This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/clang/StaticAnalyzer/Core/PathSensitive/
-
clang/
-
StaticAnalyzer/
-
Core/
-
PathSensitive/
2
ProgramState.h

Differential D26760

Add the way to extract SVals of arguments used in a call for a given StackFrameCtx
AbandonedPublic

Authored by NoQ on Nov 16 2016, 12:06 PM.

Download Raw Diff

Details

Reviewers

dcoughlin
a.sidorin
zaks.anna
k-wisniewski

Summary

This patch adds getArgsSVal method to ProgramState that allows the user to obtain SVals of argumetns used in a call that created the given StackFrameCtx. I know this isn't perfect (Alexey Sidorin pointed out that there is a problem with line 741 - argument values may be overwritten) but wanted to submit it separate from other changes that I do and find _the_ right solution.

Diff Detail

Event Timeline

k-wisniewski updated this revision to Diff 78241.Nov 16 2016, 12:06 PM

k-wisniewski retitled this revision from to Add the way to extract SVals of arguments used in a call for a given StackFrameCtx.

k-wisniewski updated this object.

k-wisniewski added reviewers: a.sidorin, NoQ, dcoughlin, zaks.anna.

k-wisniewski added a subscriber: cfe-commits.

NoQ mentioned this in D26762: Add a method to obtain this SVal of a method that created given StackFrameCtx.Nov 16 2016, 12:41 PM

I'm ok with constructing SymbolRegionValue for ArgLoc manually and adding a comment like FIXME: leaking implementation details of RegionStoreManager.

NoQ added a child revision: D26589: Add static analyzer checker for finding infinite recursion.Nov 18 2016, 4:41 PM

Note that the uncontrolled recursion checker will not be able to test this overwrite problem, because overwriting the argument region spoils the stack frame for it.

include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
743	Hmm, this should work: ~ 743 StoreManager &storeMgr = stateMgr->getStoreManager(); + 744 return storeMgr.getBinding(storeMgr.getInitialStore(SFC).getStore(), + 745 ArgLoc);

NoQ added inline comments.Nov 18 2016, 5:35 PM

include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
739	Rather in the environment. In fact, here we are relying on the store to always have something for us, even if wasn't directly bound earlier.

Seems to become outdated with D27091.

NoQ abandoned this revision.Nov 30 2016, 12:02 AM

Revision Contents

Path

Size

include/

clang/

StaticAnalyzer/

Core/

PathSensitive/

ProgramState.h

26 lines

Diff 78241

include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h

Show First 20 Lines • Show All 288 Lines • ▼ Show 20 Lines	public:
SVal getLValue(const FieldDecl *decl, SVal Base) const;		SVal getLValue(const FieldDecl *decl, SVal Base) const;

/// Get the lvalue for an indirect field reference.		/// Get the lvalue for an indirect field reference.
SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const;		SVal getLValue(const IndirectFieldDecl *decl, SVal Base) const;

/// Get the lvalue for an array index.		/// Get the lvalue for an array index.
SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;		SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;

		/// Get the symbolic value of arguments used in a call
		/// that created the given stack frame
		SVal getArgSVal(const StackFrameContext *SFC, const unsigned ArgIdx) const;

/// Returns the SVal bound to the statement 'S' in the state's environment.		/// Returns the SVal bound to the statement 'S' in the state's environment.
SVal getSVal(const Stmt S, const LocationContext LCtx) const;		SVal getSVal(const Stmt S, const LocationContext LCtx) const;

SVal getSValAsScalarOrLoc(const Stmt Ex, const LocationContext LCtx) const;		SVal getSValAsScalarOrLoc(const Stmt Ex, const LocationContext LCtx) const;

/// \brief Return the value bound to the specified location.		/// \brief Return the value bound to the specified location.
/// Returns UnknownVal() if none found.		/// Returns UnknownVal() if none found.
SVal getSVal(Loc LV, QualType T = QualType()) const;		SVal getSVal(Loc LV, QualType T = QualType()) const;
▲ Show 20 Lines • Show All 415 Lines • ▼ Show 20 Lines
}		}

inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{		inline SVal ProgramState::getLValue(QualType ElementType, SVal Idx, SVal Base) const{
if (Optional<NonLoc> N = Idx.getAs<NonLoc>())		if (Optional<NonLoc> N = Idx.getAs<NonLoc>())
return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base);		return getStateManager().StoreMgr->getLValueElement(ElementType, *N, Base);
return UnknownVal();		return UnknownVal();
}		}

		inline SVal ProgramState::getArgSVal(const StackFrameContext *SFC,
		const unsigned ArgIdx) const {
		const FunctionDecl *FunctionDecl = SFC->getDecl()->getAsFunction();
		unsigned NumArgs = FunctionDecl->getNumParams();
		assert(ArgIdx < NumArgs && "Arg access out of range!");

		if (SFC->inTopFrame()) {
		// if we are in the top frame we don't have any arguments bound in the store
		NoQAuthorUnsubmitted Not Done Reply Inline Actions Rather in the environment. In fact, here we are relying on the store to always have something for us, even if wasn't directly bound earlier. NoQ: Rather in the environment. In fact, here we are relying on the store to always have something…
		// because the call wasn't modeled in the first place.
		const VarDecl *ArgDecl = FunctionDecl->parameters()[ArgIdx];
		const Loc ArgLoc = getLValue(ArgDecl, SFC);
		return getSVal(ArgLoc);
		NoQAuthorUnsubmitted Not Done Reply Inline Actions Hmm, this should work: ~ 743 StoreManager &storeMgr = stateMgr->getStoreManager(); + 744 return storeMgr.getBinding(storeMgr.getInitialStore(SFC).getStore(), + 745 ArgLoc); NoQ: Hmm, this should work: ``` ~ 743 StoreManager &storeMgr = stateMgr->getStoreManager(); +…
		} else {
		// in this case we need to ask the environment as the arguments' memory
		// region may have been purged as no longer needed.
		const Stmt *callSite = SFC->getCallSite();
		const CallExpr *callSiteExpr = dyn_cast<CallExpr>(callSite);
		const Expr *argExpr = callSiteExpr->getArg(ArgIdx);
		return getSVal(argExpr, SFC->getParent());
		}
		}

inline SVal ProgramState::getSVal(const Stmt *Ex,		inline SVal ProgramState::getSVal(const Stmt *Ex,
const LocationContext *LCtx) const{		const LocationContext *LCtx) const{
return Env.getSVal(EnvironmentEntry(Ex, LCtx),		return Env.getSVal(EnvironmentEntry(Ex, LCtx),
*getStateManager().svalBuilder);		*getStateManager().svalBuilder);
}		}

inline SVal		inline SVal
ProgramState::getSValAsScalarOrLoc(const Stmt *S,		ProgramState::getSValAsScalarOrLoc(const Stmt *S,
▲ Show 20 Lines • Show All 119 Lines • Show Last 20 Lines