clang  10.0.0svn
ProgramState.h
Go to the documentation of this file.
1 //== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines the state of the program along the analysisa path.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
14 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
15 
16 #include "clang/Basic/LLVM.h"
17 #include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
21 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
22 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
23 #include "llvm/ADT/FoldingSet.h"
24 #include "llvm/ADT/ImmutableMap.h"
25 #include "llvm/Support/Allocator.h"
26 #include <utility>
27 
28 namespace llvm {
29 class APSInt;
30 }
31 
32 namespace clang {
33 class ASTContext;
34 
35 namespace ento {
36 
37 class AnalysisManager;
38 class CallEvent;
39 class CallEventManager;
40 
41 typedef std::unique_ptr<ConstraintManager>(*ConstraintManagerCreator)(
42  ProgramStateManager &, SubEngine *);
43 typedef std::unique_ptr<StoreManager>(*StoreManagerCreator)(
44  ProgramStateManager &);
45 
46 //===----------------------------------------------------------------------===//
47 // ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState.
48 //===----------------------------------------------------------------------===//
49 
50 template <typename T> struct ProgramStatePartialTrait;
51 
52 template <typename T> struct ProgramStateTrait {
53  typedef typename T::data_type data_type;
54  static inline void *MakeVoidPtr(data_type D) { return (void*) D; }
55  static inline data_type MakeData(void *const* P) {
56  return P ? (data_type) *P : (data_type) 0;
57  }
58 };
59 
60 /// \class ProgramState
61 /// ProgramState - This class encapsulates:
62 ///
63 /// 1. A mapping from expressions to values (Environment)
64 /// 2. A mapping from locations to values (Store)
65 /// 3. Constraints on symbolic values (GenericDataMap)
66 ///
67 /// Together these represent the "abstract state" of a program.
68 ///
69 /// ProgramState is intended to be used as a functional object; that is,
70 /// once it is created and made "persistent" in a FoldingSet, its
71 /// values will never change.
72 class ProgramState : public llvm::FoldingSetNode {
73 public:
74  typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy;
75  typedef llvm::ImmutableMap<void*, void*> GenericDataMap;
76 
77 private:
78  void operator=(const ProgramState& R) = delete;
79 
80  friend class ProgramStateManager;
81  friend class ExplodedGraph;
82  friend class ExplodedNode;
83 
84  ProgramStateManager *stateMgr;
85  Environment Env; // Maps a Stmt to its current SVal.
86  Store store; // Maps a location to its current value.
87  GenericDataMap GDM; // Custom data stored by a client of this class.
88  unsigned refCount;
89 
90  /// makeWithStore - Return a ProgramState with the same values as the current
91  /// state with the exception of using the specified Store.
92  ProgramStateRef makeWithStore(const StoreRef &store) const;
93 
94  void setStore(const StoreRef &storeRef);
95 
96 public:
97  /// This ctor is used when creating the first ProgramState object.
98  ProgramState(ProgramStateManager *mgr, const Environment& env,
99  StoreRef st, GenericDataMap gdm);
100 
101  /// Copy ctor - We must explicitly define this or else the "Next" ptr
102  /// in FoldingSetNode will also get copied.
103  ProgramState(const ProgramState &RHS);
104 
105  ~ProgramState();
106 
107  int64_t getID() const;
108 
109  /// Return the ProgramStateManager associated with this state.
110  ProgramStateManager &getStateManager() const {
111  return *stateMgr;
112  }
113 
114  AnalysisManager &getAnalysisManager() const;
115 
116  /// Return the ConstraintManager.
117  ConstraintManager &getConstraintManager() const;
118 
119  /// getEnvironment - Return the environment associated with this state.
120  /// The environment is the mapping from expressions to values.
121  const Environment& getEnvironment() const { return Env; }
122 
123  /// Return the store associated with this state. The store
124  /// is a mapping from locations to values.
125  Store getStore() const { return store; }
126 
127 
128  /// getGDM - Return the generic data map associated with this state.
129  GenericDataMap getGDM() const { return GDM; }
130 
131  void setGDM(GenericDataMap gdm) { GDM = gdm; }
132 
133  /// Profile - Profile the contents of a ProgramState object for use in a
134  /// FoldingSet. Two ProgramState objects are considered equal if they
135  /// have the same Environment, Store, and GenericDataMap.
136  static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) {
137  V->Env.Profile(ID);
138  ID.AddPointer(V->store);
139  V->GDM.Profile(ID);
140  }
141 
142  /// Profile - Used to profile the contents of this object for inclusion
143  /// in a FoldingSet.
144  void Profile(llvm::FoldingSetNodeID& ID) const {
145  Profile(ID, this);
146  }
147 
148  BasicValueFactory &getBasicVals() const;
149  SymbolManager &getSymbolManager() const;
150 
151  //==---------------------------------------------------------------------==//
152  // Constraints on values.
153  //==---------------------------------------------------------------------==//
154  //
155  // Each ProgramState records constraints on symbolic values. These constraints
156  // are managed using the ConstraintManager associated with a ProgramStateManager.
157  // As constraints gradually accrue on symbolic values, added constraints
158  // may conflict and indicate that a state is infeasible (as no real values
159  // could satisfy all the constraints). This is the principal mechanism
160  // for modeling path-sensitivity in ExprEngine/ProgramState.
161  //
162  // Various "assume" methods form the interface for adding constraints to
163  // symbolic values. A call to 'assume' indicates an assumption being placed
164  // on one or symbolic values. 'assume' methods take the following inputs:
165  //
166  // (1) A ProgramState object representing the current state.
167  //
168  // (2) The assumed constraint (which is specific to a given "assume" method).
169  //
170  // (3) A binary value "Assumption" that indicates whether the constraint is
171  // assumed to be true or false.
172  //
173  // The output of "assume*" is a new ProgramState object with the added constraints.
174  // If no new state is feasible, NULL is returned.
175  //
176 
177  /// Assumes that the value of \p cond is zero (if \p assumption is "false")
178  /// or non-zero (if \p assumption is "true").
179  ///
180  /// This returns a new state with the added constraint on \p cond.
181  /// If no new state is feasible, NULL is returned.
182  LLVM_NODISCARD ProgramStateRef assume(DefinedOrUnknownSVal cond,
183  bool assumption) const;
184 
185  /// Assumes both "true" and "false" for \p cond, and returns both
186  /// corresponding states (respectively).
187  ///
188  /// This is more efficient than calling assume() twice. Note that one (but not
189  /// both) of the returned states may be NULL.
190  LLVM_NODISCARD std::pair<ProgramStateRef, ProgramStateRef>
191  assume(DefinedOrUnknownSVal cond) const;
192 
193  LLVM_NODISCARD ProgramStateRef
194  assumeInBound(DefinedOrUnknownSVal idx, DefinedOrUnknownSVal upperBound,
195  bool assumption, QualType IndexType = QualType()) const;
196 
197  /// Assumes that the value of \p Val is bounded with [\p From; \p To]
198  /// (if \p assumption is "true") or it is fully out of this range
199  /// (if \p assumption is "false").
200  ///
201  /// This returns a new state with the added constraint on \p cond.
202  /// If no new state is feasible, NULL is returned.
203  LLVM_NODISCARD ProgramStateRef assumeInclusiveRange(DefinedOrUnknownSVal Val,
204  const llvm::APSInt &From,
205  const llvm::APSInt &To,
206  bool assumption) const;
207 
208  /// Assumes given range both "true" and "false" for \p Val, and returns both
209  /// corresponding states (respectively).
210  ///
211  /// This is more efficient than calling assume() twice. Note that one (but not
212  /// both) of the returned states may be NULL.
213  LLVM_NODISCARD std::pair<ProgramStateRef, ProgramStateRef>
214  assumeInclusiveRange(DefinedOrUnknownSVal Val, const llvm::APSInt &From,
215  const llvm::APSInt &To) const;
216 
217  /// Check if the given SVal is not constrained to zero and is not
218  /// a zero constant.
219  ConditionTruthVal isNonNull(SVal V) const;
220 
221  /// Check if the given SVal is constrained to zero or is a zero
222  /// constant.
223  ConditionTruthVal isNull(SVal V) const;
224 
225  /// \return Whether values \p Lhs and \p Rhs are equal.
226  ConditionTruthVal areEqual(SVal Lhs, SVal Rhs) const;
227 
228  /// Utility method for getting regions.
229  const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const;
230 
231  //==---------------------------------------------------------------------==//
232  // Binding and retrieving values to/from the environment and symbolic store.
233  //==---------------------------------------------------------------------==//
234 
235  /// Create a new state by binding the value 'V' to the statement 'S' in the
236  /// state's environment.
237  LLVM_NODISCARD ProgramStateRef BindExpr(const Stmt *S,
238  const LocationContext *LCtx, SVal V,
239  bool Invalidate = true) const;
240 
241  LLVM_NODISCARD ProgramStateRef bindLoc(Loc location, SVal V,
242  const LocationContext *LCtx,
243  bool notifyChanges = true) const;
244 
245  LLVM_NODISCARD ProgramStateRef bindLoc(SVal location, SVal V,
246  const LocationContext *LCtx) const;
247 
248  /// Initializes the region of memory represented by \p loc with an initial
249  /// value. Once initialized, all values loaded from any sub-regions of that
250  /// region will be equal to \p V, unless overwritten later by the program.
251  /// This method should not be used on regions that are already initialized.
252  /// If you need to indicate that memory contents have suddenly become unknown
253  /// within a certain region of memory, consider invalidateRegions().
254  LLVM_NODISCARD ProgramStateRef
255  bindDefaultInitial(SVal loc, SVal V, const LocationContext *LCtx) const;
256 
257  /// Performs C++ zero-initialization procedure on the region of memory
258  /// represented by \p loc.
259  LLVM_NODISCARD ProgramStateRef
260  bindDefaultZero(SVal loc, const LocationContext *LCtx) const;
261 
262  LLVM_NODISCARD ProgramStateRef killBinding(Loc LV) const;
263 
264  /// Returns the state with bindings for the given regions
265  /// cleared from the store.
266  ///
267  /// Optionally invalidates global regions as well.
268  ///
269  /// \param Regions the set of regions to be invalidated.
270  /// \param E the expression that caused the invalidation.
271  /// \param BlockCount The number of times the current basic block has been
272  // visited.
273  /// \param CausesPointerEscape the flag is set to true when
274  /// the invalidation entails escape of a symbol (representing a
275  /// pointer). For example, due to it being passed as an argument in a
276  /// call.
277  /// \param IS the set of invalidated symbols.
278  /// \param Call if non-null, the invalidated regions represent parameters to
279  /// the call and should be considered directly invalidated.
280  /// \param ITraits information about special handling for a particular
281  /// region/symbol.
282  LLVM_NODISCARD ProgramStateRef
283  invalidateRegions(ArrayRef<const MemRegion *> Regions, const Expr *E,
284  unsigned BlockCount, const LocationContext *LCtx,
285  bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,
286  const CallEvent *Call = nullptr,
287  RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;
288 
289  LLVM_NODISCARD ProgramStateRef
290  invalidateRegions(ArrayRef<SVal> Regions, const Expr *E,
291  unsigned BlockCount, const LocationContext *LCtx,
292  bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,
293  const CallEvent *Call = nullptr,
294  RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;
295 
296  /// enterStackFrame - Returns the state for entry to the given stack frame,
297  /// preserving the current state.
298  LLVM_NODISCARD ProgramStateRef enterStackFrame(
299  const CallEvent &Call, const StackFrameContext *CalleeCtx) const;
300 
301  /// Get the lvalue for a base class object reference.
302  Loc getLValue(const CXXBaseSpecifier &BaseSpec, const SubRegion *Super) const;
303 
304  /// Get the lvalue for a base class object reference.
305  Loc getLValue(const CXXRecordDecl *BaseClass, const SubRegion *Super,
306  bool IsVirtual) const;
307 
308  /// Get the lvalue for a variable reference.
309  Loc getLValue(const VarDecl *D, const LocationContext *LC) const;
310 
311  Loc getLValue(const CompoundLiteralExpr *literal,
312  const LocationContext *LC) const;
313 
314  /// Get the lvalue for an ivar reference.
315  SVal getLValue(const ObjCIvarDecl *decl, SVal base) const;
316 
317  /// Get the lvalue for a field reference.
318  SVal getLValue(const FieldDecl *decl, SVal Base) const;
319 
320  /// Get the lvalue for an indirect field reference.
321  SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const;
322 
323  /// Get the lvalue for an array index.
324  SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;
325 
326  /// Returns the SVal bound to the statement 'S' in the state's environment.
327  SVal getSVal(const Stmt *S, const LocationContext *LCtx) const;
328 
329  SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const;
330 
331  /// Return the value bound to the specified location.
332  /// Returns UnknownVal() if none found.
333  SVal getSVal(Loc LV, QualType T = QualType()) const;
334 
335  /// Returns the "raw" SVal bound to LV before any value simplfication.
336  SVal getRawSVal(Loc LV, QualType T= QualType()) const;
337 
338  /// Return the value bound to the specified location.
339  /// Returns UnknownVal() if none found.
340  SVal getSVal(const MemRegion* R, QualType T = QualType()) const;
341 
342  /// Return the value bound to the specified location, assuming
343  /// that the value is a scalar integer or an enumeration or a pointer.
344  /// Returns UnknownVal() if none found or the region is not known to hold
345  /// a value of such type.
346  SVal getSValAsScalarOrLoc(const MemRegion *R) const;
347 
348  using region_iterator = const MemRegion **;
349 
350  /// Visits the symbols reachable from the given SVal using the provided
351  /// SymbolVisitor.
352  ///
353  /// This is a convenience API. Consider using ScanReachableSymbols class
354  /// directly when making multiple scans on the same state with the same
355  /// visitor to avoid repeated initialization cost.
356  /// \sa ScanReachableSymbols
357  bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const;
358 
359  /// Visits the symbols reachable from the regions in the given
360  /// MemRegions range using the provided SymbolVisitor.
361  bool scanReachableSymbols(llvm::iterator_range<region_iterator> Reachable,
362  SymbolVisitor &visitor) const;
363 
364  template <typename CB> CB scanReachableSymbols(SVal val) const;
365  template <typename CB> CB
366  scanReachableSymbols(llvm::iterator_range<region_iterator> Reachable) const;
367 
368  //==---------------------------------------------------------------------==//
369  // Accessing the Generic Data Map (GDM).
370  //==---------------------------------------------------------------------==//
371 
372  void *const* FindGDM(void *K) const;
373 
374  template <typename T>
375  LLVM_NODISCARD ProgramStateRef
376  add(typename ProgramStateTrait<T>::key_type K) const;
377 
378  template <typename T>
379  typename ProgramStateTrait<T>::data_type
380  get() const {
381  return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex()));
382  }
383 
384  template<typename T>
385  typename ProgramStateTrait<T>::lookup_type
386  get(typename ProgramStateTrait<T>::key_type key) const {
387  void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());
388  return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key);
389  }
390 
391  template <typename T>
392  typename ProgramStateTrait<T>::context_type get_context() const;
393 
394  template <typename T>
395  LLVM_NODISCARD ProgramStateRef
396  remove(typename ProgramStateTrait<T>::key_type K) const;
397 
398  template <typename T>
399  LLVM_NODISCARD ProgramStateRef
400  remove(typename ProgramStateTrait<T>::key_type K,
401  typename ProgramStateTrait<T>::context_type C) const;
402 
403  template <typename T> LLVM_NODISCARD ProgramStateRef remove() const;
404 
405  template <typename T>
406  LLVM_NODISCARD ProgramStateRef
407  set(typename ProgramStateTrait<T>::data_type D) const;
408 
409  template <typename T>
410  LLVM_NODISCARD ProgramStateRef
411  set(typename ProgramStateTrait<T>::key_type K,
412  typename ProgramStateTrait<T>::value_type E) const;
413 
414  template <typename T>
415  LLVM_NODISCARD ProgramStateRef
416  set(typename ProgramStateTrait<T>::key_type K,
417  typename ProgramStateTrait<T>::value_type E,
418  typename ProgramStateTrait<T>::context_type C) const;
419 
420  template<typename T>
421  bool contains(typename ProgramStateTrait<T>::key_type key) const {
422  void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());
423  return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key);
424  }
425 
426  // Pretty-printing.
427  void printJson(raw_ostream &Out, const LocationContext *LCtx = nullptr,
428  const char *NL = "\n", unsigned int Space = 0,
429  bool IsDot = false) const;
430 
431  void printDOT(raw_ostream &Out, const LocationContext *LCtx = nullptr,
432  unsigned int Space = 0) const;
433 
434  void dump() const;
435 
436 private:
437  friend void ProgramStateRetain(const ProgramState *state);
438  friend void ProgramStateRelease(const ProgramState *state);
439 
440  /// \sa invalidateValues()
441  /// \sa invalidateRegions()
442  ProgramStateRef
443  invalidateRegionsImpl(ArrayRef<SVal> Values,
444  const Expr *E, unsigned BlockCount,
445  const LocationContext *LCtx,
446  bool ResultsInSymbolEscape,
447  InvalidatedSymbols *IS,
448  RegionAndSymbolInvalidationTraits *HTraits,
449  const CallEvent *Call) const;
450 };
451 
452 //===----------------------------------------------------------------------===//
453 // ProgramStateManager - Factory object for ProgramStates.
454 //===----------------------------------------------------------------------===//
455 
456 class ProgramStateManager {
457  friend class ProgramState;
458  friend void ProgramStateRelease(const ProgramState *state);
459 private:
460  /// Eng - The SubEngine that owns this state manager.
461  SubEngine *Eng; /* Can be null. */
462 
463  EnvironmentManager EnvMgr;
464  std::unique_ptr<StoreManager> StoreMgr;
465  std::unique_ptr<ConstraintManager> ConstraintMgr;
466 
467  ProgramState::GenericDataMap::Factory GDMFactory;
468 
469  typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy;
470  GDMContextsTy GDMContexts;
471 
472  /// StateSet - FoldingSet containing all the states created for analyzing
473  /// a particular function. This is used to unique states.
474  llvm::FoldingSet<ProgramState> StateSet;
475 
476  /// Object that manages the data for all created SVals.
477  std::unique_ptr<SValBuilder> svalBuilder;
478 
479  /// Manages memory for created CallEvents.
480  std::unique_ptr<CallEventManager> CallEventMgr;
481 
482  /// A BumpPtrAllocator to allocate states.
483  llvm::BumpPtrAllocator &Alloc;
484 
485  /// A vector of ProgramStates that we can reuse.
486  std::vector<ProgramState *> freeStates;
487 
488 public:
489  ProgramStateManager(ASTContext &Ctx,
490  StoreManagerCreator CreateStoreManager,
491  ConstraintManagerCreator CreateConstraintManager,
492  llvm::BumpPtrAllocator& alloc,
493  SubEngine *subeng);
494 
495  ~ProgramStateManager();
496 
497  ProgramStateRef getInitialState(const LocationContext *InitLoc);
498 
499  ASTContext &getContext() { return svalBuilder->getContext(); }
500  const ASTContext &getContext() const { return svalBuilder->getContext(); }
501 
502  BasicValueFactory &getBasicVals() {
503  return svalBuilder->getBasicValueFactory();
504  }
505 
506  SValBuilder &getSValBuilder() {
507  return *svalBuilder;
508  }
509 
510  const SValBuilder &getSValBuilder() const {
511  return *svalBuilder;
512  }
513 
514  SymbolManager &getSymbolManager() {
515  return svalBuilder->getSymbolManager();
516  }
517  const SymbolManager &getSymbolManager() const {
518  return svalBuilder->getSymbolManager();
519  }
520 
521  llvm::BumpPtrAllocator& getAllocator() { return Alloc; }
522 
523  MemRegionManager& getRegionManager() {
524  return svalBuilder->getRegionManager();
525  }
526  const MemRegionManager &getRegionManager() const {
527  return svalBuilder->getRegionManager();
528  }
529 
530  CallEventManager &getCallEventManager() { return *CallEventMgr; }
531 
532  StoreManager &getStoreManager() { return *StoreMgr; }
533  ConstraintManager &getConstraintManager() { return *ConstraintMgr; }
534  SubEngine &getOwningEngine() { return *Eng; }
535 
536  ProgramStateRef removeDeadBindings(ProgramStateRef St,
537  const StackFrameContext *LCtx,
538  SymbolReaper& SymReaper);
539 
540 public:
541 
542  SVal ArrayToPointer(Loc Array, QualType ElementTy) {
543  return StoreMgr->ArrayToPointer(Array, ElementTy);
544  }
545 
546  // Methods that manipulate the GDM.
547  ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data);
548  ProgramStateRef removeGDM(ProgramStateRef state, void *Key);
549 
550  // Methods that query & manipulate the Store.
551 
552  void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) {
553  StoreMgr->iterBindings(state->getStore(), F);
554  }
555 
556  ProgramStateRef getPersistentState(ProgramState &Impl);
557  ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState,
558  ProgramStateRef GDMState);
559 
560  bool haveEqualConstraints(ProgramStateRef S1, ProgramStateRef S2) const {
561  return ConstraintMgr->haveEqualConstraints(S1, S2);
562  }
563 
564  bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) const {
565  return S1->Env == S2->Env;
566  }
567 
568  bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) const {
569  return S1->store == S2->store;
570  }
571 
572  //==---------------------------------------------------------------------==//
573  // Generic Data Map methods.
574  //==---------------------------------------------------------------------==//
575  //
576  // ProgramStateManager and ProgramState support a "generic data map" that allows
577  // different clients of ProgramState objects to embed arbitrary data within a
578  // ProgramState object. The generic data map is essentially an immutable map
579  // from a "tag" (that acts as the "key" for a client) and opaque values.
580  // Tags/keys and values are simply void* values. The typical way that clients
581  // generate unique tags are by taking the address of a static variable.
582  // Clients are responsible for ensuring that data values referred to by a
583  // the data pointer are immutable (and thus are essentially purely functional
584  // data).
585  //
586  // The templated methods below use the ProgramStateTrait<T> class
587  // to resolve keys into the GDM and to return data values to clients.
588  //
589 
590  // Trait based GDM dispatch.
591  template <typename T>
592  ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) {
593  return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
594  ProgramStateTrait<T>::MakeVoidPtr(D));
595  }
596 
597  template<typename T>
598  ProgramStateRef set(ProgramStateRef st,
599  typename ProgramStateTrait<T>::key_type K,
600  typename ProgramStateTrait<T>::value_type V,
601  typename ProgramStateTrait<T>::context_type C) {
602 
603  return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
604  ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C)));
605  }
606 
607  template <typename T>
608  ProgramStateRef add(ProgramStateRef st,
609  typename ProgramStateTrait<T>::key_type K,
610  typename ProgramStateTrait<T>::context_type C) {
611  return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
612  ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C)));
613  }
614 
615  template <typename T>
616  ProgramStateRef remove(ProgramStateRef st,
617  typename ProgramStateTrait<T>::key_type K,
618  typename ProgramStateTrait<T>::context_type C) {
619 
620  return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
621  ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C)));
622  }
623 
624  template <typename T>
625  ProgramStateRef remove(ProgramStateRef st) {
626  return removeGDM(st, ProgramStateTrait<T>::GDMIndex());
627  }
628 
629  void *FindGDMContext(void *index,
630  void *(*CreateContext)(llvm::BumpPtrAllocator&),
631  void (*DeleteContext)(void*));
632 
633  template <typename T>
634  typename ProgramStateTrait<T>::context_type get_context() {
635  void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(),
636  ProgramStateTrait<T>::CreateContext,
637  ProgramStateTrait<T>::DeleteContext);
638 
639  return ProgramStateTrait<T>::MakeContext(p);
640  }
641 };
642 
643 
644 //===----------------------------------------------------------------------===//
645 // Out-of-line method definitions for ProgramState.
646 //===----------------------------------------------------------------------===//
647 
648 inline ConstraintManager &ProgramState::getConstraintManager() const {
649  return stateMgr->getConstraintManager();
650 }
651 
652 inline const VarRegion* ProgramState::getRegion(const VarDecl *D,
653  const LocationContext *LC) const
654 {
655  return getStateManager().getRegionManager().getVarRegion(D, LC);
656 }
657 
658 inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond,
659  bool Assumption) const {
660  if (Cond.isUnknown())
661  return this;
662 
663  return getStateManager().ConstraintMgr
664  ->assume(this, Cond.castAs<DefinedSVal>(), Assumption);
665 }
666 
667 inline std::pair<ProgramStateRef , ProgramStateRef >
668 ProgramState::assume(DefinedOrUnknownSVal Cond) const {
669  if (Cond.isUnknown())
670  return std::make_pair(this, this);
671 
672  return getStateManager().ConstraintMgr
673  ->assumeDual(this, Cond.castAs<DefinedSVal>());
674 }
675 
676 inline ProgramStateRef ProgramState::assumeInclusiveRange(
677  DefinedOrUnknownSVal Val, const llvm::APSInt &From, const llvm::APSInt &To,
678  bool Assumption) const {
679  if (Val.isUnknown())
680  return this;
681 
682  assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");
683 
684  return getStateManager().ConstraintMgr->assumeInclusiveRange(
685  this, Val.castAs<NonLoc>(), From, To, Assumption);
686 }
687 
688 inline std::pair<ProgramStateRef, ProgramStateRef>
689 ProgramState::assumeInclusiveRange(DefinedOrUnknownSVal Val,
690  const llvm::APSInt &From,
691  const llvm::APSInt &To) const {
692  if (Val.isUnknown())
693  return std::make_pair(this, this);
694 
695  assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");
696 
697  return getStateManager().ConstraintMgr->assumeInclusiveRangeDual(
698  this, Val.castAs<NonLoc>(), From, To);
699 }
700 
701 inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V, const LocationContext *LCtx) const {
702  if (Optional<Loc> L = LV.getAs<Loc>())
703  return bindLoc(*L, V, LCtx);
704  return this;
705 }
706 
707 inline Loc ProgramState::getLValue(const CXXBaseSpecifier &BaseSpec,
708  const SubRegion *Super) const {
709  const auto *Base = BaseSpec.getType()->getAsCXXRecordDecl();
710  return loc::MemRegionVal(
711  getStateManager().getRegionManager().getCXXBaseObjectRegion(
712  Base, Super, BaseSpec.isVirtual()));
713 }
714 
715 inline Loc ProgramState::getLValue(const CXXRecordDecl *BaseClass,
716  const SubRegion *Super,
717  bool IsVirtual) const {
718  return loc::MemRegionVal(
719  getStateManager().getRegionManager().getCXXBaseObjectRegion(
720  BaseClass, Super, IsVirtual));
721 }
722 
723 inline Loc ProgramState::getLValue(const VarDecl *VD,
724  const LocationContext *LC) const {
725  return getStateManager().StoreMgr->getLValueVar(VD, LC);
726 }
727 
728 inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal,
729  const LocationContext *LC) const {
730  return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC);
731 }
732 
733 inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const {
734  return getStateManager().StoreMgr->getLValueIvar(D, Base);
735 }
736 
737 inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const {
738  return getStateManager().StoreMgr->getLValueField(D, Base);
739 }
740 
741 inline SVal ProgramState::getLValue(const IndirectFieldDecl *D,
742  SVal Base) const {
743  StoreManager &SM = *getStateManager().StoreMgr;
744  for (const auto *I : D->chain()) {
745  Base = SM.getLValueField(cast<FieldDecl>(I), Base);
746  }
747 
748  return Base;
749 }
750 
751 inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{
752  if (Optional<NonLoc> N = Idx.getAs<NonLoc>())
753  return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base);
754  return UnknownVal();
755 }
756 
757 inline SVal ProgramState::getSVal(const Stmt *Ex,
758  const LocationContext *LCtx) const{
759  return Env.getSVal(EnvironmentEntry(Ex, LCtx),
760  *getStateManager().svalBuilder);
761 }
762 
763 inline SVal
764 ProgramState::getSValAsScalarOrLoc(const Stmt *S,
765  const LocationContext *LCtx) const {
766  if (const Expr *Ex = dyn_cast<Expr>(S)) {
767  QualType T = Ex->getType();
768  if (Ex->isGLValue() || Loc::isLocType(T) ||
769  T->isIntegralOrEnumerationType())
770  return getSVal(S, LCtx);
771  }
772 
773  return UnknownVal();
774 }
775 
776 inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const {
777  return getStateManager().StoreMgr->getBinding(getStore(), LV, T);
778 }
779 
780 inline SVal ProgramState::getSVal(const MemRegion* R, QualType T) const {
781  return getStateManager().StoreMgr->getBinding(getStore(),
782  loc::MemRegionVal(R),
783  T);
784 }
785 
786 inline BasicValueFactory &ProgramState::getBasicVals() const {
787  return getStateManager().getBasicVals();
788 }
789 
790 inline SymbolManager &ProgramState::getSymbolManager() const {
791  return getStateManager().getSymbolManager();
792 }
793 
794 template<typename T>
795 ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const {
796  return getStateManager().add<T>(this, K, get_context<T>());
797 }
798 
799 template <typename T>
800 typename ProgramStateTrait<T>::context_type ProgramState::get_context() const {
801  return getStateManager().get_context<T>();
802 }
803 
804 template<typename T>
805 ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const {
806  return getStateManager().remove<T>(this, K, get_context<T>());
807 }
808 
809 template<typename T>
810 ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K,
811  typename ProgramStateTrait<T>::context_type C) const {
812  return getStateManager().remove<T>(this, K, C);
813 }
814 
815 template <typename T>
816 ProgramStateRef ProgramState::remove() const {
817  return getStateManager().remove<T>(this);
818 }
819 
820 template<typename T>
821 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const {
822  return getStateManager().set<T>(this, D);
823 }
824 
825 template<typename T>
826 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,
827  typename ProgramStateTrait<T>::value_type E) const {
828  return getStateManager().set<T>(this, K, E, get_context<T>());
829 }
830 
831 template<typename T>
832 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,
833  typename ProgramStateTrait<T>::value_type E,
834  typename ProgramStateTrait<T>::context_type C) const {
835  return getStateManager().set<T>(this, K, E, C);
836 }
837 
838 template <typename CB>
839 CB ProgramState::scanReachableSymbols(SVal val) const {
840  CB cb(this);
841  scanReachableSymbols(val, cb);
842  return cb;
843 }
844 
845 template <typename CB>
846 CB ProgramState::scanReachableSymbols(
847  llvm::iterator_range<region_iterator> Reachable) const {
848  CB cb(this);
849  scanReachableSymbols(Reachable, cb);
850  return cb;
851 }
852 
853 /// \class ScanReachableSymbols
854 /// A utility class that visits the reachable symbols using a custom
855 /// SymbolVisitor. Terminates recursive traversal when the visitor function
856 /// returns false.
857 class ScanReachableSymbols {
858  typedef llvm::DenseSet<const void*> VisitedItems;
859 
860  VisitedItems visited;
861  ProgramStateRef state;
862  SymbolVisitor &visitor;
863 public:
864  ScanReachableSymbols(ProgramStateRef st, SymbolVisitor &v)
865  : state(std::move(st)), visitor(v) {}
866 
867  bool scan(nonloc::LazyCompoundVal val);
868  bool scan(nonloc::CompoundVal val);
869  bool scan(SVal val);
870  bool scan(const MemRegion *R);
871  bool scan(const SymExpr *sym);
872 };
873 
874 } // end ento namespace
875 
876 } // end clang namespace
877 
878 #endif
clang::ento::ProgramState::getEnvironment
const Environment & getEnvironment() const
getEnvironment - Return the environment associated with this state.
Definition: ProgramState.h:121
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:643
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:94
llvm
Specialize PointerLikeTypeTraits to allow LazyGenerationalUpdatePtr to be placed into a PointerUnion...
Definition: Dominators.h:30
clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:66
clang::ento::RegionAndSymbolInvalidationTraits
Information about invalidation for a particular region/symbol.
Definition: MemRegion.h:1445
clang::ento::ProgramStateManager::getBasicVals
BasicValueFactory & getBasicVals()
Definition: ProgramState.h:502
clang::ento::ProgramState::contains
bool contains(typename ProgramStateTrait< T >::key_type key) const
Definition: ProgramState.h:421
clang::CallEventManager
Manages the lifetime of CallEvent objects.
Definition: CallEvent.h:1148
clang::ento::ProgramState::IntSetTy
llvm::ImmutableSet< llvm::APSInt * > IntSetTy
Definition: ProgramState.h:74
clang::CXXBaseSpecifier::isVirtual
bool isVirtual() const
Determines whether the base class is a virtual base class (or not).
Definition: DeclCXX.h:200
P
StringRef P
Definition: ASTMatchersInternal.cpp:438
clang::ento::ScanReachableSymbols
A utility class that visits the reachable symbols using a custom SymbolVisitor.
Definition: ProgramState.h:857
clang::VarDecl
Represents a variable declaration or definition.
Definition: Decl.h:827
clang::CompoundLiteralExpr
CompoundLiteralExpr - [C99 6.5.2.5].
Definition: Expr.h:3052
clang::ento::Store
const void * Store
Store - This opaque type encapsulates an immutable mapping from locations to values.
Definition: StoreRef.h:27
llvm::printDOT
llvm::DOTGraphTraits< ExplodedGraph * > DefaultDOTGraphTraits const ExplodedNode const ExplodedNode *Out<< "\l";Indent(Out, Space, IsDot)<< "],\l";State-> printDOT(Out, N->getLocationContext(), Space)
clang::ento::ProgramState::getStore
Store getStore() const
Return the store associated with this state.
Definition: ProgramState.h:125
clang::ento::ProgramStateManager::getSymbolManager
const SymbolManager & getSymbolManager() const
Definition: ProgramState.h:517
clang::ento::SymExpr
Symbolic value.
Definition: SymExpr.h:29
clang::ento::ProgramStateManager::haveEqualEnvironments
bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) const
Definition: ProgramState.h:564
clang::ento::ProgramStateManager::add
ProgramStateRef add(ProgramStateRef st, typename ProgramStateTrait< T >::key_type K, typename ProgramStateTrait< T >::context_type C)
Definition: ProgramState.h:608
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:160
ProgramState_Fwd.h
clang::FieldDecl
Represents a member of a struct/union/class.
Definition: Decl.h:2643
clang::ento::ProgramStateManager::haveEqualStores
bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) const
Definition: ProgramState.h:568
std
Definition: Format.h:2392
clang::ento::StoreManagerCreator
std::unique_ptr< StoreManager >(* StoreManagerCreator)(ProgramStateManager &)
Definition: ProgramState.h:43
clang::ento::ProgramStateManager::getRegionManager
MemRegionManager & getRegionManager()
Definition: ProgramState.h:523
clang::CodeGen::state
i32 captured_struct **param SharedsTy A type which contains references the shared variables *param Shareds Context with the list of shared variables from the p *TaskFunction *param Data Additional data for task generation like final * state
Definition: CGOpenMPRuntime.h:789
clang::Type::isIntegralOrEnumerationType
bool isIntegralOrEnumerationType() const
Determine whether this type is an integral or enumeration type.
Definition: Type.h:6754
clang::ento::ProgramState::getStateManager
ProgramStateManager & getStateManager() const
Return the ProgramStateManager associated with this state.
Definition: ProgramState.h:110
clang::ento::ProgramState::getGDM
GenericDataMap getGDM() const
getGDM - Return the generic data map associated with this state.
Definition: ProgramState.h:129
dump
static void dump(llvm::raw_ostream &OS, StringRef FunctionName, ArrayRef< CounterExpression > Expressions, ArrayRef< CounterMappingRegion > Regions)
Definition: CoverageMappingGen.cpp:1283
LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified...
clang::IndirectFieldDecl::chain
ArrayRef< NamedDecl * > chain() const
Definition: Decl.h:2916
clang::ento::SVal::isUnknown
bool isUnknown() const
Definition: SVals.h:136
clang::ento::StoreManager::getLValueField
virtual SVal getLValueField(const FieldDecl *D, SVal Base)
Definition: Store.h:145
clang::Type::getAsCXXRecordDecl
CXXRecordDecl * getAsCXXRecordDecl() const
Retrieves the CXXRecordDecl that this type refers to, either because the type is a RecordType or beca...
Definition: Type.cpp:1692
clang::ento::ConstraintManagerCreator
std::unique_ptr< ConstraintManager >(* ConstraintManagerCreator)(ProgramStateManager &, SubEngine *)
Definition: ProgramState.h:41
clang::ento::ProgramState::GenericDataMap
llvm::ImmutableMap< void *, void * > GenericDataMap
Definition: ProgramState.h:75
clang::ento::ProgramState::Profile
void Profile(llvm::FoldingSetNodeID &ID) const
Profile - Used to profile the contents of this object for inclusion in a FoldingSet.
Definition: ProgramState.h:144
clang::ento::ProgramState
ProgramState - This class encapsulates:
Definition: ProgramState.h:72
clang::Expr
This represents one expression.
Definition: Expr.h:108
V
#define V(N, I)
Definition: ASTContext.h:2921
clang::ast_matchers::decl
const internal::VariadicAllOfMatcher< Decl > decl
Matches declarations.
Definition: ASTMatchersInternal.cpp:560
clang::transformer::remove
ASTEdit remove(RangeSelector S)
Removes the source selected by S.
Definition: RewriteRule.h:218
v
do v
Definition: arm_acle.h:64
SM
const SourceManager & SM
Definition: Format.cpp:1667
clang::ento::SVal::getAs
Optional< T > getAs() const
Convert to the specified SVal type, returning None if this SVal is not of the desired type...
Definition: SVals.h:111
clang::ento::ProgramStateManager::getAllocator
llvm::BumpPtrAllocator & getAllocator()
Definition: ProgramState.h:521
clang::ento::Environment::Profile
static void Profile(llvm::FoldingSetNodeID &ID, const Environment *env)
Profile - Profile the contents of an Environment object for use in a FoldingSet.
Definition: Environment.h:80
APSInt
llvm::APSInt APSInt
Definition: ByteCodeEmitter.cpp:18
clang::ento::ProgramStateManager::getCallEventManager
CallEventManager & getCallEventManager()
Definition: ProgramState.h:530
clang::ento::EnvironmentEntry
An entry in the environment consists of a Stmt and an LocationContext.
Definition: Environment.h:35
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value...
Definition: SVals.h:75
clang::ento::ProgramStateManager::get_context
ProgramStateTrait< T >::context_type get_context()
Definition: ProgramState.h:634
clang::ento::SymbolReaper
A class responsible for cleaning up unused symbols.
Definition: SymbolManager.h:548
clang::ento::ScanReachableSymbols::ScanReachableSymbols
ScanReachableSymbols(ProgramStateRef st, SymbolVisitor &v)
Definition: ProgramState.h:864
clang::ento::ProgramStateTrait::MakeVoidPtr
static void * MakeVoidPtr(data_type D)
Definition: ProgramState.h:54
clang::ento::ProgramStateManager::getSymbolManager
SymbolManager & getSymbolManager()
Definition: ProgramState.h:514
clang::ento::Environment
An immutable map from EnvironemntEntries to SVals.
Definition: Environment.h:56
clang
Dataflow Directional Tag Classes.
Definition: CFGReachabilityAnalysis.h:21
clang::ento::ProgramStateManager::ArrayToPointer
SVal ArrayToPointer(Loc Array, QualType ElementTy)
Definition: ProgramState.h:542
clang::ento::ProgramStateRelease
void ProgramStateRelease(const ProgramState *state)
Decrement the number of times this state is referenced.
Definition: ProgramState.cpp:34
clang::ento::ProgramStateTrait::MakeData
static data_type MakeData(void *const *P)
Definition: ProgramState.h:55
clang::IndirectFieldDecl
Represents a field injected from an anonymous union/struct into the parent scope. ...
Definition: Decl.h:2894
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:138
clang::ento::ProgramStateManager::getConstraintManager
ConstraintManager & getConstraintManager()
Definition: ProgramState.h:533
clang::ento::SVal::castAs
T castAs() const
Convert to the specified SVal type, asserting that this SVal is of the desired type.
Definition: SVals.h:103
clang::ento::SubRegion
SubRegion - A region that subsets another larger region.
Definition: MemRegion.h:436
clang::ento::ProgramStateManager::haveEqualConstraints
bool haveEqualConstraints(ProgramStateRef S1, ProgramStateRef S2) const
Definition: ProgramState.h:560
clang::ento::ProgramStateRetain
void ProgramStateRetain(const ProgramState *state)
Increments the number of times this state is referenced.
Definition: ProgramState.cpp:29
clang::CXXBaseSpecifier
Represents a base class of a C++ class.
Definition: DeclCXX.h:147
clang::CXXRecordDecl
Represents a C++ struct/union/class.
Definition: DeclCXX.h:255
clang::ento::ProgramStateManager::getSValBuilder
const SValBuilder & getSValBuilder() const
Definition: ProgramState.h:510
clang::ento::ProgramStateManager::getRegionManager
const MemRegionManager & getRegionManager() const
Definition: ProgramState.h:526
clang::ObjCIvarDecl
ObjCIvarDecl - Represents an ObjC instance variable.
Definition: DeclObjC.h:1944
clang::ento::ProgramStateManager::getContext
const ASTContext & getContext() const
Definition: ProgramState.h:500
clang::ento::ProgramState::Profile
static void Profile(llvm::FoldingSetNodeID &ID, const ProgramState *V)
Profile - Profile the contents of a ProgramState object for use in a FoldingSet.
Definition: ProgramState.h:136
clang::ento::ProgramStateManager::iterBindings
void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler &F)
Definition: ProgramState.h:552
clang::ento::ProgramState::setGDM
void setGDM(GenericDataMap gdm)
Definition: ProgramState.h:131
clang::CXXBaseSpecifier::getType
QualType getType() const
Retrieves the type of the base class.
Definition: DeclCXX.h:246
Generated on Mon Nov 4 2019 00:54:48 for clang by   doxygen 1.8.13