#include <ExprEngine.h>

Inheritance diagram for clang::ento::ExprEngine:

Collaboration diagram for clang::ento::ExprEngine:

Public Member Functions
	ExprEngine (AnalysisManager &mgr, bool gcEnabled, SetOfConstDecls VisitedCallees, FunctionSummariesTy FS)
	~ExprEngine ()
bool	ExecuteWorkList (const LocationContext *L, unsigned Steps=150000)
	Returns true if there is still simulation state on the worklist.
bool	ExecuteWorkListWithInitialState (const LocationContext *L, unsigned Steps, ProgramStateRef InitState, ExplodedNodeSet &Dst)
ASTContext &	getContext () const
	getContext - Return the ASTContext associated with this analysis.
virtual AnalysisManager &	getAnalysisManager ()
CheckerManager &	getCheckerManager () const
SValBuilder &	getSValBuilder ()
BugReporter &	getBugReporter ()
const NodeBuilderContext &	getBuilderContext ()
bool	isObjCGCEnabled ()
const Stmt *	getStmt () const
void	GenerateAutoTransition (ExplodedNode *N)
void	enqueueEndOfPath (ExplodedNodeSet &S)
void	GenerateCallExitNode (ExplodedNode *N)
void	ViewGraph (bool trim=false)
void	ViewGraph (ExplodedNode Beg, ExplodedNode End)
ProgramStateRef	getInitialState (const LocationContext *InitLoc)
ExplodedGraph &	getGraph ()
const ExplodedGraph &	getGraph () const
void	removeDead (ExplodedNode Node, ExplodedNodeSet &Out, const Stmt ReferenceStmt, const LocationContext LC, const Stmt DiagnosticStmt, ProgramPoint::Kind K=ProgramPoint::PreStmtPurgeDeadSymbolsKind)
	Run the analyzer's garbage collection - remove dead symbols and bindings.
void	processCFGElement (const CFGElement E, ExplodedNode Pred, unsigned StmtIdx, NodeBuilderContext Ctx)
void	ProcessStmt (const CFGStmt S, ExplodedNode *Pred)
void	ProcessInitializer (const CFGInitializer I, ExplodedNode *Pred)
void	ProcessImplicitDtor (const CFGImplicitDtor D, ExplodedNode *Pred)
void	ProcessAutomaticObjDtor (const CFGAutomaticObjDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessBaseDtor (const CFGBaseDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessMemberDtor (const CFGMemberDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessTemporaryDtor (const CFGTemporaryDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
virtual void	processCFGBlockEntrance (const BlockEdge &L, NodeBuilderWithSinks &nodeBuilder)
	Called by CoreEngine when processing the entrance of a CFGBlock.
void	processBranch (const Stmt Condition, const Stmt Term, NodeBuilderContext &BuilderCtx, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock *DstF)
void	processIndirectGoto (IndirectGotoNodeBuilder &builder)
void	processSwitch (SwitchNodeBuilder &builder)
void	processEndOfFunction (NodeBuilderContext &BC)
void	processCallEnter (CallEnter CE, ExplodedNode *Pred)
	Generate the entry node of the callee.
void	processCallExit (ExplodedNode *Pred)
void	processEndWorklist (bool hasWorkRemaining)
	Called by CoreEngine when the analysis worklist has terminated.
ProgramStateRef	processAssume (ProgramStateRef state, SVal cond, bool assumption)
bool	wantsRegionChangeUpdate (ProgramStateRef state)
ProgramStateRef	processRegionChanges (ProgramStateRef state, const StoreManager::InvalidatedSymbols invalidated, ArrayRef< const MemRegion > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const CallOrObjCMessage *Call)
void	printState (raw_ostream &Out, ProgramStateRef State, const char NL, const char Sep)
	printState - Called by ProgramStateManager to print checker-specific data.
virtual ProgramStateManager &	getStateManager ()
StoreManager &	getStoreManager ()
ConstraintManager &	getConstraintManager ()
BasicValueFactory &	getBasicVals ()
const BasicValueFactory &	getBasicVals () const
SymbolManager &	getSymbolManager ()
const SymbolManager &	getSymbolManager () const
bool	wasBlocksExhausted () const
bool	hasEmptyWorkList () const
bool	hasWorkRemaining () const
const CoreEngine &	getCoreEngine () const
void	Visit (const Stmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitLvalArraySubscriptExpr (const ArraySubscriptExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitArraySubscriptExpr - Transfer function for array accesses.
void	VisitAsmStmt (const AsmStmt A, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitAsmStmt - Transfer function logic for inline asm.
void	VisitBlockExpr (const BlockExpr BE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitBlockExpr - Transfer function logic for BlockExprs.
void	VisitBinaryOperator (const BinaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitBinaryOperator - Transfer function logic for binary operators.
void	VisitCallExpr (const CallExpr CE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitCall - Transfer function for function calls.
void	VisitCast (const CastExpr CastE, const Expr Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	VisitCast - Transfer function logic for all casts (implicit and explicit).
void	VisitCompoundLiteralExpr (const CompoundLiteralExpr CL, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitCompoundLiteralExpr - Transfer function logic for compound literals.
void	VisitCommonDeclRefExpr (const Expr DR, const NamedDecl D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	Transfer function logic for DeclRefExprs and BlockDeclRefExprs.
void	VisitDeclStmt (const DeclStmt DS, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitDeclStmt - Transfer function logic for DeclStmts.
void	VisitGuardedExpr (const Expr Ex, const Expr L, const Expr R, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.
void	VisitInitListExpr (const InitListExpr E, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitLogicalExpr (const BinaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitLogicalExpr - Transfer function logic for '&&', '\|\|'.
void	VisitMemberExpr (const MemberExpr M, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitMemberExpr - Transfer function for member expressions.
void	VisitObjCAtSynchronizedStmt (const ObjCAtSynchronizedStmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Transfer function logic for ObjCAtSynchronizedStmts.
void	VisitLvalObjCIvarRefExpr (const ObjCIvarRefExpr DR, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Transfer function logic for computing the lvalue of an Objective-C ivar.
void	VisitObjCForCollectionStmt (const ObjCForCollectionStmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitObjCMessage (const ObjCMessage &msg, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	VisitReturnStmt (const ReturnStmt R, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitReturnStmt - Transfer function logic for return statements.
void	VisitOffsetOfExpr (const OffsetOfExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitOffsetOfExpr - Transfer function for offsetof.
void	VisitUnaryExprOrTypeTraitExpr (const UnaryExprOrTypeTraitExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.
void	VisitUnaryOperator (const UnaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitUnaryOperator - Transfer function logic for unary operators.
void	VisitIncrementDecrementOperator (const UnaryOperator U, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Handle ++ and -- (both pre- and post-increment).
void	VisitCXXCatchStmt (const CXXCatchStmt CS, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXThisExpr (const CXXThisExpr TE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXTemporaryObjectExpr (const CXXTemporaryObjectExpr expr, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXConstructExpr (const CXXConstructExpr E, const MemRegion Dest, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	VisitCXXDestructor (const CXXDestructorDecl DD, const MemRegion Dest, const Stmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXNewExpr (const CXXNewExpr CNE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXDeleteExpr (const CXXDeleteExpr CDE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	CreateCXXTemporaryObject (const MaterializeTemporaryExpr ME, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Create a C++ temporary object for an rvalue.
const CXXThisRegion *	getCXXThisRegion (const CXXRecordDecl RD, const StackFrameContext SFC)
	Synthesize CXXThisRegion.
const CXXThisRegion *	getCXXThisRegion (const CXXMethodDecl decl, const StackFrameContext frameCtx)
void	evalEagerlyAssume (ExplodedNodeSet &Dst, ExplodedNodeSet &Src, const Expr *Ex)
std::pair< const ProgramPointTag , const ProgramPointTag >	getEagerlyAssumeTags ()
SVal	evalMinus (SVal X)
SVal	evalComplement (SVal X)
SVal	evalBinOp (ProgramStateRef state, BinaryOperator::Opcode op, NonLoc L, NonLoc R, QualType T)
SVal	evalBinOp (ProgramStateRef state, BinaryOperator::Opcode op, NonLoc L, SVal R, QualType T)
SVal	evalBinOp (ProgramStateRef ST, BinaryOperator::Opcode Op, SVal LHS, SVal RHS, QualType T)
void	evalLoad (ExplodedNodeSet &Dst, const Expr NodeEx, const Expr BoundExpr, ExplodedNode Pred, ProgramStateRef St, SVal location, const ProgramPointTag tag=0, QualType LoadTy=QualType())
	Simulate a read of the result of Ex.
void	evalStore (ExplodedNodeSet &Dst, const Expr AssignE, const Expr StoreE, ExplodedNode Pred, ProgramStateRef St, SVal TargetLV, SVal Val, const ProgramPointTag tag=0)
Protected Member Functions
void	evalObjCMessage (StmtNodeBuilder &Bldr, const ObjCMessage &msg, ExplodedNode *Pred, ProgramStateRef state, bool GenSink)
ProgramStateRef	invalidateArguments (ProgramStateRef State, const CallOrObjCMessage &Call, const LocationContext *LC)
ProgramStateRef	MarkBranch (ProgramStateRef state, const Stmt Terminator, const LocationContext LCtx, bool branchTaken)
void	evalBind (ExplodedNodeSet &Dst, const Stmt StoreE, ExplodedNode Pred, SVal location, SVal Val, bool atDeclInit=false)

Detailed Description

Definition at line 47 of file ExprEngine.h.

Constructor & Destructor Documentation

ExprEngine::ExprEngine	(	AnalysisManager &	mgr,
		bool	gcEnabled,
		SetOfConstDecls *	VisitedCallees,
		FunctionSummariesTy *	FS
	)

Definition at line 67 of file ExprEngine.cpp.

References clang::ento::ExplodedGraph::enableNodeReclamation(), and clang::ento::AnalysisManager::shouldEagerlyTrimExplodedGraph().

ExprEngine::~ExprEngine ( )

Definition at line 91 of file ExprEngine.cpp.

References clang::ento::BugReporter::FlushReports().

Member Function Documentation

void ExprEngine::CreateCXXTemporaryObject	(	const MaterializeTemporaryExpr *	ME,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Create a C++ temporary object for an rvalue.

Definition at line 37 of file ExprEngineCXX.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), clang::MaterializeTemporaryExpr::GetTemporaryExpr(), and clang::Expr::IgnoreParens().

void clang::ento::ExprEngine::enqueueEndOfPath ( ExplodedNodeSet & S )

void ExprEngine::evalBind	(	ExplodedNodeSet &	Dst,
		const Stmt *	StoreE,
		ExplodedNode *	Pred,
		SVal	location,
		SVal	Val,
		bool	atDeclInit = `false`
	)		`[protected]`

evalBind - Handle the semantics of binding a value to a specific location. This method is used by evalStore, VisitDeclStmt, and others.

evalBind - Handle the semantics of binding a value to a specific location. This method is used by evalStore and (soon) VisitDeclStmt, and others.

Definition at line 1552 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::ProgramPoint::PostStmtKind, and clang::ento::CheckerManager::runCheckersForBind().

Referenced by evalStore(), and VisitDeclStmt().

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	state,
		BinaryOperator::Opcode	op,
		NonLoc	L,
		NonLoc	R,
		QualType	T
	)		`[inline]`

Definition at line 423 of file ExprEngine.h.

References clang::ento::SValBuilder::evalBinOpNN().

Referenced by clang::ento::SubEngine::getInitialState(), and VisitIncrementDecrementOperator().

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	state,
		BinaryOperator::Opcode	op,
		NonLoc	L,
		SVal	R,
		QualType	T
	)		`[inline]`

Definition at line 428 of file ExprEngine.h.

References clang::ento::SValBuilder::evalBinOpNN(), and clang::ento::SVal::isValid().

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	ST,
		BinaryOperator::Opcode	Op,
		SVal	LHS,
		SVal	RHS,
		QualType	T
	)		`[inline]`

Definition at line 433 of file ExprEngine.h.

References clang::ento::SValBuilder::evalBinOp().

SVal clang::ento::ExprEngine::evalComplement ( SVal X ) [inline]

Definition at line 417 of file ExprEngine.h.

References clang::ento::SValBuilder::evalComplement(), and clang::ento::SVal::isValid().

void ExprEngine::evalEagerlyAssume	(	ExplodedNodeSet &	Dst,
		ExplodedNodeSet &	Src,
		const Expr *	Ex
	)

evalEagerlyAssume - Given the nodes in 'Src', eagerly assume symbolic expressions of the form 'x != 0' and generate new nodes (stored in Dst) with those assumptions.

Definition at line 1754 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getEagerlyAssumeTags(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStmt(), clang::Expr::getType(), clang::ento::nonloc::SymbolVal::isExpression(), clang::ento::SValBuilder::makeIntVal(), and P.

void ExprEngine::evalLoad	(	ExplodedNodeSet &	Dst,
		const Expr *	NodeEx,
		const Expr *	BoundExpr,
		ExplodedNode *	Pred,
		ProgramStateRef	St,
		SVal	location,
		const ProgramPointTag *	tag = `0`,
		QualType	LoadTy = `QualType()`
	)

Simulate a read of the result of Ex.

Definition at line 1626 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::SVal::getAsRegion(), and getContext().

Referenced by VisitCast(), VisitIncrementDecrementOperator(), and VisitMemberExpr().

SVal clang::ento::ExprEngine::evalMinus ( SVal X ) [inline]

Definition at line 413 of file ExprEngine.h.

References clang::ento::SValBuilder::evalMinus(), and clang::ento::SVal::isValid().

void ExprEngine::evalObjCMessage	(	StmtNodeBuilder &	Bldr,
		const ObjCMessage &	msg,
		ExplodedNode *	Pred,
		ProgramStateRef	state,
		bool	GenSink
	)		`[protected]`

void ExprEngine::evalStore	(	ExplodedNodeSet &	Dst,
		const Expr *	AssignE,
		const Expr *	LocationE,
		ExplodedNode *	Pred,
		ProgramStateRef	state,
		SVal	location,
		SVal	Val,
		const ProgramPointTag *	tag = `0`
	)

evalStore - Handle the semantics of a store via an assignment.

Parameters:

Dst	The node set to store generated state nodes
AssignE	The assignment expression if the store happens in an assignment.
LocatioinE	The location expression that is stored to.
state	The current simulation state
location	The location to store the value
Val	The value to be stored

Definition at line 1599 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::empty(), clang::ento::ExplodedNodeSet::end(), evalBind(), and clang::ento::SVal::isUndef().

Referenced by VisitIncrementDecrementOperator().

bool CoreEngine::ExecuteWorkList	(	const LocationContext *	L,
		unsigned	Steps = `150000`
	)		`[inline]`

Returns true if there is still simulation state on the worklist.

ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.

Definition at line 101 of file ExprEngine.h.

References clang::ento::CoreEngine::ExecuteWorkList().

bool CoreEngine::ExecuteWorkListWithInitialState	(	const LocationContext *	L,
		unsigned	Steps,
		ProgramStateRef	InitState,
		ExplodedNodeSet &	Dst
	)		`[inline]`

Execute the work list with an initial state. Nodes that reaches the exit of the function are added into the Dst set, which represent the exit state of the function call. Returns true if there is still simulation state on the worklist.

Definition at line 109 of file ExprEngine.h.

References clang::ento::CoreEngine::ExecuteWorkListWithInitialState().

void clang::ento::ExprEngine::GenerateAutoTransition ( ExplodedNode * N )

void clang::ento::ExprEngine::GenerateCallExitNode ( ExplodedNode * N )

virtual AnalysisManager& clang::ento::ExprEngine::getAnalysisManager ( ) [inline, virtual]

Implements clang::ento::SubEngine.

Definition at line 118 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::getAnalysisManager().

BasicValueFactory& clang::ento::ExprEngine::getBasicVals ( ) [inline]

Definition at line 258 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getBasicVals().

Referenced by clang::ento::SubEngine::processSwitch(), and VisitInitListExpr().

const BasicValueFactory& clang::ento::ExprEngine::getBasicVals ( ) const [inline]

Definition at line 261 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getBasicVals().

BugReporter& clang::ento::ExprEngine::getBugReporter ( ) [inline]

Definition at line 126 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::EmitReport(), and clang::ento::CheckerContext::getBugReporter().

const NodeBuilderContext& clang::ento::ExprEngine::getBuilderContext ( ) [inline]

Definition at line 128 of file ExprEngine.h.

Referenced by clang::ento::CheckerManager::runCheckersForEvalCall().

CheckerManager& clang::ento::ExprEngine::getCheckerManager ( ) const [inline]

ConstraintManager& clang::ento::ExprEngine::getConstraintManager ( ) [inline]

Definition at line 253 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getConstraintManager().

Referenced by clang::ento::CheckerContext::getConstraintManager(), and removeDead().

ASTContext& clang::ento::ExprEngine::getContext ( ) const [inline]

getContext - Return the ASTContext associated with this analysis.

Definition at line 116 of file ExprEngine.h.

References clang::ento::AnalysisManager::getASTContext().

Referenced by evalLoad(), evalObjCMessage(), clang::ento::CheckerContext::getASTContext(), getCXXThisRegion(), clang::ento::SubEngine::getInitialState(), clang::ento::CheckerContext::getLangOpts(), clang::ento::SubEngine::processBranch(), ProcessStmt(), clang::ento::SubEngine::processSwitch(), ViewGraph(), VisitBlockExpr(), VisitCast(), VisitCXXThisExpr(), VisitDeclStmt(), VisitInitListExpr(), VisitObjCMessage(), and VisitOffsetOfExpr().

const CoreEngine& clang::ento::ExprEngine::getCoreEngine ( ) const [inline]

Definition at line 274 of file ExprEngine.h.

Referenced by clang::ento::SubEngine::processCallExit().

const CXXThisRegion* clang::ento::ExprEngine::getCXXThisRegion	(	const CXXRecordDecl *	RD,
		const StackFrameContext *	SFC
	)

Synthesize CXXThisRegion.

Referenced by getCXXThisRegion(), clang::ento::SubEngine::getInitialState(), clang::ento::SubEngine::processCallExit(), ProcessInitializer(), VisitCXXConstructExpr(), and VisitCXXDestructor().

const CXXThisRegion * ExprEngine::getCXXThisRegion	(	const CXXMethodDecl *	decl,
		const StackFrameContext *	frameCtx
	)

Definition at line 31 of file ExprEngineCXX.cpp.

References getContext(), getCXXThisRegion(), clang::ento::SValBuilder::getRegionManager(), and clang::CXXMethodDecl::getThisType().

std::pair< const ProgramPointTag *, const ProgramPointTag * > ExprEngine::getEagerlyAssumeTags ( )

Definition at line 1747 of file ExprEngine.cpp.

Referenced by evalEagerlyAssume().

ExplodedGraph& clang::ento::ExprEngine::getGraph ( ) [inline]

Definition at line 151 of file ExprEngine.h.

ExplodedGraph & GRBugReporter::getGraph ( ) const [inline]

Definition at line 152 of file ExprEngine.h.

ProgramStateRef clang::ento::ExprEngine::getInitialState ( const LocationContext * InitLoc ) [virtual]

getInitialState - Return the initial state used for the root vertex in the ExplodedGraph.

Implements clang::ento::SubEngine.

virtual ProgramStateManager& clang::ento::ExprEngine::getStateManager ( ) [inline, virtual]

Implements clang::ento::SubEngine.

Definition at line 249 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::getStateManager(), and clang::ento::SubEngine::processBranch().

const Stmt* clang::ento::ExprEngine::getStmt ( ) const

Referenced by evalEagerlyAssume().

StoreManager& clang::ento::ExprEngine::getStoreManager ( ) [inline]

Definition at line 251 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getStoreManager().

Referenced by clang::ento::CheckerContext::getStoreManager(), ProcessInitializer(), removeDead(), VisitCast(), and VisitCXXNewExpr().

SValBuilder& clang::ento::ExprEngine::getSValBuilder ( ) [inline]

Definition at line 124 of file ExprEngine.h.

Referenced by evalObjCMessage(), and clang::ento::CheckerContext::getSValBuilder().

SymbolManager& clang::ento::ExprEngine::getSymbolManager ( ) [inline]

Definition at line 266 of file ExprEngine.h.

const SymbolManager& clang::ento::ExprEngine::getSymbolManager ( ) const [inline]

Definition at line 267 of file ExprEngine.h.

bool clang::ento::ExprEngine::hasEmptyWorkList ( ) const [inline]

Definition at line 271 of file ExprEngine.h.

References clang::ento::CoreEngine::getWorkList(), and clang::ento::WorkList::hasWork().

bool clang::ento::ExprEngine::hasWorkRemaining ( ) const [inline]

Definition at line 272 of file ExprEngine.h.

References clang::ento::CoreEngine::hasWorkRemaining().

ProgramStateRef ExprEngine::invalidateArguments	(	ProgramStateRef	State,
		const CallOrObjCMessage &	Call,
		const LocationContext *	LC
	)		`[protected]`

Definition at line 363 of file ExprEngineCallAndReturn.cpp.

Referenced by evalObjCMessage(), and VisitCXXConstructExpr().

bool clang::ento::ExprEngine::isObjCGCEnabled ( ) [inline]

Definition at line 133 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::isObjCGCEnabled().

ProgramStateRef ExprEngine::MarkBranch	(	ProgramStateRef	state,
		const Stmt *	Terminator,
		const LocationContext *	LCtx,
		bool	branchTaken
	)		`[protected]`

Definition at line 1075 of file ExprEngine.cpp.

References clang::BO_LAnd, clang::BO_LOr, clang::AbstractConditionalOperator::getFalseExpr(), clang::BinaryOperator::getLHS(), clang::ChooseExpr::getLHS(), clang::BinaryOperator::getOpcode(), clang::BinaryOperator::getRHS(), clang::ChooseExpr::getRHS(), clang::Stmt::getStmtClass(), and clang::AbstractConditionalOperator::getTrueExpr().

Referenced by clang::ento::SubEngine::processBranch().

void clang::ento::ExprEngine::printState	(	raw_ostream &	Out,
		ProgramStateRef	State,
		const char *	NL,
		const char *	Sep
	)		`[virtual]`

printState - Called by ProgramStateManager to print checker-specific data.

Implements clang::ento::SubEngine.

ProgramStateRef clang::ento::ExprEngine::processAssume	(	ProgramStateRef	state,
		SVal	cond,
		bool	assumption
	)		`[virtual]`

evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values.

Implements clang::ento::SubEngine.

void ExprEngine::ProcessAutomaticObjDtor	(	const CFGAutomaticObjDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 440 of file ExprEngine.cpp.

References clang::CXXRecordDecl::getDestructor(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::CFGAutomaticObjDtor::getTriggerStmt(), clang::ValueDecl::getType(), clang::CFGAutomaticObjDtor::getVarDecl(), and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

void ExprEngine::ProcessBaseDtor	(	const CFGBaseDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 461 of file ExprEngine.cpp.

Referenced by ProcessImplicitDtor().

void clang::ento::ExprEngine::processBranch	(	const Stmt *	Condition,
		const Stmt *	Term,
		NodeBuilderContext &	BuilderCtx,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF
	)		`[virtual]`

ProcessBranch - Called by CoreEngine. Used to generate successor nodes by processing the 'effects' of a branch condition.

Implements clang::ento::SubEngine.

void clang::ento::ExprEngine::processCallEnter	(	CallEnter	CE,
		ExplodedNode *	Pred
	)		`[virtual]`

Generate the entry node of the callee.

Implements clang::ento::SubEngine.

void clang::ento::ExprEngine::processCallExit ( ExplodedNode * Pred ) [virtual]

Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr.

Implements clang::ento::SubEngine.

virtual void clang::ento::ExprEngine::processCFGBlockEntrance	(	const BlockEdge &	L,
		NodeBuilderWithSinks &	nodeBuilder
	)		`[virtual]`

Called by CoreEngine when processing the entrance of a CFGBlock.

Implements clang::ento::SubEngine.

void clang::ento::ExprEngine::processCFGElement	(	const CFGElement	E,
		ExplodedNode *	Pred,
		unsigned	StmtIdx,
		NodeBuilderContext *	Ctx
	)		`[virtual]`

processCFGElement - Called by CoreEngine. Used to generate new successor nodes by processing the 'effects' of a CFG element.

Implements clang::ento::SubEngine.

void clang::ento::ExprEngine::processEndOfFunction ( NodeBuilderContext & BC ) [virtual]

ProcessEndPath - Called by CoreEngine. Used to generate end-of-path nodes when the control reaches the end of a function.

Implements clang::ento::SubEngine.

void clang::ento::ExprEngine::processEndWorklist ( bool hasWorkRemaining ) [virtual]

Called by CoreEngine when the analysis worklist has terminated.

Implements clang::ento::SubEngine.

void ExprEngine::ProcessImplicitDtor	(	const CFGImplicitDtor	D,
		ExplodedNode *	Pred
	)

Definition at line 416 of file ExprEngine.cpp.

References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilderContext::getBlock(), clang::CFGElement::getKind(), clang::CFGElement::MemberDtor, ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessMemberDtor(), ProcessTemporaryDtor(), and clang::CFGElement::TemporaryDtor.

Referenced by clang::ento::SubEngine::processCFGElement().

void clang::ento::ExprEngine::processIndirectGoto ( IndirectGotoNodeBuilder & builder ) [virtual]

processIndirectGoto - Called by CoreEngine. Used to generate successor nodes by processing the 'effects' of a computed goto jump.

Implements clang::ento::SubEngine.

void ExprEngine::ProcessInitializer	(	const CFGInitializer	I,
		ExplodedNode *	Pred
	)

Definition at line 366 of file ExprEngine.cpp.

References clang::ento::CoreEngine::enqueue(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::StmtNodeBuilder::generateNode(), clang::CXXCtorInitializer::getAnyMember(), clang::ento::NodeBuilderContext::getBlock(), getCXXThisRegion(), clang::LocationContext::getDecl(), clang::CXXCtorInitializer::getInit(), clang::CFGInitializer::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::CXXCtorInitializer::isAnyMemberInitializer(), clang::CXXCtorInitializer::isBaseInitializer(), and VisitCXXConstructExpr().

Referenced by clang::ento::SubEngine::processCFGElement().

void ExprEngine::ProcessMemberDtor	(	const CFGMemberDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 464 of file ExprEngine.cpp.

Referenced by ProcessImplicitDtor().

ProgramStateRef clang::ento::ExprEngine::processRegionChanges	(	ProgramStateRef	state,
		const StoreManager::InvalidatedSymbols *	invalidated,
		ArrayRef< const MemRegion * >	ExplicitRegions,
		ArrayRef< const MemRegion * >	Regions,
		const CallOrObjCMessage *	Call
	)		`[virtual]`

processRegionChanges - Called by ProgramStateManager whenever a change is made to the store. Used to update checkers that track region values.

Implements clang::ento::SubEngine.

void ExprEngine::ProcessStmt	(	const CFGStmt	S,
		ExplodedNode *	Pred
	)

Definition at line 328 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::Stmt::getLocStart(), clang::CFGStmt::getStmt(), clang::ento::ExplodedNodeSet::insert(), NULL, clang::ento::ExplodedGraph::reclaimRecentlyAllocatedNodes(), removeDead(), shouldRemoveDeadBindings(), and Visit().

Referenced by clang::ento::SubEngine::processCFGElement().

void clang::ento::ExprEngine::processSwitch ( SwitchNodeBuilder & builder ) [virtual]

ProcessSwitch - Called by CoreEngine. Used to generate successor nodes by processing the 'effects' of a switch statement.

Implements clang::ento::SubEngine.

void ExprEngine::ProcessTemporaryDtor	(	const CFGTemporaryDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 467 of file ExprEngine.cpp.

Referenced by ProcessImplicitDtor().

void ExprEngine::removeDead	(	ExplodedNode *	Node,
		ExplodedNodeSet &	Out,
		const Stmt *	ReferenceStmt,
		const LocationContext *	LC,
		const Stmt *	DiagnosticStmt,
		ProgramPoint::Kind	K = `ProgramPoint::PreStmtPurgeDeadSymbolsKind`
	)

Run the analyzer's garbage collection - remove dead symbols and bindings.

Parameters:

Node	- The predecessor node, from which the processing should start.
Out	- The returned set of output nodes.
ReferenceStmt	- Run garbage collection using the symbols, which are live before the given statement.
LC	- The location context of the ReferenceStmt.
DiagnosticStmt	- the statement used to associate the diagnostic message, if any warnings should occur while removing the dead (leaks are usually reported here).
K	- In some cases it is possible to use PreStmt kind. (Do not use it unless you know what you are doing.)

Definition at line 262 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getConstraintManager(), clang::LocationContext::getCurrentStackFrame(), clang::ento::ProgramStateManager::getPersistentStateWithGDM(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::ento::SymbolReaper::hasDeadSymbols(), clang::ento::ProgramStateManager::haveEqualEnvironments(), clang::ento::ProgramStateManager::haveEqualStores(), clang::ProgramPoint::PreStmtPurgeDeadSymbolsKind, clang::ento::ConstraintManager::removeDeadBindings(), clang::ento::ProgramStateManager::removeDeadBindings(), clang::ento::CheckerManager::runCheckersForDeadSymbols(), and clang::ento::CheckerManager::runCheckersForLiveSymbols().

Referenced by clang::ento::SubEngine::processCallExit(), and ProcessStmt().

void clang::ento::ExprEngine::ViewGraph ( bool trim = false )

ViewGraph - Visualize the ExplodedGraph created by executing the simulation.

Referenced by ViewGraph().

void ExprEngine::ViewGraph	(	ExplodedNode **	Beg,
		ExplodedNode **	End
	)

Definition at line 2079 of file ExprEngine.cpp.

References getContext(), clang::ASTContext::getSourceManager(), GraphPrintCheckerState, GraphPrintSourceManager, NULL, clang::ento::ExplodedGraph::Trim(), and ViewGraph().

void clang::ento::ExprEngine::Visit	(	const Stmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Visit - Transfer function logic for all statements. Dispatches to other functions that handle specific kinds of statements.

Referenced by ProcessStmt().

void ExprEngine::VisitAsmStmt	(	const AsmStmt *	A,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitAsmStmt - Transfer function logic for inline asm.

Definition at line 1792 of file ExprEngine.cpp.

References clang::AsmStmt::begin_outputs(), clang::AsmStmt::end_outputs(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), and clang::ento::ExplodedNode::getState().

void clang::ento::ExprEngine::VisitBinaryOperator	(	const BinaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitBinaryOperator - Transfer function logic for binary operators.

void ExprEngine::VisitBlockExpr	(	const BlockExpr *	BE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitBlockExpr - Transfer function logic for BlockExprs.

Definition at line 181 of file ExprEngineC.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::BlockExpr::getBlockDecl(), clang::ento::SValBuilder::getBlockPointer(), clang::ASTContext::getCanonicalType(), clang::ento::BlockDataRegion::referenced_vars_iterator::getCapturedRegion(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::BlockDataRegion::referenced_vars_iterator::getOriginalRegion(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ProgramPoint::PostLValueKind, and clang::ento::CheckerManager::runCheckersForPostStmt().

void ExprEngine::VisitCallExpr	(	const CallExpr *	CE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitCall - Transfer function for function calls.

Definition at line 475 of file ExprEngineCallAndReturn.cpp.

References clang::LangAS::Count, clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsFunctionDecl(), clang::CallExpr::getCallee(), getCheckerManager(), clang::ento::SValBuilder::getConjuredSymbolVal(), clang::ento::ExplodedNode::getLocationContext(), getReplayWithoutInliningState(), clang::FunctionDecl::getResultType(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::Expr::isGLValue(), clang::ento::CheckerManager::runCheckersForEvalCall(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

void ExprEngine::VisitCast	(	const CastExpr *	CastE,
		const Expr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitCast - Transfer function logic for all casts (implicit and explicit).

Definition at line 221 of file ExprEngineC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::CK_AnyPointerToBlockPointerCast, clang::CK_ARCConsumeObject, clang::CK_ARCExtendBlockObject, clang::CK_ARCProduceObject, clang::CK_ARCReclaimReturnedObject, clang::CK_ArrayToPointerDecay, clang::CK_AtomicToNonAtomic, clang::CK_BaseToDerived, clang::CK_BaseToDerivedMemberPointer, clang::CK_BitCast, clang::CK_BlockPointerToObjCPointerCast, clang::CK_ConstructorConversion, clang::CK_CopyAndAutoreleaseBlockObject, clang::CK_CPointerToObjCPointerCast, clang::CK_Dependent, clang::CK_DerivedToBase, clang::CK_DerivedToBaseMemberPointer, clang::CK_Dynamic, clang::CK_FloatingCast, clang::CK_FloatingComplexCast, clang::CK_FloatingComplexToBoolean, clang::CK_FloatingComplexToIntegralComplex, clang::CK_FloatingComplexToReal, clang::CK_FloatingRealToComplex, clang::CK_FloatingToBoolean, clang::CK_FloatingToIntegral, clang::CK_FunctionToPointerDecay, clang::CK_IntegralCast, clang::CK_IntegralComplexCast, clang::CK_IntegralComplexToBoolean, clang::CK_IntegralComplexToFloatingComplex, clang::CK_IntegralComplexToReal, clang::CK_IntegralRealToComplex, clang::CK_IntegralToBoolean, clang::CK_IntegralToFloating, clang::CK_IntegralToPointer, clang::CK_LValueBitCast, clang::CK_LValueToRValue, clang::CK_MemberPointerToBoolean, clang::CK_NonAtomicToAtomic, clang::CK_NoOp, clang::CK_NullToMemberPointer, clang::CK_NullToPointer, clang::CK_ObjCObjectLValueCast, clang::CK_PointerToBoolean, clang::CK_PointerToIntegral, clang::CK_ReinterpretMemberPointer, clang::CK_ToUnion, clang::CK_ToVoid, clang::CK_UncheckedDerivedToBase, clang::CK_UserDefinedConversion, clang::CK_VectorSplat, clang::ento::ExplodedNodeSet::end(), clang::ento::SValBuilder::evalCast(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::StoreManager::evalDynamicCast(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::CastExpr::getCastKind(), getCheckerManager(), clang::ento::SValBuilder::getConjuredSymbolVal(), getContext(), clang::ento::NodeBuilderContext::getCurrentBlockCount(), clang::ento::ExplodedNode::getLocationContext(), clang::ASTContext::getPointerType(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::Expr::getType(), clang::Expr::isGLValue(), clang::ento::SVal::isUnknown(), clang::ento::SVal::isZeroConstant(), clang::ento::SValBuilder::makeNull(), NULL, and clang::ento::CheckerManager::runCheckersForPreStmt().

void ExprEngine::VisitCommonDeclRefExpr	(	const Expr *	DR,
		const NamedDecl *	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Transfer function logic for DeclRefExprs and BlockDeclRefExprs.

Definition at line 1426 of file ExprEngine.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SValBuilder::getFunctionPointer(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::isGLValue(), clang::ento::SValBuilder::makeIntVal(), and clang::ProgramPoint::PostLValueKind.

Referenced by VisitMemberExpr().

void ExprEngine::VisitCompoundLiteralExpr	(	const CompoundLiteralExpr *	CL,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitCompoundLiteralExpr - Transfer function logic for compound literals.

Definition at line 398 of file ExprEngineC.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::CompoundLiteralExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::IgnoreParens(), and clang::Expr::isGLValue().

void ExprEngine::VisitCXXCatchStmt	(	const CXXCatchStmt *	CS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 267 of file ExprEngineCXX.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SValBuilder::getConjuredSymbolVal(), clang::ento::NodeBuilderContext::getCurrentBlockCount(), clang::CXXCatchStmt::getExceptionDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ValueDecl::getType().

void ExprEngine::VisitCXXConstructExpr	(	const CXXConstructExpr *	E,
		const MemRegion *	Dest,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 62 of file ExprEngineCXX.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::ento::ExplodedNodeSet::begin(), clang::FunctionDecl::doesThisDeclarationHaveABody(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::NodeBuilderContext::getBlock(), getCheckerManager(), clang::CXXConstructExpr::getConstructor(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), getCXXThisRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXMethodDecl::getParent(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), invalidateArguments(), clang::CXXConstructExpr::isElidable(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::ento::AnalysisManager::shouldInlineCall().

Referenced by ProcessInitializer(), and VisitCXXTemporaryObjectExpr().

void ExprEngine::VisitCXXDeleteExpr	(	const CXXDeleteExpr *	CDE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 260 of file ExprEngineCXX.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), and clang::ento::ExplodedNode::getState().

void ExprEngine::VisitCXXDestructor	(	const CXXDestructorDecl *	DD,
		const MemRegion *	Dest,
		const Stmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 149 of file ExprEngineCXX.cpp.

References clang::FunctionDecl::doesThisDeclarationHaveABody(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::NodeBuilderContext::getBlock(), clang::AnalysisDeclContextManager::getContext(), getCXXThisRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXMethodDecl::getParent(), clang::ento::ExplodedNode::getState(), S, and clang::ento::AnalysisManager::shouldInlineCall().

Referenced by ProcessAutomaticObjDtor().

void ExprEngine::VisitCXXNewExpr	(	const CXXNewExpr *	CNE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 173 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::ento::SValBuilder::getConjuredSymbolVal(), clang::ento::NodeBuilderContext::getCurrentBlockCount(), clang::ento::StoreManager::GetElementZeroRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::Expr::getType(), clang::ValueDecl::getType(), clang::CXXNewExpr::hasInitializer(), clang::CXXNewExpr::isArray(), NULL, and clang::ento::NodeBuilder::takeNodes().

void ExprEngine::VisitCXXTemporaryObjectExpr	(	const CXXTemporaryObjectExpr *	expr,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 56 of file ExprEngineCXX.cpp.

References VisitCXXConstructExpr().

void ExprEngine::VisitCXXThisExpr	(	const CXXThisExpr *	TE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 286 of file ExprEngineCXX.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::MemRegionManager::getCXXThisRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), and clang::Expr::getType().

void ExprEngine::VisitDeclStmt	(	const DeclStmt *	DS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitDeclStmt - Transfer function logic for DeclStmts.

Definition at line 417 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::DeclStmt::decl_begin(), clang::ento::ExplodedNodeSet::end(), evalBind(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::ento::SValBuilder::getConjuredSymbolVal(), getContext(), clang::ento::NodeBuilderContext::getCurrentBlockCount(), clang::VarDecl::getInit(), clang::ento::AnalysisManager::getLangOpts(), clang::ento::ExplodedNode::getLocationContext(), clang::ASTContext::getPointerType(), clang::ento::ExplodedNode::getState(), clang::ValueDecl::getType(), clang::ento::ExplodedNodeSet::insert(), clang::ento::SVal::isUnknown(), NULL, clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::ento::NodeBuilder::takeNodes().

void ExprEngine::VisitGuardedExpr	(	const Expr *	Ex,
		const Expr *	L,
		const Expr *	R,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.

Definition at line 577 of file ExprEngineC.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ento::SVal::isUndef().

void ExprEngine::VisitIncrementDecrementOperator	(	const UnaryOperator *	U,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Handle ++ and -- (both pre- and post-increment).

Definition at line 768 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::BO_Add, clang::BO_Sub, clang::ento::ExplodedNodeSet::end(), evalBinOp(), clang::ento::SValBuilder::evalEQ(), evalLoad(), evalStore(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SValBuilder::getConjuredSymbolVal(), clang::ento::NodeBuilderContext::getCurrentBlockCount(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::UnaryOperator::getSubExpr(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::ento::ExplodedNodeSet::insert(), clang::Expr::isGLValue(), clang::UnaryOperator::isIncrementDecrementOp(), clang::UnaryOperator::isIncrementOp(), clang::ento::Loc::isLocType(), clang::UnaryOperator::isPostfix(), clang::ento::SVal::isUnknown(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeIntVal(), clang::ento::SValBuilder::makeZeroVal(), NULL, and clang::ento::NodeBuilder::takeNodes().

void ExprEngine::VisitInitListExpr	(	const InitListExpr *	E,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 531 of file ExprEngineC.cpp.

References clang::ento::BasicValueFactory::consVals(), clang::ento::StmtNodeBuilder::generateNode(), getBasicVals(), clang::ASTContext::getCanonicalType(), getContext(), clang::ento::BasicValueFactory::getEmptySValList(), clang::InitListExpr::getInit(), clang::ento::ExplodedNode::getLocationContext(), clang::InitListExpr::getNumInits(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ento::Loc::isLocType(), clang::ento::SValBuilder::makeCompoundVal(), clang::InitListExpr::rbegin(), and clang::InitListExpr::rend().

void ExprEngine::VisitLogicalExpr	(	const BinaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitLogicalExpr - Transfer function logic for '&&', '||'.

Definition at line 480 of file ExprEngineC.cpp.

References clang::BO_LAnd, clang::BO_LOr, clang::ento::ExplodedNode::getLocationContext(), clang::BinaryOperator::getOpcode(), clang::BinaryOperator::getRHS(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ento::SVal::isUndef(), and clang::ento::SValBuilder::makeIntVal().

void ExprEngine::VisitLvalArraySubscriptExpr	(	const ArraySubscriptExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitArraySubscriptExpr - Transfer function for array accesses.

Definition at line 1475 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ArraySubscriptExpr::getBase(), getCheckerManager(), clang::ArraySubscriptExpr::getIdx(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::Expr::isGLValue(), clang::ProgramPoint::PostLValueKind, and clang::ento::CheckerManager::runCheckersForPreStmt().

void ExprEngine::VisitLvalObjCIvarRefExpr	(	const ObjCIvarRefExpr *	DR,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Transfer function logic for computing the lvalue of an Objective-C ivar.

Definition at line 22 of file ExprEngineObjC.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ObjCIvarRefExpr::getBase(), getCheckerManager(), clang::ObjCIvarRefExpr::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ento::CheckerManager::runCheckersForPostStmt().

void ExprEngine::VisitMemberExpr	(	const MemberExpr *	M,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitMemberExpr - Transfer function for member expressions.

Definition at line 1502 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::addNodes(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::MemberExpr::getBase(), clang::ento::ExplodedNode::getLocationContext(), clang::MemberExpr::getMemberDecl(), clang::ento::ExplodedNode::getState(), clang::Expr::IgnoreParens(), clang::Expr::isGLValue(), clang::ProgramPoint::PostLValueKind, clang::ento::NodeBuilder::takeNodes(), and VisitCommonDeclRefExpr().

void ExprEngine::VisitObjCAtSynchronizedStmt	(	const ObjCAtSynchronizedStmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Transfer function logic for ObjCAtSynchronizedStmts.

Definition at line 39 of file ExprEngineObjC.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForPreStmt().

void ExprEngine::VisitObjCForCollectionStmt	(	const ObjCForCollectionStmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

void ExprEngine::VisitObjCMessage	(	const ObjCMessage &	msg,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

void ExprEngine::VisitOffsetOfExpr	(	const OffsetOfExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitOffsetOfExpr - Transfer function for offsetof.

Definition at line 597 of file ExprEngineC.cpp.

References clang::Expr::EvaluateAsInt(), clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ASTContext::getTypeSize(), and clang::ento::SValBuilder::makeIntVal().

void ExprEngine::VisitReturnStmt	(	const ReturnStmt *	R,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitReturnStmt - Transfer function logic for return statements.

Definition at line 548 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::ReturnStmt::getRetValue(), and clang::ento::CheckerManager::runCheckersForPreStmt().

void clang::ento::ExprEngine::VisitUnaryExprOrTypeTraitExpr	(	const UnaryExprOrTypeTraitExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.

void clang::ento::ExprEngine::VisitUnaryOperator	(	const UnaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitUnaryOperator - Transfer function logic for unary operators.

bool clang::ento::ExprEngine::wantsRegionChangeUpdate ( ProgramStateRef state ) [virtual]

wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a region change should trigger a processRegionChanges update.

Implements clang::ento::SubEngine.

bool clang::ento::ExprEngine::wasBlocksExhausted ( ) const [inline]

Definition at line 270 of file ExprEngine.h.

References clang::ento::CoreEngine::wasBlocksExhausted().

The documentation for this class was generated from the following files:

Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation