clang 23.0.0git
MemRegion.cpp
Go to the documentation of this file.
1//===- MemRegion.cpp - Abstract memory regions for static analysis --------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines MemRegion and its subclasses. MemRegion defines a
10// partially-typed abstraction of memory useful for path-sensitive dataflow
11// analyses.
12//
13//===----------------------------------------------------------------------===//
14
15#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
16#include "clang/AST/ASTContext.h"
17#include "clang/AST/Attr.h"
18#include "clang/AST/CharUnits.h"
19#include "clang/AST/Decl.h"
20#include "clang/AST/DeclCXX.h"
21#include "clang/AST/DeclObjC.h"
22#include "clang/AST/Expr.h"
23#include "clang/AST/PrettyPrinter.h"
24#include "clang/AST/RecordLayout.h"
25#include "clang/AST/Type.h"
26#include "clang/Analysis/AnalysisDeclContext.h"
27#include "clang/Analysis/Support/BumpVector.h"
28#include "clang/Basic/IdentifierTable.h"
29#include "clang/Basic/LLVM.h"
30#include "clang/Basic/SourceManager.h"
31#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
32#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
33#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
34#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
35#include "llvm/ADT/APInt.h"
36#include "llvm/ADT/FoldingSet.h"
37#include "llvm/ADT/PointerUnion.h"
38#include "llvm/ADT/SmallString.h"
39#include "llvm/ADT/StringRef.h"
40#include "llvm/ADT/Twine.h"
41#include "llvm/ADT/iterator_range.h"
42#include "llvm/Support/Allocator.h"
43#include "llvm/Support/Casting.h"
44#include "llvm/Support/CheckedArithmetic.h"
45#include "llvm/Support/Compiler.h"
46#include "llvm/Support/Debug.h"
47#include "llvm/Support/ErrorHandling.h"
48#include "llvm/Support/raw_ostream.h"
49#include <cassert>
50#include <cstdint>
51#include <iterator>
52#include <optional>
53#include <string>
54#include <tuple>
55#include <utility>
56
57using namespace clang;
58using namespace ento;
59
60#define DEBUG_TYPE "MemRegion"
61
62REGISTER_MAP_WITH_PROGRAMSTATE(MemSpacesMap, const MemRegion *,
63 const MemSpaceRegion *)
64
65//===----------------------------------------------------------------------===//
66// MemRegion Construction.
67//===----------------------------------------------------------------------===//
68
69[[maybe_unused]] static bool isAReferenceTypedValueRegion(const MemRegion *R) {
70 const auto *TyReg = llvm::dyn_cast<TypedValueRegion>(R);
71 return TyReg && TyReg->getValueType()->isReferenceType();
72}
73
74template <typename RegionTy, typename SuperTy, typename Arg1Ty>
75RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1,
76 const SuperTy *superRegion) {
77 llvm::FoldingSetNodeID ID;
78 RegionTy::ProfileRegion(ID, arg1, superRegion);
79 void *InsertPos;
80 auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
81
82 if (!R) {
83 R = new (A) RegionTy(arg1, superRegion);
84 Regions.InsertNode(R, InsertPos);
85 assert(!isAReferenceTypedValueRegion(superRegion));
86 }
87
88 return R;
89}
90
91template <typename RegionTy, typename SuperTy, typename Arg1Ty, typename Arg2Ty>
92RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
93 const SuperTy *superRegion) {
94 llvm::FoldingSetNodeID ID;
95 RegionTy::ProfileRegion(ID, arg1, arg2, superRegion);
96 void *InsertPos;
97 auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
98
99 if (!R) {
100 R = new (A) RegionTy(arg1, arg2, superRegion);
101 Regions.InsertNode(R, InsertPos);
102 assert(!isAReferenceTypedValueRegion(superRegion));
103 }
104
105 return R;
106}
107
108template <typename RegionTy, typename SuperTy,
109 typename Arg1Ty, typename Arg2Ty, typename Arg3Ty>
110RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
111 const Arg3Ty arg3,
112 const SuperTy *superRegion) {
113 llvm::FoldingSetNodeID ID;
114 RegionTy::ProfileRegion(ID, arg1, arg2, arg3, superRegion);
115 void *InsertPos;
116 auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
117
118 if (!R) {
119 R = new (A) RegionTy(arg1, arg2, arg3, superRegion);
120 Regions.InsertNode(R, InsertPos);
121 assert(!isAReferenceTypedValueRegion(superRegion));
122 }
123
124 return R;
125}
126
127//===----------------------------------------------------------------------===//
128// Object destruction.
129//===----------------------------------------------------------------------===//
130
131MemRegion::~MemRegion() = default;
132
133// All regions and their data are BumpPtrAllocated. No need to call their
134// destructors.
135MemRegionManager::~MemRegionManager() = default;
136
137//===----------------------------------------------------------------------===//
138// Basic methods.
139//===----------------------------------------------------------------------===//
140
141bool SubRegion::isSubRegionOf(const MemRegion* R) const {
142 const MemRegion* r = this;
143 do {
144 if (r == R)
145 return true;
146 if (const auto *sr = dyn_cast<SubRegion>(r))
147 r = sr->getSuperRegion();
148 else
149 break;
150 } while (r != nullptr);
151 return false;
152}
153
154MemRegionManager &SubRegion::getMemRegionManager() const {
155 const SubRegion* r = this;
156 do {
157 const MemRegion *superRegion = r->getSuperRegion();
158 if (const auto *sr = dyn_cast<SubRegion>(superRegion)) {
159 r = sr;
160 continue;
161 }
162 return superRegion->getMemRegionManager();
163 } while (true);
164}
165
166const StackFrame *VarRegion::getStackFrame() const {
167 const auto *SSR = dyn_cast<StackSpaceRegion>(getRawMemorySpace());
168 return SSR ? SSR->getStackFrame() : nullptr;
169}
170
171const StackFrame *CXXLifetimeExtendedObjectRegion::getStackFrame() const {
172 const auto *SSR = dyn_cast<StackSpaceRegion>(getRawMemorySpace());
173 return SSR ? SSR->getStackFrame() : nullptr;
174}
175
176const StackFrame *CXXTempObjectRegion::getStackFrame() const {
177 assert(isa<StackSpaceRegion>(getRawMemorySpace()) &&
178 "A temporary object can only be allocated on the stack");
179 return cast<StackSpaceRegion>(getRawMemorySpace())->getStackFrame();
180}
181
182ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg)
183 : DeclRegion(sReg, ObjCIvarRegionKind), IVD(ivd) {
184 assert(IVD);
185}
186
187const ObjCIvarDecl *ObjCIvarRegion::getDecl() const { return IVD; }
188
189QualType ObjCIvarRegion::getValueType() const {
190 return getDecl()->getType();
191}
192
196
200
201QualType ParamVarRegion::getValueType() const {
202 assert(getDecl() &&
203 "`ParamVarRegion` support functions without `Decl` not implemented"
204 " yet.");
205 return getDecl()->getType();
206}
207
208const ParmVarDecl *ParamVarRegion::getDecl() const {
209 const Decl *D = getStackFrame()->getDecl();
210
211 if (const auto *FD = dyn_cast<FunctionDecl>(D)) {
212 assert(Index < FD->param_size());
213 return FD->parameters()[Index];
214 } else if (const auto *BD = dyn_cast<BlockDecl>(D)) {
215 assert(Index < BD->param_size());
216 return BD->parameters()[Index];
217 } else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) {
218 assert(Index < MD->param_size());
219 return MD->parameters()[Index];
220 } else if (const auto *CD = dyn_cast<CXXConstructorDecl>(D)) {
221 assert(Index < CD->param_size());
222 return CD->parameters()[Index];
223 } else {
224 llvm_unreachable("Unexpected Decl kind!");
225 }
226}
227
228//===----------------------------------------------------------------------===//
229// FoldingSet profiling.
230//===----------------------------------------------------------------------===//
231
232void MemSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
233 ID.AddInteger(static_cast<unsigned>(getKind()));
234}
235
236void StackSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
237 ID.AddInteger(static_cast<unsigned>(getKind()));
238 ID.AddPointer(getStackFrame());
239}
240
241void StaticGlobalSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
242 ID.AddInteger(static_cast<unsigned>(getKind()));
243 ID.AddPointer(getCodeRegion());
244}
245
246void StringRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
247 const StringLiteral *Str,
248 const MemRegion *superRegion) {
249 ID.AddInteger(static_cast<unsigned>(StringRegionKind));
250 ID.AddPointer(Str);
251 ID.AddPointer(superRegion);
252}
253
254void ObjCStringRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
255 const ObjCStringLiteral *Str,
256 const MemRegion *superRegion) {
257 ID.AddInteger(static_cast<unsigned>(ObjCStringRegionKind));
258 ID.AddPointer(Str);
259 ID.AddPointer(superRegion);
260}
261
262void AllocaRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
263 const Expr *Ex, unsigned cnt,
264 const MemRegion *superRegion) {
265 ID.AddInteger(static_cast<unsigned>(AllocaRegionKind));
266 ID.AddPointer(Ex);
267 ID.AddInteger(cnt);
268 ID.AddPointer(superRegion);
269}
270
271void AllocaRegion::Profile(llvm::FoldingSetNodeID& ID) const {
272 ProfileRegion(ID, Ex, Cnt, superRegion);
273}
274
275void CompoundLiteralRegion::Profile(llvm::FoldingSetNodeID& ID) const {
276 CompoundLiteralRegion::ProfileRegion(ID, CL, superRegion);
277}
278
279void CompoundLiteralRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
280 const CompoundLiteralExpr *CL,
281 const MemRegion* superRegion) {
282 ID.AddInteger(static_cast<unsigned>(CompoundLiteralRegionKind));
283 ID.AddPointer(CL);
284 ID.AddPointer(superRegion);
285}
286
287void CXXThisRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
288 const PointerType *PT,
289 const MemRegion *sRegion) {
290 ID.AddInteger(static_cast<unsigned>(CXXThisRegionKind));
291 ID.AddPointer(PT);
292 ID.AddPointer(sRegion);
293}
294
295void CXXThisRegion::Profile(llvm::FoldingSetNodeID &ID) const {
296 CXXThisRegion::ProfileRegion(ID, ThisPointerTy, superRegion);
297}
298
299void FieldRegion::Profile(llvm::FoldingSetNodeID &ID) const {
300 ProfileRegion(ID, getDecl(), superRegion);
301}
302
303void ObjCIvarRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
304 const ObjCIvarDecl *ivd,
305 const MemRegion* superRegion) {
306 ID.AddInteger(static_cast<unsigned>(ObjCIvarRegionKind));
307 ID.AddPointer(ivd);
308 ID.AddPointer(superRegion);
309}
310
311void ObjCIvarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
312 ProfileRegion(ID, getDecl(), superRegion);
313}
314
315void NonParamVarRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
316 const VarDecl *VD,
317 const MemRegion *superRegion) {
318 ID.AddInteger(static_cast<unsigned>(NonParamVarRegionKind));
319 ID.AddPointer(VD);
320 ID.AddPointer(superRegion);
321}
322
323void NonParamVarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
324 ProfileRegion(ID, getDecl(), superRegion);
325}
326
327void ParamVarRegion::ProfileRegion(llvm::FoldingSetNodeID &ID, const Expr *OE,
328 unsigned Idx, const MemRegion *SReg) {
329 ID.AddInteger(static_cast<unsigned>(ParamVarRegionKind));
330 ID.AddPointer(OE);
331 ID.AddInteger(Idx);
332 ID.AddPointer(SReg);
333}
334
335void ParamVarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
336 ProfileRegion(ID, getOriginExpr(), getIndex(), superRegion);
337}
338
339void SymbolicRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym,
340 const MemRegion *sreg) {
341 ID.AddInteger(static_cast<unsigned>(MemRegion::SymbolicRegionKind));
342 ID.Add(sym);
343 ID.AddPointer(sreg);
344}
345
346void SymbolicRegion::Profile(llvm::FoldingSetNodeID& ID) const {
347 SymbolicRegion::ProfileRegion(ID, sym, getSuperRegion());
348}
349
350void ElementRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
351 QualType ElementType, SVal Idx,
352 const MemRegion* superRegion) {
353 ID.AddInteger(MemRegion::ElementRegionKind);
354 ID.Add(ElementType);
355 ID.AddPointer(superRegion);
356 Idx.Profile(ID);
357}
358
359void ElementRegion::Profile(llvm::FoldingSetNodeID& ID) const {
360 ElementRegion::ProfileRegion(ID, ElementType, Index, superRegion);
361}
362
363void FunctionCodeRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
364 const NamedDecl *FD,
365 const MemRegion*) {
366 ID.AddInteger(MemRegion::FunctionCodeRegionKind);
367 ID.AddPointer(FD);
368}
369
370void FunctionCodeRegion::Profile(llvm::FoldingSetNodeID& ID) const {
371 FunctionCodeRegion::ProfileRegion(ID, FD, superRegion);
372}
373
374void BlockCodeRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
375 const BlockDecl *BD, CanQualType,
376 const AnalysisDeclContext *AC,
377 const MemRegion*) {
378 ID.AddInteger(MemRegion::BlockCodeRegionKind);
379 ID.AddPointer(BD);
380}
381
382void BlockCodeRegion::Profile(llvm::FoldingSetNodeID& ID) const {
383 BlockCodeRegion::ProfileRegion(ID, BD, locTy, AC, superRegion);
384}
385
386void BlockDataRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
387 const BlockCodeRegion *BC,
388 const LocationContext *LC,
389 unsigned BlkCount,
390 const MemRegion *sReg) {
391 ID.AddInteger(MemRegion::BlockDataRegionKind);
392 ID.AddPointer(BC);
393 ID.AddPointer(LC);
394 ID.AddInteger(BlkCount);
395 ID.AddPointer(sReg);
396}
397
398void BlockDataRegion::Profile(llvm::FoldingSetNodeID& ID) const {
399 BlockDataRegion::ProfileRegion(ID, BC, LC, BlockCount, getSuperRegion());
400}
401
402void CXXTempObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
403 Expr const *Ex,
404 const MemRegion *sReg) {
405 ID.AddPointer(Ex);
406 ID.AddPointer(sReg);
407}
408
409void CXXTempObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
410 ProfileRegion(ID, Ex, getSuperRegion());
411}
412
413void CXXLifetimeExtendedObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
414 const Expr *E,
415 const ValueDecl *D,
416 const MemRegion *sReg) {
417 ID.AddPointer(E);
418 ID.AddPointer(D);
419 ID.AddPointer(sReg);
420}
421
422void CXXLifetimeExtendedObjectRegion::Profile(
423 llvm::FoldingSetNodeID &ID) const {
424 ProfileRegion(ID, Ex, ExD, getSuperRegion());
425}
426
427void CXXBaseObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
428 const CXXRecordDecl *RD,
429 bool IsVirtual,
430 const MemRegion *SReg) {
431 ID.AddPointer(RD);
432 ID.AddBoolean(IsVirtual);
433 ID.AddPointer(SReg);
434}
435
436void CXXBaseObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
437 ProfileRegion(ID, getDecl(), isVirtual(), superRegion);
438}
439
440void CXXDerivedObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
441 const CXXRecordDecl *RD,
442 const MemRegion *SReg) {
443 ID.AddPointer(RD);
444 ID.AddPointer(SReg);
445}
446
447void CXXDerivedObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
448 ProfileRegion(ID, getDecl(), superRegion);
449}
450
451//===----------------------------------------------------------------------===//
452// Region anchors.
453//===----------------------------------------------------------------------===//
454
455void GlobalsSpaceRegion::anchor() {}
456
457void NonStaticGlobalSpaceRegion::anchor() {}
458
459void StackSpaceRegion::anchor() {}
460
461void TypedRegion::anchor() {}
462
463void TypedValueRegion::anchor() {}
464
465void CodeTextRegion::anchor() {}
466
467void SubRegion::anchor() {}
468
469//===----------------------------------------------------------------------===//
470// Region pretty-printing.
471//===----------------------------------------------------------------------===//
472
473LLVM_DUMP_METHOD void MemRegion::dump() const {
474 dumpToStream(llvm::errs());
475}
476
477std::string MemRegion::getString() const {
478 std::string s;
479 llvm::raw_string_ostream os(s);
480 dumpToStream(os);
481 return s;
482}
483
484void MemRegion::dumpToStream(raw_ostream &os) const {
485 os << "<Unknown Region>";
486}
487
488void AllocaRegion::dumpToStream(raw_ostream &os) const {
489 os << "alloca{S" << Ex->getID(getContext()) << ',' << Cnt << '}';
490}
491
492void FunctionCodeRegion::dumpToStream(raw_ostream &os) const {
493 os << "code{" << getDecl()->getDeclName().getAsString() << '}';
494}
495
496void BlockCodeRegion::dumpToStream(raw_ostream &os) const {
497 os << "block_code{" << static_cast<const void *>(this) << '}';
498}
499
500void BlockDataRegion::dumpToStream(raw_ostream &os) const {
501 os << "block_data{" << BC;
502 os << "; ";
503 for (auto Var : referenced_vars())
504 os << "(" << Var.getCapturedRegion() << "<-" << Var.getOriginalRegion()
505 << ") ";
506 os << '}';
507}
508
509void CompoundLiteralRegion::dumpToStream(raw_ostream &os) const {
510 // FIXME: More elaborate pretty-printing.
511 os << "{ S" << CL->getID(getContext()) << " }";
512}
513
514void CXXTempObjectRegion::dumpToStream(raw_ostream &os) const {
515 os << "temp_object{" << getValueType() << ", "
516 << "S" << Ex->getID(getContext()) << '}';
517}
518
519void CXXLifetimeExtendedObjectRegion::dumpToStream(raw_ostream &os) const {
520 os << "lifetime_extended_object{" << getValueType() << ", ";
521 if (const IdentifierInfo *ID = ExD->getIdentifier())
522 os << ID->getName();
523 else
524 os << "D" << ExD->getID();
525 os << ", "
526 << "S" << Ex->getID(getContext()) << '}';
527}
528
529void CXXBaseObjectRegion::dumpToStream(raw_ostream &os) const {
530 os << "Base{" << superRegion << ',' << getDecl()->getName() << '}';
531}
532
533void CXXDerivedObjectRegion::dumpToStream(raw_ostream &os) const {
534 os << "Derived{" << superRegion << ',' << getDecl()->getName() << '}';
535}
536
537void CXXThisRegion::dumpToStream(raw_ostream &os) const {
538 os << "this";
539}
540
541void ElementRegion::dumpToStream(raw_ostream &os) const {
542 os << "Element{" << superRegion << ',' << Index << ',' << getElementType()
543 << '}';
544}
545
546void FieldRegion::dumpToStream(raw_ostream &os) const {
547 os << superRegion << "." << *getDecl();
548}
549
550void ObjCIvarRegion::dumpToStream(raw_ostream &os) const {
551 os << "Ivar{" << superRegion << ',' << *getDecl() << '}';
552}
553
554void StringRegion::dumpToStream(raw_ostream &os) const {
555 assert(Str != nullptr && "Expecting non-null StringLiteral");
556 Str->printPretty(os, nullptr, PrintingPolicy(getContext().getLangOpts()));
557}
558
559void ObjCStringRegion::dumpToStream(raw_ostream &os) const {
560 assert(Str != nullptr && "Expecting non-null ObjCStringLiteral");
561 Str->printPretty(os, nullptr, PrintingPolicy(getContext().getLangOpts()));
562}
563
564void SymbolicRegion::dumpToStream(raw_ostream &os) const {
565 if (isa<HeapSpaceRegion>(getSuperRegion()))
566 os << "Heap";
567 os << "SymRegion{" << sym << '}';
568}
569
570void NonParamVarRegion::dumpToStream(raw_ostream &os) const {
571 if (const IdentifierInfo *ID = VD->getIdentifier())
572 os << ID->getName();
573 else
574 os << "NonParamVarRegion{D" << VD->getID() << '}';
575}
576
577LLVM_DUMP_METHOD void RegionRawOffset::dump() const {
578 dumpToStream(llvm::errs());
579}
580
581void RegionRawOffset::dumpToStream(raw_ostream &os) const {
582 os << "raw_offset{" << getRegion() << ',' << getOffset().getQuantity() << '}';
583}
584
585void CodeSpaceRegion::dumpToStream(raw_ostream &os) const {
586 os << "CodeSpaceRegion";
587}
588
589void StaticGlobalSpaceRegion::dumpToStream(raw_ostream &os) const {
590 os << "StaticGlobalsMemSpace{" << CR << '}';
591}
592
593void GlobalInternalSpaceRegion::dumpToStream(raw_ostream &os) const {
594 os << "GlobalInternalSpaceRegion";
595}
596
597void GlobalSystemSpaceRegion::dumpToStream(raw_ostream &os) const {
598 os << "GlobalSystemSpaceRegion";
599}
600
601void GlobalImmutableSpaceRegion::dumpToStream(raw_ostream &os) const {
602 os << "GlobalImmutableSpaceRegion";
603}
604
605void HeapSpaceRegion::dumpToStream(raw_ostream &os) const {
606 os << "HeapSpaceRegion";
607}
608
609void UnknownSpaceRegion::dumpToStream(raw_ostream &os) const {
610 os << "UnknownSpaceRegion";
611}
612
613void StackArgumentsSpaceRegion::dumpToStream(raw_ostream &os) const {
614 os << "StackArgumentsSpaceRegion";
615}
616
617void StackLocalsSpaceRegion::dumpToStream(raw_ostream &os) const {
618 os << "StackLocalsSpaceRegion";
619}
620
621void ParamVarRegion::dumpToStream(raw_ostream &os) const {
622 const ParmVarDecl *PVD = getDecl();
623 assert(PVD &&
624 "`ParamVarRegion` support functions without `Decl` not implemented"
625 " yet.");
626 if (const IdentifierInfo *ID = PVD->getIdentifier()) {
627 os << ID->getName();
628 } else {
629 os << "ParamVarRegion{P" << PVD->getID() << '}';
630 }
631}
632
633bool MemRegion::canPrintPretty() const {
634 return canPrintPrettyAsExpr();
635}
636
637bool MemRegion::canPrintPrettyAsExpr() const {
638 return false;
639}
640
641StringRef MemRegion::getKindStr() const {
642 switch (getKind()) {
643#define REGION(Id, Parent) \
644 case Id##Kind: \
645 return #Id;
646#include "clang/StaticAnalyzer/Core/PathSensitive/Regions.def"
647#undef REGION
648 }
649 llvm_unreachable("Unkown kind!");
650}
651
652void MemRegion::printPretty(raw_ostream &os) const {
653 assert(canPrintPretty() && "This region cannot be printed pretty.");
654 os << "'";
655 printPrettyAsExpr(os);
656 os << "'";
657}
658
659void MemRegion::printPrettyAsExpr(raw_ostream &) const {
660 llvm_unreachable("This region cannot be printed pretty.");
661}
662
663bool NonParamVarRegion::canPrintPrettyAsExpr() const { return true; }
664
665void NonParamVarRegion::printPrettyAsExpr(raw_ostream &os) const {
666 os << getDecl()->getName();
667}
668
669bool ParamVarRegion::canPrintPrettyAsExpr() const { return true; }
670
671void ParamVarRegion::printPrettyAsExpr(raw_ostream &os) const {
672 assert(getDecl() &&
673 "`ParamVarRegion` support functions without `Decl` not implemented"
674 " yet.");
675 os << getDecl()->getName();
676}
677
678bool ObjCIvarRegion::canPrintPrettyAsExpr() const {
679 return true;
680}
681
682void ObjCIvarRegion::printPrettyAsExpr(raw_ostream &os) const {
683 os << getDecl()->getName();
684}
685
686bool FieldRegion::canPrintPretty() const {
687 return true;
688}
689
690bool FieldRegion::canPrintPrettyAsExpr() const {
691 return superRegion->canPrintPrettyAsExpr();
692}
693
694void FieldRegion::printPrettyAsExpr(raw_ostream &os) const {
695 assert(canPrintPrettyAsExpr());
696 superRegion->printPrettyAsExpr(os);
697 os << "." << getDecl()->getName();
698}
699
700void FieldRegion::printPretty(raw_ostream &os) const {
701 if (canPrintPrettyAsExpr()) {
702 os << "\'";
703 printPrettyAsExpr(os);
704 os << "'";
705 } else {
706 os << "field " << "\'" << getDecl()->getName() << "'";
707 }
708}
709
710bool CXXBaseObjectRegion::canPrintPrettyAsExpr() const {
711 return superRegion->canPrintPrettyAsExpr();
712}
713
714void CXXBaseObjectRegion::printPrettyAsExpr(raw_ostream &os) const {
715 superRegion->printPrettyAsExpr(os);
716}
717
718bool CXXDerivedObjectRegion::canPrintPrettyAsExpr() const {
719 return superRegion->canPrintPrettyAsExpr();
720}
721
722void CXXDerivedObjectRegion::printPrettyAsExpr(raw_ostream &os) const {
723 superRegion->printPrettyAsExpr(os);
724}
725
726std::string MemRegion::getDescriptiveName(bool UseQuotes) const {
727 std::string VariableName;
728 std::string ArrayIndices;
729 const MemRegion *R = this;
730 SmallString<50> buf;
731 llvm::raw_svector_ostream os(buf);
732
733 // Enclose subject with single quotes if needed.
734 auto QuoteIfNeeded = [UseQuotes](const Twine &Subject) -> std::string {
735 if (UseQuotes)
736 return ("'" + Subject + "'").str();
737 return Subject.str();
738 };
739
740 // Obtain array indices to add them to the variable name.
741 const ElementRegion *ER = nullptr;
742 while ((ER = R->getAs<ElementRegion>())) {
743 // Index is a ConcreteInt.
744 if (auto CI = ER->getIndex().getAs<nonloc::ConcreteInt>()) {
745 llvm::SmallString<2> Idx;
746 CI->getValue()->toString(Idx);
747 ArrayIndices = (llvm::Twine("[") + Idx.str() + "]" + ArrayIndices).str();
748 }
749 // Index is symbolic, but may have a descriptive name.
750 else {
751 auto SI = ER->getIndex().getAs<nonloc::SymbolVal>();
752 if (!SI)
753 return "";
754
755 const MemRegion *OR = SI->getAsSymbol()->getOriginRegion();
756 if (!OR)
757 return "";
758
759 std::string Idx = OR->getDescriptiveName(false);
760 if (Idx.empty())
761 return "";
762
763 ArrayIndices = (llvm::Twine("[") + Idx + "]" + ArrayIndices).str();
764 }
765 R = ER->getSuperRegion();
766 }
767
768 // Get variable name.
769 if (R) {
770 // MemRegion can be pretty printed.
771 if (R->canPrintPrettyAsExpr()) {
772 R->printPrettyAsExpr(os);
773 return QuoteIfNeeded(llvm::Twine(os.str()) + ArrayIndices);
774 }
775
776 // FieldRegion may have ElementRegion as SuperRegion.
777 if (const auto *FR = R->getAs<FieldRegion>()) {
778 std::string Super = FR->getSuperRegion()->getDescriptiveName(false);
779 if (Super.empty())
780 return "";
781 return QuoteIfNeeded(Super + "." + FR->getDecl()->getName());
782 }
783 }
784
785 return VariableName;
786}
787
788SourceRange MemRegion::sourceRange() const {
789 // Check for more specific regions first.
790 if (auto *FR = dyn_cast<FieldRegion>(this)) {
791 return FR->getDecl()->getSourceRange();
792 }
793
794 if (auto *VR = dyn_cast<VarRegion>(this->getBaseRegion())) {
795 return VR->getDecl()->getSourceRange();
796 }
797
798 // Return invalid source range (can be checked by client).
799 return {};
800}
801
802//===----------------------------------------------------------------------===//
803// MemRegionManager methods.
804//===----------------------------------------------------------------------===//
805
806DefinedOrUnknownSVal MemRegionManager::getStaticSize(const MemRegion *MR,
807 SValBuilder &SVB) const {
808 const auto *SR = cast<SubRegion>(MR);
809 SymbolManager &SymMgr = SVB.getSymbolManager();
810
811 switch (SR->getKind()) {
812 case MemRegion::AllocaRegionKind:
813 case MemRegion::SymbolicRegionKind:
814 return nonloc::SymbolVal(SymMgr.acquire<SymbolExtent>(SR));
815 case MemRegion::StringRegionKind:
816 return SVB.makeIntVal(
817 cast<StringRegion>(SR)->getStringLiteral()->getByteLength() + 1,
818 SVB.getArrayIndexType());
819 case MemRegion::CompoundLiteralRegionKind:
820 case MemRegion::CXXBaseObjectRegionKind:
821 case MemRegion::CXXDerivedObjectRegionKind:
822 case MemRegion::CXXTempObjectRegionKind:
823 case MemRegion::CXXLifetimeExtendedObjectRegionKind:
824 case MemRegion::CXXThisRegionKind:
825 case MemRegion::ObjCIvarRegionKind:
826 case MemRegion::NonParamVarRegionKind:
827 case MemRegion::ParamVarRegionKind:
828 case MemRegion::ElementRegionKind:
829 case MemRegion::ObjCStringRegionKind: {
830 QualType Ty = cast<TypedValueRegion>(SR)->getDesugaredValueType(Ctx);
831 if (isa<VariableArrayType>(Ty))
832 return nonloc::SymbolVal(SymMgr.acquire<SymbolExtent>(SR));
833
834 if (Ty->isIncompleteType())
835 return UnknownVal();
836
837 return getElementExtent(Ty, SVB);
838 }
839 case MemRegion::FieldRegionKind: {
840 // Force callers to deal with bitfields explicitly.
841 if (cast<FieldRegion>(SR)->getDecl()->isBitField())
842 return UnknownVal();
843
844 QualType Ty = cast<TypedValueRegion>(SR)->getDesugaredValueType(Ctx);
845 const DefinedOrUnknownSVal Size = getElementExtent(Ty, SVB);
846
847 // We currently don't model flexible array members (FAMs), which are:
848 // - int array[]; of IncompleteArrayType
849 // - int array[0]; of ConstantArrayType with size 0
850 // - int array[1]; of ConstantArrayType with size 1
851 // https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
852 const auto isFlexibleArrayMemberCandidate =
853 [this](const ArrayType *AT) -> bool {
854 if (!AT)
855 return false;
856
857 auto IsIncompleteArray = [](const ArrayType *AT) {
858 return isa<IncompleteArrayType>(AT);
859 };
860 auto IsArrayOfZero = [](const ArrayType *AT) {
861 const auto *CAT = dyn_cast<ConstantArrayType>(AT);
862 return CAT && CAT->isZeroSize();
863 };
864 auto IsArrayOfOne = [](const ArrayType *AT) {
865 const auto *CAT = dyn_cast<ConstantArrayType>(AT);
866 return CAT && CAT->getSize() == 1;
867 };
868
869 using FAMKind = LangOptions::StrictFlexArraysLevelKind;
870 const FAMKind StrictFlexArraysLevel =
871 Ctx.getLangOpts().getStrictFlexArraysLevel();
872
873 // "Default": Any trailing array member is a FAM.
874 // Since we cannot tell at this point if this array is a trailing member
875 // or not, let's just do the same as for "OneZeroOrIncomplete".
876 if (StrictFlexArraysLevel == FAMKind::Default)
877 return IsArrayOfOne(AT) || IsArrayOfZero(AT) || IsIncompleteArray(AT);
878
879 if (StrictFlexArraysLevel == FAMKind::OneZeroOrIncomplete)
880 return IsArrayOfOne(AT) || IsArrayOfZero(AT) || IsIncompleteArray(AT);
881
882 if (StrictFlexArraysLevel == FAMKind::ZeroOrIncomplete)
883 return IsArrayOfZero(AT) || IsIncompleteArray(AT);
884
885 assert(StrictFlexArraysLevel == FAMKind::IncompleteOnly);
886 return IsIncompleteArray(AT);
887 };
888
889 if (isFlexibleArrayMemberCandidate(Ctx.getAsArrayType(Ty)))
890 return UnknownVal();
891
892 return Size;
893 }
894 // FIXME: The following are being used in 'SimpleSValBuilder' because there
895 // is no symbol to represent the regions more appropriately.
896 case MemRegion::BlockDataRegionKind:
897 case MemRegion::BlockCodeRegionKind:
898 case MemRegion::FunctionCodeRegionKind:
899 return nonloc::SymbolVal(SymMgr.acquire<SymbolExtent>(SR));
900 default:
901 llvm_unreachable("Unhandled region");
902 }
903}
904
905template <typename REG>
906const REG *MemRegionManager::LazyAllocate(REG*& region) {
907 if (!region) {
908 region = new (A) REG(*this);
909 }
910
911 return region;
912}
913
914template <typename REG, typename ARG>
915const REG *MemRegionManager::LazyAllocate(REG*& region, ARG a) {
916 if (!region) {
917 region = new (A) REG(this, a);
918 }
919
920 return region;
921}
922
923const StackLocalsSpaceRegion *
924MemRegionManager::getStackLocalsRegion(const StackFrame *SF) {
925 assert(SF);
926 StackLocalsSpaceRegion *&R = StackLocalsSpaceRegions[SF];
927
928 if (R)
929 return R;
930
931 R = new (A) StackLocalsSpaceRegion(*this, SF);
932 return R;
933}
934
935const StackArgumentsSpaceRegion *
936MemRegionManager::getStackArgumentsRegion(const StackFrame *SF) {
937 assert(SF);
938 StackArgumentsSpaceRegion *&R = StackArgumentsSpaceRegions[SF];
939
940 if (R)
941 return R;
942
943 R = new (A) StackArgumentsSpaceRegion(*this, SF);
944 return R;
945}
946
947const GlobalsSpaceRegion
948*MemRegionManager::getGlobalsRegion(MemRegion::Kind K,
949 const CodeTextRegion *CR) {
950 if (!CR) {
951 if (K == MemRegion::GlobalSystemSpaceRegionKind)
952 return LazyAllocate(SystemGlobals);
953 if (K == MemRegion::GlobalImmutableSpaceRegionKind)
954 return LazyAllocate(ImmutableGlobals);
955 assert(K == MemRegion::GlobalInternalSpaceRegionKind);
956 return LazyAllocate(InternalGlobals);
957 }
958
959 assert(K == MemRegion::StaticGlobalSpaceRegionKind);
960 StaticGlobalSpaceRegion *&R = StaticsGlobalSpaceRegions[CR];
961 if (R)
962 return R;
963
964 R = new (A) StaticGlobalSpaceRegion(*this, CR);
965 return R;
966}
967
968const HeapSpaceRegion *MemRegionManager::getHeapRegion() {
969 return LazyAllocate(heap);
970}
971
972const UnknownSpaceRegion *MemRegionManager::getUnknownRegion() {
973 return LazyAllocate(unknown);
974}
975
976const CodeSpaceRegion *MemRegionManager::getCodeRegion() {
977 return LazyAllocate(code);
978}
979
980//===----------------------------------------------------------------------===//
981// Constructing regions.
982//===----------------------------------------------------------------------===//
983
984const StringRegion *MemRegionManager::getStringRegion(const StringLiteral *Str){
985 return getSubRegion<StringRegion>(
986 Str, cast<GlobalInternalSpaceRegion>(getGlobalsRegion()));
987}
988
989const ObjCStringRegion *
990MemRegionManager::getObjCStringRegion(const ObjCStringLiteral *Str){
991 return getSubRegion<ObjCStringRegion>(
992 Str, cast<GlobalInternalSpaceRegion>(getGlobalsRegion()));
993}
994
995/// Look through a chain of LocationContexts to either find the
996/// StackFrame that matches a DeclContext, or find a VarRegion
997/// for a variable captured by a block.
998static llvm::PointerUnion<const StackFrame *, const VarRegion *>
999getStackOrCaptureRegionForDeclContext(const LocationContext *LC,
1000 const DeclContext *DC,
1001 const VarDecl *VD) {
1002 while (LC) {
1003 if (const auto *SF = dyn_cast<StackFrame>(LC)) {
1004 if (cast<DeclContext>(SF->getDecl()) == DC)
1005 return SF;
1006 if (SF->getData()) {
1007 // FIXME: This can be made more efficient.
1008 for (auto Var : static_cast<const BlockDataRegion *>(SF->getData())
1009 ->referenced_vars()) {
1010 const TypedValueRegion *OrigR = Var.getOriginalRegion();
1011 if (const auto *VR = dyn_cast<VarRegion>(OrigR)) {
1012 if (VR->getDecl() == VD)
1013 return cast<VarRegion>(Var.getCapturedRegion());
1014 }
1015 }
1016 }
1017 }
1018
1019 LC = LC->getParent();
1020 }
1021 return (const StackFrame *)nullptr;
1022}
1023
1024static bool isStdStreamVar(const VarDecl *D) {
1025 const IdentifierInfo *II = D->getIdentifier();
1026 if (!II)
1027 return false;
1028 if (!D->getDeclContext()->isTranslationUnit())
1029 return false;
1030 StringRef N = II->getName();
1031 QualType FILETy = D->getASTContext().getFILEType();
1032 if (FILETy.isNull())
1033 return false;
1034 FILETy = FILETy.getCanonicalType();
1035 QualType Ty = D->getType().getCanonicalType();
1036 return Ty->isPointerType() && Ty->getPointeeType() == FILETy &&
1037 (N == "stdin" || N == "stdout" || N == "stderr");
1038}
1039
1040const VarRegion *MemRegionManager::getVarRegion(const VarDecl *D,
1041 const LocationContext *LC) {
1042 const auto *PVD = dyn_cast<ParmVarDecl>(D);
1043 if (PVD) {
1044 unsigned Index = PVD->getFunctionScopeIndex();
1045 const StackFrame *SF = LC->getStackFrame();
1046 const Expr *CallSite = SF->getCallSite();
1047 if (CallSite) {
1048 const Decl *CalleeDecl = SF->getDecl();
1049 bool CurrentParam = true;
1050 if (const auto *FD = dyn_cast<FunctionDecl>(CalleeDecl)) {
1051 CurrentParam =
1052 (Index < FD->param_size() && FD->getParamDecl(Index) == PVD);
1053 } else if (const auto *BD = dyn_cast<BlockDecl>(CalleeDecl)) {
1054 CurrentParam =
1055 (Index < BD->param_size() && BD->getParamDecl(Index) == PVD);
1056 }
1057
1058 if (CurrentParam) {
1059 // If this is a parameter of the *current* stack frame, we can
1060 // represent it with a `ParamVarRegion`.
1061 return getSubRegion<ParamVarRegion>(CallSite, Index,
1062 getStackArgumentsRegion(SF));
1063 } else {
1064 // TODO: Parameters of other stack frames (which may have been be
1065 // captured by a lambda or a block) are currently represented by
1066 // `NonParamVarRegion`s. This behavior is present since commit
1067 // 98db1f990fc273adc1ae36d4ce97ce66fd27ac30 which introduced
1068 // `ParamVarRegion` in 2020; and appears to work (at least to some
1069 // extent); but it would be nice to clean this up (if somebody has time
1070 // and knowledge for a proper investigation).
1071 }
1072 } else {
1073 // TODO: Parameters of the entrypoint stack frame (where `CallSite` is
1074 // null) are currently represented by `NonParamVarRegion`s. This behavior
1075 // is also present since 98db1f990fc273adc1ae36d4ce97ce66fd27ac30 which
1076 // introduced `ParamVarRegion` in 2020, but it would be nice to clean it
1077 // up for the sake of clarity and consistency.
1078 }
1079 }
1080
1081 D = D->getCanonicalDecl();
1082 const MemRegion *sReg = nullptr;
1083
1084 if (D->hasGlobalStorage() && !D->isStaticLocal()) {
1085 QualType Ty = D->getType();
1086 assert(!Ty.isNull());
1087 if (Ty.isConstQualified()) {
1088 sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind);
1089 } else {
1090 // Pointer value of C standard streams is usually not modified by calls
1091 // to functions declared in system headers. This means that they should
1092 // not get invalidated by calls to functions declared in system headers,
1093 // so they are placed in the global internal space, which is not
1094 // invalidated by calls to functions declared in system headers.
1095 if (Ctx.getSourceManager().isInSystemHeader(D->getLocation()) &&
1096 !isStdStreamVar(D)) {
1097 sReg = getGlobalsRegion(MemRegion::GlobalSystemSpaceRegionKind);
1098 } else {
1099 sReg = getGlobalsRegion(MemRegion::GlobalInternalSpaceRegionKind);
1100 }
1101 }
1102
1103 // Finally handle static locals.
1104 } else {
1105 // FIXME: Once we implement scope handling, we will need to properly lookup
1106 // 'D' to the proper LocationContext.
1107 const DeclContext *DC = D->getDeclContext();
1108 llvm::PointerUnion<const StackFrame *, const VarRegion *> V =
1109 getStackOrCaptureRegionForDeclContext(LC, DC, D);
1110
1111 if (const auto *VR = dyn_cast_if_present<const VarRegion *>(V))
1112 return VR;
1113
1114 const auto *SF = cast<const StackFrame *>(V);
1115
1116 if (!SF) {
1117 // FIXME: Assign a more sensible memory space to static locals
1118 // we see from within blocks that we analyze as top-level declarations.
1119 sReg = getUnknownRegion();
1120 } else {
1121 if (D->hasLocalStorage()) {
1122 sReg = isa<ParmVarDecl, ImplicitParamDecl>(D)
1123 ? static_cast<const MemRegion *>(getStackArgumentsRegion(SF))
1124 : static_cast<const MemRegion *>(getStackLocalsRegion(SF));
1125 }
1126 else {
1127 assert(D->isStaticLocal());
1128 const Decl *STCD = SF->getDecl();
1129 if (isa<FunctionDecl, ObjCMethodDecl>(STCD))
1130 sReg = getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,
1131 getFunctionCodeRegion(cast<NamedDecl>(STCD)));
1132 else if (const auto *BD = dyn_cast<BlockDecl>(STCD)) {
1133 // FIXME: The fallback type here is totally bogus -- though it should
1134 // never be queried, it will prevent uniquing with the real
1135 // BlockCodeRegion. Ideally we'd fix the AST so that we always had a
1136 // signature.
1137 QualType T;
1138 if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())
1139 T = TSI->getType();
1140 if (T.isNull())
1141 T = getContext().VoidTy;
1142 if (!T->getAs<FunctionType>()) {
1143 FunctionProtoType::ExtProtoInfo Ext;
1144 T = getContext().getFunctionType(T, {}, Ext);
1145 }
1146 T = getContext().getBlockPointerType(T);
1147
1148 const BlockCodeRegion *BTR = getBlockCodeRegion(
1149 BD, Ctx.getCanonicalType(T), SF->getAnalysisDeclContext());
1150 sReg = getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,
1151 BTR);
1152 }
1153 else {
1154 sReg = getGlobalsRegion();
1155 }
1156 }
1157 }
1158 }
1159
1160 return getNonParamVarRegion(D, sReg);
1161}
1162
1163const NonParamVarRegion *
1164MemRegionManager::getNonParamVarRegion(const VarDecl *D,
1165 const MemRegion *superR) {
1166 // Prefer the definition over the canonical decl as the canonical form.
1167 D = D->getCanonicalDecl();
1168 if (const VarDecl *Def = D->getDefinition())
1169 D = Def;
1170 return getSubRegion<NonParamVarRegion>(D, superR);
1171}
1172
1173const ParamVarRegion *
1174MemRegionManager::getParamVarRegion(const Expr *OriginExpr, unsigned Index,
1175 const LocationContext *LC) {
1176 const StackFrame *SF = LC->getStackFrame();
1177 assert(SF);
1178 return getSubRegion<ParamVarRegion>(OriginExpr, Index,
1179 getStackArgumentsRegion(SF));
1180}
1181
1182const BlockDataRegion *
1183MemRegionManager::getBlockDataRegion(const BlockCodeRegion *BC,
1184 const LocationContext *LC,
1185 unsigned blockCount) {
1186 const MemSpaceRegion *sReg = nullptr;
1187 const BlockDecl *BD = BC->getDecl();
1188 if (!BD->hasCaptures()) {
1189 // This handles 'static' blocks.
1190 sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind);
1191 }
1192 else {
1193 bool IsArcManagedBlock = Ctx.getLangOpts().ObjCAutoRefCount;
1194
1195 // ARC managed blocks can be initialized on stack or directly in heap
1196 // depending on the implementations. So we initialize them with
1197 // UnknownRegion.
1198 if (!IsArcManagedBlock && LC) {
1199 // FIXME: Once we implement scope handling, we want the parent region
1200 // to be the scope.
1201 const StackFrame *SF = LC->getStackFrame();
1202 assert(SF);
1203 sReg = getStackLocalsRegion(SF);
1204 } else {
1205 // We allow 'LC' to be NULL for cases where want BlockDataRegions
1206 // without context-sensitivity.
1207 sReg = getUnknownRegion();
1208 }
1209 }
1210
1211 return getSubRegion<BlockDataRegion>(BC, LC, blockCount, sReg);
1212}
1213
1214const CompoundLiteralRegion*
1215MemRegionManager::getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
1216 const LocationContext *LC) {
1217 const MemSpaceRegion *sReg = nullptr;
1218
1219 if (CL->isFileScope())
1220 sReg = getGlobalsRegion();
1221 else {
1222 const StackFrame *SF = LC->getStackFrame();
1223 assert(SF);
1224 sReg = getStackLocalsRegion(SF);
1225 }
1226
1227 return getSubRegion<CompoundLiteralRegion>(CL, sReg);
1228}
1229
1230const ElementRegion *
1231MemRegionManager::getElementRegion(QualType elementType, NonLoc Idx,
1232 const SubRegion *superRegion,
1233 const ASTContext &Ctx) {
1234 QualType T = Ctx.getCanonicalType(elementType).getUnqualifiedType();
1235
1236 // The address space must be preserved because some target-specific address
1237 // spaces influence the size of the pointer value which is represented by the
1238 // element region.
1239 LangAS AS = elementType.getAddressSpace();
1240 if (AS != LangAS::Default) {
1241 Qualifiers Quals;
1242 Quals.setAddressSpace(AS);
1243 T = Ctx.getQualifiedType(T, Quals);
1244 }
1245
1246 llvm::FoldingSetNodeID ID;
1247 ElementRegion::ProfileRegion(ID, T, Idx, superRegion);
1248
1249 void *InsertPos;
1250 MemRegion* data = Regions.FindNodeOrInsertPos(ID, InsertPos);
1251 auto *R = cast_or_null<ElementRegion>(data);
1252
1253 if (!R) {
1254 R = new (A) ElementRegion(T, Idx, superRegion);
1255 Regions.InsertNode(R, InsertPos);
1256 }
1257
1258 return R;
1259}
1260
1261const FunctionCodeRegion *
1262MemRegionManager::getFunctionCodeRegion(const NamedDecl *FD) {
1263 // To think: should we canonicalize the declaration here?
1264 return getSubRegion<FunctionCodeRegion>(FD, getCodeRegion());
1265}
1266
1267const BlockCodeRegion *
1268MemRegionManager::getBlockCodeRegion(const BlockDecl *BD, CanQualType locTy,
1269 AnalysisDeclContext *AC) {
1270 return getSubRegion<BlockCodeRegion>(BD, locTy, AC, getCodeRegion());
1271}
1272
1273const SymbolicRegion *
1274MemRegionManager::getSymbolicRegion(SymbolRef sym,
1275 const MemSpaceRegion *MemSpace) {
1276 if (MemSpace == nullptr)
1277 MemSpace = getUnknownRegion();
1278 return getSubRegion<SymbolicRegion>(sym, MemSpace);
1279}
1280
1281const SymbolicRegion *MemRegionManager::getSymbolicHeapRegion(SymbolRef Sym) {
1282 return getSubRegion<SymbolicRegion>(Sym, getHeapRegion());
1283}
1284
1285const FieldRegion *
1286MemRegionManager::getFieldRegion(const FieldDecl *FD,
1287 const SubRegion *SuperRegion) {
1288 return getSubRegion<FieldRegion>(FD->getCanonicalDecl(), SuperRegion);
1289}
1290
1291const ObjCIvarRegion*
1292MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl *d,
1293 const SubRegion* superRegion) {
1294 return getSubRegion<ObjCIvarRegion>(d, superRegion);
1295}
1296
1297const CXXTempObjectRegion*
1298MemRegionManager::getCXXTempObjectRegion(Expr const *E,
1299 LocationContext const *LC) {
1300 const StackFrame *SF = LC->getStackFrame();
1301 assert(SF);
1302 return getSubRegion<CXXTempObjectRegion>(E, getStackLocalsRegion(SF));
1303}
1304
1305const CXXLifetimeExtendedObjectRegion *
1306MemRegionManager::getCXXLifetimeExtendedObjectRegion(
1307 const Expr *Ex, const ValueDecl *VD, const LocationContext *LC) {
1308 const StackFrame *SF = LC->getStackFrame();
1309 assert(SF);
1310 return getSubRegion<CXXLifetimeExtendedObjectRegion>(
1311 Ex, VD, getStackLocalsRegion(SF));
1312}
1313
1314const CXXLifetimeExtendedObjectRegion *
1315MemRegionManager::getCXXStaticLifetimeExtendedObjectRegion(
1316 const Expr *Ex, const ValueDecl *VD) {
1317 return getSubRegion<CXXLifetimeExtendedObjectRegion>(
1318 Ex, VD,
1319 getGlobalsRegion(MemRegion::GlobalInternalSpaceRegionKind, nullptr));
1320}
1321
1322/// Checks whether \p BaseClass is a valid virtual or direct non-virtual base
1323/// class of the type of \p Super.
1324static bool isValidBaseClass(const CXXRecordDecl *BaseClass,
1325 const TypedValueRegion *Super,
1326 bool IsVirtual) {
1327 BaseClass = BaseClass->getCanonicalDecl();
1328
1329 const CXXRecordDecl *Class = Super->getValueType()->getAsCXXRecordDecl();
1330 if (!Class)
1331 return true;
1332
1333 if (IsVirtual)
1334 return Class->isVirtuallyDerivedFrom(BaseClass);
1335
1336 for (const auto &I : Class->bases()) {
1337 if (I.getType()->getAsCXXRecordDecl()->getCanonicalDecl() == BaseClass)
1338 return true;
1339 }
1340
1341 return false;
1342}
1343
1344const CXXBaseObjectRegion *
1345MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *RD,
1346 const SubRegion *Super,
1347 bool IsVirtual) {
1348 if (isa<TypedValueRegion>(Super)) {
1349 assert(isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual));
1350 (void)&isValidBaseClass;
1351
1352 if (IsVirtual) {
1353 // Virtual base regions should not be layered, since the layout rules
1354 // are different.
1355 while (const auto *Base = dyn_cast<CXXBaseObjectRegion>(Super))
1356 Super = cast<SubRegion>(Base->getSuperRegion());
1357 assert(Super && !isa<MemSpaceRegion>(Super));
1358 }
1359 }
1360
1361 return getSubRegion<CXXBaseObjectRegion>(RD, IsVirtual, Super);
1362}
1363
1364const CXXDerivedObjectRegion *
1365MemRegionManager::getCXXDerivedObjectRegion(const CXXRecordDecl *RD,
1366 const SubRegion *Super) {
1367 return getSubRegion<CXXDerivedObjectRegion>(RD, Super);
1368}
1369
1370const CXXThisRegion*
1371MemRegionManager::getCXXThisRegion(QualType thisPointerTy,
1372 const LocationContext *LC) {
1373 const auto *PT = thisPointerTy->getAs<PointerType>();
1374 assert(PT);
1375 // Inside the body of the operator() of a lambda a this expr might refer to an
1376 // object in one of the parent location contexts.
1377 const auto *D = dyn_cast<CXXMethodDecl>(LC->getDecl());
1378 // FIXME: when operator() of lambda is analyzed as a top level function and
1379 // 'this' refers to a this to the enclosing scope, there is no right region to
1380 // return.
1381 while (!LC->inTopFrame() && (!D || D->isStatic() ||
1382 PT != D->getThisType()->getAs<PointerType>())) {
1383 LC = LC->getParent();
1384 D = dyn_cast<CXXMethodDecl>(LC->getDecl());
1385 }
1386 const StackFrame *SF = LC->getStackFrame();
1387 assert(SF);
1388 return getSubRegion<CXXThisRegion>(PT, getStackArgumentsRegion(SF));
1389}
1390
1391const AllocaRegion*
1392MemRegionManager::getAllocaRegion(const Expr *E, unsigned cnt,
1393 const LocationContext *LC) {
1394 const StackFrame *SF = LC->getStackFrame();
1395 assert(SF);
1396 return getSubRegion<AllocaRegion>(E, cnt, getStackLocalsRegion(SF));
1397}
1398
1399const MemSpaceRegion *MemRegion::getRawMemorySpace() const {
1400 const MemRegion *R = this;
1401 const auto *SR = dyn_cast<SubRegion>(this);
1402
1403 while (SR) {
1404 R = SR->getSuperRegion();
1405 SR = dyn_cast<SubRegion>(R);
1406 }
1407
1408 return cast<MemSpaceRegion>(R);
1409}
1410
1411const MemSpaceRegion *MemRegion::getMemorySpace(ProgramStateRef State) const {
1412 const MemRegion *MR = getBaseRegion();
1413
1414 const MemSpaceRegion *RawSpace = MR->getRawMemorySpace();
1415 if (!isa<UnknownSpaceRegion>(RawSpace))
1416 return RawSpace;
1417
1418 const MemSpaceRegion *const *AssociatedSpace = State->get<MemSpacesMap>(MR);
1419 return AssociatedSpace ? *AssociatedSpace : RawSpace;
1420}
1421
1422ProgramStateRef MemRegion::setMemorySpace(ProgramStateRef State,
1423 const MemSpaceRegion *Space) const {
1424 const MemRegion *Base = getBaseRegion();
1425
1426 // Shouldn't set unknown space.
1427 assert(!isa<UnknownSpaceRegion>(Space));
1428
1429 // Currently, it we should have no accurate memspace for this region.
1430 assert(Base->hasMemorySpace<UnknownSpaceRegion>(State));
1431 return State->set<MemSpacesMap>(Base, Space);
1432}
1433
1434// Strips away all elements and fields.
1435// Returns the base region of them.
1436const MemRegion *MemRegion::getBaseRegion() const {
1437 const MemRegion *R = this;
1438 while (true) {
1439 switch (R->getKind()) {
1440 case MemRegion::ElementRegionKind:
1441 case MemRegion::FieldRegionKind:
1442 case MemRegion::ObjCIvarRegionKind:
1443 case MemRegion::CXXBaseObjectRegionKind:
1444 case MemRegion::CXXDerivedObjectRegionKind:
1445 R = cast<SubRegion>(R)->getSuperRegion();
1446 continue;
1447 default:
1448 break;
1449 }
1450 break;
1451 }
1452 return R;
1453}
1454
1455// Returns the region of the root class of a C++ class hierarchy.
1456const MemRegion *MemRegion::getMostDerivedObjectRegion() const {
1457 const MemRegion *R = this;
1458 while (const auto *BR = dyn_cast<CXXBaseObjectRegion>(R))
1459 R = BR->getSuperRegion();
1460 return R;
1461}
1462
1463bool MemRegion::isSubRegionOf(const MemRegion *) const {
1464 return false;
1465}
1466
1467//===----------------------------------------------------------------------===//
1468// View handling.
1469//===----------------------------------------------------------------------===//
1470
1471const MemRegion *MemRegion::StripCasts(bool StripBaseAndDerivedCasts) const {
1472 const MemRegion *R = this;
1473 while (true) {
1474 switch (R->getKind()) {
1475 case ElementRegionKind: {
1476 const auto *ER = cast<ElementRegion>(R);
1477 if (!ER->getIndex().isZeroConstant())
1478 return R;
1479 R = ER->getSuperRegion();
1480 break;
1481 }
1482 case CXXBaseObjectRegionKind:
1483 case CXXDerivedObjectRegionKind:
1484 if (!StripBaseAndDerivedCasts)
1485 return R;
1486 R = cast<TypedValueRegion>(R)->getSuperRegion();
1487 break;
1488 default:
1489 return R;
1490 }
1491 }
1492}
1493
1494const SymbolicRegion *MemRegion::getSymbolicBase() const {
1495 const auto *SubR = dyn_cast<SubRegion>(this);
1496
1497 while (SubR) {
1498 if (const auto *SymR = dyn_cast<SymbolicRegion>(SubR))
1499 return SymR;
1500 SubR = dyn_cast<SubRegion>(SubR->getSuperRegion());
1501 }
1502 return nullptr;
1503}
1504
1505RegionRawOffset ElementRegion::getAsArrayOffset() const {
1506 int64_t offset = 0;
1507 const ElementRegion *ER = this;
1508 const MemRegion *superR = nullptr;
1509 ASTContext &C = getContext();
1510
1511 // FIXME: Handle multi-dimensional arrays.
1512
1513 while (ER) {
1514 superR = ER->getSuperRegion();
1515
1516 // FIXME: generalize to symbolic offsets.
1517 SVal index = ER->getIndex();
1518 if (auto CI = index.getAs<nonloc::ConcreteInt>()) {
1519 // Update the offset.
1520 if (int64_t i = CI->getValue()->getSExtValue(); i != 0) {
1521 QualType elemType = ER->getElementType();
1522
1523 // If we are pointing to an incomplete type, go no further.
1524 if (elemType->isIncompleteType()) {
1525 superR = ER;
1526 break;
1527 }
1528
1529 int64_t size = C.getTypeSizeInChars(elemType).getQuantity();
1530 if (auto NewOffset = llvm::checkedMulAdd(i, size, offset)) {
1531 offset = *NewOffset;
1532 } else {
1533 LLVM_DEBUG(llvm::dbgs() << "MemRegion::getAsArrayOffset: "
1534 << "offset overflowing, returning unknown\n");
1535
1536 return nullptr;
1537 }
1538 }
1539
1540 // Go to the next ElementRegion (if any).
1541 ER = dyn_cast<ElementRegion>(superR);
1542 continue;
1543 }
1544
1545 return nullptr;
1546 }
1547
1548 assert(superR && "super region cannot be NULL");
1549 return RegionRawOffset(superR, CharUnits::fromQuantity(offset));
1550}
1551
1552/// Returns true if \p Base is an immediate base class of \p Child
1553static bool isImmediateBase(const CXXRecordDecl *Child,
1554 const CXXRecordDecl *Base) {
1555 assert(Child && "Child must not be null");
1556 // Note that we do NOT canonicalize the base class here, because
1557 // ASTRecordLayout doesn't either. If that leads us down the wrong path,
1558 // so be it; at least we won't crash.
1559 for (const auto &I : Child->bases()) {
1560 if (I.getType()->getAsCXXRecordDecl() == Base)
1561 return true;
1562 }
1563
1564 return false;
1565}
1566
1567static RegionOffset calculateOffset(const MemRegion *R) {
1568 const MemRegion *SymbolicOffsetBase = nullptr;
1569 int64_t Offset = 0;
1570
1571 while (true) {
1572 switch (R->getKind()) {
1573 case MemRegion::CodeSpaceRegionKind:
1574 case MemRegion::StackLocalsSpaceRegionKind:
1575 case MemRegion::StackArgumentsSpaceRegionKind:
1576 case MemRegion::HeapSpaceRegionKind:
1577 case MemRegion::UnknownSpaceRegionKind:
1578 case MemRegion::StaticGlobalSpaceRegionKind:
1579 case MemRegion::GlobalInternalSpaceRegionKind:
1580 case MemRegion::GlobalSystemSpaceRegionKind:
1581 case MemRegion::GlobalImmutableSpaceRegionKind:
1582 // Stores can bind directly to a region space to set a default value.
1583 assert(Offset == 0 && !SymbolicOffsetBase);
1584 goto Finish;
1585
1586 case MemRegion::FunctionCodeRegionKind:
1587 case MemRegion::BlockCodeRegionKind:
1588 case MemRegion::BlockDataRegionKind:
1589 // These will never have bindings, but may end up having values requested
1590 // if the user does some strange casting.
1591 if (Offset != 0)
1592 SymbolicOffsetBase = R;
1593 goto Finish;
1594
1595 case MemRegion::SymbolicRegionKind:
1596 case MemRegion::AllocaRegionKind:
1597 case MemRegion::CompoundLiteralRegionKind:
1598 case MemRegion::CXXThisRegionKind:
1599 case MemRegion::StringRegionKind:
1600 case MemRegion::ObjCStringRegionKind:
1601 case MemRegion::NonParamVarRegionKind:
1602 case MemRegion::ParamVarRegionKind:
1603 case MemRegion::CXXTempObjectRegionKind:
1604 case MemRegion::CXXLifetimeExtendedObjectRegionKind:
1605 // Usual base regions.
1606 goto Finish;
1607
1608 case MemRegion::ObjCIvarRegionKind:
1609 // This is a little strange, but it's a compromise between
1610 // ObjCIvarRegions having unknown compile-time offsets (when using the
1611 // non-fragile runtime) and yet still being distinct, non-overlapping
1612 // regions. Thus we treat them as "like" base regions for the purposes
1613 // of computing offsets.
1614 goto Finish;
1615
1616 case MemRegion::CXXBaseObjectRegionKind: {
1617 const auto *BOR = cast<CXXBaseObjectRegion>(R);
1618 R = BOR->getSuperRegion();
1619
1620 QualType Ty;
1621 bool RootIsSymbolic = false;
1622 if (const auto *TVR = dyn_cast<TypedValueRegion>(R)) {
1623 Ty = TVR->getDesugaredValueType(R->getContext());
1624 } else if (const auto *SR = dyn_cast<SymbolicRegion>(R)) {
1625 // If our base region is symbolic, we don't know what type it really is.
1626 // Pretend the type of the symbol is the true dynamic type.
1627 // (This will at least be self-consistent for the life of the symbol.)
1628 Ty = SR->getPointeeStaticType();
1629 RootIsSymbolic = true;
1630 }
1631
1632 const CXXRecordDecl *Child = Ty->getAsCXXRecordDecl();
1633 if (!Child) {
1634 // We cannot compute the offset of the base class.
1635 SymbolicOffsetBase = R;
1636 } else {
1637 if (RootIsSymbolic) {
1638 // Base layers on symbolic regions may not be type-correct.
1639 // Double-check the inheritance here, and revert to a symbolic offset
1640 // if it's invalid (e.g. due to a reinterpret_cast).
1641 if (BOR->isVirtual()) {
1642 if (!Child->isVirtuallyDerivedFrom(BOR->getDecl()))
1643 SymbolicOffsetBase = R;
1644 } else {
1645 if (!isImmediateBase(Child, BOR->getDecl()))
1646 SymbolicOffsetBase = R;
1647 }
1648 }
1649 }
1650
1651 // Don't bother calculating precise offsets if we already have a
1652 // symbolic offset somewhere in the chain.
1653 if (SymbolicOffsetBase)
1654 continue;
1655
1656 CharUnits BaseOffset;
1657 const ASTRecordLayout &Layout = R->getContext().getASTRecordLayout(Child);
1658 if (BOR->isVirtual())
1659 BaseOffset = Layout.getVBaseClassOffset(BOR->getDecl());
1660 else
1661 BaseOffset = Layout.getBaseClassOffset(BOR->getDecl());
1662
1663 // The base offset is in chars, not in bits.
1664 Offset += BaseOffset.getQuantity() * R->getContext().getCharWidth();
1665 break;
1666 }
1667
1668 case MemRegion::CXXDerivedObjectRegionKind: {
1669 // TODO: Store the base type in the CXXDerivedObjectRegion and use it.
1670 goto Finish;
1671 }
1672
1673 case MemRegion::ElementRegionKind: {
1674 const auto *ER = cast<ElementRegion>(R);
1675 R = ER->getSuperRegion();
1676
1677 QualType EleTy = ER->getValueType();
1678 if (EleTy->isIncompleteType()) {
1679 // We cannot compute the offset of the base class.
1680 SymbolicOffsetBase = R;
1681 continue;
1682 }
1683
1684 SVal Index = ER->getIndex();
1685 if (std::optional<nonloc::ConcreteInt> CI =
1686 Index.getAs<nonloc::ConcreteInt>()) {
1687 // Don't bother calculating precise offsets if we already have a
1688 // symbolic offset somewhere in the chain.
1689 if (SymbolicOffsetBase)
1690 continue;
1691
1692 int64_t i = CI->getValue()->getSExtValue();
1693 // This type size is in bits.
1694 Offset += i * R->getContext().getTypeSize(EleTy);
1695 } else {
1696 // We cannot compute offset for non-concrete index.
1697 SymbolicOffsetBase = R;
1698 }
1699 break;
1700 }
1701 case MemRegion::FieldRegionKind: {
1702 const auto *FR = cast<FieldRegion>(R);
1703 R = FR->getSuperRegion();
1704 assert(R);
1705
1706 const RecordDecl *RD = FR->getDecl()->getParent();
1707 if (RD->isUnion() || !RD->isCompleteDefinition()) {
1708 // We cannot compute offset for incomplete type.
1709 // For unions, we could treat everything as offset 0, but we'd rather
1710 // treat each field as a symbolic offset so they aren't stored on top
1711 // of each other, since we depend on things in typed regions actually
1712 // matching their types.
1713 SymbolicOffsetBase = R;
1714 }
1715
1716 // Don't bother calculating precise offsets if we already have a
1717 // symbolic offset somewhere in the chain.
1718 if (SymbolicOffsetBase)
1719 continue;
1720
1721 assert(FR->getDecl()->getCanonicalDecl() == FR->getDecl());
1722 auto MaybeFieldIdx = [FR, RD]() -> std::optional<unsigned> {
1723 for (auto [Idx, Field] : llvm::enumerate(RD->fields())) {
1724 if (FR->getDecl() == Field->getCanonicalDecl())
1725 return Idx;
1726 }
1727 return std::nullopt;
1728 }();
1729
1730 if (!MaybeFieldIdx.has_value()) {
1731 assert(false && "Field not found");
1732 goto Finish; // Invalid offset.
1733 }
1734
1735 const ASTRecordLayout &Layout = R->getContext().getASTRecordLayout(RD);
1736 // This is offset in bits.
1737 Offset += Layout.getFieldOffset(MaybeFieldIdx.value());
1738 break;
1739 }
1740 }
1741 }
1742
1743 Finish:
1744 if (SymbolicOffsetBase)
1745 return RegionOffset(SymbolicOffsetBase, RegionOffset::Symbolic);
1746 return RegionOffset(R, Offset);
1747}
1748
1749RegionOffset MemRegion::getAsOffset() const {
1750 if (!cachedOffset)
1751 cachedOffset = calculateOffset(this);
1752 return *cachedOffset;
1753}
1754
1755//===----------------------------------------------------------------------===//
1756// BlockDataRegion
1757//===----------------------------------------------------------------------===//
1758
1759std::pair<const VarRegion *, const VarRegion *>
1760BlockDataRegion::getCaptureRegions(const VarDecl *VD) {
1761 MemRegionManager &MemMgr = getMemRegionManager();
1762 const VarRegion *VR = nullptr;
1763 const VarRegion *OriginalVR = nullptr;
1764
1765 if (!VD->hasAttr<BlocksAttr>() && VD->hasLocalStorage()) {
1766 VR = MemMgr.getNonParamVarRegion(VD, this);
1767 OriginalVR = MemMgr.getVarRegion(VD, LC);
1768 }
1769 else {
1770 if (LC) {
1771 VR = MemMgr.getVarRegion(VD, LC);
1772 OriginalVR = VR;
1773 }
1774 else {
1775 VR = MemMgr.getNonParamVarRegion(VD, MemMgr.getUnknownRegion());
1776 OriginalVR = MemMgr.getVarRegion(VD, LC);
1777 }
1778 }
1779 return std::make_pair(VR, OriginalVR);
1780}
1781
1782void BlockDataRegion::LazyInitializeReferencedVars() {
1783 if (ReferencedVars)
1784 return;
1785
1786 AnalysisDeclContext *AC = getCodeRegion()->getAnalysisDeclContext();
1787 const auto &ReferencedBlockVars = AC->getReferencedBlockVars(BC->getDecl());
1788 auto NumBlockVars =
1789 std::distance(ReferencedBlockVars.begin(), ReferencedBlockVars.end());
1790
1791 if (NumBlockVars == 0) {
1792 ReferencedVars = (void*) 0x1;
1793 return;
1794 }
1795
1796 MemRegionManager &MemMgr = getMemRegionManager();
1797 llvm::BumpPtrAllocator &A = MemMgr.getAllocator();
1798 BumpVectorContext BC(A);
1799
1800 using VarVec = BumpVector<const MemRegion *>;
1801
1802 auto *BV = new (A) VarVec(BC, NumBlockVars);
1803 auto *BVOriginal = new (A) VarVec(BC, NumBlockVars);
1804
1805 for (const auto *VD : ReferencedBlockVars) {
1806 const VarRegion *VR = nullptr;
1807 const VarRegion *OriginalVR = nullptr;
1808 std::tie(VR, OriginalVR) = getCaptureRegions(VD);
1809 assert(VR);
1810 assert(OriginalVR);
1811 BV->push_back(VR, BC);
1812 BVOriginal->push_back(OriginalVR, BC);
1813 }
1814
1815 ReferencedVars = BV;
1816 OriginalVars = BVOriginal;
1817}
1818
1819BlockDataRegion::referenced_vars_iterator
1820BlockDataRegion::referenced_vars_begin() const {
1821 const_cast<BlockDataRegion*>(this)->LazyInitializeReferencedVars();
1822
1823 auto *Vec = static_cast<BumpVector<const MemRegion *> *>(ReferencedVars);
1824
1825 if (Vec == (void*) 0x1)
1826 return BlockDataRegion::referenced_vars_iterator(nullptr, nullptr);
1827
1828 auto *VecOriginal =
1829 static_cast<BumpVector<const MemRegion *> *>(OriginalVars);
1830
1831 return BlockDataRegion::referenced_vars_iterator(Vec->begin(),
1832 VecOriginal->begin());
1833}
1834
1835BlockDataRegion::referenced_vars_iterator
1836BlockDataRegion::referenced_vars_end() const {
1837 const_cast<BlockDataRegion*>(this)->LazyInitializeReferencedVars();
1838
1839 auto *Vec = static_cast<BumpVector<const MemRegion *> *>(ReferencedVars);
1840
1841 if (Vec == (void*) 0x1)
1842 return BlockDataRegion::referenced_vars_iterator(nullptr, nullptr);
1843
1844 auto *VecOriginal =
1845 static_cast<BumpVector<const MemRegion *> *>(OriginalVars);
1846
1847 return BlockDataRegion::referenced_vars_iterator(Vec->end(),
1848 VecOriginal->end());
1849}
1850
1851llvm::iterator_range<BlockDataRegion::referenced_vars_iterator>
1852BlockDataRegion::referenced_vars() const {
1853 return llvm::make_range(referenced_vars_begin(), referenced_vars_end());
1854}
1855
1856const VarRegion *BlockDataRegion::getOriginalRegion(const VarRegion *R) const {
1857 for (const auto &I : referenced_vars()) {
1858 if (I.getCapturedRegion() == R)
1859 return I.getOriginalRegion();
1860 }
1861 return nullptr;
1862}
1863
1864//===----------------------------------------------------------------------===//
1865// RegionAndSymbolInvalidationTraits
1866//===----------------------------------------------------------------------===//
1867
1868void RegionAndSymbolInvalidationTraits::setTrait(SymbolRef Sym,
1869 InvalidationKinds IK) {
1870 SymTraitsMap[Sym] |= IK;
1871}
1872
1873void RegionAndSymbolInvalidationTraits::setTrait(const MemRegion *MR,
1874 InvalidationKinds IK) {
1875 assert(MR);
1876 if (const auto *SR = dyn_cast<SymbolicRegion>(MR))
1877 setTrait(SR->getSymbol(), IK);
1878 else
1879 MRTraitsMap[MR] |= IK;
1880}
1881
1882bool RegionAndSymbolInvalidationTraits::hasTrait(SymbolRef Sym,
1883 InvalidationKinds IK) const {
1884 const_symbol_iterator I = SymTraitsMap.find(Sym);
1885 if (I != SymTraitsMap.end())
1886 return I->second & IK;
1887
1888 return false;
1889}
1890
1891bool RegionAndSymbolInvalidationTraits::hasTrait(const MemRegion *MR,
1892 InvalidationKinds IK) const {
1893 if (!MR)
1894 return false;
1895
1896 if (const auto *SR = dyn_cast<SymbolicRegion>(MR))
1897 return hasTrait(SR->getSymbol(), IK);
1898
1899 const_region_iterator I = MRTraitsMap.find(MR);
1900 if (I != MRTraitsMap.end())
1901 return I->second & IK;
1902
1903 return false;
1904}
ASTContext.h
Defines the clang::ASTContext interface.
V
#define V(N, I)
Definition ASTContext.h:3726
AnalysisDeclContext.h
This file defines AnalysisDeclContext, a class that manages the analysis context data for context sen...
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....
IdentifierTable.h
Defines the clang::IdentifierInfo, clang::IdentifierTable, and clang::Selector interfaces.
LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified.
getStackOrCaptureRegionForDeclContext
static llvm::PointerUnion< const StackFrame *, const VarRegion * > getStackOrCaptureRegionForDeclContext(const LocationContext *LC, const DeclContext *DC, const VarDecl *VD)
Look through a chain of LocationContexts to either find the StackFrame that matches a DeclContext,...
Definition MemRegion.cpp:999
isStdStreamVar
static bool isStdStreamVar(const VarDecl *D)
Definition MemRegion.cpp:1024
isImmediateBase
static bool isImmediateBase(const CXXRecordDecl *Child, const CXXRecordDecl *Base)
Returns true if Base is an immediate base class of Child.
Definition MemRegion.cpp:1553
isValidBaseClass
static bool isValidBaseClass(const CXXRecordDecl *BaseClass, const TypedValueRegion *Super, bool IsVirtual)
Checks whether BaseClass is a valid virtual or direct non-virtual base class of the type of Super.
Definition MemRegion.cpp:1324
calculateOffset
static RegionOffset calculateOffset(const MemRegion *R)
Definition MemRegion.cpp:1567
REGISTER_MAP_WITH_PROGRAMSTATE
#define REGISTER_MAP_WITH_PROGRAMSTATE(Name, Key, Value)
Declares an immutable map of type NameTy, suitable for placement into the ProgramState.
Definition ProgramStateTrait.h:87
SourceManager.h
Defines the SourceManager interface.
Type.h
C Language Family Type Representation.
s
__device__ __2f16 float __ockl_bool s
Definition __clang_hip_libdevice_declares.h:296
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition ASTContext.h:228
clang::ASTContext::getBlockPointerType
QualType getBlockPointerType(QualType T) const
Return the uniqued reference to the type for a block of the specified type.
Definition ASTContext.cpp:4083
clang::ASTContext::getFILEType
QualType getFILEType() const
Retrieve the C FILE type.
Definition ASTContext.h:2315
clang::ASTContext::VoidTy
CanQualType VoidTy
Definition ASTContext.h:1316
clang::ASTContext::getFunctionType
QualType getFunctionType(QualType ResultTy, ArrayRef< QualType > Args, const FunctionProtoType::ExtProtoInfo &EPI) const
Return a normal function type with a typed argument list.
Definition ASTContext.h:1856
clang::ASTContext::getCanonicalTagType
CanQualType getCanonicalTagType(const TagDecl *TD) const
Definition ASTContext.cpp:5525
clang::ASTRecordLayout
ASTRecordLayout - This class contains layout information for one RecordDecl, which is a struct/union/...
Definition RecordLayout.h:38
clang::ASTRecordLayout::getFieldOffset
uint64_t getFieldOffset(unsigned FieldNo) const
getFieldOffset - Get the offset of the given field index, in bits.
Definition RecordLayout.h:201
clang::ASTRecordLayout::getBaseClassOffset
CharUnits getBaseClassOffset(const CXXRecordDecl *Base) const
getBaseClassOffset - Get the offset, in chars, for the given base class.
Definition RecordLayout.h:250
clang::ASTRecordLayout::getVBaseClassOffset
CharUnits getVBaseClassOffset(const CXXRecordDecl *VBase) const
getVBaseClassOffset - Get the offset, in chars, for the given base class.
Definition RecordLayout.h:260
clang::AnalysisDeclContext
AnalysisDeclContext contains the context data for the function, method or block under analysis.
Definition AnalysisDeclContext.h:71
clang::AnalysisDeclContext::getReferencedBlockVars
llvm::iterator_range< referenced_decls_iterator > getReferencedBlockVars(const BlockDecl *BD)
Definition AnalysisDeclContext.cpp:624
clang::ArrayType
Represents an array type, per C99 6.7.5.2 - Array Declarators.
Definition TypeBase.h:3784
clang::BlockDecl
Represents a block literal declaration, which is like an unnamed FunctionDecl.
Definition Decl.h:4690
clang::BlockDecl::param_size
size_t param_size() const
Definition Decl.h:4792
clang::BlockDecl::hasCaptures
bool hasCaptures() const
True if this block (or its nested blocks) captures anything of local storage from its enclosing scope...
Definition Decl.h:4809
clang::BlockDecl::getParamDecl
const ParmVarDecl * getParamDecl(unsigned i) const
Definition Decl.h:4796
clang::BlockDecl::getSignatureAsWritten
TypeSourceInfo * getSignatureAsWritten() const
Definition Decl.h:4773
clang::CXXRecordDecl
Represents a C++ struct/union/class.
Definition DeclCXX.h:258
clang::CXXRecordDecl::isVirtuallyDerivedFrom
bool isVirtuallyDerivedFrom(const CXXRecordDecl *Base) const
Determine whether this class is virtually derived from the class Base.
Definition CXXInheritance.cpp:87
clang::CharUnits
CharUnits - This is an opaque type for sizes expressed in character units.
Definition CharUnits.h:38
clang::CharUnits::getQuantity
QuantityType getQuantity() const
getQuantity - Get the raw integer representation of this quantity.
Definition CharUnits.h:185
clang::CharUnits::fromQuantity
static CharUnits fromQuantity(QuantityType Quantity)
fromQuantity - Construct a CharUnits quantity from a raw integer type.
Definition CharUnits.h:63
clang::CompoundLiteralExpr
CompoundLiteralExpr - [C99 6.5.2.5].
Definition Expr.h:3608
clang::DeclContext
DeclContext - This is used only as base class of specific decl types that can act as declaration cont...
Definition DeclBase.h:1462
clang::DeclContext::getParent
DeclContext * getParent()
getParent - Returns the containing DeclContext.
Definition DeclBase.h:2122
clang::DeclContext::isTranslationUnit
bool isTranslationUnit() const
Definition DeclBase.h:2198
clang::Decl
Decl - This represents one declaration (or definition), e.g.
Definition DeclBase.h:86
clang::Decl::getASTContext
ASTContext & getASTContext() const LLVM_READONLY
Definition DeclBase.cpp:547
clang::Decl::getID
int64_t getID() const
Definition DeclBase.cpp:1223
clang::Decl::getLocation
SourceLocation getLocation() const
Definition DeclBase.h:447
clang::Decl::getDeclContext
DeclContext * getDeclContext()
Definition DeclBase.h:456
clang::Decl::hasAttr
bool hasAttr() const
Definition DeclBase.h:585
clang::DeclarationName::getAsString
std::string getAsString() const
Retrieve the human-readable string for this name.
Definition DeclarationName.cpp:228
clang::Expr
This represents one expression.
Definition Expr.h:112
clang::FieldDecl
Represents a member of a struct/union/class.
Definition Decl.h:3178
clang::FieldDecl::getCanonicalDecl
FieldDecl * getCanonicalDecl() override
Retrieves the canonical declaration of this field.
Definition Decl.h:3425
clang::FunctionType
FunctionType - C99 6.7.5.3 - Function Declarators.
Definition TypeBase.h:4565
clang::IdentifierInfo
One of these records is kept for each identifier that is lexed.
Definition IdentifierTable.h:169
clang::IdentifierInfo::getName
StringRef getName() const
Return the actual identifier string.
Definition IdentifierTable.h:308
clang::LocationContext::getDecl
const Decl * getDecl() const
Definition AnalysisDeclContext.h:242
clang::LocationContext::getParent
const LocationContext * getParent() const
It might return null.
Definition AnalysisDeclContext.h:238
clang::LocationContext::getStackFrame
const StackFrame * getStackFrame() const
Definition AnalysisDeclContext.cpp:438
clang::LocationContext::inTopFrame
virtual bool inTopFrame() const
Definition AnalysisDeclContext.cpp:448
clang::NamedDecl
This represents a decl that may have a name.
Definition Decl.h:274
clang::NamedDecl::getIdentifier
IdentifierInfo * getIdentifier() const
Get the identifier that names this declaration, if there is one.
Definition Decl.h:295
clang::NamedDecl::getName
StringRef getName() const
Get the name of identifier for this declaration as a StringRef.
Definition Decl.h:301
clang::NamedDecl::getDeclName
DeclarationName getDeclName() const
Get the actual, stored name of the declaration, which may be a special name.
Definition Decl.h:340
clang::ObjCIvarDecl
ObjCIvarDecl - Represents an ObjC instance variable.
Definition DeclObjC.h:1952
clang::ObjCStringLiteral
ObjCStringLiteral, used for Objective-C string literals i.e.
Definition ExprObjC.h:84
clang::ParmVarDecl
Represents a parameter to a function.
Definition Decl.h:1808
clang::PointerType
PointerType - C99 6.7.5.1 - Pointer Declarators.
Definition TypeBase.h:3390
clang::QualType
A (possibly-)qualified type.
Definition TypeBase.h:937
clang::QualType::isNull
bool isNull() const
Return true if this QualType doesn't point to a type yet.
Definition TypeBase.h:1004
clang::QualType::getAddressSpace
LangAS getAddressSpace() const
Return the address space of this type.
Definition TypeBase.h:8571
clang::QualType::getCanonicalType
QualType getCanonicalType() const
Definition TypeBase.h:8497
clang::QualType::getUnqualifiedType
QualType getUnqualifiedType() const
Retrieve the unqualified variant of the given type, removing as little sugar as possible.
Definition TypeBase.h:8539
clang::QualType::isConstQualified
bool isConstQualified() const
Determine whether this type is const-qualified.
Definition TypeBase.h:8518
clang::Qualifiers
The collection of all-type qualifiers we support.
Definition TypeBase.h:331
clang::Qualifiers::setAddressSpace
void setAddressSpace(LangAS space)
Definition TypeBase.h:591
clang::RecordDecl
Represents a struct/union/class.
Definition Decl.h:4343
clang::RecordDecl::fields
field_range fields() const
Definition Decl.h:4546
clang::SourceRange
A trivial tuple used to represent a source range.
Definition SourceLocation.h:224
clang::StackFrame
It represents a stack frame of the call stack (based on CallEvent).
Definition AnalysisDeclContext.h:290
clang::StackFrame::getCallSite
const Expr * getCallSite() const
Definition AnalysisDeclContext.h:321
clang::StringLiteral
StringLiteral - This represents a string literal expression, e.g.
Definition Expr.h:1802
clang::TagDecl::isCompleteDefinition
bool isCompleteDefinition() const
Return true if this decl has its body fully specified.
Definition Decl.h:3836
clang::TagDecl::isUnion
bool isUnion() const
Definition Decl.h:3946
clang::TypeSourceInfo
A container of type source information.
Definition TypeBase.h:8416
clang::Type::getAsCXXRecordDecl
CXXRecordDecl * getAsCXXRecordDecl() const
Retrieves the CXXRecordDecl that this type refers to, either because the type is a RecordType or beca...
Definition Type.h:26
clang::Type::isPointerType
bool isPointerType() const
Definition TypeBase.h:8682
clang::Type::getPointeeType
QualType getPointeeType() const
If this is a pointer, ObjC object pointer, or block pointer, this returns the respective pointee.
Definition Type.cpp:789
clang::Type::isIncompleteType
bool isIncompleteType(NamedDecl **Def=nullptr) const
Types are partitioned into 3 broad categories (C99 6.2.5p1): object types, function types,...
Definition Type.cpp:2527
clang::Type::getAs
const T * getAs() const
Member-template getAs<specific type>'.
Definition TypeBase.h:9275
clang::ValueDecl
Represent the declaration of a variable (in which case it is an lvalue) a function (in which case it ...
Definition Decl.h:712
clang::ValueDecl::getType
QualType getType() const
Definition Decl.h:723
clang::VarDecl
Represents a variable declaration or definition.
Definition Decl.h:924
clang::VarDecl::getCanonicalDecl
VarDecl * getCanonicalDecl() override
Retrieves the "canonical" declaration of the given declaration.
Definition Decl.cpp:2236
clang::VarDecl::hasGlobalStorage
bool hasGlobalStorage() const
Returns true for all variables that do not have local storage.
Definition Decl.h:1239
clang::VarDecl::getDefinition
VarDecl * getDefinition(ASTContext &)
Get the real (not just tentative) definition for this declaration.
Definition Decl.cpp:2345
clang::VarDecl::isStaticLocal
bool isStaticLocal() const
Returns true if a variable with function scope is a static local variable.
Definition Decl.h:1206
clang::VarDecl::hasLocalStorage
bool hasLocalStorage() const
Returns true if a variable with function scope is a non-static local variable.
Definition Decl.h:1182
clang::ento::AllocaRegion
AllocaRegion - A region that represents an untyped blob of bytes created by a call to 'alloca'.
Definition MemRegion.h:506
clang::ento::AllocaRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:488
clang::ento::AllocaRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:271
clang::ento::BlockCodeRegion
BlockCodeRegion - A region that represents code texts of blocks (closures).
Definition MemRegion.h:659
clang::ento::BlockCodeRegion::getAnalysisDeclContext
LLVM_ATTRIBUTE_RETURNS_NONNULL AnalysisDeclContext * getAnalysisDeclContext() const
Definition MemRegion.h:689
clang::ento::BlockCodeRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:496
clang::ento::BlockCodeRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const BlockDecl * getDecl() const
Definition MemRegion.h:684
clang::ento::BlockCodeRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:382
clang::ento::BlockDataRegion::referenced_vars_iterator
Definition MemRegion.h:740
clang::ento::BlockDataRegion
BlockDataRegion - A region that represents a block instance.
Definition MemRegion.h:706
clang::ento::BlockDataRegion::getOriginalRegion
const VarRegion * getOriginalRegion(const VarRegion *VR) const
Return the original region for a captured region, if one exists.
Definition MemRegion.cpp:1856
clang::ento::BlockDataRegion::referenced_vars_begin
referenced_vars_iterator referenced_vars_begin() const
Definition MemRegion.cpp:1820
clang::ento::BlockDataRegion::getCodeRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const BlockCodeRegion * getCodeRegion() const
Definition MemRegion.h:733
clang::ento::BlockDataRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:398
clang::ento::BlockDataRegion::referenced_vars_end
referenced_vars_iterator referenced_vars_end() const
Definition MemRegion.cpp:1836
clang::ento::BlockDataRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:500
clang::ento::BlockDataRegion::referenced_vars
llvm::iterator_range< referenced_vars_iterator > referenced_vars() const
Definition MemRegion.cpp:1852
clang::ento::CXXBaseObjectRegion::printPrettyAsExpr
void printPrettyAsExpr(raw_ostream &os) const override
Print the region as expression.
Definition MemRegion.cpp:714
clang::ento::CXXBaseObjectRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const CXXRecordDecl * getDecl() const
Definition MemRegion.h:1360
clang::ento::CXXBaseObjectRegion::canPrintPrettyAsExpr
bool canPrintPrettyAsExpr() const override
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:710
clang::ento::CXXBaseObjectRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:436
clang::ento::CXXBaseObjectRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:529
clang::ento::CXXBaseObjectRegion::getValueType
QualType getValueType() const override
Definition MemRegion.cpp:193
clang::ento::CXXDerivedObjectRegion::printPrettyAsExpr
void printPrettyAsExpr(raw_ostream &os) const override
Print the region as expression.
Definition MemRegion.cpp:722
clang::ento::CXXDerivedObjectRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:447
clang::ento::CXXDerivedObjectRegion::getValueType
QualType getValueType() const override
Definition MemRegion.cpp:197
clang::ento::CXXDerivedObjectRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:533
clang::ento::CXXDerivedObjectRegion::canPrintPrettyAsExpr
bool canPrintPrettyAsExpr() const override
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:718
clang::ento::CXXDerivedObjectRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const CXXRecordDecl * getDecl() const
Definition MemRegion.h:1403
clang::ento::CXXLifetimeExtendedObjectRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:422
clang::ento::CXXLifetimeExtendedObjectRegion::getStackFrame
const StackFrame * getStackFrame() const
It might return null.
Definition MemRegion.cpp:171
clang::ento::CXXLifetimeExtendedObjectRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:519
clang::ento::CXXTempObjectRegion::getValueType
QualType getValueType() const override
Definition MemRegion.h:1292
clang::ento::CXXTempObjectRegion::getStackFrame
LLVM_ATTRIBUTE_RETURNS_NONNULL const StackFrame * getStackFrame() const
Definition MemRegion.cpp:176
clang::ento::CXXTempObjectRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:409
clang::ento::CXXTempObjectRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:514
clang::ento::CXXThisRegion
CXXThisRegion - Represents the region for the implicit 'this' parameter in a call to a C++ method.
Definition MemRegion.h:1107
clang::ento::CXXThisRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:295
clang::ento::CXXThisRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:537
clang::ento::CodeSpaceRegion
CodeSpaceRegion - The memory space that holds the executable code of functions and blocks.
Definition MemRegion.h:259
clang::ento::CodeSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:585
clang::ento::CompoundLiteralRegion
CompoundLiteralRegion - A memory region representing a compound literal.
Definition MemRegion.h:928
clang::ento::CompoundLiteralRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:275
clang::ento::CompoundLiteralRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:509
clang::ento::ElementRegion
ElementRegion is used to represent both array elements and casts.
Definition MemRegion.h:1232
clang::ento::ElementRegion::getElementType
QualType getElementType() const
Definition MemRegion.h:1256
clang::ento::ElementRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:359
clang::ento::ElementRegion::getAsArrayOffset
RegionRawOffset getAsArrayOffset() const
Compute the offset within the array. The array might also be a subobject.
Definition MemRegion.cpp:1505
clang::ento::ElementRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:541
clang::ento::FieldRegion::printPrettyAsExpr
void printPrettyAsExpr(raw_ostream &os) const override
Print the region as expression.
Definition MemRegion.cpp:694
clang::ento::FieldRegion::canPrintPretty
bool canPrintPretty() const override
Returns true if this region can be printed in a user-friendly way.
Definition MemRegion.cpp:686
clang::ento::FieldRegion::canPrintPrettyAsExpr
bool canPrintPrettyAsExpr() const override
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:690
clang::ento::FieldRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:546
clang::ento::FieldRegion::printPretty
void printPretty(raw_ostream &os) const override
Print the region for use in diagnostics.
Definition MemRegion.cpp:700
clang::ento::FieldRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:299
clang::ento::FieldRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const FieldDecl * getDecl() const override
Definition MemRegion.h:1158
clang::ento::FunctionCodeRegion
FunctionCodeRegion - A region that represents code texts of function.
Definition MemRegion.h:612
clang::ento::FunctionCodeRegion::getDecl
const NamedDecl * getDecl() const
Definition MemRegion.h:640
clang::ento::FunctionCodeRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:492
clang::ento::FunctionCodeRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:370
clang::ento::GlobalImmutableSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:601
clang::ento::GlobalInternalSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:593
clang::ento::GlobalSystemSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:597
clang::ento::HeapSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:605
clang::ento::MemRegionManager::getHeapRegion
const HeapSpaceRegion * getHeapRegion()
getHeapRegion - Retrieve the memory region associated with the generic "heap".
Definition MemRegion.cpp:968
clang::ento::MemRegionManager::getCXXThisRegion
const CXXThisRegion * getCXXThisRegion(QualType thisPointerTy, const LocationContext *LC)
getCXXThisRegion - Retrieve the [artificial] region associated with the parameter 'this'.
Definition MemRegion.cpp:1371
clang::ento::MemRegionManager::getAllocator
llvm::BumpPtrAllocator & getAllocator()
Definition MemRegion.h:1465
clang::ento::MemRegionManager::getStackLocalsRegion
const StackLocalsSpaceRegion * getStackLocalsRegion(const StackFrame *SF)
getStackLocalsRegion - Retrieve the memory region associated with the specified stack frame.
Definition MemRegion.cpp:924
clang::ento::MemRegionManager::getFieldRegion
const FieldRegion * getFieldRegion(const FieldDecl *FD, const SubRegion *SuperRegion)
getFieldRegion - Retrieve or create the memory region associated with a specified FieldDecl.
Definition MemRegion.cpp:1286
clang::ento::MemRegionManager::getStackArgumentsRegion
const StackArgumentsSpaceRegion * getStackArgumentsRegion(const StackFrame *SF)
getStackArgumentsRegion - Retrieve the memory region associated with function/method arguments of the...
Definition MemRegion.cpp:936
clang::ento::MemRegionManager::getBlockCodeRegion
const BlockCodeRegion * getBlockCodeRegion(const BlockDecl *BD, CanQualType locTy, AnalysisDeclContext *AC)
Definition MemRegion.cpp:1268
clang::ento::MemRegionManager::getUnknownRegion
const UnknownSpaceRegion * getUnknownRegion()
getUnknownRegion - Retrieve the memory region associated with unknown memory space.
Definition MemRegion.cpp:972
clang::ento::MemRegionManager::getCXXDerivedObjectRegion
const CXXDerivedObjectRegion * getCXXDerivedObjectRegion(const CXXRecordDecl *BaseClass, const SubRegion *Super)
Create a CXXDerivedObjectRegion with the given derived class for region Super.
Definition MemRegion.cpp:1365
clang::ento::MemRegionManager::getCompoundLiteralRegion
const CompoundLiteralRegion * getCompoundLiteralRegion(const CompoundLiteralExpr *CL, const LocationContext *LC)
getCompoundLiteralRegion - Retrieve the region associated with a given CompoundLiteral.
Definition MemRegion.cpp:1215
clang::ento::MemRegionManager::getAllocaRegion
const AllocaRegion * getAllocaRegion(const Expr *Ex, unsigned Cnt, const LocationContext *LC)
getAllocaRegion - Retrieve a region associated with a call to alloca().
Definition MemRegion.cpp:1392
clang::ento::MemRegionManager::getElementRegion
const ElementRegion * getElementRegion(QualType elementType, NonLoc Idx, const SubRegion *superRegion, const ASTContext &Ctx)
getElementRegion - Retrieve the memory region associated with the associated element type,...
Definition MemRegion.cpp:1231
clang::ento::MemRegionManager::getVarRegion
const VarRegion * getVarRegion(const VarDecl *VD, const LocationContext *LC)
getVarRegion - Retrieve or create the memory region associated with a specified VarDecl and LocationC...
Definition MemRegion.cpp:1040
clang::ento::MemRegionManager::getNonParamVarRegion
const NonParamVarRegion * getNonParamVarRegion(const VarDecl *VD, const MemRegion *superR)
getVarRegion - Retrieve or create the memory region associated with a specified VarDecl and LocationC...
Definition MemRegion.cpp:1164
clang::ento::MemRegionManager::getObjCIvarRegion
const ObjCIvarRegion * getObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *superRegion)
getObjCIvarRegion - Retrieve or create the memory region associated with a specified Objective-c inst...
Definition MemRegion.cpp:1292
clang::ento::MemRegionManager::getSymbolicHeapRegion
const SymbolicRegion * getSymbolicHeapRegion(SymbolRef sym)
Return a unique symbolic region belonging to heap memory space.
Definition MemRegion.cpp:1281
clang::ento::MemRegionManager::getObjCStringRegion
const ObjCStringRegion * getObjCStringRegion(const ObjCStringLiteral *Str)
Definition MemRegion.cpp:990
clang::ento::MemRegionManager::getStringRegion
const StringRegion * getStringRegion(const StringLiteral *Str)
Definition MemRegion.cpp:984
clang::ento::MemRegionManager::getStaticSize
DefinedOrUnknownSVal getStaticSize(const MemRegion *MR, SValBuilder &SVB) const
Definition MemRegion.cpp:806
clang::ento::MemRegionManager::getParamVarRegion
const ParamVarRegion * getParamVarRegion(const Expr *OriginExpr, unsigned Index, const LocationContext *LC)
getParamVarRegion - Retrieve or create the memory region associated with a specified CallExpr,...
Definition MemRegion.cpp:1174
clang::ento::MemRegionManager::getCodeRegion
const CodeSpaceRegion * getCodeRegion()
Definition MemRegion.cpp:976
clang::ento::MemRegionManager::getCXXLifetimeExtendedObjectRegion
const CXXLifetimeExtendedObjectRegion * getCXXLifetimeExtendedObjectRegion(Expr const *Ex, ValueDecl const *VD, LocationContext const *LC)
Create a CXXLifetimeExtendedObjectRegion for temporaries which are lifetime-extended by local referen...
Definition MemRegion.cpp:1306
clang::ento::MemRegionManager::getCXXTempObjectRegion
const CXXTempObjectRegion * getCXXTempObjectRegion(Expr const *Ex, LocationContext const *LC)
Definition MemRegion.cpp:1298
clang::ento::MemRegionManager::getGlobalsRegion
const GlobalsSpaceRegion * getGlobalsRegion(MemRegion::Kind K=MemRegion::GlobalInternalSpaceRegionKind, const CodeTextRegion *R=nullptr)
getGlobalsRegion - Retrieve the memory region associated with global variables.
Definition MemRegion.cpp:948
clang::ento::MemRegionManager::getSymbolicRegion
const SymbolicRegion * getSymbolicRegion(SymbolRef Sym, const MemSpaceRegion *MemSpace=nullptr)
Retrieve or create a "symbolic" memory region.
Definition MemRegion.cpp:1274
clang::ento::MemRegionManager::getFunctionCodeRegion
const FunctionCodeRegion * getFunctionCodeRegion(const NamedDecl *FD)
Definition MemRegion.cpp:1262
clang::ento::MemRegionManager::getBlockDataRegion
const BlockDataRegion * getBlockDataRegion(const BlockCodeRegion *bc, const LocationContext *lc, unsigned blockCount)
getBlockDataRegion - Get the memory region associated with an instance of a block.
Definition MemRegion.cpp:1183
clang::ento::MemRegionManager::getCXXBaseObjectRegion
const CXXBaseObjectRegion * getCXXBaseObjectRegion(const CXXRecordDecl *BaseClass, const SubRegion *Super, bool IsVirtual)
Create a CXXBaseObjectRegion with the given base class for region Super.
Definition MemRegion.cpp:1345
clang::ento::MemRegionManager::getCXXStaticLifetimeExtendedObjectRegion
const CXXLifetimeExtendedObjectRegion * getCXXStaticLifetimeExtendedObjectRegion(const Expr *Ex, ValueDecl const *VD)
Create a CXXLifetimeExtendedObjectRegion for temporaries which are lifetime-extended by static refere...
Definition MemRegion.cpp:1315
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition MemRegion.h:98
clang::ento::MemRegion::canPrintPrettyAsExpr
virtual bool canPrintPrettyAsExpr() const
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:637
clang::ento::MemRegion::getKindStr
StringRef getKindStr() const
Definition MemRegion.cpp:641
clang::ento::MemRegion::getAsOffset
RegionOffset getAsOffset() const
Compute the offset within the top level memory object.
Definition MemRegion.cpp:1749
clang::ento::MemRegion::StripCasts
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * StripCasts(bool StripBaseAndDerivedCasts=true) const
Definition MemRegion.cpp:1471
clang::ento::MemRegion::setMemorySpace
ProgramStateRef setMemorySpace(ProgramStateRef State, const MemSpaceRegion *Space) const
Set the dynamically deduced memory space of a MemRegion that currently has UnknownSpaceRegion.
Definition MemRegion.cpp:1422
clang::ento::MemRegion::getContext
ASTContext & getContext() const
Definition MemRegion.h:1652
clang::ento::MemRegion::getMemorySpace
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemSpaceRegion * getMemorySpace(ProgramStateRef State) const
Returns the most specific memory space for this memory region in the given ProgramStateRef.
Definition MemRegion.cpp:1411
clang::ento::MemRegion::getDescriptiveName
std::string getDescriptiveName(bool UseQuotes=true) const
Get descriptive name for memory region.
Definition MemRegion.cpp:726
clang::ento::MemRegion::isSubRegionOf
virtual bool isSubRegionOf(const MemRegion *R) const
Check if the region is a subregion of the given region.
Definition MemRegion.cpp:1463
clang::ento::MemRegion::dumpToStream
virtual void dumpToStream(raw_ostream &os) const
Definition MemRegion.cpp:484
clang::ento::MemRegion::getSymbolicBase
const SymbolicRegion * getSymbolicBase() const
If this is a symbolic region, returns the region.
Definition MemRegion.cpp:1494
clang::ento::MemRegion::getBaseRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getBaseRegion() const
Definition MemRegion.cpp:1436
clang::ento::MemRegion::printPretty
virtual void printPretty(raw_ostream &os) const
Print the region for use in diagnostics.
Definition MemRegion.cpp:652
clang::ento::MemRegion::printPrettyAsExpr
virtual void printPrettyAsExpr(raw_ostream &os) const
Print the region as expression.
Definition MemRegion.cpp:659
clang::ento::MemRegion::getString
std::string getString() const
Get a string representation of a region for debug use.
Definition MemRegion.cpp:477
clang::ento::MemRegion::getKind
Kind getKind() const
Definition MemRegion.h:203
clang::ento::MemRegion::getMostDerivedObjectRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getMostDerivedObjectRegion() const
Recursively retrieve the region of the most derived class instance of regions of C++ base class insta...
Definition MemRegion.cpp:1456
clang::ento::MemRegion::getRawMemorySpace
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemSpaceRegion * getRawMemorySpace() const
Deprecated.
Definition MemRegion.cpp:1399
clang::ento::MemRegion::canPrintPretty
virtual bool canPrintPretty() const
Returns true if this region can be printed in a user-friendly way.
Definition MemRegion.cpp:633
clang::ento::MemRegion::sourceRange
SourceRange sourceRange() const
Retrieve source range from memory region.
Definition MemRegion.cpp:788
clang::ento::MemSpaceRegion
MemSpaceRegion - A memory region that represents a "memory space"; for example, the set of global var...
Definition MemRegion.h:236
clang::ento::MemSpaceRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:232
clang::ento::NonParamVarRegion::canPrintPrettyAsExpr
bool canPrintPrettyAsExpr() const override
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:663
clang::ento::NonParamVarRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:323
clang::ento::NonParamVarRegion::printPrettyAsExpr
void printPrettyAsExpr(raw_ostream &os) const override
Print the region as expression.
Definition MemRegion.cpp:665
clang::ento::NonParamVarRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:570
clang::ento::NonParamVarRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const VarDecl * getDecl() const override
Definition MemRegion.h:1038
clang::ento::ObjCIvarRegion::canPrintPrettyAsExpr
bool canPrintPrettyAsExpr() const override
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:678
clang::ento::ObjCIvarRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:311
clang::ento::ObjCIvarRegion::getValueType
QualType getValueType() const override
Definition MemRegion.cpp:189
clang::ento::ObjCIvarRegion::printPrettyAsExpr
void printPrettyAsExpr(raw_ostream &os) const override
Print the region as expression.
Definition MemRegion.cpp:682
clang::ento::ObjCIvarRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const ObjCIvarDecl * getDecl() const override
Definition MemRegion.cpp:187
clang::ento::ObjCIvarRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:550
clang::ento::ObjCStringRegion
The region associated with an ObjCStringLiteral.
Definition MemRegion.h:891
clang::ento::ObjCStringRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:559
clang::ento::ParamVarRegion
ParamVarRegion - Represents a region for parameters.
Definition MemRegion.h:1067
clang::ento::ParamVarRegion::canPrintPrettyAsExpr
bool canPrintPrettyAsExpr() const override
Returns true if this region's textual representation can be used as part of a larger expression.
Definition MemRegion.cpp:669
clang::ento::ParamVarRegion::getOriginExpr
LLVM_ATTRIBUTE_RETURNS_NONNULL const Expr * getOriginExpr() const
Definition MemRegion.h:1084
clang::ento::ParamVarRegion::getDecl
const ParmVarDecl * getDecl() const override
TODO: What does this return?
Definition MemRegion.cpp:208
clang::ento::ParamVarRegion::getIndex
unsigned getIndex() const
Definition MemRegion.h:1085
clang::ento::ParamVarRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:335
clang::ento::ParamVarRegion::getValueType
QualType getValueType() const override
Definition MemRegion.cpp:201
clang::ento::ParamVarRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:621
clang::ento::ParamVarRegion::printPrettyAsExpr
void printPrettyAsExpr(raw_ostream &os) const override
Print the region as expression.
Definition MemRegion.cpp:671
clang::ento::RegionAndSymbolInvalidationTraits::InvalidationKinds
InvalidationKinds
Describes different invalidation traits.
Definition MemRegion.h:1674
clang::ento::RegionAndSymbolInvalidationTraits::hasTrait
bool hasTrait(SymbolRef Sym, InvalidationKinds IK) const
Definition MemRegion.cpp:1882
clang::ento::RegionAndSymbolInvalidationTraits::setTrait
void setTrait(SymbolRef Sym, InvalidationKinds IK)
Definition MemRegion.cpp:1868
clang::ento::RegionOffset
Represent a region's offset within the top level base region.
Definition MemRegion.h:65
clang::ento::RegionOffset::Symbolic
static const int64_t Symbolic
Definition MemRegion.h:75
clang::ento::RegionRawOffset::getOffset
CharUnits getOffset() const
Definition MemRegion.h:1222
clang::ento::RegionRawOffset::dumpToStream
void dumpToStream(raw_ostream &os) const
Definition MemRegion.cpp:581
clang::ento::RegionRawOffset::getRegion
const MemRegion * getRegion() const
Definition MemRegion.h:1225
clang::ento::SValBuilder::makeIntVal
nonloc::ConcreteInt makeIntVal(const IntegerLiteral *integer)
Definition SValBuilder.h:277
clang::ento::SValBuilder::getArrayIndexType
QualType getArrayIndexType() const
Definition SValBuilder.h:158
clang::ento::SValBuilder::getSymbolManager
SymbolManager & getSymbolManager()
Definition SValBuilder.h:165
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition SVals.h:56
clang::ento::SVal::Profile
void Profile(llvm::FoldingSetNodeID &ID) const
Definition SVals.h:97
clang::ento::SVal::getAs
std::optional< T > getAs() const
Convert to the specified SVal type, returning std::nullopt if this SVal is not of the desired type.
Definition SVals.h:87
clang::ento::StackArgumentsSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:613
clang::ento::StackLocalsSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:617
clang::ento::StackSpaceRegion::getStackFrame
LLVM_ATTRIBUTE_RETURNS_NONNULL const StackFrame * getStackFrame() const
Definition MemRegion.h:433
clang::ento::StackSpaceRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:236
clang::ento::StaticGlobalSpaceRegion
The region of the static variables within the current CodeTextRegion scope.
Definition MemRegion.h:293
clang::ento::StaticGlobalSpaceRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:241
clang::ento::StaticGlobalSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:589
clang::ento::StaticGlobalSpaceRegion::getCodeRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const CodeTextRegion * getCodeRegion() const
Definition MemRegion.h:309
clang::ento::StringRegion
StringRegion - Region associated with a StringLiteral.
Definition MemRegion.h:857
clang::ento::StringRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:554
clang::ento::SubRegion
SubRegion - A region that subsets another larger region.
Definition MemRegion.h:474
clang::ento::SubRegion::getSuperRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getSuperRegion() const
Definition MemRegion.h:487
clang::ento::SubRegion::isSubRegionOf
bool isSubRegionOf(const MemRegion *R) const override
Check if the region is a subregion of the given region.
Definition MemRegion.cpp:141
clang::ento::SubRegion::SubRegion
SubRegion(const MemRegion *sReg, Kind k)
Definition MemRegion.h:480
clang::ento::SubRegion::superRegion
const MemRegion * superRegion
Definition MemRegion.h:478
clang::ento::SubRegion::getMemRegionManager
MemRegionManager & getMemRegionManager() const override
Definition MemRegion.cpp:154
clang::ento::SymbolExtent
SymbolExtent - Represents the extent (size in bytes) of a bounded region.
Definition SymbolManager.h:183
clang::ento::SymbolManager::acquire
const SymExprT * acquire(Args &&...args)
Create or retrieve a SymExpr of type SymExprT for the given arguments.
clang::ento::SymbolicRegion
SymbolicRegion - A special, "non-concrete" region.
Definition MemRegion.h:808
clang::ento::SymbolicRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:564
clang::ento::SymbolicRegion::Profile
void Profile(llvm::FoldingSetNodeID &ID) const override
Definition MemRegion.cpp:346
clang::ento::SymbolicRegion::ProfileRegion
static void ProfileRegion(llvm::FoldingSetNodeID &ID, SymbolRef sym, const MemRegion *superRegion)
Definition MemRegion.cpp:339
clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition MemRegion.h:563
clang::ento::TypedValueRegion::getValueType
virtual QualType getValueType() const =0
clang::ento::UnknownSpaceRegion::dumpToStream
void dumpToStream(raw_ostream &os) const override
Definition MemRegion.cpp:609
clang::ento::VarRegion::getStackFrame
const StackFrame * getStackFrame() const
It might return null.
Definition MemRegion.cpp:166
clang::ento::nonloc::ConcreteInt
Value representing integer constant.
Definition SVals.h:300
clang::ento::nonloc::SymbolVal
Represents symbolic expression that isn't a location.
Definition SVals.h:279
CL
Definition SPIR.cpp:35
clang::ento::ProgramStateRef
IntrusiveRefCntPtr< const ProgramState > ProgramStateRef
Definition ProgramState_Fwd.h:37
clang::ento::SymbolRef
const SymExpr * SymbolRef
Definition SymExpr.h:133
clang::ento::getElementExtent
DefinedOrUnknownSVal getElementExtent(QualType Ty, SValBuilder &SVB)
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition CalledOnceCheck.h:17
clang::CanQualType
CanQual< Type > CanQualType
Represents a canonical, potentially-qualified type.
Definition CanonicalType.h:213
clang::isa
bool isa(CodeGen::Address addr)
Definition Address.h:330
clang::LangAS
LangAS
Defines the address space values used by the address space qualifier of QualType.
Definition AddressSpaces.h:25
clang::cast
U cast(CodeGen::Address addr)
Definition Address.h:327
clang::FunctionProtoType::ExtProtoInfo
Extra information about a function prototype.
Definition TypeBase.h:5454
clang::PrintingPolicy
Describes how types, statements, expressions, and declarations should be printed.
Definition PrettyPrinter.h:58
Generated on for clang by doxygen 1.14.0