|
clang 19.0.0git
|
#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
Classes | |
| class | BindingsHandler |
| class | FindUniqueBinding |
Public Types | |
| using | InvalidatedRegions = SmallVector< const MemRegion *, 8 > |
Public Member Functions | |
| virtual | ~StoreManager ()=default |
| virtual SVal | getBinding (Store store, Loc loc, QualType T=QualType())=0 |
| Return the value bound to specified location in a given state. | |
| virtual std::optional< SVal > | getDefaultBinding (Store store, const MemRegion *R)=0 |
| Return the default value bound to a region in a given store. | |
| std::optional< SVal > | getDefaultBinding (nonloc::LazyCompoundVal lcv) |
| Return the default value bound to a LazyCompoundVal. | |
| virtual StoreRef | Bind (Store store, Loc loc, SVal val)=0 |
| Return a store with the specified value bound to the given location. | |
| virtual StoreRef | BindDefaultInitial (Store store, const MemRegion *R, SVal V)=0 |
| Return a store with the specified value bound to all sub-regions of the region. | |
| virtual StoreRef | BindDefaultZero (Store store, const MemRegion *R)=0 |
| Return a store with in which all values within the given region are reset to zero. | |
| virtual StoreRef | killBinding (Store ST, Loc L)=0 |
| Create a new store with the specified binding removed. | |
| virtual StoreRef | getInitialStore (const LocationContext *InitLoc)=0 |
| getInitialStore - Returns the initial "empty" store representing the value bindings upon entry to an analyzed function. | |
| MemRegionManager & | getRegionManager () |
| getRegionManager - Returns the internal RegionManager object that is used to query and manipulate MemRegion objects. | |
| SValBuilder & | getSValBuilder () |
| virtual Loc | getLValueVar (const VarDecl *VD, const LocationContext *LC) |
| Loc | getLValueCompoundLiteral (const CompoundLiteralExpr *CL, const LocationContext *LC) |
| virtual SVal | getLValueIvar (const ObjCIvarDecl *decl, SVal base) |
| virtual SVal | getLValueField (const FieldDecl *D, SVal Base) |
| virtual SVal | getLValueElement (QualType elementType, NonLoc offset, SVal Base) |
| virtual SVal | ArrayToPointer (Loc Array, QualType ElementTy)=0 |
| ArrayToPointer - Used by ExprEngine::VistCast to handle implicit conversions between arrays and pointers. | |
| SVal | evalDerivedToBase (SVal Derived, const CastExpr *Cast) |
Evaluates a chain of derived-to-base casts through the path specified in Cast. | |
| SVal | evalDerivedToBase (SVal Derived, const CXXBasePath &CastPath) |
| Evaluates a chain of derived-to-base casts through the specified path. | |
| SVal | evalDerivedToBase (SVal Derived, QualType DerivedPtrType, bool IsVirtual) |
| Evaluates a derived-to-base cast through a single level of derivation. | |
| std::optional< SVal > | evalBaseToDerived (SVal Base, QualType DerivedPtrType) |
| Attempts to do a down cast. | |
| const ElementRegion * | GetElementZeroRegion (const SubRegion *R, QualType T) |
| std::optional< const MemRegion * > | castRegion (const MemRegion *region, QualType CastToTy) |
| castRegion - Used by ExprEngine::VisitCast to handle casts from a MemRegion* to a specific location type. | |
| virtual StoreRef | removeDeadBindings (Store store, const StackFrameContext *LCtx, SymbolReaper &SymReaper)=0 |
| virtual bool | includedInBindings (Store store, const MemRegion *region) const =0 |
| virtual void | incrementReferenceCount (Store store) |
| If the StoreManager supports it, increment the reference count of the specified Store object. | |
| virtual void | decrementReferenceCount (Store store) |
| If the StoreManager supports it, decrement the reference count of the specified Store object. | |
| virtual StoreRef | invalidateRegions (Store store, ArrayRef< SVal > Values, const Expr *E, unsigned Count, const LocationContext *LCtx, const CallEvent *Call, InvalidatedSymbols &IS, RegionAndSymbolInvalidationTraits &ITraits, InvalidatedRegions *InvalidatedTopLevel, InvalidatedRegions *Invalidated)=0 |
| invalidateRegions - Clears out the specified regions from the store, marking their values as unknown. | |
| StoreRef | enterStackFrame (Store store, const CallEvent &Call, const StackFrameContext *CalleeCtx) |
| enterStackFrame - Let the StoreManager to do something when execution engine is about to execute into a callee. | |
| virtual bool | scanReachableSymbols (Store S, const MemRegion *R, ScanReachableSymbols &Visitor)=0 |
| Finds the transitive closure of symbols within the given region. | |
| virtual void | printJson (raw_ostream &Out, Store S, const char *NL, unsigned int Space, bool IsDot) const =0 |
| virtual void | iterBindings (Store store, BindingsHandler &f)=0 |
| iterBindings - Iterate over the bindings in the Store. | |
Protected Member Functions | |
| StoreManager (ProgramStateManager &stateMgr) | |
| const ElementRegion * | MakeElementRegion (const SubRegion *baseRegion, QualType pointeeTy, uint64_t index=0) |
Protected Attributes | |
| SValBuilder & | svalBuilder |
| ProgramStateManager & | StateMgr |
| MemRegionManager & | MRMgr |
| MRMgr - Manages region objects associated with this StoreManager. | |
| ASTContext & | Ctx |
| using clang::ento::StoreManager::InvalidatedRegions = SmallVector<const MemRegion *, 8> |
|
protected |
|
virtualdefault |
|
pure virtual |
ArrayToPointer - Used by ExprEngine::VistCast to handle implicit conversions between arrays and pointers.
Return a store with the specified value bound to the given location.
| [in] | store | The store in which to make the binding. |
| [in] | loc | The symbolic memory location. |
| [in] | val | The value to bind to location loc. |
store with the addition of having the value specified by val bound to the location given for loc.
|
pure virtual |
Return a store with the specified value bound to all sub-regions of the region.
The region must not have previous bindings. If you need to invalidate existing bindings, consider invalidateRegions().
|
pure virtual |
Return a store with in which all values within the given region are reset to zero.
This method is allowed to overwrite previous bindings.
| std::optional< const MemRegion * > StoreManager::castRegion | ( | const MemRegion * | region, |
| QualType | CastToTy | ||
| ) |
castRegion - Used by ExprEngine::VisitCast to handle casts from a MemRegion* to a specific location type.
'R' is the region being casted and 'CastToTy' the result type of the cast.
Definition at line 74 of file Store.cpp.
References clang::ASTContext::CharTy, Ctx, clang::ento::ElementRegion::getAsArrayOffset(), clang::ASTContext::getCanonicalType(), clang::ento::ProgramStateManager::getContext(), clang::ento::MemRegion::getKind(), clang::QualType::getLocalUnqualifiedType(), clang::ento::RegionRawOffset::getOffset(), clang::Type::getPointeeType(), clang::CharUnits::getQuantity(), clang::ento::RegionRawOffset::getRegion(), clang::ASTContext::getTypeSizeInChars(), clang::Type::isBlockPointerType(), clang::ento::MemRegion::isBoundable(), clang::Type::isIncompleteType(), clang::Type::isObjCObjectPointerType(), clang::CharUnits::isZero(), MakeElementRegion(), StateMgr, clang::ento::MemRegion::StripCasts(), and clang::ASTContext::VoidTy.
Referenced by clang::ento::SValBuilder::getCastedMemRegionVal().
|
inlinevirtual |
If the StoreManager supports it, decrement the reference count of the specified Store object.
If the reference count hits 0, the memory associated with the object is recycled.
Definition at line 201 of file Store.h.
Referenced by clang::ento::StoreRef::operator=(), clang::ento::ProgramState::~ProgramState(), and clang::ento::StoreRef::~StoreRef().
| StoreRef StoreManager::enterStackFrame | ( | Store | store, |
| const CallEvent & | Call, | ||
| const StackFrameContext * | CalleeCtx | ||
| ) |
enterStackFrame - Let the StoreManager to do something when execution engine is about to execute into a callee.
Definition at line 46 of file Store.cpp.
References clang::Bind, and clang::Call.
Attempts to do a down cast.
Used to model BaseToDerived and C++ dynamic_cast. The callback may result in the following 3 scenarios:
std::nullopt otherwise. Definition at line 316 of file Store.cpp.
References evalDerivedToBase(), clang::Type::getAsCXXRecordDecl(), clang::ento::MemRegionManager::getCXXDerivedObjectRegion(), getCXXRecordType(), GetElementZeroRegion(), clang::Type::getPointeeCXXRecordDecl(), clang::Type::getPointeeType(), clang::CXXRecordDecl::isDerivedFrom(), clang::QualType::isNull(), clang::Type::isVoidType(), MRMgr, clang::ento::MemRegion::StripCasts(), and clang::T.
Referenced by clang::ento::CXXInstanceCall::getInitialStackFrameContents(), and clang::ento::ExprEngine::VisitCast().
Evaluates a chain of derived-to-base casts through the path specified in Cast.
Definition at line 252 of file Store.cpp.
References evalDerivedToBase(), regionMatchesCXXRecordType(), and clang::Result.
Referenced by adjustReturnValue(), evalBaseToDerived(), evalDerivedToBase(), clang::ento::ExprEngine::ProcessBaseDtor(), clang::ento::ExprEngine::ProcessInitializer(), and clang::ento::ExprEngine::VisitCast().
| SVal StoreManager::evalDerivedToBase | ( | SVal | Derived, |
| const CXXBasePath & | CastPath | ||
| ) |
Evaluates a chain of derived-to-base casts through the specified path.
Definition at line 266 of file Store.cpp.
References evalDerivedToBase(), and clang::Result.
Evaluates a derived-to-base cast through a single level of derivation.
Definition at line 275 of file Store.cpp.
References clang::Type::getAsCXXRecordDecl(), clang::ento::SVal::getAsRegion(), clang::ento::MemRegionManager::getCXXBaseObjectRegion(), clang::Type::getPointeeCXXRecordDecl(), and MRMgr.
|
pure virtual |
Return the value bound to specified location in a given state.
| [in] | store | The store in which to make the lookup. |
| [in] | loc | The symbolic memory location. |
| [in] | T | An optional type that provides a hint indicating the expected type of the returned value. This is used if the value is lazily computed. |
loc. Referenced by evalComparison().
|
inline |
Return the default value bound to a LazyCompoundVal.
The default binding is used to represent the value of any fields or elements within the structure represented by the LazyCompoundVal which were not initialized explicitly separately from the whole structure. Default binding may be an unknown, undefined, concrete, or symbolic value.
| [in] | lcv | The lazy compound value. |
lcv, if a default binding exists. Definition at line 97 of file Store.h.
References getDefaultBinding(), clang::ento::nonloc::LazyCompoundVal::getRegion(), and clang::ento::nonloc::LazyCompoundVal::getStore().
|
pure virtual |
Return the default value bound to a region in a given store.
The default binding is the value of sub-regions that were not initialized separately from their base region. For example, if the structure is zero-initialized upon construction, this method retrieves the concrete zero value, even if some or all fields were later overwritten manually. Default binding may be an unknown, undefined, concrete, or symbolic value.
| [in] | store | The store in which to make the lookup. |
| [in] | R | The region to find the default binding for. |
Referenced by getDefaultBinding().
| const ElementRegion * StoreManager::GetElementZeroRegion | ( | const SubRegion * | R, |
| QualType | T | ||
| ) |
Definition at line 67 of file Store.cpp.
References Ctx, clang::ento::MemRegionManager::getElementRegion(), clang::ento::SValBuilder::makeZeroArrayIndex(), MRMgr, svalBuilder, and clang::T.
Referenced by evalBaseToDerived().
|
pure virtual |
getInitialStore - Returns the initial "empty" store representing the value bindings upon entry to an analyzed function.
|
inline |
Definition at line 139 of file Store.h.
References clang::ento::MemRegionManager::getCompoundLiteralRegion(), and MRMgr.
Definition at line 443 of file Store.cpp.
References clang::ento::SVal::castAs(), clang::ento::SValBuilder::convertToArrayIndex(), Ctx, clang::ento::SValBuilder::getBasicValueFactory(), clang::QualType::getCanonicalType(), clang::ento::MemRegionManager::getElementRegion(), clang::Type::getPointeeType(), clang::QualType::isNull(), MRMgr, clang::ento::MemRegion::StripCasts(), and svalBuilder.
|
virtual |
Definition at line 439 of file Store.cpp.
References clang::ast_matchers::decl.
|
inlinevirtual |
Definition at line 135 of file Store.h.
References clang::ento::MemRegionManager::getVarRegion(), clang::ento::SValBuilder::makeLoc(), MRMgr, and svalBuilder.
|
inline |
|
inline |
Definition at line 133 of file Store.h.
References svalBuilder.
|
pure virtual |
|
inlinevirtual |
If the StoreManager supports it, increment the reference count of the specified Store object.
Definition at line 196 of file Store.h.
Referenced by clang::ento::StoreRef::operator=(), clang::ento::ProgramState::ProgramState(), and clang::ento::StoreRef::StoreRef().
|
pure virtual |
invalidateRegions - Clears out the specified regions from the store, marking their values as unknown.
Depending on the store, this may also invalidate additional regions that may have changed based on accessing the given regions. Optionally, invalidates non-static globals as well.
| [in] | store | The initial store |
| [in] | Values | The values to invalidate. |
| [in] | E | The current statement being evaluated. Used to conjure symbols to mark the values of invalidated regions. |
| [in] | Count | The current block count. Used to conjure symbols to mark the values of invalidated regions. |
| [in] | Call | The call expression which will be used to determine which globals should get invalidated. |
| [in,out] | IS | A set to fill with any symbols that are no longer accessible. Pass NULL if this information will not be used. |
| [in] | ITraits | Information about invalidation for a particular region/symbol. |
| [in,out] | InvalidatedTopLevel | A vector to fill with regions explicitly being invalidated. Pass NULL if this information will not be used. |
| [in,out] | Invalidated | A vector to fill with any regions being invalidated. This should include any regions explicitly invalidated even if they do not currently have bindings. Pass NULL if this information will not be used. |
|
pure virtual |
iterBindings - Iterate over the bindings in the Store.
Create a new store with the specified binding removed.
| ST | the original store, that is the basis for the new store. |
| L | the location whose binding should be removed. |
|
protected |
Definition at line 60 of file Store.cpp.
References clang::ento::SValBuilder::getContext(), clang::ento::MemRegionManager::getElementRegion(), clang::ento::SValBuilder::makeArrayIndex(), MRMgr, and svalBuilder.
Referenced by castRegion().
|
pure virtual |
Referenced by clang::ento::ProgramState::printJson().
|
pure virtual |
|
pure virtual |
Finds the transitive closure of symbols within the given region.
Returns false if the visitor aborted the scan.
Referenced by clang::ento::ScanReachableSymbols::scan().
|
protected |
Definition at line 60 of file Store.h.
Referenced by castRegion(), GetElementZeroRegion(), and getLValueElement().
|
protected |
MRMgr - Manages region objects associated with this StoreManager.
Definition at line 59 of file Store.h.
Referenced by evalBaseToDerived(), evalDerivedToBase(), GetElementZeroRegion(), getLValueCompoundLiteral(), getLValueElement(), getLValueVar(), getRegionManager(), and MakeElementRegion().
|
protected |
Definition at line 56 of file Store.h.
Referenced by castRegion().
|
protected |
Definition at line 55 of file Store.h.
Referenced by GetElementZeroRegion(), getLValueElement(), getLValueVar(), getSValBuilder(), and MakeElementRegion().
1.9.6