clang 18.0.0git
Public Types | Public Member Functions | Friends | List of all members
clang::ento::CoreEngine Class Reference

CoreEngine - Implements the core logic of the graph-reachability analysis. More...

#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h"

Public Types

using BlocksExhausted = std::vector< std::pair< BlockEdge, const ExplodedNode * > >
 
using BlocksAborted = std::vector< std::pair< const CFGBlock *, const ExplodedNode * > >
 

Public Member Functions

 CoreEngine (ExprEngine &exprengine, FunctionSummariesTy *FS, AnalyzerOptions &Opts)
 Construct a CoreEngine object to analyze the provided CFG.
 
 CoreEngine (const CoreEngine &)=delete
 
CoreEngineoperator= (const CoreEngine &)=delete
 
ExplodedGraphgetGraph ()
 getGraph - Returns the exploded graph.
 
bool ExecuteWorkList (const LocationContext *L, unsigned Steps, ProgramStateRef InitState)
 ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.
 
bool ExecuteWorkListWithInitialState (const LocationContext *L, unsigned Steps, ProgramStateRef InitState, ExplodedNodeSet &Dst)
 Returns true if there is still simulation state on the worklist.
 
void dispatchWorkItem (ExplodedNode *Pred, ProgramPoint Loc, const WorkListUnit &WU)
 Dispatch the work list item based on the given location information.
 
bool wasBlockAborted () const
 
bool wasBlocksExhausted () const
 
bool hasWorkRemaining () const
 
void addAbortedBlock (const ExplodedNode *node, const CFGBlock *block)
 Inform the CoreEngine that a basic block was aborted because it could not be completely analyzed.
 
WorkListgetWorkList () const
 
WorkListgetCTUWorkList () const
 
auto exhausted_blocks () const
 
auto aborted_blocks () const
 
void enqueue (ExplodedNodeSet &Set)
 Enqueue the given set of nodes onto the work list.
 
void enqueue (ExplodedNodeSet &Set, const CFGBlock *Block, unsigned Idx)
 Enqueue nodes that were created as a result of processing a statement onto the work list.
 
void enqueueEndOfFunction (ExplodedNodeSet &Set, const ReturnStmt *RS)
 enqueue the nodes corresponding to the end of function onto the end of path / work list.
 
void enqueueStmtNode (ExplodedNode *N, const CFGBlock *Block, unsigned Idx)
 Enqueue a single node created as a result of statement processing.
 
DataTag::FactorygetDataTags ()
 

Friends

class CommonNodeBuilder
 
class EndOfFunctionNodeBuilder
 
class ExprEngine
 
class IndirectGotoNodeBuilder
 
class NodeBuilder
 
struct NodeBuilderContext
 
class SwitchNodeBuilder
 

Detailed Description

CoreEngine - Implements the core logic of the graph-reachability analysis.

It traverses the CFG and generates the ExplodedGraph. Program "states" are treated as opaque void pointers. The template class CoreEngine (which subclasses CoreEngine) provides the matching component to the engine that knows the actual types for states. Note that this engine only dispatches to transfer functions at the statement and block-level. The analyses themselves must implement any transfer function logic and the sub-expression level (if any).

Definition at line 56 of file CoreEngine.h.

Member Typedef Documentation

◆ BlocksAborted

using clang::ento::CoreEngine::BlocksAborted = std::vector<std::pair<const CFGBlock *, const ExplodedNode *> >

Definition at line 69 of file CoreEngine.h.

◆ BlocksExhausted

using clang::ento::CoreEngine::BlocksExhausted = std::vector<std::pair<BlockEdge, const ExplodedNode *> >

Definition at line 66 of file CoreEngine.h.

Constructor & Destructor Documentation

◆ CoreEngine() [1/2]

CoreEngine::CoreEngine ( ExprEngine exprengine,
FunctionSummariesTy FS,
AnalyzerOptions Opts 
)

Construct a CoreEngine object to analyze the provided CFG.

Definition at line 75 of file CoreEngine.cpp.

◆ CoreEngine() [2/2]

clang::ento::CoreEngine::CoreEngine ( const CoreEngine )
delete

Member Function Documentation

◆ aborted_blocks()

auto clang::ento::CoreEngine::aborted_blocks ( ) const
inline

Definition at line 183 of file CoreEngine.h.

◆ addAbortedBlock()

void clang::ento::CoreEngine::addAbortedBlock ( const ExplodedNode node,
const CFGBlock block 
)
inline

Inform the CoreEngine that a basic block was aborted because it could not be completely analyzed.

Definition at line 172 of file CoreEngine.h.

Referenced by clang::ento::ExprEngine::Visit().

◆ dispatchWorkItem()

void CoreEngine::dispatchWorkItem ( ExplodedNode Pred,
ProgramPoint  Loc,
const WorkListUnit WU 
)

Dispatch the work list item based on the given location information.

Use Pred parameter as the predecessor state.

Definition at line 182 of file CoreEngine.cpp.

References clang::ProgramPoint::BlockEdgeKind, clang::ProgramPoint::BlockEntranceKind, clang::ProgramPoint::BlockExitKind, clang::ProgramPoint::CallEnterKind, clang::ProgramPoint::CallExitBeginKind, clang::ento::SVal::castAs(), dispatchWorkItem(), clang::ProgramPoint::EpsilonKind, clang::ento::SVal::getAs(), clang::ento::WorkListUnit::getBlock(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::WorkListUnit::getIndex(), clang::ento::SVal::getKind(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::hasSinglePred(), and clang::ento::ExprEngine::processCallExit().

Referenced by dispatchWorkItem(), and ExecuteWorkList().

◆ enqueue() [1/2]

void CoreEngine::enqueue ( ExplodedNodeSet Set)

Enqueue the given set of nodes onto the work list.

Definition at line 606 of file CoreEngine.cpp.

References clang::Set.

Referenced by ExecuteWorkList(), clang::ento::ExprEngine::processCallEnter(), clang::ento::ExprEngine::ProcessImplicitDtor(), clang::ento::ExprEngine::ProcessInitializer(), clang::ento::ExprEngine::ProcessLoopExit(), clang::ento::ExprEngine::ProcessNewAllocator(), and clang::ento::ExprEngine::ProcessStmt().

◆ enqueue() [2/2]

void CoreEngine::enqueue ( ExplodedNodeSet Set,
const CFGBlock Block,
unsigned  Idx 
)

Enqueue nodes that were created as a result of processing a statement onto the work list.

Definition at line 611 of file CoreEngine.cpp.

References clang::Block, enqueueStmtNode(), and clang::Set.

◆ enqueueEndOfFunction()

void CoreEngine::enqueueEndOfFunction ( ExplodedNodeSet Set,
const ReturnStmt RS 
)

enqueue the nodes corresponding to the end of function onto the end of path / work list.

Definition at line 617 of file CoreEngine.cpp.

References clang::ento::ExplodedGraph::addEndOfPath(), and clang::Set.

Referenced by clang::ento::ExprEngine::processEndOfFunction().

◆ enqueueStmtNode()

void CoreEngine::enqueueStmtNode ( ExplodedNode N,
const CFGBlock Block,
unsigned  Idx 
)

Enqueue a single node created as a result of statement processing.

Definition at line 542 of file CoreEngine.cpp.

References clang::ento::ExplodedNode::addPredecessor(), clang::Block, clang::CFGElement::castAs(), clang::ProgramPoint::getAs(), getKind(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedGraph::getNode(), clang::ento::ExplodedNode::getState(), clang::CFGStmt::getStmt(), clang::ento::ExplodedNode::isSink(), clang::CFGElement::NewAllocator, and clang::ProgramPoint::withTag().

Referenced by enqueue().

◆ ExecuteWorkList()

bool CoreEngine::ExecuteWorkList ( const LocationContext L,
unsigned  Steps,
ProgramStateRef  InitState 
)

ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.

Returns true if there is still simulation state on the worklist.

Definition at line 88 of file CoreEngine.cpp.

References clang::ento::ExplodedGraph::addRoot(), dispatchWorkItem(), clang::CFGBlock::empty(), enqueue(), clang::ento::ExprEngine::getAnalysisManager(), clang::ento::WorkListUnit::getBlockCounter(), clang::CFGBlock::getBlockID(), clang::LocationContext::getCFG(), clang::LocationContext::getDecl(), clang::BlockEdge::getDst(), clang::ento::BlockCounter::Factory::GetEmptyCounter(), clang::CFG::getEntry(), clang::ento::ExprEngine::getInitialState(), clang::ento::WorkListUnit::getNode(), clang::ento::ExplodedGraph::getNode(), clang::CFG::getNumBlockIDs(), clang::ento::FunctionSummariesTy::markVisitedBasicBlock(), Node, clang::ento::ExplodedGraph::num_roots(), clang::ento::AnalysisManager::options, clang::ento::ExprEngine::processBeginOfFunction(), clang::ento::ExprEngine::processEndWorklist(), clang::ento::ExplodedGraph::reserve(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().

Referenced by clang::ento::ExprEngine::ExecuteWorkList(), and ExecuteWorkListWithInitialState().

◆ ExecuteWorkListWithInitialState()

bool CoreEngine::ExecuteWorkListWithInitialState ( const LocationContext L,
unsigned  Steps,
ProgramStateRef  InitState,
ExplodedNodeSet Dst 
)

Returns true if there is still simulation state on the worklist.

Definition at line 225 of file CoreEngine.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::ento::ExplodedGraph::eop_begin(), clang::ento::ExplodedGraph::eop_end(), and ExecuteWorkList().

Referenced by clang::ento::ExprEngine::ExecuteWorkListWithInitialState().

◆ exhausted_blocks()

auto clang::ento::CoreEngine::exhausted_blocks ( ) const
inline

Definition at line 179 of file CoreEngine.h.

◆ getCTUWorkList()

WorkList * clang::ento::CoreEngine::getCTUWorkList ( ) const
inline

Definition at line 177 of file CoreEngine.h.

Referenced by REGISTER_MAP_WITH_PROGRAMSTATE().

◆ getDataTags()

DataTag::Factory & clang::ento::CoreEngine::getDataTags ( )
inline

Definition at line 199 of file CoreEngine.h.

Referenced by clang::ento::ExprEngine::getDataTags().

◆ getGraph()

ExplodedGraph & clang::ento::CoreEngine::getGraph ( )
inline

getGraph - Returns the exploded graph.

Definition at line 145 of file CoreEngine.h.

◆ getWorkList()

WorkList * clang::ento::CoreEngine::getWorkList ( ) const
inline

Definition at line 176 of file CoreEngine.h.

Referenced by clang::ento::ExprEngine::hasEmptyWorkList(), clang::ento::ExprEngine::processCallExit(), and REGISTER_MAP_WITH_PROGRAMSTATE().

◆ hasWorkRemaining()

bool clang::ento::CoreEngine::hasWorkRemaining ( ) const
inline

Definition at line 166 of file CoreEngine.h.

References wasBlockAborted(), and wasBlocksExhausted().

Referenced by clang::ento::ExprEngine::hasWorkRemaining().

◆ operator=()

CoreEngine & clang::ento::CoreEngine::operator= ( const CoreEngine )
delete

◆ wasBlockAborted()

bool clang::ento::CoreEngine::wasBlockAborted ( ) const
inline

Definition at line 164 of file CoreEngine.h.

Referenced by hasWorkRemaining().

◆ wasBlocksExhausted()

bool clang::ento::CoreEngine::wasBlocksExhausted ( ) const
inline

Definition at line 165 of file CoreEngine.h.

Referenced by hasWorkRemaining(), and clang::ento::ExprEngine::wasBlocksExhausted().

Friends And Related Function Documentation

◆ CommonNodeBuilder

friend class CommonNodeBuilder
friend

Definition at line 57 of file CoreEngine.h.

◆ EndOfFunctionNodeBuilder

friend class EndOfFunctionNodeBuilder
friend

Definition at line 58 of file CoreEngine.h.

◆ ExprEngine

friend class ExprEngine
friend

Definition at line 59 of file CoreEngine.h.

◆ IndirectGotoNodeBuilder

friend class IndirectGotoNodeBuilder
friend

Definition at line 60 of file CoreEngine.h.

◆ NodeBuilder

friend class NodeBuilder
friend

Definition at line 61 of file CoreEngine.h.

◆ NodeBuilderContext

friend struct NodeBuilderContext
friend

Definition at line 62 of file CoreEngine.h.

◆ SwitchNodeBuilder

friend class SwitchNodeBuilder
friend

Definition at line 63 of file CoreEngine.h.

The documentation for this class was generated from the following files:
Generated on Fri Dec 8 2023 22:33:29 for clang by doxygen 1.9.6