doxygen/ProgramState_8h_source.html

//== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// This file defines the state of the program along the analysisa path.

//

//===----------------------------------------------------------------------===//


#ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H

#define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H


#include "clang/Basic/LLVM.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"

#include "llvm/ADT/FoldingSet.h"

#include "llvm/ADT/ImmutableMap.h"

#include "llvm/Support/Allocator.h"

#include <utility>


namespace llvm {

class APSInt;

}


namespace clang {

class ASTContext;


namespace ento {


class AnalysisManager;

class CallEvent;

class CallEventManager;


typedef std::unique_ptr<ConstraintManager>(*ConstraintManagerCreator)(

    ProgramStateManager &, ExprEngine *);

typedef std::unique_ptr<StoreManager>(*StoreManagerCreator)(

    ProgramStateManager &);


//===----------------------------------------------------------------------===//

// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState.

//===----------------------------------------------------------------------===//


template <typename T> struct ProgramStatePartialTrait;


template <typename T> struct ProgramStateTrait {

  typedef typename T::data_type data_type;

  static inline void *MakeVoidPtr(data_type D) { return (void*) D; }

  static inline data_type MakeData(void *const* P) {

    return P ? (data_type) *P : (data_type) 0;

  }

};


/// \class ProgramState

/// ProgramState - This class encapsulates:

///

///    1. A mapping from expressions to values (Environment)

///    2. A mapping from locations to values (Store)

///    3. Constraints on symbolic values (GenericDataMap)

///

///  Together these represent the "abstract state" of a program.

///

///  ProgramState is intended to be used as a functional object; that is,

///  once it is created and made "persistent" in a FoldingSet, its

///  values will never change.

class ProgramState : public llvm::FoldingSetNode {

public:

  typedef llvm::ImmutableSet<llvm::APSInt*>                IntSetTy;

  typedef llvm::ImmutableMap<void*, void*>                 GenericDataMap;


private:

  void operator=(const ProgramState& R) = delete;


  friend class ProgramStateManager;

  friend class ExplodedGraph;

  friend class ExplodedNode;


  ProgramStateManager *stateMgr;

  Environment Env;           // Maps a Stmt to its current SVal.

  Store store;               // Maps a location to its current value.

  GenericDataMap   GDM;      // Custom data stored by a client of this class.

  unsigned refCount;


  /// makeWithStore - Return a ProgramState with the same values as the current

  ///  state with the exception of using the specified Store.

  ProgramStateRef makeWithStore(const StoreRef &store) const;


  void setStore(const StoreRef &storeRef);


public:

  /// This ctor is used when creating the first ProgramState object.

  ProgramState(ProgramStateManager *mgr, const Environment& env,

          StoreRef st, GenericDataMap gdm);


  /// Copy ctor - We must explicitly define this or else the "Next" ptr

  ///  in FoldingSetNode will also get copied.

  ProgramState(const ProgramState &RHS);


  ~ProgramState();


  int64_t getID() const;


  /// Return the ProgramStateManager associated with this state.

  ProgramStateManager &getStateManager() const {

    return *stateMgr;

  }


  AnalysisManager &getAnalysisManager() const;


  /// Return the ConstraintManager.

  ConstraintManager &getConstraintManager() const;


  /// getEnvironment - Return the environment associated with this state.

  ///  The environment is the mapping from expressions to values.

  const Environment& getEnvironment() const { return Env; }


  /// Return the store associated with this state.  The store

  ///  is a mapping from locations to values.

  Store getStore() const { return store; }


  /// getGDM - Return the generic data map associated with this state.

  GenericDataMap getGDM() const { return GDM; }


  void setGDM(GenericDataMap gdm) { GDM = gdm; }


  /// Profile - Profile the contents of a ProgramState object for use in a

  ///  FoldingSet.  Two ProgramState objects are considered equal if they

  ///  have the same Environment, Store, and GenericDataMap.

  static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) {

    V->Env.Profile(ID);

    ID.AddPointer(V->store);

    V->GDM.Profile(ID);

  }


  /// Profile - Used to profile the contents of this object for inclusion

  ///  in a FoldingSet.

  void Profile(llvm::FoldingSetNodeID& ID) const {

    Profile(ID, this);

  }


  BasicValueFactory &getBasicVals() const;

  SymbolManager &getSymbolManager() const;


  //==---------------------------------------------------------------------==//

  // Constraints on values.

  //==---------------------------------------------------------------------==//

  //

  // Each ProgramState records constraints on symbolic values.  These constraints

  // are managed using the ConstraintManager associated with a ProgramStateManager.

  // As constraints gradually accrue on symbolic values, added constraints

  // may conflict and indicate that a state is infeasible (as no real values

  // could satisfy all the constraints).  This is the principal mechanism

  // for modeling path-sensitivity in ExprEngine/ProgramState.

  //

  // Various "assume" methods form the interface for adding constraints to

  // symbolic values.  A call to 'assume' indicates an assumption being placed

  // on one or symbolic values.  'assume' methods take the following inputs:

  //

  //  (1) A ProgramState object representing the current state.

  //

  //  (2) The assumed constraint (which is specific to a given "assume" method).

  //

  //  (3) A binary value "Assumption" that indicates whether the constraint is

  //      assumed to be true or false.

  //

  // The output of "assume*" is a new ProgramState object with the added constraints.

  // If no new state is feasible, NULL is returned.

  //


  /// Assumes that the value of \p cond is zero (if \p assumption is "false")

  /// or non-zero (if \p assumption is "true").

  ///

  /// This returns a new state with the added constraint on \p cond.

  /// If no new state is feasible, NULL is returned.

  LLVM_NODISCARD ProgramStateRef assume(DefinedOrUnknownSVal cond,

                                        bool assumption) const;


  /// Assumes both "true" and "false" for \p cond, and returns both

  /// corresponding states (respectively).

  ///

  /// This is more efficient than calling assume() twice. Note that one (but not

  /// both) of the returned states may be NULL.

  LLVM_NODISCARD std::pair<ProgramStateRef, ProgramStateRef>

  assume(DefinedOrUnknownSVal cond) const;


  LLVM_NODISCARD ProgramStateRef

  assumeInBound(DefinedOrUnknownSVal idx, DefinedOrUnknownSVal upperBound,

                bool assumption, QualType IndexType = QualType()) const;


  /// Assumes that the value of \p Val is bounded with [\p From; \p To]

  /// (if \p assumption is "true") or it is fully out of this range

  /// (if \p assumption is "false").

  ///

  /// This returns a new state with the added constraint on \p cond.

  /// If no new state is feasible, NULL is returned.

  LLVM_NODISCARD ProgramStateRef assumeInclusiveRange(DefinedOrUnknownSVal Val,

                                                      const llvm::APSInt &From,

                                                      const llvm::APSInt &To,

                                                      bool assumption) const;


  /// Assumes given range both "true" and "false" for \p Val, and returns both

  /// corresponding states (respectively).

  ///

  /// This is more efficient than calling assume() twice. Note that one (but not

  /// both) of the returned states may be NULL.

  LLVM_NODISCARD std::pair<ProgramStateRef, ProgramStateRef>

  assumeInclusiveRange(DefinedOrUnknownSVal Val, const llvm::APSInt &From,

                       const llvm::APSInt &To) const;


  /// Check if the given SVal is not constrained to zero and is not

  ///        a zero constant.

  ConditionTruthVal isNonNull(SVal V) const;


  /// Check if the given SVal is constrained to zero or is a zero

  ///        constant.

  ConditionTruthVal isNull(SVal V) const;


  /// \return Whether values \p Lhs and \p Rhs are equal.

  ConditionTruthVal areEqual(SVal Lhs, SVal Rhs) const;


  /// Utility method for getting regions.

  const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const;


  //==---------------------------------------------------------------------==//

  // Binding and retrieving values to/from the environment and symbolic store.

  //==---------------------------------------------------------------------==//


  /// Create a new state by binding the value 'V' to the statement 'S' in the

  /// state's environment.

  LLVM_NODISCARD ProgramStateRef BindExpr(const Stmt *S,

                                          const LocationContext *LCtx, SVal V,

                                          bool Invalidate = true) const;


  LLVM_NODISCARD ProgramStateRef bindLoc(Loc location, SVal V,

                                         const LocationContext *LCtx,

                                         bool notifyChanges = true) const;


  LLVM_NODISCARD ProgramStateRef bindLoc(SVal location, SVal V,

                                         const LocationContext *LCtx) const;


  /// Initializes the region of memory represented by \p loc with an initial

  /// value. Once initialized, all values loaded from any sub-regions of that

  /// region will be equal to \p V, unless overwritten later by the program.

  /// This method should not be used on regions that are already initialized.

  /// If you need to indicate that memory contents have suddenly become unknown

  /// within a certain region of memory, consider invalidateRegions().

  LLVM_NODISCARD ProgramStateRef

  bindDefaultInitial(SVal loc, SVal V, const LocationContext *LCtx) const;


  /// Performs C++ zero-initialization procedure on the region of memory

  /// represented by \p loc.

  LLVM_NODISCARD ProgramStateRef

  bindDefaultZero(SVal loc, const LocationContext *LCtx) const;


  LLVM_NODISCARD ProgramStateRef killBinding(Loc LV) const;


  /// Returns the state with bindings for the given regions

  ///  cleared from the store.

  ///

  /// Optionally invalidates global regions as well.

  ///

  /// \param Regions the set of regions to be invalidated.

  /// \param E the expression that caused the invalidation.

  /// \param BlockCount The number of times the current basic block has been

  //         visited.

  /// \param CausesPointerEscape the flag is set to true when

  ///        the invalidation entails escape of a symbol (representing a

  ///        pointer). For example, due to it being passed as an argument in a

  ///        call.

  /// \param IS the set of invalidated symbols.

  /// \param Call if non-null, the invalidated regions represent parameters to

  ///        the call and should be considered directly invalidated.

  /// \param ITraits information about special handling for a particular

  ///        region/symbol.

  LLVM_NODISCARD ProgramStateRef

  invalidateRegions(ArrayRef<const MemRegion *> Regions, const Expr *E,

                    unsigned BlockCount, const LocationContext *LCtx,

                    bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,

                    const CallEvent *Call = nullptr,

                    RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;


  LLVM_NODISCARD ProgramStateRef

  invalidateRegions(ArrayRef<SVal> Regions, const Expr *E,

                    unsigned BlockCount, const LocationContext *LCtx,

                    bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,

                    const CallEvent *Call = nullptr,

                    RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;


  /// enterStackFrame - Returns the state for entry to the given stack frame,

  ///  preserving the current state.

  LLVM_NODISCARD ProgramStateRef enterStackFrame(

      const CallEvent &Call, const StackFrameContext *CalleeCtx) const;


  /// Return the value of 'self' if available in the given context.

  SVal getSelfSVal(const LocationContext *LC) const;


  /// Get the lvalue for a base class object reference.

  Loc getLValue(const CXXBaseSpecifier &BaseSpec, const SubRegion *Super) const;


  /// Get the lvalue for a base class object reference.

  Loc getLValue(const CXXRecordDecl *BaseClass, const SubRegion *Super,

                bool IsVirtual) const;


  /// Get the lvalue for a parameter.

  Loc getLValue(const Expr *Call, unsigned Index,

                const LocationContext *LC) const;


  /// Get the lvalue for a variable reference.

  Loc getLValue(const VarDecl *D, const LocationContext *LC) const;


  Loc getLValue(const CompoundLiteralExpr *literal,

                const LocationContext *LC) const;


  /// Get the lvalue for an ivar reference.

  SVal getLValue(const ObjCIvarDecl *decl, SVal base) const;


  /// Get the lvalue for a field reference.

  SVal getLValue(const FieldDecl *decl, SVal Base) const;


  /// Get the lvalue for an indirect field reference.

  SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const;


  /// Get the lvalue for an array index.

  SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;


  /// Returns the SVal bound to the statement 'S' in the state's environment.

  SVal getSVal(const Stmt *S, const LocationContext *LCtx) const;


  SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const;


  /// Return the value bound to the specified location.

  /// Returns UnknownVal() if none found.

  SVal getSVal(Loc LV, QualType T = QualType()) const;


  /// Returns the "raw" SVal bound to LV before any value simplfication.

  SVal getRawSVal(Loc LV, QualType T= QualType()) const;


  /// Return the value bound to the specified location.

  /// Returns UnknownVal() if none found.

  SVal getSVal(const MemRegion* R, QualType T = QualType()) const;


  /// Return the value bound to the specified location, assuming

  /// that the value is a scalar integer or an enumeration or a pointer.

  /// Returns UnknownVal() if none found or the region is not known to hold

  /// a value of such type.

  SVal getSValAsScalarOrLoc(const MemRegion *R) const;


  using region_iterator = const MemRegion **;


  /// Visits the symbols reachable from the given SVal using the provided

  /// SymbolVisitor.

  ///

  /// This is a convenience API. Consider using ScanReachableSymbols class

  /// directly when making multiple scans on the same state with the same

  /// visitor to avoid repeated initialization cost.

  /// \sa ScanReachableSymbols

  bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const;


  /// Visits the symbols reachable from the regions in the given

  /// MemRegions range using the provided SymbolVisitor.

  bool scanReachableSymbols(llvm::iterator_range<region_iterator> Reachable,

                            SymbolVisitor &visitor) const;


  template <typename CB> CB scanReachableSymbols(SVal val) const;

  template <typename CB> CB

  scanReachableSymbols(llvm::iterator_range<region_iterator> Reachable) const;


  //==---------------------------------------------------------------------==//

  // Accessing the Generic Data Map (GDM).

  //==---------------------------------------------------------------------==//


  void *const* FindGDM(void *K) const;


  template <typename T>

  LLVM_NODISCARD ProgramStateRef

  add(typename ProgramStateTrait<T>::key_type K) const;


  template <typename T>

  typename ProgramStateTrait<T>::data_type

  get() const {

    return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex()));

  }


  template<typename T>

  typename ProgramStateTrait<T>::lookup_type

  get(typename ProgramStateTrait<T>::key_type key) const {

    void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());

    return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key);

  }


  template <typename T>

  typename ProgramStateTrait<T>::context_type get_context() const;


  template <typename T>

  LLVM_NODISCARD ProgramStateRef

  remove(typename ProgramStateTrait<T>::key_type K) const;


  template <typename T>

  LLVM_NODISCARD ProgramStateRef

  remove(typename ProgramStateTrait<T>::key_type K,

         typename ProgramStateTrait<T>::context_type C) const;


  template <typename T> LLVM_NODISCARD ProgramStateRef remove() const;


  template <typename T>

  LLVM_NODISCARD ProgramStateRef

  set(typename ProgramStateTrait<T>::data_type D) const;


  template <typename T>

  LLVM_NODISCARD ProgramStateRef

  set(typename ProgramStateTrait<T>::key_type K,

      typename ProgramStateTrait<T>::value_type E) const;


  template <typename T>

  LLVM_NODISCARD ProgramStateRef

  set(typename ProgramStateTrait<T>::key_type K,

      typename ProgramStateTrait<T>::value_type E,

      typename ProgramStateTrait<T>::context_type C) const;


  template<typename T>

  bool contains(typename ProgramStateTrait<T>::key_type key) const {

    void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());

    return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key);

  }


  // Pretty-printing.

  void printJson(raw_ostream &Out, const LocationContext *LCtx = nullptr,

                 const char *NL = "\n", unsigned int Space = 0,

                 bool IsDot = false) const;


  void printDOT(raw_ostream &Out, const LocationContext *LCtx = nullptr,

                unsigned int Space = 0) const;


  void dump() const;


private:

  friend void ProgramStateRetain(const ProgramState *state);

  friend void ProgramStateRelease(const ProgramState *state);


  /// \sa invalidateValues()

  /// \sa invalidateRegions()

  ProgramStateRef

  invalidateRegionsImpl(ArrayRef<SVal> Values,

                        const Expr *E, unsigned BlockCount,

                        const LocationContext *LCtx,

                        bool ResultsInSymbolEscape,

                        InvalidatedSymbols *IS,

                        RegionAndSymbolInvalidationTraits *HTraits,

                        const CallEvent *Call) const;

};


//===----------------------------------------------------------------------===//

// ProgramStateManager - Factory object for ProgramStates.

//===----------------------------------------------------------------------===//


class ProgramStateManager {

  friend class ProgramState;

  friend void ProgramStateRelease(const ProgramState *state);

private:

  /// Eng - The ExprEngine that owns this state manager.

  ExprEngine *Eng; /* Can be null. */


  EnvironmentManager                   EnvMgr;

  std::unique_ptr<StoreManager>        StoreMgr;

  std::unique_ptr<ConstraintManager>   ConstraintMgr;


  ProgramState::GenericDataMap::Factory     GDMFactory;


  typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy;

  GDMContextsTy GDMContexts;


  /// StateSet - FoldingSet containing all the states created for analyzing

  ///  a particular function.  This is used to unique states.

  llvm::FoldingSet<ProgramState> StateSet;


  /// Object that manages the data for all created SVals.

  std::unique_ptr<SValBuilder> svalBuilder;


  /// Manages memory for created CallEvents.

  std::unique_ptr<CallEventManager> CallEventMgr;


  /// A BumpPtrAllocator to allocate states.

  llvm::BumpPtrAllocator &Alloc;


  /// A vector of ProgramStates that we can reuse.

  std::vector<ProgramState *> freeStates;


public:

  ProgramStateManager(ASTContext &Ctx,

                 StoreManagerCreator CreateStoreManager,

                 ConstraintManagerCreator CreateConstraintManager,

                 llvm::BumpPtrAllocator& alloc,

                 ExprEngine *expreng);


  ~ProgramStateManager();


  ProgramStateRef getInitialState(const LocationContext *InitLoc);


  ASTContext &getContext() { return svalBuilder->getContext(); }

  const ASTContext &getContext() const { return svalBuilder->getContext(); }


  BasicValueFactory &getBasicVals() {

    return svalBuilder->getBasicValueFactory();

  }


  SValBuilder &getSValBuilder() {

    return *svalBuilder;

  }


  const SValBuilder &getSValBuilder() const {

    return *svalBuilder;

  }


  SymbolManager &getSymbolManager() {

    return svalBuilder->getSymbolManager();

  }

  const SymbolManager &getSymbolManager() const {

    return svalBuilder->getSymbolManager();

  }


  llvm::BumpPtrAllocator& getAllocator() { return Alloc; }


  MemRegionManager& getRegionManager() {

    return svalBuilder->getRegionManager();

  }

  const MemRegionManager &getRegionManager() const {

    return svalBuilder->getRegionManager();

  }


  CallEventManager &getCallEventManager() { return *CallEventMgr; }


  StoreManager &getStoreManager() { return *StoreMgr; }

  ConstraintManager &getConstraintManager() { return *ConstraintMgr; }

  ExprEngine &getOwningEngine() { return *Eng; }


  ProgramStateRef

  removeDeadBindingsFromEnvironmentAndStore(ProgramStateRef St,

                                            const StackFrameContext *LCtx,

                                            SymbolReaper &SymReaper);


public:


  SVal ArrayToPointer(Loc Array, QualType ElementTy) {

    return StoreMgr->ArrayToPointer(Array, ElementTy);

  }


  // Methods that manipulate the GDM.

  ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data);

  ProgramStateRef removeGDM(ProgramStateRef state, void *Key);


  // Methods that query & manipulate the Store.


  void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) {

    StoreMgr->iterBindings(state->getStore(), F);

  }


  ProgramStateRef getPersistentState(ProgramState &Impl);

  ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState,

                                           ProgramStateRef GDMState);


  bool haveEqualConstraints(ProgramStateRef S1, ProgramStateRef S2) const {

    return ConstraintMgr->haveEqualConstraints(S1, S2);

  }


  bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) const {

    return S1->Env == S2->Env;

  }


  bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) const {

    return S1->store == S2->store;

  }


  //==---------------------------------------------------------------------==//

  // Generic Data Map methods.

  //==---------------------------------------------------------------------==//

  //

  // ProgramStateManager and ProgramState support a "generic data map" that allows

  // different clients of ProgramState objects to embed arbitrary data within a

  // ProgramState object.  The generic data map is essentially an immutable map

  // from a "tag" (that acts as the "key" for a client) and opaque values.

  // Tags/keys and values are simply void* values.  The typical way that clients

  // generate unique tags are by taking the address of a static variable.

  // Clients are responsible for ensuring that data values referred to by a

  // the data pointer are immutable (and thus are essentially purely functional

  // data).

  //

  // The templated methods below use the ProgramStateTrait<T> class

  // to resolve keys into the GDM and to return data values to clients.

  //


  // Trait based GDM dispatch.

  template <typename T>

  ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) {

    return addGDM(st, ProgramStateTrait<T>::GDMIndex(),

                  ProgramStateTrait<T>::MakeVoidPtr(D));

  }


  template<typename T>

  ProgramStateRef set(ProgramStateRef st,

                     typename ProgramStateTrait<T>::key_type K,

                     typename ProgramStateTrait<T>::value_type V,

                     typename ProgramStateTrait<T>::context_type C) {


    return addGDM(st, ProgramStateTrait<T>::GDMIndex(),

     ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C)));

  }


  template <typename T>

  ProgramStateRef add(ProgramStateRef st,

                     typename ProgramStateTrait<T>::key_type K,

                     typename ProgramStateTrait<T>::context_type C) {

    return addGDM(st, ProgramStateTrait<T>::GDMIndex(),

        ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C)));

  }


  template <typename T>

  ProgramStateRef remove(ProgramStateRef st,

                        typename ProgramStateTrait<T>::key_type K,

                        typename ProgramStateTrait<T>::context_type C) {


    return addGDM(st, ProgramStateTrait<T>::GDMIndex(),

     ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C)));

  }


  template <typename T>

  ProgramStateRef remove(ProgramStateRef st) {

    return removeGDM(st, ProgramStateTrait<T>::GDMIndex());

  }


  void *FindGDMContext(void *index,

                       void *(*CreateContext)(llvm::BumpPtrAllocator&),

                       void  (*DeleteContext)(void*));


  template <typename T>

  typename ProgramStateTrait<T>::context_type get_context() {

    void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(),

                             ProgramStateTrait<T>::CreateContext,

                             ProgramStateTrait<T>::DeleteContext);


    return ProgramStateTrait<T>::MakeContext(p);

  }

};


//===----------------------------------------------------------------------===//

// Out-of-line method definitions for ProgramState.

//===----------------------------------------------------------------------===//


inline ConstraintManager &ProgramState::getConstraintManager() const {

  return stateMgr->getConstraintManager();

}


inline const VarRegion* ProgramState::getRegion(const VarDecl *D,

                                                const LocationContext *LC) const

{

  return getStateManager().getRegionManager().getVarRegion(D, LC);

}


inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond,

                                      bool Assumption) const {

  if (Cond.isUnknown())

    return this;


  return getStateManager().ConstraintMgr

      ->assume(this, Cond.castAs<DefinedSVal>(), Assumption);

}


inline std::pair<ProgramStateRef , ProgramStateRef >

ProgramState::assume(DefinedOrUnknownSVal Cond) const {

  if (Cond.isUnknown())

    return std::make_pair(this, this);


  return getStateManager().ConstraintMgr

      ->assumeDual(this, Cond.castAs<DefinedSVal>());

}


inline ProgramStateRef ProgramState::assumeInclusiveRange(

    DefinedOrUnknownSVal Val, const llvm::APSInt &From, const llvm::APSInt &To,

    bool Assumption) const {

  if (Val.isUnknown())

    return this;


  assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");


  return getStateManager().ConstraintMgr->assumeInclusiveRange(

      this, Val.castAs<NonLoc>(), From, To, Assumption);

}


inline std::pair<ProgramStateRef, ProgramStateRef>

ProgramState::assumeInclusiveRange(DefinedOrUnknownSVal Val,

                                   const llvm::APSInt &From,

                                   const llvm::APSInt &To) const {

  if (Val.isUnknown())

    return std::make_pair(this, this);


  assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");


  return getStateManager().ConstraintMgr->assumeInclusiveRangeDual(

      this, Val.castAs<NonLoc>(), From, To);

}


inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V, const LocationContext *LCtx) const {

  if (Optional<Loc> L = LV.getAs<Loc>())

    return bindLoc(*L, V, LCtx);

  return this;

}


inline Loc ProgramState::getLValue(const CXXBaseSpecifier &BaseSpec,

                                   const SubRegion *Super) const {

  const auto *Base = BaseSpec.getType()->getAsCXXRecordDecl();

  return loc::MemRegionVal(

           getStateManager().getRegionManager().getCXXBaseObjectRegion(

                                            Base, Super, BaseSpec.isVirtual()));

}


inline Loc ProgramState::getLValue(const CXXRecordDecl *BaseClass,

                                   const SubRegion *Super,

                                   bool IsVirtual) const {

  return loc::MemRegionVal(

           getStateManager().getRegionManager().getCXXBaseObjectRegion(

                                                  BaseClass, Super, IsVirtual));

}


inline Loc ProgramState::getLValue(const VarDecl *VD,

                               const LocationContext *LC) const {

  return getStateManager().StoreMgr->getLValueVar(VD, LC);

}


inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal,

                               const LocationContext *LC) const {

  return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC);

}


inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const {

  return getStateManager().StoreMgr->getLValueIvar(D, Base);

}


inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const {

  return getStateManager().StoreMgr->getLValueField(D, Base);

}


inline SVal ProgramState::getLValue(const IndirectFieldDecl *D,

                                    SVal Base) const {

  StoreManager &SM = *getStateManager().StoreMgr;

  for (const auto *I : D->chain()) {

    Base = SM.getLValueField(cast<FieldDecl>(I), Base);

  }


  return Base;

}


inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{

  if (Optional<NonLoc> N = Idx.getAs<NonLoc>())

    return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base);

  return UnknownVal();

}


inline SVal ProgramState::getSVal(const Stmt *Ex,

                                  const LocationContext *LCtx) const{

  return Env.getSVal(EnvironmentEntry(Ex, LCtx),

                     *getStateManager().svalBuilder);

}


inline SVal

ProgramState::getSValAsScalarOrLoc(const Stmt *S,

                                   const LocationContext *LCtx) const {

  if (const Expr *Ex = dyn_cast<Expr>(S)) {

    QualType T = Ex->getType();

    if (Ex->isGLValue() || Loc::isLocType(T) ||

        T->isIntegralOrEnumerationType())

      return getSVal(S, LCtx);

  }


  return UnknownVal();

}


inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const {

  return getStateManager().StoreMgr->getBinding(getStore(), LV, T);

}


inline SVal ProgramState::getSVal(const MemRegion* R, QualType T) const {

  return getStateManager().StoreMgr->getBinding(getStore(),

                                                loc::MemRegionVal(R),

                                                T);

}


inline BasicValueFactory &ProgramState::getBasicVals() const {

  return getStateManager().getBasicVals();

}


inline SymbolManager &ProgramState::getSymbolManager() const {

  return getStateManager().getSymbolManager();

}


template<typename T>

ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const {

  return getStateManager().add<T>(this, K, get_context<T>());

}


template <typename T>

typename ProgramStateTrait<T>::context_type ProgramState::get_context() const {

  return getStateManager().get_context<T>();

}


template<typename T>

ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const {

  return getStateManager().remove<T>(this, K, get_context<T>());

}


template<typename T>

ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K,

                               typename ProgramStateTrait<T>::context_type C) const {

  return getStateManager().remove<T>(this, K, C);

}


template <typename T>

ProgramStateRef ProgramState::remove() const {

  return getStateManager().remove<T>(this);

}


template<typename T>

ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const {

  return getStateManager().set<T>(this, D);

}


template<typename T>

ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,

                            typename ProgramStateTrait<T>::value_type E) const {

  return getStateManager().set<T>(this, K, E, get_context<T>());

}


template<typename T>

ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,

                            typename ProgramStateTrait<T>::value_type E,

                            typename ProgramStateTrait<T>::context_type C) const {

  return getStateManager().set<T>(this, K, E, C);

}


template <typename CB>

CB ProgramState::scanReachableSymbols(SVal val) const {

  CB cb(this);

  scanReachableSymbols(val, cb);

  return cb;

}


template <typename CB>

CB ProgramState::scanReachableSymbols(

    llvm::iterator_range<region_iterator> Reachable) const {

  CB cb(this);

  scanReachableSymbols(Reachable, cb);

  return cb;

}


/// \class ScanReachableSymbols

/// A utility class that visits the reachable symbols using a custom

/// SymbolVisitor. Terminates recursive traversal when the visitor function

/// returns false.

class ScanReachableSymbols {

  typedef llvm::DenseSet<const void*> VisitedItems;


  VisitedItems visited;

  ProgramStateRef state;

  SymbolVisitor &visitor;

public:

  ScanReachableSymbols(ProgramStateRef st, SymbolVisitor &v)

      : state(std::move(st)), visitor(v) {}


  bool scan(nonloc::LazyCompoundVal val);

  bool scan(nonloc::CompoundVal val);

  bool scan(SVal val);

  bool scan(const MemRegion *R);

  bool scan(const SymExpr *sym);

};


} // end ento namespace


} // end clang namespace


#endif