#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"#include "clang/AST/ASTTypeTraits.h"#include "clang/AST/Attr.h"#include "clang/AST/Decl.h"#include "clang/AST/DeclBase.h"#include "clang/AST/DeclObjC.h"#include "clang/AST/Expr.h"#include "clang/AST/ExprCXX.h"#include "clang/AST/ParentMap.h"#include "clang/AST/Stmt.h"#include "clang/AST/StmtCXX.h"#include "clang/AST/StmtObjC.h"#include "clang/Analysis/AnalysisDeclContext.h"#include "clang/Analysis/CFG.h"#include "clang/Analysis/CFGStmtMap.h"#include "clang/Analysis/PathDiagnostic.h"#include "clang/Analysis/ProgramPoint.h"#include "clang/Basic/LLVM.h"#include "clang/Basic/SourceLocation.h"#include "clang/Basic/SourceManager.h"#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"#include "clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h"#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"#include "clang/StaticAnalyzer/Core/BugReporter/Z3CrosscheckVisitor.h"#include "clang/StaticAnalyzer/Core/Checker.h"#include "clang/StaticAnalyzer/Core/CheckerManager.h"#include "clang/StaticAnalyzer/Core/CheckerRegistryData.h"#include "clang/StaticAnalyzer/Core/PathSensitive/EntryPointStats.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"#include "llvm/ADT/ArrayRef.h"#include "llvm/ADT/DenseMap.h"#include "llvm/ADT/DenseSet.h"#include "llvm/ADT/FoldingSet.h"#include "llvm/ADT/STLExtras.h"#include "llvm/ADT/SmallPtrSet.h"#include "llvm/ADT/StringExtras.h"#include "llvm/ADT/StringRef.h"#include "llvm/Support/Compiler.h"#include "llvm/Support/ErrorHandling.h"#include "llvm/Support/TimeProfiler.h"#include "llvm/Support/raw_ostream.h"#include <algorithm>#include <cassert>#include <cstddef>#include <iterator>#include <memory>#include <optional>#include <queue>#include <string>#include <tuple>#include <utility>#include <vector>Go to the source code of this file.
Macros | |
| #define | DEBUG_TYPE "BugReporter" |
Typedefs | |
| using | OptimizedCallsSet = llvm::DenseSet<const PathDiagnosticCallPiece *> |
Functions | |
| STAT_MAX (MaxBugClassSize, "The maximum number of bug reports in the same equivalence class") | |
| STAT_MAX (MaxValidBugClassSize, "The maximum number of bug reports in the same equivalence class " "where at least one report is valid (not suppressed)") | |
| STAT_COUNTER (NumTimesReportPassesZ3, "Number of reports passed Z3") | |
| STAT_COUNTER (NumTimesReportRefuted, "Number of reports refuted by Z3") | |
| STAT_COUNTER (NumTimesReportEQClassAborted, "Number of times a report equivalence class was aborted by the Z3 " "oracle heuristic") | |
| STAT_COUNTER (NumTimesReportEQClassWasExhausted, "Number of times all reports of an equivalence class was refuted") | |
| static PathDiagnosticEventPiece * | eventsDescribeSameCondition (PathDiagnosticEventPiece *X, PathDiagnosticEventPiece *Y) |
| static void | removeRedundantMsgs (PathPieces &path) |
| An optimization pass over PathPieces that removes redundant diagnostics generated by both ConditionBRVisitor and TrackConstraintBRVisitor. | |
| static bool | removeUnneededCalls (const PathDiagnosticConstruct &C, PathPieces &pieces, const PathSensitiveBugReport *R, bool IsInteresting=false) |
| Recursively scan through a path and prune out calls and macros pieces that aren't needed. | |
| static void | removePopUpNotes (PathPieces &Path) |
| Same logic as above to remove extra pieces. | |
| static bool | hasImplicitBody (const Decl *D) |
| Returns true if the given decl has been implicitly given a body, either by the analyzer or by the compiler proper. | |
| static void | adjustCallLocations (PathPieces &Pieces, PathDiagnosticLocation *LastCallLocation=nullptr) |
| Recursively scan through a path and make sure that all call pieces have valid locations. | |
| static void | removeEdgesToDefaultInitializers (PathPieces &Pieces) |
| Remove edges in and out of C++ default initializer expressions. | |
| static void | removePiecesWithInvalidLocations (PathPieces &Pieces) |
| Remove all pieces with invalid locations as these cannot be serialized. | |
| static const Stmt * | getEnclosingParent (const Stmt *S, const ParentMap &PM) |
| static PathDiagnosticLocation | getEnclosingStmtLocation (const Stmt *S, const LocationContext *LC, bool allowNestedContexts=false) |
| static void | CompactMacroExpandedPieces (PathPieces &path, const SourceManager &SM) |
| CompactMacroExpandedPieces - This function postprocesses a PathDiagnostic object and collapses PathDiagosticPieces that are expanded by macros. | |
| static bool | isLoop (const Stmt *Term) |
| static bool | isJumpToFalseBranch (const BlockEdge *BE) |
| static bool | isContainedByStmt (const ParentMap &PM, const Stmt *S, const Stmt *SubS) |
| static const Stmt * | getStmtBeforeCond (const ParentMap &PM, const Stmt *Term, const ExplodedNode *N) |
| static bool | isInLoopBody (const ParentMap &PM, const Stmt *S, const Stmt *Term) |
| static void | addEdgeToPath (PathPieces &path, PathDiagnosticLocation &PrevLoc, PathDiagnosticLocation NewLoc) |
| Adds a sanitized control-flow diagnostic edge to a path. | |
| static const Stmt * | getTerminatorCondition (const CFGBlock *B) |
| A customized wrapper for CFGBlock::getTerminatorCondition() which returns the element for ObjCForCollectionStmts. | |
| static std::unique_ptr< FilesToLineNumsMap > | findExecutedLines (const SourceManager &SM, const ExplodedNode *N) |
| static std::unique_ptr< PathDiagnostic > | generateDiagnosticForBasicReport (const BasicBugReport *R, const Decl *AnalysisEntryPoint) |
| static std::unique_ptr< PathDiagnostic > | generateEmptyDiagnosticForReport (const PathSensitiveBugReport *R, const SourceManager &SM, const Decl *AnalysisEntryPoint) |
| static const Stmt * | getStmtParent (const Stmt *S, const ParentMap &PM) |
| static bool | isConditionForTerminator (const Stmt *S, const Stmt *Cond) |
| static bool | isIncrementOrInitInForLoop (const Stmt *S, const Stmt *FL) |
| static void | addContextEdges (PathPieces &pieces, const LocationContext *LC) |
| Adds synthetic edges from top-level statements to their subexpressions. | |
| static void | simplifySimpleBranches (PathPieces &pieces) |
| Move edges from a branch condition to a branch target when the condition is simple. | |
| static std::optional< size_t > | getLengthOnSingleLine (const SourceManager &SM, SourceRange Range) |
| Returns the number of bytes in the given (character-based) SourceRange. | |
| static std::optional< size_t > | getLengthOnSingleLine (const SourceManager &SM, const Stmt *S) |
| static void | removeContextCycles (PathPieces &Path, const SourceManager &SM) |
| Eliminate two-edge cycles created by addContextEdges(). | |
| static bool | lexicalContains (const ParentMap &PM, const Stmt *X, const Stmt *Y) |
| Return true if X is contained by Y. | |
| static void | removePunyEdges (PathPieces &path, const SourceManager &SM, const ParentMap &PM) |
| static void | removeIdenticalEvents (PathPieces &path) |
| static bool | optimizeEdges (const PathDiagnosticConstruct &C, PathPieces &path, OptimizedCallsSet &OCS) |
| static void | dropFunctionEntryEdge (const PathDiagnosticConstruct &C, PathPieces &Path) |
| Drop the very first edge in a path, which should be a function entry edge. | |
| static void | updateExecutedLinesWithDiagnosticPieces (PathDiagnostic &PD) |
| Populate executes lines with lines containing at least one diagnostics. | |
| static LLVM_ATTRIBUTE_USED bool | isDependency (const CheckerRegistryData &Registry, StringRef CheckerName) |
| static LLVM_ATTRIBUTE_USED bool | isHidden (const CheckerRegistryData &Registry, StringRef CheckerName) |
| template<class T> | |
| static void | insertToInterestingnessMap (llvm::DenseMap< T, bugreporter::TrackingKind > &InterestingnessMap, T Val, bugreporter::TrackingKind TKind) |
| static bool | exitingDestructor (const ExplodedNode *N) |
| static const Stmt * | findReasonableStmtCloseToFunctionExit (const ExplodedNode *N) |
| static std::unique_ptr< VisitorsDiagnosticsTy > | generateVisitorsDiagnostics (PathSensitiveBugReport *R, const ExplodedNode *ErrorNode, BugReporterContext &BRC) |
| Generate notes from all visitors. | |
| static void | populateExecutedLinesWithFunctionSignature (const Decl *Signature, const SourceManager &SM, FilesToLineNumsMap &ExecutedLines) |
Insert all lines participating in the function signature Signature into ExecutedLines. | |
| static void | populateExecutedLinesWithStmt (const Stmt *S, const SourceManager &SM, FilesToLineNumsMap &ExecutedLines) |
| static PathDiagnosticCallPiece * | getFirstStackedCallToHeaderFile (PathDiagnosticCallPiece *CP, const SourceManager &SMgr) |
| static void | resetDiagnosticLocationToMainFile (PathDiagnostic &PD) |
Variables | |
| constexpr llvm::StringLiteral | StrEnteringLoop = "Entering loop body" |
| constexpr llvm::StringLiteral | StrLoopBodyZero = "Loop body executed 0 times" |
| constexpr llvm::StringLiteral | StrLoopRangeEmpty |
| constexpr llvm::StringLiteral | StrLoopCollectionEmpty |
Macro Definition Documentation
◆ DEBUG_TYPE
| #define DEBUG_TYPE "BugReporter" |
Definition at line 76 of file BugReporter.cpp.
Typedef Documentation
◆ OptimizedCallsSet
| using OptimizedCallsSet = llvm::DenseSet<const PathDiagnosticCallPiece *> |
Definition at line 1444 of file BugReporter.cpp.
Function Documentation
◆ addContextEdges()
|
static |
Adds synthetic edges from top-level statements to their subexpressions.
This avoids a "swoosh" effect, where an edge from a top-level statement A points to a sub-expression B.1 that's not at the start of B. In these cases, we'd like to see an edge from A to B, then another one from B to B.1.
Definition at line 1451 of file BugReporter.cpp.
References clang::ento::PathDiagnosticLocation::asStmt(), getEnclosingStmtLocation(), clang::LocationContext::getParentMap(), clang::ento::PathDiagnosticLocation::getStmtOrNull(), getStmtParent(), and clang::ento::PathDiagnosticLocation::isValid().
Referenced by optimizeEdges().
◆ addEdgeToPath()
|
static |
Adds a sanitized control-flow diagnostic edge to a path.
Definition at line 1108 of file BugReporter.cpp.
References clang::ento::PathDiagnosticLocation::asLocation(), clang::ento::PathDiagnosticLocation::asStmt(), clang::SourceLocation::isInvalid(), clang::ento::PathDiagnosticLocation::isValid(), and clang::SourceLocation::isValid().
◆ adjustCallLocations()
|
static |
Recursively scan through a path and make sure that all call pieces have valid locations.
Definition at line 527 of file BugReporter.cpp.
References adjustCallLocations(), clang::Call, and hasImplicitBody().
Referenced by adjustCallLocations().
◆ CompactMacroExpandedPieces()
|
static |
CompactMacroExpandedPieces - This function postprocesses a PathDiagnostic object and collapses PathDiagosticPieces that are expanded by macros.
Definition at line 2737 of file BugReporter.cpp.
References CompactMacroExpandedPieces(), clang::ento::PathDiagnosticLocation::createSingleLocation(), clang::SourceLocation::isFileID(), clang::SourceLocation::isMacroID(), and SM.
Referenced by CompactMacroExpandedPieces().
◆ dropFunctionEntryEdge()
|
static |
Drop the very first edge in a path, which should be a function entry edge.
If the first edge is not a function entry edge (say, because the first statement had an invalid source location), this function does nothing.
Definition at line 1975 of file BugReporter.cpp.
References clang::C, and clang::ento::PathDiagnosticLocation::createBegin().
◆ eventsDescribeSameCondition()
|
static |
Definition at line 379 of file BugReporter.cpp.
References clang::ento::PathDiagnosticSpotPiece::getLocation(), clang::ento::ConditionBRVisitor::getTag(), clang::ento::PathDiagnosticPiece::getTag(), clang::ento::TrackConstraintBRVisitor::getTag(), clang::ento::ConditionBRVisitor::isPieceMessageGeneric(), and X.
Referenced by removeRedundantMsgs().
◆ exitingDestructor()
|
static |
Definition at line 2441 of file BugReporter.cpp.
References clang::ProgramPoint::getAs(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), and clang::isa().
Referenced by findReasonableStmtCloseToFunctionExit().
◆ findExecutedLines()
|
static |
- Returns
- all executed lines including function signatures on the path starting from
N.
Definition at line 3259 of file BugReporter.cpp.
References clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocationAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ParentMap::getParent(), clang::ento::ExplodedNode::getParentMap(), clang::ento::ExplodedNode::getStmtForDiagnostics(), populateExecutedLinesWithFunctionSignature(), populateExecutedLinesWithStmt(), and SM.
Referenced by generateEmptyDiagnosticForReport().
◆ findReasonableStmtCloseToFunctionExit()
|
static |
Definition at line 2451 of file BugReporter.cpp.
References exitingDestructor(), clang::ento::ExplodedNode::getNextStmtForDiagnostics(), and clang::ento::ExplodedNode::getPreviousStmtForDiagnostics().
Referenced by clang::ento::PathSensitiveBugReport::getLocation().
◆ generateDiagnosticForBasicReport()
|
static |
Definition at line 1353 of file BugReporter.cpp.
References clang::ento::BugReport::getBugType(), clang::ento::BugType::getCategory(), clang::ento::BugType::getCheckerName(), clang::ento::BasicBugReport::getDeclWithIssue(), clang::ento::BugReport::getDescription(), clang::ento::BugType::getDescription(), clang::ento::BugReport::getShortDescription(), clang::ento::BasicBugReport::getUniqueingDecl(), and clang::ento::BasicBugReport::getUniqueingLocation().
Referenced by clang::ento::BugReporter::generateDiagnosticForConsumerMap().
◆ generateEmptyDiagnosticForReport()
|
static |
Definition at line 1364 of file BugReporter.cpp.
References findExecutedLines(), clang::ento::BugReport::getBugType(), clang::ento::BugType::getCategory(), clang::ento::BugType::getCheckerName(), clang::ento::PathSensitiveBugReport::getDeclWithIssue(), clang::ento::BugReport::getDescription(), clang::ento::BugType::getDescription(), clang::ento::PathSensitiveBugReport::getErrorNode(), clang::ento::BugReport::getShortDescription(), clang::ento::PathSensitiveBugReport::getUniqueingDecl(), clang::ento::PathSensitiveBugReport::getUniqueingLocation(), and SM.
◆ generateVisitorsDiagnostics()
|
static |
Generate notes from all visitors.
Notes associated with ErrorNode are generated using getEndPath, and the rest are generated with VisitNode.
Definition at line 2832 of file BugReporter.cpp.
References clang::ento::PathSensitiveBugReport::clearVisitors(), clang::ento::PathDiagnosticPiece::Event, clang::ento::ExplodedNode::getFirstPred(), clang::ento::PathSensitiveBugReport::isValid(), V, and clang::ento::PathSensitiveBugReport::visitors().
◆ getEnclosingParent()
Definition at line 650 of file BugReporter.cpp.
References clang::cast(), clang::ParentMap::getParentIgnoreParens(), clang::Stmt::getStmtClass(), clang::isa(), and clang::ParentMap::isConsumedExpr().
Referenced by getEnclosingStmtLocation().
◆ getEnclosingStmtLocation()
|
static |
Definition at line 673 of file BugReporter.cpp.
References clang::cast(), clang::Decl::getASTContext(), clang::LocationContext::getDecl(), getEnclosingParent(), clang::LocationContext::getParentMap(), and clang::ASTContext::getSourceManager().
Referenced by addContextEdges().
◆ getFirstStackedCallToHeaderFile()
|
static |
Definition at line 3308 of file BugReporter.cpp.
References clang::ento::PathDiagnosticLocation::asLocation(), clang::ento::PathDiagnosticCallPiece::callEnter, clang::ento::PathDiagnosticCallPiece::callEnterWithin, getFirstStackedCallToHeaderFile(), clang::ento::AnalysisManager::isInCodeFile(), clang::SourceLocation::isMacroID(), and clang::ento::PathDiagnosticCallPiece::path.
Referenced by getFirstStackedCallToHeaderFile(), and resetDiagnosticLocationToMainFile().
◆ getLengthOnSingleLine() [1/2]
|
static |
- See also
- getLengthOnSingleLine(SourceManager, SourceRange)
Definition at line 1631 of file BugReporter.cpp.
References getLengthOnSingleLine(), clang::Stmt::getSourceRange(), and SM.
◆ getLengthOnSingleLine() [2/2]
|
static |
Returns the number of bytes in the given (character-based) SourceRange.
If the locations in the range are not on the same line, returns std::nullopt.
Note that this does not do a precise user-visible character or column count.
Definition at line 1602 of file BugReporter.cpp.
References clang::SourceRange::getBegin(), clang::SourceRange::getEnd(), and SM.
Referenced by getLengthOnSingleLine(), optimizeEdges(), removeContextCycles(), and removePunyEdges().
◆ getStmtBeforeCond()
|
static |
Definition at line 1060 of file BugReporter.cpp.
References clang::ProgramPoint::getAs(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::ExplodedNode::getLocation(), and isContainedByStmt().
◆ getStmtParent()
Definition at line 1375 of file BugReporter.cpp.
References clang::ParentMap::getParentIgnoreParens(), and clang::isa().
Referenced by addContextEdges(), and optimizeEdges().
◆ getTerminatorCondition()
A customized wrapper for CFGBlock::getTerminatorCondition() which returns the element for ObjCForCollectionStmts.
Definition at line 1135 of file BugReporter.cpp.
References clang::CFGBlock::getTerminatorCondition().
Referenced by clang::dataflow::computeBlockInputState().
◆ hasImplicitBody()
Returns true if the given decl has been implicitly given a body, either by the analyzer or by the compiler proper.
Definition at line 519 of file BugReporter.cpp.
References clang::Decl::hasBody(), and clang::Decl::isImplicit().
Referenced by adjustCallLocations().
◆ insertToInterestingnessMap()
|
static |
Definition at line 2255 of file BugReporter.cpp.
References clang::ento::bugreporter::Condition, clang::T, and clang::ento::bugreporter::Thorough.
Referenced by clang::ento::PathSensitiveBugReport::markInteresting(), and clang::ento::PathSensitiveBugReport::markInteresting().
◆ isConditionForTerminator()
Definition at line 1394 of file BugReporter.cpp.
References clang::cast(), clang::Cond, and clang::Stmt::getStmtClass().
Referenced by optimizeEdges(), removePunyEdges(), and simplifySimpleBranches().
◆ isContainedByStmt()
Definition at line 1050 of file BugReporter.cpp.
References clang::ParentMap::getParent().
Referenced by getStmtBeforeCond(), and isInLoopBody().
◆ isDependency()
|
static |
Definition at line 2141 of file BugReporter.cpp.
Referenced by clang::ento::PathSensitiveBugReport::PathSensitiveBugReport().
◆ isHidden()
|
static |
Definition at line 2149 of file BugReporter.cpp.
Referenced by clang::ento::PathSensitiveBugReport::PathSensitiveBugReport().
◆ isIncrementOrInitInForLoop()
Definition at line 1435 of file BugReporter.cpp.
Referenced by optimizeEdges().
◆ isInLoopBody()
Definition at line 1074 of file BugReporter.cpp.
References clang::cast(), clang::Stmt::getStmtClass(), and isContainedByStmt().
◆ isJumpToFalseBranch()
Definition at line 1044 of file BugReporter.cpp.
References clang::BlockEdge::getDst(), clang::BlockEdge::getSrc(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().
◆ isLoop()
Definition at line 1031 of file BugReporter.cpp.
References clang::Stmt::getStmtClass().
◆ lexicalContains()
Return true if X is contained by Y.
Definition at line 1707 of file BugReporter.cpp.
References clang::ParentMap::getParent(), and X.
Referenced by optimizeEdges().
◆ optimizeEdges()
|
static |
Definition at line 1793 of file BugReporter.cpp.
References addContextEdges(), clang::C, clang::cast(), getLengthOnSingleLine(), clang::LocationContext::getParentMap(), getStmtParent(), clang::isa(), isConditionForTerminator(), clang::ParentMap::isConsumedExpr(), isIncrementOrInitInForLoop(), lexicalContains(), optimizeEdges(), removeContextCycles(), removeIdenticalEvents(), removePunyEdges(), simplifySimpleBranches(), and SM.
Referenced by optimizeEdges().
◆ populateExecutedLinesWithFunctionSignature()
|
static |
Insert all lines participating in the function signature Signature into ExecutedLines.
Definition at line 3219 of file BugReporter.cpp.
References clang::SourceRange::getBegin(), clang::Decl::getBody(), clang::SourceRange::getEnd(), clang::Stmt::getSourceRange(), clang::SourceLocation::isValid(), clang::Line, and SM.
Referenced by findExecutedLines().
◆ populateExecutedLinesWithStmt()
|
static |
Definition at line 3244 of file BugReporter.cpp.
References clang::SourceRange::getBegin(), clang::Stmt::getSourceRange(), clang::ento::DefinedSVal::isValid(), and SM.
Referenced by findExecutedLines().
◆ removeContextCycles()
|
static |
Eliminate two-edge cycles created by addContextEdges().
Once all the context edges are in place, there are plenty of cases where there's a single edge from a top-level statement to a subexpression, followed by a single path note, and then a reverse edge to get back out to the top level. If the statement is simple enough, the subexpression edges just add noise and make it harder to understand what's going on.
This function only removes edges in pairs, because removing only one edge might leave other edges dangling.
This will not remove edges in more complicated situations:
- if there is more than one "hop" leading to or from a subexpression.
- if there is an inlined call between the edges instead of a single event.
- if the whole statement is large enough that having subexpression arrows might be helpful.
Definition at line 1652 of file BugReporter.cpp.
References getLengthOnSingleLine(), clang::isa(), and SM.
Referenced by optimizeEdges().
◆ removeEdgesToDefaultInitializers()
|
static |
Remove edges in and out of C++ default initializer expressions.
These are for fields that have in-class initializers, as opposed to being initialized explicitly in a constructor or braced list.
Definition at line 560 of file BugReporter.cpp.
References clang::C, clang::ento::CF, Next, and removeEdgesToDefaultInitializers().
Referenced by removeEdgesToDefaultInitializers().
◆ removeIdenticalEvents()
|
static |
Definition at line 1770 of file BugReporter.cpp.
Referenced by optimizeEdges().
◆ removePiecesWithInvalidLocations()
|
static |
Remove all pieces with invalid locations as these cannot be serialized.
We might have pieces with invalid locations as a result of inlining Body Farm generated functions.
Definition at line 594 of file BugReporter.cpp.
References clang::C, and removePiecesWithInvalidLocations().
Referenced by removePiecesWithInvalidLocations().
◆ removePopUpNotes()
|
static |
Same logic as above to remove extra pieces.
Definition at line 508 of file BugReporter.cpp.
References clang::isa().
◆ removePunyEdges()
|
static |
Definition at line 1717 of file BugReporter.cpp.
References clang::Stmt::getBeginLoc(), getLengthOnSingleLine(), clang::ParentMap::getParent(), isConditionForTerminator(), and SM.
Referenced by optimizeEdges().
◆ removeRedundantMsgs()
|
static |
An optimization pass over PathPieces that removes redundant diagnostics generated by both ConditionBRVisitor and TrackConstraintBRVisitor.
Both BugReporterVisitors use different methods to generate diagnostics, with one capable of emitting diagnostics in some cases but not in others. This can lead to redundant diagnostic pieces at the same point in a path.
Definition at line 405 of file BugReporter.cpp.
References clang::ento::PathDiagnosticPiece::Call, clang::cast(), clang::ento::PathDiagnosticPiece::ControlFlow, clang::ento::PathDiagnosticPiece::Event, eventsDescribeSameCondition(), clang::ento::PathDiagnosticPiece::Macro, clang::ento::PathDiagnosticPiece::Note, clang::ento::PathDiagnosticPiece::PopUp, and removeRedundantMsgs().
Referenced by removeRedundantMsgs().
◆ removeUnneededCalls()
|
static |
Recursively scan through a path and prune out calls and macros pieces that aren't needed.
Return true if afterwards the path contains "interesting stuff" which means it shouldn't be pruned from the parent path.
Definition at line 455 of file BugReporter.cpp.
References clang::C, clang::ento::PathDiagnosticPiece::Call, clang::cast(), clang::ento::PathDiagnosticPiece::ControlFlow, clang::ento::PathDiagnosticPiece::Event, clang::ento::PathSensitiveBugReport::isInteresting(), clang::ento::PathDiagnosticPiece::Macro, clang::ento::PathDiagnosticPiece::Note, clang::ento::PathDiagnosticPiece::PopUp, and removeUnneededCalls().
Referenced by removeUnneededCalls().
◆ resetDiagnosticLocationToMainFile()
|
static |
Definition at line 3336 of file BugReporter.cpp.
References clang::ento::PathDiagnostic::appendToDesc(), clang::ento::PathDiagnosticCallPiece::getCallee(), clang::ento::PathDiagnosticCallPiece::getCaller(), getFirstStackedCallToHeaderFile(), clang::ento::PathDiagnosticCallPiece::getLocation(), clang::ento::PathDiagnosticPiece::getLocation(), clang::ento::PathDiagnosticLocation::getManager(), clang::ento::PathDiagnostic::path, clang::ento::PathDiagnosticPiece::setAsLastInMainSourceFile(), clang::ento::PathDiagnostic::setDeclWithIssue(), and clang::ento::PathDiagnostic::setLocation().
◆ simplifySimpleBranches()
|
static |
Move edges from a branch condition to a branch target when the condition is simple.
This restructures some of the work of addContextEdges. That function creates edges this may destroy, but they work together to create a more aesthetically set of edges around branches. After the call to addContextEdges, we may have (1) an edge to the branch, (2) an edge from the branch to the branch condition, and (3) an edge from the branch condition to the branch target. We keep (1), but may wish to remove (2) and move the source of (3) to the branch if the branch condition is simple.
Definition at line 1532 of file BugReporter.cpp.
References clang::ento::PathDiagnosticControlFlowPiece::getEndLocation(), clang::ento::PathDiagnosticControlFlowPiece::getStartLocation(), clang::ento::PathDiagnosticLocation::getStmtOrNull(), clang::isa(), isConditionForTerminator(), clang::ento::PathDiagnosticControlFlowPiece::setStartLocation(), StrEnteringLoop, StrLoopBodyZero, StrLoopCollectionEmpty, and StrLoopRangeEmpty.
Referenced by optimizeEdges().
◆ STAT_COUNTER() [1/4]
| STAT_COUNTER | ( | NumTimesReportEQClassAborted | , |
| "Number of times a report equivalence class was aborted by the Z3 " "oracle heuristic" | ) |
◆ STAT_COUNTER() [2/4]
| STAT_COUNTER | ( | NumTimesReportEQClassWasExhausted | , |
| "Number of times all reports of an equivalence class was refuted" | ) |
◆ STAT_COUNTER() [3/4]
| STAT_COUNTER | ( | NumTimesReportPassesZ3 | , |
| "Number of reports passed Z3" | ) |
◆ STAT_COUNTER() [4/4]
| STAT_COUNTER | ( | NumTimesReportRefuted | , |
| "Number of reports refuted by Z3" | ) |
◆ STAT_MAX() [1/2]
| STAT_MAX | ( | MaxBugClassSize | , |
| "The maximum number of bug reports in the same equivalence class" | ) |
◆ STAT_MAX() [2/2]
| STAT_MAX | ( | MaxValidBugClassSize | , |
| "The maximum number of bug reports in the same equivalence class " "where at least one report is valid (not suppressed)" | ) |
◆ updateExecutedLinesWithDiagnosticPieces()
|
static |
Populate executes lines with lines containing at least one diagnostics.
Definition at line 1992 of file BugReporter.cpp.
References clang::ento::PathPieces::flatten(), clang::ento::PathDiagnostic::getExecutedLines(), clang::FileID::isValid(), and clang::ento::PathDiagnostic::path.
Variable Documentation
◆ StrEnteringLoop
|
constexpr |
Definition at line 1142 of file BugReporter.cpp.
Referenced by simplifySimpleBranches().
◆ StrLoopBodyZero
|
constexpr |
Definition at line 1143 of file BugReporter.cpp.
Referenced by simplifySimpleBranches().
◆ StrLoopCollectionEmpty
|
constexpr |
Definition at line 1146 of file BugReporter.cpp.
Referenced by simplifySimpleBranches().
◆ StrLoopRangeEmpty
|
constexpr |
Definition at line 1144 of file BugReporter.cpp.
Referenced by simplifySimpleBranches().
Generated on for clang by
1.14.0