1 //== MemRegion.h - Abstract memory regions for static analysis --*- C++ -*--==//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file defines MemRegion and its subclasses. MemRegion defines a
11 // partially-typed abstraction of memory useful for path-sensitive dataflow
14 //===----------------------------------------------------------------------===//
16 #ifndef LLVM_CLANG_GR_MEMREGION_H
17 #define LLVM_CLANG_GR_MEMREGION_H
19 #include "clang/AST/ASTContext.h"
20 #include "clang/AST/CharUnits.h"
21 #include "clang/AST/Decl.h"
22 #include "clang/AST/ExprObjC.h"
23 #include "clang/Basic/LLVM.h"
24 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
25 #include "llvm/ADT/FoldingSet.h"
26 #include "llvm/Support/ErrorHandling.h"
30 class BumpPtrAllocator;
35 class LocationContext;
36 class StackFrameContext;
41 class MemRegionManager;
47 /// Represent a region's offset within the top level base region.
52 /// The bit offset within the base region. It shouldn't be negative.
56 // We're using a const instead of an enumeration due to the size required;
57 // Visual Studio will only create enumerations of size int, not long long.
58 static const int64_t Symbolic = INT64_MAX;
60 RegionOffset() : R(0) {}
61 RegionOffset(const MemRegion *r, int64_t off) : R(r), Offset(off) {}
63 const MemRegion *getRegion() const { return R; }
65 bool hasSymbolicOffset() const { return Offset == Symbolic; }
67 int64_t getOffset() const {
68 assert(!hasSymbolicOffset());
72 bool isValid() const { return R; }
75 //===----------------------------------------------------------------------===//
76 // Base region classes.
77 //===----------------------------------------------------------------------===//
79 /// MemRegion - The root abstract class for all memory regions.
80 class MemRegion : public llvm::FoldingSetNode {
81 friend class MemRegionManager;
85 GenericMemSpaceRegionKind,
86 StackLocalsSpaceRegionKind,
87 StackArgumentsSpaceRegionKind,
89 UnknownSpaceRegionKind,
90 StaticGlobalSpaceRegionKind,
91 GlobalInternalSpaceRegionKind,
92 GlobalSystemSpaceRegionKind,
93 GlobalImmutableSpaceRegionKind,
94 BEG_NON_STATIC_GLOBAL_MEMSPACES = GlobalInternalSpaceRegionKind,
95 END_NON_STATIC_GLOBAL_MEMSPACES = GlobalImmutableSpaceRegionKind,
96 BEG_GLOBAL_MEMSPACES = StaticGlobalSpaceRegionKind,
97 END_GLOBAL_MEMSPACES = GlobalImmutableSpaceRegionKind,
98 BEG_MEMSPACES = GenericMemSpaceRegionKind,
99 END_MEMSPACES = GlobalImmutableSpaceRegionKind,
105 FunctionTextRegionKind = BEG_TYPED_REGIONS,
108 BEG_TYPED_VALUE_REGIONS,
109 CompoundLiteralRegionKind = BEG_TYPED_VALUE_REGIONS,
112 ObjCStringRegionKind,
116 VarRegionKind = BEG_DECL_REGIONS,
119 END_DECL_REGIONS = ObjCIvarRegionKind,
120 CXXTempObjectRegionKind,
121 CXXBaseObjectRegionKind,
122 END_TYPED_VALUE_REGIONS = CXXBaseObjectRegionKind,
123 END_TYPED_REGIONS = CXXBaseObjectRegionKind
130 MemRegion(Kind k) : kind(k) {}
131 virtual ~MemRegion();
134 ASTContext &getContext() const;
136 virtual void Profile(llvm::FoldingSetNodeID& ID) const = 0;
138 virtual MemRegionManager* getMemRegionManager() const = 0;
140 const MemSpaceRegion *getMemorySpace() const;
142 const MemRegion *getBaseRegion() const;
144 /// Check if the region is a subregion of the given region.
145 virtual bool isSubRegionOf(const MemRegion *R) const;
147 const MemRegion *StripCasts(bool StripBaseCasts = true) const;
149 /// \brief If this is a symbolic region, returns the region. Otherwise,
150 /// goes up the base chain looking for the first symbolic base region.
151 const SymbolicRegion *getSymbolicBase() const;
153 bool hasGlobalsOrParametersStorage() const;
155 bool hasStackStorage() const;
157 bool hasStackNonParametersStorage() const;
159 bool hasStackParametersStorage() const;
161 /// Compute the offset within the top level memory object.
162 RegionOffset getAsOffset() const;
164 /// \brief Get a string representation of a region for debug use.
165 std::string getString() const;
167 virtual void dumpToStream(raw_ostream &os) const;
171 /// \brief Returns true if this region can be printed in a user-friendly way.
172 virtual bool canPrintPretty() const;
174 /// \brief Print the region for use in diagnostics.
175 virtual void printPretty(raw_ostream &os) const;
177 /// \brief Returns true if this region's textual representation can be used
178 /// as part of a larger expression.
179 virtual bool canPrintPrettyAsExpr() const;
181 /// \brief Print the region as expression.
183 /// When this region represents a subexpression, the method is for printing
184 /// an expression containing it.
185 virtual void printPrettyAsExpr(raw_ostream &os) const;
187 Kind getKind() const { return kind; }
189 template<typename RegionTy> const RegionTy* getAs() const;
191 virtual bool isBoundable() const { return false; }
194 /// MemSpaceRegion - A memory region that represents a "memory space";
195 /// for example, the set of global variables, the stack frame, etc.
196 class MemSpaceRegion : public MemRegion {
198 friend class MemRegionManager;
200 MemRegionManager *Mgr;
202 MemSpaceRegion(MemRegionManager *mgr, Kind k = GenericMemSpaceRegionKind)
203 : MemRegion(k), Mgr(mgr) {
204 assert(classof(this));
207 MemRegionManager* getMemRegionManager() const { return Mgr; }
210 bool isBoundable() const { return false; }
212 void Profile(llvm::FoldingSetNodeID &ID) const;
214 static bool classof(const MemRegion *R) {
215 Kind k = R->getKind();
216 return k >= BEG_MEMSPACES && k <= END_MEMSPACES;
220 class GlobalsSpaceRegion : public MemSpaceRegion {
221 virtual void anchor();
223 GlobalsSpaceRegion(MemRegionManager *mgr, Kind k)
224 : MemSpaceRegion(mgr, k) {}
226 static bool classof(const MemRegion *R) {
227 Kind k = R->getKind();
228 return k >= BEG_GLOBAL_MEMSPACES && k <= END_GLOBAL_MEMSPACES;
232 /// \brief The region of the static variables within the current CodeTextRegion
235 /// Currently, only the static locals are placed there, so we know that these
236 /// variables do not get invalidated by calls to other functions.
237 class StaticGlobalSpaceRegion : public GlobalsSpaceRegion {
238 friend class MemRegionManager;
240 const CodeTextRegion *CR;
242 StaticGlobalSpaceRegion(MemRegionManager *mgr, const CodeTextRegion *cr)
243 : GlobalsSpaceRegion(mgr, StaticGlobalSpaceRegionKind), CR(cr) {}
246 void Profile(llvm::FoldingSetNodeID &ID) const;
248 void dumpToStream(raw_ostream &os) const;
250 const CodeTextRegion *getCodeRegion() const { return CR; }
252 static bool classof(const MemRegion *R) {
253 return R->getKind() == StaticGlobalSpaceRegionKind;
257 /// \brief The region for all the non-static global variables.
259 /// This class is further split into subclasses for efficient implementation of
260 /// invalidating a set of related global values as is done in
261 /// RegionStoreManager::invalidateRegions (instead of finding all the dependent
262 /// globals, we invalidate the whole parent region).
263 class NonStaticGlobalSpaceRegion : public GlobalsSpaceRegion {
264 friend class MemRegionManager;
267 NonStaticGlobalSpaceRegion(MemRegionManager *mgr, Kind k)
268 : GlobalsSpaceRegion(mgr, k) {}
272 static bool classof(const MemRegion *R) {
273 Kind k = R->getKind();
274 return k >= BEG_NON_STATIC_GLOBAL_MEMSPACES &&
275 k <= END_NON_STATIC_GLOBAL_MEMSPACES;
279 /// \brief The region containing globals which are defined in system/external
280 /// headers and are considered modifiable by system calls (ex: errno).
281 class GlobalSystemSpaceRegion : public NonStaticGlobalSpaceRegion {
282 friend class MemRegionManager;
284 GlobalSystemSpaceRegion(MemRegionManager *mgr)
285 : NonStaticGlobalSpaceRegion(mgr, GlobalSystemSpaceRegionKind) {}
289 void dumpToStream(raw_ostream &os) const;
291 static bool classof(const MemRegion *R) {
292 return R->getKind() == GlobalSystemSpaceRegionKind;
296 /// \brief The region containing globals which are considered not to be modified
297 /// or point to data which could be modified as a result of a function call
298 /// (system or internal). Ex: Const global scalars would be modeled as part of
299 /// this region. This region also includes most system globals since they have
300 /// low chance of being modified.
301 class GlobalImmutableSpaceRegion : public NonStaticGlobalSpaceRegion {
302 friend class MemRegionManager;
304 GlobalImmutableSpaceRegion(MemRegionManager *mgr)
305 : NonStaticGlobalSpaceRegion(mgr, GlobalImmutableSpaceRegionKind) {}
309 void dumpToStream(raw_ostream &os) const;
311 static bool classof(const MemRegion *R) {
312 return R->getKind() == GlobalImmutableSpaceRegionKind;
316 /// \brief The region containing globals which can be modified by calls to
317 /// "internally" defined functions - (for now just) functions other then system
319 class GlobalInternalSpaceRegion : public NonStaticGlobalSpaceRegion {
320 friend class MemRegionManager;
322 GlobalInternalSpaceRegion(MemRegionManager *mgr)
323 : NonStaticGlobalSpaceRegion(mgr, GlobalInternalSpaceRegionKind) {}
327 void dumpToStream(raw_ostream &os) const;
329 static bool classof(const MemRegion *R) {
330 return R->getKind() == GlobalInternalSpaceRegionKind;
334 class HeapSpaceRegion : public MemSpaceRegion {
335 virtual void anchor();
336 friend class MemRegionManager;
338 HeapSpaceRegion(MemRegionManager *mgr)
339 : MemSpaceRegion(mgr, HeapSpaceRegionKind) {}
342 void dumpToStream(raw_ostream &os) const;
344 static bool classof(const MemRegion *R) {
345 return R->getKind() == HeapSpaceRegionKind;
349 class UnknownSpaceRegion : public MemSpaceRegion {
350 virtual void anchor();
351 friend class MemRegionManager;
352 UnknownSpaceRegion(MemRegionManager *mgr)
353 : MemSpaceRegion(mgr, UnknownSpaceRegionKind) {}
356 void dumpToStream(raw_ostream &os) const;
358 static bool classof(const MemRegion *R) {
359 return R->getKind() == UnknownSpaceRegionKind;
363 class StackSpaceRegion : public MemSpaceRegion {
365 const StackFrameContext *SFC;
368 StackSpaceRegion(MemRegionManager *mgr, Kind k, const StackFrameContext *sfc)
369 : MemSpaceRegion(mgr, k), SFC(sfc) {
370 assert(classof(this));
374 const StackFrameContext *getStackFrame() const { return SFC; }
376 void Profile(llvm::FoldingSetNodeID &ID) const;
378 static bool classof(const MemRegion *R) {
379 Kind k = R->getKind();
380 return k >= StackLocalsSpaceRegionKind &&
381 k <= StackArgumentsSpaceRegionKind;
385 class StackLocalsSpaceRegion : public StackSpaceRegion {
386 virtual void anchor();
387 friend class MemRegionManager;
388 StackLocalsSpaceRegion(MemRegionManager *mgr, const StackFrameContext *sfc)
389 : StackSpaceRegion(mgr, StackLocalsSpaceRegionKind, sfc) {}
392 void dumpToStream(raw_ostream &os) const;
394 static bool classof(const MemRegion *R) {
395 return R->getKind() == StackLocalsSpaceRegionKind;
399 class StackArgumentsSpaceRegion : public StackSpaceRegion {
401 virtual void anchor();
402 friend class MemRegionManager;
403 StackArgumentsSpaceRegion(MemRegionManager *mgr, const StackFrameContext *sfc)
404 : StackSpaceRegion(mgr, StackArgumentsSpaceRegionKind, sfc) {}
407 void dumpToStream(raw_ostream &os) const;
409 static bool classof(const MemRegion *R) {
410 return R->getKind() == StackArgumentsSpaceRegionKind;
415 /// SubRegion - A region that subsets another larger region. Most regions
416 /// are subclasses of SubRegion.
417 class SubRegion : public MemRegion {
419 virtual void anchor();
421 const MemRegion* superRegion;
422 SubRegion(const MemRegion* sReg, Kind k) : MemRegion(k), superRegion(sReg) {}
424 const MemRegion* getSuperRegion() const {
428 /// getExtent - Returns the size of the region in bytes.
429 virtual DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const {
433 MemRegionManager* getMemRegionManager() const;
435 virtual bool isSubRegionOf(const MemRegion* R) const;
437 static bool classof(const MemRegion* R) {
438 return R->getKind() > END_MEMSPACES;
442 //===----------------------------------------------------------------------===//
443 // MemRegion subclasses.
444 //===----------------------------------------------------------------------===//
446 /// AllocaRegion - A region that represents an untyped blob of bytes created
447 /// by a call to 'alloca'.
448 class AllocaRegion : public SubRegion {
449 friend class MemRegionManager;
451 unsigned Cnt; // Block counter. Used to distinguish different pieces of
452 // memory allocated by alloca at the same call site.
455 AllocaRegion(const Expr *ex, unsigned cnt, const MemRegion *superRegion)
456 : SubRegion(superRegion, AllocaRegionKind), Cnt(cnt), Ex(ex) {}
460 const Expr *getExpr() const { return Ex; }
462 bool isBoundable() const { return true; }
464 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
466 void Profile(llvm::FoldingSetNodeID& ID) const;
468 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Expr *Ex,
469 unsigned Cnt, const MemRegion *superRegion);
471 void dumpToStream(raw_ostream &os) const;
473 static bool classof(const MemRegion* R) {
474 return R->getKind() == AllocaRegionKind;
478 /// TypedRegion - An abstract class representing regions that are typed.
479 class TypedRegion : public SubRegion {
481 virtual void anchor();
483 TypedRegion(const MemRegion* sReg, Kind k) : SubRegion(sReg, k) {}
486 virtual QualType getLocationType() const = 0;
488 QualType getDesugaredLocationType(ASTContext &Context) const {
489 return getLocationType().getDesugaredType(Context);
492 bool isBoundable() const { return true; }
494 static bool classof(const MemRegion* R) {
495 unsigned k = R->getKind();
496 return k >= BEG_TYPED_REGIONS && k <= END_TYPED_REGIONS;
500 /// TypedValueRegion - An abstract class representing regions having a typed value.
501 class TypedValueRegion : public TypedRegion {
503 virtual void anchor();
505 TypedValueRegion(const MemRegion* sReg, Kind k) : TypedRegion(sReg, k) {}
508 virtual QualType getValueType() const = 0;
510 virtual QualType getLocationType() const {
511 // FIXME: We can possibly optimize this later to cache this value.
512 QualType T = getValueType();
513 ASTContext &ctx = getContext();
514 if (T->getAs<ObjCObjectType>())
515 return ctx.getObjCObjectPointerType(T);
516 return ctx.getPointerType(getValueType());
519 QualType getDesugaredValueType(ASTContext &Context) const {
520 QualType T = getValueType();
521 return T.getTypePtrOrNull() ? T.getDesugaredType(Context) : T;
524 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
526 static bool classof(const MemRegion* R) {
527 unsigned k = R->getKind();
528 return k >= BEG_TYPED_VALUE_REGIONS && k <= END_TYPED_VALUE_REGIONS;
533 class CodeTextRegion : public TypedRegion {
535 virtual void anchor();
537 CodeTextRegion(const MemRegion *sreg, Kind k) : TypedRegion(sreg, k) {}
539 bool isBoundable() const { return false; }
541 static bool classof(const MemRegion* R) {
542 Kind k = R->getKind();
543 return k >= FunctionTextRegionKind && k <= BlockTextRegionKind;
547 /// FunctionTextRegion - A region that represents code texts of function.
548 class FunctionTextRegion : public CodeTextRegion {
551 FunctionTextRegion(const NamedDecl *fd, const MemRegion* sreg)
552 : CodeTextRegion(sreg, FunctionTextRegionKind), FD(fd) {
553 assert(isa<ObjCMethodDecl>(fd) || isa<FunctionDecl>(fd));
556 QualType getLocationType() const {
557 const ASTContext &Ctx = getContext();
558 if (const FunctionDecl *D = dyn_cast<FunctionDecl>(FD)) {
559 return Ctx.getPointerType(D->getType());
562 assert(isa<ObjCMethodDecl>(FD));
563 assert(false && "Getting the type of ObjCMethod is not supported yet");
565 // TODO: We might want to return a different type here (ex: id (*ty)(...))
566 // depending on how it is used.
570 const NamedDecl *getDecl() const {
574 virtual void dumpToStream(raw_ostream &os) const;
576 void Profile(llvm::FoldingSetNodeID& ID) const;
578 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const NamedDecl *FD,
581 static bool classof(const MemRegion* R) {
582 return R->getKind() == FunctionTextRegionKind;
587 /// BlockTextRegion - A region that represents code texts of blocks (closures).
588 /// Blocks are represented with two kinds of regions. BlockTextRegions
589 /// represent the "code", while BlockDataRegions represent instances of blocks,
590 /// which correspond to "code+data". The distinction is important, because
591 /// like a closure a block captures the values of externally referenced
593 class BlockTextRegion : public CodeTextRegion {
594 friend class MemRegionManager;
597 AnalysisDeclContext *AC;
600 BlockTextRegion(const BlockDecl *bd, CanQualType lTy,
601 AnalysisDeclContext *ac, const MemRegion* sreg)
602 : CodeTextRegion(sreg, BlockTextRegionKind), BD(bd), AC(ac), locTy(lTy) {}
605 QualType getLocationType() const {
609 const BlockDecl *getDecl() const {
613 AnalysisDeclContext *getAnalysisDeclContext() const { return AC; }
615 virtual void dumpToStream(raw_ostream &os) const;
617 void Profile(llvm::FoldingSetNodeID& ID) const;
619 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const BlockDecl *BD,
620 CanQualType, const AnalysisDeclContext*,
623 static bool classof(const MemRegion* R) {
624 return R->getKind() == BlockTextRegionKind;
628 /// BlockDataRegion - A region that represents a block instance.
629 /// Blocks are represented with two kinds of regions. BlockTextRegions
630 /// represent the "code", while BlockDataRegions represent instances of blocks,
631 /// which correspond to "code+data". The distinction is important, because
632 /// like a closure a block captures the values of externally referenced
634 class BlockDataRegion : public TypedRegion {
635 friend class MemRegionManager;
636 const BlockTextRegion *BC;
637 const LocationContext *LC; // Can be null */
638 void *ReferencedVars;
641 BlockDataRegion(const BlockTextRegion *bc, const LocationContext *lc,
642 const MemRegion *sreg)
643 : TypedRegion(sreg, BlockDataRegionKind), BC(bc), LC(lc),
644 ReferencedVars(0), OriginalVars(0) {}
647 const BlockTextRegion *getCodeRegion() const { return BC; }
649 const BlockDecl *getDecl() const { return BC->getDecl(); }
651 QualType getLocationType() const { return BC->getLocationType(); }
653 class referenced_vars_iterator {
654 const MemRegion * const *R;
655 const MemRegion * const *OriginalR;
657 explicit referenced_vars_iterator(const MemRegion * const *r,
658 const MemRegion * const *originalR)
659 : R(r), OriginalR(originalR) {}
661 const VarRegion *getCapturedRegion() const {
662 return cast<VarRegion>(*R);
664 const VarRegion *getOriginalRegion() const {
665 return cast<VarRegion>(*OriginalR);
668 bool operator==(const referenced_vars_iterator &I) const {
669 assert((R == 0) == (I.R == 0));
672 bool operator!=(const referenced_vars_iterator &I) const {
673 assert((R == 0) == (I.R == 0));
676 referenced_vars_iterator &operator++() {
683 /// Return the original region for a captured region, if
685 const VarRegion *getOriginalRegion(const VarRegion *VR) const;
687 referenced_vars_iterator referenced_vars_begin() const;
688 referenced_vars_iterator referenced_vars_end() const;
690 virtual void dumpToStream(raw_ostream &os) const;
692 void Profile(llvm::FoldingSetNodeID& ID) const;
694 static void ProfileRegion(llvm::FoldingSetNodeID&, const BlockTextRegion *,
695 const LocationContext *, const MemRegion *);
697 static bool classof(const MemRegion* R) {
698 return R->getKind() == BlockDataRegionKind;
701 void LazyInitializeReferencedVars();
702 std::pair<const VarRegion *, const VarRegion *>
703 getCaptureRegions(const VarDecl *VD);
706 /// SymbolicRegion - A special, "non-concrete" region. Unlike other region
707 /// clases, SymbolicRegion represents a region that serves as an alias for
708 /// either a real region, a NULL pointer, etc. It essentially is used to
709 /// map the concept of symbolic values into the domain of regions. Symbolic
710 /// regions do not need to be typed.
711 class SymbolicRegion : public SubRegion {
716 SymbolicRegion(const SymbolRef s, const MemRegion* sreg)
717 : SubRegion(sreg, SymbolicRegionKind), sym(s) {}
719 SymbolRef getSymbol() const {
723 bool isBoundable() const { return true; }
725 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
727 void Profile(llvm::FoldingSetNodeID& ID) const;
729 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
731 const MemRegion* superRegion);
733 void dumpToStream(raw_ostream &os) const;
735 static bool classof(const MemRegion* R) {
736 return R->getKind() == SymbolicRegionKind;
740 /// StringRegion - Region associated with a StringLiteral.
741 class StringRegion : public TypedValueRegion {
742 friend class MemRegionManager;
743 const StringLiteral* Str;
746 StringRegion(const StringLiteral* str, const MemRegion* sreg)
747 : TypedValueRegion(sreg, StringRegionKind), Str(str) {}
749 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
750 const StringLiteral* Str,
751 const MemRegion* superRegion);
755 const StringLiteral* getStringLiteral() const { return Str; }
757 QualType getValueType() const {
758 return Str->getType();
761 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
763 bool isBoundable() const { return false; }
765 void Profile(llvm::FoldingSetNodeID& ID) const {
766 ProfileRegion(ID, Str, superRegion);
769 void dumpToStream(raw_ostream &os) const;
771 static bool classof(const MemRegion* R) {
772 return R->getKind() == StringRegionKind;
776 /// The region associated with an ObjCStringLiteral.
777 class ObjCStringRegion : public TypedValueRegion {
778 friend class MemRegionManager;
779 const ObjCStringLiteral* Str;
782 ObjCStringRegion(const ObjCStringLiteral* str, const MemRegion* sreg)
783 : TypedValueRegion(sreg, ObjCStringRegionKind), Str(str) {}
785 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
786 const ObjCStringLiteral* Str,
787 const MemRegion* superRegion);
791 const ObjCStringLiteral* getObjCStringLiteral() const { return Str; }
793 QualType getValueType() const {
794 return Str->getType();
797 bool isBoundable() const { return false; }
799 void Profile(llvm::FoldingSetNodeID& ID) const {
800 ProfileRegion(ID, Str, superRegion);
803 void dumpToStream(raw_ostream &os) const;
805 static bool classof(const MemRegion* R) {
806 return R->getKind() == ObjCStringRegionKind;
810 /// CompoundLiteralRegion - A memory region representing a compound literal.
811 /// Compound literals are essentially temporaries that are stack allocated
812 /// or in the global constant pool.
813 class CompoundLiteralRegion : public TypedValueRegion {
815 friend class MemRegionManager;
816 const CompoundLiteralExpr *CL;
818 CompoundLiteralRegion(const CompoundLiteralExpr *cl, const MemRegion* sReg)
819 : TypedValueRegion(sReg, CompoundLiteralRegionKind), CL(cl) {}
821 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
822 const CompoundLiteralExpr *CL,
823 const MemRegion* superRegion);
825 QualType getValueType() const {
826 return CL->getType();
829 bool isBoundable() const { return !CL->isFileScope(); }
831 void Profile(llvm::FoldingSetNodeID& ID) const;
833 void dumpToStream(raw_ostream &os) const;
835 const CompoundLiteralExpr *getLiteralExpr() const { return CL; }
837 static bool classof(const MemRegion* R) {
838 return R->getKind() == CompoundLiteralRegionKind;
842 class DeclRegion : public TypedValueRegion {
846 DeclRegion(const Decl *d, const MemRegion* sReg, Kind k)
847 : TypedValueRegion(sReg, k), D(d) {}
849 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Decl *D,
850 const MemRegion* superRegion, Kind k);
853 const Decl *getDecl() const { return D; }
854 void Profile(llvm::FoldingSetNodeID& ID) const;
856 static bool classof(const MemRegion* R) {
857 unsigned k = R->getKind();
858 return k >= BEG_DECL_REGIONS && k <= END_DECL_REGIONS;
862 class VarRegion : public DeclRegion {
863 friend class MemRegionManager;
865 // Constructors and private methods.
866 VarRegion(const VarDecl *vd, const MemRegion* sReg)
867 : DeclRegion(vd, sReg, VarRegionKind) {}
869 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const VarDecl *VD,
870 const MemRegion *superRegion) {
871 DeclRegion::ProfileRegion(ID, VD, superRegion, VarRegionKind);
874 void Profile(llvm::FoldingSetNodeID& ID) const;
877 const VarDecl *getDecl() const { return cast<VarDecl>(D); }
879 const StackFrameContext *getStackFrame() const;
881 QualType getValueType() const {
882 // FIXME: We can cache this if needed.
883 return getDecl()->getType();
886 void dumpToStream(raw_ostream &os) const;
888 static bool classof(const MemRegion* R) {
889 return R->getKind() == VarRegionKind;
892 bool canPrintPrettyAsExpr() const;
894 void printPrettyAsExpr(raw_ostream &os) const;
897 /// CXXThisRegion - Represents the region for the implicit 'this' parameter
898 /// in a call to a C++ method. This region doesn't represent the object
899 /// referred to by 'this', but rather 'this' itself.
900 class CXXThisRegion : public TypedValueRegion {
901 friend class MemRegionManager;
902 CXXThisRegion(const PointerType *thisPointerTy,
903 const MemRegion *sReg)
904 : TypedValueRegion(sReg, CXXThisRegionKind), ThisPointerTy(thisPointerTy) {}
906 static void ProfileRegion(llvm::FoldingSetNodeID &ID,
907 const PointerType *PT,
908 const MemRegion *sReg);
910 void Profile(llvm::FoldingSetNodeID &ID) const;
913 QualType getValueType() const {
914 return QualType(ThisPointerTy, 0);
917 void dumpToStream(raw_ostream &os) const;
919 static bool classof(const MemRegion* R) {
920 return R->getKind() == CXXThisRegionKind;
924 const PointerType *ThisPointerTy;
927 class FieldRegion : public DeclRegion {
928 friend class MemRegionManager;
930 FieldRegion(const FieldDecl *fd, const MemRegion* sReg)
931 : DeclRegion(fd, sReg, FieldRegionKind) {}
934 const FieldDecl *getDecl() const { return cast<FieldDecl>(D); }
936 QualType getValueType() const {
937 // FIXME: We can cache this if needed.
938 return getDecl()->getType();
941 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
943 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const FieldDecl *FD,
944 const MemRegion* superRegion) {
945 DeclRegion::ProfileRegion(ID, FD, superRegion, FieldRegionKind);
948 static bool classof(const MemRegion* R) {
949 return R->getKind() == FieldRegionKind;
952 void dumpToStream(raw_ostream &os) const;
954 bool canPrintPretty() const;
955 void printPretty(raw_ostream &os) const;
956 bool canPrintPrettyAsExpr() const;
957 void printPrettyAsExpr(raw_ostream &os) const;
960 class ObjCIvarRegion : public DeclRegion {
962 friend class MemRegionManager;
964 ObjCIvarRegion(const ObjCIvarDecl *ivd, const MemRegion* sReg);
966 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd,
967 const MemRegion* superRegion);
970 const ObjCIvarDecl *getDecl() const;
971 QualType getValueType() const;
973 bool canPrintPrettyAsExpr() const;
974 void printPrettyAsExpr(raw_ostream &os) const;
976 void dumpToStream(raw_ostream &os) const;
978 static bool classof(const MemRegion* R) {
979 return R->getKind() == ObjCIvarRegionKind;
982 //===----------------------------------------------------------------------===//
983 // Auxiliary data classes for use with MemRegions.
984 //===----------------------------------------------------------------------===//
988 class RegionRawOffset {
990 friend class ElementRegion;
992 const MemRegion *Region;
995 RegionRawOffset(const MemRegion* reg, CharUnits offset = CharUnits::Zero())
996 : Region(reg), Offset(offset) {}
999 // FIXME: Eventually support symbolic offsets.
1000 CharUnits getOffset() const { return Offset; }
1001 const MemRegion *getRegion() const { return Region; }
1003 void dumpToStream(raw_ostream &os) const;
1007 /// \brief ElementRegin is used to represent both array elements and casts.
1008 class ElementRegion : public TypedValueRegion {
1009 friend class MemRegionManager;
1011 QualType ElementType;
1014 ElementRegion(QualType elementType, NonLoc Idx, const MemRegion* sReg)
1015 : TypedValueRegion(sReg, ElementRegionKind),
1016 ElementType(elementType), Index(Idx) {
1017 assert((!Idx.getAs<nonloc::ConcreteInt>() ||
1018 Idx.castAs<nonloc::ConcreteInt>().getValue().isSigned()) &&
1019 "The index must be signed");
1022 static void ProfileRegion(llvm::FoldingSetNodeID& ID, QualType elementType,
1023 SVal Idx, const MemRegion* superRegion);
1027 NonLoc getIndex() const { return Index; }
1029 QualType getValueType() const {
1033 QualType getElementType() const {
1036 /// Compute the offset within the array. The array might also be a subobject.
1037 RegionRawOffset getAsArrayOffset() const;
1039 void dumpToStream(raw_ostream &os) const;
1041 void Profile(llvm::FoldingSetNodeID& ID) const;
1043 static bool classof(const MemRegion* R) {
1044 return R->getKind() == ElementRegionKind;
1048 // C++ temporary object associated with an expression.
1049 class CXXTempObjectRegion : public TypedValueRegion {
1050 friend class MemRegionManager;
1054 CXXTempObjectRegion(Expr const *E, MemRegion const *sReg)
1055 : TypedValueRegion(sReg, CXXTempObjectRegionKind), Ex(E) {}
1057 static void ProfileRegion(llvm::FoldingSetNodeID &ID,
1058 Expr const *E, const MemRegion *sReg);
1061 const Expr *getExpr() const { return Ex; }
1063 QualType getValueType() const {
1064 return Ex->getType();
1067 void dumpToStream(raw_ostream &os) const;
1069 void Profile(llvm::FoldingSetNodeID &ID) const;
1071 static bool classof(const MemRegion* R) {
1072 return R->getKind() == CXXTempObjectRegionKind;
1076 // CXXBaseObjectRegion represents a base object within a C++ object. It is
1077 // identified by the base class declaration and the region of its parent object.
1078 class CXXBaseObjectRegion : public TypedValueRegion {
1079 friend class MemRegionManager;
1081 llvm::PointerIntPair<const CXXRecordDecl *, 1, bool> Data;
1083 CXXBaseObjectRegion(const CXXRecordDecl *RD, bool IsVirtual,
1084 const MemRegion *SReg)
1085 : TypedValueRegion(SReg, CXXBaseObjectRegionKind), Data(RD, IsVirtual) {}
1087 static void ProfileRegion(llvm::FoldingSetNodeID &ID, const CXXRecordDecl *RD,
1088 bool IsVirtual, const MemRegion *SReg);
1091 const CXXRecordDecl *getDecl() const { return Data.getPointer(); }
1092 bool isVirtual() const { return Data.getInt(); }
1094 QualType getValueType() const;
1096 void dumpToStream(raw_ostream &os) const;
1098 void Profile(llvm::FoldingSetNodeID &ID) const;
1100 static bool classof(const MemRegion *region) {
1101 return region->getKind() == CXXBaseObjectRegionKind;
1104 bool canPrintPrettyAsExpr() const;
1106 void printPrettyAsExpr(raw_ostream &os) const;
1109 template<typename RegionTy>
1110 const RegionTy* MemRegion::getAs() const {
1111 if (const RegionTy* RT = dyn_cast<RegionTy>(this))
1117 //===----------------------------------------------------------------------===//
1118 // MemRegionManager - Factory object for creating regions.
1119 //===----------------------------------------------------------------------===//
1121 class MemRegionManager {
1123 llvm::BumpPtrAllocator& A;
1124 llvm::FoldingSet<MemRegion> Regions;
1126 GlobalInternalSpaceRegion *InternalGlobals;
1127 GlobalSystemSpaceRegion *SystemGlobals;
1128 GlobalImmutableSpaceRegion *ImmutableGlobals;
1131 llvm::DenseMap<const StackFrameContext *, StackLocalsSpaceRegion *>
1132 StackLocalsSpaceRegions;
1133 llvm::DenseMap<const StackFrameContext *, StackArgumentsSpaceRegion *>
1134 StackArgumentsSpaceRegions;
1135 llvm::DenseMap<const CodeTextRegion *, StaticGlobalSpaceRegion *>
1136 StaticsGlobalSpaceRegions;
1138 HeapSpaceRegion *heap;
1139 UnknownSpaceRegion *unknown;
1140 MemSpaceRegion *code;
1143 MemRegionManager(ASTContext &c, llvm::BumpPtrAllocator& a)
1144 : C(c), A(a), InternalGlobals(0), SystemGlobals(0), ImmutableGlobals(0),
1145 heap(0), unknown(0), code(0) {}
1147 ~MemRegionManager();
1149 ASTContext &getContext() { return C; }
1151 llvm::BumpPtrAllocator &getAllocator() { return A; }
1153 /// getStackLocalsRegion - Retrieve the memory region associated with the
1154 /// specified stack frame.
1155 const StackLocalsSpaceRegion *
1156 getStackLocalsRegion(const StackFrameContext *STC);
1158 /// getStackArgumentsRegion - Retrieve the memory region associated with
1159 /// function/method arguments of the specified stack frame.
1160 const StackArgumentsSpaceRegion *
1161 getStackArgumentsRegion(const StackFrameContext *STC);
1163 /// getGlobalsRegion - Retrieve the memory region associated with
1164 /// global variables.
1165 const GlobalsSpaceRegion *getGlobalsRegion(
1166 MemRegion::Kind K = MemRegion::GlobalInternalSpaceRegionKind,
1167 const CodeTextRegion *R = 0);
1169 /// getHeapRegion - Retrieve the memory region associated with the
1171 const HeapSpaceRegion *getHeapRegion();
1173 /// getUnknownRegion - Retrieve the memory region associated with unknown
1175 const MemSpaceRegion *getUnknownRegion();
1177 const MemSpaceRegion *getCodeRegion();
1179 /// getAllocaRegion - Retrieve a region associated with a call to alloca().
1180 const AllocaRegion *getAllocaRegion(const Expr *Ex, unsigned Cnt,
1181 const LocationContext *LC);
1183 /// getCompoundLiteralRegion - Retrieve the region associated with a
1184 /// given CompoundLiteral.
1185 const CompoundLiteralRegion*
1186 getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
1187 const LocationContext *LC);
1189 /// getCXXThisRegion - Retrieve the [artificial] region associated with the
1190 /// parameter 'this'.
1191 const CXXThisRegion *getCXXThisRegion(QualType thisPointerTy,
1192 const LocationContext *LC);
1194 /// \brief Retrieve or create a "symbolic" memory region.
1195 const SymbolicRegion* getSymbolicRegion(SymbolRef Sym);
1197 /// \brief Return a unique symbolic region belonging to heap memory space.
1198 const SymbolicRegion *getSymbolicHeapRegion(SymbolRef sym);
1200 const StringRegion *getStringRegion(const StringLiteral* Str);
1202 const ObjCStringRegion *getObjCStringRegion(const ObjCStringLiteral *Str);
1204 /// getVarRegion - Retrieve or create the memory region associated with
1205 /// a specified VarDecl and LocationContext.
1206 const VarRegion* getVarRegion(const VarDecl *D, const LocationContext *LC);
1208 /// getVarRegion - Retrieve or create the memory region associated with
1209 /// a specified VarDecl and super region.
1210 const VarRegion* getVarRegion(const VarDecl *D, const MemRegion *superR);
1212 /// getElementRegion - Retrieve the memory region associated with the
1213 /// associated element type, index, and super region.
1214 const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx,
1215 const MemRegion *superRegion,
1218 const ElementRegion *getElementRegionWithSuper(const ElementRegion *ER,
1219 const MemRegion *superRegion) {
1220 return getElementRegion(ER->getElementType(), ER->getIndex(),
1221 superRegion, ER->getContext());
1224 /// getFieldRegion - Retrieve or create the memory region associated with
1225 /// a specified FieldDecl. 'superRegion' corresponds to the containing
1226 /// memory region (which typically represents the memory representing
1227 /// a structure or class).
1228 const FieldRegion *getFieldRegion(const FieldDecl *fd,
1229 const MemRegion* superRegion);
1231 const FieldRegion *getFieldRegionWithSuper(const FieldRegion *FR,
1232 const MemRegion *superRegion) {
1233 return getFieldRegion(FR->getDecl(), superRegion);
1236 /// getObjCIvarRegion - Retrieve or create the memory region associated with
1237 /// a specified Objective-c instance variable. 'superRegion' corresponds
1238 /// to the containing region (which typically represents the Objective-C
1240 const ObjCIvarRegion *getObjCIvarRegion(const ObjCIvarDecl *ivd,
1241 const MemRegion* superRegion);
1243 const CXXTempObjectRegion *getCXXTempObjectRegion(Expr const *Ex,
1244 LocationContext const *LC);
1246 /// Create a CXXBaseObjectRegion with the given base class for region
1249 /// The type of \p Super is assumed be a class deriving from \p BaseClass.
1250 const CXXBaseObjectRegion *
1251 getCXXBaseObjectRegion(const CXXRecordDecl *BaseClass, const MemRegion *Super,
1254 /// Create a CXXBaseObjectRegion with the same CXXRecordDecl but a different
1256 const CXXBaseObjectRegion *
1257 getCXXBaseObjectRegionWithSuper(const CXXBaseObjectRegion *baseReg,
1258 const MemRegion *superRegion) {
1259 return getCXXBaseObjectRegion(baseReg->getDecl(), superRegion,
1260 baseReg->isVirtual());
1263 const FunctionTextRegion *getFunctionTextRegion(const NamedDecl *FD);
1264 const BlockTextRegion *getBlockTextRegion(const BlockDecl *BD,
1266 AnalysisDeclContext *AC);
1268 /// getBlockDataRegion - Get the memory region associated with an instance
1269 /// of a block. Unlike many other MemRegions, the LocationContext*
1270 /// argument is allowed to be NULL for cases where we have no known
1272 const BlockDataRegion *getBlockDataRegion(const BlockTextRegion *bc,
1273 const LocationContext *lc = NULL);
1276 template <typename RegionTy, typename A1>
1277 RegionTy* getRegion(const A1 a1);
1279 template <typename RegionTy, typename A1>
1280 RegionTy* getSubRegion(const A1 a1, const MemRegion* superRegion);
1282 template <typename RegionTy, typename A1, typename A2>
1283 RegionTy* getRegion(const A1 a1, const A2 a2);
1285 template <typename RegionTy, typename A1, typename A2>
1286 RegionTy* getSubRegion(const A1 a1, const A2 a2,
1287 const MemRegion* superRegion);
1289 template <typename RegionTy, typename A1, typename A2, typename A3>
1290 RegionTy* getSubRegion(const A1 a1, const A2 a2, const A3 a3,
1291 const MemRegion* superRegion);
1293 template <typename REG>
1294 const REG* LazyAllocate(REG*& region);
1296 template <typename REG, typename ARG>
1297 const REG* LazyAllocate(REG*& region, ARG a);
1300 //===----------------------------------------------------------------------===//
1301 // Out-of-line member definitions.
1302 //===----------------------------------------------------------------------===//
1304 inline ASTContext &MemRegion::getContext() const {
1305 return getMemRegionManager()->getContext();
1308 } // end GR namespace
1310 } // end clang namespace
1312 //===----------------------------------------------------------------------===//
1313 // Pretty-printing regions.
1314 //===----------------------------------------------------------------------===//
1317 static inline raw_ostream &operator<<(raw_ostream &os,
1318 const clang::ento::MemRegion* R) {
1319 R->dumpToStream(os);
1322 } // end llvm namespace