SVals.cpp revision 5fc1d0c4532c55cc47ba6628f296bf5b86d2eaf0
1//= RValues.cpp - Abstract RValues for Path-Sens. Value Tracking -*- C++ -*-==// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines SVal, Loc, and NonLoc, classes that represent 11// abstract r-values for use with path-sensitive value tracking. 12// 13//===----------------------------------------------------------------------===// 14 15#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 16#include "clang/AST/ExprObjC.h" 17#include "clang/Basic/IdentifierTable.h" 18using namespace clang; 19using namespace ento; 20using llvm::APSInt; 21 22//===----------------------------------------------------------------------===// 23// Symbol iteration within an SVal. 24//===----------------------------------------------------------------------===// 25 26 27//===----------------------------------------------------------------------===// 28// Utility methods. 29//===----------------------------------------------------------------------===// 30 31bool SVal::hasConjuredSymbol() const { 32 if (const nonloc::SymbolVal* SV = dyn_cast<nonloc::SymbolVal>(this)) { 33 SymbolRef sym = SV->getSymbol(); 34 if (isa<SymbolConjured>(sym)) 35 return true; 36 } 37 38 if (const loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(this)) { 39 const MemRegion *R = RV->getRegion(); 40 if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R)) { 41 SymbolRef sym = SR->getSymbol(); 42 if (isa<SymbolConjured>(sym)) 43 return true; 44 } 45 } 46 47 return false; 48} 49 50const FunctionDecl *SVal::getAsFunctionDecl() const { 51 if (const loc::MemRegionVal* X = dyn_cast<loc::MemRegionVal>(this)) { 52 const MemRegion* R = X->getRegion(); 53 if (const FunctionTextRegion *CTR = R->getAs<FunctionTextRegion>()) 54 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(CTR->getDecl())) 55 return FD; 56 } 57 58 return 0; 59} 60 61/// \brief If this SVal is a location (subclasses Loc) and wraps a symbol, 62/// return that SymbolRef. Otherwise return 0. 63/// 64/// Implicit casts (ex: void* -> char*) can turn Symbolic region into Element 65/// region. If that is the case, gets the underlining region. 66SymbolRef SVal::getAsLocSymbol() const { 67 // FIXME: should we consider SymbolRef wrapped in CodeTextRegion? 68 if (const nonloc::LocAsInteger *X = dyn_cast<nonloc::LocAsInteger>(this)) 69 return X->getLoc().getAsLocSymbol(); 70 71 if (const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(this)) { 72 const MemRegion *R = X->stripCasts(); 73 if (const SymbolicRegion *SymR = dyn_cast<SymbolicRegion>(R)) 74 return SymR->getSymbol(); 75 } 76 return 0; 77} 78 79/// Get the symbol in the SVal or its base region. 80SymbolRef SVal::getLocSymbolInBase() const { 81 const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(this); 82 83 if (!X) 84 return 0; 85 86 const MemRegion *R = X->getRegion(); 87 88 while (const SubRegion *SR = dyn_cast<SubRegion>(R)) { 89 if (const SymbolicRegion *SymR = dyn_cast<SymbolicRegion>(SR)) 90 return SymR->getSymbol(); 91 else 92 R = SR->getSuperRegion(); 93 } 94 95 return 0; 96} 97 98// TODO: The next 3 functions have to be simplified. 99 100/// \brief If this SVal wraps a symbol return that SymbolRef. 101/// Otherwise return 0. 102SymbolRef SVal::getAsSymbol() const { 103 // FIXME: should we consider SymbolRef wrapped in CodeTextRegion? 104 if (const nonloc::SymbolVal *X = dyn_cast<nonloc::SymbolVal>(this)) 105 return X->getSymbol(); 106 107 return getAsLocSymbol(); 108} 109 110/// getAsSymbolicExpression - If this Sval wraps a symbolic expression then 111/// return that expression. Otherwise return NULL. 112const SymExpr *SVal::getAsSymbolicExpression() const { 113 if (const nonloc::SymbolVal *X = dyn_cast<nonloc::SymbolVal>(this)) 114 return X->getSymbol(); 115 116 return getAsSymbol(); 117} 118 119const SymExpr* SVal::getAsSymExpr() const { 120 const SymExpr* Sym = getAsSymbol(); 121 if (!Sym) 122 Sym = getAsSymbolicExpression(); 123 return Sym; 124} 125 126const MemRegion *SVal::getAsRegion() const { 127 if (const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(this)) 128 return X->getRegion(); 129 130 if (const nonloc::LocAsInteger *X = dyn_cast<nonloc::LocAsInteger>(this)) { 131 return X->getLoc().getAsRegion(); 132 } 133 134 return 0; 135} 136 137const MemRegion *loc::MemRegionVal::stripCasts(bool StripBaseCasts) const { 138 const MemRegion *R = getRegion(); 139 return R ? R->StripCasts(StripBaseCasts) : NULL; 140} 141 142const void *nonloc::LazyCompoundVal::getStore() const { 143 return static_cast<const LazyCompoundValData*>(Data)->getStore(); 144} 145 146const TypedRegion *nonloc::LazyCompoundVal::getRegion() const { 147 return static_cast<const LazyCompoundValData*>(Data)->getRegion(); 148} 149 150//===----------------------------------------------------------------------===// 151// Other Iterators. 152//===----------------------------------------------------------------------===// 153 154nonloc::CompoundVal::iterator nonloc::CompoundVal::begin() const { 155 return getValue()->begin(); 156} 157 158nonloc::CompoundVal::iterator nonloc::CompoundVal::end() const { 159 return getValue()->end(); 160} 161 162//===----------------------------------------------------------------------===// 163// Useful predicates. 164//===----------------------------------------------------------------------===// 165 166bool SVal::isConstant() const { 167 return isa<nonloc::ConcreteInt>(this) || isa<loc::ConcreteInt>(this); 168} 169 170bool SVal::isConstant(int I) const { 171 if (isa<loc::ConcreteInt>(*this)) 172 return cast<loc::ConcreteInt>(*this).getValue() == I; 173 else if (isa<nonloc::ConcreteInt>(*this)) 174 return cast<nonloc::ConcreteInt>(*this).getValue() == I; 175 else 176 return false; 177} 178 179bool SVal::isZeroConstant() const { 180 return isConstant(0); 181} 182 183 184//===----------------------------------------------------------------------===// 185// Transfer function dispatch for Non-Locs. 186//===----------------------------------------------------------------------===// 187 188SVal nonloc::ConcreteInt::evalBinOp(SValBuilder &svalBuilder, 189 BinaryOperator::Opcode Op, 190 const nonloc::ConcreteInt& R) const { 191 const llvm::APSInt* X = 192 svalBuilder.getBasicValueFactory().evalAPSInt(Op, getValue(), R.getValue()); 193 194 if (X) 195 return nonloc::ConcreteInt(*X); 196 else 197 return UndefinedVal(); 198} 199 200nonloc::ConcreteInt 201nonloc::ConcreteInt::evalComplement(SValBuilder &svalBuilder) const { 202 return svalBuilder.makeIntVal(~getValue()); 203} 204 205nonloc::ConcreteInt 206nonloc::ConcreteInt::evalMinus(SValBuilder &svalBuilder) const { 207 return svalBuilder.makeIntVal(-getValue()); 208} 209 210//===----------------------------------------------------------------------===// 211// Transfer function dispatch for Locs. 212//===----------------------------------------------------------------------===// 213 214SVal loc::ConcreteInt::evalBinOp(BasicValueFactory& BasicVals, 215 BinaryOperator::Opcode Op, 216 const loc::ConcreteInt& R) const { 217 218 assert (Op == BO_Add || Op == BO_Sub || 219 (Op >= BO_LT && Op <= BO_NE)); 220 221 const llvm::APSInt* X = BasicVals.evalAPSInt(Op, getValue(), R.getValue()); 222 223 if (X) 224 return loc::ConcreteInt(*X); 225 else 226 return UndefinedVal(); 227} 228 229//===----------------------------------------------------------------------===// 230// Pretty-Printing. 231//===----------------------------------------------------------------------===// 232 233void SVal::dump() const { dumpToStream(llvm::errs()); } 234 235void SVal::dumpToStream(raw_ostream &os) const { 236 switch (getBaseKind()) { 237 case UnknownKind: 238 os << "Unknown"; 239 break; 240 case NonLocKind: 241 cast<NonLoc>(this)->dumpToStream(os); 242 break; 243 case LocKind: 244 cast<Loc>(this)->dumpToStream(os); 245 break; 246 case UndefinedKind: 247 os << "Undefined"; 248 break; 249 } 250} 251 252void NonLoc::dumpToStream(raw_ostream &os) const { 253 switch (getSubKind()) { 254 case nonloc::ConcreteIntKind: { 255 const nonloc::ConcreteInt& C = *cast<nonloc::ConcreteInt>(this); 256 if (C.getValue().isUnsigned()) 257 os << C.getValue().getZExtValue(); 258 else 259 os << C.getValue().getSExtValue(); 260 os << ' ' << (C.getValue().isUnsigned() ? 'U' : 'S') 261 << C.getValue().getBitWidth() << 'b'; 262 break; 263 } 264 case nonloc::SymbolValKind: { 265 os << cast<nonloc::SymbolVal>(this)->getSymbol(); 266 break; 267 } 268 case nonloc::LocAsIntegerKind: { 269 const nonloc::LocAsInteger& C = *cast<nonloc::LocAsInteger>(this); 270 os << C.getLoc() << " [as " << C.getNumBits() << " bit integer]"; 271 break; 272 } 273 case nonloc::CompoundValKind: { 274 const nonloc::CompoundVal& C = *cast<nonloc::CompoundVal>(this); 275 os << "compoundVal{"; 276 bool first = true; 277 for (nonloc::CompoundVal::iterator I=C.begin(), E=C.end(); I!=E; ++I) { 278 if (first) { 279 os << ' '; first = false; 280 } 281 else 282 os << ", "; 283 284 (*I).dumpToStream(os); 285 } 286 os << "}"; 287 break; 288 } 289 case nonloc::LazyCompoundValKind: { 290 const nonloc::LazyCompoundVal &C = *cast<nonloc::LazyCompoundVal>(this); 291 os << "lazyCompoundVal{" << const_cast<void *>(C.getStore()) 292 << ',' << C.getRegion() 293 << '}'; 294 break; 295 } 296 default: 297 assert (false && "Pretty-printed not implemented for this NonLoc."); 298 break; 299 } 300} 301 302void Loc::dumpToStream(raw_ostream &os) const { 303 switch (getSubKind()) { 304 case loc::ConcreteIntKind: 305 os << cast<loc::ConcreteInt>(this)->getValue().getZExtValue() << " (Loc)"; 306 break; 307 case loc::GotoLabelKind: 308 os << "&&" << cast<loc::GotoLabel>(this)->getLabel()->getName(); 309 break; 310 case loc::MemRegionKind: 311 os << '&' << cast<loc::MemRegionVal>(this)->getRegion()->getString(); 312 break; 313 default: 314 llvm_unreachable("Pretty-printing not implemented for this Loc."); 315 } 316} 317