2008-11-13 03:21:30 +08:00
|
|
|
//== Environment.cpp - Map from Stmt* to Locations/Values -------*- C++ -*--==//
|
2008-07-09 05:46:56 +08:00
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// This file defined the Environment and EnvironmentManager classes.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
2010-03-28 05:19:47 +08:00
|
|
|
|
2012-01-28 20:06:22 +08:00
|
|
|
#include "clang/AST/ExprCXX.h"
|
2011-08-20 14:23:25 +08:00
|
|
|
#include "clang/AST/ExprObjC.h"
|
2010-03-28 05:19:47 +08:00
|
|
|
#include "clang/Analysis/AnalysisContext.h"
|
|
|
|
#include "clang/Analysis/CFG.h"
|
2011-08-16 06:09:50 +08:00
|
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
|
2008-07-09 05:46:56 +08:00
|
|
|
|
|
|
|
using namespace clang;
|
2010-12-23 15:20:52 +08:00
|
|
|
using namespace ento;
|
2008-07-09 05:46:56 +08:00
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
SVal Environment::lookupExpr(const EnvironmentEntry &E) const {
|
2010-12-06 07:36:15 +08:00
|
|
|
const SVal* X = ExprBindings.lookup(E);
|
|
|
|
if (X) {
|
|
|
|
SVal V = *X;
|
|
|
|
return V;
|
|
|
|
}
|
|
|
|
return UnknownVal();
|
|
|
|
}
|
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
SVal Environment::getSVal(const EnvironmentEntry &Entry,
|
|
|
|
SValBuilder& svalBuilder,
|
|
|
|
bool useOnlyDirectBindings) const {
|
2011-04-27 13:34:09 +08:00
|
|
|
|
|
|
|
if (useOnlyDirectBindings) {
|
|
|
|
// This branch is rarely taken, but can be exercised by
|
|
|
|
// checkers that explicitly bind values to arbitrary
|
|
|
|
// expressions. It is crucial that we do not ignore any
|
|
|
|
// expression here, and do a direct lookup.
|
2012-01-07 06:09:28 +08:00
|
|
|
return lookupExpr(Entry);
|
2011-04-27 13:34:09 +08:00
|
|
|
}
|
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
const Stmt *E = Entry.getStmt();
|
|
|
|
const LocationContext *LCtx = Entry.getLocationContext();
|
|
|
|
|
2008-07-11 01:19:18 +08:00
|
|
|
for (;;) {
|
2011-06-09 06:47:39 +08:00
|
|
|
if (const Expr *Ex = dyn_cast<Expr>(E))
|
|
|
|
E = Ex->IgnoreParens();
|
|
|
|
|
2008-07-11 01:19:18 +08:00
|
|
|
switch (E->getStmtClass()) {
|
2009-09-09 23:08:12 +08:00
|
|
|
case Stmt::AddrLabelExprClass:
|
2010-12-02 15:49:45 +08:00
|
|
|
return svalBuilder.makeLoc(cast<AddrLabelExpr>(E));
|
2011-02-24 11:09:15 +08:00
|
|
|
case Stmt::OpaqueValueExprClass: {
|
|
|
|
const OpaqueValueExpr *ope = cast<OpaqueValueExpr>(E);
|
|
|
|
E = ope->getSourceExpr();
|
|
|
|
continue;
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
case Stmt::ParenExprClass:
|
2011-04-15 08:35:48 +08:00
|
|
|
case Stmt::GenericSelectionExprClass:
|
2011-06-09 06:47:39 +08:00
|
|
|
llvm_unreachable("ParenExprs and GenericSelectionExprs should "
|
|
|
|
"have been handled by IgnoreParens()");
|
2008-07-11 01:19:18 +08:00
|
|
|
case Stmt::CharacterLiteralClass: {
|
2009-06-19 07:58:37 +08:00
|
|
|
const CharacterLiteral* C = cast<CharacterLiteral>(E);
|
2010-12-02 15:49:45 +08:00
|
|
|
return svalBuilder.makeIntVal(C->getValue(), C->getType());
|
2008-07-11 01:19:18 +08:00
|
|
|
}
|
2010-04-14 14:29:29 +08:00
|
|
|
case Stmt::CXXBoolLiteralExprClass: {
|
2012-01-07 06:09:28 +08:00
|
|
|
const SVal *X = ExprBindings.lookup(EnvironmentEntry(E, LCtx));
|
2010-04-14 14:29:29 +08:00
|
|
|
if (X)
|
|
|
|
return *X;
|
|
|
|
else
|
2011-02-19 09:59:41 +08:00
|
|
|
return svalBuilder.makeBoolVal(cast<CXXBoolLiteralExpr>(E));
|
2010-04-14 14:29:29 +08:00
|
|
|
}
|
2008-07-11 01:19:18 +08:00
|
|
|
case Stmt::IntegerLiteralClass: {
|
2010-01-09 17:16:47 +08:00
|
|
|
// In C++, this expression may have been bound to a temporary object.
|
2012-01-07 06:09:28 +08:00
|
|
|
SVal const *X = ExprBindings.lookup(EnvironmentEntry(E, LCtx));
|
2010-01-09 17:16:47 +08:00
|
|
|
if (X)
|
|
|
|
return *X;
|
|
|
|
else
|
2010-12-02 15:49:45 +08:00
|
|
|
return svalBuilder.makeIntVal(cast<IntegerLiteral>(E));
|
2008-07-11 01:19:18 +08:00
|
|
|
}
|
2011-04-23 02:01:30 +08:00
|
|
|
// For special C0xx nullptr case, make a null pointer SVal.
|
|
|
|
case Stmt::CXXNullPtrLiteralExprClass:
|
|
|
|
return svalBuilder.makeNull();
|
2010-12-06 16:20:24 +08:00
|
|
|
case Stmt::ExprWithCleanupsClass:
|
|
|
|
E = cast<ExprWithCleanups>(E)->getSubExpr();
|
2010-11-24 21:08:51 +08:00
|
|
|
continue;
|
|
|
|
case Stmt::CXXBindTemporaryExprClass:
|
|
|
|
E = cast<CXXBindTemporaryExpr>(E)->getSubExpr();
|
|
|
|
continue;
|
2011-08-20 14:23:25 +08:00
|
|
|
case Stmt::ObjCPropertyRefExprClass:
|
|
|
|
return loc::ObjCPropRef(cast<ObjCPropertyRefExpr>(E));
|
2012-02-28 08:56:05 +08:00
|
|
|
case Stmt::ObjCStringLiteralClass: {
|
|
|
|
MemRegionManager &MRMgr = svalBuilder.getRegionManager();
|
|
|
|
const ObjCStringLiteral *SL = cast<ObjCStringLiteral>(E);
|
|
|
|
return svalBuilder.makeLoc(MRMgr.getObjCStringRegion(SL));
|
|
|
|
}
|
2012-02-28 07:34:19 +08:00
|
|
|
case Stmt::StringLiteralClass: {
|
|
|
|
MemRegionManager &MRMgr = svalBuilder.getRegionManager();
|
|
|
|
const StringLiteral *SL = cast<StringLiteral>(E);
|
|
|
|
return svalBuilder.makeLoc(MRMgr.getStringRegion(SL));
|
|
|
|
}
|
2012-01-11 09:06:27 +08:00
|
|
|
case Stmt::ReturnStmtClass: {
|
|
|
|
const ReturnStmt *RS = cast<ReturnStmt>(E);
|
|
|
|
if (const Expr *RE = RS->getRetValue()) {
|
|
|
|
E = RE;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
return UndefinedVal();
|
|
|
|
}
|
2011-08-20 14:23:25 +08:00
|
|
|
|
2010-11-24 21:08:51 +08:00
|
|
|
// Handle all other Stmt* using a lookup.
|
2008-07-11 01:19:18 +08:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
};
|
|
|
|
break;
|
|
|
|
}
|
2012-01-07 06:09:28 +08:00
|
|
|
return lookupExpr(EnvironmentEntry(E, LCtx));
|
2008-07-11 01:19:18 +08:00
|
|
|
}
|
2008-07-09 05:46:56 +08:00
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
Environment EnvironmentManager::bindExpr(Environment Env,
|
|
|
|
const EnvironmentEntry &E,
|
|
|
|
SVal V,
|
|
|
|
bool Invalidate) {
|
2009-09-09 23:08:12 +08:00
|
|
|
if (V.isUnknown()) {
|
2008-07-11 01:19:18 +08:00
|
|
|
if (Invalidate)
|
2012-01-07 06:09:28 +08:00
|
|
|
return Environment(F.remove(Env.ExprBindings, E));
|
2008-07-11 01:19:18 +08:00
|
|
|
else
|
|
|
|
return Env;
|
|
|
|
}
|
2012-01-07 06:09:28 +08:00
|
|
|
return Environment(F.add(Env.ExprBindings, E, V));
|
2008-07-11 01:19:18 +08:00
|
|
|
}
|
2008-08-21 01:08:29 +08:00
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
static inline EnvironmentEntry MakeLocation(const EnvironmentEntry &E) {
|
|
|
|
const Stmt *S = E.getStmt();
|
|
|
|
S = (const Stmt*) (((uintptr_t) S) | 0x1);
|
|
|
|
return EnvironmentEntry(S, E.getLocationContext());
|
2010-09-03 09:07:02 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
Environment EnvironmentManager::bindExprAndLocation(Environment Env,
|
2012-01-07 06:09:28 +08:00
|
|
|
const EnvironmentEntry &E,
|
2010-09-03 09:07:02 +08:00
|
|
|
SVal location, SVal V) {
|
2012-01-07 06:09:28 +08:00
|
|
|
return Environment(F.add(F.add(Env.ExprBindings, MakeLocation(E), location),
|
|
|
|
E, V));
|
2010-09-03 09:07:02 +08:00
|
|
|
}
|
|
|
|
|
2009-02-14 11:16:10 +08:00
|
|
|
namespace {
|
2009-11-28 14:07:30 +08:00
|
|
|
class MarkLiveCallback : public SymbolVisitor {
|
2009-02-14 11:16:10 +08:00
|
|
|
SymbolReaper &SymReaper;
|
|
|
|
public:
|
2009-09-09 23:08:12 +08:00
|
|
|
MarkLiveCallback(SymbolReaper &symreaper) : SymReaper(symreaper) {}
|
2012-02-21 08:46:29 +08:00
|
|
|
bool VisitSymbol(SymbolRef sym) {
|
|
|
|
SymReaper.markLive(sym);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool VisitMemRegion(const MemRegion *R) {
|
|
|
|
SymReaper.markLive(R);
|
|
|
|
return true;
|
|
|
|
}
|
2009-02-14 11:16:10 +08:00
|
|
|
};
|
|
|
|
} // end anonymous namespace
|
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
// In addition to mapping from EnvironmentEntry - > SVals in the Environment,
|
|
|
|
// we also maintain a mapping from EnvironmentEntry -> SVals (locations)
|
|
|
|
// that were used during a load and store.
|
|
|
|
static inline bool IsLocation(const EnvironmentEntry &E) {
|
|
|
|
const Stmt *S = E.getStmt();
|
2010-09-03 09:07:02 +08:00
|
|
|
return (bool) (((uintptr_t) S) & 0x1);
|
|
|
|
}
|
2010-04-05 21:16:29 +08:00
|
|
|
|
2011-01-15 04:34:15 +08:00
|
|
|
// removeDeadBindings:
|
2009-03-12 15:54:17 +08:00
|
|
|
// - Remove subexpression bindings.
|
|
|
|
// - Remove dead block expression bindings.
|
|
|
|
// - Keep live block expression bindings:
|
2009-09-09 23:08:12 +08:00
|
|
|
// - Mark their reachable symbols live in SymbolReaper,
|
2009-03-12 15:54:17 +08:00
|
|
|
// see ScanReachableSymbols.
|
|
|
|
// - Mark the region in DRoots if the binding is a loc::MemRegionVal.
|
2009-09-09 23:08:12 +08:00
|
|
|
Environment
|
2011-01-15 04:34:15 +08:00
|
|
|
EnvironmentManager::removeDeadBindings(Environment Env,
|
2009-08-27 09:39:13 +08:00
|
|
|
SymbolReaper &SymReaper,
|
2012-01-27 05:29:00 +08:00
|
|
|
ProgramStateRef ST) {
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-08-27 09:39:13 +08:00
|
|
|
// We construct a new Environment object entirely, as this is cheaper than
|
|
|
|
// individually removing all the subexpression bindings (which will greatly
|
|
|
|
// outnumber block-level expression bindings).
|
2010-03-05 12:45:36 +08:00
|
|
|
Environment NewEnv = getInitialEnvironment();
|
2010-09-03 09:07:02 +08:00
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
SmallVector<std::pair<EnvironmentEntry, SVal>, 10> deferredLocations;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-09-23 02:10:41 +08:00
|
|
|
MarkLiveCallback CB(SymReaper);
|
|
|
|
ScanReachableSymbols RSScaner(ST, CB);
|
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
llvm::ImmutableMapRef<EnvironmentEntry,SVal>
|
2011-09-24 03:14:09 +08:00
|
|
|
EBMapRef(NewEnv.ExprBindings.getRootWithoutRetain(),
|
|
|
|
F.getTreeFactory());
|
|
|
|
|
2008-08-21 01:08:29 +08:00
|
|
|
// Iterate over the block-expr bindings.
|
2009-09-09 23:08:12 +08:00
|
|
|
for (Environment::iterator I = Env.begin(), E = Env.end();
|
2008-08-21 01:08:29 +08:00
|
|
|
I != E; ++I) {
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
const EnvironmentEntry &BlkExpr = I.getKey();
|
2010-09-03 09:07:02 +08:00
|
|
|
// For recorded locations (used when evaluating loads and stores), we
|
|
|
|
// consider them live only when their associated normal expression is
|
|
|
|
// also live.
|
|
|
|
// NOTE: This assumes that loads/stores that evaluated to UnknownVal
|
|
|
|
// still have an entry in the map.
|
|
|
|
if (IsLocation(BlkExpr)) {
|
|
|
|
deferredLocations.push_back(std::make_pair(BlkExpr, I.getData()));
|
|
|
|
continue;
|
|
|
|
}
|
2010-04-05 21:16:29 +08:00
|
|
|
const SVal &X = I.getData();
|
|
|
|
|
2012-01-07 06:09:28 +08:00
|
|
|
if (SymReaper.isLive(BlkExpr.getStmt(), BlkExpr.getLocationContext())) {
|
2009-08-27 09:39:13 +08:00
|
|
|
// Copy the binding to the new map.
|
2011-09-24 03:14:09 +08:00
|
|
|
EBMapRef = EBMapRef.add(BlkExpr, X);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-10-04 13:50:14 +08:00
|
|
|
// If the block expr's value is a memory region, then mark that region.
|
2009-06-30 21:00:53 +08:00
|
|
|
if (isa<loc::MemRegionVal>(X)) {
|
2011-08-06 08:29:57 +08:00
|
|
|
const MemRegion *R = cast<loc::MemRegionVal>(X).getRegion();
|
|
|
|
SymReaper.markLive(R);
|
2009-06-30 21:00:53 +08:00
|
|
|
}
|
2008-10-04 13:50:14 +08:00
|
|
|
|
2009-02-14 11:16:10 +08:00
|
|
|
// Mark all symbols in the block expr's value live.
|
2011-09-23 02:10:41 +08:00
|
|
|
RSScaner.scan(X);
|
2009-08-27 09:39:13 +08:00
|
|
|
continue;
|
2008-08-21 01:08:29 +08:00
|
|
|
}
|
2009-08-27 09:39:13 +08:00
|
|
|
|
|
|
|
// Otherwise the expression is dead with a couple exceptions.
|
|
|
|
// Do not misclean LogicalExpr or ConditionalOperator. It is dead at the
|
|
|
|
// beginning of itself, but we need its UndefinedVal to determine its
|
|
|
|
// SVal.
|
|
|
|
if (X.isUndef() && cast<UndefinedVal>(X).getData())
|
2011-09-24 03:14:09 +08:00
|
|
|
EBMapRef = EBMapRef.add(BlkExpr, X);
|
2008-08-21 01:08:29 +08:00
|
|
|
}
|
2010-09-03 09:07:02 +08:00
|
|
|
|
|
|
|
// Go through he deferred locations and add them to the new environment if
|
|
|
|
// the correspond Stmt* is in the map as well.
|
2012-01-07 06:09:28 +08:00
|
|
|
for (SmallVectorImpl<std::pair<EnvironmentEntry, SVal> >::iterator
|
2010-09-03 09:07:02 +08:00
|
|
|
I = deferredLocations.begin(), E = deferredLocations.end(); I != E; ++I) {
|
2012-01-07 06:09:28 +08:00
|
|
|
const EnvironmentEntry &En = I->first;
|
|
|
|
const Stmt *S = (Stmt*) (((uintptr_t) En.getStmt()) & (uintptr_t) ~0x1);
|
|
|
|
if (EBMapRef.lookup(EnvironmentEntry(S, En.getLocationContext())))
|
|
|
|
EBMapRef = EBMapRef.add(En, I->second);
|
2010-09-03 09:07:02 +08:00
|
|
|
}
|
2008-08-21 01:08:29 +08:00
|
|
|
|
2011-09-24 03:14:09 +08:00
|
|
|
NewEnv.ExprBindings = EBMapRef.asImmutableMap();
|
2009-08-27 09:39:13 +08:00
|
|
|
return NewEnv;
|
2008-08-21 01:08:29 +08:00
|
|
|
}
|
2012-01-07 06:09:28 +08:00
|
|
|
|
|
|
|
void Environment::print(raw_ostream &Out, const char *NL,
|
|
|
|
const char *Sep) const {
|
|
|
|
printAux(Out, false, NL, Sep);
|
|
|
|
printAux(Out, true, NL, Sep);
|
|
|
|
}
|
|
|
|
|
|
|
|
void Environment::printAux(raw_ostream &Out, bool printLocations,
|
|
|
|
const char *NL,
|
|
|
|
const char *Sep) const{
|
|
|
|
|
|
|
|
bool isFirst = true;
|
|
|
|
|
|
|
|
for (Environment::iterator I = begin(), E = end(); I != E; ++I) {
|
|
|
|
const EnvironmentEntry &En = I.getKey();
|
|
|
|
if (IsLocation(En)) {
|
|
|
|
if (!printLocations)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (printLocations)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isFirst) {
|
|
|
|
Out << NL << NL
|
|
|
|
<< (printLocations ? "Load/Store locations:" : "Expressions:")
|
|
|
|
<< NL;
|
|
|
|
isFirst = false;
|
|
|
|
} else {
|
|
|
|
Out << NL;
|
|
|
|
}
|
|
|
|
|
|
|
|
const Stmt *S = En.getStmt();
|
|
|
|
if (printLocations) {
|
|
|
|
S = (Stmt*) (((uintptr_t) S) & ((uintptr_t) ~0x1));
|
|
|
|
}
|
|
|
|
|
|
|
|
Out << " (" << (void*) En.getLocationContext() << ',' << (void*) S << ") ";
|
|
|
|
LangOptions LO; // FIXME.
|
|
|
|
S->printPretty(Out, 0, PrintingPolicy(LO));
|
|
|
|
Out << " : " << I.getData();
|
|
|
|
}
|
|
|
|
}
|