clang 18.0.0git
ExprInspectionChecker.cpp
Go to the documentation of this file.
1//==- ExprInspectionChecker.cpp - Used for regression tests ------*- C++ -*-==//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "clang/Analysis/IssueHash.h"
10#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
11#include "clang/StaticAnalyzer/Checkers/SValExplainer.h"
12#include "clang/StaticAnalyzer/Checkers/Taint.h"
13#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
14#include "clang/StaticAnalyzer/Core/Checker.h"
15#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
16#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
17#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
18#include "llvm/ADT/StringSwitch.h"
19#include "llvm/Support/ScopedPrinter.h"
20#include <optional>
21
22using namespace clang;
23using namespace ento;
24
25namespace {
26class ExprInspectionChecker
27 : public Checker<eval::Call, check::DeadSymbols, check::EndAnalysis> {
28 mutable std::unique_ptr<BugType> BT;
29
30 // These stats are per-analysis, not per-branch, hence they shouldn't
31 // stay inside the program state.
32 struct ReachedStat {
33 ExplodedNode *ExampleNode;
34 unsigned NumTimesReached;
35 };
36 mutable llvm::DenseMap<const CallExpr *, ReachedStat> ReachedStats;
37
38 void analyzerEval(const CallExpr *CE, CheckerContext &C) const;
39 void analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const;
40 void analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const;
41 void analyzerNumTimesReached(const CallExpr *CE, CheckerContext &C) const;
42 void analyzerCrash(const CallExpr *CE, CheckerContext &C) const;
43 void analyzerWarnOnDeadSymbol(const CallExpr *CE, CheckerContext &C) const;
44 void analyzerValue(const CallExpr *CE, CheckerContext &C) const;
45 void analyzerDumpSValType(const CallExpr *CE, CheckerContext &C) const;
46 void analyzerDump(const CallExpr *CE, CheckerContext &C) const;
47 void analyzerExplain(const CallExpr *CE, CheckerContext &C) const;
48 void analyzerPrintState(const CallExpr *CE, CheckerContext &C) const;
49 void analyzerGetExtent(const CallExpr *CE, CheckerContext &C) const;
50 void analyzerDumpExtent(const CallExpr *CE, CheckerContext &C) const;
51 void analyzerDumpElementCount(const CallExpr *CE, CheckerContext &C) const;
52 void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const;
53 void analyzerDenote(const CallExpr *CE, CheckerContext &C) const;
54 void analyzerExpress(const CallExpr *CE, CheckerContext &C) const;
55 void analyzerIsTainted(const CallExpr *CE, CheckerContext &C) const;
56
57 typedef void (ExprInspectionChecker::*FnCheck)(const CallExpr *,
58 CheckerContext &C) const;
59
60 // Optional parameter `ExprVal` for expression value to be marked interesting.
61 ExplodedNode *reportBug(llvm::StringRef Msg, CheckerContext &C,
62 std::optional<SVal> ExprVal = std::nullopt) const;
63 ExplodedNode *reportBug(llvm::StringRef Msg, BugReporter &BR, ExplodedNode *N,
64 std::optional<SVal> ExprVal = std::nullopt) const;
65 template <typename T> void printAndReport(CheckerContext &C, T What) const;
66
67 const Expr *getArgExpr(const CallExpr *CE, CheckerContext &C) const;
68 const MemRegion *getArgRegion(const CallExpr *CE, CheckerContext &C) const;
69
70public:
71 bool evalCall(const CallEvent &Call, CheckerContext &C) const;
72 void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;
73 void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
74 ExprEngine &Eng) const;
75};
76} // namespace
77
78REGISTER_SET_WITH_PROGRAMSTATE(MarkedSymbols, SymbolRef)
79REGISTER_MAP_WITH_PROGRAMSTATE(DenotedSymbols, SymbolRef, const StringLiteral *)
80
81bool ExprInspectionChecker::evalCall(const CallEvent &Call,
82 CheckerContext &C) const {
83 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
84 if (!CE)
85 return false;
86
87 // These checks should have no effect on the surrounding environment
88 // (globals should not be invalidated, etc), hence the use of evalCall.
89 FnCheck Handler =
90 llvm::StringSwitch<FnCheck>(C.getCalleeName(CE))
91 .Case("clang_analyzer_eval", &ExprInspectionChecker::analyzerEval)
92 .Case("clang_analyzer_checkInlined",
93 &ExprInspectionChecker::analyzerCheckInlined)
94 .Case("clang_analyzer_crash", &ExprInspectionChecker::analyzerCrash)
95 .Case("clang_analyzer_warnIfReached",
96 &ExprInspectionChecker::analyzerWarnIfReached)
97 .Case("clang_analyzer_warnOnDeadSymbol",
98 &ExprInspectionChecker::analyzerWarnOnDeadSymbol)
99 .StartsWith("clang_analyzer_explain",
100 &ExprInspectionChecker::analyzerExplain)
101 .Case("clang_analyzer_dumpExtent",
102 &ExprInspectionChecker::analyzerDumpExtent)
103 .Case("clang_analyzer_dumpElementCount",
104 &ExprInspectionChecker::analyzerDumpElementCount)
105 .Case("clang_analyzer_value", &ExprInspectionChecker::analyzerValue)
106 .StartsWith("clang_analyzer_dumpSvalType",
107 &ExprInspectionChecker::analyzerDumpSValType)
108 .StartsWith("clang_analyzer_dump",
109 &ExprInspectionChecker::analyzerDump)
110 .Case("clang_analyzer_getExtent",
111 &ExprInspectionChecker::analyzerGetExtent)
112 .Case("clang_analyzer_printState",
113 &ExprInspectionChecker::analyzerPrintState)
114 .Case("clang_analyzer_numTimesReached",
115 &ExprInspectionChecker::analyzerNumTimesReached)
116 .Case("clang_analyzer_hashDump",
117 &ExprInspectionChecker::analyzerHashDump)
118 .Case("clang_analyzer_denote", &ExprInspectionChecker::analyzerDenote)
119 .Case("clang_analyzer_express", // This also marks the argument as
120 // interesting.
121 &ExprInspectionChecker::analyzerExpress)
122 .StartsWith("clang_analyzer_isTainted",
123 &ExprInspectionChecker::analyzerIsTainted)
124 .Default(nullptr);
125
126 if (!Handler)
127 return false;
128
129 (this->*Handler)(CE, C);
130 return true;
131}
132
133static const char *getArgumentValueString(const CallExpr *CE,
134 CheckerContext &C) {
135 if (CE->getNumArgs() == 0)
136 return "Missing assertion argument";
137
138 ExplodedNode *N = C.getPredecessor();
139 const LocationContext *LC = N->getLocationContext();
140 ProgramStateRef State = N->getState();
141
142 const Expr *Assertion = CE->getArg(0);
143 SVal AssertionVal = State->getSVal(Assertion, LC);
144
145 if (AssertionVal.isUndef())
146 return "UNDEFINED";
147
148 ProgramStateRef StTrue, StFalse;
149 std::tie(StTrue, StFalse) =
150 State->assume(AssertionVal.castAs<DefinedOrUnknownSVal>());
151
152 if (StTrue) {
153 if (StFalse)
154 return "UNKNOWN";
155 else
156 return "TRUE";
157 } else {
158 if (StFalse)
159 return "FALSE";
160 else
161 llvm_unreachable("Invalid constraint; neither true or false.");
162 }
163}
164
165ExplodedNode *
166ExprInspectionChecker::reportBug(llvm::StringRef Msg, CheckerContext &C,
167 std::optional<SVal> ExprVal) const {
168 ExplodedNode *N = C.generateNonFatalErrorNode();
169 reportBug(Msg, C.getBugReporter(), N, ExprVal);
170 return N;
171}
172
173ExplodedNode *
174ExprInspectionChecker::reportBug(llvm::StringRef Msg, BugReporter &BR,
175 ExplodedNode *N,
176 std::optional<SVal> ExprVal) const {
177 if (!N)
178 return nullptr;
179
180 if (!BT)
181 BT.reset(new BugType(this, "Checking analyzer assumptions", "debug"));
182
183 auto R = std::make_unique<PathSensitiveBugReport>(*BT, Msg, N);
184 if (ExprVal) {
185 R->markInteresting(*ExprVal);
186 }
187 BR.emitReport(std::move(R));
188 return N;
189}
190
191const Expr *ExprInspectionChecker::getArgExpr(const CallExpr *CE,
192 CheckerContext &C) const {
193 if (CE->getNumArgs() == 0) {
194 reportBug("Missing argument", C);
195 return nullptr;
196 }
197 return CE->getArg(0);
198}
199
200const MemRegion *ExprInspectionChecker::getArgRegion(const CallExpr *CE,
201 CheckerContext &C) const {
202 const Expr *Arg = getArgExpr(CE, C);
203 if (!Arg)
204 return nullptr;
205
206 const MemRegion *MR = C.getSVal(Arg).getAsRegion();
207 if (!MR) {
208 reportBug("Cannot obtain the region", C);
209 return nullptr;
210 }
211
212 return MR;
213}
214
215void ExprInspectionChecker::analyzerEval(const CallExpr *CE,
216 CheckerContext &C) const {
217 const LocationContext *LC = C.getPredecessor()->getLocationContext();
218
219 // A specific instantiation of an inlined function may have more constrained
220 // values than can generally be assumed. Skip the check.
221 if (LC->getStackFrame()->getParent() != nullptr)
222 return;
223
224 reportBug(getArgumentValueString(CE, C), C);
225}
226
227void ExprInspectionChecker::analyzerWarnIfReached(const CallExpr *CE,
228 CheckerContext &C) const {
229 reportBug("REACHABLE", C);
230}
231
232void ExprInspectionChecker::analyzerNumTimesReached(const CallExpr *CE,
233 CheckerContext &C) const {
234 ++ReachedStats[CE].NumTimesReached;
235 if (!ReachedStats[CE].ExampleNode) {
236 // Later, in checkEndAnalysis, we'd throw a report against it.
237 ReachedStats[CE].ExampleNode = C.generateNonFatalErrorNode();
238 }
239}
240
241void ExprInspectionChecker::analyzerCheckInlined(const CallExpr *CE,
242 CheckerContext &C) const {
243 const LocationContext *LC = C.getPredecessor()->getLocationContext();
244
245 // An inlined function could conceivably also be analyzed as a top-level
246 // function. We ignore this case and only emit a message (TRUE or FALSE)
247 // when we are analyzing it as an inlined function. This means that
248 // clang_analyzer_checkInlined(true) should always print TRUE, but
249 // clang_analyzer_checkInlined(false) should never actually print anything.
250 if (LC->getStackFrame()->getParent() == nullptr)
251 return;
252
253 reportBug(getArgumentValueString(CE, C), C);
254}
255
256void ExprInspectionChecker::analyzerExplain(const CallExpr *CE,
257 CheckerContext &C) const {
258 const Expr *Arg = getArgExpr(CE, C);
259 if (!Arg)
260 return;
261
262 SVal V = C.getSVal(Arg);
263 SValExplainer Ex(C.getASTContext());
264 reportBug(Ex.Visit(V), C);
265}
266
267static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C,
268 const llvm::APSInt &I) {
269 Out << I.getBitWidth() << (I.isUnsigned() ? "u:" : "s:");
270 Out << I;
271}
272
273static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C,
274 SymbolRef Sym) {
275 C.getConstraintManager().printValue(Out, C.getState(), Sym);
276}
277
278static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C,
279 SVal V) {
280 Out << V;
281}
282
283template <typename T>
284void ExprInspectionChecker::printAndReport(CheckerContext &C, T What) const {
285 llvm::SmallString<64> Str;
286 llvm::raw_svector_ostream OS(Str);
287 printHelper(OS, C, What);
288 reportBug(OS.str(), C);
289}
290
291void ExprInspectionChecker::analyzerValue(const CallExpr *CE,
292 CheckerContext &C) const {
293 const Expr *Arg = getArgExpr(CE, C);
294 if (!Arg)
295 return;
296
297 SVal V = C.getSVal(Arg);
298 if (const SymbolRef Sym = V.getAsSymbol())
299 printAndReport(C, Sym);
300 else if (const llvm::APSInt *I = V.getAsInteger())
301 printAndReport(C, *I);
302 else
303 reportBug("n/a", C);
304}
305
306void ExprInspectionChecker::analyzerDumpSValType(const CallExpr *CE,
307 CheckerContext &C) const {
308 const Expr *Arg = getArgExpr(CE, C);
309 if (!Arg)
310 return;
311
312 QualType Ty = C.getSVal(Arg).getType(C.getASTContext());
313 reportBug(Ty.getAsString(), C);
314}
315
316void ExprInspectionChecker::analyzerDump(const CallExpr *CE,
317 CheckerContext &C) const {
318 const Expr *Arg = getArgExpr(CE, C);
319 if (!Arg)
320 return;
321
322 SVal V = C.getSVal(Arg);
323 printAndReport(C, V);
324}
325
326void ExprInspectionChecker::analyzerGetExtent(const CallExpr *CE,
327 CheckerContext &C) const {
328 const Expr *Arg = getArgExpr(CE, C);
329 if (!Arg)
330 return;
331
332 ProgramStateRef State = C.getState();
333 SVal Size = getDynamicExtentWithOffset(State, C.getSVal(Arg));
334
335 State = State->BindExpr(CE, C.getLocationContext(), Size);
336 C.addTransition(State);
337}
338
339void ExprInspectionChecker::analyzerDumpExtent(const CallExpr *CE,
340 CheckerContext &C) const {
341 const Expr *Arg = getArgExpr(CE, C);
342 if (!Arg)
343 return;
344
345 ProgramStateRef State = C.getState();
346 SVal Size = getDynamicExtentWithOffset(State, C.getSVal(Arg));
347 printAndReport(C, Size);
348}
349
350void ExprInspectionChecker::analyzerDumpElementCount(const CallExpr *CE,
351 CheckerContext &C) const {
352 const MemRegion *MR = getArgRegion(CE, C);
353 if (!MR)
354 return;
355
356 QualType ElementTy;
357 if (const auto *TVR = MR->getAs<TypedValueRegion>()) {
358 ElementTy = TVR->getValueType();
359 } else {
360 ElementTy = MR->castAs<SymbolicRegion>()->getPointeeStaticType();
361 }
362
363 assert(!ElementTy->isPointerType());
364
365 DefinedOrUnknownSVal ElementCount = getDynamicElementCountWithOffset(
366 C.getState(), C.getSVal(getArgExpr(CE, C)), ElementTy);
367 printAndReport(C, ElementCount);
368}
369
370void ExprInspectionChecker::analyzerPrintState(const CallExpr *CE,
371 CheckerContext &C) const {
372 C.getState()->dump();
373}
374
375void ExprInspectionChecker::analyzerWarnOnDeadSymbol(const CallExpr *CE,
376 CheckerContext &C) const {
377 const Expr *Arg = getArgExpr(CE, C);
378 if (!Arg)
379 return;
380
381 SVal Val = C.getSVal(Arg);
382 SymbolRef Sym = Val.getAsSymbol();
383 if (!Sym)
384 return;
385
386 ProgramStateRef State = C.getState();
387 State = State->add<MarkedSymbols>(Sym);
388 C.addTransition(State);
389}
390
391void ExprInspectionChecker::checkDeadSymbols(SymbolReaper &SymReaper,
392 CheckerContext &C) const {
393 ProgramStateRef State = C.getState();
394 const MarkedSymbolsTy &Syms = State->get<MarkedSymbols>();
395 ExplodedNode *N = C.getPredecessor();
396 for (SymbolRef Sym : Syms) {
397 if (!SymReaper.isDead(Sym))
398 continue;
399
400 // The non-fatal error node should be the same for all reports.
401 if (ExplodedNode *BugNode = reportBug("SYMBOL DEAD", C))
402 N = BugNode;
403 State = State->remove<MarkedSymbols>(Sym);
404 }
405
406 for (auto I : State->get<DenotedSymbols>()) {
407 SymbolRef Sym = I.first;
408 if (!SymReaper.isLive(Sym))
409 State = State->remove<DenotedSymbols>(Sym);
410 }
411
412 C.addTransition(State, N);
413}
414
415void ExprInspectionChecker::checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
416 ExprEngine &Eng) const {
417 for (auto Item : ReachedStats) {
418 unsigned NumTimesReached = Item.second.NumTimesReached;
419 ExplodedNode *N = Item.second.ExampleNode;
420
421 reportBug(llvm::to_string(NumTimesReached), BR, N);
422 }
423 ReachedStats.clear();
424}
425
426void ExprInspectionChecker::analyzerCrash(const CallExpr *CE,
427 CheckerContext &C) const {
428 LLVM_BUILTIN_TRAP;
429}
430
431void ExprInspectionChecker::analyzerHashDump(const CallExpr *CE,
432 CheckerContext &C) const {
433 const LangOptions &Opts = C.getLangOpts();
434 const SourceManager &SM = C.getSourceManager();
435 FullSourceLoc FL(CE->getArg(0)->getBeginLoc(), SM);
436 std::string HashContent =
437 getIssueString(FL, getCheckerName().getName(), "Category",
438 C.getLocationContext()->getDecl(), Opts);
439
440 reportBug(HashContent, C);
441}
442
443void ExprInspectionChecker::analyzerDenote(const CallExpr *CE,
444 CheckerContext &C) const {
445 if (CE->getNumArgs() < 2) {
446 reportBug("clang_analyzer_denote() requires a symbol and a string literal",
447 C);
448 return;
449 }
450
451 SymbolRef Sym = C.getSVal(CE->getArg(0)).getAsSymbol();
452 if (!Sym) {
453 reportBug("Not a symbol", C);
454 return;
455 }
456
457 const auto *E = dyn_cast<StringLiteral>(CE->getArg(1)->IgnoreParenCasts());
458 if (!E) {
459 reportBug("Not a string literal", C);
460 return;
461 }
462
463 ProgramStateRef State = C.getState();
464
465 C.addTransition(C.getState()->set<DenotedSymbols>(Sym, E));
466}
467
468namespace {
469class SymbolExpressor
470 : public SymExprVisitor<SymbolExpressor, std::optional<std::string>> {
471 ProgramStateRef State;
472
473public:
474 SymbolExpressor(ProgramStateRef State) : State(State) {}
475
476 std::optional<std::string> lookup(const SymExpr *S) {
477 if (const StringLiteral *const *SLPtr = State->get<DenotedSymbols>(S)) {
478 const StringLiteral *SL = *SLPtr;
479 return std::string(SL->getBytes());
480 }
481 return std::nullopt;
482 }
483
484 std::optional<std::string> VisitSymExpr(const SymExpr *S) {
485 return lookup(S);
486 }
487
488 std::optional<std::string> VisitSymIntExpr(const SymIntExpr *S) {
489 if (std::optional<std::string> Str = lookup(S))
490 return Str;
491 if (std::optional<std::string> Str = Visit(S->getLHS()))
492 return (*Str + " " + BinaryOperator::getOpcodeStr(S->getOpcode()) + " " +
493 std::to_string(S->getRHS().getLimitedValue()) +
494 (S->getRHS().isUnsigned() ? "U" : ""))
495 .str();
496 return std::nullopt;
497 }
498
499 std::optional<std::string> VisitSymSymExpr(const SymSymExpr *S) {
500 if (std::optional<std::string> Str = lookup(S))
501 return Str;
502 if (std::optional<std::string> Str1 = Visit(S->getLHS()))
503 if (std::optional<std::string> Str2 = Visit(S->getRHS()))
504 return (*Str1 + " " + BinaryOperator::getOpcodeStr(S->getOpcode()) +
505 " " + *Str2)
506 .str();
507 return std::nullopt;
508 }
509
510 std::optional<std::string> VisitUnarySymExpr(const UnarySymExpr *S) {
511 if (std::optional<std::string> Str = lookup(S))
512 return Str;
513 if (std::optional<std::string> Str = Visit(S->getOperand()))
514 return (UnaryOperator::getOpcodeStr(S->getOpcode()) + *Str).str();
515 return std::nullopt;
516 }
517
518 std::optional<std::string> VisitSymbolCast(const SymbolCast *S) {
519 if (std::optional<std::string> Str = lookup(S))
520 return Str;
521 if (std::optional<std::string> Str = Visit(S->getOperand()))
522 return (Twine("(") + S->getType().getAsString() + ")" + *Str).str();
523 return std::nullopt;
524 }
525};
526} // namespace
527
528void ExprInspectionChecker::analyzerExpress(const CallExpr *CE,
529 CheckerContext &C) const {
530 const Expr *Arg = getArgExpr(CE, C);
531 if (!Arg)
532 return;
533
534 SVal ArgVal = C.getSVal(CE->getArg(0));
535 SymbolRef Sym = ArgVal.getAsSymbol();
536 if (!Sym) {
537 reportBug("Not a symbol", C, ArgVal);
538 return;
539 }
540
541 SymbolExpressor V(C.getState());
542 auto Str = V.Visit(Sym);
543 if (!Str) {
544 reportBug("Unable to express", C, ArgVal);
545 return;
546 }
547
548 reportBug(*Str, C, ArgVal);
549}
550
551void ExprInspectionChecker::analyzerIsTainted(const CallExpr *CE,
552 CheckerContext &C) const {
553 if (CE->getNumArgs() != 1) {
554 reportBug("clang_analyzer_isTainted() requires exactly one argument", C);
555 return;
556 }
557 const bool IsTainted =
558 taint::isTainted(C.getState(), CE->getArg(0), C.getLocationContext());
559 reportBug(IsTainted ? "YES" : "NO", C);
560}
561
562void ento::registerExprInspectionChecker(CheckerManager &Mgr) {
563 Mgr.registerChecker<ExprInspectionChecker>();
564}
565
566bool ento::shouldRegisterExprInspectionChecker(const CheckerManager &mgr) {
567 return true;
568}
V
#define V(N, I)
Definition: ASTContext.h:3241
SM
#define SM(sm)
Definition: Cuda.cpp:80
printHelper
static void printHelper(llvm::raw_svector_ostream &Out, CheckerContext &C, const llvm::APSInt &I)
Definition: ExprInspectionChecker.cpp:267
getArgumentValueString
static const char * getArgumentValueString(const CallExpr *CE, CheckerContext &C)
Definition: ExprInspectionChecker.cpp:133
REGISTER_MAP_WITH_PROGRAMSTATE
#define REGISTER_MAP_WITH_PROGRAMSTATE(Name, Key, Value)
Declares an immutable map of type NameTy, suitable for placement into the ProgramState.
Definition: ProgramStateTrait.h:87
REGISTER_SET_WITH_PROGRAMSTATE
#define REGISTER_SET_WITH_PROGRAMSTATE(Name, Elem)
Declares an immutable set of type NameTy, suitable for placement into the ProgramState.
Definition: ProgramStateTrait.h:112
getName
static std::string getName(const CallEvent &Call)
Definition: ReturnValueChecker.cpp:61
clang::BinaryOperator::getOpcodeStr
StringRef getOpcodeStr() const
Definition: Expr.h:3927
clang::CallExpr
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2847
clang::CallExpr::getArg
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Definition: Expr.h:3038
clang::CallExpr::getNumArgs
unsigned getNumArgs() const
getNumArgs - Return the number of actual arguments to this call.
Definition: Expr.h:3025
clang::Expr
This represents one expression.
Definition: Expr.h:110
clang::Expr::IgnoreParenCasts
Expr * IgnoreParenCasts() LLVM_READONLY
Skip past any parentheses and casts which might surround this expression until reaching a fixed point...
Definition: Expr.cpp:3036
clang::FullSourceLoc
A SourceLocation and its associated SourceManager.
Definition: SourceLocation.h:368
clang::LangOptions
Keeps track of the various options that can be enabled, which controls the dialect of C or C++ that i...
Definition: LangOptions.h:83
clang::LocationContext
It wraps the AnalysisDeclContext to represent both the call stack with the help of StackFrameContext ...
Definition: AnalysisDeclContext.h:215
clang::LocationContext::getParent
const LocationContext * getParent() const
It might return null.
Definition: AnalysisDeclContext.h:247
clang::LocationContext::getStackFrame
const StackFrameContext * getStackFrame() const
Definition: AnalysisDeclContext.cpp:462
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:736
clang::QualType::getAsString
static std::string getAsString(SplitQualType split, const PrintingPolicy &Policy)
Definition: Type.h:1120
clang::SourceManager
This class handles loading and caching of source files into memory.
Definition: SourceManager.h:659
clang::Stmt::getBeginLoc
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: Stmt.cpp:337
clang::StringLiteral
StringLiteral - This represents a string literal expression, e.g.
Definition: Expr.h:1812
clang::StringLiteral::getBytes
StringRef getBytes() const
Allow access to clients that need the byte representation, such as ASTWriterStmt::VisitStringLiteral(...
Definition: Expr.h:1897
clang::Type::isPointerType
bool isPointerType() const
Definition: Type.h:7033
clang::UnaryOperator::getOpcodeStr
static StringRef getOpcodeStr(Opcode Op)
getOpcodeStr - Turn an Opcode enum value into the punctuation char it corresponds to,...
Definition: Expr.cpp:1375
clang::ento::BinarySymExprImpl
Template implementation for all binary symbolic expressions.
Definition: SymbolManager.h:425
clang::ento::BugReporter
BugReporter is a utility class for generating PathDiagnostics for analysis.
Definition: BugReporter.h:584
clang::ento::BugReporter::emitReport
virtual void emitReport(std::unique_ptr< BugReport > R)
Add the given report to the set of reports tracked by BugReporter.
Definition: BugReporter.cpp:2892
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:152
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:204
clang::ento::ExplodedNode::getState
const ProgramStateRef & getState() const
Definition: ExplodedGraph.h:169
clang::ento::ExplodedNode::getLocationContext
const LocationContext * getLocationContext() const
Definition: ExplodedGraph.h:147
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:96
clang::ento::MemRegion::castAs
LLVM_ATTRIBUTE_RETURNS_NONNULL const RegionTy * castAs() const
Definition: MemRegion.h:1391
clang::ento::MemRegion::getAs
const RegionTy * getAs() const
Definition: MemRegion.h:1383
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:55
clang::ento::SVal::isUndef
bool isUndef() const
Definition: SVals.h:104
clang::ento::SVal::getAsSymbol
SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const
If this SVal wraps a symbol return that SymbolRef.
Definition: SVals.cpp:104
clang::ento::SVal::castAs
T castAs() const
Convert to the specified SVal type, asserting that this SVal is of the desired type.
Definition: SVals.h:82
clang::ento::SymExprVisitor
SymExprVisitor - this class implements a simple visitor for SymExpr subclasses.
Definition: SValVisitor.h:66
clang::ento::SymExprVisitor::Visit
RetTy Visit(SymbolRef S)
Definition: SValVisitor.h:72
clang::ento::SymExprVisitor::VisitSymExpr
RetTy VisitSymExpr(SymbolRef S)
Definition: SValVisitor.h:89
clang::ento::SymExpr
Symbolic value.
Definition: SymExpr.h:30
clang::ento::SymbolCast
Represents a cast expression.
Definition: SymbolManager.h:279
clang::ento::SymbolReaper
A class responsible for cleaning up unused symbols.
Definition: SymbolManager.h:573
clang::ento::SymbolReaper::isDead
bool isDead(SymbolRef sym)
Returns whether or not a symbol has been confirmed dead.
Definition: SymbolManager.h:643
clang::ento::SymbolReaper::isLive
bool isLive(SymbolRef sym)
Definition: SymbolManager.cpp:459
clang::ento::SymbolicRegion
SymbolicRegion - A special, "non-concrete" region.
Definition: MemRegion.h:775
clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition: MemRegion.h:530
clang::ento::UnarySymExpr
Represents a symbolic expression involving a unary operator.
Definition: SymbolManager.h:329
clang::ento::taint::isTainted
bool isTainted(ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)
Check if the statement has a tainted value in the given state.
Definition: Taint.cpp:147
clang::ento::getDynamicExtentWithOffset
SVal getDynamicExtentWithOffset(ProgramStateRef State, SVal BufV)
Get the dynamic extent for a symbolic value that represents a buffer.
clang::ento::getDynamicElementCountWithOffset
DefinedOrUnknownSVal getDynamicElementCountWithOffset(ProgramStateRef State, SVal BufV, QualType Ty)
clang::getIssueString
std::string getIssueString(const FullSourceLoc &IssueLoc, llvm::StringRef CheckerName, llvm::StringRef WarningMessage, const Decl *IssueDecl, const LangOptions &LangOpts)
Get the unhashed string representation of the V1 issue hash.
Generated on Sun Dec 3 2023 10:22:47 for clang by doxygen 1.9.6