This is an archive of the discontinued LLVM Phabricator instance.

Differential D80522

[Analyzer] [NFC] Parameter Regions
ClosedPublic

Authored by baloghadamsoftware on May 25 2020, 8:31 AM.

Details

Reviewers
NoQ
Szelethus
martong
balazske
Commits
rG98db1f990fc2: [Analyzer] [NFC] Parameter Regions
Summary

Currently, parameters of functions without their definition present cannot be represented as regions because it would be difficult to ensure that the same declaration is used in every case. To overcome this, we split VarRegion to two subclasses: NonParamVarRegion and ParamVarRegion. The latter does not store the Decl of the parameter variable. Instead it stores the index of the parameter which enables retrieving the actual Decl every time using the function declaration of the stack frame. To achieve this we also removed storing of Decl from DeclRegion and made getDecl() pure virtual. The individual Decls are stored in the appropriate subclasses, such as FieldRegion, ObjCIvarRegion and the newly introduced NonParamVarRegion.

Diff Detail

Event Timeline

baloghadamsoftware created this revision.May 25 2020, 8:31 AM
Herald added subscribers: ASDenysPetrov, steakhal, Charusso and 10 others. · View Herald TranscriptMay 25 2020, 8:31 AM
baloghadamsoftware added a comment.May 25 2020, 8:36 AM

This is an alternative approach to D79704. The advantage is that we must not duplicate code everywhere where VarRegion (and sometimes also DeclRegion) is used. The drawback is that after we implement handling of parameters of functions without Decl (paramters of unknown functions passed by pointer) the getDecl() method may return nullptr. We must handle this case everywhere in the code where VarRegion or DeclRegion is used and parameters of such functions may appear. (We should do this in the original apprach as well, but there it is more difficult to forget such a place because ParamRegion is used explicitly. Furthermore, where handling of ParamRegion is completely forgotten we usually do not crash, but if we forget to check the result of getDecl() for nullptr we get null pointer dereferences.)

baloghadamsoftware mentioned this in D79704: [Analyzer] [NFC] Parameter Regions.May 25 2020, 8:37 AM
Harbormaster failed remote builds in B57796: Diff 266028!May 25 2020, 9:38 AM
NoQ added a comment.May 26 2020, 8:54 AM

Nice, looks like you managed to reuse most of the code. I still feel like we should ditch DeclRegion entirely (forcing its ~5 current users consider its specific variants separately) but i don't insist.

clang/include/clang/StaticAnalyzer/Checkers/SValExplainer.h
233–234

There's a standard function for that. I never remember what it's called, something something numeric something plural something suffix, but it's there.

clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
539–540 ↗(On Diff #266028)

Why did you relax this cast<> to dyn_cast<>?

clang/lib/StaticAnalyzer/Core/MemRegion.cpp
181

It will eventually have to. Maybe `"...not implemented yet"?

baloghadamsoftware updated this revision to Diff 266296.May 26 2020, 12:36 PM

Updated according to the comments.

Herald added a reviewer: espindola. · View Herald TranscriptMay 26 2020, 12:36 PM
Herald added a reviewer: MaskRay. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: llvm-commits, MaskRay, hiraditya and 3 others. · View Herald Transcript
baloghadamsoftware updated this revision to Diff 266298.May 26 2020, 12:38 PM

Wrong diff uploaded previously, now fixed.

Herald added a subscriber: wuzish. · View Herald TranscriptMay 26 2020, 12:38 PM
baloghadamsoftware removed reviewers: espindola, MaskRay.May 26 2020, 12:39 PM
baloghadamsoftware marked 4 inline comments as done.May 26 2020, 12:41 PM
In D80522#2055040, @NoQ wrote:

Nice, looks like you managed to reuse most of the code. I still feel like we should ditch DeclRegion entirely (forcing its ~5 current users consider its specific variants separately) but i don't insist.

Thank you for you comments. I will check tomorrow whether we could remove DeclRegion without too much code duplication.

clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
539–540 ↗(On Diff #266028)

I started from the original approach and forgot to reset this file.

balazske added inline comments.May 27 2020, 4:02 AM
clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
917

This assert should not be duplicated. It has the place in VarRegion or NonParamVarRegion, but not both.

976

typo here: "paremters"

978

"paremeters"

979

NonParamVarRegions ?

baloghadamsoftware updated this revision to Diff 266851.May 28 2020, 6:30 AM
baloghadamsoftware marked an inline comment as done.

Updated according to the comments of @balazske.

baloghadamsoftware marked 5 inline comments as done.May 28 2020, 6:31 AM
baloghadamsoftware added inline comments.
clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
917

Copy-paste...

baloghadamsoftware marked an inline comment as done.May 28 2020, 6:35 AM

I will check tomorrow whether we could remove DeclRegion without too much code duplication.

It turns out that DeclRegion is used in 7 different checkers plus in BugReporterVisitors. One typical use case is to get a name for the region (by getting the Decl and trying to cast it to NamedDecl), but there are also others as well. For now I suggest to keep it to avoid code duplication.

NoQ accepted this revision.Jun 1 2020, 4:53 AM

Looks great, thanks! I like how it turned out, i guess let's prefer this to D79704.

clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
921

What's the point of overriding one pure virtual method with another pure virtual method?

984

*unknown* function pointer!

This revision is now accepted and ready to land.Jun 1 2020, 4:53 AM
baloghadamsoftware retitled this revision from [Analyzer] [NFC] Parameter Regions -- Alternative Approach to [Analyzer] [NFC] Parameter Regions.Jun 1 2020, 10:41 PM
baloghadamsoftware updated this revision to Diff 268131.Jun 3 2020, 3:59 AM

Comment fixed.

baloghadamsoftware marked 2 inline comments as done.Jun 3 2020, 4:01 AM
baloghadamsoftware added inline comments.
clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
921

To constrain the return value from Decl to VarDecl. Without this we have change all the callers to cast the return value from this function to VarDecl. It would be ugly.

NoQ added inline comments.Jun 3 2020, 4:35 AM
clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
921

Aha, covariance! Nice!

NoQ added inline comments.Jun 8 2020, 5:13 AM
clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h
404–409

I guess we should document the landmine discussed in D80366#inline-747804.

baloghadamsoftware added a child revision: D80366: [Analyzer] Add `getReturnValueUnderConstruction()` to `CallEvent`.Jun 8 2020, 8:24 AM
baloghadamsoftware removed a child revision: D80366: [Analyzer] Add `getReturnValueUnderConstruction()` to `CallEvent`.
baloghadamsoftware added a child revision: D80286: [Analyzer] Allow creation of stack frame for functions without definition.
Closed by commit rG98db1f990fc2: [Analyzer] [NFC] Parameter Regions (authored by baloghadamsoftware). · Explain WhyJun 9 2020, 3:16 AM
This revision was automatically updated to reflect the committed changes.
teemperor added a subscriber: teemperor.Jun 9 2020, 5:14 AM

This introduced a compiler warning:

/Users/teemperor/1llvm/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h:1102:23: warning: 'getDecl' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
  const ObjCIvarDecl *getDecl() const;
                      ^
/Users/teemperor/1llvm/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h:898:28: note: overridden virtual function is here
  virtual const ValueDecl *getDecl() const = 0;
                           ^
baloghadamsoftware added a comment.Jun 9 2020, 6:48 AM
In D80522#2082095, @teemperor wrote:

This introduced a compiler warning:

/Users/teemperor/1llvm/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h:1102:23: warning: 'getDecl' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
  const ObjCIvarDecl *getDecl() const;
                      ^
/Users/teemperor/1llvm/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h:898:28: note: overridden virtual function is here
  virtual const ValueDecl *getDecl() const = 0;
                           ^

Thx! Fixed now!

riccibruno mentioned this in D80366: [Analyzer] Add `getReturnValueUnderConstruction()` to `CallEvent`.Jun 9 2020, 6:53 AM

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Checkers/
36 lines
Core/
PathSensitive/
7 lines
139 lines
4 lines
10 lines
lib/
StaticAnalyzer/
Checkers/
12 lines
Core/
42 lines
2 lines
6 lines
160 lines
3 lines
test/
Analysis/
12 lines
28 lines
41 lines
unittests/
StaticAnalyzer/
1 line
109 lines

Diff 269477

clang/include/clang/StaticAnalyzer/Checkers/SValExplainer.h

Show All 12 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_STATICANALYZER_CHECKERS_SVALEXPLAINER_H #ifndef LLVM_CLANG_STATICANALYZER_CHECKERS_SVALEXPLAINER_H
#define LLVM_CLANG_STATICANALYZER_CHECKERS_SVALEXPLAINER_H #define LLVM_CLANG_STATICANALYZER_CHECKERS_SVALEXPLAINER_H
#include "clang/AST/Attr.h" #include "clang/AST/Attr.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h"
#include "llvm/ADT/StringExtras.h"
namespace clang { namespace clang {
namespace ento { namespace ento {
class SValExplainer : public FullSValVisitor<SValExplainer, std::string> { class SValExplainer : public FullSValVisitor<SValExplainer, std::string> {
private: private:
ASTContext &ACtx; ASTContext &ACtx;
▲ Show 20 LinesShow All 145 Lines▼ Show 20 Lines std::string VisitElementRegion(const ElementRegion *R) {
if (auto I = R->getIndex().getAs<nonloc::ConcreteInt>()) if (auto I = R->getIndex().getAs<nonloc::ConcreteInt>())
OS << I->getValue(); OS << I->getValue();
else else
OS << "'" << Visit(R->getIndex()) << "'"; OS << "'" << Visit(R->getIndex()) << "'";
OS << " of " + Visit(R->getSuperRegion()); OS << " of " + Visit(R->getSuperRegion());
return OS.str(); return OS.str();
} }
std::string VisitVarRegion(const VarRegion *R) { std::string VisitNonParamVarRegion(const NonParamVarRegion *R) {
const VarDecl *VD = R->getDecl(); const VarDecl *VD = R->getDecl();
std::string Name = VD->getQualifiedNameAsString(); std::string Name = VD->getQualifiedNameAsString();
if (isa<ParmVarDecl>(VD)) if (isa<ParmVarDecl>(VD))
return "parameter '" + Name + "'"; return "parameter '" + Name + "'";
else if (VD->hasAttr<BlocksAttr>()) else if (VD->hasAttr<BlocksAttr>())
return "block variable '" + Name + "'"; return "block variable '" + Name + "'";
else if (VD->hasLocalStorage()) else if (VD->hasLocalStorage())
return "local variable '" + Name + "'"; return "local variable '" + Name + "'";
Show All 20 Lines return "temporary object constructed at statement '" +
printStmt(R->getExpr()) + "'"; printStmt(R->getExpr()) + "'";
} }
std::string VisitCXXBaseObjectRegion(const CXXBaseObjectRegion *R) { std::string VisitCXXBaseObjectRegion(const CXXBaseObjectRegion *R) {
return "base object '" + R->getDecl()->getQualifiedNameAsString() + return "base object '" + R->getDecl()->getQualifiedNameAsString() +
"' inside " + Visit(R->getSuperRegion()); "' inside " + Visit(R->getSuperRegion());
} }
std::string VisitParamVarRegion(const ParamVarRegion *R) {
std::string Str;
llvm::raw_string_ostream OS(Str);
const ParmVarDecl *PVD = R->getDecl();
std::string Name = PVD->getQualifiedNameAsString();
if (!Name.empty()) {
OS << "parameter '" << Name << "'";
return std::string(OS.str());
}
unsigned Index = R->getIndex() + 1;
OS << Index << llvm::getOrdinalSuffix(Index) << " parameter of ";
const Decl *Parent = R->getStackFrame()->getDecl();
if (const auto *FD = dyn_cast<FunctionDecl>(Parent))
NoQUnsubmitted
Done
ReplyInline Actions

There's a standard function for that. I never remember what it's called, something something numeric something plural something suffix, but it's there.

NoQ: There's a standard function for that. I never remember what it's called, something something…
OS << "function '" << FD->getQualifiedNameAsString() << "()'";
else if (const auto *CD = dyn_cast<CXXConstructorDecl>(Parent))
OS << "C++ constructor '" << CD->getQualifiedNameAsString() << "()'";
else if (const auto *MD = dyn_cast<ObjCMethodDecl>(Parent)) {
if (MD->isClassMethod())
OS << "Objective-C method '+" << MD->getQualifiedNameAsString() << "'";
else
OS << "Objective-C method '-" << MD->getQualifiedNameAsString() << "'";
} else if (isa<BlockDecl>(Parent)) {
if (cast<BlockDecl>(Parent)->isConversionFromLambda())
OS << "lambda";
else
OS << "block";
}
return std::string(OS.str());
}
std::string VisitSVal(SVal V) { std::string VisitSVal(SVal V) {
std::string Str; std::string Str;
llvm::raw_string_ostream OS(Str); llvm::raw_string_ostream OS(Str);
OS << V; OS << V;
return "a value unsupported by the explainer: (" + return "a value unsupported by the explainer: (" +
std::string(OS.str()) + ")"; std::string(OS.str()) + ")";
} }
Show All 22 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h

Show First 20 LinesShow All 395 Lines▼ Show 20 Linespublic:
AnalysisDeclContext *getCalleeAnalysisDeclContext() const; AnalysisDeclContext *getCalleeAnalysisDeclContext() const;
/// Returns the callee stack frame. That stack frame will only be entered /// Returns the callee stack frame. That stack frame will only be entered
/// during analysis if the call is inlined, but it may still be useful /// during analysis if the call is inlined, but it may still be useful
/// in intermediate calculations even if the call isn't inlined. /// in intermediate calculations even if the call isn't inlined.
/// May fail; returns null on failure. /// May fail; returns null on failure.
const StackFrameContext *getCalleeStackFrame(unsigned BlockCount) const; const StackFrameContext *getCalleeStackFrame(unsigned BlockCount) const;
/// Returns memory location for a parameter variable within the callee stack /// Returns memory location for a parameter variable within the callee stack
/// frame. May fail; returns null on failure. /// frame. The behavior is undefined if the block count is different from the
const VarRegion *getParameterLocation(unsigned Index, /// one that is there when call happens. May fail; returns null on failure.
const ParamVarRegion *getParameterLocation(unsigned Index,
unsigned BlockCount) const; unsigned BlockCount) const;
NoQUnsubmitted
Not Done
ReplyInline Actions

I guess we should document the landmine discussed in D80366#inline-747804.

NoQ: I guess we should document the landmine discussed in D80366#inline-747804.
/// Returns true if on the current path, the argument was constructed by /// Returns true if on the current path, the argument was constructed by
/// calling a C++ constructor over it. This is an internal detail of the /// calling a C++ constructor over it. This is an internal detail of the
/// analysis which doesn't necessarily represent the program semantics: /// analysis which doesn't necessarily represent the program semantics:
/// if we are supposed to construct an argument directly, we may still /// if we are supposed to construct an argument directly, we may still
/// not do that because we don't know how (i.e., construction context is /// not do that because we don't know how (i.e., construction context is
/// unavailable in the CFG or not supported by the analyzer). /// unavailable in the CFG or not supported by the analyzer).
bool isArgumentConstructedDirectly(unsigned Index) const { bool isArgumentConstructedDirectly(unsigned Index) const {
// This assumes that the object was not yet removed from the state. // This assumes that the object was not yet removed from the state.
▲ Show 20 LinesShow All 1,077 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h

Show First 20 LinesShow All 884 Lines▼ Show 20 Linespublic:
static bool classof(const MemRegion* R) { static bool classof(const MemRegion* R) {
return R->getKind() == CompoundLiteralRegionKind; return R->getKind() == CompoundLiteralRegionKind;
} }
}; };
class DeclRegion : public TypedValueRegion { class DeclRegion : public TypedValueRegion {
protected: protected:
const ValueDecl *D; DeclRegion(const MemRegion *sReg, Kind k) : TypedValueRegion(sReg, k) {
DeclRegion(const ValueDecl *d, const MemRegion *sReg, Kind k)
: TypedValueRegion(sReg, k), D(d) {
assert(classof(this)); assert(classof(this));
assert(d && d->isCanonicalDecl());
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Decl *D,
const MemRegion* superRegion, Kind k);
public: public:
const ValueDecl *getDecl() const { return D; } virtual const ValueDecl *getDecl() const = 0;
void Profile(llvm::FoldingSetNodeID& ID) const override;
static bool classof(const MemRegion* R) { static bool classof(const MemRegion* R) {
unsigned k = R->getKind(); unsigned k = R->getKind();
return k >= BEGIN_DECL_REGIONS && k <= END_DECL_REGIONS; return k >= BEGIN_DECL_REGIONS && k <= END_DECL_REGIONS;
} }
}; };
class VarRegion : public DeclRegion { class VarRegion : public DeclRegion {
friend class MemRegionManager; friend class MemRegionManager;
protected:
// Constructors and protected methods.
VarRegion(const MemRegion *sReg, Kind k) : DeclRegion(sReg, k) {
// VarRegion appears in unknown space when it's a block variable as seen
// from a block using it, when this block is analyzed at top-level.
// Other block variables appear within block data regions,
// which, unlike everything else on this list, are not memory spaces.
assert(isa<GlobalsSpaceRegion>(sReg) || isa<StackSpaceRegion>(sReg) ||
isa<BlockDataRegion>(sReg) || isa<UnknownSpaceRegion>(sReg));
balazskeUnsubmitted
Done
ReplyInline Actions

This assert should not be duplicated. It has the place in VarRegion or NonParamVarRegion, but not both.

balazske: This assert should not be duplicated. It has the place in `VarRegion` or `NonParamVarRegion`…
baloghadamsoftwareAuthorUnsubmitted
Done
ReplyInline Actions

Copy-paste...

baloghadamsoftware: Copy-paste...
}
public:
const VarDecl *getDecl() const override = 0;
NoQUnsubmitted
Not Done
ReplyInline Actions

What's the point of overriding one pure virtual method with another pure virtual method?

NoQ: What's the point of overriding one pure virtual method with another pure virtual method?
baloghadamsoftwareAuthorUnsubmitted
Done
ReplyInline Actions

To constrain the return value from Decl to VarDecl. Without this we have change all the callers to cast the return value from this function to VarDecl. It would be ugly.

baloghadamsoftware: To constrain the return value from `Decl` to `VarDecl`. Without this we have change all the…
NoQUnsubmitted
Not Done
ReplyInline Actions

Aha, covariance! Nice!

NoQ: Aha, covariance! Nice!
const StackFrameContext *getStackFrame() const;
QualType getValueType() const override {
// FIXME: We can cache this if needed.
return getDecl()->getType();
}
static bool classof(const MemRegion *R) {
unsigned k = R->getKind();
return k >= BEGIN_VAR_REGIONS && k <= END_VAR_REGIONS;
}
};
class NonParamVarRegion : public VarRegion {
friend class MemRegionManager;
const VarDecl *VD;
// Constructors and private methods. // Constructors and private methods.
VarRegion(const VarDecl *vd, const MemRegion *sReg) NonParamVarRegion(const VarDecl *vd, const MemRegion *sReg)
: DeclRegion(vd, sReg, VarRegionKind) { : VarRegion(sReg, NonParamVarRegionKind), VD(vd) {
// VarRegion appears in unknown space when it's a block variable as seen // VarRegion appears in unknown space when it's a block variable as seen
// from a block using it, when this block is analyzed at top-level. // from a block using it, when this block is analyzed at top-level.
// Other block variables appear within block data regions, // Other block variables appear within block data regions,
// which, unlike everything else on this list, are not memory spaces. // which, unlike everything else on this list, are not memory spaces.
assert(isa<GlobalsSpaceRegion>(sReg) || isa<StackSpaceRegion>(sReg) || assert(isa<GlobalsSpaceRegion>(sReg) || isa<StackSpaceRegion>(sReg) ||
isa<BlockDataRegion>(sReg) || isa<UnknownSpaceRegion>(sReg)); isa<BlockDataRegion>(sReg) || isa<UnknownSpaceRegion>(sReg));
} }
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const VarDecl *VD, static void ProfileRegion(llvm::FoldingSetNodeID &ID, const VarDecl *VD,
const MemRegion *superRegion) { const MemRegion *superRegion);
DeclRegion::ProfileRegion(ID, VD, superRegion, VarRegionKind);
}
public: public:
void Profile(llvm::FoldingSetNodeID& ID) const override; void Profile(llvm::FoldingSetNodeID &ID) const override;
const VarDecl *getDecl() const { return cast<VarDecl>(D); } const VarDecl *getDecl() const override { return VD; }
const StackFrameContext *getStackFrame() const;
QualType getValueType() const override { QualType getValueType() const override {
// FIXME: We can cache this if needed. // FIXME: We can cache this if needed.
return getDecl()->getType(); return getDecl()->getType();
} }
void dumpToStream(raw_ostream &os) const override; void dumpToStream(raw_ostream &os) const override;
bool canPrintPrettyAsExpr() const override; bool canPrintPrettyAsExpr() const override;
void printPrettyAsExpr(raw_ostream &os) const override; void printPrettyAsExpr(raw_ostream &os) const override;
static bool classof(const MemRegion* R) { static bool classof(const MemRegion* R) {
return R->getKind() == VarRegionKind; return R->getKind() == NonParamVarRegionKind;
}
};
/// ParamVarRegion - Represents a region for paremters. Only parameters of the
balazskeUnsubmitted
Done
ReplyInline Actions

typo here: "paremters"

balazske: typo here: "paremters"
/// function in the current stack frame are represented as `ParamVarRegion`s.
/// Parameters of top-level analyzed functions as well as captured paremeters
balazskeUnsubmitted
Done
ReplyInline Actions

"paremeters"

balazske: "paremeters"
/// by lambdas and blocks are repesented as `VarRegion`s.
balazskeUnsubmitted
Done
ReplyInline Actions

NonParamVarRegions ?

balazske: `NonParamVarRegion`s ?
// FIXME: `ParamVarRegion` only supports parameters of functions, C++
// constructors, blocks and Objective-C methods with existing `Decl`. Upon
// implementing stack frame creations for functions without decl (functions
// passed by unknown function pointer) methods of `ParamVarRegion` must be
NoQUnsubmitted
Done
ReplyInline Actions

*unknown* function pointer!

NoQ: *unknown* function pointer!
// updated.
class ParamVarRegion : public VarRegion {
friend class MemRegionManager;
const Expr *OriginExpr;
unsigned Index;
ParamVarRegion(const Expr *OE, unsigned Idx, const MemRegion *SReg)
: VarRegion(SReg, ParamVarRegionKind), OriginExpr(OE), Index(Idx) {
assert(!cast<StackSpaceRegion>(SReg)->getStackFrame()->inTopFrame());
}
static void ProfileRegion(llvm::FoldingSetNodeID &ID, const Expr *OE,
unsigned Idx, const MemRegion *SReg);
public:
const Expr *getOriginExpr() const { return OriginExpr; }
unsigned getIndex() const { return Index; }
void Profile(llvm::FoldingSetNodeID& ID) const override;
void dumpToStream(raw_ostream &os) const override;
QualType getValueType() const override;
const ParmVarDecl *getDecl() const override;
bool canPrintPrettyAsExpr() const override;
void printPrettyAsExpr(raw_ostream &os) const override;
static bool classof(const MemRegion *R) {
return R->getKind() == ParamVarRegionKind;
} }
}; };
/// CXXThisRegion - Represents the region for the implicit 'this' parameter /// CXXThisRegion - Represents the region for the implicit 'this' parameter
/// in a call to a C++ method. This region doesn't represent the object /// in a call to a C++ method. This region doesn't represent the object
/// referred to by 'this', but rather 'this' itself. /// referred to by 'this', but rather 'this' itself.
class CXXThisRegion : public TypedValueRegion { class CXXThisRegion : public TypedValueRegion {
friend class MemRegionManager; friend class MemRegionManager;
Show All 25 Lines
private: private:
const PointerType *ThisPointerTy; const PointerType *ThisPointerTy;
}; };
class FieldRegion : public DeclRegion { class FieldRegion : public DeclRegion {
friend class MemRegionManager; friend class MemRegionManager;
const FieldDecl *FD;
FieldRegion(const FieldDecl *fd, const SubRegion* sReg) FieldRegion(const FieldDecl *fd, const SubRegion *sReg)
: DeclRegion(fd, sReg, FieldRegionKind) {} : DeclRegion(sReg, FieldRegionKind), FD(fd) {}
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const FieldDecl *FD, static void ProfileRegion(llvm::FoldingSetNodeID &ID, const FieldDecl *FD,
const MemRegion* superRegion) { const MemRegion* superRegion) {
DeclRegion::ProfileRegion(ID, FD, superRegion, FieldRegionKind); ID.AddInteger(static_cast<unsigned>(FieldRegionKind));
ID.AddPointer(FD);
ID.AddPointer(superRegion);
} }
public: public:
const FieldDecl *getDecl() const { return cast<FieldDecl>(D); } const FieldDecl *getDecl() const override { return FD; }
void Profile(llvm::FoldingSetNodeID &ID) const override;
QualType getValueType() const override { QualType getValueType() const override {
// FIXME: We can cache this if needed. // FIXME: We can cache this if needed.
return getDecl()->getType(); return getDecl()->getType();
} }
void dumpToStream(raw_ostream &os) const override; void dumpToStream(raw_ostream &os) const override;
bool canPrintPretty() const override; bool canPrintPretty() const override;
void printPretty(raw_ostream &os) const override; void printPretty(raw_ostream &os) const override;
bool canPrintPrettyAsExpr() const override; bool canPrintPrettyAsExpr() const override;
void printPrettyAsExpr(raw_ostream &os) const override; void printPrettyAsExpr(raw_ostream &os) const override;
static bool classof(const MemRegion* R) { static bool classof(const MemRegion* R) {
return R->getKind() == FieldRegionKind; return R->getKind() == FieldRegionKind;
} }
}; };
class ObjCIvarRegion : public DeclRegion { class ObjCIvarRegion : public DeclRegion {
friend class MemRegionManager; friend class MemRegionManager;
const ObjCIvarDecl *IVD;
ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg); ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg);
static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd, static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd,
const MemRegion* superRegion); const MemRegion* superRegion);
public: public:
const ObjCIvarDecl *getDecl() const; const ObjCIvarDecl *getDecl() const;
void Profile(llvm::FoldingSetNodeID& ID) const override;
QualType getValueType() const override; QualType getValueType() const override;
bool canPrintPrettyAsExpr() const override; bool canPrintPrettyAsExpr() const override;
void printPrettyAsExpr(raw_ostream &os) const override; void printPrettyAsExpr(raw_ostream &os) const override;
void dumpToStream(raw_ostream &os) const override; void dumpToStream(raw_ostream &os) const override;
static bool classof(const MemRegion* R) { static bool classof(const MemRegion* R) {
▲ Show 20 LinesShow All 267 Lines▼ Show 20 Linespublic:
const SymbolicRegion *getSymbolicHeapRegion(SymbolRef sym); const SymbolicRegion *getSymbolicHeapRegion(SymbolRef sym);
const StringRegion *getStringRegion(const StringLiteral *Str); const StringRegion *getStringRegion(const StringLiteral *Str);
const ObjCStringRegion *getObjCStringRegion(const ObjCStringLiteral *Str); const ObjCStringRegion *getObjCStringRegion(const ObjCStringLiteral *Str);
/// getVarRegion - Retrieve or create the memory region associated with /// getVarRegion - Retrieve or create the memory region associated with
/// a specified VarDecl and LocationContext. /// a specified VarDecl and LocationContext.
const VarRegion* getVarRegion(const VarDecl *D, const LocationContext *LC); const VarRegion *getVarRegion(const VarDecl *VD, const LocationContext *LC);
/// getVarRegion - Retrieve or create the memory region associated with /// getVarRegion - Retrieve or create the memory region associated with
/// a specified VarDecl and super region. /// a specified VarDecl and LocationContext.
const VarRegion *getVarRegion(const VarDecl *D, const MemRegion *superR); const NonParamVarRegion *getNonParamVarRegion(const VarDecl *VD,
const MemRegion *superR);
/// getParamVarRegion - Retrieve or create the memory region
/// associated with a specified CallExpr, Index and LocationContext.
const ParamVarRegion *getParamVarRegion(const Expr *OriginExpr,
unsigned Index,
const LocationContext *LC);
/// getElementRegion - Retrieve the memory region associated with the /// getElementRegion - Retrieve the memory region associated with the
/// associated element type, index, and super region. /// associated element type, index, and super region.
const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx, const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx,
const SubRegion *superRegion, const SubRegion *superRegion,
ASTContext &Ctx); ASTContext &Ctx);
const ElementRegion *getElementRegionWithSuper(const ElementRegion *ER, const ElementRegion *getElementRegionWithSuper(const ElementRegion *ER,
▲ Show 20 LinesShow All 157 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h

Show First 20 LinesShow All 302 Lines▼ Show 20 Linespublic:
/// Get the lvalue for a base class object reference. /// Get the lvalue for a base class object reference.
Loc getLValue(const CXXBaseSpecifier &BaseSpec, const SubRegion *Super) const; Loc getLValue(const CXXBaseSpecifier &BaseSpec, const SubRegion *Super) const;
/// Get the lvalue for a base class object reference. /// Get the lvalue for a base class object reference.
Loc getLValue(const CXXRecordDecl *BaseClass, const SubRegion *Super, Loc getLValue(const CXXRecordDecl *BaseClass, const SubRegion *Super,
bool IsVirtual) const; bool IsVirtual) const;
/// Get the lvalue for a parameter.
Loc getLValue(const Expr *Call, unsigned Index,
const LocationContext *LC) const;
/// Get the lvalue for a variable reference. /// Get the lvalue for a variable reference.
Loc getLValue(const VarDecl *D, const LocationContext *LC) const; Loc getLValue(const VarDecl *D, const LocationContext *LC) const;
Loc getLValue(const CompoundLiteralExpr *literal, Loc getLValue(const CompoundLiteralExpr *literal,
const LocationContext *LC) const; const LocationContext *LC) const;
/// Get the lvalue for an ivar reference. /// Get the lvalue for an ivar reference.
SVal getLValue(const ObjCIvarDecl *decl, SVal base) const; SVal getLValue(const ObjCIvarDecl *decl, SVal base) const;
▲ Show 20 LinesShow All 564 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/Regions.def

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines ABSTRACT_REGION(TypedValueRegion, TypedRegion)
REGION(CompoundLiteralRegion, TypedValueRegion) REGION(CompoundLiteralRegion, TypedValueRegion)
REGION(CXXBaseObjectRegion, TypedValueRegion) REGION(CXXBaseObjectRegion, TypedValueRegion)
REGION(CXXDerivedObjectRegion, TypedValueRegion) REGION(CXXDerivedObjectRegion, TypedValueRegion)
REGION(CXXTempObjectRegion, TypedValueRegion) REGION(CXXTempObjectRegion, TypedValueRegion)
REGION(CXXThisRegion, TypedValueRegion) REGION(CXXThisRegion, TypedValueRegion)
ABSTRACT_REGION(DeclRegion, TypedValueRegion) ABSTRACT_REGION(DeclRegion, TypedValueRegion)
REGION(FieldRegion, DeclRegion) REGION(FieldRegion, DeclRegion)
REGION(ObjCIvarRegion, DeclRegion) REGION(ObjCIvarRegion, DeclRegion)
REGION(VarRegion, DeclRegion) ABSTRACT_REGION(VarRegion, DeclRegion)
REGION(NonParamVarRegion, VarRegion)
REGION(ParamVarRegion, VarRegion)
REGION_RANGE(VAR_REGIONS, NonParamVarRegionKind,
ParamVarRegionKind)
REGION_RANGE(DECL_REGIONS, FieldRegionKind, REGION_RANGE(DECL_REGIONS, FieldRegionKind,
VarRegionKind) ParamVarRegionKind)
REGION(ElementRegion, TypedValueRegion) REGION(ElementRegion, TypedValueRegion)
REGION(ObjCStringRegion, TypedValueRegion) REGION(ObjCStringRegion, TypedValueRegion)
REGION(StringRegion, TypedValueRegion) REGION(StringRegion, TypedValueRegion)
REGION_RANGE(TYPED_VALUE_REGIONS, CompoundLiteralRegionKind, REGION_RANGE(TYPED_VALUE_REGIONS, CompoundLiteralRegionKind,
StringRegionKind) StringRegionKind)
REGION_RANGE(TYPED_REGIONS, BlockDataRegionKind, REGION_RANGE(TYPED_REGIONS, BlockDataRegionKind,
StringRegionKind) StringRegionKind)
#undef REGION_RANGE #undef REGION_RANGE
#undef ABSTRACT_REGION #undef ABSTRACT_REGION
#undef REGION #undef REGION

clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp

Show First 20 LinesShow All 703 Lines▼ Show 20 LinesProgramStateRef CStringChecker::setCStringLength(ProgramStateRef state,
switch (MR->getKind()) { switch (MR->getKind()) {
case MemRegion::StringRegionKind: case MemRegion::StringRegionKind:
// FIXME: This can happen if we strcpy() into a string region. This is // FIXME: This can happen if we strcpy() into a string region. This is
// undefined [C99 6.4.5p6], but we should still warn about it. // undefined [C99 6.4.5p6], but we should still warn about it.
return state; return state;
case MemRegion::SymbolicRegionKind: case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind: case MemRegion::AllocaRegionKind:
case MemRegion::VarRegionKind: case MemRegion::NonParamVarRegionKind:
case MemRegion::ParamVarRegionKind:
case MemRegion::FieldRegionKind: case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
// These are the types we can currently track string lengths for. // These are the types we can currently track string lengths for.
break; break;
case MemRegion::ElementRegionKind: case MemRegion::ElementRegionKind:
// FIXME: Handle element regions by upper-bounding the parent region's // FIXME: Handle element regions by upper-bounding the parent region's
// string length. // string length.
▲ Show 20 LinesShow All 88 Lines▼ Show 20 Lines case MemRegion::StringRegionKind: {
// so we can assume that the byte length is the correct C string length. // so we can assume that the byte length is the correct C string length.
SValBuilder &svalBuilder = C.getSValBuilder(); SValBuilder &svalBuilder = C.getSValBuilder();
QualType sizeTy = svalBuilder.getContext().getSizeType(); QualType sizeTy = svalBuilder.getContext().getSizeType();
const StringLiteral *strLit = cast<StringRegion>(MR)->getStringLiteral(); const StringLiteral *strLit = cast<StringRegion>(MR)->getStringLiteral();
return svalBuilder.makeIntVal(strLit->getByteLength(), sizeTy); return svalBuilder.makeIntVal(strLit->getByteLength(), sizeTy);
} }
case MemRegion::SymbolicRegionKind: case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind: case MemRegion::AllocaRegionKind:
case MemRegion::VarRegionKind: case MemRegion::NonParamVarRegionKind:
case MemRegion::ParamVarRegionKind:
case MemRegion::FieldRegionKind: case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
return getCStringLengthForRegion(C, state, Ex, MR, hypothetical); return getCStringLengthForRegion(C, state, Ex, MR, hypothetical);
case MemRegion::CompoundLiteralRegionKind: case MemRegion::CompoundLiteralRegionKind:
// FIXME: Can we track this? Is it necessary? // FIXME: Can we track this? Is it necessary?
return UnknownVal(); return UnknownVal();
case MemRegion::ElementRegionKind: case MemRegion::ElementRegionKind:
// FIXME: How can we handle this? It's not good enough to subtract the // FIXME: How can we handle this? It's not good enough to subtract the
▲ Show 20 LinesShow All 178 Lines▼ Show 20 Linesbool CStringChecker::SummarizeRegion(raw_ostream &os, ASTContext &Ctx,
case MemRegion::BlockDataRegionKind: case MemRegion::BlockDataRegionKind:
os << "a block"; os << "a block";
return true; return true;
case MemRegion::CXXThisRegionKind: case MemRegion::CXXThisRegionKind:
case MemRegion::CXXTempObjectRegionKind: case MemRegion::CXXTempObjectRegionKind:
os << "a C++ temp object of type " os << "a C++ temp object of type "
<< cast<TypedValueRegion>(MR)->getValueType().getAsString(); << cast<TypedValueRegion>(MR)->getValueType().getAsString();
return true; return true;
case MemRegion::VarRegionKind: case MemRegion::NonParamVarRegionKind:
os << "a variable of type" os << "a variable of type"
<< cast<TypedValueRegion>(MR)->getValueType().getAsString(); << cast<TypedValueRegion>(MR)->getValueType().getAsString();
return true; return true;
case MemRegion::ParamVarRegionKind:
os << "a parameter of type"
<< cast<TypedValueRegion>(MR)->getValueType().getAsString();
return true;
case MemRegion::FieldRegionKind: case MemRegion::FieldRegionKind:
os << "a field of type " os << "a field of type "
<< cast<TypedValueRegion>(MR)->getValueType().getAsString(); << cast<TypedValueRegion>(MR)->getValueType().getAsString();
return true; return true;
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
os << "an instance variable of type " os << "an instance variable of type "
<< cast<TypedValueRegion>(MR)->getValueType().getAsString(); << cast<TypedValueRegion>(MR)->getValueType().getAsString();
return true; return true;
▲ Show 20 LinesShow All 1,433 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/CallEvent.cpp

Show First 20 LinesShow All 216 Lines▼ Show 20 Lines for (; Idx < Sz; ++Idx)
if (auto StmtElem = (*B)[Idx].getAs<CFGStmt>()) if (auto StmtElem = (*B)[Idx].getAs<CFGStmt>())
if (StmtElem->getStmt() == E) if (StmtElem->getStmt() == E)
break; break;
assert(Idx < Sz); assert(Idx < Sz);
return ADC->getManager()->getStackFrame(ADC, LCtx, E, B, BlockCount, Idx); return ADC->getManager()->getStackFrame(ADC, LCtx, E, B, BlockCount, Idx);
} }
const VarRegion *CallEvent::getParameterLocation(unsigned Index, const ParamVarRegion
unsigned BlockCount) const { *CallEvent::getParameterLocation(unsigned Index, unsigned BlockCount) const {
const StackFrameContext *SFC = getCalleeStackFrame(BlockCount); const StackFrameContext *SFC = getCalleeStackFrame(BlockCount);
// We cannot construct a VarRegion without a stack frame. // We cannot construct a VarRegion without a stack frame.
if (!SFC) if (!SFC)
return nullptr; return nullptr;
// Retrieve parameters of the definition, which are different from const ParamVarRegion *PVR =
// CallEvent's parameters() because getDecl() isn't necessarily State->getStateManager().getRegionManager().getParamVarRegion(
// the definition. SFC contains the definition that would be used getOriginExpr(), Index, SFC);
// during analysis. return PVR;
const Decl *D = SFC->getDecl();
// TODO: Refactor into a virtual method of CallEvent, like parameters().
const ParmVarDecl *PVD = nullptr;
if (const auto *FD = dyn_cast<FunctionDecl>(D))
PVD = FD->parameters()[Index];
else if (const auto *BD = dyn_cast<BlockDecl>(D))
PVD = BD->parameters()[Index];
else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D))
PVD = MD->parameters()[Index];
else if (const auto *CD = dyn_cast<CXXConstructorDecl>(D))
PVD = CD->parameters()[Index];
assert(PVD && "Unexpected Decl kind!");
const VarRegion *VR =
State->getStateManager().getRegionManager().getVarRegion(PVD, SFC);
// This sanity check would fail if our parameter declaration doesn't
// correspond to the stack frame's function declaration.
assert(VR->getStackFrame() == SFC);
return VR;
} }
/// Returns true if a type is a pointer-to-const or reference-to-const /// Returns true if a type is a pointer-to-const or reference-to-const
/// with no further indirection. /// with no further indirection.
static bool isPointerToConst(QualType Ty) { static bool isPointerToConst(QualType Ty) {
QualType PointeeTy = Ty->getPointeeType(); QualType PointeeTy = Ty->getPointeeType();
if (PointeeTy == QualType()) if (PointeeTy == QualType())
return false; return false;
▲ Show 20 LinesShow All 54 Lines▼ Show 20 Lines for (unsigned Idx = 0, Count = getNumArgs(); Idx != Count; ++Idx) {
// destructor has access to the temporary object after the call. // destructor has access to the temporary object after the call.
// TODO: Support placement arguments once we start // TODO: Support placement arguments once we start
// constructing them directly. // constructing them directly.
// TODO: This is unnecessary when there's no destructor, but that's // TODO: This is unnecessary when there's no destructor, but that's
// currently hard to figure out. // currently hard to figure out.
if (getKind() != CE_CXXAllocator) if (getKind() != CE_CXXAllocator)
if (isArgumentConstructedDirectly(Idx)) if (isArgumentConstructedDirectly(Idx))
if (auto AdjIdx = getAdjustedParameterIndex(Idx)) if (auto AdjIdx = getAdjustedParameterIndex(Idx))
if (const VarRegion *VR = getParameterLocation(*AdjIdx, BlockCount)) if (const TypedValueRegion *TVR =
ValuesToInvalidate.push_back(loc::MemRegionVal(VR)); getParameterLocation(*AdjIdx, BlockCount))
ValuesToInvalidate.push_back(loc::MemRegionVal(TVR));
} }
// Invalidate designated regions using the batch invalidation API. // Invalidate designated regions using the batch invalidation API.
// NOTE: Even if RegionsToInvalidate is empty, we may still invalidate // NOTE: Even if RegionsToInvalidate is empty, we may still invalidate
// global variables. // global variables.
return Result->invalidateRegions(ValuesToInvalidate, getOriginExpr(), return Result->invalidateRegions(ValuesToInvalidate, getOriginExpr(),
BlockCount, getLocationContext(), BlockCount, getLocationContext(),
/*CausedByPointerEscape*/ true, /*CausedByPointerEscape*/ true,
▲ Show 20 LinesShow All 184 Lines▼ Show 20 Lines if (Call.getKind() != CE_CXXAllocator)
if (Call.isArgumentConstructedDirectly(Call.getASTArgumentIndex(Idx))) if (Call.isArgumentConstructedDirectly(Call.getASTArgumentIndex(Idx)))
continue; continue;
// TODO: Allocators should receive the correct size and possibly alignment, // TODO: Allocators should receive the correct size and possibly alignment,
// determined in compile-time but not represented as arg-expressions, // determined in compile-time but not represented as arg-expressions,
// which makes getArgSVal() fail and return UnknownVal. // which makes getArgSVal() fail and return UnknownVal.
SVal ArgVal = Call.getArgSVal(Idx); SVal ArgVal = Call.getArgSVal(Idx);
if (!ArgVal.isUnknown()) { if (!ArgVal.isUnknown()) {
Loc ParamLoc = SVB.makeLoc(MRMgr.getVarRegion(ParamDecl, CalleeCtx)); Loc ParamLoc = SVB.makeLoc(
MRMgr.getParamVarRegion(Call.getOriginExpr(), Idx, CalleeCtx));
Bindings.push_back(std::make_pair(ParamLoc, ArgVal)); Bindings.push_back(std::make_pair(ParamLoc, ArgVal));
} }
} }
// FIXME: Variadic arguments are not handled at all right now. // FIXME: Variadic arguments are not handled at all right now.
} }
const ConstructionContext *CallEvent::getConstructionContext() const { const ConstructionContext *CallEvent::getConstructionContext() const {
▲ Show 20 LinesShow All 952 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp

Show First 20 LinesShow All 212 Lines▼ Show 20 Lines if (const BlockDataRegion *BDR =
BlockDataRegion::referenced_vars_iterator I = BDR->referenced_vars_begin(), BlockDataRegion::referenced_vars_iterator I = BDR->referenced_vars_begin(),
E = BDR->referenced_vars_end(); E = BDR->referenced_vars_end();
auto CI = BD->capture_begin(); auto CI = BD->capture_begin();
auto CE = BD->capture_end(); auto CE = BD->capture_end();
for (; I != E; ++I) { for (; I != E; ++I) {
const VarRegion *capturedR = I.getCapturedRegion(); const VarRegion *capturedR = I.getCapturedRegion();
const VarRegion *originalR = I.getOriginalRegion(); const TypedValueRegion *originalR = I.getOriginalRegion();
// If the capture had a copy expression, use the result of evaluating // If the capture had a copy expression, use the result of evaluating
// that expression, otherwise use the original value. // that expression, otherwise use the original value.
// We rely on the invariant that the block declaration's capture variables // We rely on the invariant that the block declaration's capture variables
// are a prefix of the BlockDataRegion's referenced vars (which may include // are a prefix of the BlockDataRegion's referenced vars (which may include
// referenced globals, etc.) to enable fast lookup of the capture for a // referenced globals, etc.) to enable fast lookup of the capture for a
// given referenced var. // given referenced var.
const Expr *copyExpr = nullptr; const Expr *copyExpr = nullptr;
▲ Show 20 LinesShow All 945 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp

Show First 20 LinesShow All 297 Lines▼ Show 20 Lines case ConstructionContext::ArgumentKind: {
// FIXME: Support for variadic arguments is not implemented here yet. // FIXME: Support for variadic arguments is not implemented here yet.
if (CallEvent::isVariadic(CalleeD)) if (CallEvent::isVariadic(CalleeD))
return None; return None;
// Operator arguments do not correspond to operator parameters // Operator arguments do not correspond to operator parameters
// because this-argument is implemented as a normal argument in // because this-argument is implemented as a normal argument in
// operator call expressions but not in operator declarations. // operator call expressions but not in operator declarations.
const VarRegion *VR = Caller->getParameterLocation( const TypedValueRegion *TVR = Caller->getParameterLocation(
*Caller->getAdjustedParameterIndex(Idx), currBldrCtx->blockCount()); *Caller->getAdjustedParameterIndex(Idx), currBldrCtx->blockCount());
if (!VR) if (!TVR)
return None; return None;
return loc::MemRegionVal(VR); return loc::MemRegionVal(TVR);
}; };
if (const auto *CE = dyn_cast<CallExpr>(E)) { if (const auto *CE = dyn_cast<CallExpr>(E)) {
CallEventRef<> Caller = CEMgr.getSimpleCall(CE, State, LCtx); CallEventRef<> Caller = CEMgr.getSimpleCall(CE, State, LCtx);
if (Optional<SVal> V = getArgLoc(Caller)) if (Optional<SVal> V = getArgLoc(Caller))
return *V; return *V;
else else
break; break;
▲ Show 20 LinesShow All 703 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/MemRegion.cpp

Show First 20 LinesShow All 154 Lines▼ Show 20 Lines
} }
const StackFrameContext *VarRegion::getStackFrame() const { const StackFrameContext *VarRegion::getStackFrame() const {
const auto *SSR = dyn_cast<StackSpaceRegion>(getMemorySpace()); const auto *SSR = dyn_cast<StackSpaceRegion>(getMemorySpace());
return SSR ? SSR->getStackFrame() : nullptr; return SSR ? SSR->getStackFrame() : nullptr;
} }
ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg) ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg)
: DeclRegion(ivd, sReg, ObjCIvarRegionKind) {} : DeclRegion(sReg, ObjCIvarRegionKind), IVD(ivd) {}
const ObjCIvarDecl *ObjCIvarRegion::getDecl() const { const ObjCIvarDecl *ObjCIvarRegion::getDecl() const { return IVD; }
return cast<ObjCIvarDecl>(D);
}
QualType ObjCIvarRegion::getValueType() const { QualType ObjCIvarRegion::getValueType() const {
return getDecl()->getType(); return getDecl()->getType();
} }
QualType CXXBaseObjectRegion::getValueType() const { QualType CXXBaseObjectRegion::getValueType() const {
return QualType(getDecl()->getTypeForDecl(), 0); return QualType(getDecl()->getTypeForDecl(), 0);
} }
QualType CXXDerivedObjectRegion::getValueType() const { QualType CXXDerivedObjectRegion::getValueType() const {
return QualType(getDecl()->getTypeForDecl(), 0); return QualType(getDecl()->getTypeForDecl(), 0);
} }
QualType ParamVarRegion::getValueType() const {
assert(getDecl() &&
"`ParamVarRegion` support functions without `Decl` not implemented"
NoQUnsubmitted
Done
ReplyInline Actions

It will eventually have to. Maybe `"...not implemented yet"?

NoQ: It will eventually have to. Maybe `"...not implemented yet"?
" yet.");
return getDecl()->getType();
}
const ParmVarDecl *ParamVarRegion::getDecl() const {
const Decl *D = getStackFrame()->getDecl();
if (const auto *FD = dyn_cast<FunctionDecl>(D)) {
assert(Index < FD->param_size());
return FD->parameters()[Index];
} else if (const auto *BD = dyn_cast<BlockDecl>(D)) {
assert(Index < BD->param_size());
return BD->parameters()[Index];
} else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) {
assert(Index < MD->param_size());
return MD->parameters()[Index];
} else if (const auto *CD = dyn_cast<CXXConstructorDecl>(D)) {
assert(Index < CD->param_size());
return CD->parameters()[Index];
} else {
llvm_unreachable("Unexpected Decl kind!");
}
}
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// FoldingSet profiling. // FoldingSet profiling.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
void MemSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const { void MemSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
ID.AddInteger(static_cast<unsigned>(getKind())); ID.AddInteger(static_cast<unsigned>(getKind()));
} }
▲ Show 20 LinesShow All 55 Lines▼ Show 20 Linesvoid CXXThisRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
ID.AddPointer(PT); ID.AddPointer(PT);
ID.AddPointer(sRegion); ID.AddPointer(sRegion);
} }
void CXXThisRegion::Profile(llvm::FoldingSetNodeID &ID) const { void CXXThisRegion::Profile(llvm::FoldingSetNodeID &ID) const {
CXXThisRegion::ProfileRegion(ID, ThisPointerTy, superRegion); CXXThisRegion::ProfileRegion(ID, ThisPointerTy, superRegion);
} }
void FieldRegion::Profile(llvm::FoldingSetNodeID &ID) const {
ProfileRegion(ID, getDecl(), superRegion);
}
void ObjCIvarRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, void ObjCIvarRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
const ObjCIvarDecl *ivd, const ObjCIvarDecl *ivd,
const MemRegion* superRegion) { const MemRegion* superRegion) {
DeclRegion::ProfileRegion(ID, ivd, superRegion, ObjCIvarRegionKind); ID.AddInteger(static_cast<unsigned>(ObjCIvarRegionKind));
ID.AddPointer(ivd);
ID.AddPointer(superRegion);
}
void ObjCIvarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
ProfileRegion(ID, getDecl(), superRegion);
} }
void DeclRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, const Decl *D, void NonParamVarRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
const MemRegion* superRegion, Kind k) { const VarDecl *VD,
ID.AddInteger(static_cast<unsigned>(k)); const MemRegion *superRegion) {
ID.AddPointer(D); ID.AddInteger(static_cast<unsigned>(NonParamVarRegionKind));
ID.AddPointer(VD);
ID.AddPointer(superRegion); ID.AddPointer(superRegion);
} }
void DeclRegion::Profile(llvm::FoldingSetNodeID& ID) const { void NonParamVarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
DeclRegion::ProfileRegion(ID, D, superRegion, getKind()); ProfileRegion(ID, getDecl(), superRegion);
} }
void VarRegion::Profile(llvm::FoldingSetNodeID &ID) const { void ParamVarRegion::ProfileRegion(llvm::FoldingSetNodeID &ID, const Expr *OE,
VarRegion::ProfileRegion(ID, getDecl(), superRegion); unsigned Idx, const MemRegion *SReg) {
ID.AddInteger(static_cast<unsigned>(ParamVarRegionKind));
ID.AddPointer(OE);
ID.AddInteger(Idx);
ID.AddPointer(SReg);
}
void ParamVarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
ProfileRegion(ID, getOriginExpr(), getIndex(), superRegion);
} }
void SymbolicRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym, void SymbolicRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym,
const MemRegion *sreg) { const MemRegion *sreg) {
ID.AddInteger(static_cast<unsigned>(MemRegion::SymbolicRegionKind)); ID.AddInteger(static_cast<unsigned>(MemRegion::SymbolicRegionKind));
ID.Add(sym); ID.Add(sym);
ID.AddPointer(sreg); ID.AddPointer(sreg);
} }
▲ Show 20 LinesShow All 195 Lines▼ Show 20 Lines
} }
void SymbolicRegion::dumpToStream(raw_ostream &os) const { void SymbolicRegion::dumpToStream(raw_ostream &os) const {
if (isa<HeapSpaceRegion>(getSuperRegion())) if (isa<HeapSpaceRegion>(getSuperRegion()))
os << "Heap"; os << "Heap";
os << "SymRegion{" << sym << '}'; os << "SymRegion{" << sym << '}';
} }
void VarRegion::dumpToStream(raw_ostream &os) const { void NonParamVarRegion::dumpToStream(raw_ostream &os) const {
const auto *VD = cast<VarDecl>(D);
if (const IdentifierInfo *ID = VD->getIdentifier()) if (const IdentifierInfo *ID = VD->getIdentifier())
os << ID->getName(); os << ID->getName();
else else
os << "VarRegion{D" << VD->getID() << '}'; os << "NonParamVarRegion{D" << VD->getID() << '}';
} }
LLVM_DUMP_METHOD void RegionRawOffset::dump() const { LLVM_DUMP_METHOD void RegionRawOffset::dump() const {
dumpToStream(llvm::errs()); dumpToStream(llvm::errs());
} }
void RegionRawOffset::dumpToStream(raw_ostream &os) const { void RegionRawOffset::dumpToStream(raw_ostream &os) const {
os << "raw_offset{" << getRegion() << ',' << getOffset().getQuantity() << '}'; os << "raw_offset{" << getRegion() << ',' << getOffset().getQuantity() << '}';
Show All 30 Lines
void StackArgumentsSpaceRegion::dumpToStream(raw_ostream &os) const { void StackArgumentsSpaceRegion::dumpToStream(raw_ostream &os) const {
os << "StackArgumentsSpaceRegion"; os << "StackArgumentsSpaceRegion";
} }
void StackLocalsSpaceRegion::dumpToStream(raw_ostream &os) const { void StackLocalsSpaceRegion::dumpToStream(raw_ostream &os) const {
os << "StackLocalsSpaceRegion"; os << "StackLocalsSpaceRegion";
} }
void ParamVarRegion::dumpToStream(raw_ostream &os) const {
const ParmVarDecl *PVD = getDecl();
assert(PVD &&
"`ParamVarRegion` support functions without `Decl` not implemented"
" yet.");
if (const IdentifierInfo *ID = PVD->getIdentifier()) {
os << ID->getName();
} else {
os << "ParamVarRegion{P" << PVD->getID() << '}';
}
}
bool MemRegion::canPrintPretty() const { bool MemRegion::canPrintPretty() const {
return canPrintPrettyAsExpr(); return canPrintPrettyAsExpr();
} }
bool MemRegion::canPrintPrettyAsExpr() const { bool MemRegion::canPrintPrettyAsExpr() const {
return false; return false;
} }
void MemRegion::printPretty(raw_ostream &os) const { void MemRegion::printPretty(raw_ostream &os) const {
assert(canPrintPretty() && "This region cannot be printed pretty."); assert(canPrintPretty() && "This region cannot be printed pretty.");
os << "'"; os << "'";
printPrettyAsExpr(os); printPrettyAsExpr(os);
os << "'"; os << "'";
} }
void MemRegion::printPrettyAsExpr(raw_ostream &) const { void MemRegion::printPrettyAsExpr(raw_ostream &) const {
llvm_unreachable("This region cannot be printed pretty."); llvm_unreachable("This region cannot be printed pretty.");
} }
bool VarRegion::canPrintPrettyAsExpr() const { bool NonParamVarRegion::canPrintPrettyAsExpr() const { return true; }
return true;
void NonParamVarRegion::printPrettyAsExpr(raw_ostream &os) const {
os << getDecl()->getName();
} }
void VarRegion::printPrettyAsExpr(raw_ostream &os) const { bool ParamVarRegion::canPrintPrettyAsExpr() const { return true; }
void ParamVarRegion::printPrettyAsExpr(raw_ostream &os) const {
assert(getDecl() &&
"`ParamVarRegion` support functions without `Decl` not implemented"
" yet.");
os << getDecl()->getName(); os << getDecl()->getName();
} }
bool ObjCIvarRegion::canPrintPrettyAsExpr() const { bool ObjCIvarRegion::canPrintPrettyAsExpr() const {
return true; return true;
} }
void ObjCIvarRegion::printPrettyAsExpr(raw_ostream &os) const { void ObjCIvarRegion::printPrettyAsExpr(raw_ostream &os) const {
▲ Show 20 LinesShow All 122 Lines▼ Show 20 Lines return SVB.makeIntVal(
cast<StringRegion>(SR)->getStringLiteral()->getByteLength() + 1, cast<StringRegion>(SR)->getStringLiteral()->getByteLength() + 1,
SVB.getArrayIndexType()); SVB.getArrayIndexType());
case MemRegion::CompoundLiteralRegionKind: case MemRegion::CompoundLiteralRegionKind:
case MemRegion::CXXBaseObjectRegionKind: case MemRegion::CXXBaseObjectRegionKind:
case MemRegion::CXXDerivedObjectRegionKind: case MemRegion::CXXDerivedObjectRegionKind:
case MemRegion::CXXTempObjectRegionKind: case MemRegion::CXXTempObjectRegionKind:
case MemRegion::CXXThisRegionKind: case MemRegion::CXXThisRegionKind:
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
case MemRegion::VarRegionKind: case MemRegion::NonParamVarRegionKind:
case MemRegion::ParamVarRegionKind:
case MemRegion::ElementRegionKind: case MemRegion::ElementRegionKind:
case MemRegion::ObjCStringRegionKind: { case MemRegion::ObjCStringRegionKind: {
QualType Ty = cast<TypedValueRegion>(SR)->getDesugaredValueType(Ctx); QualType Ty = cast<TypedValueRegion>(SR)->getDesugaredValueType(Ctx);
if (isa<VariableArrayType>(Ty)) if (isa<VariableArrayType>(Ty))
return nonloc::SymbolVal(SymMgr.getExtentSymbol(SR)); return nonloc::SymbolVal(SymMgr.getExtentSymbol(SR));
if (Ty->isIncompleteType()) if (Ty->isIncompleteType())
return UnknownVal(); return UnknownVal();
▲ Show 20 LinesShow All 137 Lines▼ Show 20 Lines if (const auto *SFC = dyn_cast<StackFrameContext>(LC)) {
return SFC; return SFC;
} }
if (const auto *BC = dyn_cast<BlockInvocationContext>(LC)) { if (const auto *BC = dyn_cast<BlockInvocationContext>(LC)) {
const auto *BR = static_cast<const BlockDataRegion *>(BC->getData()); const auto *BR = static_cast<const BlockDataRegion *>(BC->getData());
// FIXME: This can be made more efficient. // FIXME: This can be made more efficient.
for (BlockDataRegion::referenced_vars_iterator for (BlockDataRegion::referenced_vars_iterator
I = BR->referenced_vars_begin(), I = BR->referenced_vars_begin(),
E = BR->referenced_vars_end(); I != E; ++I) { E = BR->referenced_vars_end(); I != E; ++I) {
const VarRegion *VR = I.getOriginalRegion(); const TypedValueRegion *OrigR = I.getOriginalRegion();
if (const auto *VR = dyn_cast<VarRegion>(OrigR)) {
if (VR->getDecl() == VD) if (VR->getDecl() == VD)
return cast<VarRegion>(I.getCapturedRegion()); return cast<VarRegion>(I.getCapturedRegion());
} }
} }
}
LC = LC->getParent(); LC = LC->getParent();
} }
return (const StackFrameContext *)nullptr; return (const StackFrameContext *)nullptr;
} }
const VarRegion* MemRegionManager::getVarRegion(const VarDecl *D, const VarRegion *MemRegionManager::getVarRegion(const VarDecl *D,
const LocationContext *LC) { const LocationContext *LC) {
const auto *PVD = dyn_cast<ParmVarDecl>(D);
if (PVD) {
unsigned Index = PVD->getFunctionScopeIndex();
const StackFrameContext *SFC = LC->getStackFrame();
const Stmt *CallSite = SFC->getCallSite();
if (CallSite) {
const Decl *D = SFC->getDecl();
if (const auto *FD = dyn_cast<FunctionDecl>(D)) {
if (Index < FD->param_size() && FD->parameters()[Index] == PVD)
return getSubRegion<ParamVarRegion>(cast<Expr>(CallSite), Index,
getStackArgumentsRegion(SFC));
} else if (const auto *BD = dyn_cast<BlockDecl>(D)) {
if (Index < BD->param_size() && BD->parameters()[Index] == PVD)
return getSubRegion<ParamVarRegion>(cast<Expr>(CallSite), Index,
getStackArgumentsRegion(SFC));
} else {
return getSubRegion<ParamVarRegion>(cast<Expr>(CallSite), Index,
getStackArgumentsRegion(SFC));
}
}
}
D = D->getCanonicalDecl(); D = D->getCanonicalDecl();
const MemRegion *sReg = nullptr; const MemRegion *sReg = nullptr;
if (D->hasGlobalStorage() && !D->isStaticLocal()) { if (D->hasGlobalStorage() && !D->isStaticLocal()) {
// First handle the globals defined in system headers. // First handle the globals defined in system headers.
if (Ctx.getSourceManager().isInSystemHeader(D->getLocation())) { if (Ctx.getSourceManager().isInSystemHeader(D->getLocation())) {
// Whitelist the system globals which often DO GET modified, assume the // Whitelist the system globals which often DO GET modified, assume the
▲ Show 20 LinesShow All 66 Lines▼ Show 20 Lines if (!STC) {
} }
else { else {
sReg = getGlobalsRegion(); sReg = getGlobalsRegion();
} }
} }
} }
} }
return getSubRegion<VarRegion>(D, sReg); return getSubRegion<NonParamVarRegion>(D, sReg);
} }
const VarRegion *MemRegionManager::getVarRegion(const VarDecl *D, const NonParamVarRegion *
MemRegionManager::getNonParamVarRegion(const VarDecl *D,
const MemRegion *superR) { const MemRegion *superR) {
D = D->getCanonicalDecl(); D = D->getCanonicalDecl();
return getSubRegion<VarRegion>(D, superR); return getSubRegion<NonParamVarRegion>(D, superR);
}
const ParamVarRegion *
MemRegionManager::getParamVarRegion(const Expr *OriginExpr, unsigned Index,
const LocationContext *LC) {
const StackFrameContext *SFC = LC->getStackFrame();
assert(SFC);
return getSubRegion<ParamVarRegion>(OriginExpr, Index,
getStackArgumentsRegion(SFC));
} }
const BlockDataRegion * const BlockDataRegion *
MemRegionManager::getBlockDataRegion(const BlockCodeRegion *BC, MemRegionManager::getBlockDataRegion(const BlockCodeRegion *BC,
const LocationContext *LC, const LocationContext *LC,
unsigned blockCount) { unsigned blockCount) {
const MemSpaceRegion *sReg = nullptr; const MemSpaceRegion *sReg = nullptr;
const BlockDecl *BD = BC->getDecl(); const BlockDecl *BD = BC->getDecl();
▲ Show 20 LinesShow All 376 Lines▼ Show 20 Lines case MemRegion::BlockDataRegionKind:
goto Finish; goto Finish;
case MemRegion::SymbolicRegionKind: case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind: case MemRegion::AllocaRegionKind:
case MemRegion::CompoundLiteralRegionKind: case MemRegion::CompoundLiteralRegionKind:
case MemRegion::CXXThisRegionKind: case MemRegion::CXXThisRegionKind:
case MemRegion::StringRegionKind: case MemRegion::StringRegionKind:
case MemRegion::ObjCStringRegionKind: case MemRegion::ObjCStringRegionKind:
case MemRegion::VarRegionKind: case MemRegion::NonParamVarRegionKind:
case MemRegion::ParamVarRegionKind:
case MemRegion::CXXTempObjectRegionKind: case MemRegion::CXXTempObjectRegionKind:
// Usual base regions. // Usual base regions.
goto Finish; goto Finish;
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
// This is a little strange, but it's a compromise between // This is a little strange, but it's a compromise between
// ObjCIvarRegions having unknown compile-time offsets (when using the // ObjCIvarRegions having unknown compile-time offsets (when using the
// non-fragile runtime) and yet still being distinct, non-overlapping // non-fragile runtime) and yet still being distinct, non-overlapping
▲ Show 20 LinesShow All 139 Lines▼ Show 20 Lines
std::pair<const VarRegion *, const VarRegion *> std::pair<const VarRegion *, const VarRegion *>
BlockDataRegion::getCaptureRegions(const VarDecl *VD) { BlockDataRegion::getCaptureRegions(const VarDecl *VD) {
MemRegionManager &MemMgr = getMemRegionManager(); MemRegionManager &MemMgr = getMemRegionManager();
const VarRegion *VR = nullptr; const VarRegion *VR = nullptr;
const VarRegion *OriginalVR = nullptr; const VarRegion *OriginalVR = nullptr;
if (!VD->hasAttr<BlocksAttr>() && VD->hasLocalStorage()) { if (!VD->hasAttr<BlocksAttr>() && VD->hasLocalStorage()) {
VR = MemMgr.getVarRegion(VD, this); VR = MemMgr.getNonParamVarRegion(VD, this);
OriginalVR = MemMgr.getVarRegion(VD, LC); OriginalVR = MemMgr.getVarRegion(VD, LC);
} }
else { else {
if (LC) { if (LC) {
VR = MemMgr.getVarRegion(VD, LC); VR = MemMgr.getVarRegion(VD, LC);
OriginalVR = VR; OriginalVR = VR;
} }
else { else {
VR = MemMgr.getVarRegion(VD, MemMgr.getUnknownRegion()); VR = MemMgr.getNonParamVarRegion(VD, MemMgr.getUnknownRegion());
OriginalVR = MemMgr.getVarRegion(VD, LC); OriginalVR = MemMgr.getVarRegion(VD, LC);
} }
} }
return std::make_pair(VR, OriginalVR); return std::make_pair(VR, OriginalVR);
} }
void BlockDataRegion::LazyInitializeReferencedVars() { void BlockDataRegion::LazyInitializeReferencedVars() {
if (ReferencedVars) if (ReferencedVars)
▲ Show 20 LinesShow All 120 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/Store.cpp

Show First 20 LinesShow All 128 Lines▼ Show 20 Lines switch (R->getKind()) {
case MemRegion::StringRegionKind: case MemRegion::StringRegionKind:
// FIXME: Need to handle arbitrary downcasts. // FIXME: Need to handle arbitrary downcasts.
case MemRegion::SymbolicRegionKind: case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind: case MemRegion::AllocaRegionKind:
case MemRegion::CompoundLiteralRegionKind: case MemRegion::CompoundLiteralRegionKind:
case MemRegion::FieldRegionKind: case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind: case MemRegion::ObjCIvarRegionKind:
case MemRegion::ObjCStringRegionKind: case MemRegion::ObjCStringRegionKind:
case MemRegion::VarRegionKind: case MemRegion::NonParamVarRegionKind:
case MemRegion::ParamVarRegionKind:
case MemRegion::CXXTempObjectRegionKind: case MemRegion::CXXTempObjectRegionKind:
case MemRegion::CXXBaseObjectRegionKind: case MemRegion::CXXBaseObjectRegionKind:
case MemRegion::CXXDerivedObjectRegionKind: case MemRegion::CXXDerivedObjectRegionKind:
return MakeElementRegion(cast<SubRegion>(R), PointeeTy); return MakeElementRegion(cast<SubRegion>(R), PointeeTy);
case MemRegion::ElementRegionKind: { case MemRegion::ElementRegionKind: {
// If we are casting from an ElementRegion to another type, the // If we are casting from an ElementRegion to another type, the
// algorithm is as follows: // algorithm is as follows:
▲ Show 20 LinesShow All 421 LinesShow Last 20 Lines

clang/test/Analysis/explain-svals.c

Show All 21 Lines if (param == 42)
clang_analyzer_explain_int(param); // expected-warning-re{{{{^signed 32-bit integer '42'$}}}} clang_analyzer_explain_int(param); // expected-warning-re{{{{^signed 32-bit integer '42'$}}}}
} }
void test_2(struct S s) { void test_2(struct S s) {
clang_analyzer_explain_S(s); //expected-warning-re{{{{^lazily frozen compound value of parameter 's'$}}}} clang_analyzer_explain_S(s); //expected-warning-re{{{{^lazily frozen compound value of parameter 's'$}}}}
clang_analyzer_explain_voidp(&s); // expected-warning-re{{{{^pointer to parameter 's'$}}}} clang_analyzer_explain_voidp(&s); // expected-warning-re{{{{^pointer to parameter 's'$}}}}
clang_analyzer_explain_int(s.z); // expected-warning-re{{{{^initial value of field 'z' of parameter 's'$}}}} clang_analyzer_explain_int(s.z); // expected-warning-re{{{{^initial value of field 'z' of parameter 's'$}}}}
} }
void test_3(int param) {
clang_analyzer_explain_voidp(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
void test_non_top_level(int param) {
clang_analyzer_explain_voidp(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
void test_4(int n) {
test_non_top_level(n);
}

clang/test/Analysis/explain-svals.cpp

Show All 13 Lines struct S2 : S3 {
int *x; int *x;
} s2[10]; } s2[10];
int z; int z;
}; };
void clang_analyzer_explain(int); void clang_analyzer_explain(int);
void clang_analyzer_explain(void *); void clang_analyzer_explain(void *);
void clang_analyzer_explain(const int *);
void clang_analyzer_explain(S); void clang_analyzer_explain(S);
size_t clang_analyzer_getExtent(void *); size_t clang_analyzer_getExtent(void *);
size_t strlen(const char *); size_t strlen(const char *);
int conjure(); int conjure();
S conjure_S(); S conjure_S();
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Linespublic:
} }
}; };
} // end of anonymous namespace } // end of anonymous namespace
void test_6() { void test_6() {
clang_analyzer_explain(conjure_S()); // expected-warning-re{{{{^lazily frozen compound value of temporary object constructed at statement 'conjure_S\(\)'$}}}} clang_analyzer_explain(conjure_S()); // expected-warning-re{{{{^lazily frozen compound value of temporary object constructed at statement 'conjure_S\(\)'$}}}}
clang_analyzer_explain(conjure_S().z); // expected-warning-re{{{{^value derived from \(symbol of type 'int' conjured at statement 'conjure_S\(\)'\) for field 'z' of temporary object constructed at statement 'conjure_S\(\)'$}}}} clang_analyzer_explain(conjure_S().z); // expected-warning-re{{{{^value derived from \(symbol of type 'int' conjured at statement 'conjure_S\(\)'\) for field 'z' of temporary object constructed at statement 'conjure_S\(\)'$}}}}
} }
class C_top_level {
public:
C_top_level(int param) {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
};
class C_non_top_level {
public:
C_non_top_level(int param) {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
};
void test_7(int n) {
C_non_top_level c(n);
auto lambda_top_level = [n](int param) {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
};
auto lambda_non_top_level = [n](int param) {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
};
lambda_non_top_level(n);
}

clang/test/Analysis/explain-svals.m

Show All 22 Lines
void test_2() { void test_2() {
__block int x; __block int x;
^{ ^{
clang_analyzer_explain(&x); // expected-warning-re{{{{^pointer to block variable 'x'$}}}} clang_analyzer_explain(&x); // expected-warning-re{{{{^pointer to block variable 'x'$}}}}
}; };
clang_analyzer_explain(&x); // expected-warning-re{{{{^pointer to block variable 'x'$}}}} clang_analyzer_explain(&x); // expected-warning-re{{{{^pointer to block variable 'x'$}}}}
} }
@interface O
+ (instancetype)top_level_class_method:(int)param;
+ (instancetype)non_top_level_class_method:(int)param;
- top_level_instance_method:(int)param;
- non_top_level_instance_method:(int)param;
@end
@implementation O
+ (instancetype)top_level_class_method:(int)param {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
+ (instancetype)non_top_level_class_method:(int)param {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
- top_level_instance_method:(int)param {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
- non_top_level_instance_method:(int)param {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
}
@end
void test_3(int n, int m) {
O *o = [O non_top_level_class_method:n];
[o non_top_level_instance_method:m];
void (^block_top_level)(int) = ^(int param) {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
clang_analyzer_explain(&n); // expected-warning-re{{{{^pointer to parameter 'n'$}}}}
};
void (^block_non_top_level)(int) = ^(int param) {
clang_analyzer_explain(&param); // expected-warning-re{{{{^pointer to parameter 'param'$}}}}
clang_analyzer_explain(&n); // expected-warning-re{{{{^pointer to parameter 'n'$}}}}
};
block_non_top_level(n);
}

clang/unittests/StaticAnalyzer/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
FrontendOpenMP FrontendOpenMP
Support Support
) )
add_clang_unittest(StaticAnalysisTests add_clang_unittest(StaticAnalysisTests
AnalyzerOptionsTest.cpp AnalyzerOptionsTest.cpp
CallDescriptionTest.cpp CallDescriptionTest.cpp
CallEventTest.cpp CallEventTest.cpp
ParamRegionTest.cpp
RangeSetTest.cpp RangeSetTest.cpp
RegisterCustomCheckersTest.cpp RegisterCustomCheckersTest.cpp
StoreTest.cpp StoreTest.cpp
SymbolReaperTest.cpp SymbolReaperTest.cpp
TestReturnValueUnderConstruction.cpp TestReturnValueUnderConstruction.cpp
) )
clang_target_link_libraries(StaticAnalysisTests clang_target_link_libraries(StaticAnalysisTests
Show All 12 Lines

clang/unittests/StaticAnalyzer/ParamRegionTest.cpp

  • This file was added.
//===- unittests/StaticAnalyzer/ParamRegionTest.cpp -----------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "Reusables.h"
#include "clang/Tooling/Tooling.h"
#include "gtest/gtest.h"
namespace clang {
namespace ento {
namespace {
class ParamRegionTestConsumer : public ExprEngineConsumer {
void performTest(const Decl *D) {
StoreManager &StMgr = Eng.getStoreManager();
MemRegionManager &MRMgr = StMgr.getRegionManager();
const StackFrameContext *SFC =
Eng.getAnalysisDeclContextManager().getStackFrame(D);
if (const auto *FD = dyn_cast<FunctionDecl>(D)) {
for (const auto *P : FD->parameters()) {
const TypedValueRegion *Reg = MRMgr.getVarRegion(P, SFC);
if (SFC->inTopFrame())
assert(isa<NonParamVarRegion>(Reg));
else
assert(isa<ParamVarRegion>(Reg));
}
} else if (const auto *CD = dyn_cast<CXXConstructorDecl>(D)) {
for (const auto *P : CD->parameters()) {
const TypedValueRegion *Reg = MRMgr.getVarRegion(P, SFC);
if (SFC->inTopFrame())
assert(isa<NonParamVarRegion>(Reg));
else
assert(isa<ParamVarRegion>(Reg));
}
} else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) {
for (const auto *P : MD->parameters()) {
const TypedValueRegion *Reg = MRMgr.getVarRegion(P, SFC);
if (SFC->inTopFrame())
assert(isa<NonParamVarRegion>(Reg));
else
assert(isa<ParamVarRegion>(Reg));
}
}
}
public:
ParamRegionTestConsumer(CompilerInstance &C) : ExprEngineConsumer(C) {}
bool HandleTopLevelDecl(DeclGroupRef DG) override {
for (const auto *D : DG) {
performTest(D);
}
return true;
}
};
class ParamRegionTestAction : public ASTFrontendAction {
public:
std::unique_ptr<ASTConsumer> CreateASTConsumer(CompilerInstance &Compiler,
StringRef File) override {
return std::make_unique<ParamRegionTestConsumer>(Compiler);
}
};
TEST(ParamRegion, ParamRegionTest) {
EXPECT_TRUE(
tooling::runToolOnCode(std::make_unique<ParamRegionTestAction>(),
R"(void foo(int n) {
auto lambda = [n](int m) {
return n + m;
};
int k = lambda(2);
}
void bar(int l) {
foo(l);
}
struct S {
int n;
S(int nn): n(nn) {}
};
void baz(int p) {
S s(p);
})"));
EXPECT_TRUE(
tooling::runToolOnCode(std::make_unique<ParamRegionTestAction>(),
R"(@interface O
+ alloc;
- initWithInt:(int)q;
@end
void qix(int r) {
O *o = [[O alloc] initWithInt:r];
})",
"input.m"));
}
} // namespace
} // namespace ento
} // namespace clang