clang  9.0.0svn
SValBuilder.cpp
Go to the documentation of this file.
1 //===- SValBuilder.cpp - Basic class for all SValBuilder implementations --===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines SValBuilder, the base class for all (complete) SValBuilder
10 // implementations.
11 //
12 //===----------------------------------------------------------------------===//
13 
14 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
15 #include "clang/AST/ASTContext.h"
16 #include "clang/AST/Decl.h"
17 #include "clang/AST/DeclCXX.h"
18 #include "clang/AST/ExprCXX.h"
19 #include "clang/AST/ExprObjC.h"
20 #include "clang/AST/Stmt.h"
21 #include "clang/AST/Type.h"
22 #include "clang/Basic/LLVM.h"
23 #include "clang/Analysis/AnalysisDeclContext.h"
24 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
25 #include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h"
26 #include "clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h"
27 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
28 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
29 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
30 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
31 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
32 #include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h"
33 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
34 #include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
35 #include "llvm/ADT/APSInt.h"
36 #include "llvm/ADT/None.h"
37 #include "llvm/ADT/Optional.h"
38 #include "llvm/Support/Casting.h"
39 #include "llvm/Support/Compiler.h"
40 #include <cassert>
41 #include <tuple>
42 
43 using namespace clang;
44 using namespace ento;
45 
46 //===----------------------------------------------------------------------===//
47 // Basic SVal creation.
48 //===----------------------------------------------------------------------===//
49 
50 void SValBuilder::anchor() {}
51 
52 DefinedOrUnknownSVal SValBuilder::makeZeroVal(QualType type) {
53  if (Loc::isLocType(type))
54  return makeNull();
55 
56  if (type->isIntegralOrEnumerationType())
57  return makeIntVal(0, type);
58 
59  if (type->isArrayType() || type->isRecordType() || type->isVectorType() ||
60  type->isAnyComplexType())
61  return makeCompoundVal(type, BasicVals.getEmptySValList());
62 
63  // FIXME: Handle floats.
64  return UnknownVal();
65 }
66 
67 NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
68  const llvm::APSInt& rhs, QualType type) {
69  // The Environment ensures we always get a persistent APSInt in
70  // BasicValueFactory, so we don't need to get the APSInt from
71  // BasicValueFactory again.
72  assert(lhs);
73  assert(!Loc::isLocType(type));
74  return nonloc::SymbolVal(SymMgr.getSymIntExpr(lhs, op, rhs, type));
75 }
76 
77 NonLoc SValBuilder::makeNonLoc(const llvm::APSInt& lhs,
78  BinaryOperator::Opcode op, const SymExpr *rhs,
79  QualType type) {
80  assert(rhs);
81  assert(!Loc::isLocType(type));
82  return nonloc::SymbolVal(SymMgr.getIntSymExpr(lhs, op, rhs, type));
83 }
84 
85 NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
86  const SymExpr *rhs, QualType type) {
87  assert(lhs && rhs);
88  assert(!Loc::isLocType(type));
89  return nonloc::SymbolVal(SymMgr.getSymSymExpr(lhs, op, rhs, type));
90 }
91 
92 NonLoc SValBuilder::makeNonLoc(const SymExpr *operand,
93  QualType fromTy, QualType toTy) {
94  assert(operand);
95  assert(!Loc::isLocType(toTy));
96  return nonloc::SymbolVal(SymMgr.getCastSymbol(operand, fromTy, toTy));
97 }
98 
99 SVal SValBuilder::convertToArrayIndex(SVal val) {
100  if (val.isUnknownOrUndef())
101  return val;
102 
103  // Common case: we have an appropriately sized integer.
104  if (Optional<nonloc::ConcreteInt> CI = val.getAs<nonloc::ConcreteInt>()) {
105  const llvm::APSInt& I = CI->getValue();
106  if (I.getBitWidth() == ArrayIndexWidth && I.isSigned())
107  return val;
108  }
109 
110  return evalCastFromNonLoc(val.castAs<NonLoc>(), ArrayIndexTy);
111 }
112 
113 nonloc::ConcreteInt SValBuilder::makeBoolVal(const CXXBoolLiteralExpr *boolean){
114  return makeTruthVal(boolean->getValue());
115 }
116 
117 DefinedOrUnknownSVal
118 SValBuilder::getRegionValueSymbolVal(const TypedValueRegion *region) {
119  QualType T = region->getValueType();
120 
121  if (T->isNullPtrType())
122  return makeZeroVal(T);
123 
124  if (!SymbolManager::canSymbolicate(T))
125  return UnknownVal();
126 
127  SymbolRef sym = SymMgr.getRegionValueSymbol(region);
128 
129  if (Loc::isLocType(T))
130  return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));
131 
132  return nonloc::SymbolVal(sym);
133 }
134 
135 DefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const void *SymbolTag,
136  const Expr *Ex,
137  const LocationContext *LCtx,
138  unsigned Count) {
139  QualType T = Ex->getType();
140 
141  if (T->isNullPtrType())
142  return makeZeroVal(T);
143 
144  // Compute the type of the result. If the expression is not an R-value, the
145  // result should be a location.
146  QualType ExType = Ex->getType();
147  if (Ex->isGLValue())
148  T = LCtx->getAnalysisDeclContext()->getASTContext().getPointerType(ExType);
149 
150  return conjureSymbolVal(SymbolTag, Ex, LCtx, T, Count);
151 }
152 
153 DefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const void *symbolTag,
154  const Expr *expr,
155  const LocationContext *LCtx,
156  QualType type,
157  unsigned count) {
158  if (type->isNullPtrType())
159  return makeZeroVal(type);
160 
161  if (!SymbolManager::canSymbolicate(type))
162  return UnknownVal();
163 
164  SymbolRef sym = SymMgr.conjureSymbol(expr, LCtx, type, count, symbolTag);
165 
166  if (Loc::isLocType(type))
167  return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));
168 
169  return nonloc::SymbolVal(sym);
170 }
171 
172 DefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const Stmt *stmt,
173  const LocationContext *LCtx,
174  QualType type,
175  unsigned visitCount) {
176  if (type->isNullPtrType())
177  return makeZeroVal(type);
178 
179  if (!SymbolManager::canSymbolicate(type))
180  return UnknownVal();
181 
182  SymbolRef sym = SymMgr.conjureSymbol(stmt, LCtx, type, visitCount);
183 
184  if (Loc::isLocType(type))
185  return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));
186 
187  return nonloc::SymbolVal(sym);
188 }
189 
190 DefinedOrUnknownSVal
191 SValBuilder::getConjuredHeapSymbolVal(const Expr *E,
192  const LocationContext *LCtx,
193  unsigned VisitCount) {
194  QualType T = E->getType();
195  assert(Loc::isLocType(T));
196  assert(SymbolManager::canSymbolicate(T));
197  if (T->isNullPtrType())
198  return makeZeroVal(T);
199 
200  SymbolRef sym = SymMgr.conjureSymbol(E, LCtx, T, VisitCount);
201  return loc::MemRegionVal(MemMgr.getSymbolicHeapRegion(sym));
202 }
203 
204 DefinedSVal SValBuilder::getMetadataSymbolVal(const void *symbolTag,
205  const MemRegion *region,
206  const Expr *expr, QualType type,
207  const LocationContext *LCtx,
208  unsigned count) {
209  assert(SymbolManager::canSymbolicate(type) && "Invalid metadata symbol type");
210 
211  SymbolRef sym =
212  SymMgr.getMetadataSymbol(region, expr, type, LCtx, count, symbolTag);
213 
214  if (Loc::isLocType(type))
215  return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));
216 
217  return nonloc::SymbolVal(sym);
218 }
219 
220 DefinedOrUnknownSVal
221 SValBuilder::getDerivedRegionValueSymbolVal(SymbolRef parentSymbol,
222  const TypedValueRegion *region) {
223  QualType T = region->getValueType();
224 
225  if (T->isNullPtrType())
226  return makeZeroVal(T);
227 
228  if (!SymbolManager::canSymbolicate(T))
229  return UnknownVal();
230 
231  SymbolRef sym = SymMgr.getDerivedSymbol(parentSymbol, region);
232 
233  if (Loc::isLocType(T))
234  return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));
235 
236  return nonloc::SymbolVal(sym);
237 }
238 
239 DefinedSVal SValBuilder::getMemberPointer(const DeclaratorDecl *DD) {
240  assert(!DD || isa<CXXMethodDecl>(DD) || isa<FieldDecl>(DD));
241 
242  if (const auto *MD = dyn_cast_or_null<CXXMethodDecl>(DD)) {
243  // Sema treats pointers to static member functions as have function pointer
244  // type, so return a function pointer for the method.
245  // We don't need to play a similar trick for static member fields
246  // because these are represented as plain VarDecls and not FieldDecls
247  // in the AST.
248  if (MD->isStatic())
249  return getFunctionPointer(MD);
250  }
251 
252  return nonloc::PointerToMember(DD);
253 }
254 
255 DefinedSVal SValBuilder::getFunctionPointer(const FunctionDecl *func) {
256  return loc::MemRegionVal(MemMgr.getFunctionCodeRegion(func));
257 }
258 
259 DefinedSVal SValBuilder::getBlockPointer(const BlockDecl *block,
260  CanQualType locTy,
261  const LocationContext *locContext,
262  unsigned blockCount) {
263  const BlockCodeRegion *BC =
264  MemMgr.getBlockCodeRegion(block, locTy, locContext->getAnalysisDeclContext());
265  const BlockDataRegion *BD = MemMgr.getBlockDataRegion(BC, locContext,
266  blockCount);
267  return loc::MemRegionVal(BD);
268 }
269 
270 /// Return a memory region for the 'this' object reference.
271 loc::MemRegionVal SValBuilder::getCXXThis(const CXXMethodDecl *D,
272  const StackFrameContext *SFC) {
273  return loc::MemRegionVal(
274  getRegionManager().getCXXThisRegion(D->getThisType(), SFC));
275 }
276 
277 /// Return a memory region for the 'this' object reference.
278 loc::MemRegionVal SValBuilder::getCXXThis(const CXXRecordDecl *D,
279  const StackFrameContext *SFC) {
280  const Type *T = D->getTypeForDecl();
281  QualType PT = getContext().getPointerType(QualType(T, 0));
282  return loc::MemRegionVal(getRegionManager().getCXXThisRegion(PT, SFC));
283 }
284 
285 Optional<SVal> SValBuilder::getConstantVal(const Expr *E) {
286  E = E->IgnoreParens();
287 
288  switch (E->getStmtClass()) {
289  // Handle expressions that we treat differently from the AST's constant
290  // evaluator.
291  case Stmt::AddrLabelExprClass:
292  return makeLoc(cast<AddrLabelExpr>(E));
293 
294  case Stmt::CXXScalarValueInitExprClass:
295  case Stmt::ImplicitValueInitExprClass:
296  return makeZeroVal(E->getType());
297 
298  case Stmt::ObjCStringLiteralClass: {
299  const auto *SL = cast<ObjCStringLiteral>(E);
300  return makeLoc(getRegionManager().getObjCStringRegion(SL));
301  }
302 
303  case Stmt::StringLiteralClass: {
304  const auto *SL = cast<StringLiteral>(E);
305  return makeLoc(getRegionManager().getStringRegion(SL));
306  }
307 
308  // Fast-path some expressions to avoid the overhead of going through the AST's
309  // constant evaluator
310  case Stmt::CharacterLiteralClass: {
311  const auto *C = cast<CharacterLiteral>(E);
312  return makeIntVal(C->getValue(), C->getType());
313  }
314 
315  case Stmt::CXXBoolLiteralExprClass:
316  return makeBoolVal(cast<CXXBoolLiteralExpr>(E));
317 
318  case Stmt::TypeTraitExprClass: {
319  const auto *TE = cast<TypeTraitExpr>(E);
320  return makeTruthVal(TE->getValue(), TE->getType());
321  }
322 
323  case Stmt::IntegerLiteralClass:
324  return makeIntVal(cast<IntegerLiteral>(E));
325 
326  case Stmt::ObjCBoolLiteralExprClass:
327  return makeBoolVal(cast<ObjCBoolLiteralExpr>(E));
328 
329  case Stmt::CXXNullPtrLiteralExprClass:
330  return makeNull();
331 
332  case Stmt::CStyleCastExprClass:
333  case Stmt::CXXFunctionalCastExprClass:
334  case Stmt::CXXConstCastExprClass:
335  case Stmt::CXXReinterpretCastExprClass:
336  case Stmt::CXXStaticCastExprClass:
337  case Stmt::ImplicitCastExprClass: {
338  const auto *CE = cast<CastExpr>(E);
339  switch (CE->getCastKind()) {
340  default:
341  break;
342  case CK_ArrayToPointerDecay:
343  case CK_IntegralToPointer:
344  case CK_NoOp:
345  case CK_BitCast: {
346  const Expr *SE = CE->getSubExpr();
347  Optional<SVal> Val = getConstantVal(SE);
348  if (!Val)
349  return None;
350  return evalCast(*Val, CE->getType(), SE->getType());
351  }
352  }
353  // FALLTHROUGH
354  LLVM_FALLTHROUGH;
355  }
356 
357  // If we don't have a special case, fall back to the AST's constant evaluator.
358  default: {
359  // Don't try to come up with a value for materialized temporaries.
360  if (E->isGLValue())
361  return None;
362 
363  ASTContext &Ctx = getContext();
364  Expr::EvalResult Result;
365  if (E->EvaluateAsInt(Result, Ctx))
366  return makeIntVal(Result.Val.getInt());
367 
368  if (Loc::isLocType(E->getType()))
369  if (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull))
370  return makeNull();
371 
372  return None;
373  }
374  }
375 }
376 
377 SVal SValBuilder::makeSymExprValNN(BinaryOperator::Opcode Op,
378  NonLoc LHS, NonLoc RHS,
379  QualType ResultTy) {
380  const SymExpr *symLHS = LHS.getAsSymExpr();
381  const SymExpr *symRHS = RHS.getAsSymExpr();
382 
383  // TODO: When the Max Complexity is reached, we should conjure a symbol
384  // instead of generating an Unknown value and propagate the taint info to it.
385  const unsigned MaxComp = StateMgr.getOwningEngine()
386  .getAnalysisManager()
387  .options.MaxSymbolComplexity;
388 
389  if (symLHS && symRHS &&
390  (symLHS->computeComplexity() + symRHS->computeComplexity()) < MaxComp)
391  return makeNonLoc(symLHS, Op, symRHS, ResultTy);
392 
393  if (symLHS && symLHS->computeComplexity() < MaxComp)
394  if (Optional<nonloc::ConcreteInt> rInt = RHS.getAs<nonloc::ConcreteInt>())
395  return makeNonLoc(symLHS, Op, rInt->getValue(), ResultTy);
396 
397  if (symRHS && symRHS->computeComplexity() < MaxComp)
398  if (Optional<nonloc::ConcreteInt> lInt = LHS.getAs<nonloc::ConcreteInt>())
399  return makeNonLoc(lInt->getValue(), Op, symRHS, ResultTy);
400 
401  return UnknownVal();
402 }
403 
404 SVal SValBuilder::evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op,
405  SVal lhs, SVal rhs, QualType type) {
406  if (lhs.isUndef() || rhs.isUndef())
407  return UndefinedVal();
408 
409  if (lhs.isUnknown() || rhs.isUnknown())
410  return UnknownVal();
411 
412  if (lhs.getAs<nonloc::LazyCompoundVal>() ||
413  rhs.getAs<nonloc::LazyCompoundVal>()) {
414  return UnknownVal();
415  }
416 
417  if (Optional<Loc> LV = lhs.getAs<Loc>()) {
418  if (Optional<Loc> RV = rhs.getAs<Loc>())
419  return evalBinOpLL(state, op, *LV, *RV, type);
420 
421  return evalBinOpLN(state, op, *LV, rhs.castAs<NonLoc>(), type);
422  }
423 
424  if (Optional<Loc> RV = rhs.getAs<Loc>()) {
425  // Support pointer arithmetic where the addend is on the left
426  // and the pointer on the right.
427  assert(op == BO_Add);
428 
429  // Commute the operands.
430  return evalBinOpLN(state, op, *RV, lhs.castAs<NonLoc>(), type);
431  }
432 
433  return evalBinOpNN(state, op, lhs.castAs<NonLoc>(), rhs.castAs<NonLoc>(),
434  type);
435 }
436 
437 ConditionTruthVal SValBuilder::areEqual(ProgramStateRef state, SVal lhs,
438  SVal rhs) {
439  return state->isNonNull(evalEQ(state, lhs, rhs));
440 }
441 
442 SVal SValBuilder::evalEQ(ProgramStateRef state, SVal lhs, SVal rhs) {
443  return evalBinOp(state, BO_EQ, lhs, rhs, getConditionType());
444 }
445 
446 DefinedOrUnknownSVal SValBuilder::evalEQ(ProgramStateRef state,
447  DefinedOrUnknownSVal lhs,
448  DefinedOrUnknownSVal rhs) {
449  return evalEQ(state, static_cast<SVal>(lhs), static_cast<SVal>(rhs))
450  .castAs<DefinedOrUnknownSVal>();
451 }
452 
453 /// Recursively check if the pointer types are equal modulo const, volatile,
454 /// and restrict qualifiers. Also, assume that all types are similar to 'void'.
455 /// Assumes the input types are canonical.
456 static bool shouldBeModeledWithNoOp(ASTContext &Context, QualType ToTy,
457  QualType FromTy) {
458  while (Context.UnwrapSimilarTypes(ToTy, FromTy)) {
459  Qualifiers Quals1, Quals2;
460  ToTy = Context.getUnqualifiedArrayType(ToTy, Quals1);
461  FromTy = Context.getUnqualifiedArrayType(FromTy, Quals2);
462 
463  // Make sure that non-cvr-qualifiers the other qualifiers (e.g., address
464  // spaces) are identical.
465  Quals1.removeCVRQualifiers();
466  Quals2.removeCVRQualifiers();
467  if (Quals1 != Quals2)
468  return false;
469  }
470 
471  // If we are casting to void, the 'From' value can be used to represent the
472  // 'To' value.
473  //
474  // FIXME: Doing this after unwrapping the types doesn't make any sense. A
475  // cast from 'int**' to 'void**' is not special in the way that a cast from
476  // 'int*' to 'void*' is.
477  if (ToTy->isVoidType())
478  return true;
479 
480  if (ToTy != FromTy)
481  return false;
482 
483  return true;
484 }
485 
486 // Handles casts of type CK_IntegralCast.
487 // At the moment, this function will redirect to evalCast, except when the range
488 // of the original value is known to be greater than the max of the target type.
489 SVal SValBuilder::evalIntegralCast(ProgramStateRef state, SVal val,
490  QualType castTy, QualType originalTy) {
491  // No truncations if target type is big enough.
492  if (getContext().getTypeSize(castTy) >= getContext().getTypeSize(originalTy))
493  return evalCast(val, castTy, originalTy);
494 
495  const SymExpr *se = val.getAsSymbolicExpression();
496  if (!se) // Let evalCast handle non symbolic expressions.
497  return evalCast(val, castTy, originalTy);
498 
499  // Find the maximum value of the target type.
500  APSIntType ToType(getContext().getTypeSize(castTy),
501  castTy->isUnsignedIntegerType());
502  llvm::APSInt ToTypeMax = ToType.getMaxValue();
503  NonLoc ToTypeMaxVal =
504  makeIntVal(ToTypeMax.isUnsigned() ? ToTypeMax.getZExtValue()
505  : ToTypeMax.getSExtValue(),
506  castTy)
507  .castAs<NonLoc>();
508  // Check the range of the symbol being casted against the maximum value of the
509  // target type.
510  NonLoc FromVal = val.castAs<NonLoc>();
511  QualType CmpTy = getConditionType();
512  NonLoc CompVal =
513  evalBinOpNN(state, BO_LE, FromVal, ToTypeMaxVal, CmpTy).castAs<NonLoc>();
514  ProgramStateRef IsNotTruncated, IsTruncated;
515  std::tie(IsNotTruncated, IsTruncated) = state->assume(CompVal);
516  if (!IsNotTruncated && IsTruncated) {
517  // Symbol is truncated so we evaluate it as a cast.
518  NonLoc CastVal = makeNonLoc(se, originalTy, castTy);
519  return CastVal;
520  }
521  return evalCast(val, castTy, originalTy);
522 }
523 
524 // FIXME: should rewrite according to the cast kind.
525 SVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) {
526  castTy = Context.getCanonicalType(castTy);
527  originalTy = Context.getCanonicalType(originalTy);
528  if (val.isUnknownOrUndef() || castTy == originalTy)
529  return val;
530 
531  if (castTy->isBooleanType()) {
532  if (val.isUnknownOrUndef())
533  return val;
534  if (val.isConstant())
535  return makeTruthVal(!val.isZeroConstant(), castTy);
536  if (!Loc::isLocType(originalTy) &&
537  !originalTy->isIntegralOrEnumerationType() &&
538  !originalTy->isMemberPointerType())
539  return UnknownVal();
540  if (SymbolRef Sym = val.getAsSymbol(true)) {
541  BasicValueFactory &BVF = getBasicValueFactory();
542  // FIXME: If we had a state here, we could see if the symbol is known to
543  // be zero, but we don't.
544  return makeNonLoc(Sym, BO_NE, BVF.getValue(0, Sym->getType()), castTy);
545  }
546  // Loc values are not always true, they could be weakly linked functions.
547  if (Optional<Loc> L = val.getAs<Loc>())
548  return evalCastFromLoc(*L, castTy);
549 
550  Loc L = val.castAs<nonloc::LocAsInteger>().getLoc();
551  return evalCastFromLoc(L, castTy);
552  }
553 
554  // For const casts, casts to void, just propagate the value.
555  if (!castTy->isVariableArrayType() && !originalTy->isVariableArrayType())
556  if (shouldBeModeledWithNoOp(Context, Context.getPointerType(castTy),
557  Context.getPointerType(originalTy)))
558  return val;
559 
560  // Check for casts from pointers to integers.
561  if (castTy->isIntegralOrEnumerationType() && Loc::isLocType(originalTy))
562  return evalCastFromLoc(val.castAs<Loc>(), castTy);
563 
564  // Check for casts from integers to pointers.
565  if (Loc::isLocType(castTy) && originalTy->isIntegralOrEnumerationType()) {
566  if (Optional<nonloc::LocAsInteger> LV = val.getAs<nonloc::LocAsInteger>()) {
567  if (const MemRegion *R = LV->getLoc().getAsRegion()) {
568  StoreManager &storeMgr = StateMgr.getStoreManager();
569  R = storeMgr.castRegion(R, castTy);
570  return R ? SVal(loc::MemRegionVal(R)) : UnknownVal();
571  }
572  return LV->getLoc();
573  }
574  return dispatchCast(val, castTy);
575  }
576 
577  // Just pass through function and block pointers.
578  if (originalTy->isBlockPointerType() || originalTy->isFunctionPointerType()) {
579  assert(Loc::isLocType(castTy));
580  return val;
581  }
582 
583  // Check for casts from array type to another type.
584  if (const auto *arrayT =
585  dyn_cast<ArrayType>(originalTy.getCanonicalType())) {
586  // We will always decay to a pointer.
587  QualType elemTy = arrayT->getElementType();
588  val = StateMgr.ArrayToPointer(val.castAs<Loc>(), elemTy);
589 
590  // Are we casting from an array to a pointer? If so just pass on
591  // the decayed value.
592  if (castTy->isPointerType() || castTy->isReferenceType())
593  return val;
594 
595  // Are we casting from an array to an integer? If so, cast the decayed
596  // pointer value to an integer.
597  assert(castTy->isIntegralOrEnumerationType());
598 
599  // FIXME: Keep these here for now in case we decide soon that we
600  // need the original decayed type.
601  // QualType elemTy = cast<ArrayType>(originalTy)->getElementType();
602  // QualType pointerTy = C.getPointerType(elemTy);
603  return evalCastFromLoc(val.castAs<Loc>(), castTy);
604  }
605 
606  // Check for casts from a region to a specific type.
607  if (const MemRegion *R = val.getAsRegion()) {
608  // Handle other casts of locations to integers.
609  if (castTy->isIntegralOrEnumerationType())
610  return evalCastFromLoc(loc::MemRegionVal(R), castTy);
611 
612  // FIXME: We should handle the case where we strip off view layers to get
613  // to a desugared type.
614  if (!Loc::isLocType(castTy)) {
615  // FIXME: There can be gross cases where one casts the result of a function
616  // (that returns a pointer) to some other value that happens to fit
617  // within that pointer value. We currently have no good way to
618  // model such operations. When this happens, the underlying operation
619  // is that the caller is reasoning about bits. Conceptually we are
620  // layering a "view" of a location on top of those bits. Perhaps
621  // we need to be more lazy about mutual possible views, even on an
622  // SVal? This may be necessary for bit-level reasoning as well.
623  return UnknownVal();
624  }
625 
626  // We get a symbolic function pointer for a dereference of a function
627  // pointer, but it is of function type. Example:
628 
629  // struct FPRec {
630  // void (*my_func)(int * x);
631  // };
632  //
633  // int bar(int x);
634  //
635  // int f1_a(struct FPRec* foo) {
636  // int x;
637  // (*foo->my_func)(&x);
638  // return bar(x)+1; // no-warning
639  // }
640 
641  assert(Loc::isLocType(originalTy) || originalTy->isFunctionType() ||
642  originalTy->isBlockPointerType() || castTy->isReferenceType());
643 
644  StoreManager &storeMgr = StateMgr.getStoreManager();
645 
646  // Delegate to store manager to get the result of casting a region to a
647  // different type. If the MemRegion* returned is NULL, this expression
648  // Evaluates to UnknownVal.
649  R = storeMgr.castRegion(R, castTy);
650  return R ? SVal(loc::MemRegionVal(R)) : UnknownVal();
651  }
652 
653  return dispatchCast(val, castTy);
654 }
ASTContext.h
Defines the clang::ASTContext interface.
clang::FunctionDecl
Represents a function declaration or definition.
Definition: Decl.h:1748
clang::ento::SymbolManager::conjureSymbol
const SymbolConjured * conjureSymbol(const Stmt *E, const LocationContext *LCtx, QualType T, unsigned VisitCount, const void *SymbolTag=nullptr)
clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition: MemRegion.h:529
clang::ento::SValBuilder::makeIntVal
nonloc::ConcreteInt makeIntVal(const IntegerLiteral *integer)
Definition: SValBuilder.h:278
clang::ento::SValBuilder::getBlockPointer
DefinedSVal getBlockPointer(const BlockDecl *block, CanQualType locTy, const LocationContext *locContext, unsigned blockCount)
Definition: SValBuilder.cpp:259
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:643
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:94
clang::Type::isBlockPointerType
bool isBlockPointerType() const
Definition: Type.h:6359
clang::Type::isArrayType
bool isArrayType() const
Definition: Type.h:6407
clang::Type::isMemberPointerType
bool isMemberPointerType() const
Definition: Type.h:6389
clang::ast_matchers::stmt
const internal::VariadicAllOfMatcher< Stmt > stmt
Matches statements.
Definition: ASTMatchersInternal.cpp:614
clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:66
clang::ento::SymbolManager::getIntSymExpr
const IntSymExpr * getIntSymExpr(const llvm::APSInt &lhs, BinaryOperator::Opcode op, const SymExpr *rhs, QualType t)
Definition: SymbolManager.cpp:287
Type.h
C Language Family Type Representation.
clang::CXXMethodDecl::getThisType
QualType getThisType() const
Returns the type of the this pointer.
Definition: DeclCXX.cpp:2253
clang::Type::isRecordType
bool isRecordType() const
Definition: Type.h:6431
clang::ento::BlockCodeRegion
BlockCodeRegion - A region that represents code texts of blocks (closures).
Definition: MemRegion.h:627
clang::TypeDecl::getTypeForDecl
const Type * getTypeForDecl() const
Definition: Decl.h:2924
clang::ento::TypedValueRegion::getValueType
virtual QualType getValueType() const =0
clang::ento::SValBuilder::StateMgr
ProgramStateManager & StateMgr
Definition: SValBuilder.h:67
clang::Type
The base class of the type hierarchy.
Definition: Type.h:1418
clang::ento::SymExpr::computeComplexity
virtual unsigned computeComplexity() const =0
clang::ento::SValBuilder::evalCast
SVal evalCast(SVal val, QualType castTy, QualType originalType)
Definition: SValBuilder.cpp:525
clang::ento::nonloc::ConcreteInt
Value representing integer constant.
Definition: SVals.h:379
clang::ento::SValBuilder::MemMgr
MemRegionManager MemMgr
Manages the creation of memory regions.
Definition: SValBuilder.h:65
clang::Type::isUnsignedIntegerType
bool isUnsignedIntegerType() const
Return true if this is an integer type that is unsigned, according to C99 6.2.5p6 [which returns true...
Definition: Type.cpp:1915
clang::AnalysisDeclContext::getASTContext
ASTContext & getASTContext() const
Definition: AnalysisDeclContext.h:103
clang::ast_matchers::expr
const internal::VariadicDynCastAllOfMatcher< Stmt, Expr > expr
Matches expressions.
Definition: ASTMatchersInternal.cpp:689
clang::ento::SValBuilder::dispatchCast
virtual SVal dispatchCast(SVal val, QualType castTy)=0
clang::ento::SValBuilder::getCXXThis
loc::MemRegionVal getCXXThis(const CXXMethodDecl *D, const StackFrameContext *SFC)
Return a memory region for the &#39;this&#39; object reference.
Definition: SValBuilder.cpp:271
clang::ento::SValBuilder::makeNonLoc
NonLoc makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op, const llvm::APSInt &rhs, QualType type)
Definition: SValBuilder.cpp:67
clang::ento::SValBuilder::BasicVals
BasicValueFactory BasicVals
Manager of APSInt values.
Definition: SValBuilder.h:59
ExprCXX.h
Defines the clang::Expr interface and subclasses for C++ expressions.
clang::Qualifiers
The collection of all-type qualifiers we support.
Definition: Type.h:137
clang::ento::StoreManager::castRegion
const MemRegion * castRegion(const MemRegion *region, QualType CastToTy)
castRegion - Used by ExprEngine::VisitCast to handle casts from a MemRegion* to a specific location t...
Definition: Store.cpp:74
clang::Type::isVariableArrayType
bool isVariableArrayType() const
Definition: Type.h:6419
clang::ASTContext::UnwrapSimilarTypes
bool UnwrapSimilarTypes(QualType &T1, QualType &T2)
Attempt to unwrap two types that may be similar (C++ [conv.qual]).
Definition: ASTContext.cpp:5167
clang::ento::SymExpr
Symbolic value.
Definition: SymExpr.h:29
clang::ento::SymbolManager::getDerivedSymbol
const SymbolDerived * getDerivedSymbol(SymbolRef parentSymbol, const TypedValueRegion *R)
Definition: SymbolManager.cpp:203
clang::ento::SValBuilder::evalCastFromNonLoc
virtual SVal evalCastFromNonLoc(NonLoc val, QualType castTy)=0
clang::ento::SValBuilder::evalBinOpLN
virtual SVal evalBinOpLN(ProgramStateRef state, BinaryOperator::Opcode op, Loc lhs, NonLoc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with a memory location and non-location opera...
clang::ento::SValBuilder::getRegionManager
MemRegionManager & getRegionManager()
Definition: SValBuilder.h:174
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:154
clang::ento::SValBuilder::evalIntegralCast
SVal evalIntegralCast(ProgramStateRef state, SVal val, QualType castTy, QualType originalType)
Definition: SValBuilder.cpp:489
ProgramState_Fwd.h
clang::ento::SymbolManager::canSymbolicate
static bool canSymbolicate(QualType T)
Definition: SymbolManager.cpp:348
clang::Type::isReferenceType
bool isReferenceType() const
Definition: Type.h:6363
clang::ento::SValBuilder::getDerivedRegionValueSymbolVal
DefinedOrUnknownSVal getDerivedRegionValueSymbolVal(SymbolRef parentSymbol, const TypedValueRegion *region)
Definition: SValBuilder.cpp:221
clang::CodeGen::state
i32 captured_struct **param SharedsTy A type which contains references the shared variables *param Shareds Context with the list of shared variables from the p *TaskFunction *param Data Additional data for task generation like final * state
Definition: CGOpenMPRuntime.h:764
clang::ento::SVal::getAsSymbolicExpression
const SymExpr * getAsSymbolicExpression() const
getAsSymbolicExpression - If this Sval wraps a symbolic expression then return that expression...
Definition: SVals.cpp:137
clang::Type::isIntegralOrEnumerationType
bool isIntegralOrEnumerationType() const
Determine whether this type is an integral or enumeration type.
Definition: Type.h:6714
clang::ento::MemRegionManager::getSymbolicRegion
const SymbolicRegion * getSymbolicRegion(SymbolRef Sym)
Retrieve or create a "symbolic" memory region.
Definition: MemRegion.cpp:1023
clang::Expr::isGLValue
bool isGLValue() const
Definition: Expr.h:261
clang::ento::Loc::isLocType
static bool isLocType(QualType T)
Definition: SVals.h:329
clang::BinaryOperatorKind
BinaryOperatorKind
Definition: OperationKinds.h:25
clang::ento::BlockDataRegion
BlockDataRegion - A region that represents a block instance.
Definition: MemRegion.h:672
clang::Expr::EvalResult::Val
APValue Val
Val - This is the value the expression can be folded to.
Definition: Expr.h:582
LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified...
clang::ento::SValBuilder::makeSymExprValNN
SVal makeSymExprValNN(BinaryOperator::Opcode op, NonLoc lhs, NonLoc rhs, QualType resultTy)
Constructs a symbolic expression for two non-location values.
Definition: SValBuilder.cpp:377
clang::ento::SVal::isUnknown
bool isUnknown() const
Definition: SVals.h:136
clang::ento::SValBuilder::getRegionValueSymbolVal
DefinedOrUnknownSVal getRegionValueSymbolVal(const TypedValueRegion *region)
Make a unique symbol for value of region.
Definition: SValBuilder.cpp:118
clang::ento::APSIntType
A record of the "type" of an APSInt, used for conversions.
Definition: APSIntType.h:19
clang::ento::SValBuilder::makeCompoundVal
NonLoc makeCompoundVal(QualType type, llvm::ImmutableList< SVal > vals)
Definition: SValBuilder.h:250
clang::ento::SValBuilder::getFunctionPointer
DefinedSVal getFunctionPointer(const FunctionDecl *func)
Definition: SValBuilder.cpp:255
clang::ento::SVal::isConstant
bool isConstant() const
Definition: SVals.cpp:222
clang::ento::MemRegionManager::getBlockCodeRegion
const BlockCodeRegion * getBlockCodeRegion(const BlockDecl *BD, CanQualType locTy, AnalysisDeclContext *AC)
Definition: MemRegion.cpp:1017
clang::ento::SVal::getAsSymbol
SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const
If this SVal wraps a symbol return that SymbolRef.
Definition: SVals.cpp:127
clang::DeclaratorDecl
Represents a ValueDecl that came out of a declarator.
Definition: Decl.h:688
clang::ento::SValBuilder::makeBoolVal
nonloc::ConcreteInt makeBoolVal(const ObjCBoolLiteralExpr *boolean)
Definition: SValBuilder.h:284
clang::ento::SValBuilder::areEqual
ConditionTruthVal areEqual(ProgramStateRef state, SVal lhs, SVal rhs)
Definition: SValBuilder.cpp:437
clang::ento::SValBuilder::makeLoc
Loc makeLoc(SymbolRef sym)
Definition: SValBuilder.h:353
clang::ento::SValBuilder::makeZeroVal
DefinedOrUnknownSVal makeZeroVal(QualType type)
Construct an SVal representing &#39;0&#39; for the specified type.
Definition: SValBuilder.cpp:52
clang::BlockDecl
Represents a block literal declaration, which is like an unnamed FunctionDecl.
Definition: Decl.h:3884
clang::Expr
This represents one expression.
Definition: Expr.h:108
clang::ento::SymbolManager::getSymIntExpr
const SymIntExpr * getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode op, const llvm::APSInt &rhs, QualType t)
clang::Type::isNullPtrType
bool isNullPtrType() const
Definition: Type.h:6635
clang::ento::SValBuilder::ArrayIndexTy
const QualType ArrayIndexTy
The scalar type to use for array indices.
Definition: SValBuilder.h:70
clang::ento::SValBuilder::getConditionType
QualType getConditionType() const
Definition: SValBuilder.h:160
clang::Type::isAnyComplexType
bool isAnyComplexType() const
Definition: Type.h:6439
clang::Expr::getType
QualType getType() const
Definition: Expr.h:137
clang::ento::SValBuilder::evalBinOpLL
virtual SVal evalBinOpLL(ProgramStateRef state, BinaryOperator::Opcode op, Loc lhs, Loc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with two memory location operands.
clang::ento::SValBuilder::evalBinOp
SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, SVal lhs, SVal rhs, QualType type)
Definition: SValBuilder.cpp:404
clang::Qualifiers::removeCVRQualifiers
void removeCVRQualifiers(unsigned mask)
Definition: Type.h:277
clang::CXXBoolLiteralExpr::getValue
bool getValue() const
Definition: ExprCXX.h:561
clang::ento::SVal::getAs
Optional< T > getAs() const
Convert to the specified SVal type, returning None if this SVal is not of the desired type...
Definition: SVals.h:111
clang::ento::SymbolManager::getCastSymbol
const SymbolCast * getCastSymbol(const SymExpr *Operand, QualType From, QualType To)
Definition: SymbolManager.cpp:254
clang::ento::APSIntType::getMaxValue
llvm::APSInt getMaxValue() const LLVM_READONLY
Returns the maximum value for this type.
Definition: APSIntType.h:65
clang::ento::SymbolManager::getSymSymExpr
const SymSymExpr * getSymSymExpr(const SymExpr *lhs, BinaryOperator::Opcode op, const SymExpr *rhs, QualType t)
Definition: SymbolManager.cpp:305
clang::QualType::getCanonicalType
QualType getCanonicalType() const
Definition: Type.h:6166
clang::ento::SValBuilder::conjureSymbolVal
DefinedOrUnknownSVal conjureSymbolVal(const void *symbolTag, const Expr *expr, const LocationContext *LCtx, unsigned count)
Create a new symbol with a unique &#39;name&#39;.
clang::Expr::isNullPointerConstant
NullPointerConstantKind isNullPointerConstant(ASTContext &Ctx, NullPointerConstantValueDependence NPC) const
isNullPointerConstant - C99 6.3.2.3p3 - Test if this reduces down to a Null pointer constant...
Definition: Expr.cpp:3632
clang::ento::SValBuilder::SymMgr
SymbolManager SymMgr
Manages the creation of symbols.
Definition: SValBuilder.h:62
clang::ento::SValBuilder::evalCastFromLoc
virtual SVal evalCastFromLoc(Loc val, QualType castTy)=0
clang::ento::SymbolManager::getMetadataSymbol
const SymbolMetadata * getMetadataSymbol(const MemRegion *R, const Stmt *S, QualType T, const LocationContext *LCtx, unsigned VisitCount, const void *SymbolTag=nullptr)
Creates a metadata symbol associated with a specific region.
Definition: SymbolManager.cpp:236
clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition: SVals.cpp:151
clang::CXXMethodDecl
Represents a static or instance method of a struct/union/class.
Definition: DeclCXX.h:2109
clang::ento::SValBuilder::getContext
ASTContext & getContext()
Definition: SValBuilder.h:155
clang::ento::SymbolManager::getRegionValueSymbol
const SymbolRegionValue * getRegionValueSymbol(const TypedValueRegion *R)
Make a unique symbol for MemRegion R according to its kind.
Definition: SymbolManager.cpp:168
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value...
Definition: SVals.h:75
clang::Expr::NPC_ValueDependentIsNotNull
Specifies that a value-dependent expression should be considered to never be a null pointer constant...
Definition: Expr.h:737
shouldBeModeledWithNoOp
static bool shouldBeModeledWithNoOp(ASTContext &Context, QualType ToTy, QualType FromTy)
Recursively check if the pointer types are equal modulo const, volatile, and restrict qualifiers...
Definition: SValBuilder.cpp:456
clang::ento::SValBuilder::getConjuredHeapSymbolVal
DefinedOrUnknownSVal getConjuredHeapSymbolVal(const Expr *E, const LocationContext *LCtx, unsigned Count)
Conjure a symbol representing heap allocated memory region.
Definition: SValBuilder.cpp:191
clang::Type::isVectorType
bool isVectorType() const
Definition: Type.h:6443
clang::ento::SValBuilder::evalBinOpNN
virtual SVal evalBinOpNN(ProgramStateRef state, BinaryOperator::Opcode op, NonLoc lhs, NonLoc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with two non- location operands.
clang::ento::SValBuilder::ArrayIndexWidth
const unsigned ArrayIndexWidth
The width of the scalar type used for array indices.
Definition: SValBuilder.h:73
clang::ento::MemRegionManager::getSymbolicHeapRegion
const SymbolicRegion * getSymbolicHeapRegion(SymbolRef sym)
Return a unique symbolic region belonging to heap memory space.
Definition: MemRegion.cpp:1027
clang
Dataflow Directional Tag Classes.
Definition: CFGReachabilityAnalysis.h:21
clang::ento::ProgramStateManager::ArrayToPointer
SVal ArrayToPointer(Loc Array, QualType ElementTy)
Definition: ProgramState.h:538
clang::Expr::EvalResult
EvalResult is a struct with detailed info about an evaluated expression.
Definition: Expr.h:580
clang::ento::SVal::isZeroConstant
bool isZeroConstant() const
Definition: SVals.cpp:234
clang::Stmt::getStmtClass
StmtClass getStmtClass() const
Definition: Stmt.h:1080
clang::Type::isBooleanType
bool isBooleanType() const
Definition: Type.h:6727
clang::ento::SValBuilder::evalEQ
SVal evalEQ(ProgramStateRef state, SVal lhs, SVal rhs)
Definition: SValBuilder.cpp:442
clang::ento::nonloc::SymbolVal
Represents symbolic expression that isn&#39;t a location.
Definition: SVals.h:349
clang::ento::SValBuilder::convertToArrayIndex
SVal convertToArrayIndex(SVal val)
Definition: SValBuilder.cpp:99
clang::ento::MemRegionManager::getFunctionCodeRegion
const FunctionCodeRegion * getFunctionCodeRegion(const NamedDecl *FD)
Definition: MemRegion.cpp:1011
clang::ento::SValBuilder::getMetadataSymbolVal
DefinedSVal getMetadataSymbolVal(const void *symbolTag, const MemRegion *region, const Expr *expr, QualType type, const LocationContext *LCtx, unsigned count)
Definition: SValBuilder.cpp:204
clang::ento::SVal::castAs
T castAs() const
Convert to the specified SVal type, asserting that this SVal is of the desired type.
Definition: SVals.h:103
clang::ento::SValBuilder::getBasicValueFactory
BasicValueFactory & getBasicValueFactory()
Definition: SValBuilder.h:168
clang::ento::SValBuilder::getMemberPointer
DefinedSVal getMemberPointer(const DeclaratorDecl *DD)
Definition: SValBuilder.cpp:239
clang::Type::isFunctionType
bool isFunctionType() const
Definition: Type.h:6347
clang::ento::SVal::getAsSymExpr
const SymExpr * getAsSymExpr() const
Definition: SVals.cpp:144
clang::ento::MemRegionManager::getBlockDataRegion
const BlockDataRegion * getBlockDataRegion(const BlockCodeRegion *bc, const LocationContext *lc, unsigned blockCount)
getBlockDataRegion - Get the memory region associated with an instance of a block.
Definition: MemRegion.cpp:939
clang::ASTContext::getCanonicalType
CanQualType getCanonicalType(QualType T) const
Return the canonical (structural) type corresponding to the specified potentially non-canonical type ...
Definition: ASTContext.h:2280
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate.h) and friends (in DeclFriend.h).
clang::Expr::EvaluateAsInt
bool EvaluateAsInt(EvalResult &Result, const ASTContext &Ctx, SideEffectsKind AllowSideEffects=SE_NoSideEffects, bool InConstantContext=false) const
EvaluateAsInt - Return true if this is a constant which we can fold and convert to an integer...
Definition: ExprConstant.cpp:11891
clang::CXXRecordDecl
Represents a C++ struct/union/class.
Definition: DeclCXX.h:300
clang::Type::isVoidType
bool isVoidType() const
Definition: Type.h:6610
clang::ento::SValBuilder::getConstantVal
Optional< SVal > getConstantVal(const Expr *E)
Returns the value of E, if it can be determined in a non-path-sensitive manner.
Definition: SValBuilder.cpp:285
clang::ASTContext::getPointerType
QualType getPointerType(QualType T) const
Return the uniqued reference to the type for a pointer to the specified type.
Definition: ASTContext.cpp:2853
clang::ento::SVal::isUndef
bool isUndef() const
Definition: SVals.h:140
clang::Type::isPointerType
bool isPointerType() const
Definition: Type.h:6351
clang::ento::SValBuilder::makeTruthVal
nonloc::ConcreteInt makeTruthVal(bool b, QualType type)
Definition: SValBuilder.h:334
clang::CXXBoolLiteralExpr
A boolean literal, per ([C++ lex.bool] Boolean literals).
Definition: ExprCXX.h:549
clang::APValue::getInt
APSInt & getInt()
Definition: APValue.h:336
clang::LocationContext::getAnalysisDeclContext
AnalysisDeclContext * getAnalysisDeclContext() const
Definition: AnalysisDeclContext.h:246
clang::Type::isFunctionPointerType
bool isFunctionPointerType() const
Definition: Type.h:6375
clang::ASTContext::getUnqualifiedArrayType
QualType getUnqualifiedArrayType(QualType T, Qualifiers &Quals)
Return this type as a completely-unqualified array type, capturing the qualifiers in Quals...
Definition: ASTContext.cpp:5070
clang::ento::SVal::isUnknownOrUndef
bool isUnknownOrUndef() const
Definition: SVals.h:144
clang::ento::BasicValueFactory::getEmptySValList
llvm::ImmutableList< SVal > getEmptySValList()
Definition: BasicValueFactory.h:231
clang::Expr::IgnoreParens
Expr * IgnoreParens() LLVM_READONLY
Skip past any parentheses which might surround this expression until reaching a fixed point...
Definition: Expr.cpp:2913
clang::ento::SubEngine::getAnalysisManager
virtual AnalysisManager & getAnalysisManager()=0
Generated on Mon Jun 17 2019 00:54:59 for clang by   doxygen 1.8.13