#include <CheckerContext.h>

Collaboration diagram for clang::ento::CheckerContext:

Public Member Functions
	CheckerContext (NodeBuilder &builder, ExprEngine &eng, ExplodedNode *pred, const ProgramPoint &loc, bool wasInlined=false)
AnalysisManager &	getAnalysisManager ()
ConstraintManager &	getConstraintManager ()
StoreManager &	getStoreManager ()
ExplodedNode *	getPredecessor ()
	Returns the previous node in the exploded graph, which includes the state of the program before the checker ran. Note, checkers should not retain the node in their state since the nodes might get invalidated.
const ProgramStateRef &	getState () const
bool	isDifferent ()
	Check if the checker changed the state of the execution; ex: added a new transition or a bug report.
unsigned	blockCount () const
	Returns the number of times the current block has been visited along the analyzed path.
ASTContext &	getASTContext ()
const LangOptions &	getLangOpts () const
const LocationContext *	getLocationContext () const
const StackFrameContext *	getStackFrame () const
bool	inTopFrame () const
	Return true if the current LocationContext has no caller context.
BugReporter &	getBugReporter ()
SourceManager &	getSourceManager ()
SValBuilder &	getSValBuilder ()
SymbolManager &	getSymbolManager ()
bool	isObjCGCEnabled () const
ProgramStateManager &	getStateManager ()
AnalysisDeclContext *	getCurrentAnalysisDeclContext () const
unsigned	getBlockID () const
	Get the blockID.
SVal	getSVal (const Stmt *S) const
	Get the value of arbitrary expressions at this point in the path.
ExplodedNode *	addTransition (ProgramStateRef State=nullptr, const ProgramPointTag *Tag=nullptr)
	Generates a new transition in the program state graph (ExplodedGraph). Uses the default CheckerContext predecessor node.
ExplodedNode *	addTransition (ProgramStateRef State, ExplodedNode Pred, const ProgramPointTag Tag=nullptr)
	Generates a new transition with the given predecessor. Allows checkers to generate a chain of nodes.
ExplodedNode *	generateSink (ProgramStateRef State=nullptr, ExplodedNode Pred=nullptr, const ProgramPointTag Tag=nullptr)
	Generate a sink node. Generating a sink stops exploration of the given path.
void	emitReport (BugReport *R)
	Emit the diagnostics report.
const FunctionDecl *	getCalleeDecl (const CallExpr *CE) const
	Get the declaration of the called function (path-sensitive).
StringRef	getCalleeName (const FunctionDecl *FunDecl) const
	Get the name of the called function (path-sensitive).
const IdentifierInfo *	getCalleeIdentifier (const CallExpr *CE) const
	Get the identifier of the called function (path-sensitive).
StringRef	getCalleeName (const CallExpr *CE) const
	Get the name of the called function (path-sensitive).
StringRef	getMacroNameOrSpelling (SourceLocation &Loc)
	Depending on wither the location corresponds to a macro, return either the macro name or the token spelling.
Static Public Member Functions
static const MemRegion *	getLocationRegionIfPostStore (const ExplodedNode *N)
	If the given node corresponds to a PostStore program point, retrieve the location region as it was uttered in the code.
static bool	isCLibraryFunction (const FunctionDecl *FD, StringRef Name=StringRef())
	Returns true if the callee is an externally-visible function in the top-level namespace, such as `malloc`.
Public Attributes
const bool	wasInlined

Detailed Description

Definition at line 70 of file CheckerContext.h.

Constructor & Destructor Documentation

clang::ento::CheckerContext::CheckerContext	(	NodeBuilder &	builder,
		ExprEngine &	eng,
		ExplodedNode *	pred,
		const ProgramPoint &	loc,
		bool	wasInlined = `false`
	)		`[inline]`

Definition at line 87 of file CheckerContext.h.

References clang::ento::ExplodedNode::getState().

Member Function Documentation

ExplodedNode* clang::ento::CheckerContext::addTransition	(	ProgramStateRef	State = `nullptr`,
		const ProgramPointTag *	Tag = `nullptr`
	)		`[inline]`

Generates a new transition in the program state graph (ExplodedGraph). Uses the default CheckerContext predecessor node.

Parameters:

State	The state of the generated node. If not specified, the state will not be changed, but the new node will have the checker's tag.
Tag	The tag is used to uniquely identify the creation site. If no tag is specified, a default tag, unique to the given checker, will be used. Tags are used to prevent states generated at different sites from caching out.

Definition at line 208 of file CheckerContext.h.

References getState(), and State.

Referenced by addSelfFlag(), recordFixedType(), and setFlag().

ExplodedNode* clang::ento::CheckerContext::addTransition	(	ProgramStateRef	State,
		ExplodedNode *	Pred,
		const ProgramPointTag *	Tag = `nullptr`
	)		`[inline]`

Generates a new transition with the given predecessor. Allows checkers to generate a chain of nodes.

Parameters:

State	The state of the generated node.
Pred	The transition will be generated from the specified Pred node to the newly generated node.
Tag	The tag to uniquely identify the creation site.

Definition at line 220 of file CheckerContext.h.

unsigned clang::ento::CheckerContext::blockCount ( ) const [inline]

Returns the number of times the current block has been visited along the analyzed path.

Definition at line 126 of file CheckerContext.h.

References clang::ento::NodeBuilderContext::blockCount(), and clang::ento::NodeBuilder::getContext().

void clang::ento::CheckerContext::emitReport ( BugReport * R ) [inline]

Emit the diagnostics report.

Definition at line 235 of file CheckerContext.h.

References clang::ento::BugReporter::emitReport(), and clang::ento::ExprEngine::getBugReporter().

Referenced by emitBug().

ExplodedNode* clang::ento::CheckerContext::generateSink	(	ProgramStateRef	State = `nullptr`,
		ExplodedNode *	Pred = `nullptr`,
		const ProgramPointTag *	Tag = `nullptr`
	)		`[inline]`

Generate a sink node. Generating a sink stops exploration of the given path.

Definition at line 228 of file CheckerContext.h.

References getState(), and State.

Referenced by emitBug().

AnalysisManager& clang::ento::CheckerContext::getAnalysisManager ( ) [inline]

Definition at line 102 of file CheckerContext.h.

References clang::ento::ExprEngine::getAnalysisManager().

ASTContext& clang::ento::CheckerContext::getASTContext ( ) [inline]

Definition at line 130 of file CheckerContext.h.

References clang::ento::ExprEngine::getContext().

Referenced by recordFixedType().

unsigned clang::ento::CheckerContext::getBlockID ( ) const [inline]

Get the blockID.

Definition at line 178 of file CheckerContext.h.

References clang::ento::NodeBuilderContext::getBlock(), clang::CFGBlock::getBlockID(), and clang::ento::NodeBuilder::getContext().

BugReporter& clang::ento::CheckerContext::getBugReporter ( ) [inline]

Definition at line 149 of file CheckerContext.h.

References clang::ento::ExprEngine::getBugReporter().

Referenced by getSourceManager().

const FunctionDecl * CheckerContext::getCalleeDecl ( const CallExpr * CE ) const

Get the declaration of the called function (path-sensitive).

Definition at line 22 of file CheckerContext.cpp.

References clang::ento::SVal::getAsFunctionDecl(), clang::CallExpr::getCallee(), clang::ento::ExplodedNode::getLocationContext(), getState(), and State.

Referenced by getCalleeIdentifier(), getCalleeName(), and getPrintfFormatArgumentNum().

const IdentifierInfo* clang::ento::CheckerContext::getCalleeIdentifier ( const CallExpr * CE ) const [inline]

Get the identifier of the called function (path-sensitive).

Definition at line 247 of file CheckerContext.h.

References getCalleeDecl(), and clang::NamedDecl::getIdentifier().

StringRef CheckerContext::getCalleeName ( const FunctionDecl * FunDecl ) const

Get the name of the called function (path-sensitive).

Definition at line 29 of file CheckerContext.cpp.

References clang::NamedDecl::getIdentifier(), and clang::IdentifierInfo::getName().

Referenced by getCalleeName(), and getPrintfFormatArgumentNum().

StringRef clang::ento::CheckerContext::getCalleeName ( const CallExpr * CE ) const [inline]

Get the name of the called function (path-sensitive).

Definition at line 256 of file CheckerContext.h.

References getCalleeDecl(), and getCalleeName().

ConstraintManager& clang::ento::CheckerContext::getConstraintManager ( ) [inline]

Definition at line 106 of file CheckerContext.h.

References clang::ento::ExprEngine::getConstraintManager().

AnalysisDeclContext* clang::ento::CheckerContext::getCurrentAnalysisDeclContext ( ) const [inline]

Definition at line 173 of file CheckerContext.h.

References clang::LocationContext::getAnalysisDeclContext(), and clang::ento::ExplodedNode::getLocationContext().

Referenced by isSelfVar().

const LangOptions& clang::ento::CheckerContext::getLangOpts ( ) const [inline]

Definition at line 134 of file CheckerContext.h.

References clang::ento::ExprEngine::getContext(), and clang::ASTContext::getLangOpts().

Referenced by getMacroNameOrSpelling().

const LocationContext* clang::ento::CheckerContext::getLocationContext ( ) const [inline]

Definition at line 138 of file CheckerContext.h.

References clang::ento::ExplodedNode::getLocationContext().

Referenced by assumeCollectionNonEmpty(), checkElementNonNil(), getAsPointeeSymbol(), getSVal(), inTopFrame(), isInvalidSelf(), and parameterTypeFromSVal().

static const MemRegion* clang::ento::CheckerContext::getLocationRegionIfPostStore ( const ExplodedNode * N ) [inline, static]

If the given node corresponds to a PostStore program point, retrieve the location region as it was uttered in the code.

This utility can be useful for generating extensive diagnostics, for example, for finding variables that the given symbol was assigned to.

Definition at line 187 of file CheckerContext.h.

References clang::ProgramPoint::getAs(), and clang::ento::ExplodedNode::getLocation().

StringRef CheckerContext::getMacroNameOrSpelling ( SourceLocation & Loc )

Depending on wither the location corresponds to a macro, return either the macro name or the token spelling.

This could be useful when checkers' logic depends on whether a function is called with a given macro argument. For example: s = socket(AF_INET,..) If AF_INET is a macro, the result should be treated as a source of taint.

See also:: clang::Lexer::getSpelling(), clang::Lexer::getImmediateMacroName().

Definition at line 91 of file CheckerContext.cpp.

References clang::Lexer::getImmediateMacroName(), getLangOpts(), getSourceManager(), clang::Lexer::getSpelling(), and clang::SourceLocation::isMacroID().

ExplodedNode* clang::ento::CheckerContext::getPredecessor ( ) [inline]

Returns the previous node in the exploded graph, which includes the state of the program before the checker ran. Note, checkers should not retain the node in their state since the nodes might get invalidated.

Definition at line 117 of file CheckerContext.h.

Referenced by getArgumentValueString().

SourceManager& clang::ento::CheckerContext::getSourceManager ( ) [inline]

Definition at line 153 of file CheckerContext.h.

References getBugReporter(), and clang::ento::BugReporter::getSourceManager().

Referenced by getMacroNameOrSpelling().

const StackFrameContext* clang::ento::CheckerContext::getStackFrame ( ) const [inline]

Definition at line 142 of file CheckerContext.h.

References clang::ento::ExplodedNode::getStackFrame().

const ProgramStateRef& clang::ento::CheckerContext::getState ( ) const [inline]

Definition at line 118 of file CheckerContext.h.

References clang::ento::ExplodedNode::getState().

Referenced by addTransition(), generateSink(), getAsPointeeSymbol(), getCalleeDecl(), getSelfFlags(), getSVal(), isInvalidSelf(), and recordFixedType().

ProgramStateManager& clang::ento::CheckerContext::getStateManager ( ) [inline]

Definition at line 169 of file CheckerContext.h.

References clang::ento::ExprEngine::getStateManager().

StoreManager& clang::ento::CheckerContext::getStoreManager ( ) [inline]

Definition at line 110 of file CheckerContext.h.

References clang::ento::ExprEngine::getStoreManager().

Referenced by getAsPointeeSymbol().

SVal clang::ento::CheckerContext::getSVal ( const Stmt * S ) const [inline]

Get the value of arbitrary expressions at this point in the path.

Definition at line 195 of file CheckerContext.h.

References getLocationContext(), and getState().

Referenced by checkCollectionNonNil().

SValBuilder& clang::ento::CheckerContext::getSValBuilder ( ) [inline]

Definition at line 157 of file CheckerContext.h.

References clang::ento::ExprEngine::getSValBuilder().

Referenced by assumeCollectionNonEmpty(), and getSymbolManager().

SymbolManager& clang::ento::CheckerContext::getSymbolManager ( ) [inline]

Definition at line 161 of file CheckerContext.h.

References getSValBuilder(), and clang::ento::SValBuilder::getSymbolManager().

bool clang::ento::CheckerContext::inTopFrame ( ) const [inline]

Return true if the current LocationContext has no caller context.

Definition at line 147 of file CheckerContext.h.

References getLocationContext(), and clang::LocationContext::inTopFrame().

bool CheckerContext::isCLibraryFunction	(	const FunctionDecl *	FD,
		StringRef	Name = `StringRef()`
	)		`[static]`

Returns true if the callee is an externally-visible function in the top-level namespace, such as malloc.

If a name is provided, the function must additionally match the given name.

Note that this deliberately excludes C++ library functions in the std namespace, but will include C library functions accessed through the std namespace. This also does not check if the function is declared as 'extern "C"', or if it uses C++ name mangling.

Definition at line 39 of file CheckerContext.cpp.

References clang::ASTContext::BuiltinInfo, clang::Decl::getASTContext(), clang::FunctionDecl::getBuiltinID(), clang::Decl::getDeclContext(), clang::NamedDecl::getIdentifier(), clang::Builtin::Context::GetName(), clang::IdentifierInfo::getName(), clang::DeclContext::getParent(), clang::NamedDecl::isExternallyVisible(), clang::FunctionDecl::isInlined(), clang::DeclContext::isTranslationUnit(), and clang::DeclContext::isTransparentContext().