|
clang 17.0.0git
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h"#include "clang/AST/ASTContext.h"#include "clang/AST/Decl.h"#include "clang/AST/DeclBase.h"#include "clang/AST/DeclCXX.h"#include "clang/AST/Expr.h"#include "clang/AST/ExprCXX.h"#include "clang/AST/ExprObjC.h"#include "clang/AST/Stmt.h"#include "clang/AST/Type.h"#include "clang/ASTMatchers/ASTMatchFinder.h"#include "clang/Analysis/Analyses/Dominators.h"#include "clang/Analysis/AnalysisDeclContext.h"#include "clang/Analysis/CFG.h"#include "clang/Analysis/CFGStmtMap.h"#include "clang/Analysis/PathDiagnostic.h"#include "clang/Analysis/ProgramPoint.h"#include "clang/Basic/IdentifierTable.h"#include "clang/Basic/LLVM.h"#include "clang/Basic/SourceLocation.h"#include "clang/Basic/SourceManager.h"#include "clang/Lex/Lexer.h"#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SMTConv.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"#include "llvm/ADT/ArrayRef.h"#include "llvm/ADT/STLExtras.h"#include "llvm/ADT/SmallPtrSet.h"#include "llvm/ADT/SmallString.h"#include "llvm/ADT/SmallVector.h"#include "llvm/ADT/StringExtras.h"#include "llvm/ADT/StringRef.h"#include "llvm/Support/Casting.h"#include "llvm/Support/ErrorHandling.h"#include "llvm/Support/raw_ostream.h"#include <cassert>#include <deque>#include <memory>#include <optional>#include <string>#include <utility>Go to the source code of this file.
Functions | |
| static const Expr * | peelOffPointerArithmetic (const BinaryOperator *B) |
| static const Expr * | peelOffOuterExpr (const Expr *Ex, const ExplodedNode *N) |
| static const MemRegion * | getLocationRegionIfReference (const Expr *E, const ExplodedNode *N, bool LookingForReference=true) |
| static bool | hasVisibleUpdate (const ExplodedNode *LeftNode, SVal LeftVal, const ExplodedNode *RightNode, SVal RightVal) |
| Comparing internal representations of symbolic values (via SVal::operator==()) is a valid way to check if the value was updated, unless it's a LazyCompoundVal that may have a different internal representation every time it is loaded from the state. | |
| static std::optional< SVal > | getSValForVar (const Expr *CondVarExpr, const ExplodedNode *N) |
| static std::optional< const llvm::APSInt * > | getConcreteIntegerValue (const Expr *CondVarExpr, const ExplodedNode *N) |
| static bool | isVarAnInterestingCondition (const Expr *CondVarExpr, const ExplodedNode *N, const PathSensitiveBugReport *B) |
| static bool | isInterestingExpr (const Expr *E, const ExplodedNode *N, const PathSensitiveBugReport *B) |
| static StringRef | getMacroName (SourceLocation Loc, BugReporterContext &BRC) |
| static bool | isFunctionMacroExpansion (SourceLocation Loc, const SourceManager &SM) |
| static bool | wasRegionOfInterestModifiedAt (const SubRegion *RegionOfInterest, const ExplodedNode *N, SVal ValueAfter) |
| static const ExplodedNode * | getMatchingCallExitEnd (const ExplodedNode *N) |
| static bool | potentiallyWritesIntoIvar (const Decl *Parent, const ObjCIvarDecl *Ivar) |
| static bool | isPointerToConst (QualType Ty) |
| static bool | isInitializationOfVar (const ExplodedNode *N, const VarRegion *VR) |
Returns true if N represents the DeclStmt declaring and initializing VR. | |
| static bool | isObjCPointer (const MemRegion *R) |
| static bool | isObjCPointer (const ValueDecl *D) |
| static void | showBRDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
Show diagnostics for initializing or declaring a region R with a bad value. | |
| static void | showBRParamDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
| Display diagnostics for passing bad region as a parameter. | |
| static void | showBRDefaultDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
| Show default diagnostics for storing bad region. | |
| static bool | isTrivialCopyOrMoveCtor (const CXXConstructExpr *CE) |
| static const Expr * | tryExtractInitializerFromList (const InitListExpr *ILE, const MemRegion *R) |
| static std::shared_ptr< PathDiagnosticEventPiece > | constructDebugPieceForTrackedCondition (const Expr *Cond, const ExplodedNode *N, BugReporterContext &BRC) |
| static bool | isAssertlikeBlock (const CFGBlock *B, ASTContext &Context) |
| static const ExplodedNode * | findNodeForExpression (const ExplodedNode *N, const Expr *Inner) |
| Find the ExplodedNode where the lvalue (the value of 'Ex') was computed. | |
Variables | |
| static llvm::StringLiteral | WillBeUsedForACondition |
|
static |
Definition at line 1992 of file BugReporterVisitors.cpp.
References clang::AnalyzerOptions::AnalysisDiagOpt, clang::ento::PathDiagnosticLocation::createBegin(), clang::ento::BugReporterContext::getAnalyzerOptions(), clang::ento::BugReporterContext::getASTContext(), clang::ASTContext::getLangOpts(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::BugReporterContext::getSourceManager(), clang::Stmt::getSourceRange(), clang::Lexer::getSourceText(), clang::CharSourceRange::getTokenRange(), and clang::PD_NONE.
|
static |
Find the ExplodedNode where the lvalue (the value of 'Ex') was computed.
Definition at line 2179 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getFirstPred(), and clang::ento::ExplodedNode::getStmtForDiagnostics().
Referenced by clang::ento::bugreporter::Tracker::track().
|
static |
Definition at line 233 of file BugReporterVisitors.cpp.
References getSValForVar(), and V.
Referenced by clang::ento::ConditionBRVisitor::printValue().
|
static |
Definition at line 161 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getLocationContext(), and clang::ento::ExplodedNode::getState().
|
static |
Loc. Definition at line 266 of file BugReporterVisitors.cpp.
References clang::ento::BugReporterContext::getASTContext(), clang::Lexer::getImmediateMacroName(), clang::ASTContext::getLangOpts(), and clang::ento::BugReporterContext::getSourceManager().
|
static |
|
static |
Definition at line 208 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::Expr::IgnoreImpCasts().
Referenced by getConcreteIntegerValue(), isInterestingExpr(), and isVarAnInterestingCondition().
|
static |
Comparing internal representations of symbolic values (via SVal::operator==()) is a valid way to check if the value was updated, unless it's a LazyCompoundVal that may have a different internal representation every time it is loaded from the state.
In this function we do an approximate comparison for lazy compound values, checking that they are the immediate snapshots of the tracked region's bindings within the node's respective states but not really checking that these snapshots actually contain the same set of bindings.
Definition at line 190 of file BugReporterVisitors.cpp.
References clang::ento::SVal::getAs(), clang::ento::nonloc::LazyCompoundVal::getRegion(), and clang::ento::ExplodedNode::getState().
|
static |
Definition at line 2010 of file BugReporterVisitors.cpp.
References clang::CFGBlock::getTerminatorCondition(), isAssertlikeBlock(), clang::CFGBlock::isInevitablySinking(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().
Referenced by isAssertlikeBlock().
|
static |
Definition at line 276 of file BugReporterVisitors.cpp.
References clang::SrcMgr::SLocEntry::getExpansion(), clang::SrcMgr::ExpansionInfo::isFunctionMacroExpansion(), and SM.
|
static |
Returns true if N represents the DeclStmt declaring and initializing VR.
Definition at line 1242 of file BugReporterVisitors.cpp.
References clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::MemRegion::getMemorySpace(), clang::DeclStmt::getSingleDecl(), clang::LocationContext::getStackFrame(), clang::VarDecl::hasLocalStorage(), clang::VarDecl::isStaticLocal(), and P.
|
static |
Definition at line 258 of file BugReporterVisitors.cpp.
References clang::ento::PathSensitiveBugReport::getInterestingnessKind(), getSValForVar(), and V.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
Definition at line 1269 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::isBoundable().
Referenced by clang::Sema::CheckAdditionOperands(), showBRDefaultDiagnostics(), showBRDiagnostics(), and showBRParamDiagnostics().
Definition at line 1277 of file BugReporterVisitors.cpp.
References clang::ValueDecl::getType(), and clang::Type::isObjCObjectPointerType().
Ty points to a const type, or is a const reference. Definition at line 705 of file BugReporterVisitors.cpp.
References clang::QualType::getCanonicalType(), clang::Type::getPointeeType(), clang::QualType::isConstQualified(), and clang::QualType::isNull().
|
static |
Definition at line 1418 of file BugReporterVisitors.cpp.
References clang::CXXConstructExpr::getConstructor(), and clang::CXXConstructorDecl::isCopyOrMoveConstructor().
|
static |
Definition at line 241 of file BugReporterVisitors.cpp.
References clang::ento::PathSensitiveBugReport::getErrorNode(), clang::ento::PathSensitiveBugReport::getInterestingnessKind(), clang::ento::ExplodedNode::getStackFrame(), getSValForVar(), clang::LocationContext::isParentOf(), and V.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
|
static |
Ex which represents the expression-of-interest. Definition at line 2113 of file BugReporterVisitors.cpp.
References clang::ProgramPoint::getAs(), clang::ento::bugreporter::getDerefExpr(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocation(), clang::CFGBlock::getTerminatorStmt(), clang::Expr::IgnoreParenCasts(), peelOffOuterExpr(), peelOffPointerArithmetic(), and clang::CFGBlock::succ_begin().
Referenced by peelOffOuterExpr(), and clang::ento::bugreporter::Tracker::track().
|
static |
Definition at line 73 of file BugReporterVisitors.cpp.
References clang::BinaryOperator::getLHS(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::BinaryOperator::isAdditiveOp(), and clang::Type::isPointerType().
Referenced by clang::ento::bugreporter::getDerefExpr(), and peelOffOuterExpr().
|
static |
Parent syntactically has a binary operation writing into the ivar Ivar. Definition at line 586 of file BugReporterVisitors.cpp.
References clang::ast_matchers::binaryOperator, clang::ast_matchers::hasDeclaration(), clang::ast_matchers::hasDescendant, clang::ast_matchers::match(), clang::ast_matchers::objcIvarRefExpr, clang::ImplicitParamDecl::ObjCSelf, Parent, and clang::ast_matchers::stmt.
|
static |
Show default diagnostics for storing bad region.
Definition at line 1379 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), isObjCPointer(), clang::ento::SVal::isUndef(), clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Show diagnostics for initializing or declaring a region R with a bad value.
Definition at line 1282 of file BugReporterVisitors.cpp.
References clang::ento::bugreporter::StoreInfo::BlockCapture, clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), clang::ento::ExplodedNode::getLocationAs(), clang::StmtPoint::getStmt(), clang::ento::bugreporter::StoreInfo::Initialization, isObjCPointer(), clang::ento::SVal::isUndef(), clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), clang::ento::bugreporter::StoreInfo::StoreKind, clang::ento::bugreporter::StoreInfo::StoreSite, and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Display diagnostics for passing bad region as a parameter.
Definition at line 1339 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), isObjCPointer(), clang::ento::SVal::isUndef(), clang::ImplicitParamDecl::ObjCSelf, clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Definition at line 1427 of file BugReporterVisitors.cpp.
References clang::QualType::getCanonicalType(), clang::ento::FieldRegion::getDecl(), clang::InitListExpr::getInit(), clang::InitListExpr::getNumInits(), and clang::Expr::getType().
|
static |
RegionOfInterest was modified at N, where ValueAfter is RegionOfInterest's value at the end of the stack frame. Definition at line 291 of file BugReporterVisitors.cpp.
References clang::ento::SValBuilder::areEqual(), clang::ento::SVal::getAsRegion(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNode::getSVal(), clang::ento::ProgramStateManager::getSValBuilder(), clang::ento::ConditionTruthVal::isConstrainedTrue(), clang::ento::SubRegion::isSubRegionOf(), and clang::ento::SVal::isUndef().
|
static |
Definition at line 754 of file BugReporterVisitors.cpp.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
1.9.6