#include <CheckerContext.h>

Collaboration diagram for clang::ento::CheckerContext:

Public Member Functions
	CheckerContext (NodeBuilder &builder, ExprEngine &eng, ExplodedNode *pred, const ProgramPoint &loc, bool wasInlined=false)
AnalysisManager &	getAnalysisManager ()
ConstraintManager &	getConstraintManager ()
StoreManager &	getStoreManager ()
ExplodedNode *	getPredecessor ()
	Returns the previous node in the exploded graph, which includes the state of the program before the checker ran. Note, checkers should not retain the node in their state since the nodes might get invalidated.
ProgramStateRef	getState () const
bool	isDifferent ()
	Check if the checker changed the state of the execution; ex: added a new transition or a bug report.
unsigned	getCurrentBlockCount () const
	Returns the number of times the current block has been visited along the analyzed path.
ASTContext &	getASTContext ()
const LangOptions &	getLangOpts () const
const LocationContext *	getLocationContext () const
BugReporter &	getBugReporter ()
SourceManager &	getSourceManager ()
SValBuilder &	getSValBuilder ()
SymbolManager &	getSymbolManager ()
bool	isObjCGCEnabled () const
ProgramStateManager &	getStateManager ()
AnalysisDeclContext *	getCurrentAnalysisDeclContext () const
ExplodedNode *	addTransition (ProgramStateRef State, const ProgramPointTag *Tag=0)
	Generates a new transition in the program state graph (ExplodedGraph). Uses the default CheckerContext predecessor node.
ExplodedNode *	addTransition ()
	Generates a default transition (containing checker tag but no checker state changes).
ExplodedNode *	addTransition (ProgramStateRef State, ExplodedNode Pred, const ProgramPointTag Tag=0, bool IsSink=false)
	Generates a new transition with the given predecessor. Allows checkers to generate a chain of nodes.
ExplodedNode *	generateSink (ProgramStateRef state=0)
	Generate a sink node. Generating sink stops exploration of the given path.
void	EmitReport (BugReport *R)
	Emit the diagnostics report.
const FunctionDecl *	getCalleeDecl (const CallExpr *CE) const
	Get the declaration of the called function (path-sensitive).
StringRef	getCalleeName (const FunctionDecl *FunDecl) const
	Get the name of the called function (path-sensitive).
StringRef	getCalleeName (const CallExpr *CE) const
	Get the name of the called function (path-sensitive).
bool	isCLibraryFunction (const FunctionDecl *FD, StringRef Name)
StringRef	getMacroNameOrSpelling (SourceLocation &Loc)
	Depending on wither the location corresponds to a macro, return either the macro name or the token spelling.
Static Public Member Functions
static const MemRegion *	getLocationRegionIfPostStore (const ExplodedNode *N)
	If the given node corresponds to a PostStore program point, retrieve the location region as it was uttered in the code.
static bool	isCLibraryFunction (const FunctionDecl *FD, StringRef Name, ASTContext &Context)
Public Attributes
const bool	wasInlined

Detailed Description

Definition at line 23 of file CheckerContext.h.

Constructor & Destructor Documentation

clang::ento::CheckerContext::CheckerContext	(	NodeBuilder &	builder,
		ExprEngine &	eng,
		ExplodedNode *	pred,
		const ProgramPoint &	loc,
		bool	wasInlined = `false`
	)		`[inline]`

Definition at line 40 of file CheckerContext.h.

References clang::ento::ExplodedNode::getState().

Member Function Documentation

ExplodedNode* clang::ento::CheckerContext::addTransition	(	ProgramStateRef	State,
		const ProgramPointTag *	Tag = `0`
	)		`[inline]`

Generates a new transition in the program state graph (ExplodedGraph). Uses the default CheckerContext predecessor node.

Parameters:

State	The state of the generated node.
Tag	The tag is used to uniquely identify the creation site. If no tag is specified, a default tag, unique to the given checker, will be used. Tags are used to prevent states generated at different sites from caching out.

Definition at line 143 of file CheckerContext.h.

ExplodedNode* clang::ento::CheckerContext::addTransition ( ) [inline]

Generates a default transition (containing checker tag but no checker state changes).

Definition at line 150 of file CheckerContext.h.

References getState().

ExplodedNode* clang::ento::CheckerContext::addTransition	(	ProgramStateRef	State,
		ExplodedNode *	Pred,
		const ProgramPointTag *	Tag = `0`,
		bool	IsSink = `false`
	)		`[inline]`

Generates a new transition with the given predecessor. Allows checkers to generate a chain of nodes.

Parameters:

State	The state of the generated node.
Pred	The transition will be generated from the specified Pred node to the newly generated node.
Tag	The tag to uniquely identify the creation site.
IsSink	Mark the new node as sink, which will stop exploration of the given path.

Definition at line 163 of file CheckerContext.h.

void BugReporter::EmitReport ( BugReport * R ) [inline]

Emit the diagnostics report.

Definition at line 177 of file CheckerContext.h.

References clang::ento::BugReporter::EmitReport(), and clang::ento::ExprEngine::getBugReporter().

ExplodedNode* clang::ento::CheckerContext::generateSink ( ProgramStateRef state = 0 ) [inline]

Generate a sink node. Generating sink stops exploration of the given path.

Definition at line 172 of file CheckerContext.h.

References getState().

AnalysisManager& clang::ento::CheckerContext::getAnalysisManager ( ) [inline]

Definition at line 55 of file CheckerContext.h.

References clang::ento::ExprEngine::getAnalysisManager().

ASTContext& clang::ento::CheckerContext::getASTContext ( ) [inline]

Definition at line 83 of file CheckerContext.h.

References clang::ento::ExprEngine::getContext().

Referenced by isCLibraryFunction().

BugReporter& clang::ento::CheckerContext::getBugReporter ( ) [inline]

Definition at line 95 of file CheckerContext.h.

References clang::ento::ExprEngine::getBugReporter().

Referenced by getSourceManager().

const FunctionDecl * CheckerContext::getCalleeDecl ( const CallExpr * CE ) const

Get the declaration of the called function (path-sensitive).

Definition at line 22 of file CheckerContext.cpp.

References clang::ento::SVal::getAsFunctionDecl(), clang::CallExpr::getCallee(), clang::ento::ExplodedNode::getLocationContext(), and getState().

Referenced by getCalleeName().

StringRef clang::ento::CheckerContext::getCalleeName ( const FunctionDecl * FunDecl ) const

Get the name of the called function (path-sensitive).

Referenced by getCalleeName().

StringRef clang::ento::CheckerContext::getCalleeName ( const CallExpr * CE ) const [inline]

Get the name of the called function (path-sensitive).

Definition at line 189 of file CheckerContext.h.

References getCalleeDecl(), and getCalleeName().

ConstraintManager& clang::ento::CheckerContext::getConstraintManager ( ) [inline]

Definition at line 59 of file CheckerContext.h.

References clang::ento::ExprEngine::getConstraintManager().

AnalysisDeclContext* clang::ento::CheckerContext::getCurrentAnalysisDeclContext ( ) const [inline]

Definition at line 119 of file CheckerContext.h.

References clang::LocationContext::getAnalysisDeclContext(), and clang::ento::ExplodedNode::getLocationContext().

unsigned clang::ento::CheckerContext::getCurrentBlockCount ( ) const [inline]

Returns the number of times the current block has been visited along the analyzed path.

Definition at line 79 of file CheckerContext.h.

References clang::ento::NodeBuilder::getContext(), and clang::ento::NodeBuilderContext::getCurrentBlockCount().

const LangOptions& clang::ento::CheckerContext::getLangOpts ( ) const [inline]

Definition at line 87 of file CheckerContext.h.

References clang::ento::ExprEngine::getContext(), and clang::ASTContext::getLangOpts().

Referenced by getMacroNameOrSpelling().

const LocationContext* clang::ento::CheckerContext::getLocationContext ( ) const [inline]

Definition at line 91 of file CheckerContext.h.

References clang::ento::ExplodedNode::getLocationContext().

static const MemRegion* clang::ento::CheckerContext::getLocationRegionIfPostStore ( const ExplodedNode * N ) [inline, static]

If the given node corresponds to a PostStore program point, retrieve the location region as it was uttered in the code.

This utility can be useful for generating extensive diagnostics, for example, for finding variables that the given symbol was assigned to.

Definition at line 128 of file CheckerContext.h.

References clang::ento::ExplodedNode::getLocation().

StringRef CheckerContext::getMacroNameOrSpelling ( SourceLocation & Loc )

Depending on wither the location corresponds to a macro, return either the macro name or the token spelling.

This could be useful when checkers' logic depends on whether a function is called with a given macro argument. For example: s = socket(AF_INET,..) If AF_INET is a macro, the result should be treated as a source of taint.

See also:: clang::Lexer::getSpelling(), clang::Lexer::getImmediateMacroName().

Definition at line 76 of file CheckerContext.cpp.

References clang::Lexer::getImmediateMacroName(), getLangOpts(), getSourceManager(), clang::Lexer::getSpelling(), and clang::SourceLocation::isMacroID().

ExplodedNode* clang::ento::CheckerContext::getPredecessor ( ) [inline]

Returns the previous node in the exploded graph, which includes the state of the program before the checker ran. Note, checkers should not retain the node in their state since the nodes might get invalidated.

Definition at line 70 of file CheckerContext.h.

SourceManager& clang::ento::CheckerContext::getSourceManager ( ) [inline]

Definition at line 99 of file CheckerContext.h.

References getBugReporter(), and clang::ento::BugReporter::getSourceManager().

Referenced by getMacroNameOrSpelling().

ProgramStateRef clang::ento::CheckerContext::getState ( ) const [inline]

Definition at line 71 of file CheckerContext.h.

References clang::ento::ExplodedNode::getState().

Referenced by addTransition(), generateSink(), and getCalleeDecl().

ProgramStateManager& clang::ento::CheckerContext::getStateManager ( ) [inline]

Definition at line 115 of file CheckerContext.h.

References clang::ento::ExprEngine::getStateManager().