clang API Documentation

SubEngine.h
Go to the documentation of this file.
00001 //== SubEngine.h - Interface of the subengine of CoreEngine --------*- C++ -*-//
00002 //
00003 //                     The LLVM Compiler Infrastructure
00004 //
00005 // This file is distributed under the University of Illinois Open Source
00006 // License. See LICENSE.TXT for details.
00007 //
00008 //===----------------------------------------------------------------------===//
00009 //
00010 // This file defines the interface of a subengine of the CoreEngine.
00011 //
00012 //===----------------------------------------------------------------------===//
00013 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_SUBENGINE_H
00014 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_SUBENGINE_H
00015 
00016 #include "clang/Analysis/ProgramPoint.h"
00017 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
00018 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
00019 
00020 namespace clang {
00021 
00022 class CFGBlock;
00023 class CFGElement;
00024 class LocationContext;
00025 class Stmt;
00026 
00027 namespace ento {
00028   
00029 struct NodeBuilderContext;
00030 class AnalysisManager;
00031 class ExplodedNodeSet;
00032 class ExplodedNode;
00033 class ProgramState;
00034 class ProgramStateManager;
00035 class BlockCounter;
00036 class BranchNodeBuilder;
00037 class IndirectGotoNodeBuilder;
00038 class SwitchNodeBuilder;
00039 class EndOfFunctionNodeBuilder;
00040 class NodeBuilderWithSinks;
00041 class MemRegion;
00042 
00043 class SubEngine {
00044   virtual void anchor();
00045 public:
00046   virtual ~SubEngine() {}
00047 
00048   virtual ProgramStateRef getInitialState(const LocationContext *InitLoc) = 0;
00049 
00050   virtual AnalysisManager &getAnalysisManager() = 0;
00051 
00052   virtual ProgramStateManager &getStateManager() = 0;
00053 
00054   /// Called by CoreEngine. Used to generate new successor
00055   /// nodes by processing the 'effects' of a block-level statement.
00056   virtual void processCFGElement(const CFGElement E, ExplodedNode* Pred,
00057                                  unsigned StmtIdx, NodeBuilderContext *Ctx)=0;
00058 
00059   /// Called by CoreEngine when it starts processing a CFGBlock.  The
00060   /// SubEngine is expected to populate dstNodes with new nodes representing
00061   /// updated analysis state, or generate no nodes at all if it doesn't.
00062   virtual void processCFGBlockEntrance(const BlockEdge &L,
00063                                        NodeBuilderWithSinks &nodeBuilder,
00064                                        ExplodedNode *Pred) = 0;
00065 
00066   /// Called by CoreEngine.  Used to generate successor
00067   ///  nodes by processing the 'effects' of a branch condition.
00068   virtual void processBranch(const Stmt *Condition, const Stmt *Term,
00069                              NodeBuilderContext& BuilderCtx,
00070                              ExplodedNode *Pred,
00071                              ExplodedNodeSet &Dst,
00072                              const CFGBlock *DstT,
00073                              const CFGBlock *DstF) = 0;
00074 
00075   /// Called by CoreEngine.
00076   /// Used to generate successor nodes for temporary destructors depending
00077   /// on whether the corresponding constructor was visited.
00078   virtual void processCleanupTemporaryBranch(const CXXBindTemporaryExpr *BTE,
00079                                              NodeBuilderContext &BldCtx,
00080                                              ExplodedNode *Pred,
00081                                              ExplodedNodeSet &Dst,
00082                                              const CFGBlock *DstT,
00083                                              const CFGBlock *DstF) = 0;
00084 
00085   /// Called by CoreEngine.  Used to processing branching behavior
00086   /// at static initalizers.
00087   virtual void processStaticInitializer(const DeclStmt *DS,
00088                                         NodeBuilderContext& BuilderCtx,
00089                                         ExplodedNode *Pred,
00090                                         ExplodedNodeSet &Dst,
00091                                         const CFGBlock *DstT,
00092                                         const CFGBlock *DstF) = 0;
00093 
00094   /// Called by CoreEngine.  Used to generate successor
00095   /// nodes by processing the 'effects' of a computed goto jump.
00096   virtual void processIndirectGoto(IndirectGotoNodeBuilder& builder) = 0;
00097 
00098   /// Called by CoreEngine.  Used to generate successor
00099   /// nodes by processing the 'effects' of a switch statement.
00100   virtual void processSwitch(SwitchNodeBuilder& builder) = 0;
00101 
00102   /// Called by CoreEngine.  Used to generate end-of-path
00103   /// nodes when the control reaches the end of a function.
00104   virtual void processEndOfFunction(NodeBuilderContext& BC,
00105                                     ExplodedNode *Pred) = 0;
00106 
00107   // Generate the entry node of the callee.
00108   virtual void processCallEnter(CallEnter CE, ExplodedNode *Pred) = 0;
00109 
00110   // Generate the first post callsite node.
00111   virtual void processCallExit(ExplodedNode *Pred) = 0;
00112 
00113   /// Called by ConstraintManager. Used to call checker-specific
00114   /// logic for handling assumptions on symbolic values.
00115   virtual ProgramStateRef processAssume(ProgramStateRef state,
00116                                        SVal cond, bool assumption) = 0;
00117 
00118   /// wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a
00119   ///  region change should trigger a processRegionChanges update.
00120   virtual bool wantsRegionChangeUpdate(ProgramStateRef state) = 0;
00121 
00122   /// processRegionChanges - Called by ProgramStateManager whenever a change is
00123   /// made to the store. Used to update checkers that track region values.
00124   virtual ProgramStateRef 
00125   processRegionChanges(ProgramStateRef state,
00126                        const InvalidatedSymbols *invalidated,
00127                        ArrayRef<const MemRegion *> ExplicitRegions,
00128                        ArrayRef<const MemRegion *> Regions,
00129                        const CallEvent *Call) = 0;
00130 
00131 
00132   inline ProgramStateRef 
00133   processRegionChange(ProgramStateRef state,
00134                       const MemRegion* MR) {
00135     return processRegionChanges(state, nullptr, MR, MR, nullptr);
00136   }
00137 
00138   virtual ProgramStateRef
00139   processPointerEscapedOnBind(ProgramStateRef State, SVal Loc, SVal Val) = 0;
00140 
00141   virtual ProgramStateRef
00142   notifyCheckersOfPointerEscape(ProgramStateRef State,
00143                            const InvalidatedSymbols *Invalidated,
00144                            ArrayRef<const MemRegion *> ExplicitRegions,
00145                            ArrayRef<const MemRegion *> Regions,
00146                            const CallEvent *Call,
00147                            RegionAndSymbolInvalidationTraits &HTraits) = 0;
00148 
00149   /// printState - Called by ProgramStateManager to print checker-specific data.
00150   virtual void printState(raw_ostream &Out, ProgramStateRef State,
00151                           const char *NL, const char *Sep) = 0;
00152 
00153   /// Called by CoreEngine when the analysis worklist is either empty or the
00154   //  maximum number of analysis steps have been reached.
00155   virtual void processEndWorklist(bool hasWorkRemaining) = 0;
00156 };
00157 
00158 } // end GR namespace
00159 
00160 } // end clang namespace
00161 
00162 #endif

Generated on Tue Nov 18 2014 04:29:45 for r222231 by Doxygen 1.7.6.1.

See the Main Clang Web Page for more information.