clang API Documentation
00001 // SValBuilder.h - Construction of SVals from evaluating expressions -*- C++ -*- 00002 // 00003 // The LLVM Compiler Infrastructure 00004 // 00005 // This file is distributed under the University of Illinois Open Source 00006 // License. See LICENSE.TXT for details. 00007 // 00008 //===----------------------------------------------------------------------===// 00009 // 00010 // This file defines SValBuilder, a class that defines the interface for 00011 // "symbolical evaluators" which construct an SVal from an expression. 00012 // 00013 //===----------------------------------------------------------------------===// 00014 00015 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_SVALBUILDER_H 00016 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_SVALBUILDER_H 00017 00018 #include "clang/AST/ASTContext.h" 00019 #include "clang/AST/Expr.h" 00020 #include "clang/AST/ExprObjC.h" 00021 #include "clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h" 00022 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h" 00023 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h" 00024 00025 namespace clang { 00026 00027 class CXXBoolLiteralExpr; 00028 00029 namespace ento { 00030 00031 class SValBuilder { 00032 virtual void anchor(); 00033 protected: 00034 ASTContext &Context; 00035 00036 /// Manager of APSInt values. 00037 BasicValueFactory BasicVals; 00038 00039 /// Manages the creation of symbols. 00040 SymbolManager SymMgr; 00041 00042 /// Manages the creation of memory regions. 00043 MemRegionManager MemMgr; 00044 00045 ProgramStateManager &StateMgr; 00046 00047 /// The scalar type to use for array indices. 00048 const QualType ArrayIndexTy; 00049 00050 /// The width of the scalar type used for array indices. 00051 const unsigned ArrayIndexWidth; 00052 00053 virtual SVal evalCastFromNonLoc(NonLoc val, QualType castTy) = 0; 00054 virtual SVal evalCastFromLoc(Loc val, QualType castTy) = 0; 00055 00056 public: 00057 // FIXME: Make these protected again once RegionStoreManager correctly 00058 // handles loads from different bound value types. 00059 virtual SVal dispatchCast(SVal val, QualType castTy) = 0; 00060 00061 public: 00062 SValBuilder(llvm::BumpPtrAllocator &alloc, ASTContext &context, 00063 ProgramStateManager &stateMgr) 00064 : Context(context), BasicVals(context, alloc), 00065 SymMgr(context, BasicVals, alloc), 00066 MemMgr(context, alloc), 00067 StateMgr(stateMgr), 00068 ArrayIndexTy(context.IntTy), 00069 ArrayIndexWidth(context.getTypeSize(ArrayIndexTy)) {} 00070 00071 virtual ~SValBuilder() {} 00072 00073 bool haveSameType(const SymExpr *Sym1, const SymExpr *Sym2) { 00074 return haveSameType(Sym1->getType(), Sym2->getType()); 00075 } 00076 00077 bool haveSameType(QualType Ty1, QualType Ty2) { 00078 // FIXME: Remove the second disjunct when we support symbolic 00079 // truncation/extension. 00080 return (Context.getCanonicalType(Ty1) == Context.getCanonicalType(Ty2) || 00081 (Ty1->isIntegralOrEnumerationType() && 00082 Ty2->isIntegralOrEnumerationType())); 00083 } 00084 00085 SVal evalCast(SVal val, QualType castTy, QualType originalType); 00086 00087 virtual SVal evalMinus(NonLoc val) = 0; 00088 00089 virtual SVal evalComplement(NonLoc val) = 0; 00090 00091 /// Create a new value which represents a binary expression with two non- 00092 /// location operands. 00093 virtual SVal evalBinOpNN(ProgramStateRef state, BinaryOperator::Opcode op, 00094 NonLoc lhs, NonLoc rhs, QualType resultTy) = 0; 00095 00096 /// Create a new value which represents a binary expression with two memory 00097 /// location operands. 00098 virtual SVal evalBinOpLL(ProgramStateRef state, BinaryOperator::Opcode op, 00099 Loc lhs, Loc rhs, QualType resultTy) = 0; 00100 00101 /// Create a new value which represents a binary expression with a memory 00102 /// location and non-location operands. For example, this would be used to 00103 /// evaluate a pointer arithmetic operation. 00104 virtual SVal evalBinOpLN(ProgramStateRef state, BinaryOperator::Opcode op, 00105 Loc lhs, NonLoc rhs, QualType resultTy) = 0; 00106 00107 /// Evaluates a given SVal. If the SVal has only one possible (integer) value, 00108 /// that value is returned. Otherwise, returns NULL. 00109 virtual const llvm::APSInt *getKnownValue(ProgramStateRef state, SVal val) = 0; 00110 00111 /// Constructs a symbolic expression for two non-location values. 00112 SVal makeSymExprValNN(ProgramStateRef state, BinaryOperator::Opcode op, 00113 NonLoc lhs, NonLoc rhs, QualType resultTy); 00114 00115 SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 00116 SVal lhs, SVal rhs, QualType type); 00117 00118 DefinedOrUnknownSVal evalEQ(ProgramStateRef state, DefinedOrUnknownSVal lhs, 00119 DefinedOrUnknownSVal rhs); 00120 00121 ASTContext &getContext() { return Context; } 00122 const ASTContext &getContext() const { return Context; } 00123 00124 ProgramStateManager &getStateManager() { return StateMgr; } 00125 00126 QualType getConditionType() const { 00127 return Context.getLangOpts().CPlusPlus ? Context.BoolTy : Context.IntTy; 00128 } 00129 00130 QualType getArrayIndexType() const { 00131 return ArrayIndexTy; 00132 } 00133 00134 BasicValueFactory &getBasicValueFactory() { return BasicVals; } 00135 const BasicValueFactory &getBasicValueFactory() const { return BasicVals; } 00136 00137 SymbolManager &getSymbolManager() { return SymMgr; } 00138 const SymbolManager &getSymbolManager() const { return SymMgr; } 00139 00140 MemRegionManager &getRegionManager() { return MemMgr; } 00141 const MemRegionManager &getRegionManager() const { return MemMgr; } 00142 00143 // Forwarding methods to SymbolManager. 00144 00145 const SymbolConjured* conjureSymbol(const Stmt *stmt, 00146 const LocationContext *LCtx, 00147 QualType type, 00148 unsigned visitCount, 00149 const void *symbolTag = nullptr) { 00150 return SymMgr.conjureSymbol(stmt, LCtx, type, visitCount, symbolTag); 00151 } 00152 00153 const SymbolConjured* conjureSymbol(const Expr *expr, 00154 const LocationContext *LCtx, 00155 unsigned visitCount, 00156 const void *symbolTag = nullptr) { 00157 return SymMgr.conjureSymbol(expr, LCtx, visitCount, symbolTag); 00158 } 00159 00160 /// Construct an SVal representing '0' for the specified type. 00161 DefinedOrUnknownSVal makeZeroVal(QualType type); 00162 00163 /// Make a unique symbol for value of region. 00164 DefinedOrUnknownSVal getRegionValueSymbolVal(const TypedValueRegion *region); 00165 00166 /// \brief Create a new symbol with a unique 'name'. 00167 /// 00168 /// We resort to conjured symbols when we cannot construct a derived symbol. 00169 /// The advantage of symbols derived/built from other symbols is that we 00170 /// preserve the relation between related(or even equivalent) expressions, so 00171 /// conjured symbols should be used sparingly. 00172 DefinedOrUnknownSVal conjureSymbolVal(const void *symbolTag, 00173 const Expr *expr, 00174 const LocationContext *LCtx, 00175 unsigned count); 00176 DefinedOrUnknownSVal conjureSymbolVal(const void *symbolTag, 00177 const Expr *expr, 00178 const LocationContext *LCtx, 00179 QualType type, 00180 unsigned count); 00181 00182 DefinedOrUnknownSVal conjureSymbolVal(const Stmt *stmt, 00183 const LocationContext *LCtx, 00184 QualType type, 00185 unsigned visitCount); 00186 /// \brief Conjure a symbol representing heap allocated memory region. 00187 /// 00188 /// Note, the expression should represent a location. 00189 DefinedOrUnknownSVal getConjuredHeapSymbolVal(const Expr *E, 00190 const LocationContext *LCtx, 00191 unsigned Count); 00192 00193 DefinedOrUnknownSVal getDerivedRegionValueSymbolVal( 00194 SymbolRef parentSymbol, const TypedValueRegion *region); 00195 00196 DefinedSVal getMetadataSymbolVal( 00197 const void *symbolTag, const MemRegion *region, 00198 const Expr *expr, QualType type, unsigned count); 00199 00200 DefinedSVal getFunctionPointer(const FunctionDecl *func); 00201 00202 DefinedSVal getBlockPointer(const BlockDecl *block, CanQualType locTy, 00203 const LocationContext *locContext, 00204 unsigned blockCount); 00205 00206 /// Returns the value of \p E, if it can be determined in a non-path-sensitive 00207 /// manner. 00208 /// 00209 /// If \p E is not a constant or cannot be modeled, returns \c None. 00210 Optional<SVal> getConstantVal(const Expr *E); 00211 00212 NonLoc makeCompoundVal(QualType type, llvm::ImmutableList<SVal> vals) { 00213 return nonloc::CompoundVal(BasicVals.getCompoundValData(type, vals)); 00214 } 00215 00216 NonLoc makeLazyCompoundVal(const StoreRef &store, 00217 const TypedValueRegion *region) { 00218 return nonloc::LazyCompoundVal( 00219 BasicVals.getLazyCompoundValData(store, region)); 00220 } 00221 00222 NonLoc makeZeroArrayIndex() { 00223 return nonloc::ConcreteInt(BasicVals.getValue(0, ArrayIndexTy)); 00224 } 00225 00226 NonLoc makeArrayIndex(uint64_t idx) { 00227 return nonloc::ConcreteInt(BasicVals.getValue(idx, ArrayIndexTy)); 00228 } 00229 00230 SVal convertToArrayIndex(SVal val); 00231 00232 nonloc::ConcreteInt makeIntVal(const IntegerLiteral* integer) { 00233 return nonloc::ConcreteInt( 00234 BasicVals.getValue(integer->getValue(), 00235 integer->getType()->isUnsignedIntegerOrEnumerationType())); 00236 } 00237 00238 nonloc::ConcreteInt makeBoolVal(const ObjCBoolLiteralExpr *boolean) { 00239 return makeTruthVal(boolean->getValue(), boolean->getType()); 00240 } 00241 00242 nonloc::ConcreteInt makeBoolVal(const CXXBoolLiteralExpr *boolean); 00243 00244 nonloc::ConcreteInt makeIntVal(const llvm::APSInt& integer) { 00245 return nonloc::ConcreteInt(BasicVals.getValue(integer)); 00246 } 00247 00248 loc::ConcreteInt makeIntLocVal(const llvm::APSInt &integer) { 00249 return loc::ConcreteInt(BasicVals.getValue(integer)); 00250 } 00251 00252 NonLoc makeIntVal(const llvm::APInt& integer, bool isUnsigned) { 00253 return nonloc::ConcreteInt(BasicVals.getValue(integer, isUnsigned)); 00254 } 00255 00256 DefinedSVal makeIntVal(uint64_t integer, QualType type) { 00257 if (Loc::isLocType(type)) 00258 return loc::ConcreteInt(BasicVals.getValue(integer, type)); 00259 00260 return nonloc::ConcreteInt(BasicVals.getValue(integer, type)); 00261 } 00262 00263 NonLoc makeIntVal(uint64_t integer, bool isUnsigned) { 00264 return nonloc::ConcreteInt(BasicVals.getIntValue(integer, isUnsigned)); 00265 } 00266 00267 NonLoc makeIntValWithPtrWidth(uint64_t integer, bool isUnsigned) { 00268 return nonloc::ConcreteInt( 00269 BasicVals.getIntWithPtrWidth(integer, isUnsigned)); 00270 } 00271 00272 NonLoc makeLocAsInteger(Loc loc, unsigned bits) { 00273 return nonloc::LocAsInteger(BasicVals.getPersistentSValWithData(loc, bits)); 00274 } 00275 00276 NonLoc makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op, 00277 const llvm::APSInt& rhs, QualType type); 00278 00279 NonLoc makeNonLoc(const llvm::APSInt& rhs, BinaryOperator::Opcode op, 00280 const SymExpr *lhs, QualType type); 00281 00282 NonLoc makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op, 00283 const SymExpr *rhs, QualType type); 00284 00285 /// \brief Create a NonLoc value for cast. 00286 NonLoc makeNonLoc(const SymExpr *operand, QualType fromTy, QualType toTy); 00287 00288 nonloc::ConcreteInt makeTruthVal(bool b, QualType type) { 00289 return nonloc::ConcreteInt(BasicVals.getTruthValue(b, type)); 00290 } 00291 00292 nonloc::ConcreteInt makeTruthVal(bool b) { 00293 return nonloc::ConcreteInt(BasicVals.getTruthValue(b)); 00294 } 00295 00296 Loc makeNull() { 00297 return loc::ConcreteInt(BasicVals.getZeroWithPtrWidth()); 00298 } 00299 00300 Loc makeLoc(SymbolRef sym) { 00301 return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); 00302 } 00303 00304 Loc makeLoc(const MemRegion* region) { 00305 return loc::MemRegionVal(region); 00306 } 00307 00308 Loc makeLoc(const AddrLabelExpr *expr) { 00309 return loc::GotoLabel(expr->getLabel()); 00310 } 00311 00312 Loc makeLoc(const llvm::APSInt& integer) { 00313 return loc::ConcreteInt(BasicVals.getValue(integer)); 00314 } 00315 00316 /// Return a memory region for the 'this' object reference. 00317 loc::MemRegionVal getCXXThis(const CXXMethodDecl *D, 00318 const StackFrameContext *SFC); 00319 00320 /// Return a memory region for the 'this' object reference. 00321 loc::MemRegionVal getCXXThis(const CXXRecordDecl *D, 00322 const StackFrameContext *SFC); 00323 }; 00324 00325 SValBuilder* createSimpleSValBuilder(llvm::BumpPtrAllocator &alloc, 00326 ASTContext &context, 00327 ProgramStateManager &stateMgr); 00328 00329 } // end GR namespace 00330 00331 } // end clang namespace 00332 00333 #endif