doxygen/SValBuilder_8cpp_source.html

 //===- SValBuilder.cpp - Basic class for all SValBuilder implementations --===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 //===----------------------------------------------------------------------===//
 //
 //  This file defines SValBuilder, the base class for all (complete) SValBuilder
 //  implementations.
 //
 //===----------------------------------------------------------------------===//

 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
 #include "clang/AST/ASTContext.h"
 #include "clang/AST/Decl.h"
 #include "clang/AST/DeclCXX.h"
 #include "clang/AST/ExprCXX.h"
 #include "clang/AST/ExprObjC.h"
 #include "clang/AST/Stmt.h"
 #include "clang/AST/Type.h"
 #include "clang/Basic/LLVM.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
 #include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/None.h"
 #include "llvm/ADT/Optional.h"
 #include "llvm/Support/Casting.h"
 #include "llvm/Support/Compiler.h"
 #include <cassert>
 #include <tuple>

 using namespace clang;
 using namespace ento;

 //===----------------------------------------------------------------------===//
 // Basic SVal creation.
 //===----------------------------------------------------------------------===//

 void SValBuilder::anchor() {}

 DefinedOrUnknownSVal SValBuilder::makeZeroVal(QualType type) {
   if (Loc::isLocType(type))
     return makeNull();

   if (type->isIntegralOrEnumerationType())
     return makeIntVal(0, type);

   if (type->isArrayType() || type->isRecordType() || type->isVectorType() ||
       type->isAnyComplexType())
     return makeCompoundVal(type, BasicVals.getEmptySValList());

   // FIXME: Handle floats.
   return UnknownVal();
 }

 NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
                                 const llvm::APSInt& rhs, QualType type) {
   // The Environment ensures we always get a persistent APSInt in
   // BasicValueFactory, so we don't need to get the APSInt from
   // BasicValueFactory again.
   assert(lhs);
   assert(!Loc::isLocType(type));
   return nonloc::SymbolVal(SymMgr.getSymIntExpr(lhs, op, rhs, type));
 }

 NonLoc SValBuilder::makeNonLoc(const llvm::APSInt& lhs,
                                BinaryOperator::Opcode op, const SymExpr *rhs,
                                QualType type) {
   assert(rhs);
   assert(!Loc::isLocType(type));
   return nonloc::SymbolVal(SymMgr.getIntSymExpr(lhs, op, rhs, type));
 }

 NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
                                const SymExpr *rhs, QualType type) {
   assert(lhs && rhs);
   assert(!Loc::isLocType(type));
   return nonloc::SymbolVal(SymMgr.getSymSymExpr(lhs, op, rhs, type));
 }

 NonLoc SValBuilder::makeNonLoc(const SymExpr *operand,
                                QualType fromTy, QualType toTy) {
   assert(operand);
   assert(!Loc::isLocType(toTy));
   return nonloc::SymbolVal(SymMgr.getCastSymbol(operand, fromTy, toTy));
 }

 SVal SValBuilder::convertToArrayIndex(SVal val) {
   if (val.isUnknownOrUndef())
     return val;

   // Common case: we have an appropriately sized integer.
   if (Optional<nonloc::ConcreteInt> CI = val.getAs<nonloc::ConcreteInt>()) {
     const llvm::APSInt& I = CI->getValue();
     if (I.getBitWidth() == ArrayIndexWidth && I.isSigned())
       return val;
   }

   return evalCastFromNonLoc(val.castAs<NonLoc>(), ArrayIndexTy);
 }

 nonloc::ConcreteInt SValBuilder::makeBoolVal(const CXXBoolLiteralExpr *boolean){
   return makeTruthVal(boolean->getValue());
 }

 DefinedOrUnknownSVal
 SValBuilder::getRegionValueSymbolVal(const TypedValueRegion *region) {
   QualType T = region->getValueType();

   if (T->isNullPtrType())
     return makeZeroVal(T);

   if (!SymbolManager::canSymbolicate(T))
     return UnknownVal();

   SymbolRef sym = SymMgr.getRegionValueSymbol(region);

   if (Loc::isLocType(T))
     return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));

   return nonloc::SymbolVal(sym);
 }

 DefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const void *SymbolTag,
                                                    const Expr *Ex,
                                                    const LocationContext *LCtx,
                                                    unsigned Count) {
   QualType T = Ex->getType();

   if (T->isNullPtrType())
     return makeZeroVal(T);

   // Compute the type of the result. If the expression is not an R-value, the
   // result should be a location.
   QualType ExType = Ex->getType();
   if (Ex->isGLValue())
     T = LCtx->getAnalysisDeclContext()->getASTContext().getPointerType(ExType);

   return conjureSymbolVal(SymbolTag, Ex, LCtx, T, Count);
 }

 DefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const void *symbolTag,
                                                    const Expr *expr,
                                                    const LocationContext *LCtx,
                                                    QualType type,
                                                    unsigned count) {
   if (type->isNullPtrType())
     return makeZeroVal(type);

   if (!SymbolManager::canSymbolicate(type))
     return UnknownVal();

   SymbolRef sym = SymMgr.conjureSymbol(expr, LCtx, type, count, symbolTag);

   if (Loc::isLocType(type))
     return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));

   return nonloc::SymbolVal(sym);
 }

 DefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const Stmt *stmt,
                                                    const LocationContext *LCtx,
                                                    QualType type,
                                                    unsigned visitCount) {
   if (type->isNullPtrType())
     return makeZeroVal(type);

   if (!SymbolManager::canSymbolicate(type))
     return UnknownVal();

   SymbolRef sym = SymMgr.conjureSymbol(stmt, LCtx, type, visitCount);

   if (Loc::isLocType(type))
     return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));

   return nonloc::SymbolVal(sym);
 }

 DefinedOrUnknownSVal
 SValBuilder::getConjuredHeapSymbolVal(const Expr *E,
                                       const LocationContext *LCtx,
                                       unsigned VisitCount) {
   QualType T = E->getType();
   assert(Loc::isLocType(T));
   assert(SymbolManager::canSymbolicate(T));
   if (T->isNullPtrType())
     return makeZeroVal(T);

   SymbolRef sym = SymMgr.conjureSymbol(E, LCtx, T, VisitCount);
   return loc::MemRegionVal(MemMgr.getSymbolicHeapRegion(sym));
 }

 DefinedSVal SValBuilder::getMetadataSymbolVal(const void *symbolTag,
                                               const MemRegion *region,
                                               const Expr *expr, QualType type,
                                               const LocationContext *LCtx,
                                               unsigned count) {
   assert(SymbolManager::canSymbolicate(type) && "Invalid metadata symbol type");

   SymbolRef sym =
       SymMgr.getMetadataSymbol(region, expr, type, LCtx, count, symbolTag);

   if (Loc::isLocType(type))
     return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));

   return nonloc::SymbolVal(sym);
 }

 DefinedOrUnknownSVal
 SValBuilder::getDerivedRegionValueSymbolVal(SymbolRef parentSymbol,
                                              const TypedValueRegion *region) {
   QualType T = region->getValueType();

   if (T->isNullPtrType())
     return makeZeroVal(T);

   if (!SymbolManager::canSymbolicate(T))
     return UnknownVal();

   SymbolRef sym = SymMgr.getDerivedSymbol(parentSymbol, region);

   if (Loc::isLocType(T))
     return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym));

   return nonloc::SymbolVal(sym);
 }

 DefinedSVal SValBuilder::getMemberPointer(const DeclaratorDecl *DD) {
   assert(!DD || isa<CXXMethodDecl>(DD) || isa<FieldDecl>(DD));

   if (const auto *MD = dyn_cast_or_null<CXXMethodDecl>(DD)) {
     // Sema treats pointers to static member functions as have function pointer
     // type, so return a function pointer for the method.
     // We don't need to play a similar trick for static member fields
     // because these are represented as plain VarDecls and not FieldDecls
     // in the AST.
     if (MD->isStatic())
       return getFunctionPointer(MD);
   }

   return nonloc::PointerToMember(DD);
 }

 DefinedSVal SValBuilder::getFunctionPointer(const FunctionDecl *func) {
   return loc::MemRegionVal(MemMgr.getFunctionCodeRegion(func));
 }

 DefinedSVal SValBuilder::getBlockPointer(const BlockDecl *block,
                                          CanQualType locTy,
                                          const LocationContext *locContext,
                                          unsigned blockCount) {
   const BlockCodeRegion *BC =
     MemMgr.getBlockCodeRegion(block, locTy, locContext->getAnalysisDeclContext());
   const BlockDataRegion *BD = MemMgr.getBlockDataRegion(BC, locContext,
                                                         blockCount);
   return loc::MemRegionVal(BD);
 }

 /// Return a memory region for the 'this' object reference.
 loc::MemRegionVal SValBuilder::getCXXThis(const CXXMethodDecl *D,
                                           const StackFrameContext *SFC) {
   return loc::MemRegionVal(
       getRegionManager().getCXXThisRegion(D->getThisType(), SFC));
 }

 /// Return a memory region for the 'this' object reference.
 loc::MemRegionVal SValBuilder::getCXXThis(const CXXRecordDecl *D,
                                           const StackFrameContext *SFC) {
   const Type *T = D->getTypeForDecl();
   QualType PT = getContext().getPointerType(QualType(T, 0));
   return loc::MemRegionVal(getRegionManager().getCXXThisRegion(PT, SFC));
 }

 Optional<SVal> SValBuilder::getConstantVal(const Expr *E) {
   E = E->IgnoreParens();

   switch (E->getStmtClass()) {
   // Handle expressions that we treat differently from the AST's constant
   // evaluator.
   case Stmt::AddrLabelExprClass:
     return makeLoc(cast<AddrLabelExpr>(E));

   case Stmt::CXXScalarValueInitExprClass:
   case Stmt::ImplicitValueInitExprClass:
     return makeZeroVal(E->getType());

   case Stmt::ObjCStringLiteralClass: {
     const auto *SL = cast<ObjCStringLiteral>(E);
     return makeLoc(getRegionManager().getObjCStringRegion(SL));
   }

   case Stmt::StringLiteralClass: {
     const auto *SL = cast<StringLiteral>(E);
     return makeLoc(getRegionManager().getStringRegion(SL));
   }

   // Fast-path some expressions to avoid the overhead of going through the AST's
   // constant evaluator
   case Stmt::CharacterLiteralClass: {
     const auto *C = cast<CharacterLiteral>(E);
     return makeIntVal(C->getValue(), C->getType());
   }

   case Stmt::CXXBoolLiteralExprClass:
     return makeBoolVal(cast<CXXBoolLiteralExpr>(E));

   case Stmt::TypeTraitExprClass: {
     const auto *TE = cast<TypeTraitExpr>(E);
     return makeTruthVal(TE->getValue(), TE->getType());
   }

   case Stmt::IntegerLiteralClass:
     return makeIntVal(cast<IntegerLiteral>(E));

   case Stmt::ObjCBoolLiteralExprClass:
     return makeBoolVal(cast<ObjCBoolLiteralExpr>(E));

   case Stmt::CXXNullPtrLiteralExprClass:
     return makeNull();

   case Stmt::CStyleCastExprClass:
   case Stmt::CXXFunctionalCastExprClass:
   case Stmt::CXXConstCastExprClass:
   case Stmt::CXXReinterpretCastExprClass:
   case Stmt::CXXStaticCastExprClass:
   case Stmt::ImplicitCastExprClass: {
     const auto *CE = cast<CastExpr>(E);
     switch (CE->getCastKind()) {
     default:
       break;
     case CK_ArrayToPointerDecay:
     case CK_IntegralToPointer:
     case CK_NoOp:
     case CK_BitCast: {
       const Expr *SE = CE->getSubExpr();
       Optional<SVal> Val = getConstantVal(SE);
       if (!Val)
         return None;
       return evalCast(*Val, CE->getType(), SE->getType());
     }
     }
     // FALLTHROUGH
     LLVM_FALLTHROUGH;
   }

   // If we don't have a special case, fall back to the AST's constant evaluator.
   default: {
     // Don't try to come up with a value for materialized temporaries.
     if (E->isGLValue())
       return None;

     ASTContext &Ctx = getContext();
     Expr::EvalResult Result;
     if (E->EvaluateAsInt(Result, Ctx))
       return makeIntVal(Result.Val.getInt());

     if (Loc::isLocType(E->getType()))
       if (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull))
         return makeNull();

     return None;
   }
   }
 }

 SVal SValBuilder::makeSymExprValNN(BinaryOperator::Opcode Op,
                                    NonLoc LHS, NonLoc RHS,
                                    QualType ResultTy) {
   const SymExpr *symLHS = LHS.getAsSymExpr();
   const SymExpr *symRHS = RHS.getAsSymExpr();

   // TODO: When the Max Complexity is reached, we should conjure a symbol
   // instead of generating an Unknown value and propagate the taint info to it.
   const unsigned MaxComp = StateMgr.getOwningEngine()
                                .getAnalysisManager()
                                .options.MaxSymbolComplexity;

   if (symLHS && symRHS &&
       (symLHS->computeComplexity() + symRHS->computeComplexity()) <  MaxComp)
     return makeNonLoc(symLHS, Op, symRHS, ResultTy);

   if (symLHS && symLHS->computeComplexity() < MaxComp)
     if (Optional<nonloc::ConcreteInt> rInt = RHS.getAs<nonloc::ConcreteInt>())
       return makeNonLoc(symLHS, Op, rInt->getValue(), ResultTy);

   if (symRHS && symRHS->computeComplexity() < MaxComp)
     if (Optional<nonloc::ConcreteInt> lInt = LHS.getAs<nonloc::ConcreteInt>())
       return makeNonLoc(lInt->getValue(), Op, symRHS, ResultTy);

   return UnknownVal();
 }

 SVal SValBuilder::evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op,
                             SVal lhs, SVal rhs, QualType type) {
   if (lhs.isUndef() || rhs.isUndef())
     return UndefinedVal();

   if (lhs.isUnknown() || rhs.isUnknown())
     return UnknownVal();

   if (lhs.getAs<nonloc::LazyCompoundVal>() ||
       rhs.getAs<nonloc::LazyCompoundVal>()) {
     return UnknownVal();
   }

   if (Optional<Loc> LV = lhs.getAs<Loc>()) {
     if (Optional<Loc> RV = rhs.getAs<Loc>())
       return evalBinOpLL(state, op, *LV, *RV, type);

     return evalBinOpLN(state, op, *LV, rhs.castAs<NonLoc>(), type);
   }

   if (Optional<Loc> RV = rhs.getAs<Loc>()) {
     // Support pointer arithmetic where the addend is on the left
     // and the pointer on the right.
     assert(op == BO_Add);

     // Commute the operands.
     return evalBinOpLN(state, op, *RV, lhs.castAs<NonLoc>(), type);
   }

   return evalBinOpNN(state, op, lhs.castAs<NonLoc>(), rhs.castAs<NonLoc>(),
                      type);
 }

 ConditionTruthVal SValBuilder::areEqual(ProgramStateRef state, SVal lhs,
                                         SVal rhs) {
   return state->isNonNull(evalEQ(state, lhs, rhs));
 }

 SVal SValBuilder::evalEQ(ProgramStateRef state, SVal lhs, SVal rhs) {
   return evalBinOp(state, BO_EQ, lhs, rhs, getConditionType());
 }

 DefinedOrUnknownSVal SValBuilder::evalEQ(ProgramStateRef state,
                                          DefinedOrUnknownSVal lhs,
                                          DefinedOrUnknownSVal rhs) {
   return evalEQ(state, static_cast<SVal>(lhs), static_cast<SVal>(rhs))
       .castAs<DefinedOrUnknownSVal>();
 }

 /// Recursively check if the pointer types are equal modulo const, volatile,
 /// and restrict qualifiers. Also, assume that all types are similar to 'void'.
 /// Assumes the input types are canonical.
 static bool shouldBeModeledWithNoOp(ASTContext &Context, QualType ToTy,
                                                          QualType FromTy) {
   while (Context.UnwrapSimilarTypes(ToTy, FromTy)) {
     Qualifiers Quals1, Quals2;
     ToTy = Context.getUnqualifiedArrayType(ToTy, Quals1);
     FromTy = Context.getUnqualifiedArrayType(FromTy, Quals2);

     // Make sure that non-cvr-qualifiers the other qualifiers (e.g., address
     // spaces) are identical.
     Quals1.removeCVRQualifiers();
     Quals2.removeCVRQualifiers();
     if (Quals1 != Quals2)
       return false;
   }

   // If we are casting to void, the 'From' value can be used to represent the
   // 'To' value.
   //
   // FIXME: Doing this after unwrapping the types doesn't make any sense. A
   // cast from 'int**' to 'void**' is not special in the way that a cast from
   // 'int*' to 'void*' is.
   if (ToTy->isVoidType())
     return true;

   if (ToTy != FromTy)
     return false;

   return true;
 }

 // Handles casts of type CK_IntegralCast.
 // At the moment, this function will redirect to evalCast, except when the range
 // of the original value is known to be greater than the max of the target type.
 SVal SValBuilder::evalIntegralCast(ProgramStateRef state, SVal val,
                                    QualType castTy, QualType originalTy) {
   // No truncations if target type is big enough.
   if (getContext().getTypeSize(castTy) >= getContext().getTypeSize(originalTy))
     return evalCast(val, castTy, originalTy);

   const SymExpr *se = val.getAsSymbolicExpression();
   if (!se) // Let evalCast handle non symbolic expressions.
     return evalCast(val, castTy, originalTy);

   // Find the maximum value of the target type.
   APSIntType ToType(getContext().getTypeSize(castTy),
                     castTy->isUnsignedIntegerType());
   llvm::APSInt ToTypeMax = ToType.getMaxValue();
   NonLoc ToTypeMaxVal =
       makeIntVal(ToTypeMax.isUnsigned() ? ToTypeMax.getZExtValue()
                                         : ToTypeMax.getSExtValue(),
                  castTy)
           .castAs<NonLoc>();
   // Check the range of the symbol being casted against the maximum value of the
   // target type.
   NonLoc FromVal = val.castAs<NonLoc>();
   QualType CmpTy = getConditionType();
   NonLoc CompVal =
       evalBinOpNN(state, BO_LE, FromVal, ToTypeMaxVal, CmpTy).castAs<NonLoc>();
   ProgramStateRef IsNotTruncated, IsTruncated;
   std::tie(IsNotTruncated, IsTruncated) = state->assume(CompVal);
   if (!IsNotTruncated && IsTruncated) {
     // Symbol is truncated so we evaluate it as a cast.
     NonLoc CastVal = makeNonLoc(se, originalTy, castTy);
     return CastVal;
   }
   return evalCast(val, castTy, originalTy);
 }

 // FIXME: should rewrite according to the cast kind.
 SVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) {
   castTy = Context.getCanonicalType(castTy);
   originalTy = Context.getCanonicalType(originalTy);
   if (val.isUnknownOrUndef() || castTy == originalTy)
     return val;

   if (castTy->isBooleanType()) {
     if (val.isUnknownOrUndef())
       return val;
     if (val.isConstant())
       return makeTruthVal(!val.isZeroConstant(), castTy);
     if (!Loc::isLocType(originalTy) &&
         !originalTy->isIntegralOrEnumerationType() &&
         !originalTy->isMemberPointerType())
       return UnknownVal();
     if (SymbolRef Sym = val.getAsSymbol(true)) {
       BasicValueFactory &BVF = getBasicValueFactory();
       // FIXME: If we had a state here, we could see if the symbol is known to
       // be zero, but we don't.
       return makeNonLoc(Sym, BO_NE, BVF.getValue(0, Sym->getType()), castTy);
     }
     // Loc values are not always true, they could be weakly linked functions.
     if (Optional<Loc> L = val.getAs<Loc>())
       return evalCastFromLoc(*L, castTy);

     Loc L = val.castAs<nonloc::LocAsInteger>().getLoc();
     return evalCastFromLoc(L, castTy);
   }

   // For const casts, casts to void, just propagate the value.
   if (!castTy->isVariableArrayType() && !originalTy->isVariableArrayType())
     if (shouldBeModeledWithNoOp(Context, Context.getPointerType(castTy),
                                          Context.getPointerType(originalTy)))
       return val;

   // Check for casts from pointers to integers.
   if (castTy->isIntegralOrEnumerationType() && Loc::isLocType(originalTy))
     return evalCastFromLoc(val.castAs<Loc>(), castTy);

   // Check for casts from integers to pointers.
   if (Loc::isLocType(castTy) && originalTy->isIntegralOrEnumerationType()) {
     if (Optional<nonloc::LocAsInteger> LV = val.getAs<nonloc::LocAsInteger>()) {
       if (const MemRegion *R = LV->getLoc().getAsRegion()) {
         StoreManager &storeMgr = StateMgr.getStoreManager();
         R = storeMgr.castRegion(R, castTy);
         return R ? SVal(loc::MemRegionVal(R)) : UnknownVal();
       }
       return LV->getLoc();
     }
     return dispatchCast(val, castTy);
   }

   // Just pass through function and block pointers.
   if (originalTy->isBlockPointerType() || originalTy->isFunctionPointerType()) {
     assert(Loc::isLocType(castTy));
     return val;
   }

   // Check for casts from array type to another type.
   if (const auto *arrayT =
           dyn_cast<ArrayType>(originalTy.getCanonicalType())) {
     // We will always decay to a pointer.
     QualType elemTy = arrayT->getElementType();
     val = StateMgr.ArrayToPointer(val.castAs<Loc>(), elemTy);

     // Are we casting from an array to a pointer?  If so just pass on
     // the decayed value.
     if (castTy->isPointerType() || castTy->isReferenceType())
       return val;

     // Are we casting from an array to an integer?  If so, cast the decayed
     // pointer value to an integer.
     assert(castTy->isIntegralOrEnumerationType());

     // FIXME: Keep these here for now in case we decide soon that we
     // need the original decayed type.
     //    QualType elemTy = cast<ArrayType>(originalTy)->getElementType();
     //    QualType pointerTy = C.getPointerType(elemTy);
     return evalCastFromLoc(val.castAs<Loc>(), castTy);
   }

   // Check for casts from a region to a specific type.
   if (const MemRegion *R = val.getAsRegion()) {
     // Handle other casts of locations to integers.
     if (castTy->isIntegralOrEnumerationType())
       return evalCastFromLoc(loc::MemRegionVal(R), castTy);

     // FIXME: We should handle the case where we strip off view layers to get
     //  to a desugared type.
     if (!Loc::isLocType(castTy)) {
       // FIXME: There can be gross cases where one casts the result of a function
       // (that returns a pointer) to some other value that happens to fit
       // within that pointer value.  We currently have no good way to
       // model such operations.  When this happens, the underlying operation
       // is that the caller is reasoning about bits.  Conceptually we are
       // layering a "view" of a location on top of those bits.  Perhaps
       // we need to be more lazy about mutual possible views, even on an
       // SVal?  This may be necessary for bit-level reasoning as well.
       return UnknownVal();
     }

     // We get a symbolic function pointer for a dereference of a function
     // pointer, but it is of function type. Example:

     //  struct FPRec {
     //    void (*my_func)(int * x);
     //  };
     //
     //  int bar(int x);
     //
     //  int f1_a(struct FPRec* foo) {
     //    int x;
     //    (*foo->my_func)(&x);
     //    return bar(x)+1; // no-warning
     //  }

     assert(Loc::isLocType(originalTy) || originalTy->isFunctionType() ||
            originalTy->isBlockPointerType() || castTy->isReferenceType());

     StoreManager &storeMgr = StateMgr.getStoreManager();

     // Delegate to store manager to get the result of casting a region to a
     // different type.  If the MemRegion* returned is NULL, this expression
     // Evaluates to UnknownVal.
     R = storeMgr.castRegion(R, castTy);
     return R ? SVal(loc::MemRegionVal(R)) : UnknownVal();
   }

   return dispatchCast(val, castTy);
 }
clang::ento::DefinedSVal
Definition: SVals.h:262

ASTContext.h
Defines the clang::ASTContext interface.

ento

SVals.h

clang::FunctionDecl
Represents a function declaration or definition.
Definition: Decl.h:1784

clang::ento::SymbolManager::conjureSymbol
const SymbolConjured * conjureSymbol(const Stmt *E, const LocationContext *LCtx, QualType T, unsigned VisitCount, const void *SymbolTag=nullptr)

clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition: MemRegion.h:530

clang::ento::SValBuilder::makeIntVal
nonloc::ConcreteInt makeIntVal(const IntegerLiteral *integer)
Definition: SValBuilder.h:278

clang::ento::SValBuilder::getBlockPointer
DefinedSVal getBlockPointer(const BlockDecl *block, CanQualType locTy, const LocationContext *locContext, unsigned blockCount)
Definition: SValBuilder.cpp:259

clang::QualType
A (possibly-)qualified type.
Definition: Type.h:643

clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:94

clang::Type::isBlockPointerType
bool isBlockPointerType() const
Definition: Type.h:6399

clang::Type::isArrayType
bool isArrayType() const
Definition: Type.h:6447

clang::Type::isMemberPointerType
bool isMemberPointerType() const
Definition: Type.h:6429

clang::ast_matchers::stmt
const internal::VariadicAllOfMatcher< Stmt > stmt
Matches statements.
Definition: ASTMatchersInternal.cpp:614

SubEngine.h

clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:66

clang::ento::SymbolManager::getIntSymExpr
const IntSymExpr * getIntSymExpr(const llvm::APSInt &lhs, BinaryOperator::Opcode op, const SymExpr *rhs, QualType t)
Definition: SymbolManager.cpp:287

Type.h
C Language Family Type Representation.

clang::CXXMethodDecl::getThisType
QualType getThisType() const
Return the type of the this pointer.
Definition: DeclCXX.cpp:2310

clang::Type::isRecordType
bool isRecordType() const
Definition: Type.h:6471

clang::ento::BlockCodeRegion
BlockCodeRegion - A region that represents code texts of blocks (closures).
Definition: MemRegion.h:628

clang::TypeDecl::getTypeForDecl
const Type * getTypeForDecl() const
Definition: Decl.h:2967

clang::ento::TypedValueRegion::getValueType
virtual QualType getValueType() const =0

clang::ento::SValBuilder::StateMgr
ProgramStateManager & StateMgr
Definition: SValBuilder.h:67

clang::Type
The base class of the type hierarchy.
Definition: Type.h:1436

clang::LocationContext
Definition: AnalysisDeclContext.h:216

clang::ento::SValBuilder::Context
ASTContext & Context
Definition: SValBuilder.h:56

MemRegion.h

clang::ento::SymExpr::computeComplexity
virtual unsigned computeComplexity() const =0

clang::ento::SValBuilder::evalCast
SVal evalCast(SVal val, QualType castTy, QualType originalType)
Definition: SValBuilder.cpp:525

clang::ento::nonloc::ConcreteInt
Value representing integer constant.
Definition: SVals.h:379

clang::ento::SValBuilder::MemMgr
MemRegionManager MemMgr
Manages the creation of memory regions.
Definition: SValBuilder.h:65

clang::Type::isUnsignedIntegerType
bool isUnsignedIntegerType() const
Return true if this is an integer type that is unsigned, according to C99 6.2.5p6 [which returns true...
Definition: Type.cpp:1971

clang::AnalysisDeclContext::getASTContext
ASTContext & getASTContext() const
Definition: AnalysisDeclContext.h:103

clang::ast_matchers::expr
const internal::VariadicDynCastAllOfMatcher< Stmt, Expr > expr
Matches expressions.
Definition: ASTMatchersInternal.cpp:689

clang::ento::SValBuilder::dispatchCast
virtual SVal dispatchCast(SVal val, QualType castTy)=0

clang::ento::SValBuilder::getCXXThis
loc::MemRegionVal getCXXThis(const CXXMethodDecl *D, const StackFrameContext *SFC)
Return a memory region for the &#39;this&#39; object reference.
Definition: SValBuilder.cpp:271

clang::ento::SValBuilder::makeNonLoc
NonLoc makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op, const llvm::APSInt &rhs, QualType type)
Definition: SValBuilder.cpp:67

clang::ento::UndefinedVal
Definition: SVals.h:217

clang::ento::SValBuilder::BasicVals
BasicValueFactory BasicVals
Manager of APSInt values.
Definition: SValBuilder.h:59

ExprCXX.h
Defines the clang::Expr interface and subclasses for C++ expressions.

clang::ento::BasicValueFactory
Definition: BasicValueFactory.h:106

clang::Qualifiers
The collection of all-type qualifiers we support.
Definition: Type.h:137

clang::ento::StoreManager::castRegion
const MemRegion * castRegion(const MemRegion *region, QualType CastToTy)
castRegion - Used by ExprEngine::VisitCast to handle casts from a MemRegion* to a specific location t...
Definition: Store.cpp:74

clang::Type::isVariableArrayType
bool isVariableArrayType() const
Definition: Type.h:6459

clang::ASTContext::UnwrapSimilarTypes
bool UnwrapSimilarTypes(QualType &T1, QualType &T2)
Attempt to unwrap two types that may be similar (C++ [conv.qual]).
Definition: ASTContext.cpp:5266

clang::ento::SymExpr
Symbolic value.
Definition: SymExpr.h:29

clang::ento::SymbolManager::getDerivedSymbol
const SymbolDerived * getDerivedSymbol(SymbolRef parentSymbol, const TypedValueRegion *R)
Definition: SymbolManager.cpp:203

clang::ento::SValBuilder::evalCastFromNonLoc
virtual SVal evalCastFromNonLoc(NonLoc val, QualType castTy)=0

clang::ento::SValBuilder::evalBinOpLN
virtual SVal evalBinOpLN(ProgramStateRef state, BinaryOperator::Opcode op, Loc lhs, NonLoc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with a memory location and non-location opera...

clang::ento::SValBuilder::getRegionManager
MemRegionManager & getRegionManager()
Definition: SValBuilder.h:174

clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:160

llvm::Optional
Definition: LLVM.h:37

clang::ento::SValBuilder::evalIntegralCast
SVal evalIntegralCast(ProgramStateRef state, SVal val, QualType castTy, QualType originalType)
Definition: SValBuilder.cpp:489

ProgramState_Fwd.h

clang::ento::SymbolManager::canSymbolicate
static bool canSymbolicate(QualType T)
Definition: SymbolManager.cpp:348

APSIntType.h

Store.h

clang::Type::isReferenceType
bool isReferenceType() const
Definition: Type.h:6403

clang::ento::SValBuilder::getDerivedRegionValueSymbolVal
DefinedOrUnknownSVal getDerivedRegionValueSymbolVal(SymbolRef parentSymbol, const TypedValueRegion *region)
Definition: SValBuilder.cpp:221

clang::CodeGen::state
i32 captured_struct **param SharedsTy A type which contains references the shared variables *param Shareds Context with the list of shared variables from the p *TaskFunction *param Data Additional data for task generation like final * state
Definition: CGOpenMPRuntime.h:789

clang::ento::SVal::getAsSymbolicExpression
const SymExpr * getAsSymbolicExpression() const
getAsSymbolicExpression - If this Sval wraps a symbolic expression then return that expression...
Definition: SVals.cpp:137

clang::Type::isIntegralOrEnumerationType
bool isIntegralOrEnumerationType() const
Determine whether this type is an integral or enumeration type.
Definition: Type.h:6754

clang::ento::MemRegionManager::getSymbolicRegion
const SymbolicRegion * getSymbolicRegion(SymbolRef Sym)
Retrieve or create a "symbolic" memory region.
Definition: MemRegion.cpp:1023

clang::Expr::isGLValue
bool isGLValue() const
Definition: Expr.h:261

clang::ento::Loc::isLocType
static bool isLocType(QualType T)
Definition: SVals.h:329

clang::BinaryOperatorKind
BinaryOperatorKind
Definition: OperationKinds.h:25

clang::ento::BlockDataRegion
BlockDataRegion - A region that represents a block instance.
Definition: MemRegion.h:673

clang::Expr::EvalResult::Val
APValue Val
Val - This is the value the expression can be folded to.
Definition: Expr.h:582

LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified...

clang::ento::SValBuilder::makeSymExprValNN
SVal makeSymExprValNN(BinaryOperator::Opcode op, NonLoc lhs, NonLoc rhs, QualType resultTy)
Constructs a symbolic expression for two non-location values.
Definition: SValBuilder.cpp:377

clang::ento::SVal::isUnknown
bool isUnknown() const
Definition: SVals.h:136

clang::ento::SValBuilder::getRegionValueSymbolVal
DefinedOrUnknownSVal getRegionValueSymbolVal(const TypedValueRegion *region)
Make a unique symbol for value of region.
Definition: SValBuilder.cpp:118

clang::ento::DefinedOrUnknownSVal
Definition: SVals.h:229

clang::ento::SValBuilder::makeNull
Loc makeNull()
Definition: SValBuilder.h:349

ExprObjC.h

clang::ento::APSIntType
A record of the "type" of an APSInt, used for conversions.
Definition: APSIntType.h:19

clang::ento::SValBuilder::makeCompoundVal
NonLoc makeCompoundVal(QualType type, llvm::ImmutableList< SVal > vals)
Definition: SValBuilder.h:250

clang::ento::SValBuilder::getFunctionPointer
DefinedSVal getFunctionPointer(const FunctionDecl *func)
Definition: SValBuilder.cpp:255

BasicValueFactory.h

clang::ento::SVal::isConstant
bool isConstant() const
Definition: SVals.cpp:222

clang::ento::MemRegionManager::getBlockCodeRegion
const BlockCodeRegion * getBlockCodeRegion(const BlockDecl *BD, CanQualType locTy, AnalysisDeclContext *AC)
Definition: MemRegion.cpp:1017

clang::ento::SVal::getAsSymbol
SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const
If this SVal wraps a symbol return that SymbolRef.
Definition: SVals.cpp:127

clang::DeclaratorDecl
Represents a ValueDecl that came out of a declarator.
Definition: Decl.h:696

clang::ento::StoreManager
Definition: Store.h:53

clang::ento::SValBuilder::makeBoolVal
nonloc::ConcreteInt makeBoolVal(const ObjCBoolLiteralExpr *boolean)
Definition: SValBuilder.h:284

clang::ento::SValBuilder::areEqual
ConditionTruthVal areEqual(ProgramStateRef state, SVal lhs, SVal rhs)
Definition: SValBuilder.cpp:437

clang::ento::SValBuilder::makeLoc
Loc makeLoc(SymbolRef sym)
Definition: SValBuilder.h:353

clang::ento::SValBuilder::makeZeroVal
DefinedOrUnknownSVal makeZeroVal(QualType type)
Construct an SVal representing &#39;0&#39; for the specified type.
Definition: SValBuilder.cpp:52

clang::BlockDecl
Represents a block literal declaration, which is like an unnamed FunctionDecl.
Definition: Decl.h:3951

clang::Expr
This represents one expression.
Definition: Expr.h:108

clang::ento::SymbolManager::getSymIntExpr
const SymIntExpr * getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode op, const llvm::APSInt &rhs, QualType t)

ProgramState.h

AnalysisManager.h

clang::Type::isNullPtrType
bool isNullPtrType() const
Definition: Type.h:6675

clang::ento::SValBuilder::ArrayIndexTy
const QualType ArrayIndexTy
The scalar type to use for array indices.
Definition: SValBuilder.h:70

clang::ento::SValBuilder::getConditionType
QualType getConditionType() const
Definition: SValBuilder.h:160

clang::Type::isAnyComplexType
bool isAnyComplexType() const
Definition: Type.h:6479

clang::Expr::getType
QualType getType() const
Definition: Expr.h:137

clang::ento::SValBuilder::evalBinOpLL
virtual SVal evalBinOpLL(ProgramStateRef state, BinaryOperator::Opcode op, Loc lhs, Loc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with two memory location operands.

Stmt.h

clang::ento::SValBuilder::evalBinOp
SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, SVal lhs, SVal rhs, QualType type)
Definition: SValBuilder.cpp:404

clang::ento::NonLoc
Definition: SVals.h:298

clang::ento::ProgramStateManager::getStoreManager
StoreManager & getStoreManager()
Definition: ProgramState.h:532

clang::Qualifiers::removeCVRQualifiers
void removeCVRQualifiers(unsigned mask)
Definition: Type.h:277

clang::CXXBoolLiteralExpr::getValue
bool getValue() const
Definition: ExprCXX.h:657

clang::ento::SVal::getAs
Optional< T > getAs() const
Convert to the specified SVal type, returning None if this SVal is not of the desired type...
Definition: SVals.h:111

AnalysisDeclContext.h

clang::ento::SymbolManager::getCastSymbol
const SymbolCast * getCastSymbol(const SymExpr *Operand, QualType From, QualType To)
Definition: SymbolManager.cpp:254

clang::ento::SymbolManager::getSymSymExpr
const SymSymExpr * getSymSymExpr(const SymExpr *lhs, BinaryOperator::Opcode op, const SymExpr *rhs, QualType t)
Definition: SymbolManager.cpp:305

clang::prec::PointerToMember
Definition: OperatorPrecedence.h:42

clang::QualType::getCanonicalType
QualType getCanonicalType() const
Definition: Type.h:6187

clang::ento::Loc
Definition: SVals.h:320

llvm::IntrusiveRefCntPtr< const ProgramState >

clang::ento::SValBuilder::conjureSymbolVal
DefinedOrUnknownSVal conjureSymbolVal(const void *symbolTag, const Expr *expr, const LocationContext *LCtx, unsigned count)
Create a new symbol with a unique &#39;name&#39;.

clang::Expr::isNullPointerConstant
NullPointerConstantKind isNullPointerConstant(ASTContext &Ctx, NullPointerConstantValueDependence NPC) const
isNullPointerConstant - C99 6.3.2.3p3 - Test if this reduces down to a Null pointer constant...
Definition: Expr.cpp:3684

clang::ento::SValBuilder::SymMgr
SymbolManager SymMgr
Manages the creation of symbols.
Definition: SValBuilder.h:62

APSInt
llvm::APSInt APSInt
Definition: ByteCodeEmitter.cpp:18

clang::ento::SValBuilder::evalCastFromLoc
virtual SVal evalCastFromLoc(Loc val, QualType castTy)=0

clang::ento::SymbolManager::getMetadataSymbol
const SymbolMetadata * getMetadataSymbol(const MemRegion *R, const Stmt *S, QualType T, const LocationContext *LCtx, unsigned VisitCount, const void *SymbolTag=nullptr)
Creates a metadata symbol associated with a specific region.
Definition: SymbolManager.cpp:236

clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition: SVals.cpp:151

clang::CXXMethodDecl
Represents a static or instance method of a struct/union/class.
Definition: DeclCXX.h:1905

clang::ento::SValBuilder::getContext
ASTContext & getContext()
Definition: SValBuilder.h:155

clang::ento::SymbolManager::getRegionValueSymbol
const SymbolRegionValue * getRegionValueSymbol(const TypedValueRegion *R)
Make a unique symbol for MemRegion R according to its kind.
Definition: SymbolManager.cpp:168

clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value...
Definition: SVals.h:75

clang::CanQual< Type >

clang::Expr::NPC_ValueDependentIsNotNull
Specifies that a value-dependent expression should be considered to never be a null pointer constant...
Definition: Expr.h:737

clang::ento::AnalysisManager::options
AnalyzerOptions & options
Definition: AnalysisManager.h:45

shouldBeModeledWithNoOp
static bool shouldBeModeledWithNoOp(ASTContext &Context, QualType ToTy, QualType FromTy)
Recursively check if the pointer types are equal modulo const, volatile, and restrict qualifiers...
Definition: SValBuilder.cpp:456

SValBuilder.h

clang::ento::SValBuilder::getConjuredHeapSymbolVal
DefinedOrUnknownSVal getConjuredHeapSymbolVal(const Expr *E, const LocationContext *LCtx, unsigned Count)
Conjure a symbol representing heap allocated memory region.
Definition: SValBuilder.cpp:191

clang::Type::isVectorType
bool isVectorType() const
Definition: Type.h:6483

SymbolManager.h

clang::ento::SValBuilder::evalBinOpNN
virtual SVal evalBinOpNN(ProgramStateRef state, BinaryOperator::Opcode op, NonLoc lhs, NonLoc rhs, QualType resultTy)=0
Create a new value which represents a binary expression with two non- location operands.

clang::ento::SValBuilder::ArrayIndexWidth
const unsigned ArrayIndexWidth
The width of the scalar type used for array indices.
Definition: SValBuilder.h:73

clang::ento::MemRegionManager::getSymbolicHeapRegion
const SymbolicRegion * getSymbolicHeapRegion(SymbolRef sym)
Return a unique symbolic region belonging to heap memory space.
Definition: MemRegion.cpp:1027

Decl.h

clang
Dataflow Directional Tag Classes.
Definition: CFGReachabilityAnalysis.h:21

clang::ento::ProgramStateManager::ArrayToPointer
SVal ArrayToPointer(Loc Array, QualType ElementTy)
Definition: ProgramState.h:542

clang::Expr::EvalResult
EvalResult is a struct with detailed info about an evaluated expression.
Definition: Expr.h:580

clang::ento::SVal::isZeroConstant
bool isZeroConstant() const
Definition: SVals.cpp:234

type

clang::Stmt::getStmtClass
StmtClass getStmtClass() const
Definition: Stmt.h:1097

clang::Type::isBooleanType
bool isBooleanType() const
Definition: Type.h:6767

clang::ento::SValBuilder::evalEQ
SVal evalEQ(ProgramStateRef state, SVal lhs, SVal rhs)
Definition: SValBuilder.cpp:442

clang::ento::nonloc::SymbolVal
Represents symbolic expression that isn&#39;t a location.
Definition: SVals.h:349

clang::ento::SValBuilder::convertToArrayIndex
SVal convertToArrayIndex(SVal val)
Definition: SValBuilder.cpp:99

clang::ento::MemRegionManager::getFunctionCodeRegion
const FunctionCodeRegion * getFunctionCodeRegion(const NamedDecl *FD)
Definition: MemRegion.cpp:1011

clang::ento::SValBuilder::getMetadataSymbolVal
DefinedSVal getMetadataSymbolVal(const void *symbolTag, const MemRegion *region, const Expr *expr, QualType type, const LocationContext *LCtx, unsigned count)
Definition: SValBuilder.cpp:204

clang::ento::SVal::castAs
T castAs() const
Convert to the specified SVal type, asserting that this SVal is of the desired type.
Definition: SVals.h:103

clang::ento::SValBuilder::getBasicValueFactory
BasicValueFactory & getBasicValueFactory()
Definition: SValBuilder.h:168

SymExpr.h

clang::ento::SValBuilder::getMemberPointer
DefinedSVal getMemberPointer(const DeclaratorDecl *DD)
Definition: SValBuilder.cpp:239

clang::Type::isFunctionType
bool isFunctionType() const
Definition: Type.h:6387

clang::ento::nonloc::LazyCompoundVal
Definition: SVals.h:486

clang::ento::SVal::getAsSymExpr
const SymExpr * getAsSymExpr() const
Definition: SVals.cpp:144

clang::StackFrameContext
Definition: AnalysisDeclContext.h:296

clang::ento::nonloc::LocAsInteger
Definition: SVals.h:410

clang::ento::MemRegionManager::getBlockDataRegion
const BlockDataRegion * getBlockDataRegion(const BlockCodeRegion *bc, const LocationContext *lc, unsigned blockCount)
getBlockDataRegion - Get the memory region associated with an instance of a block.
Definition: MemRegion.cpp:939

clang::ASTContext::getCanonicalType
CanQualType getCanonicalType(QualType T) const
Return the canonical (structural) type corresponding to the specified potentially non-canonical type ...
Definition: ASTContext.h:2289

clang::ento::ProgramStateManager::getOwningEngine
SubEngine & getOwningEngine()
Definition: ProgramState.h:534

DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate.h) and friends (in DeclFriend.h).

clang::Expr::EvaluateAsInt
bool EvaluateAsInt(EvalResult &Result, const ASTContext &Ctx, SideEffectsKind AllowSideEffects=SE_NoSideEffects, bool InConstantContext=false) const
EvaluateAsInt - Return true if this is a constant which we can fold and convert to an integer...
Definition: ExprConstant.cpp:13509

clang::CXXRecordDecl
Represents a C++ struct/union/class.
Definition: DeclCXX.h:255

clang::Type::isVoidType
bool isVoidType() const
Definition: Type.h:6650

clang::ento::SValBuilder::getConstantVal
Optional< SVal > getConstantVal(const Expr *E)
Returns the value of E, if it can be determined in a non-path-sensitive manner.
Definition: SValBuilder.cpp:285

clang::ASTContext::getPointerType
QualType getPointerType(QualType T) const
Return the uniqued reference to the type for a pointer to the specified type.
Definition: ASTContext.cpp:2944

clang::ento::UnknownVal
Definition: SVals.h:250

clang::ento::SVal::isUndef
bool isUndef() const
Definition: SVals.h:140

clang::Type::isPointerType
bool isPointerType() const
Definition: Type.h:6391

clang::ento::SValBuilder::makeTruthVal
nonloc::ConcreteInt makeTruthVal(bool b, QualType type)
Definition: SValBuilder.h:334

clang::CXXBoolLiteralExpr
A boolean literal, per ([C++ lex.bool] Boolean literals).
Definition: ExprCXX.h:645

clang::APValue::getInt
APSInt & getInt()
Definition: APValue.h:380

clang::LocationContext::getAnalysisDeclContext
AnalysisDeclContext * getAnalysisDeclContext() const
Definition: AnalysisDeclContext.h:245

clang::ento::loc::MemRegionVal
Definition: SVals.h:598

clang::Type::isFunctionPointerType
bool isFunctionPointerType() const
Definition: Type.h:6415

clang::ento::ConditionTruthVal
Definition: ConstraintManager.h:38

clang::ASTContext::getUnqualifiedArrayType
QualType getUnqualifiedArrayType(QualType T, Qualifiers &Quals)
Return this type as a completely-unqualified array type, capturing the qualifiers in Quals...
Definition: ASTContext.cpp:5169

clang::ento::SVal::isUnknownOrUndef
bool isUnknownOrUndef() const
Definition: SVals.h:144

clang::ento::BasicValueFactory::getEmptySValList
llvm::ImmutableList< SVal > getEmptySValList()
Definition: BasicValueFactory.h:231

clang::Expr::IgnoreParens
Expr * IgnoreParens() LLVM_READONLY
Skip past any parentheses which might surround this expression until reaching a fixed point...
Definition: Expr.cpp:2962

clang::ento::SubEngine::getAnalysisManager
virtual AnalysisManager & getAnalysisManager()=0