ProgramState.h revision e54778d77d4f2b2d006bdb7e16f49271e1e9d13d
1//== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the state of the program along the analyzes path. 11// 12//===----------------------------------------------------------------------===// 13 14#ifndef LLVM_CLANG_GR_VALUESTATE_H 15#define LLVM_CLANG_GR_VALUESTATE_H 16 17#include "clang/Basic/LLVM.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" 19#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h" 20#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h" 21#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h" 22#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 23#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h" 24#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h" 25#include "llvm/ADT/PointerIntPair.h" 26#include "llvm/ADT/FoldingSet.h" 27#include "llvm/ADT/ImmutableMap.h" 28 29namespace llvm { 30class APSInt; 31class BumpPtrAllocator; 32} 33 34namespace clang { 35class ASTContext; 36 37namespace ento { 38 39class CallEvent; 40class CallEventManager; 41 42typedef ConstraintManager* (*ConstraintManagerCreator)(ProgramStateManager&, 43 SubEngine&); 44typedef StoreManager* (*StoreManagerCreator)(ProgramStateManager&); 45 46//===----------------------------------------------------------------------===// 47// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState. 48//===----------------------------------------------------------------------===// 49 50template <typename T> struct ProgramStatePartialTrait; 51 52template <typename T> struct ProgramStateTrait { 53 typedef typename T::data_type data_type; 54 static inline void *MakeVoidPtr(data_type D) { return (void*) D; } 55 static inline data_type MakeData(void *const* P) { 56 return P ? (data_type) *P : (data_type) 0; 57 } 58}; 59 60/// \class ProgramState 61/// ProgramState - This class encapsulates: 62/// 63/// 1. A mapping from expressions to values (Environment) 64/// 2. A mapping from locations to values (Store) 65/// 3. Constraints on symbolic values (GenericDataMap) 66/// 67/// Together these represent the "abstract state" of a program. 68/// 69/// ProgramState is intended to be used as a functional object; that is, 70/// once it is created and made "persistent" in a FoldingSet, its 71/// values will never change. 72class ProgramState : public llvm::FoldingSetNode { 73public: 74 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy; 75 typedef llvm::ImmutableMap<void*, void*> GenericDataMap; 76 77private: 78 void operator=(const ProgramState& R) const; // Do not implement. 79 80 friend class ProgramStateManager; 81 friend class ExplodedGraph; 82 friend class ExplodedNode; 83 84 ProgramStateManager *stateMgr; 85 Environment Env; // Maps a Stmt to its current SVal. 86 Store store; // Maps a location to its current value. 87 GenericDataMap GDM; // Custom data stored by a client of this class. 88 unsigned refCount; 89 90 /// makeWithStore - Return a ProgramState with the same values as the current 91 /// state with the exception of using the specified Store. 92 ProgramStateRef makeWithStore(const StoreRef &store) const; 93 94 void setStore(const StoreRef &storeRef); 95 96public: 97 /// This ctor is used when creating the first ProgramState object. 98 ProgramState(ProgramStateManager *mgr, const Environment& env, 99 StoreRef st, GenericDataMap gdm); 100 101 /// Copy ctor - We must explicitly define this or else the "Next" ptr 102 /// in FoldingSetNode will also get copied. 103 ProgramState(const ProgramState &RHS); 104 105 ~ProgramState(); 106 107 /// Return the ProgramStateManager associated with this state. 108 ProgramStateManager &getStateManager() const { return *stateMgr; } 109 110 /// getEnvironment - Return the environment associated with this state. 111 /// The environment is the mapping from expressions to values. 112 const Environment& getEnvironment() const { return Env; } 113 114 /// Return the store associated with this state. The store 115 /// is a mapping from locations to values. 116 Store getStore() const { return store; } 117 118 119 /// getGDM - Return the generic data map associated with this state. 120 GenericDataMap getGDM() const { return GDM; } 121 122 void setGDM(GenericDataMap gdm) { GDM = gdm; } 123 124 /// Profile - Profile the contents of a ProgramState object for use in a 125 /// FoldingSet. Two ProgramState objects are considered equal if they 126 /// have the same Environment, Store, and GenericDataMap. 127 static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) { 128 V->Env.Profile(ID); 129 ID.AddPointer(V->store); 130 V->GDM.Profile(ID); 131 } 132 133 /// Profile - Used to profile the contents of this object for inclusion 134 /// in a FoldingSet. 135 void Profile(llvm::FoldingSetNodeID& ID) const { 136 Profile(ID, this); 137 } 138 139 BasicValueFactory &getBasicVals() const; 140 SymbolManager &getSymbolManager() const; 141 142 //==---------------------------------------------------------------------==// 143 // Constraints on values. 144 //==---------------------------------------------------------------------==// 145 // 146 // Each ProgramState records constraints on symbolic values. These constraints 147 // are managed using the ConstraintManager associated with a ProgramStateManager. 148 // As constraints gradually accrue on symbolic values, added constraints 149 // may conflict and indicate that a state is infeasible (as no real values 150 // could satisfy all the constraints). This is the principal mechanism 151 // for modeling path-sensitivity in ExprEngine/ProgramState. 152 // 153 // Various "assume" methods form the interface for adding constraints to 154 // symbolic values. A call to 'assume' indicates an assumption being placed 155 // on one or symbolic values. 'assume' methods take the following inputs: 156 // 157 // (1) A ProgramState object representing the current state. 158 // 159 // (2) The assumed constraint (which is specific to a given "assume" method). 160 // 161 // (3) A binary value "Assumption" that indicates whether the constraint is 162 // assumed to be true or false. 163 // 164 // The output of "assume*" is a new ProgramState object with the added constraints. 165 // If no new state is feasible, NULL is returned. 166 // 167 168 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const; 169 170 /// This method assumes both "true" and "false" for 'cond', and 171 /// returns both corresponding states. It's shorthand for doing 172 /// 'assume' twice. 173 std::pair<ProgramStateRef , ProgramStateRef > 174 assume(DefinedOrUnknownSVal cond) const; 175 176 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx, 177 DefinedOrUnknownSVal upperBound, 178 bool assumption, 179 QualType IndexType = QualType()) const; 180 181 /// Utility method for getting regions. 182 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const; 183 184 //==---------------------------------------------------------------------==// 185 // Binding and retrieving values to/from the environment and symbolic store. 186 //==---------------------------------------------------------------------==// 187 188 /// \brief Create a new state with the specified CompoundLiteral binding. 189 /// \param CL the compound literal expression (the binding key) 190 /// \param LC the LocationContext of the binding 191 /// \param V the value to bind. 192 ProgramStateRef bindCompoundLiteral(const CompoundLiteralExpr *CL, 193 const LocationContext *LC, 194 SVal V) const; 195 196 /// Create a new state by binding the value 'V' to the statement 'S' in the 197 /// state's environment. 198 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx, 199 SVal V, bool Invalidate = true) const; 200 201 /// Create a new state by binding the value 'V' and location 'locaton' to the 202 /// statement 'S' in the state's environment. 203 ProgramStateRef bindExprAndLocation(const Stmt *S, 204 const LocationContext *LCtx, 205 SVal location, SVal V) const; 206 207 ProgramStateRef bindLoc(Loc location, 208 SVal V, 209 bool notifyChanges = true) const; 210 211 ProgramStateRef bindLoc(SVal location, SVal V) const; 212 213 ProgramStateRef bindDefault(SVal loc, SVal V) const; 214 215 ProgramStateRef killBinding(Loc LV) const; 216 217 /// invalidateRegions - Returns the state with bindings for the given regions 218 /// cleared from the store. The regions are provided as a continuous array 219 /// from Begin to End. Optionally invalidates global regions as well. 220 ProgramStateRef invalidateRegions(ArrayRef<const MemRegion *> Regions, 221 const Expr *E, unsigned BlockCount, 222 const LocationContext *LCtx, 223 StoreManager::InvalidatedSymbols *IS = 0, 224 const CallEvent *Call = 0) const; 225 226 /// enterStackFrame - Returns the state for entry to the given stack frame, 227 /// preserving the current state. 228 ProgramStateRef enterStackFrame(const CallEvent &Call, 229 const StackFrameContext *CalleeCtx) const; 230 231 /// Get the lvalue for a variable reference. 232 Loc getLValue(const VarDecl *D, const LocationContext *LC) const; 233 234 Loc getLValue(const CompoundLiteralExpr *literal, 235 const LocationContext *LC) const; 236 237 /// Get the lvalue for an ivar reference. 238 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const; 239 240 /// Get the lvalue for a field reference. 241 SVal getLValue(const FieldDecl *decl, SVal Base) const; 242 243 /// Get the lvalue for an indirect field reference. 244 SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const; 245 246 /// Get the lvalue for an array index. 247 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const; 248 249 const llvm::APSInt *getSymVal(SymbolRef sym) const; 250 251 /// Returns the SVal bound to the statement 'S' in the state's environment. 252 SVal getSVal(const Stmt *S, const LocationContext *LCtx, 253 bool useOnlyDirectBindings = false) const; 254 255 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const; 256 257 /// \brief Return the value bound to the specified location. 258 /// Returns UnknownVal() if none found. 259 SVal getSVal(Loc LV, QualType T = QualType()) const; 260 261 /// Returns the "raw" SVal bound to LV before any value simplfication. 262 SVal getRawSVal(Loc LV, QualType T= QualType()) const; 263 264 /// \brief Return the value bound to the specified location. 265 /// Returns UnknownVal() if none found. 266 SVal getSVal(const MemRegion* R) const; 267 268 SVal getSValAsScalarOrLoc(const MemRegion *R) const; 269 270 /// \brief Visits the symbols reachable from the given SVal using the provided 271 /// SymbolVisitor. 272 /// 273 /// This is a convenience API. Consider using ScanReachableSymbols class 274 /// directly when making multiple scans on the same state with the same 275 /// visitor to avoid repeated initialization cost. 276 /// \sa ScanReachableSymbols 277 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const; 278 279 /// \brief Visits the symbols reachable from the SVals in the given range 280 /// using the provided SymbolVisitor. 281 bool scanReachableSymbols(const SVal *I, const SVal *E, 282 SymbolVisitor &visitor) const; 283 284 /// \brief Visits the symbols reachable from the regions in the given 285 /// MemRegions range using the provided SymbolVisitor. 286 bool scanReachableSymbols(const MemRegion * const *I, 287 const MemRegion * const *E, 288 SymbolVisitor &visitor) const; 289 290 template <typename CB> CB scanReachableSymbols(SVal val) const; 291 template <typename CB> CB scanReachableSymbols(const SVal *beg, 292 const SVal *end) const; 293 294 template <typename CB> CB 295 scanReachableSymbols(const MemRegion * const *beg, 296 const MemRegion * const *end) const; 297 298 /// Create a new state in which the statement is marked as tainted. 299 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx, 300 TaintTagType Kind = TaintTagGeneric) const; 301 302 /// Create a new state in which the symbol is marked as tainted. 303 ProgramStateRef addTaint(SymbolRef S, 304 TaintTagType Kind = TaintTagGeneric) const; 305 306 /// Create a new state in which the region symbol is marked as tainted. 307 ProgramStateRef addTaint(const MemRegion *R, 308 TaintTagType Kind = TaintTagGeneric) const; 309 310 /// Check if the statement is tainted in the current state. 311 bool isTainted(const Stmt *S, const LocationContext *LCtx, 312 TaintTagType Kind = TaintTagGeneric) const; 313 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const; 314 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const; 315 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const; 316 317 /// \brief Get dynamic type information for a region. 318 DynamicTypeInfo getDynamicTypeInfo(const MemRegion *Reg) const; 319 320 /// \brief Set dynamic type information of the region; return the new state. 321 ProgramStateRef setDynamicTypeInfo(const MemRegion *Reg, 322 DynamicTypeInfo NewTy) const; 323 324 /// \brief Set dynamic type information of the region; return the new state. 325 ProgramStateRef setDynamicTypeInfo(const MemRegion *Reg, 326 QualType NewTy, 327 bool CanBeSubClassed = true) const { 328 return setDynamicTypeInfo(Reg, DynamicTypeInfo(NewTy, CanBeSubClassed)); 329 } 330 331 //==---------------------------------------------------------------------==// 332 // Accessing the Generic Data Map (GDM). 333 //==---------------------------------------------------------------------==// 334 335 void *const* FindGDM(void *K) const; 336 337 template<typename T> 338 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const; 339 340 template <typename T> 341 typename ProgramStateTrait<T>::data_type 342 get() const { 343 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex())); 344 } 345 346 template<typename T> 347 typename ProgramStateTrait<T>::lookup_type 348 get(typename ProgramStateTrait<T>::key_type key) const { 349 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 350 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key); 351 } 352 353 template <typename T> 354 typename ProgramStateTrait<T>::context_type get_context() const; 355 356 357 template<typename T> 358 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const; 359 360 template<typename T> 361 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K, 362 typename ProgramStateTrait<T>::context_type C) const; 363 template <typename T> 364 ProgramStateRef remove() const; 365 366 template<typename T> 367 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const; 368 369 template<typename T> 370 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 371 typename ProgramStateTrait<T>::value_type E) const; 372 373 template<typename T> 374 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K, 375 typename ProgramStateTrait<T>::value_type E, 376 typename ProgramStateTrait<T>::context_type C) const; 377 378 template<typename T> 379 bool contains(typename ProgramStateTrait<T>::key_type key) const { 380 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex()); 381 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key); 382 } 383 384 // Pretty-printing. 385 void print(raw_ostream &Out, const char *nl = "\n", 386 const char *sep = "") const; 387 void printDOT(raw_ostream &Out) const; 388 void printTaint(raw_ostream &Out, const char *nl = "\n", 389 const char *sep = "") const; 390 391 void dump() const; 392 void dumpTaint() const; 393 394private: 395 friend void ProgramStateRetain(const ProgramState *state); 396 friend void ProgramStateRelease(const ProgramState *state); 397 398 ProgramStateRef 399 invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, 400 const Expr *E, unsigned BlockCount, 401 const LocationContext *LCtx, 402 StoreManager::InvalidatedSymbols &IS, 403 const CallEvent *Call) const; 404}; 405 406//===----------------------------------------------------------------------===// 407// ProgramStateManager - Factory object for ProgramStates. 408//===----------------------------------------------------------------------===// 409 410class ProgramStateManager { 411 friend class ProgramState; 412 friend void ProgramStateRelease(const ProgramState *state); 413private: 414 /// Eng - The SubEngine that owns this state manager. 415 SubEngine *Eng; /* Can be null. */ 416 417 EnvironmentManager EnvMgr; 418 OwningPtr<StoreManager> StoreMgr; 419 OwningPtr<ConstraintManager> ConstraintMgr; 420 421 ProgramState::GenericDataMap::Factory GDMFactory; 422 423 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy; 424 GDMContextsTy GDMContexts; 425 426 /// StateSet - FoldingSet containing all the states created for analyzing 427 /// a particular function. This is used to unique states. 428 llvm::FoldingSet<ProgramState> StateSet; 429 430 /// Object that manages the data for all created SVals. 431 OwningPtr<SValBuilder> svalBuilder; 432 433 /// Manages memory for created CallEvents. 434 OwningPtr<CallEventManager> CallEventMgr; 435 436 /// A BumpPtrAllocator to allocate states. 437 llvm::BumpPtrAllocator &Alloc; 438 439 /// A vector of ProgramStates that we can reuse. 440 std::vector<ProgramState *> freeStates; 441 442public: 443 ProgramStateManager(ASTContext &Ctx, 444 StoreManagerCreator CreateStoreManager, 445 ConstraintManagerCreator CreateConstraintManager, 446 llvm::BumpPtrAllocator& alloc, 447 SubEngine &subeng); 448 449 ~ProgramStateManager(); 450 451 ProgramStateRef getInitialState(const LocationContext *InitLoc); 452 453 ASTContext &getContext() { return svalBuilder->getContext(); } 454 const ASTContext &getContext() const { return svalBuilder->getContext(); } 455 456 BasicValueFactory &getBasicVals() { 457 return svalBuilder->getBasicValueFactory(); 458 } 459 const BasicValueFactory& getBasicVals() const { 460 return svalBuilder->getBasicValueFactory(); 461 } 462 463 SValBuilder &getSValBuilder() { 464 return *svalBuilder; 465 } 466 467 SymbolManager &getSymbolManager() { 468 return svalBuilder->getSymbolManager(); 469 } 470 const SymbolManager &getSymbolManager() const { 471 return svalBuilder->getSymbolManager(); 472 } 473 474 llvm::BumpPtrAllocator& getAllocator() { return Alloc; } 475 476 MemRegionManager& getRegionManager() { 477 return svalBuilder->getRegionManager(); 478 } 479 const MemRegionManager& getRegionManager() const { 480 return svalBuilder->getRegionManager(); 481 } 482 483 CallEventManager &getCallEventManager() { return *CallEventMgr; } 484 485 StoreManager& getStoreManager() { return *StoreMgr; } 486 ConstraintManager& getConstraintManager() { return *ConstraintMgr; } 487 SubEngine* getOwningEngine() { return Eng; } 488 489 ProgramStateRef removeDeadBindings(ProgramStateRef St, 490 const StackFrameContext *LCtx, 491 SymbolReaper& SymReaper); 492 493 /// Marshal a new state for the callee in another translation unit. 494 /// 'state' is owned by the caller's engine. 495 ProgramStateRef MarshalState(ProgramStateRef state, const StackFrameContext *L); 496 497public: 498 499 SVal ArrayToPointer(Loc Array) { 500 return StoreMgr->ArrayToPointer(Array); 501 } 502 503 // Methods that manipulate the GDM. 504 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data); 505 ProgramStateRef removeGDM(ProgramStateRef state, void *Key); 506 507 // Methods that query & manipulate the Store. 508 509 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) { 510 StoreMgr->iterBindings(state->getStore(), F); 511 } 512 513 ProgramStateRef getPersistentState(ProgramState &Impl); 514 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState, 515 ProgramStateRef GDMState); 516 517 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) { 518 return S1->Env == S2->Env; 519 } 520 521 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) { 522 return S1->store == S2->store; 523 } 524 525 //==---------------------------------------------------------------------==// 526 // Generic Data Map methods. 527 //==---------------------------------------------------------------------==// 528 // 529 // ProgramStateManager and ProgramState support a "generic data map" that allows 530 // different clients of ProgramState objects to embed arbitrary data within a 531 // ProgramState object. The generic data map is essentially an immutable map 532 // from a "tag" (that acts as the "key" for a client) and opaque values. 533 // Tags/keys and values are simply void* values. The typical way that clients 534 // generate unique tags are by taking the address of a static variable. 535 // Clients are responsible for ensuring that data values referred to by a 536 // the data pointer are immutable (and thus are essentially purely functional 537 // data). 538 // 539 // The templated methods below use the ProgramStateTrait<T> class 540 // to resolve keys into the GDM and to return data values to clients. 541 // 542 543 // Trait based GDM dispatch. 544 template <typename T> 545 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) { 546 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 547 ProgramStateTrait<T>::MakeVoidPtr(D)); 548 } 549 550 template<typename T> 551 ProgramStateRef set(ProgramStateRef st, 552 typename ProgramStateTrait<T>::key_type K, 553 typename ProgramStateTrait<T>::value_type V, 554 typename ProgramStateTrait<T>::context_type C) { 555 556 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 557 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C))); 558 } 559 560 template <typename T> 561 ProgramStateRef add(ProgramStateRef st, 562 typename ProgramStateTrait<T>::key_type K, 563 typename ProgramStateTrait<T>::context_type C) { 564 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 565 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C))); 566 } 567 568 template <typename T> 569 ProgramStateRef remove(ProgramStateRef st, 570 typename ProgramStateTrait<T>::key_type K, 571 typename ProgramStateTrait<T>::context_type C) { 572 573 return addGDM(st, ProgramStateTrait<T>::GDMIndex(), 574 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C))); 575 } 576 577 template <typename T> 578 ProgramStateRef remove(ProgramStateRef st) { 579 return removeGDM(st, ProgramStateTrait<T>::GDMIndex()); 580 } 581 582 void *FindGDMContext(void *index, 583 void *(*CreateContext)(llvm::BumpPtrAllocator&), 584 void (*DeleteContext)(void*)); 585 586 template <typename T> 587 typename ProgramStateTrait<T>::context_type get_context() { 588 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(), 589 ProgramStateTrait<T>::CreateContext, 590 ProgramStateTrait<T>::DeleteContext); 591 592 return ProgramStateTrait<T>::MakeContext(p); 593 } 594 595 const llvm::APSInt* getSymVal(ProgramStateRef St, SymbolRef sym) { 596 return ConstraintMgr->getSymVal(St, sym); 597 } 598 599 void EndPath(ProgramStateRef St) { 600 ConstraintMgr->EndPath(St); 601 } 602}; 603 604 605//===----------------------------------------------------------------------===// 606// Out-of-line method definitions for ProgramState. 607//===----------------------------------------------------------------------===// 608 609inline const VarRegion* ProgramState::getRegion(const VarDecl *D, 610 const LocationContext *LC) const 611{ 612 return getStateManager().getRegionManager().getVarRegion(D, LC); 613} 614 615inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond, 616 bool Assumption) const { 617 if (Cond.isUnknown()) 618 return this; 619 620 return getStateManager().ConstraintMgr->assume(this, cast<DefinedSVal>(Cond), 621 Assumption); 622} 623 624inline std::pair<ProgramStateRef , ProgramStateRef > 625ProgramState::assume(DefinedOrUnknownSVal Cond) const { 626 if (Cond.isUnknown()) 627 return std::make_pair(this, this); 628 629 return getStateManager().ConstraintMgr->assumeDual(this, 630 cast<DefinedSVal>(Cond)); 631} 632 633inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V) const { 634 return !isa<Loc>(LV) ? this : bindLoc(cast<Loc>(LV), V); 635} 636 637inline Loc ProgramState::getLValue(const VarDecl *VD, 638 const LocationContext *LC) const { 639 return getStateManager().StoreMgr->getLValueVar(VD, LC); 640} 641 642inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal, 643 const LocationContext *LC) const { 644 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC); 645} 646 647inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const { 648 return getStateManager().StoreMgr->getLValueIvar(D, Base); 649} 650 651inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const { 652 return getStateManager().StoreMgr->getLValueField(D, Base); 653} 654 655inline SVal ProgramState::getLValue(const IndirectFieldDecl *D, 656 SVal Base) const { 657 StoreManager &SM = *getStateManager().StoreMgr; 658 for (IndirectFieldDecl::chain_iterator I = D->chain_begin(), 659 E = D->chain_end(); 660 I != E; ++I) { 661 Base = SM.getLValueField(cast<FieldDecl>(*I), Base); 662 } 663 664 return Base; 665} 666 667inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{ 668 if (NonLoc *N = dyn_cast<NonLoc>(&Idx)) 669 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base); 670 return UnknownVal(); 671} 672 673inline const llvm::APSInt *ProgramState::getSymVal(SymbolRef sym) const { 674 return getStateManager().getSymVal(this, sym); 675} 676 677inline SVal ProgramState::getSVal(const Stmt *Ex, const LocationContext *LCtx, 678 bool useOnlyDirectBindings) const{ 679 return Env.getSVal(EnvironmentEntry(Ex, LCtx), 680 *getStateManager().svalBuilder, 681 useOnlyDirectBindings); 682} 683 684inline SVal 685ProgramState::getSValAsScalarOrLoc(const Stmt *S, 686 const LocationContext *LCtx) const { 687 if (const Expr *Ex = dyn_cast<Expr>(S)) { 688 QualType T = Ex->getType(); 689 if (Ex->isGLValue() || Loc::isLocType(T) || T->isIntegerType()) 690 return getSVal(S, LCtx); 691 } 692 693 return UnknownVal(); 694} 695 696inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const { 697 return getStateManager().StoreMgr->getBinding(getStore(), LV, T); 698} 699 700inline SVal ProgramState::getSVal(const MemRegion* R) const { 701 return getStateManager().StoreMgr->getBinding(getStore(), 702 loc::MemRegionVal(R)); 703} 704 705inline BasicValueFactory &ProgramState::getBasicVals() const { 706 return getStateManager().getBasicVals(); 707} 708 709inline SymbolManager &ProgramState::getSymbolManager() const { 710 return getStateManager().getSymbolManager(); 711} 712 713template<typename T> 714ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const { 715 return getStateManager().add<T>(this, K, get_context<T>()); 716} 717 718template <typename T> 719typename ProgramStateTrait<T>::context_type ProgramState::get_context() const { 720 return getStateManager().get_context<T>(); 721} 722 723template<typename T> 724ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const { 725 return getStateManager().remove<T>(this, K, get_context<T>()); 726} 727 728template<typename T> 729ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K, 730 typename ProgramStateTrait<T>::context_type C) const { 731 return getStateManager().remove<T>(this, K, C); 732} 733 734template <typename T> 735ProgramStateRef ProgramState::remove() const { 736 return getStateManager().remove<T>(this); 737} 738 739template<typename T> 740ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const { 741 return getStateManager().set<T>(this, D); 742} 743 744template<typename T> 745ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 746 typename ProgramStateTrait<T>::value_type E) const { 747 return getStateManager().set<T>(this, K, E, get_context<T>()); 748} 749 750template<typename T> 751ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K, 752 typename ProgramStateTrait<T>::value_type E, 753 typename ProgramStateTrait<T>::context_type C) const { 754 return getStateManager().set<T>(this, K, E, C); 755} 756 757template <typename CB> 758CB ProgramState::scanReachableSymbols(SVal val) const { 759 CB cb(this); 760 scanReachableSymbols(val, cb); 761 return cb; 762} 763 764template <typename CB> 765CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const { 766 CB cb(this); 767 scanReachableSymbols(beg, end, cb); 768 return cb; 769} 770 771template <typename CB> 772CB ProgramState::scanReachableSymbols(const MemRegion * const *beg, 773 const MemRegion * const *end) const { 774 CB cb(this); 775 scanReachableSymbols(beg, end, cb); 776 return cb; 777} 778 779/// \class ScanReachableSymbols 780/// A Utility class that allows to visit the reachable symbols using a custom 781/// SymbolVisitor. 782class ScanReachableSymbols { 783 typedef llvm::DenseMap<const void*, unsigned> VisitedItems; 784 785 VisitedItems visited; 786 ProgramStateRef state; 787 SymbolVisitor &visitor; 788public: 789 790 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor& v) 791 : state(st), visitor(v) {} 792 793 bool scan(nonloc::CompoundVal val); 794 bool scan(SVal val); 795 bool scan(const MemRegion *R); 796 bool scan(const SymExpr *sym); 797}; 798 799} // end ento namespace 800 801} // end clang namespace 802 803#endif 804