ProgramState.h revision 740d490593e0de8732a697c9f77b90ddd463863b
1//== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines SymbolRef, ExprBindKey, and ProgramState*. 11// 12//===----------------------------------------------------------------------===// 13 14#ifndef LLVM_CLANG_GR_VALUESTATE_H 15#define LLVM_CLANG_GR_VALUESTATE_H 16 17#include "clang/Basic/LLVM.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" 19#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h" 20#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h" 21#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 22#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h" 23#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h" 24#include "llvm/ADT/PointerIntPair.h" 25#include "llvm/ADT/FoldingSet.h" 26#include "llvm/ADT/ImmutableMap.h" 27 28namespace llvm { 29class APSInt; 30class BumpPtrAllocator; 31} 32 33namespace clang { 34class ASTContext; 35 36namespace ento { 37 38class CallEvent; 39 40typedef ConstraintManager* (*ConstraintManagerCreator)(ProgramStateManager&, 41 SubEngine&); 42typedef StoreManager* (*StoreManagerCreator)(ProgramStateManager&); 43 44//===----------------------------------------------------------------------===// 45// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState. 46//===----------------------------------------------------------------------===// 47 48template <typename T> struct ProgramStatePartialTrait; 49 50template <typename T> struct ProgramStateTrait { 51 typedef typename T::data_type data_type; 52 static inline void *MakeVoidPtr(data_type D) { return (void*) D; } 53 static inline data_type MakeData(void *const* P) { 54 return P ? (data_type) *P : (data_type) 0; 55 } 56}; 57 58/// \class ProgramState 59/// ProgramState - This class encapsulates: 60/// 61/// 1. A mapping from expressions to values (Environment) 62/// 2. A mapping from locations to values (Store) 63/// 3. Constraints on symbolic values (GenericDataMap) 64/// 65/// Together these represent the "abstract state" of a program. 66/// 67/// ProgramState is intended to be used as a functional object; that is, 68/// once it is created and made "persistent" in a FoldingSet, its 69/// values will never change. 70class ProgramState : public llvm::FoldingSetNode { 71public: 72 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy; 73 typedef llvm::ImmutableMap<void*, void*> GenericDataMap; 74 75private: 76 void operator=(const ProgramState& R) const; // Do not implement. 77 78 friend class ProgramStateManager; 79 friend class ExplodedGraph; 80 friend class ExplodedNode; 81 82 ProgramStateManager *stateMgr; 83 Environment Env; // Maps a Stmt to its current SVal. 84 Store store; // Maps a location to its current value. 85 GenericDataMap GDM; // Custom data stored by a client of this class. 86 unsigned refCount; 87 88 /// makeWithStore - Return a ProgramState with the same values as the current 89 /// state with the exception of using the specified Store. 90 ProgramStateRef makeWithStore(const StoreRef &store) const; 91 92 void setStore(const StoreRef &storeRef); 93 94public: 95 /// This ctor is used when creating the first ProgramState object. 96 ProgramState(ProgramStateManager *mgr, const Environment& env, 97 StoreRef st, GenericDataMap gdm); 98 99 /// Copy ctor - We must explicitly define this or else the "Next" ptr 100 /// in FoldingSetNode will also get copied. 101 ProgramState(const ProgramState &RHS); 102 103 ~ProgramState(); 104 105 /// Return the ProgramStateManager associated with this state. 106 ProgramStateManager &getStateManager() const { return *stateMgr; } 107 108 /// getEnvironment - Return the environment associated with this state. 109 /// The environment is the mapping from expressions to values. 110 const Environment& getEnvironment() const { return Env; } 111 112 /// Return the store associated with this state. The store 113 /// is a mapping from locations to values. 114 Store getStore() const { return store; } 115 116 117 /// getGDM - Return the generic data map associated with this state. 118 GenericDataMap getGDM() const { return GDM; } 119 120 void setGDM(GenericDataMap gdm) { GDM = gdm; } 121 122 /// Profile - Profile the contents of a ProgramState object for use in a 123 /// FoldingSet. Two ProgramState objects are considered equal if they 124 /// have the same Environment, Store, and GenericDataMap. 125 static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) { 126 V->Env.Profile(ID); 127 ID.AddPointer(V->store); 128 V->GDM.Profile(ID); 129 } 130 131 /// Profile - Used to profile the contents of this object for inclusion 132 /// in a FoldingSet. 133 void Profile(llvm::FoldingSetNodeID& ID) const { 134 Profile(ID, this); 135 } 136 137 BasicValueFactory &getBasicVals() const; 138 SymbolManager &getSymbolManager() const; 139 140 //==---------------------------------------------------------------------==// 141 // Constraints on values. 142 //==---------------------------------------------------------------------==// 143 // 144 // Each ProgramState records constraints on symbolic values. These constraints 145 // are managed using the ConstraintManager associated with a ProgramStateManager. 146 // As constraints gradually accrue on symbolic values, added constraints 147 // may conflict and indicate that a state is infeasible (as no real values 148 // could satisfy all the constraints). This is the principal mechanism 149 // for modeling path-sensitivity in ExprEngine/ProgramState. 150 // 151 // Various "assume" methods form the interface for adding constraints to 152 // symbolic values. A call to 'assume' indicates an assumption being placed 153 // on one or symbolic values. 'assume' methods take the following inputs: 154 // 155 // (1) A ProgramState object representing the current state. 156 // 157 // (2) The assumed constraint (which is specific to a given "assume" method). 158 // 159 // (3) A binary value "Assumption" that indicates whether the constraint is 160 // assumed to be true or false. 161 // 162 // The output of "assume*" is a new ProgramState object with the added constraints. 163 // If no new state is feasible, NULL is returned. 164 // 165 166 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const; 167 168 /// This method assumes both "true" and "false" for 'cond', and 169 /// returns both corresponding states. It's shorthand for doing 170 /// 'assume' twice. 171 std::pair<ProgramStateRef , ProgramStateRef > 172 assume(DefinedOrUnknownSVal cond) const; 173 174 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx, 175 DefinedOrUnknownSVal upperBound, 176 bool assumption, 177 QualType IndexType = QualType()) const; 178 179 /// Utility method for getting regions. 180 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const; 181 182 //==---------------------------------------------------------------------==// 183 // Binding and retrieving values to/from the environment and symbolic store. 184 //==---------------------------------------------------------------------==// 185 186 /// BindCompoundLiteral - Return the state that has the bindings currently 187 /// in this state plus the bindings for the CompoundLiteral. 188 ProgramStateRef bindCompoundLiteral(const CompoundLiteralExpr *CL, 189 const LocationContext *LC, 190 SVal V) const; 191 192 /// Create a new state by binding the value 'V' to the statement 'S' in the 193 /// state's environment. 194 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx, 195 SVal V, bool Invalidate = true) const; 196 197 /// Create a new state by binding the value 'V' and location 'locaton' to the 198 /// statement 'S' in the state's environment. 199 ProgramStateRef bindExprAndLocation(const Stmt *S, 200 const LocationContext *LCtx, 201 SVal location, SVal V) const; 202 203 ProgramStateRef bindDecl(const VarRegion *VR, SVal V) const; 204 205 ProgramStateRef bindDeclWithNoInit(const VarRegion *VR) const; 206 207 ProgramStateRef bindLoc(Loc location, SVal V) const; 208 209 ProgramStateRef bindLoc(SVal location, SVal V) const; 210 211 ProgramStateRef bindDefault(SVal loc, SVal V) const; 212 213 ProgramStateRef unbindLoc(Loc LV) const; 214 215 /// invalidateRegions - Returns the state with bindings for the given regions 216 /// cleared from the store. The regions are provided as a continuous array 217 /// from Begin to End. Optionally invalidates global regions as well. 218 ProgramStateRef invalidateRegions(ArrayRef<const MemRegion *> Regions, 219 const Expr *E, unsigned BlockCount, 220 const LocationContext *LCtx, 221 StoreManager::InvalidatedSymbols *IS = 0, 222 const CallEvent *Call = 0) const; 223 224 /// enterStackFrame - Returns the state for entry to the given stack frame, 225 /// preserving the current state. 226 ProgramStateRef enterStackFrame(const LocationContext *callerCtx, 227 const StackFrameContext *calleeCtx) const; 228 229 /// Get the lvalue for a variable reference. 230 Loc getLValue(const VarDecl *D, const LocationContext *LC) const; 231 232 Loc getLValue(const CompoundLiteralExpr *literal, 233 const LocationContext *LC) const; 234 235 /// Get the lvalue for an ivar reference. 236 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const; 237 238 /// Get the lvalue for a field reference. 239 SVal getLValue(const FieldDecl *decl, SVal Base) const; 240 241 /// Get the lvalue for an array index. 242 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const; 243 244 const llvm::APSInt *getSymVal(SymbolRef sym) const; 245 246 /// Returns the SVal bound to the statement 'S' in the state's environment. 247 SVal getSVal(const Stmt *S, const LocationContext *LCtx, 248 bool useOnlyDirectBindings = false) const; 249 250 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const; 251 252 /// \brief Return the value bound to the specified location. 253 /// Returns UnknownVal() if none found. 254 SVal getSVal(Loc LV, QualType T = QualType()) const; 255 256 /// Returns the "raw" SVal bound to LV before any value simplfication. 257 SVal getRawSVal(Loc LV, QualType T= QualType()) const; 258 259 /// \brief Return the value bound to the specified location. 260 /// Returns UnknownVal() if none found. 261 SVal getSVal(const MemRegion* R) const; 262 263 SVal getSValAsScalarOrLoc(const MemRegion *R) const; 264 265 /// \brief Visits the symbols reachable from the given SVal using the provided 266 /// SymbolVisitor. 267 /// 268 /// This is a convenience API. Consider using ScanReachableSymbols class 269 /// directly when making multiple scans on the same state with the same 270 /// visitor to avoid repeated initialization cost. 271 /// \sa ScanReachableSymbols 272 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const; 273 274 /// \brief Visits the symbols reachable from the SVals in the given range 275 /// using the provided SymbolVisitor. 276 bool scanReachableSymbols(const SVal *I, const SVal *E, 277 SymbolVisitor &visitor) const; 278 279 /// \brief Visits the symbols reachable from the regions in the given 280 /// MemRegions range using the provided SymbolVisitor. 281 bool scanReachableSymbols(const MemRegion * const *I, 282 const MemRegion * const *E, 283 SymbolVisitor &visitor) const; 284 285 template <typename CB> CB scanReachableSymbols(SVal val) const; 286 template <typename CB> CB scanReachableSymbols(const SVal *beg, 287 const SVal *end) const; 288 289 template <typename CB> CB 290 scanReachableSymbols(const MemRegion * const *beg, 291 const MemRegion * const *end) const; 292 293 /// Create a new state in which the statement is marked as tainted. 294 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx, 295 TaintTagType Kind = TaintTagGeneric) const; 296 297 /// Create a new state in which the symbol is marked as tainted. 298 ProgramStateRef addTaint(SymbolRef S, 299 TaintTagType Kind = TaintTagGeneric) const; 300 301 /// Create a new state in which the region symbol is marked as tainted. 302 ProgramStateRef addTaint(const MemRegion *R, 303 TaintTagType Kind = TaintTagGeneric) const; 304 305 /// Check if the statement is tainted in the current state. 306 bool isTainted(const Stmt *S, const LocationContext *LCtx, 307 TaintTagType Kind = TaintTagGeneric) const; 308 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const; 309 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const; 310 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const; 311 312 //==---------------------------------------------------------------------==// 313 // Accessing the Generic Data Map (GDM). 314 //==---------------------------------------------------------------------==// 315 316 void *const* FindGDM(void *K) const; 317 318 template<typename T> 319 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const; 320 321 template <typename T> 322 typename ProgramStateTrait<T>::data_type 323 get() const { 324 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex())); 325 } 326 327 template<typename T> 328 typename ProgramStateTrait<T>::lookup_type 329 get(typename ProgramStateTrait<T>::key_type key) const { 330 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 331 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key); 332 } 333 334 template <typename T> 335 typename ProgramStateTrait<T>::context_type get_context() const; 336 337 338 template<typename T> 339 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const; 340 341 template<typename T> 342 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K, 343 typename ProgramStateTrait<T>::context_type C) const; 344 template <typename T> 345 ProgramStateRef remove() const; 346 347 template<typename T> 348 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const; 349 350 template<typename T> 351 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 352 typename ProgramStateTrait<T>::value_type E) const; 353 354 template<typename T> 355 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 356 typename ProgramStateTrait<T>::value_type E, 357 typename ProgramStateTrait<T>::context_type C) const; 358 359 template<typename T> 360 bool contains(typename ProgramStateTrait<T>::key_type key) const { 361 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 362 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key); 363 } 364 365 // Pretty-printing. 366 void print(raw_ostream &Out, const char *nl = "\n", 367 const char *sep = "") const; 368 void printDOT(raw_ostream &Out) const; 369 void printTaint(raw_ostream &Out, const char *nl = "\n", 370 const char *sep = "") const; 371 372 void dump() const; 373 void dumpTaint() const; 374 375private: 376 friend void ProgramStateRetain(const ProgramState *state); 377 friend void ProgramStateRelease(const ProgramState *state); 378 379 ProgramStateRef 380 invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, 381 const Expr *E, unsigned BlockCount, 382 const LocationContext *LCtx, 383 StoreManager::InvalidatedSymbols &IS, 384 const CallEvent *Call) const; 385}; 386 387//===----------------------------------------------------------------------===// 388// ProgramStateManager - Factory object for ProgramStates. 389//===----------------------------------------------------------------------===// 390 391class ProgramStateManager { 392 friend class ProgramState; 393 friend void ProgramStateRelease(const ProgramState *state); 394private: 395 /// Eng - The SubEngine that owns this state manager. 396 SubEngine *Eng; /* Can be null. */ 397 398 EnvironmentManager EnvMgr; 399 OwningPtr<StoreManager> StoreMgr; 400 OwningPtr<ConstraintManager> ConstraintMgr; 401 402 ProgramState::GenericDataMap::Factory GDMFactory; 403 404 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy; 405 GDMContextsTy GDMContexts; 406 407 /// StateSet - FoldingSet containing all the states created for analyzing 408 /// a particular function. This is used to unique states. 409 llvm::FoldingSet<ProgramState> StateSet; 410 411 /// Object that manages the data for all created SVals. 412 OwningPtr<SValBuilder> svalBuilder; 413 414 /// A BumpPtrAllocator to allocate states. 415 llvm::BumpPtrAllocator &Alloc; 416 417 /// A vector of ProgramStates that we can reuse. 418 std::vector<ProgramState *> freeStates; 419 420public: 421 ProgramStateManager(ASTContext &Ctx, 422 StoreManagerCreator CreateStoreManager, 423 ConstraintManagerCreator CreateConstraintManager, 424 llvm::BumpPtrAllocator& alloc, 425 SubEngine &subeng) 426 : Eng(&subeng), 427 EnvMgr(alloc), 428 GDMFactory(alloc), 429 svalBuilder(createSimpleSValBuilder(alloc, Ctx, *this)), 430 Alloc(alloc) { 431 StoreMgr.reset((*CreateStoreManager)(*this)); 432 ConstraintMgr.reset((*CreateConstraintManager)(*this, subeng)); 433 } 434 435 ProgramStateManager(ASTContext &Ctx, 436 StoreManagerCreator CreateStoreManager, 437 ConstraintManager* ConstraintManagerPtr, 438 llvm::BumpPtrAllocator& alloc) 439 : Eng(0), 440 EnvMgr(alloc), 441 GDMFactory(alloc), 442 svalBuilder(createSimpleSValBuilder(alloc, Ctx, *this)), 443 Alloc(alloc) { 444 StoreMgr.reset((*CreateStoreManager)(*this)); 445 ConstraintMgr.reset(ConstraintManagerPtr); 446 } 447 448 ~ProgramStateManager(); 449 450 ProgramStateRef getInitialState(const LocationContext *InitLoc); 451 452 ASTContext &getContext() { return svalBuilder->getContext(); } 453 const ASTContext &getContext() const { return svalBuilder->getContext(); } 454 455 BasicValueFactory &getBasicVals() { 456 return svalBuilder->getBasicValueFactory(); 457 } 458 const BasicValueFactory& getBasicVals() const { 459 return svalBuilder->getBasicValueFactory(); 460 } 461 462 SValBuilder &getSValBuilder() { 463 return *svalBuilder; 464 } 465 466 SymbolManager &getSymbolManager() { 467 return svalBuilder->getSymbolManager(); 468 } 469 const SymbolManager &getSymbolManager() const { 470 return svalBuilder->getSymbolManager(); 471 } 472 473 llvm::BumpPtrAllocator& getAllocator() { return Alloc; } 474 475 MemRegionManager& getRegionManager() { 476 return svalBuilder->getRegionManager(); 477 } 478 const MemRegionManager& getRegionManager() const { 479 return svalBuilder->getRegionManager(); 480 } 481 482 StoreManager& getStoreManager() { return *StoreMgr; } 483 ConstraintManager& getConstraintManager() { return *ConstraintMgr; } 484 SubEngine* getOwningEngine() { return Eng; } 485 486 ProgramStateRef removeDeadBindings(ProgramStateRef St, 487 const StackFrameContext *LCtx, 488 SymbolReaper& SymReaper); 489 490 /// Marshal a new state for the callee in another translation unit. 491 /// 'state' is owned by the caller's engine. 492 ProgramStateRef MarshalState(ProgramStateRef state, const StackFrameContext *L); 493 494public: 495 496 SVal ArrayToPointer(Loc Array) { 497 return StoreMgr->ArrayToPointer(Array); 498 } 499 500 // Methods that manipulate the GDM. 501 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data); 502 ProgramStateRef removeGDM(ProgramStateRef state, void *Key); 503 504 // Methods that query & manipulate the Store. 505 506 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) { 507 StoreMgr->iterBindings(state->getStore(), F); 508 } 509 510 ProgramStateRef getPersistentState(ProgramState &Impl); 511 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState, 512 ProgramStateRef GDMState); 513 514 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) { 515 return S1->Env == S2->Env; 516 } 517 518 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) { 519 return S1->store == S2->store; 520 } 521 522 //==---------------------------------------------------------------------==// 523 // Generic Data Map methods. 524 //==---------------------------------------------------------------------==// 525 // 526 // ProgramStateManager and ProgramState support a "generic data map" that allows 527 // different clients of ProgramState objects to embed arbitrary data within a 528 // ProgramState object. The generic data map is essentially an immutable map 529 // from a "tag" (that acts as the "key" for a client) and opaque values. 530 // Tags/keys and values are simply void* values. The typical way that clients 531 // generate unique tags are by taking the address of a static variable. 532 // Clients are responsible for ensuring that data values referred to by a 533 // the data pointer are immutable (and thus are essentially purely functional 534 // data). 535 // 536 // The templated methods below use the ProgramStateTrait<T> class 537 // to resolve keys into the GDM and to return data values to clients. 538 // 539 540 // Trait based GDM dispatch. 541 template <typename T> 542 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) { 543 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 544 ProgramStateTrait<T>::MakeVoidPtr(D)); 545 } 546 547 template<typename T> 548 ProgramStateRef set(ProgramStateRef st, 549 typename ProgramStateTrait<T>::key_type K, 550 typename ProgramStateTrait<T>::value_type V, 551 typename ProgramStateTrait<T>::context_type C) { 552 553 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 554 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C))); 555 } 556 557 template <typename T> 558 ProgramStateRef add(ProgramStateRef st, 559 typename ProgramStateTrait<T>::key_type K, 560 typename ProgramStateTrait<T>::context_type C) { 561 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 562 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C))); 563 } 564 565 template <typename T> 566 ProgramStateRef remove(ProgramStateRef st, 567 typename ProgramStateTrait<T>::key_type K, 568 typename ProgramStateTrait<T>::context_type C) { 569 570 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 571 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C))); 572 } 573 574 template <typename T> 575 ProgramStateRef remove(ProgramStateRef st) { 576 return removeGDM(st, ProgramStateTrait<T>::GDMIndex()); 577 } 578 579 void *FindGDMContext(void *index, 580 void *(*CreateContext)(llvm::BumpPtrAllocator&), 581 void (*DeleteContext)(void*)); 582 583 template <typename T> 584 typename ProgramStateTrait<T>::context_type get_context() { 585 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(), 586 ProgramStateTrait<T>::CreateContext, 587 ProgramStateTrait<T>::DeleteContext); 588 589 return ProgramStateTrait<T>::MakeContext(p); 590 } 591 592 const llvm::APSInt* getSymVal(ProgramStateRef St, SymbolRef sym) { 593 return ConstraintMgr->getSymVal(St, sym); 594 } 595 596 void EndPath(ProgramStateRef St) { 597 ConstraintMgr->EndPath(St); 598 } 599}; 600 601 602//===----------------------------------------------------------------------===// 603// Out-of-line method definitions for ProgramState. 604//===----------------------------------------------------------------------===// 605 606inline const VarRegion* ProgramState::getRegion(const VarDecl *D, 607 const LocationContext *LC) const 608{ 609 return getStateManager().getRegionManager().getVarRegion(D, LC); 610} 611 612inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond, 613 bool Assumption) const { 614 if (Cond.isUnknown()) 615 return this; 616 617 return getStateManager().ConstraintMgr->assume(this, cast<DefinedSVal>(Cond), 618 Assumption); 619} 620 621inline std::pair<ProgramStateRef , ProgramStateRef > 622ProgramState::assume(DefinedOrUnknownSVal Cond) const { 623 if (Cond.isUnknown()) 624 return std::make_pair(this, this); 625 626 return getStateManager().ConstraintMgr->assumeDual(this, 627 cast<DefinedSVal>(Cond)); 628} 629 630inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V) const { 631 return !isa<Loc>(LV) ? this : bindLoc(cast<Loc>(LV), V); 632} 633 634inline Loc ProgramState::getLValue(const VarDecl *VD, 635 const LocationContext *LC) const { 636 return getStateManager().StoreMgr->getLValueVar(VD, LC); 637} 638 639inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal, 640 const LocationContext *LC) const { 641 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC); 642} 643 644inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const { 645 return getStateManager().StoreMgr->getLValueIvar(D, Base); 646} 647 648inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const { 649 return getStateManager().StoreMgr->getLValueField(D, Base); 650} 651 652inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{ 653 if (NonLoc *N = dyn_cast<NonLoc>(&Idx)) 654 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base); 655 return UnknownVal(); 656} 657 658inline const llvm::APSInt *ProgramState::getSymVal(SymbolRef sym) const { 659 return getStateManager().getSymVal(this, sym); 660} 661 662inline SVal ProgramState::getSVal(const Stmt *Ex, const LocationContext *LCtx, 663 bool useOnlyDirectBindings) const{ 664 return Env.getSVal(EnvironmentEntry(Ex, LCtx), 665 *getStateManager().svalBuilder, 666 useOnlyDirectBindings); 667} 668 669inline SVal 670ProgramState::getSValAsScalarOrLoc(const Stmt *S, 671 const LocationContext *LCtx) const { 672 if (const Expr *Ex = dyn_cast<Expr>(S)) { 673 QualType T = Ex->getType(); 674 if (Ex->isGLValue() || Loc::isLocType(T) || T->isIntegerType()) 675 return getSVal(S, LCtx); 676 } 677 678 return UnknownVal(); 679} 680 681inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const { 682 return getStateManager().StoreMgr->getBinding(getStore(), LV, T); 683} 684 685inline SVal ProgramState::getSVal(const MemRegion* R) const { 686 return getStateManager().StoreMgr->getBinding(getStore(), 687 loc::MemRegionVal(R)); 688} 689 690inline BasicValueFactory &ProgramState::getBasicVals() const { 691 return getStateManager().getBasicVals(); 692} 693 694inline SymbolManager &ProgramState::getSymbolManager() const { 695 return getStateManager().getSymbolManager(); 696} 697 698template<typename T> 699ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const { 700 return getStateManager().add<T>(this, K, get_context<T>()); 701} 702 703template <typename T> 704typename ProgramStateTrait<T>::context_type ProgramState::get_context() const { 705 return getStateManager().get_context<T>(); 706} 707 708template<typename T> 709ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const { 710 return getStateManager().remove<T>(this, K, get_context<T>()); 711} 712 713template<typename T> 714ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K, 715 typename ProgramStateTrait<T>::context_type C) const { 716 return getStateManager().remove<T>(this, K, C); 717} 718 719template <typename T> 720ProgramStateRef ProgramState::remove() const { 721 return getStateManager().remove<T>(this); 722} 723 724template<typename T> 725ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const { 726 return getStateManager().set<T>(this, D); 727} 728 729template<typename T> 730ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 731 typename ProgramStateTrait<T>::value_type E) const { 732 return getStateManager().set<T>(this, K, E, get_context<T>()); 733} 734 735template<typename T> 736ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 737 typename ProgramStateTrait<T>::value_type E, 738 typename ProgramStateTrait<T>::context_type C) const { 739 return getStateManager().set<T>(this, K, E, C); 740} 741 742template <typename CB> 743CB ProgramState::scanReachableSymbols(SVal val) const { 744 CB cb(this); 745 scanReachableSymbols(val, cb); 746 return cb; 747} 748 749template <typename CB> 750CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const { 751 CB cb(this); 752 scanReachableSymbols(beg, end, cb); 753 return cb; 754} 755 756template <typename CB> 757CB ProgramState::scanReachableSymbols(const MemRegion * const *beg, 758 const MemRegion * const *end) const { 759 CB cb(this); 760 scanReachableSymbols(beg, end, cb); 761 return cb; 762} 763 764/// \class ScanReachableSymbols 765/// A Utility class that allows to visit the reachable symbols using a custom 766/// SymbolVisitor. 767class ScanReachableSymbols : public SubRegionMap::Visitor { 768 virtual void anchor(); 769 typedef llvm::DenseMap<const void*, unsigned> VisitedItems; 770 771 VisitedItems visited; 772 ProgramStateRef state; 773 SymbolVisitor &visitor; 774 OwningPtr<SubRegionMap> SRM; 775public: 776 777 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor& v) 778 : state(st), visitor(v) {} 779 780 bool scan(nonloc::CompoundVal val); 781 bool scan(SVal val); 782 bool scan(const MemRegion *R); 783 bool scan(const SymExpr *sym); 784 785 // From SubRegionMap::Visitor. 786 bool Visit(const MemRegion* Parent, const MemRegion* SubRegion) { 787 return scan(SubRegion); 788 } 789}; 790 791} // end GR namespace 792 793} // end clang namespace 794 795#endif 796