CoreEngine - Implements the core logic of the graph-reachability analysis. More...

#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h"

Public Types
using	BlocksExhausted = std::vector< std::pair< BlockEdge, const ExplodedNode * > >

using	BlocksAborted = std::vector< std::pair< const CFGBlock , const ExplodedNode > >

Public Member Functions
	CoreEngine (ExprEngine &exprengine, FunctionSummariesTy *FS, AnalyzerOptions &Opts)
	Construct a CoreEngine object to analyze the provided CFG.

	CoreEngine (const CoreEngine &)=delete

CoreEngine &	operator= (const CoreEngine &)=delete

ExplodedGraph &	getGraph ()
	getGraph - Returns the exploded graph.

bool	ExecuteWorkList (const LocationContext *L, unsigned Steps, ProgramStateRef InitState)
	ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.

void	dispatchWorkItem (ExplodedNode *Pred, ProgramPoint Loc, const WorkListUnit &WU)
	Dispatch the work list item based on the given location information.

bool	wasBlockAborted () const

bool	wasBlocksExhausted () const

bool	hasWorkRemaining () const

void	addAbortedBlock (const ExplodedNode node, const CFGBlock block)
	Inform the CoreEngine that a basic block was aborted because it could not be completely analyzed.

WorkList *	getWorkList () const

WorkList *	getCTUWorkList () const

auto	exhausted_blocks () const

auto	aborted_blocks () const

void	enqueue (ExplodedNodeSet &Set)
	Enqueue the given set of nodes onto the work list.

void	enqueue (ExplodedNodeSet &Set, const CFGBlock *Block, unsigned Idx)
	Enqueue nodes that were created as a result of processing a statement onto the work list.

void	enqueueEndOfFunction (ExplodedNodeSet &Set, const ReturnStmt *RS)
	enqueue the nodes corresponding to the end of function onto the end of path / work list.

void	enqueueStmtNode (ExplodedNode N, const CFGBlock Block, unsigned Idx)
	Enqueue a single node created as a result of statement processing.

DataTag::Factory &	getDataTags ()

Friends
class	CommonNodeBuilder

class	EndOfFunctionNodeBuilder

class	ExprEngine

class	IndirectGotoNodeBuilder

class	NodeBuilder

class	NodeBuilderContext

class	SwitchNodeBuilder

Detailed Description

CoreEngine - Implements the core logic of the graph-reachability analysis.

It traverses the CFG and generates the ExplodedGraph.

Definition at line 50 of file CoreEngine.h.

Member Typedef Documentation

◆ BlocksAborted

using clang::ento::CoreEngine::BlocksAborted = std::vector<std::pair<const CFGBlock *, const ExplodedNode *> >

Definition at line 63 of file CoreEngine.h.

◆ BlocksExhausted

using clang::ento::CoreEngine::BlocksExhausted = std::vector<std::pair<BlockEdge, const ExplodedNode *> >

Definition at line 60 of file CoreEngine.h.

Constructor & Destructor Documentation

◆ CoreEngine() [1/2]

CoreEngine::CoreEngine	(	ExprEngine &	exprengine,
		FunctionSummariesTy *	FS,
		AnalyzerOptions &	Opts
	)

Construct a CoreEngine object to analyze the provided CFG.

Definition at line 75 of file CoreEngine.cpp.

◆ CoreEngine() [2/2]

clang::ento::CoreEngine::CoreEngine ( const CoreEngine & )

delete

Member Function Documentation

◆ aborted_blocks()

auto clang::ento::CoreEngine::aborted_blocks ( ) const

inline

Definition at line 171 of file CoreEngine.h.

◆ addAbortedBlock()

void clang::ento::CoreEngine::addAbortedBlock	(	const ExplodedNode *	node,
		const CFGBlock *	block
	)

inline

Inform the CoreEngine that a basic block was aborted because it could not be completely analyzed.

Definition at line 160 of file CoreEngine.h.

Referenced by clang::ento::ExprEngine::Visit().

◆ dispatchWorkItem()

void CoreEngine::dispatchWorkItem	(	ExplodedNode *	Pred,
		ProgramPoint	Loc,
		const WorkListUnit &	WU
	)

Dispatch the work list item based on the given location information.

Use Pred parameter as the predecessor state.

Definition at line 182 of file CoreEngine.cpp.

References clang::ProgramPoint::BlockEdgeKind, clang::ProgramPoint::BlockEntranceKind, clang::ProgramPoint::BlockExitKind, clang::ProgramPoint::CallEnterKind, clang::ProgramPoint::CallExitBeginKind, clang::ento::SVal::castAs(), dispatchWorkItem(), clang::ProgramPoint::EpsilonKind, clang::ento::SVal::getAs(), clang::ento::WorkListUnit::getBlock(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::WorkListUnit::getIndex(), clang::ento::SVal::getKind(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::hasSinglePred(), and clang::ento::ExprEngine::processCallExit().

Referenced by dispatchWorkItem(), and ExecuteWorkList().

◆ enqueue() [1/2]

void CoreEngine::enqueue ( ExplodedNodeSet & Set )

Enqueue the given set of nodes onto the work list.

Definition at line 594 of file CoreEngine.cpp.

References clang::Set.

Referenced by ExecuteWorkList(), clang::ento::ExprEngine::processCallEnter(), clang::ento::ExprEngine::ProcessImplicitDtor(), clang::ento::ExprEngine::ProcessInitializer(), clang::ento::ExprEngine::ProcessLoopExit(), clang::ento::ExprEngine::ProcessNewAllocator(), and clang::ento::ExprEngine::ProcessStmt().

◆ enqueue() [2/2]

void CoreEngine::enqueue	(	ExplodedNodeSet &	Set,
		const CFGBlock *	Block,
		unsigned	Idx
	)

Enqueue nodes that were created as a result of processing a statement onto the work list.

Definition at line 599 of file CoreEngine.cpp.

References clang::Block, enqueueStmtNode(), and clang::Set.

◆ enqueueEndOfFunction()

void CoreEngine::enqueueEndOfFunction	(	ExplodedNodeSet &	Set,
		const ReturnStmt *	RS
	)

enqueue the nodes corresponding to the end of function onto the end of path / work list.

Definition at line 605 of file CoreEngine.cpp.

References clang::ento::ExplodedGraph::addEndOfPath(), and clang::Set.

Referenced by clang::ento::ExprEngine::processEndOfFunction().

◆ enqueueStmtNode()

void CoreEngine::enqueueStmtNode	(	ExplodedNode *	N,
		const CFGBlock *	Block,
		unsigned	Idx
	)

Enqueue a single node created as a result of statement processing.

Definition at line 530 of file CoreEngine.cpp.

References clang::ento::ExplodedNode::addPredecessor(), clang::Block, clang::CFGElement::castAs(), clang::ProgramPoint::getAs(), getKind(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedGraph::getNode(), clang::ento::ExplodedNode::getState(), clang::CFGStmt::getStmt(), clang::ento::ExplodedNode::isSink(), clang::CFGElement::NewAllocator, and clang::ProgramPoint::withTag().

Referenced by enqueue().

◆ ExecuteWorkList()

bool CoreEngine::ExecuteWorkList	(	const LocationContext *	L,
		unsigned	Steps,
		ProgramStateRef	InitState
	)

ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.

Returns true if there is still simulation state on the worklist.

Definition at line 88 of file CoreEngine.cpp.

References clang::ento::ExplodedGraph::addRoot(), dispatchWorkItem(), clang::CFGBlock::empty(), enqueue(), clang::ento::ExprEngine::getAnalysisManager(), clang::ento::WorkListUnit::getBlockCounter(), clang::CFGBlock::getBlockID(), clang::LocationContext::getCFG(), clang::LocationContext::getDecl(), clang::BlockEdge::getDst(), clang::ento::BlockCounter::Factory::GetEmptyCounter(), clang::CFG::getEntry(), clang::ento::ExprEngine::getInitialState(), clang::ento::WorkListUnit::getNode(), clang::ento::ExplodedGraph::getNode(), clang::CFG::getNumBlockIDs(), clang::ento::FunctionSummariesTy::markVisitedBasicBlock(), Node, clang::ento::ExplodedGraph::num_roots(), clang::ento::AnalysisManager::options, clang::ento::ExprEngine::processBeginOfFunction(), clang::ento::ExprEngine::processEndWorklist(), clang::ento::ExplodedGraph::reserve(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().

Referenced by clang::ento::ExprEngine::ExecuteWorkList().

◆ exhausted_blocks()

auto clang::ento::CoreEngine::exhausted_blocks ( ) const

inline

Definition at line 167 of file CoreEngine.h.

◆ getCTUWorkList()

WorkList * clang::ento::CoreEngine::getCTUWorkList ( ) const

inline

Definition at line 165 of file CoreEngine.h.

Referenced by REGISTER_MAP_WITH_PROGRAMSTATE().

◆ getDataTags()

DataTag::Factory & clang::ento::CoreEngine::getDataTags ( )

inline

Definition at line 187 of file CoreEngine.h.

Referenced by clang::ento::ExprEngine::getDataTags().

◆ getGraph()

ExplodedGraph & clang::ento::CoreEngine::getGraph ( )

inline

getGraph - Returns the exploded graph.

Definition at line 139 of file CoreEngine.h.

◆ getWorkList()

WorkList * clang::ento::CoreEngine::getWorkList ( ) const

inline

Definition at line 164 of file CoreEngine.h.

Referenced by clang::ento::ExprEngine::hasEmptyWorkList(), clang::ento::ExprEngine::processCallExit(), and REGISTER_MAP_WITH_PROGRAMSTATE().

◆ hasWorkRemaining()

bool clang::ento::CoreEngine::hasWorkRemaining ( ) const

inline

Definition at line 154 of file CoreEngine.h.

References wasBlockAborted(), and wasBlocksExhausted().

Referenced by clang::ento::ExprEngine::hasWorkRemaining().

◆ operator=()

CoreEngine & clang::ento::CoreEngine::operator= ( const CoreEngine & )

delete

◆ wasBlockAborted()

bool clang::ento::CoreEngine::wasBlockAborted ( ) const

inline

Definition at line 152 of file CoreEngine.h.

Referenced by hasWorkRemaining().

◆ wasBlocksExhausted()

bool clang::ento::CoreEngine::wasBlocksExhausted ( ) const

inline

Definition at line 153 of file CoreEngine.h.

Referenced by hasWorkRemaining(), and clang::ento::ExprEngine::wasBlocksExhausted().

Friends And Related Function Documentation

◆ CommonNodeBuilder

friend class CommonNodeBuilder

friend

Definition at line 51 of file CoreEngine.h.

◆ EndOfFunctionNodeBuilder

friend class EndOfFunctionNodeBuilder

friend

Definition at line 52 of file CoreEngine.h.

◆ ExprEngine

friend class ExprEngine

friend

Definition at line 53 of file CoreEngine.h.

◆ IndirectGotoNodeBuilder

friend class IndirectGotoNodeBuilder

friend

Definition at line 54 of file CoreEngine.h.

◆ NodeBuilder

friend class NodeBuilder

friend

Definition at line 55 of file CoreEngine.h.

◆ NodeBuilderContext

friend class NodeBuilderContext

friend

Definition at line 56 of file CoreEngine.h.

◆ SwitchNodeBuilder

friend class SwitchNodeBuilder

friend

Definition at line 57 of file CoreEngine.h.

The documentation for this class was generated from the following files:

include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h
lib/StaticAnalyzer/Core/CoreEngine.cpp

Public Types

Public Member Functions

Friends

Detailed Description

Member Typedef Documentation

◆ BlocksAborted

◆ BlocksExhausted

Constructor & Destructor Documentation

◆ CoreEngine() [1/2]

◆ CoreEngine() [2/2]

Member Function Documentation

◆ aborted_blocks()

◆ addAbortedBlock()

◆ dispatchWorkItem()

◆ enqueue() [1/2]

◆ enqueue() [2/2]

◆ enqueueEndOfFunction()

◆ enqueueStmtNode()

◆ ExecuteWorkList()

◆ exhausted_blocks()

◆ getCTUWorkList()

◆ getDataTags()

◆ getGraph()

◆ getWorkList()

◆ hasWorkRemaining()

◆ operator=()

◆ wasBlockAborted()

◆ wasBlocksExhausted()

Friends And Related Function Documentation

◆ CommonNodeBuilder

◆ EndOfFunctionNodeBuilder

◆ ExprEngine

◆ IndirectGotoNodeBuilder

◆ NodeBuilder

◆ NodeBuilderContext

◆ SwitchNodeBuilder