clang 20.0.0git
SVals.cpp
Go to the documentation of this file.
1//===-- SVals.cpp - Abstract RValues for Path-Sens. Value Tracking --------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines SVal, Loc, and NonLoc, classes that represent
10// abstract r-values for use with path-sensitive value tracking.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
15#include "clang/AST/ASTContext.h"
16#include "clang/AST/Decl.h"
17#include "clang/AST/DeclCXX.h"
18#include "clang/AST/Expr.h"
19#include "clang/AST/Type.h"
20#include "clang/Basic/JsonSupport.h"
21#include "clang/Basic/LLVM.h"
22#include "clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h"
23#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
24#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
25#include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h"
26#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
27#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
28#include "llvm/Support/Casting.h"
29#include "llvm/Support/Compiler.h"
30#include "llvm/Support/ErrorHandling.h"
31#include "llvm/Support/raw_ostream.h"
32#include <cassert>
33#include <optional>
34
35using namespace clang;
36using namespace ento;
37
38//===----------------------------------------------------------------------===//
39// Symbol iteration within an SVal.
40//===----------------------------------------------------------------------===//
41
42//===----------------------------------------------------------------------===//
43// Utility methods.
44//===----------------------------------------------------------------------===//
45
46const FunctionDecl *SVal::getAsFunctionDecl() const {
47 if (std::optional<loc::MemRegionVal> X = getAs<loc::MemRegionVal>()) {
48 const MemRegion* R = X->getRegion();
49 if (const FunctionCodeRegion *CTR = R->getAs<FunctionCodeRegion>())
50 if (const auto *FD = dyn_cast<FunctionDecl>(CTR->getDecl()))
51 return FD;
52 }
53
54 if (auto X = getAs<nonloc::PointerToMember>()) {
55 if (const auto *MD = dyn_cast_or_null<CXXMethodDecl>(X->getDecl()))
56 return MD;
57 }
58 return nullptr;
59}
60
61/// If this SVal is a location (subclasses Loc) and wraps a symbol,
62/// return that SymbolRef. Otherwise return 0.
63///
64/// Implicit casts (ex: void* -> char*) can turn Symbolic region into Element
65/// region. If that is the case, gets the underlining region.
66/// When IncludeBaseRegions is set to true and the SubRegion is non-symbolic,
67/// the first symbolic parent region is returned.
68SymbolRef SVal::getAsLocSymbol(bool IncludeBaseRegions) const {
69 // FIXME: should we consider SymbolRef wrapped in CodeTextRegion?
70 if (const MemRegion *R = getAsRegion())
71 if (const SymbolicRegion *SymR =
72 IncludeBaseRegions ? R->getSymbolicBase()
73 : dyn_cast<SymbolicRegion>(R->StripCasts()))
74 return SymR->getSymbol();
75
76 return nullptr;
77}
78
79/// Get the symbol in the SVal or its base region.
80SymbolRef SVal::getLocSymbolInBase() const {
81 std::optional<loc::MemRegionVal> X = getAs<loc::MemRegionVal>();
82
83 if (!X)
84 return nullptr;
85
86 const MemRegion *R = X->getRegion();
87
88 while (const auto *SR = dyn_cast<SubRegion>(R)) {
89 if (const auto *SymR = dyn_cast<SymbolicRegion>(SR))
90 return SymR->getSymbol();
91 else
92 R = SR->getSuperRegion();
93 }
94
95 return nullptr;
96}
97
98/// If this SVal wraps a symbol return that SymbolRef.
99/// Otherwise, return 0.
100///
101/// Casts are ignored during lookup.
102/// \param IncludeBaseRegions The boolean that controls whether the search
103/// should continue to the base regions if the region is not symbolic.
104SymbolRef SVal::getAsSymbol(bool IncludeBaseRegions) const {
105 // FIXME: should we consider SymbolRef wrapped in CodeTextRegion?
106 if (std::optional<nonloc::SymbolVal> X = getAs<nonloc::SymbolVal>())
107 return X->getSymbol();
108
109 return getAsLocSymbol(IncludeBaseRegions);
110}
111
112const llvm::APSInt *SVal::getAsInteger() const {
113 if (auto CI = getAs<nonloc::ConcreteInt>())
114 return &CI->getValue();
115 if (auto CI = getAs<loc::ConcreteInt>())
116 return &CI->getValue();
117 return nullptr;
118}
119
120const MemRegion *SVal::getAsRegion() const {
121 if (std::optional<loc::MemRegionVal> X = getAs<loc::MemRegionVal>())
122 return X->getRegion();
123
124 if (std::optional<nonloc::LocAsInteger> X = getAs<nonloc::LocAsInteger>())
125 return X->getLoc().getAsRegion();
126
127 return nullptr;
128}
129
130namespace {
131class TypeRetrievingVisitor
132 : public FullSValVisitor<TypeRetrievingVisitor, QualType> {
133private:
134 const ASTContext &Context;
135
136public:
137 TypeRetrievingVisitor(const ASTContext &Context) : Context(Context) {}
138
139 QualType VisitMemRegionVal(loc::MemRegionVal MRV) {
140 return Visit(MRV.getRegion());
141 }
142 QualType VisitGotoLabel(loc::GotoLabel GL) {
143 return QualType{Context.VoidPtrTy};
144 }
145 template <class ConcreteInt> QualType VisitConcreteInt(ConcreteInt CI) {
146 const llvm::APSInt &Value = CI.getValue();
147 if (1 == Value.getBitWidth())
148 return Context.BoolTy;
149 return Context.getIntTypeForBitwidth(Value.getBitWidth(), Value.isSigned());
150 }
151 QualType VisitLocAsInteger(nonloc::LocAsInteger LI) {
152 QualType NestedType = Visit(LI.getLoc());
153 if (NestedType.isNull())
154 return NestedType;
155
156 return Context.getIntTypeForBitwidth(LI.getNumBits(),
157 NestedType->isSignedIntegerType());
158 }
159 QualType VisitCompoundVal(nonloc::CompoundVal CV) {
160 return CV.getValue()->getType();
161 }
162 QualType VisitLazyCompoundVal(nonloc::LazyCompoundVal LCV) {
163 return LCV.getRegion()->getValueType();
164 }
165 QualType VisitSymbolVal(nonloc::SymbolVal SV) {
166 return Visit(SV.getSymbol());
167 }
168 QualType VisitSymbolicRegion(const SymbolicRegion *SR) {
169 return Visit(SR->getSymbol());
170 }
171 QualType VisitAllocaRegion(const AllocaRegion *) {
172 return QualType{Context.VoidPtrTy};
173 }
174 QualType VisitTypedRegion(const TypedRegion *TR) {
175 return TR->getLocationType();
176 }
177 QualType VisitSymExpr(const SymExpr *SE) { return SE->getType(); }
178};
179} // end anonymous namespace
180
181QualType SVal::getType(const ASTContext &Context) const {
182 TypeRetrievingVisitor TRV{Context};
183 return TRV.Visit(*this);
184}
185
186const MemRegion *loc::MemRegionVal::stripCasts(bool StripBaseCasts) const {
187 return getRegion()->StripCasts(StripBaseCasts);
188}
189
190const void *nonloc::LazyCompoundVal::getStore() const {
191 return static_cast<const LazyCompoundValData*>(Data)->getStore();
192}
193
194const TypedValueRegion *nonloc::LazyCompoundVal::getRegion() const {
195 return static_cast<const LazyCompoundValData*>(Data)->getRegion();
196}
197
198bool nonloc::PointerToMember::isNullMemberPointer() const {
199 return getPTMData().isNull();
200}
201
202const NamedDecl *nonloc::PointerToMember::getDecl() const {
203 const auto PTMD = this->getPTMData();
204 if (PTMD.isNull())
205 return nullptr;
206
207 const NamedDecl *ND = nullptr;
208 if (PTMD.is<const NamedDecl *>())
209 ND = PTMD.get<const NamedDecl *>();
210 else
211 ND = PTMD.get<const PointerToMemberData *>()->getDeclaratorDecl();
212
213 return ND;
214}
215
216//===----------------------------------------------------------------------===//
217// Other Iterators.
218//===----------------------------------------------------------------------===//
219
220nonloc::CompoundVal::iterator nonloc::CompoundVal::begin() const {
221 return getValue()->begin();
222}
223
224nonloc::CompoundVal::iterator nonloc::CompoundVal::end() const {
225 return getValue()->end();
226}
227
228nonloc::PointerToMember::iterator nonloc::PointerToMember::begin() const {
229 const PTMDataType PTMD = getPTMData();
230 if (PTMD.is<const NamedDecl *>())
231 return {};
232 return PTMD.get<const PointerToMemberData *>()->begin();
233}
234
235nonloc::PointerToMember::iterator nonloc::PointerToMember::end() const {
236 const PTMDataType PTMD = getPTMData();
237 if (PTMD.is<const NamedDecl *>())
238 return {};
239 return PTMD.get<const PointerToMemberData *>()->end();
240}
241
242//===----------------------------------------------------------------------===//
243// Useful predicates.
244//===----------------------------------------------------------------------===//
245
246bool SVal::isConstant() const {
247 return getAs<nonloc::ConcreteInt>() || getAs<loc::ConcreteInt>();
248}
249
250bool SVal::isConstant(int I) const {
251 if (std::optional<loc::ConcreteInt> LV = getAs<loc::ConcreteInt>())
252 return LV->getValue() == I;
253 if (std::optional<nonloc::ConcreteInt> NV = getAs<nonloc::ConcreteInt>())
254 return NV->getValue() == I;
255 return false;
256}
257
258bool SVal::isZeroConstant() const {
259 return isConstant(0);
260}
261
262//===----------------------------------------------------------------------===//
263// Pretty-Printing.
264//===----------------------------------------------------------------------===//
265
266LLVM_DUMP_METHOD void SVal::dump() const { dumpToStream(llvm::errs()); }
267
268void SVal::printJson(raw_ostream &Out, bool AddQuotes) const {
269 std::string Buf;
270 llvm::raw_string_ostream TempOut(Buf);
271
272 dumpToStream(TempOut);
273
274 Out << JsonFormat(Buf, AddQuotes);
275}
276
277void SVal::dumpToStream(raw_ostream &os) const {
278 if (isUndef()) {
279 os << "Undefined";
280 return;
281 }
282 if (isUnknown()) {
283 os << "Unknown";
284 return;
285 }
286 if (NonLoc::classof(*this)) {
287 castAs<NonLoc>().dumpToStream(os);
288 return;
289 }
290 if (Loc::classof(*this)) {
291 castAs<Loc>().dumpToStream(os);
292 return;
293 }
294 llvm_unreachable("Unhandled SVal kind!");
295}
296
297void NonLoc::dumpToStream(raw_ostream &os) const {
298 switch (getKind()) {
299 case nonloc::ConcreteIntKind: {
300 const auto &Value = castAs<nonloc::ConcreteInt>().getValue();
301 os << Value << ' ' << (Value.isSigned() ? 'S' : 'U') << Value.getBitWidth()
302 << 'b';
303 break;
304 }
305 case nonloc::SymbolValKind:
306 os << castAs<nonloc::SymbolVal>().getSymbol();
307 break;
308
309 case nonloc::LocAsIntegerKind: {
310 const nonloc::LocAsInteger& C = castAs<nonloc::LocAsInteger>();
311 os << C.getLoc() << " [as " << C.getNumBits() << " bit integer]";
312 break;
313 }
314 case nonloc::CompoundValKind: {
315 const nonloc::CompoundVal& C = castAs<nonloc::CompoundVal>();
316 os << "compoundVal{";
317 bool first = true;
318 for (const auto &I : C) {
319 if (first) {
320 os << ' '; first = false;
321 }
322 else
323 os << ", ";
324
325 I.dumpToStream(os);
326 }
327 os << "}";
328 break;
329 }
330 case nonloc::LazyCompoundValKind: {
331 const nonloc::LazyCompoundVal &C = castAs<nonloc::LazyCompoundVal>();
332 os << "lazyCompoundVal{" << const_cast<void *>(C.getStore())
333 << ',' << C.getRegion()
334 << '}';
335 break;
336 }
337 case nonloc::PointerToMemberKind: {
338 os << "pointerToMember{";
339 const nonloc::PointerToMember &CastRes =
340 castAs<nonloc::PointerToMember>();
341 if (CastRes.getDecl())
342 os << "|" << CastRes.getDecl()->getQualifiedNameAsString() << "|";
343 bool first = true;
344 for (const auto &I : CastRes) {
345 if (first) {
346 os << ' '; first = false;
347 }
348 else
349 os << ", ";
350
351 os << I->getType();
352 }
353
354 os << '}';
355 break;
356 }
357 default:
358 assert(false && "Pretty-printed not implemented for this NonLoc.");
359 break;
360 }
361}
362
363void Loc::dumpToStream(raw_ostream &os) const {
364 switch (getKind()) {
365 case loc::ConcreteIntKind:
366 os << castAs<loc::ConcreteInt>().getValue().getZExtValue() << " (Loc)";
367 break;
368 case loc::GotoLabelKind:
369 os << "&&" << castAs<loc::GotoLabel>().getLabel()->getName();
370 break;
371 case loc::MemRegionValKind:
372 os << '&' << castAs<loc::MemRegionVal>().getRegion()->getString();
373 break;
374 default:
375 llvm_unreachable("Pretty-printing not implemented for this Loc.");
376 }
377}
ASTContext.h
Defines the clang::ASTContext interface.
getRegion
static const MemRegion * getRegion(const CallEvent &Call, const MutexDescriptor &Descriptor, bool IsLock)
Definition: BlockInCriticalSectionChecker.cpp:244
getKind
static Decl::Kind getKind(const Decl *D)
Definition: DeclBase.cpp:1171
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....
X
#define X(type, name)
Definition: Value.h:143
LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified.
Type.h
C Language Family Type Representation.
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:187
clang::ASTContext::VoidPtrTy
CanQualType VoidPtrTy
Definition: ASTContext.h:1146
clang::ASTContext::BoolTy
CanQualType BoolTy
Definition: ASTContext.h:1120
clang::ASTContext::getIntTypeForBitwidth
QualType getIntTypeForBitwidth(unsigned DestWidth, unsigned Signed) const
getIntTypeForBitwidth - sets integer QualTy according to specified details: bitwidth,...
Definition: ASTContext.cpp:12648
clang::FunctionDecl
Represents a function declaration or definition.
Definition: Decl.h:1932
clang::NamedDecl
This represents a decl that may have a name.
Definition: Decl.h:249
clang::NamedDecl::getQualifiedNameAsString
std::string getQualifiedNameAsString() const
Definition: Decl.cpp:1668
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:941
clang::QualType::isNull
bool isNull() const
Return true if this QualType doesn't point to a type yet.
Definition: Type.h:1008
clang::Type::isSignedIntegerType
bool isSignedIntegerType() const
Return true if this is an integer type that is signed, according to C99 6.2.5p4 [char,...
Definition: Type.cpp:2146
clang::ento::AllocaRegion
AllocaRegion - A region that represents an untyped blob of bytes created by a call to 'alloca'.
Definition: MemRegion.h:478
clang::ento::FullSValVisitor
FullSValVisitor - a convenient mixed visitor for all three: SVal, SymExpr and MemRegion subclasses.
Definition: SValVisitor.h:130
clang::ento::FunctionCodeRegion
FunctionCodeRegion - A region that represents code texts of function.
Definition: MemRegion.h:584
clang::ento::Loc::dumpToStream
void dumpToStream(raw_ostream &Out) const
Definition: SVals.cpp:363
clang::ento::Loc::classof
static bool classof(SVal V)
Definition: SVals.h:264
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:97
clang::ento::MemRegion::StripCasts
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * StripCasts(bool StripBaseAndDerivedCasts=true) const
Definition: MemRegion.cpp:1389
clang::ento::MemRegion::getSymbolicBase
const SymbolicRegion * getSymbolicBase() const
If this is a symbolic region, returns the region.
Definition: MemRegion.cpp:1412
clang::ento::MemRegion::getAs
const RegionTy * getAs() const
Definition: MemRegion.h:1388
clang::ento::NonLoc::classof
static bool classof(SVal V)
Definition: SVals.h:247
clang::ento::NonLoc::dumpToStream
void dumpToStream(raw_ostream &Out) const
Definition: SVals.cpp:297
clang::ento::SVal::isZeroConstant
bool isZeroConstant() const
Definition: SVals.cpp:258
clang::ento::SVal::dumpToStream
void dumpToStream(raw_ostream &OS) const
Definition: SVals.cpp:277
clang::ento::SVal::dump
void dump() const
Definition: SVals.cpp:266
clang::ento::SVal::getAsSymbol
SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const
If this SVal wraps a symbol return that SymbolRef.
Definition: SVals.cpp:104
clang::ento::SVal::getAsFunctionDecl
const FunctionDecl * getAsFunctionDecl() const
getAsFunctionDecl - If this SVal is a MemRegionVal and wraps a CodeTextRegion wrapping a FunctionDecl...
Definition: SVals.cpp:46
clang::ento::SVal::printJson
void printJson(raw_ostream &Out, bool AddQuotes) const
printJson - Pretty-prints in JSON format.
Definition: SVals.cpp:268
clang::ento::SVal::isConstant
bool isConstant() const
Definition: SVals.cpp:246
clang::ento::SVal::getType
QualType getType(const ASTContext &) const
Try to get a reasonable type for the given value.
Definition: SVals.cpp:181
clang::ento::SVal::getAsInteger
const llvm::APSInt * getAsInteger() const
If this SVal is loc::ConcreteInt or nonloc::ConcreteInt, return a pointer to APSInt which is held in ...
Definition: SVals.cpp:112
clang::ento::SVal::getAsLocSymbol
SymbolRef getAsLocSymbol(bool IncludeBaseRegions=false) const
If this SVal is a location and wraps a symbol, return that SymbolRef.
Definition: SVals.cpp:68
clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition: SVals.cpp:120
clang::ento::SVal::getLocSymbolInBase
SymbolRef getLocSymbolInBase() const
Get the symbol in the SVal or its base region.
Definition: SVals.cpp:80
clang::ento::SymExpr
Symbolic value.
Definition: SymExpr.h:30
clang::ento::SymExpr::getType
virtual QualType getType() const =0
clang::ento::SymbolicRegion
SymbolicRegion - A special, "non-concrete" region.
Definition: MemRegion.h:780
clang::ento::SymbolicRegion::getSymbol
SymbolRef getSymbol() const
It might return null.
Definition: MemRegion.h:799
clang::ento::TypedRegion
TypedRegion - An abstract class representing regions that are typed.
Definition: MemRegion.h:511
clang::ento::TypedRegion::getLocationType
virtual QualType getLocationType() const =0
clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition: MemRegion.h:535
clang::ento::TypedValueRegion::getValueType
virtual QualType getValueType() const =0
clang::ento::loc::MemRegionVal::stripCasts
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * stripCasts(bool StripBaseCasts=true) const
Get the underlining region and strip casts.
Definition: SVals.cpp:186
clang::ento::loc::MemRegionVal::getRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getRegion() const
Get the underlining region.
Definition: SVals.h:487
clang::ento::nonloc::CompoundVal
The simplest example of a concrete compound value is nonloc::CompoundVal, which represents a concrete...
Definition: SVals.h:333
clang::ento::nonloc::CompoundVal::getValue
LLVM_ATTRIBUTE_RETURNS_NONNULL const CompoundValData * getValue() const
Definition: SVals.h:342
clang::ento::nonloc::CompoundVal::iterator
llvm::ImmutableList< SVal >::iterator iterator
Definition: SVals.h:346
clang::ento::nonloc::LazyCompoundVal
While nonloc::CompoundVal covers a few simple use cases, nonloc::LazyCompoundVal is a more performant...
Definition: SVals.h:383
clang::ento::nonloc::LazyCompoundVal::getRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const TypedValueRegion * getRegion() const
This function itself is immaterial.
Definition: SVals.cpp:194
clang::ento::nonloc::LazyCompoundVal::getStore
const void * getStore() const
It might return null.
Definition: SVals.cpp:190
clang::ento::nonloc::LocAsInteger::getNumBits
unsigned getNumBits() const
Definition: SVals.h:322
clang::ento::nonloc::PointerToMember
Value representing pointer-to-member.
Definition: SVals.h:428
clang::ento::nonloc::PointerToMember::PTMDataType
llvm::PointerUnion< const NamedDecl *, const PointerToMemberData * > PTMDataType
Definition: SVals.h:433
clang::ento::nonloc::PointerToMember::iterator
llvm::ImmutableList< const CXXBaseSpecifier * >::iterator iterator
Definition: SVals.h:448
clang::ento::nonloc::PointerToMember::getDecl
const NamedDecl * getDecl() const
Definition: SVals.cpp:202
clang::ento::nonloc::SymbolVal
Represents symbolic expression that isn't a location.
Definition: SVals.h:276
clang::ento::nonloc::SymbolVal::getSymbol
LLVM_ATTRIBUTE_RETURNS_NONNULL SymbolRef getSymbol() const
Definition: SVals.h:285
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition: CalledOnceCheck.h:17
clang::JsonFormat
std::string JsonFormat(StringRef RawSR, bool AddQuotes)
Definition: JsonSupport.h:28
Generated on Tue Nov 19 2024 23:05:34 for clang by doxygen 1.9.6