ExprEngine.h revision 9b663716449b618ba0390b1dbebc54fa8e971124
1d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis//===-- ExprEngine.h - Path-Sensitive Expression-Level Dataflow ---*- C++ -*-=// 277349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 377349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// The LLVM Compiler Infrastructure 477349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 577349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// This file is distributed under the University of Illinois Open Source 677349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// License. See LICENSE.TXT for details. 777349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 877349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek//===----------------------------------------------------------------------===// 977349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 10b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek// This file defines a meta-engine for path-sensitive dataflow analysis that 11d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis// is built on CoreEngine, but provides the boilerplate to execute transfer 12b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek// functions and build the ExplodedGraph at the expression level. 1377349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek// 1477349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek//===----------------------------------------------------------------------===// 1577349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek 16d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis#ifndef LLVM_CLANG_GR_EXPRENGINE 17d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis#define LLVM_CLANG_GR_EXPRENGINE 18d065d6080f0620bb80b933f3f5d52d37bb2ea770Ted Kremenek 199b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 209b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h" 219b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h" 229b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/GRState.h" 239b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/TransferFuncs.h" 249b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 25c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek#include "clang/AST/Type.h" 26f494b579b22f9950f5af021f0bf9879a91bb8b41Steve Naroff#include "clang/AST/ExprObjC.h" 27bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu#include "clang/AST/ExprCXX.h" 284beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek#include "clang/AST/StmtObjC.h" 2977349cb20bfd7069d081f84c91975bfa8ef60a32Ted Kremenek 301eb4433ac451dc16f4133a88af2d002ac26c58efMike Stumpnamespace clang { 315a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 325a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidisclass ObjCForCollectionStmt; 335a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 349ef6537a894c33003359b1f9b9676e9178e028b7Ted Kremeneknamespace ento { 355a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 365e2d2c2ee3cf410643e0f9a5701708e51409d973Benjamin Kramerclass AnalysisManager; 375e2d2c2ee3cf410643e0f9a5701708e51409d973Benjamin Kramerclass Checker; 38f494b579b22f9950f5af021f0bf9879a91bb8b41Steve Naroff 39d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidisclass ExprEngine : public SubEngine { 4025e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu AnalysisManager &AMgr; 4125e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu 42d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis CoreEngine Engine; 431eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 44b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// G - the simulation graph. 45031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedGraph& G; 461eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 47d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// Builder - The current StmtNodeBuilder which is used when building the 48b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes for a given statement. 49d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis StmtNodeBuilder* Builder; 501eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 51b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// StateMgr - Object that manages the data for all created states. 524adc81e540b874bafa15715fd2c5cb662463debdTed Kremenek GRStateManager StateMgr; 53cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek 54b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// SymMgr - Object that manages the symbol information. 55b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek SymbolManager& SymMgr; 561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 57846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek /// svalBuilder - SValBuilder object that creates SVals from expressions. 58846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek SValBuilder &svalBuilder; 591eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 60846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek /// EntryNode - The immediate predecessor node. 61031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedNode* EntryNode; 62846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek 63846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek /// CleanedState - The state for EntryNode "cleaned" of all dead 640d093d3005dd583675a45a85bd688063572cc8afTed Kremenek /// variables and symbols (as determined by a liveness analysis). 651eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump const GRState* CleanedState; 661eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 670a3ed3143b00f237decb1288c1ff574ae09eba4eTed Kremenek /// currentStmt - The current block-level statement. 680a3ed3143b00f237decb1288c1ff574ae09eba4eTed Kremenek const Stmt* currentStmt; 691eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 70e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek // Obj-C Class Identifiers. 71e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek IdentifierInfo* NSExceptionII; 721eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 73e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek // Obj-C Selectors. 74e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek Selector* NSExceptionInstanceRaiseSelectors; 75e448ab4f9dd162802f5d7cfea60f7830cc61c654Ted Kremenek Selector RaiseSel; 761eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 7772905cfa81cfd126f322c4173f56d332aac5539eJordy Rose enum CallbackKind { 7872905cfa81cfd126f322c4173f56d332aac5539eJordy Rose PreVisitStmtCallback, 7972905cfa81cfd126f322c4173f56d332aac5539eJordy Rose PostVisitStmtCallback, 80e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek processAssumeCallback, 81c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose EvalRegionChangesCallback 8272905cfa81cfd126f322c4173f56d332aac5539eJordy Rose }; 8372905cfa81cfd126f322c4173f56d332aac5539eJordy Rose 8472905cfa81cfd126f322c4173f56d332aac5539eJordy Rose typedef uint32_t CallbackTag; 8572905cfa81cfd126f322c4173f56d332aac5539eJordy Rose 8672905cfa81cfd126f322c4173f56d332aac5539eJordy Rose /// GetCallbackTag - Create a tag for a certain kind of callback. The 'Sub' 8772905cfa81cfd126f322c4173f56d332aac5539eJordy Rose /// argument can be used to differentiate callbacks that depend on another 8872905cfa81cfd126f322c4173f56d332aac5539eJordy Rose /// value from a small set of possibilities, such as statement classes. 8972905cfa81cfd126f322c4173f56d332aac5539eJordy Rose static inline CallbackTag GetCallbackTag(CallbackKind K, uint32_t Sub = 0) { 9072905cfa81cfd126f322c4173f56d332aac5539eJordy Rose assert(Sub == ((Sub << 8) >> 8) && "Tag sub-kind must fit into 24 bits"); 9172905cfa81cfd126f322c4173f56d332aac5539eJordy Rose return K | (Sub << 8); 9272905cfa81cfd126f322c4173f56d332aac5539eJordy Rose } 9372905cfa81cfd126f322c4173f56d332aac5539eJordy Rose 94094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek typedef llvm::DenseMap<void *, unsigned> CheckerMap; 95b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu typedef std::vector<std::pair<void *, Checker*> > CheckersOrdered; 9672905cfa81cfd126f322c4173f56d332aac5539eJordy Rose typedef llvm::DenseMap<CallbackTag, CheckersOrdered *> CheckersOrderedCache; 979e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek 989e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// A registration map from checker tag to the index into the 999e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// ordered checkers vector. 1009e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek CheckerMap CheckerM; 1019e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek 1029e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// An ordered vector of checkers that are called when evaluating 1039e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// various expressions and statements. 104094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek CheckersOrdered Checkers; 105ff944a8c481d6c0f1ad2633e4be9bf8b1dd2a09fZhongxing Xu 1069e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// A map used for caching the checkers that respond to the callback for 10772905cfa81cfd126f322c4173f56d332aac5539eJordy Rose /// a particular callback tag. 1089e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek CheckersOrderedCache COCache; 1099e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek 1109e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// The BugReporter associated with this engine. It is important that 1119e9595b12e9b55586c4d50d370f429c7a3c92a90Ted Kremenek /// this object be placed at the very end of member variables so that its 112d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// destructor is called before the rest of the ExprEngine is destroyed. 113cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek GRBugReporter BR; 11432a58084a4c53e6938dd81bfce224db25a5976d1Ted Kremenek 115d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis llvm::OwningPtr<TransferFuncs> TF; 1161eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 117b22d589e2ccd09cada0bcea136f0966883a8bb11Ted Kremenekpublic: 118d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis ExprEngine(AnalysisManager &mgr, TransferFuncs *tf); 119cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek 120d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis ~ExprEngine(); 1211eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 12225e695b2d574d919cc1bbddf3a2efe073d449b1cZhongxing Xu void ExecuteWorkList(const LocationContext *L, unsigned Steps = 150000) { 123d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis Engine.ExecuteWorkList(L, Steps, 0); 1242ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu } 1252ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu 1262ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// Execute the work list with an initial state. Nodes that reaches the exit 1272ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// of the function are added into the Dst set, which represent the exit 1282ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu /// state of the function call. 1292ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu void ExecuteWorkListWithInitialState(const LocationContext *L, unsigned Steps, 1302ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu const GRState *InitState, 1312ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu ExplodedNodeSet &Dst) { 132d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis Engine.ExecuteWorkListWithInitialState(L, Steps, InitState, Dst); 133b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek } 1341eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 135b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// getContext - Return the ASTContext associated with this analysis. 136c77a55126fcad66fb086f8e100a494caa2496a2dZhongxing Xu ASTContext& getContext() const { return AMgr.getASTContext(); } 1375032ffe4259e7d436f2eb19e5a29fdae559e7c12Zhongxing Xu 1382ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu virtual AnalysisManager &getAnalysisManager() { return AMgr; } 1391eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 140846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek SValBuilder &getSValBuilder() { return svalBuilder; } 1411eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 142d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis TransferFuncs& getTF() { return *TF; } 1431eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 144cf118d41f7930a18dce97416ef7834a62642f587Ted Kremenek BugReporter& getBugReporter() { return BR; } 1451eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 146d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis StmtNodeBuilder &getBuilder() { assert(Builder); return *Builder; } 147ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu 148d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis // FIXME: Remove once TransferFuncs is no longer referenced. 149d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis void setTransferFunction(TransferFuncs* tf); 1501eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 151e01c98767dfd7153c3c84637c36659e3bbe16ff7Ted Kremenek /// ViewGraph - Visualize the ExplodedGraph created by executing the 152e01c98767dfd7153c3c84637c36659e3bbe16ff7Ted Kremenek /// simulation. 153ffe0f43806d4823271c2406c1fccc2373115c36aTed Kremenek void ViewGraph(bool trim = false); 1541eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 155031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu void ViewGraph(ExplodedNode** Beg, ExplodedNode** End); 1561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 157b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// getInitialState - Return the initial state used for the root vertex 158b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// in the ExplodedGraph. 15917fd8632dcda97022a51effc24060eacdad9dbe0Zhongxing Xu const GRState* getInitialState(const LocationContext *InitLoc); 1601eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 161031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedGraph& getGraph() { return G; } 162031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu const ExplodedGraph& getGraph() const { return G; } 16350a6d0ce344c02782e0207574005c3b2aaa5077cTed Kremenek 164ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu template <typename CHECKER> 165094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek void registerCheck(CHECKER *check) { 166094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek unsigned entry = Checkers.size(); 167094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek void *tag = CHECKER::getTag(); 168094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek Checkers.push_back(std::make_pair(tag, check)); 169094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek CheckerM[tag] = entry; 170ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu } 171094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek 172094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek Checker *lookupChecker(void *tag) const; 173ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu 174ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu template <typename CHECKER> 175094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek CHECKER *getChecker() const { 176094bef56a7900f13bb777f9a352704104b1458e7Ted Kremenek return static_cast<CHECKER*>(lookupChecker(CHECKER::getTag())); 1775a5d98bc6962dc2d1aaa5e0e522f1bf84273b9c1Ted Kremenek } 1781eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 179e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processCFGElement - Called by CoreEngine. Used to generate new successor 1809c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu /// nodes by processing the 'effects' of a CFG element. 181e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processCFGElement(const CFGElement E, StmtNodeBuilder& builder); 1829c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 183d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis void ProcessStmt(const CFGStmt S, StmtNodeBuilder &builder); 1849c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 185d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis void ProcessInitializer(const CFGInitializer I, StmtNodeBuilder &builder); 1869c6cd67ea416bace666d614c84d5531124287653Zhongxing Xu 187d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis void ProcessImplicitDtor(const CFGImplicitDtor D, StmtNodeBuilder &builder); 1881eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 1894ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu void ProcessAutomaticObjDtor(const CFGAutomaticObjDtor D, 190d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis StmtNodeBuilder &builder); 191d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis void ProcessBaseDtor(const CFGBaseDtor D, StmtNodeBuilder &builder); 192d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis void ProcessMemberDtor(const CFGMemberDtor D, StmtNodeBuilder &builder); 1934ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu void ProcessTemporaryDtor(const CFGTemporaryDtor D, 194d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis StmtNodeBuilder &builder); 1954ffcb9974c6b7142c4a1483abfcb1f88b6371c45Zhongxing Xu 19627c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek /// Called by CoreEngine when processing the entrance of a CFGBlock. 19727c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek virtual void processCFGBlockEntrance(ExplodedNodeSet &dstNodes, 19827c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek GenericNodeBuilder<BlockEntrance> &nodeBuilder); 19927c54e57c4a012dcdf2b40cf985b70d0b9caa69eTed Kremenek 200d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessBranch - Called by CoreEngine. Used to generate successor 201b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a branch condition. 202e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processBranch(const Stmt* Condition, const Stmt* Term, 203d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis BranchNodeBuilder& builder); 2041eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 205e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processIndirectGoto - Called by CoreEngine. Used to generate successor 206b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a computed goto jump. 207e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processIndirectGoto(IndirectGotoNodeBuilder& builder); 2081eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 209d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessSwitch - Called by CoreEngine. Used to generate successor 210b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// nodes by processing the 'effects' of a switch statement. 211e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processSwitch(SwitchNodeBuilder& builder); 2121eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 213d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// ProcessEndPath - Called by CoreEngine. Used to generate end-of-path 21411062b118476368fa5b294954713e5df97d8599fTed Kremenek /// nodes when the control reaches the end of a function. 215e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processEndOfFunction(EndOfFunctionNodeBuilder& builder); 216102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 217ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek /// Generate the entry node of the callee. 218e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processCallEnter(CallEnterNodeBuilder &builder); 219102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 220ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek /// Generate the first post callsite node. 221e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processCallExit(CallExitNodeBuilder &builder); 222102acd5369bbb17c0d6ab868af376671acff7a93Douglas Gregor 223d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis /// Called by CoreEngine when the analysis worklist has terminated. 224e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek void processEndWorklist(bool hasWorkRemaining); 225ccc263b44c62ce3a02f797a3ddb3d6017cf0e5e4Ted Kremenek 2269c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalAssume - Callback function invoked by the ConstraintManager when 22732a58084a4c53e6938dd81bfce224db25a5976d1Ted Kremenek /// making assumptions about state values. 228e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek const GRState *processAssume(const GRState *state, SVal cond,bool assumption); 2291eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 230e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// wantsRegionChangeUpdate - Called by GRStateManager to determine if a 231e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// region change should trigger a processRegionChanges update. 232e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek bool wantsRegionChangeUpdate(const GRState* state); 233c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose 234e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek /// processRegionChanges - Called by GRStateManager whenever a change is made 235c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose /// to the store. Used to update checkers that track region values. 236e36de1fe51c39d9161915dd3dbef880954af6476Ted Kremenek const GRState* processRegionChanges(const GRState *state, 237c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose const MemRegion * const *Begin, 238c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose const MemRegion * const *End); 239c2b7dfaad674587cfd220ff447b3710d252130c3Jordy Rose 2402ce43c8f43254a9edea53a20dc0e69195bc82ae0Zhongxing Xu virtual GRStateManager& getStateManager() { return StateMgr; } 24190e72e4106a0c3efa7575e9f9cba0c775bb54552Zhongxing Xu 24290e72e4106a0c3efa7575e9f9cba0c775bb54552Zhongxing Xu StoreManager& getStoreManager() { return StateMgr.getStoreManager(); } 2431eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 244a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek ConstraintManager& getConstraintManager() { 245a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek return StateMgr.getConstraintManager(); 246a516ce16b472e61924f5dd10d181c3e8330979afTed Kremenek } 2471eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 248c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // FIXME: Remove when we migrate over to just using SValBuilder. 2496297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek BasicValueFactory& getBasicVals() { 2506297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek return StateMgr.getBasicVals(); 2516297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 2526297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek const BasicValueFactory& getBasicVals() const { 2536297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek return StateMgr.getBasicVals(); 2546297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 2551eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 256044b6f0417cb98741f277602fabf5f07ec9a02c0Ted Kremenek // FIXME: Remove when we migrate over to just using ValueManager. 25700a3a5f024ac54088ab887712b292171188064f0Ted Kremenek SymbolManager& getSymbolManager() { return SymMgr; } 25800a3a5f024ac54088ab887712b292171188064f0Ted Kremenek const SymbolManager& getSymbolManager() const { return SymMgr; } 2591eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 260bc42c533e7d3d946704a49e242939dd232f33072Tom Care // Functions for external checking of whether we have unfinished work 261d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis bool wasBlockAborted() const { return Engine.wasBlockAborted(); } 262d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis bool hasEmptyWorkList() const { return !Engine.getWorkList()->hasWork(); } 263bc42c533e7d3d946704a49e242939dd232f33072Tom Care bool hasWorkRemaining() const { 264d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis return wasBlockAborted() || Engine.getWorkList()->hasWork(); 265bc42c533e7d3d946704a49e242939dd232f33072Tom Care } 266bc42c533e7d3d946704a49e242939dd232f33072Tom Care 267d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis const CoreEngine &getCoreEngine() const { return Engine; } 268bc42c533e7d3d946704a49e242939dd232f33072Tom Care 26905a2378c708688c8ef498a5cea40ed7f5db15fa5Ted Kremenekprotected: 270031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu const GRState* GetState(ExplodedNode* N) { 271846d4e923bf11bcdc2816758aafa331795f29230Ted Kremenek return N == EntryNode ? CleanedState : N->getState(); 272512c913a6f93d225faacdb8e20308f5c4065c3ebTed Kremenek } 2731eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 2741670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 2753992a50eea030a2913f1d267554f55ecd00d694cZhongxing Xu ExplodedNode* MakeNode(ExplodedNodeSet& Dst, const Stmt* S, 2763992a50eea030a2913f1d267554f55ecd00d694cZhongxing Xu ExplodedNode* Pred, const GRState* St, 277bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu ProgramPoint::Kind K = ProgramPoint::PostStmtKind, 278bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu const void *tag = 0); 2797b71c1977cccafa23f9ecb3b0b22199e61ae634cZhongxing Xu 2805a5d98bc6962dc2d1aaa5e0e522f1bf84273b9c1Ted Kremenek /// CheckerVisit - Dispatcher for performing checker-specific logic 2815a5d98bc6962dc2d1aaa5e0e522f1bf84273b9c1Ted Kremenek /// at specific statements. 28203509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void CheckerVisit(const Stmt *S, ExplodedNodeSet &Dst, ExplodedNodeSet &Src, 28372905cfa81cfd126f322c4173f56d332aac5539eJordy Rose CallbackKind Kind); 284a46e4d91d8f3eb341f2387768db66dcfe8dd0afaZhongxing Xu 285432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis void CheckerVisitObjCMessage(const ObjCMessage &msg, ExplodedNodeSet &Dst, 286432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis ExplodedNodeSet &Src, bool isPrevisit); 287432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis 288935ef90f4b065c7c865ee5b2a99c5f9b1a115d72Zhongxing Xu bool CheckerEvalCall(const CallExpr *CE, 289935ef90f4b065c7c865ee5b2a99c5f9b1a115d72Zhongxing Xu ExplodedNodeSet &Dst, 290935ef90f4b065c7c865ee5b2a99c5f9b1a115d72Zhongxing Xu ExplodedNode *Pred); 291935ef90f4b065c7c865ee5b2a99c5f9b1a115d72Zhongxing Xu 292432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis void CheckerEvalNilReceiver(const ObjCMessage &msg, 293a46e4d91d8f3eb341f2387768db66dcfe8dd0afaZhongxing Xu ExplodedNodeSet &Dst, 294a46e4d91d8f3eb341f2387768db66dcfe8dd0afaZhongxing Xu const GRState *state, 295a46e4d91d8f3eb341f2387768db66dcfe8dd0afaZhongxing Xu ExplodedNode *Pred); 296b107c4b7efb907d75620cd3c17f82fe27dc5b745Ted Kremenek 29779d73044b7d0adfbd18ee34285395e1d5135f662Ted Kremenek void CheckerVisitBind(const Stmt *StoreE, ExplodedNodeSet &Dst, 29879d73044b7d0adfbd18ee34285395e1d5135f662Ted Kremenek ExplodedNodeSet &Src, SVal location, SVal val, 29979d73044b7d0adfbd18ee34285395e1d5135f662Ted Kremenek bool isPrevisit); 300ec9227fea66c3439991fc84b0d33b0a8b4b8875eZhongxing Xu 301b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// Visit - Transfer function logic for all statements. Dispatches to 302b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// other functions that handle specific kinds of statements. 30303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void Visit(const Stmt* S, ExplodedNode* Pred, ExplodedNodeSet& Dst); 3041eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 305c5b1bf10133a8ecbfe9e6b3ec92bae84e3d927e8Ted Kremenek /// VisitArraySubscriptExpr - Transfer function for array accesses. 306892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek void VisitLvalArraySubscriptExpr(const ArraySubscriptExpr* Ex, 307892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNode* Pred, 308892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 3091eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 310ef44bfb9d0f15ba0391f8346c9f01355fb450a09Ted Kremenek /// VisitAsmStmt - Transfer function logic for inline asm. 31103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitAsmStmt(const AsmStmt* A, ExplodedNode* Pred, ExplodedNodeSet& Dst); 3121eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 31303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitAsmStmtHelperOutputs(const AsmStmt* A, 31403509aea098772644bf4662dc1c88634818ceeccZhongxing Xu AsmStmt::const_outputs_iterator I, 31503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu AsmStmt::const_outputs_iterator E, 316031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedNode* Pred, ExplodedNodeSet& Dst); 3171eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 31803509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitAsmStmtHelperInputs(const AsmStmt* A, 31903509aea098772644bf4662dc1c88634818ceeccZhongxing Xu AsmStmt::const_inputs_iterator I, 32003509aea098772644bf4662dc1c88634818ceeccZhongxing Xu AsmStmt::const_inputs_iterator E, 321031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedNode* Pred, ExplodedNodeSet& Dst); 322c95ad9ff6e574aecdd759542d5578bc65d586d93Ted Kremenek 323c95ad9ff6e574aecdd759542d5578bc65d586d93Ted Kremenek /// VisitBlockExpr - Transfer function logic for BlockExprs. 32403509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitBlockExpr(const BlockExpr *BE, ExplodedNode *Pred, 32503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNodeSet &Dst); 3261eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 327b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitBinaryOperator - Transfer function logic for binary operators. 32803509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitBinaryOperator(const BinaryOperator* B, ExplodedNode* Pred, 329892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 330469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek 3311eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 332de43424560f1a744de6214dab6bbee28ad8437f5Ted Kremenek /// VisitCall - Transfer function for function calls. 33303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCall(const CallExpr* CE, ExplodedNode* Pred, 33403509aea098772644bf4662dc1c88634818ceeccZhongxing Xu CallExpr::const_arg_iterator AI, 33503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu CallExpr::const_arg_iterator AE, 336892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 3371eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 338b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitCast - Transfer function logic for all casts (implicit and explicit). 33903509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCast(const CastExpr *CastE, const Expr *Ex, ExplodedNode *Pred, 340892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet &Dst); 341e1c2a675e0c089e1f53cbd55d2197a8beaa852aeTed Kremenek 3424f09027385466f1f4c382c80ca77157e2aef97d9Ted Kremenek /// VisitCompoundLiteralExpr - Transfer function logic for compound literals. 34303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCompoundLiteralExpr(const CompoundLiteralExpr* CL, 344892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNode* Pred, ExplodedNodeSet& Dst); 3451eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 346892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek /// Transfer function logic for DeclRefExprs and BlockDeclRefExprs. 34703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCommonDeclRefExpr(const Expr* DR, const NamedDecl *D, 348892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNode* Pred, ExplodedNodeSet& Dst); 34967d1287035767f4f6c8ca0c2bb755990012a44caTed Kremenek 350b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitDeclStmt - Transfer function logic for DeclStmts. 35103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitDeclStmt(const DeclStmt* DS, ExplodedNode* Pred, 35203509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNodeSet& Dst); 3531eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 354b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitGuardedExpr - Transfer function logic for ?, __builtin_choose 35503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitGuardedExpr(const Expr* Ex, const Expr* L, const Expr* R, 35603509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNode* Pred, ExplodedNodeSet& Dst); 357c4f8706b6539e06a5de153bd72850bb2e0a71456Zhongxing Xu 358fcfb503c280ed8c66d428fed911b2846c0f434fcTed Kremenek /// VisitCondInit - Transfer function for handling the initialization 359fcfb503c280ed8c66d428fed911b2846c0f434fcTed Kremenek /// of a condition variable in an IfStmt, SwitchStmt, etc. 36003509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCondInit(const VarDecl *VD, const Stmt *S, ExplodedNode *Pred, 361fcfb503c280ed8c66d428fed911b2846c0f434fcTed Kremenek ExplodedNodeSet& Dst); 36261dfbecd8e6181b2ba42ffb5feede27a2bab3b8aTed Kremenek 36303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitInitListExpr(const InitListExpr* E, ExplodedNode* Pred, 364c05f23994720b3eb0a3b3494e7bfcec9e1536c89Ted Kremenek ExplodedNodeSet& Dst); 365c4f8706b6539e06a5de153bd72850bb2e0a71456Zhongxing Xu 366b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitLogicalExpr - Transfer function logic for '&&', '||' 36703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitLogicalExpr(const BinaryOperator* B, ExplodedNode* Pred, 368c05f23994720b3eb0a3b3494e7bfcec9e1536c89Ted Kremenek ExplodedNodeSet& Dst); 3691eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 370469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek /// VisitMemberExpr - Transfer function for member expressions. 37103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitMemberExpr(const MemberExpr* M, ExplodedNode* Pred, 372892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 3731eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 3744beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek /// Transfer function logic for ObjCAtSynchronizedStmts. 3754beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek void VisitObjCAtSynchronizedStmt(const ObjCAtSynchronizedStmt *S, 3764beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 3774beaa9f51b2da57c64740cef2bd1c2fdb0c325d5Ted Kremenek 37814429b918bd2f4cb52abc75546a7fe37142054caArgyrios Kyrtzidis void VisitObjCPropertyRefExpr(const ObjCPropertyRefExpr *E, 37914429b918bd2f4cb52abc75546a7fe37142054caArgyrios Kyrtzidis ExplodedNode *Pred, ExplodedNodeSet &Dst); 38014429b918bd2f4cb52abc75546a7fe37142054caArgyrios Kyrtzidis 381892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek /// Transfer function logic for computing the lvalue of an Objective-C ivar. 382892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek void VisitLvalObjCIvarRefExpr(const ObjCIvarRefExpr* DR, ExplodedNode* Pred, 383892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 384af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek 385af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek /// VisitObjCForCollectionStmt - Transfer function logic for 386af3374187c47acea45706eab6744be6b1c66a856Ted Kremenek /// ObjCForCollectionStmt. 38703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitObjCForCollectionStmt(const ObjCForCollectionStmt* S, 38803509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNode* Pred, ExplodedNodeSet& Dst); 3891eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 39003509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitObjCForCollectionStmtAux(const ObjCForCollectionStmt* S, 391bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu ExplodedNode* Pred, 392031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedNodeSet& Dst, SVal ElementV); 3931eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 394469ecbded3616416ef938ed94a67f86149faf226Ted Kremenek /// VisitObjCMessageExpr - Transfer function for ObjC message expressions. 39503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitObjCMessageExpr(const ObjCMessageExpr* ME, ExplodedNode* Pred, 396892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 3975286e2ddfd8332520de4c076e49991d6fe557adbArgyrios Kyrtzidis void VisitObjCMessage(const ObjCMessage &msg, ExplodedNodeSet &Src, 3985286e2ddfd8332520de4c076e49991d6fe557adbArgyrios Kyrtzidis ExplodedNodeSet& Dst); 3991eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 40002737ed29d7fff2206f7c7ee958cdf0665e35542Ted Kremenek /// VisitReturnStmt - Transfer function logic for return statements. 40103509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitReturnStmt(const ReturnStmt* R, ExplodedNode* Pred, 40203509aea098772644bf4662dc1c88634818ceeccZhongxing Xu ExplodedNodeSet& Dst); 4038ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 4048ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor /// VisitOffsetOfExpr - Transfer function for offsetof. 40503509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitOffsetOfExpr(const OffsetOfExpr* Ex, ExplodedNode* Pred, 4068ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor ExplodedNodeSet& Dst); 4071eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4080518999d3adcc289997bd974dce90cc97f5c1c44Sebastian Redl /// VisitSizeOfAlignOfExpr - Transfer function for sizeof. 40903509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitSizeOfAlignOfExpr(const SizeOfAlignOfExpr* Ex, ExplodedNode* Pred, 410031ccc0555a82afc2e8afe29e19dd57ff204e2deZhongxing Xu ExplodedNodeSet& Dst); 4111eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 412b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek /// VisitUnaryOperator - Transfer function logic for unary operators. 41303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitUnaryOperator(const UnaryOperator* B, ExplodedNode* Pred, 414892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNodeSet& Dst); 415bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu 41603509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXThisExpr(const CXXThisExpr *TE, ExplodedNode *Pred, 417bb141217871e93767aa3f2de1b9946fa6d37066aZhongxing Xu ExplodedNodeSet & Dst); 418d706434b0231c76fd9acf30060646a7aa8f69aefZhongxing Xu 419d706434b0231c76fd9acf30060646a7aa8f69aefZhongxing Xu void VisitCXXTemporaryObjectExpr(const CXXTemporaryObjectExpr *expr, 420892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst) { 421892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek VisitCXXConstructExpr(expr, 0, Pred, Dst); 422d706434b0231c76fd9acf30060646a7aa8f69aefZhongxing Xu } 423d706434b0231c76fd9acf30060646a7aa8f69aefZhongxing Xu 4247ce351db56fbce162a3b650518ce05b5c61ebf36Zhongxing Xu void VisitCXXConstructExpr(const CXXConstructExpr *E, const MemRegion *Dest, 425892697dd2287caf7c29aaaa82909b0e90b8b63feTed Kremenek ExplodedNode *Pred, ExplodedNodeSet &Dst); 426950db87e5efe2ff0c7234116929f8637aaf7ae7aZhongxing Xu 427b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu void VisitCXXDestructor(const CXXDestructorDecl *DD, 428b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu const MemRegion *Dest, const Stmt *S, 429b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu ExplodedNode *Pred, ExplodedNodeSet &Dst); 430b13453bd8a91f331d0910ca95ad52aa41b52f648Zhongxing Xu 431950db87e5efe2ff0c7234116929f8637aaf7ae7aZhongxing Xu void VisitCXXMemberCallExpr(const CXXMemberCallExpr *MCE, ExplodedNode *Pred, 432950db87e5efe2ff0c7234116929f8637aaf7ae7aZhongxing Xu ExplodedNodeSet &Dst); 433950db87e5efe2ff0c7234116929f8637aaf7ae7aZhongxing Xu 4346a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski void VisitCXXOperatorCallExpr(const CXXOperatorCallExpr *C, 4356a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski ExplodedNode *Pred, ExplodedNodeSet &Dst); 4366a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski 43703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, 438856c6bcaea56e05255e9f3997ddd56b5c18a14f0Zhongxing Xu ExplodedNodeSet &Dst); 439856c6bcaea56e05255e9f3997ddd56b5c18a14f0Zhongxing Xu 44003509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void VisitCXXDeleteExpr(const CXXDeleteExpr *CDE, ExplodedNode *Pred, 4416b8513829895e56a7b97e787ea74520bc626512eZhongxing Xu ExplodedNodeSet &Dst); 4426b8513829895e56a7b97e787ea74520bc626512eZhongxing Xu 4437ce351db56fbce162a3b650518ce05b5c61ebf36Zhongxing Xu void VisitAggExpr(const Expr *E, const MemRegion *Dest, ExplodedNode *Pred, 4447b71c1977cccafa23f9ecb3b0b22199e61ae634cZhongxing Xu ExplodedNodeSet &Dst); 4457b71c1977cccafa23f9ecb3b0b22199e61ae634cZhongxing Xu 446bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu /// Create a C++ temporary object for an rvalue. 44703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu void CreateCXXTemporaryObject(const Expr *Ex, ExplodedNode *Pred, 448bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu ExplodedNodeSet &Dst); 449bc37b8dd9914e02580f531fa6e5e72be34d9675eZhongxing Xu 4508e18c1b840882d26039503629d7e4ad4822f3bdaZhongxing Xu /// Synthesize CXXThisRegion. 4519dc84c9455df2a77195147d0210c915dc1775a88Zhongxing Xu const CXXThisRegion *getCXXThisRegion(const CXXRecordDecl *RD, 4528e18c1b840882d26039503629d7e4ad4822f3bdaZhongxing Xu const StackFrameContext *SFC); 4538e18c1b840882d26039503629d7e4ad4822f3bdaZhongxing Xu 45432303020d0f1a21cbcab65ae0c69a4218dc8f0fbZhongxing Xu const CXXThisRegion *getCXXThisRegion(const CXXMethodDecl *decl, 45532303020d0f1a21cbcab65ae0c69a4218dc8f0fbZhongxing Xu const StackFrameContext *frameCtx); 45632303020d0f1a21cbcab65ae0c69a4218dc8f0fbZhongxing Xu 457b17b1b3cc2b0d4d3b263b9384571bbc7f3995771Zhongxing Xu /// Evaluate arguments with a work list algorithm. 4589c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalArguments(ConstExprIterator AI, ConstExprIterator AE, 459b17b1b3cc2b0d4d3b263b9384571bbc7f3995771Zhongxing Xu const FunctionProtoType *FnType, 46082c63bfa0c5130e0cf274c1974b6157ebefc04feMarcin Swiderski ExplodedNode *Pred, ExplodedNodeSet &Dst, 46182c63bfa0c5130e0cf274c1974b6157ebefc04feMarcin Swiderski bool FstArgAsLValue = false); 462b17b1b3cc2b0d4d3b263b9384571bbc7f3995771Zhongxing Xu 4636a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski /// Evaluate method call itself. Used for CXXMethodCallExpr and 4646a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski /// CXXOperatorCallExpr. 4659c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalMethodCall(const CallExpr *MCE, const CXXMethodDecl *MD, 4666a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski const Expr *ThisExpr, ExplodedNode *Pred, 4676a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski ExplodedNodeSet &Src, ExplodedNodeSet &Dst); 4686a02b609c2e23b28d24f9db4c8006137c6b55ae4Marcin Swiderski 4699c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalEagerlyAssume - Given the nodes in 'Src', eagerly assume symbolic 47048af2a9c1ed3259512f2d1431720add1fbe8fb5fTed Kremenek /// expressions of the form 'x != 0' and generate new nodes (stored in Dst) 47148af2a9c1ed3259512f2d1431720add1fbe8fb5fTed Kremenek /// with those assumptions. 4729c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalEagerlyAssume(ExplodedNodeSet& Dst, ExplodedNodeSet& Src, 47303509aea098772644bf4662dc1c88634818ceeccZhongxing Xu const Expr *Ex); 4741eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4759c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalMinus(SVal X) { 4769c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return X.isValid() ? svalBuilder.evalMinus(cast<NonLoc>(X)) : X; 477b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek } 4781eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4799c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalComplement(SVal X) { 4809c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return X.isValid() ? svalBuilder.evalComplement(cast<NonLoc>(X)) : X; 48190e420321f60860f4c4e7a68ca9f7567824b46ecTed Kremenek } 482248072a8b9cd956c4ac63172fc2af09790f7c6a9Zhongxing Xu 4831670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 4841eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4859c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalBinOp(const GRState *state, BinaryOperator::Opcode op, 486cd8f6ac9b613e1fe962ebf9c87d822ce765275e6Ted Kremenek NonLoc L, NonLoc R, QualType T) { 4879c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return svalBuilder.evalBinOpNN(state, op, L, R, T); 4886297a8ec313c722db50f686fd190842b7ea91118Ted Kremenek } 48910c16657eec144def180ee53d1e0249c9ed2b3b5Ted Kremenek 4909c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalBinOp(const GRState *state, BinaryOperator::Opcode op, 491cd8f6ac9b613e1fe962ebf9c87d822ce765275e6Ted Kremenek NonLoc L, SVal R, QualType T) { 4929c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return R.isValid() ? svalBuilder.evalBinOpNN(state,op,L, cast<NonLoc>(R), T) : R; 493b640b3b5dfccaf259967cb2cb6755c9aa20d4423Ted Kremenek } 4941eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4959c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek SVal evalBinOp(const GRState *ST, BinaryOperator::Opcode Op, 496ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek SVal LHS, SVal RHS, QualType T) { 4979c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek return svalBuilder.evalBinOp(ST, Op, LHS, RHS, T); 498ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek } 4995b9bd2137ebef350af803c634e3fdf5d74678100Ted Kremenek 5001670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekprotected: 501432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis void evalObjCMessage(ExplodedNodeSet& Dst, const ObjCMessage &msg, 502432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis ExplodedNode* Pred, const GRState *state) { 503d2592a34a059e7cbb2b11dc53649ac4912422909Argyrios Kyrtzidis assert (Builder && "StmtNodeBuilder must be defined."); 504432424d67641d609e4990d791baa782fc161027eArgyrios Kyrtzidis getTF().evalObjCMessage(Dst, *this, *Builder, msg, Pred, state); 505de43424560f1a744de6214dab6bbee28ad8437f5Ted Kremenek } 5061670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenek 50703509aea098772644bf4662dc1c88634818ceeccZhongxing Xu const GRState* MarkBranch(const GRState* St, const Stmt* Terminator, 5081670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenek bool branchTaken); 5091eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 5109c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// evalBind - Handle the semantics of binding a value to a specific location. 5119c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek /// This method is used by evalStore, VisitDeclStmt, and others. 5129c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalBind(ExplodedNodeSet& Dst, const Stmt* StoreE, ExplodedNode* Pred, 513f6f56d4fc8ebce17e7b83eb2c35f57a055c22283Ted Kremenek const GRState* St, SVal location, SVal Val, 514f6f56d4fc8ebce17e7b83eb2c35f57a055c22283Ted Kremenek bool atDeclInit = false); 5151eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 5161670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenekpublic: 517b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 518b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // instead. 519834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // FIXME: Comment on the meaning of the arguments, when 'St' may not 520834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // be the same as Pred->state, and when 'location' may not be the 521834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan // same as state->getLValue(Ex). 522834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wan /// Simulate a read of the result of Ex. 5239c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalLoad(ExplodedNodeSet& Dst, const Expr* Ex, ExplodedNode* Pred, 524652be346f74feba027bcbdeb6a3e3f4755a0e62cZhongxing Xu const GRState* St, SVal location, const void *tag = 0, 525652be346f74feba027bcbdeb6a3e3f4755a0e62cZhongxing Xu QualType LoadTy = QualType()); 5261eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 527b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 528b4b817d704287836b52b34369009e682f208aa2bTed Kremenek // instead. 5299c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalStore(ExplodedNodeSet& Dst, const Expr* AssignE, const Expr* StoreE, 530b4b817d704287836b52b34369009e682f208aa2bTed Kremenek ExplodedNode* Pred, const GRState* St, SVal TargetLV, SVal Val, 5311670e403c48f3af4fceff3f6773a0e1cfc6c4eb3Ted Kremenek const void *tag = 0); 532834f9de3d3d76986d09f41725a70ba45a3e2aecdZhanyong Wanprivate: 5339c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalLoadCommon(ExplodedNodeSet& Dst, const Expr* Ex, ExplodedNode* Pred, 534852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek const GRState* St, SVal location, const void *tag, 535852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek QualType LoadTy); 536852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek 537852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek // FIXME: 'tag' should be removed, and a LocationContext should be used 538852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek // instead. 5399c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek void evalLocation(ExplodedNodeSet &Dst, const Stmt *S, ExplodedNode* Pred, 540852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek const GRState* St, SVal location, 541852274d4257134906995cb252fb3dfd2d71deae8Ted Kremenek const void *tag, bool isLoad); 5421c625f25055331bf76ab5479a8060d2b0f61e8b8Zhongxing Xu 5431c625f25055331bf76ab5479a8060d2b0f61e8b8Zhongxing Xu bool InlineCall(ExplodedNodeSet &Dst, const CallExpr *CE, ExplodedNode *Pred); 544b387a3f23e423d62c053be86294b703da1d1a222Ted Kremenek}; 5451eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 54665423aeb996a296cf2964f136ce4a4a937bd1687Zhongxing Xu} // end ento namespace 5475a4f98ff943e6a501b0fe47ade007c9bbf96cb88Argyrios Kyrtzidis 548c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek} // end clang namespace 549c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6Ted Kremenek 550d065d6080f0620bb80b933f3f5d52d37bb2ea770Ted Kremenek#endif 551