clang: clang::ento::CoreEngine Class Reference

clang 22.0.0git

CoreEngine - Implements the core logic of the graph-reachability analysis. More...

#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h"

Public Types
using	BlocksExhausted
using	BlocksAborted

Public Member Functions
	CoreEngine (ExprEngine &exprengine, FunctionSummariesTy *FS, AnalyzerOptions &Opts)
	Construct a CoreEngine object to analyze the provided CFG.
	CoreEngine (const CoreEngine &)=delete
CoreEngine &	operator= (const CoreEngine &)=delete
ExplodedGraph &	getGraph ()
	getGraph - Returns the exploded graph.
bool	ExecuteWorkList (const LocationContext *L, unsigned Steps, ProgramStateRef InitState)
	ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.
void	dispatchWorkItem (ExplodedNode *Pred, ProgramPoint Loc, const WorkListUnit &WU)
	Dispatch the work list item based on the given location information.
bool	wasBlockAborted () const
bool	wasBlocksExhausted () const
bool	hasWorkRemaining () const
void	addAbortedBlock (const ExplodedNode node, const CFGBlock block)
	Inform the CoreEngine that a basic block was aborted because it could not be completely analyzed.
WorkList *	getWorkList () const
WorkList *	getCTUWorkList () const
auto	exhausted_blocks () const
auto	aborted_blocks () const
void	enqueue (ExplodedNodeSet &Set)
	Enqueue the given set of nodes onto the work list.
void	enqueue (ExplodedNodeSet &Set, const CFGBlock *Block, unsigned Idx)
	Enqueue nodes that were created as a result of processing a statement onto the work list.
void	enqueueEndOfFunction (ExplodedNodeSet &Set, const ReturnStmt *RS)
	enqueue the nodes corresponding to the end of function onto the end of path / work list.
void	enqueueStmtNode (ExplodedNode N, const CFGBlock Block, unsigned Idx)
	Enqueue a single node created as a result of statement processing.
DataTag::Factory &	getDataTags ()

Friends
class	CommonNodeBuilder
class	EndOfFunctionNodeBuilder
class	ExprEngine
class	IndirectGotoNodeBuilder
class	NodeBuilder
class	NodeBuilderContext
class	SwitchNodeBuilder

Detailed Description

CoreEngine - Implements the core logic of the graph-reachability analysis.

It traverses the CFG and generates the ExplodedGraph.

Definition at line 50 of file CoreEngine.h.

Member Typedef Documentation

◆ BlocksAborted

using clang::ento::CoreEngine::BlocksAborted

Initial value:

std::vector<std::pair<const CFGBlock *, const ExplodedNode *>>

Definition at line 63 of file CoreEngine.h.

◆ BlocksExhausted

using clang::ento::CoreEngine::BlocksExhausted

Initial value:

std::vector<std::pair<BlockEdge, const ExplodedNode *>>

Definition at line 60 of file CoreEngine.h.

Constructor & Destructor Documentation

◆ CoreEngine() [1/2]

CoreEngine::CoreEngine	(	ExprEngine &	exprengine,
		FunctionSummariesTy *	FS,
		AnalyzerOptions &	Opts )

Construct a CoreEngine object to analyze the provided CFG.

Definition at line 74 of file CoreEngine.cpp.

References ExprEngine, generateWorkList(), and clang::nullptr.

Referenced by CoreEngine(), and operator=().

◆ CoreEngine() [2/2]

clang::ento::CoreEngine::CoreEngine ( const CoreEngine & )

delete

References CoreEngine().

Member Function Documentation

◆ aborted_blocks()

auto clang::ento::CoreEngine::aborted_blocks ( ) const

inline

Definition at line 179 of file CoreEngine.h.

◆ addAbortedBlock()

void clang::ento::CoreEngine::addAbortedBlock	(	const ExplodedNode *	node,
		const CFGBlock *	block )

inline

Inform the CoreEngine that a basic block was aborted because it could not be completely analyzed.

Definition at line 168 of file CoreEngine.h.

◆ dispatchWorkItem()

void CoreEngine::dispatchWorkItem	(	ExplodedNode *	Pred,
		ProgramPoint	Loc,
		const WorkListUnit &	WU )

Dispatch the work list item based on the given location information.

Use Pred parameter as the predecessor state.

Definition at line 213 of file CoreEngine.cpp.

References clang::ProgramPoint::BlockEdgeKind, clang::ProgramPoint::BlockEntranceKind, clang::ProgramPoint::BlockExitKind, clang::ProgramPoint::CallEnterKind, clang::ProgramPoint::CallExitBeginKind, clang::ento::SVal::castAs(), dispatchWorkItem(), clang::ProgramPoint::EpsilonKind, clang::ento::SVal::getAs(), clang::ento::WorkListUnit::getBlock(), clang::ento::ExplodedNode::getFirstPred(), clang::ento::WorkListUnit::getIndex(), clang::ento::SVal::getKind(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::hasSinglePred(), timeTraceMetadata(), and timeTraceScopeName().

Referenced by dispatchWorkItem(), and ExecuteWorkList().

◆ enqueue() [1/2]

void CoreEngine::enqueue ( ExplodedNodeSet & Set )

Enqueue the given set of nodes onto the work list.

Definition at line 661 of file CoreEngine.cpp.

References clang::Set.

Referenced by ExecuteWorkList().

◆ enqueue() [2/2]

void CoreEngine::enqueue	(	ExplodedNodeSet &	Set,
		const CFGBlock *	Block,
		unsigned	Idx )

Enqueue nodes that were created as a result of processing a statement onto the work list.

Definition at line 666 of file CoreEngine.cpp.

References clang::Block, enqueueStmtNode(), and clang::Set.

◆ enqueueEndOfFunction()

void CoreEngine::enqueueEndOfFunction	(	ExplodedNodeSet &	Set,
		const ReturnStmt *	RS )

enqueue the nodes corresponding to the end of function onto the end of path / work list.

Definition at line 672 of file CoreEngine.cpp.

References clang::Set.

◆ enqueueStmtNode()

void CoreEngine::enqueueStmtNode	(	ExplodedNode *	N,
		const CFGBlock *	Block,
		unsigned	Idx )

Enqueue a single node created as a result of statement processing.

Definition at line 573 of file CoreEngine.cpp.

References clang::ento::ExplodedNode::addPredecessor(), clang::Block, clang::CFGElement::castAs(), clang::ProgramPoint::getAs(), getKind(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::CFGStmt::getStmt(), clang::ento::ExplodedNode::isSink(), clang::CFGElement::NewAllocator, and clang::ProgramPoint::withTag().

Referenced by enqueue().

◆ ExecuteWorkList()

bool CoreEngine::ExecuteWorkList	(	const LocationContext *	L,
		unsigned	Steps,
		ProgramStateRef	InitState )

ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.

Returns true if there is still simulation state on the worklist.

Definition at line 87 of file CoreEngine.cpp.

References dispatchWorkItem(), clang::CFGBlock::empty(), enqueue(), clang::ento::WorkListUnit::getBlockCounter(), clang::CFGBlock::getBlockID(), clang::LocationContext::getCFG(), clang::LocationContext::getDecl(), clang::BlockEdge::getDst(), clang::ento::ExplodedNode::getLocation(), clang::ento::WorkListUnit::getNode(), clang::CFG::getNumBlockIDs(), NodeBuilderContext, clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().

◆ exhausted_blocks()

auto clang::ento::CoreEngine::exhausted_blocks ( ) const

inline

Definition at line 175 of file CoreEngine.h.

◆ getCTUWorkList()

WorkList * clang::ento::CoreEngine::getCTUWorkList ( ) const

inline

Definition at line 173 of file CoreEngine.h.

Referenced by REGISTER_MAP_WITH_PROGRAMSTATE().

◆ getDataTags()

DataTag::Factory & clang::ento::CoreEngine::getDataTags ( )

inline

Definition at line 195 of file CoreEngine.h.

◆ getGraph()

ExplodedGraph & clang::ento::CoreEngine::getGraph ( )

inline

getGraph - Returns the exploded graph.

Definition at line 147 of file CoreEngine.h.

◆ getWorkList()

WorkList * clang::ento::CoreEngine::getWorkList ( ) const

inline

Definition at line 172 of file CoreEngine.h.

Referenced by REGISTER_MAP_WITH_PROGRAMSTATE().

◆ hasWorkRemaining()

bool clang::ento::CoreEngine::hasWorkRemaining ( ) const

inline

Definition at line 162 of file CoreEngine.h.

References wasBlockAborted(), and wasBlocksExhausted().

◆ operator=()

CoreEngine & clang::ento::CoreEngine::operator= ( const CoreEngine & )

delete

References CoreEngine().

◆ wasBlockAborted()

bool clang::ento::CoreEngine::wasBlockAborted ( ) const

inline

Definition at line 160 of file CoreEngine.h.

Referenced by hasWorkRemaining().

◆ wasBlocksExhausted()

bool clang::ento::CoreEngine::wasBlocksExhausted ( ) const

inline

Definition at line 161 of file CoreEngine.h.

Referenced by hasWorkRemaining().

◆ CommonNodeBuilder

friend class CommonNodeBuilder

friend

Definition at line 51 of file CoreEngine.h.

References CommonNodeBuilder.

Referenced by CommonNodeBuilder.

◆ EndOfFunctionNodeBuilder

friend class EndOfFunctionNodeBuilder

friend

Definition at line 52 of file CoreEngine.h.

References EndOfFunctionNodeBuilder.

Referenced by EndOfFunctionNodeBuilder.

◆ ExprEngine

friend class ExprEngine

friend

Definition at line 53 of file CoreEngine.h.

References ExprEngine.

Referenced by CoreEngine(), and ExprEngine.

◆ IndirectGotoNodeBuilder

friend class IndirectGotoNodeBuilder

friend

Definition at line 54 of file CoreEngine.h.

References IndirectGotoNodeBuilder.

Referenced by IndirectGotoNodeBuilder.

◆ NodeBuilder

friend class NodeBuilder

friend

Definition at line 55 of file CoreEngine.h.

References NodeBuilder.

Referenced by NodeBuilder.

◆ NodeBuilderContext

friend class NodeBuilderContext

friend

Definition at line 56 of file CoreEngine.h.

References NodeBuilderContext.

Referenced by ExecuteWorkList(), and NodeBuilderContext.

◆ SwitchNodeBuilder

friend class SwitchNodeBuilder

friend

Definition at line 57 of file CoreEngine.h.

References SwitchNodeBuilder.

Referenced by SwitchNodeBuilder.

The documentation for this class was generated from the following files:

include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h
lib/StaticAnalyzer/Core/CoreEngine.cpp