1 //== ProgramState.h - Path-sensitive "State" for tracking values -*- C++ -*--=//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file defines the state of the program along the analysisa path.
12 //===----------------------------------------------------------------------===//
14 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
15 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
17 #include "clang/Basic/LLVM.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h"
21 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
22 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
23 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
24 #include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h"
25 #include "llvm/ADT/FoldingSet.h"
26 #include "llvm/ADT/ImmutableMap.h"
27 #include "llvm/Support/Allocator.h"
40 class CallEventManager;
42 typedef std::unique_ptr<ConstraintManager>(*ConstraintManagerCreator)(
43 ProgramStateManager &, SubEngine *);
44 typedef std::unique_ptr<StoreManager>(*StoreManagerCreator)(
45 ProgramStateManager &);
46 typedef llvm::ImmutableMap<const SubRegion*, TaintTagType> TaintedSubRegions;
48 //===----------------------------------------------------------------------===//
49 // ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState.
50 //===----------------------------------------------------------------------===//
52 template <typename T> struct ProgramStatePartialTrait;
54 template <typename T> struct ProgramStateTrait {
55 typedef typename T::data_type data_type;
56 static inline void *MakeVoidPtr(data_type D) { return (void*) D; }
57 static inline data_type MakeData(void *const* P) {
58 return P ? (data_type) *P : (data_type) 0;
62 /// \class ProgramState
63 /// ProgramState - This class encapsulates:
65 /// 1. A mapping from expressions to values (Environment)
66 /// 2. A mapping from locations to values (Store)
67 /// 3. Constraints on symbolic values (GenericDataMap)
69 /// Together these represent the "abstract state" of a program.
71 /// ProgramState is intended to be used as a functional object; that is,
72 /// once it is created and made "persistent" in a FoldingSet, its
73 /// values will never change.
74 class ProgramState : public llvm::FoldingSetNode {
76 typedef llvm::ImmutableSet<llvm::APSInt*> IntSetTy;
77 typedef llvm::ImmutableMap<void*, void*> GenericDataMap;
80 void operator=(const ProgramState& R) = delete;
82 friend class ProgramStateManager;
83 friend class ExplodedGraph;
84 friend class ExplodedNode;
86 ProgramStateManager *stateMgr;
87 Environment Env; // Maps a Stmt to its current SVal.
88 Store store; // Maps a location to its current value.
89 GenericDataMap GDM; // Custom data stored by a client of this class.
92 /// makeWithStore - Return a ProgramState with the same values as the current
93 /// state with the exception of using the specified Store.
94 ProgramStateRef makeWithStore(const StoreRef &store) const;
96 void setStore(const StoreRef &storeRef);
99 /// This ctor is used when creating the first ProgramState object.
100 ProgramState(ProgramStateManager *mgr, const Environment& env,
101 StoreRef st, GenericDataMap gdm);
103 /// Copy ctor - We must explicitly define this or else the "Next" ptr
104 /// in FoldingSetNode will also get copied.
105 ProgramState(const ProgramState &RHS);
109 /// Return the ProgramStateManager associated with this state.
110 ProgramStateManager &getStateManager() const {
114 /// Return the ConstraintManager.
115 ConstraintManager &getConstraintManager() const;
117 /// getEnvironment - Return the environment associated with this state.
118 /// The environment is the mapping from expressions to values.
119 const Environment& getEnvironment() const { return Env; }
121 /// Return the store associated with this state. The store
122 /// is a mapping from locations to values.
123 Store getStore() const { return store; }
126 /// getGDM - Return the generic data map associated with this state.
127 GenericDataMap getGDM() const { return GDM; }
129 void setGDM(GenericDataMap gdm) { GDM = gdm; }
131 /// Profile - Profile the contents of a ProgramState object for use in a
132 /// FoldingSet. Two ProgramState objects are considered equal if they
133 /// have the same Environment, Store, and GenericDataMap.
134 static void Profile(llvm::FoldingSetNodeID& ID, const ProgramState *V) {
136 ID.AddPointer(V->store);
140 /// Profile - Used to profile the contents of this object for inclusion
142 void Profile(llvm::FoldingSetNodeID& ID) const {
146 BasicValueFactory &getBasicVals() const;
147 SymbolManager &getSymbolManager() const;
149 //==---------------------------------------------------------------------==//
150 // Constraints on values.
151 //==---------------------------------------------------------------------==//
153 // Each ProgramState records constraints on symbolic values. These constraints
154 // are managed using the ConstraintManager associated with a ProgramStateManager.
155 // As constraints gradually accrue on symbolic values, added constraints
156 // may conflict and indicate that a state is infeasible (as no real values
157 // could satisfy all the constraints). This is the principal mechanism
158 // for modeling path-sensitivity in ExprEngine/ProgramState.
160 // Various "assume" methods form the interface for adding constraints to
161 // symbolic values. A call to 'assume' indicates an assumption being placed
162 // on one or symbolic values. 'assume' methods take the following inputs:
164 // (1) A ProgramState object representing the current state.
166 // (2) The assumed constraint (which is specific to a given "assume" method).
168 // (3) A binary value "Assumption" that indicates whether the constraint is
169 // assumed to be true or false.
171 // The output of "assume*" is a new ProgramState object with the added constraints.
172 // If no new state is feasible, NULL is returned.
175 /// Assumes that the value of \p cond is zero (if \p assumption is "false")
176 /// or non-zero (if \p assumption is "true").
178 /// This returns a new state with the added constraint on \p cond.
179 /// If no new state is feasible, NULL is returned.
180 ProgramStateRef assume(DefinedOrUnknownSVal cond, bool assumption) const;
182 /// Assumes both "true" and "false" for \p cond, and returns both
183 /// corresponding states (respectively).
185 /// This is more efficient than calling assume() twice. Note that one (but not
186 /// both) of the returned states may be NULL.
187 std::pair<ProgramStateRef, ProgramStateRef>
188 assume(DefinedOrUnknownSVal cond) const;
190 ProgramStateRef assumeInBound(DefinedOrUnknownSVal idx,
191 DefinedOrUnknownSVal upperBound,
193 QualType IndexType = QualType()) const;
195 /// Assumes that the value of \p Val is bounded with [\p From; \p To]
196 /// (if \p assumption is "true") or it is fully out of this range
197 /// (if \p assumption is "false").
199 /// This returns a new state with the added constraint on \p cond.
200 /// If no new state is feasible, NULL is returned.
201 ProgramStateRef assumeInclusiveRange(DefinedOrUnknownSVal Val,
202 const llvm::APSInt &From,
203 const llvm::APSInt &To,
204 bool assumption) const;
206 /// Assumes given range both "true" and "false" for \p Val, and returns both
207 /// corresponding states (respectively).
209 /// This is more efficient than calling assume() twice. Note that one (but not
210 /// both) of the returned states may be NULL.
211 std::pair<ProgramStateRef, ProgramStateRef>
212 assumeInclusiveRange(DefinedOrUnknownSVal Val, const llvm::APSInt &From,
213 const llvm::APSInt &To) const;
215 /// \brief Check if the given SVal is constrained to zero or is a zero
217 ConditionTruthVal isNull(SVal V) const;
219 /// Utility method for getting regions.
220 const VarRegion* getRegion(const VarDecl *D, const LocationContext *LC) const;
222 //==---------------------------------------------------------------------==//
223 // Binding and retrieving values to/from the environment and symbolic store.
224 //==---------------------------------------------------------------------==//
226 /// Create a new state by binding the value 'V' to the statement 'S' in the
227 /// state's environment.
228 ProgramStateRef BindExpr(const Stmt *S, const LocationContext *LCtx,
229 SVal V, bool Invalidate = true) const;
231 ProgramStateRef bindLoc(Loc location,
233 const LocationContext *LCtx,
234 bool notifyChanges = true) const;
236 ProgramStateRef bindLoc(SVal location, SVal V, const LocationContext *LCtx) const;
238 ProgramStateRef bindDefault(SVal loc, SVal V, const LocationContext *LCtx) const;
240 ProgramStateRef killBinding(Loc LV) const;
242 /// \brief Returns the state with bindings for the given regions
243 /// cleared from the store.
245 /// Optionally invalidates global regions as well.
247 /// \param Regions the set of regions to be invalidated.
248 /// \param E the expression that caused the invalidation.
249 /// \param BlockCount The number of times the current basic block has been
251 /// \param CausesPointerEscape the flag is set to true when
252 /// the invalidation entails escape of a symbol (representing a
253 /// pointer). For example, due to it being passed as an argument in a
255 /// \param IS the set of invalidated symbols.
256 /// \param Call if non-null, the invalidated regions represent parameters to
257 /// the call and should be considered directly invalidated.
258 /// \param ITraits information about special handling for a particular
261 invalidateRegions(ArrayRef<const MemRegion *> Regions, const Expr *E,
262 unsigned BlockCount, const LocationContext *LCtx,
263 bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,
264 const CallEvent *Call = nullptr,
265 RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;
268 invalidateRegions(ArrayRef<SVal> Regions, const Expr *E,
269 unsigned BlockCount, const LocationContext *LCtx,
270 bool CausesPointerEscape, InvalidatedSymbols *IS = nullptr,
271 const CallEvent *Call = nullptr,
272 RegionAndSymbolInvalidationTraits *ITraits = nullptr) const;
274 /// enterStackFrame - Returns the state for entry to the given stack frame,
275 /// preserving the current state.
276 ProgramStateRef enterStackFrame(const CallEvent &Call,
277 const StackFrameContext *CalleeCtx) const;
279 /// Get the lvalue for a variable reference.
280 Loc getLValue(const VarDecl *D, const LocationContext *LC) const;
282 Loc getLValue(const CompoundLiteralExpr *literal,
283 const LocationContext *LC) const;
285 /// Get the lvalue for an ivar reference.
286 SVal getLValue(const ObjCIvarDecl *decl, SVal base) const;
288 /// Get the lvalue for a field reference.
289 SVal getLValue(const FieldDecl *decl, SVal Base) const;
291 /// Get the lvalue for an indirect field reference.
292 SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const;
294 /// Get the lvalue for an array index.
295 SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;
297 /// Returns the SVal bound to the statement 'S' in the state's environment.
298 SVal getSVal(const Stmt *S, const LocationContext *LCtx) const;
300 SVal getSValAsScalarOrLoc(const Stmt *Ex, const LocationContext *LCtx) const;
302 /// \brief Return the value bound to the specified location.
303 /// Returns UnknownVal() if none found.
304 SVal getSVal(Loc LV, QualType T = QualType()) const;
306 /// Returns the "raw" SVal bound to LV before any value simplfication.
307 SVal getRawSVal(Loc LV, QualType T= QualType()) const;
309 /// \brief Return the value bound to the specified location.
310 /// Returns UnknownVal() if none found.
311 SVal getSVal(const MemRegion* R) const;
313 SVal getSValAsScalarOrLoc(const MemRegion *R) const;
315 /// \brief Visits the symbols reachable from the given SVal using the provided
318 /// This is a convenience API. Consider using ScanReachableSymbols class
319 /// directly when making multiple scans on the same state with the same
320 /// visitor to avoid repeated initialization cost.
321 /// \sa ScanReachableSymbols
322 bool scanReachableSymbols(SVal val, SymbolVisitor& visitor) const;
324 /// \brief Visits the symbols reachable from the SVals in the given range
325 /// using the provided SymbolVisitor.
326 bool scanReachableSymbols(const SVal *I, const SVal *E,
327 SymbolVisitor &visitor) const;
329 /// \brief Visits the symbols reachable from the regions in the given
330 /// MemRegions range using the provided SymbolVisitor.
331 bool scanReachableSymbols(const MemRegion * const *I,
332 const MemRegion * const *E,
333 SymbolVisitor &visitor) const;
335 template <typename CB> CB scanReachableSymbols(SVal val) const;
336 template <typename CB> CB scanReachableSymbols(const SVal *beg,
337 const SVal *end) const;
339 template <typename CB> CB
340 scanReachableSymbols(const MemRegion * const *beg,
341 const MemRegion * const *end) const;
343 /// Create a new state in which the statement is marked as tainted.
344 ProgramStateRef addTaint(const Stmt *S, const LocationContext *LCtx,
345 TaintTagType Kind = TaintTagGeneric) const;
347 /// Create a new state in which the value is marked as tainted.
348 ProgramStateRef addTaint(SVal V, TaintTagType Kind = TaintTagGeneric) const;
350 /// Create a new state in which the symbol is marked as tainted.
351 ProgramStateRef addTaint(SymbolRef S,
352 TaintTagType Kind = TaintTagGeneric) const;
354 /// Create a new state in which the region symbol is marked as tainted.
355 ProgramStateRef addTaint(const MemRegion *R,
356 TaintTagType Kind = TaintTagGeneric) const;
358 /// Create a new state in a which a sub-region of a given symbol is tainted.
359 /// This might be necessary when referring to regions that can not have an
360 /// individual symbol, e.g. if they are represented by the default binding of
361 /// a LazyCompoundVal.
362 ProgramStateRef addPartialTaint(SymbolRef ParentSym,
363 const SubRegion *SubRegion,
364 TaintTagType Kind = TaintTagGeneric) const;
366 /// Check if the statement is tainted in the current state.
367 bool isTainted(const Stmt *S, const LocationContext *LCtx,
368 TaintTagType Kind = TaintTagGeneric) const;
369 bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const;
370 bool isTainted(SymbolRef Sym, TaintTagType Kind = TaintTagGeneric) const;
371 bool isTainted(const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) const;
373 //==---------------------------------------------------------------------==//
374 // Accessing the Generic Data Map (GDM).
375 //==---------------------------------------------------------------------==//
377 void *const* FindGDM(void *K) const;
380 ProgramStateRef add(typename ProgramStateTrait<T>::key_type K) const;
382 template <typename T>
383 typename ProgramStateTrait<T>::data_type
385 return ProgramStateTrait<T>::MakeData(FindGDM(ProgramStateTrait<T>::GDMIndex()));
389 typename ProgramStateTrait<T>::lookup_type
390 get(typename ProgramStateTrait<T>::key_type key) const {
391 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());
392 return ProgramStateTrait<T>::Lookup(ProgramStateTrait<T>::MakeData(d), key);
395 template <typename T>
396 typename ProgramStateTrait<T>::context_type get_context() const;
400 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K) const;
403 ProgramStateRef remove(typename ProgramStateTrait<T>::key_type K,
404 typename ProgramStateTrait<T>::context_type C) const;
405 template <typename T>
406 ProgramStateRef remove() const;
409 ProgramStateRef set(typename ProgramStateTrait<T>::data_type D) const;
412 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K,
413 typename ProgramStateTrait<T>::value_type E) const;
416 ProgramStateRef set(typename ProgramStateTrait<T>::key_type K,
417 typename ProgramStateTrait<T>::value_type E,
418 typename ProgramStateTrait<T>::context_type C) const;
421 bool contains(typename ProgramStateTrait<T>::key_type key) const {
422 void *const* d = FindGDM(ProgramStateTrait<T>::GDMIndex());
423 return ProgramStateTrait<T>::Contains(ProgramStateTrait<T>::MakeData(d), key);
427 void print(raw_ostream &Out, const char *nl = "\n",
428 const char *sep = "") const;
429 void printDOT(raw_ostream &Out) const;
430 void printTaint(raw_ostream &Out, const char *nl = "\n",
431 const char *sep = "") const;
434 void dumpTaint() const;
437 friend void ProgramStateRetain(const ProgramState *state);
438 friend void ProgramStateRelease(const ProgramState *state);
440 /// \sa invalidateValues()
441 /// \sa invalidateRegions()
443 invalidateRegionsImpl(ArrayRef<SVal> Values,
444 const Expr *E, unsigned BlockCount,
445 const LocationContext *LCtx,
446 bool ResultsInSymbolEscape,
447 InvalidatedSymbols *IS,
448 RegionAndSymbolInvalidationTraits *HTraits,
449 const CallEvent *Call) const;
452 //===----------------------------------------------------------------------===//
453 // ProgramStateManager - Factory object for ProgramStates.
454 //===----------------------------------------------------------------------===//
456 class ProgramStateManager {
457 friend class ProgramState;
458 friend void ProgramStateRelease(const ProgramState *state);
460 /// Eng - The SubEngine that owns this state manager.
461 SubEngine *Eng; /* Can be null. */
463 EnvironmentManager EnvMgr;
464 std::unique_ptr<StoreManager> StoreMgr;
465 std::unique_ptr<ConstraintManager> ConstraintMgr;
467 ProgramState::GenericDataMap::Factory GDMFactory;
468 TaintedSubRegions::Factory TSRFactory;
470 typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy;
471 GDMContextsTy GDMContexts;
473 /// StateSet - FoldingSet containing all the states created for analyzing
474 /// a particular function. This is used to unique states.
475 llvm::FoldingSet<ProgramState> StateSet;
477 /// Object that manages the data for all created SVals.
478 std::unique_ptr<SValBuilder> svalBuilder;
480 /// Manages memory for created CallEvents.
481 std::unique_ptr<CallEventManager> CallEventMgr;
483 /// A BumpPtrAllocator to allocate states.
484 llvm::BumpPtrAllocator &Alloc;
486 /// A vector of ProgramStates that we can reuse.
487 std::vector<ProgramState *> freeStates;
490 ProgramStateManager(ASTContext &Ctx,
491 StoreManagerCreator CreateStoreManager,
492 ConstraintManagerCreator CreateConstraintManager,
493 llvm::BumpPtrAllocator& alloc,
496 ~ProgramStateManager();
498 ProgramStateRef getInitialState(const LocationContext *InitLoc);
500 ASTContext &getContext() { return svalBuilder->getContext(); }
501 const ASTContext &getContext() const { return svalBuilder->getContext(); }
503 BasicValueFactory &getBasicVals() {
504 return svalBuilder->getBasicValueFactory();
507 SValBuilder &getSValBuilder() {
511 SymbolManager &getSymbolManager() {
512 return svalBuilder->getSymbolManager();
514 const SymbolManager &getSymbolManager() const {
515 return svalBuilder->getSymbolManager();
518 llvm::BumpPtrAllocator& getAllocator() { return Alloc; }
520 MemRegionManager& getRegionManager() {
521 return svalBuilder->getRegionManager();
523 const MemRegionManager& getRegionManager() const {
524 return svalBuilder->getRegionManager();
527 CallEventManager &getCallEventManager() { return *CallEventMgr; }
529 StoreManager& getStoreManager() { return *StoreMgr; }
530 ConstraintManager& getConstraintManager() { return *ConstraintMgr; }
531 SubEngine* getOwningEngine() { return Eng; }
533 ProgramStateRef removeDeadBindings(ProgramStateRef St,
534 const StackFrameContext *LCtx,
535 SymbolReaper& SymReaper);
539 SVal ArrayToPointer(Loc Array, QualType ElementTy) {
540 return StoreMgr->ArrayToPointer(Array, ElementTy);
543 // Methods that manipulate the GDM.
544 ProgramStateRef addGDM(ProgramStateRef St, void *Key, void *Data);
545 ProgramStateRef removeGDM(ProgramStateRef state, void *Key);
547 // Methods that query & manipulate the Store.
549 void iterBindings(ProgramStateRef state, StoreManager::BindingsHandler& F) {
550 StoreMgr->iterBindings(state->getStore(), F);
553 ProgramStateRef getPersistentState(ProgramState &Impl);
554 ProgramStateRef getPersistentStateWithGDM(ProgramStateRef FromState,
555 ProgramStateRef GDMState);
557 bool haveEqualEnvironments(ProgramStateRef S1, ProgramStateRef S2) {
558 return S1->Env == S2->Env;
561 bool haveEqualStores(ProgramStateRef S1, ProgramStateRef S2) {
562 return S1->store == S2->store;
565 //==---------------------------------------------------------------------==//
566 // Generic Data Map methods.
567 //==---------------------------------------------------------------------==//
569 // ProgramStateManager and ProgramState support a "generic data map" that allows
570 // different clients of ProgramState objects to embed arbitrary data within a
571 // ProgramState object. The generic data map is essentially an immutable map
572 // from a "tag" (that acts as the "key" for a client) and opaque values.
573 // Tags/keys and values are simply void* values. The typical way that clients
574 // generate unique tags are by taking the address of a static variable.
575 // Clients are responsible for ensuring that data values referred to by a
576 // the data pointer are immutable (and thus are essentially purely functional
579 // The templated methods below use the ProgramStateTrait<T> class
580 // to resolve keys into the GDM and to return data values to clients.
583 // Trait based GDM dispatch.
584 template <typename T>
585 ProgramStateRef set(ProgramStateRef st, typename ProgramStateTrait<T>::data_type D) {
586 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
587 ProgramStateTrait<T>::MakeVoidPtr(D));
591 ProgramStateRef set(ProgramStateRef st,
592 typename ProgramStateTrait<T>::key_type K,
593 typename ProgramStateTrait<T>::value_type V,
594 typename ProgramStateTrait<T>::context_type C) {
596 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
597 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Set(st->get<T>(), K, V, C)));
600 template <typename T>
601 ProgramStateRef add(ProgramStateRef st,
602 typename ProgramStateTrait<T>::key_type K,
603 typename ProgramStateTrait<T>::context_type C) {
604 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
605 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Add(st->get<T>(), K, C)));
608 template <typename T>
609 ProgramStateRef remove(ProgramStateRef st,
610 typename ProgramStateTrait<T>::key_type K,
611 typename ProgramStateTrait<T>::context_type C) {
613 return addGDM(st, ProgramStateTrait<T>::GDMIndex(),
614 ProgramStateTrait<T>::MakeVoidPtr(ProgramStateTrait<T>::Remove(st->get<T>(), K, C)));
617 template <typename T>
618 ProgramStateRef remove(ProgramStateRef st) {
619 return removeGDM(st, ProgramStateTrait<T>::GDMIndex());
622 void *FindGDMContext(void *index,
623 void *(*CreateContext)(llvm::BumpPtrAllocator&),
624 void (*DeleteContext)(void*));
626 template <typename T>
627 typename ProgramStateTrait<T>::context_type get_context() {
628 void *p = FindGDMContext(ProgramStateTrait<T>::GDMIndex(),
629 ProgramStateTrait<T>::CreateContext,
630 ProgramStateTrait<T>::DeleteContext);
632 return ProgramStateTrait<T>::MakeContext(p);
635 void EndPath(ProgramStateRef St) {
636 ConstraintMgr->EndPath(St);
641 //===----------------------------------------------------------------------===//
642 // Out-of-line method definitions for ProgramState.
643 //===----------------------------------------------------------------------===//
645 inline ConstraintManager &ProgramState::getConstraintManager() const {
646 return stateMgr->getConstraintManager();
649 inline const VarRegion* ProgramState::getRegion(const VarDecl *D,
650 const LocationContext *LC) const
652 return getStateManager().getRegionManager().getVarRegion(D, LC);
655 inline ProgramStateRef ProgramState::assume(DefinedOrUnknownSVal Cond,
656 bool Assumption) const {
657 if (Cond.isUnknown())
660 return getStateManager().ConstraintMgr
661 ->assume(this, Cond.castAs<DefinedSVal>(), Assumption);
664 inline std::pair<ProgramStateRef , ProgramStateRef >
665 ProgramState::assume(DefinedOrUnknownSVal Cond) const {
666 if (Cond.isUnknown())
667 return std::make_pair(this, this);
669 return getStateManager().ConstraintMgr
670 ->assumeDual(this, Cond.castAs<DefinedSVal>());
673 inline ProgramStateRef ProgramState::assumeInclusiveRange(
674 DefinedOrUnknownSVal Val, const llvm::APSInt &From, const llvm::APSInt &To,
675 bool Assumption) const {
679 assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");
681 return getStateManager().ConstraintMgr->assumeInclusiveRange(
682 this, Val.castAs<NonLoc>(), From, To, Assumption);
685 inline std::pair<ProgramStateRef, ProgramStateRef>
686 ProgramState::assumeInclusiveRange(DefinedOrUnknownSVal Val,
687 const llvm::APSInt &From,
688 const llvm::APSInt &To) const {
690 return std::make_pair(this, this);
692 assert(Val.getAs<NonLoc>() && "Only NonLocs are supported!");
694 return getStateManager().ConstraintMgr->assumeInclusiveRangeDual(
695 this, Val.castAs<NonLoc>(), From, To);
698 inline ProgramStateRef ProgramState::bindLoc(SVal LV, SVal V, const LocationContext *LCtx) const {
699 if (Optional<Loc> L = LV.getAs<Loc>())
700 return bindLoc(*L, V, LCtx);
704 inline Loc ProgramState::getLValue(const VarDecl *VD,
705 const LocationContext *LC) const {
706 return getStateManager().StoreMgr->getLValueVar(VD, LC);
709 inline Loc ProgramState::getLValue(const CompoundLiteralExpr *literal,
710 const LocationContext *LC) const {
711 return getStateManager().StoreMgr->getLValueCompoundLiteral(literal, LC);
714 inline SVal ProgramState::getLValue(const ObjCIvarDecl *D, SVal Base) const {
715 return getStateManager().StoreMgr->getLValueIvar(D, Base);
718 inline SVal ProgramState::getLValue(const FieldDecl *D, SVal Base) const {
719 return getStateManager().StoreMgr->getLValueField(D, Base);
722 inline SVal ProgramState::getLValue(const IndirectFieldDecl *D,
724 StoreManager &SM = *getStateManager().StoreMgr;
725 for (const auto *I : D->chain()) {
726 Base = SM.getLValueField(cast<FieldDecl>(I), Base);
732 inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{
733 if (Optional<NonLoc> N = Idx.getAs<NonLoc>())
734 return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base);
738 inline SVal ProgramState::getSVal(const Stmt *Ex,
739 const LocationContext *LCtx) const{
740 return Env.getSVal(EnvironmentEntry(Ex, LCtx),
741 *getStateManager().svalBuilder);
745 ProgramState::getSValAsScalarOrLoc(const Stmt *S,
746 const LocationContext *LCtx) const {
747 if (const Expr *Ex = dyn_cast<Expr>(S)) {
748 QualType T = Ex->getType();
749 if (Ex->isGLValue() || Loc::isLocType(T) ||
750 T->isIntegralOrEnumerationType())
751 return getSVal(S, LCtx);
757 inline SVal ProgramState::getRawSVal(Loc LV, QualType T) const {
758 return getStateManager().StoreMgr->getBinding(getStore(), LV, T);
761 inline SVal ProgramState::getSVal(const MemRegion* R) const {
762 return getStateManager().StoreMgr->getBinding(getStore(),
763 loc::MemRegionVal(R));
766 inline BasicValueFactory &ProgramState::getBasicVals() const {
767 return getStateManager().getBasicVals();
770 inline SymbolManager &ProgramState::getSymbolManager() const {
771 return getStateManager().getSymbolManager();
775 ProgramStateRef ProgramState::add(typename ProgramStateTrait<T>::key_type K) const {
776 return getStateManager().add<T>(this, K, get_context<T>());
779 template <typename T>
780 typename ProgramStateTrait<T>::context_type ProgramState::get_context() const {
781 return getStateManager().get_context<T>();
785 ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K) const {
786 return getStateManager().remove<T>(this, K, get_context<T>());
790 ProgramStateRef ProgramState::remove(typename ProgramStateTrait<T>::key_type K,
791 typename ProgramStateTrait<T>::context_type C) const {
792 return getStateManager().remove<T>(this, K, C);
795 template <typename T>
796 ProgramStateRef ProgramState::remove() const {
797 return getStateManager().remove<T>(this);
801 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::data_type D) const {
802 return getStateManager().set<T>(this, D);
806 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,
807 typename ProgramStateTrait<T>::value_type E) const {
808 return getStateManager().set<T>(this, K, E, get_context<T>());
812 ProgramStateRef ProgramState::set(typename ProgramStateTrait<T>::key_type K,
813 typename ProgramStateTrait<T>::value_type E,
814 typename ProgramStateTrait<T>::context_type C) const {
815 return getStateManager().set<T>(this, K, E, C);
818 template <typename CB>
819 CB ProgramState::scanReachableSymbols(SVal val) const {
821 scanReachableSymbols(val, cb);
825 template <typename CB>
826 CB ProgramState::scanReachableSymbols(const SVal *beg, const SVal *end) const {
828 scanReachableSymbols(beg, end, cb);
832 template <typename CB>
833 CB ProgramState::scanReachableSymbols(const MemRegion * const *beg,
834 const MemRegion * const *end) const {
836 scanReachableSymbols(beg, end, cb);
840 /// \class ScanReachableSymbols
841 /// A utility class that visits the reachable symbols using a custom
842 /// SymbolVisitor. Terminates recursive traversal when the visitor function
844 class ScanReachableSymbols {
845 typedef llvm::DenseSet<const void*> VisitedItems;
847 VisitedItems visited;
848 ProgramStateRef state;
849 SymbolVisitor &visitor;
851 ScanReachableSymbols(ProgramStateRef st, SymbolVisitor &v)
852 : state(std::move(st)), visitor(v) {}
854 bool scan(nonloc::LazyCompoundVal val);
855 bool scan(nonloc::CompoundVal val);
857 bool scan(const MemRegion *R);
858 bool scan(const SymExpr *sym);
861 } // end ento namespace
863 } // end clang namespace
projects / FreeBSD / FreeBSD.git / blob