|
clang 20.0.0git
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h"#include "clang/AST/ASTContext.h"#include "clang/AST/Decl.h"#include "clang/AST/DeclBase.h"#include "clang/AST/DeclCXX.h"#include "clang/AST/Expr.h"#include "clang/AST/ExprCXX.h"#include "clang/AST/ExprObjC.h"#include "clang/AST/Stmt.h"#include "clang/AST/Type.h"#include "clang/ASTMatchers/ASTMatchFinder.h"#include "clang/Analysis/Analyses/Dominators.h"#include "clang/Analysis/AnalysisDeclContext.h"#include "clang/Analysis/CFG.h"#include "clang/Analysis/CFGStmtMap.h"#include "clang/Analysis/PathDiagnostic.h"#include "clang/Analysis/ProgramPoint.h"#include "clang/Basic/IdentifierTable.h"#include "clang/Basic/LLVM.h"#include "clang/Basic/SourceLocation.h"#include "clang/Basic/SourceManager.h"#include "clang/Lex/Lexer.h"#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SMTConv.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"#include "llvm/ADT/ArrayRef.h"#include "llvm/ADT/STLExtras.h"#include "llvm/ADT/SmallPtrSet.h"#include "llvm/ADT/SmallString.h"#include "llvm/ADT/SmallVector.h"#include "llvm/ADT/StringExtras.h"#include "llvm/ADT/StringRef.h"#include "llvm/Support/Casting.h"#include "llvm/Support/ErrorHandling.h"#include "llvm/Support/raw_ostream.h"#include <cassert>#include <deque>#include <memory>#include <optional>#include <stack>#include <string>#include <utility>Go to the source code of this file.
Functions | |
| static const Expr * | peelOffPointerArithmetic (const BinaryOperator *B) |
| static const Expr * | peelOffOuterExpr (const Expr *Ex, const ExplodedNode *N) |
| static const VarDecl * | getVarDeclForExpression (const Expr *E) |
| static const MemRegion * | getLocationRegionIfReference (const Expr *E, const ExplodedNode *N, bool LookingForReference=true) |
| static bool | hasVisibleUpdate (const ExplodedNode *LeftNode, SVal LeftVal, const ExplodedNode *RightNode, SVal RightVal) |
| Comparing internal representations of symbolic values (via SVal::operator==()) is a valid way to check if the value was updated, unless it's a LazyCompoundVal that may have a different internal representation every time it is loaded from the state. | |
| static std::optional< SVal > | getSValForVar (const Expr *CondVarExpr, const ExplodedNode *N) |
| static std::optional< const llvm::APSInt * > | getConcreteIntegerValue (const Expr *CondVarExpr, const ExplodedNode *N) |
| static bool | isVarAnInterestingCondition (const Expr *CondVarExpr, const ExplodedNode *N, const PathSensitiveBugReport *B) |
| static bool | isInterestingExpr (const Expr *E, const ExplodedNode *N, const PathSensitiveBugReport *B) |
| static StringRef | getMacroName (SourceLocation Loc, BugReporterContext &BRC) |
| static bool | isFunctionMacroExpansion (SourceLocation Loc, const SourceManager &SM) |
| static bool | wasRegionOfInterestModifiedAt (const SubRegion *RegionOfInterest, const ExplodedNode *N, SVal ValueAfter) |
| static const ExplodedNode * | getMatchingCallExitEnd (const ExplodedNode *N) |
| static bool | potentiallyWritesIntoIvar (const Decl *Parent, const ObjCIvarDecl *Ivar) |
| static bool | isPointerToConst (QualType Ty) |
| static bool | isInitializationOfVar (const ExplodedNode *N, const VarRegion *VR) |
Returns true if N represents the DeclStmt declaring and initializing VR. | |
| static bool | isObjCPointer (const MemRegion *R) |
| static bool | isObjCPointer (const ValueDecl *D) |
| static void | showBRDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
Show diagnostics for initializing or declaring a region R with a bad value. | |
| static void | showBRParamDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
| Display diagnostics for passing bad region as a parameter. | |
| static void | showBRDefaultDiagnostics (llvm::raw_svector_ostream &OS, StoreInfo SI) |
| Show default diagnostics for storing bad region. | |
| static bool | isTrivialCopyOrMoveCtor (const CXXConstructExpr *CE) |
| static const Expr * | tryExtractInitializerFromList (const InitListExpr *ILE, const MemRegion *R) |
| static std::shared_ptr< PathDiagnosticEventPiece > | constructDebugPieceForTrackedCondition (const Expr *Cond, const ExplodedNode *N, BugReporterContext &BRC) |
| static bool | isAssertlikeBlock (const CFGBlock *B, ASTContext &Context) |
| static const ExplodedNode * | findNodeForExpression (const ExplodedNode *N, const Expr *Inner) |
| Find the ExplodedNode where the lvalue (the value of 'Ex') was computed. | |
Variables | |
| static llvm::StringLiteral | WillBeUsedForACondition |
|
static |
Definition at line 2021 of file BugReporterVisitors.cpp.
References clang::AnalyzerOptions::AnalysisDiagOpt, clang::ento::PathDiagnosticLocation::createBegin(), clang::ento::BugReporterContext::getAnalyzerOptions(), clang::ento::BugReporterContext::getASTContext(), clang::ASTContext::getLangOpts(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::BugReporterContext::getSourceManager(), clang::Stmt::getSourceRange(), clang::Lexer::getSourceText(), clang::CharSourceRange::getTokenRange(), and clang::PD_NONE.
|
static |
Find the ExplodedNode where the lvalue (the value of 'Ex') was computed.
Definition at line 2208 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getFirstPred(), and clang::ento::ExplodedNode::getStmtForDiagnostics().
Referenced by clang::ento::bugreporter::Tracker::track().
|
static |
Definition at line 263 of file BugReporterVisitors.cpp.
References getSValForVar(), and V.
Referenced by clang::ento::ConditionBRVisitor::printValue().
|
static |
Definition at line 181 of file BugReporterVisitors.cpp.
References E, clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ValueDecl::getType(), getVarDeclForExpression(), and clang::Type::isReferenceType().
|
static |
Loc. Definition at line 296 of file BugReporterVisitors.cpp.
References clang::ento::BugReporterContext::getASTContext(), clang::Lexer::getImmediateMacroName(), clang::ASTContext::getLangOpts(), and clang::ento::BugReporterContext::getSourceManager().
|
static |
|
static |
Definition at line 238 of file BugReporterVisitors.cpp.
References clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::Expr::IgnoreImpCasts().
Referenced by getConcreteIntegerValue(), isInterestingExpr(), and isVarAnInterestingCondition().
Definition at line 174 of file BugReporterVisitors.cpp.
References E.
Referenced by getLocationRegionIfReference().
|
static |
Comparing internal representations of symbolic values (via SVal::operator==()) is a valid way to check if the value was updated, unless it's a LazyCompoundVal that may have a different internal representation every time it is loaded from the state.
In this function we do an approximate comparison for lazy compound values, checking that they are the immediate snapshots of the tracked region's bindings within the node's respective states but not really checking that these snapshots actually contain the same set of bindings.
Definition at line 220 of file BugReporterVisitors.cpp.
References clang::ento::SVal::getAs(), clang::ento::nonloc::LazyCompoundVal::getRegion(), and clang::ento::ExplodedNode::getState().
|
static |
Definition at line 2039 of file BugReporterVisitors.cpp.
References clang::CFGBlock::getTerminatorCondition(), isAssertlikeBlock(), clang::CFGBlock::isInevitablySinking(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().
Referenced by isAssertlikeBlock().
|
static |
Definition at line 306 of file BugReporterVisitors.cpp.
References clang::SrcMgr::SLocEntry::getExpansion(), clang::SrcMgr::ExpansionInfo::isFunctionMacroExpansion(), and SM.
|
static |
Returns true if N represents the DeclStmt declaring and initializing VR.
Definition at line 1272 of file BugReporterVisitors.cpp.
References clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::MemRegion::getMemorySpace(), clang::DeclStmt::getSingleDecl(), clang::LocationContext::getStackFrame(), clang::VarDecl::hasLocalStorage(), clang::VarDecl::isStaticLocal(), and P.
|
static |
Definition at line 288 of file BugReporterVisitors.cpp.
References E, clang::ento::PathSensitiveBugReport::getInterestingnessKind(), getSValForVar(), and V.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
Definition at line 1299 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::isBoundable().
Referenced by clang::Sema::CheckAdditionOperands(), showBRDefaultDiagnostics(), showBRDiagnostics(), and showBRParamDiagnostics().
Definition at line 1307 of file BugReporterVisitors.cpp.
References D.
Ty points to a const type, or is a const reference. Definition at line 735 of file BugReporterVisitors.cpp.
References clang::QualType::getCanonicalType(), clang::Type::getPointeeType(), clang::QualType::isConstQualified(), and clang::QualType::isNull().
|
static |
Definition at line 1447 of file BugReporterVisitors.cpp.
References clang::CXXConstructExpr::getConstructor(), and clang::CXXConstructorDecl::isCopyOrMoveConstructor().
|
static |
Definition at line 271 of file BugReporterVisitors.cpp.
References clang::ento::PathSensitiveBugReport::getErrorNode(), clang::ento::PathSensitiveBugReport::getInterestingnessKind(), clang::ento::ExplodedNode::getStackFrame(), getSValForVar(), clang::LocationContext::isParentOf(), and V.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
|
static |
Ex which represents the expression-of-interest. Definition at line 2142 of file BugReporterVisitors.cpp.
References clang::ProgramPoint::getAs(), clang::ento::bugreporter::getDerefExpr(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocation(), clang::CFGBlock::getTerminatorStmt(), clang::Expr::IgnoreParenCasts(), peelOffOuterExpr(), peelOffPointerArithmetic(), and clang::CFGBlock::succ_begin().
Referenced by peelOffOuterExpr(), and clang::ento::bugreporter::Tracker::track().
|
static |
Definition at line 74 of file BugReporterVisitors.cpp.
References clang::BinaryOperator::getLHS(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::BinaryOperator::isAdditiveOp(), and clang::Type::isPointerType().
Referenced by clang::ento::bugreporter::getDerefExpr(), and peelOffOuterExpr().
|
static |
Parent syntactically has a binary operation writing into the ivar Ivar. Definition at line 616 of file BugReporterVisitors.cpp.
References clang::ast_matchers::binaryOperator, clang::ast_matchers::hasDeclaration(), clang::ast_matchers::hasDescendant, clang::ast_matchers::match(), clang::ast_matchers::objcIvarRefExpr, clang::ObjCSelf, Parent, and clang::ast_matchers::stmt.
|
static |
Show default diagnostics for storing bad region.
Definition at line 1408 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), isObjCPointer(), clang::ento::SVal::isUndef(), clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Show diagnostics for initializing or declaring a region R with a bad value.
Definition at line 1312 of file BugReporterVisitors.cpp.
References clang::ento::bugreporter::StoreInfo::BlockCapture, clang::ento::MemRegion::canPrintPretty(), clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), clang::ento::ExplodedNode::getLocationAs(), clang::StmtPoint::getStmt(), clang::ento::bugreporter::StoreInfo::Initialization, isObjCPointer(), clang::ento::SVal::isUndef(), clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), clang::ento::bugreporter::StoreInfo::StoreKind, clang::ento::bugreporter::StoreInfo::StoreSite, and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Display diagnostics for passing bad region as a parameter.
Definition at line 1369 of file BugReporterVisitors.cpp.
References clang::ento::MemRegion::canPrintPretty(), D, clang::ento::bugreporter::StoreInfo::Dest, clang::ento::SVal::getAs(), isObjCPointer(), clang::ento::SVal::isUndef(), clang::ObjCSelf, clang::ento::bugreporter::StoreInfo::Origin, clang::ento::OS, clang::ento::MemRegion::printPretty(), and clang::ento::bugreporter::StoreInfo::Value.
|
static |
Definition at line 1456 of file BugReporterVisitors.cpp.
References clang::QualType::getCanonicalType(), clang::ento::FieldRegion::getDecl(), clang::InitListExpr::getInit(), clang::InitListExpr::getNumInits(), clang::Expr::getType(), and clang::Init.
|
static |
RegionOfInterest was modified at N, where ValueAfter is RegionOfInterest's value at the end of the stack frame. Definition at line 321 of file BugReporterVisitors.cpp.
References clang::ento::SValBuilder::areEqual(), clang::ento::SVal::getAsRegion(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNode::getSVal(), clang::ento::ProgramStateManager::getSValBuilder(), clang::ento::ConditionTruthVal::isConstrainedTrue(), clang::ento::SubRegion::isSubRegionOf(), and clang::ento::SVal::isUndef().
|
static |
Definition at line 784 of file BugReporterVisitors.cpp.
Referenced by clang::ento::ConditionBRVisitor::VisitConditionVariable(), and clang::ento::ConditionBRVisitor::VisitTrueTest().
1.9.6