Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / b309525445c8ec3d36e49568382029efc2740554 / . / lib / Analysis / CFRefCount.cpp
blob: 25d1ed0299f5b9e0cd7e3f9baeba6cec54b6a2d9 [file] [log] [blame]
Chris Lattnerbda0b622008-03-15 23:59:48 +0000[diff] [blame]1// CFRefCount.cpp - Transfer functions for tracking simple values -*- C++ -*--//
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
Gabor Greif843e9342008-03-06 10:40:09 +0000[diff] [blame]10// This file defines the methods for CFRefCount, which implements
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]11// a reference count checker for Core Foundation (Mac OS X).
12//
13//===----------------------------------------------------------------------===//
14
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]15#include "GRSimpleVals.h"
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]16#include "clang/Basic/LangOptions.h"
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]17#include "clang/Basic/SourceManager.h"
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]18#include "clang/Analysis/PathSensitive/ValueState.h"
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]19#include "clang/Analysis/PathDiagnostic.h"
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]20#include "clang/Analysis/LocalCheckers.h"
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]21#include "clang/Analysis/PathDiagnostic.h"
22#include "clang/Analysis/PathSensitive/BugReporter.h"
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]23#include "llvm/ADT/DenseMap.h"
24#include "llvm/ADT/FoldingSet.h"
25#include "llvm/ADT/ImmutableMap.h"
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]26#include "llvm/Support/Compiler.h"
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]27#include <ostream>
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]28#include <sstream>
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]29
30using namespace clang;
31
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]32//===----------------------------------------------------------------------===//
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]33// Utility functions.
34//===----------------------------------------------------------------------===//
35
Ted Kremenekb83e02e2008-05-01 18:31:44 +0000[diff] [blame]36static inline Selector GetNullarySelector(const char* name, ASTContext& Ctx) {
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]37 IdentifierInfo* II = &Ctx.Idents.get(name);
38 return Ctx.Selectors.getSelector(0, &II);
39}
40
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]41static inline Selector GetUnarySelector(const char* name, ASTContext& Ctx) {
42 IdentifierInfo* II = &Ctx.Idents.get(name);
43 return Ctx.Selectors.getSelector(1, &II);
44}
45
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]46//===----------------------------------------------------------------------===//
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]47// Symbolic Evaluation of Reference Counting Logic
48//===----------------------------------------------------------------------===//
49
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]50namespace {
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]51 enum ArgEffect { IncRef, DecRef, DoNothing, StopTracking };
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]52 typedef std::vector<std::pair<unsigned,ArgEffect> > ArgEffects;
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]53}
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]54
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]55namespace llvm {
56 template <> struct FoldingSetTrait<ArgEffects> {
Ted Kremenek3ea0b6a2008-04-10 22:58:08 +0000[diff] [blame]57 static void Profile(const ArgEffects& X, FoldingSetNodeID& ID) {
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]58 for (ArgEffects::const_iterator I = X.begin(), E = X.end(); I!= E; ++I) {
59 ID.AddInteger(I->first);
60 ID.AddInteger((unsigned) I->second);
61 }
Ted Kremenek3ea0b6a2008-04-10 22:58:08 +0000[diff] [blame]62 }
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]63 };
64} // end llvm namespace
65
66namespace {
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]67
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]68class RetEffect {
69public:
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]70 enum Kind { NoRet = 0x0, Alias = 0x1, OwnedSymbol = 0x2,
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]71 NotOwnedSymbol = 0x3, ReceiverAlias=0x4 };
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]72
73private:
74 unsigned Data;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]75 RetEffect(Kind k, unsigned D) { Data = (D << 3) | (unsigned) k; }
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]76
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]77public:
78
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]79 Kind getKind() const { return (Kind) (Data & 0x7); }
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]80
81 unsigned getValue() const {
82 assert(getKind() == Alias);
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]83 return Data >> 3;
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]84 }
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]85
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]86 static RetEffect MakeAlias(unsigned Idx) { return RetEffect(Alias, Idx); }
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]87
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]88 static RetEffect MakeReceiverAlias() { return RetEffect(ReceiverAlias, 0); }
89
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]90 static RetEffect MakeOwned() { return RetEffect(OwnedSymbol, 0); }
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]91
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]92 static RetEffect MakeNotOwned() { return RetEffect(NotOwnedSymbol, 0); }
93
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]94 static RetEffect MakeNoRet() { return RetEffect(NoRet, 0); }
95
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]96 operator Kind() const { return getKind(); }
97
98 void Profile(llvm::FoldingSetNodeID& ID) const { ID.AddInteger(Data); }
99};
100
101
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]102class RetainSummary : public llvm::FoldingSetNode {
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]103 ArgEffects* Args;
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]104 ArgEffect Receiver;
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]105 RetEffect Ret;
106public:
107
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]108 RetainSummary(ArgEffects* A, RetEffect R, ArgEffect ReceiverEff = DoNothing)
109 : Args(A), Receiver(ReceiverEff), Ret(R) {}
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]110
111 unsigned getNumArgs() const { return Args->size(); }
112
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]113 ArgEffect getArg(unsigned idx) const {
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]114 if (!Args)
115 return DoNothing;
116
117 // If Args is present, it is likely to contain only 1 element.
118 // Just do a linear search. Do it from the back because functions with
119 // large numbers of arguments will be tail heavy with respect to which
120 // argument they actually modify with respect to the reference count.
121
122 for (ArgEffects::reverse_iterator I=Args->rbegin(), E=Args->rend();
123 I!=E; ++I) {
124
125 if (idx > I->first)
126 return DoNothing;
127
128 if (idx == I->first)
129 return I->second;
130 }
131
132 return DoNothing;
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]133 }
134
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]135 RetEffect getRetEffect() const {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]136 return Ret;
137 }
138
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]139 ArgEffect getReceiverEffect() const {
140 return Receiver;
141 }
142
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]143 typedef ArgEffects::const_iterator arg_iterator;
144
145 arg_iterator begin_args() const { return Args->begin(); }
146 arg_iterator end_args() const { return Args->end(); }
147
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]148 static void Profile(llvm::FoldingSetNodeID& ID, ArgEffects* A,
149 RetEffect RetEff, ArgEffect ReceiverEff) {
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]150 ID.AddPointer(A);
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]151 ID.Add(RetEff);
152 ID.AddInteger((unsigned) ReceiverEff);
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]153 }
154
155 void Profile(llvm::FoldingSetNodeID& ID) const {
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]156 Profile(ID, Args, Ret, Receiver);
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]157 }
158};
159
160
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]161class RetainSummaryManager {
162
163 //==-----------------------------------------------------------------==//
164 // Typedefs.
165 //==-----------------------------------------------------------------==//
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]166
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]167 typedef llvm::FoldingSet<llvm::FoldingSetNodeWrapper<ArgEffects> >
168 ArgEffectsSetTy;
169
170 typedef llvm::FoldingSet<RetainSummary>
171 SummarySetTy;
172
173 typedef llvm::DenseMap<FunctionDecl*, RetainSummary*>
174 FuncSummariesTy;
175
176 typedef llvm::DenseMap<Selector, RetainSummary*>
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]177 ObjCMethSummariesTy;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]178
179 //==-----------------------------------------------------------------==//
180 // Data.
181 //==-----------------------------------------------------------------==//
182
183 // Ctx - The ASTContext object for the analyzed ASTs.
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]184 ASTContext& Ctx;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]185
186 // GCEnabled - Records whether or not the analyzed code runs in GC mode.
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]187 const bool GCEnabled;
188
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]189 // SummarySet - A FoldingSet of uniqued summaries.
Ted Kremenek3ea0b6a2008-04-10 22:58:08 +0000[diff] [blame]190 SummarySetTy SummarySet;
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]191
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]192 // FuncSummaries - A map from FunctionDecls to summaries.
193 FuncSummariesTy FuncSummaries;
194
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]195 // ObjCInstMethSummaries - A map from selectors (for instance methods)
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]196 // to summaries.
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]197 ObjCMethSummariesTy ObjCInstMethSummaries;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]198
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]199 // ObjCMethSummaries - A map from selectors to summaries.
200 ObjCMethSummariesTy ObjCMethSummaries;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]201
202 // ArgEffectsSet - A FoldingSet of uniqued ArgEffects.
203 ArgEffectsSetTy ArgEffectsSet;
204
205 // BPAlloc - A BumpPtrAllocator used for allocating summaries, ArgEffects,
206 // and all other data used by the checker.
207 llvm::BumpPtrAllocator BPAlloc;
208
209 // ScratchArgs - A holding buffer for construct ArgEffects.
210 ArgEffects ScratchArgs;
211
212 //==-----------------------------------------------------------------==//
213 // Methods.
214 //==-----------------------------------------------------------------==//
215
216 // getArgEffects - Returns a persistent ArgEffects object based on the
217 // data in ScratchArgs.
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]218 ArgEffects* getArgEffects();
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]219
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]220 enum UnaryFuncKind { cfretain, cfrelease, cfmakecollectable };
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]221 RetainSummary* getUnarySummary(FunctionDecl* FD, UnaryFuncKind func);
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]222
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]223 RetainSummary* getNSSummary(FunctionDecl* FD, const char* FName);
224 RetainSummary* getCFSummary(FunctionDecl* FD, const char* FName);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]225
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]226 RetainSummary* getCFSummaryCreateRule(FunctionDecl* FD);
227 RetainSummary* getCFSummaryGetRule(FunctionDecl* FD);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]228
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]229 RetainSummary* getPersistentSummary(ArgEffects* AE, RetEffect RetEff,
230 ArgEffect ReceiverEff = DoNothing);
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]231
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]232 RetainSummary* getPersistentSummary(RetEffect RE,
233 ArgEffect ReceiverEff = DoNothing) {
234 return getPersistentSummary(getArgEffects(), RE, ReceiverEff);
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]235 }
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]236
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]237
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]238 RetainSummary* getInitMethodSummary(Selector S);
239
Ted Kremenekb3c3c282008-05-06 00:38:54 +0000[diff] [blame]240 void InitializeInstMethSummaries();
241 void InitializeMethSummaries();
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]242
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]243public:
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]244
245 RetainSummaryManager(ASTContext& ctx, bool gcenabled)
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]246 : Ctx(ctx), GCEnabled(gcenabled) {
247
Ted Kremenekb3c3c282008-05-06 00:38:54 +0000[diff] [blame]248 InitializeInstMethSummaries();
249 InitializeMethSummaries();
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]250 }
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]251
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]252 ~RetainSummaryManager();
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]253
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]254 RetainSummary* getSummary(FunctionDecl* FD, ASTContext& Ctx);
255
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]256 RetainSummary* getMethodSummary(Selector S);
257 RetainSummary* getInstanceMethodSummary(IdentifierInfo* ClsName, Selector S);
258
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]259 bool isGCEnabled() const { return GCEnabled; }
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]260};
261
262} // end anonymous namespace
263
264//===----------------------------------------------------------------------===//
265// Implementation of checker data structures.
266//===----------------------------------------------------------------------===//
267
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]268RetainSummaryManager::~RetainSummaryManager() {
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]269
270 // FIXME: The ArgEffects could eventually be allocated from BPAlloc,
271 // mitigating the need to do explicit cleanup of the
272 // Argument-Effect summaries.
273
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]274 for (ArgEffectsSetTy::iterator I = ArgEffectsSet.begin(),
275 E = ArgEffectsSet.end(); I!=E; ++I)
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]276 I->getValue().~ArgEffects();
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]277}
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]278
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]279ArgEffects* RetainSummaryManager::getArgEffects() {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]280
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]281 if (ScratchArgs.empty())
282 return NULL;
283
284 // Compute a profile for a non-empty ScratchArgs.
285
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]286 llvm::FoldingSetNodeID profile;
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]287
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]288 profile.Add(ScratchArgs);
289 void* InsertPos;
290
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]291 // Look up the uniqued copy, or create a new one.
292
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]293 llvm::FoldingSetNodeWrapper<ArgEffects>* E =
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]294 ArgEffectsSet.FindNodeOrInsertPos(profile, InsertPos);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]295
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]296 if (E) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]297 ScratchArgs.clear();
298 return &E->getValue();
299 }
300
301 E = (llvm::FoldingSetNodeWrapper<ArgEffects>*)
302 BPAlloc.Allocate<llvm::FoldingSetNodeWrapper<ArgEffects> >();
303
304 new (E) llvm::FoldingSetNodeWrapper<ArgEffects>(ScratchArgs);
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]305 ArgEffectsSet.InsertNode(E, InsertPos);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]306
307 ScratchArgs.clear();
308 return &E->getValue();
309}
310
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]311RetainSummary*
312RetainSummaryManager::getPersistentSummary(ArgEffects* AE, RetEffect RetEff,
313 ArgEffect ReceiverEff) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]314
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]315 // Generate a profile for the summary.
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]316 llvm::FoldingSetNodeID profile;
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]317 RetainSummary::Profile(profile, AE, RetEff, ReceiverEff);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]318
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]319 // Look up the uniqued summary, or create one if it doesn't exist.
320 void* InsertPos;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]321 RetainSummary* Summ = SummarySet.FindNodeOrInsertPos(profile, InsertPos);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]322
323 if (Summ)
324 return Summ;
325
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]326 // Create the summary and return it.
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]327 Summ = (RetainSummary*) BPAlloc.Allocate<RetainSummary>();
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]328 new (Summ) RetainSummary(AE, RetEff, ReceiverEff);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]329 SummarySet.InsertNode(Summ, InsertPos);
330
331 return Summ;
332}
333
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]334//===----------------------------------------------------------------------===//
335// Summary creation for functions (largely uses of Core Foundation).
336//===----------------------------------------------------------------------===//
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]337
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]338RetainSummary* RetainSummaryManager::getSummary(FunctionDecl* FD,
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]339 ASTContext& Ctx) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]340
341 SourceLocation Loc = FD->getLocation();
342
343 if (!Loc.isFileID())
344 return NULL;
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]345
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]346 // Look up a summary in our cache of FunctionDecls -> Summaries.
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]347 FuncSummariesTy::iterator I = FuncSummaries.find(FD);
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]348
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]349 if (I != FuncSummaries.end())
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]350 return I->second;
351
352 // No summary. Generate one.
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]353 const char* FName = FD->getIdentifier()->getName();
354
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]355 RetainSummary *S = 0;
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]356
357 if (FName[0] == 'C' && FName[1] == 'F')
358 S = getCFSummary(FD, FName);
359 else if (FName[0] == 'N' && FName[1] == 'S')
360 S = getNSSummary(FD, FName);
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]361
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]362 FuncSummaries[FD] = S;
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]363 return S;
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]364}
365
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]366RetainSummary* RetainSummaryManager::getNSSummary(FunctionDecl* FD,
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]367 const char* FName) {
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]368 FName += 2;
369
370 if (strcmp(FName, "MakeCollectable") == 0)
371 return getUnarySummary(FD, cfmakecollectable);
372
373 return 0;
374}
375
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]376RetainSummary* RetainSummaryManager::getCFSummary(FunctionDecl* FD,
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]377 const char* FName) {
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]378
379 FName += 2;
380
381 if (strcmp(FName, "Retain") == 0)
382 return getUnarySummary(FD, cfretain);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]383
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]384 if (strcmp(FName, "Release") == 0)
385 return getUnarySummary(FD, cfrelease);
386
387 if (strcmp(FName, "MakeCollectable") == 0)
388 return getUnarySummary(FD, cfmakecollectable);
389
390 if (strstr(FName, "Create") || strstr(FName, "Copy"))
391 return getCFSummaryCreateRule(FD);
392
393 if (strstr(FName, "Get"))
394 return getCFSummaryGetRule(FD);
395
396 return 0;
397}
398
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]399RetainSummary*
400RetainSummaryManager::getUnarySummary(FunctionDecl* FD, UnaryFuncKind func) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]401
402 FunctionTypeProto* FT =
403 dyn_cast<FunctionTypeProto>(FD->getType().getTypePtr());
404
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]405 if (FT) {
406
407 if (FT->getNumArgs() != 1)
408 return 0;
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]409
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]410 TypedefType* ArgT = dyn_cast<TypedefType>(FT->getArgType(0).getTypePtr());
411
412 if (!ArgT)
413 return 0;
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]414
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]415 if (!ArgT->isPointerType())
416 return NULL;
417 }
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]418
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]419 assert (ScratchArgs.empty());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]420
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]421 switch (func) {
422 case cfretain: {
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]423 ScratchArgs.push_back(std::make_pair(0, IncRef));
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]424 return getPersistentSummary(RetEffect::MakeAlias(0));
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]425 }
426
427 case cfrelease: {
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]428 ScratchArgs.push_back(std::make_pair(0, DecRef));
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]429 return getPersistentSummary(RetEffect::MakeNoRet());
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]430 }
431
432 case cfmakecollectable: {
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]433 if (GCEnabled)
434 ScratchArgs.push_back(std::make_pair(0, DecRef));
435
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]436 return getPersistentSummary(RetEffect::MakeAlias(0));
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]437 }
438
439 default:
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]440 assert (false && "Not a supported unary function.");
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]441 }
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]442}
443
444static bool isCFRefType(QualType T) {
445
446 if (!T->isPointerType())
447 return false;
448
449 // Check the typedef for the name "CF" and the substring "Ref".
450
451 TypedefType* TD = dyn_cast<TypedefType>(T.getTypePtr());
452
453 if (!TD)
454 return false;
455
456 const char* TDName = TD->getDecl()->getIdentifier()->getName();
457 assert (TDName);
458
459 if (TDName[0] != 'C' || TDName[1] != 'F')
460 return false;
461
462 if (strstr(TDName, "Ref") == 0)
463 return false;
464
465 return true;
466}
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]467
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]468RetainSummary* RetainSummaryManager::getCFSummaryCreateRule(FunctionDecl* FD) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]469
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]470 FunctionTypeProto* FT =
471 dyn_cast<FunctionTypeProto>(FD->getType().getTypePtr());
472
473 if (FT && !isCFRefType(FT->getResultType()))
474 return 0;
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]475
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]476 // FIXME: Add special-cases for functions that retain/release. For now
477 // just handle the default case.
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]478
479 assert (ScratchArgs.empty());
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]480 return getPersistentSummary(RetEffect::MakeOwned());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]481}
482
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]483RetainSummary* RetainSummaryManager::getCFSummaryGetRule(FunctionDecl* FD) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]484
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]485 FunctionTypeProto* FT =
486 dyn_cast<FunctionTypeProto>(FD->getType().getTypePtr());
Ted Kremeneka0df99f2008-04-11 20:11:19 +0000[diff] [blame]487
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]488 if (FT) {
489 QualType RetTy = FT->getResultType();
Ted Kremeneka0df99f2008-04-11 20:11:19 +0000[diff] [blame]490
Ted Kremenek86ad3bc2008-05-05 16:51:50 +0000[diff] [blame]491 // FIXME: For now we assume that all pointer types returned are referenced
492 // counted. Since this is the "Get" rule, we assume non-ownership, which
493 // works fine for things that are not reference counted. We do this because
494 // some generic data structures return "void*". We need something better
495 // in the future.
496
497 if (!isCFRefType(RetTy) && !RetTy->isPointerType())
498 return 0;
499 }
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]500
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]501 // FIXME: Add special-cases for functions that retain/release. For now
502 // just handle the default case.
503
Ted Kremenek891d5cc2008-04-24 17:22:33 +0000[diff] [blame]504 assert (ScratchArgs.empty());
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]505 return getPersistentSummary(RetEffect::MakeNotOwned());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]506}
507
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]508//===----------------------------------------------------------------------===//
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]509// Summary creation for Selectors.
510//===----------------------------------------------------------------------===//
511
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]512RetainSummary* RetainSummaryManager::getInitMethodSummary(Selector S) {
513 assert(ScratchArgs.empty());
514
515 RetainSummary* Summ =
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]516 getPersistentSummary(RetEffect::MakeReceiverAlias());
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]517
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]518 ObjCMethSummaries[S] = Summ;
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]519 return Summ;
520}
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]521
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]522RetainSummary* RetainSummaryManager::getMethodSummary(Selector S) {
523
524 // Look up a summary in our cache of Selectors -> Summaries.
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]525 ObjCMethSummariesTy::iterator I = ObjCMethSummaries.find(S);
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]526
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]527 if (I != ObjCMethSummaries.end())
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]528 return I->second;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]529
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]530 // "initXXX": pass-through for receiver.
531
532 const char* s = S.getIdentifierInfoForSlot(0)->getName();
533
534 if (s[0] == 'i' && s[10] == 'n' && s[2] == 'i' && s[3] == 't')
535 return getInitMethodSummary(S);
536
537 return 0;
538}
539
Ted Kremenekb3c3c282008-05-06 00:38:54 +0000[diff] [blame]540void RetainSummaryManager::InitializeInstMethSummaries() {
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]541
542 assert (ScratchArgs.empty());
543
544 RetEffect E = isGCEnabled() ? RetEffect::MakeNoRet() : RetEffect::MakeOwned();
545 RetainSummary* Summ = getPersistentSummary(E);
546
547 // Create the "alloc" selector.
548 ObjCInstMethSummaries[ GetNullarySelector("alloc", Ctx) ] = Summ;
549
550 // Create the "new" selector.
551 ObjCInstMethSummaries[ GetNullarySelector("new", Ctx) ] = Summ;
552
553 // Create the "allocWithZone:" selector.
554 ObjCInstMethSummaries[ GetUnarySelector("allocWithZone", Ctx) ] = Summ;
555
556 // Create the "copyWithZone:" selector.
557 ObjCInstMethSummaries[ GetUnarySelector("copyWithZone", Ctx) ] = Summ;
558
559 // Create the "mutableCopyWithZone:" selector.
560 ObjCInstMethSummaries[ GetUnarySelector("mutableCopyWithZone", Ctx) ] = Summ;
561}
562
Ted Kremenekb3c3c282008-05-06 00:38:54 +0000[diff] [blame]563void RetainSummaryManager::InitializeMethSummaries() {
564
565 assert (ScratchArgs.empty());
566
567 // Create the "init" selector.
568 RetainSummary* Summ = getPersistentSummary(RetEffect::MakeReceiverAlias());
569 ObjCMethSummaries[ GetNullarySelector("init", Ctx) ] = Summ;
570
571 // Create the "copy" selector.
572 RetEffect E = isGCEnabled() ? RetEffect::MakeNoRet() : RetEffect::MakeOwned();
573 Summ = getPersistentSummary(E);
574 ObjCMethSummaries[ GetNullarySelector("copy", Ctx) ] = Summ;
575
576 // Create the "mutableCopy" selector.
577 ObjCMethSummaries[ GetNullarySelector("mutableCopy", Ctx) ] = Summ;
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]578
579 // Create the "retain" selector.
580 E = RetEffect::MakeReceiverAlias();
581 Summ = getPersistentSummary(E, isGCEnabled() ? DoNothing : IncRef);
582 ObjCMethSummaries[ GetNullarySelector("retain", Ctx) ] = Summ;
583
584 // Create the "release" selector.
585 Summ = getPersistentSummary(E, isGCEnabled() ? DoNothing : DecRef);
586 ObjCMethSummaries[ GetNullarySelector("release", Ctx) ] = Summ;
587
588 // Create the "autorelease" selector.
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]589 Summ = getPersistentSummary(E, isGCEnabled() ? DoNothing : StopTracking);
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]590 ObjCMethSummaries[ GetNullarySelector("autorelease", Ctx) ] = Summ;
Ted Kremenekb3c3c282008-05-06 00:38:54 +0000[diff] [blame]591}
592
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]593
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]594RetainSummary*
595RetainSummaryManager::getInstanceMethodSummary(IdentifierInfo* ClsName,
596 Selector S) {
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]597
598 // Look up a summary in our cache of Selectors -> Summaries.
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]599 ObjCMethSummariesTy::iterator I = ObjCInstMethSummaries.find(S);
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]600
Ted Kremenek9c32d082008-05-06 00:30:21 +0000[diff] [blame]601 if (I != ObjCInstMethSummaries.end())
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]602 return I->second;
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]603
604 // Don't track anything if using GC.
605 if (isGCEnabled())
606 return 0;
607
608 // Heuristic: XXXXwithYYYY, where XXX is the class name with the "NS"
609 // stripped off is usually an allocation.
610
611 const char* cls = ClsName->getName();
612 const char* s = S.getIdentifierInfoForSlot(0)->getName();
613
614 if (cls[0] == 'N' && cls[1] == 'S')
615 cls += 2;
616
617 if (cls[0] == '\0' || s[0] == '\0' || tolower(cls[0]) != s[0])
618 return 0;
619
620 ++cls;
621 ++s;
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]622
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]623 // Now look at the rest of the characters.
624 unsigned len = strlen(cls);
625 assert (len);
626
627 // Prefix matches?
628 if (strncmp(cls, s, len))
629 return 0;
630
631 s += len;
632
633 // If 's' is the same as clsName, or 's' has "With" after the class name,
634 // treat it as an allocator.
635 do {
636
637 if (s[0] == '\0')
638 break;
639
640 if (s[0]=='\0' || s[0]!='W' || s[1]!='i' || s[2]!='t' || s[3]!='h')
641 break;
642
643 return 0;
644
645 } while(0);
646
647 // Generate the summary.
648
649 assert (ScratchArgs.empty());
650 RetainSummary* Summ = getPersistentSummary(RetEffect::MakeOwned());
651 ObjCInstMethSummaries[S] = Summ;
652 return Summ;
Ted Kremenek46e49ee2008-05-05 23:55:01 +0000[diff] [blame]653}
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]654
655//===----------------------------------------------------------------------===//
Ted Kremenek13922612008-04-16 20:40:59 +0000[diff] [blame]656// Reference-counting logic (typestate + counts).
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]657//===----------------------------------------------------------------------===//
658
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]659namespace {
660
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]661class VISIBILITY_HIDDEN RefVal {
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]662public:
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]663
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]664 enum Kind {
665 Owned = 0, // Owning reference.
666 NotOwned, // Reference is not owned by still valid (not freed).
667 Released, // Object has been released.
668 ReturnedOwned, // Returned object passes ownership to caller.
669 ReturnedNotOwned, // Return object does not pass ownership to caller.
670 ErrorUseAfterRelease, // Object used after released.
671 ErrorReleaseNotOwned, // Release of an object that was not owned.
672 ErrorLeak // A memory leak due to excessive reference counts.
673 };
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]674
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]675private:
676
677 Kind kind;
678 unsigned Cnt;
679
680 RefVal(Kind k, unsigned cnt) : kind(k), Cnt(cnt) {}
681
682 RefVal(Kind k) : kind(k), Cnt(0) {}
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]683
684public:
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]685
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]686 Kind getKind() const { return kind; }
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]687
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]688 unsigned getCount() const { return Cnt; }
689
690 // Useful predicates.
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]691
Ted Kremenek73c750b2008-03-11 18:14:09 +0000[diff] [blame]692 static bool isError(Kind k) { return k >= ErrorUseAfterRelease; }
693
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]694 static bool isLeak(Kind k) { return k == ErrorLeak; }
695
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]696 bool isOwned() const {
697 return getKind() == Owned;
698 }
699
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]700 bool isNotOwned() const {
701 return getKind() == NotOwned;
702 }
703
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]704 bool isReturnedOwned() const {
705 return getKind() == ReturnedOwned;
706 }
707
708 bool isReturnedNotOwned() const {
709 return getKind() == ReturnedNotOwned;
710 }
711
712 bool isNonLeakError() const {
713 Kind k = getKind();
714 return isError(k) && !isLeak(k);
715 }
716
717 // State creation: normal state.
718
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]719 static RefVal makeOwned(unsigned Count = 0) {
720 return RefVal(Owned, Count);
721 }
722
723 static RefVal makeNotOwned(unsigned Count = 0) {
724 return RefVal(NotOwned, Count);
725 }
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]726
727 static RefVal makeReturnedOwned(unsigned Count) {
728 return RefVal(ReturnedOwned, Count);
729 }
730
731 static RefVal makeReturnedNotOwned() {
732 return RefVal(ReturnedNotOwned);
733 }
734
735 // State creation: errors.
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]736
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]737 static RefVal makeLeak(unsigned Count) { return RefVal(ErrorLeak, Count); }
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]738 static RefVal makeReleased() { return RefVal(Released); }
739 static RefVal makeUseAfterRelease() { return RefVal(ErrorUseAfterRelease); }
740 static RefVal makeReleaseNotOwned() { return RefVal(ErrorReleaseNotOwned); }
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]741
742 // Comparison, profiling, and pretty-printing.
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]743
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]744 bool operator==(const RefVal& X) const {
745 return kind == X.kind && Cnt == X.Cnt;
746 }
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]747
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]748 void Profile(llvm::FoldingSetNodeID& ID) const {
749 ID.AddInteger((unsigned) kind);
750 ID.AddInteger(Cnt);
751 }
752
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]753 void print(std::ostream& Out) const;
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]754};
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]755
756void RefVal::print(std::ostream& Out) const {
757 switch (getKind()) {
758 default: assert(false);
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]759 case Owned: {
760 Out << "Owned";
761 unsigned cnt = getCount();
762 if (cnt) Out << " (+ " << cnt << ")";
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]763 break;
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]764 }
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]765
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]766 case NotOwned: {
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]767 Out << "NotOwned";
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]768 unsigned cnt = getCount();
769 if (cnt) Out << " (+ " << cnt << ")";
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]770 break;
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]771 }
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]772
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]773 case ReturnedOwned: {
774 Out << "ReturnedOwned";
775 unsigned cnt = getCount();
776 if (cnt) Out << " (+ " << cnt << ")";
777 break;
778 }
779
780 case ReturnedNotOwned: {
781 Out << "ReturnedNotOwned";
782 unsigned cnt = getCount();
783 if (cnt) Out << " (+ " << cnt << ")";
784 break;
785 }
786
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]787 case Released:
788 Out << "Released";
789 break;
790
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]791 case ErrorLeak:
792 Out << "Leaked";
793 break;
794
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]795 case ErrorUseAfterRelease:
796 Out << "Use-After-Release [ERROR]";
797 break;
798
799 case ErrorReleaseNotOwned:
800 Out << "Release of Not-Owned [ERROR]";
801 break;
802 }
803}
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]804
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]805static inline unsigned GetCount(RefVal V) {
806 switch (V.getKind()) {
807 default:
808 return V.getCount();
809
810 case RefVal::Owned:
811 return V.getCount()+1;
812 }
813}
814
Ted Kremenek13922612008-04-16 20:40:59 +0000[diff] [blame]815//===----------------------------------------------------------------------===//
816// Transfer functions.
817//===----------------------------------------------------------------------===//
818
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]819class VISIBILITY_HIDDEN CFRefCount : public GRSimpleVals {
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]820public:
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]821 // Type definitions.
822
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]823 typedef llvm::ImmutableMap<SymbolID, RefVal> RefBindings;
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]824 typedef RefBindings::Factory RefBFactoryTy;
Ted Kremenek73c750b2008-03-11 18:14:09 +0000[diff] [blame]825
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]826 typedef llvm::DenseMap<GRExprEngine::NodeTy*,std::pair<Expr*, SymbolID> >
827 ReleasesNotOwnedTy;
828
829 typedef ReleasesNotOwnedTy UseAfterReleasesTy;
830
831 typedef llvm::DenseMap<GRExprEngine::NodeTy*, std::vector<SymbolID>*>
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]832 LeaksTy;
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]833
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]834 class BindingsPrinter : public ValueState::CheckerStatePrinter {
835 public:
836 virtual void PrintCheckerState(std::ostream& Out, void* State,
837 const char* nl, const char* sep);
838 };
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]839
840private:
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]841 // Instance variables.
842
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]843 RetainSummaryManager Summaries;
844 const bool EmitStandardWarnings;
845 const LangOptions& LOpts;
846 RefBFactoryTy RefBFactory;
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]847
Ted Kremenek73c750b2008-03-11 18:14:09 +0000[diff] [blame]848 UseAfterReleasesTy UseAfterReleases;
849 ReleasesNotOwnedTy ReleasesNotOwned;
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]850 LeaksTy Leaks;
Ted Kremenek73c750b2008-03-11 18:14:09 +0000[diff] [blame]851
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]852 BindingsPrinter Printer;
853
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]854 Selector RetainSelector;
855 Selector ReleaseSelector;
Ted Kremenek5934cee2008-05-01 02:18:37 +0000[diff] [blame]856 Selector AutoreleaseSelector;
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]857
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]858public:
859
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]860 static RefBindings GetRefBindings(ValueState& StImpl) {
861 return RefBindings((RefBindings::TreeTy*) StImpl.CheckerState);
862 }
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]863
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]864private:
865
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]866 static void SetRefBindings(ValueState& StImpl, RefBindings B) {
867 StImpl.CheckerState = B.getRoot();
868 }
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]869
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]870 RefBindings Remove(RefBindings B, SymbolID sym) {
871 return RefBFactory.Remove(B, sym);
872 }
873
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]874 RefBindings Update(RefBindings B, SymbolID sym, RefVal V, ArgEffect E,
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]875 RefVal::Kind& hasErr);
876
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]877 void ProcessNonLeakError(ExplodedNodeSet<ValueState>& Dst,
878 GRStmtNodeBuilder<ValueState>& Builder,
879 Expr* NodeExpr, Expr* ErrorExpr,
880 ExplodedNode<ValueState>* Pred,
881 ValueState* St,
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]882 RefVal::Kind hasErr, SymbolID Sym);
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]883
884 ValueState* HandleSymbolDeath(ValueStateManager& VMgr, ValueState* St,
885 SymbolID sid, RefVal V, bool& hasLeak);
886
887 ValueState* NukeBinding(ValueStateManager& VMgr, ValueState* St,
888 SymbolID sid);
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]889
890public:
Ted Kremenek13922612008-04-16 20:40:59 +0000[diff] [blame]891
Ted Kremenek9f741612008-05-02 18:01:49 +0000[diff] [blame]892 CFRefCount(ASTContext& Ctx, bool gcenabled, bool StandardWarnings,
893 const LangOptions& lopts)
Ted Kremenek377e2302008-04-29 05:33:51 +0000[diff] [blame]894 : Summaries(Ctx, gcenabled),
Ted Kremenek9f741612008-05-02 18:01:49 +0000[diff] [blame]895 EmitStandardWarnings(StandardWarnings),
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]896 LOpts(lopts),
Ted Kremenekb83e02e2008-05-01 18:31:44 +0000[diff] [blame]897 RetainSelector(GetNullarySelector("retain", Ctx)),
898 ReleaseSelector(GetNullarySelector("release", Ctx)),
899 AutoreleaseSelector(GetNullarySelector("autorelease", Ctx)) {}
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]900
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]901 virtual ~CFRefCount() {
902 for (LeaksTy::iterator I = Leaks.begin(), E = Leaks.end(); I!=E; ++I)
903 delete I->second;
904 }
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]905
906 virtual void RegisterChecks(GRExprEngine& Eng);
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]907
908 virtual ValueState::CheckerStatePrinter* getCheckerStatePrinter() {
909 return &Printer;
910 }
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]911
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]912 bool isGCEnabled() const { return Summaries.isGCEnabled(); }
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]913 const LangOptions& getLangOptions() const { return LOpts; }
914
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]915 // Calls.
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]916
917 void EvalSummary(ExplodedNodeSet<ValueState>& Dst,
918 GRExprEngine& Eng,
919 GRStmtNodeBuilder<ValueState>& Builder,
920 Expr* Ex,
921 Expr* Receiver,
922 RetainSummary* Summ,
923 Expr** arg_beg, Expr** arg_end,
924 ExplodedNode<ValueState>* Pred);
925
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]926 virtual void EvalCall(ExplodedNodeSet<ValueState>& Dst,
Ted Kremenek199e1a02008-03-12 21:06:49 +0000[diff] [blame]927 GRExprEngine& Eng,
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]928 GRStmtNodeBuilder<ValueState>& Builder,
Ted Kremenek186350f2008-04-23 20:12:28 +0000[diff] [blame]929 CallExpr* CE, RVal L,
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]930 ExplodedNode<ValueState>* Pred);
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]931
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]932
Ted Kremenek85348202008-04-15 23:44:31 +0000[diff] [blame]933 virtual void EvalObjCMessageExpr(ExplodedNodeSet<ValueState>& Dst,
934 GRExprEngine& Engine,
935 GRStmtNodeBuilder<ValueState>& Builder,
936 ObjCMessageExpr* ME,
937 ExplodedNode<ValueState>* Pred);
938
939 bool EvalObjCMessageExprAux(ExplodedNodeSet<ValueState>& Dst,
940 GRExprEngine& Engine,
941 GRStmtNodeBuilder<ValueState>& Builder,
942 ObjCMessageExpr* ME,
943 ExplodedNode<ValueState>* Pred);
944
Ted Kremenek13922612008-04-16 20:40:59 +0000[diff] [blame]945 // Stores.
946
947 virtual void EvalStore(ExplodedNodeSet<ValueState>& Dst,
948 GRExprEngine& Engine,
949 GRStmtNodeBuilder<ValueState>& Builder,
950 Expr* E, ExplodedNode<ValueState>* Pred,
951 ValueState* St, RVal TargetLV, RVal Val);
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]952 // End-of-path.
953
954 virtual void EvalEndPath(GRExprEngine& Engine,
955 GREndPathNodeBuilder<ValueState>& Builder);
956
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]957 virtual void EvalDeadSymbols(ExplodedNodeSet<ValueState>& Dst,
958 GRExprEngine& Engine,
959 GRStmtNodeBuilder<ValueState>& Builder,
Ted Kremenek910e9992008-04-25 01:25:15 +0000[diff] [blame]960 ExplodedNode<ValueState>* Pred,
961 Stmt* S,
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]962 ValueState* St,
963 const ValueStateManager::DeadSymbolsTy& Dead);
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]964 // Return statements.
965
966 virtual void EvalReturn(ExplodedNodeSet<ValueState>& Dst,
967 GRExprEngine& Engine,
968 GRStmtNodeBuilder<ValueState>& Builder,
969 ReturnStmt* S,
970 ExplodedNode<ValueState>* Pred);
Ted Kremenekcb612922008-04-18 19:23:43 +0000[diff] [blame]971
972 // Assumptions.
973
974 virtual ValueState* EvalAssume(GRExprEngine& Engine, ValueState* St,
975 RVal Cond, bool Assumption, bool& isFeasible);
976
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]977 // Error iterators.
978
979 typedef UseAfterReleasesTy::iterator use_after_iterator;
980 typedef ReleasesNotOwnedTy::iterator bad_release_iterator;
Ted Kremenek989d5192008-04-17 23:43:50 +0000[diff] [blame]981 typedef LeaksTy::iterator leaks_iterator;
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]982
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]983 use_after_iterator use_after_begin() { return UseAfterReleases.begin(); }
984 use_after_iterator use_after_end() { return UseAfterReleases.end(); }
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]985
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]986 bad_release_iterator bad_release_begin() { return ReleasesNotOwned.begin(); }
987 bad_release_iterator bad_release_end() { return ReleasesNotOwned.end(); }
Ted Kremenek989d5192008-04-17 23:43:50 +0000[diff] [blame]988
989 leaks_iterator leaks_begin() { return Leaks.begin(); }
990 leaks_iterator leaks_end() { return Leaks.end(); }
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]991};
992
993} // end anonymous namespace
994
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]995
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]996
997
Ted Kremenekf3948042008-03-11 19:44:10 +0000[diff] [blame]998void CFRefCount::BindingsPrinter::PrintCheckerState(std::ostream& Out,
999 void* State, const char* nl,
1000 const char* sep) {
1001 RefBindings B((RefBindings::TreeTy*) State);
1002
1003 if (State)
1004 Out << sep << nl;
1005
1006 for (RefBindings::iterator I=B.begin(), E=B.end(); I!=E; ++I) {
1007 Out << (*I).first << " : ";
1008 (*I).second.print(Out);
1009 Out << nl;
1010 }
1011}
1012
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1013static inline ArgEffect GetArgE(RetainSummary* Summ, unsigned idx) {
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1014 return Summ ? Summ->getArg(idx) : DoNothing;
1015}
1016
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]1017static inline RetEffect GetRetEffect(RetainSummary* Summ) {
1018 return Summ ? Summ->getRetEffect() : RetEffect::MakeNoRet();
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1019}
1020
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]1021static inline ArgEffect GetReceiverE(RetainSummary* Summ) {
1022 return Summ ? Summ->getReceiverEffect() : DoNothing;
1023}
1024
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1025void CFRefCount::ProcessNonLeakError(ExplodedNodeSet<ValueState>& Dst,
1026 GRStmtNodeBuilder<ValueState>& Builder,
1027 Expr* NodeExpr, Expr* ErrorExpr,
1028 ExplodedNode<ValueState>* Pred,
1029 ValueState* St,
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1030 RefVal::Kind hasErr, SymbolID Sym) {
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1031 Builder.BuildSinks = true;
1032 GRExprEngine::NodeTy* N = Builder.MakeNode(Dst, NodeExpr, Pred, St);
1033
1034 if (!N) return;
1035
1036 switch (hasErr) {
1037 default: assert(false);
1038 case RefVal::ErrorUseAfterRelease:
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1039 UseAfterReleases[N] = std::make_pair(ErrorExpr, Sym);
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1040 break;
1041
1042 case RefVal::ErrorReleaseNotOwned:
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1043 ReleasesNotOwned[N] = std::make_pair(ErrorExpr, Sym);
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1044 break;
1045 }
1046}
1047
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1048void CFRefCount::EvalSummary(ExplodedNodeSet<ValueState>& Dst,
1049 GRExprEngine& Eng,
1050 GRStmtNodeBuilder<ValueState>& Builder,
1051 Expr* Ex,
1052 Expr* Receiver,
1053 RetainSummary* Summ,
1054 Expr** arg_beg, Expr** arg_end,
1055 ExplodedNode<ValueState>* Pred) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1056
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]1057
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1058 // Get the state.
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1059 ValueStateManager& StateMgr = Eng.getStateManager();
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1060 ValueState* St = Builder.GetState(Pred);
1061
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]1062
1063 // Evaluate the effect of the arguments.
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1064
1065 ValueState StVals = *St;
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1066 RefVal::Kind hasErr = (RefVal::Kind) 0;
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1067 unsigned idx = 0;
Ted Kremenekbcf50ad2008-04-11 18:40:51 +0000[diff] [blame]1068 Expr* ErrorExpr = NULL;
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1069 SymbolID ErrorSym = 0;
Ted Kremenekbcf50ad2008-04-11 18:40:51 +0000[diff] [blame]1070
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1071 for (Expr **I = arg_beg, **E = arg_end; I != E; ++I, ++idx) {
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1072
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1073 RVal V = StateMgr.GetRVal(St, *I);
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1074
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1075 if (isa<lval::SymbolVal>(V)) {
1076 SymbolID Sym = cast<lval::SymbolVal>(V).getSymbol();
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1077 RefBindings B = GetRefBindings(StVals);
1078
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1079 if (RefBindings::TreeTy* T = B.SlimFind(Sym)) {
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1080 B = Update(B, Sym, T->getValue().second, GetArgE(Summ, idx), hasErr);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1081 SetRefBindings(StVals, B);
Ted Kremenekbcf50ad2008-04-11 18:40:51 +0000[diff] [blame]1082
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1083 if (hasErr) {
Ted Kremenekbcf50ad2008-04-11 18:40:51 +0000[diff] [blame]1084 ErrorExpr = *I;
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1085 ErrorSym = T->getValue().first;
Ted Kremenekbcf50ad2008-04-11 18:40:51 +0000[diff] [blame]1086 break;
1087 }
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1088 }
Ted Kremenekb8873552008-04-11 20:51:02 +0000[diff] [blame]1089 }
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1090 else if (isa<LVal>(V)) {
1091 // Nuke all arguments passed by reference.
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1092 StateMgr.Unbind(StVals, cast<LVal>(V));
Ted Kremenekb8873552008-04-11 20:51:02 +0000[diff] [blame]1093 }
Ted Kremeneka5488462008-04-22 21:39:21 +0000[diff] [blame]1094 else if (isa<nonlval::LValAsInteger>(V))
1095 StateMgr.Unbind(StVals, cast<nonlval::LValAsInteger>(V).getLVal());
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1096 }
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1097
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]1098 // Evaluate the effect on the message receiver.
1099
1100 if (!ErrorExpr && Receiver) {
1101 RVal V = StateMgr.GetRVal(St, Receiver);
1102
1103 if (isa<lval::SymbolVal>(V)) {
1104 SymbolID Sym = cast<lval::SymbolVal>(V).getSymbol();
1105 RefBindings B = GetRefBindings(StVals);
1106
1107 if (RefBindings::TreeTy* T = B.SlimFind(Sym)) {
1108 B = Update(B, Sym, T->getValue().second, GetReceiverE(Summ), hasErr);
1109 SetRefBindings(StVals, B);
1110
1111 if (hasErr) {
1112 ErrorExpr = Receiver;
1113 ErrorSym = T->getValue().first;
1114 }
1115 }
1116 }
1117 }
1118
1119 // Get the persistent state.
1120
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1121 St = StateMgr.getPersistentState(StVals);
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1122
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]1123 // Process any errors.
1124
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1125 if (hasErr) {
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1126 ProcessNonLeakError(Dst, Builder, Ex, ErrorExpr, Pred, St,
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1127 hasErr, ErrorSym);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1128 return;
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1129 }
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1130
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1131 // Finally, consult the summary for the return value.
1132
Ted Kremenek3c0cea32008-05-06 02:26:56 +0000[diff] [blame]1133 RetEffect RE = GetRetEffect(Summ);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1134
1135 switch (RE.getKind()) {
1136 default:
1137 assert (false && "Unhandled RetEffect."); break;
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1138
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]1139 case RetEffect::NoRet:
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1140
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1141 // Make up a symbol for the return value (not reference counted).
Ted Kremenekb8873552008-04-11 20:51:02 +0000[diff] [blame]1142 // FIXME: This is basically copy-and-paste from GRSimpleVals. We
1143 // should compose behavior, not copy it.
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1144
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1145 if (Ex->getType() != Eng.getContext().VoidTy) {
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1146 unsigned Count = Builder.getCurrentBlockCount();
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1147 SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(Ex, Count);
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1148
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1149 RVal X = Ex->getType()->isPointerType()
1150 ? cast<RVal>(lval::SymbolVal(Sym))
1151 : cast<RVal>(nonlval::SymbolVal(Sym));
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1152
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1153 St = StateMgr.SetRVal(St, Ex, X, Eng.getCFG().isBlkExpr(Ex), false);
Ted Kremenekf9561e52008-04-11 20:23:24 +0000[diff] [blame]1154 }
1155
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]1156 break;
1157
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1158 case RetEffect::Alias: {
1159 unsigned idx = RE.getValue();
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1160 assert ((arg_end - arg_beg) >= 0);
1161 assert (idx < (unsigned) (arg_end - arg_beg));
1162 RVal V = StateMgr.GetRVal(St, arg_beg[idx]);
1163 St = StateMgr.SetRVal(St, Ex, V, Eng.getCFG().isBlkExpr(Ex), false);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1164 break;
1165 }
1166
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]1167 case RetEffect::ReceiverAlias: {
1168 assert (Receiver);
1169 RVal V = StateMgr.GetRVal(St, Receiver);
1170 St = StateMgr.SetRVal(St, Ex, V, Eng.getCFG().isBlkExpr(Ex), false);
1171 break;
1172 }
1173
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1174 case RetEffect::OwnedSymbol: {
1175 unsigned Count = Builder.getCurrentBlockCount();
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1176 SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(Ex, Count);
1177
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1178 ValueState StImpl = *St;
1179 RefBindings B = GetRefBindings(StImpl);
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1180 SetRefBindings(StImpl, RefBFactory.Add(B, Sym, RefVal::makeOwned()));
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1181
1182 St = StateMgr.SetRVal(StateMgr.getPersistentState(StImpl),
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1183 Ex, lval::SymbolVal(Sym),
1184 Eng.getCFG().isBlkExpr(Ex), false);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1185
1186 break;
1187 }
1188
1189 case RetEffect::NotOwnedSymbol: {
1190 unsigned Count = Builder.getCurrentBlockCount();
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1191 SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(Ex, Count);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1192
1193 ValueState StImpl = *St;
1194 RefBindings B = GetRefBindings(StImpl);
1195 SetRefBindings(StImpl, RefBFactory.Add(B, Sym, RefVal::makeNotOwned()));
1196
1197 St = StateMgr.SetRVal(StateMgr.getPersistentState(StImpl),
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1198 Ex, lval::SymbolVal(Sym),
1199 Eng.getCFG().isBlkExpr(Ex), false);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1200
1201 break;
1202 }
1203 }
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1204
1205 Builder.MakeNode(Dst, Ex, Pred, St);
1206}
1207
1208
1209void CFRefCount::EvalCall(ExplodedNodeSet<ValueState>& Dst,
1210 GRExprEngine& Eng,
1211 GRStmtNodeBuilder<ValueState>& Builder,
1212 CallExpr* CE, RVal L,
1213 ExplodedNode<ValueState>* Pred) {
1214
1215
1216 RetainSummary* Summ = NULL;
1217
1218 // Get the summary.
1219
1220 if (isa<lval::FuncVal>(L)) {
1221 lval::FuncVal FV = cast<lval::FuncVal>(L);
1222 FunctionDecl* FD = FV.getDecl();
1223 Summ = Summaries.getSummary(FD, Eng.getContext());
1224 }
1225
1226 EvalSummary(Dst, Eng, Builder, CE, 0, Summ,
1227 CE->arg_begin(), CE->arg_end(), Pred);
Ted Kremenek2fff37e2008-03-06 00:08:09 +0000[diff] [blame]1228}
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1229
Ted Kremenek85348202008-04-15 23:44:31 +0000[diff] [blame]1230
1231void CFRefCount::EvalObjCMessageExpr(ExplodedNodeSet<ValueState>& Dst,
1232 GRExprEngine& Eng,
1233 GRStmtNodeBuilder<ValueState>& Builder,
1234 ObjCMessageExpr* ME,
1235 ExplodedNode<ValueState>* Pred) {
1236
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]1237 RetainSummary* Summ;
Ted Kremenek9040c652008-05-01 21:31:50 +0000[diff] [blame]1238
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]1239 if (ME->getReceiver())
1240 Summ = Summaries.getMethodSummary(ME->getSelector());
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1241 else
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]1242 Summ = Summaries.getInstanceMethodSummary(ME->getClassName(),
1243 ME->getSelector());
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1244
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]1245 EvalSummary(Dst, Eng, Builder, ME, ME->getReceiver(), Summ,
1246 ME->arg_begin(), ME->arg_end(), Pred);
Ted Kremenek85348202008-04-15 23:44:31 +0000[diff] [blame]1247}
Ted Kremenekb3095252008-05-06 04:20:12 +0000[diff] [blame^]1248
Ted Kremenek13922612008-04-16 20:40:59 +0000[diff] [blame]1249// Stores.
1250
1251void CFRefCount::EvalStore(ExplodedNodeSet<ValueState>& Dst,
1252 GRExprEngine& Eng,
1253 GRStmtNodeBuilder<ValueState>& Builder,
1254 Expr* E, ExplodedNode<ValueState>* Pred,
1255 ValueState* St, RVal TargetLV, RVal Val) {
1256
1257 // Check if we have a binding for "Val" and if we are storing it to something
1258 // we don't understand or otherwise the value "escapes" the function.
1259
1260 if (!isa<lval::SymbolVal>(Val))
1261 return;
1262
1263 // Are we storing to something that causes the value to "escape"?
1264
1265 bool escapes = false;
1266
1267 if (!isa<lval::DeclVal>(TargetLV))
1268 escapes = true;
1269 else
1270 escapes = cast<lval::DeclVal>(TargetLV).getDecl()->hasGlobalStorage();
1271
1272 if (!escapes)
1273 return;
1274
1275 SymbolID Sym = cast<lval::SymbolVal>(Val).getSymbol();
1276 RefBindings B = GetRefBindings(*St);
1277 RefBindings::TreeTy* T = B.SlimFind(Sym);
1278
1279 if (!T)
1280 return;
1281
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1282 // Nuke the binding.
1283 St = NukeBinding(Eng.getStateManager(), St, Sym);
Ted Kremenek13922612008-04-16 20:40:59 +0000[diff] [blame]1284
1285 // Hand of the remaining logic to the parent implementation.
1286 GRSimpleVals::EvalStore(Dst, Eng, Builder, E, Pred, St, TargetLV, Val);
1287}
1288
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1289
1290ValueState* CFRefCount::NukeBinding(ValueStateManager& VMgr, ValueState* St,
1291 SymbolID sid) {
1292 ValueState StImpl = *St;
1293 RefBindings B = GetRefBindings(StImpl);
1294 StImpl.CheckerState = RefBFactory.Remove(B, sid).getRoot();
1295 return VMgr.getPersistentState(StImpl);
1296}
1297
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]1298// End-of-path.
1299
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1300ValueState* CFRefCount::HandleSymbolDeath(ValueStateManager& VMgr,
1301 ValueState* St, SymbolID sid,
1302 RefVal V, bool& hasLeak) {
1303
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]1304 hasLeak = V.isOwned() ||
1305 ((V.isNotOwned() || V.isReturnedOwned()) && V.getCount() > 0);
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1306
1307 if (!hasLeak)
1308 return NukeBinding(VMgr, St, sid);
1309
1310 RefBindings B = GetRefBindings(*St);
1311 ValueState StImpl = *St;
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1312
1313 StImpl.CheckerState =
1314 RefBFactory.Add(B, sid, RefVal::makeLeak(GetCount(V))).getRoot();
1315
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1316 return VMgr.getPersistentState(StImpl);
1317}
1318
1319void CFRefCount::EvalEndPath(GRExprEngine& Eng,
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]1320 GREndPathNodeBuilder<ValueState>& Builder) {
1321
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1322 ValueState* St = Builder.getState();
1323 RefBindings B = GetRefBindings(*St);
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]1324
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1325 llvm::SmallVector<SymbolID, 10> Leaked;
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]1326
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1327 for (RefBindings::iterator I = B.begin(), E = B.end(); I != E; ++I) {
1328 bool hasLeak = false;
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]1329
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1330 St = HandleSymbolDeath(Eng.getStateManager(), St,
1331 (*I).first, (*I).second, hasLeak);
1332
1333 if (hasLeak) Leaked.push_back((*I).first);
1334 }
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]1335
1336 if (Leaked.empty())
1337 return;
1338
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1339 ExplodedNode<ValueState>* N = Builder.MakeNode(St);
Ted Kremenek4f285152008-04-18 16:30:14 +0000[diff] [blame]1340
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]1341 if (!N)
Ted Kremenek4f285152008-04-18 16:30:14 +0000[diff] [blame]1342 return;
Ted Kremenekcb612922008-04-18 19:23:43 +0000[diff] [blame]1343
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1344 std::vector<SymbolID>*& LeaksAtNode = Leaks[N];
1345 assert (!LeaksAtNode);
1346 LeaksAtNode = new std::vector<SymbolID>();
Ted Kremenekdb863712008-04-16 22:32:20 +0000[diff] [blame]1347
1348 for (llvm::SmallVector<SymbolID, 10>::iterator I=Leaked.begin(),
1349 E = Leaked.end(); I != E; ++I)
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1350 (*LeaksAtNode).push_back(*I);
Ted Kremeneke7bd9c22008-04-11 22:25:11 +0000[diff] [blame]1351}
1352
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]1353// Dead symbols.
1354
1355void CFRefCount::EvalDeadSymbols(ExplodedNodeSet<ValueState>& Dst,
1356 GRExprEngine& Eng,
1357 GRStmtNodeBuilder<ValueState>& Builder,
Ted Kremenek910e9992008-04-25 01:25:15 +0000[diff] [blame]1358 ExplodedNode<ValueState>* Pred,
1359 Stmt* S,
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]1360 ValueState* St,
1361 const ValueStateManager::DeadSymbolsTy& Dead) {
Ted Kremenek910e9992008-04-25 01:25:15 +0000[diff] [blame]1362
Ted Kremenek652adc62008-04-24 23:57:27 +0000[diff] [blame]1363 // FIXME: a lot of copy-and-paste from EvalEndPath. Refactor.
1364
1365 RefBindings B = GetRefBindings(*St);
1366 llvm::SmallVector<SymbolID, 10> Leaked;
1367
1368 for (ValueStateManager::DeadSymbolsTy::const_iterator
1369 I=Dead.begin(), E=Dead.end(); I!=E; ++I) {
1370
1371 RefBindings::TreeTy* T = B.SlimFind(*I);
1372
1373 if (!T)
1374 continue;
1375
1376 bool hasLeak = false;
1377
1378 St = HandleSymbolDeath(Eng.getStateManager(), St,
1379 *I, T->getValue().second, hasLeak);
1380
1381 if (hasLeak) Leaked.push_back(*I);
1382 }
1383
1384 if (Leaked.empty())
1385 return;
1386
1387 ExplodedNode<ValueState>* N = Builder.MakeNode(Dst, S, Pred, St);
1388
1389 if (!N)
1390 return;
1391
1392 std::vector<SymbolID>*& LeaksAtNode = Leaks[N];
1393 assert (!LeaksAtNode);
1394 LeaksAtNode = new std::vector<SymbolID>();
1395
1396 for (llvm::SmallVector<SymbolID, 10>::iterator I=Leaked.begin(),
1397 E = Leaked.end(); I != E; ++I)
1398 (*LeaksAtNode).push_back(*I);
1399}
1400
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]1401 // Return statements.
1402
1403void CFRefCount::EvalReturn(ExplodedNodeSet<ValueState>& Dst,
1404 GRExprEngine& Eng,
1405 GRStmtNodeBuilder<ValueState>& Builder,
1406 ReturnStmt* S,
1407 ExplodedNode<ValueState>* Pred) {
1408
1409 Expr* RetE = S->getRetValue();
1410 if (!RetE) return;
1411
1412 ValueStateManager& StateMgr = Eng.getStateManager();
1413 ValueState* St = Builder.GetState(Pred);
1414 RVal V = StateMgr.GetRVal(St, RetE);
1415
1416 if (!isa<lval::SymbolVal>(V))
1417 return;
1418
1419 // Get the reference count binding (if any).
1420 SymbolID Sym = cast<lval::SymbolVal>(V).getSymbol();
1421 RefBindings B = GetRefBindings(*St);
1422 RefBindings::TreeTy* T = B.SlimFind(Sym);
1423
1424 if (!T)
1425 return;
1426
1427 // Change the reference count.
1428
1429 RefVal X = T->getValue().second;
1430
1431 switch (X.getKind()) {
1432
1433 case RefVal::Owned: {
1434 unsigned cnt = X.getCount();
1435 X = RefVal::makeReturnedOwned(cnt);
1436 break;
1437 }
1438
1439 case RefVal::NotOwned: {
1440 unsigned cnt = X.getCount();
1441 X = cnt ? RefVal::makeReturnedOwned(cnt - 1)
1442 : RefVal::makeReturnedNotOwned();
1443 break;
1444 }
1445
1446 default:
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]1447 return;
1448 }
1449
1450 // Update the binding.
1451
1452 ValueState StImpl = *St;
1453 StImpl.CheckerState = RefBFactory.Add(B, Sym, X).getRoot();
1454 Builder.MakeNode(Dst, S, Pred, StateMgr.getPersistentState(StImpl));
1455}
1456
Ted Kremenekcb612922008-04-18 19:23:43 +0000[diff] [blame]1457// Assumptions.
1458
1459ValueState* CFRefCount::EvalAssume(GRExprEngine& Eng, ValueState* St,
1460 RVal Cond, bool Assumption,
1461 bool& isFeasible) {
1462
1463 // FIXME: We may add to the interface of EvalAssume the list of symbols
1464 // whose assumptions have changed. For now we just iterate through the
1465 // bindings and check if any of the tracked symbols are NULL. This isn't
1466 // too bad since the number of symbols we will track in practice are
1467 // probably small and EvalAssume is only called at branches and a few
1468 // other places.
1469
1470 RefBindings B = GetRefBindings(*St);
1471
1472 if (B.isEmpty())
1473 return St;
1474
1475 bool changed = false;
1476
1477 for (RefBindings::iterator I=B.begin(), E=B.end(); I!=E; ++I) {
1478
1479 // Check if the symbol is null (or equal to any constant).
1480 // If this is the case, stop tracking the symbol.
1481
1482 if (St->getSymVal(I.getKey())) {
1483 changed = true;
1484 B = RefBFactory.Remove(B, I.getKey());
1485 }
1486 }
1487
1488 if (!changed)
1489 return St;
1490
1491 ValueState StImpl = *St;
1492 StImpl.CheckerState = B.getRoot();
1493 return Eng.getStateManager().getPersistentState(StImpl);
1494}
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1495
1496CFRefCount::RefBindings CFRefCount::Update(RefBindings B, SymbolID sym,
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1497 RefVal V, ArgEffect E,
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1498 RefVal::Kind& hasErr) {
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1499
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1500 // FIXME: This dispatch can potentially be sped up by unifiying it into
1501 // a single switch statement. Opt for simplicity for now.
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1502
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1503 switch (E) {
1504 default:
1505 assert (false && "Unhandled CFRef transition.");
1506
1507 case DoNothing:
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1508 if (!isGCEnabled() && V.getKind() == RefVal::Released) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1509 V = RefVal::makeUseAfterRelease();
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1510 hasErr = V.getKind();
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]1511 break;
1512 }
1513
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1514 return B;
1515
Ted Kremenek14993892008-05-06 02:41:27 +0000[diff] [blame]1516 case StopTracking:
1517 return RefBFactory.Remove(B, sym);
1518
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1519 case IncRef:
1520 switch (V.getKind()) {
1521 default:
1522 assert(false);
1523
1524 case RefVal::Owned:
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]1525 V = RefVal::makeOwned(V.getCount()+1);
1526 break;
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1527
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1528 case RefVal::NotOwned:
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1529 V = RefVal::makeNotOwned(V.getCount()+1);
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1530 break;
1531
1532 case RefVal::Released:
Ted Kremenekd3dbcf42008-05-05 22:11:16 +0000[diff] [blame]1533 if (isGCEnabled())
Ted Kremenek65c91652008-04-29 05:44:10 +0000[diff] [blame]1534 V = RefVal::makeOwned();
1535 else {
1536 V = RefVal::makeUseAfterRelease();
1537 hasErr = V.getKind();
1538 }
1539
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1540 break;
1541 }
1542
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]1543 break;
1544
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1545 case DecRef:
1546 switch (V.getKind()) {
1547 default:
1548 assert (false);
1549
1550 case RefVal::Owned: {
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]1551 unsigned Count = V.getCount();
1552 V = Count > 0 ? RefVal::makeOwned(Count - 1) : RefVal::makeReleased();
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1553 break;
1554 }
1555
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1556 case RefVal::NotOwned: {
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]1557 unsigned Count = V.getCount();
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1558
Ted Kremenek4fd88972008-04-17 18:12:53 +0000[diff] [blame]1559 if (Count > 0)
1560 V = RefVal::makeNotOwned(Count - 1);
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1561 else {
1562 V = RefVal::makeReleaseNotOwned();
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1563 hasErr = V.getKind();
Ted Kremenek61b9f872008-04-10 23:09:18 +0000[diff] [blame]1564 }
1565
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1566 break;
1567 }
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1568
1569 case RefVal::Released:
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1570 V = RefVal::makeUseAfterRelease();
Ted Kremenek9ed18e62008-04-16 04:28:53 +0000[diff] [blame]1571 hasErr = V.getKind();
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1572 break;
1573 }
Ted Kremenek940b1d82008-04-10 23:44:06 +0000[diff] [blame]1574
1575 break;
Ted Kremenek1ac08d62008-03-11 17:48:22 +0000[diff] [blame]1576 }
1577
1578 return RefBFactory.Add(B, sym, V);
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]1579}
1580
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]1581
1582//===----------------------------------------------------------------------===//
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]1583// Error reporting.
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]1584//===----------------------------------------------------------------------===//
1585
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1586namespace {
1587
1588 //===-------------===//
1589 // Bug Descriptions. //
1590 //===-------------===//
1591
Ted Kremenek95cc1ba2008-04-18 20:54:29 +0000[diff] [blame]1592 class VISIBILITY_HIDDEN CFRefBug : public BugTypeCacheLocation {
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1593 protected:
1594 CFRefCount& TF;
1595
1596 public:
1597 CFRefBug(CFRefCount& tf) : TF(tf) {}
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]1598
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]1599 CFRefCount& getTF() { return TF; }
Ted Kremenek789deac2008-05-05 23:16:31 +0000[diff] [blame]1600 const CFRefCount& getTF() const { return TF; }
1601
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1602 virtual bool isLeak() const { return false; }
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1603 };
1604
1605 class VISIBILITY_HIDDEN UseAfterRelease : public CFRefBug {
1606 public:
1607 UseAfterRelease(CFRefCount& tf) : CFRefBug(tf) {}
1608
1609 virtual const char* getName() const {
Ted Kremenek789deac2008-05-05 23:16:31 +0000[diff] [blame]1610 return "Use-After-Release";
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1611 }
1612 virtual const char* getDescription() const {
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1613 return "Reference-counted object is used"
1614 " after it is released.";
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1615 }
1616
1617 virtual void EmitWarnings(BugReporter& BR);
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1618 };
1619
1620 class VISIBILITY_HIDDEN BadRelease : public CFRefBug {
1621 public:
1622 BadRelease(CFRefCount& tf) : CFRefBug(tf) {}
1623
1624 virtual const char* getName() const {
Ted Kremenek789deac2008-05-05 23:16:31 +0000[diff] [blame]1625 return "Bad Release";
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1626 }
1627 virtual const char* getDescription() const {
1628 return "Incorrect decrement of the reference count of a "
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1629 "CoreFoundation object: "
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1630 "The object is not owned at this point by the caller.";
1631 }
1632
1633 virtual void EmitWarnings(BugReporter& BR);
1634 };
1635
1636 class VISIBILITY_HIDDEN Leak : public CFRefBug {
1637 public:
1638 Leak(CFRefCount& tf) : CFRefBug(tf) {}
1639
1640 virtual const char* getName() const {
Ted Kremenek789deac2008-05-05 23:16:31 +0000[diff] [blame]1641 return getTF().isGCEnabled() ? "Memory Leak (GC)" : "Memory Leak";
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1642 }
1643
1644 virtual const char* getDescription() const {
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1645 return "Object leaked.";
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1646 }
1647
1648 virtual void EmitWarnings(BugReporter& BR);
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]1649 virtual void GetErrorNodes(std::vector<ExplodedNode<ValueState>*>& Nodes);
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1650 virtual bool isLeak() const { return true; }
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1651 };
1652
1653 //===---------===//
1654 // Bug Reports. //
1655 //===---------===//
1656
1657 class VISIBILITY_HIDDEN CFRefReport : public RangedBugReport {
1658 SymbolID Sym;
1659 public:
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]1660 CFRefReport(CFRefBug& D, ExplodedNode<ValueState> *n, SymbolID sym)
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1661 : RangedBugReport(D, n), Sym(sym) {}
1662
1663 virtual ~CFRefReport() {}
1664
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]1665 CFRefBug& getBugType() {
1666 return (CFRefBug&) RangedBugReport::getBugType();
1667 }
1668 const CFRefBug& getBugType() const {
1669 return (const CFRefBug&) RangedBugReport::getBugType();
1670 }
1671
1672 virtual void getRanges(BugReporter& BR, const SourceRange*& beg,
1673 const SourceRange*& end) {
1674
Ted Kremeneke92c1b22008-05-02 20:53:50 +0000[diff] [blame]1675 if (!getBugType().isLeak())
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]1676 RangedBugReport::getRanges(BR, beg, end);
1677 else {
1678 beg = 0;
1679 end = 0;
1680 }
1681 }
1682
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1683 virtual PathDiagnosticPiece* getEndPath(BugReporter& BR,
1684 ExplodedNode<ValueState>* N);
1685
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]1686 virtual std::pair<const char**,const char**> getExtraDescriptiveText();
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1687
1688 virtual PathDiagnosticPiece* VisitNode(ExplodedNode<ValueState>* N,
1689 ExplodedNode<ValueState>* PrevN,
1690 ExplodedGraph<ValueState>& G,
1691 BugReporter& BR);
1692 };
1693
1694
1695} // end anonymous namespace
1696
1697void CFRefCount::RegisterChecks(GRExprEngine& Eng) {
Ted Kremenek9f741612008-05-02 18:01:49 +0000[diff] [blame]1698 if (EmitStandardWarnings) GRSimpleVals::RegisterChecks(Eng);
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1699 Eng.Register(new UseAfterRelease(*this));
1700 Eng.Register(new BadRelease(*this));
1701 Eng.Register(new Leak(*this));
1702}
1703
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]1704
1705static const char* Msgs[] = {
1706 "Code is compiled in garbage collection only mode" // GC only
1707 " (the bug occurs with garbage collection enabled).",
1708
1709 "Code is compiled without garbage collection.", // No GC.
1710
1711 "Code is compiled for use with and without garbage collection (GC)."
1712 " The bug occurs with GC enabled.", // Hybrid, with GC.
1713
1714 "Code is compiled for use with and without garbage collection (GC)."
1715 " The bug occurs in non-GC mode." // Hyrbird, without GC/
1716};
1717
1718std::pair<const char**,const char**> CFRefReport::getExtraDescriptiveText() {
1719 CFRefCount& TF = static_cast<CFRefBug&>(getBugType()).getTF();
1720
1721 switch (TF.getLangOptions().getGCMode()) {
1722 default:
1723 assert(false);
Ted Kremenek31593ac2008-05-01 04:02:04 +0000[diff] [blame]1724
1725 case LangOptions::GCOnly:
1726 assert (TF.isGCEnabled());
1727 return std::make_pair(&Msgs[0], &Msgs[0]+1);
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]1728
1729 case LangOptions::NonGC:
1730 assert (!TF.isGCEnabled());
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]1731 return std::make_pair(&Msgs[1], &Msgs[1]+1);
1732
1733 case LangOptions::HybridGC:
1734 if (TF.isGCEnabled())
1735 return std::make_pair(&Msgs[2], &Msgs[2]+1);
1736 else
1737 return std::make_pair(&Msgs[3], &Msgs[3]+1);
1738 }
1739}
1740
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1741PathDiagnosticPiece* CFRefReport::VisitNode(ExplodedNode<ValueState>* N,
1742 ExplodedNode<ValueState>* PrevN,
1743 ExplodedGraph<ValueState>& G,
1744 BugReporter& BR) {
1745
1746 // Check if the type state has changed.
1747
1748 ValueState* PrevSt = PrevN->getState();
1749 ValueState* CurrSt = N->getState();
1750
1751 CFRefCount::RefBindings PrevB = CFRefCount::GetRefBindings(*PrevSt);
1752 CFRefCount::RefBindings CurrB = CFRefCount::GetRefBindings(*CurrSt);
1753
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1754 CFRefCount::RefBindings::TreeTy* PrevT = PrevB.SlimFind(Sym);
1755 CFRefCount::RefBindings::TreeTy* CurrT = CurrB.SlimFind(Sym);
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1756
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1757 if (!CurrT)
1758 return NULL;
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1759
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1760 const char* Msg = NULL;
1761 RefVal CurrV = CurrB.SlimFind(Sym)->getValue().second;
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1762
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1763 if (!PrevT) {
1764
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1765 Stmt* S = cast<PostStmt>(N->getLocation()).getStmt();
1766
1767 if (CurrV.isOwned()) {
1768
1769 if (isa<CallExpr>(S))
1770 Msg = "Function call returns an object with a +1 retain count"
1771 " (owning reference).";
1772 else {
1773 assert (isa<ObjCMessageExpr>(S));
1774 Msg = "Method returns an object with a +1 retain count"
1775 " (owning reference).";
1776 }
1777 }
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1778 else {
1779 assert (CurrV.isNotOwned());
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1780
1781 if (isa<CallExpr>(S))
1782 Msg = "Function call returns an object with a +0 retain count"
1783 " (non-owning reference).";
1784 else {
1785 assert (isa<ObjCMessageExpr>(S));
1786 Msg = "Method returns an object with a +0 retain count"
1787 " (non-owning reference).";
1788 }
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1789 }
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1790
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1791 FullSourceLoc Pos(S->getLocStart(), BR.getContext().getSourceManager());
1792 PathDiagnosticPiece* P = new PathDiagnosticPiece(Pos, Msg);
1793
1794 if (Expr* Exp = dyn_cast<Expr>(S))
1795 P->addRange(Exp->getSourceRange());
1796
1797 return P;
1798 }
1799
1800 // Determine if the typestate has changed.
1801
1802 RefVal PrevV = PrevB.SlimFind(Sym)->getValue().second;
1803
1804 if (PrevV == CurrV)
1805 return NULL;
1806
1807 // The typestate has changed.
1808
1809 std::ostringstream os;
1810
1811 switch (CurrV.getKind()) {
1812 case RefVal::Owned:
1813 case RefVal::NotOwned:
1814 assert (PrevV.getKind() == CurrV.getKind());
1815
1816 if (PrevV.getCount() > CurrV.getCount())
1817 os << "Reference count decremented.";
1818 else
1819 os << "Reference count incremented.";
1820
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1821 if (unsigned Count = GetCount(CurrV)) {
1822
1823 os << " Object has +" << Count;
Ted Kremenek79c140b2008-04-18 05:32:44 +0000[diff] [blame]1824
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1825 if (Count > 1)
1826 os << " retain counts.";
Ted Kremenek79c140b2008-04-18 05:32:44 +0000[diff] [blame]1827 else
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1828 os << " retain count.";
Ted Kremenek79c140b2008-04-18 05:32:44 +0000[diff] [blame]1829 }
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1830
1831 Msg = os.str().c_str();
1832
1833 break;
1834
1835 case RefVal::Released:
1836 Msg = "Object released.";
1837 break;
1838
1839 case RefVal::ReturnedOwned:
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1840 Msg = "Object returned to caller as owning reference (single retain count"
1841 " transferred to caller).";
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1842 break;
1843
1844 case RefVal::ReturnedNotOwned:
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1845 Msg = "Object returned to caller with a +0 (non-owning) retain count.";
Ted Kremenek2cf943a2008-04-18 04:55:01 +0000[diff] [blame]1846 break;
1847
1848 default:
1849 return NULL;
1850 }
1851
1852 Stmt* S = cast<PostStmt>(N->getLocation()).getStmt();
1853 FullSourceLoc Pos(S->getLocStart(), BR.getContext().getSourceManager());
1854 PathDiagnosticPiece* P = new PathDiagnosticPiece(Pos, Msg);
1855
1856 // Add the range by scanning the children of the statement for any bindings
1857 // to Sym.
1858
1859 ValueStateManager& VSM = BR.getEngine().getStateManager();
1860
1861 for (Stmt::child_iterator I = S->child_begin(), E = S->child_end(); I!=E; ++I)
1862 if (Expr* Exp = dyn_cast_or_null<Expr>(*I)) {
1863 RVal X = VSM.GetRVal(CurrSt, Exp);
1864
1865 if (lval::SymbolVal* SV = dyn_cast<lval::SymbolVal>(&X))
1866 if (SV->getSymbol() == Sym) {
1867 P->addRange(Exp->getSourceRange()); break;
1868 }
1869 }
1870
1871 return P;
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]1872}
1873
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1874PathDiagnosticPiece* CFRefReport::getEndPath(BugReporter& BR,
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1875 ExplodedNode<ValueState>* EndN) {
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1876
1877 if (!getBugType().isLeak())
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1878 return RangedBugReport::getEndPath(BR, EndN);
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1879
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1880 typedef CFRefCount::RefBindings RefBindings;
1881
1882 // Get the retain count.
1883 unsigned long RetCount = 0;
1884
1885 {
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1886 ValueState* St = EndN->getState();
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]1887 RefBindings B = RefBindings((RefBindings::TreeTy*) St->CheckerState);
1888 RefBindings::TreeTy* T = B.SlimFind(Sym);
1889 assert (T);
1890 RetCount = GetCount(T->getValue().second);
1891 }
1892
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1893 // We are a leak. Walk up the graph to get to the first node where the
1894 // symbol appeared.
1895
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1896 ExplodedNode<ValueState>* N = EndN;
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1897 ExplodedNode<ValueState>* Last = N;
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1898
Ted Kremeneke92c1b22008-05-02 20:53:50 +0000[diff] [blame]1899 // Find the first node that referred to the tracked symbol. We also
1900 // try and find the first VarDecl the value was stored to.
1901
1902 VarDecl* FirstDecl = 0;
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1903
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1904 while (N) {
1905 ValueState* St = N->getState();
1906 RefBindings B = RefBindings((RefBindings::TreeTy*) St->CheckerState);
Ted Kremeneke92c1b22008-05-02 20:53:50 +0000[diff] [blame]1907 RefBindings::TreeTy* T = B.SlimFind(Sym);
1908
1909 if (!T)
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1910 break;
Ted Kremeneke92c1b22008-05-02 20:53:50 +0000[diff] [blame]1911
1912 VarDecl* VD = 0;
1913
1914 // Determine if there is an LVal binding to the symbol.
1915 for (ValueState::vb_iterator I=St->vb_begin(), E=St->vb_end(); I!=E; ++I) {
1916 if (!isa<lval::SymbolVal>(I->second) // Is the value a symbol?
1917 || cast<lval::SymbolVal>(I->second).getSymbol() != Sym)
1918 continue;
1919
1920 if (VD) { // Multiple decls map to this symbol.
1921 VD = 0;
1922 break;
1923 }
1924
1925 VD = I->first;
1926 }
1927
1928 if (VD) FirstDecl = VD;
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1929
1930 Last = N;
1931 N = N->pred_empty() ? NULL : *(N->pred_begin());
1932 }
1933
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1934 // Get the allocate site.
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1935
1936 assert (Last);
1937 Stmt* FirstStmt = cast<PostStmt>(Last->getLocation()).getStmt();
1938
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1939 SourceManager& SMgr = BR.getContext().getSourceManager();
1940 unsigned AllocLine = SMgr.getLogicalLineNumber(FirstStmt->getLocStart());
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]1941
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]1942 // Get the leak site. We may have multiple ExplodedNodes (one with the
1943 // leak) that occur on the same line number; if the node with the leak
1944 // has any immediate predecessor nodes with the same line number, find
1945 // any transitive-successors that have a different statement and use that
1946 // line number instead. This avoids emiting a diagnostic like:
1947 //
1948 // // 'y' is leaked.
1949 // int x = foo(y);
1950 //
1951 // instead we want:
1952 //
1953 // int x = foo(y);
1954 // // 'y' is leaked.
1955
1956 Stmt* S = getStmt(BR); // This is the statement where the leak occured.
1957 assert (S);
1958 unsigned EndLine = SMgr.getLogicalLineNumber(S->getLocStart());
1959
1960 // Look in the *trimmed* graph at the immediate predecessor of EndN. Does
1961 // it occur on the same line?
1962
1963 assert (!EndN->pred_empty()); // Not possible to have 0 predecessors.
1964 N = *(EndN->pred_begin());
1965
1966 do {
1967 ProgramPoint P = N->getLocation();
1968
1969 if (!isa<PostStmt>(P))
1970 break;
1971
1972 // Predecessor at same line?
1973
1974 Stmt* SPred = cast<PostStmt>(P).getStmt();
1975
1976 if (SMgr.getLogicalLineNumber(SPred->getLocStart()) != EndLine)
1977 break;
1978
1979 // The predecessor (where the object was not yet leaked) is a statement
1980 // on the same line. Get the first successor statement that appears
1981 // on a different line. For this operation, we can traverse the
1982 // non-trimmed graph.
1983
1984 N = getEndNode(); // This is the node where the leak occured in the
1985 // original graph.
1986
1987 while (!N->succ_empty()) {
1988
1989 N = *(N->succ_begin());
1990 ProgramPoint P = N->getLocation();
1991
1992 if (!isa<PostStmt>(P))
1993 continue;
1994
1995 Stmt* SSucc = cast<PostStmt>(P).getStmt();
1996
1997 if (SMgr.getLogicalLineNumber(SSucc->getLocStart()) != EndLine) {
1998 S = SSucc;
1999 break;
2000 }
2001 }
2002 }
2003 while (false);
2004
2005 // Construct the location.
2006
2007 FullSourceLoc L(S->getLocStart(), SMgr);
2008
2009 // Generate the diagnostic.
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]2010 std::ostringstream os;
Ted Kremeneke92c1b22008-05-02 20:53:50 +0000[diff] [blame]2011
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]2012 os << "Object allocated on line " << AllocLine;
Ted Kremeneke92c1b22008-05-02 20:53:50 +0000[diff] [blame]2013
2014 if (FirstDecl)
2015 os << " and stored into '" << FirstDecl->getName() << '\'';
2016
Ted Kremenekce48e002008-05-05 17:53:17 +0000[diff] [blame]2017 os << " is no longer referenced after this point and has a retain count of +"
2018 << RetCount << " (object leaked).";
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]2019
Ted Kremeneke28565b2008-05-05 18:50:19 +0000[diff] [blame]2020 return new PathDiagnosticPiece(L, os.str());
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]2021}
2022
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]2023void UseAfterRelease::EmitWarnings(BugReporter& BR) {
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]2024
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]2025 for (CFRefCount::use_after_iterator I = TF.use_after_begin(),
2026 E = TF.use_after_end(); I != E; ++I) {
2027
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]2028 CFRefReport report(*this, I->first, I->second.second);
2029 report.addRange(I->second.first->getSourceRange());
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]2030 BR.EmitWarning(report);
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]2031 }
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]2032}
2033
2034void BadRelease::EmitWarnings(BugReporter& BR) {
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]2035
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]2036 for (CFRefCount::bad_release_iterator I = TF.bad_release_begin(),
2037 E = TF.bad_release_end(); I != E; ++I) {
2038
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]2039 CFRefReport report(*this, I->first, I->second.second);
2040 report.addRange(I->second.first->getSourceRange());
2041 BR.EmitWarning(report);
Ted Kremenek05cbe1a2008-04-09 23:49:11 +0000[diff] [blame]2042 }
2043}
Ted Kremenekfa34b332008-04-09 01:10:13 +0000[diff] [blame]2044
Ted Kremenek989d5192008-04-17 23:43:50 +0000[diff] [blame]2045void Leak::EmitWarnings(BugReporter& BR) {
2046
2047 for (CFRefCount::leaks_iterator I = TF.leaks_begin(),
2048 E = TF.leaks_end(); I != E; ++I) {
2049
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]2050 std::vector<SymbolID>& SymV = *(I->second);
2051 unsigned n = SymV.size();
2052
2053 for (unsigned i = 0; i < n; ++i) {
2054 CFRefReport report(*this, I->first, SymV[i]);
2055 BR.EmitWarning(report);
2056 }
Ted Kremenek989d5192008-04-17 23:43:50 +0000[diff] [blame]2057 }
2058}
2059
Ted Kremenekcb612922008-04-18 19:23:43 +0000[diff] [blame]2060void Leak::GetErrorNodes(std::vector<ExplodedNode<ValueState>*>& Nodes) {
2061 for (CFRefCount::leaks_iterator I=TF.leaks_begin(), E=TF.leaks_end();
2062 I!=E; ++I)
2063 Nodes.push_back(I->first);
2064}
2065
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]2066//===----------------------------------------------------------------------===//
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame]2067// Transfer function creation for external clients.
Ted Kremenek6b3a0f72008-03-11 06:39:11 +0000[diff] [blame]2068//===----------------------------------------------------------------------===//
2069
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]2070GRTransferFuncs* clang::MakeCFRefCountTF(ASTContext& Ctx, bool GCEnabled,
Ted Kremenek9f741612008-05-02 18:01:49 +0000[diff] [blame]2071 bool StandardWarnings,
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]2072 const LangOptions& lopts) {
Ted Kremenek9f741612008-05-02 18:01:49 +0000[diff] [blame]2073 return new CFRefCount(Ctx, GCEnabled, StandardWarnings, lopts);
Ted Kremenek3ea0b6a2008-04-10 22:58:08 +0000[diff] [blame]2074}