|
clang 18.0.0git
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h"#include "clang/AST/ASTContext.h"#include "clang/AST/Decl.h"#include "clang/AST/DeclBase.h"#include "clang/AST/DeclCXX.h"#include "clang/AST/Expr.h"#include "clang/AST/ExprCXX.h"#include "clang/AST/ExprObjC.h"#include "clang/AST/Stmt.h"#include "clang/AST/Type.h"#include "clang/ASTMatchers/ASTMatchFinder.h"#include "clang/Analysis/Analyses/Dominators.h"#include "clang/Analysis/AnalysisDeclContext.h"#include "clang/Analysis/CFG.h"#include "clang/Analysis/CFGStmtMap.h"#include "clang/Analysis/PathDiagnostic.h"#include "clang/Analysis/ProgramPoint.h"#include "clang/Basic/IdentifierTable.h"#include "clang/Basic/LLVM.h"#include "clang/Basic/SourceLocation.h"#include "clang/Basic/SourceManager.h"#include "clang/Lex/Lexer.h"#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SMTConv.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"#include "llvm/ADT/ArrayRef.h"#include "llvm/ADT/STLExtras.h"#include "llvm/ADT/SmallPtrSet.h"#include "llvm/ADT/SmallString.h"#include "llvm/ADT/SmallVector.h"#include "llvm/ADT/StringExtras.h"#include "llvm/ADT/StringRef.h"#include "llvm/Support/Casting.h"#include "llvm/Support/ErrorHandling.h"#include "llvm/Support/raw_ostream.h"#include <cassert>#include <deque>#include <memory>#include <optional>#include <string>#include <utility>Go to the source code of this file.
Functions | |
| static const Expr * | peelOffPointerArithmetic (const BinaryOperator *B) |
| static const Expr * | peelOffOuterExpr (const Expr *Ex, const ExplodedNode *N) |
| static const VarDecl * | getVarDeclForExpression (const Expr *E) |
| static const MemRegion * | getLocationRegionIfReference (const Expr *E, const ExplodedNode *N, bool LookingForReference=true) |
| static bool | hasVisibleUpdate (const ExplodedNode *LeftNode, SVal LeftVal, const ExplodedNode *RightNode, SVal RightVal) |
| Comparing internal representations of symbolic values (via SVal::operator==()) is a valid way to check if the value was updated, unless it's a LazyCompoundVal that may have a different internal representation every time it is loaded from the state. | |
| static std::optional< SVal > | getSValForVar (const Expr *CondVarExpr, const ExplodedNode *N) |
| static std::optional< const llvm::APSInt * > | getConcreteIntegerValue (const Expr *CondVarExpr, const ExplodedNode *N) |
| static bool | isVarAnInterestingCondition (const Expr *CondVarExpr, const ExplodedNode *N, const PathSensitiveBugReport *B) |
| static bool | isInterestingExpr (const Expr *E, const ExplodedNode *N, const PathSensitiveBugReport *B) |
| static StringRef | getMacroName (SourceLocation Loc, BugReporterContext &BRC) |
| static bool | isFunctionMacroExpansion (SourceLocation Loc, const SourceManager &SM) |
| static bool | wasRegionOfInterestModifiedAt (const SubRegion *RegionOfInterest, const ExplodedNode *N, SVal ValueAfter) |
| static const ExplodedNode * | getMatchingCallExitEnd (const ExplodedNode *N) |
| static bool | potentiallyWritesIntoIvar (const Decl *Parent, const ObjCIvarDecl *Ivar) |
| static bool | isPointerToConst (QualType Ty) |
| static bool | isInitializationOfVar (const ExplodedNode *N, const VarRegion *VR) |
Returns true if N represents the DeclStmt declaring and initializing VR. | |
| static bool | isObjCPointer (const MemRegion *R) |
| static bool | isObjCPointer (const ValueDecl *D) |
| static void | showBRDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
Show diagnostics for initializing or declaring a region R with a bad value. | |
| static void | showBRParamDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
| Display diagnostics for passing bad region as a parameter. | |
| static void | showBRDefaultDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
| Show default diagnostics for storing bad region. | |
| static bool | isTrivialCopyOrMoveCtor (const CXXConstructExpr *CE) |
| static const Expr * | tryExtractInitializerFromList (const InitListExpr *ILE, const MemRegion *R) |
| static std::shared_ptr< PathDiagnosticEventPiece > | constructDebugPieceForTrackedCondition (const Expr *Cond, const ExplodedNode *N, BugReporterContext &BRC) |
| static bool | isAssertlikeBlock (const CFGBlock *B, ASTContext &Context) |
| static const ExplodedNode * | findNodeForExpression (const ExplodedNode *N, const Expr *Inner) |
| Find the ExplodedNode where the lvalue (the value of 'Ex') was computed. | |
Variables | |
| static llvm::StringLiteral | WillBeUsedForACondition |
|
static |
Definition at line 2017 of file BugReporterVisitors.cpp.
References clang::AnalyzerOptions::AnalysisDiagOpt, clang::ento::PathDiagnosticLocation::createBegin(), clang::ento::BugReporterContext::getAnalyzerOptions(), clang::ento::BugReporterContext::getASTContext(), clang::ASTContext::getLangOpts(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::BugReporterContext::getSourceManager(), clang::Stmt::getSourceRange(), clang::Lexer::getSourceText(), clang::CharSourceRange::getTokenRange(), and clang::PD_NONE.
|
static |
Find the ExplodedNode where the lvalue (the value of 'Ex') was computed.
Definition at line 2204 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getFirstPred(), and clang::ento::ExplodedNode::getStmtForDiagnostics().
Referenced by clang::ento::bugreporter::Tracker::track().
|
static |
Definition at line 259 of file BugReporterVisitors.cpp.
References getSValForVar(), and V.
Referenced by clang::ento::ConditionBRVisitor::printValue().
|
static |
Definition at line 177 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ValueDecl::getType(), getVarDeclForExpression(), and clang::Type::isReferenceType().
|
static |
Loc. Definition at line 292 of file BugReporterVisitors.cpp.
References clang::ento::BugReporterContext::getASTContext(), clang::Lexer::getImmediateMacroName(), clang::ASTContext::getLangOpts(), and clang::ento::BugReporterContext::getSourceManager().
|
static |
|
static |
Definition at line 234 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::Expr::IgnoreImpCasts().
Referenced by getConcreteIntegerValue(), isInterestingExpr(), and isVarAnInterestingCondition().
Definition at line 170 of file BugReporterVisitors.cpp.
Referenced by getLocationRegionIfReference().
|
static |
Comparing internal representations of symbolic values (via SVal::operator==()) is a valid way to check if the value was updated, unless it's a LazyCompoundVal that may have a different internal representation every time it is loaded from the state.
In this function we do an approximate comparison for lazy compound values, checking that they are the immediate snapshots of the tracked region's bindings within the node's respective states but not really checking that these snapshots actually contain the same set of bindings.
Definition at line 216 of file BugReporterVisitors.cpp.
References clang::ento::SVal::getAs(), clang::ento::nonloc::LazyCompoundVal::getRegion(), and clang::ento::ExplodedNode::getState().
|
static |
Definition at line 2035 of file BugReporterVisitors.cpp.
References clang::CFGBlock::getTerminatorCondition(), isAssertlikeBlock(), clang::CFGBlock::isInevitablySinking(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().
Referenced by isAssertlikeBlock().
|
static |
Definition at line 302 of file BugReporterVisitors.cpp.
References clang::SrcMgr::SLocEntry::getExpansion(), clang::SrcMgr::ExpansionInfo::isFunctionMacroExpansion(), and SM.
|
static |
Returns true if N represents the DeclStmt declaring and initializing VR.
Definition at line 1268 of file BugReporterVisitors.cpp.
References clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::MemRegion::getMemorySpace(), clang::DeclStmt::getSingleDecl(), clang::LocationContext::getStackFrame(), clang::VarDecl::hasLocalStorage(), clang::VarDecl::isStaticLocal(), and P.
|
static |
Definition at line 284 of file BugReporterVisitors.cpp.
References clang::ento::PathSensitiveBugReport::getInterestingnessKind(), getSValForVar(), and V.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
Definition at line 1295 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::isBoundable().
Referenced by clang::Sema::CheckAdditionOperands(), showBRDefaultDiagnostics(), showBRDiagnostics(), and showBRParamDiagnostics().
Definition at line 1303 of file BugReporterVisitors.cpp.
References clang::ValueDecl::getType(), and clang::Type::isObjCObjectPointerType().
Ty points to a const type, or is a const reference. Definition at line 731 of file BugReporterVisitors.cpp.
References clang::QualType::getCanonicalType(), clang::Type::getPointeeType(), clang::QualType::isConstQualified(), and clang::QualType::isNull().
|
static |
Definition at line 1443 of file BugReporterVisitors.cpp.
References clang::CXXConstructExpr::getConstructor(), and clang::CXXConstructorDecl::isCopyOrMoveConstructor().
|
static |
Definition at line 267 of file BugReporterVisitors.cpp.
References clang::ento::PathSensitiveBugReport::getErrorNode(), clang::ento::PathSensitiveBugReport::getInterestingnessKind(), clang::ento::ExplodedNode::getStackFrame(), getSValForVar(), clang::LocationContext::isParentOf(), and V.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
|
static |
Ex which represents the expression-of-interest. Definition at line 2138 of file BugReporterVisitors.cpp.
References clang::ProgramPoint::getAs(), clang::ento::bugreporter::getDerefExpr(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocation(), clang::CFGBlock::getTerminatorStmt(), clang::Expr::IgnoreParenCasts(), peelOffOuterExpr(), peelOffPointerArithmetic(), and clang::CFGBlock::succ_begin().
Referenced by peelOffOuterExpr(), and clang::ento::bugreporter::Tracker::track().
|
static |
Definition at line 73 of file BugReporterVisitors.cpp.
References clang::BinaryOperator::getLHS(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::BinaryOperator::isAdditiveOp(), and clang::Type::isPointerType().
Referenced by clang::ento::bugreporter::getDerefExpr(), and peelOffOuterExpr().
|
static |
Parent syntactically has a binary operation writing into the ivar Ivar. Definition at line 612 of file BugReporterVisitors.cpp.
References clang::ast_matchers::binaryOperator, clang::ast_matchers::hasDeclaration(), clang::ast_matchers::hasDescendant, clang::ast_matchers::match(), clang::ast_matchers::objcIvarRefExpr, clang::ObjCSelf, Parent, and clang::ast_matchers::stmt.
|
static |
Show default diagnostics for storing bad region.
Definition at line 1404 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), isObjCPointer(), clang::ento::SVal::isUndef(), clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Show diagnostics for initializing or declaring a region R with a bad value.
Definition at line 1308 of file BugReporterVisitors.cpp.
References clang::ento::bugreporter::StoreInfo::BlockCapture, clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), clang::ento::ExplodedNode::getLocationAs(), clang::StmtPoint::getStmt(), clang::ento::bugreporter::StoreInfo::Initialization, isObjCPointer(), clang::ento::SVal::isUndef(), clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), clang::ento::bugreporter::StoreInfo::StoreKind, clang::ento::bugreporter::StoreInfo::StoreSite, and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Display diagnostics for passing bad region as a parameter.
Definition at line 1365 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), isObjCPointer(), clang::ento::SVal::isUndef(), clang::ObjCSelf, clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Definition at line 1452 of file BugReporterVisitors.cpp.
References clang::QualType::getCanonicalType(), clang::ento::FieldRegion::getDecl(), clang::InitListExpr::getInit(), clang::InitListExpr::getNumInits(), clang::Expr::getType(), and clang::Init.
|
static |
RegionOfInterest was modified at N, where ValueAfter is RegionOfInterest's value at the end of the stack frame. Definition at line 317 of file BugReporterVisitors.cpp.
References clang::ento::SValBuilder::areEqual(), clang::ento::SVal::getAsRegion(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNode::getSVal(), clang::ento::ProgramStateManager::getSValBuilder(), clang::ento::ConditionTruthVal::isConstrainedTrue(), clang::ento::SubRegion::isSubRegionOf(), and clang::ento::SVal::isUndef().
|
static |
Definition at line 780 of file BugReporterVisitors.cpp.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
1.9.6