This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/clang/StaticAnalyzer/Core/PathSensitive/
-
clang/
-
StaticAnalyzer/
-
Core/
-
PathSensitive/
1
ProgramState.h

Differential D26762

Add a method to obtain this SVal of a method that created given StackFrameCtx
Needs ReviewPublic

Authored by k-wisniewski on Nov 16 2016, 12:17 PM.

Download Raw Diff

Details

Reviewers

dcoughlin
a.sidorin
zaks.anna
NoQ

Summary

Artem Dergachev (@NoQ ) helped me correctly handle C++ method calls in my RecursionChecker (that finds infnite recursion) and this is the method that I use to obtain SVal of "this" parameter of a method call represented by StackFrameCtx.

Diff Detail

Event Timeline

k-wisniewski updated this revision to Diff 78244.Nov 16 2016, 12:17 PM

k-wisniewski retitled this revision from to Add a method to obtain this SVal of a method that created given StackFrameCtx.

k-wisniewski updated this object.

k-wisniewski added reviewers: a.sidorin, zaks.anna, NoQ, dcoughlin.

k-wisniewski added subscribers: cfe-commits, NoQ.

I think this method, unlike D26760, doesn't have the problem with overwriting the location in the top frame, because the location of C++ "this" cannot really be assigned to.

Thanks for the patch!

How does this differ from getCXXThisVal() on CXXInstanceCall and its subclasses in CallEvent.h? Can that be used instead? Or are there places where you need access to this without a CallEvent?

Also: it seems like there are a lot of places in the analyzer codebase that do this dance (get the 'this' pointer, load from it). Can they be safely replaced with calls to this helper? If so, that would be awesome.

include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
782	Why this overload of getCXXThis() and not the one taking a CXXMethodDecl?

NoQ added a child revision: D26589: Add static analyzer checker for finding infinite recursion.Nov 18 2016, 4:41 PM

I have added method for getting Objective-C message receivers (as it is related somewhat). This might however be broken for super calls as @NoQ told me as I was writing this comment. @dcoughlin - yes, there are cases when I don't have call event and need to get SVal for instance with which the method was called. The example is when I go up the call stack in RecursionChecker. I have changed CXXRecordDecl to CXXMethodDecl following your suggestion.

I see. You are handling more types of calls with this API! However, Similarly to the comment in the related patch, I think we should reuse the logic from CallEvent.

Revision Contents

Path

Size

include/

clang/

StaticAnalyzer/

Core/

PathSensitive/

ProgramState.h

47 lines

Diff 79213

include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h

//== ProgramState.h - Path-sensitive "State" for tracking values -- C++ ---=//		//== ProgramState.h - Path-sensitive "State" for tracking values -- C++ ---=//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
// This file defines the state of the program along the analysisa path.		// This file defines the state of the program along the analysisa path.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H		#ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H
#define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H		#define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_PROGRAMSTATE_H

		#include "clang/AST/ExprCXX.h"
#include "clang/Basic/LLVM.h"		#include "clang/Basic/LLVM.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicTypeInfo.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/Environment.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h"
▲ Show 20 Lines • Show All 268 Lines • ▼ Show 20 Lines	public:

/// Get the lvalue for an array index.		/// Get the lvalue for an array index.
SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;		SVal getLValue(QualType ElementType, SVal Idx, SVal Base) const;

/// Get the symbolic value of arguments used in a call		/// Get the symbolic value of arguments used in a call
/// that created the given stack frame		/// that created the given stack frame
SVal getArgSVal(const StackFrameContext *SFC, const unsigned ArgIdx) const;		SVal getArgSVal(const StackFrameContext *SFC, const unsigned ArgIdx) const;

		/// Get the symbolic value of the "this" object for a method call
		/// that created the given stack frame. Returns None if the
		/// stack frame does not represent a method call.
		Optional<SVal> getThisSVal(const StackFrameContext *SFC) const;

		/// Get the symbolic value of the receiveer object for a method call
		/// that created the given stack frame. Returns None if the
		/// stack frame does not represent a method call.
		Optional<SVal> getObjCMessageReceiverSVal(const StackFrameContext *SFC) const;

/// Returns the SVal bound to the statement 'S' in the state's environment.		/// Returns the SVal bound to the statement 'S' in the state's environment.
SVal getSVal(const Stmt S, const LocationContext LCtx) const;		SVal getSVal(const Stmt S, const LocationContext LCtx) const;

SVal getSValAsScalarOrLoc(const Stmt Ex, const LocationContext LCtx) const;		SVal getSValAsScalarOrLoc(const Stmt Ex, const LocationContext LCtx) const;

/// \brief Return the value bound to the specified location.		/// \brief Return the value bound to the specified location.
/// Returns UnknownVal() if none found.		/// Returns UnknownVal() if none found.
SVal getSVal(Loc LV, QualType T = QualType()) const;		SVal getSVal(Loc LV, QualType T = QualType()) const;
▲ Show 20 Lines • Show All 445 Lines • ▼ Show 20 Lines	if (SFC->inTopFrame()) {
// region may have been purged as no longer needed.		// region may have been purged as no longer needed.
const Stmt *callSite = SFC->getCallSite();		const Stmt *callSite = SFC->getCallSite();
const CallExpr *callSiteExpr = dyn_cast<CallExpr>(callSite);		const CallExpr *callSiteExpr = dyn_cast<CallExpr>(callSite);
const Expr *argExpr = callSiteExpr->getArg(ArgIdx);		const Expr *argExpr = callSiteExpr->getArg(ArgIdx);
return getSVal(argExpr, SFC->getParent());		return getSVal(argExpr, SFC->getParent());
}		}
}		}

		inline Optional<SVal>
		ProgramState::getThisSVal(const StackFrameContext *SFC) const {
		if (SFC->inTopFrame()) {
		const FunctionDecl *FD = SFC->getDecl()->getAsFunction();
		if (!FD)
		return None;
		const CXXMethodDecl *MD = dyn_cast_or_null<CXXMethodDecl>(FD->getParent());
		if (!MD)
		return None;
		Loc ThisLoc = getStateManager().getSValBuilder().getCXXThis(MD, SFC);
		dcoughlinUnsubmitted Not Done Reply Inline Actions Why this overload of getCXXThis() and not the one taking a CXXMethodDecl? dcoughlin: Why this overload of getCXXThis() and not the one taking a CXXMethodDecl?
		return getSVal(ThisLoc);
		} else {
		const Stmt *S = SFC->getCallSite();
		if (!S)
		return None;
		if (const auto *MCE = dyn_cast<CXXMemberCallExpr>(S))
		return getSVal(MCE->getImplicitObjectArgument(), SFC->getParent());
		else if (const auto *CCE = dyn_cast<CXXConstructExpr>(S))
		return getSVal(CCE, SFC->getParent());
		return None;
		}
		}

		inline Optional<SVal>
		ProgramState::getObjCMessageReceiverSVal(const StackFrameContext *SFC) const {
		if (SFC->inTopFrame()) {
		const ObjCMethodDecl *methodDecl = dyn_cast<ObjCMethodDecl>(SFC->getDecl());
		Loc SelfLoc = getLValue(methodDecl->getSelfDecl(), SFC);
		return getSVal(SelfLoc);
		} else {
		const ObjCMessageExpr *messageExpr =
		dyn_cast<ObjCMessageExpr>(SFC->getCallSite());
		return getSVal(messageExpr->getInstanceReceiver(), SFC);
		}
		}

inline SVal ProgramState::getSVal(const Stmt *Ex,		inline SVal ProgramState::getSVal(const Stmt *Ex,
const LocationContext *LCtx) const{		const LocationContext *LCtx) const{
return Env.getSVal(EnvironmentEntry(Ex, LCtx),		return Env.getSVal(EnvironmentEntry(Ex, LCtx),
*getStateManager().svalBuilder);		*getStateManager().svalBuilder);
}		}

inline SVal		inline SVal
ProgramState::getSValAsScalarOrLoc(const Stmt *S,		ProgramState::getSValAsScalarOrLoc(const Stmt *S,
▲ Show 20 Lines • Show All 119 Lines • Show Last 20 Lines