|
clang 20.0.0git
|
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
Public Types | |
| enum | InliningModes { Inline_Regular = 0 , Inline_Minimal = 0x1 } |
| The modes of inlining, which override the default analysis-wide settings. More... | |
Public Member Functions | |
| ExprEngine (cross_tu::CrossTranslationUnitContext &CTU, AnalysisManager &mgr, SetOfConstDecls *VisitedCalleesIn, FunctionSummariesTy *FS, InliningModes HowToInlineIn) | |
| virtual | ~ExprEngine ()=default |
| bool | ExecuteWorkList (const LocationContext *L, unsigned Steps=150000) |
| Returns true if there is still simulation state on the worklist. | |
| ASTContext & | getContext () const |
| getContext - Return the ASTContext associated with this analysis. | |
| AnalysisManager & | getAnalysisManager () |
| AnalysisDeclContextManager & | getAnalysisDeclContextManager () |
| CheckerManager & | getCheckerManager () const |
| SValBuilder & | getSValBuilder () |
| BugReporter & | getBugReporter () |
| cross_tu::CrossTranslationUnitContext * | getCrossTranslationUnitContext () |
| const NodeBuilderContext & | getBuilderContext () |
| const Stmt * | getStmt () const |
| const LocationContext * | getRootLocationContext () const |
| CFGBlock::ConstCFGElementRef | getCFGElementRef () const |
| std::string | DumpGraph (bool trim=false, StringRef Filename="") |
| Dump graph to the specified filename. | |
| std::string | DumpGraph (ArrayRef< const ExplodedNode * > Nodes, StringRef Filename="") |
| Dump the graph consisting of the given nodes to a specified filename. | |
| void | ViewGraph (bool trim=false) |
| Visualize the ExplodedGraph created by executing the simulation. | |
| void | ViewGraph (ArrayRef< const ExplodedNode * > Nodes) |
| Visualize a trimmed ExplodedGraph that only contains paths to the given nodes. | |
| ProgramStateRef | getInitialState (const LocationContext *InitLoc) |
| getInitialState - Return the initial state used for the root vertex in the ExplodedGraph. | |
| ExplodedGraph & | getGraph () |
| const ExplodedGraph & | getGraph () const |
| void | removeDead (ExplodedNode *Node, ExplodedNodeSet &Out, const Stmt *ReferenceStmt, const LocationContext *LC, const Stmt *DiagnosticStmt=nullptr, ProgramPoint::Kind K=ProgramPoint::PreStmtPurgeDeadSymbolsKind) |
| Run the analyzer's garbage collection - remove dead symbols and bindings from the state. | |
| void | processCFGElement (const CFGElement E, ExplodedNode *Pred, unsigned StmtIdx, NodeBuilderContext *Ctx) |
| processCFGElement - Called by CoreEngine. | |
| void | ProcessStmt (const Stmt *S, ExplodedNode *Pred) |
| void | ProcessLoopExit (const Stmt *S, ExplodedNode *Pred) |
| void | ProcessInitializer (const CFGInitializer I, ExplodedNode *Pred) |
| void | ProcessImplicitDtor (const CFGImplicitDtor D, ExplodedNode *Pred) |
| void | ProcessNewAllocator (const CXXNewExpr *NE, ExplodedNode *Pred) |
| void | ProcessAutomaticObjDtor (const CFGAutomaticObjDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessDeleteDtor (const CFGDeleteDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessBaseDtor (const CFGBaseDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessMemberDtor (const CFGMemberDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessTemporaryDtor (const CFGTemporaryDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | processCFGBlockEntrance (const BlockEdge &L, NodeBuilderWithSinks &nodeBuilder, ExplodedNode *Pred) |
| Called by CoreEngine when processing the entrance of a CFGBlock. | |
| void | processBranch (const Stmt *Condition, NodeBuilderContext &BuilderCtx, ExplodedNode *Pred, ExplodedNodeSet &Dst, const CFGBlock *DstT, const CFGBlock *DstF) |
| ProcessBranch - Called by CoreEngine. | |
| void | processCleanupTemporaryBranch (const CXXBindTemporaryExpr *BTE, NodeBuilderContext &BldCtx, ExplodedNode *Pred, ExplodedNodeSet &Dst, const CFGBlock *DstT, const CFGBlock *DstF) |
| Called by CoreEngine. | |
| void | processStaticInitializer (const DeclStmt *DS, NodeBuilderContext &BuilderCtx, ExplodedNode *Pred, ExplodedNodeSet &Dst, const CFGBlock *DstT, const CFGBlock *DstF) |
| Called by CoreEngine. | |
| void | processIndirectGoto (IndirectGotoNodeBuilder &builder) |
| processIndirectGoto - Called by CoreEngine. | |
| void | processSwitch (SwitchNodeBuilder &builder) |
| ProcessSwitch - Called by CoreEngine. | |
| void | processBeginOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, ExplodedNodeSet &Dst, const BlockEdge &L) |
| Called by CoreEngine. | |
| void | processEndOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, const ReturnStmt *RS=nullptr) |
| Called by CoreEngine. | |
| void | removeDeadOnEndOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Remove dead bindings/symbols before exiting a function. | |
| void | processCallEnter (NodeBuilderContext &BC, CallEnter CE, ExplodedNode *Pred) |
| Generate the entry node of the callee. | |
| void | processCallExit (ExplodedNode *Pred) |
| Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr. | |
| void | processEndWorklist () |
| Called by CoreEngine when the analysis worklist has terminated. | |
| ProgramStateRef | processAssume (ProgramStateRef state, SVal cond, bool assumption) |
| evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values. | |
| ProgramStateRef | processRegionChanges (ProgramStateRef state, const InvalidatedSymbols *invalidated, ArrayRef< const MemRegion * > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const LocationContext *LCtx, const CallEvent *Call) |
| processRegionChanges - Called by ProgramStateManager whenever a change is made to the store. | |
| ProgramStateRef | processRegionChange (ProgramStateRef state, const MemRegion *MR, const LocationContext *LCtx) |
| void | printJson (raw_ostream &Out, ProgramStateRef State, const LocationContext *LCtx, const char *NL, unsigned int Space, bool IsDot) const |
| printJson - Called by ProgramStateManager to print checker-specific data. | |
| ProgramStateManager & | getStateManager () |
| StoreManager & | getStoreManager () |
| ConstraintManager & | getConstraintManager () |
| BasicValueFactory & | getBasicVals () |
| SymbolManager & | getSymbolManager () |
| MemRegionManager & | getRegionManager () |
| DataTag::Factory & | getDataTags () |
| bool | wasBlocksExhausted () const |
| bool | hasEmptyWorkList () const |
| bool | hasWorkRemaining () const |
| const CoreEngine & | getCoreEngine () const |
| void | Visit (const Stmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Visit - Transfer function logic for all statements. | |
| void | VisitArrayInitLoopExpr (const ArrayInitLoopExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitArrayInitLoopExpr - Transfer function for array init loop. | |
| void | VisitArraySubscriptExpr (const ArraySubscriptExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitArraySubscriptExpr - Transfer function for array accesses. | |
| void | VisitGCCAsmStmt (const GCCAsmStmt *A, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitGCCAsmStmt - Transfer function logic for inline asm. | |
| void | VisitMSAsmStmt (const MSAsmStmt *A, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitMSAsmStmt - Transfer function logic for MS inline asm. | |
| void | VisitBlockExpr (const BlockExpr *BE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitBlockExpr - Transfer function logic for BlockExprs. | |
| void | VisitLambdaExpr (const LambdaExpr *LE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitLambdaExpr - Transfer function logic for LambdaExprs. | |
| void | VisitBinaryOperator (const BinaryOperator *B, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitBinaryOperator - Transfer function logic for binary operators. | |
| void | VisitCallExpr (const CallExpr *CE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitCall - Transfer function for function calls. | |
| void | VisitCast (const CastExpr *CastE, const Expr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitCast - Transfer function logic for all casts (implicit and explicit). | |
| void | VisitCompoundLiteralExpr (const CompoundLiteralExpr *CL, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitCompoundLiteralExpr - Transfer function logic for compound literals. | |
| void | VisitCommonDeclRefExpr (const Expr *DR, const NamedDecl *D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Transfer function logic for DeclRefExprs and BlockDeclRefExprs. | |
| void | VisitDeclStmt (const DeclStmt *DS, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitDeclStmt - Transfer function logic for DeclStmts. | |
| void | VisitGuardedExpr (const Expr *Ex, const Expr *L, const Expr *R, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitGuardedExpr - Transfer function logic for ?, __builtin_choose. | |
| void | VisitInitListExpr (const InitListExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitLogicalExpr (const BinaryOperator *B, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitLogicalExpr - Transfer function logic for '&&', '||'. | |
| void | VisitMemberExpr (const MemberExpr *M, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitMemberExpr - Transfer function for member expressions. | |
| void | VisitAtomicExpr (const AtomicExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitAtomicExpr - Transfer function for builtin atomic expressions. | |
| void | VisitObjCAtSynchronizedStmt (const ObjCAtSynchronizedStmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Transfer function logic for ObjCAtSynchronizedStmts. | |
| void | VisitLvalObjCIvarRefExpr (const ObjCIvarRefExpr *DR, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Transfer function logic for computing the lvalue of an Objective-C ivar. | |
| void | VisitObjCForCollectionStmt (const ObjCForCollectionStmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitObjCForCollectionStmt - Transfer function logic for ObjCForCollectionStmt. | |
| void | VisitObjCMessage (const ObjCMessageExpr *ME, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitReturnStmt (const ReturnStmt *R, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitReturnStmt - Transfer function logic for return statements. | |
| void | VisitOffsetOfExpr (const OffsetOfExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitOffsetOfExpr - Transfer function for offsetof. | |
| void | VisitUnaryExprOrTypeTraitExpr (const UnaryExprOrTypeTraitExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof. | |
| void | VisitUnaryOperator (const UnaryOperator *B, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitUnaryOperator - Transfer function logic for unary operators. | |
| void | VisitIncrementDecrementOperator (const UnaryOperator *U, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Handle ++ and – (both pre- and post-increment). | |
| void | VisitCXXBindTemporaryExpr (const CXXBindTemporaryExpr *BTE, ExplodedNodeSet &PreVisit, ExplodedNodeSet &Dst) |
| void | VisitCXXCatchStmt (const CXXCatchStmt *CS, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXThisExpr (const CXXThisExpr *TE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXConstructExpr (const CXXConstructExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXInheritedCtorInitExpr (const CXXInheritedCtorInitExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXDestructor (QualType ObjectType, const MemRegion *Dest, const Stmt *S, bool IsBaseDtor, ExplodedNode *Pred, ExplodedNodeSet &Dst, EvalCallOptions &Options) |
| void | VisitCXXNewAllocatorCall (const CXXNewExpr *CNE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXNewExpr (const CXXNewExpr *CNE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXDeleteExpr (const CXXDeleteExpr *CDE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | CreateCXXTemporaryObject (const MaterializeTemporaryExpr *ME, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Create a C++ temporary object for an rvalue. | |
| void | evalEagerlyAssumeBinOpBifurcation (ExplodedNodeSet &Dst, ExplodedNodeSet &Src, const Expr *Ex) |
| evalEagerlyAssumeBinOpBifurcation - Given the nodes in 'Src', eagerly assume symbolic expressions of the form 'x != 0' and generate new nodes (stored in Dst) with those assumptions. | |
| ProgramStateRef | handleLValueBitCast (ProgramStateRef state, const Expr *Ex, const LocationContext *LCtx, QualType T, QualType ExTy, const CastExpr *CastE, StmtNodeBuilder &Bldr, ExplodedNode *Pred) |
| void | handleUOExtension (ExplodedNode *N, const UnaryOperator *U, StmtNodeBuilder &Bldr) |
| SVal | evalBinOp (ProgramStateRef ST, BinaryOperator::Opcode Op, SVal LHS, SVal RHS, QualType T) |
| ProgramStateRef | processPointerEscapedOnBind (ProgramStateRef State, ArrayRef< std::pair< SVal, SVal > > LocAndVals, const LocationContext *LCtx, PointerEscapeKind Kind, const CallEvent *Call) |
| Call PointerEscape callback when a value escapes as a result of bind. | |
| ProgramStateRef | notifyCheckersOfPointerEscape (ProgramStateRef State, const InvalidatedSymbols *Invalidated, ArrayRef< const MemRegion * > ExplicitRegions, const CallEvent *Call, RegionAndSymbolInvalidationTraits &ITraits) |
| Call PointerEscape callback when a value escapes as a result of region invalidation. | |
| void | evalLoad (ExplodedNodeSet &Dst, const Expr *NodeEx, const Expr *BoundExpr, ExplodedNode *Pred, ProgramStateRef St, SVal location, const ProgramPointTag *tag=nullptr, QualType LoadTy=QualType()) |
| Simulate a read of the result of Ex. | |
| void | evalStore (ExplodedNodeSet &Dst, const Expr *AssignE, const Expr *StoreE, ExplodedNode *Pred, ProgramStateRef St, SVal TargetLV, SVal Val, const ProgramPointTag *tag=nullptr) |
| evalStore - Handle the semantics of a store via an assignment. | |
| CFGElement | getCurrentCFGElement () |
| Return the CFG element corresponding to the worklist element that is currently being processed by ExprEngine. | |
| ProgramStateRef | bindReturnValue (const CallEvent &Call, const LocationContext *LCtx, ProgramStateRef State) |
| Create a new state in which the call return value is binded to the call origin expression. | |
| void | evalCall (ExplodedNodeSet &Dst, ExplodedNode *Pred, const CallEvent &Call) |
| Evaluate a call, running pre- and post-call checkers and allowing checkers to be responsible for handling the evaluation of the call itself. | |
| void | defaultEvalCall (NodeBuilder &B, ExplodedNode *Pred, const CallEvent &Call, const EvalCallOptions &CallOpts={}) |
| Default implementation of call evaluation. | |
| SVal | computeObjectUnderConstruction (const Expr *E, ProgramStateRef State, const NodeBuilderContext *BldrCtx, const LocationContext *LCtx, const ConstructionContext *CC, EvalCallOptions &CallOpts, unsigned Idx=0) |
| Find location of the object that is being constructed by a given constructor. | |
| ProgramStateRef | updateObjectsUnderConstruction (SVal V, const Expr *E, ProgramStateRef State, const LocationContext *LCtx, const ConstructionContext *CC, const EvalCallOptions &CallOpts) |
| Update the program state with all the path-sensitive information that's necessary to perform construction of an object with a given syntactic construction context. | |
| std::pair< ProgramStateRef, SVal > | handleConstructionContext (const Expr *E, ProgramStateRef State, const NodeBuilderContext *BldrCtx, const LocationContext *LCtx, const ConstructionContext *CC, EvalCallOptions &CallOpts, unsigned Idx=0) |
| A convenient wrapper around computeObjectUnderConstruction and updateObjectsUnderConstruction. | |
Static Public Member Functions | |
| static std::pair< const ProgramPointTag *, const ProgramPointTag * > | geteagerlyAssumeBinOpBifurcationTags () |
| static std::optional< unsigned > | getIndexOfElementToConstruct (ProgramStateRef State, const CXXConstructExpr *E, const LocationContext *LCtx) |
| Retreives which element is being constructed in a non-POD type array. | |
| static std::optional< unsigned > | getPendingArrayDestruction (ProgramStateRef State, const LocationContext *LCtx) |
| Retreives which element is being destructed in a non-POD type array. | |
| static std::optional< unsigned > | getPendingInitLoop (ProgramStateRef State, const CXXConstructExpr *E, const LocationContext *LCtx) |
| Retreives the size of the array in the pending ArrayInitLoopExpr. | |
| static std::optional< SVal > | getObjectUnderConstruction (ProgramStateRef State, const ConstructionContextItem &Item, const LocationContext *LC) |
| By looking at a certain item that may be potentially part of an object's ConstructionContext, retrieve such object's location. | |
| static ProgramStateRef | setWhetherHasMoreIteration (ProgramStateRef State, const ObjCForCollectionStmt *O, const LocationContext *LC, bool HasMoreIteraton) |
| Note whether this loop has any more iteratios to model. | |
| static ProgramStateRef | removeIterationState (ProgramStateRef State, const ObjCForCollectionStmt *O, const LocationContext *LC) |
| static bool | hasMoreIteration (ProgramStateRef State, const ObjCForCollectionStmt *O, const LocationContext *LC) |
Definition at line 124 of file ExprEngine.h.
The modes of inlining, which override the default analysis-wide settings.
| Enumerator | |
|---|---|
| Inline_Regular | Follow the default settings for inlining callees. |
| Inline_Minimal | Do minimal inlining of callees. |
Definition at line 129 of file ExprEngine.h.
| ExprEngine::ExprEngine | ( | cross_tu::CrossTranslationUnitContext & | CTU, |
| AnalysisManager & | mgr, | ||
| SetOfConstDecls * | VisitedCalleesIn, | ||
| FunctionSummariesTy * | FS, | ||
| InliningModes | HowToInlineIn | ||
| ) |
Definition at line 221 of file ExprEngine.cpp.
References clang::ento::ExplodedGraph::enableNodeReclamation(), and clang::ento::AnalysisManager::options.
|
virtualdefault |
| ProgramStateRef ExprEngine::bindReturnValue | ( | const CallEvent & | Call, |
| const LocationContext * | LCtx, | ||
| ProgramStateRef | State | ||
| ) |
Create a new state in which the call return value is binded to the call origin expression.
Definition at line 740 of file ExprEngineCallAndReturn.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::C, clang::Call, clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), E, clang::ento::SValBuilder::evalBinOp(), clang::ento::SValBuilder::getArrayIndexType(), clang::ento::SVal::getAsRegion(), clang::ento::SValBuilder::getConjuredHeapSymbolVal(), getCurrentCFGElement(), clang::ento::getElementExtent(), clang::Expr::getType(), handleConstructionContext(), clang::ento::SValBuilder::makeIntVal(), clang::OMF_autorelease, clang::OMF_retain, clang::OMF_self, clang::ento::setDynamicExtent(), clang::ento::RegionAndSymbolInvalidationTraits::setTrait(), clang::ento::MemRegion::StripCasts(), clang::Target, and clang::ento::RegionAndSymbolInvalidationTraits::TK_DoNotInvalidateSuperRegion.
| SVal ExprEngine::computeObjectUnderConstruction | ( | const Expr * | E, |
| ProgramStateRef | State, | ||
| const NodeBuilderContext * | BldrCtx, | ||
| const LocationContext * | LCtx, | ||
| const ConstructionContext * | CC, | ||
| EvalCallOptions & | CallOpts, | ||
| unsigned | Idx = 0 |
||
| ) |
Find location of the object that is being constructed by a given constructor.
This should ideally always succeed but due to not being fully implemented it sometimes indicates that it failed via its out-parameter CallOpts; in such cases a fake temporary region is returned, which is better than nothing but does not represent the actual behavior of the program. The Idx parameter is used if we construct an array of objects. In that case it points to the index of the continuous memory region. E.g.: For int arr[4] this index can be 0,1,2,3. For int arr2[3][3] this index can be 0,1,...,7,8. A multi-dimensional array is also a continuous memory location in a row major order, so for arr[0][0] Idx is 0 and for arr[2][2] Idx is 8.
Definition at line 121 of file ExprEngineCXX.cpp.
References clang::ConstructionContext::ArgumentKind, clang::ento::NodeBuilderContext::blockCount(), computeObjectUnderConstruction(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ConstructionContext::CXX17ElidedCopyConstructorInitializerKind, clang::ConstructionContext::CXX17ElidedCopyReturnedValueKind, clang::ConstructionContext::CXX17ElidedCopyVariableKind, E, clang::ConstructionContext::ElidedTemporaryObjectKind, clang::ento::AnalysisManager::getAnalyzerOptions(), clang::ento::SVal::getAsRegion(), clang::ento::ProgramStateManager::getCallEventManager(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), getCFGElementRef(), clang::ento::SValBuilder::getContext(), getContext(), getCoreEngine(), clang::ento::MemRegionManager::getCXXBaseObjectRegion(), clang::ento::CallEventManager::getCXXConstructorCall(), clang::ento::MemRegionManager::getCXXLifetimeExtendedObjectRegion(), clang::ento::MemRegionManager::getCXXStaticLifetimeExtendedObjectRegion(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::MemRegionManager::getElementRegion(), clang::MaterializeTemporaryExpr::getExtendingDecl(), clang::StackFrameContext::getIndex(), getIndexOfElementToConstruct(), clang::ConstructionContext::getKind(), clang::ento::CallEventManager::getObjCMethodCall(), getObjectUnderConstruction(), clang::LocationContext::getParent(), clang::ASTContext::getPointerType(), clang::ento::SValBuilder::getRegionManager(), clang::ento::CallEventManager::getSimpleCall(), clang::LocationContext::getStackFrame(), getStateManager(), clang::MaterializeTemporaryExpr::getStorageDuration(), getSValBuilder(), clang::Expr::getType(), clang::Init, clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::EvalCallOptions::IsElidableCtorThatHasNotBeenElided, clang::ento::EvalCallOptions::IsTemporaryCtorOrDtor, clang::ento::EvalCallOptions::IsTemporaryLifetimeExtendedViaAggregate, clang::ento::CallEvent::isVariadic(), clang::ConstructionContext::LambdaCaptureKind, clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeLoc(), clang::ConstructionContext::NewAllocatedObjectKind, clang::SD_FullExpression, clang::SD_Static, clang::SD_Thread, clang::ConstructionContext::SimpleConstructorInitializerKind, clang::ConstructionContext::SimpleReturnedValueKind, clang::ConstructionContext::SimpleTemporaryObjectKind, clang::ConstructionContext::SimpleVariableKind, and V.
Referenced by computeObjectUnderConstruction(), clang::ento::CallEvent::getReturnValueUnderConstruction(), and handleConstructionContext().
| void ExprEngine::CreateCXXTemporaryObject | ( | const MaterializeTemporaryExpr * | ME, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Create a C++ temporary object for an rvalue.
Definition at line 30 of file ExprEngineCXX.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::MaterializeTemporaryExpr::getSubExpr(), and clang::Expr::IgnoreParens().
Referenced by Visit().
| void ExprEngine::defaultEvalCall | ( | NodeBuilder & | B, |
| ExplodedNode * | Pred, | ||
| const CallEvent & | Call, | ||
| const EvalCallOptions & | CallOpts = {} |
||
| ) |
Default implementation of call evaluation.
Definition at line 1214 of file ExprEngineCallAndReturn.cpp.
References clang::Call, clang::ento::CallEvent::cloneWithState(), D, E, getAnalysisManager(), clang::ento::RuntimeDefinition::getDecl(), clang::ento::RuntimeDefinition::getDispatchRegion(), getInlineFailedState(), clang::ento::ExplodedNode::getState(), clang::IPAK_DynamicDispatch, clang::IPAK_DynamicDispatchBifurcate, clang::ento::RuntimeDefinition::isForeign(), isTrivialObjectAssignment(), clang::ento::RuntimeDefinition::mayHaveOtherDefinitions(), and clang::ento::AnalysisManager::options.
Referenced by clang::ento::CheckerManager::runCheckersForEvalCall(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), and VisitObjCMessage().
| std::string ExprEngine::DumpGraph | ( | ArrayRef< const ExplodedNode * > | Nodes, |
| StringRef | Filename = "" |
||
| ) |
Dump the graph consisting of the given nodes to a specified filename.
Generate a temporary filename if it's not provided.
Definition at line 3957 of file ExprEngine.cpp.
References Filename, Nodes, and clang::ento::ExplodedGraph::trim().
Dump graph to the specified filename.
If filename is empty, generate a temporary one.
Definition at line 3936 of file ExprEngine.cpp.
References clang::Class, DumpGraph(), clang::ento::BugReporter::equivalenceClasses(), and Filename.
Referenced by DumpGraph(), and ViewGraph().
|
inline |
Definition at line 601 of file ExprEngine.h.
References clang::ento::SValBuilder::evalBinOp(), and clang::T.
Referenced by getInitialState(), VisitBinaryOperator(), VisitIncrementDecrementOperator(), VisitLogicalExpr(), and VisitUnaryOperator().
| void ExprEngine::evalCall | ( | ExplodedNodeSet & | Dst, |
| ExplodedNode * | Pred, | ||
| const CallEvent & | Call | ||
| ) |
Evaluate a call, running pre- and post-call checkers and allowing checkers to be responsible for handling the evaluation of the call itself.
Definition at line 672 of file ExprEngineCallAndReturn.cpp.
References clang::Call, clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::Type::getPointeeType(), clang::ento::ExplodedNodeSet::insert(), clang::QualType::isConstQualified(), clang::QualType::isNull(), clang::Type::isPointerType(), clang::Type::isReferenceType(), clang::Type::isVoidType(), processPointerEscapedOnBind(), clang::ento::PSK_EscapeOutParameters, clang::ento::CheckerManager::runCheckersForEvalCall(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().
Referenced by VisitCallExpr().
| void ExprEngine::evalEagerlyAssumeBinOpBifurcation | ( | ExplodedNodeSet & | Dst, |
| ExplodedNodeSet & | Src, | ||
| const Expr * | Ex | ||
| ) |
evalEagerlyAssumeBinOpBifurcation - Given the nodes in 'Src', eagerly assume symbolic expressions of the form 'x != 0' and generate new nodes (stored in Dst) with those assumptions.
Definition at line 3749 of file ExprEngine.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), geteagerlyAssumeBinOpBifurcationTags(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::StmtPoint::getStmt(), clang::Expr::getType(), clang::ento::SValBuilder::makeIntVal(), P, and V.
Referenced by Visit().
| void ExprEngine::evalLoad | ( | ExplodedNodeSet & | Dst, |
| const Expr * | NodeEx, | ||
| const Expr * | BoundExpr, | ||
| ExplodedNode * | Pred, | ||
| ProgramStateRef | St, | ||
| SVal | location, | ||
| const ProgramPointTag * | tag = nullptr, |
||
| QualType | LoadTy = QualType() |
||
| ) |
Simulate a read of the result of Ex.
Definition at line 3665 of file ExprEngine.cpp.
References clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::empty(), clang::ento::StmtNodeBuilder::generateNode(), clang::Expr::getType(), clang::QualType::isNull(), clang::ento::SVal::isUndef(), clang::ento::SVal::isValid(), clang::ProgramPoint::PostLoadKind, and V.
Referenced by VisitBinaryOperator(), VisitCast(), VisitIncrementDecrementOperator(), and VisitMemberExpr().
| void ExprEngine::evalStore | ( | ExplodedNodeSet & | Dst, |
| const Expr * | AssignE, | ||
| const Expr * | LocationE, | ||
| ExplodedNode * | Pred, | ||
| ProgramStateRef | state, | ||
| SVal | location, | ||
| SVal | Val, | ||
| const ProgramPointTag * | tag = nullptr |
||
| ) |
evalStore - Handle the semantics of a store via an assignment.
| Dst | The node set to store generated state nodes |
| AssignE | The assignment expression if the store happens in an assignment. |
| LocationE | The location expression that is stored to. |
| state | The current simulation state |
| location | The location to store the value |
| Val | The value to be stored |
Definition at line 3642 of file ExprEngine.cpp.
References clang::ento::ExplodedNodeSet::empty(), and clang::ento::SVal::isUndef().
Referenced by VisitBinaryOperator(), and VisitIncrementDecrementOperator().
|
inline |
Returns true if there is still simulation state on the worklist.
Definition at line 189 of file ExprEngine.h.
References clang::ento::CoreEngine::ExecuteWorkList(), clang::LocationContext::getDecl(), clang::LocationContext::inTopFrame(), and clang::ento::BugReporter::setAnalysisEntryPoint().
|
inline |
Definition at line 200 of file ExprEngine.h.
References clang::ento::AnalysisManager::getAnalysisDeclContextManager().
|
inline |
Definition at line 198 of file ExprEngine.h.
Referenced by defaultEvalCall(), clang::ento::CoreEngine::ExecuteWorkList(), clang::ento::CheckerContext::getAnalysisManager(), clang::ento::ProgramState::getAnalysisManager(), ProcessNewAllocator(), and VisitCXXBindTemporaryExpr().
|
inline |
Definition at line 419 of file ExprEngine.h.
References clang::ento::ProgramStateManager::getBasicVals().
Referenced by VisitCast(), VisitInitListExpr(), VisitLogicalExpr(), and VisitUnaryOperator().
|
inline |
Definition at line 210 of file ExprEngine.h.
Referenced by clang::ento::CheckerContext::emitReport(), and clang::ento::CheckerContext::getBugReporter().
|
inline |
Definition at line 217 of file ExprEngine.h.
Referenced by clang::ento::CallEvent::getReturnValueUnderConstruction(), ProcessAutomaticObjDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), and clang::ento::CheckerManager::runCheckersForEvalCall().
|
inline |
Definition at line 229 of file ExprEngine.h.
References clang::ento::NodeBuilderContext::getBlock().
Referenced by computeObjectUnderConstruction(), ProcessAutomaticObjDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), ProcessNewAllocator(), ProcessTemporaryDtor(), VisitCallExpr(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), and VisitObjCMessage().
|
inline |
Definition at line 204 of file ExprEngine.h.
References clang::ento::AnalysisManager::getCheckerManager().
Referenced by evalCall(), notifyCheckersOfPointerEscape(), printJson(), processAssume(), processBeginOfFunction(), processBranch(), processCallExit(), processEndOfFunction(), processEndWorklist(), processRegionChanges(), removeDead(), Visit(), VisitArrayInitLoopExpr(), VisitArraySubscriptExpr(), VisitAtomicExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCallExpr(), VisitCast(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitDeclStmt(), VisitLambdaExpr(), VisitLvalObjCIvarRefExpr(), VisitMemberExpr(), VisitObjCAtSynchronizedStmt(), VisitObjCForCollectionStmt(), VisitObjCMessage(), VisitReturnStmt(), VisitUnaryExprOrTypeTraitExpr(), and VisitUnaryOperator().
|
inline |
Definition at line 414 of file ExprEngine.h.
References clang::ento::ProgramStateManager::getConstraintManager().
Referenced by clang::ento::CheckerContext::getConstraintManager(), and removeDead().
|
inline |
getContext - Return the ASTContext associated with this analysis.
Definition at line 196 of file ExprEngine.h.
References clang::ento::AnalysisManager::getASTContext().
Referenced by computeObjectUnderConstruction(), clang::ento::CheckerContext::getASTContext(), clang::ento::CheckerContext::getLangOpts(), handleLValueBitCast(), ProcessAutomaticObjDtor(), processBranch(), processCallExit(), ProcessDeleteDtor(), ProcessInitializer(), ProcessLoopExit(), ProcessMemberDtor(), ProcessStmt(), processSwitch(), ProcessTemporaryDtor(), Visit(), VisitArraySubscriptExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCast(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXThisExpr(), VisitDeclStmt(), VisitInitListExpr(), VisitLambdaExpr(), VisitOffsetOfExpr(), and VisitUnaryExprOrTypeTraitExpr().
|
inline |
Definition at line 433 of file ExprEngine.h.
Referenced by computeObjectUnderConstruction(), and processCallExit().
|
inline |
Definition at line 213 of file ExprEngine.h.
|
inline |
Return the CFG element corresponding to the worklist element that is currently being processed by ExprEngine.
Definition at line 687 of file ExprEngine.h.
References clang::ento::NodeBuilderContext::getBlock().
Referenced by bindReturnValue().
|
inline |
Definition at line 426 of file ExprEngine.h.
References clang::ento::CoreEngine::getDataTags().
Referenced by clang::ento::CheckerContext::getNoteTag().
|
static |
Definition at line 3739 of file ExprEngine.cpp.
Referenced by evalEagerlyAssumeBinOpBifurcation(), and clang::ento::ConditionBRVisitor::VisitNodeImpl().
|
inline |
Definition at line 256 of file ExprEngine.h.
Referenced by clang::ento::PathSensitiveBugReporter::getGraph().
|
inline |
Definition at line 257 of file ExprEngine.h.
|
static |
Retreives which element is being constructed in a non-POD type array.
Definition at line 513 of file ExprEngine.cpp.
References E, clang::LocationContext::getStackFrame(), and V.
Referenced by computeObjectUnderConstruction().
| ProgramStateRef ExprEngine::getInitialState | ( | const LocationContext * | InitLoc | ) |
getInitialState - Return the initial state used for the root vertex in the ExplodedGraph.
Definition at line 244 of file ExprEngine.cpp.
References D, evalBinOp(), clang::ento::SVal::getAs(), clang::ento::SValBuilder::getConditionType(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ProgramStateManager::getInitialState(), clang::IdentifierInfo::getName(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::ValueDecl::getType(), clang::ento::SValBuilder::makeZeroVal(), clang::T, and V.
Referenced by clang::ento::CoreEngine::ExecuteWorkList().
|
static |
By looking at a certain item that may be potentially part of an object's ConstructionContext, retrieve such object's location.
A particular statement can be transparently passed as Item in most cases.
Definition at line 603 of file ExprEngine.cpp.
References clang::LocationContext::getStackFrame(), and V.
Referenced by computeObjectUnderConstruction(), clang::ento::CXXAllocatorCall::getObjectUnderConstruction(), clang::ento::CallEvent::isArgumentConstructedDirectly(), processCleanupTemporaryBranch(), ProcessInitializer(), ProcessTemporaryDtor(), VisitCXXBindTemporaryExpr(), VisitCXXNewExpr(), VisitDeclStmt(), and VisitLambdaExpr().
|
static |
Retreives which element is being destructed in a non-POD type array.
Definition at line 532 of file ExprEngine.cpp.
References clang::LocationContext::getStackFrame(), and V.
Referenced by processCallExit().
|
static |
Retreives the size of the array in the pending ArrayInitLoopExpr.
Definition at line 486 of file ExprEngine.cpp.
References E, clang::LocationContext::getStackFrame(), and V.
|
inline |
Definition at line 424 of file ExprEngine.h.
|
inline |
Definition at line 224 of file ExprEngine.h.
References clang::ento::ExplodedGraph::roots_begin(), and clang::ento::ExplodedGraph::roots_end().
Referenced by processEndWorklist().
|
inline |
Definition at line 410 of file ExprEngine.h.
Referenced by computeObjectUnderConstruction(), clang::ento::CheckerContext::getStateManager(), clang::ento::PathSensitiveBugReporter::getStateManager(), processCallExit(), processEndOfFunction(), VisitCallExpr(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), and VisitObjCMessage().
| const Stmt * clang::ento::ExprEngine::getStmt | ( | ) | const |
|
inline |
Definition at line 412 of file ExprEngine.h.
References clang::ento::ProgramStateManager::getStoreManager().
Referenced by clang::ento::CheckerContext::getStoreManager(), ProcessBaseDtor(), processCallExit(), ProcessInitializer(), removeDead(), VisitCast(), and VisitMemberExpr().
|
inline |
Definition at line 208 of file ExprEngine.h.
Referenced by computeObjectUnderConstruction(), clang::ento::CheckerContext::getSValBuilder(), ProcessBaseDtor(), ProcessInitializer(), ProcessMemberDtor(), and VisitInitListExpr().
|
inline |
Definition at line 423 of file ExprEngine.h.
|
inline |
A convenient wrapper around computeObjectUnderConstruction and updateObjectsUnderConstruction.
Definition at line 738 of file ExprEngine.h.
References computeObjectUnderConstruction(), E, updateObjectsUnderConstruction(), and V.
Referenced by bindReturnValue().
| ProgramStateRef ExprEngine::handleLValueBitCast | ( | ProgramStateRef | state, |
| const Expr * | Ex, | ||
| const LocationContext * | LCtx, | ||
| QualType | T, | ||
| QualType | ExTy, | ||
| const CastExpr * | CastE, | ||
| StmtNodeBuilder & | Bldr, | ||
| ExplodedNode * | Pred | ||
| ) |
Definition at line 254 of file ExprEngineC.cpp.
References clang::ento::SValBuilder::evalCast(), clang::ento::SValBuilder::evalMinus(), clang::ento::StmtNodeBuilder::generateNode(), clang::CastExpr::getCastKind(), getContext(), clang::ASTContext::getLValueReferenceType(), clang::ASTContext::getRValueReferenceType(), clang::Expr::getType(), clang::Type::isLValueReferenceType(), clang::Type::isRValueReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::PSK_EscapeOther, clang::ento::SValBuilder::simplifySVal(), clang::T, and V.
Referenced by VisitCast().
| void ExprEngine::handleUOExtension | ( | ExplodedNode * | N, |
| const UnaryOperator * | U, | ||
| StmtNodeBuilder & | Bldr | ||
| ) |
Definition at line 908 of file ExprEngineC.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), and clang::ento::ExplodedNode::getState().
Referenced by VisitUnaryOperator().
|
inline |
Definition at line 430 of file ExprEngine.h.
References clang::ento::CoreEngine::getWorkList(), and clang::ento::WorkList::hasWork().
|
static |
Definition at line 2701 of file ExprEngine.cpp.
Referenced by assumeCondition().
|
inline |
Definition at line 431 of file ExprEngine.h.
References clang::ento::CoreEngine::hasWorkRemaining().
| ProgramStateRef ExprEngine::notifyCheckersOfPointerEscape | ( | ProgramStateRef | State, |
| const InvalidatedSymbols * | Invalidated, | ||
| ArrayRef< const MemRegion * > | ExplicitRegions, | ||
| const CallEvent * | Call, | ||
| RegionAndSymbolInvalidationTraits & | ITraits | ||
| ) |
Call PointerEscape callback when a value escapes as a result of region invalidation.
| [in] | ITraits | Specifies invalidation traits for regions/symbols. |
Definition at line 3541 of file ExprEngine.cpp.
References clang::Call, getCheckerManager(), clang::ento::PSK_DirectEscapeOnCall, clang::ento::PSK_EscapeOther, clang::ento::PSK_IndirectEscapeOnCall, and clang::ento::CheckerManager::runCheckersForPointerEscape().
| void ExprEngine::printJson | ( | raw_ostream & | Out, |
| ProgramStateRef | State, | ||
| const LocationContext * | LCtx, | ||
| const char * | NL, | ||
| unsigned int | Space, | ||
| bool | IsDot | ||
| ) | const |
printJson - Called by ProgramStateManager to print checker-specific data.
Definition at line 939 of file ExprEngine.cpp.
References getCheckerManager(), printIndicesOfElementsToConstructJson(), printObjectsUnderConstructionJson(), printPendingArrayDestructionsJson(), printPendingInitLoopJson(), and clang::ento::CheckerManager::runCheckersForPrintStateJson().
Referenced by clang::ento::ProgramState::printJson().
| ProgramStateRef ExprEngine::processAssume | ( | ProgramStateRef | state, |
| SVal | cond, | ||
| bool | assumption | ||
| ) |
evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values.
evalAssume - Called by ConstraintManager.
Used to call checker-specific logic for handling assumptions on symbolic values.
Definition at line 667 of file ExprEngine.cpp.
References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForEvalAssume().
| void ExprEngine::ProcessAutomaticObjDtor | ( | const CFGAutomaticObjDtor | D, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1337 of file ExprEngine.cpp.
References clang::ento::SVal::castAs(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::ento::SVal::getAsInteger(), clang::ento::SVal::getAsRegion(), clang::ento::MemRegion::getBaseRegion(), getBuilderContext(), getCFGElementRef(), getContext(), clang::CFGImplicitDtor::getDestructorDecl(), clang::ento::ExplodedNode::getLocationContext(), getRegion(), clang::ento::ExplodedNode::getState(), clang::CFGAutomaticObjDtor::getTriggerStmt(), clang::CFGAutomaticObjDtor::getVarDecl(), clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::ento::SVal::isConstant(), clang::Type::isReferenceType(), clang::ento::NodeBuilder::takeNodes(), clang::ast_matchers::varDecl, and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
| void ExprEngine::ProcessBaseDtor | ( | const CFGBaseDtor | D, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1485 of file ExprEngine.cpp.
References D, clang::ento::StoreManager::evalDerivedToBase(), clang::ento::SVal::getAsRegion(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStoreManager(), getSValBuilder(), and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
| void ExprEngine::processBeginOfFunction | ( | NodeBuilderContext & | BC, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst, | ||
| const BlockEdge & | L | ||
| ) |
Called by CoreEngine.
Used to notify checkers that processing a function has begun. Called for both inlined and top-level functions.
Definition at line 2903 of file ExprEngine.cpp.
References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForBeginFunction().
Referenced by clang::ento::CoreEngine::ExecuteWorkList(), and processCallEnter().
| void ExprEngine::processBranch | ( | const Stmt * | Condition, |
| NodeBuilderContext & | BuilderCtx, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst, | ||
| const CFGBlock * | DstT, | ||
| const CFGBlock * | DstF | ||
| ) |
ProcessBranch - Called by CoreEngine.
Used to generate successor nodes by processing the 'effects' of a branch condition.
Definition at line 2758 of file ExprEngine.cpp.
References assumeCondition(), clang::Condition, clang::ento::ExplodedNodeSet::empty(), clang::ento::BranchNodeBuilder::generateNode(), clang::ento::NodeBuilderContext::getBlock(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::BranchNodeBuilder::isFeasible(), clang::ento::BranchNodeBuilder::markInfeasible(), ResolveCondition(), and clang::ento::CheckerManager::runCheckersForBranchCondition().
| void ExprEngine::processCallEnter | ( | NodeBuilderContext & | BC, |
| CallEnter | CE, | ||
| ExplodedNode * | Pred | ||
| ) |
Generate the entry node of the callee.
Definition at line 44 of file ExprEngineCallAndReturn.cpp.
References clang::CFGBlock::empty(), clang::ento::CoreEngine::enqueue(), clang::CallEnter::getCalleeContext(), clang::CallEnter::getEntry(), clang::ento::ExplodedGraph::getNode(), clang::ento::ExplodedNode::getState(), Node, processBeginOfFunction(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().
| void ExprEngine::processCallExit | ( | ExplodedNode * | CEBNode | ) |
Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr.
The call exit is simulated with a sequence of nodes, which occur between CallExitBegin and CallExitEnd.
The following operations occur between the two program points:
Definition at line 254 of file ExprEngineCallAndReturn.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::ento::ExplodedNode::addPredecessor(), adjustReturnValue(), clang::AnalyzerOptions::AnalysisPurgeOpt, clang::ento::ExplodedNodeSet::begin(), clang::Call, clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::end(), clang::ento::WorkList::enqueue(), clang::ento::SValBuilder::evalCast(), clang::LocationContext::getAnalysisDeclContext(), clang::ento::AnalysisManager::getAnalyzerOptions(), clang::AnalysisDeclContext::getBody(), clang::ento::CallEventManager::getCaller(), clang::ento::ProgramStateManager::getCallEventManager(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), getCheckerManager(), getContext(), getCoreEngine(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::CallEvent::getDeclaredResultType(), clang::StackFrameContext::getIndex(), getLastStmt(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedGraph::getNode(), clang::LocationContext::getParent(), getPendingArrayDestruction(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getStackFrame(), clang::ento::ExplodedNode::getState(), getStateManager(), getStoreManager(), clang::ento::SVal::getType(), clang::ento::CoreEngine::getWorkList(), clang::ento::ExplodedNodeSet::insert(), clang::QualType::isNull(), clang::ento::AnalysisManager::options, clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, removeDead(), clang::ento::CheckerManager::runCheckersForNewAllocator(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPostStmt(), V, and wasDifferentDeclUsedForInlining().
Referenced by clang::ento::CoreEngine::dispatchWorkItem().
| void ExprEngine::processCFGBlockEntrance | ( | const BlockEdge & | L, |
| NodeBuilderWithSinks & | nodeBuilder, | ||
| ExplodedNode * | Pred | ||
| ) |
Called by CoreEngine when processing the entrance of a CFGBlock.
Block entrance. (Update counters).
Definition at line 2506 of file ExprEngine.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::NodeBuilderWithSinks::generateNode(), clang::ento::NodeBuilderWithSinks::generateSink(), clang::ento::AnalysisManager::getASTContext(), clang::ento::NodeBuilderContext::getBlock(), clang::ento::NodeBuilder::getContext(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocation(), clang::ProgramPoint::getLocationContext(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::CFGBlock::getTerminatorStmt(), clang::ento::getWidenedLoopState(), clang::ento::isUnrolledState(), clang::ento::FunctionSummariesTy::markReachedMaxBlockCount(), clang::AnalyzerOptions::maxBlockVisitOnPath, clang::AnalyzerOptions::NoRetryExhausted, clang::ento::AnalysisManager::options, clang::ento::ExplodedGraph::roots_begin(), and clang::ento::updateLoopStack().
| void ExprEngine::processCFGElement | ( | const CFGElement | E, |
| ExplodedNode * | Pred, | ||
| unsigned | StmtIdx, | ||
| NodeBuilderContext * | Ctx | ||
| ) |
processCFGElement - Called by CoreEngine.
Used to generate new successor nodes by processing the 'effects' of a CFG element.
Definition at line 966 of file ExprEngine.cpp.
References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, clang::CFGElement::CleanupFunction, clang::CFGElement::Constructor, clang::CFGElement::CXXRecordTypedCall, clang::CFGElement::DeleteDtor, E, clang::CFGNewAllocator::getAllocatorExpr(), clang::ento::ExplodedNode::getLocationContext(), clang::CFGLoopExit::getLoopStmt(), clang::CFGStmt::getStmt(), clang::CFGElement::Initializer, clang::CFGElement::LifetimeEnds, clang::CFGElement::LoopExit, clang::CFGElement::MemberDtor, clang::CFGElement::NewAllocator, ProcessImplicitDtor(), ProcessInitializer(), ProcessLoopExit(), ProcessNewAllocator(), ProcessStmt(), clang::CFGElement::ScopeBegin, clang::CFGElement::ScopeEnd, clang::CFGElement::Statement, and clang::CFGElement::TemporaryDtor.
| void ExprEngine::processCleanupTemporaryBranch | ( | const CXXBindTemporaryExpr * | BTE, |
| NodeBuilderContext & | BldCtx, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst, | ||
| const CFGBlock * | DstT, | ||
| const CFGBlock * | DstF | ||
| ) |
Called by CoreEngine.
Used to generate successor nodes for temporary destructors depending on whether the corresponding constructor was visited.
Definition at line 1640 of file ExprEngine.cpp.
References clang::ento::BranchNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ento::ExplodedNode::getState(), and clang::ento::BranchNodeBuilder::markInfeasible().
| void ExprEngine::ProcessDeleteDtor | ( | const CFGDeleteDtor | D, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1409 of file ExprEngine.cpp.
References clang::ento::NodeBuilder::generateNode(), clang::CXXDeleteExpr::getArgument(), clang::ASTContext::getAsArrayType(), clang::Type::getAsCXXRecordDecl(), clang::ento::SVal::getAsInteger(), clang::ento::SVal::getAsRegion(), clang::ASTContext::getBaseElementType(), clang::CXXDeleteExpr::getBeginLoc(), getBuilderContext(), getCFGElementRef(), getContext(), clang::CFGDeleteDtor::getDeleteExpr(), clang::CXXDeleteExpr::getDestroyedType(), clang::CXXRecordDecl::getDestructor(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::CXXDeleteExpr::isArrayForm(), clang::ento::SVal::isConstant(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::NodeBuilder::takeNodes(), and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
| void ExprEngine::processEndOfFunction | ( | NodeBuilderContext & | BC, |
| ExplodedNode * | Pred, | ||
| const ReturnStmt * | RS = nullptr |
||
| ) |
Called by CoreEngine.
ProcessEndPath - Called by CoreEngine.
Used to notify checkers that processing a function has ended. Called for both inlined and top-level functions.
Used to generate end-of-path nodes when the control reaches the end of a function.
Definition at line 2913 of file ExprEngine.cpp.
References clang::ConstructionContextItem::ElidedDestructorKind, clang::ento::CoreEngine::enqueueEndOfFunction(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getStackFrame(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::LocationContext::inTopFrame(), clang::StackFrameContext::inTopFrame(), removeDeadOnEndOfFunction(), clang::ento::CheckerManager::runCheckersForEndFunction(), and clang::ConstructionContextItem::TemporaryDestructorKind.
| void ExprEngine::processEndWorklist | ( | ) |
Called by CoreEngine when the analysis worklist has terminated.
Definition at line 960 of file ExprEngine.cpp.
References getCheckerManager(), getRootLocationContext(), and clang::ento::CheckerManager::runCheckersForEndAnalysis().
Referenced by clang::ento::CoreEngine::ExecuteWorkList().
| void ExprEngine::ProcessImplicitDtor | ( | const CFGImplicitDtor | D, |
| ExplodedNode * | Pred | ||
| ) |
Definition at line 1290 of file ExprEngine.cpp.
References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, D, clang::CFGElement::DeleteDtor, clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilderContext::getBlock(), clang::Decl::getKind(), clang::CFGElement::MemberDtor, ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), ProcessTemporaryDtor(), and clang::CFGElement::TemporaryDtor.
Referenced by processCFGElement().
| void ExprEngine::processIndirectGoto | ( | IndirectGotoNodeBuilder & | builder | ) |
processIndirectGoto - Called by CoreEngine.
Used to generate successor nodes by processing the 'effects' of a computed goto jump.
Definition at line 2862 of file ExprEngine.cpp.
References clang::ento::IndirectGotoNodeBuilder::generateNode(), clang::ento::IndirectGotoNodeBuilder::getLocationContext(), clang::ento::IndirectGotoNodeBuilder::getState(), clang::ento::IndirectGotoNodeBuilder::getTarget(), and V.
| void ExprEngine::ProcessInitializer | ( | const CFGInitializer | I, |
| ExplodedNode * | Pred | ||
| ) |
Definition at line 1157 of file ExprEngine.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ast_matchers::decl, clang::ento::CoreEngine::enqueue(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::NodeBuilder::generateNode(), clang::ento::SVal::getAs(), clang::ento::SVal::getAsRegion(), clang::ArraySubscriptExpr::getBase(), clang::CXXCtorInitializer::getBaseClass(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::SValBuilder::getCXXThis(), clang::CXXCtorInitializer::getIndirectMember(), clang::CXXCtorInitializer::getInit(), clang::CFGInitializer::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXCtorInitializer::getMember(), getObjectUnderConstruction(), clang::CXXCtorInitializer::getSourceLocation(), clang::ento::ExplodedNode::getState(), getStoreManager(), getSValBuilder(), clang::Expr::IgnoreImplicit(), clang::Init, clang::ento::ExplodedNodeSet::insert(), clang::CXXCtorInitializer::isAnyMemberInitializer(), clang::CXXCtorInitializer::isBaseInitializer(), clang::CXXCtorInitializer::isBaseVirtual(), clang::CXXCtorInitializer::isDelegatingInitializer(), clang::CXXCtorInitializer::isIndirectMemberInitializer(), and clang::ento::SVal::isUnknownOrUndef().
Referenced by processCFGElement().
| void ExprEngine::ProcessLoopExit | ( | const Stmt * | S, |
| ExplodedNode * | Pred | ||
| ) |
Definition at line 1139 of file ExprEngine.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::AnalysisManager::options, and clang::ento::processLoopEnd().
Referenced by processCFGElement().
| void ExprEngine::ProcessMemberDtor | ( | const CFGMemberDtor | D, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1505 of file ExprEngine.cpp.
References D, clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::ento::SVal::getAsInteger(), getBuilderContext(), getCFGElementRef(), getContext(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getSValBuilder(), clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::ento::SVal::isConstant(), clang::Member, clang::T, clang::ento::NodeBuilder::takeNodes(), and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
| void ExprEngine::ProcessNewAllocator | ( | const CXXNewExpr * | NE, |
| ExplodedNode * | Pred | ||
| ) |
Definition at line 1317 of file ExprEngine.cpp.
References clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilder::generateNode(), getAnalysisManager(), clang::ento::NodeBuilderContext::getBlock(), getCFGElementRef(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::AnalysisManager::options, and VisitCXXNewAllocatorCall().
Referenced by processCFGElement().
| ProgramStateRef ExprEngine::processPointerEscapedOnBind | ( | ProgramStateRef | State, |
| ArrayRef< std::pair< SVal, SVal > > | LocAndVals, | ||
| const LocationContext * | LCtx, | ||
| PointerEscapeKind | Kind, | ||
| const CallEvent * | Call | ||
| ) |
Call PointerEscape callback when a value escapes as a result of bind.
Definition at line 3491 of file ExprEngine.cpp.
References clang::Call, clang::ento::MemRegion::getBaseRegion(), and clang::ento::MemRegion::getMemorySpace().
Referenced by evalCall().
|
inline |
Definition at line 399 of file ExprEngine.h.
References processRegionChanges().
Referenced by clang::ento::ProgramState::bindDefaultInitial(), clang::ento::ProgramState::bindDefaultZero(), and clang::ento::ProgramState::bindLoc().
| ProgramStateRef ExprEngine::processRegionChanges | ( | ProgramStateRef | state, |
| const InvalidatedSymbols * | invalidated, | ||
| ArrayRef< const MemRegion * > | ExplicitRegions, | ||
| ArrayRef< const MemRegion * > | Regions, | ||
| const LocationContext * | LCtx, | ||
| const CallEvent * | Call | ||
| ) |
processRegionChanges - Called by ProgramStateManager whenever a change is made to the store.
Used to update checkers that track region values.
Definition at line 673 of file ExprEngine.cpp.
References clang::Call, getCheckerManager(), and clang::ento::CheckerManager::runCheckersForRegionChanges().
Referenced by processRegionChange().
| void clang::ento::ExprEngine::processStaticInitializer | ( | const DeclStmt * | DS, |
| NodeBuilderContext & | BuilderCtx, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst, | ||
| const CFGBlock * | DstT, | ||
| const CFGBlock * | DstF | ||
| ) |
Called by CoreEngine.
Used to processing branching behavior at static initializers.
| void ExprEngine::ProcessStmt | ( | const Stmt * | S, |
| ExplodedNode * | Pred | ||
| ) |
Definition at line 1109 of file ExprEngine.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::ento::CoreEngine::enqueue(), clang::Stmt::getBeginLoc(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNodeSet::insert(), clang::ento::ExplodedGraph::reclaimRecentlyAllocatedNodes(), removeDead(), shouldRemoveDeadBindings(), and Visit().
Referenced by processCFGElement().
| void ExprEngine::processSwitch | ( | SwitchNodeBuilder & | builder | ) |
ProcessSwitch - Called by CoreEngine.
Used to generate successor nodes by processing the 'effects' of a switch statement.
Definition at line 2987 of file ExprEngine.cpp.
References clang::ento::SwitchNodeBuilder::begin(), clang::ento::SVal::castAs(), E, clang::ento::SwitchNodeBuilder::end(), clang::Expr::EvaluateKnownConstInt(), clang::ento::SwitchNodeBuilder::generateCaseStmtNode(), clang::ento::SwitchNodeBuilder::generateDefaultCaseNode(), clang::Type::getAs(), clang::ento::SVal::getAs(), clang::SwitchStmt::getCond(), clang::ento::SwitchNodeBuilder::getCondition(), getContext(), clang::CaseStmt::getLHS(), clang::ento::SwitchNodeBuilder::getLocationContext(), clang::CaseStmt::getRHS(), clang::ento::SwitchNodeBuilder::getState(), clang::ento::SwitchNodeBuilder::getSwitch(), clang::Expr::getType(), clang::Expr::IgnoreParenImpCasts(), clang::SwitchStmt::isAllEnumCasesCovered(), and clang::ento::SVal::isUndef().
| void ExprEngine::ProcessTemporaryDtor | ( | const CFGTemporaryDtor | D, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1564 of file ExprEngine.cpp.
References clang::ento::ExplodedNodeSet::begin(), D, clang::ento::ExplodedNodeSet::empty(), clang::ento::NodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateNode(), clang::Decl::getBeginLoc(), getCFGElementRef(), getContext(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ento::ExplodedNode::getState(), clang::ento::EvalCallOptions::IsTemporaryCtorOrDtor, clang::ento::ExplodedNodeSet::size(), clang::T, V, and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
| void ExprEngine::removeDead | ( | ExplodedNode * | Node, |
| ExplodedNodeSet & | Out, | ||
| const Stmt * | ReferenceStmt, | ||
| const LocationContext * | LC, | ||
| const Stmt * | DiagnosticStmt = nullptr, |
||
| ProgramPoint::Kind | K = ProgramPoint::PreStmtPurgeDeadSymbolsKind |
||
| ) |
Run the analyzer's garbage collection - remove dead symbols and bindings from the state.
Checkers can participate in this process with two callbacks: checkLiveSymbols and checkDeadSymbols. See the CheckerDocumentation class for more information.
| Node | The predecessor node, from which the processing should start. |
| Out | The returned set of output nodes. |
| ReferenceStmt | The statement which is about to be processed. Everything needed for this statement should be considered live. A null statement means that everything in child LocationContexts is dead. |
| LC | The location context of the ReferenceStmt. A null location context means that we have reached the end of analysis and that all statements and local variables should be considered dead. |
| DiagnosticStmt | Used as a location for any warnings that should occur while removing the dead (e.g. leaks). By default, the ReferenceStmt is used. |
| K | Denotes whether this is a pre- or post-statement purge. This must only be ProgramPoint::PostStmtPurgeDeadSymbolsKind if an entire location context is being cleared, in which case the ReferenceStmt must either be a ReturnStmt or NULL. Otherwise, it must be ProgramPoint::PreStmtPurgeDeadSymbolsKind (the default) and ReferenceStmt must be valid (non-null). |
Definition at line 1029 of file ExprEngine.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getConstraintManager(), clang::LocationContext::getParent(), clang::ento::ProgramStateManager::getPersistentStateWithGDM(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::ento::ProgramStateManager::haveEqualEnvironments(), clang::ento::ProgramStateManager::haveEqualStores(), clang::ento::SymbolReaper::markLive(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, clang::ProgramPoint::PreStmtPurgeDeadSymbolsKind, clang::ento::ConstraintManager::removeDeadBindings(), clang::ento::ProgramStateManager::removeDeadBindingsFromEnvironmentAndStore(), clang::ento::CheckerManager::runCheckersForDeadSymbols(), and clang::ento::CheckerManager::runCheckersForLiveSymbols().
Referenced by processCallExit(), ProcessStmt(), and removeDeadOnEndOfFunction().
| void ExprEngine::removeDeadOnEndOfFunction | ( | NodeBuilderContext & | BC, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Remove dead bindings/symbols before exiting a function.
Definition at line 165 of file ExprEngineCallAndReturn.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::LocationContext::getAnalysisDeclContext(), clang::AnalysisDeclContext::getBody(), getLastStmt(), clang::ento::ExplodedNode::getLocationContext(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, and removeDead().
Referenced by processEndOfFunction().
|
static |
Definition at line 2694 of file ExprEngine.cpp.
Referenced by assumeCondition().
|
static |
Note whether this loop has any more iteratios to model.
These methods are essentially an interface for a GDM trait. Further reading in ExprEngine::VisitObjCForCollectionStmt().
Definition at line 2686 of file ExprEngine.cpp.
Referenced by populateObjCForDestinationSet().
| ProgramStateRef ExprEngine::updateObjectsUnderConstruction | ( | SVal | V, |
| const Expr * | E, | ||
| ProgramStateRef | State, | ||
| const LocationContext * | LCtx, | ||
| const ConstructionContext * | CC, | ||
| const EvalCallOptions & | CallOpts | ||
| ) |
Update the program state with all the path-sensitive information that's necessary to perform construction of an object with a given syntactic construction context.
V and CallOpts have to be obtained from computeObjectUnderConstruction() invoked with the same set of the remaining arguments (E, State, LCtx, CC).
Definition at line 399 of file ExprEngineCXX.cpp.
References clang::ConstructionContext::ArgumentKind, clang::ConstructionContext::CXX17ElidedCopyConstructorInitializerKind, clang::ConstructionContext::CXX17ElidedCopyReturnedValueKind, clang::ConstructionContext::CXX17ElidedCopyVariableKind, clang::ConstructionContext::ElidedTemporaryObjectKind, clang::ento::AnalysisManager::getAnalyzerOptions(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), clang::StackFrameContext::getIndex(), clang::ConstructionContext::getKind(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::Init, clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::EvalCallOptions::IsElidableCtorThatHasNotBeenElided, clang::ConstructionContext::LambdaCaptureKind, clang::ConstructionContext::NewAllocatedObjectKind, clang::ConstructionContext::SimpleConstructorInitializerKind, clang::ConstructionContext::SimpleReturnedValueKind, clang::ConstructionContext::SimpleTemporaryObjectKind, clang::ConstructionContext::SimpleVariableKind, updateObjectsUnderConstruction(), and V.
Referenced by handleConstructionContext(), and updateObjectsUnderConstruction().
| void ExprEngine::ViewGraph | ( | ArrayRef< const ExplodedNode * > | Nodes | ) |
Visualize a trimmed ExplodedGraph that only contains paths to the given nodes.
Definition at line 3931 of file ExprEngine.cpp.
References DumpGraph(), Filename, and Nodes.
Visualize the ExplodedGraph created by executing the simulation.
Definition at line 3926 of file ExprEngine.cpp.
References DumpGraph(), and Filename.
| void ExprEngine::Visit | ( | const Stmt * | S, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Visit - Transfer function logic for all statements.
Dispatches to other functions that handle specific kinds of statements.
Definition at line 1712 of file ExprEngine.cpp.
References clang::ento::CoreEngine::addAbortedBlock(), clang::ento::NodeBuilder::addNodes(), clang::ento::NodeBuilderContext::blockCount(), clang::C, clang::ento::SValBuilder::conjureSymbolVal(), CreateCXXTemporaryObject(), E, evalEagerlyAssumeBinOpBifurcation(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::ento::NodeBuilderContext::getBlock(), getCheckerManager(), clang::ento::SValBuilder::getConstantVal(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), isRecordType(), clang::ento::SValBuilder::makeIntValWithWidth(), Node, clang::Stmt::NoStmtClass, clang::ento::AnalysisManager::options, PostVisit, clang::ProgramPoint::PreStmtKind, clang::ento::PSK_EscapeOther, clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), V, VisitArrayInitLoopExpr(), VisitArraySubscriptExpr(), VisitAtomicExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCallExpr(), VisitCast(), VisitCommonDeclRefExpr(), VisitCompoundLiteralExpr(), VisitCXXBindTemporaryExpr(), VisitCXXCatchStmt(), VisitCXXConstructExpr(), VisitCXXDeleteExpr(), VisitCXXInheritedCtorInitExpr(), VisitCXXNewExpr(), VisitCXXThisExpr(), VisitDeclStmt(), VisitGCCAsmStmt(), VisitGuardedExpr(), VisitInitListExpr(), VisitLambdaExpr(), VisitLogicalExpr(), VisitLvalObjCIvarRefExpr(), VisitMemberExpr(), VisitMSAsmStmt(), VisitObjCAtSynchronizedStmt(), VisitObjCForCollectionStmt(), VisitObjCMessage(), VisitOffsetOfExpr(), VisitReturnStmt(), VisitUnaryExprOrTypeTraitExpr(), and VisitUnaryOperator().
Referenced by ProcessStmt().
| void ExprEngine::VisitArrayInitLoopExpr | ( | const ArrayInitLoopExpr * | Ex, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitArrayInitLoopExpr - Transfer function for array init loop.
Definition at line 3210 of file ExprEngine.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::ArrayInitLoopExpr::getCommonExpr(), clang::OpaqueValueExpr::getSourceExpr(), clang::ArrayInitLoopExpr::getSubExpr(), Node, clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().
Referenced by Visit().
| void ExprEngine::VisitArraySubscriptExpr | ( | const ArraySubscriptExpr * | Ex, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitArraySubscriptExpr - Transfer function for array accesses.
Definition at line 3308 of file ExprEngine.cpp.
References clang::ASTContext::CharTy, clang::ento::StmtNodeBuilder::generateNode(), clang::ArraySubscriptExpr::getBase(), getCheckerManager(), getContext(), clang::ArraySubscriptExpr::getIdx(), clang::ento::AnalysisManager::getLangOpts(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::QualType::isCForbiddenLValueType(), clang::Expr::isGLValue(), clang::Type::isVectorType(), clang::Type::isVoidType(), Node, clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::T, and V.
Referenced by Visit().
| void ExprEngine::VisitAtomicExpr | ( | const AtomicExpr * | E, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitAtomicExpr - Transfer function for builtin atomic expressions.
Definition at line 3447 of file ExprEngine.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::AtomicExpr::getNumSubExprs(), clang::AtomicExpr::getSubExprs(), clang::ProgramPoint::PostStmtKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().
Referenced by Visit().
| void ExprEngine::VisitBinaryOperator | ( | const BinaryOperator * | B, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitBinaryOperator - Transfer function logic for binary operators.
Definition at line 40 of file ExprEngineC.cpp.
References clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), conjureOffsetSymbolOnLocation(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::ExplodedNodeSet::end(), evalBinOp(), clang::ento::SValBuilder::evalCast(), evalLoad(), evalStore(), clang::ento::StmtNodeBuilder::generateNode(), clang::ASTContext::getCanonicalType(), getCheckerManager(), getContext(), clang::BinaryOperator::getLHS(), clang::BinaryOperator::getOpcode(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::BinaryOperator::isAdditiveOp(), clang::BinaryOperator::isAssignmentOp(), clang::BinaryOperator::isCompoundAssignmentOp(), clang::Expr::isGLValue(), clang::ento::SVal::isUnknown(), clang::ento::PSK_EscapeOther, clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and V.
Referenced by Visit().
| void ExprEngine::VisitBlockExpr | ( | const BlockExpr * | BE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitBlockExpr - Transfer function logic for BlockExprs.
Definition at line 193 of file ExprEngineC.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::BlockDecl::capture_begin(), clang::BlockDecl::capture_end(), clang::ento::StmtNodeBuilder::generateNode(), clang::BlockExpr::getBlockDecl(), clang::ento::SValBuilder::getBlockPointer(), clang::ASTContext::getCanonicalType(), getCheckerManager(), getContext(), clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::T, and V.
Referenced by Visit().
| void ExprEngine::VisitCallExpr | ( | const CallExpr * | CE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitCall - Transfer function for function calls.
Definition at line 602 of file ExprEngineCallAndReturn.cpp.
References evalCall(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::CallEventManager::getSimpleCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().
Referenced by Visit().
| void ExprEngine::VisitCast | ( | const CastExpr * | CastE, |
| const Expr * | Ex, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitCast - Transfer function logic for all casts (implicit and explicit).
Definition at line 282 of file ExprEngineC.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StoreManager::evalBaseToDerived(), clang::ento::SValBuilder::evalCast(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::SValBuilder::evalIntegralCast(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), getBasicVals(), clang::CastExpr::getCastKind(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SValBuilder::getMemberPointer(), clang::ASTContext::getPointerType(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::ento::ProgramStateManager::getStoreManager(), clang::Expr::getType(), handleLValueBitCast(), clang::ento::SVal::isConstant(), clang::Expr::isGLValue(), clang::Type::isReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::SVal::isZeroConstant(), clang::ento::SValBuilder::makeNullWithType(), clang::ento::SValBuilder::makePointerToMember(), clang::ento::SValBuilder::makeTruthVal(), clang::ento::AnalysisManager::options, clang::CastExpr::path(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::T, and V.
Referenced by Visit().
| void ExprEngine::VisitCommonDeclRefExpr | ( | const Expr * | DR, |
| const NamedDecl * | D, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Transfer function logic for DeclRefExprs and BlockDeclRefExprs.
Definition at line 3070 of file ExprEngine.cpp.
References clang::CXXThis, D, clang::ento::StmtNodeBuilder::generateNode(), clang::CXXRecordDecl::getCaptureFields(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::SValBuilder::getFunctionPointer(), clang::ento::ExplodedNode::getLocationContext(), clang::DeclContext::getParent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::ento::SVal::isConstant(), clang::Expr::isGLValue(), clang::ento::SValBuilder::makeIntVal(), clang::ento::AnalysisManager::options, clang::ProgramPoint::PostLValueKind, and V.
Referenced by Visit(), and VisitMemberExpr().
| void ExprEngine::VisitCompoundLiteralExpr | ( | const CompoundLiteralExpr * | CL, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitCompoundLiteralExpr - Transfer function logic for compound literals.
Definition at line 540 of file ExprEngineC.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), clang::CompoundLiteralExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Init, clang::Expr::isGLValue(), and V.
Referenced by Visit().
| void ExprEngine::VisitCXXBindTemporaryExpr | ( | const CXXBindTemporaryExpr * | BTE, |
| ExplodedNodeSet & | PreVisit, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1658 of file ExprEngine.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getAnalysisManager(), getObjectUnderConstruction(), and Node.
Referenced by Visit().
| void ExprEngine::VisitCXXCatchStmt | ( | const CXXCatchStmt * | CS, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1149 of file ExprEngineCXX.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StmtNodeBuilder::generateNode(), clang::CXXCatchStmt::getExceptionDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ValueDecl::getType(), and V.
Referenced by Visit().
| void ExprEngine::VisitCXXConstructExpr | ( | const CXXConstructExpr * | E, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 844 of file ExprEngineCXX.cpp.
Referenced by Visit().
| void ExprEngine::VisitCXXDeleteExpr | ( | const CXXDeleteExpr * | CDE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1127 of file ExprEngineCXX.cpp.
References clang::Call, defaultEvalCall(), clang::ento::AnalysisManager::getAnalyzerOptions(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::CallEventManager::getCXXDeallocatorCall(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().
Referenced by Visit().
| void ExprEngine::VisitCXXDestructor | ( | QualType | ObjectType, |
| const MemRegion * | Dest, | ||
| const Stmt * | S, | ||
| bool | IsBaseDtor, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst, | ||
| EvalCallOptions & | Options | ||
| ) |
Definition at line 856 of file ExprEngineCXX.cpp.
References clang::Call, defaultEvalCall(), E, clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::Type::getAsCXXRecordDecl(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), getContext(), clang::ento::CallEventManager::getCXXDestructorCall(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPreCall(), clang::T, and clang::ProgramPoint::withTag().
Referenced by ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), and ProcessTemporaryDtor().
| void ExprEngine::VisitCXXInheritedCtorInitExpr | ( | const CXXInheritedCtorInitExpr * | E, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 850 of file ExprEngineCXX.cpp.
Referenced by Visit().
| void ExprEngine::VisitCXXNewAllocatorCall | ( | const CXXNewExpr * | CNE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 923 of file ExprEngineCXX.cpp.
References clang::Call, clang::ento::SVal::castAs(), defaultEvalCall(), clang::ento::StmtNodeBuilder::generateNode(), clang::Type::getAs(), clang::CXXNewExpr::getBeginLoc(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), getContext(), clang::ento::CallEventManager::getCXXAllocatorCall(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXNewExpr::getOperatorNew(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForNewAllocator(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().
Referenced by ProcessNewAllocator().
| void ExprEngine::VisitCXXNewExpr | ( | const CXXNewExpr * | CNE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 995 of file ExprEngineCXX.cpp.
References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::Call, clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::SValBuilder::evalCast(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::AnalysisManager::getAnalyzerOptions(), clang::Type::getAs(), clang::ento::SVal::getAs(), clang::ento::SVal::getAsRegion(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), clang::ento::SValBuilder::getConjuredHeapSymbolVal(), clang::ento::SValBuilder::getContext(), clang::ento::CallEventManager::getCXXAllocatorCall(), clang::ento::MemRegionManager::getElementRegion(), clang::CXXNewExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::CXXNewExpr::getOperatorNew(), clang::CXXNewExpr::getPlacementArg(), clang::Type::getPointeeType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ValueDecl::getType(), clang::Expr::getType(), clang::Init, clang::CXXNewExpr::isArray(), clang::FunctionDecl::isReplaceableGlobalAllocationFunction(), clang::FunctionDecl::isReservedGlobalPlacementOperator(), clang::ento::SVal::isUnknown(), clang::ento::SValBuilder::makeArrayIndex(), clang::Result, clang::ento::ExplodedNodeSet::size(), clang::ento::NodeBuilder::takeNodes(), and V.
Referenced by Visit().
| void ExprEngine::VisitCXXThisExpr | ( | const CXXThisExpr * | TE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 1167 of file ExprEngineCXX.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::MemRegionManager::getCXXThisRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), and V.
Referenced by Visit().
| void ExprEngine::VisitDeclStmt | ( | const DeclStmt * | DS, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitDeclStmt - Transfer function logic for DeclStmts.
Definition at line 565 of file ExprEngineC.cpp.
References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::DeclStmt::decl_begin(), E, clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getContext(), clang::VarDecl::getInit(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ASTContext::getPointerType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::DeclStmt::isSingleDecl(), clang::ento::SVal::isUnknown(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::ento::NodeBuilder::takeNodes().
Referenced by Visit().
| void ExprEngine::VisitGCCAsmStmt | ( | const GCCAsmStmt * | A, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitGCCAsmStmt - Transfer function logic for inline asm.
Definition at line 3790 of file ExprEngine.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::AsmStmt::inputs(), clang::AsmStmt::outputs(), and X.
Referenced by Visit().
| void ExprEngine::VisitGuardedExpr | ( | const Expr * | Ex, |
| const Expr * | L, | ||
| const Expr * | R, | ||
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.
Definition at line 783 of file ExprEngineC.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ProgramPoint::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StmtNodeBuilder::generateNode(), clang::ProgramPoint::getAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::IgnoreParens(), clang::ento::ExplodedNode::pred_begin(), and V.
Referenced by Visit().
| void ExprEngine::VisitIncrementDecrementOperator | ( | const UnaryOperator * | U, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Handle ++ and – (both pre- and post-increment).
Definition at line 1059 of file ExprEngineC.cpp.
References clang::ento::NodeBuilder::addNodes(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), evalBinOp(), clang::ento::SValBuilder::evalEQ(), evalLoad(), evalStore(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::ento::Loc::isLocType(), clang::ento::SVal::isUnknownOrUndef(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeIntVal(), clang::ento::SValBuilder::makeTruthVal(), clang::ento::SValBuilder::makeZeroVal(), clang::Result, and clang::ento::NodeBuilder::takeNodes().
Referenced by VisitUnaryOperator().
| void ExprEngine::VisitInitListExpr | ( | const InitListExpr * | E, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 735 of file ExprEngineC.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getBasicVals(), clang::ASTContext::getCanonicalType(), getContext(), clang::ento::BasicValueFactory::getEmptySValList(), clang::InitListExpr::getInit(), clang::ento::ExplodedNode::getLocationContext(), clang::InitListExpr::getNumInits(), clang::ento::ExplodedNode::getState(), getSValBuilder(), clang::Expr::getType(), clang::Type::isAnyComplexType(), clang::Type::isArrayType(), clang::Expr::isGLValue(), clang::Type::isRecordType(), clang::InitListExpr::isTransparent(), clang::Type::isVectorType(), clang::ento::SValBuilder::makeCompoundVal(), clang::ento::SValBuilder::makeZeroVal(), clang::ento::BasicValueFactory::prependSVal(), clang::T, and V.
Referenced by Visit().
| void ExprEngine::VisitLambdaExpr | ( | const LambdaExpr * | LE, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitLambdaExpr - Transfer function logic for LambdaExprs.
Definition at line 1183 of file ExprEngineCXX.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getContext(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and V.
Referenced by Visit().
| void ExprEngine::VisitLogicalExpr | ( | const BinaryOperator * | B, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitLogicalExpr - Transfer function logic for '&&', '||'.
Definition at line 641 of file ExprEngineC.cpp.
References clang::CFGElement::castAs(), clang::ProgramPoint::castAs(), clang::CFGBlock::empty(), evalBinOp(), clang::ento::SValBuilder::evalCast(), clang::ento::StmtNodeBuilder::generateNode(), clang::ProgramPoint::getAs(), getBasicVals(), clang::BlockEdge::getDst(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::BinaryOperator::getOpcode(), clang::BlockEdge::getSrc(), clang::ento::ExplodedNode::getState(), clang::CFGStmt::getStmt(), clang::CFGBlock::getTerminator(), clang::Expr::getType(), clang::ento::SVal::isUndef(), clang::Type::isVectorType(), clang::ento::SValBuilder::makeIntVal(), P, clang::ento::ExplodedNode::pred_begin(), clang::ento::ExplodedNode::pred_size(), clang::CFGBlock::rbegin(), clang::CFGBlock::succ_begin(), clang::CFGBlock::succ_size(), clang::T, and X.
Referenced by Visit().
| void ExprEngine::VisitLvalObjCIvarRefExpr | ( | const ObjCIvarRefExpr * | DR, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Transfer function logic for computing the lvalue of an Objective-C ivar.
Definition at line 21 of file ExprEngineObjC.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), clang::ObjCIvarRefExpr::getBase(), getCheckerManager(), clang::ObjCIvarRefExpr::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ento::CheckerManager::runCheckersForPostStmt().
Referenced by Visit().
| void ExprEngine::VisitMemberExpr | ( | const MemberExpr * | M, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitMemberExpr - Transfer function for member expressions.
Definition at line 3359 of file ExprEngine.cpp.
References clang::ento::NodeBuilder::addNodes(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::MemberExpr::getBase(), getCheckerManager(), clang::ento::SValBuilder::getFunctionPointer(), clang::MemberExpr::getMemberDecl(), getStoreManager(), clang::Expr::getType(), clang::Type::isArrayType(), clang::Expr::isGLValue(), clang::Member, clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::T, clang::ento::NodeBuilder::takeNodes(), and VisitCommonDeclRefExpr().
Referenced by Visit().
| void ExprEngine::VisitMSAsmStmt | ( | const MSAsmStmt * | A, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitMSAsmStmt - Transfer function logic for MS inline asm.
Definition at line 3821 of file ExprEngine.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), and clang::ento::ExplodedNode::getState().
Referenced by Visit().
| void ExprEngine::VisitObjCAtSynchronizedStmt | ( | const ObjCAtSynchronizedStmt * | S, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Transfer function logic for ObjCAtSynchronizedStmts.
Definition at line 38 of file ExprEngineObjC.cpp.
References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForPreStmt().
Referenced by Visit().
| void ExprEngine::VisitObjCForCollectionStmt | ( | const ObjCForCollectionStmt * | S, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitObjCForCollectionStmt - Transfer function logic for ObjCForCollectionStmt.
Definition at line 83 of file ExprEngineObjC.cpp.
References getCheckerManager(), clang::VarDecl::getInit(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), populateObjCForDestinationSet(), and clang::ento::CheckerManager::runCheckersForPostStmt().
Referenced by Visit().
| void ExprEngine::VisitObjCMessage | ( | const ObjCMessageExpr * | ME, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
Definition at line 147 of file ExprEngineObjC.cpp.
References clang::ento::ExplodedNodeSet::begin(), clang::ento::SVal::castAs(), clang::ento::CallEventRef< T >::cloneWithState(), defaultEvalCall(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::CallEventManager::getObjCMethodCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ProgramPoint::getTag(), clang::ObjCNoReturn::isImplicitNoReturn(), clang::ento::SVal::isUndef(), clang::ProgramPoint::PreStmtKind, clang::ento::CheckerManager::runCheckersForObjCMessageNil(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPreCall(), and clang::ento::CheckerManager::runCheckersForPreObjCMessage().
Referenced by Visit().
| void ExprEngine::VisitOffsetOfExpr | ( | const OffsetOfExpr * | Ex, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitOffsetOfExpr - Transfer function for offsetof.
Definition at line 847 of file ExprEngineC.cpp.
References clang::Type::castAs(), clang::Expr::EvaluateAsInt(), clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::BuiltinType::isInteger(), clang::Type::isSignedIntegerType(), clang::ento::SValBuilder::makeIntVal(), clang::Result, and X.
Referenced by Visit().
| void ExprEngine::VisitReturnStmt | ( | const ReturnStmt * | R, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitReturnStmt - Transfer function logic for return statements.
Definition at line 1307 of file ExprEngineCallAndReturn.cpp.
References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::ReturnStmt::getRetValue(), and clang::ento::CheckerManager::runCheckersForPreStmt().
Referenced by Visit().
| void ExprEngine::VisitUnaryExprOrTypeTraitExpr | ( | const UnaryExprOrTypeTraitExpr * | Ex, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.
Definition at line 866 of file ExprEngineC.cpp.
References clang::Expr::EvaluateKnownConstInt(), clang::CharUnits::fromQuantity(), clang::ento::StmtNodeBuilder::generateNode(), clang::Type::getAs(), getCheckerManager(), getContext(), clang::UnaryExprOrTypeTraitExpr::getKind(), clang::CharUnits::getQuantity(), clang::Expr::getType(), clang::UnaryExprOrTypeTraitExpr::getTypeOfArgument(), clang::Type::isConstantSizeType(), clang::Type::isIncompleteType(), clang::Type::isVariableArrayType(), clang::ento::SValBuilder::makeIntVal(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::T.
Referenced by Visit().
| void ExprEngine::VisitUnaryOperator | ( | const UnaryOperator * | B, |
| ExplodedNode * | Pred, | ||
| ExplodedNodeSet & | Dst | ||
| ) |
VisitUnaryOperator - Transfer function logic for unary operators.
Definition at line 923 of file ExprEngineC.cpp.
References clang::ento::NodeBuilder::addNodes(), evalBinOp(), clang::ento::SValBuilder::evalComplement(), clang::ento::SValBuilder::evalMinus(), clang::ento::StmtNodeBuilder::generateNode(), getBasicVals(), getCheckerManager(), clang::ento::SValBuilder::getMemberPointer(), clang::Expr::getType(), handleUOExtension(), clang::Type::isAnyComplexType(), clang::Type::isFloatingType(), clang::ento::SValBuilder::makeNullWithType(), clang::ento::SValBuilder::makeZeroVal(), clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), V, VisitIncrementDecrementOperator(), and X.
Referenced by Visit().
|
inline |
Definition at line 429 of file ExprEngine.h.
References clang::ento::CoreEngine::wasBlocksExhausted().
1.9.6