ExprEngineCXX.cpp revision e81ce256b62717dd846bd19aecc4115a0dcd4995
1//===- ExprEngineCXX.cpp - ExprEngine support for C++ -----------*- C++ -*-===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines the C++ expression evaluation engine. 11// 12//===----------------------------------------------------------------------===// 13 14#include "clang/StaticAnalyzer/Core/CheckerManager.h" 15#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 16#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" 17#include "clang/StaticAnalyzer/Core/PathSensitive/Calls.h" 18#include "clang/AST/DeclCXX.h" 19#include "clang/AST/StmtCXX.h" 20 21using namespace clang; 22using namespace ento; 23 24void ExprEngine::CreateCXXTemporaryObject(const MaterializeTemporaryExpr *ME, 25 ExplodedNode *Pred, 26 ExplodedNodeSet &Dst) { 27 StmtNodeBuilder Bldr(Pred, Dst, *currentBuilderContext); 28 const Expr *tempExpr = ME->GetTemporaryExpr()->IgnoreParens(); 29 ProgramStateRef state = Pred->getState(); 30 const LocationContext *LCtx = Pred->getLocationContext(); 31 32 // Bind the temporary object to the value of the expression. Then bind 33 // the expression to the location of the object. 34 SVal V = state->getSVal(tempExpr, Pred->getLocationContext()); 35 36 const MemRegion *R = 37 svalBuilder.getRegionManager().getCXXTempObjectRegion(ME, LCtx); 38 39 state = state->bindLoc(loc::MemRegionVal(R), V); 40 Bldr.generateNode(ME, Pred, state->BindExpr(ME, LCtx, loc::MemRegionVal(R))); 41} 42 43void ExprEngine::VisitCXXConstructExpr(const CXXConstructExpr *CE, 44 const MemRegion *Dest, 45 ExplodedNode *Pred, 46 ExplodedNodeSet &destNodes) { 47 CXXConstructorCall Call(CE, Dest, Pred->getState(), 48 Pred->getLocationContext()); 49 50 ExplodedNodeSet DstPreVisit; 51 getCheckerManager().runCheckersForPreStmt(DstPreVisit, Pred, CE, *this); 52 ExplodedNodeSet DstPreCall; 53 getCheckerManager().runCheckersForPreCall(DstPreCall, DstPreVisit, 54 Call, *this); 55 56 ExplodedNodeSet DstInvalidated; 57 StmtNodeBuilder Bldr(DstPreCall, DstInvalidated, *currentBuilderContext); 58 for (ExplodedNodeSet::iterator I = DstPreCall.begin(), E = DstPreCall.end(); 59 I != E; ++I) 60 defaultEvalCall(Bldr, *I, Call); 61 62 ExplodedNodeSet DstPostCall; 63 getCheckerManager().runCheckersForPostCall(DstPostCall, DstInvalidated, 64 Call, *this); 65 getCheckerManager().runCheckersForPostStmt(destNodes, DstPostCall, CE, *this); 66} 67 68void ExprEngine::VisitCXXDestructor(const CXXDestructorDecl *DD, 69 const MemRegion *Dest, 70 const Stmt *S, 71 ExplodedNode *Pred, 72 ExplodedNodeSet &Dst) { 73 CXXDestructorCall Call(DD, S, Dest, Pred->getState(), 74 Pred->getLocationContext()); 75 76 ExplodedNodeSet DstPreCall; 77 getCheckerManager().runCheckersForPreCall(DstPreCall, Pred, 78 Call, *this); 79 80 ExplodedNodeSet DstInvalidated; 81 StmtNodeBuilder Bldr(DstPreCall, DstInvalidated, *currentBuilderContext); 82 for (ExplodedNodeSet::iterator I = DstPreCall.begin(), E = DstPreCall.end(); 83 I != E; ++I) 84 defaultEvalCall(Bldr, *I, Call); 85 86 ExplodedNodeSet DstPostCall; 87 getCheckerManager().runCheckersForPostCall(Dst, DstInvalidated, 88 Call, *this); 89} 90 91void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, 92 ExplodedNodeSet &Dst) { 93 // FIXME: Much of this should eventually migrate to CXXAllocatorCall. 94 // Also, we need to decide how allocators actually work -- they're not 95 // really part of the CXXNewExpr because they happen BEFORE the 96 // CXXConstructExpr subexpression. See PR12014 for some discussion. 97 StmtNodeBuilder Bldr(Pred, Dst, *currentBuilderContext); 98 99 unsigned blockCount = currentBuilderContext->getCurrentBlockCount(); 100 const LocationContext *LCtx = Pred->getLocationContext(); 101 DefinedOrUnknownSVal symVal = 102 svalBuilder.getConjuredSymbolVal(0, CNE, LCtx, CNE->getType(), blockCount); 103 ProgramStateRef State = Pred->getState(); 104 105 // Invalidate placement args. 106 CXXAllocatorCall Call(CNE, State, LCtx); 107 State = Call.invalidateRegions(blockCount); 108 109 if (CNE->isArray()) { 110 // FIXME: allocating an array requires simulating the constructors. 111 // For now, just return a symbolicated region. 112 const MemRegion *NewReg = cast<loc::MemRegionVal>(symVal).getRegion(); 113 QualType ObjTy = CNE->getType()->getAs<PointerType>()->getPointeeType(); 114 const ElementRegion *EleReg = 115 getStoreManager().GetElementZeroRegion(NewReg, ObjTy); 116 State = State->BindExpr(CNE, Pred->getLocationContext(), 117 loc::MemRegionVal(EleReg)); 118 Bldr.generateNode(CNE, Pred, State); 119 return; 120 } 121 122 // FIXME: Once we have proper support for CXXConstructExprs inside 123 // CXXNewExpr, we need to make sure that the constructed object is not 124 // immediately invalidated here. (The placement call should happen before 125 // the constructor call anyway.) 126 FunctionDecl *FD = CNE->getOperatorNew(); 127 if (FD && FD->isReservedGlobalPlacementOperator()) { 128 // Non-array placement new should always return the placement location. 129 SVal PlacementLoc = State->getSVal(CNE->getPlacementArg(0), LCtx); 130 State = State->BindExpr(CNE, LCtx, PlacementLoc); 131 } else { 132 State = State->BindExpr(CNE, LCtx, symVal); 133 } 134 135 // If the type is not a record, we won't have a CXXConstructExpr as an 136 // initializer. Copy the value over. 137 if (const Expr *Init = CNE->getInitializer()) { 138 if (!isa<CXXConstructExpr>(Init)) { 139 QualType ObjTy = CNE->getType()->getAs<PointerType>()->getPointeeType(); 140 (void)ObjTy; 141 assert(!ObjTy->isRecordType()); 142 SVal Location = State->getSVal(CNE, LCtx); 143 if (isa<Loc>(Location)) 144 State = State->bindLoc(cast<Loc>(Location), State->getSVal(Init, LCtx)); 145 } 146 } 147 148 Bldr.generateNode(CNE, Pred, State); 149} 150 151void ExprEngine::VisitCXXDeleteExpr(const CXXDeleteExpr *CDE, 152 ExplodedNode *Pred, ExplodedNodeSet &Dst) { 153 StmtNodeBuilder Bldr(Pred, Dst, *currentBuilderContext); 154 ProgramStateRef state = Pred->getState(); 155 Bldr.generateNode(CDE, Pred, state); 156} 157 158void ExprEngine::VisitCXXCatchStmt(const CXXCatchStmt *CS, 159 ExplodedNode *Pred, 160 ExplodedNodeSet &Dst) { 161 const VarDecl *VD = CS->getExceptionDecl(); 162 if (!VD) { 163 Dst.Add(Pred); 164 return; 165 } 166 167 const LocationContext *LCtx = Pred->getLocationContext(); 168 SVal V = svalBuilder.getConjuredSymbolVal(CS, LCtx, VD->getType(), 169 currentBuilderContext->getCurrentBlockCount()); 170 ProgramStateRef state = Pred->getState(); 171 state = state->bindLoc(state->getLValue(VD, LCtx), V); 172 173 StmtNodeBuilder Bldr(Pred, Dst, *currentBuilderContext); 174 Bldr.generateNode(CS, Pred, state); 175} 176 177void ExprEngine::VisitCXXThisExpr(const CXXThisExpr *TE, ExplodedNode *Pred, 178 ExplodedNodeSet &Dst) { 179 StmtNodeBuilder Bldr(Pred, Dst, *currentBuilderContext); 180 181 // Get the this object region from StoreManager. 182 const LocationContext *LCtx = Pred->getLocationContext(); 183 const MemRegion *R = 184 svalBuilder.getRegionManager().getCXXThisRegion( 185 getContext().getCanonicalType(TE->getType()), 186 LCtx); 187 188 ProgramStateRef state = Pred->getState(); 189 SVal V = state->getSVal(loc::MemRegionVal(R)); 190 Bldr.generateNode(TE, Pred, state->BindExpr(TE, LCtx, V)); 191} 192