1 //== MemRegion.h - Abstract memory regions for static analysis --*- C++ -*--==//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file defines MemRegion and its subclasses. MemRegion defines a
11 // partially-typed abstraction of memory useful for path-sensitive dataflow
14 //===----------------------------------------------------------------------===//
16 #ifndef LLVM_CLANG_GR_MEMREGION_H
17 #define LLVM_CLANG_GR_MEMREGION_H
19 #include "clang/AST/ASTContext.h"
20 #include "clang/AST/CharUnits.h"
21 #include "clang/AST/Decl.h"
22 #include "clang/AST/ExprObjC.h"
23 #include "clang/Basic/LLVM.h"
24 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
25 #include "llvm/ADT/FoldingSet.h"
26 #include "llvm/Support/ErrorHandling.h"
30 class BumpPtrAllocator;
35 class LocationContext;
36 class StackFrameContext;
40 class MemRegionManager;
46 /// Represent a region's offset within the top level base region.
51 /// The bit offset within the base region. It shouldn't be negative.
55 // We're using a const instead of an enumeration due to the size required;
56 // Visual Studio will only create enumerations of size int, not long long.
57 static const int64_t Symbolic = INT64_MAX;
59 RegionOffset() : R(0) {}
60 RegionOffset(const MemRegion *r, int64_t off) : R(r), Offset(off) {}
62 const MemRegion *getRegion() const { return R; }
64 bool hasSymbolicOffset() const { return Offset == Symbolic; }
66 int64_t getOffset() const {
67 assert(!hasSymbolicOffset());
71 bool isValid() const { return R; }
74 //===----------------------------------------------------------------------===//
75 // Base region classes.
76 //===----------------------------------------------------------------------===//
78 /// MemRegion - The root abstract class for all memory regions.
79 class MemRegion : public llvm::FoldingSetNode {
80 friend class MemRegionManager;
84 GenericMemSpaceRegionKind,
85 StackLocalsSpaceRegionKind,
86 StackArgumentsSpaceRegionKind,
88 UnknownSpaceRegionKind,
89 StaticGlobalSpaceRegionKind,
90 GlobalInternalSpaceRegionKind,
91 GlobalSystemSpaceRegionKind,
92 GlobalImmutableSpaceRegionKind,
93 BEG_NON_STATIC_GLOBAL_MEMSPACES = GlobalInternalSpaceRegionKind,
94 END_NON_STATIC_GLOBAL_MEMSPACES = GlobalImmutableSpaceRegionKind,
95 BEG_GLOBAL_MEMSPACES = StaticGlobalSpaceRegionKind,
96 END_GLOBAL_MEMSPACES = GlobalImmutableSpaceRegionKind,
97 BEG_MEMSPACES = GenericMemSpaceRegionKind,
98 END_MEMSPACES = GlobalImmutableSpaceRegionKind,
104 FunctionTextRegionKind = BEG_TYPED_REGIONS,
107 BEG_TYPED_VALUE_REGIONS,
108 CompoundLiteralRegionKind = BEG_TYPED_VALUE_REGIONS,
111 ObjCStringRegionKind,
115 VarRegionKind = BEG_DECL_REGIONS,
118 END_DECL_REGIONS = ObjCIvarRegionKind,
119 CXXTempObjectRegionKind,
120 CXXBaseObjectRegionKind,
121 END_TYPED_VALUE_REGIONS = CXXBaseObjectRegionKind,
122 END_TYPED_REGIONS = CXXBaseObjectRegionKind
129 MemRegion(Kind k) : kind(k) {}
130 virtual ~MemRegion();
133 ASTContext &getContext() const;
135 virtual void Profile(llvm::FoldingSetNodeID& ID) const = 0;
137 virtual MemRegionManager* getMemRegionManager() const = 0;
139 const MemSpaceRegion *getMemorySpace() const;
141 const MemRegion *getBaseRegion() const;
143 /// Check if the region is a subregion of the given region.
144 virtual bool isSubRegionOf(const MemRegion *R) const;
146 const MemRegion *StripCasts(bool StripBaseCasts = true) const;
148 bool hasGlobalsOrParametersStorage() const;
150 bool hasStackStorage() const;
152 bool hasStackNonParametersStorage() const;
154 bool hasStackParametersStorage() const;
156 /// Compute the offset within the top level memory object.
157 RegionOffset getAsOffset() const;
159 /// \brief Get a string representation of a region for debug use.
160 std::string getString() const;
162 virtual void dumpToStream(raw_ostream &os) const;
166 /// \brief Returns true if this region can be printed in a user-friendly way.
167 virtual bool canPrintPretty() const;
169 /// \brief Print the region for use in diagnostics.
170 virtual void printPretty(raw_ostream &os) const;
172 Kind getKind() const { return kind; }
174 template<typename RegionTy> const RegionTy* getAs() const;
176 virtual bool isBoundable() const { return false; }
179 /// MemSpaceRegion - A memory region that represents a "memory space";
180 /// for example, the set of global variables, the stack frame, etc.
181 class MemSpaceRegion : public MemRegion {
183 friend class MemRegionManager;
185 MemRegionManager *Mgr;
187 MemSpaceRegion(MemRegionManager *mgr, Kind k = GenericMemSpaceRegionKind)
188 : MemRegion(k), Mgr(mgr) {
189 assert(classof(this));
192 MemRegionManager* getMemRegionManager() const { return Mgr; }
195 bool isBoundable() const { return false; }
197 void Profile(llvm::FoldingSetNodeID &ID) const;
199 static bool classof(const MemRegion *R) {
200 Kind k = R->getKind();
201 return k >= BEG_MEMSPACES && k <= END_MEMSPACES;
205 class GlobalsSpaceRegion : public MemSpaceRegion {
206 virtual void anchor();
208 GlobalsSpaceRegion(MemRegionManager *mgr, Kind k)
209 : MemSpaceRegion(mgr, k) {}
211 static bool classof(const MemRegion *R) {
212 Kind k = R->getKind();
213 return k >= BEG_GLOBAL_MEMSPACES && k <= END_GLOBAL_MEMSPACES;
217 /// \brief The region of the static variables within the current CodeTextRegion
220 /// Currently, only the static locals are placed there, so we know that these
221 /// variables do not get invalidated by calls to other functions.
222 class StaticGlobalSpaceRegion : public GlobalsSpaceRegion {
223 friend class MemRegionManager;
225 const CodeTextRegion *CR;
227 StaticGlobalSpaceRegion(MemRegionManager *mgr, const CodeTextRegion *cr)
228 : GlobalsSpaceRegion(mgr, StaticGlobalSpaceRegionKind), CR(cr) {}
231 void Profile(llvm::FoldingSetNodeID &ID) const;
233 void dumpToStream(raw_ostream &os) const;
235 const CodeTextRegion *getCodeRegion() const { return CR; }
237 static bool classof(const MemRegion *R) {
238 return R->getKind() == StaticGlobalSpaceRegionKind;
242 /// \brief The region for all the non-static global variables.
244 /// This class is further split into subclasses for efficient implementation of
245 /// invalidating a set of related global values as is done in
246 /// RegionStoreManager::invalidateRegions (instead of finding all the dependent
247 /// globals, we invalidate the whole parent region).
248 class NonStaticGlobalSpaceRegion : public GlobalsSpaceRegion {
249 friend class MemRegionManager;
252 NonStaticGlobalSpaceRegion(MemRegionManager *mgr, Kind k)
253 : GlobalsSpaceRegion(mgr, k) {}
257 static bool classof(const MemRegion *R) {
258 Kind k = R->getKind();
259 return k >= BEG_NON_STATIC_GLOBAL_MEMSPACES &&
260 k <= END_NON_STATIC_GLOBAL_MEMSPACES;
264 /// \brief The region containing globals which are defined in system/external
265 /// headers and are considered modifiable by system calls (ex: errno).
266 class GlobalSystemSpaceRegion : public NonStaticGlobalSpaceRegion {
267 friend class MemRegionManager;
269 GlobalSystemSpaceRegion(MemRegionManager *mgr)
270 : NonStaticGlobalSpaceRegion(mgr, GlobalSystemSpaceRegionKind) {}
274 void dumpToStream(raw_ostream &os) const;
276 static bool classof(const MemRegion *R) {
277 return R->getKind() == GlobalSystemSpaceRegionKind;
281 /// \brief The region containing globals which are considered not to be modified
282 /// or point to data which could be modified as a result of a function call
283 /// (system or internal). Ex: Const global scalars would be modeled as part of
284 /// this region. This region also includes most system globals since they have
285 /// low chance of being modified.
286 class GlobalImmutableSpaceRegion : public NonStaticGlobalSpaceRegion {
287 friend class MemRegionManager;
289 GlobalImmutableSpaceRegion(MemRegionManager *mgr)
290 : NonStaticGlobalSpaceRegion(mgr, GlobalImmutableSpaceRegionKind) {}
294 void dumpToStream(raw_ostream &os) const;
296 static bool classof(const MemRegion *R) {
297 return R->getKind() == GlobalImmutableSpaceRegionKind;
301 /// \brief The region containing globals which can be modified by calls to
302 /// "internally" defined functions - (for now just) functions other then system
304 class GlobalInternalSpaceRegion : public NonStaticGlobalSpaceRegion {
305 friend class MemRegionManager;
307 GlobalInternalSpaceRegion(MemRegionManager *mgr)
308 : NonStaticGlobalSpaceRegion(mgr, GlobalInternalSpaceRegionKind) {}
312 void dumpToStream(raw_ostream &os) const;
314 static bool classof(const MemRegion *R) {
315 return R->getKind() == GlobalInternalSpaceRegionKind;
319 class HeapSpaceRegion : public MemSpaceRegion {
320 virtual void anchor();
321 friend class MemRegionManager;
323 HeapSpaceRegion(MemRegionManager *mgr)
324 : MemSpaceRegion(mgr, HeapSpaceRegionKind) {}
327 void dumpToStream(raw_ostream &os) const;
329 static bool classof(const MemRegion *R) {
330 return R->getKind() == HeapSpaceRegionKind;
334 class UnknownSpaceRegion : public MemSpaceRegion {
335 virtual void anchor();
336 friend class MemRegionManager;
337 UnknownSpaceRegion(MemRegionManager *mgr)
338 : MemSpaceRegion(mgr, UnknownSpaceRegionKind) {}
341 void dumpToStream(raw_ostream &os) const;
343 static bool classof(const MemRegion *R) {
344 return R->getKind() == UnknownSpaceRegionKind;
348 class StackSpaceRegion : public MemSpaceRegion {
350 const StackFrameContext *SFC;
353 StackSpaceRegion(MemRegionManager *mgr, Kind k, const StackFrameContext *sfc)
354 : MemSpaceRegion(mgr, k), SFC(sfc) {
355 assert(classof(this));
359 const StackFrameContext *getStackFrame() const { return SFC; }
361 void Profile(llvm::FoldingSetNodeID &ID) const;
363 static bool classof(const MemRegion *R) {
364 Kind k = R->getKind();
365 return k >= StackLocalsSpaceRegionKind &&
366 k <= StackArgumentsSpaceRegionKind;
370 class StackLocalsSpaceRegion : public StackSpaceRegion {
371 virtual void anchor();
372 friend class MemRegionManager;
373 StackLocalsSpaceRegion(MemRegionManager *mgr, const StackFrameContext *sfc)
374 : StackSpaceRegion(mgr, StackLocalsSpaceRegionKind, sfc) {}
377 void dumpToStream(raw_ostream &os) const;
379 static bool classof(const MemRegion *R) {
380 return R->getKind() == StackLocalsSpaceRegionKind;
384 class StackArgumentsSpaceRegion : public StackSpaceRegion {
386 virtual void anchor();
387 friend class MemRegionManager;
388 StackArgumentsSpaceRegion(MemRegionManager *mgr, const StackFrameContext *sfc)
389 : StackSpaceRegion(mgr, StackArgumentsSpaceRegionKind, sfc) {}
392 void dumpToStream(raw_ostream &os) const;
394 static bool classof(const MemRegion *R) {
395 return R->getKind() == StackArgumentsSpaceRegionKind;
400 /// SubRegion - A region that subsets another larger region. Most regions
401 /// are subclasses of SubRegion.
402 class SubRegion : public MemRegion {
404 virtual void anchor();
406 const MemRegion* superRegion;
407 SubRegion(const MemRegion* sReg, Kind k) : MemRegion(k), superRegion(sReg) {}
409 const MemRegion* getSuperRegion() const {
413 /// getExtent - Returns the size of the region in bytes.
414 virtual DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const {
418 MemRegionManager* getMemRegionManager() const;
420 virtual bool isSubRegionOf(const MemRegion* R) const;
422 static bool classof(const MemRegion* R) {
423 return R->getKind() > END_MEMSPACES;
427 //===----------------------------------------------------------------------===//
428 // MemRegion subclasses.
429 //===----------------------------------------------------------------------===//
431 /// AllocaRegion - A region that represents an untyped blob of bytes created
432 /// by a call to 'alloca'.
433 class AllocaRegion : public SubRegion {
434 friend class MemRegionManager;
436 unsigned Cnt; // Block counter. Used to distinguish different pieces of
437 // memory allocated by alloca at the same call site.
440 AllocaRegion(const Expr *ex, unsigned cnt, const MemRegion *superRegion)
441 : SubRegion(superRegion, AllocaRegionKind), Cnt(cnt), Ex(ex) {}
445 const Expr *getExpr() const { return Ex; }
447 bool isBoundable() const { return true; }
449 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
451 void Profile(llvm::FoldingSetNodeID& ID) const;
453 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Expr *Ex,
454 unsigned Cnt, const MemRegion *superRegion);
456 void dumpToStream(raw_ostream &os) const;
458 static bool classof(const MemRegion* R) {
459 return R->getKind() == AllocaRegionKind;
463 /// TypedRegion - An abstract class representing regions that are typed.
464 class TypedRegion : public SubRegion {
466 virtual void anchor();
468 TypedRegion(const MemRegion* sReg, Kind k) : SubRegion(sReg, k) {}
471 virtual QualType getLocationType() const = 0;
473 QualType getDesugaredLocationType(ASTContext &Context) const {
474 return getLocationType().getDesugaredType(Context);
477 bool isBoundable() const { return true; }
479 static bool classof(const MemRegion* R) {
480 unsigned k = R->getKind();
481 return k >= BEG_TYPED_REGIONS && k <= END_TYPED_REGIONS;
485 /// TypedValueRegion - An abstract class representing regions having a typed value.
486 class TypedValueRegion : public TypedRegion {
488 virtual void anchor();
490 TypedValueRegion(const MemRegion* sReg, Kind k) : TypedRegion(sReg, k) {}
493 virtual QualType getValueType() const = 0;
495 virtual QualType getLocationType() const {
496 // FIXME: We can possibly optimize this later to cache this value.
497 QualType T = getValueType();
498 ASTContext &ctx = getContext();
499 if (T->getAs<ObjCObjectType>())
500 return ctx.getObjCObjectPointerType(T);
501 return ctx.getPointerType(getValueType());
504 QualType getDesugaredValueType(ASTContext &Context) const {
505 QualType T = getValueType();
506 return T.getTypePtrOrNull() ? T.getDesugaredType(Context) : T;
509 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
511 static bool classof(const MemRegion* R) {
512 unsigned k = R->getKind();
513 return k >= BEG_TYPED_VALUE_REGIONS && k <= END_TYPED_VALUE_REGIONS;
518 class CodeTextRegion : public TypedRegion {
520 virtual void anchor();
522 CodeTextRegion(const MemRegion *sreg, Kind k) : TypedRegion(sreg, k) {}
524 bool isBoundable() const { return false; }
526 static bool classof(const MemRegion* R) {
527 Kind k = R->getKind();
528 return k >= FunctionTextRegionKind && k <= BlockTextRegionKind;
532 /// FunctionTextRegion - A region that represents code texts of function.
533 class FunctionTextRegion : public CodeTextRegion {
536 FunctionTextRegion(const NamedDecl *fd, const MemRegion* sreg)
537 : CodeTextRegion(sreg, FunctionTextRegionKind), FD(fd) {
538 assert(isa<ObjCMethodDecl>(fd) || isa<FunctionDecl>(fd));
541 QualType getLocationType() const {
542 const ASTContext &Ctx = getContext();
543 if (const FunctionDecl *D = dyn_cast<FunctionDecl>(FD)) {
544 return Ctx.getPointerType(D->getType());
547 assert(isa<ObjCMethodDecl>(FD));
548 assert(false && "Getting the type of ObjCMethod is not supported yet");
550 // TODO: We might want to return a different type here (ex: id (*ty)(...))
551 // depending on how it is used.
555 const NamedDecl *getDecl() const {
559 virtual void dumpToStream(raw_ostream &os) const;
561 void Profile(llvm::FoldingSetNodeID& ID) const;
563 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const NamedDecl *FD,
566 static bool classof(const MemRegion* R) {
567 return R->getKind() == FunctionTextRegionKind;
572 /// BlockTextRegion - A region that represents code texts of blocks (closures).
573 /// Blocks are represented with two kinds of regions. BlockTextRegions
574 /// represent the "code", while BlockDataRegions represent instances of blocks,
575 /// which correspond to "code+data". The distinction is important, because
576 /// like a closure a block captures the values of externally referenced
578 class BlockTextRegion : public CodeTextRegion {
579 friend class MemRegionManager;
582 AnalysisDeclContext *AC;
585 BlockTextRegion(const BlockDecl *bd, CanQualType lTy,
586 AnalysisDeclContext *ac, const MemRegion* sreg)
587 : CodeTextRegion(sreg, BlockTextRegionKind), BD(bd), AC(ac), locTy(lTy) {}
590 QualType getLocationType() const {
594 const BlockDecl *getDecl() const {
598 AnalysisDeclContext *getAnalysisDeclContext() const { return AC; }
600 virtual void dumpToStream(raw_ostream &os) const;
602 void Profile(llvm::FoldingSetNodeID& ID) const;
604 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const BlockDecl *BD,
605 CanQualType, const AnalysisDeclContext*,
608 static bool classof(const MemRegion* R) {
609 return R->getKind() == BlockTextRegionKind;
613 /// BlockDataRegion - A region that represents a block instance.
614 /// Blocks are represented with two kinds of regions. BlockTextRegions
615 /// represent the "code", while BlockDataRegions represent instances of blocks,
616 /// which correspond to "code+data". The distinction is important, because
617 /// like a closure a block captures the values of externally referenced
619 class BlockDataRegion : public TypedRegion {
620 friend class MemRegionManager;
621 const BlockTextRegion *BC;
622 const LocationContext *LC; // Can be null */
623 void *ReferencedVars;
626 BlockDataRegion(const BlockTextRegion *bc, const LocationContext *lc,
627 const MemRegion *sreg)
628 : TypedRegion(sreg, BlockDataRegionKind), BC(bc), LC(lc),
629 ReferencedVars(0), OriginalVars(0) {}
632 const BlockTextRegion *getCodeRegion() const { return BC; }
634 const BlockDecl *getDecl() const { return BC->getDecl(); }
636 QualType getLocationType() const { return BC->getLocationType(); }
638 class referenced_vars_iterator {
639 const MemRegion * const *R;
640 const MemRegion * const *OriginalR;
642 explicit referenced_vars_iterator(const MemRegion * const *r,
643 const MemRegion * const *originalR)
644 : R(r), OriginalR(originalR) {}
646 const VarRegion *getCapturedRegion() const {
647 return cast<VarRegion>(*R);
649 const VarRegion *getOriginalRegion() const {
650 return cast<VarRegion>(*OriginalR);
653 bool operator==(const referenced_vars_iterator &I) const {
654 assert((R == 0) == (I.R == 0));
657 bool operator!=(const referenced_vars_iterator &I) const {
658 assert((R == 0) == (I.R == 0));
661 referenced_vars_iterator &operator++() {
668 /// Return the original region for a captured region, if
670 const VarRegion *getOriginalRegion(const VarRegion *VR) const;
672 referenced_vars_iterator referenced_vars_begin() const;
673 referenced_vars_iterator referenced_vars_end() const;
675 virtual void dumpToStream(raw_ostream &os) const;
677 void Profile(llvm::FoldingSetNodeID& ID) const;
679 static void ProfileRegion(llvm::FoldingSetNodeID&, const BlockTextRegion *,
680 const LocationContext *, const MemRegion *);
682 static bool classof(const MemRegion* R) {
683 return R->getKind() == BlockDataRegionKind;
686 void LazyInitializeReferencedVars();
687 std::pair<const VarRegion *, const VarRegion *>
688 getCaptureRegions(const VarDecl *VD);
691 /// SymbolicRegion - A special, "non-concrete" region. Unlike other region
692 /// clases, SymbolicRegion represents a region that serves as an alias for
693 /// either a real region, a NULL pointer, etc. It essentially is used to
694 /// map the concept of symbolic values into the domain of regions. Symbolic
695 /// regions do not need to be typed.
696 class SymbolicRegion : public SubRegion {
701 SymbolicRegion(const SymbolRef s, const MemRegion* sreg)
702 : SubRegion(sreg, SymbolicRegionKind), sym(s) {}
704 SymbolRef getSymbol() const {
708 bool isBoundable() const { return true; }
710 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
712 void Profile(llvm::FoldingSetNodeID& ID) const;
714 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
716 const MemRegion* superRegion);
718 void dumpToStream(raw_ostream &os) const;
720 static bool classof(const MemRegion* R) {
721 return R->getKind() == SymbolicRegionKind;
725 /// StringRegion - Region associated with a StringLiteral.
726 class StringRegion : public TypedValueRegion {
727 friend class MemRegionManager;
728 const StringLiteral* Str;
731 StringRegion(const StringLiteral* str, const MemRegion* sreg)
732 : TypedValueRegion(sreg, StringRegionKind), Str(str) {}
734 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
735 const StringLiteral* Str,
736 const MemRegion* superRegion);
740 const StringLiteral* getStringLiteral() const { return Str; }
742 QualType getValueType() const {
743 return Str->getType();
746 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
748 bool isBoundable() const { return false; }
750 void Profile(llvm::FoldingSetNodeID& ID) const {
751 ProfileRegion(ID, Str, superRegion);
754 void dumpToStream(raw_ostream &os) const;
756 static bool classof(const MemRegion* R) {
757 return R->getKind() == StringRegionKind;
761 /// The region associated with an ObjCStringLiteral.
762 class ObjCStringRegion : public TypedValueRegion {
763 friend class MemRegionManager;
764 const ObjCStringLiteral* Str;
767 ObjCStringRegion(const ObjCStringLiteral* str, const MemRegion* sreg)
768 : TypedValueRegion(sreg, ObjCStringRegionKind), Str(str) {}
770 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
771 const ObjCStringLiteral* Str,
772 const MemRegion* superRegion);
776 const ObjCStringLiteral* getObjCStringLiteral() const { return Str; }
778 QualType getValueType() const {
779 return Str->getType();
782 bool isBoundable() const { return false; }
784 void Profile(llvm::FoldingSetNodeID& ID) const {
785 ProfileRegion(ID, Str, superRegion);
788 void dumpToStream(raw_ostream &os) const;
790 static bool classof(const MemRegion* R) {
791 return R->getKind() == ObjCStringRegionKind;
795 /// CompoundLiteralRegion - A memory region representing a compound literal.
796 /// Compound literals are essentially temporaries that are stack allocated
797 /// or in the global constant pool.
798 class CompoundLiteralRegion : public TypedValueRegion {
800 friend class MemRegionManager;
801 const CompoundLiteralExpr *CL;
803 CompoundLiteralRegion(const CompoundLiteralExpr *cl, const MemRegion* sReg)
804 : TypedValueRegion(sReg, CompoundLiteralRegionKind), CL(cl) {}
806 static void ProfileRegion(llvm::FoldingSetNodeID& ID,
807 const CompoundLiteralExpr *CL,
808 const MemRegion* superRegion);
810 QualType getValueType() const {
811 return CL->getType();
814 bool isBoundable() const { return !CL->isFileScope(); }
816 void Profile(llvm::FoldingSetNodeID& ID) const;
818 void dumpToStream(raw_ostream &os) const;
820 const CompoundLiteralExpr *getLiteralExpr() const { return CL; }
822 static bool classof(const MemRegion* R) {
823 return R->getKind() == CompoundLiteralRegionKind;
827 class DeclRegion : public TypedValueRegion {
831 DeclRegion(const Decl *d, const MemRegion* sReg, Kind k)
832 : TypedValueRegion(sReg, k), D(d) {}
834 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Decl *D,
835 const MemRegion* superRegion, Kind k);
838 const Decl *getDecl() const { return D; }
839 void Profile(llvm::FoldingSetNodeID& ID) const;
841 static bool classof(const MemRegion* R) {
842 unsigned k = R->getKind();
843 return k >= BEG_DECL_REGIONS && k <= END_DECL_REGIONS;
847 class VarRegion : public DeclRegion {
848 friend class MemRegionManager;
850 // Constructors and private methods.
851 VarRegion(const VarDecl *vd, const MemRegion* sReg)
852 : DeclRegion(vd, sReg, VarRegionKind) {}
854 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const VarDecl *VD,
855 const MemRegion *superRegion) {
856 DeclRegion::ProfileRegion(ID, VD, superRegion, VarRegionKind);
859 void Profile(llvm::FoldingSetNodeID& ID) const;
862 const VarDecl *getDecl() const { return cast<VarDecl>(D); }
864 const StackFrameContext *getStackFrame() const;
866 QualType getValueType() const {
867 // FIXME: We can cache this if needed.
868 return getDecl()->getType();
871 void dumpToStream(raw_ostream &os) const;
873 static bool classof(const MemRegion* R) {
874 return R->getKind() == VarRegionKind;
877 bool canPrintPretty() const;
878 void printPretty(raw_ostream &os) const;
881 /// CXXThisRegion - Represents the region for the implicit 'this' parameter
882 /// in a call to a C++ method. This region doesn't represent the object
883 /// referred to by 'this', but rather 'this' itself.
884 class CXXThisRegion : public TypedValueRegion {
885 friend class MemRegionManager;
886 CXXThisRegion(const PointerType *thisPointerTy,
887 const MemRegion *sReg)
888 : TypedValueRegion(sReg, CXXThisRegionKind), ThisPointerTy(thisPointerTy) {}
890 static void ProfileRegion(llvm::FoldingSetNodeID &ID,
891 const PointerType *PT,
892 const MemRegion *sReg);
894 void Profile(llvm::FoldingSetNodeID &ID) const;
897 QualType getValueType() const {
898 return QualType(ThisPointerTy, 0);
901 void dumpToStream(raw_ostream &os) const;
903 static bool classof(const MemRegion* R) {
904 return R->getKind() == CXXThisRegionKind;
908 const PointerType *ThisPointerTy;
911 class FieldRegion : public DeclRegion {
912 friend class MemRegionManager;
914 FieldRegion(const FieldDecl *fd, const MemRegion* sReg)
915 : DeclRegion(fd, sReg, FieldRegionKind) {}
918 const FieldDecl *getDecl() const { return cast<FieldDecl>(D); }
920 QualType getValueType() const {
921 // FIXME: We can cache this if needed.
922 return getDecl()->getType();
925 DefinedOrUnknownSVal getExtent(SValBuilder &svalBuilder) const;
927 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const FieldDecl *FD,
928 const MemRegion* superRegion) {
929 DeclRegion::ProfileRegion(ID, FD, superRegion, FieldRegionKind);
932 static bool classof(const MemRegion* R) {
933 return R->getKind() == FieldRegionKind;
936 void dumpToStream(raw_ostream &os) const;
938 bool canPrintPretty() const;
939 void printPretty(raw_ostream &os) const;
942 class ObjCIvarRegion : public DeclRegion {
944 friend class MemRegionManager;
946 ObjCIvarRegion(const ObjCIvarDecl *ivd, const MemRegion* sReg);
948 static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd,
949 const MemRegion* superRegion);
952 const ObjCIvarDecl *getDecl() const;
953 QualType getValueType() const;
955 bool canPrintPretty() const;
956 void printPretty(raw_ostream &os) const;
958 void dumpToStream(raw_ostream &os) const;
960 static bool classof(const MemRegion* R) {
961 return R->getKind() == ObjCIvarRegionKind;
964 //===----------------------------------------------------------------------===//
965 // Auxiliary data classes for use with MemRegions.
966 //===----------------------------------------------------------------------===//
970 class RegionRawOffset {
972 friend class ElementRegion;
974 const MemRegion *Region;
977 RegionRawOffset(const MemRegion* reg, CharUnits offset = CharUnits::Zero())
978 : Region(reg), Offset(offset) {}
981 // FIXME: Eventually support symbolic offsets.
982 CharUnits getOffset() const { return Offset; }
983 const MemRegion *getRegion() const { return Region; }
985 void dumpToStream(raw_ostream &os) const;
989 /// \brief ElementRegin is used to represent both array elements and casts.
990 class ElementRegion : public TypedValueRegion {
991 friend class MemRegionManager;
993 QualType ElementType;
996 ElementRegion(QualType elementType, NonLoc Idx, const MemRegion* sReg)
997 : TypedValueRegion(sReg, ElementRegionKind),
998 ElementType(elementType), Index(Idx) {
999 assert((!Idx.getAs<nonloc::ConcreteInt>() ||
1000 Idx.castAs<nonloc::ConcreteInt>().getValue().isSigned()) &&
1001 "The index must be signed");
1004 static void ProfileRegion(llvm::FoldingSetNodeID& ID, QualType elementType,
1005 SVal Idx, const MemRegion* superRegion);
1009 NonLoc getIndex() const { return Index; }
1011 QualType getValueType() const {
1015 QualType getElementType() const {
1018 /// Compute the offset within the array. The array might also be a subobject.
1019 RegionRawOffset getAsArrayOffset() const;
1021 void dumpToStream(raw_ostream &os) const;
1023 void Profile(llvm::FoldingSetNodeID& ID) const;
1025 static bool classof(const MemRegion* R) {
1026 return R->getKind() == ElementRegionKind;
1030 // C++ temporary object associated with an expression.
1031 class CXXTempObjectRegion : public TypedValueRegion {
1032 friend class MemRegionManager;
1036 CXXTempObjectRegion(Expr const *E, MemRegion const *sReg)
1037 : TypedValueRegion(sReg, CXXTempObjectRegionKind), Ex(E) {}
1039 static void ProfileRegion(llvm::FoldingSetNodeID &ID,
1040 Expr const *E, const MemRegion *sReg);
1043 const Expr *getExpr() const { return Ex; }
1045 QualType getValueType() const {
1046 return Ex->getType();
1049 void dumpToStream(raw_ostream &os) const;
1051 void Profile(llvm::FoldingSetNodeID &ID) const;
1053 static bool classof(const MemRegion* R) {
1054 return R->getKind() == CXXTempObjectRegionKind;
1058 // CXXBaseObjectRegion represents a base object within a C++ object. It is
1059 // identified by the base class declaration and the region of its parent object.
1060 class CXXBaseObjectRegion : public TypedValueRegion {
1061 friend class MemRegionManager;
1063 llvm::PointerIntPair<const CXXRecordDecl *, 1, bool> Data;
1065 CXXBaseObjectRegion(const CXXRecordDecl *RD, bool IsVirtual,
1066 const MemRegion *SReg)
1067 : TypedValueRegion(SReg, CXXBaseObjectRegionKind), Data(RD, IsVirtual) {}
1069 static void ProfileRegion(llvm::FoldingSetNodeID &ID, const CXXRecordDecl *RD,
1070 bool IsVirtual, const MemRegion *SReg);
1073 const CXXRecordDecl *getDecl() const { return Data.getPointer(); }
1074 bool isVirtual() const { return Data.getInt(); }
1076 QualType getValueType() const;
1078 void dumpToStream(raw_ostream &os) const;
1080 void Profile(llvm::FoldingSetNodeID &ID) const;
1082 static bool classof(const MemRegion *region) {
1083 return region->getKind() == CXXBaseObjectRegionKind;
1087 template<typename RegionTy>
1088 const RegionTy* MemRegion::getAs() const {
1089 if (const RegionTy* RT = dyn_cast<RegionTy>(this))
1095 //===----------------------------------------------------------------------===//
1096 // MemRegionManager - Factory object for creating regions.
1097 //===----------------------------------------------------------------------===//
1099 class MemRegionManager {
1101 llvm::BumpPtrAllocator& A;
1102 llvm::FoldingSet<MemRegion> Regions;
1104 GlobalInternalSpaceRegion *InternalGlobals;
1105 GlobalSystemSpaceRegion *SystemGlobals;
1106 GlobalImmutableSpaceRegion *ImmutableGlobals;
1109 llvm::DenseMap<const StackFrameContext *, StackLocalsSpaceRegion *>
1110 StackLocalsSpaceRegions;
1111 llvm::DenseMap<const StackFrameContext *, StackArgumentsSpaceRegion *>
1112 StackArgumentsSpaceRegions;
1113 llvm::DenseMap<const CodeTextRegion *, StaticGlobalSpaceRegion *>
1114 StaticsGlobalSpaceRegions;
1116 HeapSpaceRegion *heap;
1117 UnknownSpaceRegion *unknown;
1118 MemSpaceRegion *code;
1121 MemRegionManager(ASTContext &c, llvm::BumpPtrAllocator& a)
1122 : C(c), A(a), InternalGlobals(0), SystemGlobals(0), ImmutableGlobals(0),
1123 heap(0), unknown(0), code(0) {}
1125 ~MemRegionManager();
1127 ASTContext &getContext() { return C; }
1129 llvm::BumpPtrAllocator &getAllocator() { return A; }
1131 /// getStackLocalsRegion - Retrieve the memory region associated with the
1132 /// specified stack frame.
1133 const StackLocalsSpaceRegion *
1134 getStackLocalsRegion(const StackFrameContext *STC);
1136 /// getStackArgumentsRegion - Retrieve the memory region associated with
1137 /// function/method arguments of the specified stack frame.
1138 const StackArgumentsSpaceRegion *
1139 getStackArgumentsRegion(const StackFrameContext *STC);
1141 /// getGlobalsRegion - Retrieve the memory region associated with
1142 /// global variables.
1143 const GlobalsSpaceRegion *getGlobalsRegion(
1144 MemRegion::Kind K = MemRegion::GlobalInternalSpaceRegionKind,
1145 const CodeTextRegion *R = 0);
1147 /// getHeapRegion - Retrieve the memory region associated with the
1149 const HeapSpaceRegion *getHeapRegion();
1151 /// getUnknownRegion - Retrieve the memory region associated with unknown
1153 const MemSpaceRegion *getUnknownRegion();
1155 const MemSpaceRegion *getCodeRegion();
1157 /// getAllocaRegion - Retrieve a region associated with a call to alloca().
1158 const AllocaRegion *getAllocaRegion(const Expr *Ex, unsigned Cnt,
1159 const LocationContext *LC);
1161 /// getCompoundLiteralRegion - Retrieve the region associated with a
1162 /// given CompoundLiteral.
1163 const CompoundLiteralRegion*
1164 getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
1165 const LocationContext *LC);
1167 /// getCXXThisRegion - Retrieve the [artificial] region associated with the
1168 /// parameter 'this'.
1169 const CXXThisRegion *getCXXThisRegion(QualType thisPointerTy,
1170 const LocationContext *LC);
1172 /// \brief Retrieve or create a "symbolic" memory region.
1173 const SymbolicRegion* getSymbolicRegion(SymbolRef Sym);
1175 /// \brief Return a unique symbolic region belonging to heap memory space.
1176 const SymbolicRegion *getSymbolicHeapRegion(SymbolRef sym);
1178 const StringRegion *getStringRegion(const StringLiteral* Str);
1180 const ObjCStringRegion *getObjCStringRegion(const ObjCStringLiteral *Str);
1182 /// getVarRegion - Retrieve or create the memory region associated with
1183 /// a specified VarDecl and LocationContext.
1184 const VarRegion* getVarRegion(const VarDecl *D, const LocationContext *LC);
1186 /// getVarRegion - Retrieve or create the memory region associated with
1187 /// a specified VarDecl and super region.
1188 const VarRegion* getVarRegion(const VarDecl *D, const MemRegion *superR);
1190 /// getElementRegion - Retrieve the memory region associated with the
1191 /// associated element type, index, and super region.
1192 const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx,
1193 const MemRegion *superRegion,
1196 const ElementRegion *getElementRegionWithSuper(const ElementRegion *ER,
1197 const MemRegion *superRegion) {
1198 return getElementRegion(ER->getElementType(), ER->getIndex(),
1199 superRegion, ER->getContext());
1202 /// getFieldRegion - Retrieve or create the memory region associated with
1203 /// a specified FieldDecl. 'superRegion' corresponds to the containing
1204 /// memory region (which typically represents the memory representing
1205 /// a structure or class).
1206 const FieldRegion *getFieldRegion(const FieldDecl *fd,
1207 const MemRegion* superRegion);
1209 const FieldRegion *getFieldRegionWithSuper(const FieldRegion *FR,
1210 const MemRegion *superRegion) {
1211 return getFieldRegion(FR->getDecl(), superRegion);
1214 /// getObjCIvarRegion - Retrieve or create the memory region associated with
1215 /// a specified Objective-c instance variable. 'superRegion' corresponds
1216 /// to the containing region (which typically represents the Objective-C
1218 const ObjCIvarRegion *getObjCIvarRegion(const ObjCIvarDecl *ivd,
1219 const MemRegion* superRegion);
1221 const CXXTempObjectRegion *getCXXTempObjectRegion(Expr const *Ex,
1222 LocationContext const *LC);
1224 /// Create a CXXBaseObjectRegion with the given base class for region
1227 /// The type of \p Super is assumed be a class deriving from \p BaseClass.
1228 const CXXBaseObjectRegion *
1229 getCXXBaseObjectRegion(const CXXRecordDecl *BaseClass, const MemRegion *Super,
1232 /// Create a CXXBaseObjectRegion with the same CXXRecordDecl but a different
1234 const CXXBaseObjectRegion *
1235 getCXXBaseObjectRegionWithSuper(const CXXBaseObjectRegion *baseReg,
1236 const MemRegion *superRegion) {
1237 return getCXXBaseObjectRegion(baseReg->getDecl(), superRegion,
1238 baseReg->isVirtual());
1241 const FunctionTextRegion *getFunctionTextRegion(const NamedDecl *FD);
1242 const BlockTextRegion *getBlockTextRegion(const BlockDecl *BD,
1244 AnalysisDeclContext *AC);
1246 /// getBlockDataRegion - Get the memory region associated with an instance
1247 /// of a block. Unlike many other MemRegions, the LocationContext*
1248 /// argument is allowed to be NULL for cases where we have no known
1250 const BlockDataRegion *getBlockDataRegion(const BlockTextRegion *bc,
1251 const LocationContext *lc = NULL);
1254 template <typename RegionTy, typename A1>
1255 RegionTy* getRegion(const A1 a1);
1257 template <typename RegionTy, typename A1>
1258 RegionTy* getSubRegion(const A1 a1, const MemRegion* superRegion);
1260 template <typename RegionTy, typename A1, typename A2>
1261 RegionTy* getRegion(const A1 a1, const A2 a2);
1263 template <typename RegionTy, typename A1, typename A2>
1264 RegionTy* getSubRegion(const A1 a1, const A2 a2,
1265 const MemRegion* superRegion);
1267 template <typename RegionTy, typename A1, typename A2, typename A3>
1268 RegionTy* getSubRegion(const A1 a1, const A2 a2, const A3 a3,
1269 const MemRegion* superRegion);
1271 template <typename REG>
1272 const REG* LazyAllocate(REG*& region);
1274 template <typename REG, typename ARG>
1275 const REG* LazyAllocate(REG*& region, ARG a);
1278 //===----------------------------------------------------------------------===//
1279 // Out-of-line member definitions.
1280 //===----------------------------------------------------------------------===//
1282 inline ASTContext &MemRegion::getContext() const {
1283 return getMemRegionManager()->getContext();
1286 } // end GR namespace
1288 } // end clang namespace
1290 //===----------------------------------------------------------------------===//
1291 // Pretty-printing regions.
1292 //===----------------------------------------------------------------------===//
1295 static inline raw_ostream &operator<<(raw_ostream &os,
1296 const clang::ento::MemRegion* R) {
1297 R->dumpToStream(os);
1300 } // end llvm namespace