clang  10.0.0svn
CallEvent.h
Go to the documentation of this file.
1 //===- CallEvent.h - Wrapper for all function and method calls --*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 /// \file This file defines CallEvent and its subclasses, which represent path-
10 /// sensitive instances of different kinds of function and method calls
11 /// (C, C++, and Objective-C).
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_CALLEVENT_H
16 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_CALLEVENT_H
17 
18 #include "clang/AST/Decl.h"
19 #include "clang/AST/DeclBase.h"
20 #include "clang/AST/DeclCXX.h"
21 #include "clang/AST/DeclObjC.h"
22 #include "clang/AST/Expr.h"
23 #include "clang/AST/ExprCXX.h"
24 #include "clang/AST/ExprObjC.h"
25 #include "clang/AST/Stmt.h"
26 #include "clang/AST/Type.h"
28 #include "clang/Basic/LLVM.h"
35 #include "llvm/ADT/ArrayRef.h"
36 #include "llvm/ADT/IntrusiveRefCntPtr.h"
37 #include "llvm/ADT/PointerIntPair.h"
38 #include "llvm/ADT/PointerUnion.h"
39 #include "llvm/ADT/STLExtras.h"
40 #include "llvm/ADT/SmallVector.h"
41 #include "llvm/ADT/StringRef.h"
42 #include "llvm/Support/Allocator.h"
43 #include "llvm/Support/Casting.h"
44 #include "llvm/Support/ErrorHandling.h"
45 #include <cassert>
46 #include <limits>
47 #include <utility>
48 
49 namespace clang {
50 
51 class LocationContext;
52 class ProgramPoint;
53 class ProgramPointTag;
54 class StackFrameContext;
55 
56 namespace ento {
57 
71 };
72 
73 class CallEvent;
74 class CallDescription;
75 
76 template<typename T = CallEvent>
77 class CallEventRef : public IntrusiveRefCntPtr<const T> {
78 public:
79  CallEventRef(const T *Call) : IntrusiveRefCntPtr<const T>(Call) {}
80  CallEventRef(const CallEventRef &Orig) : IntrusiveRefCntPtr<const T>(Orig) {}
81 
83  return this->get()->template cloneWithState<T>(State);
84  }
85 
86  // Allow implicit conversions to a superclass type, since CallEventRef
87  // behaves like a pointer-to-const.
88  template <typename SuperT>
89  operator CallEventRef<SuperT> () const {
90  return this->get();
91  }
92 };
93 
94 /// \class RuntimeDefinition
95 /// Defines the runtime definition of the called function.
96 ///
97 /// Encapsulates the information we have about which Decl will be used
98 /// when the call is executed on the given path. When dealing with dynamic
99 /// dispatch, the information is based on DynamicTypeInfo and might not be
100 /// precise.
102  /// The Declaration of the function which could be called at runtime.
103  /// NULL if not available.
104  const Decl *D = nullptr;
105 
106  /// The region representing an object (ObjC/C++) on which the method is
107  /// called. With dynamic dispatch, the method definition depends on the
108  /// runtime type of this object. NULL when the DynamicTypeInfo is
109  /// precise.
110  const MemRegion *R = nullptr;
111 
112 public:
113  RuntimeDefinition() = default;
114  RuntimeDefinition(const Decl *InD): D(InD) {}
115  RuntimeDefinition(const Decl *InD, const MemRegion *InR): D(InD), R(InR) {}
116 
117  const Decl *getDecl() { return D; }
118 
119  /// Check if the definition we have is precise.
120  /// If not, it is possible that the call dispatches to another definition at
121  /// execution time.
122  bool mayHaveOtherDefinitions() { return R != nullptr; }
123 
124  /// When other definitions are possible, returns the region whose runtime type
125  /// determines the method definition.
126  const MemRegion *getDispatchRegion() { return R; }
127 };
128 
129 /// Represents an abstract call to a function or method along a
130 /// particular path.
131 ///
132 /// CallEvents are created through the factory methods of CallEventManager.
133 ///
134 /// CallEvents should always be cheap to create and destroy. In order for
135 /// CallEventManager to be able to re-use CallEvent-sized memory blocks,
136 /// subclasses of CallEvent may not add any data members to the base class.
137 /// Use the "Data" and "Location" fields instead.
138 class CallEvent {
139 public:
141 
142 private:
144  const LocationContext *LCtx;
145  llvm::PointerUnion<const Expr *, const Decl *> Origin;
146 
147 protected:
148  // This is user data for subclasses.
149  const void *Data;
150 
151  // This is user data for subclasses.
152  // This should come right before RefCount, so that the two fields can be
153  // packed together on LP64 platforms.
155 
156 private:
157  template <typename T> friend struct llvm::IntrusiveRefCntPtrInfo;
158 
159  mutable unsigned RefCount = 0;
160 
161  void Retain() const { ++RefCount; }
162  void Release() const;
163 
164 protected:
165  friend class CallEventManager;
166 
168  : State(std::move(state)), LCtx(lctx), Origin(E) {}
169 
171  : State(std::move(state)), LCtx(lctx), Origin(D) {}
172 
173  // DO NOT MAKE PUBLIC
174  CallEvent(const CallEvent &Original)
175  : State(Original.State), LCtx(Original.LCtx), Origin(Original.Origin),
176  Data(Original.Data), Location(Original.Location) {}
177 
178  /// Copies this CallEvent, with vtable intact, into a new block of memory.
179  virtual void cloneTo(void *Dest) const = 0;
180 
181  /// Get the value of arbitrary expressions at this point in the path.
182  SVal getSVal(const Stmt *S) const {
183  return getState()->getSVal(S, getLocationContext());
184  }
185 
187 
188  /// Used to specify non-argument regions that will be invalidated as a
189  /// result of this call.
190  virtual void getExtraInvalidatedValues(ValueList &Values,
191  RegionAndSymbolInvalidationTraits *ETraits) const {}
192 
193 public:
194  CallEvent &operator=(const CallEvent &) = delete;
195  virtual ~CallEvent() = default;
196 
197  /// Returns the kind of call this is.
198  virtual Kind getKind() const = 0;
199 
200  /// Returns the declaration of the function or method that will be
201  /// called. May be null.
202  virtual const Decl *getDecl() const {
203  return Origin.dyn_cast<const Decl *>();
204  }
205 
206  /// The state in which the call is being evaluated.
207  const ProgramStateRef &getState() const {
208  return State;
209  }
210 
211  /// The context in which the call is being evaluated.
213  return LCtx;
214  }
215 
216  /// Returns the definition of the function or method that will be
217  /// called.
218  virtual RuntimeDefinition getRuntimeDefinition() const = 0;
219 
220  /// Returns the expression whose value will be the result of this call.
221  /// May be null.
222  const Expr *getOriginExpr() const {
223  return Origin.dyn_cast<const Expr *>();
224  }
225 
226  /// Returns the number of arguments (explicit and implicit).
227  ///
228  /// Note that this may be greater than the number of parameters in the
229  /// callee's declaration, and that it may include arguments not written in
230  /// the source.
231  virtual unsigned getNumArgs() const = 0;
232 
233  /// Returns true if the callee is known to be from a system header.
234  bool isInSystemHeader() const {
235  const Decl *D = getDecl();
236  if (!D)
237  return false;
238 
240  if (Loc.isValid()) {
241  const SourceManager &SM =
242  getState()->getStateManager().getContext().getSourceManager();
243  return SM.isInSystemHeader(D->getLocation());
244  }
245 
246  // Special case for implicitly-declared global operator new/delete.
247  // These should be considered system functions.
248  if (const auto *FD = dyn_cast<FunctionDecl>(D))
249  return FD->isOverloadedOperator() && FD->isImplicit() && FD->isGlobal();
250 
251  return false;
252  }
253 
254  /// Returns true if the CallEvent is a call to a function that matches
255  /// the CallDescription.
256  ///
257  /// Note that this function is not intended to be used to match Obj-C method
258  /// calls.
259  bool isCalled(const CallDescription &CD) const;
260 
261  /// Returns a source range for the entire call, suitable for
262  /// outputting in diagnostics.
263  virtual SourceRange getSourceRange() const {
264  return getOriginExpr()->getSourceRange();
265  }
266 
267  /// Returns the value of a given argument at the time of the call.
268  virtual SVal getArgSVal(unsigned Index) const;
269 
270  /// Returns the expression associated with a given argument.
271  /// May be null if this expression does not appear in the source.
272  virtual const Expr *getArgExpr(unsigned Index) const { return nullptr; }
273 
274  /// Returns the source range for errors associated with this argument.
275  ///
276  /// May be invalid if the argument is not written in the source.
277  virtual SourceRange getArgSourceRange(unsigned Index) const;
278 
279  /// Returns the result type, adjusted for references.
280  QualType getResultType() const;
281 
282  /// Returns the return value of the call.
283  ///
284  /// This should only be called if the CallEvent was created using a state in
285  /// which the return value has already been bound to the origin expression.
286  SVal getReturnValue() const;
287 
288  /// Returns true if the type of any of the non-null arguments satisfies
289  /// the condition.
290  bool hasNonNullArgumentsWithType(bool (*Condition)(QualType)) const;
291 
292  /// Returns true if any of the arguments appear to represent callbacks.
293  bool hasNonZeroCallbackArg() const;
294 
295  /// Returns true if any of the arguments is void*.
296  bool hasVoidPointerToNonConstArg() const;
297 
298  /// Returns true if any of the arguments are known to escape to long-
299  /// term storage, even if this method will not modify them.
300  // NOTE: The exact semantics of this are still being defined!
301  // We don't really want a list of hardcoded exceptions in the long run,
302  // but we don't want duplicated lists of known APIs in the short term either.
303  virtual bool argumentsMayEscape() const {
304  return hasNonZeroCallbackArg();
305  }
306 
307  /// Returns true if the callee is an externally-visible function in the
308  /// top-level namespace, such as \c malloc.
309  ///
310  /// You can use this call to determine that a particular function really is
311  /// a library function and not, say, a C++ member function with the same name.
312  ///
313  /// If a name is provided, the function must additionally match the given
314  /// name.
315  ///
316  /// Note that this deliberately excludes C++ library functions in the \c std
317  /// namespace, but will include C library functions accessed through the
318  /// \c std namespace. This also does not check if the function is declared
319  /// as 'extern "C"', or if it uses C++ name mangling.
320  // FIXME: Add a helper for checking namespaces.
321  // FIXME: Move this down to AnyFunctionCall once checkers have more
322  // precise callbacks.
323  bool isGlobalCFunction(StringRef SpecificName = StringRef()) const;
324 
325  /// Returns the name of the callee, if its name is a simple identifier.
326  ///
327  /// Note that this will fail for Objective-C methods, blocks, and C++
328  /// overloaded operators. The former is named by a Selector rather than a
329  /// simple identifier, and the latter two do not have names.
330  // FIXME: Move this down to AnyFunctionCall once checkers have more
331  // precise callbacks.
333  const auto *ND = dyn_cast_or_null<NamedDecl>(getDecl());
334  if (!ND)
335  return nullptr;
336  return ND->getIdentifier();
337  }
338 
339  /// Returns an appropriate ProgramPoint for this call.
340  ProgramPoint getProgramPoint(bool IsPreVisit = false,
341  const ProgramPointTag *Tag = nullptr) const;
342 
343  /// Returns a new state with all argument regions invalidated.
344  ///
345  /// This accepts an alternate state in case some processing has already
346  /// occurred.
347  ProgramStateRef invalidateRegions(unsigned BlockCount,
348  ProgramStateRef Orig = nullptr) const;
349 
350  using FrameBindingTy = std::pair<Loc, SVal>;
352 
353  /// Populates the given SmallVector with the bindings in the callee's stack
354  /// frame at the start of this call.
355  virtual void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
356  BindingsTy &Bindings) const = 0;
357 
358  /// Returns a copy of this CallEvent, but using the given state.
359  template <typename T>
361 
362  /// Returns a copy of this CallEvent, but using the given state.
364  return cloneWithState<CallEvent>(NewState);
365  }
366 
367  /// Returns true if this is a statement is a function or method call
368  /// of some kind.
369  static bool isCallStmt(const Stmt *S);
370 
371  /// Returns the result type of a function or method declaration.
372  ///
373  /// This will return a null QualType if the result type cannot be determined.
374  static QualType getDeclaredResultType(const Decl *D);
375 
376  /// Returns true if the given decl is known to be variadic.
377  ///
378  /// \p D must not be null.
379  static bool isVariadic(const Decl *D);
380 
381  /// Returns AnalysisDeclContext for the callee stack frame.
382  /// Currently may fail; returns null on failure.
383  AnalysisDeclContext *getCalleeAnalysisDeclContext() const;
384 
385  /// Returns the callee stack frame. That stack frame will only be entered
386  /// during analysis if the call is inlined, but it may still be useful
387  /// in intermediate calculations even if the call isn't inlined.
388  /// May fail; returns null on failure.
389  const StackFrameContext *getCalleeStackFrame(unsigned BlockCount) const;
390 
391  /// Returns memory location for a parameter variable within the callee stack
392  /// frame. May fail; returns null on failure.
393  const VarRegion *getParameterLocation(unsigned Index,
394  unsigned BlockCount) const;
395 
396  /// Returns true if on the current path, the argument was constructed by
397  /// calling a C++ constructor over it. This is an internal detail of the
398  /// analysis which doesn't necessarily represent the program semantics:
399  /// if we are supposed to construct an argument directly, we may still
400  /// not do that because we don't know how (i.e., construction context is
401  /// unavailable in the CFG or not supported by the analyzer).
402  bool isArgumentConstructedDirectly(unsigned Index) const {
403  // This assumes that the object was not yet removed from the state.
405  getState(), {getOriginExpr(), Index}, getLocationContext()).hasValue();
406  }
407 
408  /// Some calls have parameter numbering mismatched from argument numbering.
409  /// This function converts an argument index to the corresponding
410  /// parameter index. Returns None is the argument doesn't correspond
411  /// to any parameter variable.
412  virtual Optional<unsigned>
413  getAdjustedParameterIndex(unsigned ASTArgumentIndex) const {
414  return ASTArgumentIndex;
415  }
416 
417  /// Some call event sub-classes conveniently adjust mismatching AST indices
418  /// to match parameter indices. This function converts an argument index
419  /// as understood by CallEvent to the argument index as understood by the AST.
420  virtual unsigned getASTArgumentIndex(unsigned CallArgumentIndex) const {
421  return CallArgumentIndex;
422  }
423 
424  // Iterator access to formal parameters and their types.
425 private:
426  struct GetTypeFn {
427  QualType operator()(ParmVarDecl *PD) const { return PD->getType(); }
428  };
429 
430 public:
431  /// Return call's formal parameters.
432  ///
433  /// Remember that the number of formal parameters may not match the number
434  /// of arguments for all calls. However, the first parameter will always
435  /// correspond with the argument value returned by \c getArgSVal(0).
436  virtual ArrayRef<ParmVarDecl *> parameters() const = 0;
437 
438  using param_type_iterator =
439  llvm::mapped_iterator<ArrayRef<ParmVarDecl *>::iterator, GetTypeFn>;
440 
441  /// Returns an iterator over the types of the call's formal parameters.
442  ///
443  /// This uses the callee decl found by default name lookup rather than the
444  /// definition because it represents a public interface, and probably has
445  /// more annotations.
447  return llvm::map_iterator(parameters().begin(), GetTypeFn());
448  }
449  /// \sa param_type_begin()
451  return llvm::map_iterator(parameters().end(), GetTypeFn());
452  }
453 
454  // For debugging purposes only
455  void dump(raw_ostream &Out) const;
456  void dump() const;
457 };
458 
459 /// Represents a call to any sort of function that might have a
460 /// FunctionDecl.
461 class AnyFunctionCall : public CallEvent {
462 protected:
464  const LocationContext *LCtx)
465  : CallEvent(E, St, LCtx) {}
467  const LocationContext *LCtx)
468  : CallEvent(D, St, LCtx) {}
469  AnyFunctionCall(const AnyFunctionCall &Other) = default;
470 
471 public:
472  // This function is overridden by subclasses, but they must return
473  // a FunctionDecl.
474  const FunctionDecl *getDecl() const override {
475  return cast<FunctionDecl>(CallEvent::getDecl());
476  }
477 
478  RuntimeDefinition getRuntimeDefinition() const override;
479 
480  bool argumentsMayEscape() const override;
481 
482  void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
483  BindingsTy &Bindings) const override;
484 
485  ArrayRef<ParmVarDecl *> parameters() const override;
486 
487  static bool classof(const CallEvent *CA) {
488  return CA->getKind() >= CE_BEG_FUNCTION_CALLS &&
490  }
491 };
492 
493 /// Represents a C function or static C++ member function call.
494 ///
495 /// Example: \c fun()
497  friend class CallEventManager;
498 
499 protected:
501  const LocationContext *LCtx)
502  : AnyFunctionCall(CE, St, LCtx) {}
503  SimpleFunctionCall(const SimpleFunctionCall &Other) = default;
504 
505  void cloneTo(void *Dest) const override {
506  new (Dest) SimpleFunctionCall(*this);
507  }
508 
509 public:
510  virtual const CallExpr *getOriginExpr() const {
511  return cast<CallExpr>(AnyFunctionCall::getOriginExpr());
512  }
513 
514  const FunctionDecl *getDecl() const override;
515 
516  unsigned getNumArgs() const override { return getOriginExpr()->getNumArgs(); }
517 
518  const Expr *getArgExpr(unsigned Index) const override {
519  return getOriginExpr()->getArg(Index);
520  }
521 
522  Kind getKind() const override { return CE_Function; }
523 
524  static bool classof(const CallEvent *CA) {
525  return CA->getKind() == CE_Function;
526  }
527 };
528 
529 /// Represents a call to a block.
530 ///
531 /// Example: <tt>^{ /* ... */ }()</tt>
532 class BlockCall : public CallEvent {
533  friend class CallEventManager;
534 
535 protected:
537  const LocationContext *LCtx)
538  : CallEvent(CE, St, LCtx) {}
539  BlockCall(const BlockCall &Other) = default;
540 
541  void cloneTo(void *Dest) const override { new (Dest) BlockCall(*this); }
542 
543  void getExtraInvalidatedValues(ValueList &Values,
544  RegionAndSymbolInvalidationTraits *ETraits) const override;
545 
546 public:
547  virtual const CallExpr *getOriginExpr() const {
548  return cast<CallExpr>(CallEvent::getOriginExpr());
549  }
550 
551  unsigned getNumArgs() const override { return getOriginExpr()->getNumArgs(); }
552 
553  const Expr *getArgExpr(unsigned Index) const override {
554  return getOriginExpr()->getArg(Index);
555  }
556 
557  /// Returns the region associated with this instance of the block.
558  ///
559  /// This may be NULL if the block's origin is unknown.
560  const BlockDataRegion *getBlockRegion() const;
561 
562  const BlockDecl *getDecl() const override {
563  const BlockDataRegion *BR = getBlockRegion();
564  if (!BR)
565  return nullptr;
566  return BR->getDecl();
567  }
568 
569  bool isConversionFromLambda() const {
570  const BlockDecl *BD = getDecl();
571  if (!BD)
572  return false;
573 
574  return BD->isConversionFromLambda();
575  }
576 
577  /// For a block converted from a C++ lambda, returns the block
578  /// VarRegion for the variable holding the captured C++ lambda record.
579  const VarRegion *getRegionStoringCapturedLambda() const {
580  assert(isConversionFromLambda());
581  const BlockDataRegion *BR = getBlockRegion();
582  assert(BR && "Block converted from lambda must have a block region");
583 
584  auto I = BR->referenced_vars_begin();
585  assert(I != BR->referenced_vars_end());
586 
587  return I.getCapturedRegion();
588  }
589 
590  RuntimeDefinition getRuntimeDefinition() const override {
591  if (!isConversionFromLambda())
592  return RuntimeDefinition(getDecl());
593 
594  // Clang converts lambdas to blocks with an implicit user-defined
595  // conversion operator method on the lambda record that looks (roughly)
596  // like:
597  //
598  // typedef R(^block_type)(P1, P2, ...);
599  // operator block_type() const {
600  // auto Lambda = *this;
601  // return ^(P1 p1, P2 p2, ...){
602  // /* return Lambda(p1, p2, ...); */
603  // };
604  // }
605  //
606  // Here R is the return type of the lambda and P1, P2, ... are
607  // its parameter types. 'Lambda' is a fake VarDecl captured by the block
608  // that is initialized to a copy of the lambda.
609  //
610  // Sema leaves the body of a lambda-converted block empty (it is
611  // produced by CodeGen), so we can't analyze it directly. Instead, we skip
612  // the block body and analyze the operator() method on the captured lambda.
613  const VarDecl *LambdaVD = getRegionStoringCapturedLambda()->getDecl();
614  const CXXRecordDecl *LambdaDecl = LambdaVD->getType()->getAsCXXRecordDecl();
615  CXXMethodDecl* LambdaCallOperator = LambdaDecl->getLambdaCallOperator();
616 
617  return RuntimeDefinition(LambdaCallOperator);
618  }
619 
620  bool argumentsMayEscape() const override {
621  return true;
622  }
623 
624  void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
625  BindingsTy &Bindings) const override;
626 
627  ArrayRef<ParmVarDecl*> parameters() const override;
628 
629  Kind getKind() const override { return CE_Block; }
630 
631  static bool classof(const CallEvent *CA) {
632  return CA->getKind() == CE_Block;
633  }
634 };
635 
636 /// Represents a non-static C++ member function call, no matter how
637 /// it is written.
639 protected:
641  const LocationContext *LCtx)
642  : AnyFunctionCall(CE, St, LCtx) {}
644  const LocationContext *LCtx)
645  : AnyFunctionCall(D, St, LCtx) {}
646  CXXInstanceCall(const CXXInstanceCall &Other) = default;
647 
648  void getExtraInvalidatedValues(ValueList &Values,
649  RegionAndSymbolInvalidationTraits *ETraits) const override;
650 
651 public:
652  /// Returns the expression representing the implicit 'this' object.
653  virtual const Expr *getCXXThisExpr() const { return nullptr; }
654 
655  /// Returns the value of the implicit 'this' object.
656  virtual SVal getCXXThisVal() const;
657 
658  const FunctionDecl *getDecl() const override;
659 
660  RuntimeDefinition getRuntimeDefinition() const override;
661 
662  void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
663  BindingsTy &Bindings) const override;
664 
665  static bool classof(const CallEvent *CA) {
666  return CA->getKind() >= CE_BEG_CXX_INSTANCE_CALLS &&
667  CA->getKind() <= CE_END_CXX_INSTANCE_CALLS;
668  }
669 };
670 
671 /// Represents a non-static C++ member function call.
672 ///
673 /// Example: \c obj.fun()
675  friend class CallEventManager;
676 
677 protected:
679  const LocationContext *LCtx)
680  : CXXInstanceCall(CE, St, LCtx) {}
681  CXXMemberCall(const CXXMemberCall &Other) = default;
682 
683  void cloneTo(void *Dest) const override { new (Dest) CXXMemberCall(*this); }
684 
685 public:
686  virtual const CXXMemberCallExpr *getOriginExpr() const {
687  return cast<CXXMemberCallExpr>(CXXInstanceCall::getOriginExpr());
688  }
689 
690  unsigned getNumArgs() const override {
691  if (const CallExpr *CE = getOriginExpr())
692  return CE->getNumArgs();
693  return 0;
694  }
695 
696  const Expr *getArgExpr(unsigned Index) const override {
697  return getOriginExpr()->getArg(Index);
698  }
699 
700  const Expr *getCXXThisExpr() const override;
701 
702  RuntimeDefinition getRuntimeDefinition() const override;
703 
704  Kind getKind() const override { return CE_CXXMember; }
705 
706  static bool classof(const CallEvent *CA) {
707  return CA->getKind() == CE_CXXMember;
708  }
709 };
710 
711 /// Represents a C++ overloaded operator call where the operator is
712 /// implemented as a non-static member function.
713 ///
714 /// Example: <tt>iter + 1</tt>
716  friend class CallEventManager;
717 
718 protected:
720  const LocationContext *LCtx)
721  : CXXInstanceCall(CE, St, LCtx) {}
722  CXXMemberOperatorCall(const CXXMemberOperatorCall &Other) = default;
723 
724  void cloneTo(void *Dest) const override {
725  new (Dest) CXXMemberOperatorCall(*this);
726  }
727 
728 public:
729  virtual const CXXOperatorCallExpr *getOriginExpr() const {
730  return cast<CXXOperatorCallExpr>(CXXInstanceCall::getOriginExpr());
731  }
732 
733  unsigned getNumArgs() const override {
734  return getOriginExpr()->getNumArgs() - 1;
735  }
736 
737  const Expr *getArgExpr(unsigned Index) const override {
738  return getOriginExpr()->getArg(Index + 1);
739  }
740 
741  const Expr *getCXXThisExpr() const override;
742 
743  Kind getKind() const override { return CE_CXXMemberOperator; }
744 
745  static bool classof(const CallEvent *CA) {
746  return CA->getKind() == CE_CXXMemberOperator;
747  }
748 
750  getAdjustedParameterIndex(unsigned ASTArgumentIndex) const override {
751  // For member operator calls argument 0 on the expression corresponds
752  // to implicit this-parameter on the declaration.
753  return (ASTArgumentIndex > 0) ? Optional<unsigned>(ASTArgumentIndex - 1)
754  : None;
755  }
756 
757  unsigned getASTArgumentIndex(unsigned CallArgumentIndex) const override {
758  // For member operator calls argument 0 on the expression corresponds
759  // to implicit this-parameter on the declaration.
760  return CallArgumentIndex + 1;
761  }
762 };
763 
764 /// Represents an implicit call to a C++ destructor.
765 ///
766 /// This can occur at the end of a scope (for automatic objects), at the end
767 /// of a full-expression (for temporaries), or as part of a delete.
769  friend class CallEventManager;
770 
771 protected:
772  using DtorDataTy = llvm::PointerIntPair<const MemRegion *, 1, bool>;
773 
774  /// Creates an implicit destructor.
775  ///
776  /// \param DD The destructor that will be called.
777  /// \param Trigger The statement whose completion causes this destructor call.
778  /// \param Target The object region to be destructed.
779  /// \param St The path-sensitive state at this point in the program.
780  /// \param LCtx The location context at this point in the program.
781  CXXDestructorCall(const CXXDestructorDecl *DD, const Stmt *Trigger,
782  const MemRegion *Target, bool IsBaseDestructor,
783  ProgramStateRef St, const LocationContext *LCtx)
784  : CXXInstanceCall(DD, St, LCtx) {
785  Data = DtorDataTy(Target, IsBaseDestructor).getOpaqueValue();
786  Location = Trigger->getEndLoc();
787  }
788 
789  CXXDestructorCall(const CXXDestructorCall &Other) = default;
790 
791  void cloneTo(void *Dest) const override {new (Dest) CXXDestructorCall(*this);}
792 
793 public:
794  SourceRange getSourceRange() const override { return Location; }
795  unsigned getNumArgs() const override { return 0; }
796 
797  RuntimeDefinition getRuntimeDefinition() const override;
798 
799  /// Returns the value of the implicit 'this' object.
800  SVal getCXXThisVal() const override;
801 
802  /// Returns true if this is a call to a base class destructor.
803  bool isBaseDestructor() const {
804  return DtorDataTy::getFromOpaqueValue(Data).getInt();
805  }
806 
807  Kind getKind() const override { return CE_CXXDestructor; }
808 
809  static bool classof(const CallEvent *CA) {
810  return CA->getKind() == CE_CXXDestructor;
811  }
812 };
813 
814 /// Represents a call to a C++ constructor.
815 ///
816 /// Example: \c T(1)
818  friend class CallEventManager;
819 
820 protected:
821  /// Creates a constructor call.
822  ///
823  /// \param CE The constructor expression as written in the source.
824  /// \param Target The region where the object should be constructed. If NULL,
825  /// a new symbolic region will be used.
826  /// \param St The path-sensitive state at this point in the program.
827  /// \param LCtx The location context at this point in the program.
828  CXXConstructorCall(const CXXConstructExpr *CE, const MemRegion *Target,
829  ProgramStateRef St, const LocationContext *LCtx)
830  : AnyFunctionCall(CE, St, LCtx) {
831  Data = Target;
832  }
833 
834  CXXConstructorCall(const CXXConstructorCall &Other) = default;
835 
836  void cloneTo(void *Dest) const override { new (Dest) CXXConstructorCall(*this); }
837 
838  void getExtraInvalidatedValues(ValueList &Values,
839  RegionAndSymbolInvalidationTraits *ETraits) const override;
840 
841 public:
842  virtual const CXXConstructExpr *getOriginExpr() const {
843  return cast<CXXConstructExpr>(AnyFunctionCall::getOriginExpr());
844  }
845 
846  const CXXConstructorDecl *getDecl() const override {
847  return getOriginExpr()->getConstructor();
848  }
849 
850  unsigned getNumArgs() const override { return getOriginExpr()->getNumArgs(); }
851 
852  const Expr *getArgExpr(unsigned Index) const override {
853  return getOriginExpr()->getArg(Index);
854  }
855 
856  /// Returns the value of the implicit 'this' object.
857  SVal getCXXThisVal() const;
858 
859  void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
860  BindingsTy &Bindings) const override;
861 
862  Kind getKind() const override { return CE_CXXConstructor; }
863 
864  static bool classof(const CallEvent *CA) {
865  return CA->getKind() == CE_CXXConstructor;
866  }
867 };
868 
869 /// Represents the memory allocation call in a C++ new-expression.
870 ///
871 /// This is a call to "operator new".
873  friend class CallEventManager;
874 
875 protected:
877  const LocationContext *LCtx)
878  : AnyFunctionCall(E, St, LCtx) {}
879  CXXAllocatorCall(const CXXAllocatorCall &Other) = default;
880 
881  void cloneTo(void *Dest) const override { new (Dest) CXXAllocatorCall(*this); }
882 
883 public:
884  virtual const CXXNewExpr *getOriginExpr() const {
885  return cast<CXXNewExpr>(AnyFunctionCall::getOriginExpr());
886  }
887 
888  const FunctionDecl *getDecl() const override {
889  return getOriginExpr()->getOperatorNew();
890  }
891 
892  /// Number of non-placement arguments to the call. It is equal to 2 for
893  /// C++17 aligned operator new() calls that have alignment implicitly
894  /// passed as the second argument, and to 1 for other operator new() calls.
895  unsigned getNumImplicitArgs() const {
896  return getOriginExpr()->passAlignment() ? 2 : 1;
897  }
898 
899  unsigned getNumArgs() const override {
900  return getOriginExpr()->getNumPlacementArgs() + getNumImplicitArgs();
901  }
902 
903  const Expr *getArgExpr(unsigned Index) const override {
904  // The first argument of an allocator call is the size of the allocation.
905  if (Index < getNumImplicitArgs())
906  return nullptr;
907  return getOriginExpr()->getPlacementArg(Index - getNumImplicitArgs());
908  }
909 
910  /// Number of placement arguments to the operator new() call. For example,
911  /// standard std::nothrow operator new and standard placement new both have
912  /// 1 implicit argument (size) and 1 placement argument, while regular
913  /// operator new() has 1 implicit argument and 0 placement arguments.
914  const Expr *getPlacementArgExpr(unsigned Index) const {
915  return getOriginExpr()->getPlacementArg(Index);
916  }
917 
918  Kind getKind() const override { return CE_CXXAllocator; }
919 
920  static bool classof(const CallEvent *CE) {
921  return CE->getKind() == CE_CXXAllocator;
922  }
923 };
924 
925 /// Represents the ways an Objective-C message send can occur.
926 //
927 // Note to maintainers: OCM_Message should always be last, since it does not
928 // need to fit in the Data field's low bits.
933 };
934 
935 /// Represents any expression that calls an Objective-C method.
936 ///
937 /// This includes all of the kinds listed in ObjCMessageKind.
938 class ObjCMethodCall : public CallEvent {
939  friend class CallEventManager;
940 
941  const PseudoObjectExpr *getContainingPseudoObjectExpr() const;
942 
943 protected:
945  const LocationContext *LCtx)
946  : CallEvent(Msg, St, LCtx) {
947  Data = nullptr;
948  }
949 
950  ObjCMethodCall(const ObjCMethodCall &Other) = default;
951 
952  void cloneTo(void *Dest) const override { new (Dest) ObjCMethodCall(*this); }
953 
954  void getExtraInvalidatedValues(ValueList &Values,
955  RegionAndSymbolInvalidationTraits *ETraits) const override;
956 
957  /// Check if the selector may have multiple definitions (may have overrides).
958  virtual bool canBeOverridenInSubclass(ObjCInterfaceDecl *IDecl,
959  Selector Sel) const;
960 
961 public:
962  virtual const ObjCMessageExpr *getOriginExpr() const {
963  return cast<ObjCMessageExpr>(CallEvent::getOriginExpr());
964  }
965 
966  const ObjCMethodDecl *getDecl() const override {
967  return getOriginExpr()->getMethodDecl();
968  }
969 
970  unsigned getNumArgs() const override {
971  return getOriginExpr()->getNumArgs();
972  }
973 
974  const Expr *getArgExpr(unsigned Index) const override {
975  return getOriginExpr()->getArg(Index);
976  }
977 
978  bool isInstanceMessage() const {
979  return getOriginExpr()->isInstanceMessage();
980  }
981 
983  return getOriginExpr()->getMethodFamily();
984  }
985 
987  return getOriginExpr()->getSelector();
988  }
989 
990  SourceRange getSourceRange() const override;
991 
992  /// Returns the value of the receiver at the time of this call.
993  SVal getReceiverSVal() const;
994 
995  /// Return the value of 'self' if available.
996  SVal getSelfSVal() const;
997 
998  /// Get the interface for the receiver.
999  ///
1000  /// This works whether this is an instance message or a class message.
1001  /// However, it currently just uses the static type of the receiver.
1003  return getOriginExpr()->getReceiverInterface();
1004  }
1005 
1006  /// Checks if the receiver refers to 'self' or 'super'.
1007  bool isReceiverSelfOrSuper() const;
1008 
1009  /// Returns how the message was written in the source (property access,
1010  /// subscript, or explicit message send).
1011  ObjCMessageKind getMessageKind() const;
1012 
1013  /// Returns true if this property access or subscript is a setter (has the
1014  /// form of an assignment).
1015  bool isSetter() const {
1016  switch (getMessageKind()) {
1017  case OCM_Message:
1018  llvm_unreachable("This is not a pseudo-object access!");
1019  case OCM_PropertyAccess:
1020  return getNumArgs() > 0;
1021  case OCM_Subscript:
1022  return getNumArgs() > 1;
1023  }
1024  llvm_unreachable("Unknown message kind");
1025  }
1026 
1027  // Returns the property accessed by this method, either explicitly via
1028  // property syntax or implicitly via a getter or setter method. Returns
1029  // nullptr if the call is not a prooperty access.
1030  const ObjCPropertyDecl *getAccessedProperty() const;
1031 
1032  RuntimeDefinition getRuntimeDefinition() const override;
1033 
1034  bool argumentsMayEscape() const override;
1035 
1036  void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
1037  BindingsTy &Bindings) const override;
1038 
1039  ArrayRef<ParmVarDecl*> parameters() const override;
1040 
1041  Kind getKind() const override { return CE_ObjCMessage; }
1042 
1043  static bool classof(const CallEvent *CA) {
1044  return CA->getKind() == CE_ObjCMessage;
1045  }
1046 };
1047 
1049  /// Describes a C standard function that is sometimes implemented as a macro
1050  /// that expands to a compiler builtin with some __builtin prefix.
1051  /// The builtin may as well have a few extra arguments on top of the requested
1052  /// number of arguments.
1054 };
1055 
1056 /// This class represents a description of a function call using the number of
1057 /// arguments and the name of the function.
1059  friend CallEvent;
1060 
1061  mutable IdentifierInfo *II = nullptr;
1062  mutable bool IsLookupDone = false;
1063  // The list of the qualified names used to identify the specified CallEvent,
1064  // e.g. "{a, b}" represent the qualified names, like "a::b".
1065  std::vector<const char *> QualifiedName;
1066  Optional<unsigned> RequiredArgs;
1067  Optional<size_t> RequiredParams;
1068  int Flags;
1069 
1070  // A constructor helper.
1071  static Optional<size_t> readRequiredParams(Optional<unsigned> RequiredArgs,
1072  Optional<size_t> RequiredParams) {
1073  if (RequiredParams)
1074  return RequiredParams;
1075  if (RequiredArgs)
1076  return static_cast<size_t>(*RequiredArgs);
1077  return None;
1078  }
1079 
1080 public:
1081  /// Constructs a CallDescription object.
1082  ///
1083  /// @param QualifiedName The list of the name qualifiers of the function that
1084  /// will be matched. The user is allowed to skip any of the qualifiers.
1085  /// For example, {"std", "basic_string", "c_str"} would match both
1086  /// std::basic_string<...>::c_str() and std::__1::basic_string<...>::c_str().
1087  ///
1088  /// @param RequiredArgs The number of arguments that is expected to match a
1089  /// call. Omit this parameter to match every occurrence of call with a given
1090  /// name regardless the number of arguments.
1091  CallDescription(int Flags, ArrayRef<const char *> QualifiedName,
1092  Optional<unsigned> RequiredArgs = None,
1093  Optional<size_t> RequiredParams = None)
1094  : QualifiedName(QualifiedName), RequiredArgs(RequiredArgs),
1095  RequiredParams(readRequiredParams(RequiredArgs, RequiredParams)),
1096  Flags(Flags) {}
1097 
1098  /// Construct a CallDescription with default flags.
1100  Optional<unsigned> RequiredArgs = None,
1101  Optional<size_t> RequiredParams = None)
1102  : CallDescription(0, QualifiedName, RequiredArgs, RequiredParams) {}
1103 
1104  /// Get the name of the function that this object matches.
1105  StringRef getFunctionName() const { return QualifiedName.back(); }
1106 };
1107 
1108 /// An immutable map from CallDescriptions to arbitrary data. Provides a unified
1109 /// way for checkers to react on function calls.
1110 template <typename T> class CallDescriptionMap {
1111  // Some call descriptions aren't easily hashable (eg., the ones with qualified
1112  // names in which some sections are omitted), so let's put them
1113  // in a simple vector and use linear lookup.
1114  // TODO: Implement an actual map for fast lookup for "hashable" call
1115  // descriptions (eg., the ones for C functions that just match the name).
1116  std::vector<std::pair<CallDescription, T>> LinearMap;
1117 
1118 public:
1120  std::initializer_list<std::pair<CallDescription, T>> &&List)
1121  : LinearMap(List) {}
1122 
1123  ~CallDescriptionMap() = default;
1124 
1125  // These maps are usually stored once per checker, so let's make sure
1126  // we don't do redundant copies.
1127  CallDescriptionMap(const CallDescriptionMap &) = delete;
1128  CallDescriptionMap &operator=(const CallDescription &) = delete;
1129 
1130  const T *lookup(const CallEvent &Call) const {
1131  // Slow path: linear lookup.
1132  // TODO: Implement some sort of fast path.
1133  for (const std::pair<CallDescription, T> &I : LinearMap)
1134  if (Call.isCalled(I.first))
1135  return &I.second;
1136 
1137  return nullptr;
1138  }
1139 };
1140 
1141 /// Manages the lifetime of CallEvent objects.
1142 ///
1143 /// CallEventManager provides a way to create arbitrary CallEvents "on the
1144 /// stack" as if they were value objects by keeping a cache of CallEvent-sized
1145 /// memory blocks. The CallEvents created by CallEventManager are only valid
1146 /// for the lifetime of the OwnedCallEvent that holds them; right now these
1147 /// objects cannot be copied and ownership cannot be transferred.
1149  friend class CallEvent;
1150 
1151  llvm::BumpPtrAllocator &Alloc;
1153 
1154  using CallEventTemplateTy = SimpleFunctionCall;
1155 
1156  void reclaim(const void *Memory) {
1157  Cache.push_back(const_cast<void *>(Memory));
1158  }
1159 
1160  /// Returns memory that can be initialized as a CallEvent.
1161  void *allocate() {
1162  if (Cache.empty())
1163  return Alloc.Allocate<CallEventTemplateTy>();
1164  else
1165  return Cache.pop_back_val();
1166  }
1167 
1168  template <typename T, typename Arg>
1169  T *create(Arg A, ProgramStateRef St, const LocationContext *LCtx) {
1170  static_assert(sizeof(T) == sizeof(CallEventTemplateTy),
1171  "CallEvent subclasses are not all the same size");
1172  return new (allocate()) T(A, St, LCtx);
1173  }
1174 
1175  template <typename T, typename Arg1, typename Arg2>
1176  T *create(Arg1 A1, Arg2 A2, ProgramStateRef St, const LocationContext *LCtx) {
1177  static_assert(sizeof(T) == sizeof(CallEventTemplateTy),
1178  "CallEvent subclasses are not all the same size");
1179  return new (allocate()) T(A1, A2, St, LCtx);
1180  }
1181 
1182  template <typename T, typename Arg1, typename Arg2, typename Arg3>
1183  T *create(Arg1 A1, Arg2 A2, Arg3 A3, ProgramStateRef St,
1184  const LocationContext *LCtx) {
1185  static_assert(sizeof(T) == sizeof(CallEventTemplateTy),
1186  "CallEvent subclasses are not all the same size");
1187  return new (allocate()) T(A1, A2, A3, St, LCtx);
1188  }
1189 
1190  template <typename T, typename Arg1, typename Arg2, typename Arg3,
1191  typename Arg4>
1192  T *create(Arg1 A1, Arg2 A2, Arg3 A3, Arg4 A4, ProgramStateRef St,
1193  const LocationContext *LCtx) {
1194  static_assert(sizeof(T) == sizeof(CallEventTemplateTy),
1195  "CallEvent subclasses are not all the same size");
1196  return new (allocate()) T(A1, A2, A3, A4, St, LCtx);
1197  }
1198 
1199 public:
1200  CallEventManager(llvm::BumpPtrAllocator &alloc) : Alloc(alloc) {}
1201 
1202  /// Gets an outside caller given a callee context.
1203  CallEventRef<>
1204  getCaller(const StackFrameContext *CalleeCtx, ProgramStateRef State);
1205 
1206  /// Gets a call event for a function call, Objective-C method call,
1207  /// or a 'new' call.
1208  CallEventRef<>
1209  getCall(const Stmt *S, ProgramStateRef State,
1210  const LocationContext *LC);
1211 
1212  CallEventRef<>
1213  getSimpleCall(const CallExpr *E, ProgramStateRef State,
1214  const LocationContext *LCtx);
1215 
1216  CallEventRef<ObjCMethodCall>
1218  const LocationContext *LCtx) {
1219  return create<ObjCMethodCall>(E, State, LCtx);
1220  }
1221 
1222  CallEventRef<CXXConstructorCall>
1223  getCXXConstructorCall(const CXXConstructExpr *E, const MemRegion *Target,
1224  ProgramStateRef State, const LocationContext *LCtx) {
1225  return create<CXXConstructorCall>(E, Target, State, LCtx);
1226  }
1227 
1228  CallEventRef<CXXDestructorCall>
1229  getCXXDestructorCall(const CXXDestructorDecl *DD, const Stmt *Trigger,
1230  const MemRegion *Target, bool IsBase,
1231  ProgramStateRef State, const LocationContext *LCtx) {
1232  return create<CXXDestructorCall>(DD, Trigger, Target, IsBase, State, LCtx);
1233  }
1234 
1235  CallEventRef<CXXAllocatorCall>
1237  const LocationContext *LCtx) {
1238  return create<CXXAllocatorCall>(E, State, LCtx);
1239  }
1240 };
1241 
1242 template <typename T>
1244  assert(isa<T>(*this) && "Cloning to unrelated type");
1245  static_assert(sizeof(T) == sizeof(CallEvent),
1246  "Subclasses may not add fields");
1247 
1248  if (NewState == State)
1249  return cast<T>(this);
1250 
1251  CallEventManager &Mgr = State->getStateManager().getCallEventManager();
1252  T *Copy = static_cast<T *>(Mgr.allocate());
1253  cloneTo(Copy);
1254  assert(Copy->getKind() == this->getKind() && "Bad copy");
1255 
1256  Copy->State = NewState;
1257  return Copy;
1258 }
1259 
1260 inline void CallEvent::Release() const {
1261  assert(RefCount > 0 && "Reference count is already zero.");
1262  --RefCount;
1263 
1264  if (RefCount > 0)
1265  return;
1266 
1267  CallEventManager &Mgr = State->getStateManager().getCallEventManager();
1268  Mgr.reclaim(this);
1269 
1270  this->~CallEvent();
1271 }
1272 
1273 } // namespace ento
1274 
1275 } // namespace clang
1276 
1277 namespace llvm {
1278 
1279 // Support isa<>, cast<>, and dyn_cast<> for CallEventRef.
1280 template<class T> struct simplify_type< clang::ento::CallEventRef<T>> {
1281  using SimpleType = const T *;
1282 
1283  static SimpleType
1285  return Val.get();
1286  }
1287 };
1288 
1289 } // namespace llvm
1290 
1291 #endif // LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_CALLEVENT_H
A call to an overloaded operator written using operator syntax.
Definition: ExprCXX.h:77
CallEvent(const CallEvent &Original)
Definition: CallEvent.h:174
Kind getKind() const override
Definition: CallEvent.h:1041
Represents a function declaration or definition.
Definition: Decl.h:1756
RuntimeDefinition(const Decl *InD, const MemRegion *InR)
Definition: CallEvent.h:115
Smart pointer class that efficiently represents Objective-C method names.
A (possibly-)qualified type.
Definition: Type.h:643
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:94
CallEventRef< T > cloneWithState(ProgramStateRef NewState) const
Returns a copy of this CallEvent, but using the given state.
const CXXConstructorDecl * getDecl() const override
Definition: CallEvent.h:846
Specialize PointerLikeTypeTraits to allow LazyGenerationalUpdatePtr to be placed into a PointerUnion...
Definition: Dominators.h:30
CXXInstanceCall(const FunctionDecl *D, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:643
static SimpleType getSimplifiedValue(clang::ento::CallEventRef< T > Val)
Definition: CallEvent.h:1284
TypePropertyCache< Private > Cache
Definition: Type.cpp:3570
void cloneTo(void *Dest) const override
Definition: CallEvent.h:881
Stmt - This represents one statement.
Definition: Stmt.h:66
Information about invalidation for a particular region/symbol.
Definition: MemRegion.h:1445
SimpleFunctionCall(const CallExpr *CE, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:500
AnyFunctionCall(const Decl *D, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:466
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:1043
C Language Family Type Representation.
Defines the SourceManager interface.
void cloneTo(void *Dest) const override
Definition: CallEvent.h:791
Decl - This represents one declaration (or definition), e.g.
Definition: DeclBase.h:88
CallDescription(int Flags, ArrayRef< const char *> QualifiedName, Optional< unsigned > RequiredArgs=None, Optional< size_t > RequiredParams=None)
Constructs a CallDescription object.
Definition: CallEvent.h:1091
CXXMemberOperatorCall(const CXXOperatorCallExpr *CE, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:719
Manages the lifetime of CallEvent objects.
Definition: CallEvent.h:1148
IntrusiveRefCntPtr< const ProgramState > ProgramStateRef
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:706
StringRef getFunctionName() const
Get the name of the function that this object matches.
Definition: CallEvent.h:1105
ObjCMethodCall(const ObjCMessageExpr *Msg, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:944
CallEventRef< CXXDestructorCall > getCXXDestructorCall(const CXXDestructorDecl *DD, const Stmt *Trigger, const MemRegion *Target, bool IsBase, ProgramStateRef State, const LocationContext *LCtx)
Definition: CallEvent.h:1229
Represents a call to a C++ constructor.
Definition: ExprCXX.h:1331
Represents a C++ constructor within a class.
Definition: DeclCXX.h:2528
bool isBaseDestructor() const
Returns true if this is a call to a base class destructor.
Definition: CallEvent.h:803
const Expr * getOriginExpr() const
Returns the expression whose value will be the result of this call.
Definition: CallEvent.h:222
llvm::PointerIntPair< const MemRegion *, 1, bool > DtorDataTy
Definition: CallEvent.h:772
Represents a variable declaration or definition.
Definition: Decl.h:812
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:487
const T * lookup(const CallEvent &Call) const
Definition: CallEvent.h:1130
SVal getSVal(const Stmt *S) const
Get the value of arbitrary expressions at this point in the path.
Definition: CallEvent.h:182
static Optional< SVal > getObjectUnderConstruction(ProgramStateRef State, const ConstructionContextItem &Item, const LocationContext *LC)
By looking at a certain item that may be potentially part of an object&#39;s ConstructionContext, retrieve such object&#39;s location.
Definition: ExprEngine.cpp:474
ObjCMethodDecl - Represents an instance or class method declaration.
Definition: DeclObjC.h:138
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:864
Represents a C++ overloaded operator call where the operator is implemented as a non-static member fu...
Definition: CallEvent.h:715
CharSourceRange getSourceRange(const SourceRange &Range)
Returns the token CharSourceRange corresponding to Range.
Definition: FixIt.h:32
Represents a parameter to a function.
Definition: Decl.h:1572
Defines the clang::Expr interface and subclasses for C++ expressions.
unsigned getNumArgs() const override
Returns the number of arguments (explicit and implicit).
Definition: CallEvent.h:516
One of these records is kept for each identifier that is lexed.
unsigned getNumArgs() const override
Definition: CallEvent.h:795
param_type_iterator param_type_end() const
Definition: CallEvent.h:450
LineState State
ObjCMethodFamily
A family of Objective-C methods.
virtual const CallExpr * getOriginExpr() const
Definition: CallEvent.h:510
SourceLocation Location
Definition: CallEvent.h:154
AnalysisDeclContext contains the context data for the function or method under analysis.
Definition: Format.h:2327
const BlockDecl * getDecl() const override
Definition: CallEvent.h:562
const ObjCInterfaceDecl * getReceiverInterface() const
Get the interface for the receiver.
Definition: CallEvent.h:1002
virtual const Expr * getArgExpr(unsigned Index) const
Returns the expression associated with a given argument.
Definition: CallEvent.h:272
i32 captured_struct **param SharedsTy A type which contains references the shared variables *param Shareds Context with the list of shared variables from the p *TaskFunction *param Data Additional data for task generation like final * state
bool argumentsMayEscape() const override
Definition: CallEvent.h:620
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:745
Represents the memory allocation call in a C++ new-expression.
Definition: CallEvent.h:872
Kind getKind() const override
Definition: CallEvent.h:629
virtual const CXXOperatorCallExpr * getOriginExpr() const
Definition: CallEvent.h:729
This class represents a description of a function call using the number of arguments and the name of ...
Definition: CallEvent.h:1058
Represents any expression that calls an Objective-C method.
Definition: CallEvent.h:938
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:524
virtual Kind getKind() const =0
Returns the kind of call this is.
const FunctionDecl * getDecl() const override
Definition: CallEvent.h:888
static void dump(llvm::raw_ostream &OS, StringRef FunctionName, ArrayRef< CounterExpression > Expressions, ArrayRef< CounterMappingRegion > Regions)
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified...
bool isSetter() const
Returns true if this property access or subscript is a setter (has the form of an assignment)...
Definition: CallEvent.h:1015
virtual const CXXConstructExpr * getOriginExpr() const
Definition: CallEvent.h:842
const FunctionDecl * getDecl() const override
Returns the declaration of the function or method that will be called.
Definition: CallEvent.h:474
param_type_iterator param_type_begin() const
Returns an iterator over the types of the call&#39;s formal parameters.
Definition: CallEvent.h:446
std::pair< Loc, SVal > FrameBindingTy
Definition: CallEvent.h:350
Represents an ObjC class declaration.
Definition: DeclObjC.h:1171
BlockCall(const CallExpr *CE, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:536
Represents a non-static C++ member function call.
Definition: CallEvent.h:674
RuntimeDefinition getRuntimeDefinition() const override
Definition: CallEvent.h:590
ObjCMessageKind
Represents the ways an Objective-C message send can occur.
Definition: CallEvent.h:929
CXXRecordDecl * getAsCXXRecordDecl() const
Retrieves the CXXRecordDecl that this type refers to, either because the type is a RecordType or beca...
Definition: Type.cpp:1649
const Expr * getPlacementArgExpr(unsigned Index) const
Number of placement arguments to the operator new() call.
Definition: CallEvent.h:914
Represents a non-static C++ member function call, no matter how it is written.
Definition: CallEvent.h:638
const LocationContext * getLocationContext() const
The context in which the call is being evaluated.
Definition: CallEvent.h:212
CallEventManager(llvm::BumpPtrAllocator &alloc)
Definition: CallEvent.h:1200
Represents a block literal declaration, which is like an unnamed FunctionDecl.
Definition: Decl.h:3923
This represents one expression.
Definition: Expr.h:108
const Expr * getArgExpr(unsigned Index) const override
Definition: CallEvent.h:696
unsigned getNumArgs() const override
Definition: CallEvent.h:551
bool isInSystemHeader(SourceLocation Loc) const
Returns if a SourceLocation is in a system header.
unsigned getNumArgs() const override
Definition: CallEvent.h:850
Represents an implicit call to a C++ destructor.
Definition: CallEvent.h:768
Kind getKind() const override
Definition: CallEvent.h:862
Represents a C++ destructor within a class.
Definition: DeclCXX.h:2792
llvm::mapped_iterator< ArrayRef< ParmVarDecl * >::iterator, GetTypeFn > param_type_iterator
Definition: CallEvent.h:439
virtual const CXXNewExpr * getOriginExpr() const
Definition: CallEvent.h:884
Represents a call to any sort of function that might have a FunctionDecl.
Definition: CallEvent.h:461
bool isInSystemHeader() const
Returns true if the callee is known to be from a system header.
Definition: CallEvent.h:234
Optional< unsigned > getAdjustedParameterIndex(unsigned ASTArgumentIndex) const override
Definition: CallEvent.h:750
const IdentifierInfo * getCalleeIdentifier() const
Returns the name of the callee, if its name is a simple identifier.
Definition: CallEvent.h:332
Kind getKind() const override
Returns the kind of call this is.
Definition: CallEvent.h:522
virtual const CallExpr * getOriginExpr() const
Definition: CallEvent.h:547
Defines the clang::IdentifierInfo, clang::IdentifierTable, and clang::Selector interfaces.
virtual const Decl * getDecl() const
Returns the declaration of the function or method that will be called.
Definition: CallEvent.h:202
Kind getKind() const override
Definition: CallEvent.h:704
CallEvent(const Decl *D, ProgramStateRef state, const LocationContext *lctx)
Definition: CallEvent.h:170
An expression that sends a message to the given Objective-C object or class.
Definition: ExprObjC.h:950
virtual const Expr * getCXXThisExpr() const
Returns the expression representing the implicit &#39;this&#39; object.
Definition: CallEvent.h:653
CallEventRef< ObjCMethodCall > getObjCMethodCall(const ObjCMessageExpr *E, ProgramStateRef State, const LocationContext *LCtx)
Definition: CallEvent.h:1217
Represents a C function or static C++ member function call.
Definition: CallEvent.h:496
const SourceManager & SM
Definition: Format.cpp:1616
const VarRegion * getRegionStoringCapturedLambda() const
For a block converted from a C++ lambda, returns the block VarRegion for the variable holding the cap...
Definition: CallEvent.h:579
unsigned getNumArgs() const override
Definition: CallEvent.h:690
virtual bool argumentsMayEscape() const
Returns true if any of the arguments are known to escape to long- term storage, even if this method w...
Definition: CallEvent.h:303
SourceLocation getEndLoc() const LLVM_READONLY
Definition: Stmt.cpp:287
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:631
const Expr * getArgExpr(unsigned Index) const override
Definition: CallEvent.h:553
virtual SourceRange getSourceRange() const
Returns a source range for the entire call, suitable for outputting in diagnostics.
Definition: CallEvent.h:263
void cloneTo(void *Dest) const override
Definition: CallEvent.h:541
Defines the runtime definition of the called function.
Definition: CallEvent.h:101
Kind getKind() const override
Definition: CallEvent.h:918
CXXMemberCall(const CXXMemberCallExpr *CE, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:678
Kind
PseudoObjectExpr - An expression which accesses a pseudo-object l-value.
Definition: Expr.h:5668
CallDescriptionFlags
Definition: CallEvent.h:1048
CallEventRef< CXXAllocatorCall > getCXXAllocatorCall(const CXXNewExpr *E, ProgramStateRef State, const LocationContext *LCtx)
Definition: CallEvent.h:1236
Encodes a location in the source.
const Expr * getArgExpr(unsigned Index) const override
Definition: CallEvent.h:852
CallEventRef(const T *Call)
Definition: CallEvent.h:79
ProgramPoints can be "tagged" as representing points specific to a given analysis entity...
Definition: ProgramPoint.h:39
Represents a new-expression for memory allocation and constructor calls, e.g: "new CXXNewExpr(foo)"...
Definition: ExprCXX.h:2005
CXXAllocatorCall(const CXXNewExpr *E, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:876
bool isArgumentConstructedDirectly(unsigned Index) const
Returns true if on the current path, the argument was constructed by calling a C++ constructor over i...
Definition: CallEvent.h:402
Represents a call to a member function that may be written either with member call syntax (e...
Definition: ExprCXX.h:170
Represents a static or instance method of a struct/union/class.
Definition: DeclCXX.h:2068
const Expr * getArgExpr(unsigned Index) const override
Returns the expression associated with a given argument.
Definition: CallEvent.h:518
bool isConversionFromLambda() const
Definition: Decl.h:4066
SVal - This represents a symbolic expression, which can be either an L-value or an R-value...
Definition: SVals.h:75
unsigned getNumImplicitArgs() const
Number of non-placement arguments to the call.
Definition: CallEvent.h:895
virtual Optional< unsigned > getAdjustedParameterIndex(unsigned ASTArgumentIndex) const
Some calls have parameter numbering mismatched from argument numbering.
Definition: CallEvent.h:413
Represents one property declaration in an Objective-C interface.
Definition: DeclObjC.h:728
unsigned getNumArgs() const override
Definition: CallEvent.h:899
void cloneTo(void *Dest) const override
Definition: CallEvent.h:683
void cloneTo(void *Dest) const override
Definition: CallEvent.h:952
const Expr * getArgExpr(unsigned Index) const override
Definition: CallEvent.h:903
virtual void getExtraInvalidatedValues(ValueList &Values, RegionAndSymbolInvalidationTraits *ETraits) const
Used to specify non-argument regions that will be invalidated as a result of this call...
Definition: CallEvent.h:190
const MemRegion * getDispatchRegion()
When other definitions are possible, returns the region whose runtime type determines the method defi...
Definition: CallEvent.h:126
const ObjCMethodDecl * getDecl() const override
Definition: CallEvent.h:966
CXXConstructorCall(const CXXConstructExpr *CE, const MemRegion *Target, ProgramStateRef St, const LocationContext *LCtx)
Creates a constructor call.
Definition: CallEvent.h:828
CallDescriptionMap(std::initializer_list< std::pair< CallDescription, T >> &&List)
Definition: CallEvent.h:1119
void cloneTo(void *Dest) const override
Definition: CallEvent.h:836
virtual const ObjCMessageExpr * getOriginExpr() const
Definition: CallEvent.h:962
Selector getSelector() const
Definition: CallEvent.h:986
Dataflow Directional Tag Classes.
bool isValid() const
Return true if this is a valid SourceLocation object.
CXXMethodDecl * getLambdaCallOperator() const
Retrieve the lambda call operator of the closure type if this is a closure type.
Definition: DeclCXX.cpp:1385
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:665
bool isConversionFromLambda() const
Definition: CallEvent.h:569
CallDescription(ArrayRef< const char *> QualifiedName, Optional< unsigned > RequiredArgs=None, Optional< size_t > RequiredParams=None)
Construct a CallDescription with default flags.
Definition: CallEvent.h:1099
static bool classof(const CallEvent *CA)
Definition: CallEvent.h:809
virtual const CXXMemberCallExpr * getOriginExpr() const
Definition: CallEvent.h:686
std::unique_ptr< DiagnosticConsumer > create(StringRef OutputFile, DiagnosticOptions *Diags, bool MergeChildRecords=false)
Returns a DiagnosticConsumer that serializes diagnostics to a bitcode file.
Kind getKind() const override
Definition: CallEvent.h:807
Describes a C standard function that is sometimes implemented as a macro that expands to a compiler b...
Definition: CallEvent.h:1053
RuntimeDefinition(const Decl *InD)
Definition: CallEvent.h:114
bool mayHaveOtherDefinitions()
Check if the definition we have is precise.
Definition: CallEvent.h:122
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:138
SourceRange getSourceRange() const override
Definition: CallEvent.h:794
bool isInstanceMessage() const
Definition: CallEvent.h:978
CXXInstanceCall(const CallExpr *CE, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:640
CallEventRef cloneWithState(ProgramStateRef NewState) const
Returns a copy of this CallEvent, but using the given state.
Definition: CallEvent.h:363
virtual unsigned getASTArgumentIndex(unsigned CallArgumentIndex) const
Some call event sub-classes conveniently adjust mismatching AST indices to match parameter indices...
Definition: CallEvent.h:420
ObjCMethodFamily getMethodFamily() const
Definition: CallEvent.h:982
const Expr * getArgExpr(unsigned Index) const override
Definition: CallEvent.h:737
unsigned getNumArgs() const override
Definition: CallEvent.h:970
unsigned getASTArgumentIndex(unsigned CallArgumentIndex) const override
Definition: CallEvent.h:757
void cloneTo(void *Dest) const override
Definition: CallEvent.h:724
static bool classof(const CallEvent *CE)
Definition: CallEvent.h:920
CallEventRef< CXXConstructorCall > getCXXConstructorCall(const CXXConstructExpr *E, const MemRegion *Target, ProgramStateRef State, const LocationContext *LCtx)
Definition: CallEvent.h:1223
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate.h) and friends (in DeclFriend.h).
const ProgramStateRef & getState() const
The state in which the call is being evaluated.
Definition: CallEvent.h:207
const Expr * getArgExpr(unsigned Index) const override
Definition: CallEvent.h:974
Defines the clang::SourceLocation class and associated facilities.
Represents a C++ struct/union/class.
Definition: DeclCXX.h:254
unsigned getNumArgs() const override
Definition: CallEvent.h:733
CallEvent(const Expr *E, ProgramStateRef state, const LocationContext *lctx)
Definition: CallEvent.h:167
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2516
static Decl::Kind getKind(const Decl *D)
Definition: DeclBase.cpp:945
An immutable map from CallDescriptions to arbitrary data.
Definition: CallEvent.h:1110
AnyFunctionCall(const Expr *E, ProgramStateRef St, const LocationContext *LCtx)
Definition: CallEvent.h:463
QualType getType() const
Definition: Decl.h:647
const void * Data
Definition: CallEvent.h:149
A trivial tuple used to represent a source range.
CXXDestructorCall(const CXXDestructorDecl *DD, const Stmt *Trigger, const MemRegion *Target, bool IsBaseDestructor, ProgramStateRef St, const LocationContext *LCtx)
Creates an implicit destructor.
Definition: CallEvent.h:781
Represents a call to a C++ constructor.
Definition: CallEvent.h:817
This class handles loading and caching of source files into memory.
void cloneTo(void *Dest) const override
Copies this CallEvent, with vtable intact, into a new block of memory.
Definition: CallEvent.h:505
SourceLocation getLocation() const
Definition: DeclBase.h:429
CallEventRef(const CallEventRef &Orig)
Definition: CallEvent.h:80
Kind getKind() const override
Definition: CallEvent.h:743
CallEventRef< T > cloneWithState(ProgramStateRef State) const
Definition: CallEvent.h:82
ArrayRef< SVal > ValueList