#include <ExprEngine.h>

Inheritance diagram for clang::ento::ExprEngine:

Collaboration diagram for clang::ento::ExprEngine:

Public Types
enum	InliningModes { Inline_Regular = 0, Inline_Minimal = 0x1 }
	The modes of inlining, which override the default analysis-wide settings. More...
Public Member Functions
	ExprEngine (AnalysisManager &mgr, bool gcEnabled, SetOfConstDecls VisitedCalleesIn, FunctionSummariesTy FS, InliningModes HowToInlineIn)
	~ExprEngine ()
bool	ExecuteWorkList (const LocationContext *L, unsigned Steps=150000)
	Returns true if there is still simulation state on the worklist.
bool	ExecuteWorkListWithInitialState (const LocationContext *L, unsigned Steps, ProgramStateRef InitState, ExplodedNodeSet &Dst)
ASTContext &	getContext () const
	getContext - Return the ASTContext associated with this analysis.
AnalysisManager &	getAnalysisManager () override
CheckerManager &	getCheckerManager () const
SValBuilder &	getSValBuilder ()
BugReporter &	getBugReporter ()
const NodeBuilderContext &	getBuilderContext ()
bool	isObjCGCEnabled ()
const Stmt *	getStmt () const
void	GenerateAutoTransition (ExplodedNode *N)
void	enqueueEndOfPath (ExplodedNodeSet &S)
void	GenerateCallExitNode (ExplodedNode *N)
void	ViewGraph (bool trim=false)
	Visualize the ExplodedGraph created by executing the simulation.
void	ViewGraph (ArrayRef< const ExplodedNode * > Nodes)
ProgramStateRef	getInitialState (const LocationContext *InitLoc) override
ExplodedGraph &	getGraph ()
const ExplodedGraph &	getGraph () const
void	removeDead (ExplodedNode Node, ExplodedNodeSet &Out, const Stmt ReferenceStmt, const LocationContext LC, const Stmt DiagnosticStmt=nullptr, ProgramPoint::Kind K=ProgramPoint::PreStmtPurgeDeadSymbolsKind)
	Run the analyzer's garbage collection - remove dead symbols and bindings from the state.
void	processCFGElement (const CFGElement E, ExplodedNode Pred, unsigned StmtIdx, NodeBuilderContext Ctx) override
void	ProcessStmt (const CFGStmt S, ExplodedNode *Pred)
void	ProcessInitializer (const CFGInitializer I, ExplodedNode *Pred)
void	ProcessImplicitDtor (const CFGImplicitDtor D, ExplodedNode *Pred)
void	ProcessNewAllocator (const CXXNewExpr NE, ExplodedNode Pred)
void	ProcessAutomaticObjDtor (const CFGAutomaticObjDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessDeleteDtor (const CFGDeleteDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessBaseDtor (const CFGBaseDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessMemberDtor (const CFGMemberDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	ProcessTemporaryDtor (const CFGTemporaryDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	processCFGBlockEntrance (const BlockEdge &L, NodeBuilderWithSinks &nodeBuilder, ExplodedNode *Pred) override
	Called by CoreEngine when processing the entrance of a CFGBlock.
void	processBranch (const Stmt Condition, const Stmt Term, NodeBuilderContext &BuilderCtx, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock *DstF) override
void	processCleanupTemporaryBranch (const CXXBindTemporaryExpr BTE, NodeBuilderContext &BldCtx, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock DstF) override
void	processStaticInitializer (const DeclStmt DS, NodeBuilderContext &BuilderCtx, ExplodedNode Pred, ExplodedNodeSet &Dst, const CFGBlock DstT, const CFGBlock DstF) override
void	processIndirectGoto (IndirectGotoNodeBuilder &builder) override
void	processSwitch (SwitchNodeBuilder &builder) override
void	processEndOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred) override
void	removeDeadOnEndOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	Remove dead bindings/symbols before exiting a function.
void	processCallEnter (CallEnter CE, ExplodedNode *Pred) override
	Generate the entry node of the callee.
void	processCallExit (ExplodedNode *Pred) override
void	processEndWorklist (bool hasWorkRemaining) override
	Called by CoreEngine when the analysis worklist has terminated.
ProgramStateRef	processAssume (ProgramStateRef state, SVal cond, bool assumption) override
bool	wantsRegionChangeUpdate (ProgramStateRef state) override
ProgramStateRef	processRegionChanges (ProgramStateRef state, const InvalidatedSymbols invalidated, ArrayRef< const MemRegion > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const CallEvent *Call) override
void	printState (raw_ostream &Out, ProgramStateRef State, const char NL, const char Sep) override
	printState - Called by ProgramStateManager to print checker-specific data.
ProgramStateManager &	getStateManager () override
StoreManager &	getStoreManager ()
ConstraintManager &	getConstraintManager ()
BasicValueFactory &	getBasicVals ()
SymbolManager &	getSymbolManager ()
const SymbolManager &	getSymbolManager () const
bool	wasBlocksExhausted () const
bool	hasEmptyWorkList () const
bool	hasWorkRemaining () const
const CoreEngine &	getCoreEngine () const
void	Visit (const Stmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitLvalArraySubscriptExpr (const ArraySubscriptExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitArraySubscriptExpr - Transfer function for array accesses.
void	VisitGCCAsmStmt (const GCCAsmStmt A, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitGCCAsmStmt - Transfer function logic for inline asm.
void	VisitMSAsmStmt (const MSAsmStmt A, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitMSAsmStmt - Transfer function logic for MS inline asm.
void	VisitBlockExpr (const BlockExpr BE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitBlockExpr - Transfer function logic for BlockExprs.
void	VisitBinaryOperator (const BinaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitBinaryOperator - Transfer function logic for binary operators.
void	VisitCallExpr (const CallExpr CE, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitCall - Transfer function for function calls.
void	VisitCast (const CastExpr CastE, const Expr Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	VisitCast - Transfer function logic for all casts (implicit and explicit).
void	VisitCompoundLiteralExpr (const CompoundLiteralExpr CL, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitCompoundLiteralExpr - Transfer function logic for compound literals.
void	VisitCommonDeclRefExpr (const Expr DR, const NamedDecl D, ExplodedNode *Pred, ExplodedNodeSet &Dst)
	Transfer function logic for DeclRefExprs and BlockDeclRefExprs.
void	VisitDeclStmt (const DeclStmt DS, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitDeclStmt - Transfer function logic for DeclStmts.
void	VisitGuardedExpr (const Expr Ex, const Expr L, const Expr R, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.
void	VisitInitListExpr (const InitListExpr E, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitLogicalExpr (const BinaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitLogicalExpr - Transfer function logic for '&&', '\|\|'.
void	VisitMemberExpr (const MemberExpr M, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitMemberExpr - Transfer function for member expressions.
void	VisitObjCAtSynchronizedStmt (const ObjCAtSynchronizedStmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Transfer function logic for ObjCAtSynchronizedStmts.
void	VisitLvalObjCIvarRefExpr (const ObjCIvarRefExpr DR, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Transfer function logic for computing the lvalue of an Objective-C ivar.
void	VisitObjCForCollectionStmt (const ObjCForCollectionStmt S, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitObjCMessage (const ObjCMessageExpr ME, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitReturnStmt (const ReturnStmt R, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitReturnStmt - Transfer function logic for return statements.
void	VisitOffsetOfExpr (const OffsetOfExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitOffsetOfExpr - Transfer function for offsetof.
void	VisitUnaryExprOrTypeTraitExpr (const UnaryExprOrTypeTraitExpr Ex, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.
void	VisitUnaryOperator (const UnaryOperator B, ExplodedNode Pred, ExplodedNodeSet &Dst)
	VisitUnaryOperator - Transfer function logic for unary operators.
void	VisitIncrementDecrementOperator (const UnaryOperator U, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Handle ++ and -- (both pre- and post-increment).
void	VisitCXXBindTemporaryExpr (const CXXBindTemporaryExpr *BTE, ExplodedNodeSet &PreVisit, ExplodedNodeSet &Dst)
void	VisitCXXCatchStmt (const CXXCatchStmt CS, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXThisExpr (const CXXThisExpr TE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXConstructExpr (const CXXConstructExpr E, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXDestructor (QualType ObjectType, const MemRegion Dest, const Stmt S, bool IsBaseDtor, ExplodedNode *Pred, ExplodedNodeSet &Dst)
void	VisitCXXNewAllocatorCall (const CXXNewExpr CNE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXNewExpr (const CXXNewExpr CNE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	VisitCXXDeleteExpr (const CXXDeleteExpr CDE, ExplodedNode Pred, ExplodedNodeSet &Dst)
void	CreateCXXTemporaryObject (const MaterializeTemporaryExpr ME, ExplodedNode Pred, ExplodedNodeSet &Dst)
	Create a C++ temporary object for an rvalue.
void	evalEagerlyAssumeBinOpBifurcation (ExplodedNodeSet &Dst, ExplodedNodeSet &Src, const Expr *Ex)
std::pair< const ProgramPointTag , const ProgramPointTag >	geteagerlyAssumeBinOpBifurcationTags ()
SVal	evalMinus (SVal X)
SVal	evalComplement (SVal X)
SVal	evalBinOp (ProgramStateRef state, BinaryOperator::Opcode op, NonLoc L, NonLoc R, QualType T)
SVal	evalBinOp (ProgramStateRef state, BinaryOperator::Opcode op, NonLoc L, SVal R, QualType T)
SVal	evalBinOp (ProgramStateRef ST, BinaryOperator::Opcode Op, SVal LHS, SVal RHS, QualType T)
void	evalLoad (ExplodedNodeSet &Dst, const Expr NodeEx, const Expr BoundExpr, ExplodedNode Pred, ProgramStateRef St, SVal location, const ProgramPointTag tag=nullptr, QualType LoadTy=QualType())
	Simulate a read of the result of Ex.
void	evalStore (ExplodedNodeSet &Dst, const Expr AssignE, const Expr StoreE, ExplodedNode Pred, ProgramStateRef St, SVal TargetLV, SVal Val, const ProgramPointTag tag=nullptr)
ProgramStateRef	bindReturnValue (const CallEvent &Call, const LocationContext *LCtx, ProgramStateRef State)
	Create a new state in which the call return value is binded to the call origin expression.
void	evalCall (ExplodedNodeSet &Dst, ExplodedNode *Pred, const CallEvent &Call)
void	defaultEvalCall (NodeBuilder &B, ExplodedNode *Pred, const CallEvent &Call)
	Default implementation of call evaluation.
Protected Member Functions
void	evalBind (ExplodedNodeSet &Dst, const Stmt StoreE, ExplodedNode Pred, SVal location, SVal Val, bool atDeclInit=false, const ProgramPoint *PP=nullptr)
ProgramStateRef	processPointerEscapedOnBind (ProgramStateRef State, SVal Loc, SVal Val) override
	Call PointerEscape callback when a value escapes as a result of bind.
ProgramStateRef	notifyCheckersOfPointerEscape (ProgramStateRef State, const InvalidatedSymbols Invalidated, ArrayRef< const MemRegion > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const CallEvent *Call, RegionAndSymbolInvalidationTraits &ITraits) override

Detailed Description

Definition at line 48 of file ExprEngine.h.

Member Enumeration Documentation

enum clang::ento::ExprEngine::InliningModes

The modes of inlining, which override the default analysis-wide settings.

Enumerator:

Inline_Regular	Follow the default settings for inlining callees.
Inline_Minimal	Do minimal inlining of callees.

Definition at line 51 of file ExprEngine.h.

Constructor & Destructor Documentation

ExprEngine::ExprEngine	(	AnalysisManager &	mgr,
		bool	gcEnabled,
		SetOfConstDecls *	VisitedCalleesIn,
		FunctionSummariesTy *	FS,
		InliningModes	HowToInlineIn
	)

Definition at line 69 of file ExprEngine.cpp.

ExprEngine::~ExprEngine ( )

Definition at line 95 of file ExprEngine.cpp.

References clang::ento::BugReporter::FlushReports().

Member Function Documentation

ProgramStateRef ExprEngine::bindReturnValue	(	const CallEvent &	Call,
		const LocationContext *	LCtx,
		ProgramStateRef	State
	)

Create a new state in which the call return value is binded to the call origin expression.

Definition at line 535 of file ExprEngineCallAndReturn.cpp.

References clang::ento::NodeBuilderContext::blockCount(), AttributeLangSupport::C, clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), clang::LangAS::Count, clang::ento::CallEvent::getOriginExpr(), clang::ento::CallEvent::getResultType(), getSValBuilder(), isTemporaryPRValue(), clang::OMF_autorelease, clang::OMF_retain, clang::OMF_self, and State.

void ExprEngine::CreateCXXTemporaryObject	(	const MaterializeTemporaryExpr *	ME,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Create a C++ temporary object for an rvalue.

Definition at line 25 of file ExprEngineCXX.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::MaterializeTemporaryExpr::GetTemporaryExpr(), and clang::Expr::IgnoreParens().

Referenced by Visit().

void ExprEngine::defaultEvalCall	(	NodeBuilder &	B,
		ExplodedNode *	Pred,
		const CallEvent &	Call
	)

void clang::ento::ExprEngine::enqueueEndOfPath ( ExplodedNodeSet & S )

void ExprEngine::evalBind	(	ExplodedNodeSet &	Dst,
		const Stmt *	StoreE,
		ExplodedNode *	Pred,
		SVal	location,
		SVal	Val,
		bool	atDeclInit = `false`,
		const ProgramPoint *	PP = `nullptr`
	)		`[protected]`

evalBind - Handle the semantics of binding a value to a specific location. This method is used by evalStore, VisitDeclStmt, and others.

evalBind - Handle the semantics of binding a value to a specific location. This method is used by evalStore and (soon) VisitDeclStmt, and others.

Definition at line 2110 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), processPointerEscapedOnBind(), and clang::ento::CheckerManager::runCheckersForBind().

Referenced by evalStore(), ProcessInitializer(), VisitCXXNewExpr(), and VisitDeclStmt().

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	state,
		BinaryOperator::Opcode	op,
		NonLoc	L,
		NonLoc	R,
		QualType	T
	)		`[inline]`

Definition at line 472 of file ExprEngine.h.

References clang::ento::SValBuilder::evalBinOpNN().

Referenced by getInitialState(), VisitBinaryOperator(), VisitIncrementDecrementOperator(), and VisitUnaryOperator().

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	state,
		BinaryOperator::Opcode	op,
		NonLoc	L,
		SVal	R,
		QualType	T
	)		`[inline]`

Definition at line 477 of file ExprEngine.h.

References clang::ento::SVal::castAs(), clang::ento::SValBuilder::evalBinOpNN(), and clang::ento::SVal::isValid().

SVal clang::ento::ExprEngine::evalBinOp	(	ProgramStateRef	ST,
		BinaryOperator::Opcode	Op,
		SVal	LHS,
		SVal	RHS,
		QualType	T
	)		`[inline]`

Definition at line 483 of file ExprEngine.h.

References clang::ento::SValBuilder::evalBinOp().

void ExprEngine::evalCall	(	ExplodedNodeSet &	Dst,
		ExplodedNode *	Pred,
		const CallEvent &	Call
	)

Evaluate a call, running pre- and post-call checks and allowing checkers to be responsible for handling the evaluation of the call itself.

Definition at line 510 of file ExprEngineCallAndReturn.cpp.

References getCheckerManager(), clang::ento::CheckerManager::runCheckersForEvalCall(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().

Referenced by VisitCallExpr().

SVal clang::ento::ExprEngine::evalComplement ( SVal X ) [inline]

Definition at line 466 of file ExprEngine.h.

References clang::ento::SVal::castAs(), clang::ento::SValBuilder::evalComplement(), clang::ento::SVal::isValid(), and X.

Referenced by VisitUnaryOperator().

void ExprEngine::evalEagerlyAssumeBinOpBifurcation	(	ExplodedNodeSet &	Dst,
		ExplodedNodeSet &	Src,
		const Expr *	Ex
	)

evalEagerlyAssumeBinOpBifurcation - Given the nodes in 'Src', eagerly assume symbolic expressions of the form 'x != 0' and generate new nodes (stored in Dst) with those assumptions.

Definition at line 2318 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ProgramPoint::castAs(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), clang::ProgramPoint::getAs(), geteagerlyAssumeBinOpBifurcationTags(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::StmtPoint::getStmt(), clang::Expr::getType(), clang::ento::SValBuilder::makeIntVal(), and P.

Referenced by Visit().

void ExprEngine::evalLoad	(	ExplodedNodeSet &	Dst,
		const Expr *	NodeEx,
		const Expr *	BoundExpr,
		ExplodedNode *	Pred,
		ProgramStateRef	St,
		SVal	location,
		const ProgramPointTag *	tag = `nullptr`,
		QualType	LoadTy = `QualType()`
	)

Simulate a read of the result of Ex.

Definition at line 2195 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::SVal::getAs(), clang::Type::getAs(), clang::ento::SVal::getAsRegion(), getContext(), and clang::ento::TypedValueRegion::getValueType().

Referenced by VisitBinaryOperator(), VisitCast(), VisitIncrementDecrementOperator(), and VisitMemberExpr().

SVal clang::ento::ExprEngine::evalMinus ( SVal X ) [inline]

Definition at line 462 of file ExprEngine.h.

References clang::ento::SVal::castAs(), clang::ento::SValBuilder::evalMinus(), clang::ento::SVal::isValid(), and X.

Referenced by VisitUnaryOperator().

void ExprEngine::evalStore	(	ExplodedNodeSet &	Dst,
		const Expr *	AssignE,
		const Expr *	LocationE,
		ExplodedNode *	Pred,
		ProgramStateRef	state,
		SVal	location,
		SVal	Val,
		const ProgramPointTag *	tag = `nullptr`
	)

evalStore - Handle the semantics of a store via an assignment.

Parameters:

Dst	The node set to store generated state nodes
AssignE	The assignment expression if the store happens in an assignment.
LocationE	The location expression that is stored to.
state	The current simulation state
location	The location to store the value
Val	The value to be stored

Definition at line 2172 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::empty(), clang::ento::ExplodedNodeSet::end(), evalBind(), and clang::ento::SVal::isUndef().

Referenced by VisitBinaryOperator(), and VisitIncrementDecrementOperator().

bool clang::ento::ExprEngine::ExecuteWorkList	(	const LocationContext *	L,
		unsigned	Steps = `150000`
	)		`[inline]`

Returns true if there is still simulation state on the worklist.

Definition at line 108 of file ExprEngine.h.

References clang::ento::CoreEngine::ExecuteWorkList().

bool clang::ento::ExprEngine::ExecuteWorkListWithInitialState	(	const LocationContext *	L,
		unsigned	Steps,
		ProgramStateRef	InitState,
		ExplodedNodeSet &	Dst
	)		`[inline]`

Execute the work list with an initial state. Nodes that reaches the exit of the function are added into the Dst set, which represent the exit state of the function call. Returns true if there is still simulation state on the worklist.

Definition at line 116 of file ExprEngine.h.

References clang::ento::CoreEngine::ExecuteWorkListWithInitialState().

void clang::ento::ExprEngine::GenerateAutoTransition ( ExplodedNode * N )

void clang::ento::ExprEngine::GenerateCallExitNode ( ExplodedNode * N )

AnalysisManager& clang::ento::ExprEngine::getAnalysisManager ( ) [inline, override, virtual]

Implements clang::ento::SubEngine.

Definition at line 125 of file ExprEngine.h.

Referenced by defaultEvalCall(), clang::ento::CheckerContext::getAnalysisManager(), clang::ento::LikelyFalsePositiveSuppressionBRVisitor::getEndPath(), ProcessNewAllocator(), and VisitCXXBindTemporaryExpr().

BasicValueFactory& clang::ento::ExprEngine::getBasicVals ( ) [inline]

Definition at line 307 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getBasicVals().

Referenced by processSwitch(), VisitInitListExpr(), and VisitUnaryOperator().

BugReporter& clang::ento::ExprEngine::getBugReporter ( ) [inline]

Definition at line 133 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::emitReport(), and clang::ento::CheckerContext::getBugReporter().

const NodeBuilderContext& clang::ento::ExprEngine::getBuilderContext ( ) [inline]

Definition at line 135 of file ExprEngine.h.

Referenced by getRegionForConstructedObject(), and clang::ento::CheckerManager::runCheckersForEvalCall().

CheckerManager& clang::ento::ExprEngine::getCheckerManager ( ) const [inline]

ConstraintManager& clang::ento::ExprEngine::getConstraintManager ( ) [inline]

Definition at line 302 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getConstraintManager().

Referenced by clang::ento::CheckerContext::getConstraintManager(), and removeDead().

ASTContext& clang::ento::ExprEngine::getContext ( ) const [inline]

getContext - Return the ASTContext associated with this analysis.

Definition at line 123 of file ExprEngine.h.

References clang::ento::AnalysisManager::getASTContext().

Referenced by evalLoad(), clang::ento::CheckerContext::getASTContext(), clang::ento::CheckerContext::getLangOpts(), processBranch(), ProcessDeleteDtor(), ProcessInitializer(), ProcessStmt(), processSwitch(), ViewGraph(), Visit(), VisitBinaryOperator(), VisitBlockExpr(), VisitCast(), VisitCommonDeclRefExpr(), VisitCXXConstructExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), VisitCXXThisExpr(), VisitDeclStmt(), VisitInitListExpr(), VisitOffsetOfExpr(), and VisitUnaryExprOrTypeTraitExpr().

const CoreEngine& clang::ento::ExprEngine::getCoreEngine ( ) const [inline]

Definition at line 320 of file ExprEngine.h.

Referenced by processCallExit().

std::pair< const ProgramPointTag *, const ProgramPointTag * > ExprEngine::geteagerlyAssumeBinOpBifurcationTags ( )

Definition at line 2308 of file ExprEngine.cpp.

Referenced by evalEagerlyAssumeBinOpBifurcation().

ExplodedGraph& clang::ento::ExprEngine::getGraph ( ) [inline]

Definition at line 159 of file ExprEngine.h.

const ExplodedGraph& clang::ento::ExprEngine::getGraph ( ) const [inline]

Definition at line 160 of file ExprEngine.h.

ProgramStateRef ExprEngine::getInitialState ( const LocationContext * InitLoc ) [override, virtual]

getInitialState - Return the initial state used for the root vertex in the ExplodedGraph.

Implements clang::ento::SubEngine.

Definition at line 103 of file ExprEngine.cpp.

References clang::BO_GT, evalBinOp(), clang::ento::SVal::getAs(), clang::ento::SValBuilder::getConditionType(), clang::LocationContext::getCurrentStackFrame(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ProgramStateManager::getInitialState(), clang::IdentifierInfo::getName(), clang::LocationContext::getParent(), clang::ValueDecl::getType(), clang::BuiltinType::isInteger(), and clang::ento::SValBuilder::makeZeroVal().

ProgramStateManager& clang::ento::ExprEngine::getStateManager ( ) [inline, override, virtual]

Implements clang::ento::SubEngine.

Definition at line 298 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::getStateManager(), processBranch(), processCallExit(), VisitCallExpr(), VisitCXXConstructExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), and VisitObjCMessage().

const Stmt* clang::ento::ExprEngine::getStmt ( ) const

StoreManager& clang::ento::ExprEngine::getStoreManager ( ) [inline]

Definition at line 300 of file ExprEngine.h.

References clang::ento::ProgramStateManager::getStoreManager().

Referenced by clang::ento::CheckerContext::getStoreManager(), ProcessBaseDtor(), processCallExit(), removeDead(), VisitCast(), VisitCXXConstructExpr(), and VisitCXXNewExpr().

SValBuilder& clang::ento::ExprEngine::getSValBuilder ( ) [inline]

Definition at line 131 of file ExprEngine.h.

Referenced by bindReturnValue(), getRegionForConstructedObject(), clang::ento::CheckerContext::getSValBuilder(), ProcessBaseDtor(), ProcessInitializer(), ProcessMemberDtor(), VisitCXXConstructExpr(), VisitInitListExpr(), and VisitLogicalExpr().

SymbolManager& clang::ento::ExprEngine::getSymbolManager ( ) [inline]

Definition at line 312 of file ExprEngine.h.

const SymbolManager& clang::ento::ExprEngine::getSymbolManager ( ) const [inline]

Definition at line 313 of file ExprEngine.h.

bool clang::ento::ExprEngine::hasEmptyWorkList ( ) const [inline]

Definition at line 317 of file ExprEngine.h.

References clang::ento::CoreEngine::getWorkList(), and clang::ento::WorkList::hasWork().

bool clang::ento::ExprEngine::hasWorkRemaining ( ) const [inline]

Definition at line 318 of file ExprEngine.h.

References clang::ento::CoreEngine::hasWorkRemaining().

bool clang::ento::ExprEngine::isObjCGCEnabled ( ) [inline]

Definition at line 140 of file ExprEngine.h.

Referenced by clang::ento::CheckerContext::isObjCGCEnabled().

ProgramStateRef ExprEngine::notifyCheckersOfPointerEscape	(	ProgramStateRef	State,
		const InvalidatedSymbols *	Invalidated,
		ArrayRef< const MemRegion * >	ExplicitRegions,
		ArrayRef< const MemRegion * >	Regions,
		const CallEvent *	Call,
		RegionAndSymbolInvalidationTraits &	ITraits
	)		`[override, protected, virtual]`

Call PointerEscape callback when a value escapes as a result of region invalidation.

Parameters:

[in] ITraits Specifies invalidation traits for regions/symbols.

Implements clang::ento::SubEngine.

Definition at line 2061 of file ExprEngine.cpp.

References clang::ento::MemRegion::getAs(), getCheckerManager(), clang::ento::PSK_DirectEscapeOnCall, clang::ento::PSK_EscapeOther, clang::ento::PSK_IndirectEscapeOnCall, clang::ento::CheckerManager::runCheckersForPointerEscape(), State, and clang::ento::MemRegion::StripCasts().

void ExprEngine::printState	(	raw_ostream &	Out,
		ProgramStateRef	State,
		const char *	NL,
		const char *	Sep
	)		`[override, virtual]`

printState - Called by ProgramStateManager to print checker-specific data.

Implements clang::ento::SubEngine.

Definition at line 278 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForPrintState().

ProgramStateRef ExprEngine::processAssume	(	ProgramStateRef	state,
		SVal	cond,
		bool	assumption
	)		`[override, virtual]`

evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values.

evalAssume - Called by ConstraintManager. Used to call checker-specific logic for handling assumptions on symbolic values.

Implements clang::ento::SubEngine.

Definition at line 259 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForEvalAssume().

void ExprEngine::ProcessAutomaticObjDtor	(	const CFGAutomaticObjDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 584 of file ExprEngine.cpp.

References clang::ento::SVal::castAs(), clang::Type::getAs(), clang::ento::ExplodedNode::getLocationContext(), clang::Type::getPointeeType(), clang::ento::ExplodedNode::getState(), clang::CFGAutomaticObjDtor::getTriggerStmt(), clang::ValueDecl::getType(), clang::CFGAutomaticObjDtor::getVarDecl(), clang::ast_matchers::varDecl, and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

void ExprEngine::ProcessBaseDtor	(	const CFGBaseDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 632 of file ExprEngine.cpp.

References clang::ento::SVal::castAs(), clang::ento::StoreManager::evalDerivedToBase(), clang::CFGBaseDtor::getBaseSpecifier(), clang::FunctionDecl::getBody(), clang::LocationContext::getCurrentStackFrame(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::loc::MemRegionVal::getRegion(), clang::ento::ExplodedNode::getState(), getStoreManager(), getSValBuilder(), clang::CXXBaseSpecifier::getType(), clang::CXXBaseSpecifier::isVirtual(), and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

void ExprEngine::processBranch	(	const Stmt *	Condition,
		const Stmt *	Term,
		NodeBuilderContext &	BuilderCtx,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF
	)		`[override, virtual]`

ProcessBranch - Called by CoreEngine. Used to generate successor nodes by processing the 'effects' of a branch condition.

Implements clang::ento::SubEngine.

Definition at line 1515 of file ExprEngine.cpp.

References clang::ento::SVal::castAs(), clang::ento::BranchNodeBuilder::generateNode(), clang::ento::NodeBuilderContext::getBlock(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::Stmt::getLocStart(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::ento::BranchNodeBuilder::isFeasible(), clang::Type::isIntegralOrEnumerationType(), clang::ento::ExplodedNode::isSink(), clang::ento::SVal::isUnknown(), clang::ento::SVal::isUnknownOrUndef(), clang::ento::BranchNodeBuilder::markInfeasible(), RecoverCastedSymbol(), ResolveCondition(), clang::ento::CheckerManager::runCheckersForBranchCondition(), and X.

void ExprEngine::processCallEnter	(	CallEnter	CE,
		ExplodedNode *	Pred
	)		`[override, virtual]`

Generate the entry node of the callee.

Implements clang::ento::SubEngine.

Definition at line 40 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNode::addPredecessor(), clang::CFGBlock::empty(), clang::ento::WorkList::enqueue(), clang::CallEnter::getCalleeContext(), clang::LocationContext::getCFG(), clang::CFG::getEntry(), clang::ento::ExplodedGraph::getNode(), clang::ento::ExplodedNode::getState(), clang::ento::CoreEngine::getWorkList(), Node, clang::CFGBlock::succ_begin(), and clang::CFGBlock::succ_size().

void ExprEngine::processCallExit ( ExplodedNode * CEBNode ) [override, virtual]

Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr.

The call exit is simulated with a sequence of nodes, which occur between CallExitBegin and CallExitEnd. The following operations occur between the two program points: 1. CallExitBegin (triggers the start of call exit sequence) 2. Bind the return value 3. Run Remove dead bindings to clean up the dead symbols from the callee. 4. CallExitEnd (switch to the caller context) 5. PostStmt<CallExpr>

Implements clang::ento::SubEngine.

Definition at line 218 of file ExprEngineCallAndReturn.cpp.

void ExprEngine::processCFGBlockEntrance	(	const BlockEdge &	L,
		NodeBuilderWithSinks &	nodeBuilder,
		ExplodedNode *	Pred
	)		`[override, virtual]`

Called by CoreEngine when processing the entrance of a CFGBlock.

Block entrance. (Update counters).

Implements clang::ento::SubEngine.

Definition at line 1372 of file ExprEngine.cpp.

References clang::ento::NodeBuilderContext::blockCount(), clang::ento::NodeBuilderWithSinks::generateSink(), clang::ento::NodeBuilder::getContext(), clang::LocationContext::getCurrentStackFrame(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ProgramPoint::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::FunctionSummariesTy::markReachedMaxBlockCount(), clang::AnalyzerOptions::maxBlockVisitOnPath, clang::AnalyzerOptions::NoRetryExhausted, clang::ento::AnalysisManager::options, and clang::ento::ExplodedGraph::roots_begin().

void ExprEngine::processCFGElement	(	const CFGElement	E,
		ExplodedNode *	Pred,
		unsigned	StmtIdx,
		NodeBuilderContext *	Ctx
	)		`[override, virtual]`

processCFGElement - Called by CoreEngine. Used to generate new successor nodes by processing the 'effects' of a CFG element.

Implements clang::ento::SubEngine.

Definition at line 287 of file ExprEngine.cpp.

void ExprEngine::processCleanupTemporaryBranch	(	const CXXBindTemporaryExpr *	BTE,
		NodeBuilderContext &	BldCtx,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF
	)		`[override, virtual]`

Called by CoreEngine. Used to generate successor nodes for temporary destructors depending on whether the corresponding constructor was visited.

Implements clang::ento::SubEngine.

Definition at line 695 of file ExprEngine.cpp.

References clang::ento::BranchNodeBuilder::generateNode(), clang::ento::ExplodedNode::getStackFrame(), clang::ento::ExplodedNode::getState(), and clang::ento::BranchNodeBuilder::markInfeasible().

void ExprEngine::ProcessDeleteDtor	(	const CFGDeleteDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 603 of file ExprEngine.cpp.

References clang::CXXDeleteExpr::getArgument(), clang::Type::getAsCXXRecordDecl(), clang::ento::SVal::getAsRegion(), clang::ASTContext::getBaseElementType(), getContext(), clang::CFGDeleteDtor::getDeleteExpr(), clang::CXXDeleteExpr::getDestroyedType(), clang::CXXRecordDecl::getDestructor(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXDeleteExpr::getLocStart(), clang::ento::ExplodedNode::getState(), and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

void ExprEngine::processEndOfFunction	(	NodeBuilderContext &	BC,
		ExplodedNode *	Pred
	)		`[override, virtual]`

Called by CoreEngine. Used to generate end-of-path nodes when the control reaches the end of a function.

ProcessEndPath - Called by CoreEngine. Used to generate end-of-path nodes when the control reaches the end of a function.

Implements clang::ento::SubEngine.

Definition at line 1704 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::ProgramStateManager::EndPath(), clang::ento::CoreEngine::enqueueEndOfFunction(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::LocationContext::inTopFrame(), removeDeadOnEndOfFunction(), and clang::ento::CheckerManager::runCheckersForEndFunction().

void ExprEngine::processEndWorklist ( bool hasWorkRemaining ) [override, virtual]

Called by CoreEngine when the analysis worklist has terminated.

Implements clang::ento::SubEngine.

Definition at line 283 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForEndAnalysis().

void ExprEngine::ProcessImplicitDtor	(	const CFGImplicitDtor	D,
		ExplodedNode *	Pred
	)

Definition at line 538 of file ExprEngine.cpp.

References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, clang::CFGElement::castAs(), clang::CFGElement::DeleteDtor, clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilderContext::getBlock(), clang::CFGElement::getKind(), clang::CFGElement::MemberDtor, ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), ProcessTemporaryDtor(), and clang::CFGElement::TemporaryDtor.

Referenced by processCFGElement().

void ExprEngine::processIndirectGoto ( IndirectGotoNodeBuilder & builder ) [override, virtual]

processIndirectGoto - Called by CoreEngine. Used to generate successor nodes by processing the 'effects' of a computed goto jump.

Implements clang::ento::SubEngine.

Definition at line 1644 of file ExprEngine.cpp.

References clang::ento::IndirectGotoNodeBuilder::begin(), clang::ento::IndirectGotoNodeBuilder::end(), clang::ento::IndirectGotoNodeBuilder::generateNode(), clang::ento::SVal::getAs(), clang::ento::IndirectGotoNodeBuilder::getLocationContext(), clang::ento::IndirectGotoNodeBuilder::getState(), and clang::ento::IndirectGotoNodeBuilder::getTarget().

void ExprEngine::ProcessInitializer	(	const CFGInitializer	I,
		ExplodedNode *	Pred
	)

Definition at line 454 of file ExprEngine.cpp.

Referenced by processCFGElement().

void ExprEngine::ProcessMemberDtor	(	const CFGMemberDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 651 of file ExprEngine.cpp.

References clang::ento::SVal::castAs(), clang::FunctionDecl::getBody(), clang::LocationContext::getCurrentStackFrame(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::CFGMemberDtor::getFieldDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getSValBuilder(), clang::ValueDecl::getType(), and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

void ExprEngine::ProcessNewAllocator	(	const CXXNewExpr *	NE,
		ExplodedNode *	Pred
	)

Definition at line 565 of file ExprEngine.cpp.

References clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilder::generateNode(), getAnalysisManager(), clang::ento::NodeBuilderContext::getBlock(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXNewExpr::getLocStart(), clang::CXXNewExpr::getOperatorNew(), clang::ento::ExplodedNode::getState(), clang::AnalyzerOptions::mayInlineCXXAllocator(), clang::ento::AnalysisManager::options, and VisitCXXNewAllocatorCall().

Referenced by processCFGElement().

ProgramStateRef ExprEngine::processPointerEscapedOnBind	(	ProgramStateRef	State,
		SVal	Loc,
		SVal	Val
	)		`[override, protected, virtual]`

Call PointerEscape callback when a value escapes as a result of bind.

Implements clang::ento::SubEngine.

Definition at line 2019 of file ExprEngine.cpp.

References clang::ento::SVal::getAs(), getCheckerManager(), clang::ento::PSK_EscapeOnBind, clang::ento::CheckerManager::runCheckersForPointerEscape(), and State.

Referenced by evalBind().

ProgramStateRef ExprEngine::processRegionChanges	(	ProgramStateRef	state,
		const InvalidatedSymbols *	invalidated,
		ArrayRef< const MemRegion * >	ExplicitRegions,
		ArrayRef< const MemRegion * >	Regions,
		const CallEvent *	Call
	)		`[override, virtual]`

processRegionChanges - Called by ProgramStateManager whenever a change is made to the store. Used to update checkers that track region values.

Implements clang::ento::SubEngine.

Definition at line 269 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForRegionChanges().

void clang::ento::ExprEngine::processStaticInitializer	(	const DeclStmt *	DS,
		NodeBuilderContext &	BuilderCtx,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst,
		const CFGBlock *	DstT,
		const CFGBlock *	DstF
	)		`[override, virtual]`

Called by CoreEngine. Used to processing branching behavior at static initalizers.

Implements clang::ento::SubEngine.

void ExprEngine::ProcessStmt	(	const CFGStmt	S,
		ExplodedNode *	Pred
	)

Definition at line 423 of file ExprEngine.cpp.

References clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::Stmt::getLocStart(), clang::CFGStmt::getStmt(), clang::ento::ExplodedNodeSet::insert(), clang::ento::ExplodedGraph::reclaimRecentlyAllocatedNodes(), removeDead(), shouldRemoveDeadBindings(), and Visit().

Referenced by processCFGElement().

void ExprEngine::processSwitch ( SwitchNodeBuilder & builder ) [override, virtual]

ProcessSwitch - Called by CoreEngine. Used to generate successor nodes by processing the 'effects' of a switch statement.

Implements clang::ento::SubEngine.

Definition at line 1732 of file ExprEngine.cpp.

References clang::ento::SwitchNodeBuilder::begin(), clang::ento::SVal::castAs(), clang::ento::SwitchNodeBuilder::end(), clang::ento::SValBuilder::evalEQ(), clang::Expr::EvaluateKnownConstInt(), clang::ento::SwitchNodeBuilder::generateCaseStmtNode(), clang::ento::SwitchNodeBuilder::generateDefaultCaseNode(), clang::ento::SVal::getAs(), clang::Type::getAs(), getBasicVals(), clang::SwitchStmt::getCond(), clang::ento::SwitchNodeBuilder::getCondition(), getContext(), clang::CaseStmt::getLHS(), clang::ento::SwitchNodeBuilder::getLocationContext(), clang::CaseStmt::getRHS(), clang::ento::SwitchNodeBuilder::getState(), clang::ento::SwitchNodeBuilder::getSwitch(), clang::Expr::getType(), clang::ASTContext::getTypeSize(), getValue(), clang::Expr::IgnoreParenImpCasts(), clang::SwitchStmt::isAllEnumCasesCovered(), and clang::ento::SVal::isUndef().

void ExprEngine::ProcessTemporaryDtor	(	const CFGTemporaryDtor	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 668 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::empty(), clang::ento::StmtNodeBuilder::generateNode(), clang::CFGTemporaryDtor::getBindTemporaryExpr(), clang::ento::ExplodedNode::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::CXXBindTemporaryExpr::getSubExpr(), clang::Expr::getType(), clang::ento::ExplodedNodeSet::size(), State, and VisitCXXDestructor().

Referenced by ProcessImplicitDtor().

void ExprEngine::removeDead	(	ExplodedNode *	Node,
		ExplodedNodeSet &	Out,
		const Stmt *	ReferenceStmt,
		const LocationContext *	LC,
		const Stmt *	DiagnosticStmt = `nullptr`,
		ProgramPoint::Kind	K = `ProgramPoint::PreStmtPurgeDeadSymbolsKind`
	)

Run the analyzer's garbage collection - remove dead symbols and bindings from the state.

Checkers can participate in this process with two callbacks: checkLiveSymbols and checkDeadSymbols. See the CheckerDocumentation class for more information.

Parameters:

Node	The predecessor node, from which the processing should start.
Out	The returned set of output nodes.
ReferenceStmt	The statement which is about to be processed. Everything needed for this statement should be considered live. A null statement means that everything in child LocationContexts is dead.
LC	The location context of the `ReferenceStmt`. A null location context means that we have reached the end of analysis and that all statements and local variables should be considered dead.
DiagnosticStmt	Used as a location for any warnings that should occur while removing the dead (e.g. leaks). By default, the `ReferenceStmt` is used.
K	Denotes whether this is a pre- or post-statement purge. This must only be ProgramPoint::PostStmtPurgeDeadSymbolsKind if an entire location context is being cleared, in which case the `ReferenceStmt` must either be a ReturnStmt or `NULL`. Otherwise, it must be ProgramPoint::PreStmtPurgeDeadSymbolsKind (the default) and `ReferenceStmt` must be valid (non-null).

Definition at line 341 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getConstraintManager(), clang::LocationContext::getCurrentStackFrame(), clang::LocationContext::getParent(), clang::ento::ProgramStateManager::getPersistentStateWithGDM(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::ento::SymbolReaper::hasDeadSymbols(), clang::ento::ProgramStateManager::haveEqualEnvironments(), clang::ento::ProgramStateManager::haveEqualStores(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, clang::ProgramPoint::PreStmtPurgeDeadSymbolsKind, clang::ento::ConstraintManager::removeDeadBindings(), clang::ento::ProgramStateManager::removeDeadBindings(), clang::ento::CheckerManager::runCheckersForDeadSymbols(), and clang::ento::CheckerManager::runCheckersForLiveSymbols().

Referenced by processCallExit(), ProcessStmt(), and removeDeadOnEndOfFunction().

void ExprEngine::removeDeadOnEndOfFunction	(	NodeBuilderContext &	BC,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Remove dead bindings/symbols before exiting a function.

Definition at line 159 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::LocationContext::getAnalysisDeclContext(), clang::AnalysisDeclContext::getBody(), getLastStmt(), clang::ento::ExplodedNode::getLocationContext(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, and removeDead().

Referenced by processEndOfFunction().

void ExprEngine::ViewGraph ( bool trim = false )

Visualize the ExplodedGraph created by executing the simulation.

Definition at line 2660 of file ExprEngine.cpp.

References clang::ento::BugReporter::begin(), clang::ento::BugReporter::end(), clang::ento::BugReporter::EQClasses_begin(), clang::ento::BugReporter::EQClasses_end(), getContext(), clang::ASTContext::getSourceManager(), GraphPrintCheckerState, GraphPrintSourceManager, and clang::ento::ExplodedGraph::roots_begin().

Referenced by ViewGraph().

void ExprEngine::ViewGraph ( ArrayRef< const ExplodedNode * > Nodes )

Visualize a trimmed ExplodedGraph that only contains paths to the given nodes.

Definition at line 2691 of file ExprEngine.cpp.

References getContext(), clang::ASTContext::getSourceManager(), GraphPrintCheckerState, GraphPrintSourceManager, clang::ento::ExplodedGraph::trim(), and ViewGraph().

void ExprEngine::Visit	(	const Stmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Visit - Transfer function logic for all statements. Dispatches to other functions that handle specific kinds of statements.

Definition at line 738 of file ExprEngine.cpp.

References clang::ento::CoreEngine::addAbortedBlock(), clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::BO_Comma, clang::CompoundStmt::body_empty(), clang::CompoundStmt::body_rbegin(), AttributeLangSupport::C, clang::ento::SValBuilder::conjureSymbolVal(), CreateCXXTemporaryObject(), clang::AnalyzerOptions::eagerlyAssumeBinOpBifurcation, clang::ento::ExplodedNodeSet::end(), evalEagerlyAssumeBinOpBifurcation(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::CallExpr::getArg(), clang::ento::NodeBuilderContext::getBlock(), clang::CallExpr::getCalleeDecl(), getCheckerManager(), clang::ento::SValBuilder::getConstantVal(), getContext(), clang::DeclRefExpr::getDecl(), clang::AbstractConditionalOperator::getFalseExpr(), clang::ChooseExpr::getLHS(), clang::ento::ExplodedNode::getLocationContext(), clang::Stmt::getLocStart(), clang::UnaryOperator::getOpcode(), clang::BinaryOperator::getOpcode(), clang::PseudoObjectExpr::getResultExpr(), clang::BinaryOperator::getRHS(), clang::ChooseExpr::getRHS(), clang::ento::ExplodedNode::getState(), clang::Stmt::getStmtClass(), clang::CastExpr::getSubExpr(), clang::StmtExpr::getSubStmt(), clang::AbstractConditionalOperator::getTrueExpr(), clang::Expr::getType(), clang::BinaryOperator::isEqualityOp(), clang::BinaryOperator::isLogicalOp(), clang::BinaryOperator::isRelationalOp(), clang::ento::SValBuilder::makeIntValWithPtrWidth(), clang::Stmt::NoStmtClass, clang::ento::AnalysisManager::options, clang::ProgramPoint::PreStmtKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), S, clang::ento::NodeBuilder::takeNodes(), clang::UO_LNot, VisitBinaryOperator(), VisitBlockExpr(), VisitCallExpr(), VisitCast(), VisitCommonDeclRefExpr(), VisitCompoundLiteralExpr(), VisitCXXBindTemporaryExpr(), VisitCXXCatchStmt(), VisitCXXConstructExpr(), VisitCXXDeleteExpr(), VisitCXXNewExpr(), VisitCXXThisExpr(), VisitDeclStmt(), VisitGCCAsmStmt(), VisitGuardedExpr(), VisitInitListExpr(), VisitLogicalExpr(), VisitLvalArraySubscriptExpr(), VisitLvalObjCIvarRefExpr(), VisitMemberExpr(), VisitMSAsmStmt(), VisitObjCAtSynchronizedStmt(), VisitObjCForCollectionStmt(), VisitObjCMessage(), VisitOffsetOfExpr(), VisitReturnStmt(), VisitUnaryExprOrTypeTraitExpr(), VisitUnaryOperator(), and clang::ASTContext::VoidTy.

Referenced by ProcessStmt().

void ExprEngine::VisitBinaryOperator	(	const BinaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitBinaryOperator - Transfer function logic for binary operators.

Definition at line 22 of file ExprEngineC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::BO_Add, clang::BO_AddAssign, clang::BO_And, clang::BO_AndAssign, clang::BO_Assign, clang::BO_Div, clang::BO_DivAssign, clang::BO_Mul, clang::BO_MulAssign, clang::BO_Or, clang::BO_OrAssign, clang::BO_PtrMemD, clang::BO_Rem, clang::BO_RemAssign, clang::BO_Shl, clang::BO_ShlAssign, clang::BO_Shr, clang::BO_ShrAssign, clang::BO_Sub, clang::BO_SubAssign, clang::BO_Xor, clang::BO_XorAssign, clang::ento::SValBuilder::conjureSymbolVal(), clang::LangAS::Count, clang::ento::ExplodedNodeSet::end(), evalBinOp(), clang::ento::SValBuilder::evalCast(), evalLoad(), evalStore(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), clang::ASTContext::getCanonicalType(), getCheckerManager(), getContext(), clang::BinaryOperator::getLHS(), clang::BinaryOperator::getOpcode(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::BinaryOperator::isAdditiveOp(), clang::BinaryOperator::isAssignmentOp(), clang::BinaryOperator::isCompoundAssignmentOp(), clang::Expr::isGLValue(), clang::Type::isIntegralOrEnumerationType(), clang::ento::SVal::isUnknown(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitBlockExpr	(	const BlockExpr *	BE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitBlockExpr - Transfer function logic for BlockExprs.

Definition at line 187 of file ExprEngineC.cpp.

References clang::ento::NodeBuilderContext::blockCount(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::BlockExpr::getBlockDecl(), clang::ento::SValBuilder::getBlockPointer(), clang::ASTContext::getCanonicalType(), clang::ento::BlockDataRegion::referenced_vars_iterator::getCapturedRegion(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::BlockDataRegion::referenced_vars_iterator::getOriginalRegion(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and State.

Referenced by Visit().

void ExprEngine::VisitCallExpr	(	const CallExpr *	CE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitCall - Transfer function for function calls.

Definition at line 482 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), evalCall(), clang::ento::ProgramStateManager::getCallEventManager(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::CallEventManager::getSimpleCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostStmt(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitCast	(	const CastExpr *	CastE,
		const Expr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitCast - Transfer function logic for all casts (implicit and explicit).

Definition at line 227 of file ExprEngineC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::CK_AddressSpaceConversion, clang::CK_AnyPointerToBlockPointerCast, clang::CK_ARCConsumeObject, clang::CK_ARCExtendBlockObject, clang::CK_ARCProduceObject, clang::CK_ARCReclaimReturnedObject, clang::CK_ArrayToPointerDecay, clang::CK_AtomicToNonAtomic, clang::CK_BaseToDerived, clang::CK_BaseToDerivedMemberPointer, clang::CK_BitCast, clang::CK_BlockPointerToObjCPointerCast, clang::CK_BuiltinFnToFnPtr, clang::CK_ConstructorConversion, clang::CK_CopyAndAutoreleaseBlockObject, clang::CK_CPointerToObjCPointerCast, clang::CK_Dependent, clang::CK_DerivedToBase, clang::CK_DerivedToBaseMemberPointer, clang::CK_Dynamic, clang::CK_FloatingCast, clang::CK_FloatingComplexCast, clang::CK_FloatingComplexToBoolean, clang::CK_FloatingComplexToIntegralComplex, clang::CK_FloatingComplexToReal, clang::CK_FloatingRealToComplex, clang::CK_FloatingToBoolean, clang::CK_FloatingToIntegral, clang::CK_FunctionToPointerDecay, clang::CK_IntegralCast, clang::CK_IntegralComplexCast, clang::CK_IntegralComplexToBoolean, clang::CK_IntegralComplexToFloatingComplex, clang::CK_IntegralComplexToReal, clang::CK_IntegralRealToComplex, clang::CK_IntegralToBoolean, clang::CK_IntegralToFloating, clang::CK_IntegralToPointer, clang::CK_LValueBitCast, clang::CK_LValueToRValue, clang::CK_MemberPointerToBoolean, clang::CK_NonAtomicToAtomic, clang::CK_NoOp, clang::CK_NullToMemberPointer, clang::CK_NullToPointer, clang::CK_ObjCObjectLValueCast, clang::CK_PointerToBoolean, clang::CK_PointerToIntegral, clang::CK_ReinterpretMemberPointer, clang::CK_ToUnion, clang::CK_ToVoid, clang::CK_UncheckedDerivedToBase, clang::CK_UserDefinedConversion, clang::CK_VectorSplat, clang::CK_ZeroToOCLEvent, clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::ExplodedNodeSet::end(), clang::ento::SValBuilder::evalCast(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::StoreManager::evalDynamicCast(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::CastExpr::getCastKind(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ASTContext::getPointerType(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::Expr::getType(), clang::Expr::isGLValue(), clang::Type::isReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::SVal::isZeroConstant(), clang::ento::SValBuilder::makeNull(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitCommonDeclRefExpr	(	const Expr *	DR,
		const NamedDecl *	D,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Transfer function logic for DeclRefExprs and BlockDeclRefExprs.

Definition at line 1837 of file ExprEngine.cpp.

References clang::ento::NodeBuilderContext::blockCount(), clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::SValBuilder::getFunctionPointer(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::isGLValue(), clang::ento::SValBuilder::makeIntVal(), and clang::ProgramPoint::PostLValueKind.

Referenced by Visit(), and VisitMemberExpr().

void ExprEngine::VisitCompoundLiteralExpr	(	const CompoundLiteralExpr *	CL,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitCompoundLiteralExpr - Transfer function logic for compound literals.

Definition at line 410 of file ExprEngineC.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::CompoundLiteralExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::Type::isArrayType(), clang::Expr::isGLValue(), and State.

Referenced by Visit().

void ExprEngine::VisitCXXBindTemporaryExpr	(	const CXXBindTemporaryExpr *	BTE,
		ExplodedNodeSet &	PreVisit,
		ExplodedNodeSet &	Dst
	)

Definition at line 712 of file ExprEngine.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), getAnalysisManager(), and Node.

Referenced by Visit().

void ExprEngine::VisitCXXCatchStmt	(	const CXXCatchStmt *	CS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 482 of file ExprEngineCXX.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StmtNodeBuilder::generateNode(), clang::CXXCatchStmt::getExceptionDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ValueDecl::getType().

Referenced by Visit().

void ExprEngine::VisitCXXConstructExpr	(	const CXXConstructExpr *	E,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 177 of file ExprEngineCXX.cpp.

References clang::ento::ExplodedNodeSet::Add(), clang::ento::ExplodedNodeSet::begin(), clang::CXXConstructExpr::CK_Complete, clang::CXXConstructExpr::CK_Delegating, clang::CXXConstructExpr::CK_NonVirtualBase, clang::CXXConstructExpr::CK_VirtualBase, defaultEvalCall(), clang::ento::ExplodedNodeSet::end(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::ento::ProgramStateManager::getCallEventManager(), clang::StackFrameContext::getCallSite(), getCheckerManager(), clang::CXXConstructExpr::getConstructionKind(), clang::CXXConstructExpr::getConstructor(), getContext(), clang::LocationContext::getCurrentStackFrame(), clang::CallEventManager::getCXXConstructorCall(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), getRegionForConstructedObject(), clang::ento::ExplodedNode::getState(), getStateManager(), getStoreManager(), getSValBuilder(), clang::Expr::getType(), clang::CXXConstructorDecl::isCopyOrMoveConstructor(), clang::FunctionDecl::isTrivial(), clang::ento::SValBuilder::makeZeroVal(), clang::ProgramPoint::PreStmtKind, clang::CXXConstructExpr::requiresZeroInitialization(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreCall(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitCXXDeleteExpr	(	const CXXDeleteExpr *	CDE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 475 of file ExprEngineCXX.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), and clang::ento::ExplodedNode::getState().

Referenced by Visit().

void ExprEngine::VisitCXXDestructor	(	QualType	ObjectType,
		const MemRegion *	Dest,
		const Stmt *	S,
		bool	IsBaseDtor,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

void ExprEngine::VisitCXXNewAllocatorCall	(	const CXXNewExpr *	CNE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 344 of file ExprEngineCXX.cpp.

References clang::ento::ExplodedNodeSet::begin(), defaultEvalCall(), clang::ento::ExplodedNodeSet::end(), clang::ento::ProgramStateManager::getCallEventManager(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXNewExpr::getStartLoc(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().

Referenced by ProcessNewAllocator().

void ExprEngine::VisitCXXNewExpr	(	const CXXNewExpr *	CNE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 370 of file ExprEngineCXX.cpp.

References clang::ento::NodeBuilderContext::blockCount(), clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), evalBind(), clang::ento::SValBuilder::evalCast(), clang::ento::StmtNodeBuilder::generateNode(), clang::Type::getAs(), clang::QualType::getBaseTypeIdentifier(), clang::ento::ProgramStateManager::getCallEventManager(), clang::ento::SValBuilder::getConjuredHeapSymbolVal(), getContext(), clang::CallEventManager::getCXXAllocatorCall(), clang::ento::StoreManager::GetElementZeroRegion(), clang::CXXNewExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::FunctionDecl::getNumParams(), clang::CXXNewExpr::getOperatorNew(), clang::FunctionDecl::getParamDecl(), clang::CXXNewExpr::getPlacementArg(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), getStateManager(), getStoreManager(), clang::Expr::getType(), clang::ValueDecl::getType(), clang::CXXNewExpr::isArray(), clang::FunctionDecl::isReservedGlobalPlacementOperator(), clang::FunctionDecl::isVariadic(), clang::ento::ExplodedNodeSet::size(), and clang::ento::NodeBuilder::takeNodes().

Referenced by Visit().

void ExprEngine::VisitCXXThisExpr	(	const CXXThisExpr *	TE,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 501 of file ExprEngineCXX.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::MemRegionManager::getCXXThisRegion(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), and clang::Expr::getType().

Referenced by Visit().

void ExprEngine::VisitDeclStmt	(	const DeclStmt *	DS,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitDeclStmt - Transfer function logic for DeclStmts.

Definition at line 443 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::DeclStmt::decl_begin(), clang::ento::ExplodedNodeSet::end(), evalBind(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), getCheckerManager(), getContext(), clang::VarDecl::getInit(), clang::ento::AnalysisManager::getLangOpts(), clang::ento::ExplodedNode::getLocationContext(), clang::ASTContext::getPointerType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), clang::ValueDecl::getType(), clang::ento::ExplodedNodeSet::insert(), clang::Type::isRecordType(), clang::Type::isReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::ento::NodeBuilder::takeNodes().

Referenced by Visit().

void ExprEngine::VisitGCCAsmStmt	(	const GCCAsmStmt *	A,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitGCCAsmStmt - Transfer function logic for inline asm.

Definition at line 2360 of file ExprEngine.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::AsmStmt::outputs(), and X.

Referenced by Visit().

void ExprEngine::VisitGuardedExpr	(	const Expr *	Ex,
		const Expr *	L,
		const Expr *	R,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.

Definition at line 634 of file ExprEngineC.cpp.

References clang::ento::NodeBuilderContext::blockCount(), clang::ProgramPoint::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StmtNodeBuilder::generateNode(), clang::CFGElement::getAs(), clang::ProgramPoint::getAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::IgnoreParens(), clang::ento::ExplodedNode::pred_begin(), clang::CFGBlock::rbegin(), and clang::CFGBlock::rend().

Referenced by Visit().

void ExprEngine::VisitIncrementDecrementOperator	(	const UnaryOperator *	U,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Handle ++ and -- (both pre- and post-increment).

Definition at line 890 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::BO_Add, clang::BO_Sub, clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::ExplodedNodeSet::end(), evalBinOp(), clang::ento::SValBuilder::evalEQ(), evalLoad(), evalStore(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::UnaryOperator::getSubExpr(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::ento::ExplodedNodeSet::insert(), clang::Type::isAnyPointerType(), clang::Expr::isGLValue(), clang::UnaryOperator::isIncrementDecrementOp(), clang::UnaryOperator::isIncrementOp(), clang::Type::isIntegralOrEnumerationType(), clang::ento::Loc::isLocType(), clang::UnaryOperator::isPostfix(), clang::ento::SVal::isUnknown(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeIntVal(), clang::ento::SValBuilder::makeZeroVal(), and clang::ento::NodeBuilder::takeNodes().

Referenced by VisitUnaryOperator().

void ExprEngine::VisitInitListExpr	(	const InitListExpr *	E,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

void ExprEngine::VisitLogicalExpr	(	const BinaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitLogicalExpr - Transfer function logic for '&&', '||'.

Definition at line 516 of file ExprEngineC.cpp.

References clang::BO_LAnd, clang::BO_LOr, clang::ento::SVal::castAs(), clang::CFGElement::castAs(), clang::ProgramPoint::castAs(), clang::CFGBlock::empty(), clang::ento::SValBuilder::evalCast(), clang::ProgramPoint::getAs(), clang::BlockEdge::getDst(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::BinaryOperator::getOpcode(), clang::BlockEdge::getSrc(), clang::ento::ExplodedNode::getState(), clang::CFGTerminator::getStmt(), getSValBuilder(), clang::CFGBlock::getTerminator(), clang::Expr::getType(), clang::ento::SValBuilder::makeIntVal(), P, clang::ento::ExplodedNode::pred_begin(), clang::ento::ExplodedNode::pred_size(), clang::CFGBlock::rbegin(), clang::CFGBlock::succ_begin(), clang::CFGBlock::succ_size(), and X.

Referenced by Visit().

void ExprEngine::VisitLvalArraySubscriptExpr	(	const ArraySubscriptExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitArraySubscriptExpr - Transfer function for array accesses.

Definition at line 1892 of file ExprEngine.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ArraySubscriptExpr::getBase(), getCheckerManager(), clang::ArraySubscriptExpr::getIdx(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::Expr::isGLValue(), clang::ProgramPoint::PostLValueKind, and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitLvalObjCIvarRefExpr	(	const ObjCIvarRefExpr *	DR,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Transfer function logic for computing the lvalue of an Objective-C ivar.

Definition at line 22 of file ExprEngineObjC.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), clang::ObjCIvarRefExpr::getBase(), getCheckerManager(), clang::ObjCIvarRefExpr::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), and clang::ento::CheckerManager::runCheckersForPostStmt().

Referenced by Visit().

void ExprEngine::VisitMemberExpr	(	const MemberExpr *	M,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitMemberExpr - Transfer function for member expressions.

Definition at line 1919 of file ExprEngine.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::CK_ArrayToPointerDecay, clang::ento::ExplodedNodeSet::end(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::MemberExpr::getBase(), getCheckerManager(), clang::ento::SValBuilder::getFunctionPointer(), clang::MemberExpr::getMemberDecl(), clang::Expr::getType(), clang::ValueDecl::getType(), clang::Type::isArrayType(), clang::Expr::isGLValue(), clang::Type::isReferenceType(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), and VisitCommonDeclRefExpr().

Referenced by Visit().

void ExprEngine::VisitMSAsmStmt	(	const MSAsmStmt *	A,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitMSAsmStmt - Transfer function logic for MS inline asm.

Definition at line 2383 of file ExprEngine.cpp.

References clang::ento::StmtNodeBuilder::generateNode(), and clang::ento::ExplodedNode::getState().

Referenced by Visit().

void ExprEngine::VisitObjCAtSynchronizedStmt	(	const ObjCAtSynchronizedStmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Transfer function logic for ObjCAtSynchronizedStmts.

Definition at line 39 of file ExprEngineObjC.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitObjCForCollectionStmt	(	const ObjCForCollectionStmt *	S,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitObjCForCollectionStmt - Transfer function logic for ObjCForCollectionStmt.

Definition at line 45 of file ExprEngineObjC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SymbolManager::conjureSymbol(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), getCheckerManager(), clang::ObjCForCollectionStmt::getElement(), clang::VarDecl::getInit(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::Loc::isLocType(), clang::ento::SValBuilder::makeIntVal(), clang::ento::SValBuilder::makeLoc(), clang::ento::SValBuilder::makeTruthVal(), and clang::ento::CheckerManager::runCheckersForPostStmt().

Referenced by Visit().

void ExprEngine::VisitObjCMessage	(	const ObjCMessageExpr *	ME,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

Definition at line 135 of file ExprEngineObjC.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::SVal::castAs(), clang::ento::CallEventRef< T >::cloneWithState(), defaultEvalCall(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::ento::ProgramStateManager::getCallEventManager(), getCheckerManager(), clang::ento::ExplodedNode::getLocationContext(), clang::CallEventManager::getObjCMethodCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ObjCNoReturn::isImplicitNoReturn(), clang::ento::SVal::isUndef(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPreCall(), clang::ento::CheckerManager::runCheckersForPreObjCMessage(), and State.

Referenced by Visit().

void ExprEngine::VisitOffsetOfExpr	(	const OffsetOfExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitOffsetOfExpr - Transfer function for offsetof.

Definition at line 697 of file ExprEngineC.cpp.

References clang::Expr::EvaluateAsInt(), clang::ento::StmtNodeBuilder::generateNode(), clang::Type::getAs(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ASTContext::getTypeSize(), clang::Type::isBuiltinType(), clang::Type::isSignedIntegerType(), clang::ento::SValBuilder::makeIntVal(), and X.

Referenced by Visit().

void ExprEngine::VisitReturnStmt	(	const ReturnStmt *	R,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitReturnStmt - Transfer function logic for return statements.

Definition at line 991 of file ExprEngineCallAndReturn.cpp.

References clang::ento::ExplodedNodeSet::begin(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), clang::ReturnStmt::getRetValue(), and clang::ento::CheckerManager::runCheckersForPreStmt().

Referenced by Visit().

void ExprEngine::VisitUnaryExprOrTypeTraitExpr	(	const UnaryExprOrTypeTraitExpr *	Ex,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

void ExprEngine::VisitUnaryOperator	(	const UnaryOperator *	B,
		ExplodedNode *	Pred,
		ExplodedNodeSet &	Dst
	)

VisitUnaryOperator - Transfer function logic for unary operators.

Definition at line 758 of file ExprEngineC.cpp.

References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::BO_EQ, clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::end(), evalBinOp(), evalComplement(), evalMinus(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAs(), getBasicVals(), getCheckerManager(), clang::UnaryOperator::getOpcode(), clang::UnaryOperator::getSubExpr(), clang::Expr::getType(), getValue(), clang::Expr::IgnoreParens(), clang::Type::isAnyComplexType(), clang::Expr::isGLValue(), clang::ento::SVal::isUnknownOrUndef(), clang::ento::SValBuilder::makeNull(), clang::ento::SValBuilder::makeZeroVal(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), clang::UO_AddrOf, clang::UO_Deref, clang::UO_Extension, clang::UO_Imag, clang::UO_LNot, clang::UO_Minus, clang::UO_Not, clang::UO_Plus, clang::UO_Real, VisitIncrementDecrementOperator(), and X.

Referenced by Visit().

bool ExprEngine::wantsRegionChangeUpdate ( ProgramStateRef state ) [override, virtual]

wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a region change should trigger a processRegionChanges update.

Implements clang::ento::SubEngine.

Definition at line 264 of file ExprEngine.cpp.

References getCheckerManager(), and clang::ento::CheckerManager::wantsRegionChangeUpdate().

bool clang::ento::ExprEngine::wasBlocksExhausted ( ) const [inline]

Definition at line 316 of file ExprEngine.h.

References clang::ento::CoreEngine::wasBlocksExhausted().

The documentation for this class was generated from the following files:

Public Types

Public Member Functions

Protected Member Functions

Detailed Description

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation