This is an archive of the discontinued LLVM Phabricator instance.

Differential D26838

[analyzer] Enforce super-region classes for various memory regions through compile-time and run-time type checks.
ClosedPublic

Authored by NoQ on Nov 17 2016, 11:29 PM.

Details

Reviewers
dcoughlin
a.sidorin
zaks.anna
xazax.hun
Commits
rG6dd11048f53f: [analyzer] Enforce super-region classes for various memory regions.
rC300189: [analyzer] Enforce super-region classes for various memory regions.
rL300189: [analyzer] Enforce super-region classes for various memory regions.
Summary

Put a lot of compile-time and run-time checks on classes of super regions of all SubRegion classes, in order to maintain the existing status quo.
This should make understanding the hierarchy easier, and probably help us catch some bugs.

This is an API-breaking change (we now require explicit casts to specific region sub-classes), but in practice very few checkers are affected.

Diff Detail

Repository
rL LLVM

Event Timeline

NoQ updated this revision to Diff 78475.Nov 17 2016, 11:29 PM
NoQ retitled this revision from to [analyzer] Enforce super-region classes for various memory regions through compile-time and run-time type checks..
NoQ updated this object.
NoQ added reviewers: zaks.anna, dcoughlin, xazax.hun, a.sidorin.
NoQ added a subscriber: cfe-commits.
a.sidorin edited edge metadata.Nov 18 2016, 6:26 AM

Hi Artem!
I like this change mostly but I also have some remarks.

include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
1279 ↗(On Diff #78475)

I think we should perform a cast<> to SubRegion internally in order to keep API simple and do not force clients to introduce casts in their code. This will still allow us to keep nice suggestions about SubRegions/MemSpaces in our hierarchy.

1347 ↗(On Diff #78475)

Maybe we should give types and paramers some more meaningful names as a part of refactoring? At least, the number in A1 is not needed now.

xazax.hun edited edge metadata.Nov 23 2016, 5:44 AM

In general I really like this change. See some of my comments inline.

include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
1279 ↗(On Diff #78475)

I prefer having a stricter static type.

1347 ↗(On Diff #78475)

Agreed.

include/clang/StaticAnalyzer/Core/PathSensitive/Store.h
238 ↗(On Diff #78475)

Shouldn't the return value be at least a SubRegion as well?

lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
492 ↗(On Diff #78475)

Maybe using getRegionAs would be shorter?

lib/StaticAnalyzer/Core/Store.cpp
439 ↗(On Diff #78475)

Also consider getRegionAs.

NoQ added a parent revision: D26837: [analyzer] Litter the SVal/SymExpr/MemRegion class hierarchy with asserts..Nov 29 2016, 4:14 AM
NoQ updated this revision to Diff 79537.Nov 29 2016, 4:29 AM
NoQ edited edge metadata.
NoQ marked 5 inline comments as done.

Thanks for the comments!
Addressed.

include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
1279 ↗(On Diff #78475)

I also believe in "static > dynamic" when it comes to type checks.

1347 ↗(On Diff #78475)

Hmm, should we turn this into a proper variadic function then?

include/clang/StaticAnalyzer/Core/PathSensitive/Store.h
238 ↗(On Diff #78475)

Yep!

Closed by commit rL300189: [analyzer] Enforce super-region classes for various memory regions. (authored by dergachev). · Explain WhyApr 13 2017, 3:08 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
cfe/
trunk/
include/
clang/
StaticAnalyzer/
Core/
PathSensitive/
101 lines
7 lines
lib/
StaticAnalyzer/
Checkers/
MPI-Checker/
4 lines
Core/
3 lines
56 lines
5 lines
6 lines
35 lines

Diff 95093

cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h

Show First 20 LinesShow All 452 Lines▼ Show 20 Lines
/// by a call to 'alloca'. /// by a call to 'alloca'.
class AllocaRegion : public SubRegion { class AllocaRegion : public SubRegion {
friend class MemRegionManager; friend class MemRegionManager;
unsigned Cnt; // Block counter. Used to distinguish different pieces of unsigned Cnt; // Block counter. Used to distinguish different pieces of
// memory allocated by alloca at the same call site. // memory allocated by alloca at the same call site.
const Expr *Ex; const Expr *Ex;
AllocaRegion(const Expr *ex, unsigned cnt, const MemRegion *superRegion) AllocaRegion(const Expr *ex, unsigned cnt, const MemSpaceRegion *superRegion)
: SubRegion(superRegion, AllocaRegionKind), Cnt(cnt), Ex(ex) { : SubRegion(superRegion, AllocaRegionKind), Cnt(cnt), Ex(ex) {
assert(Ex); assert(Ex);
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Expr *Ex, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Expr *Ex,
unsigned Cnt, const MemRegion *superRegion); unsigned Cnt, const MemRegion *superRegion);
public: public:
▲ Show 20 LinesShow All 70 Lines▼ Show 20 Linespublic:
} }
}; };
class CodeTextRegion : public TypedRegion { class CodeTextRegion : public TypedRegion {
virtual void anchor() override; virtual void anchor() override;
protected: protected:
CodeTextRegion(const MemRegion *sreg, Kind k) : TypedRegion(sreg, k) { CodeTextRegion(const MemSpaceRegion *sreg, Kind k) : TypedRegion(sreg, k) {
assert(classof(this)); assert(classof(this));
} }
public: public:
bool isBoundable() const override { return false; } bool isBoundable() const override { return false; }
static bool classof(const MemRegion* R) { static bool classof(const MemRegion* R) {
Kind k = R->getKind(); Kind k = R->getKind();
return k >= BEGIN_CODE_TEXT_REGIONS && k <= END_CODE_TEXT_REGIONS; return k >= BEGIN_CODE_TEXT_REGIONS && k <= END_CODE_TEXT_REGIONS;
} }
}; };
/// FunctionCodeRegion - A region that represents code texts of function. /// FunctionCodeRegion - A region that represents code texts of function.
class FunctionCodeRegion : public CodeTextRegion { class FunctionCodeRegion : public CodeTextRegion {
friend class MemRegionManager; friend class MemRegionManager;
const NamedDecl *FD; const NamedDecl *FD;
FunctionCodeRegion(const NamedDecl *fd, const MemRegion* sreg) FunctionCodeRegion(const NamedDecl *fd, const CodeSpaceRegion* sreg)
: CodeTextRegion(sreg, FunctionCodeRegionKind), FD(fd) { : CodeTextRegion(sreg, FunctionCodeRegionKind), FD(fd) {
assert(isa<ObjCMethodDecl>(fd) || isa<FunctionDecl>(fd)); assert(isa<ObjCMethodDecl>(fd) || isa<FunctionDecl>(fd));
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const NamedDecl *FD, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const NamedDecl *FD,
const MemRegion*); const MemRegion*);
public: public:
Show All 34 Lines
class BlockCodeRegion : public CodeTextRegion { class BlockCodeRegion : public CodeTextRegion {
friend class MemRegionManager; friend class MemRegionManager;
const BlockDecl *BD; const BlockDecl *BD;
AnalysisDeclContext *AC; AnalysisDeclContext *AC;
CanQualType locTy; CanQualType locTy;
BlockCodeRegion(const BlockDecl *bd, CanQualType lTy, BlockCodeRegion(const BlockDecl *bd, CanQualType lTy,
AnalysisDeclContext *ac, const MemRegion* sreg) AnalysisDeclContext *ac, const CodeSpaceRegion* sreg)
: CodeTextRegion(sreg, BlockCodeRegionKind), BD(bd), AC(ac), locTy(lTy) { : CodeTextRegion(sreg, BlockCodeRegionKind), BD(bd), AC(ac), locTy(lTy) {
assert(bd); assert(bd);
assert(ac); assert(ac);
assert(lTy->getTypePtr()->isBlockPointerType()); assert(lTy->getTypePtr()->isBlockPointerType());
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const BlockDecl *BD, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const BlockDecl *BD,
CanQualType, const AnalysisDeclContext*, CanQualType, const AnalysisDeclContext*,
Show All 30 Linesclass BlockDataRegion : public TypedRegion {
const BlockCodeRegion *BC; const BlockCodeRegion *BC;
const LocationContext *LC; // Can be null */ const LocationContext *LC; // Can be null */
unsigned BlockCount; unsigned BlockCount;
void *ReferencedVars; void *ReferencedVars;
void *OriginalVars; void *OriginalVars;
BlockDataRegion(const BlockCodeRegion *bc, const LocationContext *lc, BlockDataRegion(const BlockCodeRegion *bc, const LocationContext *lc,
unsigned count, const MemRegion *sreg) unsigned count, const MemSpaceRegion *sreg)
: TypedRegion(sreg, BlockDataRegionKind), BC(bc), LC(lc), : TypedRegion(sreg, BlockDataRegionKind), BC(bc), LC(lc),
BlockCount(count), ReferencedVars(nullptr), OriginalVars(nullptr) { BlockCount(count), ReferencedVars(nullptr), OriginalVars(nullptr) {
assert(bc); assert(bc);
assert(lc); assert(lc);
assert(isa<GlobalImmutableSpaceRegion>(sreg) ||
isa<StackLocalsSpaceRegion>(sreg) ||
isa<UnknownSpaceRegion>(sreg));
} }
static void ProfileRegion(llvm::FoldingSetNodeID&, const BlockCodeRegion *, static void ProfileRegion(llvm::FoldingSetNodeID&, const BlockCodeRegion *,
const LocationContext *, unsigned, const LocationContext *, unsigned,
const MemRegion *); const MemRegion *);
public: public:
const BlockCodeRegion *getCodeRegion() const { return BC; } const BlockCodeRegion *getCodeRegion() const { return BC; }
▲ Show 20 LinesShow All 57 Lines▼ Show 20 Lines
/// either a real region, a NULL pointer, etc. It essentially is used to /// either a real region, a NULL pointer, etc. It essentially is used to
/// map the concept of symbolic values into the domain of regions. Symbolic /// map the concept of symbolic values into the domain of regions. Symbolic
/// regions do not need to be typed. /// regions do not need to be typed.
class SymbolicRegion : public SubRegion { class SymbolicRegion : public SubRegion {
friend class MemRegionManager; friend class MemRegionManager;
const SymbolRef sym; const SymbolRef sym;
SymbolicRegion(const SymbolRef s, const MemRegion *sreg) SymbolicRegion(const SymbolRef s, const MemSpaceRegion *sreg)
: SubRegion(sreg, SymbolicRegionKind), sym(s) { : SubRegion(sreg, SymbolicRegionKind), sym(s) {
assert(s); assert(s);
assert(s->getType()->isAnyPointerType() || assert(s->getType()->isAnyPointerType() ||
s->getType()->isReferenceType() || s->getType()->isReferenceType() ||
s->getType()->isBlockPointerType()); s->getType()->isBlockPointerType());
assert(isa<UnknownSpaceRegion>(sreg) || isa<HeapSpaceRegion>(sreg));
} }
public: public:
SymbolRef getSymbol() const { SymbolRef getSymbol() const {
return sym; return sym;
} }
bool isBoundable() const override { return true; } bool isBoundable() const override { return true; }
Show All 14 Lines
}; };
/// StringRegion - Region associated with a StringLiteral. /// StringRegion - Region associated with a StringLiteral.
class StringRegion : public TypedValueRegion { class StringRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
const StringLiteral* Str; const StringLiteral* Str;
StringRegion(const StringLiteral *str, const MemRegion *sreg) StringRegion(const StringLiteral *str, const GlobalInternalSpaceRegion *sreg)
: TypedValueRegion(sreg, StringRegionKind), Str(str) { : TypedValueRegion(sreg, StringRegionKind), Str(str) {
assert(str); assert(str);
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, static void ProfileRegion(llvm::FoldingSetNodeID& ID,
const StringLiteral* Str, const StringLiteral* Str,
const MemRegion* superRegion); const MemRegion* superRegion);
Show All 21 Lines
}; };
/// The region associated with an ObjCStringLiteral. /// The region associated with an ObjCStringLiteral.
class ObjCStringRegion : public TypedValueRegion { class ObjCStringRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
const ObjCStringLiteral* Str; const ObjCStringLiteral* Str;
ObjCStringRegion(const ObjCStringLiteral *str, const MemRegion *sreg) ObjCStringRegion(const ObjCStringLiteral *str,
const GlobalInternalSpaceRegion *sreg)
: TypedValueRegion(sreg, ObjCStringRegionKind), Str(str) { : TypedValueRegion(sreg, ObjCStringRegionKind), Str(str) {
assert(str); assert(str);
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, static void ProfileRegion(llvm::FoldingSetNodeID& ID,
const ObjCStringLiteral* Str, const ObjCStringLiteral* Str,
const MemRegion* superRegion); const MemRegion* superRegion);
Show All 21 Lines
/// CompoundLiteralRegion - A memory region representing a compound literal. /// CompoundLiteralRegion - A memory region representing a compound literal.
/// Compound literals are essentially temporaries that are stack allocated /// Compound literals are essentially temporaries that are stack allocated
/// or in the global constant pool. /// or in the global constant pool.
class CompoundLiteralRegion : public TypedValueRegion { class CompoundLiteralRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
const CompoundLiteralExpr *CL; const CompoundLiteralExpr *CL;
CompoundLiteralRegion(const CompoundLiteralExpr *cl, const MemRegion *sReg) CompoundLiteralRegion(const CompoundLiteralExpr *cl,
const MemSpaceRegion *sReg)
: TypedValueRegion(sReg, CompoundLiteralRegionKind), CL(cl) { : TypedValueRegion(sReg, CompoundLiteralRegionKind), CL(cl) {
assert(cl); assert(cl);
assert(isa<GlobalInternalSpaceRegion>(sReg) ||
isa<StackLocalsSpaceRegion>(sReg));
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, static void ProfileRegion(llvm::FoldingSetNodeID& ID,
const CompoundLiteralExpr *CL, const CompoundLiteralExpr *CL,
const MemRegion* superRegion); const MemRegion* superRegion);
public: public:
QualType getValueType() const override { QualType getValueType() const override {
return CL->getType(); return CL->getType();
Show All 34 Lines static bool classof(const MemRegion* R) {
return k >= BEGIN_DECL_REGIONS && k <= END_DECL_REGIONS; return k >= BEGIN_DECL_REGIONS && k <= END_DECL_REGIONS;
} }
}; };
class VarRegion : public DeclRegion { class VarRegion : public DeclRegion {
friend class MemRegionManager; friend class MemRegionManager;
// Constructors and private methods. // Constructors and private methods.
VarRegion(const VarDecl *vd, const MemRegion* sReg) VarRegion(const VarDecl *vd, const MemRegion *sReg)
: DeclRegion(vd, sReg, VarRegionKind) {} : DeclRegion(vd, sReg, VarRegionKind) {
// VarRegion appears in unknown space when it's a block variable as seen
// from a block using it, when this block is analyzed at top-level.
// Other block variables appear within block data regions,
// which, unlike everything else on this list, are not memory spaces.
assert(isa<GlobalsSpaceRegion>(sReg) || isa<StackSpaceRegion>(sReg) ||
isa<BlockDataRegion>(sReg) || isa<UnknownSpaceRegion>(sReg));
}
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const VarDecl *VD, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const VarDecl *VD,
const MemRegion *superRegion) { const MemRegion *superRegion) {
DeclRegion::ProfileRegion(ID, VD, superRegion, VarRegionKind); DeclRegion::ProfileRegion(ID, VD, superRegion, VarRegionKind);
} }
public: public:
void Profile(llvm::FoldingSetNodeID& ID) const override; void Profile(llvm::FoldingSetNodeID& ID) const override;
Show All 19 Lines
}; };
/// CXXThisRegion - Represents the region for the implicit 'this' parameter /// CXXThisRegion - Represents the region for the implicit 'this' parameter
/// in a call to a C++ method. This region doesn't represent the object /// in a call to a C++ method. This region doesn't represent the object
/// referred to by 'this', but rather 'this' itself. /// referred to by 'this', but rather 'this' itself.
class CXXThisRegion : public TypedValueRegion { class CXXThisRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
CXXThisRegion(const PointerType *thisPointerTy, const MemRegion *sReg) CXXThisRegion(const PointerType *thisPointerTy,
const StackArgumentsSpaceRegion *sReg)
: TypedValueRegion(sReg, CXXThisRegionKind), : TypedValueRegion(sReg, CXXThisRegionKind),
ThisPointerTy(thisPointerTy) {} ThisPointerTy(thisPointerTy) {}
static void ProfileRegion(llvm::FoldingSetNodeID &ID, static void ProfileRegion(llvm::FoldingSetNodeID &ID,
const PointerType *PT, const PointerType *PT,
const MemRegion *sReg); const MemRegion *sReg);
public: public:
Show All 11 Lines
private: private:
const PointerType *ThisPointerTy; const PointerType *ThisPointerTy;
}; };
class FieldRegion : public DeclRegion { class FieldRegion : public DeclRegion {
friend class MemRegionManager; friend class MemRegionManager;
FieldRegion(const FieldDecl *fd, const MemRegion* sReg) FieldRegion(const FieldDecl *fd, const SubRegion* sReg)
: DeclRegion(fd, sReg, FieldRegionKind) {} : DeclRegion(fd, sReg, FieldRegionKind) {}
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const FieldDecl *FD, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const FieldDecl *FD,
const MemRegion* superRegion) { const MemRegion* superRegion) {
DeclRegion::ProfileRegion(ID, FD, superRegion, FieldRegionKind); DeclRegion::ProfileRegion(ID, FD, superRegion, FieldRegionKind);
} }
public: public:
Show All 16 Linespublic:
void printPretty(raw_ostream &os) const override; void printPretty(raw_ostream &os) const override;
bool canPrintPrettyAsExpr() const override; bool canPrintPrettyAsExpr() const override;
void printPrettyAsExpr(raw_ostream &os) const override; void printPrettyAsExpr(raw_ostream &os) const override;
}; };
class ObjCIvarRegion : public DeclRegion { class ObjCIvarRegion : public DeclRegion {
friend class MemRegionManager; friend class MemRegionManager;
ObjCIvarRegion(const ObjCIvarDecl *ivd, const MemRegion* sReg); ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg);
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd,
const MemRegion* superRegion); const MemRegion* superRegion);
public: public:
const ObjCIvarDecl *getDecl() const; const ObjCIvarDecl *getDecl() const;
QualType getValueType() const override; QualType getValueType() const override;
Show All 32 Lines
/// \brief ElementRegin is used to represent both array elements and casts. /// \brief ElementRegin is used to represent both array elements and casts.
class ElementRegion : public TypedValueRegion { class ElementRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
QualType ElementType; QualType ElementType;
NonLoc Index; NonLoc Index;
ElementRegion(QualType elementType, NonLoc Idx, const MemRegion* sReg) ElementRegion(QualType elementType, NonLoc Idx, const SubRegion *sReg)
: TypedValueRegion(sReg, ElementRegionKind), : TypedValueRegion(sReg, ElementRegionKind),
ElementType(elementType), Index(Idx) { ElementType(elementType), Index(Idx) {
assert((!Idx.getAs<nonloc::ConcreteInt>() || assert((!Idx.getAs<nonloc::ConcreteInt>() ||
Idx.castAs<nonloc::ConcreteInt>().getValue().isSigned()) && Idx.castAs<nonloc::ConcreteInt>().getValue().isSigned()) &&
"The index must be signed"); "The index must be signed");
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, QualType elementType, static void ProfileRegion(llvm::FoldingSetNodeID& ID, QualType elementType,
SVal Idx, const MemRegion* superRegion); SVal Idx, const MemRegion* superRegion);
Show All 21 Lines
}; };
// C++ temporary object associated with an expression. // C++ temporary object associated with an expression.
class CXXTempObjectRegion : public TypedValueRegion { class CXXTempObjectRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
Expr const *Ex; Expr const *Ex;
CXXTempObjectRegion(Expr const *E, MemRegion const *sReg) CXXTempObjectRegion(Expr const *E, MemSpaceRegion const *sReg)
: TypedValueRegion(sReg, CXXTempObjectRegionKind), Ex(E) { : TypedValueRegion(sReg, CXXTempObjectRegionKind), Ex(E) {
assert(E); assert(E);
assert(isa<StackLocalsSpaceRegion>(sReg) ||
isa<GlobalInternalSpaceRegion>(sReg));
} }
static void ProfileRegion(llvm::FoldingSetNodeID &ID, static void ProfileRegion(llvm::FoldingSetNodeID &ID,
Expr const *E, const MemRegion *sReg); Expr const *E, const MemRegion *sReg);
public: public:
const Expr *getExpr() const { return Ex; } const Expr *getExpr() const { return Ex; }
Show All 13 Lines
// CXXBaseObjectRegion represents a base object within a C++ object. It is // CXXBaseObjectRegion represents a base object within a C++ object. It is
// identified by the base class declaration and the region of its parent object. // identified by the base class declaration and the region of its parent object.
class CXXBaseObjectRegion : public TypedValueRegion { class CXXBaseObjectRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
llvm::PointerIntPair<const CXXRecordDecl *, 1, bool> Data; llvm::PointerIntPair<const CXXRecordDecl *, 1, bool> Data;
CXXBaseObjectRegion(const CXXRecordDecl *RD, bool IsVirtual, CXXBaseObjectRegion(const CXXRecordDecl *RD, bool IsVirtual,
const MemRegion *SReg) const SubRegion *SReg)
: TypedValueRegion(SReg, CXXBaseObjectRegionKind), Data(RD, IsVirtual) { : TypedValueRegion(SReg, CXXBaseObjectRegionKind), Data(RD, IsVirtual) {
assert(RD); assert(RD);
} }
static void ProfileRegion(llvm::FoldingSetNodeID &ID, const CXXRecordDecl *RD, static void ProfileRegion(llvm::FoldingSetNodeID &ID, const CXXRecordDecl *RD,
bool IsVirtual, const MemRegion *SReg); bool IsVirtual, const MemRegion *SReg);
public: public:
▲ Show 20 LinesShow All 112 Lines▼ Show 20 Linespublic:
const ObjCStringRegion *getObjCStringRegion(const ObjCStringLiteral *Str); const ObjCStringRegion *getObjCStringRegion(const ObjCStringLiteral *Str);
/// getVarRegion - Retrieve or create the memory region associated with /// getVarRegion - Retrieve or create the memory region associated with
/// a specified VarDecl and LocationContext. /// a specified VarDecl and LocationContext.
const VarRegion* getVarRegion(const VarDecl *D, const LocationContext *LC); const VarRegion* getVarRegion(const VarDecl *D, const LocationContext *LC);
/// getVarRegion - Retrieve or create the memory region associated with /// getVarRegion - Retrieve or create the memory region associated with
/// a specified VarDecl and super region. /// a specified VarDecl and super region.
const VarRegion* getVarRegion(const VarDecl *D, const MemRegion *superR); const VarRegion *getVarRegion(const VarDecl *D, const MemRegion *superR);
/// getElementRegion - Retrieve the memory region associated with the /// getElementRegion - Retrieve the memory region associated with the
/// associated element type, index, and super region. /// associated element type, index, and super region.
const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx, const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx,
const MemRegion *superRegion, const SubRegion *superRegion,
ASTContext &Ctx); ASTContext &Ctx);
const ElementRegion *getElementRegionWithSuper(const ElementRegion *ER, const ElementRegion *getElementRegionWithSuper(const ElementRegion *ER,
const MemRegion *superRegion) { const SubRegion *superRegion) {
return getElementRegion(ER->getElementType(), ER->getIndex(), return getElementRegion(ER->getElementType(), ER->getIndex(),
superRegion, ER->getContext()); superRegion, ER->getContext());
} }
/// getFieldRegion - Retrieve or create the memory region associated with /// getFieldRegion - Retrieve or create the memory region associated with
/// a specified FieldDecl. 'superRegion' corresponds to the containing /// a specified FieldDecl. 'superRegion' corresponds to the containing
/// memory region (which typically represents the memory representing /// memory region (which typically represents the memory representing
/// a structure or class). /// a structure or class).
const FieldRegion *getFieldRegion(const FieldDecl *fd, const FieldRegion *getFieldRegion(const FieldDecl *fd,
const MemRegion* superRegion); const SubRegion* superRegion);
const FieldRegion *getFieldRegionWithSuper(const FieldRegion *FR, const FieldRegion *getFieldRegionWithSuper(const FieldRegion *FR,
const MemRegion *superRegion) { const SubRegion *superRegion) {
return getFieldRegion(FR->getDecl(), superRegion); return getFieldRegion(FR->getDecl(), superRegion);
} }
/// getObjCIvarRegion - Retrieve or create the memory region associated with /// getObjCIvarRegion - Retrieve or create the memory region associated with
/// a specified Objective-c instance variable. 'superRegion' corresponds /// a specified Objective-c instance variable. 'superRegion' corresponds
/// to the containing region (which typically represents the Objective-C /// to the containing region (which typically represents the Objective-C
/// object). /// object).
const ObjCIvarRegion *getObjCIvarRegion(const ObjCIvarDecl *ivd, const ObjCIvarRegion *getObjCIvarRegion(const ObjCIvarDecl *ivd,
const MemRegion* superRegion); const SubRegion* superRegion);
const CXXTempObjectRegion *getCXXTempObjectRegion(Expr const *Ex, const CXXTempObjectRegion *getCXXTempObjectRegion(Expr const *Ex,
LocationContext const *LC); LocationContext const *LC);
/// Create a CXXBaseObjectRegion with the given base class for region /// Create a CXXBaseObjectRegion with the given base class for region
/// \p Super. /// \p Super.
/// ///
/// The type of \p Super is assumed be a class deriving from \p BaseClass. /// The type of \p Super is assumed be a class deriving from \p BaseClass.
const CXXBaseObjectRegion * const CXXBaseObjectRegion *
getCXXBaseObjectRegion(const CXXRecordDecl *BaseClass, const MemRegion *Super, getCXXBaseObjectRegion(const CXXRecordDecl *BaseClass, const SubRegion *Super,
bool IsVirtual); bool IsVirtual);
/// Create a CXXBaseObjectRegion with the same CXXRecordDecl but a different /// Create a CXXBaseObjectRegion with the same CXXRecordDecl but a different
/// super region. /// super region.
const CXXBaseObjectRegion * const CXXBaseObjectRegion *
getCXXBaseObjectRegionWithSuper(const CXXBaseObjectRegion *baseReg, getCXXBaseObjectRegionWithSuper(const CXXBaseObjectRegion *baseReg,
const MemRegion *superRegion) { const SubRegion *superRegion) {
return getCXXBaseObjectRegion(baseReg->getDecl(), superRegion, return getCXXBaseObjectRegion(baseReg->getDecl(), superRegion,
baseReg->isVirtual()); baseReg->isVirtual());
} }
const FunctionCodeRegion *getFunctionCodeRegion(const NamedDecl *FD); const FunctionCodeRegion *getFunctionCodeRegion(const NamedDecl *FD);
const BlockCodeRegion *getBlockCodeRegion(const BlockDecl *BD, const BlockCodeRegion *getBlockCodeRegion(const BlockDecl *BD,
CanQualType locTy, CanQualType locTy,
AnalysisDeclContext *AC); AnalysisDeclContext *AC);
/// getBlockDataRegion - Get the memory region associated with an instance /// getBlockDataRegion - Get the memory region associated with an instance
/// of a block. Unlike many other MemRegions, the LocationContext* /// of a block. Unlike many other MemRegions, the LocationContext*
/// argument is allowed to be NULL for cases where we have no known /// argument is allowed to be NULL for cases where we have no known
/// context. /// context.
const BlockDataRegion *getBlockDataRegion(const BlockCodeRegion *bc, const BlockDataRegion *getBlockDataRegion(const BlockCodeRegion *bc,
const LocationContext *lc, const LocationContext *lc,
unsigned blockCount); unsigned blockCount);
/// Create a CXXTempObjectRegion for temporaries which are lifetime-extended /// Create a CXXTempObjectRegion for temporaries which are lifetime-extended
/// by static references. This differs from getCXXTempObjectRegion in the /// by static references. This differs from getCXXTempObjectRegion in the
/// super-region used. /// super-region used.
const CXXTempObjectRegion *getCXXStaticTempObjectRegion(const Expr *Ex); const CXXTempObjectRegion *getCXXStaticTempObjectRegion(const Expr *Ex);
private: private:
template <typename RegionTy, typename A1> template <typename RegionTy, typename SuperTy,
RegionTy* getSubRegion(const A1 a1, const MemRegion* superRegion); typename Arg1Ty>
RegionTy* getSubRegion(const Arg1Ty arg1,
template <typename RegionTy, typename A1, typename A2> const SuperTy* superRegion);
RegionTy* getSubRegion(const A1 a1, const A2 a2,
const MemRegion* superRegion); template <typename RegionTy, typename SuperTy,
typename Arg1Ty, typename Arg2Ty>
template <typename RegionTy, typename A1, typename A2, typename A3> RegionTy* getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
RegionTy* getSubRegion(const A1 a1, const A2 a2, const A3 a3, const SuperTy* superRegion);
const MemRegion* superRegion);
template <typename RegionTy, typename SuperTy,
typename Arg1Ty, typename Arg2Ty, typename Arg3Ty>
RegionTy* getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
const Arg3Ty arg3,
const SuperTy* superRegion);
template <typename REG> template <typename REG>
const REG* LazyAllocate(REG*& region); const REG* LazyAllocate(REG*& region);
template <typename REG, typename ARG> template <typename REG, typename ARG>
const REG* LazyAllocate(REG*& region, ARG a); const REG* LazyAllocate(REG*& region, ARG a);
}; };
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
▲ Show 20 LinesShow All 62 LinesShow Last 20 Lines

cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/Store.h

Show First 20 LinesShow All 154 Lines▼ Show 20 Linespublic:
/// The distinction of this case from the next one is necessary to model /// The distinction of this case from the next one is necessary to model
/// dynamic_cast. /// dynamic_cast.
/// - We don't know (base is a symbolic region and we don't have /// - We don't know (base is a symbolic region and we don't have
/// enough info to determine if the cast will succeed at run time). /// enough info to determine if the cast will succeed at run time).
/// The function returns an SVal representing the derived class; it's /// The function returns an SVal representing the derived class; it's
/// valid only if Failed flag is set to false. /// valid only if Failed flag is set to false.
SVal attemptDownCast(SVal Base, QualType DerivedPtrType, bool &Failed); SVal attemptDownCast(SVal Base, QualType DerivedPtrType, bool &Failed);
const ElementRegion *GetElementZeroRegion(const MemRegion *R, QualType T); const ElementRegion *GetElementZeroRegion(const SubRegion *R, QualType T);
/// castRegion - Used by ExprEngine::VisitCast to handle casts from /// castRegion - Used by ExprEngine::VisitCast to handle casts from
/// a MemRegion* to a specific location type. 'R' is the region being /// a MemRegion* to a specific location type. 'R' is the region being
/// casted and 'CastToTy' the result type of the cast. /// casted and 'CastToTy' the result type of the cast.
const MemRegion *castRegion(const MemRegion *region, QualType CastToTy); const MemRegion *castRegion(const MemRegion *region, QualType CastToTy);
virtual StoreRef removeDeadBindings(Store store, const StackFrameContext *LCtx, virtual StoreRef removeDeadBindings(Store store, const StackFrameContext *LCtx,
SymbolReaper& SymReaper) = 0; SymbolReaper& SymReaper) = 0;
▲ Show 20 LinesShow All 82 Lines▼ Show 20 Lines public:
explicit operator bool() { return First && Binding; } explicit operator bool() { return First && Binding; }
const MemRegion *getRegion() { return Binding; } const MemRegion *getRegion() { return Binding; }
}; };
/// iterBindings - Iterate over the bindings in the Store. /// iterBindings - Iterate over the bindings in the Store.
virtual void iterBindings(Store store, BindingsHandler& f) = 0; virtual void iterBindings(Store store, BindingsHandler& f) = 0;
protected: protected:
const MemRegion *MakeElementRegion(const MemRegion *baseRegion, const ElementRegion *MakeElementRegion(const SubRegion *baseRegion,
QualType pointeeTy, uint64_t index = 0); QualType pointeeTy,
uint64_t index = 0);
/// CastRetrievedVal - Used by subclasses of StoreManager to implement /// CastRetrievedVal - Used by subclasses of StoreManager to implement
/// implicit casts that arise from loads from regions that are reinterpreted /// implicit casts that arise from loads from regions that are reinterpreted
/// as another region. /// as another region.
SVal CastRetrievedVal(SVal val, const TypedValueRegion *region, SVal CastRetrievedVal(SVal val, const TypedValueRegion *region,
QualType castTy, bool performTestOnly = true); QualType castTy, bool performTestOnly = true);
private: private:
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIChecker.cpp

Show First 20 LinesShow All 147 Lines▼ Show 20 Lines
void MPIChecker::allRegionsUsedByWait( void MPIChecker::allRegionsUsedByWait(
llvm::SmallVector<const MemRegion *, 2> &ReqRegions, llvm::SmallVector<const MemRegion *, 2> &ReqRegions,
const MemRegion *const MR, const CallEvent &CE, CheckerContext &Ctx) const { const MemRegion *const MR, const CallEvent &CE, CheckerContext &Ctx) const {
MemRegionManager *const RegionManager = MR->getMemRegionManager(); MemRegionManager *const RegionManager = MR->getMemRegionManager();
if (FuncClassifier->isMPI_Waitall(CE.getCalleeIdentifier())) { if (FuncClassifier->isMPI_Waitall(CE.getCalleeIdentifier())) {
const MemRegion *SuperRegion{nullptr}; const SubRegion *SuperRegion{nullptr};
if (const ElementRegion *const ER = MR->getAs<ElementRegion>()) { if (const ElementRegion *const ER = MR->getAs<ElementRegion>()) {
SuperRegion = ER->getSuperRegion(); SuperRegion = cast<SubRegion>(ER->getSuperRegion());
} }
// A single request is passed to MPI_Waitall. // A single request is passed to MPI_Waitall.
if (!SuperRegion) { if (!SuperRegion) {
ReqRegions.push_back(MR); ReqRegions.push_back(MR);
return; return;
} }
Show All 27 Lines

cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp

Show First 20 LinesShow All 506 Lines▼ Show 20 Lines if (const FunctionProtoType *ProtoType = Ty->getAs<FunctionProtoType>())
State = State->assume(symVal, true); State = State->assume(symVal, true);
} }
StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx); StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx);
if (CNE->isArray()) { if (CNE->isArray()) {
// FIXME: allocating an array requires simulating the constructors. // FIXME: allocating an array requires simulating the constructors.
// For now, just return a symbolicated region. // For now, just return a symbolicated region.
const MemRegion *NewReg = symVal.castAs<loc::MemRegionVal>().getRegion(); const SubRegion *NewReg =
symVal.castAs<loc::MemRegionVal>().getRegionAs<SubRegion>();
QualType ObjTy = CNE->getType()->getAs<PointerType>()->getPointeeType(); QualType ObjTy = CNE->getType()->getAs<PointerType>()->getPointeeType();
const ElementRegion *EleReg = const ElementRegion *EleReg =
getStoreManager().GetElementZeroRegion(NewReg, ObjTy); getStoreManager().GetElementZeroRegion(NewReg, ObjTy);
State = State->BindExpr(CNE, Pred->getLocationContext(), State = State->BindExpr(CNE, Pred->getLocationContext(),
loc::MemRegionVal(EleReg)); loc::MemRegionVal(EleReg));
Bldr.generateNode(CNE, Pred, State); Bldr.generateNode(CNE, Pred, State);
return; return;
} }
▲ Show 20 LinesShow All 124 LinesShow Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp

Show All 25 Lines
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// MemRegion Construction. // MemRegion Construction.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
template <typename RegionTy, typename A1> template <typename RegionTy, typename SuperTy, typename Arg1Ty>
RegionTy* MemRegionManager::getSubRegion(const A1 a1, RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1,
const MemRegion *superRegion) { const SuperTy *superRegion) {
llvm::FoldingSetNodeID ID; llvm::FoldingSetNodeID ID;
RegionTy::ProfileRegion(ID, a1, superRegion); RegionTy::ProfileRegion(ID, arg1, superRegion);
void *InsertPos; void *InsertPos;
RegionTy* R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, RegionTy* R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID,
InsertPos)); InsertPos));
if (!R) { if (!R) {
R = A.Allocate<RegionTy>(); R = A.Allocate<RegionTy>();
new (R) RegionTy(a1, superRegion); new (R) RegionTy(arg1, superRegion);
Regions.InsertNode(R, InsertPos); Regions.InsertNode(R, InsertPos);
} }
return R; return R;
} }
template <typename RegionTy, typename A1, typename A2> template <typename RegionTy, typename SuperTy, typename Arg1Ty, typename Arg2Ty>
RegionTy* MemRegionManager::getSubRegion(const A1 a1, const A2 a2, RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
const MemRegion *superRegion) { const SuperTy *superRegion) {
llvm::FoldingSetNodeID ID; llvm::FoldingSetNodeID ID;
RegionTy::ProfileRegion(ID, a1, a2, superRegion); RegionTy::ProfileRegion(ID, arg1, arg2, superRegion);
void *InsertPos; void *InsertPos;
RegionTy* R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, RegionTy* R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID,
InsertPos)); InsertPos));
if (!R) { if (!R) {
R = A.Allocate<RegionTy>(); R = A.Allocate<RegionTy>();
new (R) RegionTy(a1, a2, superRegion); new (R) RegionTy(arg1, arg2, superRegion);
Regions.InsertNode(R, InsertPos); Regions.InsertNode(R, InsertPos);
} }
return R; return R;
} }
template <typename RegionTy, typename A1, typename A2, typename A3> template <typename RegionTy, typename SuperTy,
RegionTy* MemRegionManager::getSubRegion(const A1 a1, const A2 a2, const A3 a3, typename Arg1Ty, typename Arg2Ty, typename Arg3Ty>
const MemRegion *superRegion) { RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
const Arg3Ty arg3,
const SuperTy *superRegion) {
llvm::FoldingSetNodeID ID; llvm::FoldingSetNodeID ID;
RegionTy::ProfileRegion(ID, a1, a2, a3, superRegion); RegionTy::ProfileRegion(ID, arg1, arg2, arg3, superRegion);
void *InsertPos; void *InsertPos;
RegionTy* R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, RegionTy* R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID,
InsertPos)); InsertPos));
if (!R) { if (!R) {
R = A.Allocate<RegionTy>(); R = A.Allocate<RegionTy>();
new (R) RegionTy(a1, a2, a3, superRegion); new (R) RegionTy(arg1, arg2, arg3, superRegion);
Regions.InsertNode(R, InsertPos); Regions.InsertNode(R, InsertPos);
} }
return R; return R;
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Object destruction. // Object destruction.
▲ Show 20 LinesShow All 85 Lines▼ Show 20 LinesDefinedOrUnknownSVal SymbolicRegion::getExtent(SValBuilder &svalBuilder) const {
return nonloc::SymbolVal(svalBuilder.getSymbolManager().getExtentSymbol(this)); return nonloc::SymbolVal(svalBuilder.getSymbolManager().getExtentSymbol(this));
} }
DefinedOrUnknownSVal StringRegion::getExtent(SValBuilder &svalBuilder) const { DefinedOrUnknownSVal StringRegion::getExtent(SValBuilder &svalBuilder) const {
return svalBuilder.makeIntVal(getStringLiteral()->getByteLength()+1, return svalBuilder.makeIntVal(getStringLiteral()->getByteLength()+1,
svalBuilder.getArrayIndexType()); svalBuilder.getArrayIndexType());
} }
ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl *ivd, const MemRegion* sReg) ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg)
: DeclRegion(ivd, sReg, ObjCIvarRegionKind) {} : DeclRegion(ivd, sReg, ObjCIvarRegionKind) {}
const ObjCIvarDecl *ObjCIvarRegion::getDecl() const { const ObjCIvarDecl *ObjCIvarRegion::getDecl() const {
return cast<ObjCIvarDecl>(D); return cast<ObjCIvarDecl>(D);
} }
QualType ObjCIvarRegion::getValueType() const { QualType ObjCIvarRegion::getValueType() const {
return getDecl()->getType(); return getDecl()->getType();
} }
▲ Show 20 LinesShow All 537 Lines▼ Show 20 Lines
const CodeSpaceRegion *MemRegionManager::getCodeRegion() { const CodeSpaceRegion *MemRegionManager::getCodeRegion() {
return LazyAllocate(code); return LazyAllocate(code);
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Constructing regions. // Constructing regions.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
const StringRegion* MemRegionManager::getStringRegion(const StringLiteral* Str){ const StringRegion* MemRegionManager::getStringRegion(const StringLiteral* Str){
return getSubRegion<StringRegion>(Str, getGlobalsRegion()); return getSubRegion<StringRegion>(
Str, cast<GlobalInternalSpaceRegion>(getGlobalsRegion()));
} }
const ObjCStringRegion * const ObjCStringRegion *
MemRegionManager::getObjCStringRegion(const ObjCStringLiteral* Str){ MemRegionManager::getObjCStringRegion(const ObjCStringLiteral* Str){
return getSubRegion<ObjCStringRegion>(Str, getGlobalsRegion()); return getSubRegion<ObjCStringRegion>(
Str, cast<GlobalInternalSpaceRegion>(getGlobalsRegion()));
} }
/// Look through a chain of LocationContexts to either find the /// Look through a chain of LocationContexts to either find the
/// StackFrameContext that matches a DeclContext, or find a VarRegion /// StackFrameContext that matches a DeclContext, or find a VarRegion
/// for a variable captured by a block. /// for a variable captured by a block.
static llvm::PointerUnion<const StackFrameContext *, const VarRegion *> static llvm::PointerUnion<const StackFrameContext *, const VarRegion *>
getStackOrCaptureRegionForDeclContext(const LocationContext *LC, getStackOrCaptureRegionForDeclContext(const LocationContext *LC,
const DeclContext *DC, const DeclContext *DC,
▲ Show 20 LinesShow All 112 Lines▼ Show 20 Linesconst VarRegion *MemRegionManager::getVarRegion(const VarDecl *D,
const MemRegion *superR) { const MemRegion *superR) {
return getSubRegion<VarRegion>(D, superR); return getSubRegion<VarRegion>(D, superR);
} }
const BlockDataRegion * const BlockDataRegion *
MemRegionManager::getBlockDataRegion(const BlockCodeRegion *BC, MemRegionManager::getBlockDataRegion(const BlockCodeRegion *BC,
const LocationContext *LC, const LocationContext *LC,
unsigned blockCount) { unsigned blockCount) {
const MemRegion *sReg = nullptr; const MemSpaceRegion *sReg = nullptr;
const BlockDecl *BD = BC->getDecl(); const BlockDecl *BD = BC->getDecl();
if (!BD->hasCaptures()) { if (!BD->hasCaptures()) {
// This handles 'static' blocks. // This handles 'static' blocks.
sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind); sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind);
} }
else { else {
if (LC) { if (LC) {
// FIXME: Once we implement scope handling, we want the parent region // FIXME: Once we implement scope handling, we want the parent region
Show All 16 Lines
MemRegionManager::getCXXStaticTempObjectRegion(const Expr *Ex) { MemRegionManager::getCXXStaticTempObjectRegion(const Expr *Ex) {
return getSubRegion<CXXTempObjectRegion>( return getSubRegion<CXXTempObjectRegion>(
Ex, getGlobalsRegion(MemRegion::GlobalInternalSpaceRegionKind, nullptr)); Ex, getGlobalsRegion(MemRegion::GlobalInternalSpaceRegionKind, nullptr));
} }
const CompoundLiteralRegion* const CompoundLiteralRegion*
MemRegionManager::getCompoundLiteralRegion(const CompoundLiteralExpr *CL, MemRegionManager::getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
const LocationContext *LC) { const LocationContext *LC) {
const MemRegion *sReg = nullptr; const MemSpaceRegion *sReg = nullptr;
if (CL->isFileScope()) if (CL->isFileScope())
sReg = getGlobalsRegion(); sReg = getGlobalsRegion();
else { else {
const StackFrameContext *STC = LC->getCurrentStackFrame(); const StackFrameContext *STC = LC->getCurrentStackFrame();
assert(STC); assert(STC);
sReg = getStackLocalsRegion(STC); sReg = getStackLocalsRegion(STC);
} }
return getSubRegion<CompoundLiteralRegion>(CL, sReg); return getSubRegion<CompoundLiteralRegion>(CL, sReg);
} }
const ElementRegion* const ElementRegion*
MemRegionManager::getElementRegion(QualType elementType, NonLoc Idx, MemRegionManager::getElementRegion(QualType elementType, NonLoc Idx,
const MemRegion* superRegion, const SubRegion* superRegion,
ASTContext &Ctx){ ASTContext &Ctx){
QualType T = Ctx.getCanonicalType(elementType).getUnqualifiedType(); QualType T = Ctx.getCanonicalType(elementType).getUnqualifiedType();
llvm::FoldingSetNodeID ID; llvm::FoldingSetNodeID ID;
ElementRegion::ProfileRegion(ID, T, Idx, superRegion); ElementRegion::ProfileRegion(ID, T, Idx, superRegion);
void *InsertPos; void *InsertPos;
MemRegion* data = Regions.FindNodeOrInsertPos(ID, InsertPos); MemRegion* data = Regions.FindNodeOrInsertPos(ID, InsertPos);
Show All 26 Lines
} }
const SymbolicRegion *MemRegionManager::getSymbolicHeapRegion(SymbolRef Sym) { const SymbolicRegion *MemRegionManager::getSymbolicHeapRegion(SymbolRef Sym) {
return getSubRegion<SymbolicRegion>(Sym, getHeapRegion()); return getSubRegion<SymbolicRegion>(Sym, getHeapRegion());
} }
const FieldRegion* const FieldRegion*
MemRegionManager::getFieldRegion(const FieldDecl *d, MemRegionManager::getFieldRegion(const FieldDecl *d,
const MemRegion* superRegion){ const SubRegion* superRegion){
return getSubRegion<FieldRegion>(d, superRegion); return getSubRegion<FieldRegion>(d, superRegion);
} }
const ObjCIvarRegion* const ObjCIvarRegion*
MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl *d, MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl *d,
const MemRegion* superRegion) { const SubRegion* superRegion) {
return getSubRegion<ObjCIvarRegion>(d, superRegion); return getSubRegion<ObjCIvarRegion>(d, superRegion);
} }
const CXXTempObjectRegion* const CXXTempObjectRegion*
MemRegionManager::getCXXTempObjectRegion(Expr const *E, MemRegionManager::getCXXTempObjectRegion(Expr const *E,
LocationContext const *LC) { LocationContext const *LC) {
const StackFrameContext *SFC = LC->getCurrentStackFrame(); const StackFrameContext *SFC = LC->getCurrentStackFrame();
assert(SFC); assert(SFC);
Show All 19 Lines if (I.getType()->getAsCXXRecordDecl()->getCanonicalDecl() == BaseClass)
return true; return true;
} }
return false; return false;
} }
const CXXBaseObjectRegion * const CXXBaseObjectRegion *
MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *RD, MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *RD,
const MemRegion *Super, const SubRegion *Super,
bool IsVirtual) { bool IsVirtual) {
if (isa<TypedValueRegion>(Super)) { if (isa<TypedValueRegion>(Super)) {
assert(isValidBaseClass(RD, dyn_cast<TypedValueRegion>(Super), IsVirtual)); assert(isValidBaseClass(RD, dyn_cast<TypedValueRegion>(Super), IsVirtual));
(void)&isValidBaseClass; (void)&isValidBaseClass;
if (IsVirtual) { if (IsVirtual) {
// Virtual base regions should not be layered, since the layout rules // Virtual base regions should not be layered, since the layout rules
// are different. // are different.
while (const CXXBaseObjectRegion *Base = while (const CXXBaseObjectRegion *Base =
dyn_cast<CXXBaseObjectRegion>(Super)) { dyn_cast<CXXBaseObjectRegion>(Super)) {
Super = Base->getSuperRegion(); Super = cast<SubRegion>(Base->getSuperRegion());
} }
assert(Super && !isa<MemSpaceRegion>(Super)); assert(Super && !isa<MemSpaceRegion>(Super));
} }
} }
return getSubRegion<CXXBaseObjectRegion>(RD, IsVirtual, Super); return getSubRegion<CXXBaseObjectRegion>(RD, IsVirtual, Super);
} }
▲ Show 20 LinesShow All 496 LinesShow Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp

Show First 20 LinesShow All 1,335 Lines▼ Show 20 Lines
/// to a pointer, and the returned SVal represents the decayed /// to a pointer, and the returned SVal represents the decayed
/// version of that lvalue (i.e., a pointer to the first element of /// version of that lvalue (i.e., a pointer to the first element of
/// the array). This is called by ExprEngine when evaluating casts /// the array). This is called by ExprEngine when evaluating casts
/// from arrays to pointers. /// from arrays to pointers.
SVal RegionStoreManager::ArrayToPointer(Loc Array, QualType T) { SVal RegionStoreManager::ArrayToPointer(Loc Array, QualType T) {
if (!Array.getAs<loc::MemRegionVal>()) if (!Array.getAs<loc::MemRegionVal>())
return UnknownVal(); return UnknownVal();
const MemRegion* R = Array.castAs<loc::MemRegionVal>().getRegion(); const SubRegion *R =
cast<SubRegion>(Array.castAs<loc::MemRegionVal>().getRegion());
NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex(); NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex();
return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, R, Ctx)); return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, R, Ctx));
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Loading values from regions. // Loading values from regions.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
Show All 26 Lines if (isa<AllocaRegion>(MR) ||
if (T.isNull()) { if (T.isNull()) {
if (const TypedRegion *TR = dyn_cast<TypedRegion>(MR)) if (const TypedRegion *TR = dyn_cast<TypedRegion>(MR))
T = TR->getLocationType(); T = TR->getLocationType();
else { else {
const SymbolicRegion *SR = cast<SymbolicRegion>(MR); const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
T = SR->getSymbol()->getType(); T = SR->getSymbol()->getType();
} }
} }
MR = GetElementZeroRegion(MR, T); MR = GetElementZeroRegion(cast<SubRegion>(MR), T);
} }
// FIXME: Perhaps this method should just take a 'const MemRegion*' argument // FIXME: Perhaps this method should just take a 'const MemRegion*' argument
// instead of 'Loc', and have the other Loc cases handled at a higher level. // instead of 'Loc', and have the other Loc cases handled at a higher level.
const TypedValueRegion *R = cast<TypedValueRegion>(MR); const TypedValueRegion *R = cast<TypedValueRegion>(MR);
QualType RTy = R->getValueType(); QualType RTy = R->getValueType();
// FIXME: we do not yet model the parts of a complex type, so treat the // FIXME: we do not yet model the parts of a complex type, so treat the
▲ Show 20 LinesShow All 1,080 LinesShow Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp

Show First 20 LinesShow All 944 Lines▼ Show 20 Lines if (Optional<loc::ConcreteInt> lhsInt = lhs.getAs<loc::ConcreteInt>()) {
return loc::ConcreteInt(getBasicValueFactory().getValue(rightI)); return loc::ConcreteInt(getBasicValueFactory().getValue(rightI));
} }
} }
// Handle cases where 'lhs' is a region. // Handle cases where 'lhs' is a region.
if (const MemRegion *region = lhs.getAsRegion()) { if (const MemRegion *region = lhs.getAsRegion()) {
rhs = convertToArrayIndex(rhs).castAs<NonLoc>(); rhs = convertToArrayIndex(rhs).castAs<NonLoc>();
SVal index = UnknownVal(); SVal index = UnknownVal();
const MemRegion *superR = nullptr; const SubRegion *superR = nullptr;
// We need to know the type of the pointer in order to add an integer to it. // We need to know the type of the pointer in order to add an integer to it.
// Depending on the type, different amount of bytes is added. // Depending on the type, different amount of bytes is added.
QualType elementType; QualType elementType;
if (const ElementRegion *elemReg = dyn_cast<ElementRegion>(region)) { if (const ElementRegion *elemReg = dyn_cast<ElementRegion>(region)) {
assert(op == BO_Add || op == BO_Sub); assert(op == BO_Add || op == BO_Sub);
index = evalBinOpNN(state, op, elemReg->getIndex(), rhs, index = evalBinOpNN(state, op, elemReg->getIndex(), rhs,
getArrayIndexType()); getArrayIndexType());
superR = elemReg->getSuperRegion(); superR = cast<SubRegion>(elemReg->getSuperRegion());
elementType = elemReg->getElementType(); elementType = elemReg->getElementType();
} }
else if (isa<SubRegion>(region)) { else if (isa<SubRegion>(region)) {
assert(op == BO_Add || op == BO_Sub); assert(op == BO_Add || op == BO_Sub);
index = (op == BO_Add) ? rhs : evalMinus(rhs); index = (op == BO_Add) ? rhs : evalMinus(rhs);
superR = region; superR = cast<SubRegion>(region);
// TODO: Is this actually reliable? Maybe improving our MemRegion // TODO: Is this actually reliable? Maybe improving our MemRegion
// hierarchy to provide typed regions for all non-void pointers would be // hierarchy to provide typed regions for all non-void pointers would be
// better. For instance, we cannot extend this towards LocAsInteger // better. For instance, we cannot extend this towards LocAsInteger
// operations, where result type of the expression is integer. // operations, where result type of the expression is integer.
if (resultTy->isAnyPointerType()) if (resultTy->isAnyPointerType())
elementType = resultTy->getPointeeType(); elementType = resultTy->getPointeeType();
} }
▲ Show 20 LinesShow All 96 LinesShow Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Core/Store.cpp

Show All 36 Lines for (CallEvent::BindingsTy::iterator I = InitialBindings.begin(),
E = InitialBindings.end(); E = InitialBindings.end();
I != E; ++I) { I != E; ++I) {
Store = Bind(Store.getStore(), I->first, I->second); Store = Bind(Store.getStore(), I->first, I->second);
} }
return Store; return Store;
} }
const MemRegion *StoreManager::MakeElementRegion(const MemRegion *Base, const ElementRegion *StoreManager::MakeElementRegion(const SubRegion *Base,
QualType EleTy, uint64_t index) { QualType EleTy,
uint64_t index) {
NonLoc idx = svalBuilder.makeArrayIndex(index); NonLoc idx = svalBuilder.makeArrayIndex(index);
return MRMgr.getElementRegion(EleTy, idx, Base, svalBuilder.getContext()); return MRMgr.getElementRegion(EleTy, idx, Base, svalBuilder.getContext());
} }
StoreRef StoreManager::BindDefault(Store store, const MemRegion *R, SVal V) { StoreRef StoreManager::BindDefault(Store store, const MemRegion *R, SVal V) {
return StoreRef(store, *this); return StoreRef(store, *this);
} }
const ElementRegion *StoreManager::GetElementZeroRegion(const MemRegion *R, const ElementRegion *StoreManager::GetElementZeroRegion(const SubRegion *R,
QualType T) { QualType T) {
NonLoc idx = svalBuilder.makeZeroArrayIndex(); NonLoc idx = svalBuilder.makeZeroArrayIndex();
assert(!T.isNull()); assert(!T.isNull());
return MRMgr.getElementRegion(T, idx, R, Ctx); return MRMgr.getElementRegion(T, idx, R, Ctx);
} }
const MemRegion *StoreManager::castRegion(const MemRegion *R, QualType CastToTy) { const MemRegion *StoreManager::castRegion(const MemRegion *R, QualType CastToTy) {
▲ Show 20 LinesShow All 57 Lines▼ Show 20 Lines switch (R->getKind()) {
case MemRegion::AllocaRegionKind: case MemRegion::AllocaRegionKind:
case MemRegion::CompoundLiteralRegionKind: case MemRegion::CompoundLiteralRegionKind:
case MemRegion::FieldRegionKind: case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
case MemRegion::ObjCStringRegionKind: case MemRegion::ObjCStringRegionKind:
case MemRegion::VarRegionKind: case MemRegion::VarRegionKind:
case MemRegion::CXXTempObjectRegionKind: case MemRegion::CXXTempObjectRegionKind:
case MemRegion::CXXBaseObjectRegionKind: case MemRegion::CXXBaseObjectRegionKind:
return MakeElementRegion(R, PointeeTy); return MakeElementRegion(cast<SubRegion>(R), PointeeTy);
case MemRegion::ElementRegionKind: { case MemRegion::ElementRegionKind: {
// If we are casting from an ElementRegion to another type, the // If we are casting from an ElementRegion to another type, the
// algorithm is as follows: // algorithm is as follows:
// //
// (1) Compute the "raw offset" of the ElementRegion from the // (1) Compute the "raw offset" of the ElementRegion from the
// base region. This is done by calling 'getAsRawOffset()'. // base region. This is done by calling 'getAsRawOffset()'.
// //
Show All 28 Lines case MemRegion::ElementRegionKind: {
if (const TypedValueRegion *TR = dyn_cast<TypedValueRegion>(baseR)) { if (const TypedValueRegion *TR = dyn_cast<TypedValueRegion>(baseR)) {
QualType ObjTy = Ctx.getCanonicalType(TR->getValueType()); QualType ObjTy = Ctx.getCanonicalType(TR->getValueType());
QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy); QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy);
if (CanonPointeeTy == ObjTy) if (CanonPointeeTy == ObjTy)
return baseR; return baseR;
} }
// Otherwise, create a new ElementRegion at offset 0. // Otherwise, create a new ElementRegion at offset 0.
return MakeElementRegion(baseR, PointeeTy); return MakeElementRegion(cast<SubRegion>(baseR), PointeeTy);
} }
// We have a non-zero offset from the base region. We want to determine // We have a non-zero offset from the base region. We want to determine
// if the offset can be evenly divided by sizeof(PointeeTy). If so, // if the offset can be evenly divided by sizeof(PointeeTy). If so,
// we create an ElementRegion whose index is that value. Otherwise, we // we create an ElementRegion whose index is that value. Otherwise, we
// create two ElementRegions, one that reflects a raw offset and the other // create two ElementRegions, one that reflects a raw offset and the other
// that reflects the cast. // that reflects the cast.
Show All 14 Lines case MemRegion::ElementRegionKind: {
newSuperR = baseR; newSuperR = baseR;
} }
} }
} }
if (!newSuperR) { if (!newSuperR) {
// Create an intermediate ElementRegion to represent the raw byte. // Create an intermediate ElementRegion to represent the raw byte.
// This will be the super region of the final ElementRegion. // This will be the super region of the final ElementRegion.
newSuperR = MakeElementRegion(baseR, Ctx.CharTy, off.getQuantity()); newSuperR = MakeElementRegion(cast<SubRegion>(baseR), Ctx.CharTy,
off.getQuantity());
} }
return MakeElementRegion(newSuperR, PointeeTy, newIndex); return MakeElementRegion(cast<SubRegion>(newSuperR), PointeeTy, newIndex);
} }
} }
llvm_unreachable("unreachable"); llvm_unreachable("unreachable");
} }
static bool regionMatchesCXXRecordType(SVal V, QualType Ty) { static bool regionMatchesCXXRecordType(SVal V, QualType Ty) {
const MemRegion *MR = V.getAsRegion(); const MemRegion *MR = V.getAsRegion();
▲ Show 20 LinesShow All 49 Lines▼ Show 20 LinesSVal StoreManager::evalDerivedToBase(SVal Derived, QualType BaseType,
if (!DerivedRegVal) if (!DerivedRegVal)
return Derived; return Derived;
const CXXRecordDecl *BaseDecl = BaseType->getPointeeCXXRecordDecl(); const CXXRecordDecl *BaseDecl = BaseType->getPointeeCXXRecordDecl();
if (!BaseDecl) if (!BaseDecl)
BaseDecl = BaseType->getAsCXXRecordDecl(); BaseDecl = BaseType->getAsCXXRecordDecl();
assert(BaseDecl && "not a C++ object?"); assert(BaseDecl && "not a C++ object?");
const MemRegion *BaseReg = const MemRegion *BaseReg = MRMgr.getCXXBaseObjectRegion(
MRMgr.getCXXBaseObjectRegion(BaseDecl, DerivedRegVal->getRegion(), BaseDecl, cast<SubRegion>(DerivedRegVal->getRegion()), IsVirtual);
IsVirtual);
return loc::MemRegionVal(BaseReg); return loc::MemRegionVal(BaseReg);
} }
/// Returns the static type of the given region, if it represents a C++ class /// Returns the static type of the given region, if it represents a C++ class
/// object. /// object.
/// ///
/// This handles both fully-typed regions, where the dynamic type is known, and /// This handles both fully-typed regions, where the dynamic type is known, and
▲ Show 20 LinesShow All 100 Lines▼ Show 20 LinesSVal StoreManager::CastRetrievedVal(SVal V, const TypedValueRegion *R,
return svalBuilder.dispatchCast(V, castTy); return svalBuilder.dispatchCast(V, castTy);
} }
SVal StoreManager::getLValueFieldOrIvar(const Decl *D, SVal Base) { SVal StoreManager::getLValueFieldOrIvar(const Decl *D, SVal Base) {
if (Base.isUnknownOrUndef()) if (Base.isUnknownOrUndef())
return Base; return Base;
Loc BaseL = Base.castAs<Loc>(); Loc BaseL = Base.castAs<Loc>();
const MemRegion* BaseR = nullptr; const SubRegion* BaseR = nullptr;
switch (BaseL.getSubKind()) { switch (BaseL.getSubKind()) {
case loc::MemRegionValKind: case loc::MemRegionValKind:
BaseR = BaseL.castAs<loc::MemRegionVal>().getRegion(); BaseR = cast<SubRegion>(BaseL.castAs<loc::MemRegionVal>().getRegion());
break; break;
case loc::GotoLabelKind: case loc::GotoLabelKind:
// These are anormal cases. Flag an undefined value. // These are anormal cases. Flag an undefined value.
return UndefinedVal(); return UndefinedVal();
case loc::ConcreteIntKind: case loc::ConcreteIntKind:
// While these seem funny, this can happen through casts. // While these seem funny, this can happen through casts.
Show All 23 LinesSVal StoreManager::getLValueElement(QualType elementType, NonLoc Offset,
// If the base is an unknown or undefined value, just return it back. // If the base is an unknown or undefined value, just return it back.
// FIXME: For absolute pointer addresses, we just return that value back as // FIXME: For absolute pointer addresses, we just return that value back as
// well, although in reality we should return the offset added to that // well, although in reality we should return the offset added to that
// value. // value.
if (Base.isUnknownOrUndef() || Base.getAs<loc::ConcreteInt>()) if (Base.isUnknownOrUndef() || Base.getAs<loc::ConcreteInt>())
return Base; return Base;
const MemRegion* BaseRegion = Base.castAs<loc::MemRegionVal>().getRegion(); const SubRegion *BaseRegion =
Base.castAs<loc::MemRegionVal>().getRegionAs<SubRegion>();
// Pointer of any type can be cast and used as array base. // Pointer of any type can be cast and used as array base.
const ElementRegion *ElemR = dyn_cast<ElementRegion>(BaseRegion); const ElementRegion *ElemR = dyn_cast<ElementRegion>(BaseRegion);
// Convert the offset to the appropriate size and signedness. // Convert the offset to the appropriate size and signedness.
Offset = svalBuilder.convertToArrayIndex(Offset).castAs<NonLoc>(); Offset = svalBuilder.convertToArrayIndex(Offset).castAs<NonLoc>();
if (!ElemR) { if (!ElemR) {
Show All 20 LinesSVal StoreManager::getLValueElement(QualType elementType, NonLoc Offset,
// Only allow non-integer offsets if the base region has no offset itself. // Only allow non-integer offsets if the base region has no offset itself.
// FIXME: This is a somewhat arbitrary restriction. We should be using // FIXME: This is a somewhat arbitrary restriction. We should be using
// SValBuilder here to add the two offsets without checking their types. // SValBuilder here to add the two offsets without checking their types.
if (!Offset.getAs<nonloc::ConcreteInt>()) { if (!Offset.getAs<nonloc::ConcreteInt>()) {
if (isa<ElementRegion>(BaseRegion->StripCasts())) if (isa<ElementRegion>(BaseRegion->StripCasts()))
return UnknownVal(); return UnknownVal();
return loc::MemRegionVal(MRMgr.getElementRegion(elementType, Offset, return loc::MemRegionVal(MRMgr.getElementRegion(
ElemR->getSuperRegion(), elementType, Offset, cast<SubRegion>(ElemR->getSuperRegion()), Ctx));
Ctx));
} }
const llvm::APSInt& OffI = Offset.castAs<nonloc::ConcreteInt>().getValue(); const llvm::APSInt& OffI = Offset.castAs<nonloc::ConcreteInt>().getValue();
assert(BaseIdxI.isSigned()); assert(BaseIdxI.isSigned());
// Compute the new index. // Compute the new index.
nonloc::ConcreteInt NewIdx(svalBuilder.getBasicValueFactory().getValue(BaseIdxI + nonloc::ConcreteInt NewIdx(svalBuilder.getBasicValueFactory().getValue(BaseIdxI +
OffI)); OffI));
// Construct the new ElementRegion. // Construct the new ElementRegion.
const MemRegion *ArrayR = ElemR->getSuperRegion(); const SubRegion *ArrayR = cast<SubRegion>(ElemR->getSuperRegion());
return loc::MemRegionVal(MRMgr.getElementRegion(elementType, NewIdx, ArrayR, return loc::MemRegionVal(MRMgr.getElementRegion(elementType, NewIdx, ArrayR,
Ctx)); Ctx));
} }
StoreManager::BindingsHandler::~BindingsHandler() {} StoreManager::BindingsHandler::~BindingsHandler() {}
bool StoreManager::FindUniqueBinding::HandleBinding(StoreManager& SMgr, bool StoreManager::FindUniqueBinding::HandleBinding(StoreManager& SMgr,
Store store, Store store,
Show All 15 Lines