clang 20.0.0git
StackAddrEscapeChecker.cpp
Go to the documentation of this file.
1//=== StackAddrEscapeChecker.cpp ----------------------------------*- C++ -*--//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines stack address leak checker, which checks if an invalid
10// stack address is stored into a global or heap location. See CERT DCL30-C.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/AST/ExprCXX.h"
15#include "clang/Basic/SourceManager.h"
16#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
17#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
18#include "clang/StaticAnalyzer/Core/Checker.h"
19#include "clang/StaticAnalyzer/Core/CheckerManager.h"
20#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
21#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
22#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
23#include "llvm/ADT/SmallString.h"
24#include "llvm/Support/raw_ostream.h"
25using namespace clang;
26using namespace ento;
27
28namespace {
29class StackAddrEscapeChecker
30 : public Checker<check::PreCall, check::PreStmt<ReturnStmt>,
31 check::EndFunction> {
32 mutable IdentifierInfo *dispatch_semaphore_tII = nullptr;
33 mutable std::unique_ptr<BugType> BT_stackleak;
34 mutable std::unique_ptr<BugType> BT_returnstack;
35 mutable std::unique_ptr<BugType> BT_capturedstackasync;
36 mutable std::unique_ptr<BugType> BT_capturedstackret;
37
38public:
39 enum CheckKind {
40 CK_StackAddrEscapeChecker,
41 CK_StackAddrAsyncEscapeChecker,
42 CK_NumCheckKinds
43 };
44
45 bool ChecksEnabled[CK_NumCheckKinds] = {false};
46 CheckerNameRef CheckNames[CK_NumCheckKinds];
47
48 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
49 void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;
50 void checkEndFunction(const ReturnStmt *RS, CheckerContext &Ctx) const;
51
52private:
53 void checkReturnedBlockCaptures(const BlockDataRegion &B,
54 CheckerContext &C) const;
55 void checkAsyncExecutedBlockCaptures(const BlockDataRegion &B,
56 CheckerContext &C) const;
57 void EmitStackError(CheckerContext &C, const MemRegion *R,
58 const Expr *RetE) const;
59 bool isSemaphoreCaptured(const BlockDecl &B) const;
60 static SourceRange genName(raw_ostream &os, const MemRegion *R,
61 ASTContext &Ctx);
62 static SmallVector<const MemRegion *, 4>
63 getCapturedStackRegions(const BlockDataRegion &B, CheckerContext &C);
64 static bool isNotInCurrentFrame(const MemRegion *R, CheckerContext &C);
65};
66} // namespace
67
68SourceRange StackAddrEscapeChecker::genName(raw_ostream &os, const MemRegion *R,
69 ASTContext &Ctx) {
70 // Get the base region, stripping away fields and elements.
71 R = R->getBaseRegion();
72 SourceManager &SM = Ctx.getSourceManager();
73 SourceRange range;
74 os << "Address of ";
75
76 // Check if the region is a compound literal.
77 if (const auto *CR = dyn_cast<CompoundLiteralRegion>(R)) {
78 const CompoundLiteralExpr *CL = CR->getLiteralExpr();
79 os << "stack memory associated with a compound literal "
80 "declared on line "
81 << SM.getExpansionLineNumber(CL->getBeginLoc()) << " returned to caller";
82 range = CL->getSourceRange();
83 } else if (const auto *AR = dyn_cast<AllocaRegion>(R)) {
84 const Expr *ARE = AR->getExpr();
85 SourceLocation L = ARE->getBeginLoc();
86 range = ARE->getSourceRange();
87 os << "stack memory allocated by call to alloca() on line "
88 << SM.getExpansionLineNumber(L);
89 } else if (const auto *BR = dyn_cast<BlockDataRegion>(R)) {
90 const BlockDecl *BD = BR->getCodeRegion()->getDecl();
91 SourceLocation L = BD->getBeginLoc();
92 range = BD->getSourceRange();
93 os << "stack-allocated block declared on line "
94 << SM.getExpansionLineNumber(L);
95 } else if (const auto *VR = dyn_cast<VarRegion>(R)) {
96 os << "stack memory associated with local variable '" << VR->getString()
97 << '\'';
98 range = VR->getDecl()->getSourceRange();
99 } else if (const auto *LER = dyn_cast<CXXLifetimeExtendedObjectRegion>(R)) {
100 QualType Ty = LER->getValueType().getLocalUnqualifiedType();
101 os << "stack memory associated with temporary object of type '";
102 Ty.print(os, Ctx.getPrintingPolicy());
103 os << "' lifetime extended by local variable";
104 if (const IdentifierInfo *ID = LER->getExtendingDecl()->getIdentifier())
105 os << " '" << ID->getName() << '\'';
106 range = LER->getExpr()->getSourceRange();
107 } else if (const auto *TOR = dyn_cast<CXXTempObjectRegion>(R)) {
108 QualType Ty = TOR->getValueType().getLocalUnqualifiedType();
109 os << "stack memory associated with temporary object of type '";
110 Ty.print(os, Ctx.getPrintingPolicy());
111 os << "'";
112 range = TOR->getExpr()->getSourceRange();
113 } else {
114 llvm_unreachable("Invalid region in ReturnStackAddressChecker.");
115 }
116
117 return range;
118}
119
120bool StackAddrEscapeChecker::isNotInCurrentFrame(const MemRegion *R,
121 CheckerContext &C) {
122 const StackSpaceRegion *S = cast<StackSpaceRegion>(R->getMemorySpace());
123 return S->getStackFrame() != C.getStackFrame();
124}
125
126bool StackAddrEscapeChecker::isSemaphoreCaptured(const BlockDecl &B) const {
127 if (!dispatch_semaphore_tII)
128 dispatch_semaphore_tII = &B.getASTContext().Idents.get("dispatch_semaphore_t");
129 for (const auto &C : B.captures()) {
130 const auto *T = C.getVariable()->getType()->getAs<TypedefType>();
131 if (T && T->getDecl()->getIdentifier() == dispatch_semaphore_tII)
132 return true;
133 }
134 return false;
135}
136
137SmallVector<const MemRegion *, 4>
138StackAddrEscapeChecker::getCapturedStackRegions(const BlockDataRegion &B,
139 CheckerContext &C) {
140 SmallVector<const MemRegion *, 4> Regions;
141 for (auto Var : B.referenced_vars()) {
142 SVal Val = C.getState()->getSVal(Var.getCapturedRegion());
143 const MemRegion *Region = Val.getAsRegion();
144 if (Region && isa<StackSpaceRegion>(Region->getMemorySpace()))
145 Regions.push_back(Region);
146 }
147 return Regions;
148}
149
150void StackAddrEscapeChecker::EmitStackError(CheckerContext &C,
151 const MemRegion *R,
152 const Expr *RetE) const {
153 ExplodedNode *N = C.generateNonFatalErrorNode();
154 if (!N)
155 return;
156 if (!BT_returnstack)
157 BT_returnstack = std::make_unique<BugType>(
158 CheckNames[CK_StackAddrEscapeChecker],
159 "Return of address to stack-allocated memory");
160 // Generate a report for this bug.
161 SmallString<128> buf;
162 llvm::raw_svector_ostream os(buf);
163 SourceRange range = genName(os, R, C.getASTContext());
164 os << " returned to caller";
165 auto report =
166 std::make_unique<PathSensitiveBugReport>(*BT_returnstack, os.str(), N);
167 report->addRange(RetE->getSourceRange());
168 if (range.isValid())
169 report->addRange(range);
170 C.emitReport(std::move(report));
171}
172
173void StackAddrEscapeChecker::checkAsyncExecutedBlockCaptures(
174 const BlockDataRegion &B, CheckerContext &C) const {
175 // There is a not-too-uncommon idiom
176 // where a block passed to dispatch_async captures a semaphore
177 // and then the thread (which called dispatch_async) is blocked on waiting
178 // for the completion of the execution of the block
179 // via dispatch_semaphore_wait. To avoid false-positives (for now)
180 // we ignore all the blocks which have captured
181 // a variable of the type "dispatch_semaphore_t".
182 if (isSemaphoreCaptured(*B.getDecl()))
183 return;
184 for (const MemRegion *Region : getCapturedStackRegions(B, C)) {
185 // The block passed to dispatch_async may capture another block
186 // created on the stack. However, there is no leak in this situaton,
187 // no matter if ARC or no ARC is enabled:
188 // dispatch_async copies the passed "outer" block (via Block_copy)
189 // and if the block has captured another "inner" block,
190 // the "inner" block will be copied as well.
191 if (isa<BlockDataRegion>(Region))
192 continue;
193 ExplodedNode *N = C.generateNonFatalErrorNode();
194 if (!N)
195 continue;
196 if (!BT_capturedstackasync)
197 BT_capturedstackasync = std::make_unique<BugType>(
198 CheckNames[CK_StackAddrAsyncEscapeChecker],
199 "Address of stack-allocated memory is captured");
200 SmallString<128> Buf;
201 llvm::raw_svector_ostream Out(Buf);
202 SourceRange Range = genName(Out, Region, C.getASTContext());
203 Out << " is captured by an asynchronously-executed block";
204 auto Report = std::make_unique<PathSensitiveBugReport>(
205 *BT_capturedstackasync, Out.str(), N);
206 if (Range.isValid())
207 Report->addRange(Range);
208 C.emitReport(std::move(Report));
209 }
210}
211
212void StackAddrEscapeChecker::checkReturnedBlockCaptures(
213 const BlockDataRegion &B, CheckerContext &C) const {
214 for (const MemRegion *Region : getCapturedStackRegions(B, C)) {
215 if (isNotInCurrentFrame(Region, C))
216 continue;
217 ExplodedNode *N = C.generateNonFatalErrorNode();
218 if (!N)
219 continue;
220 if (!BT_capturedstackret)
221 BT_capturedstackret = std::make_unique<BugType>(
222 CheckNames[CK_StackAddrEscapeChecker],
223 "Address of stack-allocated memory is captured");
224 SmallString<128> Buf;
225 llvm::raw_svector_ostream Out(Buf);
226 SourceRange Range = genName(Out, Region, C.getASTContext());
227 Out << " is captured by a returned block";
228 auto Report = std::make_unique<PathSensitiveBugReport>(*BT_capturedstackret,
229 Out.str(), N);
230 if (Range.isValid())
231 Report->addRange(Range);
232 C.emitReport(std::move(Report));
233 }
234}
235
236void StackAddrEscapeChecker::checkPreCall(const CallEvent &Call,
237 CheckerContext &C) const {
238 if (!ChecksEnabled[CK_StackAddrAsyncEscapeChecker])
239 return;
240 if (!Call.isGlobalCFunction("dispatch_after") &&
241 !Call.isGlobalCFunction("dispatch_async"))
242 return;
243 for (unsigned Idx = 0, NumArgs = Call.getNumArgs(); Idx < NumArgs; ++Idx) {
244 if (const BlockDataRegion *B = dyn_cast_or_null<BlockDataRegion>(
245 Call.getArgSVal(Idx).getAsRegion()))
246 checkAsyncExecutedBlockCaptures(*B, C);
247 }
248}
249
250void StackAddrEscapeChecker::checkPreStmt(const ReturnStmt *RS,
251 CheckerContext &C) const {
252 if (!ChecksEnabled[CK_StackAddrEscapeChecker])
253 return;
254
255 const Expr *RetE = RS->getRetValue();
256 if (!RetE)
257 return;
258 RetE = RetE->IgnoreParens();
259
260 SVal V = C.getSVal(RetE);
261 const MemRegion *R = V.getAsRegion();
262 if (!R)
263 return;
264
265 if (const BlockDataRegion *B = dyn_cast<BlockDataRegion>(R))
266 checkReturnedBlockCaptures(*B, C);
267
268 if (!isa<StackSpaceRegion>(R->getMemorySpace()) || isNotInCurrentFrame(R, C))
269 return;
270
271 // Returning a record by value is fine. (In this case, the returned
272 // expression will be a copy-constructor, possibly wrapped in an
273 // ExprWithCleanups node.)
274 if (const ExprWithCleanups *Cleanup = dyn_cast<ExprWithCleanups>(RetE))
275 RetE = Cleanup->getSubExpr();
276 if (isa<CXXConstructExpr>(RetE) && RetE->getType()->isRecordType())
277 return;
278
279 // The CK_CopyAndAutoreleaseBlockObject cast causes the block to be copied
280 // so the stack address is not escaping here.
281 if (const auto *ICE = dyn_cast<ImplicitCastExpr>(RetE)) {
282 if (isa<BlockDataRegion>(R) &&
283 ICE->getCastKind() == CK_CopyAndAutoreleaseBlockObject) {
284 return;
285 }
286 }
287
288 EmitStackError(C, R, RetE);
289}
290
291void StackAddrEscapeChecker::checkEndFunction(const ReturnStmt *RS,
292 CheckerContext &Ctx) const {
293 if (!ChecksEnabled[CK_StackAddrEscapeChecker])
294 return;
295
296 ProgramStateRef State = Ctx.getState();
297
298 // Iterate over all bindings to global variables and see if it contains
299 // a memory region in the stack space.
300 class CallBack : public StoreManager::BindingsHandler {
301 private:
302 CheckerContext &Ctx;
303 const StackFrameContext *PoppedFrame;
304
305 /// Look for stack variables referring to popped stack variables.
306 /// Returns true only if it found some dangling stack variables
307 /// referred by an other stack variable from different stack frame.
308 bool checkForDanglingStackVariable(const MemRegion *Referrer,
309 const MemRegion *Referred) {
310 const auto *ReferrerMemSpace =
311 Referrer->getMemorySpace()->getAs<StackSpaceRegion>();
312 const auto *ReferredMemSpace =
313 Referred->getMemorySpace()->getAs<StackSpaceRegion>();
314
315 if (!ReferrerMemSpace || !ReferredMemSpace)
316 return false;
317
318 const auto *ReferrerFrame = ReferrerMemSpace->getStackFrame();
319 const auto *ReferredFrame = ReferredMemSpace->getStackFrame();
320
321 if (ReferrerMemSpace && ReferredMemSpace) {
322 if (ReferredFrame == PoppedFrame &&
323 ReferrerFrame->isParentOf(PoppedFrame)) {
324 V.emplace_back(Referrer, Referred);
325 return true;
326 }
327 }
328 return false;
329 }
330
331 public:
332 SmallVector<std::pair<const MemRegion *, const MemRegion *>, 10> V;
333
334 CallBack(CheckerContext &CC) : Ctx(CC), PoppedFrame(CC.getStackFrame()) {}
335
336 bool HandleBinding(StoreManager &SMgr, Store S, const MemRegion *Region,
337 SVal Val) override {
338 const MemRegion *VR = Val.getAsRegion();
339 if (!VR)
340 return true;
341
342 if (checkForDanglingStackVariable(Region, VR))
343 return true;
344
345 // Check the globals for the same.
346 if (!isa<GlobalsSpaceRegion>(Region->getMemorySpace()))
347 return true;
348 if (VR && VR->hasStackStorage() && !isNotInCurrentFrame(VR, Ctx))
349 V.emplace_back(Region, VR);
350 return true;
351 }
352 };
353
354 CallBack Cb(Ctx);
355 State->getStateManager().getStoreManager().iterBindings(State->getStore(),
356 Cb);
357
358 if (Cb.V.empty())
359 return;
360
361 // Generate an error node.
362 ExplodedNode *N = Ctx.generateNonFatalErrorNode(State);
363 if (!N)
364 return;
365
366 if (!BT_stackleak)
367 BT_stackleak =
368 std::make_unique<BugType>(CheckNames[CK_StackAddrEscapeChecker],
369 "Stack address stored into global variable");
370
371 for (const auto &P : Cb.V) {
372 const MemRegion *Referrer = P.first->getBaseRegion();
373 const MemRegion *Referred = P.second;
374
375 // Generate a report for this bug.
376 const StringRef CommonSuffix =
377 "upon returning to the caller. This will be a dangling reference";
378 SmallString<128> Buf;
379 llvm::raw_svector_ostream Out(Buf);
380 const SourceRange Range = genName(Out, Referred, Ctx.getASTContext());
381
382 if (isa<CXXTempObjectRegion, CXXLifetimeExtendedObjectRegion>(Referrer)) {
383 Out << " is still referred to by a temporary object on the stack "
384 << CommonSuffix;
385 auto Report =
386 std::make_unique<PathSensitiveBugReport>(*BT_stackleak, Out.str(), N);
387 if (Range.isValid())
388 Report->addRange(Range);
389 Ctx.emitReport(std::move(Report));
390 return;
391 }
392
393 const StringRef ReferrerMemorySpace = [](const MemSpaceRegion *Space) {
394 if (isa<StaticGlobalSpaceRegion>(Space))
395 return "static";
396 if (isa<GlobalsSpaceRegion>(Space))
397 return "global";
398 assert(isa<StackSpaceRegion>(Space));
399 return "stack";
400 }(Referrer->getMemorySpace());
401
402 // We should really only have VarRegions here.
403 // Anything else is really surprising, and we should get notified if such
404 // ever happens.
405 const auto *ReferrerVar = dyn_cast<VarRegion>(Referrer);
406 if (!ReferrerVar) {
407 assert(false && "We should have a VarRegion here");
408 continue; // Defensively skip this one.
409 }
410 const std::string ReferrerVarName =
411 ReferrerVar->getDecl()->getDeclName().getAsString();
412
413 Out << " is still referred to by the " << ReferrerMemorySpace
414 << " variable '" << ReferrerVarName << "' " << CommonSuffix;
415 auto Report =
416 std::make_unique<PathSensitiveBugReport>(*BT_stackleak, Out.str(), N);
417 if (Range.isValid())
418 Report->addRange(Range);
419
420 Ctx.emitReport(std::move(Report));
421 }
422}
423
424void ento::registerStackAddrEscapeBase(CheckerManager &mgr) {
425 mgr.registerChecker<StackAddrEscapeChecker>();
426}
427
428bool ento::shouldRegisterStackAddrEscapeBase(const CheckerManager &mgr) {
429 return true;
430}
431
432#define REGISTER_CHECKER(name) \
433 void ento::register##name(CheckerManager &Mgr) { \
434 StackAddrEscapeChecker *Chk = Mgr.getChecker<StackAddrEscapeChecker>(); \
435 Chk->ChecksEnabled[StackAddrEscapeChecker::CK_##name] = true; \
436 Chk->CheckNames[StackAddrEscapeChecker::CK_##name] = \
437 Mgr.getCurrentCheckerName(); \
438 } \
439 \
440 bool ento::shouldRegister##name(const CheckerManager &mgr) { return true; }
441
442REGISTER_CHECKER(StackAddrEscapeChecker)
443REGISTER_CHECKER(StackAddrAsyncEscapeChecker)
V
#define V(N, I)
Definition: ASTContext.h:3341
P
StringRef P
Definition: ASTMatchersInternal.cpp:573
SM
#define SM(sm)
Definition: Cuda.cpp:83
ExprCXX.h
Defines the clang::Expr interface and subclasses for C++ expressions.
SourceManager.h
Defines the SourceManager interface.
REGISTER_CHECKER
#define REGISTER_CHECKER(name)
Definition: StackAddrEscapeChecker.cpp:432
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:187
clang::ASTContext::getSourceManager
SourceManager & getSourceManager()
Definition: ASTContext.h:721
clang::ASTContext::Idents
IdentifierTable & Idents
Definition: ASTContext.h:660
clang::ASTContext::getPrintingPolicy
const clang::PrintingPolicy & getPrintingPolicy() const
Definition: ASTContext.h:713
clang::BlockDecl
Represents a block literal declaration, which is like an unnamed FunctionDecl.
Definition: Decl.h:4471
clang::BlockDecl::captures
ArrayRef< Capture > captures() const
Definition: Decl.h:4598
clang::BlockDecl::getSourceRange
SourceRange getSourceRange() const override LLVM_READONLY
Source range that this declaration covers.
Definition: Decl.cpp:5261
clang::CompoundLiteralExpr
CompoundLiteralExpr - [C99 6.5.2.5].
Definition: Expr.h:3428
clang::CompoundLiteralExpr::getBeginLoc
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: Expr.h:3468
clang::Decl::getASTContext
ASTContext & getASTContext() const LLVM_READONLY
Definition: DeclBase.cpp:523
clang::Decl::getBeginLoc
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: DeclBase.h:438
clang::ExprWithCleanups
Represents an expression – generally a full-expression – that introduces cleanups to be run at the en...
Definition: ExprCXX.h:3473
clang::Expr
This represents one expression.
Definition: Expr.h:110
clang::Expr::IgnoreParens
Expr * IgnoreParens() LLVM_READONLY
Skip past any parentheses which might surround this expression until reaching a fixed point.
Definition: Expr.cpp:3066
clang::Expr::getType
QualType getType() const
Definition: Expr.h:142
clang::IdentifierInfo
One of these records is kept for each identifier that is lexed.
Definition: IdentifierTable.h:117
clang::IdentifierTable::get
IdentifierInfo & get(StringRef Name)
Return the identifier token info for the specified named identifier.
Definition: IdentifierTable.h:688
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:941
clang::QualType::print
void print(raw_ostream &OS, const PrintingPolicy &Policy, const Twine &PlaceHolder=Twine(), unsigned Indentation=0) const
Definition: TypePrinter.cpp:2578
clang::ReturnStmt
ReturnStmt - This represents a return, optionally of an expression: return; return 4;.
Definition: Stmt.h:3029
clang::ReturnStmt::getRetValue
Expr * getRetValue()
Definition: Stmt.h:3060
clang::SourceLocation
Encodes a location in the source.
Definition: SourceLocation.h:88
clang::SourceManager
This class handles loading and caching of source files into memory.
Definition: SourceManager.h:663
clang::SourceRange
A trivial tuple used to represent a source range.
Definition: SourceLocation.h:213
clang::StackFrameContext
It represents a stack frame of the call stack (based on CallEvent).
Definition: AnalysisDeclContext.h:299
clang::Stmt::getSourceRange
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...
Definition: Stmt.cpp:326
clang::Stmt::getBeginLoc
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: Stmt.cpp:338
clang::Type::isRecordType
bool isRecordType() const
Definition: Type.h:8103
clang::ento::BlockDataRegion
BlockDataRegion - A region that represents a block instance.
Definition: MemRegion.h:678
clang::ento::BlockDataRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const BlockDecl * getDecl() const
Definition: MemRegion.h:708
clang::ento::BlockDataRegion::referenced_vars
llvm::iterator_range< referenced_vars_iterator > referenced_vars() const
Definition: MemRegion.cpp:1765
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:153
clang::ento::CheckerContext::getState
const ProgramStateRef & getState() const
Definition: CheckerContext.h:72
clang::ento::CheckerContext::generateNonFatalErrorNode
ExplodedNode * generateNonFatalErrorNode(ProgramStateRef State=nullptr, const ProgramPointTag *Tag=nullptr)
Generate a transition to a node that will be used to report an error.
Definition: CheckerContext.h:239
clang::ento::CheckerContext::emitReport
void emitReport(std::unique_ptr< BugReport > R)
Emit the diagnostics report.
Definition: CheckerContext.h:261
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:204
clang::ento::CheckerNameRef
This wrapper is used to ensure that only StringRefs originating from the CheckerRegistry are used as ...
Definition: CheckerManager.h:106
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:97
clang::ento::MemRegion::getMemorySpace
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemSpaceRegion * getMemorySpace() const
Definition: MemRegion.cpp:1328
clang::ento::MemRegion::hasStackStorage
bool hasStackStorage() const
Definition: MemRegion.cpp:1340
clang::ento::MemRegion::getBaseRegion
LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getBaseRegion() const
Definition: MemRegion.cpp:1354
clang::ento::MemRegion::getAs
const RegionTy * getAs() const
Definition: MemRegion.h:1388
clang::ento::MemSpaceRegion
MemSpaceRegion - A memory region that represents a "memory space"; for example, the set of global var...
Definition: MemRegion.h:208
clang::ento::Range
A Range represents the closed range [from, to].
Definition: RangedConstraintManager.h:29
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:55
clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition: SVals.cpp:120
clang::ento::StackSpaceRegion::getStackFrame
LLVM_ATTRIBUTE_RETURNS_NONNULL const StackFrameContext * getStackFrame() const
Definition: MemRegion.h:405
clang::ento::StoreManager::BindingsHandler::HandleBinding
virtual bool HandleBinding(StoreManager &SMgr, Store store, const MemRegion *region, SVal val)=0
clang::ento::StoreManager::Ctx
ASTContext & Ctx
Definition: Store.h:60
clang::ento::Store
const void * Store
Store - This opaque type encapsulates an immutable mapping from locations to values.
Definition: StoreRef.h:27
clang::transformer::range
RangeSelector range(RangeSelector Begin, RangeSelector End)
DEPRECATED. Use enclose.
Definition: RangeSelector.h:41
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition: CalledOnceCheck.h:17
clang::T
const FunctionProtoType * T
Definition: RecursiveASTVisitor.h:1359
Generated on Fri Nov 15 2024 16:44:44 for clang by doxygen 1.9.6