1//== SubEngine.h - Interface of the subengine of CoreEngine --------*- C++ -*-//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file defines the interface of a subengine of the CoreEngine.
11//
12//===----------------------------------------------------------------------===//
13#ifndef LLVM_CLANG_GR_SUBENGINE_H
14#define LLVM_CLANG_GR_SUBENGINE_H
15
16#include "clang/Analysis/ProgramPoint.h"
17#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
18#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
19
20namespace clang {
21
22class CFGBlock;
23class CFGElement;
24class LocationContext;
25class Stmt;
26
27namespace ento {
28
29struct NodeBuilderContext;
30class AnalysisManager;
31class ExplodedNodeSet;
32class ExplodedNode;
33class ProgramState;
34class ProgramStateManager;
35class BlockCounter;
36class BranchNodeBuilder;
37class IndirectGotoNodeBuilder;
38class SwitchNodeBuilder;
39class EndOfFunctionNodeBuilder;
40class NodeBuilderWithSinks;
41class MemRegion;
42
43class SubEngine {
44  virtual void anchor();
45public:
46  virtual ~SubEngine() {}
47
48  virtual ProgramStateRef getInitialState(const LocationContext *InitLoc) = 0;
49
50  virtual AnalysisManager &getAnalysisManager() = 0;
51
52  virtual ProgramStateManager &getStateManager() = 0;
53
54  /// Called by CoreEngine. Used to generate new successor
55  /// nodes by processing the 'effects' of a block-level statement.
56  virtual void processCFGElement(const CFGElement E, ExplodedNode* Pred,
57                                 unsigned StmtIdx, NodeBuilderContext *Ctx)=0;
58
59  /// Called by CoreEngine when it starts processing a CFGBlock.  The
60  /// SubEngine is expected to populate dstNodes with new nodes representing
61  /// updated analysis state, or generate no nodes at all if it doesn't.
62  virtual void processCFGBlockEntrance(const BlockEdge &L,
63                                       NodeBuilderWithSinks &nodeBuilder,
64                                       ExplodedNode *Pred) = 0;
65
66  /// Called by CoreEngine.  Used to generate successor
67  ///  nodes by processing the 'effects' of a branch condition.
68  virtual void processBranch(const Stmt *Condition, const Stmt *Term,
69                             NodeBuilderContext& BuilderCtx,
70                             ExplodedNode *Pred,
71                             ExplodedNodeSet &Dst,
72                             const CFGBlock *DstT,
73                             const CFGBlock *DstF) = 0;
74
75  /// Called by CoreEngine.  Used to processing branching behavior
76  /// at static initalizers.
77  virtual void processStaticInitializer(const DeclStmt *DS,
78                                        NodeBuilderContext& BuilderCtx,
79                                        ExplodedNode *Pred,
80                                        ExplodedNodeSet &Dst,
81                                        const CFGBlock *DstT,
82                                        const CFGBlock *DstF) = 0;
83
84  /// Called by CoreEngine.  Used to generate successor
85  /// nodes by processing the 'effects' of a computed goto jump.
86  virtual void processIndirectGoto(IndirectGotoNodeBuilder& builder) = 0;
87
88  /// Called by CoreEngine.  Used to generate successor
89  /// nodes by processing the 'effects' of a switch statement.
90  virtual void processSwitch(SwitchNodeBuilder& builder) = 0;
91
92  /// Called by CoreEngine.  Used to generate end-of-path
93  /// nodes when the control reaches the end of a function.
94  virtual void processEndOfFunction(NodeBuilderContext& BC,
95                                    ExplodedNode *Pred) = 0;
96
97  // Generate the entry node of the callee.
98  virtual void processCallEnter(CallEnter CE, ExplodedNode *Pred) = 0;
99
100  // Generate the first post callsite node.
101  virtual void processCallExit(ExplodedNode *Pred) = 0;
102
103  /// Called by ConstraintManager. Used to call checker-specific
104  /// logic for handling assumptions on symbolic values.
105  virtual ProgramStateRef processAssume(ProgramStateRef state,
106                                       SVal cond, bool assumption) = 0;
107
108  /// wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a
109  ///  region change should trigger a processRegionChanges update.
110  virtual bool wantsRegionChangeUpdate(ProgramStateRef state) = 0;
111
112  /// processRegionChanges - Called by ProgramStateManager whenever a change is
113  /// made to the store. Used to update checkers that track region values.
114  virtual ProgramStateRef
115  processRegionChanges(ProgramStateRef state,
116                       const InvalidatedSymbols *invalidated,
117                       ArrayRef<const MemRegion *> ExplicitRegions,
118                       ArrayRef<const MemRegion *> Regions,
119                       const CallEvent *Call) = 0;
120
121
122  inline ProgramStateRef
123  processRegionChange(ProgramStateRef state,
124                      const MemRegion* MR) {
125    return processRegionChanges(state, nullptr, MR, MR, nullptr);
126  }
127
128  virtual ProgramStateRef
129  processPointerEscapedOnBind(ProgramStateRef State, SVal Loc, SVal Val) = 0;
130
131  virtual ProgramStateRef
132  notifyCheckersOfPointerEscape(ProgramStateRef State,
133                           const InvalidatedSymbols *Invalidated,
134                           ArrayRef<const MemRegion *> ExplicitRegions,
135                           ArrayRef<const MemRegion *> Regions,
136                           const CallEvent *Call,
137                           RegionAndSymbolInvalidationTraits &HTraits) = 0;
138
139  /// printState - Called by ProgramStateManager to print checker-specific data.
140  virtual void printState(raw_ostream &Out, ProgramStateRef State,
141                          const char *NL, const char *Sep) = 0;
142
143  /// Called by CoreEngine when the analysis worklist is either empty or the
144  //  maximum number of analysis steps have been reached.
145  virtual void processEndWorklist(bool hasWorkRemaining) = 0;
146};
147
148} // end GR namespace
149
150} // end clang namespace
151
152#endif
153