clang  16.0.0git
ExprInspectionChecker.cpp
Go to the documentation of this file.
1 //==- ExprInspectionChecker.cpp - Used for regression tests ------*- C++ -*-==//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 
18 #include "llvm/ADT/StringSwitch.h"
19 #include "llvm/Support/ScopedPrinter.h"
20 
21 using namespace clang;
22 using namespace ento;
23 
24 namespace {
25 class ExprInspectionChecker
26  : public Checker<eval::Call, check::DeadSymbols, check::EndAnalysis> {
27  mutable std::unique_ptr<BugType> BT;
28 
29  // These stats are per-analysis, not per-branch, hence they shouldn't
30  // stay inside the program state.
31  struct ReachedStat {
32  ExplodedNode *ExampleNode;
33  unsigned NumTimesReached;
34  };
35  mutable llvm::DenseMap<const CallExpr *, ReachedStat> ReachedStats;
36 
37  void analyzerEval(const CallExpr *CE, CheckerContext &C) const;
38  void analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const;
39  void analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const;
40  void analyzerNumTimesReached(const CallExpr *CE, CheckerContext &C) const;
41  void analyzerCrash(const CallExpr *CE, CheckerContext &C) const;
42  void analyzerWarnOnDeadSymbol(const CallExpr *CE, CheckerContext &C) const;
43  void analyzerValue(const CallExpr *CE, CheckerContext &C) const;
44  void analyzerDumpSValType(const CallExpr *CE, CheckerContext &C) const;
45  void analyzerDump(const CallExpr *CE, CheckerContext &C) const;
46  void analyzerExplain(const CallExpr *CE, CheckerContext &C) const;
47  void analyzerPrintState(const CallExpr *CE, CheckerContext &C) const;
48  void analyzerGetExtent(const CallExpr *CE, CheckerContext &C) const;
49  void analyzerDumpExtent(const CallExpr *CE, CheckerContext &C) const;
50  void analyzerDumpElementCount(const CallExpr *CE, CheckerContext &C) const;
51  void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const;
52  void analyzerDenote(const CallExpr *CE, CheckerContext &C) const;
53  void analyzerExpress(const CallExpr *CE, CheckerContext &C) const;
54  void analyzerIsTainted(const CallExpr *CE, CheckerContext &C) const;
55 
56  typedef void (ExprInspectionChecker::*FnCheck)(const CallExpr *,
57  CheckerContext &C) const;
58 
59  // Optional parameter `ExprVal` for expression value to be marked interesting.
60  ExplodedNode *reportBug(llvm::StringRef Msg, CheckerContext &C,
61  Optional<SVal> ExprVal = std::nullopt) const;
62  ExplodedNode *reportBug(llvm::StringRef Msg, BugReporter &BR, ExplodedNode *N,
63  Optional<SVal> ExprVal = std::nullopt) const;
64  template <typename T> void printAndReport(CheckerContext &C, T What) const;
65 
66  const Expr *getArgExpr(const CallExpr *CE, CheckerContext &C) const;
67  const MemRegion *getArgRegion(const CallExpr *CE, CheckerContext &C) const;
68 
69 public:
70  bool evalCall(const CallEvent &Call, CheckerContext &C) const;
71  void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;
72  void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
73  ExprEngine &Eng) const;
74 };
75 } // namespace
76 
79 
80 bool ExprInspectionChecker::evalCall(const CallEvent &Call,
81  CheckerContext &C) const {
82  const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
83  if (!CE)
84  return false;
85 
86  // These checks should have no effect on the surrounding environment
87  // (globals should not be invalidated, etc), hence the use of evalCall.
88  FnCheck Handler =
89  llvm::StringSwitch<FnCheck>(C.getCalleeName(CE))
90  .Case("clang_analyzer_eval", &ExprInspectionChecker::analyzerEval)
91  .Case("clang_analyzer_checkInlined",
92  &ExprInspectionChecker::analyzerCheckInlined)
93  .Case("clang_analyzer_crash", &ExprInspectionChecker::analyzerCrash)
94  .Case("clang_analyzer_warnIfReached",
95  &ExprInspectionChecker::analyzerWarnIfReached)
96  .Case("clang_analyzer_warnOnDeadSymbol",
97  &ExprInspectionChecker::analyzerWarnOnDeadSymbol)
98  .StartsWith("clang_analyzer_explain",
99  &ExprInspectionChecker::analyzerExplain)
100  .Case("clang_analyzer_dumpExtent",
101  &ExprInspectionChecker::analyzerDumpExtent)
102  .Case("clang_analyzer_dumpElementCount",
103  &ExprInspectionChecker::analyzerDumpElementCount)
104  .Case("clang_analyzer_value", &ExprInspectionChecker::analyzerValue)
105  .StartsWith("clang_analyzer_dumpSvalType",
106  &ExprInspectionChecker::analyzerDumpSValType)
107  .StartsWith("clang_analyzer_dump",
108  &ExprInspectionChecker::analyzerDump)
109  .Case("clang_analyzer_getExtent",
110  &ExprInspectionChecker::analyzerGetExtent)
111  .Case("clang_analyzer_printState",
112  &ExprInspectionChecker::analyzerPrintState)
113  .Case("clang_analyzer_numTimesReached",
114  &ExprInspectionChecker::analyzerNumTimesReached)
115  .Case("clang_analyzer_hashDump",
116  &ExprInspectionChecker::analyzerHashDump)
117  .Case("clang_analyzer_denote", &ExprInspectionChecker::analyzerDenote)
118  .Case("clang_analyzer_express", // This also marks the argument as
119  // interesting.
120  &ExprInspectionChecker::analyzerExpress)
121  .StartsWith("clang_analyzer_isTainted",
122  &ExprInspectionChecker::analyzerIsTainted)
123  .Default(nullptr);
124 
125  if (!Handler)
126  return false;
127 
128  (this->*Handler)(CE, C);
129  return true;
130 }
131 
132 static const char *getArgumentValueString(const CallExpr *CE,
133  CheckerContext &C) {
134  if (CE->getNumArgs() == 0)
135  return "Missing assertion argument";
136 
137  ExplodedNode *N = C.getPredecessor();
138  const LocationContext *LC = N->getLocationContext();
139  ProgramStateRef State = N->getState();
140 
141  const Expr *Assertion = CE->getArg(0);
142  SVal AssertionVal = State->getSVal(Assertion, LC);
143 
144  if (AssertionVal.isUndef())
145  return "UNDEFINED";
146 
147  ProgramStateRef StTrue, StFalse;
148  std::tie(StTrue, StFalse) =
149  State->assume(AssertionVal.castAs<DefinedOrUnknownSVal>());
150 
151  if (StTrue) {
152  if (StFalse)
153  return "UNKNOWN";
154  else
155  return "TRUE";
156  } else {
157  if (StFalse)
158  return "FALSE";
159  else
160  llvm_unreachable("Invalid constraint; neither true or false.");
161  }
162 }
163 
164 ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg,
165  CheckerContext &C,
166  Optional<SVal> ExprVal) const {
167  ExplodedNode *N = C.generateNonFatalErrorNode();
168  reportBug(Msg, C.getBugReporter(), N, ExprVal);
169  return N;
170 }
171 
172 ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg,
173  BugReporter &BR, ExplodedNode *N,
174  Optional<SVal> ExprVal) const {
175  if (!N)
176  return nullptr;
177 
178  if (!BT)
179  BT.reset(new BugType(this, "Checking analyzer assumptions", "debug"));
180 
181  auto R = std::make_unique<PathSensitiveBugReport>(*BT, Msg, N);
182  if (ExprVal) {
183  R->markInteresting(*ExprVal);
184  }
185  BR.emitReport(std::move(R));
186  return N;
187 }
188 
189 const Expr *ExprInspectionChecker::getArgExpr(const CallExpr *CE,
190  CheckerContext &C) const {
191  if (CE->getNumArgs() == 0) {
192  reportBug("Missing argument", C);
193  return nullptr;
194  }
195  return CE->getArg(0);
196 }
197 
198 const MemRegion *ExprInspectionChecker::getArgRegion(const CallExpr *CE,
199  CheckerContext &C) const {
200  const Expr *Arg = getArgExpr(CE, C);
201  if (!Arg)
202  return nullptr;
203 
204  const MemRegion *MR = C.getSVal(Arg).getAsRegion();
205  if (!MR) {
206  reportBug("Cannot obtain the region", C);
207  return nullptr;
208  }
209 
210  return MR;
211 }
212 
213 void ExprInspectionChecker::analyzerEval(const CallExpr *CE,
214  CheckerContext &C) const {
215  const LocationContext *LC = C.getPredecessor()->getLocationContext();
216 
217  // A specific instantiation of an inlined function may have more constrained
218  // values than can generally be assumed. Skip the check.
219  if (LC->getStackFrame()->getParent() != nullptr)
220  return;
221 
222  reportBug(getArgumentValueString(CE, C), C);
223 }
224 
225 void ExprInspectionChecker::analyzerWarnIfReached(const CallExpr *CE,
226  CheckerContext &C) const {
227  reportBug("REACHABLE", C);
228 }
229 
230 void ExprInspectionChecker::analyzerNumTimesReached(const CallExpr *CE,
231  CheckerContext &C) const {
232  ++ReachedStats[CE].NumTimesReached;
233  if (!ReachedStats[CE].ExampleNode) {
234  // Later, in checkEndAnalysis, we'd throw a report against it.
235  ReachedStats[CE].ExampleNode = C.generateNonFatalErrorNode();
236  }
237 }
238 
239 void ExprInspectionChecker::analyzerCheckInlined(const CallExpr *CE,
240  CheckerContext &C) const {
241  const LocationContext *LC = C.getPredecessor()->getLocationContext();
242 
243  // An inlined function could conceivably also be analyzed as a top-level
244  // function. We ignore this case and only emit a message (TRUE or FALSE)
245  // when we are analyzing it as an inlined function. This means that
246  // clang_analyzer_checkInlined(true) should always print TRUE, but
247  // clang_analyzer_checkInlined(false) should never actually print anything.
248  if (LC->getStackFrame()->getParent() == nullptr)
249  return;
250 
251  reportBug(getArgumentValueString(CE, C), C);
252 }
253 
254 void ExprInspectionChecker::analyzerExplain(const CallExpr *CE,
255  CheckerContext &C) const {
256  const Expr *Arg = getArgExpr(CE, C);
257  if (!Arg)
258  return;
259 
260  SVal V = C.getSVal(Arg);
261  SValExplainer Ex(C.getASTContext());
262  reportBug(Ex.Visit(V), C);
263 }
264 
265 static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C,
266  const llvm::APSInt &I) {
267  Out << I.getBitWidth() << (I.isUnsigned() ? "u:" : "s:");
268  Out << I;
269 }
270 
271 static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C,
272  SymbolRef Sym) {
273  C.getConstraintManager().printValue(Out, C.getState(), Sym);
274 }
275 
276 static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C,
277  SVal V) {
278  Out << V;
279 }
280 
281 template <typename T>
282 void ExprInspectionChecker::printAndReport(CheckerContext &C, T What) const {
284  llvm::raw_svector_ostream OS(Str);
285  printHelper(OS, C, What);
286  reportBug(OS.str(), C);
287 }
288 
289 void ExprInspectionChecker::analyzerValue(const CallExpr *CE,
290  CheckerContext &C) const {
291  const Expr *Arg = getArgExpr(CE, C);
292  if (!Arg)
293  return;
294 
295  SVal V = C.getSVal(Arg);
296  if (const SymbolRef Sym = V.getAsSymbol())
297  printAndReport(C, Sym);
298  else if (const llvm::APSInt *I = V.getAsInteger())
299  printAndReport(C, *I);
300  else
301  reportBug("n/a", C);
302 }
303 
304 void ExprInspectionChecker::analyzerDumpSValType(const CallExpr *CE,
305  CheckerContext &C) const {
306  const Expr *Arg = getArgExpr(CE, C);
307  if (!Arg)
308  return;
309 
310  QualType Ty = C.getSVal(Arg).getType(C.getASTContext());
311  reportBug(Ty.getAsString(), C);
312 }
313 
314 void ExprInspectionChecker::analyzerDump(const CallExpr *CE,
315  CheckerContext &C) const {
316  const Expr *Arg = getArgExpr(CE, C);
317  if (!Arg)
318  return;
319 
320  SVal V = C.getSVal(Arg);
321  printAndReport(C, V);
322 }
323 
324 void ExprInspectionChecker::analyzerGetExtent(const CallExpr *CE,
325  CheckerContext &C) const {
326  const MemRegion *MR = getArgRegion(CE, C);
327  if (!MR)
328  return;
329 
330  ProgramStateRef State = C.getState();
331  DefinedOrUnknownSVal Size = getDynamicExtent(State, MR, C.getSValBuilder());
332 
333  State = State->BindExpr(CE, C.getLocationContext(), Size);
334  C.addTransition(State);
335 }
336 
337 void ExprInspectionChecker::analyzerDumpExtent(const CallExpr *CE,
338  CheckerContext &C) const {
339  const MemRegion *MR = getArgRegion(CE, C);
340  if (!MR)
341  return;
342 
343  DefinedOrUnknownSVal Size =
344  getDynamicExtent(C.getState(), MR, C.getSValBuilder());
345  printAndReport(C, Size);
346 }
347 
348 void ExprInspectionChecker::analyzerDumpElementCount(const CallExpr *CE,
349  CheckerContext &C) const {
350  const MemRegion *MR = getArgRegion(CE, C);
351  if (!MR)
352  return;
353 
354  QualType ElementTy;
355  if (const auto *TVR = MR->getAs<TypedValueRegion>()) {
356  ElementTy = TVR->getValueType();
357  } else {
358  ElementTy = MR->castAs<SymbolicRegion>()->getPointeeStaticType();
359  }
360 
361  assert(!ElementTy->isPointerType());
362 
363  DefinedOrUnknownSVal ElementCount =
364  getDynamicElementCount(C.getState(), MR, C.getSValBuilder(), ElementTy);
365  printAndReport(C, ElementCount);
366 }
367 
368 void ExprInspectionChecker::analyzerPrintState(const CallExpr *CE,
369  CheckerContext &C) const {
370  C.getState()->dump();
371 }
372 
373 void ExprInspectionChecker::analyzerWarnOnDeadSymbol(const CallExpr *CE,
374  CheckerContext &C) const {
375  const Expr *Arg = getArgExpr(CE, C);
376  if (!Arg)
377  return;
378 
379  SVal Val = C.getSVal(Arg);
380  SymbolRef Sym = Val.getAsSymbol();
381  if (!Sym)
382  return;
383 
384  ProgramStateRef State = C.getState();
385  State = State->add<MarkedSymbols>(Sym);
386  C.addTransition(State);
387 }
388 
389 void ExprInspectionChecker::checkDeadSymbols(SymbolReaper &SymReaper,
390  CheckerContext &C) const {
391  ProgramStateRef State = C.getState();
392  const MarkedSymbolsTy &Syms = State->get<MarkedSymbols>();
393  ExplodedNode *N = C.getPredecessor();
394  for (auto I = Syms.begin(), E = Syms.end(); I != E; ++I) {
395  SymbolRef Sym = *I;
396  if (!SymReaper.isDead(Sym))
397  continue;
398 
399  // The non-fatal error node should be the same for all reports.
400  if (ExplodedNode *BugNode = reportBug("SYMBOL DEAD", C))
401  N = BugNode;
402  State = State->remove<MarkedSymbols>(Sym);
403  }
404 
405  for (auto I : State->get<DenotedSymbols>()) {
406  SymbolRef Sym = I.first;
407  if (!SymReaper.isLive(Sym))
408  State = State->remove<DenotedSymbols>(Sym);
409  }
410 
411  C.addTransition(State, N);
412 }
413 
414 void ExprInspectionChecker::checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
415  ExprEngine &Eng) const {
416  for (auto Item : ReachedStats) {
417  unsigned NumTimesReached = Item.second.NumTimesReached;
418  ExplodedNode *N = Item.second.ExampleNode;
419 
420  reportBug(llvm::to_string(NumTimesReached), BR, N);
421  }
422  ReachedStats.clear();
423 }
424 
425 void ExprInspectionChecker::analyzerCrash(const CallExpr *CE,
426  CheckerContext &C) const {
427  LLVM_BUILTIN_TRAP;
428 }
429 
430 void ExprInspectionChecker::analyzerHashDump(const CallExpr *CE,
431  CheckerContext &C) const {
432  const LangOptions &Opts = C.getLangOpts();
433  const SourceManager &SM = C.getSourceManager();
434  FullSourceLoc FL(CE->getArg(0)->getBeginLoc(), SM);
435  std::string HashContent =
436  getIssueString(FL, getCheckerName().getName(), "Category",
437  C.getLocationContext()->getDecl(), Opts);
438 
439  reportBug(HashContent, C);
440 }
441 
442 void ExprInspectionChecker::analyzerDenote(const CallExpr *CE,
443  CheckerContext &C) const {
444  if (CE->getNumArgs() < 2) {
445  reportBug("clang_analyzer_denote() requires a symbol and a string literal",
446  C);
447  return;
448  }
449 
450  SymbolRef Sym = C.getSVal(CE->getArg(0)).getAsSymbol();
451  if (!Sym) {
452  reportBug("Not a symbol", C);
453  return;
454  }
455 
456  const auto *E = dyn_cast<StringLiteral>(CE->getArg(1)->IgnoreParenCasts());
457  if (!E) {
458  reportBug("Not a string literal", C);
459  return;
460  }
461 
462  ProgramStateRef State = C.getState();
463 
464  C.addTransition(C.getState()->set<DenotedSymbols>(Sym, E));
465 }
466 
467 namespace {
468 class SymbolExpressor
469  : public SymExprVisitor<SymbolExpressor, Optional<std::string>> {
471 
472 public:
473  SymbolExpressor(ProgramStateRef State) : State(State) {}
474 
475  Optional<std::string> lookup(const SymExpr *S) {
476  if (const StringLiteral *const *SLPtr = State->get<DenotedSymbols>(S)) {
477  const StringLiteral *SL = *SLPtr;
478  return std::string(SL->getBytes());
479  }
480  return std::nullopt;
481  }
482 
483  Optional<std::string> VisitSymExpr(const SymExpr *S) { return lookup(S); }
484 
485  Optional<std::string> VisitSymIntExpr(const SymIntExpr *S) {
486  if (Optional<std::string> Str = lookup(S))
487  return Str;
488  if (Optional<std::string> Str = Visit(S->getLHS()))
489  return (*Str + " " + BinaryOperator::getOpcodeStr(S->getOpcode()) + " " +
490  std::to_string(S->getRHS().getLimitedValue()) +
491  (S->getRHS().isUnsigned() ? "U" : ""))
492  .str();
493  return std::nullopt;
494  }
495 
496  Optional<std::string> VisitSymSymExpr(const SymSymExpr *S) {
497  if (Optional<std::string> Str = lookup(S))
498  return Str;
499  if (Optional<std::string> Str1 = Visit(S->getLHS()))
500  if (Optional<std::string> Str2 = Visit(S->getRHS()))
501  return (*Str1 + " " + BinaryOperator::getOpcodeStr(S->getOpcode()) +
502  " " + *Str2)
503  .str();
504  return std::nullopt;
505  }
506 
507  Optional<std::string> VisitUnarySymExpr(const UnarySymExpr *S) {
508  if (Optional<std::string> Str = lookup(S))
509  return Str;
510  if (Optional<std::string> Str = Visit(S->getOperand()))
511  return (UnaryOperator::getOpcodeStr(S->getOpcode()) + *Str).str();
512  return std::nullopt;
513  }
514 
515  Optional<std::string> VisitSymbolCast(const SymbolCast *S) {
516  if (Optional<std::string> Str = lookup(S))
517  return Str;
518  if (Optional<std::string> Str = Visit(S->getOperand()))
519  return (Twine("(") + S->getType().getAsString() + ")" + *Str).str();
520  return std::nullopt;
521  }
522 };
523 } // namespace
524 
525 void ExprInspectionChecker::analyzerExpress(const CallExpr *CE,
526  CheckerContext &C) const {
527  const Expr *Arg = getArgExpr(CE, C);
528  if (!Arg)
529  return;
530 
531  SVal ArgVal = C.getSVal(CE->getArg(0));
532  SymbolRef Sym = ArgVal.getAsSymbol();
533  if (!Sym) {
534  reportBug("Not a symbol", C, ArgVal);
535  return;
536  }
537 
538  SymbolExpressor V(C.getState());
539  auto Str = V.Visit(Sym);
540  if (!Str) {
541  reportBug("Unable to express", C, ArgVal);
542  return;
543  }
544 
545  reportBug(*Str, C, ArgVal);
546 }
547 
548 void ExprInspectionChecker::analyzerIsTainted(const CallExpr *CE,
549  CheckerContext &C) const {
550  if (CE->getNumArgs() != 1) {
551  reportBug("clang_analyzer_isTainted() requires exactly one argument", C);
552  return;
553  }
554  const bool IsTainted =
555  taint::isTainted(C.getState(), CE->getArg(0), C.getLocationContext());
556  reportBug(IsTainted ? "YES" : "NO", C);
557 }
558 
559 void ento::registerExprInspectionChecker(CheckerManager &Mgr) {
560  Mgr.registerChecker<ExprInspectionChecker>();
561 }
562 
563 bool ento::shouldRegisterExprInspectionChecker(const CheckerManager &mgr) {
564  return true;
565 }
DynamicExtent.h
clang::LocationContext
It wraps the AnalysisDeclContext to represent both the call stack with the help of StackFrameContext ...
Definition: AnalysisDeclContext.h:215
clang::LocationContext::getStackFrame
const StackFrameContext * getStackFrame() const
Definition: AnalysisDeclContext.cpp:462
clang::FullSourceLoc
A SourceLocation and its associated SourceManager.
Definition: SourceLocation.h:368
string
string(SUBSTRING ${CMAKE_CURRENT_BINARY_DIR} 0 ${PATH_LIB_START} PATH_HEAD) string(SUBSTRING $
Definition: CMakeLists.txt:22
clang::getIssueString
std::string getIssueString(const FullSourceLoc &IssueLoc, llvm::StringRef CheckerName, llvm::StringRef WarningMessage, const Decl *IssueDecl, const LangOptions &LangOpts)
Get the unhashed string representation of the V1 issue hash.
clang::ento::ProgramStateRef
IntrusiveRefCntPtr< const ProgramState > ProgramStateRef
Definition: ProgramState_Fwd.h:37
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:737
AttributeLangSupport::C
@ C
Definition: SemaDeclAttr.cpp:56
clang::BinaryOperator::getOpcodeStr
StringRef getOpcodeStr() const
Definition: Expr.h:3878
clang::ento::SymbolRef
const SymExpr * SymbolRef
Definition: SymExpr.h:111
llvm::Optional
Definition: LLVM.h:40
clang::QualType::getAsString
static std::string getAsString(SplitQualType split, const PrintingPolicy &Policy)
Definition: Type.h:1088
clang::ento::taint::isTainted
bool isTainted(ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)
Check if the statement has a tainted value in the given state.
clang::SourceManager
This class handles loading and caching of source files into memory.
Definition: SourceManager.h:637
clang::ento::SymSymExpr
BinarySymExprImpl< const SymExpr *, const SymExpr *, SymExpr::Kind::SymSymExprKind > SymSymExpr
Represents a symbolic expression like 'x' + 'y'.
Definition: SymbolManager.h:479
CallEvent.h
REGISTER_MAP_WITH_PROGRAMSTATE
#define REGISTER_MAP_WITH_PROGRAMSTATE(Name, Key, Value)
Declares an immutable map of type NameTy, suitable for placement into the ProgramState.
Definition: ProgramStateTrait.h:87
APSInt
llvm::APSInt APSInt
Definition: ByteCodeEmitter.cpp:19
V
#define V(N, I)
Definition: ASTContext.h:3208
BuiltinCheckerRegistration.h
clang::StringLiteral::getBytes
StringRef getBytes() const
Allow access to clients that need the byte representation, such as ASTWriterStmt::VisitStringLiteral(...
Definition: Expr.h:1868
clang::UnaryOperator::getOpcodeStr
static StringRef getOpcodeStr(Opcode Op)
getOpcodeStr - Turn an Opcode enum value into the punctuation char it corresponds to,...
Definition: Expr.cpp:1388
IssueHash.h
clang::CallExpr::getArg
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Definition: Expr.h:3002
getArgumentValueString
static const char * getArgumentValueString(const CallExpr *CE, CheckerContext &C)
Definition: ExprInspectionChecker.cpp:132
llvm::SmallString
Definition: LLVM.h:37
REGISTER_SET_WITH_PROGRAMSTATE
#define REGISTER_SET_WITH_PROGRAMSTATE(Name, Elem)
Declares an immutable set of type NameTy, suitable for placement into the ProgramState.
Definition: ProgramStateTrait.h:112
clang::StringLiteral
StringLiteral - This represents a string literal expression, e.g.
Definition: Expr.h:1777
clang::ento::getDynamicElementCount
DefinedOrUnknownSVal getDynamicElementCount(ProgramStateRef State, const MemRegion *MR, SValBuilder &SVB, QualType Ty)
getName
static std::string getName(const CallEvent &Call)
Definition: ReturnValueChecker.cpp:61
clang::Type::castAs
const T * castAs() const
Member-template castAs<specific type>.
Definition: Type.h:7453
clang::LocationContext::getParent
const LocationContext * getParent() const
It might return null.
Definition: AnalysisDeclContext.h:247
clang::Expr::IgnoreParenCasts
Expr * IgnoreParenCasts() LLVM_READONLY
Skip past any parentheses and casts which might surround this expression until reaching a fixed point...
Definition: Expr.cpp:3040
clang::Type::isPointerType
bool isPointerType() const
Definition: Type.h:6883
clang::syntax::NodeRole::Size
@ Size
clang::ento::SymIntExpr
BinarySymExprImpl< const SymExpr *, const llvm::APSInt &, SymExpr::Kind::SymIntExprKind > SymIntExpr
Represents a symbolic expression like 'x' + 3.
Definition: SymbolManager.h:471
Taint.h
BugType.h
clang::CallExpr::getNumArgs
unsigned getNumArgs() const
getNumArgs - Return the number of actual arguments to this call.
Definition: Expr.h:2989
State
LineState State
Definition: UnwrappedLineFormatter.cpp:1147
CheckerContext.h
clang::LangOptions
Keeps track of the various options that can be enabled, which controls the dialect of C or C++ that i...
Definition: LangOptions.h:81
printHelper
static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C, const llvm::APSInt &I)
Definition: ExprInspectionChecker.cpp:265
clang::ento::getDynamicExtent
DefinedOrUnknownSVal getDynamicExtent(ProgramStateRef State, const MemRegion *MR, SValBuilder &SVB)
Checker.h
clang
Definition: CalledOnceCheck.h:17
clang::Stmt::getBeginLoc
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: Stmt.cpp:336
clang::interp::Call
bool Call(InterpState &S, CodePtr &PC, const Function *Func)
Definition: Interp.h:1246
clang::Expr
This represents one expression.
Definition: Expr.h:109
SValExplainer.h
SM
#define SM(sm)
Definition: Cuda.cpp:79
clang::CallExpr
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2811
clang::ento::ObjKind::OS
@ OS
Indicates that the tracking object is a descendant of a referenced-counted OSObject,...