|
clang
8.0.0svn
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h"#include "clang/AST/ASTContext.h"#include "clang/AST/Decl.h"#include "clang/AST/DeclBase.h"#include "clang/AST/DeclCXX.h"#include "clang/AST/Expr.h"#include "clang/AST/ExprCXX.h"#include "clang/AST/ExprObjC.h"#include "clang/AST/Stmt.h"#include "clang/AST/Type.h"#include "clang/ASTMatchers/ASTMatchFinder.h"#include "clang/Analysis/AnalysisDeclContext.h"#include "clang/Analysis/CFG.h"#include "clang/Analysis/CFGStmtMap.h"#include "clang/Analysis/ProgramPoint.h"#include "clang/Basic/IdentifierTable.h"#include "clang/Basic/LLVM.h"#include "clang/Basic/SourceLocation.h"#include "clang/Basic/SourceManager.h"#include "clang/Lex/Lexer.h"#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"#include "clang/StaticAnalyzer/Core/BugReporter/PathDiagnostic.h"#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h"#include "llvm/ADT/ArrayRef.h"#include "llvm/ADT/None.h"#include "llvm/ADT/Optional.h"#include "llvm/ADT/STLExtras.h"#include "llvm/ADT/SmallPtrSet.h"#include "llvm/ADT/SmallString.h"#include "llvm/ADT/SmallVector.h"#include "llvm/ADT/StringExtras.h"#include "llvm/ADT/StringRef.h"#include "llvm/Support/Casting.h"#include "llvm/Support/ErrorHandling.h"#include "llvm/Support/raw_ostream.h"#include <cassert>#include <deque>#include <memory>#include <string>#include <utility>Go to the source code of this file.
Functions | |
| static const Expr * | peelOffPointerArithmetic (const BinaryOperator *B) |
| static StringRef | getMacroName (SourceLocation Loc, BugReporterContext &BRC) |
| static bool | isFunctionMacroExpansion (SourceLocation Loc, const SourceManager &SM) |
| static bool | wasRegionOfInterestModifiedAt (const SubRegion *RegionOfInterest, const ExplodedNode *N, SVal ValueAfter) |
| static bool | isInitializationOfVar (const ExplodedNode *N, const VarRegion *VR) |
Returns true if N represents the DeclStmt declaring and initializing VR. More... | |
| static void | showBRDiagnostics (const char *action, llvm::raw_svector_ostream &os, const MemRegion *R, SVal V, const DeclStmt *DS) |
Show diagnostics for initializing or declaring a region R with a bad value. More... | |
| static void | showBRParamDiagnostics (llvm::raw_svector_ostream &os, const VarRegion *VR, SVal V) |
| Display diagnostics for passing bad region as a parameter. More... | |
| static void | showBRDefaultDiagnostics (llvm::raw_svector_ostream &os, const MemRegion *R, SVal V) |
| Show default diagnostics for storing bad region. More... | |
| static const MemRegion * | getLocationRegionIfReference (const Expr *E, const ExplodedNode *N) |
| static const Expr * | peelOffOuterExpr (const Expr *Ex, const ExplodedNode *N) |
| static const ExplodedNode * | findNodeForStatement (const ExplodedNode *N, const Stmt *S, const Expr *Inner) |
| Walk through nodes until we get one that matches the statement exactly. More... | |
| static const ExplodedNode * | findNodeForExpression (const ExplodedNode *N, const Expr *Inner) |
| Find the ExplodedNode where the lvalue (the value of 'Ex') was computed. More... | |
| static const Expr * | peelOfOuterAddrOf (const Expr *Ex) |
| Performing operator `&' on an lvalue expression is essentially a no-op. More... | |
|
static |
Find the ExplodedNode where the lvalue (the value of 'Ex') was computed.
Definition at line 1593 of file BugReporterVisitors.cpp.
|
static |
Walk through nodes until we get one that matches the statement exactly.
Alternately, if we hit a known lvalue for the statement, we know we've gone too far (though we can likely track the lvalue better anyway).
Definition at line 1573 of file BugReporterVisitors.cpp.
|
static |
Definition at line 1498 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getLocationContext(), clang::ento::ProgramStateManager::getRegionManager(), clang::ento::ExplodedNode::getState(), and clang::ento::MemRegionManager::getVarRegion().
|
static |
Loc. Definition at line 210 of file BugReporterVisitors.cpp.
References clang::ento::BugReporterContext::getASTContext(), clang::Lexer::getImmediateMacroName(), clang::ASTContext::getLangOpts(), and clang::ento::BugReporterContext::getSourceManager().
|
static |
Definition at line 220 of file BugReporterVisitors.cpp.
References clang::CharSourceRange::getBegin(), clang::SourceManager::getDecomposedLoc(), clang::SrcMgr::SLocEntry::getExpansion(), clang::SourceManager::getImmediateExpansionRange(), clang::SourceManager::getSLocEntry(), clang::SrcMgr::ExpansionInfo::isFunctionMacroExpansion(), clang::SourceManager::isMacroArgExpansion(), and clang::SourceLocation::isMacroID().
|
static |
Returns true if N represents the DeclStmt declaring and initializing VR.
Definition at line 1032 of file BugReporterVisitors.cpp.
References clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::MemRegion::getMemorySpace(), clang::DeclStmt::getSingleDecl(), clang::LocationContext::getStackFrame(), clang::VarDecl::hasLocalStorage(), clang::VarDecl::isStaticLocal(), and P.
Referenced by showBRDefaultDiagnostics().
|
static |
Definition at line 1519 of file BugReporterVisitors.cpp.
References clang::ProgramPoint::getAs(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocation(), clang::CFGBlock::getTerminator(), clang::Expr::IgnoreParenCasts(), peelOffPointerArithmetic(), and clang::CFGBlock::succ_begin().
Referenced by peelOfOuterAddrOf().
|
static |
Definition at line 80 of file BugReporterVisitors.cpp.
References clang::BinaryOperator::getLHS(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::BinaryOperator::isAdditiveOp(), and clang::Type::isPointerType().
Referenced by peelOffOuterExpr().
Performing operator `&' on an lvalue expression is essentially a no-op.
Then, if we are taking addresses of fields or elements, these are also unlikely to matter.
Definition at line 1609 of file BugReporterVisitors.cpp.
References clang::Expr::IgnoreParenCasts(), and peelOffOuterExpr().
|
static |
Show default diagnostics for storing bad region.
Definition at line 1132 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::SVal::getAs(), clang::CallEventManager::getCaller(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getState(), clang::ento::BugReporterContext::getStateManager(), clang::Expr::IgnoreParenCasts(), clang::ento::MemRegion::isBoundable(), isInitializationOfVar(), clang::ento::SVal::isUndef(), P, and clang::ento::MemRegion::printPretty().
|
static |
Show diagnostics for initializing or declaring a region R with a bad value.
Definition at line 1060 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::SVal::getAs(), clang::DeclStmt::getSingleDecl(), clang::ento::MemRegion::isBoundable(), clang::ento::SVal::isUndef(), and clang::ento::MemRegion::printPretty().
|
static |
Display diagnostics for passing bad region as a parameter.
Definition at line 1102 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::SVal::getAs(), clang::ento::VarRegion::getDecl(), clang::ento::SVal::isUndef(), and clang::ento::MemRegion::printPretty().
|
static |
RegionOfInterest was modified at N, where ReturnState is a state associated with the return from the current frame. Definition at line 235 of file BugReporterVisitors.cpp.
References clang::ento::SValBuilder::areEqual(), clang::CallEventManager::getCaller(), clang::ento::ProgramStateManager::getCallEventManager(), clang::ento::MemRegionManager::getContext(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SubRegion::getMemRegionManager(), clang::ASTContext::getPrintingPolicy(), clang::ASTContext::getSourceManager(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::ento::BugReporterContext::getStateManager(), clang::ento::ExplodedNode::getSVal(), clang::ento::ProgramStateManager::getSValBuilder(), clang::ento::ConditionTruthVal::isConstrainedTrue(), clang::SourceManager::isInSystemHeader(), clang::ento::SubRegion::isSubRegionOf(), clang::ento::SVal::isUndef(), SM, and State.
1.8.13