clang 18.0.0git
CheckerManager.cpp
Go to the documentation of this file.
1//===- CheckerManager.cpp - Static Analyzer Checker Manager ---------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// Defines the Static Analyzer Checker Manager.
10//
11//===----------------------------------------------------------------------===//
12
13#include "clang/StaticAnalyzer/Core/CheckerManager.h"
14#include "clang/AST/DeclBase.h"
15#include "clang/AST/Stmt.h"
16#include "clang/Analysis/ProgramPoint.h"
17#include "clang/Basic/JsonSupport.h"
18#include "clang/Basic/LLVM.h"
19#include "clang/Driver/DriverDiagnostic.h"
20#include "clang/StaticAnalyzer/Core/Checker.h"
21#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
22#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
23#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h"
24#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
25#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
26#include "llvm/ADT/SmallVector.h"
27#include "llvm/Support/Casting.h"
28#include "llvm/Support/ErrorHandling.h"
29#include "llvm/Support/FormatVariadic.h"
30#include <cassert>
31#include <optional>
32#include <vector>
33
34using namespace clang;
35using namespace ento;
36
37bool CheckerManager::hasPathSensitiveCheckers() const {
38 const auto IfAnyAreNonEmpty = [](const auto &... Callbacks) -> bool {
39 return (!Callbacks.empty() || ...);
40 };
41 return IfAnyAreNonEmpty(
42 StmtCheckers, PreObjCMessageCheckers, ObjCMessageNilCheckers,
43 PostObjCMessageCheckers, PreCallCheckers, PostCallCheckers,
44 LocationCheckers, BindCheckers, EndAnalysisCheckers,
45 BeginFunctionCheckers, EndFunctionCheckers, BranchConditionCheckers,
46 NewAllocatorCheckers, LiveSymbolsCheckers, DeadSymbolsCheckers,
47 RegionChangesCheckers, PointerEscapeCheckers, EvalAssumeCheckers,
48 EvalCallCheckers, EndOfTranslationUnitCheckers);
49}
50
51void CheckerManager::finishedCheckerRegistration() {
52#ifndef NDEBUG
53 // Make sure that for every event that has listeners, there is at least
54 // one dispatcher registered for it.
55 for (const auto &Event : Events)
56 assert(Event.second.HasDispatcher &&
57 "No dispatcher registered for an event");
58#endif
59}
60
61void CheckerManager::reportInvalidCheckerOptionValue(
62 const CheckerBase *C, StringRef OptionName,
63 StringRef ExpectedValueDesc) const {
64
65 getDiagnostics().Report(diag::err_analyzer_checker_option_invalid_input)
66 << (llvm::Twine() + C->getTagDescription() + ":" + OptionName).str()
67 << ExpectedValueDesc;
68}
69
70//===----------------------------------------------------------------------===//
71// Functions for running checkers for AST traversing..
72//===----------------------------------------------------------------------===//
73
74void CheckerManager::runCheckersOnASTDecl(const Decl *D, AnalysisManager& mgr,
75 BugReporter &BR) {
76 assert(D);
77
78 unsigned DeclKind = D->getKind();
79 CachedDeclCheckers *checkers = nullptr;
80 CachedDeclCheckersMapTy::iterator CCI = CachedDeclCheckersMap.find(DeclKind);
81 if (CCI != CachedDeclCheckersMap.end()) {
82 checkers = &(CCI->second);
83 } else {
84 // Find the checkers that should run for this Decl and cache them.
85 checkers = &CachedDeclCheckersMap[DeclKind];
86 for (const auto &info : DeclCheckers)
87 if (info.IsForDeclFn(D))
88 checkers->push_back(info.CheckFn);
89 }
90
91 assert(checkers);
92 for (const auto &checker : *checkers)
93 checker(D, mgr, BR);
94}
95
96void CheckerManager::runCheckersOnASTBody(const Decl *D, AnalysisManager& mgr,
97 BugReporter &BR) {
98 assert(D && D->hasBody());
99
100 for (const auto &BodyChecker : BodyCheckers)
101 BodyChecker(D, mgr, BR);
102}
103
104//===----------------------------------------------------------------------===//
105// Functions for running checkers for path-sensitive checking.
106//===----------------------------------------------------------------------===//
107
108template <typename CHECK_CTX>
109static void expandGraphWithCheckers(CHECK_CTX checkCtx,
110 ExplodedNodeSet &Dst,
111 const ExplodedNodeSet &Src) {
112 const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
113 if (Src.empty())
114 return;
115
116 typename CHECK_CTX::CheckersTy::const_iterator
117 I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
118 if (I == E) {
119 Dst.insert(Src);
120 return;
121 }
122
123 ExplodedNodeSet Tmp1, Tmp2;
124 const ExplodedNodeSet *PrevSet = &Src;
125
126 for (; I != E; ++I) {
127 ExplodedNodeSet *CurrSet = nullptr;
128 if (I+1 == E)
129 CurrSet = &Dst;
130 else {
131 CurrSet = (PrevSet == &Tmp1) ? &Tmp2 : &Tmp1;
132 CurrSet->clear();
133 }
134
135 NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
136 for (const auto &NI : *PrevSet)
137 checkCtx.runChecker(*I, B, NI);
138
139 // If all the produced transitions are sinks, stop.
140 if (CurrSet->empty())
141 return;
142
143 // Update which NodeSet is the current one.
144 PrevSet = CurrSet;
145 }
146}
147
148namespace {
149
150 struct CheckStmtContext {
151 using CheckersTy = SmallVectorImpl<CheckerManager::CheckStmtFunc>;
152
153 bool IsPreVisit;
154 const CheckersTy &Checkers;
155 const Stmt *S;
156 ExprEngine &Eng;
157 bool WasInlined;
158
159 CheckStmtContext(bool isPreVisit, const CheckersTy &checkers,
160 const Stmt *s, ExprEngine &eng, bool wasInlined = false)
161 : IsPreVisit(isPreVisit), Checkers(checkers), S(s), Eng(eng),
162 WasInlined(wasInlined) {}
163
164 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
165 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
166
167 void runChecker(CheckerManager::CheckStmtFunc checkFn,
168 NodeBuilder &Bldr, ExplodedNode *Pred) {
169 // FIXME: Remove respondsToCallback from CheckerContext;
170 ProgramPoint::Kind K = IsPreVisit ? ProgramPoint::PreStmtKind :
171 ProgramPoint::PostStmtKind;
172 const ProgramPoint &L = ProgramPoint::getProgramPoint(S, K,
173 Pred->getLocationContext(), checkFn.Checker);
174 CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
175 checkFn(S, C);
176 }
177 };
178
179} // namespace
180
181/// Run checkers for visiting Stmts.
182void CheckerManager::runCheckersForStmt(bool isPreVisit,
183 ExplodedNodeSet &Dst,
184 const ExplodedNodeSet &Src,
185 const Stmt *S,
186 ExprEngine &Eng,
187 bool WasInlined) {
188 CheckStmtContext C(isPreVisit, getCachedStmtCheckersFor(S, isPreVisit),
189 S, Eng, WasInlined);
190 expandGraphWithCheckers(C, Dst, Src);
191}
192
193namespace {
194
195 struct CheckObjCMessageContext {
196 using CheckersTy = std::vector<CheckerManager::CheckObjCMessageFunc>;
197
198 ObjCMessageVisitKind Kind;
199 bool WasInlined;
200 const CheckersTy &Checkers;
201 const ObjCMethodCall &Msg;
202 ExprEngine &Eng;
203
204 CheckObjCMessageContext(ObjCMessageVisitKind visitKind,
205 const CheckersTy &checkers,
206 const ObjCMethodCall &msg, ExprEngine &eng,
207 bool wasInlined)
208 : Kind(visitKind), WasInlined(wasInlined), Checkers(checkers), Msg(msg),
209 Eng(eng) {}
210
211 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
212 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
213
214 void runChecker(CheckerManager::CheckObjCMessageFunc checkFn,
215 NodeBuilder &Bldr, ExplodedNode *Pred) {
216 bool IsPreVisit;
217
218 switch (Kind) {
219 case ObjCMessageVisitKind::Pre:
220 IsPreVisit = true;
221 break;
222 case ObjCMessageVisitKind::MessageNil:
223 case ObjCMessageVisitKind::Post:
224 IsPreVisit = false;
225 break;
226 }
227
228 const ProgramPoint &L = Msg.getProgramPoint(IsPreVisit,checkFn.Checker);
229 CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
230
231 checkFn(*Msg.cloneWithState<ObjCMethodCall>(Pred->getState()), C);
232 }
233 };
234
235} // namespace
236
237/// Run checkers for visiting obj-c messages.
238void CheckerManager::runCheckersForObjCMessage(ObjCMessageVisitKind visitKind,
239 ExplodedNodeSet &Dst,
240 const ExplodedNodeSet &Src,
241 const ObjCMethodCall &msg,
242 ExprEngine &Eng,
243 bool WasInlined) {
244 const auto &checkers = getObjCMessageCheckers(visitKind);
245 CheckObjCMessageContext C(visitKind, checkers, msg, Eng, WasInlined);
246 expandGraphWithCheckers(C, Dst, Src);
247}
248
249const std::vector<CheckerManager::CheckObjCMessageFunc> &
250CheckerManager::getObjCMessageCheckers(ObjCMessageVisitKind Kind) const {
251 switch (Kind) {
252 case ObjCMessageVisitKind::Pre:
253 return PreObjCMessageCheckers;
254 break;
255 case ObjCMessageVisitKind::Post:
256 return PostObjCMessageCheckers;
257 case ObjCMessageVisitKind::MessageNil:
258 return ObjCMessageNilCheckers;
259 }
260 llvm_unreachable("Unknown Kind");
261}
262
263namespace {
264
265 // FIXME: This has all the same signatures as CheckObjCMessageContext.
266 // Is there a way we can merge the two?
267 struct CheckCallContext {
268 using CheckersTy = std::vector<CheckerManager::CheckCallFunc>;
269
270 bool IsPreVisit, WasInlined;
271 const CheckersTy &Checkers;
272 const CallEvent &Call;
273 ExprEngine &Eng;
274
275 CheckCallContext(bool isPreVisit, const CheckersTy &checkers,
276 const CallEvent &call, ExprEngine &eng,
277 bool wasInlined)
278 : IsPreVisit(isPreVisit), WasInlined(wasInlined), Checkers(checkers),
279 Call(call), Eng(eng) {}
280
281 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
282 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
283
284 void runChecker(CheckerManager::CheckCallFunc checkFn,
285 NodeBuilder &Bldr, ExplodedNode *Pred) {
286 const ProgramPoint &L = Call.getProgramPoint(IsPreVisit,checkFn.Checker);
287 CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
288
289 checkFn(*Call.cloneWithState(Pred->getState()), C);
290 }
291 };
292
293} // namespace
294
295/// Run checkers for visiting an abstract call event.
296void CheckerManager::runCheckersForCallEvent(bool isPreVisit,
297 ExplodedNodeSet &Dst,
298 const ExplodedNodeSet &Src,
299 const CallEvent &Call,
300 ExprEngine &Eng,
301 bool WasInlined) {
302 CheckCallContext C(isPreVisit,
303 isPreVisit ? PreCallCheckers
304 : PostCallCheckers,
305 Call, Eng, WasInlined);
306 expandGraphWithCheckers(C, Dst, Src);
307}
308
309namespace {
310
311 struct CheckLocationContext {
312 using CheckersTy = std::vector<CheckerManager::CheckLocationFunc>;
313
314 const CheckersTy &Checkers;
315 SVal Loc;
316 bool IsLoad;
317 const Stmt *NodeEx; /* Will become a CFGStmt */
318 const Stmt *BoundEx;
319 ExprEngine &Eng;
320
321 CheckLocationContext(const CheckersTy &checkers,
322 SVal loc, bool isLoad, const Stmt *NodeEx,
323 const Stmt *BoundEx,
324 ExprEngine &eng)
325 : Checkers(checkers), Loc(loc), IsLoad(isLoad), NodeEx(NodeEx),
326 BoundEx(BoundEx), Eng(eng) {}
327
328 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
329 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
330
331 void runChecker(CheckerManager::CheckLocationFunc checkFn,
332 NodeBuilder &Bldr, ExplodedNode *Pred) {
333 ProgramPoint::Kind K = IsLoad ? ProgramPoint::PreLoadKind :
334 ProgramPoint::PreStoreKind;
335 const ProgramPoint &L =
336 ProgramPoint::getProgramPoint(NodeEx, K,
337 Pred->getLocationContext(),
338 checkFn.Checker);
339 CheckerContext C(Bldr, Eng, Pred, L);
340 checkFn(Loc, IsLoad, BoundEx, C);
341 }
342 };
343
344} // namespace
345
346/// Run checkers for load/store of a location.
347
348void CheckerManager::runCheckersForLocation(ExplodedNodeSet &Dst,
349 const ExplodedNodeSet &Src,
350 SVal location, bool isLoad,
351 const Stmt *NodeEx,
352 const Stmt *BoundEx,
353 ExprEngine &Eng) {
354 CheckLocationContext C(LocationCheckers, location, isLoad, NodeEx,
355 BoundEx, Eng);
356 expandGraphWithCheckers(C, Dst, Src);
357}
358
359namespace {
360
361 struct CheckBindContext {
362 using CheckersTy = std::vector<CheckerManager::CheckBindFunc>;
363
364 const CheckersTy &Checkers;
365 SVal Loc;
366 SVal Val;
367 const Stmt *S;
368 ExprEngine &Eng;
369 const ProgramPoint &PP;
370
371 CheckBindContext(const CheckersTy &checkers,
372 SVal loc, SVal val, const Stmt *s, ExprEngine &eng,
373 const ProgramPoint &pp)
374 : Checkers(checkers), Loc(loc), Val(val), S(s), Eng(eng), PP(pp) {}
375
376 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
377 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
378
379 void runChecker(CheckerManager::CheckBindFunc checkFn,
380 NodeBuilder &Bldr, ExplodedNode *Pred) {
381 const ProgramPoint &L = PP.withTag(checkFn.Checker);
382 CheckerContext C(Bldr, Eng, Pred, L);
383
384 checkFn(Loc, Val, S, C);
385 }
386 };
387
388} // namespace
389
390/// Run checkers for binding of a value to a location.
391void CheckerManager::runCheckersForBind(ExplodedNodeSet &Dst,
392 const ExplodedNodeSet &Src,
393 SVal location, SVal val,
394 const Stmt *S, ExprEngine &Eng,
395 const ProgramPoint &PP) {
396 CheckBindContext C(BindCheckers, location, val, S, Eng, PP);
397 expandGraphWithCheckers(C, Dst, Src);
398}
399
400void CheckerManager::runCheckersForEndAnalysis(ExplodedGraph &G,
401 BugReporter &BR,
402 ExprEngine &Eng) {
403 for (const auto &EndAnalysisChecker : EndAnalysisCheckers)
404 EndAnalysisChecker(G, BR, Eng);
405}
406
407namespace {
408
409struct CheckBeginFunctionContext {
410 using CheckersTy = std::vector<CheckerManager::CheckBeginFunctionFunc>;
411
412 const CheckersTy &Checkers;
413 ExprEngine &Eng;
414 const ProgramPoint &PP;
415
416 CheckBeginFunctionContext(const CheckersTy &Checkers, ExprEngine &Eng,
417 const ProgramPoint &PP)
418 : Checkers(Checkers), Eng(Eng), PP(PP) {}
419
420 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
421 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
422
423 void runChecker(CheckerManager::CheckBeginFunctionFunc checkFn,
424 NodeBuilder &Bldr, ExplodedNode *Pred) {
425 const ProgramPoint &L = PP.withTag(checkFn.Checker);
426 CheckerContext C(Bldr, Eng, Pred, L);
427
428 checkFn(C);
429 }
430};
431
432} // namespace
433
434void CheckerManager::runCheckersForBeginFunction(ExplodedNodeSet &Dst,
435 const BlockEdge &L,
436 ExplodedNode *Pred,
437 ExprEngine &Eng) {
438 ExplodedNodeSet Src;
439 Src.insert(Pred);
440 CheckBeginFunctionContext C(BeginFunctionCheckers, Eng, L);
441 expandGraphWithCheckers(C, Dst, Src);
442}
443
444/// Run checkers for end of path.
445// Note, We do not chain the checker output (like in expandGraphWithCheckers)
446// for this callback since end of path nodes are expected to be final.
447void CheckerManager::runCheckersForEndFunction(NodeBuilderContext &BC,
448 ExplodedNodeSet &Dst,
449 ExplodedNode *Pred,
450 ExprEngine &Eng,
451 const ReturnStmt *RS) {
452 // We define the builder outside of the loop because if at least one checker
453 // creates a successor for Pred, we do not need to generate an
454 // autotransition for it.
455 NodeBuilder Bldr(Pred, Dst, BC);
456 for (const auto &checkFn : EndFunctionCheckers) {
457 const ProgramPoint &L =
458 FunctionExitPoint(RS, Pred->getLocationContext(), checkFn.Checker);
459 CheckerContext C(Bldr, Eng, Pred, L);
460 checkFn(RS, C);
461 }
462}
463
464namespace {
465
466 struct CheckBranchConditionContext {
467 using CheckersTy = std::vector<CheckerManager::CheckBranchConditionFunc>;
468
469 const CheckersTy &Checkers;
470 const Stmt *Condition;
471 ExprEngine &Eng;
472
473 CheckBranchConditionContext(const CheckersTy &checkers,
474 const Stmt *Cond, ExprEngine &eng)
475 : Checkers(checkers), Condition(Cond), Eng(eng) {}
476
477 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
478 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
479
480 void runChecker(CheckerManager::CheckBranchConditionFunc checkFn,
481 NodeBuilder &Bldr, ExplodedNode *Pred) {
482 ProgramPoint L = PostCondition(Condition, Pred->getLocationContext(),
483 checkFn.Checker);
484 CheckerContext C(Bldr, Eng, Pred, L);
485 checkFn(Condition, C);
486 }
487 };
488
489} // namespace
490
491/// Run checkers for branch condition.
492void CheckerManager::runCheckersForBranchCondition(const Stmt *Condition,
493 ExplodedNodeSet &Dst,
494 ExplodedNode *Pred,
495 ExprEngine &Eng) {
496 ExplodedNodeSet Src;
497 Src.insert(Pred);
498 CheckBranchConditionContext C(BranchConditionCheckers, Condition, Eng);
499 expandGraphWithCheckers(C, Dst, Src);
500}
501
502namespace {
503
504 struct CheckNewAllocatorContext {
505 using CheckersTy = std::vector<CheckerManager::CheckNewAllocatorFunc>;
506
507 const CheckersTy &Checkers;
508 const CXXAllocatorCall &Call;
509 bool WasInlined;
510 ExprEngine &Eng;
511
512 CheckNewAllocatorContext(const CheckersTy &Checkers,
513 const CXXAllocatorCall &Call, bool WasInlined,
514 ExprEngine &Eng)
515 : Checkers(Checkers), Call(Call), WasInlined(WasInlined), Eng(Eng) {}
516
517 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
518 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
519
520 void runChecker(CheckerManager::CheckNewAllocatorFunc checkFn,
521 NodeBuilder &Bldr, ExplodedNode *Pred) {
522 ProgramPoint L =
523 PostAllocatorCall(Call.getOriginExpr(), Pred->getLocationContext());
524 CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
525 checkFn(cast<CXXAllocatorCall>(*Call.cloneWithState(Pred->getState())),
526 C);
527 }
528 };
529
530} // namespace
531
532void CheckerManager::runCheckersForNewAllocator(const CXXAllocatorCall &Call,
533 ExplodedNodeSet &Dst,
534 ExplodedNode *Pred,
535 ExprEngine &Eng,
536 bool WasInlined) {
537 ExplodedNodeSet Src;
538 Src.insert(Pred);
539 CheckNewAllocatorContext C(NewAllocatorCheckers, Call, WasInlined, Eng);
540 expandGraphWithCheckers(C, Dst, Src);
541}
542
543/// Run checkers for live symbols.
544void CheckerManager::runCheckersForLiveSymbols(ProgramStateRef state,
545 SymbolReaper &SymReaper) {
546 for (const auto &LiveSymbolsChecker : LiveSymbolsCheckers)
547 LiveSymbolsChecker(state, SymReaper);
548}
549
550namespace {
551
552 struct CheckDeadSymbolsContext {
553 using CheckersTy = std::vector<CheckerManager::CheckDeadSymbolsFunc>;
554
555 const CheckersTy &Checkers;
556 SymbolReaper &SR;
557 const Stmt *S;
558 ExprEngine &Eng;
559 ProgramPoint::Kind ProgarmPointKind;
560
561 CheckDeadSymbolsContext(const CheckersTy &checkers, SymbolReaper &sr,
562 const Stmt *s, ExprEngine &eng,
563 ProgramPoint::Kind K)
564 : Checkers(checkers), SR(sr), S(s), Eng(eng), ProgarmPointKind(K) {}
565
566 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
567 CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
568
569 void runChecker(CheckerManager::CheckDeadSymbolsFunc checkFn,
570 NodeBuilder &Bldr, ExplodedNode *Pred) {
571 const ProgramPoint &L = ProgramPoint::getProgramPoint(S, ProgarmPointKind,
572 Pred->getLocationContext(), checkFn.Checker);
573 CheckerContext C(Bldr, Eng, Pred, L);
574
575 // Note, do not pass the statement to the checkers without letting them
576 // differentiate if we ran remove dead bindings before or after the
577 // statement.
578 checkFn(SR, C);
579 }
580 };
581
582} // namespace
583
584/// Run checkers for dead symbols.
585void CheckerManager::runCheckersForDeadSymbols(ExplodedNodeSet &Dst,
586 const ExplodedNodeSet &Src,
587 SymbolReaper &SymReaper,
588 const Stmt *S,
589 ExprEngine &Eng,
590 ProgramPoint::Kind K) {
591 CheckDeadSymbolsContext C(DeadSymbolsCheckers, SymReaper, S, Eng, K);
592 expandGraphWithCheckers(C, Dst, Src);
593}
594
595/// Run checkers for region changes.
596ProgramStateRef
597CheckerManager::runCheckersForRegionChanges(ProgramStateRef state,
598 const InvalidatedSymbols *invalidated,
599 ArrayRef<const MemRegion *> ExplicitRegions,
600 ArrayRef<const MemRegion *> Regions,
601 const LocationContext *LCtx,
602 const CallEvent *Call) {
603 for (const auto &RegionChangesChecker : RegionChangesCheckers) {
604 // If any checker declares the state infeasible (or if it starts that way),
605 // bail out.
606 if (!state)
607 return nullptr;
608 state = RegionChangesChecker(state, invalidated, ExplicitRegions, Regions,
609 LCtx, Call);
610 }
611 return state;
612}
613
614/// Run checkers to process symbol escape event.
615ProgramStateRef
616CheckerManager::runCheckersForPointerEscape(ProgramStateRef State,
617 const InvalidatedSymbols &Escaped,
618 const CallEvent *Call,
619 PointerEscapeKind Kind,
620 RegionAndSymbolInvalidationTraits *ETraits) {
621 assert((Call != nullptr ||
622 (Kind != PSK_DirectEscapeOnCall &&
623 Kind != PSK_IndirectEscapeOnCall)) &&
624 "Call must not be NULL when escaping on call");
625 for (const auto &PointerEscapeChecker : PointerEscapeCheckers) {
626 // If any checker declares the state infeasible (or if it starts that
627 // way), bail out.
628 if (!State)
629 return nullptr;
630 State = PointerEscapeChecker(State, Escaped, Call, Kind, ETraits);
631 }
632 return State;
633}
634
635/// Run checkers for handling assumptions on symbolic values.
636ProgramStateRef
637CheckerManager::runCheckersForEvalAssume(ProgramStateRef state,
638 SVal Cond, bool Assumption) {
639 for (const auto &EvalAssumeChecker : EvalAssumeCheckers) {
640 // If any checker declares the state infeasible (or if it starts that way),
641 // bail out.
642 if (!state)
643 return nullptr;
644 state = EvalAssumeChecker(state, Cond, Assumption);
645 }
646 return state;
647}
648
649/// Run checkers for evaluating a call.
650/// Only one checker will evaluate the call.
651void CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst,
652 const ExplodedNodeSet &Src,
653 const CallEvent &Call,
654 ExprEngine &Eng,
655 const EvalCallOptions &CallOpts) {
656 for (auto *const Pred : Src) {
657 std::optional<CheckerNameRef> evaluatorChecker;
658
659 ExplodedNodeSet checkDst;
660 NodeBuilder B(Pred, checkDst, Eng.getBuilderContext());
661
662 // Check if any of the EvalCall callbacks can evaluate the call.
663 for (const auto &EvalCallChecker : EvalCallCheckers) {
664 // TODO: Support the situation when the call doesn't correspond
665 // to any Expr.
666 ProgramPoint L = ProgramPoint::getProgramPoint(
667 Call.getOriginExpr(), ProgramPoint::PostStmtKind,
668 Pred->getLocationContext(), EvalCallChecker.Checker);
669 bool evaluated = false;
670 { // CheckerContext generates transitions(populates checkDest) on
671 // destruction, so introduce the scope to make sure it gets properly
672 // populated.
673 CheckerContext C(B, Eng, Pred, L);
674 evaluated = EvalCallChecker(Call, C);
675 }
676#ifndef NDEBUG
677 if (evaluated && evaluatorChecker) {
678 const auto toString = [](const CallEvent &Call) -> std::string {
679 std::string Buf;
680 llvm::raw_string_ostream OS(Buf);
681 Call.dump(OS);
682 OS.flush();
683 return Buf;
684 };
685 std::string AssertionMessage = llvm::formatv(
686 "The '{0}' call has been already evaluated by the {1} checker, "
687 "while the {2} checker also tried to evaluate the same call. At "
688 "most one checker supposed to evaluate a call.",
689 toString(Call), evaluatorChecker->getName(),
690 EvalCallChecker.Checker->getCheckerName());
691 llvm_unreachable(AssertionMessage.c_str());
692 }
693#endif
694 if (evaluated) {
695 evaluatorChecker = EvalCallChecker.Checker->getCheckerName();
696 Dst.insert(checkDst);
697#ifdef NDEBUG
698 break; // on release don't check that no other checker also evals.
699#endif
700 }
701 }
702
703 // If none of the checkers evaluated the call, ask ExprEngine to handle it.
704 if (!evaluatorChecker) {
705 NodeBuilder B(Pred, Dst, Eng.getBuilderContext());
706 Eng.defaultEvalCall(B, Pred, Call, CallOpts);
707 }
708 }
709}
710
711/// Run checkers for the entire Translation Unit.
712void CheckerManager::runCheckersOnEndOfTranslationUnit(
713 const TranslationUnitDecl *TU,
714 AnalysisManager &mgr,
715 BugReporter &BR) {
716 for (const auto &EndOfTranslationUnitChecker : EndOfTranslationUnitCheckers)
717 EndOfTranslationUnitChecker(TU, mgr, BR);
718}
719
720void CheckerManager::runCheckersForPrintStateJson(raw_ostream &Out,
721 ProgramStateRef State,
722 const char *NL,
723 unsigned int Space,
724 bool IsDot) const {
725 Indent(Out, Space, IsDot) << "\"checker_messages\": ";
726
727 // Create a temporary stream to see whether we have any message.
728 SmallString<1024> TempBuf;
729 llvm::raw_svector_ostream TempOut(TempBuf);
730 unsigned int InnerSpace = Space + 2;
731
732 // Create the new-line in JSON with enough space.
733 SmallString<128> NewLine;
734 llvm::raw_svector_ostream NLOut(NewLine);
735 NLOut << "\", " << NL; // Inject the ending and a new line
736 Indent(NLOut, InnerSpace, IsDot) << "\""; // then begin the next message.
737
738 ++Space;
739 bool HasMessage = false;
740
741 // Store the last CheckerTag.
742 const void *LastCT = nullptr;
743 for (const auto &CT : CheckerTags) {
744 // See whether the current checker has a message.
745 CT.second->printState(TempOut, State, /*NL=*/NewLine.c_str(), /*Sep=*/"");
746
747 if (TempBuf.empty())
748 continue;
749
750 if (!HasMessage) {
751 Out << '[' << NL;
752 HasMessage = true;
753 }
754
755 LastCT = &CT;
756 TempBuf.clear();
757 }
758
759 for (const auto &CT : CheckerTags) {
760 // See whether the current checker has a message.
761 CT.second->printState(TempOut, State, /*NL=*/NewLine.c_str(), /*Sep=*/"");
762
763 if (TempBuf.empty())
764 continue;
765
766 Indent(Out, Space, IsDot)
767 << "{ \"checker\": \"" << CT.second->getCheckerName().getName()
768 << "\", \"messages\": [" << NL;
769 Indent(Out, InnerSpace, IsDot)
770 << '\"' << TempBuf.str().trim() << '\"' << NL;
771 Indent(Out, Space, IsDot) << "]}";
772
773 if (&CT != LastCT)
774 Out << ',';
775 Out << NL;
776
777 TempBuf.clear();
778 }
779
780 // It is the last element of the 'program_state' so do not add a comma.
781 if (HasMessage)
782 Indent(Out, --Space, IsDot) << "]";
783 else
784 Out << "null";
785
786 Out << NL;
787}
788
789//===----------------------------------------------------------------------===//
790// Internal registration functions for AST traversing.
791//===----------------------------------------------------------------------===//
792
793void CheckerManager::_registerForDecl(CheckDeclFunc checkfn,
794 HandlesDeclFunc isForDeclFn) {
795 DeclCheckerInfo info = { checkfn, isForDeclFn };
796 DeclCheckers.push_back(info);
797}
798
799void CheckerManager::_registerForBody(CheckDeclFunc checkfn) {
800 BodyCheckers.push_back(checkfn);
801}
802
803//===----------------------------------------------------------------------===//
804// Internal registration functions for path-sensitive checking.
805//===----------------------------------------------------------------------===//
806
807void CheckerManager::_registerForPreStmt(CheckStmtFunc checkfn,
808 HandlesStmtFunc isForStmtFn) {
809 StmtCheckerInfo info = { checkfn, isForStmtFn, /*IsPreVisit*/true };
810 StmtCheckers.push_back(info);
811}
812
813void CheckerManager::_registerForPostStmt(CheckStmtFunc checkfn,
814 HandlesStmtFunc isForStmtFn) {
815 StmtCheckerInfo info = { checkfn, isForStmtFn, /*IsPreVisit*/false };
816 StmtCheckers.push_back(info);
817}
818
819void CheckerManager::_registerForPreObjCMessage(CheckObjCMessageFunc checkfn) {
820 PreObjCMessageCheckers.push_back(checkfn);
821}
822
823void CheckerManager::_registerForObjCMessageNil(CheckObjCMessageFunc checkfn) {
824 ObjCMessageNilCheckers.push_back(checkfn);
825}
826
827void CheckerManager::_registerForPostObjCMessage(CheckObjCMessageFunc checkfn) {
828 PostObjCMessageCheckers.push_back(checkfn);
829}
830
831void CheckerManager::_registerForPreCall(CheckCallFunc checkfn) {
832 PreCallCheckers.push_back(checkfn);
833}
834void CheckerManager::_registerForPostCall(CheckCallFunc checkfn) {
835 PostCallCheckers.push_back(checkfn);
836}
837
838void CheckerManager::_registerForLocation(CheckLocationFunc checkfn) {
839 LocationCheckers.push_back(checkfn);
840}
841
842void CheckerManager::_registerForBind(CheckBindFunc checkfn) {
843 BindCheckers.push_back(checkfn);
844}
845
846void CheckerManager::_registerForEndAnalysis(CheckEndAnalysisFunc checkfn) {
847 EndAnalysisCheckers.push_back(checkfn);
848}
849
850void CheckerManager::_registerForBeginFunction(CheckBeginFunctionFunc checkfn) {
851 BeginFunctionCheckers.push_back(checkfn);
852}
853
854void CheckerManager::_registerForEndFunction(CheckEndFunctionFunc checkfn) {
855 EndFunctionCheckers.push_back(checkfn);
856}
857
858void CheckerManager::_registerForBranchCondition(
859 CheckBranchConditionFunc checkfn) {
860 BranchConditionCheckers.push_back(checkfn);
861}
862
863void CheckerManager::_registerForNewAllocator(CheckNewAllocatorFunc checkfn) {
864 NewAllocatorCheckers.push_back(checkfn);
865}
866
867void CheckerManager::_registerForLiveSymbols(CheckLiveSymbolsFunc checkfn) {
868 LiveSymbolsCheckers.push_back(checkfn);
869}
870
871void CheckerManager::_registerForDeadSymbols(CheckDeadSymbolsFunc checkfn) {
872 DeadSymbolsCheckers.push_back(checkfn);
873}
874
875void CheckerManager::_registerForRegionChanges(CheckRegionChangesFunc checkfn) {
876 RegionChangesCheckers.push_back(checkfn);
877}
878
879void CheckerManager::_registerForPointerEscape(CheckPointerEscapeFunc checkfn){
880 PointerEscapeCheckers.push_back(checkfn);
881}
882
883void CheckerManager::_registerForConstPointerEscape(
884 CheckPointerEscapeFunc checkfn) {
885 PointerEscapeCheckers.push_back(checkfn);
886}
887
888void CheckerManager::_registerForEvalAssume(EvalAssumeFunc checkfn) {
889 EvalAssumeCheckers.push_back(checkfn);
890}
891
892void CheckerManager::_registerForEvalCall(EvalCallFunc checkfn) {
893 EvalCallCheckers.push_back(checkfn);
894}
895
896void CheckerManager::_registerForEndOfTranslationUnit(
897 CheckEndOfTranslationUnit checkfn) {
898 EndOfTranslationUnitCheckers.push_back(checkfn);
899}
900
901//===----------------------------------------------------------------------===//
902// Implementation details.
903//===----------------------------------------------------------------------===//
904
905const CheckerManager::CachedStmtCheckers &
906CheckerManager::getCachedStmtCheckersFor(const Stmt *S, bool isPreVisit) {
907 assert(S);
908
909 unsigned Key = (S->getStmtClass() << 1) | unsigned(isPreVisit);
910 CachedStmtCheckersMapTy::iterator CCI = CachedStmtCheckersMap.find(Key);
911 if (CCI != CachedStmtCheckersMap.end())
912 return CCI->second;
913
914 // Find the checkers that should run for this Stmt and cache them.
915 CachedStmtCheckers &Checkers = CachedStmtCheckersMap[Key];
916 for (const auto &Info : StmtCheckers)
917 if (Info.IsPreVisit == isPreVisit && Info.IsForStmtFn(S))
918 Checkers.push_back(Info.CheckFn);
919 return Checkers;
920}
expandGraphWithCheckers
static void expandGraphWithCheckers(CHECK_CTX checkCtx, ExplodedNodeSet &Dst, const ExplodedNodeSet &Src)
Definition: CheckerManager.cpp:109
LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified.
toString
static std::string toString(const clang::SanitizerSet &Sanitizers)
Produce a string containing comma-separated names of sanitizers in Sanitizers set.
Definition: SanitizerArgs.cpp:1074
s
__device__ __2f16 float __ockl_bool s
Definition: __clang_hip_libdevice_declares.h:304
clang::Decl
Decl - This represents one declaration (or definition), e.g.
Definition: DeclBase.h:83
clang::Decl::hasBody
virtual bool hasBody() const
Returns true if this Decl represents a declaration for a body of code, such as a function or method d...
Definition: DeclBase.h:1061
clang::Decl::getKind
Kind getKind() const
Definition: DeclBase.h:435
clang::DiagnosticsEngine::Report
DiagnosticBuilder Report(SourceLocation Loc, unsigned DiagID)
Issue the message to the client.
Definition: Diagnostic.h:1542
clang::LocationContext
It wraps the AnalysisDeclContext to represent both the call stack with the help of StackFrameContext ...
Definition: AnalysisDeclContext.h:215
clang::ProgramPoint::getProgramPoint
static ProgramPoint getProgramPoint(const Stmt *S, ProgramPoint::Kind K, const LocationContext *LC, const ProgramPointTag *tag)
Definition: ProgramPoint.cpp:22
clang::ProgramPoint::withTag
ProgramPoint withTag(const ProgramPointTag *tag) const
Create a new ProgramPoint object that is the same as the original except for using the specified tag ...
Definition: ProgramPoint.h:129
clang::ReturnStmt
ReturnStmt - This represents a return, optionally of an expression: return; return 4;.
Definition: Stmt.h:2840
clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:72
clang::TranslationUnitDecl
The top declaration context.
Definition: Decl.h:82
clang::ento::BugReporter
BugReporter is a utility class for generating PathDiagnostics for analysis.
Definition: BugReporter.h:585
clang::ento::CXXAllocatorCall
Represents the memory allocation call in a C++ new-expression.
Definition: CallEvent.h:1033
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:153
clang::ento::CallEvent::cloneWithState
CallEventRef< T > cloneWithState(ProgramStateRef NewState) const
Returns a copy of this CallEvent, but using the given state.
Definition: CallEvent.h:1399
clang::ento::CallEvent::getProgramPoint
ProgramPoint getProgramPoint(bool IsPreVisit=false, const ProgramPointTag *Tag=nullptr) const
Returns an appropriate ProgramPoint for this call.
Definition: CallEvent.cpp:288
clang::ento::CheckerManager::_registerForLiveSymbols
void _registerForLiveSymbols(CheckLiveSymbolsFunc checkfn)
Definition: CheckerManager.cpp:867
clang::ento::CheckerManager::_registerForEndOfTranslationUnit
void _registerForEndOfTranslationUnit(CheckEndOfTranslationUnit checkfn)
Definition: CheckerManager.cpp:896
clang::ento::CheckerManager::_registerForBeginFunction
void _registerForBeginFunction(CheckBeginFunctionFunc checkfn)
Definition: CheckerManager.cpp:850
clang::ento::CheckerManager::runCheckersForBind
void runCheckersForBind(ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, SVal location, SVal val, const Stmt *S, ExprEngine &Eng, const ProgramPoint &PP)
Run checkers for binding of a value to a location.
Definition: CheckerManager.cpp:391
clang::ento::CheckerManager::_registerForNewAllocator
void _registerForNewAllocator(CheckNewAllocatorFunc checkfn)
Definition: CheckerManager.cpp:863
clang::ento::CheckerManager::_registerForPreCall
void _registerForPreCall(CheckCallFunc checkfn)
Definition: CheckerManager.cpp:831
clang::ento::CheckerManager::_registerForObjCMessageNil
void _registerForObjCMessageNil(CheckObjCMessageFunc checkfn)
Definition: CheckerManager.cpp:823
clang::ento::CheckerManager::HandlesDeclFunc
bool(*)(const Decl *D) HandlesDeclFunc
Definition: CheckerManager.h:473
clang::ento::CheckerManager::runCheckersForObjCMessage
void runCheckersForObjCMessage(ObjCMessageVisitKind visitKind, ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, const ObjCMethodCall &msg, ExprEngine &Eng, bool wasInlined=false)
Run checkers for visiting obj-c messages.
Definition: CheckerManager.cpp:238
clang::ento::CheckerManager::runCheckersOnASTDecl
void runCheckersOnASTDecl(const Decl *D, AnalysisManager &mgr, BugReporter &BR)
Run checkers handling Decls.
Definition: CheckerManager.cpp:74
clang::ento::CheckerManager::reportInvalidCheckerOptionValue
void reportInvalidCheckerOptionValue(const CheckerBase *C, StringRef OptionName, StringRef ExpectedValueDesc) const
Emits an error through a DiagnosticsEngine about an invalid user supplied checker option value.
Definition: CheckerManager.cpp:61
clang::ento::CheckerManager::_registerForDecl
void _registerForDecl(CheckDeclFunc checkfn, HandlesDeclFunc isForDeclFn)
Definition: CheckerManager.cpp:793
clang::ento::CheckerManager::_registerForPreObjCMessage
void _registerForPreObjCMessage(CheckObjCMessageFunc checkfn)
Definition: CheckerManager.cpp:819
clang::ento::CheckerManager::runCheckersOnEndOfTranslationUnit
void runCheckersOnEndOfTranslationUnit(const TranslationUnitDecl *TU, AnalysisManager &mgr, BugReporter &BR)
Run checkers for the entire Translation Unit.
Definition: CheckerManager.cpp:712
clang::ento::CheckerManager::runCheckersForEndFunction
void runCheckersForEndFunction(NodeBuilderContext &BC, ExplodedNodeSet &Dst, ExplodedNode *Pred, ExprEngine &Eng, const ReturnStmt *RS)
Run checkers on end of function.
Definition: CheckerManager.cpp:447
clang::ento::CheckerManager::_registerForEvalAssume
void _registerForEvalAssume(EvalAssumeFunc checkfn)
Definition: CheckerManager.cpp:888
clang::ento::CheckerManager::_registerForEndAnalysis
void _registerForEndAnalysis(CheckEndAnalysisFunc checkfn)
Definition: CheckerManager.cpp:846
clang::ento::CheckerManager::_registerForBody
void _registerForBody(CheckDeclFunc checkfn)
Definition: CheckerManager.cpp:799
clang::ento::CheckerManager::getDiagnostics
DiagnosticsEngine & getDiagnostics() const
Definition: CheckerManager.h:178
clang::ento::CheckerManager::runCheckersForLocation
void runCheckersForLocation(ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, SVal location, bool isLoad, const Stmt *NodeEx, const Stmt *BoundEx, ExprEngine &Eng)
Run checkers for load/store of a location.
Definition: CheckerManager.cpp:348
clang::ento::CheckerManager::runCheckersForEndAnalysis
void runCheckersForEndAnalysis(ExplodedGraph &G, BugReporter &BR, ExprEngine &Eng)
Run checkers for end of analysis.
Definition: CheckerManager.cpp:400
clang::ento::CheckerManager::runCheckersForPrintStateJson
void runCheckersForPrintStateJson(raw_ostream &Out, ProgramStateRef State, const char *NL="\n", unsigned int Space=0, bool IsDot=false) const
Run checkers for debug-printing a ProgramState.
Definition: CheckerManager.cpp:720
clang::ento::CheckerManager::_registerForDeadSymbols
void _registerForDeadSymbols(CheckDeadSymbolsFunc checkfn)
Definition: CheckerManager.cpp:871
clang::ento::CheckerManager::runCheckersForDeadSymbols
void runCheckersForDeadSymbols(ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, SymbolReaper &SymReaper, const Stmt *S, ExprEngine &Eng, ProgramPoint::Kind K)
Run checkers for dead symbols.
Definition: CheckerManager.cpp:585
clang::ento::CheckerManager::runCheckersForRegionChanges
ProgramStateRef runCheckersForRegionChanges(ProgramStateRef state, const InvalidatedSymbols *invalidated, ArrayRef< const MemRegion * > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const LocationContext *LCtx, const CallEvent *Call)
Run checkers for region changes.
Definition: CheckerManager.cpp:597
clang::ento::CheckerManager::_registerForPostObjCMessage
void _registerForPostObjCMessage(CheckObjCMessageFunc checkfn)
Definition: CheckerManager.cpp:827
clang::ento::CheckerManager::_registerForRegionChanges
void _registerForRegionChanges(CheckRegionChangesFunc checkfn)
Definition: CheckerManager.cpp:875
clang::ento::CheckerManager::_registerForBind
void _registerForBind(CheckBindFunc checkfn)
Definition: CheckerManager.cpp:842
clang::ento::CheckerManager::runCheckersForLiveSymbols
void runCheckersForLiveSymbols(ProgramStateRef state, SymbolReaper &SymReaper)
Run checkers for live symbols.
Definition: CheckerManager.cpp:544
clang::ento::CheckerManager::_registerForPointerEscape
void _registerForPointerEscape(CheckPointerEscapeFunc checkfn)
Definition: CheckerManager.cpp:879
clang::ento::CheckerManager::_registerForPreStmt
void _registerForPreStmt(CheckStmtFunc checkfn, HandlesStmtFunc isForStmtFn)
Definition: CheckerManager.cpp:807
clang::ento::CheckerManager::runCheckersForEvalCall
void runCheckersForEvalCall(ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, const CallEvent &CE, ExprEngine &Eng, const EvalCallOptions &CallOpts)
Run checkers for evaluating a call.
Definition: CheckerManager.cpp:651
clang::ento::CheckerManager::_registerForPostStmt
void _registerForPostStmt(CheckStmtFunc checkfn, HandlesStmtFunc isForStmtFn)
Definition: CheckerManager.cpp:813
clang::ento::CheckerManager::runCheckersForBeginFunction
void runCheckersForBeginFunction(ExplodedNodeSet &Dst, const BlockEdge &L, ExplodedNode *Pred, ExprEngine &Eng)
Run checkers on beginning of function.
Definition: CheckerManager.cpp:434
clang::ento::CheckerManager::runCheckersForNewAllocator
void runCheckersForNewAllocator(const CXXAllocatorCall &Call, ExplodedNodeSet &Dst, ExplodedNode *Pred, ExprEngine &Eng, bool wasInlined=false)
Run checkers between C++ operator new and constructor calls.
Definition: CheckerManager.cpp:532
clang::ento::CheckerManager::_registerForBranchCondition
void _registerForBranchCondition(CheckBranchConditionFunc checkfn)
Definition: CheckerManager.cpp:858
clang::ento::CheckerManager::runCheckersForStmt
void runCheckersForStmt(bool isPreVisit, ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, const Stmt *S, ExprEngine &Eng, bool wasInlined=false)
Run checkers for visiting Stmts.
Definition: CheckerManager.cpp:182
clang::ento::CheckerManager::_registerForEvalCall
void _registerForEvalCall(EvalCallFunc checkfn)
Definition: CheckerManager.cpp:892
clang::ento::CheckerManager::_registerForEndFunction
void _registerForEndFunction(CheckEndFunctionFunc checkfn)
Definition: CheckerManager.cpp:854
clang::ento::CheckerManager::runCheckersForBranchCondition
void runCheckersForBranchCondition(const Stmt *condition, ExplodedNodeSet &Dst, ExplodedNode *Pred, ExprEngine &Eng)
Run checkers for branch condition.
Definition: CheckerManager.cpp:492
clang::ento::CheckerManager::_registerForLocation
void _registerForLocation(CheckLocationFunc checkfn)
Definition: CheckerManager.cpp:838
clang::ento::CheckerManager::runCheckersForPointerEscape
ProgramStateRef runCheckersForPointerEscape(ProgramStateRef State, const InvalidatedSymbols &Escaped, const CallEvent *Call, PointerEscapeKind Kind, RegionAndSymbolInvalidationTraits *ITraits)
Run checkers when pointers escape.
Definition: CheckerManager.cpp:616
clang::ento::CheckerManager::_registerForConstPointerEscape
void _registerForConstPointerEscape(CheckPointerEscapeFunc checkfn)
Definition: CheckerManager.cpp:883
clang::ento::CheckerManager::runCheckersForCallEvent
void runCheckersForCallEvent(bool isPreVisit, ExplodedNodeSet &Dst, const ExplodedNodeSet &Src, const CallEvent &Call, ExprEngine &Eng, bool wasInlined=false)
Run checkers for visiting obj-c messages.
Definition: CheckerManager.cpp:296
clang::ento::CheckerManager::HandlesStmtFunc
bool(*)(const Stmt *D) HandlesStmtFunc
Definition: CheckerManager.h:542
clang::ento::CheckerManager::_registerForPostCall
void _registerForPostCall(CheckCallFunc checkfn)
Definition: CheckerManager.cpp:834
clang::ento::CheckerManager::runCheckersOnASTBody
void runCheckersOnASTBody(const Decl *D, AnalysisManager &mgr, BugReporter &BR)
Run checkers handling Decls containing a Stmt body.
Definition: CheckerManager.cpp:96
clang::ento::CheckerManager::runCheckersForEvalAssume
ProgramStateRef runCheckersForEvalAssume(ProgramStateRef state, SVal Cond, bool Assumption)
Run checkers for handling assumptions on symbolic values.
Definition: CheckerManager.cpp:637
clang::ento::ExplodedNodeSet::insert
void insert(const ExplodedNodeSet &S)
Definition: ExplodedGraph.h:483
clang::ento::ExplodedNode::getState
const ProgramStateRef & getState() const
Definition: ExplodedGraph.h:169
clang::ento::ExplodedNode::getLocationContext
const LocationContext * getLocationContext() const
Definition: ExplodedGraph.h:147
clang::ento::ExprEngine::defaultEvalCall
void defaultEvalCall(NodeBuilder &B, ExplodedNode *Pred, const CallEvent &Call, const EvalCallOptions &CallOpts={})
Default implementation of call evaluation.
Definition: ExprEngineCallAndReturn.cpp:1213
clang::ento::ExprEngine::getBuilderContext
const NodeBuilderContext & getBuilderContext()
Definition: ExprEngine.h:225
clang::ento::NodeBuilder
This is the simplest builder which generates nodes in the ExplodedGraph.
Definition: CoreEngine.h:238
clang::ento::ObjCMethodCall
Represents any expression that calls an Objective-C method.
Definition: CallEvent.h:1166
clang::ento::RegionAndSymbolInvalidationTraits
Information about invalidation for a particular region/symbol.
Definition: MemRegion.h:1624
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:73
clang::ento::SymbolReaper
A class responsible for cleaning up unused symbols.
Definition: SymbolManager.h:573
clang::ento::PointerEscapeKind
PointerEscapeKind
Describes the different reasons a pointer escapes during analysis.
Definition: CheckerManager.h:78
clang::ento::PSK_DirectEscapeOnCall
@ PSK_DirectEscapeOnCall
The pointer has been passed to a function call directly.
Definition: CheckerManager.h:84
clang::ento::PSK_IndirectEscapeOnCall
@ PSK_IndirectEscapeOnCall
The pointer has been passed to a function indirectly.
Definition: CheckerManager.h:89
clang::ento::ObjKind::OS
@ OS
Indicates that the tracking object is a descendant of a referenced-counted OSObject,...
clang::interp::Call
bool Call(InterpState &S, CodePtr OpPC, const Function *Func)
Definition: Interp.h:1723
clang::for
for(unsigned I=0, E=TL.getNumArgs();I !=E;++I)
Definition: RecursiveASTVisitor.h:1373
clang::Language::C
@ C
Languages that the frontend can parse and compile.
clang::ento::EvalCallOptions
Hints for figuring out of a call should be inlined during evalCall().
Definition: ExprEngine.h:97
Generated on Sat Sep 23 2023 18:26:04 for clang by doxygen 1.9.6