clang 18.0.0git
ProgramState.cpp
Go to the documentation of this file.
1//= ProgramState.cpp - Path-Sensitive "State" for tracking values --*- C++ -*--=
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file implements ProgramState and ProgramStateManager.
10//
11//===----------------------------------------------------------------------===//
12
13#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
14#include "clang/Analysis/CFG.h"
15#include "clang/Basic/JsonSupport.h"
16#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
17#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
18#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicType.h"
19#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
20#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
21#include "llvm/Support/raw_ostream.h"
22#include <optional>
23
24using namespace clang;
25using namespace ento;
26
27namespace clang { namespace ento {
28/// Increments the number of times this state is referenced.
29
30void ProgramStateRetain(const ProgramState *state) {
31 ++const_cast<ProgramState*>(state)->refCount;
32}
33
34/// Decrement the number of times this state is referenced.
35void ProgramStateRelease(const ProgramState *state) {
36 assert(state->refCount > 0);
37 ProgramState *s = const_cast<ProgramState*>(state);
38 if (--s->refCount == 0) {
39 ProgramStateManager &Mgr = s->getStateManager();
40 Mgr.StateSet.RemoveNode(s);
41 s->~ProgramState();
42 Mgr.freeStates.push_back(s);
43 }
44}
45}}
46
47ProgramState::ProgramState(ProgramStateManager *mgr, const Environment& env,
48 StoreRef st, GenericDataMap gdm)
49 : stateMgr(mgr),
50 Env(env),
51 store(st.getStore()),
52 GDM(gdm),
53 refCount(0) {
54 stateMgr->getStoreManager().incrementReferenceCount(store);
55}
56
57ProgramState::ProgramState(const ProgramState &RHS)
58 : stateMgr(RHS.stateMgr), Env(RHS.Env), store(RHS.store), GDM(RHS.GDM),
59 PosteriorlyOverconstrained(RHS.PosteriorlyOverconstrained), refCount(0) {
60 stateMgr->getStoreManager().incrementReferenceCount(store);
61}
62
63ProgramState::~ProgramState() {
64 if (store)
65 stateMgr->getStoreManager().decrementReferenceCount(store);
66}
67
68int64_t ProgramState::getID() const {
69 return getStateManager().Alloc.identifyKnownAlignedObject<ProgramState>(this);
70}
71
72ProgramStateManager::ProgramStateManager(ASTContext &Ctx,
73 StoreManagerCreator CreateSMgr,
74 ConstraintManagerCreator CreateCMgr,
75 llvm::BumpPtrAllocator &alloc,
76 ExprEngine *ExprEng)
77 : Eng(ExprEng), EnvMgr(alloc), GDMFactory(alloc),
78 svalBuilder(createSimpleSValBuilder(alloc, Ctx, *this)),
79 CallEventMgr(new CallEventManager(alloc)), Alloc(alloc) {
80 StoreMgr = (*CreateSMgr)(*this);
81 ConstraintMgr = (*CreateCMgr)(*this, ExprEng);
82}
83
84
85ProgramStateManager::~ProgramStateManager() {
86 for (GDMContextsTy::iterator I=GDMContexts.begin(), E=GDMContexts.end();
87 I!=E; ++I)
88 I->second.second(I->second.first);
89}
90
91ProgramStateRef ProgramStateManager::removeDeadBindingsFromEnvironmentAndStore(
92 ProgramStateRef state, const StackFrameContext *LCtx,
93 SymbolReaper &SymReaper) {
94
95 // This code essentially performs a "mark-and-sweep" of the VariableBindings.
96 // The roots are any Block-level exprs and Decls that our liveness algorithm
97 // tells us are live. We then see what Decls they may reference, and keep
98 // those around. This code more than likely can be made faster, and the
99 // frequency of which this method is called should be experimented with
100 // for optimum performance.
101 ProgramState NewState = *state;
102
103 NewState.Env = EnvMgr.removeDeadBindings(NewState.Env, SymReaper, state);
104
105 // Clean up the store.
106 StoreRef newStore = StoreMgr->removeDeadBindings(NewState.getStore(), LCtx,
107 SymReaper);
108 NewState.setStore(newStore);
109 SymReaper.setReapedStore(newStore);
110
111 return getPersistentState(NewState);
112}
113
114ProgramStateRef ProgramState::bindLoc(Loc LV,
115 SVal V,
116 const LocationContext *LCtx,
117 bool notifyChanges) const {
118 ProgramStateManager &Mgr = getStateManager();
119 ProgramStateRef newState = makeWithStore(Mgr.StoreMgr->Bind(getStore(),
120 LV, V));
121 const MemRegion *MR = LV.getAsRegion();
122 if (MR && notifyChanges)
123 return Mgr.getOwningEngine().processRegionChange(newState, MR, LCtx);
124
125 return newState;
126}
127
128ProgramStateRef
129ProgramState::bindDefaultInitial(SVal loc, SVal V,
130 const LocationContext *LCtx) const {
131 ProgramStateManager &Mgr = getStateManager();
132 const MemRegion *R = loc.castAs<loc::MemRegionVal>().getRegion();
133 const StoreRef &newStore = Mgr.StoreMgr->BindDefaultInitial(getStore(), R, V);
134 ProgramStateRef new_state = makeWithStore(newStore);
135 return Mgr.getOwningEngine().processRegionChange(new_state, R, LCtx);
136}
137
138ProgramStateRef
139ProgramState::bindDefaultZero(SVal loc, const LocationContext *LCtx) const {
140 ProgramStateManager &Mgr = getStateManager();
141 const MemRegion *R = loc.castAs<loc::MemRegionVal>().getRegion();
142 const StoreRef &newStore = Mgr.StoreMgr->BindDefaultZero(getStore(), R);
143 ProgramStateRef new_state = makeWithStore(newStore);
144 return Mgr.getOwningEngine().processRegionChange(new_state, R, LCtx);
145}
146
147typedef ArrayRef<const MemRegion *> RegionList;
148typedef ArrayRef<SVal> ValueList;
149
150ProgramStateRef
151ProgramState::invalidateRegions(RegionList Regions,
152 const Expr *E, unsigned Count,
153 const LocationContext *LCtx,
154 bool CausedByPointerEscape,
155 InvalidatedSymbols *IS,
156 const CallEvent *Call,
157 RegionAndSymbolInvalidationTraits *ITraits) const {
158 SmallVector<SVal, 8> Values;
159 for (const MemRegion *Reg : Regions)
160 Values.push_back(loc::MemRegionVal(Reg));
161
162 return invalidateRegionsImpl(Values, E, Count, LCtx, CausedByPointerEscape,
163 IS, ITraits, Call);
164}
165
166ProgramStateRef
167ProgramState::invalidateRegions(ValueList Values,
168 const Expr *E, unsigned Count,
169 const LocationContext *LCtx,
170 bool CausedByPointerEscape,
171 InvalidatedSymbols *IS,
172 const CallEvent *Call,
173 RegionAndSymbolInvalidationTraits *ITraits) const {
174
175 return invalidateRegionsImpl(Values, E, Count, LCtx, CausedByPointerEscape,
176 IS, ITraits, Call);
177}
178
179ProgramStateRef
180ProgramState::invalidateRegionsImpl(ValueList Values,
181 const Expr *E, unsigned Count,
182 const LocationContext *LCtx,
183 bool CausedByPointerEscape,
184 InvalidatedSymbols *IS,
185 RegionAndSymbolInvalidationTraits *ITraits,
186 const CallEvent *Call) const {
187 ProgramStateManager &Mgr = getStateManager();
188 ExprEngine &Eng = Mgr.getOwningEngine();
189
190 InvalidatedSymbols InvalidatedSyms;
191 if (!IS)
192 IS = &InvalidatedSyms;
193
194 RegionAndSymbolInvalidationTraits ITraitsLocal;
195 if (!ITraits)
196 ITraits = &ITraitsLocal;
197
198 StoreManager::InvalidatedRegions TopLevelInvalidated;
199 StoreManager::InvalidatedRegions Invalidated;
200 const StoreRef &newStore
201 = Mgr.StoreMgr->invalidateRegions(getStore(), Values, E, Count, LCtx, Call,
202 *IS, *ITraits, &TopLevelInvalidated,
203 &Invalidated);
204
205 ProgramStateRef newState = makeWithStore(newStore);
206
207 if (CausedByPointerEscape) {
208 newState = Eng.notifyCheckersOfPointerEscape(newState, IS,
209 TopLevelInvalidated,
210 Call,
211 *ITraits);
212 }
213
214 return Eng.processRegionChanges(newState, IS, TopLevelInvalidated,
215 Invalidated, LCtx, Call);
216}
217
218ProgramStateRef ProgramState::killBinding(Loc LV) const {
219 Store OldStore = getStore();
220 const StoreRef &newStore =
221 getStateManager().StoreMgr->killBinding(OldStore, LV);
222
223 if (newStore.getStore() == OldStore)
224 return this;
225
226 return makeWithStore(newStore);
227}
228
229ProgramStateRef
230ProgramState::enterStackFrame(const CallEvent &Call,
231 const StackFrameContext *CalleeCtx) const {
232 const StoreRef &NewStore =
233 getStateManager().StoreMgr->enterStackFrame(getStore(), Call, CalleeCtx);
234 return makeWithStore(NewStore);
235}
236
237SVal ProgramState::getSelfSVal(const LocationContext *LCtx) const {
238 const ImplicitParamDecl *SelfDecl = LCtx->getSelfDecl();
239 if (!SelfDecl)
240 return SVal();
241 return getSVal(getRegion(SelfDecl, LCtx));
242}
243
244SVal ProgramState::getSValAsScalarOrLoc(const MemRegion *R) const {
245 // We only want to do fetches from regions that we can actually bind
246 // values. For example, SymbolicRegions of type 'id<...>' cannot
247 // have direct bindings (but their can be bindings on their subregions).
248 if (!R->isBoundable())
249 return UnknownVal();
250
251 if (const TypedValueRegion *TR = dyn_cast<TypedValueRegion>(R)) {
252 QualType T = TR->getValueType();
253 if (Loc::isLocType(T) || T->isIntegralOrEnumerationType())
254 return getSVal(R);
255 }
256
257 return UnknownVal();
258}
259
260SVal ProgramState::getSVal(Loc location, QualType T) const {
261 SVal V = getRawSVal(location, T);
262
263 // If 'V' is a symbolic value that is *perfectly* constrained to
264 // be a constant value, use that value instead to lessen the burden
265 // on later analysis stages (so we have less symbolic values to reason
266 // about).
267 // We only go into this branch if we can convert the APSInt value we have
268 // to the type of T, which is not always the case (e.g. for void).
269 if (!T.isNull() && (T->isIntegralOrEnumerationType() || Loc::isLocType(T))) {
270 if (SymbolRef sym = V.getAsSymbol()) {
271 if (const llvm::APSInt *Int = getStateManager()
272 .getConstraintManager()
273 .getSymVal(this, sym)) {
274 // FIXME: Because we don't correctly model (yet) sign-extension
275 // and truncation of symbolic values, we need to convert
276 // the integer value to the correct signedness and bitwidth.
277 //
278 // This shows up in the following:
279 //
280 // char foo();
281 // unsigned x = foo();
282 // if (x == 54)
283 // ...
284 //
285 // The symbolic value stored to 'x' is actually the conjured
286 // symbol for the call to foo(); the type of that symbol is 'char',
287 // not unsigned.
288 const llvm::APSInt &NewV = getBasicVals().Convert(T, *Int);
289
290 if (V.getAs<Loc>())
291 return loc::ConcreteInt(NewV);
292 else
293 return nonloc::ConcreteInt(NewV);
294 }
295 }
296 }
297
298 return V;
299}
300
301ProgramStateRef ProgramState::BindExpr(const Stmt *S,
302 const LocationContext *LCtx,
303 SVal V, bool Invalidate) const{
304 Environment NewEnv =
305 getStateManager().EnvMgr.bindExpr(Env, EnvironmentEntry(S, LCtx), V,
306 Invalidate);
307 if (NewEnv == Env)
308 return this;
309
310 ProgramState NewSt = *this;
311 NewSt.Env = NewEnv;
312 return getStateManager().getPersistentState(NewSt);
313}
314
315[[nodiscard]] std::pair<ProgramStateRef, ProgramStateRef>
316ProgramState::assumeInBoundDual(DefinedOrUnknownSVal Idx,
317 DefinedOrUnknownSVal UpperBound,
318 QualType indexTy) const {
319 if (Idx.isUnknown() || UpperBound.isUnknown())
320 return {this, this};
321
322 // Build an expression for 0 <= Idx < UpperBound.
323 // This is the same as Idx + MIN < UpperBound + MIN, if overflow is allowed.
324 // FIXME: This should probably be part of SValBuilder.
325 ProgramStateManager &SM = getStateManager();
326 SValBuilder &svalBuilder = SM.getSValBuilder();
327 ASTContext &Ctx = svalBuilder.getContext();
328
329 // Get the offset: the minimum value of the array index type.
330 BasicValueFactory &BVF = svalBuilder.getBasicValueFactory();
331 if (indexTy.isNull())
332 indexTy = svalBuilder.getArrayIndexType();
333 nonloc::ConcreteInt Min(BVF.getMinValue(indexTy));
334
335 // Adjust the index.
336 SVal newIdx = svalBuilder.evalBinOpNN(this, BO_Add,
337 Idx.castAs<NonLoc>(), Min, indexTy);
338 if (newIdx.isUnknownOrUndef())
339 return {this, this};
340
341 // Adjust the upper bound.
342 SVal newBound =
343 svalBuilder.evalBinOpNN(this, BO_Add, UpperBound.castAs<NonLoc>(),
344 Min, indexTy);
345
346 if (newBound.isUnknownOrUndef())
347 return {this, this};
348
349 // Build the actual comparison.
350 SVal inBound = svalBuilder.evalBinOpNN(this, BO_LT, newIdx.castAs<NonLoc>(),
351 newBound.castAs<NonLoc>(), Ctx.IntTy);
352 if (inBound.isUnknownOrUndef())
353 return {this, this};
354
355 // Finally, let the constraint manager take care of it.
356 ConstraintManager &CM = SM.getConstraintManager();
357 return CM.assumeDual(this, inBound.castAs<DefinedSVal>());
358}
359
360ProgramStateRef ProgramState::assumeInBound(DefinedOrUnknownSVal Idx,
361 DefinedOrUnknownSVal UpperBound,
362 bool Assumption,
363 QualType indexTy) const {
364 std::pair<ProgramStateRef, ProgramStateRef> R =
365 assumeInBoundDual(Idx, UpperBound, indexTy);
366 return Assumption ? R.first : R.second;
367}
368
369ConditionTruthVal ProgramState::isNonNull(SVal V) const {
370 ConditionTruthVal IsNull = isNull(V);
371 if (IsNull.isUnderconstrained())
372 return IsNull;
373 return ConditionTruthVal(!IsNull.getValue());
374}
375
376ConditionTruthVal ProgramState::areEqual(SVal Lhs, SVal Rhs) const {
377 return stateMgr->getSValBuilder().areEqual(this, Lhs, Rhs);
378}
379
380ConditionTruthVal ProgramState::isNull(SVal V) const {
381 if (V.isZeroConstant())
382 return true;
383
384 if (V.isConstant())
385 return false;
386
387 SymbolRef Sym = V.getAsSymbol(/* IncludeBaseRegion */ true);
388 if (!Sym)
389 return ConditionTruthVal();
390
391 return getStateManager().ConstraintMgr->isNull(this, Sym);
392}
393
394ProgramStateRef ProgramStateManager::getInitialState(const LocationContext *InitLoc) {
395 ProgramState State(this,
396 EnvMgr.getInitialEnvironment(),
397 StoreMgr->getInitialStore(InitLoc),
398 GDMFactory.getEmptyMap());
399
400 return getPersistentState(State);
401}
402
403ProgramStateRef ProgramStateManager::getPersistentStateWithGDM(
404 ProgramStateRef FromState,
405 ProgramStateRef GDMState) {
406 ProgramState NewState(*FromState);
407 NewState.GDM = GDMState->GDM;
408 return getPersistentState(NewState);
409}
410
411ProgramStateRef ProgramStateManager::getPersistentState(ProgramState &State) {
412
413 llvm::FoldingSetNodeID ID;
414 State.Profile(ID);
415 void *InsertPos;
416
417 if (ProgramState *I = StateSet.FindNodeOrInsertPos(ID, InsertPos))
418 return I;
419
420 ProgramState *newState = nullptr;
421 if (!freeStates.empty()) {
422 newState = freeStates.back();
423 freeStates.pop_back();
424 }
425 else {
426 newState = Alloc.Allocate<ProgramState>();
427 }
428 new (newState) ProgramState(State);
429 StateSet.InsertNode(newState, InsertPos);
430 return newState;
431}
432
433ProgramStateRef ProgramState::makeWithStore(const StoreRef &store) const {
434 ProgramState NewSt(*this);
435 NewSt.setStore(store);
436 return getStateManager().getPersistentState(NewSt);
437}
438
439ProgramStateRef ProgramState::cloneAsPosteriorlyOverconstrained() const {
440 ProgramState NewSt(*this);
441 NewSt.PosteriorlyOverconstrained = true;
442 return getStateManager().getPersistentState(NewSt);
443}
444
445void ProgramState::setStore(const StoreRef &newStore) {
446 Store newStoreStore = newStore.getStore();
447 if (newStoreStore)
448 stateMgr->getStoreManager().incrementReferenceCount(newStoreStore);
449 if (store)
450 stateMgr->getStoreManager().decrementReferenceCount(store);
451 store = newStoreStore;
452}
453
454//===----------------------------------------------------------------------===//
455// State pretty-printing.
456//===----------------------------------------------------------------------===//
457
458void ProgramState::printJson(raw_ostream &Out, const LocationContext *LCtx,
459 const char *NL, unsigned int Space,
460 bool IsDot) const {
461 Indent(Out, Space, IsDot) << "\"program_state\": {" << NL;
462 ++Space;
463
464 ProgramStateManager &Mgr = getStateManager();
465
466 // Print the store.
467 Mgr.getStoreManager().printJson(Out, getStore(), NL, Space, IsDot);
468
469 // Print out the environment.
470 Env.printJson(Out, Mgr.getContext(), LCtx, NL, Space, IsDot);
471
472 // Print out the constraints.
473 Mgr.getConstraintManager().printJson(Out, this, NL, Space, IsDot);
474
475 // Print out the tracked dynamic types.
476 printDynamicTypeInfoJson(Out, this, NL, Space, IsDot);
477
478 // Print checker-specific data.
479 Mgr.getOwningEngine().printJson(Out, this, LCtx, NL, Space, IsDot);
480
481 --Space;
482 Indent(Out, Space, IsDot) << '}';
483}
484
485void ProgramState::printDOT(raw_ostream &Out, const LocationContext *LCtx,
486 unsigned int Space) const {
487 printJson(Out, LCtx, /*NL=*/"\\l", Space, /*IsDot=*/true);
488}
489
490LLVM_DUMP_METHOD void ProgramState::dump() const {
491 printJson(llvm::errs());
492}
493
494AnalysisManager& ProgramState::getAnalysisManager() const {
495 return stateMgr->getOwningEngine().getAnalysisManager();
496}
497
498//===----------------------------------------------------------------------===//
499// Generic Data Map.
500//===----------------------------------------------------------------------===//
501
502void *const* ProgramState::FindGDM(void *K) const {
503 return GDM.lookup(K);
504}
505
506void*
507ProgramStateManager::FindGDMContext(void *K,
508 void *(*CreateContext)(llvm::BumpPtrAllocator&),
509 void (*DeleteContext)(void*)) {
510
511 std::pair<void*, void (*)(void*)>& p = GDMContexts[K];
512 if (!p.first) {
513 p.first = CreateContext(Alloc);
514 p.second = DeleteContext;
515 }
516
517 return p.first;
518}
519
520ProgramStateRef ProgramStateManager::addGDM(ProgramStateRef St, void *Key, void *Data){
521 ProgramState::GenericDataMap M1 = St->getGDM();
522 ProgramState::GenericDataMap M2 = GDMFactory.add(M1, Key, Data);
523
524 if (M1 == M2)
525 return St;
526
527 ProgramState NewSt = *St;
528 NewSt.GDM = M2;
529 return getPersistentState(NewSt);
530}
531
532ProgramStateRef ProgramStateManager::removeGDM(ProgramStateRef state, void *Key) {
533 ProgramState::GenericDataMap OldM = state->getGDM();
534 ProgramState::GenericDataMap NewM = GDMFactory.remove(OldM, Key);
535
536 if (NewM == OldM)
537 return state;
538
539 ProgramState NewState = *state;
540 NewState.GDM = NewM;
541 return getPersistentState(NewState);
542}
543
544bool ScanReachableSymbols::scan(nonloc::LazyCompoundVal val) {
545 bool wasVisited = !visited.insert(val.getCVData()).second;
546 if (wasVisited)
547 return true;
548
549 StoreManager &StoreMgr = state->getStateManager().getStoreManager();
550 // FIXME: We don't really want to use getBaseRegion() here because pointer
551 // arithmetic doesn't apply, but scanReachableSymbols only accepts base
552 // regions right now.
553 const MemRegion *R = val.getRegion()->getBaseRegion();
554 return StoreMgr.scanReachableSymbols(val.getStore(), R, *this);
555}
556
557bool ScanReachableSymbols::scan(nonloc::CompoundVal val) {
558 for (SVal V : val)
559 if (!scan(V))
560 return false;
561
562 return true;
563}
564
565bool ScanReachableSymbols::scan(const SymExpr *sym) {
566 for (SymbolRef SubSym : sym->symbols()) {
567 bool wasVisited = !visited.insert(SubSym).second;
568 if (wasVisited)
569 continue;
570
571 if (!visitor.VisitSymbol(SubSym))
572 return false;
573 }
574
575 return true;
576}
577
578bool ScanReachableSymbols::scan(SVal val) {
579 if (std::optional<loc::MemRegionVal> X = val.getAs<loc::MemRegionVal>())
580 return scan(X->getRegion());
581
582 if (std::optional<nonloc::LazyCompoundVal> X =
583 val.getAs<nonloc::LazyCompoundVal>())
584 return scan(*X);
585
586 if (std::optional<nonloc::LocAsInteger> X = val.getAs<nonloc::LocAsInteger>())
587 return scan(X->getLoc());
588
589 if (SymbolRef Sym = val.getAsSymbol())
590 return scan(Sym);
591
592 if (std::optional<nonloc::CompoundVal> X = val.getAs<nonloc::CompoundVal>())
593 return scan(*X);
594
595 return true;
596}
597
598bool ScanReachableSymbols::scan(const MemRegion *R) {
599 if (isa<MemSpaceRegion>(R))
600 return true;
601
602 bool wasVisited = !visited.insert(R).second;
603 if (wasVisited)
604 return true;
605
606 if (!visitor.VisitMemRegion(R))
607 return false;
608
609 // If this is a symbolic region, visit the symbol for the region.
610 if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
611 if (!visitor.VisitSymbol(SR->getSymbol()))
612 return false;
613
614 // If this is a subregion, also visit the parent regions.
615 if (const SubRegion *SR = dyn_cast<SubRegion>(R)) {
616 const MemRegion *Super = SR->getSuperRegion();
617 if (!scan(Super))
618 return false;
619
620 // When we reach the topmost region, scan all symbols in it.
621 if (isa<MemSpaceRegion>(Super)) {
622 StoreManager &StoreMgr = state->getStateManager().getStoreManager();
623 if (!StoreMgr.scanReachableSymbols(state->getStore(), SR, *this))
624 return false;
625 }
626 }
627
628 // Regions captured by a block are also implicitly reachable.
629 if (const BlockDataRegion *BDR = dyn_cast<BlockDataRegion>(R)) {
630 for (auto Var : BDR->referenced_vars()) {
631 if (!scan(Var.getCapturedRegion()))
632 return false;
633 }
634 }
635
636 return true;
637}
638
639bool ProgramState::scanReachableSymbols(SVal val, SymbolVisitor& visitor) const {
640 ScanReachableSymbols S(this, visitor);
641 return S.scan(val);
642}
643
644bool ProgramState::scanReachableSymbols(
645 llvm::iterator_range<region_iterator> Reachable,
646 SymbolVisitor &visitor) const {
647 ScanReachableSymbols S(this, visitor);
648 for (const MemRegion *R : Reachable) {
649 if (!S.scan(R))
650 return false;
651 }
652 return true;
653}
V
#define V(N, I)
Definition: ASTContext.h:3233
SM
#define SM(sm)
Definition: Cuda.cpp:80
Env
const Environment & Env
Definition: HTMLLogger.cpp:145
X
#define X(type, name)
Definition: Value.h:142
RegionList
ArrayRef< const MemRegion * > RegionList
Definition: ProgramState.cpp:147
ValueList
ArrayRef< SVal > ValueList
Definition: ProgramState.cpp:148
Data
const char * Data
Definition: StandardLibrary.cpp:36
s
__device__ __2f16 float __ockl_bool s
Definition: __clang_hip_libdevice_declares.h:304
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:182
clang::ASTContext::IntTy
CanQualType IntTy
Definition: ASTContext.h:1086
clang::Expr
This represents one expression.
Definition: Expr.h:110
clang::LocationContext
It wraps the AnalysisDeclContext to represent both the call stack with the help of StackFrameContext ...
Definition: AnalysisDeclContext.h:215
clang::LocationContext::getSelfDecl
const ImplicitParamDecl * getSelfDecl() const
Definition: AnalysisDeclContext.h:260
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:736
clang::QualType::isNull
bool isNull() const
Return true if this QualType doesn't point to a type yet.
Definition: Type.h:803
clang::StackFrameContext
It represents a stack frame of the call stack (based on CallEvent).
Definition: AnalysisDeclContext.h:299
clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:72
clang::Type::isIntegralOrEnumerationType
bool isIntegralOrEnumerationType() const
Determine whether this type is an integral or enumeration type.
Definition: Type.h:7420
clang::ento::BasicValueFactory::Convert
const llvm::APSInt & Convert(const llvm::APSInt &To, const llvm::APSInt &From)
Convert - Create a new persistent APSInt with the same value as 'From' but with the bitwidth and sign...
Definition: BasicValueFactory.h:168
clang::ento::BasicValueFactory::getMinValue
const llvm::APSInt & getMinValue(const llvm::APSInt &v)
Definition: BasicValueFactory.h:198
clang::ento::BlockDataRegion
BlockDataRegion - A region that represents a block instance.
Definition: MemRegion.h:673
clang::ento::CallEventManager
Manages the lifetime of CallEvent objects.
Definition: CallEvent.h:1282
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:153
clang::ento::ConstraintManager::assumeDual
ProgramStatePair assumeDual(ProgramStateRef State, DefinedSVal Cond)
Returns a pair of states (StTrue, StFalse) where the given condition is assumed to be true or false,...
Definition: ConstraintManager.cpp:93
clang::ento::ConstraintManager::printJson
virtual void printJson(raw_ostream &Out, ProgramStateRef State, const char *NL, unsigned int Space, bool IsDot) const =0
clang::ento::EnvironmentEntry
An entry in the environment consists of a Stmt and an LocationContext.
Definition: Environment.h:36
clang::ento::EnvironmentManager::bindExpr
Environment bindExpr(Environment Env, const EnvironmentEntry &E, SVal V, bool Invalidate)
Bind a symbolic value to the given environment entry.
Definition: Environment.cpp:136
clang::ento::EnvironmentManager::removeDeadBindings
Environment removeDeadBindings(Environment Env, SymbolReaper &SymReaper, ProgramStateRef state)
Definition: Environment.cpp:178
clang::ento::Environment
An immutable map from EnvironemntEntries to SVals.
Definition: Environment.h:56
clang::ento::Environment::printJson
void printJson(raw_ostream &Out, const ASTContext &Ctx, const LocationContext *LCtx=nullptr, const char *NL="\n", unsigned int Space=0, bool IsDot=false) const
Definition: Environment.cpp:215
clang::ento::ExprEngine::processRegionChange
ProgramStateRef processRegionChange(ProgramStateRef state, const MemRegion *MR, const LocationContext *LCtx)
Definition: ExprEngine.h:407
clang::ento::ExprEngine::printJson
void printJson(raw_ostream &Out, ProgramStateRef State, const LocationContext *LCtx, const char *NL, unsigned int Space, bool IsDot) const
printJson - Called by ProgramStateManager to print checker-specific data.
Definition: ExprEngine.cpp:939
clang::ento::ExprEngine::processRegionChanges
ProgramStateRef processRegionChanges(ProgramStateRef state, const InvalidatedSymbols *invalidated, ArrayRef< const MemRegion * > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const LocationContext *LCtx, const CallEvent *Call)
processRegionChanges - Called by ProgramStateManager whenever a change is made to the store.
Definition: ExprEngine.cpp:673
clang::ento::ExprEngine::notifyCheckersOfPointerEscape
ProgramStateRef notifyCheckersOfPointerEscape(ProgramStateRef State, const InvalidatedSymbols *Invalidated, ArrayRef< const MemRegion * > ExplicitRegions, const CallEvent *Call, RegionAndSymbolInvalidationTraits &ITraits)
Call PointerEscape callback when a value escapes as a result of region invalidation.
Definition: ExprEngine.cpp:3517
clang::ento::ExprEngine::getAnalysisManager
AnalysisManager & getAnalysisManager()
Definition: ExprEngine.h:206
clang::ento::Loc::isLocType
static bool isLocType(QualType T)
Definition: SVals.h:285
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:96
clang::ento::MemRegion::isBoundable
virtual bool isBoundable() const
Definition: MemRegion.h:178
clang::ento::MemRegion::getBaseRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getBaseRegion() const
Definition: MemRegion.cpp:1335
clang::ento::ProgramStateManager::removeDeadBindingsFromEnvironmentAndStore
ProgramStateRef removeDeadBindingsFromEnvironmentAndStore(ProgramStateRef St, const StackFrameContext *LCtx, SymbolReaper &SymReaper)
Definition: ProgramState.cpp:91
clang::ento::ProgramStateManager::removeGDM
ProgramStateRef removeGDM(ProgramStateRef state, void *Key)
Definition: ProgramState.cpp:532
clang::ento::ProgramStateManager::FindGDMContext
void * FindGDMContext(void *index, void *(*CreateContext)(llvm::BumpPtrAllocator &), void(*DeleteContext)(void *))
Definition: ProgramState.cpp:507
clang::ento::ProgramStateManager::getPersistentStateWithGDM
ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState, ProgramStateRef GDMState)
Definition: ProgramState.cpp:403
clang::ento::ProgramStateManager::addGDM
ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data)
Definition: ProgramState.cpp:520
clang::ento::ProgramStateManager::getPersistentState
ProgramStateRef getPersistentState(ProgramState &Impl)
Definition: ProgramState.cpp:411
clang::ento::ProgramStateManager::getInitialState
ProgramStateRef getInitialState(const LocationContext *InitLoc)
Definition: ProgramState.cpp:394
clang::ento::ProgramStateManager::ProgramStateManager
ProgramStateManager(ASTContext &Ctx, StoreManagerCreator CreateStoreManager, ConstraintManagerCreator CreateConstraintManager, llvm::BumpPtrAllocator &alloc, ExprEngine *expreng)
Definition: ProgramState.cpp:72
clang::ento::ProgramStateManager::getConstraintManager
ConstraintManager & getConstraintManager()
Definition: ProgramState.h:580
clang::ento::ProgramState
ProgramState - This class encapsulates:
Definition: ProgramState.h:71
clang::ento::ProgramState::scanReachableSymbols
bool scanReachableSymbols(SVal val, SymbolVisitor &visitor) const
Visits the symbols reachable from the given SVal using the provided SymbolVisitor.
Definition: ProgramState.cpp:639
clang::ento::ProgramState::bindDefaultZero
ProgramStateRef bindDefaultZero(SVal loc, const LocationContext *LCtx) const
Performs C++ zero-initialization procedure on the region of memory represented by loc.
Definition: ProgramState.cpp:139
clang::ento::ProgramState::GenericDataMap
llvm::ImmutableMap< void *, void * > GenericDataMap
Definition: ProgramState.h:74
clang::ento::ProgramState::BindExpr
ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx, SVal V, bool Invalidate=true) const
Create a new state by binding the value 'V' to the statement 'S' in the state's environment.
Definition: ProgramState.cpp:301
clang::ento::ProgramState::printJson
void printJson(raw_ostream &Out, const LocationContext *LCtx=nullptr, const char *NL="\n", unsigned int Space=0, bool IsDot=false) const
Definition: ProgramState.cpp:458
clang::ento::ProgramState::bindDefaultInitial
ProgramStateRef bindDefaultInitial(SVal loc, SVal V, const LocationContext *LCtx) const
Initializes the region of memory represented by loc with an initial value.
Definition: ProgramState.cpp:129
clang::ento::ProgramState::getConstraintManager
ConstraintManager & getConstraintManager() const
Return the ConstraintManager.
Definition: ProgramState.h:696
clang::ento::ProgramState::getSValAsScalarOrLoc
SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const
Definition: ProgramState.h:812
clang::ento::ProgramState::getSelfSVal
SVal getSelfSVal(const LocationContext *LC) const
Return the value of 'self' if available in the given context.
Definition: ProgramState.cpp:237
clang::ento::ProgramState::getRawSVal
SVal getRawSVal(Loc LV, QualType T=QualType()) const
Returns the "raw" SVal bound to LV before any value simplfication.
Definition: ProgramState.h:824
clang::ento::ProgramState::isNull
ConditionTruthVal isNull(SVal V) const
Check if the given SVal is constrained to zero or is a zero constant.
Definition: ProgramState.cpp:380
clang::ento::ProgramState::getStateManager
ProgramStateManager & getStateManager() const
Return the ProgramStateManager associated with this state.
Definition: ProgramState.h:147
clang::ento::ProgramState::killBinding
ProgramStateRef killBinding(Loc LV) const
Definition: ProgramState.cpp:218
clang::ento::ProgramState::ProgramState
ProgramState(ProgramStateManager *mgr, const Environment &env, StoreRef st, GenericDataMap gdm)
This ctor is used when creating the first ProgramState object.
Definition: ProgramState.cpp:47
clang::ento::ProgramState::getStore
Store getStore() const
Return the store associated with this state.
Definition: ProgramState.h:162
clang::ento::ProgramState::invalidateRegions
ProgramStateRef invalidateRegions(ArrayRef< const MemRegion * > Regions, const Expr *E, unsigned BlockCount, const LocationContext *LCtx, bool CausesPointerEscape, InvalidatedSymbols *IS=nullptr, const CallEvent *Call=nullptr, RegionAndSymbolInvalidationTraits *ITraits=nullptr) const
Returns the state with bindings for the given regions cleared from the store.
clang::ento::ProgramState::areEqual
ConditionTruthVal areEqual(SVal Lhs, SVal Rhs) const
Definition: ProgramState.cpp:376
clang::ento::ProgramState::printDOT
void printDOT(raw_ostream &Out, const LocationContext *LCtx=nullptr, unsigned int Space=0) const
Definition: ProgramState.cpp:485
clang::ento::ProgramState::isNonNull
ConditionTruthVal isNonNull(SVal V) const
Check if the given SVal is not constrained to zero and is not a zero constant.
Definition: ProgramState.cpp:369
clang::ento::ProgramState::assumeInBound
ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx, DefinedOrUnknownSVal upperBound, bool assumption, QualType IndexType=QualType()) const
Definition: ProgramState.cpp:360
clang::ento::ProgramState::enterStackFrame
ProgramStateRef enterStackFrame(const CallEvent &Call, const StackFrameContext *CalleeCtx) const
enterStackFrame - Returns the state for entry to the given stack frame, preserving the current state.
Definition: ProgramState.cpp:230
clang::ento::ProgramState::getRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const VarRegion * getRegion(const VarDecl *D, const LocationContext *LC) const
Utility method for getting regions.
Definition: ProgramState.h:700
clang::ento::ProgramState::getSVal
SVal getSVal(const Stmt *S, const LocationContext *LCtx) const
Returns the SVal bound to the statement 'S' in the state's environment.
Definition: ProgramState.h:805
clang::ento::ProgramState::bindLoc
ProgramStateRef bindLoc(Loc location, SVal V, const LocationContext *LCtx, bool notifyChanges=true) const
Definition: ProgramState.cpp:114
clang::ento::ProgramState::getBasicVals
BasicValueFactory & getBasicVals() const
Definition: ProgramState.h:834
clang::ento::ProgramState::assumeInBoundDual
std::pair< ProgramStateRef, ProgramStateRef > assumeInBoundDual(DefinedOrUnknownSVal idx, DefinedOrUnknownSVal upperBound, QualType IndexType=QualType()) const
Definition: ProgramState.cpp:316
clang::ento::ProgramState::getAnalysisManager
AnalysisManager & getAnalysisManager() const
Definition: ProgramState.cpp:494
clang::ento::ProgramState::FindGDM
void *const * FindGDM(void *K) const
Definition: ProgramState.cpp:502
clang::ento::RegionAndSymbolInvalidationTraits
Information about invalidation for a particular region/symbol.
Definition: MemRegion.h:1624
clang::ento::SValBuilder::getBasicValueFactory
BasicValueFactory & getBasicValueFactory()
Definition: SValBuilder.h:149
clang::ento::SValBuilder::getContext
ASTContext & getContext()
Definition: SValBuilder.h:136
clang::ento::SValBuilder::getArrayIndexType
QualType getArrayIndexType() const
Definition: SValBuilder.h:145
clang::ento::SValBuilder::evalBinOpNN
virtual SVal evalBinOpNN(ProgramStateRef state, BinaryOperator::Opcode op, NonLoc lhs, NonLoc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with two non- location operands.
clang::ento::SValBuilder::areEqual
ConditionTruthVal areEqual(ProgramStateRef state, SVal lhs, SVal rhs)
Definition: SValBuilder.cpp:535
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:73
clang::ento::SVal::isUnknownOrUndef
bool isUnknownOrUndef() const
Definition: SVals.h:133
clang::ento::SVal::getAsSymbol
SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const
If this SVal wraps a symbol return that SymbolRef.
Definition: SVals.cpp:104
clang::ento::SVal::getAs
std::optional< T > getAs() const
Convert to the specified SVal type, returning std::nullopt if this SVal is not of the desired type.
Definition: SVals.h:104
clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition: SVals.cpp:120
clang::ento::SVal::castAs
T castAs() const
Convert to the specified SVal type, asserting that this SVal is of the desired type.
Definition: SVals.h:100
clang::ento::SVal::isUnknown
bool isUnknown() const
Definition: SVals.h:125
clang::ento::ScanReachableSymbols
A utility class that visits the reachable symbols using a custom SymbolVisitor.
Definition: ProgramState.h:905
clang::ento::ScanReachableSymbols::scan
bool scan(nonloc::LazyCompoundVal val)
Definition: ProgramState.cpp:544
clang::ento::StoreManager::scanReachableSymbols
virtual bool scanReachableSymbols(Store S, const MemRegion *R, ScanReachableSymbols &Visitor)=0
Finds the transitive closure of symbols within the given region.
clang::ento::StoreManager::decrementReferenceCount
virtual void decrementReferenceCount(Store store)
If the StoreManager supports it, decrement the reference count of the specified Store object.
Definition: Store.h:201
clang::ento::StoreManager::incrementReferenceCount
virtual void incrementReferenceCount(Store store)
If the StoreManager supports it, increment the reference count of the specified Store object.
Definition: Store.h:196
clang::ento::StoreManager::printJson
virtual void printJson(raw_ostream &Out, Store S, const char *NL, unsigned int Space, bool IsDot) const =0
clang::ento::StoreRef::getStore
Store getStore() const
Definition: StoreRef.h:46
clang::ento::SubRegion
SubRegion - A region that subsets another larger region.
Definition: MemRegion.h:441
clang::ento::SymExpr
Symbolic value.
Definition: SymExpr.h:30
clang::ento::SymExpr::symbols
llvm::iterator_range< symbol_iterator > symbols() const
Definition: SymExpr.h:87
clang::ento::SymbolReaper
A class responsible for cleaning up unused symbols.
Definition: SymbolManager.h:573
clang::ento::SymbolReaper::setReapedStore
void setReapedStore(StoreRef st)
Set to the value of the symbolic store after StoreManager::removeDeadBindings has been called.
Definition: SymbolManager.h:653
clang::ento::SymbolVisitor::VisitMemRegion
virtual bool VisitMemRegion(const MemRegion *)
Definition: SymbolManager.h:685
clang::ento::SymbolVisitor::VisitSymbol
virtual bool VisitSymbol(SymbolRef sym)=0
A visitor method invoked by ProgramStateManager::scanReachableSymbols.
clang::ento::SymbolicRegion
SymbolicRegion - A special, "non-concrete" region.
Definition: MemRegion.h:775
clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition: MemRegion.h:530
clang::ento::nonloc::ConcreteInt
Value representing integer constant.
Definition: SVals.h:325
clang::ento::nonloc::LazyCompoundVal::getCVData
LLVM_ATTRIBUTE_RETURNS_NONNULL const LazyCompoundValData * getCVData() const
Definition: SVals.h:407
clang::ento::nonloc::LazyCompoundVal::getRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const TypedValueRegion * getRegion() const
Definition: SVals.cpp:200
clang::ento::nonloc::LazyCompoundVal::getStore
const void * getStore() const
It might return null.
Definition: SVals.cpp:196
clang::ento::createSimpleSValBuilder
SValBuilder * createSimpleSValBuilder(llvm::BumpPtrAllocator &alloc, ASTContext &context, ProgramStateManager &stateMgr)
Definition: SimpleSValBuilder.cpp:86
clang::ento::printDynamicTypeInfoJson
void printDynamicTypeInfoJson(raw_ostream &Out, ProgramStateRef State, const char *NL="\n", unsigned int Space=0, bool IsDot=false)
clang::ento::ConstraintManagerCreator
std::unique_ptr< ConstraintManager >(* ConstraintManagerCreator)(ProgramStateManager &, ExprEngine *)
Definition: ProgramState.h:42
clang::ento::StoreManagerCreator
std::unique_ptr< StoreManager >(* StoreManagerCreator)(ProgramStateManager &)
Definition: ProgramState.h:44
clang::ento::Store
const void * Store
Store - This opaque type encapsulates an immutable mapping from locations to values.
Definition: StoreRef.h:27
clang::ento::ProgramStateRetain
void ProgramStateRetain(const ProgramState *state)
Increments the number of times this state is referenced.
Definition: ProgramState.cpp:30
clang::ento::ProgramStateRelease
void ProgramStateRelease(const ProgramState *state)
Decrement the number of times this state is referenced.
Definition: ProgramState.cpp:35
Generated on Sat Sep 23 2023 18:26:07 for clang by doxygen 1.9.6