1 //== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file defines the state of the program along the analysisa path.
12 //===----------------------------------------------------------------------===//
14 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
15 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
17 #include "clang/Basic/LLVM.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h"
21 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
22 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
23 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
24 #include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h"
25 #include "llvm/ADT/FoldingSet.h"
26 #include "llvm/ADT/ImmutableMap.h"
27 #include "llvm/Support/Allocator.h"
40 class CallEventManager;
42 typedef std::unique_ptr<ConstraintManager>(*ConstraintManagerCreator)(
43 ProgramStateManager &, SubEngine *);
44 typedef std::unique_ptr<StoreManager>(*StoreManagerCreator)(
45 ProgramStateManager &);
46 typedef llvm::ImmutableMap<const SubRegion*, TaintTagType> TaintedSubRegions;
48 //===----------------------------------------------------------------------===//
49 // ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState.
50 //===----------------------------------------------------------------------===//
52 template <typename T> struct ProgramStatePartialTrait;
54 template <typename T> struct ProgramStateTrait {
55 typedef typename T::data_type data_type;
56 static inline void *MakeVoidPtr(data_type D) { return (void*) D; }
57 static inline data_type MakeData(void *const* P) {
58 return P ? (data_type) *P : (data_type) 0;
62 /// \class ProgramState
63 /// ProgramState - This class encapsulates:
65 /// 1. A mapping from expressions to values (Environment)
66 /// 2. A mapping from locations to values (Store)
67 /// 3. Constraints on symbolic values (GenericDataMap)
69 /// Together these represent the "abstract state" of a program.
71 /// ProgramState is intended to be used as a functional object; that is,
72 /// once it is created and made "persistent" in a FoldingSet, its
73 /// values will never change.
74 class ProgramState : public llvm::FoldingSetNode {
76 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy;
77 typedef llvm::ImmutableMap<void*, void*> GenericDataMap;
80 void operator=(const ProgramState& R) = delete;
82 friend class ProgramStateManager;
83 friend class ExplodedGraph;
84 friend class ExplodedNode;
86 ProgramStateManager *stateMgr;
87 Environment Env; // Maps a Stmt to its current SVal.
88 Store store; // Maps a location to its current value.
89 GenericDataMap GDM; // Custom data stored by a client of this class.
92 /// makeWithStore - Return a ProgramState with the same values as the current
93 /// state with the exception of using the specified Store.
94 ProgramStateRef makeWithStore(const StoreRef &store) const;
96 void setStore(const StoreRef &storeRef);
99 /// This ctor is used when creating the first ProgramState object.
100 ProgramState(ProgramStateManager *mgr, const Environment& env,
101 StoreRef st, GenericDataMap gdm);
103 /// Copy ctor - We must explicitly define this or else the "Next" ptr
104 /// in FoldingSetNode will also get copied.
105 ProgramState(const ProgramState &RHS);
109 /// Return the ProgramStateManager associated with this state.
110 ProgramStateManager &getStateManager() const {
114 /// Return the ConstraintManager.
115 ConstraintManager &getConstraintManager() const;
117 /// getEnvironment - Return the environment associated with this state.
118 /// The environment is the mapping from expressions to values.
119 const Environment& getEnvironment() const { return Env; }
121 /// Return the store associated with this state. The store
122 /// is a mapping from locations to values.
123 Store getStore() const { return store; }
126 /// getGDM - Return the generic data map associated with this state.
127 GenericDataMap getGDM() const { return GDM; }
129 void setGDM(GenericDataMap gdm) { GDM = gdm; }
131 /// Profile - Profile the contents of a ProgramState object for use in a
132 /// FoldingSet. Two ProgramState objects are considered equal if they
133 /// have the same Environment, Store, and GenericDataMap.
134 static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) {
136 ID.AddPointer(V->store);
140 /// Profile - Used to profile the contents of this object for inclusion
142 void Profile(llvm::FoldingSetNodeID& ID) const {
146 BasicValueFactory &getBasicVals() const;
147 SymbolManager &getSymbolManager() const;
149 //==---------------------------------------------------------------------==//
150 // Constraints on values.
151 //==---------------------------------------------------------------------==//
153 // Each ProgramState records constraints on symbolic values. These constraints
154 // are managed using the ConstraintManager associated with a ProgramStateManager.
155 // As constraints gradually accrue on symbolic values, added constraints
156 // may conflict and indicate that a state is infeasible (as no real values
157 // could satisfy all the constraints). This is the principal mechanism
158 // for modeling path-sensitivity in ExprEngine/ProgramState.
160 // Various "assume" methods form the interface for adding constraints to
161 // symbolic values. A call to 'assume' indicates an assumption being placed
162 // on one or symbolic values. 'assume' methods take the following inputs:
164 // (1) A ProgramState object representing the current state.
166 // (2) The assumed constraint (which is specific to a given "assume" method).
168 // (3) A binary value "Assumption" that indicates whether the constraint is
169 // assumed to be true or false.
171 // The output of "assume*" is a new ProgramState object with the added constraints.
172 // If no new state is feasible, NULL is returned.
175 /// Assumes that the value of \p cond is zero (if \p assumption is "false")
176 /// or non-zero (if \p assumption is "true").
178 /// This returns a new state with the added constraint on \p cond.
179 /// If no new state is feasible, NULL is returned.
180 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const;
182 /// Assumes both "true" and "false" for \p cond, and returns both
183 /// corresponding states (respectively).
185 /// This is more efficient than calling assume() twice. Note that one (but not
186 /// both) of the returned states may be NULL.
187 std::pair<ProgramStateRef, ProgramStateRef>
188 assume(DefinedOrUnknownSVal cond) const;
190 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx,
191 DefinedOrUnknownSVal upperBound,
193 QualType IndexType = QualType()) const;
195 /// Assumes that the value of \p Val is bounded with [\p From; \p To]
196 /// (if \p assumption is "true") or it is fully out of this range
197 /// (if \p assumption is "false").
199 /// This returns a new state with the added constraint on \p cond.
200 /// If no new state is feasible, NULL is returned.
201 ProgramStateRef assumeInclusiveRange(DefinedOrUnknownSVal Val,
202 const llvm::APSInt &From,
203 const llvm::APSInt &To,
204 bool assumption) const;
206 /// Assumes given range both "true" and "false" for \p Val, and returns both
207 /// corresponding states (respectively).
209 /// This is more efficient than calling assume() twice. Note that one (but not
210 /// both) of the returned states may be NULL.
211 std::pair<ProgramStateRef, ProgramStateRef>
212 assumeInclusiveRange(DefinedOrUnknownSVal Val, const llvm::APSInt &From,
213 const llvm::APSInt &To) const;
215 /// \brief Check if the given SVal is constrained to zero or is a zero
217 ConditionTruthVal isNull(SVal V) const;
219 /// Utility method for getting regions.
220 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const;
222 //==---------------------------------------------------------------------==//
223 // Binding and retrieving values to/from the environment and symbolic store.
224 //==---------------------------------------------------------------------==//
226 /// Create a new state by binding the value 'V' to the statement 'S' in the
227 /// state's environment.
228 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx,
229 SVal V, bool Invalidate = true) const;
231 ProgramStateRef bindLoc(Loc location,
233 const LocationContext *LCtx,
234 bool notifyChanges = true) const;
236 ProgramStateRef bindLoc(SVal location, SVal V, const LocationContext *LCtx) const;
238 ProgramStateRef bindDefault(SVal loc, SVal V, const LocationContext *LCtx) const;
240 ProgramStateRef killBinding(Loc LV) const;
242 /// \brief Returns the state with bindings for the given regions
243 /// cleared from the store.
245 /// Optionally invalidates global regions as well.
247 /// \param Regions the set of regions to be invalidated.
248 /// \param E the expression that caused the invalidation.
249 /// \param BlockCount The number of times the current basic block has been
251 /// \param CausesPointerEscape the flag is set to true when
252 /// the invalidation entails escape of a symbol (representing a
253 /// pointer). For example, due to it being passed as an argument in a
255 /// \param IS the set of invalidated symbols.
256 /// \param Call if non-null, the invalidated regions represent parameters to
257 /// the call and should be considered directly invalidated.
258 /// \param ITraits information about special handling for a particular
261 invalidateRegions(ArrayRef<const MemRegion *> Regions, const Expr *E,
262 unsigned BlockCount, const LocationContext *LCtx,
263 bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,
264 const CallEvent *Call = nullptr,
265 RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;
268 invalidateRegions(ArrayRef<SVal> Regions, const Expr *E,
269 unsigned BlockCount, const LocationContext *LCtx,
270 bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,
271 const CallEvent *Call = nullptr,
272 RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;
274 /// enterStackFrame - Returns the state for entry to the given stack frame,
275 /// preserving the current state.
276 ProgramStateRef enterStackFrame(const CallEvent &Call,
277 const StackFrameContext *CalleeCtx) const;
279 /// Get the lvalue for a variable reference.
280 Loc getLValue(const VarDecl *D, const LocationContext *LC) const;
282 Loc getLValue(const CompoundLiteralExpr *literal,
283 const LocationContext *LC) const;
285 /// Get the lvalue for an ivar reference.
286 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const;
288 /// Get the lvalue for a field reference.
289 SVal getLValue(const FieldDecl *decl, SVal Base) const;
291 /// Get the lvalue for an indirect field reference.
292 SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const;
294 /// Get the lvalue for an array index.
295 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;
297 /// Returns the SVal bound to the statement 'S' in the state's environment.
298 SVal getSVal(const Stmt *S, const LocationContext *LCtx) const;
300 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const;
302 /// \brief Return the value bound to the specified location.
303 /// Returns UnknownVal() if none found.
304 SVal getSVal(Loc LV, QualType T = QualType()) const;
306 /// Returns the "raw" SVal bound to LV before any value simplfication.
307 SVal getRawSVal(Loc LV, QualType T= QualType()) const;
309 /// \brief Return the value bound to the specified location.
310 /// Returns UnknownVal() if none found.
311 SVal getSVal(const MemRegion* R, QualType T = QualType()) const;
313 /// \brief Return the value bound to the specified location, assuming
314 /// that the value is a scalar integer or an enumeration or a pointer.
315 /// Returns UnknownVal() if none found or the region is not known to hold
316 /// a value of such type.
317 SVal getSValAsScalarOrLoc(const MemRegion *R) const;
319 /// \brief Visits the symbols reachable from the given SVal using the provided
322 /// This is a convenience API. Consider using ScanReachableSymbols class
323 /// directly when making multiple scans on the same state with the same
324 /// visitor to avoid repeated initialization cost.
325 /// \sa ScanReachableSymbols
326 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const;
328 /// \brief Visits the symbols reachable from the SVals in the given range
329 /// using the provided SymbolVisitor.
330 bool scanReachableSymbols(const SVal *I, const SVal *E,
331 SymbolVisitor &visitor) const;
333 /// \brief Visits the symbols reachable from the regions in the given
334 /// MemRegions range using the provided SymbolVisitor.
335 bool scanReachableSymbols(const MemRegion * const *I,
336 const MemRegion * const *E,
337 SymbolVisitor &visitor) const;
339 template <typename CB> CB scanReachableSymbols(SVal val) const;
340 template <typename CB> CB scanReachableSymbols(const SVal *beg,
341 const SVal *end) const;
343 template <typename CB> CB
344 scanReachableSymbols(const MemRegion * const *beg,
345 const MemRegion * const *end) const;
347 /// Create a new state in which the statement is marked as tainted.
348 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx,
349 TaintTagType Kind = TaintTagGeneric) const;
351 /// Create a new state in which the value is marked as tainted.
352 ProgramStateRef addTaint(SVal V, TaintTagType Kind = TaintTagGeneric) const;
354 /// Create a new state in which the symbol is marked as tainted.
355 ProgramStateRef addTaint(SymbolRef S,
356 TaintTagType Kind = TaintTagGeneric) const;
358 /// Create a new state in which the region symbol is marked as tainted.
359 ProgramStateRef addTaint(const MemRegion *R,
360 TaintTagType Kind = TaintTagGeneric) const;
362 /// Create a new state in a which a sub-region of a given symbol is tainted.
363 /// This might be necessary when referring to regions that can not have an
364 /// individual symbol, e.g. if they are represented by the default binding of
365 /// a LazyCompoundVal.
366 ProgramStateRef addPartialTaint(SymbolRef ParentSym,
367 const SubRegion *SubRegion,
368 TaintTagType Kind = TaintTagGeneric) const;
370 /// Check if the statement is tainted in the current state.
371 bool isTainted(const Stmt *S, const LocationContext *LCtx,
372 TaintTagType Kind = TaintTagGeneric) const;
373 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const;
374 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const;
375 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const;
377 //==---------------------------------------------------------------------==//
378 // Accessing the Generic Data Map (GDM).
379 //==---------------------------------------------------------------------==//
381 void *const* FindGDM(void *K) const;
384 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const;
386 template <typename T>
387 typename ProgramStateTrait<T>::data_type
389 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex()));
393 typename ProgramStateTrait<T>::lookup_type
394 get(typename ProgramStateTrait<T>::key_type key) const {
395 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());
396 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key);
399 template <typename T>
400 typename ProgramStateTrait<T>::context_type get_context() const;
404 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const;
407 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K,
408 typename ProgramStateTrait<T>::context_type C) const;
409 template <typename T>
410 ProgramStateRef remove() const;
413 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const;
416 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K,
417 typename ProgramStateTrait<T>::value_type E) const;
420 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K,
421 typename ProgramStateTrait<T>::value_type E,
422 typename ProgramStateTrait<T>::context_type C) const;
425 bool contains(typename ProgramStateTrait<T>::key_type key) const {
426 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());
427 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key);
431 void print(raw_ostream &Out, const char *nl = "\n",
432 const char *sep = "") const;
433 void printDOT(raw_ostream &Out) const;
434 void printTaint(raw_ostream &Out, const char *nl = "\n",
435 const char *sep = "") const;
438 void dumpTaint() const;
441 friend void ProgramStateRetain(const ProgramState *state);
442 friend void ProgramStateRelease(const ProgramState *state);
444 /// \sa invalidateValues()
445 /// \sa invalidateRegions()
447 invalidateRegionsImpl(ArrayRef<SVal> Values,
448 const Expr *E, unsigned BlockCount,
449 const LocationContext *LCtx,
450 bool ResultsInSymbolEscape,
451 InvalidatedSymbols *IS,
452 RegionAndSymbolInvalidationTraits *HTraits,
453 const CallEvent *Call) const;
456 //===----------------------------------------------------------------------===//
457 // ProgramStateManager - Factory object for ProgramStates.
458 //===----------------------------------------------------------------------===//
460 class ProgramStateManager {
461 friend class ProgramState;
462 friend void ProgramStateRelease(const ProgramState *state);
464 /// Eng - The SubEngine that owns this state manager.
465 SubEngine *Eng; /* Can be null. */
467 EnvironmentManager EnvMgr;
468 std::unique_ptr<StoreManager> StoreMgr;
469 std::unique_ptr<ConstraintManager> ConstraintMgr;
471 ProgramState::GenericDataMap::Factory GDMFactory;
472 TaintedSubRegions::Factory TSRFactory;
474 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy;
475 GDMContextsTy GDMContexts;
477 /// StateSet - FoldingSet containing all the states created for analyzing
478 /// a particular function. This is used to unique states.
479 llvm::FoldingSet<ProgramState> StateSet;
481 /// Object that manages the data for all created SVals.
482 std::unique_ptr<SValBuilder> svalBuilder;
484 /// Manages memory for created CallEvents.
485 std::unique_ptr<CallEventManager> CallEventMgr;
487 /// A BumpPtrAllocator to allocate states.
488 llvm::BumpPtrAllocator &Alloc;
490 /// A vector of ProgramStates that we can reuse.
491 std::vector<ProgramState *> freeStates;
494 ProgramStateManager(ASTContext &Ctx,
495 StoreManagerCreator CreateStoreManager,
496 ConstraintManagerCreator CreateConstraintManager,
497 llvm::BumpPtrAllocator& alloc,
500 ~ProgramStateManager();
502 ProgramStateRef getInitialState(const LocationContext *InitLoc);
504 ASTContext &getContext() { return svalBuilder->getContext(); }
505 const ASTContext &getContext() const { return svalBuilder->getContext(); }
507 BasicValueFactory &getBasicVals() {
508 return svalBuilder->getBasicValueFactory();
511 SValBuilder &getSValBuilder() {
515 SymbolManager &getSymbolManager() {
516 return svalBuilder->getSymbolManager();
518 const SymbolManager &getSymbolManager() const {
519 return svalBuilder->getSymbolManager();
522 llvm::BumpPtrAllocator& getAllocator() { return Alloc; }
524 MemRegionManager& getRegionManager() {
525 return svalBuilder->getRegionManager();
527 const MemRegionManager& getRegionManager() const {
528 return svalBuilder->getRegionManager();
531 CallEventManager &getCallEventManager() { return *CallEventMgr; }
533 StoreManager& getStoreManager() { return *StoreMgr; }
534 ConstraintManager& getConstraintManager() { return *ConstraintMgr; }
535 SubEngine* getOwningEngine() { return Eng; }
537 ProgramStateRef removeDeadBindings(ProgramStateRef St,
538 const StackFrameContext *LCtx,
539 SymbolReaper& SymReaper);
543 SVal ArrayToPointer(Loc Array, QualType ElementTy) {
544 return StoreMgr->ArrayToPointer(Array, ElementTy);
547 // Methods that manipulate the GDM.
548 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data);
549 ProgramStateRef removeGDM(ProgramStateRef state, void *Key);
551 // Methods that query & manipulate the Store.
553 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) {
554 StoreMgr->iterBindings(state->getStore(), F);
557 ProgramStateRef getPersistentState(ProgramState &Impl);
558 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState,
559 ProgramStateRef GDMState);
561 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) {
562 return S1->Env == S2->Env;
565 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) {
566 return S1->store == S2->store;
569 //==---------------------------------------------------------------------==//
570 // Generic Data Map methods.
571 //==---------------------------------------------------------------------==//
573 // ProgramStateManager and ProgramState support a "generic data map" that allows
574 // different clients of ProgramState objects to embed arbitrary data within a
575 // ProgramState object. The generic data map is essentially an immutable map
576 // from a "tag" (that acts as the "key" for a client) and opaque values.
577 // Tags/keys and values are simply void* values. The typical way that clients
578 // generate unique tags are by taking the address of a static variable.
579 // Clients are responsible for ensuring that data values referred to by a
580 // the data pointer are immutable (and thus are essentially purely functional
583 // The templated methods below use the ProgramStateTrait<T> class
584 // to resolve keys into the GDM and to return data values to clients.
587 // Trait based GDM dispatch.
588 template <typename T>
589 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) {
590 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
591 ProgramStateTrait<T>::MakeVoidPtr(D));
595 ProgramStateRef set(ProgramStateRef st,
596 typename ProgramStateTrait<T>::key_type K,
597 typename ProgramStateTrait<T>::value_type V,
598 typename ProgramStateTrait<T>::context_type C) {
600 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
601 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C)));
604 template <typename T>
605 ProgramStateRef add(ProgramStateRef st,
606 typename ProgramStateTrait<T>::key_type K,
607 typename ProgramStateTrait<T>::context_type C) {
608 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
609 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C)));
612 template <typename T>
613 ProgramStateRef remove(ProgramStateRef st,
614 typename ProgramStateTrait<T>::key_type K,
615 typename ProgramStateTrait<T>::context_type C) {
617 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
618 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C)));
621 template <typename T>
622 ProgramStateRef remove(ProgramStateRef st) {
623 return removeGDM(st, ProgramStateTrait<T>::GDMIndex());
626 void *FindGDMContext(void *index,
627 void *(*CreateContext)(llvm::BumpPtrAllocator&),
628 void (*DeleteContext)(void*));
630 template <typename T>
631 typename ProgramStateTrait<T>::context_type get_context() {
632 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(),
633 ProgramStateTrait<T>::CreateContext,
634 ProgramStateTrait<T>::DeleteContext);
636 return ProgramStateTrait<T>::MakeContext(p);
639 void EndPath(ProgramStateRef St) {
640 ConstraintMgr->EndPath(St);
645 //===----------------------------------------------------------------------===//
646 // Out-of-line method definitions for ProgramState.
647 //===----------------------------------------------------------------------===//
649 inline ConstraintManager &ProgramState::getConstraintManager() const {
650 return stateMgr->getConstraintManager();
653 inline const VarRegion* ProgramState::getRegion(const VarDecl *D,
654 const LocationContext *LC) const
656 return getStateManager().getRegionManager().getVarRegion(D, LC);
659 inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond,
660 bool Assumption) const {
661 if (Cond.isUnknown())
664 return getStateManager().ConstraintMgr
665 ->assume(this, Cond.castAs<DefinedSVal>(), Assumption);
668 inline std::pair<ProgramStateRef , ProgramStateRef >
669 ProgramState::assume(DefinedOrUnknownSVal Cond) const {
670 if (Cond.isUnknown())
671 return std::make_pair(this, this);
673 return getStateManager().ConstraintMgr
674 ->assumeDual(this, Cond.castAs<DefinedSVal>());
677 inline ProgramStateRef ProgramState::assumeInclusiveRange(
678 DefinedOrUnknownSVal Val, const llvm::APSInt &From, const llvm::APSInt &To,
679 bool Assumption) const {
683 assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");
685 return getStateManager().ConstraintMgr->assumeInclusiveRange(
686 this, Val.castAs<NonLoc>(), From, To, Assumption);
689 inline std::pair<ProgramStateRef, ProgramStateRef>
690 ProgramState::assumeInclusiveRange(DefinedOrUnknownSVal Val,
691 const llvm::APSInt &From,
692 const llvm::APSInt &To) const {
694 return std::make_pair(this, this);
696 assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");
698 return getStateManager().ConstraintMgr->assumeInclusiveRangeDual(
699 this, Val.castAs<NonLoc>(), From, To);
702 inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V, const LocationContext *LCtx) const {
703 if (Optional<Loc> L = LV.getAs<Loc>())
704 return bindLoc(*L, V, LCtx);
708 inline Loc ProgramState::getLValue(const VarDecl *VD,
709 const LocationContext *LC) const {
710 return getStateManager().StoreMgr->getLValueVar(VD, LC);
713 inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal,
714 const LocationContext *LC) const {
715 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC);
718 inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const {
719 return getStateManager().StoreMgr->getLValueIvar(D, Base);
722 inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const {
723 return getStateManager().StoreMgr->getLValueField(D, Base);
726 inline SVal ProgramState::getLValue(const IndirectFieldDecl *D,
728 StoreManager &SM = *getStateManager().StoreMgr;
729 for (const auto *I : D->chain()) {
730 Base = SM.getLValueField(cast<FieldDecl>(I), Base);
736 inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{
737 if (Optional<NonLoc> N = Idx.getAs<NonLoc>())
738 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base);
742 inline SVal ProgramState::getSVal(const Stmt *Ex,
743 const LocationContext *LCtx) const{
744 return Env.getSVal(EnvironmentEntry(Ex, LCtx),
745 *getStateManager().svalBuilder);
749 ProgramState::getSValAsScalarOrLoc(const Stmt *S,
750 const LocationContext *LCtx) const {
751 if (const Expr *Ex = dyn_cast<Expr>(S)) {
752 QualType T = Ex->getType();
753 if (Ex->isGLValue() || Loc::isLocType(T) ||
754 T->isIntegralOrEnumerationType())
755 return getSVal(S, LCtx);
761 inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const {
762 return getStateManager().StoreMgr->getBinding(getStore(), LV, T);
765 inline SVal ProgramState::getSVal(const MemRegion* R, QualType T) const {
766 return getStateManager().StoreMgr->getBinding(getStore(),
767 loc::MemRegionVal(R),
771 inline BasicValueFactory &ProgramState::getBasicVals() const {
772 return getStateManager().getBasicVals();
775 inline SymbolManager &ProgramState::getSymbolManager() const {
776 return getStateManager().getSymbolManager();
780 ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const {
781 return getStateManager().add<T>(this, K, get_context<T>());
784 template <typename T>
785 typename ProgramStateTrait<T>::context_type ProgramState::get_context() const {
786 return getStateManager().get_context<T>();
790 ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const {
791 return getStateManager().remove<T>(this, K, get_context<T>());
795 ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K,
796 typename ProgramStateTrait<T>::context_type C) const {
797 return getStateManager().remove<T>(this, K, C);
800 template <typename T>
801 ProgramStateRef ProgramState::remove() const {
802 return getStateManager().remove<T>(this);
806 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const {
807 return getStateManager().set<T>(this, D);
811 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,
812 typename ProgramStateTrait<T>::value_type E) const {
813 return getStateManager().set<T>(this, K, E, get_context<T>());
817 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,
818 typename ProgramStateTrait<T>::value_type E,
819 typename ProgramStateTrait<T>::context_type C) const {
820 return getStateManager().set<T>(this, K, E, C);
823 template <typename CB>
824 CB ProgramState::scanReachableSymbols(SVal val) const {
826 scanReachableSymbols(val, cb);
830 template <typename CB>
831 CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const {
833 scanReachableSymbols(beg, end, cb);
837 template <typename CB>
838 CB ProgramState::scanReachableSymbols(const MemRegion * const *beg,
839 const MemRegion * const *end) const {
841 scanReachableSymbols(beg, end, cb);
845 /// \class ScanReachableSymbols
846 /// A utility class that visits the reachable symbols using a custom
847 /// SymbolVisitor. Terminates recursive traversal when the visitor function
849 class ScanReachableSymbols {
850 typedef llvm::DenseSet<const void*> VisitedItems;
852 VisitedItems visited;
853 ProgramStateRef state;
854 SymbolVisitor &visitor;
856 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor &v)
857 : state(std::move(st)), visitor(v) {}
859 bool scan(nonloc::LazyCompoundVal val);
860 bool scan(nonloc::CompoundVal val);
862 bool scan(const MemRegion *R);
863 bool scan(const SymExpr *sym);
866 } // end ento namespace
868 } // end clang namespace
projects / FreeBSD / FreeBSD.git / blob