraints. 186 // If no new state is feasible, NULL is returned. 187 // 188 189 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const; 190 191 /// This method assumes both "true" and "false" for 'cond', and 192 /// returns both corresponding states. It's shorthand for doing 193 /// 'assume' twice. 194 std::pair<ProgramStateRef , ProgramStateRef > 195 assume(DefinedOrUnknownSVal cond) const; 196 197 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx, 198 DefinedOrUnknownSVal upperBound, 199 bool assumption, 200 QualType IndexType = QualType()) const; 201 202 /// Utility method for getting regions. 203 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const; 204 205 //==---------------------------------------------------------------------==// 206 // Binding and retrieving values to/from the environment and symbolic store. 207 //==---------------------------------------------------------------------==// 208 209 /// BindCompoundLiteral - Return the state that has the bindings currently 210 /// in this state plus the bindings for the CompoundLiteral. 211 ProgramStateRef bindCompoundLiteral(const CompoundLiteralExpr *CL, 212 const LocationContext *LC, 213 SVal V) const; 214 215 /// Create a new state by binding the value 'V' to the statement 'S' in the 216 /// state's environment. 217 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx, 218 SVal V, bool Invalidate = true) const; 219 220 /// Create a new state by binding the value 'V' and location 'locaton' to the 221 /// statement 'S' in the state's environment. 222 ProgramStateRef bindExprAndLocation(const Stmt *S, 223 const LocationContext *LCtx, 224 SVal location, SVal V) const; 225 226 ProgramStateRef bindDecl(const VarRegion *VR, SVal V) const; 227 228 ProgramStateRef bindDeclWithNoInit(const VarRegion *VR) const; 229 230 ProgramStateRef bindLoc(Loc location, SVal V) const; 231 232 ProgramStateRef bindLoc(SVal location, SVal V) const; 233 234 ProgramStateRef bindDefault(SVal loc, SVal V) const; 235 236 ProgramStateRef unbindLoc(Loc LV) const; 237 238 /// invalidateRegions - Returns the state with bindings for the given regions 239 /// cleared from the store. The regions are provided as a continuous array 240 /// from Begin to End. Optionally invalidates global regions as well. 241 ProgramStateRef invalidateRegions(ArrayRef<const MemRegion *> Regions, 242 const Expr *E, unsigned BlockCount, 243 const LocationContext *LCtx, 244 StoreManager::InvalidatedSymbols *IS = 0, 245 const CallEvent *Call = 0) const; 246 247 /// enterStackFrame - Returns the state for entry to the given stack frame, 248 /// preserving the current state. 249 ProgramStateRef enterStackFrame(const CallEvent &Call, 250 const StackFrameContext *CalleeCtx) const; 251 252 /// Get the lvalue for a variable reference. 253 Loc getLValue(const VarDecl *D, const LocationContext *LC) const; 254 255 Loc getLValue(const CompoundLiteralExpr *literal, 256 const LocationContext *LC) const; 257 258 /// Get the lvalue for an ivar reference. 259 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const; 260 261 /// Get the lvalue for a field reference. 262 SVal getLValue(const FieldDecl *decl, SVal Base) const; 263 264 /// Get the lvalue for an indirect field reference. 265 SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const; 266 267 /// Get the lvalue for an array index. 268 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const; 269 270 const llvm::APSInt *getSymVal(SymbolRef sym) const; 271 272 /// Returns the SVal bound to the statement 'S' in the state's environment. 273 SVal getSVal(const Stmt *S, const LocationContext *LCtx, 274 bool useOnlyDirectBindings = false) const; 275 276 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const; 277 278 /// \brief Return the value bound to the specified location. 279 /// Returns UnknownVal() if none found. 280 SVal getSVal(Loc LV, QualType T = QualType()) const; 281 282 /// Returns the "raw" SVal bound to LV before any value simplfication. 283 SVal getRawSVal(Loc LV, QualType T= QualType()) const; 284 285 /// \brief Return the value bound to the specified location. 286 /// Returns UnknownVal() if none found. 287 SVal getSVal(const MemRegion* R) const; 288 289 SVal getSValAsScalarOrLoc(const MemRegion *R) const; 290 291 /// \brief Visits the symbols reachable from the given SVal using the provided 292 /// SymbolVisitor. 293 /// 294 /// This is a convenience API. Consider using ScanReachableSymbols class 295 /// directly when making multiple scans on the same state with the same 296 /// visitor to avoid repeated initialization cost. 297 /// \sa ScanReachableSymbols 298 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const; 299 300 /// \brief Visits the symbols reachable from the SVals in the given range 301 /// using the provided SymbolVisitor. 302 bool scanReachableSymbols(const SVal *I, const SVal *E, 303 SymbolVisitor &visitor) const; 304 305 /// \brief Visits the symbols reachable from the regions in the given 306 /// MemRegions range using the provided SymbolVisitor. 307 bool scanReachableSymbols(const MemRegion * const *I, 308 const MemRegion * const *E, 309 SymbolVisitor &visitor) const; 310 311 template <typename CB> CB scanReachableSymbols(SVal val) const; 312 template <typename CB> CB scanReachableSymbols(const SVal *beg, 313 const SVal *end) const; 314 315 template <typename CB> CB 316 scanReachableSymbols(const MemRegion * const *beg, 317 const MemRegion * const *end) const; 318 319 /// Create a new state in which the statement is marked as tainted. 320 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx, 321 TaintTagType Kind = TaintTagGeneric) const; 322 323 /// Create a new state in which the symbol is marked as tainted. 324 ProgramStateRef addTaint(SymbolRef S, 325 TaintTagType Kind = TaintTagGeneric) const; 326 327 /// Create a new state in which the region symbol is marked as tainted. 328 ProgramStateRef addTaint(const MemRegion *R, 329 TaintTagType Kind = TaintTagGeneric) const; 330 331 /// Check if the statement is tainted in the current state. 332 bool isTainted(const Stmt *S, const LocationContext *LCtx, 333 TaintTagType Kind = TaintTagGeneric) const; 334 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const; 335 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const; 336 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const; 337 338 /// \brief Get dynamic type information for a region. 339 DynamicTypeInfo getDynamicTypeInfo(const MemRegion *Reg) const; 340 341 /// \brief Set dynamic type information of the region; return the new state. 342 ProgramStateRef setDynamicTypeInfo(const MemRegion *Reg, 343 DynamicTypeInfo NewTy) const; 344 345 /// \brief Set dynamic type information of the region; return the new state. 346 ProgramStateRef setDynamicTypeInfo(const MemRegion *Reg, 347 QualType NewTy, 348 bool CanBeSubClassed = true) const { 349 return setDynamicTypeInfo(Reg, DynamicTypeInfo(NewTy, CanBeSubClassed)); 350 } 351 352 //==---------------------------------------------------------------------==// 353 // Accessing the Generic Data Map (GDM). 354 //==---------------------------------------------------------------------==// 355 356 void *const* FindGDM(void *K) const; 357 358 template<typename T> 359 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const; 360 361 template <typename T> 362 typename ProgramStateTrait<T>::data_type 363 get() const { 364 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex())); 365 } 366 367 template<typename T> 368 typename ProgramStateTrait<T>::lookup_type 369 get(typename ProgramStateTrait<T>::key_type key) const { 370 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 371 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key); 372 } 373 374 template <typename T> 375 typename ProgramStateTrait<T>::context_type get_context() const; 376 377 378 template<typename T> 379 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const; 380 381 template<typename T> 382 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K, 383 typename ProgramStateTrait<T>::context_type C) const; 384 template <typename T> 385 ProgramStateRef remove() const; 386 387 template<typename T> 388 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const; 389 390 template<typename T> 391 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 392 typename ProgramStateTrait<T>::value_type E) const; 393 394 template<typename T> 395 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 396 typename ProgramStateTrait<T>::value_type E, 397 typename ProgramStateTrait<T>::context_type C) const; 398 399 template<typename T> 400 bool contains(typename ProgramStateTrait<T>::key_type key) const { 401 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 402 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key); 403 } 404 405 // Pretty-printing. 406 void print(raw_ostream &Out, const char *nl = "\n", 407 const char *sep = "") const; 408 void printDOT(raw_ostream &Out) const; 409 void printTaint(raw_ostream &Out, const char *nl = "\n", 410 const char *sep = "") const; 411 412 void dump() const; 413 void dumpTaint() const; 414 415private: 416 friend void ProgramStateRetain(const ProgramState *state); 417 friend void ProgramStateRelease(const ProgramState *state); 418 419 ProgramStateRef 420 invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, 421 const Expr *E, unsigned BlockCount, 422 const LocationContext *LCtx, 423 StoreManager::InvalidatedSymbols &IS, 424 const CallEvent *Call) const; 425}; 426 427//===----------------------------------------------------------------------===// 428// ProgramStateManager - Factory object for ProgramStates. 429//===----------------------------------------------------------------------===// 430 431class ProgramStateManager { 432 friend class ProgramState; 433 friend void ProgramStateRelease(const ProgramState *state); 434private: 435 /// Eng - The SubEngine that owns this state manager. 436 SubEngine *Eng; /* Can be null. */ 437 438 EnvironmentManager EnvMgr; 439 OwningPtr<StoreManager> StoreMgr; 440 OwningPtr<ConstraintManager> ConstraintMgr; 441 442 ProgramState::GenericDataMap::Factory GDMFactory; 443 444 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy; 445 GDMContextsTy GDMContexts; 446 447 /// StateSet - FoldingSet containing all the states created for analyzing 448 /// a particular function. This is used to unique states. 449 llvm::FoldingSet<ProgramState> StateSet; 450 451 /// Object that manages the data for all created SVals. 452 OwningPtr<SValBuilder> svalBuilder; 453 454 /// Manages memory for created CallEvents. 455 OwningPtr<CallEventManager> CallEventMgr; 456 457 /// A BumpPtrAllocator to allocate states. 458 llvm::BumpPtrAllocator &Alloc; 459 460 /// A vector of ProgramStates that we can reuse. 461 std::vector<ProgramState *> freeStates; 462 463public: 464 ProgramStateManager(ASTContext &Ctx, 465 StoreManagerCreator CreateStoreManager, 466 ConstraintManagerCreator CreateConstraintManager, 467 llvm::BumpPtrAllocator& alloc, 468 SubEngine &subeng); 469 470 ~ProgramStateManager(); 471 472 ProgramStateRef getInitialState(const LocationContext *InitLoc); 473 474 ASTContext &getContext() { return svalBuilder->getContext(); } 475 const ASTContext &getContext() const { return svalBuilder->getContext(); } 476 477 BasicValueFactory &getBasicVals() { 478 return svalBuilder->getBasicValueFactory(); 479 } 480 const BasicValueFactory& getBasicVals() const { 481 return svalBuilder->getBasicValueFactory(); 482 } 483 484 SValBuilder &getSValBuilder() { 485 return *svalBuilder; 486 } 487 488 SymbolManager &getSymbolManager() { 489 return svalBuilder->getSymbolManager(); 490 } 491 const SymbolManager &getSymbolManager() const { 492 return svalBuilder->getSymbolManager(); 493 } 494 495 llvm::BumpPtrAllocator& getAllocator() { return Alloc; } 496 497 MemRegionManager& getRegionManager() { 498 return svalBuilder->getRegionManager(); 499 } 500 const MemRegionManager& getRegionManager() const { 501 return svalBuilder->getRegionManager(); 502 } 503 504 CallEventManager &getCallEventManager() { return *CallEventMgr; } 505 506 StoreManager& getStoreManager() { return *StoreMgr; } 507 ConstraintManager& getConstraintManager() { return *ConstraintMgr; } 508 SubEngine* getOwningEngine() { return Eng; } 509 510 ProgramStateRef removeDeadBindings(ProgramStateRef St, 511 const StackFrameContext *LCtx, 512 SymbolReaper& SymReaper); 513 514 /// Marshal a new state for the callee in another translation unit. 515 /// 'state' is owned by the caller's engine. 516 ProgramStateRef MarshalState(ProgramStateRef state, const StackFrameContext *L); 517 518public: 519 520 SVal ArrayToPointer(Loc Array) { 521 return StoreMgr->ArrayToPointer(Array); 522 } 523 524 // Methods that manipulate the GDM. 525 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data); 526 ProgramStateRef removeGDM(ProgramStateRef state, void *Key); 527 528 // Methods that query & manipulate the Store. 529 530 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) { 531 StoreMgr->iterBindings(state->getStore(), F); 532 } 533 534 ProgramStateRef getPersistentState(ProgramState &Impl); 535 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState, 536 ProgramStateRef GDMState); 537 538 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) { 539 return S1->Env == S2->Env; 540 } 541 542 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) { 543 return S1->store == S2->store; 544 } 545 546 //==---------------------------------------------------------------------==// 547 // Generic Data Map methods. 548 //==---------------------------------------------------------------------==// 549 // 550 // ProgramStateManager and ProgramState support a "generic data map" that allows 551 // different clients of ProgramState objects to embed arbitrary data within a 552 // ProgramState object. The generic data map is essentially an immutable map 553 // from a "tag" (that acts as the "key" for a client) and opaque values. 554 // Tags/keys and values are simply void* values. The typical way that clients 555 // generate unique tags are by taking the address of a static variable. 556 // Clients are responsible for ensuring that data values referred to by a 557 // the data pointer are immutable (and thus are essentially purely functional 558 // data). 559 // 560 // The templated methods below use the ProgramStateTrait<T> class 561 // to resolve keys into the GDM and to return data values to clients. 562 // 563 564 // Trait based GDM dispatch. 565 template <typename T> 566 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) { 567 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 568 ProgramStateTrait<T>::MakeVoidPtr(D)); 569 } 570 571 template<typename T> 572 ProgramStateRef set(ProgramStateRef st, 573 typename ProgramStateTrait<T>::key_type K, 574 typename ProgramStateTrait<T>::value_type V, 575 typename ProgramStateTrait<T>::context_type C) { 576 577 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 578 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C))); 579 } 580 581 template <typename T> 582 ProgramStateRef add(ProgramStateRef st, 583 typename ProgramStateTrait<T>::key_type K, 584 typename ProgramStateTrait<T>::context_type C) { 585 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 586 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C))); 587 } 588 589 template <typename T> 590 ProgramStateRef remove(ProgramStateRef st, 591 typename ProgramStateTrait<T>::key_type K, 592 typename ProgramStateTrait<T>::context_type C) { 593 594 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 595 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C))); 596 } 597 598 template <typename T> 599 ProgramStateRef remove(ProgramStateRef st) { 600 return removeGDM(st, ProgramStateTrait<T>::GDMIndex()); 601 } 602 603 void *FindGDMContext(void *index, 604 void *(*CreateContext)(llvm::BumpPtrAllocator&), 605 void (*DeleteContext)(void*)); 606 607 template <typename T> 608 typename ProgramStateTrait<T>::context_type get_context() { 609 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(), 610 ProgramStateTrait<T>::CreateContext, 611 ProgramStateTrait<T>::DeleteContext); 612 613 return ProgramStateTrait<T>::MakeContext(p); 614 } 615 616 const llvm::APSInt* getSymVal(ProgramStateRef St, SymbolRef sym) { 617 return ConstraintMgr->getSymVal(St, sym); 618 } 619 620 void EndPath(ProgramStateRef St) { 621 ConstraintMgr->EndPath(St); 622 } 623}; 624 625 626//===----------------------------------------------------------------------===// 627// Out-of-line method definitions for ProgramState. 628//===----------------------------------------------------------------------===// 629 630inline const VarRegion* ProgramState::getRegion(const VarDecl *D, 631 const LocationContext *LC) const 632{ 633 return getStateManager().getRegionManager().getVarRegion(D, LC); 634} 635 636inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond, 637 bool Assumption) const { 638 if (Cond.isUnknown()) 639 return this; 640 641 return getStateManager().ConstraintMgr->assume(this, cast<DefinedSVal>(Cond), 642 Assumption); 643} 644 645inline std::pair<ProgramStateRef , ProgramStateRef > 646ProgramState::assume(DefinedOrUnknownSVal Cond) const { 647 if (Cond.isUnknown()) 648 return std::make_pair(this, this); 649 650 return getStateManager().ConstraintMgr->assumeDual(this, 651 cast<DefinedSVal>(Cond)); 652} 653 654inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V) const { 655 return !isa<Loc>(LV) ? this : bindLoc(cast<Loc>(LV), V); 656} 657 658inline Loc ProgramState::getLValue(const VarDecl *VD, 659 const LocationContext *LC) const { 660 return getStateManager().StoreMgr->getLValueVar(VD, LC); 661} 662 663inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal, 664 const LocationContext *LC) const { 665 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC); 666} 667 668inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const { 669 return getStateManager().StoreMgr->getLValueIvar(D, Base); 670} 671 672inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const { 673 return getStateManager().StoreMgr->getLValueField(D, Base); 674} 675 676inline SVal ProgramState::getLValue(const IndirectFieldDecl *D, 677 SVal Base) const { 678 StoreManager &SM = *getStateManager().StoreMgr; 679 for (IndirectFieldDecl::chain_iterator I = D->chain_begin(), 680 E = D->chain_end(); 681 I != E; ++I) { 682 Base = SM.getLValueField(cast<FieldDecl>(*I), Base); 683 } 684 685 return Base; 686} 687 688inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{ 689 if (NonLoc *N = dyn_cast<NonLoc>(&Idx)) 690 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base); 691 return UnknownVal(); 692} 693 694inline const llvm::APSInt *ProgramState::getSymVal(SymbolRef sym) const { 695 return getStateManager().getSymVal(this, sym); 696} 697 698inline SVal ProgramState::getSVal(const Stmt *Ex, const LocationContext *LCtx, 699 bool useOnlyDirectBindings) const{ 700 return Env.getSVal(EnvironmentEntry(Ex, LCtx), 701 *getStateManager().svalBuilder, 702 useOnlyDirectBindings); 703} 704 705inline SVal 706ProgramState::getSValAsScalarOrLoc(const Stmt *S, 707 const LocationContext *LCtx) const { 708 if (const Expr *Ex = dyn_cast<Expr>(S)) { 709 QualType T = Ex->getType(); 710 if (Ex->isGLValue() || Loc::isLocType(T) || T->isIntegerType()) 711 return getSVal(S, LCtx); 712 } 713 714 return UnknownVal(); 715} 716 717inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const { 718 return getStateManager().StoreMgr->getBinding(getStore(), LV, T); 719} 720 721inline SVal ProgramState::getSVal(const MemRegion* R) const { 722 return getStateManager().StoreMgr->getBinding(getStore(), 723 loc::MemRegionVal(R)); 724} 725 726inline BasicValueFactory &ProgramState::getBasicVals() const { 727 return getStateManager().getBasicVals(); 728} 729 730inline SymbolManager &ProgramState::getSymbolManager() const { 731 return getStateManager().getSymbolManager(); 732} 733 734template<typename T> 735ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const { 736 return getStateManager().add<T>(this, K, get_context<T>()); 737} 738 739template <typename T> 740typename ProgramStateTrait<T>::context_type ProgramState::get_context() const { 741 return getStateManager().get_context<T>(); 742} 743 744template<typename T> 745ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const { 746 return getStateManager().remove<T>(this, K, get_context<T>()); 747} 748 749template<typename T> 750ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K, 751 typename ProgramStateTrait<T>::context_type C) const { 752 return getStateManager().remove<T>(this, K, C); 753} 754 755template <typename T> 756ProgramStateRef ProgramState::remove() const { 757 return getStateManager().remove<T>(this); 758} 759 760template<typename T> 761ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const { 762 return getStateManager().set<T>(this, D); 763} 764 765template<typename T> 766ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 767 typename ProgramStateTrait<T>::value_type E) const { 768 return getStateManager().set<T>(this, K, E, get_context<T>()); 769} 770 771template<typename T> 772ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 773 typename ProgramStateTrait<T>::value_type E, 774 typename ProgramStateTrait<T>::context_type C) const { 775 return getStateManager().set<T>(this, K, E, C); 776} 777 778template <typename CB> 779CB ProgramState::scanReachableSymbols(SVal val) const { 780 CB cb(this); 781 scanReachableSymbols(val, cb); 782 return cb; 783} 784 785template <typename CB> 786CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const { 787 CB cb(this); 788 scanReachableSymbols(beg, end, cb); 789 return cb; 790} 791 792template <typename CB> 793CB ProgramState::scanReachableSymbols(const MemRegion * const *beg, 794 const MemRegion * const *end) const { 795 CB cb(this); 796 scanReachableSymbols(beg, end, cb); 797 return cb; 798} 799 800/// \class ScanReachableSymbols 801/// A Utility class that allows to visit the reachable symbols using a custom 802/// SymbolVisitor. 803class ScanReachableSymbols { 804 typedef llvm::DenseMap<const void*, unsigned> VisitedItems; 805 806 VisitedItems visited; 807 ProgramStateRef state; 808 SymbolVisitor &visitor; 809public: 810 811 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor& v) 812 : state(st), visitor(v) {} 813 814 bool scan(nonloc::CompoundVal val); 815 bool scan(SVal val); 816 bool scan(const MemRegion *R); 817 bool scan(const SymExpr *sym); 818}; 819 820} // end GR namespace 821 822} // end clang namespace 823 824#endif 825