ProgramState.h revision 8bef8238181a30e52dea380789a7e2d760eac532
1//== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines SymbolRef, ExprBindKey, and ProgramState*. 11// 12//===----------------------------------------------------------------------===// 13 14#ifndef LLVM_CLANG_GR_VALUESTATE_H 15#define LLVM_CLANG_GR_VALUESTATE_H 16 17#include "clang/Basic/LLVM.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" 19#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h" 20#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h" 21#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 22#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h" 23#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h" 24#include "llvm/ADT/PointerIntPair.h" 25#include "llvm/ADT/FoldingSet.h" 26#include "llvm/ADT/ImmutableMap.h" 27 28namespace llvm { 29class APSInt; 30class BumpPtrAllocator; 31} 32 33namespace clang { 34class ASTContext; 35 36namespace ento { 37 38class CallOrObjCMessage; 39 40typedef ConstraintManager* (*ConstraintManagerCreator)(ProgramStateManager&, 41 SubEngine&); 42typedef StoreManager* (*StoreManagerCreator)(ProgramStateManager&); 43 44//===----------------------------------------------------------------------===// 45// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState. 46//===----------------------------------------------------------------------===// 47 48template <typename T> struct ProgramStatePartialTrait; 49 50template <typename T> struct ProgramStateTrait { 51 typedef typename T::data_type data_type; 52 static inline void *GDMIndex() { return &T::TagInt; } 53 static inline void *MakeVoidPtr(data_type D) { return (void*) D; } 54 static inline data_type MakeData(void *const* P) { 55 return P ? (data_type) *P : (data_type) 0; 56 } 57}; 58 59/// \class ProgramState 60/// ProgramState - This class encapsulates: 61/// 62/// 1. A mapping from expressions to values (Environment) 63/// 2. A mapping from locations to values (Store) 64/// 3. Constraints on symbolic values (GenericDataMap) 65/// 66/// Together these represent the "abstract state" of a program. 67/// 68/// ProgramState is intended to be used as a functional object; that is, 69/// once it is created and made "persistent" in a FoldingSet, its 70/// values will never change. 71class ProgramState : public llvm::FoldingSetNode { 72public: 73 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy; 74 typedef llvm::ImmutableMap<void*, void*> GenericDataMap; 75 76private: 77 void operator=(const ProgramState& R) const; // Do not implement. 78 79 friend class ProgramStateManager; 80 friend class ExplodedGraph; 81 friend class ExplodedNode; 82 83 ProgramStateManager *stateMgr; 84 Environment Env; // Maps a Stmt to its current SVal. 85 Store store; // Maps a location to its current value. 86 GenericDataMap GDM; // Custom data stored by a client of this class. 87 unsigned refCount; 88 89 /// makeWithStore - Return a ProgramState with the same values as the current 90 /// state with the exception of using the specified Store. 91 ProgramStateRef makeWithStore(const StoreRef &store) const; 92 93 void setStore(const StoreRef &storeRef); 94 95public: 96 97 /// This ctor is used when creating the first ProgramState object. 98 ProgramState(ProgramStateManager *mgr, const Environment& env, 99 StoreRef st, GenericDataMap gdm); 100 101 /// Copy ctor - We must explicitly define this or else the "Next" ptr 102 /// in FoldingSetNode will also get copied. 103 ProgramState(const ProgramState &RHS); 104 105 ~ProgramState(); 106 107 /// Return the ProgramStateManager associated with this state. 108 ProgramStateManager &getStateManager() const { return *stateMgr; } 109 110 /// Return true if this state is referenced by a persistent ExplodedNode. 111 bool referencedByExplodedNode() const { return refCount > 0; } 112 113 /// getEnvironment - Return the environment associated with this state. 114 /// The environment is the mapping from expressions to values. 115 const Environment& getEnvironment() const { return Env; } 116 117 /// Return the store associated with this state. The store 118 /// is a mapping from locations to values. 119 Store getStore() const { return store; } 120 121 122 /// getGDM - Return the generic data map associated with this state. 123 GenericDataMap getGDM() const { return GDM; } 124 125 void setGDM(GenericDataMap gdm) { GDM = gdm; } 126 127 /// Profile - Profile the contents of a ProgramState object for use in a 128 /// FoldingSet. Two ProgramState objects are considered equal if they 129 /// have the same Environment, Store, and GenericDataMap. 130 static void Profile(llvm::FoldingSetNodeID& ID, ProgramStateRef V) { 131 V->Env.Profile(ID); 132 ID.AddPointer(V->store); 133 V->GDM.Profile(ID); 134 } 135 136 /// Profile - Used to profile the contents of this object for inclusion 137 /// in a FoldingSet. 138 void Profile(llvm::FoldingSetNodeID& ID) const { 139 Profile(ID, this); 140 } 141 142 BasicValueFactory &getBasicVals() const; 143 SymbolManager &getSymbolManager() const; 144 145 //==---------------------------------------------------------------------==// 146 // Constraints on values. 147 //==---------------------------------------------------------------------==// 148 // 149 // Each ProgramState records constraints on symbolic values. These constraints 150 // are managed using the ConstraintManager associated with a ProgramStateManager. 151 // As constraints gradually accrue on symbolic values, added constraints 152 // may conflict and indicate that a state is infeasible (as no real values 153 // could satisfy all the constraints). This is the principal mechanism 154 // for modeling path-sensitivity in ExprEngine/ProgramState. 155 // 156 // Various "assume" methods form the interface for adding constraints to 157 // symbolic values. A call to 'assume' indicates an assumption being placed 158 // on one or symbolic values. 'assume' methods take the following inputs: 159 // 160 // (1) A ProgramState object representing the current state. 161 // 162 // (2) The assumed constraint (which is specific to a given "assume" method). 163 // 164 // (3) A binary value "Assumption" that indicates whether the constraint is 165 // assumed to be true or false. 166 // 167 // The output of "assume*" is a new ProgramState object with the added constraints. 168 // If no new state is feasible, NULL is returned. 169 // 170 171 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const; 172 173 /// This method assumes both "true" and "false" for 'cond', and 174 /// returns both corresponding states. It's shorthand for doing 175 /// 'assume' twice. 176 std::pair<ProgramStateRef , ProgramStateRef > 177 assume(DefinedOrUnknownSVal cond) const; 178 179 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx, 180 DefinedOrUnknownSVal upperBound, 181 bool assumption) const; 182 183 /// Utility method for getting regions. 184 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const; 185 186 //==---------------------------------------------------------------------==// 187 // Binding and retrieving values to/from the environment and symbolic store. 188 //==---------------------------------------------------------------------==// 189 190 /// BindCompoundLiteral - Return the state that has the bindings currently 191 /// in this state plus the bindings for the CompoundLiteral. 192 ProgramStateRef bindCompoundLiteral(const CompoundLiteralExpr *CL, 193 const LocationContext *LC, 194 SVal V) const; 195 196 /// Create a new state by binding the value 'V' to the statement 'S' in the 197 /// state's environment. 198 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx, 199 SVal V, bool Invalidate = true) const; 200 201 /// Create a new state by binding the value 'V' and location 'locaton' to the 202 /// statement 'S' in the state's environment. 203 ProgramStateRef bindExprAndLocation(const Stmt *S, 204 const LocationContext *LCtx, 205 SVal location, SVal V) const; 206 207 ProgramStateRef bindDecl(const VarRegion *VR, SVal V) const; 208 209 ProgramStateRef bindDeclWithNoInit(const VarRegion *VR) const; 210 211 ProgramStateRef bindLoc(Loc location, SVal V) const; 212 213 ProgramStateRef bindLoc(SVal location, SVal V) const; 214 215 ProgramStateRef bindDefault(SVal loc, SVal V) const; 216 217 ProgramStateRef unbindLoc(Loc LV) const; 218 219 /// invalidateRegions - Returns the state with bindings for the given regions 220 /// cleared from the store. The regions are provided as a continuous array 221 /// from Begin to End. Optionally invalidates global regions as well. 222 ProgramStateRef invalidateRegions(ArrayRef<const MemRegion *> Regions, 223 const Expr *E, unsigned BlockCount, 224 StoreManager::InvalidatedSymbols *IS = 0, 225 const CallOrObjCMessage *Call = 0) const; 226 227 /// enterStackFrame - Returns the state for entry to the given stack frame, 228 /// preserving the current state. 229 ProgramStateRef enterStackFrame(const LocationContext *callerCtx, 230 const StackFrameContext *calleeCtx) const; 231 232 /// Get the lvalue for a variable reference. 233 Loc getLValue(const VarDecl *D, const LocationContext *LC) const; 234 235 /// Get the lvalue for a StringLiteral. 236 Loc getLValue(const StringLiteral *literal) const; 237 238 Loc getLValue(const CompoundLiteralExpr *literal, 239 const LocationContext *LC) const; 240 241 /// Get the lvalue for an ivar reference. 242 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const; 243 244 /// Get the lvalue for a field reference. 245 SVal getLValue(const FieldDecl *decl, SVal Base) const; 246 247 /// Get the lvalue for an array index. 248 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const; 249 250 const llvm::APSInt *getSymVal(SymbolRef sym) const; 251 252 /// Returns the SVal bound to the statement 'S' in the state's environment. 253 SVal getSVal(const Stmt *S, const LocationContext *LCtx, 254 bool useOnlyDirectBindings = false) const; 255 256 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const; 257 258 SVal getSVal(Loc LV, QualType T = QualType()) const; 259 260 /// Returns the "raw" SVal bound to LV before any value simplfication. 261 SVal getRawSVal(Loc LV, QualType T= QualType()) const; 262 263 SVal getSVal(const MemRegion* R) const; 264 265 SVal getSValAsScalarOrLoc(const MemRegion *R) const; 266 267 /// \brief Visits the symbols reachable from the given SVal using the provided 268 /// SymbolVisitor. 269 /// 270 /// This is a convenience API. Consider using ScanReachableSymbols class 271 /// directly when making multiple scans on the same state with the same 272 /// visitor to avoid repeated initialization cost. 273 /// \sa ScanReachableSymbols 274 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const; 275 276 /// \brief Visits the symbols reachable from the SVals in the given range 277 /// using the provided SymbolVisitor. 278 bool scanReachableSymbols(const SVal *I, const SVal *E, 279 SymbolVisitor &visitor) const; 280 281 /// \brief Visits the symbols reachable from the regions in the given 282 /// MemRegions range using the provided SymbolVisitor. 283 bool scanReachableSymbols(const MemRegion * const *I, 284 const MemRegion * const *E, 285 SymbolVisitor &visitor) const; 286 287 template <typename CB> CB scanReachableSymbols(SVal val) const; 288 template <typename CB> CB scanReachableSymbols(const SVal *beg, 289 const SVal *end) const; 290 291 template <typename CB> CB 292 scanReachableSymbols(const MemRegion * const *beg, 293 const MemRegion * const *end) const; 294 295 /// Create a new state in which the statement is marked as tainted. 296 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx, 297 TaintTagType Kind = TaintTagGeneric) const; 298 299 /// Create a new state in which the symbol is marked as tainted. 300 ProgramStateRef addTaint(SymbolRef S, 301 TaintTagType Kind = TaintTagGeneric) const; 302 303 /// Create a new state in which the region symbol is marked as tainted. 304 ProgramStateRef addTaint(const MemRegion *R, 305 TaintTagType Kind = TaintTagGeneric) const; 306 307 /// Check if the statement is tainted in the current state. 308 bool isTainted(const Stmt *S, const LocationContext *LCtx, 309 TaintTagType Kind = TaintTagGeneric) const; 310 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const; 311 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const; 312 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const; 313 314 //==---------------------------------------------------------------------==// 315 // Accessing the Generic Data Map (GDM). 316 //==---------------------------------------------------------------------==// 317 318 void *const* FindGDM(void *K) const; 319 320 template<typename T> 321 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const; 322 323 template <typename T> 324 typename ProgramStateTrait<T>::data_type 325 get() const { 326 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex())); 327 } 328 329 template<typename T> 330 typename ProgramStateTrait<T>::lookup_type 331 get(typename ProgramStateTrait<T>::key_type key) const { 332 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 333 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key); 334 } 335 336 template <typename T> 337 typename ProgramStateTrait<T>::context_type get_context() const; 338 339 340 template<typename T> 341 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const; 342 343 template<typename T> 344 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K, 345 typename ProgramStateTrait<T>::context_type C) const; 346 template <typename T> 347 ProgramStateRef remove() const; 348 349 template<typename T> 350 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const; 351 352 template<typename T> 353 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 354 typename ProgramStateTrait<T>::value_type E) const; 355 356 template<typename T> 357 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 358 typename ProgramStateTrait<T>::value_type E, 359 typename ProgramStateTrait<T>::context_type C) const; 360 361 template<typename T> 362 bool contains(typename ProgramStateTrait<T>::key_type key) const { 363 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 364 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key); 365 } 366 367 // Pretty-printing. 368 void print(raw_ostream &Out, const char *nl = "\n", 369 const char *sep = "") const; 370 void printDOT(raw_ostream &Out) const; 371 void printTaint(raw_ostream &Out, const char *nl = "\n", 372 const char *sep = "") const; 373 374 void dump() const; 375 void dumpTaint() const; 376 377private: 378 /// Increments the number of times this state is referenced by ExplodeNodes. 379 void incrementReferenceCount() { ++refCount; } 380 381 /// Decrement the number of times this state is referenced by ExplodeNodes. 382 void decrementReferenceCount() { 383 assert(refCount > 0); 384 --refCount; 385 } 386 387 ProgramStateRef 388 invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, 389 const Expr *E, unsigned BlockCount, 390 StoreManager::InvalidatedSymbols &IS, 391 const CallOrObjCMessage *Call) const; 392}; 393 394class ProgramStateSet { 395 typedef llvm::SmallPtrSet<ProgramStateRef,5> ImplTy; 396 ImplTy Impl; 397public: 398 ProgramStateSet() {} 399 400 inline void Add(ProgramStateRef St) { 401 Impl.insert(St); 402 } 403 404 typedef ImplTy::const_iterator iterator; 405 406 inline unsigned size() const { return Impl.size(); } 407 inline bool empty() const { return Impl.empty(); } 408 409 inline iterator begin() const { return Impl.begin(); } 410 inline iterator end() const { return Impl.end(); } 411 412 class AutoPopulate { 413 ProgramStateSet &S; 414 unsigned StartSize; 415 ProgramStateRef St; 416 public: 417 AutoPopulate(ProgramStateSet &s, ProgramStateRef st) 418 : S(s), StartSize(S.size()), St(st) {} 419 420 ~AutoPopulate() { 421 if (StartSize == S.size()) 422 S.Add(St); 423 } 424 }; 425}; 426 427//===----------------------------------------------------------------------===// 428// ProgramStateManager - Factory object for ProgramStates. 429//===----------------------------------------------------------------------===// 430 431class ProgramStateManager { 432 friend class ProgramState; 433private: 434 /// Eng - The SubEngine that owns this state manager. 435 SubEngine *Eng; /* Can be null. */ 436 437 EnvironmentManager EnvMgr; 438 llvm::OwningPtr<StoreManager> StoreMgr; 439 llvm::OwningPtr<ConstraintManager> ConstraintMgr; 440 441 ProgramState::GenericDataMap::Factory GDMFactory; 442 443 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy; 444 GDMContextsTy GDMContexts; 445 446 /// StateSet - FoldingSet containing all the states created for analyzing 447 /// a particular function. This is used to unique states. 448 llvm::FoldingSet<ProgramState> StateSet; 449 450 /// Object that manages the data for all created SVals. 451 llvm::OwningPtr<SValBuilder> svalBuilder; 452 453 /// A BumpPtrAllocator to allocate states. 454 llvm::BumpPtrAllocator &Alloc; 455 456 /// A vector of recently allocated ProgramStates that can potentially be 457 /// reused. 458 std::vector<ProgramState *> recentlyAllocatedStates; 459 460 /// A vector of ProgramStates that we can reuse. 461 std::vector<ProgramState *> freeStates; 462 463public: 464 ProgramStateManager(ASTContext &Ctx, 465 StoreManagerCreator CreateStoreManager, 466 ConstraintManagerCreator CreateConstraintManager, 467 llvm::BumpPtrAllocator& alloc, 468 SubEngine &subeng) 469 : Eng(&subeng), 470 EnvMgr(alloc), 471 GDMFactory(alloc), 472 svalBuilder(createSimpleSValBuilder(alloc, Ctx, *this)), 473 Alloc(alloc) { 474 StoreMgr.reset((*CreateStoreManager)(*this)); 475 ConstraintMgr.reset((*CreateConstraintManager)(*this, subeng)); 476 } 477 478 ProgramStateManager(ASTContext &Ctx, 479 StoreManagerCreator CreateStoreManager, 480 ConstraintManager* ConstraintManagerPtr, 481 llvm::BumpPtrAllocator& alloc) 482 : Eng(0), 483 EnvMgr(alloc), 484 GDMFactory(alloc), 485 svalBuilder(createSimpleSValBuilder(alloc, Ctx, *this)), 486 Alloc(alloc) { 487 StoreMgr.reset((*CreateStoreManager)(*this)); 488 ConstraintMgr.reset(ConstraintManagerPtr); 489 } 490 491 ~ProgramStateManager(); 492 493 ProgramStateRef getInitialState(const LocationContext *InitLoc); 494 495 ASTContext &getContext() { return svalBuilder->getContext(); } 496 const ASTContext &getContext() const { return svalBuilder->getContext(); } 497 498 BasicValueFactory &getBasicVals() { 499 return svalBuilder->getBasicValueFactory(); 500 } 501 const BasicValueFactory& getBasicVals() const { 502 return svalBuilder->getBasicValueFactory(); 503 } 504 505 SValBuilder &getSValBuilder() { 506 return *svalBuilder; 507 } 508 509 SymbolManager &getSymbolManager() { 510 return svalBuilder->getSymbolManager(); 511 } 512 const SymbolManager &getSymbolManager() const { 513 return svalBuilder->getSymbolManager(); 514 } 515 516 llvm::BumpPtrAllocator& getAllocator() { return Alloc; } 517 518 MemRegionManager& getRegionManager() { 519 return svalBuilder->getRegionManager(); 520 } 521 const MemRegionManager& getRegionManager() const { 522 return svalBuilder->getRegionManager(); 523 } 524 525 StoreManager& getStoreManager() { return *StoreMgr; } 526 ConstraintManager& getConstraintManager() { return *ConstraintMgr; } 527 SubEngine* getOwningEngine() { return Eng; } 528 529 ProgramStateRef removeDeadBindings(ProgramStateRef St, 530 const StackFrameContext *LCtx, 531 SymbolReaper& SymReaper); 532 533 /// Marshal a new state for the callee in another translation unit. 534 /// 'state' is owned by the caller's engine. 535 ProgramStateRef MarshalState(ProgramStateRef state, const StackFrameContext *L); 536 537public: 538 539 SVal ArrayToPointer(Loc Array) { 540 return StoreMgr->ArrayToPointer(Array); 541 } 542 543 // Methods that manipulate the GDM. 544 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data); 545 ProgramStateRef removeGDM(ProgramStateRef state, void *Key); 546 547 // Methods that query & manipulate the Store. 548 549 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) { 550 StoreMgr->iterBindings(state->getStore(), F); 551 } 552 553 ProgramStateRef getPersistentState(ProgramState &Impl); 554 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState, 555 ProgramStateRef GDMState); 556 557 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) { 558 return S1->Env == S2->Env; 559 } 560 561 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) { 562 return S1->store == S2->store; 563 } 564 565 /// Periodically called by ExprEngine to recycle ProgramStates that were 566 /// created but never used for creating an ExplodedNode. 567 void recycleUnusedStates(); 568 569 //==---------------------------------------------------------------------==// 570 // Generic Data Map methods. 571 //==---------------------------------------------------------------------==// 572 // 573 // ProgramStateManager and ProgramState support a "generic data map" that allows 574 // different clients of ProgramState objects to embed arbitrary data within a 575 // ProgramState object. The generic data map is essentially an immutable map 576 // from a "tag" (that acts as the "key" for a client) and opaque values. 577 // Tags/keys and values are simply void* values. The typical way that clients 578 // generate unique tags are by taking the address of a static variable. 579 // Clients are responsible for ensuring that data values referred to by a 580 // the data pointer are immutable (and thus are essentially purely functional 581 // data). 582 // 583 // The templated methods below use the ProgramStateTrait<T> class 584 // to resolve keys into the GDM and to return data values to clients. 585 // 586 587 // Trait based GDM dispatch. 588 template <typename T> 589 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) { 590 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 591 ProgramStateTrait<T>::MakeVoidPtr(D)); 592 } 593 594 template<typename T> 595 ProgramStateRef set(ProgramStateRef st, 596 typename ProgramStateTrait<T>::key_type K, 597 typename ProgramStateTrait<T>::value_type V, 598 typename ProgramStateTrait<T>::context_type C) { 599 600 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 601 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C))); 602 } 603 604 template <typename T> 605 ProgramStateRef add(ProgramStateRef st, 606 typename ProgramStateTrait<T>::key_type K, 607 typename ProgramStateTrait<T>::context_type C) { 608 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 609 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C))); 610 } 611 612 template <typename T> 613 ProgramStateRef remove(ProgramStateRef st, 614 typename ProgramStateTrait<T>::key_type K, 615 typename ProgramStateTrait<T>::context_type C) { 616 617 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 618 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C))); 619 } 620 621 template <typename T> 622 ProgramStateRef remove(ProgramStateRef st) { 623 return removeGDM(st, ProgramStateTrait<T>::GDMIndex()); 624 } 625 626 void *FindGDMContext(void *index, 627 void *(*CreateContext)(llvm::BumpPtrAllocator&), 628 void (*DeleteContext)(void*)); 629 630 template <typename T> 631 typename ProgramStateTrait<T>::context_type get_context() { 632 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(), 633 ProgramStateTrait<T>::CreateContext, 634 ProgramStateTrait<T>::DeleteContext); 635 636 return ProgramStateTrait<T>::MakeContext(p); 637 } 638 639 const llvm::APSInt* getSymVal(ProgramStateRef St, SymbolRef sym) { 640 return ConstraintMgr->getSymVal(St, sym); 641 } 642 643 void EndPath(ProgramStateRef St) { 644 ConstraintMgr->EndPath(St); 645 } 646}; 647 648 649//===----------------------------------------------------------------------===// 650// Out-of-line method definitions for ProgramState. 651//===----------------------------------------------------------------------===// 652 653inline const VarRegion* ProgramState::getRegion(const VarDecl *D, 654 const LocationContext *LC) const 655{ 656 return getStateManager().getRegionManager().getVarRegion(D, LC); 657} 658 659inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond, 660 bool Assumption) const { 661 if (Cond.isUnknown()) 662 return this; 663 664 return getStateManager().ConstraintMgr->assume(this, cast<DefinedSVal>(Cond), 665 Assumption); 666} 667 668inline std::pair<ProgramStateRef , ProgramStateRef > 669ProgramState::assume(DefinedOrUnknownSVal Cond) const { 670 if (Cond.isUnknown()) 671 return std::make_pair(this, this); 672 673 return getStateManager().ConstraintMgr->assumeDual(this, 674 cast<DefinedSVal>(Cond)); 675} 676 677inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V) const { 678 return !isa<Loc>(LV) ? this : bindLoc(cast<Loc>(LV), V); 679} 680 681inline Loc ProgramState::getLValue(const VarDecl *VD, 682 const LocationContext *LC) const { 683 return getStateManager().StoreMgr->getLValueVar(VD, LC); 684} 685 686inline Loc ProgramState::getLValue(const StringLiteral *literal) const { 687 return getStateManager().StoreMgr->getLValueString(literal); 688} 689 690inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal, 691 const LocationContext *LC) const { 692 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC); 693} 694 695inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const { 696 return getStateManager().StoreMgr->getLValueIvar(D, Base); 697} 698 699inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const { 700 return getStateManager().StoreMgr->getLValueField(D, Base); 701} 702 703inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{ 704 if (NonLoc *N = dyn_cast<NonLoc>(&Idx)) 705 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base); 706 return UnknownVal(); 707} 708 709inline const llvm::APSInt *ProgramState::getSymVal(SymbolRef sym) const { 710 return getStateManager().getSymVal(this, sym); 711} 712 713inline SVal ProgramState::getSVal(const Stmt *Ex, const LocationContext *LCtx, 714 bool useOnlyDirectBindings) const{ 715 return Env.getSVal(EnvironmentEntry(Ex, LCtx), 716 *getStateManager().svalBuilder, 717 useOnlyDirectBindings); 718} 719 720inline SVal 721ProgramState::getSValAsScalarOrLoc(const Stmt *S, 722 const LocationContext *LCtx) const { 723 if (const Expr *Ex = dyn_cast<Expr>(S)) { 724 QualType T = Ex->getType(); 725 if (Ex->isLValue() || Loc::isLocType(T) || T->isIntegerType()) 726 return getSVal(S, LCtx); 727 } 728 729 return UnknownVal(); 730} 731 732inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const { 733 return getStateManager().StoreMgr->getBinding(getStore(), LV, T); 734} 735 736inline SVal ProgramState::getSVal(const MemRegion* R) const { 737 return getStateManager().StoreMgr->getBinding(getStore(), 738 loc::MemRegionVal(R)); 739} 740 741inline BasicValueFactory &ProgramState::getBasicVals() const { 742 return getStateManager().getBasicVals(); 743} 744 745inline SymbolManager &ProgramState::getSymbolManager() const { 746 return getStateManager().getSymbolManager(); 747} 748 749template<typename T> 750ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const { 751 return getStateManager().add<T>(this, K, get_context<T>()); 752} 753 754template <typename T> 755typename ProgramStateTrait<T>::context_type ProgramState::get_context() const { 756 return getStateManager().get_context<T>(); 757} 758 759template<typename T> 760ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const { 761 return getStateManager().remove<T>(this, K, get_context<T>()); 762} 763 764template<typename T> 765ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K, 766 typename ProgramStateTrait<T>::context_type C) const { 767 return getStateManager().remove<T>(this, K, C); 768} 769 770template <typename T> 771ProgramStateRef ProgramState::remove() const { 772 return getStateManager().remove<T>(this); 773} 774 775template<typename T> 776ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const { 777 return getStateManager().set<T>(this, D); 778} 779 780template<typename T> 781ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 782 typename ProgramStateTrait<T>::value_type E) const { 783 return getStateManager().set<T>(this, K, E, get_context<T>()); 784} 785 786template<typename T> 787ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 788 typename ProgramStateTrait<T>::value_type E, 789 typename ProgramStateTrait<T>::context_type C) const { 790 return getStateManager().set<T>(this, K, E, C); 791} 792 793template <typename CB> 794CB ProgramState::scanReachableSymbols(SVal val) const { 795 CB cb(this); 796 scanReachableSymbols(val, cb); 797 return cb; 798} 799 800template <typename CB> 801CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const { 802 CB cb(this); 803 scanReachableSymbols(beg, end, cb); 804 return cb; 805} 806 807template <typename CB> 808CB ProgramState::scanReachableSymbols(const MemRegion * const *beg, 809 const MemRegion * const *end) const { 810 CB cb(this); 811 scanReachableSymbols(beg, end, cb); 812 return cb; 813} 814 815/// \class ScanReachableSymbols 816/// A Utility class that allows to visit the reachable symbols using a custom 817/// SymbolVisitor. 818class ScanReachableSymbols : public SubRegionMap::Visitor { 819 virtual void anchor(); 820 typedef llvm::DenseMap<const void*, unsigned> VisitedItems; 821 822 VisitedItems visited; 823 ProgramStateRef state; 824 SymbolVisitor &visitor; 825 llvm::OwningPtr<SubRegionMap> SRM; 826public: 827 828 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor& v) 829 : state(st), visitor(v) {} 830 831 bool scan(nonloc::CompoundVal val); 832 bool scan(SVal val); 833 bool scan(const MemRegion *R); 834 bool scan(const SymExpr *sym); 835 836 // From SubRegionMap::Visitor. 837 bool Visit(const MemRegion* Parent, const MemRegion* SubRegion) { 838 return scan(SubRegion); 839 } 840}; 841 842} // end GR namespace 843 844} // end clang namespace 845 846#endif 847