2009-06-25 07:06:47 +08:00
|
|
|
//= GRState.cpp - Path-Sensitive "State" for tracking values -----*- C++ -*--=//
|
2008-02-05 15:17:49 +08:00
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
2009-06-25 07:06:47 +08:00
|
|
|
// This file implements GRState and GRStateManager.
|
2008-02-05 15:17:49 +08:00
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
2008-08-17 10:59:30 +08:00
|
|
|
#include "clang/Analysis/PathSensitive/GRStateTrait.h"
|
2008-08-13 12:27:00 +08:00
|
|
|
#include "clang/Analysis/PathSensitive/GRState.h"
|
2008-07-18 07:15:45 +08:00
|
|
|
#include "clang/Analysis/PathSensitive/GRTransferFuncs.h"
|
2008-08-28 07:13:01 +08:00
|
|
|
#include "llvm/ADT/SmallSet.h"
|
2008-08-24 06:23:37 +08:00
|
|
|
#include "llvm/Support/raw_ostream.h"
|
2008-08-28 07:13:01 +08:00
|
|
|
|
2008-02-05 05:59:22 +08:00
|
|
|
using namespace clang;
|
|
|
|
|
2008-08-28 07:13:01 +08:00
|
|
|
// Give the vtable for ConstraintManager somewhere to live.
|
2009-06-25 07:06:47 +08:00
|
|
|
// FIXME: Move this elsewhere.
|
2008-08-28 07:13:01 +08:00
|
|
|
ConstraintManager::~ConstraintManager() {}
|
|
|
|
|
2008-08-16 08:49:49 +08:00
|
|
|
GRStateManager::~GRStateManager() {
|
|
|
|
for (std::vector<GRState::Printer*>::iterator I=Printers.begin(),
|
|
|
|
E=Printers.end(); I!=E; ++I)
|
|
|
|
delete *I;
|
|
|
|
|
|
|
|
for (GDMContextsTy::iterator I=GDMContexts.begin(), E=GDMContexts.end();
|
|
|
|
I!=E; ++I)
|
|
|
|
I->second.second(I->second.first);
|
|
|
|
}
|
|
|
|
|
2008-08-13 12:27:00 +08:00
|
|
|
const GRState*
|
2008-12-05 08:47:52 +08:00
|
|
|
GRStateManager::RemoveDeadBindings(const GRState* state, Stmt* Loc,
|
2009-01-22 06:26:05 +08:00
|
|
|
SymbolReaper& SymReaper) {
|
|
|
|
|
2008-02-09 03:17:19 +08:00
|
|
|
// This code essentially performs a "mark-and-sweep" of the VariableBindings.
|
|
|
|
// The roots are any Block-level exprs and Decls that our liveness algorithm
|
|
|
|
// tells us are live. We then see what Decls they may reference, and keep
|
|
|
|
// those around. This code more than likely can be made faster, and the
|
|
|
|
// frequency of which this method is called should be experimented with
|
2008-10-04 13:50:14 +08:00
|
|
|
// for optimum performance.
|
|
|
|
llvm::SmallVector<const MemRegion*, 10> RegionRoots;
|
2008-12-05 08:47:52 +08:00
|
|
|
GRState NewState = *state;
|
2008-07-18 02:38:48 +08:00
|
|
|
|
2009-02-14 11:16:10 +08:00
|
|
|
NewState.Env = EnvMgr.RemoveDeadBindings(NewState.Env, Loc, SymReaper, *this,
|
2009-03-03 10:51:43 +08:00
|
|
|
state, RegionRoots);
|
2008-02-09 05:10:02 +08:00
|
|
|
|
2008-07-18 02:38:48 +08:00
|
|
|
// Clean up the store.
|
2009-01-22 06:26:05 +08:00
|
|
|
NewState.St = StoreMgr->RemoveDeadBindings(&NewState, Loc, SymReaper,
|
|
|
|
RegionRoots);
|
2008-08-16 08:49:49 +08:00
|
|
|
|
2008-12-05 08:47:52 +08:00
|
|
|
return ConstraintMgr->RemoveDeadBindings(getPersistentState(NewState),
|
2009-01-22 06:26:05 +08:00
|
|
|
SymReaper);
|
2008-02-09 03:17:19 +08:00
|
|
|
}
|
2008-02-06 08:54:14 +08:00
|
|
|
|
2009-06-24 04:38:51 +08:00
|
|
|
const GRState *GRState::unbindLoc(Loc LV) const {
|
|
|
|
Store OldStore = getStore();
|
|
|
|
Store NewStore = Mgr->StoreMgr->Remove(OldStore, LV);
|
2008-02-05 05:59:22 +08:00
|
|
|
|
2008-07-11 06:03:41 +08:00
|
|
|
if (NewStore == OldStore)
|
2009-06-24 04:38:51 +08:00
|
|
|
return this;
|
2008-07-11 06:03:41 +08:00
|
|
|
|
2009-06-24 04:38:51 +08:00
|
|
|
GRState NewSt = *this;
|
2008-07-11 06:03:41 +08:00
|
|
|
NewSt.St = NewStore;
|
2009-06-24 04:38:51 +08:00
|
|
|
return Mgr->getPersistentState(NewSt);
|
2008-02-05 05:59:22 +08:00
|
|
|
}
|
|
|
|
|
2009-06-25 06:15:30 +08:00
|
|
|
SVal GRState::getSValAsScalarOrLoc(const MemRegion *R) const {
|
|
|
|
// We only want to do fetches from regions that we can actually bind
|
|
|
|
// values. For example, SymbolicRegions of type 'id<...>' cannot
|
|
|
|
// have direct bindings (but their can be bindings on their subregions).
|
|
|
|
if (!R->isBoundable())
|
|
|
|
return UnknownVal();
|
|
|
|
|
|
|
|
if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) {
|
|
|
|
QualType T = TR->getValueType(Mgr->getContext());
|
|
|
|
if (Loc::IsLocType(T) || T->isIntegerType())
|
|
|
|
return getSVal(R);
|
|
|
|
}
|
|
|
|
|
|
|
|
return UnknownVal();
|
|
|
|
}
|
|
|
|
|
2009-06-27 08:24:54 +08:00
|
|
|
|
|
|
|
const GRState *GRState::bindExpr(const Stmt* Ex, SVal V, bool isBlkExpr,
|
|
|
|
bool Invalidate) const {
|
|
|
|
|
|
|
|
Environment NewEnv = Mgr->EnvMgr.BindExpr(Env, Ex, V, isBlkExpr, Invalidate);
|
|
|
|
|
|
|
|
if (NewEnv == Env)
|
|
|
|
return this;
|
|
|
|
|
|
|
|
GRState NewSt = *this;
|
|
|
|
NewSt.Env = NewEnv;
|
|
|
|
return Mgr->getPersistentState(NewSt);
|
|
|
|
}
|
|
|
|
|
|
|
|
const GRState *GRState::bindExpr(const Stmt* Ex, SVal V,
|
|
|
|
bool Invalidate) const {
|
|
|
|
|
|
|
|
bool isBlkExpr = false;
|
|
|
|
|
|
|
|
if (Ex == Mgr->CurrentStmt) {
|
|
|
|
// FIXME: Should this just be an assertion? When would we want to set
|
|
|
|
// the value of a block-level expression if it wasn't CurrentStmt?
|
|
|
|
isBlkExpr = Mgr->cfg.isBlkExpr(Ex);
|
|
|
|
|
|
|
|
if (!isBlkExpr)
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
return bindExpr(Ex, V, isBlkExpr, Invalidate);
|
|
|
|
}
|
|
|
|
|
2008-08-13 12:27:00 +08:00
|
|
|
const GRState* GRStateManager::getInitialState() {
|
2009-06-18 06:02:04 +08:00
|
|
|
GRState StateImpl(this, EnvMgr.getInitialEnvironment(),
|
2008-10-16 14:09:51 +08:00
|
|
|
StoreMgr->getInitialStore(),
|
2008-08-17 11:10:22 +08:00
|
|
|
GDMFactory.GetEmptyMap());
|
2008-08-20 00:51:45 +08:00
|
|
|
|
2008-02-05 15:17:49 +08:00
|
|
|
return getPersistentState(StateImpl);
|
|
|
|
}
|
|
|
|
|
2008-08-13 12:27:00 +08:00
|
|
|
const GRState* GRStateManager::getPersistentState(GRState& State) {
|
2008-02-05 15:17:49 +08:00
|
|
|
|
|
|
|
llvm::FoldingSetNodeID ID;
|
|
|
|
State.Profile(ID);
|
2008-02-12 03:21:59 +08:00
|
|
|
void* InsertPos;
|
2008-02-05 15:17:49 +08:00
|
|
|
|
2008-08-13 12:27:00 +08:00
|
|
|
if (GRState* I = StateSet.FindNodeOrInsertPos(ID, InsertPos))
|
2008-02-05 15:17:49 +08:00
|
|
|
return I;
|
|
|
|
|
2008-08-13 12:27:00 +08:00
|
|
|
GRState* I = (GRState*) Alloc.Allocate<GRState>();
|
|
|
|
new (I) GRState(State);
|
2008-02-05 15:17:49 +08:00
|
|
|
StateSet.InsertNode(I, InsertPos);
|
|
|
|
return I;
|
|
|
|
}
|
2008-02-12 03:21:59 +08:00
|
|
|
|
2009-06-18 06:02:04 +08:00
|
|
|
const GRState* GRState::makeWithStore(Store store) const {
|
|
|
|
GRState NewSt = *this;
|
2008-12-20 14:32:12 +08:00
|
|
|
NewSt.St = store;
|
2009-06-18 06:02:04 +08:00
|
|
|
return Mgr->getPersistentState(NewSt);
|
2008-12-20 14:32:12 +08:00
|
|
|
}
|
|
|
|
|
2008-08-16 08:49:49 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// State pretty-printing.
|
|
|
|
//===----------------------------------------------------------------------===//
|
2008-03-12 02:57:24 +08:00
|
|
|
|
2009-06-25 07:06:47 +08:00
|
|
|
void GRState::print(llvm::raw_ostream& Out, const char* nl,
|
|
|
|
const char* sep) const {
|
2008-08-20 06:24:03 +08:00
|
|
|
// Print the store.
|
2009-06-18 09:23:53 +08:00
|
|
|
Mgr->getStoreManager().print(getStore(), Out, nl, sep);
|
2008-02-12 03:21:59 +08:00
|
|
|
|
|
|
|
// Print Subexpression bindings.
|
2008-08-20 06:24:03 +08:00
|
|
|
bool isFirst = true;
|
2008-02-12 03:21:59 +08:00
|
|
|
|
2008-02-22 02:02:17 +08:00
|
|
|
for (seb_iterator I = seb_begin(), E = seb_end(); I != E; ++I) {
|
2008-02-12 03:21:59 +08:00
|
|
|
|
|
|
|
if (isFirst) {
|
2008-03-05 02:30:35 +08:00
|
|
|
Out << nl << nl << "Sub-Expressions:" << nl;
|
2008-02-12 03:21:59 +08:00
|
|
|
isFirst = false;
|
|
|
|
}
|
2008-03-05 02:30:35 +08:00
|
|
|
else { Out << nl; }
|
2008-02-12 03:21:59 +08:00
|
|
|
|
|
|
|
Out << " (" << (void*) I.getKey() << ") ";
|
2009-06-30 09:26:17 +08:00
|
|
|
LangOptions LO; // FIXME.
|
|
|
|
I.getKey()->printPretty(Out, 0, PrintingPolicy(LO));
|
2008-02-12 03:21:59 +08:00
|
|
|
Out << " : ";
|
|
|
|
I.getData().print(Out);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Print block-expression bindings.
|
|
|
|
isFirst = true;
|
|
|
|
|
2008-02-22 02:02:17 +08:00
|
|
|
for (beb_iterator I = beb_begin(), E = beb_end(); I != E; ++I) {
|
2008-02-12 03:21:59 +08:00
|
|
|
|
|
|
|
if (isFirst) {
|
2008-03-05 02:30:35 +08:00
|
|
|
Out << nl << nl << "Block-level Expressions:" << nl;
|
2008-02-12 03:21:59 +08:00
|
|
|
isFirst = false;
|
|
|
|
}
|
2008-03-05 02:30:35 +08:00
|
|
|
else { Out << nl; }
|
2008-02-12 03:21:59 +08:00
|
|
|
|
|
|
|
Out << " (" << (void*) I.getKey() << ") ";
|
2009-06-30 09:26:17 +08:00
|
|
|
LangOptions LO; // FIXME.
|
|
|
|
I.getKey()->printPretty(Out, 0, PrintingPolicy(LO));
|
2008-02-12 03:21:59 +08:00
|
|
|
Out << " : ";
|
|
|
|
I.getData().print(Out);
|
|
|
|
}
|
|
|
|
|
2009-06-18 09:23:53 +08:00
|
|
|
Mgr->getConstraintManager().print(this, Out, nl, sep);
|
2008-03-12 02:57:24 +08:00
|
|
|
|
2009-06-18 09:23:53 +08:00
|
|
|
// Print checker-specific data.
|
|
|
|
for (std::vector<Printer*>::iterator I = Mgr->Printers.begin(),
|
|
|
|
E = Mgr->Printers.end(); I != E; ++I) {
|
|
|
|
(*I)->Print(Out, this, nl, sep);
|
|
|
|
}
|
2008-02-12 03:21:59 +08:00
|
|
|
}
|
2008-07-18 07:15:45 +08:00
|
|
|
|
2009-06-25 07:06:47 +08:00
|
|
|
void GRState::printDOT(llvm::raw_ostream& Out) const {
|
2008-08-16 08:49:49 +08:00
|
|
|
print(Out, "\\l", "\\|");
|
|
|
|
}
|
|
|
|
|
2009-06-18 09:23:53 +08:00
|
|
|
void GRState::printStdErr() const {
|
2009-06-25 07:06:47 +08:00
|
|
|
print(llvm::errs());
|
2008-08-16 08:49:49 +08:00
|
|
|
}
|
|
|
|
|
2008-08-15 05:16:54 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// Generic Data Map.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
void* const* GRState::FindGDM(void* K) const {
|
|
|
|
return GDM.lookup(K);
|
|
|
|
}
|
|
|
|
|
2008-08-16 08:49:49 +08:00
|
|
|
void*
|
|
|
|
GRStateManager::FindGDMContext(void* K,
|
|
|
|
void* (*CreateContext)(llvm::BumpPtrAllocator&),
|
|
|
|
void (*DeleteContext)(void*)) {
|
|
|
|
|
|
|
|
std::pair<void*, void (*)(void*)>& p = GDMContexts[K];
|
|
|
|
if (!p.first) {
|
|
|
|
p.first = CreateContext(Alloc);
|
|
|
|
p.second = DeleteContext;
|
|
|
|
}
|
|
|
|
|
|
|
|
return p.first;
|
|
|
|
}
|
|
|
|
|
2008-11-03 13:18:34 +08:00
|
|
|
const GRState* GRStateManager::addGDM(const GRState* St, void* Key, void* Data){
|
2008-08-15 05:16:54 +08:00
|
|
|
GRState::GenericDataMap M1 = St->getGDM();
|
|
|
|
GRState::GenericDataMap M2 = GDMFactory.Add(M1, Key, Data);
|
|
|
|
|
|
|
|
if (M1 == M2)
|
|
|
|
return St;
|
|
|
|
|
|
|
|
GRState NewSt = *St;
|
|
|
|
NewSt.GDM = M2;
|
|
|
|
return getPersistentState(NewSt);
|
|
|
|
}
|
2008-07-22 08:46:16 +08:00
|
|
|
|
2009-02-14 11:16:10 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// Utility.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
2009-03-03 10:51:43 +08:00
|
|
|
namespace {
|
2009-03-04 14:33:38 +08:00
|
|
|
class VISIBILITY_HIDDEN ScanReachableSymbols : public SubRegionMap::Visitor {
|
2009-03-03 10:51:43 +08:00
|
|
|
typedef llvm::DenseSet<const MemRegion*> VisitedRegionsTy;
|
|
|
|
|
|
|
|
VisitedRegionsTy visited;
|
2009-06-18 09:33:24 +08:00
|
|
|
const GRState *state;
|
2009-03-03 10:51:43 +08:00
|
|
|
SymbolVisitor &visitor;
|
|
|
|
llvm::OwningPtr<SubRegionMap> SRM;
|
|
|
|
public:
|
|
|
|
|
2009-06-18 09:33:24 +08:00
|
|
|
ScanReachableSymbols(const GRState *st, SymbolVisitor& v)
|
|
|
|
: state(st), visitor(v) {}
|
2009-03-03 10:51:43 +08:00
|
|
|
|
|
|
|
bool scan(nonloc::CompoundVal val);
|
|
|
|
bool scan(SVal val);
|
|
|
|
bool scan(const MemRegion *R);
|
|
|
|
|
|
|
|
// From SubRegionMap::Visitor.
|
|
|
|
bool Visit(const MemRegion* Parent, const MemRegion* SubRegion) {
|
|
|
|
return scan(SubRegion);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
bool ScanReachableSymbols::scan(nonloc::CompoundVal val) {
|
2009-02-14 11:16:10 +08:00
|
|
|
for (nonloc::CompoundVal::iterator I=val.begin(), E=val.end(); I!=E; ++I)
|
2009-03-03 10:51:43 +08:00
|
|
|
if (!scan(*I))
|
|
|
|
return false;
|
2009-02-14 11:16:10 +08:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2009-03-03 10:51:43 +08:00
|
|
|
|
|
|
|
bool ScanReachableSymbols::scan(SVal val) {
|
|
|
|
if (loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(&val))
|
|
|
|
return scan(X->getRegion());
|
2009-03-31 02:45:36 +08:00
|
|
|
|
|
|
|
if (SymbolRef Sym = val.getAsSymbol())
|
|
|
|
return visitor.VisitSymbol(Sym);
|
2009-02-14 11:16:10 +08:00
|
|
|
|
|
|
|
if (nonloc::CompoundVal *X = dyn_cast<nonloc::CompoundVal>(&val))
|
2009-03-03 10:51:43 +08:00
|
|
|
return scan(*X);
|
2009-02-14 11:16:10 +08:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2009-03-03 10:51:43 +08:00
|
|
|
|
|
|
|
bool ScanReachableSymbols::scan(const MemRegion *R) {
|
2009-03-04 08:13:10 +08:00
|
|
|
if (isa<MemSpaceRegion>(R) || visited.count(R))
|
2009-03-03 10:51:43 +08:00
|
|
|
return true;
|
|
|
|
|
|
|
|
visited.insert(R);
|
|
|
|
|
|
|
|
// If this is a symbolic region, visit the symbol for the region.
|
|
|
|
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
|
|
|
|
if (!visitor.VisitSymbol(SR->getSymbol()))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
// If this is a subregion, also visit the parent regions.
|
|
|
|
if (const SubRegion *SR = dyn_cast<SubRegion>(R))
|
2009-03-04 02:15:30 +08:00
|
|
|
if (!scan(SR->getSuperRegion()))
|
2009-03-03 10:51:43 +08:00
|
|
|
return false;
|
|
|
|
|
|
|
|
// Now look at the binding to this region (if any).
|
2009-06-18 09:33:24 +08:00
|
|
|
if (!scan(state->getSValAsScalarOrLoc(R)))
|
2009-03-03 10:51:43 +08:00
|
|
|
return false;
|
|
|
|
|
|
|
|
// Now look at the subregions.
|
|
|
|
if (!SRM.get())
|
2009-06-18 09:33:24 +08:00
|
|
|
SRM.reset(state->getStateManager().getStoreManager().getSubRegionMap(state));
|
2009-03-03 10:51:43 +08:00
|
|
|
|
|
|
|
return SRM->iterSubRegions(R, *this);
|
|
|
|
}
|
|
|
|
|
2009-06-18 09:33:24 +08:00
|
|
|
bool GRState::scanReachableSymbols(SVal val, SymbolVisitor& visitor) const {
|
|
|
|
ScanReachableSymbols S(this, visitor);
|
2009-03-03 10:51:43 +08:00
|
|
|
return S.scan(val);
|
|
|
|
}
|
2009-02-14 11:16:10 +08:00
|
|
|
|
2008-07-22 08:46:16 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// Queries.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
2008-08-13 12:27:00 +08:00
|
|
|
bool GRStateManager::isEqual(const GRState* state, Expr* Ex,
|
2008-08-16 08:49:49 +08:00
|
|
|
const llvm::APSInt& Y) {
|
|
|
|
|
2009-06-24 01:55:07 +08:00
|
|
|
SVal V = state->getSVal(Ex);
|
2008-07-22 08:46:16 +08:00
|
|
|
|
2008-10-17 13:57:07 +08:00
|
|
|
if (loc::ConcreteInt* X = dyn_cast<loc::ConcreteInt>(&V))
|
2008-07-22 08:46:16 +08:00
|
|
|
return X->getValue() == Y;
|
|
|
|
|
2008-10-17 13:57:07 +08:00
|
|
|
if (nonloc::ConcreteInt* X = dyn_cast<nonloc::ConcreteInt>(&V))
|
2008-07-22 08:46:16 +08:00
|
|
|
return X->getValue() == Y;
|
|
|
|
|
2009-03-31 02:45:36 +08:00
|
|
|
if (SymbolRef Sym = V.getAsSymbol())
|
|
|
|
return ConstraintMgr->isEqual(state, Sym, Y);
|
|
|
|
|
2008-07-22 08:46:16 +08:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2008-08-16 08:49:49 +08:00
|
|
|
bool GRStateManager::isEqual(const GRState* state, Expr* Ex, uint64_t x) {
|
2009-04-10 00:13:17 +08:00
|
|
|
return isEqual(state, Ex, getBasicVals().getValue(x, Ex->getType()));
|
2008-07-22 08:46:16 +08:00
|
|
|
}
|
2008-09-19 07:09:54 +08:00
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// Persistent values for indexing into the Generic Data Map.
|
|
|
|
|
|
|
|
int GRState::NullDerefTag::TagInt = 0;
|
|
|
|
|