#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"

Public Types
enum	InliningModes { Inline_Regular = 0 , Inline_Minimal = 0x1 }
	The modes of inlining, which override the default analysis-wide settings. More...

Public Member Functions
	ExprEngine (cross_tu::CrossTranslationUnitContext &CTU, AnalysisManager &mgr, SetOfConstDecls VisitedCalleesIn, FunctionSummariesTy FS, InliningModes HowToInlineIn)
virtual	~ExprEngine ()=default
bool	ExecuteWorkList (const LocationContext *L, unsigned Steps=150000)
	Returns true if there is still simulation state on the worklist.
ASTContext &	getContext () const
	getContext - Return the ASTContext associated with this analysis.
AnalysisManager &	getAnalysisManager ()
const AnalysisManager &	getAnalysisManager () const
AnalysisDeclContextManager &	getAnalysisDeclContextManager ()
CheckerManager &	getCheckerManager () const
SValBuilder &	getSValBuilder ()
const SValBuilder &	getSValBuilder () const
BugReporter &	getBugReporter ()
const BugReporter &	getBugReporter () const
cross_tu::CrossTranslationUnitContext *	getCrossTranslationUnitContext ()
void	setCurrLocationContextAndBlock (const LocationContext LC, const CFGBlock B)
void	resetCurrLocationContextAndBlock ()
const NodeBuilderContext &	getBuilderContext () const
const LocationContext *	getRootLocationContext () const
const LocationContext *	getCurrLocationContext () const
	Get the 'current' location context corresponding to the current work item (elementary analysis step handled by dispatchWorkItem).
const CFGBlock *	getCurrBlock () const
	Get the 'current' CFGBlock corresponding to the current work item (elementary analysis step handled by dispatchWorkItem).
ConstCFGElementRef	getCFGElementRef () const
unsigned	getNumVisited (const LocationContext LC, const CFGBlock Block) const
unsigned	getNumVisitedCurrent () const
std::string	DumpGraph (bool trim=false, StringRef Filename="")
	Dump graph to the specified filename.
std::string	DumpGraph (ArrayRef< const ExplodedNode * > Nodes, StringRef Filename="")
	Dump the graph consisting of the given nodes to a specified filename.
void	ViewGraph (bool trim=false)
	Visualize the ExplodedGraph created by executing the simulation.
void	ViewGraph (ArrayRef< const ExplodedNode * > Nodes)
	Visualize a trimmed ExplodedGraph that only contains paths to the given nodes.
ProgramStateRef	getInitialState (const LocationContext *InitLoc)
	getInitialState - Return the initial state used for the root vertex in the ExplodedGraph.
ExplodedGraph &	getGraph ()
const ExplodedGraph &	getGraph () const
void	removeDead (ExplodedNode Node, ExplodedNodeSet &Out, const Stmt ReferenceStmt, const LocationContext LC, const Stmt DiagnosticStmt=nullptr, ProgramPoint::Kind K=ProgramPoint::PreStmtPurgeDeadSymbolsKind)
	Run the analyzer's garbage collection - remove dead symbols and bindings from the state.
void	processCFGElement (const CFGElement E, ExplodedNode *Pred, unsigned StmtIdx)
	processCFGElement - Called by CoreEngine.
void	ProcessStmt (const Stmt S, ExplodedNode Pred)
void	ProcessLoopExit (const Stmt S, ExplodedNode Pred)
void	ProcessInitializer (const CFGInitializer I, ExplodedNode *Pred)
void	ProcessImplicitDtor (const CFGImplicitDtor D, ExplodedNode *Pred)
void	ProcessNewAllocator (const CXXNewExpr NE, ExplodedNode Pred)
void	ProcessAutomaticObjDtor (const CFGAutomaticObjDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessDeleteDtor (const CFGDeleteDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessBaseDtor (const CFGBaseDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessMemberDtor (const CFGMemberDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessTemporaryDtor (const CFGTemporaryDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	processCFGBlockEntrance (const BlockEdge &L, const BlockEntrance &BE, NodeBuilder &Builder, ExplodedNode *Pred)
	Called by CoreEngine when processing the entrance of a CFGBlock.
void	runCheckersForBlockEntrance (const BlockEntrance &Entrance, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	processBranch (const Stmt Condition, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock DstF, std::optional< unsigned > IterationsCompletedInLoop)
	ProcessBranch - Called by CoreEngine.
void	processCleanupTemporaryBranch (const CXXBindTemporaryExpr BTE, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock DstF)
	Called by CoreEngine.
void	processStaticInitializer (const DeclStmt DS, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock DstF)
	Called by CoreEngine.
void	processIndirectGoto (ExplodedNodeSet &Dst, const Expr Tgt, const CFGBlock Dispatch, ExplodedNode *Pred)
	processIndirectGoto - Called by CoreEngine.
void	processSwitch (const SwitchStmt Switch, ExplodedNode Pred, ExplodedNodeSet &Dst)
	ProcessSwitch - Called by CoreEngine.
void	processBeginOfFunction (ExplodedNode *Pred, ExplodedNodeSet &Dst, const BlockEdge &L)
	Called by CoreEngine.
void	processEndOfFunction (ExplodedNode Pred, const ReturnStmt RS=nullptr)
	Called by CoreEngine.
void	removeDeadOnEndOfFunction (ExplodedNode *Pred, ExplodedNodeSet &Dst)
	Remove dead bindings/symbols before exiting a function.
void	processCallEnter (CallEnter CE, ExplodedNode *Pred)
	Generate the entry node of the callee.
void	processCallExit (ExplodedNode *Pred)
	Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr.
void	processEndWorklist ()
	Called by CoreEngine when the analysis worklist has terminated.
ProgramStateRef	processAssume (ProgramStateRef state, SVal cond, bool assumption)
	evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values.
ProgramStateRef	processRegionChanges (ProgramStateRef state, const InvalidatedSymbols invalidated, ArrayRef< const MemRegion > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const LocationContext LCtx, const CallEvent Call)
	processRegionChanges - Called by ProgramStateManager whenever a change is made to the store.
ProgramStateRef	processRegionChange (ProgramStateRef state, const MemRegion MR, const LocationContext LCtx)
void	printJson (raw_ostream &Out, ProgramStateRef State, const LocationContext LCtx, const char NL, unsigned int Space, bool IsDot) const
	printJson - Called by ProgramStateManager to print checker-specific data.
ProgramStateManager &	getStateManager ()
const ProgramStateManager &	getStateManager () const
StoreManager &	getStoreManager ()
const StoreManager &	getStoreManager () const
ConstraintManager &	getConstraintManager ()
const ConstraintManager &	getConstraintManager () const
BasicValueFactory &	getBasicVals ()
SymbolManager &	getSymbolManager ()
const SymbolManager &	getSymbolManager () const
MemRegionManager &	getRegionManager ()
DataTag::Factory &	getDataTags ()
bool	wasBlocksExhausted () const
bool	hasEmptyWorkList () const
bool	hasWorkRemaining () const
const CoreEngine &	getCoreEngine () const
void	Visit (const Stmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Visit - Transfer function logic for all statements.
void	VisitArrayInitLoopExpr (const ArrayInitLoopExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitArrayInitLoopExpr - Transfer function for array init loop.
void	VisitArraySubscriptExpr (const ArraySubscriptExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitArraySubscriptExpr - Transfer function for array accesses.
void	VisitGCCAsmStmt (const GCCAsmStmt A, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitGCCAsmStmt - Transfer function logic for inline asm.
void	VisitMSAsmStmt (const MSAsmStmt A, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitMSAsmStmt - Transfer function logic for MS inline asm.
void	VisitBlockExpr (const BlockExpr BE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitBlockExpr - Transfer function logic for BlockExprs.
void	VisitLambdaExpr (const LambdaExpr LE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitLambdaExpr - Transfer function logic for LambdaExprs.
void	VisitBinaryOperator (const BinaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitBinaryOperator - Transfer function logic for binary operators.
void	VisitCallExpr (const CallExpr CE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitCall - Transfer function for function calls.
void	VisitCast (const CastExpr CastE, const Expr Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	VisitCast - Transfer function logic for all casts (implicit and explicit).
void	VisitCompoundLiteralExpr (const CompoundLiteralExpr CL, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitCompoundLiteralExpr - Transfer function logic for compound literals.
void	VisitCommonDeclRefExpr (const Expr DR, const NamedDecl D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	Transfer function logic for DeclRefExprs and BlockDeclRefExprs.
void	VisitDeclStmt (const DeclStmt DS, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitDeclStmt - Transfer function logic for DeclStmts.
void	VisitGuardedExpr (const Expr Ex, const Expr L, const Expr R, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.
void	VisitAttributedStmt (const AttributedStmt A, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitAttributedStmt - Transfer function logic for AttributedStmt.
void	VisitLogicalExpr (const BinaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitLogicalExpr - Transfer function logic for '&&', '\|\|'.
void	VisitMemberExpr (const MemberExpr M, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitMemberExpr - Transfer function for member expressions.
void	VisitAtomicExpr (const AtomicExpr E, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitAtomicExpr - Transfer function for builtin atomic expressions.
void	VisitObjCAtSynchronizedStmt (const ObjCAtSynchronizedStmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Transfer function logic for ObjCAtSynchronizedStmts.
void	VisitLvalObjCIvarRefExpr (const ObjCIvarRefExpr DR, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Transfer function logic for computing the lvalue of an Objective-C ivar.
void	VisitObjCForCollectionStmt (const ObjCForCollectionStmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitObjCForCollectionStmt - Transfer function logic for ObjCForCollectionStmt.
void	VisitObjCMessage (const ObjCMessageExpr ME, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitReturnStmt (const ReturnStmt R, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitReturnStmt - Transfer function logic for return statements.
void	VisitOffsetOfExpr (const OffsetOfExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitOffsetOfExpr - Transfer function for offsetof.
void	VisitUnaryExprOrTypeTraitExpr (const UnaryExprOrTypeTraitExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.
void	VisitUnaryOperator (const UnaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitUnaryOperator - Transfer function logic for unary operators.
void	VisitIncrementDecrementOperator (const UnaryOperator U, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Handle ++ and – (both pre- and post-increment).
void	VisitCXXBindTemporaryExpr (const CXXBindTemporaryExpr *BTE, ExplodedNodeSet &PreVisit, ExplodedNodeSet &Dst)
void	VisitCXXCatchStmt (const CXXCatchStmt CS, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXThisExpr (const CXXThisExpr TE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXConstructExpr (const CXXConstructExpr E, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXInheritedCtorInitExpr (const CXXInheritedCtorInitExpr E, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXDestructor (QualType ObjectType, const MemRegion Dest, const Stmt S, bool IsBaseDtor, ExplodedNode *Pred, ExplodedNodeSet &Dst, EvalCallOptions &Options)
void	VisitCXXNewAllocatorCall (const CXXNewExpr CNE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXNewExpr (const CXXNewExpr CNE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXDeleteExpr (const CXXDeleteExpr CDE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	CreateCXXTemporaryObject (const MaterializeTemporaryExpr ME, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Create a C++ temporary object for an rvalue.
void	ConstructInitList (const Expr Source, ArrayRef< Expr > Args, bool IsTransparent, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	evalEagerlyAssumeBifurcation (ExplodedNodeSet &Dst, ExplodedNodeSet &Src, const Expr *Ex)
	evalEagerlyAssumeBifurcation - Given the nodes in 'Src', eagerly assume concrete boolean values for 'Ex', storing the resulting nodes in 'Dst'.
bool	didEagerlyAssumeBifurcateAt (ProgramStateRef State, const Expr *Ex) const
ProgramStateRef	handleLValueBitCast (ProgramStateRef state, const Expr Ex, const LocationContext LCtx, QualType T, QualType ExTy, const CastExpr CastE, NodeBuilder &Bldr, ExplodedNode Pred)
void	handleUOExtension (ExplodedNode N, const UnaryOperator U, NodeBuilder &Bldr)
SVal	evalBinOp (ProgramStateRef ST, BinaryOperator::Opcode Op, SVal LHS, SVal RHS, QualType T)
ProgramStateRef	processPointerEscapedOnBind (ProgramStateRef State, ArrayRef< std::pair< SVal, SVal > > LocAndVals, const LocationContext LCtx, PointerEscapeKind Kind, const CallEvent Call)
	Call PointerEscape callback when a value escapes as a result of bind.
ProgramStateRef	notifyCheckersOfPointerEscape (ProgramStateRef State, const InvalidatedSymbols Invalidated, ArrayRef< const MemRegion > ExplicitRegions, const CallEvent *Call, RegionAndSymbolInvalidationTraits &ITraits)
	Call PointerEscape callback when a value escapes as a result of region invalidation.
ProgramStateRef	escapeValues (ProgramStateRef State, ArrayRef< SVal > Vs, PointerEscapeKind K, const CallEvent *Call=nullptr) const
	A simple wrapper when you only need to notify checkers of pointer-escape of some values.
void	evalLoad (ExplodedNodeSet &Dst, const Expr NodeEx, const Expr BoundExpr, ExplodedNode Pred, ProgramStateRef St, SVal location, const ProgramPointTag tag=nullptr, QualType LoadTy=QualType())
	Simulate a read of the result of Ex.
void	evalStore (ExplodedNodeSet &Dst, const Expr AssignE, const Expr StoreE, ExplodedNode Pred, ProgramStateRef St, SVal TargetLV, SVal Val, const ProgramPointTag tag=nullptr)
	evalStore - Handle the semantics of a store via an assignment.
CFGElement	getCurrentCFGElement ()
	Return the CFG element corresponding to the worklist element that is currently being processed by ExprEngine.
ProgramStateRef	bindReturnValue (const CallEvent &Call, const LocationContext *LCtx, ProgramStateRef State)
	Create a new state in which the call return value is binded to the call origin expression.
void	evalCall (ExplodedNodeSet &Dst, ExplodedNode *Pred, const CallEvent &Call)
	Evaluate a call, running pre- and post-call checkers and allowing checkers to be responsible for handling the evaluation of the call itself.
void	defaultEvalCall (NodeBuilder &B, ExplodedNode *Pred, const CallEvent &Call, const EvalCallOptions &CallOpts={})
	Default implementation of call evaluation.
SVal	computeObjectUnderConstruction (const Expr E, ProgramStateRef State, unsigned NumVisitedCaller, const LocationContext LCtx, const ConstructionContext *CC, EvalCallOptions &CallOpts, unsigned Idx=0)
	Find location of the object that is being constructed by a given constructor.
ProgramStateRef	updateObjectsUnderConstruction (SVal V, const Expr E, ProgramStateRef State, const LocationContext LCtx, const ConstructionContext *CC, const EvalCallOptions &CallOpts)
	Update the program state with all the path-sensitive information that's necessary to perform construction of an object with a given syntactic construction context.
std::pair< ProgramStateRef, SVal >	handleConstructionContext (const Expr E, ProgramStateRef State, const NodeBuilderContext BldrCtx, const LocationContext LCtx, const ConstructionContext CC, EvalCallOptions &CallOpts, unsigned Idx=0)
	A convenient wrapper around computeObjectUnderConstruction and updateObjectsUnderConstruction.

Static Public Member Functions
static const ProgramPointTag *	cleanupNodeTag ()
	A tag to track convenience transitions, which can be removed at cleanup.
static std::pair< const ProgramPointTag , const ProgramPointTag >	getEagerlyAssumeBifurcationTags ()
static std::optional< unsigned >	getIndexOfElementToConstruct (ProgramStateRef State, const CXXConstructExpr E, const LocationContext LCtx)
	Retreives which element is being constructed in a non-POD type array.
static std::optional< unsigned >	getPendingArrayDestruction (ProgramStateRef State, const LocationContext *LCtx)
	Retreives which element is being destructed in a non-POD type array.
static std::optional< unsigned >	getPendingInitLoop (ProgramStateRef State, const CXXConstructExpr E, const LocationContext LCtx)
	Retreives the size of the array in the pending ArrayInitLoopExpr.
static std::optional< SVal >	getObjectUnderConstruction (ProgramStateRef State, const ConstructionContextItem &Item, const LocationContext *LC)
	By looking at a certain item that may be potentially part of an object's ConstructionContext, retrieve such object's location.
static ProgramStateRef	setWhetherHasMoreIteration (ProgramStateRef State, const ObjCForCollectionStmt O, const LocationContext LC, bool HasMoreIteraton)
	Note whether this loop has any more iterations to model. These methods.
static ProgramStateRef	removeIterationState (ProgramStateRef State, const ObjCForCollectionStmt O, const LocationContext LC)
static bool	hasMoreIteration (ProgramStateRef State, const ObjCForCollectionStmt O, const LocationContext LC)

Detailed Description

Definition at line 122 of file ExprEngine.h.

Member Enumeration Documentation

◆ InliningModes

enum clang::ento::ExprEngine::InliningModes

The modes of inlining, which override the default analysis-wide settings.

Enumerator
Inline_Regular	Follow the default settings for inlining callees.
Inline_Minimal	Do minimal inlining of callees.

Definition at line 127 of file ExprEngine.h.

Constructor & Destructor Documentation

◆ ExprEngine()

ExprEngine::ExprEngine	(	cross_tu::CrossTranslationUnitContext &	CTU,
		AnalysisManager &	mgr,
		SetOfConstDecls *	VisitedCalleesIn,
		FunctionSummariesTy *	FS,
		InliningModes	HowToInlineIn )

Definition at line 223 of file ExprEngine.cpp.

References getAnalysisDeclContextManager(), getContext(), getGraph(), getRegionManager(), getSValBuilder(), getSymbolManager(), and clang::ento::AnalysisManager::options.

Referenced by setWhetherHasMoreIteration().

◆ ~ExprEngine()

virtual clang::ento::ExprEngine::~ExprEngine ( )

virtualdefault

Member Function Documentation

◆ bindReturnValue()

ProgramStateRef ExprEngine::bindReturnValue	(	const CallEvent &	Call,
		const LocationContext *	LCtx,
		ProgramStateRef	State )

Create a new state in which the call return value is binded to the call origin expression.

Definition at line 742 of file ExprEngineCallAndReturn.cpp.

References clang::C, clang::Call, clang::ento::SVal::castAs(), getCurrentCFGElement(), clang::ento::getElementExtent(), getNumVisitedCurrent(), clang::Expr::getType(), handleConstructionContext(), clang::OMF_autorelease, clang::OMF_retain, clang::OMF_self, clang::ento::setDynamicExtent(), clang::ento::RegionAndSymbolInvalidationTraits::setTrait(), clang::Target, and clang::ento::RegionAndSymbolInvalidationTraits::TK_DoNotInvalidateSuperRegion.

◆ cleanupNodeTag()

const ProgramPointTag * ExprEngine::cleanupNodeTag ( )

static

A tag to track convenience transitions, which can be removed at cleanup.

This tag applies to a node created after removeDead.

Definition at line 1114 of file ExprEngine.cpp.

Referenced by removeDead().

◆ computeObjectUnderConstruction()

SVal ExprEngine::computeObjectUnderConstruction	(	const Expr *	E,
		ProgramStateRef	State,
		unsigned	NumVisitedCaller,
		const LocationContext *	LCtx,
		const ConstructionContext *	CC,
		EvalCallOptions &	CallOpts,
		unsigned	Idx = 0 )

Find location of the object that is being constructed by a given constructor.

This should ideally always succeed but due to not being fully implemented it sometimes indicates that it failed via its out-parameter CallOpts; in such cases a fake temporary region is returned, which is better than nothing but does not represent the actual behavior of the program. The Idx parameter is used if we construct an array of objects. In that case it points to the index of the continuous memory region. E.g.: For int arr[4] this index can be 0,1,2,3. For int arr2[3][3] this index can be 0,1,...,7,8. A multi-dimensional array is also a continuous memory location in a row major order, so for arr[0][0] Idx is 0 and for arr[3][3] Idx is 8.

Definition at line 130 of file ExprEngineCXX.cpp.

Referenced by computeObjectUnderConstruction(), clang::ento::CallEvent::getReturnValueUnderConstruction(), and handleConstructionContext().

◆ ConstructInitList()

void ExprEngine::ConstructInitList	(	const Expr *	Source,
		ArrayRef< Expr * >	Args,
		bool	IsTransparent,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 4116 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::generateNode(), getBasicVals(), clang::QualType::getCanonicalType(), clang::ento::BasicValueFactory::getEmptySValList(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getSValBuilder(), clang::Expr::getType(), clang::isa(), clang::Type::isArrayType(), clang::Expr::isPRValue(), and clang::ento::BasicValueFactory::prependSVal().

Referenced by Visit().

◆ CreateCXXTemporaryObject()

void ExprEngine::CreateCXXTemporaryObject	(	const MaterializeTemporaryExpr *	ME,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Create a C++ temporary object for an rvalue.

Definition at line 33 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::MaterializeTemporaryExpr::getSubExpr(), and clang::Expr::IgnoreParens().

Referenced by Visit().

◆ defaultEvalCall()

void ExprEngine::defaultEvalCall	(	NodeBuilder &	B,
		ExplodedNode *	Pred,
		const CallEvent &	Call,
		const EvalCallOptions &	CallOpts = {} )

◆ didEagerlyAssumeBifurcateAt()

bool ExprEngine::didEagerlyAssumeBifurcateAt	(	ProgramStateRef	State,
		const Expr *	Ex ) const

Definition at line 3912 of file ExprEngine.cpp.

Referenced by processBranch().

◆ DumpGraph() [1/2]

std::string ExprEngine::DumpGraph	(	ArrayRef< const ExplodedNode * >	Nodes,
		StringRef	Filename = "" )

Dump the graph consisting of the given nodes to a specified filename.

Generate a temporary filename if it's not provided.

Returns: The filename the graph is written into.

Definition at line 4092 of file ExprEngine.cpp.

◆ DumpGraph() [2/2]

std::string ExprEngine::DumpGraph	(	bool	trim = false,
		StringRef	Filename = "" )

Dump graph to the specified filename.

If filename is empty, generate a temporary one.

Returns: The filename the graph is written into.

Definition at line 4069 of file ExprEngine.cpp.

References clang::Class, and DumpGraph().

Referenced by DumpGraph(), ViewGraph(), and ViewGraph().

◆ escapeValues()

ProgramStateRef ExprEngine::escapeValues	(	ProgramStateRef	State,
		ArrayRef< SVal >	Vs,
		PointerEscapeKind	K,
		const CallEvent *	Call = nullptr ) const

A simple wrapper when you only need to notify checkers of pointer-escape of some values.

Definition at line 1681 of file ExprEngine.cpp.

References clang::Call, getCheckerManager(), clang::ento::CheckerManager::runCheckersForPointerEscape(), and V.

Referenced by handleLValueBitCast(), processPointerEscapedOnBind(), Visit(), and VisitBinaryOperator().

◆ evalBinOp()

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	ST,
		BinaryOperator::Opcode	Op,
		SVal	LHS,
		SVal	RHS,
		QualType	T )

inline

Definition at line 685 of file ExprEngine.h.

Referenced by getInitialState(), VisitBinaryOperator(), VisitIncrementDecrementOperator(), VisitLogicalExpr(), and VisitUnaryOperator().

◆ evalCall()

void ExprEngine::evalCall	(	ExplodedNodeSet &	Dst,
		ExplodedNode *	Pred,
		const CallEvent &	Call )

Evaluate a call, running pre- and post-call checkers and allowing checkers to be responsible for handling the evaluation of the call itself.

Definition at line 675 of file ExprEngineCallAndReturn.cpp.

References clang::Call, clang::ento::CallEvent::cloneWithState(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::Type::getPointeeType(), clang::ento::ExplodedNodeSet::insert(), clang::QualType::isConstQualified(), clang::QualType::isNull(), clang::Type::isPointerType(), clang::Type::isReferenceType(), clang::Type::isVoidType(), processPointerEscapedOnBind(), clang::ento::PSK_EscapeOutParameters, clang::ento::CheckerManager::runCheckersForEvalCall(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().

Referenced by VisitCallExpr().

◆ evalEagerlyAssumeBifurcation()

void clang::ento::ExprEngine::evalEagerlyAssumeBifurcation	(	ExplodedNodeSet &	Dst,
		ExplodedNodeSet &	Src,
		const Expr *	Ex )

evalEagerlyAssumeBifurcation - Given the nodes in 'Src', eagerly assume concrete boolean values for 'Ex', storing the resulting nodes in 'Dst'.

Referenced by Visit().

◆ evalLoad()

void ExprEngine::evalLoad	(	ExplodedNodeSet &	Dst,
		const Expr *	NodeEx,
		const Expr *	BoundExpr,
		ExplodedNode *	Pred,
		ProgramStateRef	St,
		SVal	location,
		const ProgramPointTag *	tag = nullptr,
		QualType	LoadTy = QualType() )

Simulate a read of the result of Ex.

Definition at line 3780 of file ExprEngine.cpp.

References clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::empty(), clang::ento::NodeBuilder::generateNode(), clang::Expr::getType(), clang::isa(), clang::QualType::isNull(), clang::ento::SVal::isUndef(), clang::ento::SVal::isValid(), clang::ProgramPoint::PostLoadKind, and V.

Referenced by VisitBinaryOperator(), VisitCast(), VisitIncrementDecrementOperator(), and VisitMemberExpr().

◆ evalStore()

void ExprEngine::evalStore	(	ExplodedNodeSet &	Dst,
		const Expr *	AssignE,
		const Expr *	LocationE,
		ExplodedNode *	Pred,
		ProgramStateRef	state,
		SVal	location,
		SVal	Val,
		const ProgramPointTag *	tag = nullptr )

evalStore - Handle the semantics of a store via an assignment.

Parameters

Dst	The node set to store generated state nodes
AssignE	The assignment expression if the store happens in an assignment.
LocationE	The location expression that is stored to.
state	The current simulation state
location	The location to store the value
Val	The value to be stored

Definition at line 3757 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::empty(), and clang::ento::SVal::isUndef().

Referenced by VisitBinaryOperator(), and VisitIncrementDecrementOperator().

◆ ExecuteWorkList()

bool clang::ento::ExprEngine::ExecuteWorkList	(	const LocationContext *	L,
		unsigned	Steps = 150000 )

inline

Returns true if there is still simulation state on the worklist.

Definition at line 209 of file ExprEngine.h.

References clang::LocationContext::getDecl(), and clang::LocationContext::inTopFrame().

◆ getAnalysisDeclContextManager()

AnalysisDeclContextManager & clang::ento::ExprEngine::getAnalysisDeclContextManager ( )

inline

Definition at line 221 of file ExprEngine.h.

Referenced by ExprEngine().

◆ getAnalysisManager() [1/2]

AnalysisManager & clang::ento::ExprEngine::getAnalysisManager ( )

inline

Definition at line 218 of file ExprEngine.h.

Referenced by defaultEvalCall(), ProcessNewAllocator(), and VisitCXXBindTemporaryExpr().

◆ getAnalysisManager() [2/2]

const AnalysisManager & clang::ento::ExprEngine::getAnalysisManager ( ) const

inline

Definition at line 219 of file ExprEngine.h.

◆ getBasicVals()

BasicValueFactory & clang::ento::ExprEngine::getBasicVals ( )

inline

Definition at line 497 of file ExprEngine.h.

Referenced by ConstructInitList(), VisitCast(), VisitLogicalExpr(), and VisitUnaryOperator().

◆ getBugReporter() [1/2]

BugReporter & clang::ento::ExprEngine::getBugReporter ( )

inline

Definition at line 232 of file ExprEngine.h.

Referenced by llvm::DOTGraphTraits< ExplodedGraph * >::nodeHasBugReport().

◆ getBugReporter() [2/2]

const BugReporter & clang::ento::ExprEngine::getBugReporter ( ) const

inline

Definition at line 233 of file ExprEngine.h.

◆ getBuilderContext()

const NodeBuilderContext & clang::ento::ExprEngine::getBuilderContext ( ) const

inline

Definition at line 266 of file ExprEngine.h.

Referenced by ProcessAutomaticObjDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), clang::ento::CheckerManager::runCheckersForEndFunction(), and clang::ento::CheckerManager::runCheckersForEvalCall().

◆ getCFGElementRef()

ConstCFGElementRef clang::ento::ExprEngine::getCFGElementRef ( ) const

inline

◆ getCheckerManager()

CheckerManager & clang::ento::ExprEngine::getCheckerManager ( ) const

inline

◆ getConstraintManager() [1/2]

ConstraintManager & clang::ento::ExprEngine::getConstraintManager ( )

inline

Definition at line 489 of file ExprEngine.h.

Referenced by removeDead().

◆ getConstraintManager() [2/2]

const ConstraintManager & clang::ento::ExprEngine::getConstraintManager ( ) const

inline

Definition at line 492 of file ExprEngine.h.

◆ getContext()

ASTContext & clang::ento::ExprEngine::getContext ( ) const

inline

getContext - Return the ASTContext associated with this analysis.

Definition at line 216 of file ExprEngine.h.

Referenced by computeObjectUnderConstruction(), ExprEngine(), handleLValueBitCast(), ProcessAutomaticObjDtor(), processBranch(), processCallExit(), ProcessDeleteDtor(), ProcessInitializer(), ProcessLoopExit(), ProcessMemberDtor(), ProcessStmt(), processSwitch(), ProcessTemporaryDtor(), Visit(), VisitArraySubscriptExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCast(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXThisExpr(), VisitDeclStmt(), VisitLambdaExpr(), VisitOffsetOfExpr(), and VisitUnaryExprOrTypeTraitExpr().

◆ getCoreEngine()

const CoreEngine & clang::ento::ExprEngine::getCoreEngine ( ) const

inline

Definition at line 512 of file ExprEngine.h.

◆ getCrossTranslationUnitContext()

cross_tu::CrossTranslationUnitContext * clang::ento::ExprEngine::getCrossTranslationUnitContext ( )

inline

Definition at line 236 of file ExprEngine.h.

◆ getCurrBlock()

const CFGBlock * clang::ento::ExprEngine::getCurrBlock ( ) const

inline

Get the 'current' CFGBlock corresponding to the current work item (elementary analysis step handled by dispatchWorkItem).

Definition at line 289 of file ExprEngine.h.

Referenced by getCFGElementRef(), getCurrentCFGElement(), getNumVisitedCurrent(), processBranch(), processCFGBlockEntrance(), ProcessImplicitDtor(), processIndirectGoto(), ProcessInitializer(), ProcessLoopExit(), ProcessNewAllocator(), ProcessStmt(), and Visit().

◆ getCurrentCFGElement()

CFGElement clang::ento::ExprEngine::getCurrentCFGElement ( )

inline

Return the CFG element corresponding to the worklist element that is currently being processed by ExprEngine.

Definition at line 771 of file ExprEngine.h.

References getCurrBlock().

Referenced by bindReturnValue().

◆ getCurrLocationContext()

const LocationContext * clang::ento::ExprEngine::getCurrLocationContext ( ) const

inline

Get the 'current' location context corresponding to the current work item (elementary analysis step handled by dispatchWorkItem).

FIXME: This sometimes (e.g. in some BeginFunction callbacks) differs from the LocationContext that can be obtained from different sources (e.g. a recent ExplodedNode). Traditionally this location context is only used for block count calculations (getNumVisited); it is probably wise to follow this tradition until the discrepancies are resolved.

Definition at line 283 of file ExprEngine.h.

Referenced by getNumVisitedCurrent(), and processIndirectGoto().

◆ getDataTags()

DataTag::Factory & clang::ento::ExprEngine::getDataTags ( )

inline

Definition at line 505 of file ExprEngine.h.

◆ getEagerlyAssumeBifurcationTags()

std::pair< const ProgramPointTag *, const ProgramPointTag * > ExprEngine::getEagerlyAssumeBifurcationTags ( )

static

Definition at line 3854 of file ExprEngine.cpp.

Referenced by REGISTER_TRAIT_WITH_PROGRAMSTATE(), and clang::ento::ConditionBRVisitor::VisitNodeImpl().

◆ getGraph() [1/2]

ExplodedGraph & clang::ento::ExprEngine::getGraph ( )

inline

Definition at line 329 of file ExprEngine.h.

Referenced by ExprEngine().

◆ getGraph() [2/2]

const ExplodedGraph & clang::ento::ExprEngine::getGraph ( ) const

inline

Definition at line 330 of file ExprEngine.h.

◆ getIndexOfElementToConstruct()

std::optional< unsigned > ExprEngine::getIndexOfElementToConstruct	(	ProgramStateRef	State,
		const CXXConstructExpr *	E,
		const LocationContext *	LCtx )

static

Retreives which element is being constructed in a non-POD type array.

Definition at line 515 of file ExprEngine.cpp.

References clang::LocationContext::getStackFrame(), and V.

Referenced by computeObjectUnderConstruction().

◆ getInitialState()

ProgramStateRef ExprEngine::getInitialState ( const LocationContext * InitLoc )

getInitialState - Return the initial state used for the root vertex in the ExplodedGraph.

Definition at line 246 of file ExprEngine.cpp.

References evalBinOp(), clang::ento::SVal::getAs(), clang::LocationContext::getDecl(), clang::IdentifierInfo::getName(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::ValueDecl::getType(), and V.

◆ getNumVisited()

unsigned clang::ento::ExprEngine::getNumVisited	(	const LocationContext *	LC,
		const CFGBlock *	Block ) const

inline

Definition at line 297 of file ExprEngine.h.

References clang::Block, and clang::LocationContext::getStackFrame().

Referenced by computeObjectUnderConstruction(), getNumVisitedCurrent(), and clang::ento::CallEvent::getReturnValueUnderConstruction().

◆ getNumVisitedCurrent()

unsigned clang::ento::ExprEngine::getNumVisitedCurrent ( ) const

inline

Definition at line 303 of file ExprEngine.h.

References getCurrBlock(), getCurrLocationContext(), and getNumVisited().

Referenced by bindReturnValue(), computeObjectUnderConstruction(), processCFGBlockEntrance(), ProcessInitializer(), Visit(), VisitAtomicExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCast(), VisitCXXCatchStmt(), VisitCXXNewExpr(), VisitDeclStmt(), VisitGCCAsmStmt(), VisitGuardedExpr(), VisitIncrementDecrementOperator(), and VisitObjCForCollectionStmt().

◆ getObjectUnderConstruction()

std::optional< SVal > ExprEngine::getObjectUnderConstruction	(	ProgramStateRef	State,
		const ConstructionContextItem &	Item,
		const LocationContext *	LC )

static

By looking at a certain item that may be potentially part of an object's ConstructionContext, retrieve such object's location.

A particular statement can be transparently passed as Item in most cases.

Definition at line 605 of file ExprEngine.cpp.

References clang::LocationContext::getStackFrame(), and V.

Referenced by computeObjectUnderConstruction(), clang::ento::CXXAllocatorCall::getObjectUnderConstruction(), clang::ento::CallEvent::isArgumentConstructedDirectly(), processCleanupTemporaryBranch(), ProcessInitializer(), ProcessTemporaryDtor(), VisitCXXBindTemporaryExpr(), VisitCXXNewExpr(), VisitDeclStmt(), and VisitLambdaExpr().

◆ getPendingArrayDestruction()

std::optional< unsigned > ExprEngine::getPendingArrayDestruction	(	ProgramStateRef	State,
		const LocationContext *	LCtx )

static

Retreives which element is being destructed in a non-POD type array.

Definition at line 534 of file ExprEngine.cpp.

References clang::LocationContext::getStackFrame(), and V.

Referenced by processCallExit().

◆ getPendingInitLoop()

std::optional< unsigned > ExprEngine::getPendingInitLoop	(	ProgramStateRef	State,
		const CXXConstructExpr *	E,
		const LocationContext *	LCtx )

static

Retreives the size of the array in the pending ArrayInitLoopExpr.

Definition at line 488 of file ExprEngine.cpp.

References clang::LocationContext::getStackFrame(), and V.

◆ getRegionManager()

MemRegionManager & clang::ento::ExprEngine::getRegionManager ( )

inline

Definition at line 503 of file ExprEngine.h.

Referenced by ExprEngine().

◆ getRootLocationContext()

const LocationContext * clang::ento::ExprEngine::getRootLocationContext ( ) const

inline

Definition at line 271 of file ExprEngine.h.

Referenced by processEndWorklist().

◆ getStateManager() [1/2]

ProgramStateManager & clang::ento::ExprEngine::getStateManager ( )

inline

Definition at line 481 of file ExprEngine.h.

Referenced by computeObjectUnderConstruction(), processCallExit(), processEndOfFunction(), VisitCallExpr(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), and VisitObjCMessage().

◆ getStateManager() [2/2]

const ProgramStateManager & clang::ento::ExprEngine::getStateManager ( ) const

inline

Definition at line 482 of file ExprEngine.h.

◆ getStoreManager() [1/2]

StoreManager & clang::ento::ExprEngine::getStoreManager ( )

inline

Definition at line 484 of file ExprEngine.h.

Referenced by ProcessBaseDtor(), processCallExit(), ProcessInitializer(), removeDead(), VisitCast(), and VisitMemberExpr().

◆ getStoreManager() [2/2]

const StoreManager & clang::ento::ExprEngine::getStoreManager ( ) const

inline

Definition at line 485 of file ExprEngine.h.

◆ getSValBuilder() [1/2]

SValBuilder & clang::ento::ExprEngine::getSValBuilder ( )

inline

Definition at line 229 of file ExprEngine.h.

Referenced by computeObjectUnderConstruction(), ConstructInitList(), ExprEngine(), ProcessBaseDtor(), ProcessInitializer(), and ProcessMemberDtor().

◆ getSValBuilder() [2/2]

const SValBuilder & clang::ento::ExprEngine::getSValBuilder ( ) const

inline

Definition at line 230 of file ExprEngine.h.

◆ getSymbolManager() [1/2]

SymbolManager & clang::ento::ExprEngine::getSymbolManager ( )

inline

Definition at line 501 of file ExprEngine.h.

Referenced by ExprEngine().

◆ getSymbolManager() [2/2]

const SymbolManager & clang::ento::ExprEngine::getSymbolManager ( ) const

inline

Definition at line 502 of file ExprEngine.h.

◆ handleConstructionContext()

std::pair< ProgramStateRef, SVal > clang::ento::ExprEngine::handleConstructionContext	(	const Expr *	E,
		ProgramStateRef	State,
		const NodeBuilderContext *	BldrCtx,
		const LocationContext *	LCtx,
		const ConstructionContext *	CC,
		EvalCallOptions &	CallOpts,
		unsigned	Idx = 0 )

inline

A convenient wrapper around computeObjectUnderConstruction and updateObjectsUnderConstruction.

Definition at line 820 of file ExprEngine.h.

References clang::ento::NodeBuilderContext::blockCount(), computeObjectUnderConstruction(), updateObjectsUnderConstruction(), and V.

Referenced by bindReturnValue().

◆ handleLValueBitCast()

ProgramStateRef ExprEngine::handleLValueBitCast	(	ProgramStateRef	state,
		const Expr *	Ex,
		const LocationContext *	LCtx,
		QualType	T,
		QualType	ExTy,
		const CastExpr *	CastE,
		NodeBuilder &	Bldr,
		ExplodedNode *	Pred )

Definition at line 258 of file ExprEngineC.cpp.

References escapeValues(), clang::ento::NodeBuilder::generateNode(), clang::CastExpr::getCastKind(), getContext(), clang::ASTContext::getLValueReferenceType(), clang::ASTContext::getRValueReferenceType(), clang::Expr::getType(), clang::Type::isLValueReferenceType(), clang::Type::isRValueReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::PSK_EscapeOther, and V.

Referenced by VisitCast().

◆ handleUOExtension()

void ExprEngine::handleUOExtension	(	ExplodedNode *	N,
		const UnaryOperator *	U,
		NodeBuilder &	Bldr )

Definition at line 901 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), and clang::ento::ExplodedNode::getState().

Referenced by VisitUnaryOperator().

◆ hasEmptyWorkList()

bool clang::ento::ExprEngine::hasEmptyWorkList ( ) const

inline

Definition at line 509 of file ExprEngine.h.

◆ hasMoreIteration()

bool ExprEngine::hasMoreIteration	(	ProgramStateRef	State,
		const ObjCForCollectionStmt *	O,
		const LocationContext *	LC )

staticnodiscard

Definition at line 2774 of file ExprEngine.cpp.

Referenced by assumeCondition().

◆ hasWorkRemaining()

bool clang::ento::ExprEngine::hasWorkRemaining ( ) const

inline

Definition at line 510 of file ExprEngine.h.

◆ notifyCheckersOfPointerEscape()

ProgramStateRef ExprEngine::notifyCheckersOfPointerEscape	(	ProgramStateRef	State,
		const InvalidatedSymbols *	Invalidated,
		ArrayRef< const MemRegion * >	ExplicitRegions,
		const CallEvent *	Call,
		RegionAndSymbolInvalidationTraits &	ITraits )

Call PointerEscape callback when a value escapes as a result of region invalidation.

Parameters

[in] ITraits Specifies invalidation traits for regions/symbols.

Definition at line 3657 of file ExprEngine.cpp.

References clang::Call, getCheckerManager(), clang::ento::PSK_DirectEscapeOnCall, clang::ento::PSK_EscapeOther, clang::ento::PSK_IndirectEscapeOnCall, and clang::ento::CheckerManager::runCheckersForPointerEscape().

◆ printJson()

void ExprEngine::printJson	(	raw_ostream &	Out,
		ProgramStateRef	State,
		const LocationContext *	LCtx,
		const char *	NL,
		unsigned int	Space,
		bool	IsDot ) const

printJson - Called by ProgramStateManager to print checker-specific data.

Definition at line 941 of file ExprEngine.cpp.

References getCheckerManager(), printIndicesOfElementsToConstructJson(), printObjectsUnderConstructionJson(), printPendingArrayDestructionsJson(), printPendingInitLoopJson(), printStateTraitWithLocationContextJson(), and clang::ento::CheckerManager::runCheckersForPrintStateJson().

Referenced by clang::ento::ProgramState::printJson().

◆ processAssume()

ProgramStateRef ExprEngine::processAssume	(	ProgramStateRef	state,
		SVal	cond,
		bool	assumption )

evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values.

evalAssume - Called by ConstraintManager.

Used to call checker-specific logic for handling assumptions on symbolic values.

Definition at line 669 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForEvalAssume().

◆ ProcessAutomaticObjDtor()

void ExprEngine::ProcessAutomaticObjDtor	(	const CFGAutomaticObjDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

◆ ProcessBaseDtor()

void ExprEngine::ProcessBaseDtor	(	const CFGBaseDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 1484 of file ExprEngine.cpp.

References clang::cast(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::SVal::getAsRegion(), clang::CFGBaseDtor::getBaseSpecifier(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStoreManager(), getSValBuilder(), and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

◆ processBeginOfFunction()

void ExprEngine::processBeginOfFunction	(	ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const BlockEdge &	L )

Called by CoreEngine.

Used to notify checkers that processing a function has begun. Called for both inlined and top-level functions.

Definition at line 3007 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForBeginFunction().

Referenced by processCallEnter().

◆ processBranch()

void ExprEngine::processBranch	(	const Stmt *	Condition,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF,
		std::optional< unsigned >	IterationsCompletedInLoop )

ProcessBranch - Called by CoreEngine.

Used to generate successor nodes by processing the 'effects' of a branch condition. If the branch condition is a loop condition, IterationsCompletedInLoop is the number of completed iterations (otherwise it's std::nullopt).

Definition at line 2831 of file ExprEngine.cpp.

References assumeCondition(), clang::Condition, didEagerlyAssumeBifurcateAt(), clang::ento::ExplodedNodeSet::empty(), clang::ento::BranchNodeBuilder::generateNode(), getCheckerManager(), getContext(), getCurrBlock(), clang::LocationContext::getDecl(), getInlinedLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::isa(), ResolveCondition(), and clang::ento::CheckerManager::runCheckersForBranchCondition().

◆ processCallEnter()

void ExprEngine::processCallEnter	(	CallEnter	CE,
		ExplodedNode *	Pred )

Generate the entry node of the callee.

Definition at line 42 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNode::addPredecessor(), clang::CFGBlock::empty(), clang::CallEnter::getCalleeContext(), clang::CallEnter::getEntry(), clang::ento::ExplodedNode::getState(), processBeginOfFunction(), clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().

◆ processCallExit()

void ExprEngine::processCallExit ( ExplodedNode * CEBNode )

Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr.

The call exit is simulated with a sequence of nodes, which occur between CallExitBegin and CallExitEnd.

The following operations occur between the two program points:

CallExitBegin (triggers the start of call exit sequence)
Bind the return value
Run Remove dead bindings to clean up the dead symbols from the callee.
CallExitEnd
PostStmt<CallExpr> Steps 1-3. happen in the callee context; but there is a context switch and steps 4-5. happen in the caller context.

Definition at line 254 of file ExprEngineCallAndReturn.cpp.

References adjustReturnValue(), clang::Call, clang::cast(), clang::ento::SVal::castAs(), clang::LocationContext::getAnalysisDeclContext(), clang::AnalysisDeclContext::getBody(), clang::ento::CallEventManager::getCaller(), clang::ento::ProgramStateManager::getCallEventManager(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), clang::ento::ExplodedNode::getCFG(), getCheckerManager(), getContext(), clang::LocationContext::getDecl(), clang::ento::CallEvent::getDeclaredResultType(), clang::CFG::getExit(), clang::StackFrameContext::getIndex(), getLastStmt(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getParent(), getPendingArrayDestruction(), clang::ento::ExplodedNode::getStackFrame(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStateManager(), getStoreManager(), clang::ento::SVal::getType(), clang::ento::ExplodedNodeSet::insert(), clang::isa(), clang::QualType::isNull(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, removeDead(), resetCurrLocationContextAndBlock(), clang::ento::CheckerManager::runCheckersForNewAllocator(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPostStmt(), setCurrLocationContextAndBlock(), V, and wasDifferentDeclUsedForInlining().

◆ processCFGBlockEntrance()

void ExprEngine::processCFGBlockEntrance	(	const BlockEdge &	L,
		const BlockEntrance &	BE,
		NodeBuilder &	Builder,
		ExplodedNode *	Pred )

Called by CoreEngine when processing the entrance of a CFGBlock.

Block entrance.

(Update counters). FIXME: BlockEdge &L is only used for debug statistics, consider removing it and using BlockEntrance &BE (where BlockEntrance is a subtype of ProgramPoint) for statistical purposes.

Definition at line 2557 of file ExprEngine.cpp.

References getCurrBlock(), clang::LocationContext::getDecl(), getInlinedLocationContext(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::CFGBlock::getTerminatorStmt(), clang::ento::getWidenedLoopState(), clang::ento::isUnrolledState(), clang::ento::updateLoopStack(), and clang::ProgramPoint::withTag().

◆ processCFGElement()

void ExprEngine::processCFGElement	(	const CFGElement	E,
		ExplodedNode *	Pred,
		unsigned	StmtIdx )

processCFGElement - Called by CoreEngine.

Used to generate new successor nodes by processing the 'effects' of a CFG element.

Definition at line 968 of file ExprEngine.cpp.

◆ processCleanupTemporaryBranch()

void ExprEngine::processCleanupTemporaryBranch	(	const CXXBindTemporaryExpr *	BTE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF )

Called by CoreEngine.

Used to generate successor nodes for temporary destructors depending on whether the corresponding constructor was visited.

Definition at line 1639 of file ExprEngine.cpp.

References clang::ento::BranchNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), and clang::ento::ExplodedNode::getState().

◆ ProcessDeleteDtor()

void ExprEngine::ProcessDeleteDtor	(	const CFGDeleteDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

◆ processEndOfFunction()

void ExprEngine::processEndOfFunction	(	ExplodedNode *	Pred,
		const ReturnStmt *	RS = nullptr )

Called by CoreEngine.

ProcessEndPath - Called by CoreEngine.

Used to notify checkers that processing a function has ended. Called for both inlined and top-level functions.

Used to generate end-of-path nodes when the control reaches the end of a function.

Definition at line 3015 of file ExprEngine.cpp.

References clang::ConstructionContextItem::ElidedDestructorKind, getCheckerManager(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getParent(), clang::ento::ExplodedNode::getStackFrame(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::LocationContext::inTopFrame(), clang::StackFrameContext::inTopFrame(), removeDeadOnEndOfFunction(), clang::ento::CheckerManager::runCheckersForEndFunction(), and clang::ConstructionContextItem::TemporaryDestructorKind.

◆ processEndWorklist()

void ExprEngine::processEndWorklist ( )

Called by CoreEngine when the analysis worklist has terminated.

Definition at line 962 of file ExprEngine.cpp.

References getCheckerManager(), getRootLocationContext(), and clang::ento::CheckerManager::runCheckersForEndAnalysis().

◆ ProcessImplicitDtor()

void ExprEngine::ProcessImplicitDtor	(	const CFGImplicitDtor	D,
		ExplodedNode *	Pred )

Definition at line 1290 of file ExprEngine.cpp.

References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, clang::CFGElement::castAs(), clang::CFGElement::DeleteDtor, getCurrBlock(), clang::CFGElement::getKind(), clang::CFGElement::MemberDtor, ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), ProcessTemporaryDtor(), and clang::CFGElement::TemporaryDtor.

Referenced by processCFGElement().

◆ processIndirectGoto()

void ExprEngine::processIndirectGoto	(	ExplodedNodeSet &	Dst,
		const Expr *	Tgt,
		const CFGBlock *	Dispatch,
		ExplodedNode *	Pred )

processIndirectGoto - Called by CoreEngine.

Used to generate successor nodes by processing the 'effects' of a computed goto jump.

Definition at line 2976 of file ExprEngine.cpp.

References clang::cast(), getCurrBlock(), getCurrLocationContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::isa(), clang::CFGBlock::succs(), and V.

◆ ProcessInitializer()

void ExprEngine::ProcessInitializer	(	const CFGInitializer	I,
		ExplodedNode *	Pred )

Definition at line 1164 of file ExprEngine.cpp.

Referenced by processCFGElement().

◆ ProcessLoopExit()

void ExprEngine::ProcessLoopExit	(	const Stmt *	S,
		ExplodedNode *	Pred )

Definition at line 1149 of file ExprEngine.cpp.

References clang::Stmt::getBeginLoc(), getContext(), getCurrBlock(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNode::isSink(), and clang::ento::processLoopEnd().

Referenced by processCFGElement().

◆ ProcessMemberDtor()

void ExprEngine::ProcessMemberDtor	(	const CFGMemberDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

◆ ProcessNewAllocator()

void ExprEngine::ProcessNewAllocator	(	const CXXNewExpr *	NE,
		ExplodedNode *	Pred )

Definition at line 1317 of file ExprEngine.cpp.

References getAnalysisManager(), getCFGElementRef(), getCurrBlock(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), and VisitCXXNewAllocatorCall().

Referenced by processCFGElement().

◆ processPointerEscapedOnBind()

ProgramStateRef ExprEngine::processPointerEscapedOnBind	(	ProgramStateRef	State,
		ArrayRef< std::pair< SVal, SVal > >	LocAndVals,
		const LocationContext *	LCtx,
		PointerEscapeKind	Kind,
		const CallEvent *	Call )

Call PointerEscape callback when a value escapes as a result of bind.

Definition at line 3606 of file ExprEngine.cpp.

References clang::Call, escapeValues(), clang::ento::MemRegion::getBaseRegion(), clang::ento::MemRegion::getMemorySpace(), and clang::isa().

Referenced by evalCall().

◆ processRegionChange()

ProgramStateRef clang::ento::ExprEngine::processRegionChange	(	ProgramStateRef	state,
		const MemRegion *	MR,
		const LocationContext *	LCtx )

inline

Definition at line 470 of file ExprEngine.h.

References processRegionChanges().

Referenced by clang::ento::ProgramState::bindDefaultInitial(), clang::ento::ProgramState::bindDefaultZero(), and clang::ento::ProgramState::bindLoc().

◆ processRegionChanges()

ProgramStateRef ExprEngine::processRegionChanges	(	ProgramStateRef	state,
		const InvalidatedSymbols *	invalidated,
		ArrayRef< const MemRegion * >	ExplicitRegions,
		ArrayRef< const MemRegion * >	Regions,
		const LocationContext *	LCtx,
		const CallEvent *	Call )

processRegionChanges - Called by ProgramStateManager whenever a change is made to the store.

Used to update checkers that track region values.

Definition at line 675 of file ExprEngine.cpp.

References clang::Call, getCheckerManager(), and clang::ento::CheckerManager::runCheckersForRegionChanges().

Referenced by processRegionChange().

◆ processStaticInitializer()

void clang::ento::ExprEngine::processStaticInitializer	(	const DeclStmt *	DS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF )

Called by CoreEngine.

Used to processing branching behavior at static initializers.

References clang::Call, and clang::Switch.

◆ ProcessStmt()

void ExprEngine::ProcessStmt	(	const Stmt *	S,
		ExplodedNode *	Pred )

Definition at line 1119 of file ExprEngine.cpp.

References clang::Stmt::getBeginLoc(), getContext(), getCurrBlock(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNodeSet::insert(), removeDead(), shouldRemoveDeadBindings(), and Visit().

Referenced by processCFGElement().

◆ processSwitch()

void ExprEngine::processSwitch	(	const SwitchStmt *	Switch,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

ProcessSwitch - Called by CoreEngine.

Used to generate successor nodes by processing the 'effects' of a switch statement.

Definition at line 3083 of file ExprEngine.cpp.

References clang::Block, clang::cast(), clang::Condition, clang::Expr::EvaluateKnownConstInt(), clang::ento::SVal::getAs(), getCheckerManager(), getContext(), clang::CaseStmt::getLHS(), clang::CaseStmt::getRHS(), clang::ento::SVal::isUndef(), clang::ento::CheckerManager::runCheckersForBranchCondition(), and clang::Switch.

◆ ProcessTemporaryDtor()

void ExprEngine::ProcessTemporaryDtor	(	const CFGTemporaryDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

◆ removeDead()

void ExprEngine::removeDead	(	ExplodedNode *	Node,
		ExplodedNodeSet &	Out,
		const Stmt *	ReferenceStmt,
		const LocationContext *	LC,
		const Stmt *	DiagnosticStmt = nullptr,
		ProgramPoint::Kind	K = ProgramPoint::PreStmtPurgeDeadSymbolsKind )

Run the analyzer's garbage collection - remove dead symbols and bindings from the state.

Checkers can participate in this process with two callbacks: checkLiveSymbols and checkDeadSymbols. See the CheckerDocumentation class for more information.

Parameters

Node	The predecessor node, from which the processing should start.
Out	The returned set of output nodes.
ReferenceStmt	The statement which is about to be processed. Everything needed for this statement should be considered live. A null statement means that everything in child LocationContexts is dead.
LC	The location context of the `ReferenceStmt`. A null location context means that we have reached the end of analysis and that all statements and local variables should be considered dead.
DiagnosticStmt	Used as a location for any warnings that should occur while removing the dead (e.g. leaks). By default, the `ReferenceStmt` is used.
K	Denotes whether this is a pre- or post-statement purge. This must only be ProgramPoint::PostStmtPurgeDeadSymbolsKind if an entire location context is being cleared, in which case the `ReferenceStmt` must either be a ReturnStmt or `NULL`. Otherwise, it must be ProgramPoint::PreStmtPurgeDeadSymbolsKind (the default) and `ReferenceStmt` must be valid (non-null).

Definition at line 1030 of file ExprEngine.cpp.

References cleanupNodeTag(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), getConstraintManager(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::isa(), clang::ento::markAllDynamicExtentLive(), clang::ento::SymbolReaper::markLive(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, clang::ProgramPoint::PreStmtPurgeDeadSymbolsKind, clang::ento::ConstraintManager::removeDeadBindings(), clang::ento::CheckerManager::runCheckersForDeadSymbols(), and clang::ento::CheckerManager::runCheckersForLiveSymbols().

Referenced by processCallExit(), ProcessStmt(), and removeDeadOnEndOfFunction().

◆ removeDeadOnEndOfFunction()

void ExprEngine::removeDeadOnEndOfFunction	(	ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Remove dead bindings/symbols before exiting a function.

Definition at line 165 of file ExprEngineCallAndReturn.cpp.

References clang::LocationContext::getAnalysisDeclContext(), clang::AnalysisDeclContext::getBody(), getLastStmt(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNodeSet::insert(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, and removeDead().

Referenced by processEndOfFunction().

◆ removeIterationState()

ProgramStateRef ExprEngine::removeIterationState	(	ProgramStateRef	State,
		const ObjCForCollectionStmt *	O,
		const LocationContext *	LC )

staticnodiscard

Definition at line 2767 of file ExprEngine.cpp.

Referenced by assumeCondition().

◆ resetCurrLocationContextAndBlock()

void clang::ento::ExprEngine::resetCurrLocationContextAndBlock ( )

inline

Definition at line 261 of file ExprEngine.h.

Referenced by processCallExit().

◆ runCheckersForBlockEntrance()

void ExprEngine::runCheckersForBlockEntrance	(	const BlockEntrance &	Entrance,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 2640 of file ExprEngine.cpp.

References clang::BlockEntrance::getBlock(), clang::CFGBlock::getBlockID(), getCheckerManager(), clang::BlockEntrance::getPreviousBlock(), and clang::ento::CheckerManager::runCheckersForBlockEntrance().

◆ setCurrLocationContextAndBlock()

void clang::ento::ExprEngine::setCurrLocationContextAndBlock	(	const LocationContext *	LC,
		const CFGBlock *	B )

inline

Definition at line 246 of file ExprEngine.h.

Referenced by processCallExit().

◆ setWhetherHasMoreIteration()

ProgramStateRef ExprEngine::setWhetherHasMoreIteration	(	ProgramStateRef	State,
		const ObjCForCollectionStmt *	O,
		const LocationContext *	LC,
		bool	HasMoreIteraton )

staticnodiscard

Note whether this loop has any more iterations to model. These methods.

ExprEngine::VisitObjCForCollectionStmt().

Definition at line 2759 of file ExprEngine.cpp.

References ExprEngine(), and setWhetherHasMoreIteration().

Referenced by populateObjCForDestinationSet(), and setWhetherHasMoreIteration().

◆ updateObjectsUnderConstruction()

ProgramStateRef ExprEngine::updateObjectsUnderConstruction	(	SVal	V,
		const Expr *	E,
		ProgramStateRef	State,
		const LocationContext *	LCtx,
		const ConstructionContext *	CC,
		const EvalCallOptions &	CallOpts )

Update the program state with all the path-sensitive information that's necessary to perform construction of an object with a given syntactic construction context.

V and CallOpts have to be obtained from computeObjectUnderConstruction() invoked with the same set of the remaining arguments (E, State, LCtx, CC).

Definition at line 407 of file ExprEngineCXX.cpp.

Referenced by handleConstructionContext(), and updateObjectsUnderConstruction().

◆ ViewGraph() [1/2]

void ExprEngine::ViewGraph ( ArrayRef< const ExplodedNode * > Nodes )

Visualize a trimmed ExplodedGraph that only contains paths to the given nodes.

Definition at line 4064 of file ExprEngine.cpp.

References DumpGraph().

◆ ViewGraph() [2/2]

void ExprEngine::ViewGraph ( bool trim = false )

Visualize the ExplodedGraph created by executing the simulation.

Definition at line 4059 of file ExprEngine.cpp.

References DumpGraph().

◆ Visit()

void ExprEngine::Visit	(	const Stmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Visit - Transfer function logic for all statements.

Dispatches to other functions that handle specific kinds of statements.

Definition at line 1708 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::C, clang::cast(), ConstructInitList(), CreateCXXTemporaryObject(), escapeValues(), evalEagerlyAssumeBifurcation(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::Stmt::getBeginLoc(), getCFGElementRef(), getCheckerManager(), getContext(), getCurrBlock(), clang::CXXParenListInitExpr::getInitExprs(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), clang::Stmt::getStmtClass(), getType(), clang::InitListExpr::inits(), clang::isa(), isRecordType(), clang::InitListExpr::isTransparent(), Next, clang::Stmt::NoStmtClass, clang::ProgramPoint::PreStmtKind, clang::ento::PSK_EscapeOther, clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), V, VisitArrayInitLoopExpr(), VisitArraySubscriptExpr(), VisitAtomicExpr(), VisitAttributedStmt(), VisitBinaryOperator(), VisitBlockExpr(), VisitCallExpr(), VisitCast(), VisitCommonDeclRefExpr(), VisitCompoundLiteralExpr(), VisitCXXBindTemporaryExpr(), VisitCXXCatchStmt(), VisitCXXConstructExpr(), VisitCXXDeleteExpr(), VisitCXXInheritedCtorInitExpr(), VisitCXXNewExpr(), VisitCXXThisExpr(), VisitDeclStmt(), VisitGCCAsmStmt(), VisitGuardedExpr(), VisitLambdaExpr(), VisitLogicalExpr(), VisitLvalObjCIvarRefExpr(), VisitMemberExpr(), VisitMSAsmStmt(), VisitObjCAtSynchronizedStmt(), VisitObjCForCollectionStmt(), VisitObjCMessage(), VisitOffsetOfExpr(), VisitReturnStmt(), VisitUnaryExprOrTypeTraitExpr(), and VisitUnaryOperator().

Referenced by ProcessStmt(), and VisitAttributedStmt().

◆ VisitArrayInitLoopExpr()

void ExprEngine::VisitArrayInitLoopExpr	(	const ArrayInitLoopExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitArrayInitLoopExpr - Transfer function for array init loop.

Definition at line 3326 of file ExprEngine.cpp.

References clang::cast(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::ArrayInitLoopExpr::getCommonExpr(), clang::OpaqueValueExpr::getSourceExpr(), clang::ArrayInitLoopExpr::getSubExpr(), clang::isa(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

◆ VisitArraySubscriptExpr()

void ExprEngine::VisitArraySubscriptExpr	(	const ArraySubscriptExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitArraySubscriptExpr - Transfer function for array accesses.

Definition at line 3424 of file ExprEngine.cpp.

References clang::ASTContext::CharTy, clang::ento::NodeBuilder::generateNode(), clang::ArraySubscriptExpr::getBase(), getCheckerManager(), getContext(), clang::ArraySubscriptExpr::getIdx(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::Expr::isGLValue(), clang::Type::isVectorType(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and V.

Referenced by Visit().

◆ VisitAtomicExpr()

void ExprEngine::VisitAtomicExpr	(	const AtomicExpr *	E,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitAtomicExpr - Transfer function for builtin atomic expressions.

Definition at line 3563 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::generateNode(), getCFGElementRef(), getCheckerManager(), clang::AtomicExpr::getNumSubExprs(), getNumVisitedCurrent(), clang::AtomicExpr::getSubExprs(), clang::ProgramPoint::PostStmtKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

◆ VisitAttributedStmt()

void ExprEngine::VisitAttributedStmt	(	const AttributedStmt *	A,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitAttributedStmt - Transfer function logic for AttributedStmt.

Definition at line 1237 of file ExprEngineCXX.cpp.

References clang::AttributedStmt::getAttrs(), getCheckerManager(), clang::getSpecificAttrs(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and Visit().

Referenced by Visit().

◆ VisitBinaryOperator()

void ExprEngine::VisitBinaryOperator	(	const BinaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitBinaryOperator - Transfer function logic for binary operators.

Definition at line 41 of file ExprEngineC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::cast(), conjureOffsetSymbolOnLocation(), clang::ento::ExplodedNodeSet::end(), escapeValues(), evalBinOp(), evalLoad(), evalStore(), clang::ento::NodeBuilder::generateNode(), clang::ASTContext::getCanonicalType(), getCFGElementRef(), getCheckerManager(), getContext(), clang::BinaryOperator::getLHS(), getNumVisitedCurrent(), clang::BinaryOperator::getOpcode(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::BinaryOperator::isAdditiveOp(), clang::BinaryOperator::isAssignmentOp(), clang::BinaryOperator::isCompoundAssignmentOp(), clang::Expr::isGLValue(), clang::ento::SVal::isUnknown(), clang::ento::PSK_EscapeOther, clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and V.

Referenced by Visit().

◆ VisitBlockExpr()

void ExprEngine::VisitBlockExpr	(	const BlockExpr *	BE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitBlockExpr - Transfer function logic for BlockExprs.

Definition at line 197 of file ExprEngineC.cpp.

References clang::BlockDecl::capture_begin(), clang::BlockDecl::capture_end(), clang::ento::NodeBuilder::generateNode(), clang::BlockExpr::getBlockDecl(), clang::ASTContext::getCanonicalType(), getCheckerManager(), getContext(), clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and V.

Referenced by Visit().

◆ VisitCallExpr()

void ExprEngine::VisitCallExpr	(	const CallExpr *	CE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitCall - Transfer function for function calls.

Definition at line 601 of file ExprEngineCallAndReturn.cpp.

References evalCall(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::CallEventManager::getSimpleCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

◆ VisitCast()

void ExprEngine::VisitCast	(	const CastExpr *	CastE,
		const Expr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitCast - Transfer function logic for all casts (implicit and explicit).

Definition at line 286 of file ExprEngineC.cpp.

References clang::ento::StoreManager::evalBaseToDerived(), clang::ento::StoreManager::evalDerivedToBase(), evalLoad(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), getBasicVals(), clang::CastExpr::getCastKind(), getCFGElementRef(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ASTContext::getPointerType(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::Expr::getType(), handleLValueBitCast(), clang::isa(), clang::ento::SVal::isConstant(), clang::Expr::isGLValue(), clang::ento::SVal::isUnknown(), clang::ento::SVal::isZeroConstant(), clang::CastExpr::path(), clang::ento::CheckerManager::runCheckersForPreStmt(), and V.

Referenced by Visit().

◆ VisitCommonDeclRefExpr()

void ExprEngine::VisitCommonDeclRefExpr	(	const Expr *	DR,
		const NamedDecl *	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Transfer function logic for DeclRefExprs and BlockDeclRefExprs.

Definition at line 3165 of file ExprEngine.cpp.

References clang::cast(), clang::CXXThis, clang::ento::NodeBuilder::generateNode(), clang::CXXRecordDecl::getCaptureFields(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::DeclContext::getParent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::isa(), clang::ento::SVal::isConstant(), clang::Expr::isGLValue(), clang::ProgramPoint::PostLValueKind, and V.

Referenced by Visit(), and VisitMemberExpr().

◆ VisitCompoundLiteralExpr()

void ExprEngine::VisitCompoundLiteralExpr	(	const CompoundLiteralExpr *	CL,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitCompoundLiteralExpr - Transfer function logic for compound literals.

Definition at line 579 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Init, clang::isa(), and V.

Referenced by Visit().

◆ VisitCXXBindTemporaryExpr()

void ExprEngine::VisitCXXBindTemporaryExpr	(	const CXXBindTemporaryExpr *	BTE,
		ExplodedNodeSet &	PreVisit,
		ExplodedNodeSet &	Dst )

Definition at line 1654 of file ExprEngine.cpp.

References getAnalysisManager(), and getObjectUnderConstruction().

Referenced by Visit().

◆ VisitCXXCatchStmt()

void ExprEngine::VisitCXXCatchStmt	(	const CXXCatchStmt *	CS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 1129 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilder::generateNode(), getCFGElementRef(), clang::CXXCatchStmt::getExceptionDecl(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), clang::ValueDecl::getType(), clang::ento::ExplodedNodeSet::insert(), and V.

Referenced by Visit().

◆ VisitCXXConstructExpr()

void ExprEngine::VisitCXXConstructExpr	(	const CXXConstructExpr *	E,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 811 of file ExprEngineCXX.cpp.

Referenced by Visit().

◆ VisitCXXDeleteExpr()

void ExprEngine::VisitCXXDeleteExpr	(	const CXXDeleteExpr *	CDE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 1103 of file ExprEngineCXX.cpp.

References clang::Call, defaultEvalCall(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::CallEventManager::getCXXDeallocatorCall(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().

Referenced by Visit().

◆ VisitCXXDestructor()

void ExprEngine::VisitCXXDestructor	(	QualType	ObjectType,
		const MemRegion *	Dest,
		const Stmt *	S,
		bool	IsBaseDtor,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		EvalCallOptions &	Options )

Definition at line 823 of file ExprEngineCXX.cpp.

References clang::Call, defaultEvalCall(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::Type::getAsCXXRecordDecl(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), getContext(), clang::ento::CallEventManager::getCXXDestructorCall(), clang::Stmt::getEndLoc(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPreCall(), and clang::ProgramPoint::withTag().

Referenced by ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), and ProcessTemporaryDtor().

◆ VisitCXXInheritedCtorInitExpr()

void ExprEngine::VisitCXXInheritedCtorInitExpr	(	const CXXInheritedCtorInitExpr *	E,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 817 of file ExprEngineCXX.cpp.

Referenced by Visit().

◆ VisitCXXNewAllocatorCall()

void ExprEngine::VisitCXXNewAllocatorCall	(	const CXXNewExpr *	CNE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

◆ VisitCXXNewExpr()

void ExprEngine::VisitCXXNewExpr	(	const CXXNewExpr *	CNE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 969 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::Call, clang::ento::NodeBuilder::generateNode(), clang::ento::SVal::getAs(), clang::Type::getAs(), clang::ento::SVal::getAsRegion(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), clang::ento::CallEventManager::getCXXAllocatorCall(), clang::CXXNewExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), getObjectUnderConstruction(), clang::CXXNewExpr::getOperatorNew(), clang::CXXNewExpr::getPlacementArg(), clang::Type::getPointeeType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::Expr::getType(), clang::ValueDecl::getType(), clang::Init, clang::isa(), clang::CXXNewExpr::isArray(), clang::FunctionDecl::isReplaceableGlobalAllocationFunction(), clang::FunctionDecl::isReservedGlobalPlacementOperator(), clang::ento::SVal::isUnknown(), clang::Result, clang::ento::ExplodedNodeSet::size(), clang::ento::NodeBuilder::takeNodes(), and V.

Referenced by Visit().

◆ VisitCXXThisExpr()

void ExprEngine::VisitCXXThisExpr	(	const CXXThisExpr *	TE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 1147 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilder::generateNode(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), and V.

Referenced by Visit().

◆ VisitDeclStmt()

void ExprEngine::VisitDeclStmt	(	const DeclStmt *	DS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitDeclStmt - Transfer function logic for DeclStmts.

Definition at line 604 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::DeclStmt::decl_begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::NodeBuilder::generateNode(), getCFGElementRef(), getCheckerManager(), getContext(), clang::VarDecl::getInit(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), getObjectUnderConstruction(), clang::ASTContext::getPointerType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::isa(), clang::DeclStmt::isSingleDecl(), clang::ento::SVal::isUnknown(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::ento::NodeBuilder::takeNodes().

Referenced by Visit().

◆ VisitGCCAsmStmt()

void ExprEngine::VisitGCCAsmStmt	(	const GCCAsmStmt *	A,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitGCCAsmStmt - Transfer function logic for inline asm.

Definition at line 3917 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::generateNode(), getCFGElementRef(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), clang::AsmStmt::inputs(), clang::isa(), clang::AsmStmt::outputs(), and X.

Referenced by Visit().

◆ VisitGuardedExpr()

void ExprEngine::VisitGuardedExpr	(	const Expr *	Ex,
		const Expr *	L,
		const Expr *	R,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.

Definition at line 775 of file ExprEngineC.cpp.

References clang::cast(), clang::ento::NodeBuilder::generateNode(), getCFGElementRef(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), clang::Expr::IgnoreParens(), clang::ento::ExplodedNode::pred_begin(), and V.

Referenced by Visit().

◆ VisitIncrementDecrementOperator()

void ExprEngine::VisitIncrementDecrementOperator	(	const UnaryOperator *	U,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Handle ++ and – (both pre- and post-increment).

Definition at line 1052 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::SVal::castAs(), evalBinOp(), evalLoad(), evalStore(), getCFGElementRef(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::ento::Loc::isLocType(), clang::ento::SVal::isUnknownOrUndef(), clang::Result, and clang::ento::NodeBuilder::takeNodes().

Referenced by VisitUnaryOperator().

◆ VisitLambdaExpr()

void ExprEngine::VisitLambdaExpr	(	const LambdaExpr *	LE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitLambdaExpr - Transfer function logic for LambdaExprs.

Definition at line 1163 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilder::generateNode(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ento::ExplodedNode::getState(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and V.

Referenced by Visit().

◆ VisitLogicalExpr()

void ExprEngine::VisitLogicalExpr	(	const BinaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitLogicalExpr - Transfer function logic for '&&', '||'.

Definition at line 681 of file ExprEngineC.cpp.

References clang::cast(), clang::CFGElement::castAs(), clang::ProgramPoint::castAs(), clang::CFGBlock::empty(), evalBinOp(), clang::ento::NodeBuilder::generateNode(), clang::ProgramPoint::getAs(), getBasicVals(), clang::BlockEdge::getDst(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::BinaryOperator::getOpcode(), clang::BlockEdge::getSrc(), clang::ento::ExplodedNode::getState(), clang::CFGStmt::getStmt(), clang::CFGBlock::getTerminator(), clang::Expr::getType(), clang::ento::SVal::isUndef(), clang::Type::isVectorType(), clang::ento::ExplodedNode::pred_begin(), clang::ento::ExplodedNode::pred_size(), clang::CFGBlock::rbegin(), clang::CFGBlock::succ_begin(), clang::CFGBlock::succ_size(), X, and clang::Zero.

Referenced by Visit().

◆ VisitLvalObjCIvarRefExpr()

void ExprEngine::VisitLvalObjCIvarRefExpr	(	const ObjCIvarRefExpr *	DR,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Transfer function logic for computing the lvalue of an Objective-C ivar.

Definition at line 21 of file ExprEngineObjC.cpp.

References clang::ento::NodeBuilder::generateNode(), clang::ObjCIvarRefExpr::getBase(), getCheckerManager(), clang::ObjCIvarRefExpr::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ento::CheckerManager::runCheckersForPostStmt().

Referenced by Visit().

◆ VisitMemberExpr()

void ExprEngine::VisitMemberExpr	(	const MemberExpr *	M,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitMemberExpr - Transfer function for member expressions.

Definition at line 3475 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::cast(), evalLoad(), clang::ento::NodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::MemberExpr::getBase(), getCheckerManager(), clang::MemberExpr::getMemberDecl(), getStoreManager(), clang::Expr::getType(), clang::isa(), clang::Type::isArrayType(), clang::Expr::isGLValue(), clang::Member, clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), and VisitCommonDeclRefExpr().

Referenced by Visit().

◆ VisitMSAsmStmt()

void ExprEngine::VisitMSAsmStmt	(	const MSAsmStmt *	A,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitMSAsmStmt - Transfer function logic for MS inline asm.

Definition at line 3954 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::generateNode(), and clang::ento::ExplodedNode::getState().

Referenced by Visit().

◆ VisitObjCAtSynchronizedStmt()

void ExprEngine::VisitObjCAtSynchronizedStmt	(	const ObjCAtSynchronizedStmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Transfer function logic for ObjCAtSynchronizedStmts.

Definition at line 38 of file ExprEngineObjC.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

◆ VisitObjCForCollectionStmt()

void ExprEngine::VisitObjCForCollectionStmt	(	const ObjCForCollectionStmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitObjCForCollectionStmt - Transfer function logic for ObjCForCollectionStmt.

Definition at line 85 of file ExprEngineObjC.cpp.

References clang::cast(), getCFGElementRef(), getCheckerManager(), clang::ObjCForCollectionStmt::getCollection(), clang::ObjCForCollectionStmt::getElement(), clang::VarDecl::getInit(), clang::ento::ExplodedNode::getLocationContext(), getNumVisitedCurrent(), clang::ento::ExplodedNode::getState(), populateObjCForDestinationSet(), and clang::ento::CheckerManager::runCheckersForPostStmt().

Referenced by Visit().

◆ VisitObjCMessage()

void ExprEngine::VisitObjCMessage	(	const ObjCMessageExpr *	ME,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

Definition at line 154 of file ExprEngineObjC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::SVal::castAs(), clang::ento::CallEventRef< T >::cloneWithState(), defaultEvalCall(), clang::ento::ExplodedNodeSet::end(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::CallEventManager::getObjCMethodCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ProgramPoint::getTag(), clang::ento::SVal::isUndef(), clang::ProgramPoint::PreStmtKind, clang::ento::CheckerManager::runCheckersForObjCMessageNil(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPreCall(), and clang::ento::CheckerManager::runCheckersForPreObjCMessage().

Referenced by Visit().

◆ VisitOffsetOfExpr()

void ExprEngine::VisitOffsetOfExpr	(	const OffsetOfExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitOffsetOfExpr - Transfer function for offsetof.

Definition at line 839 of file ExprEngineC.cpp.

References clang::Type::castAs(), clang::Expr::EvaluateAsInt(), clang::ento::NodeBuilder::generateNode(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::BuiltinType::isInteger(), clang::Type::isSignedIntegerType(), clang::Result, and X.

Referenced by Visit().

◆ VisitReturnStmt()

void ExprEngine::VisitReturnStmt	(	const ReturnStmt *	R,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitReturnStmt - Transfer function logic for return statements.

Definition at line 1308 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::ReturnStmt::getRetValue(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

◆ VisitUnaryExprOrTypeTraitExpr()

void ExprEngine::VisitUnaryExprOrTypeTraitExpr	(	const UnaryExprOrTypeTraitExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.

Definition at line 858 of file ExprEngineC.cpp.

References clang::Expr::EvaluateKnownConstInt(), clang::CharUnits::fromQuantity(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), getContext(), clang::UnaryExprOrTypeTraitExpr::getKind(), clang::CharUnits::getQuantity(), clang::Expr::getType(), clang::UnaryExprOrTypeTraitExpr::getTypeOfArgument(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

◆ VisitUnaryOperator()

void ExprEngine::VisitUnaryOperator	(	const UnaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst )

VisitUnaryOperator - Transfer function logic for unary operators.

Definition at line 916 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::cast(), evalBinOp(), clang::ento::NodeBuilder::generateNode(), getBasicVals(), getCheckerManager(), clang::Expr::getType(), handleUOExtension(), clang::isa(), clang::Type::isAnyComplexType(), clang::Type::isFloatingType(), clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), V, VisitIncrementDecrementOperator(), and X.

Referenced by Visit().

◆ wasBlocksExhausted()

bool clang::ento::ExprEngine::wasBlocksExhausted ( ) const

inline

Definition at line 508 of file ExprEngine.h.

The documentation for this class was generated from the following files:

include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
lib/StaticAnalyzer/Core/ExprEngine.cpp
lib/StaticAnalyzer/Core/ExprEngineC.cpp
lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
lib/StaticAnalyzer/Core/ExprEngineObjC.cpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

◆ InliningModes

Constructor & Destructor Documentation

◆ ExprEngine()

◆ ~ExprEngine()

Member Function Documentation

◆ bindReturnValue()

◆ cleanupNodeTag()

◆ computeObjectUnderConstruction()

◆ ConstructInitList()

◆ CreateCXXTemporaryObject()

◆ defaultEvalCall()

◆ didEagerlyAssumeBifurcateAt()

◆ DumpGraph() [1/2]

◆ DumpGraph() [2/2]

◆ escapeValues()

◆ evalBinOp()

◆ evalCall()

◆ evalEagerlyAssumeBifurcation()

◆ evalLoad()

◆ evalStore()

◆ ExecuteWorkList()

◆ getAnalysisDeclContextManager()

◆ getAnalysisManager() [1/2]

◆ getAnalysisManager() [2/2]

◆ getBasicVals()

◆ getBugReporter() [1/2]

◆ getBugReporter() [2/2]

◆ getBuilderContext()

◆ getCFGElementRef()

◆ getCheckerManager()

◆ getConstraintManager() [1/2]

◆ getConstraintManager() [2/2]

◆ getContext()

◆ getCoreEngine()

◆ getCrossTranslationUnitContext()

◆ getCurrBlock()

◆ getCurrentCFGElement()

◆ getCurrLocationContext()

◆ getDataTags()

◆ getEagerlyAssumeBifurcationTags()

◆ getGraph() [1/2]

◆ getGraph() [2/2]

◆ getIndexOfElementToConstruct()

◆ getInitialState()

◆ getNumVisited()

◆ getNumVisitedCurrent()

◆ getObjectUnderConstruction()

◆ getPendingArrayDestruction()

◆ getPendingInitLoop()

◆ getRegionManager()

◆ getRootLocationContext()

◆ getStateManager() [1/2]

◆ getStateManager() [2/2]

◆ getStoreManager() [1/2]

◆ getStoreManager() [2/2]

◆ getSValBuilder() [1/2]

◆ getSValBuilder() [2/2]

◆ getSymbolManager() [1/2]

◆ getSymbolManager() [2/2]

◆ handleConstructionContext()

◆ handleLValueBitCast()

◆ handleUOExtension()

◆ hasEmptyWorkList()

◆ hasMoreIteration()

◆ hasWorkRemaining()

◆ notifyCheckersOfPointerEscape()

◆ printJson()

◆ processAssume()

◆ ProcessAutomaticObjDtor()

◆ ProcessBaseDtor()

◆ processBeginOfFunction()

◆ processBranch()

◆ processCallEnter()

◆ processCallExit()

◆ processCFGBlockEntrance()