Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / a43484afda4c4fb4b23a53a2dc91d985d39dc2c4 / . / lib / Analysis / GRSimpleVals.cpp
blob: 878f46d9d51ac141f236d3a63d9998c7ee4b20d9 [file] [log] [blame]
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]1// GRSimpleVals.cpp - Transfer functions for tracking simple values -*- C++ -*--
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
Gabor Greif843e9342008-03-06 10:40:09 +0000[diff] [blame]10// This file defines GRSimpleVals, a sub-class of GRTransferFuncs that
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]11// provides transfer functions for performing simple value tracking with
12// limited support for symbolics.
13//
14//===----------------------------------------------------------------------===//
15
16#include "GRSimpleVals.h"
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]17#include "BasicObjCFoundationChecks.h"
Ted Kremenek87abc032008-04-02 22:03:53 +0000[diff] [blame]18#include "clang/Basic/SourceManager.h"
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]19#include "clang/Analysis/PathDiagnostic.h"
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]20#include "clang/Analysis/PathSensitive/GRState.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]21#include "clang/Analysis/PathSensitive/BugReporter.h"
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame]22#include "clang/Analysis/LocalCheckers.h"
Ted Kremenekc0c3f5d2008-04-30 20:17:27 +0000[diff] [blame]23#include "clang/Analysis/PathSensitive/GRExprEngine.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]24#include "llvm/Support/Compiler.h"
Ted Kremenek5c061212008-02-27 17:56:16 +0000[diff] [blame]25#include <sstream>
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]26
27using namespace clang;
28
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame]29//===----------------------------------------------------------------------===//
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame]30// Transfer Function creation for External clients.
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]31//===----------------------------------------------------------------------===//
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]32
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame]33GRTransferFuncs* clang::MakeGRSimpleValsTF() { return new GRSimpleVals(); }
Ted Kremeneke01c9872008-02-14 22:36:46 +0000[diff] [blame]34
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]35//===----------------------------------------------------------------------===//
36// Transfer function for Casts.
37//===----------------------------------------------------------------------===//
38
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]39SVal GRSimpleVals::EvalCast(GRExprEngine& Eng, NonLoc X, QualType T) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]40
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]41 if (!isa<nonloc::ConcreteInt>(X))
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]42 return UnknownVal();
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]43
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]44 bool isLocType = Loc::IsLocType(T);
Ted Kremenekcd512dc2008-07-16 00:23:49 +0000[diff] [blame]45
Ted Kremenekf496ee12008-07-15 23:17:54 +0000[diff] [blame]46 // Only handle casts from integers to integers.
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]47 if (!isLocType && !T->isIntegerType())
Ted Kremenekf496ee12008-07-15 23:17:54 +0000[diff] [blame]48 return UnknownVal();
49
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]50 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]51
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]52 llvm::APSInt V = cast<nonloc::ConcreteInt>(X).getValue();
53 V.setIsUnsigned(T->isUnsignedIntegerType() || Loc::IsLocType(T));
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]54 V.extOrTrunc(Eng.getContext().getTypeSize(T));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]55
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]56 if (isLocType)
57 return loc::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]58 else
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]59 return nonloc::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]60}
61
62// Casts.
63
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]64SVal GRSimpleVals::EvalCast(GRExprEngine& Eng, Loc X, QualType T) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]65
Ted Kremeneke8c2bde2008-04-30 21:10:19 +0000[diff] [blame]66 // Casts from pointers -> pointers, just return the lval.
67 //
68 // Casts from pointers -> references, just return the lval. These
69 // can be introduced by the frontend for corner cases, e.g
70 // casting from va_list* to __builtin_va_list&.
71 //
Ted Kremeneke04a5cb2008-11-15 00:20:05 +0000[diff] [blame]72 assert (!X.isUnknownOrUndef());
73
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]74 if (Loc::IsLocType(T) || T->isReferenceType())
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]75 return X;
76
Ted Kremenek3f34d802009-02-10 05:42:58 +0000[diff] [blame]77 // FIXME: Handle transparent unions where a value can be "transparently"
78 // lifted into a union type.
79 if (T->isUnionType())
80 return UnknownVal();
81
Ted Kremenek9ef1ec92008-02-21 18:43:30 +0000[diff] [blame]82 assert (T->isIntegerType());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]83 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremeneke04a5cb2008-11-15 00:20:05 +0000[diff] [blame]84 unsigned BitWidth = Eng.getContext().getTypeSize(T);
85
86 if (!isa<loc::ConcreteInt>(X))
87 return nonloc::LocAsInteger::Make(BasicVals, X, BitWidth);
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]88
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]89 llvm::APSInt V = cast<loc::ConcreteInt>(X).getValue();
90 V.setIsUnsigned(T->isUnsignedIntegerType() || Loc::IsLocType(T));
Ted Kremeneke04a5cb2008-11-15 00:20:05 +0000[diff] [blame]91 V.extOrTrunc(BitWidth);
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]92 return nonloc::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]93}
94
95// Unary operators.
96
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]97SVal GRSimpleVals::EvalMinus(GRExprEngine& Eng, UnaryOperator* U, NonLoc X){
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]98
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]99 switch (X.getSubKind()) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]100
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]101 case nonloc::ConcreteIntKind:
102 return cast<nonloc::ConcreteInt>(X).EvalMinus(Eng.getBasicVals(), U);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]103
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]104 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]105 return UnknownVal();
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]106 }
107}
108
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]109SVal GRSimpleVals::EvalComplement(GRExprEngine& Eng, NonLoc X) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]110
Ted Kremenek90e42032008-02-20 04:12:31 +0000[diff] [blame]111 switch (X.getSubKind()) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]112
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]113 case nonloc::ConcreteIntKind:
114 return cast<nonloc::ConcreteInt>(X).EvalComplement(Eng.getBasicVals());
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]115
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]116 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]117 return UnknownVal();
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]118 }
119}
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]120
121// Binary operators.
122
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]123static unsigned char LNotOpMap[] = {
124 (unsigned char) BinaryOperator::GE, /* LT => GE */
125 (unsigned char) BinaryOperator::LE, /* GT => LE */
126 (unsigned char) BinaryOperator::GT, /* LE => GT */
127 (unsigned char) BinaryOperator::LT, /* GE => LT */
128 (unsigned char) BinaryOperator::NE, /* EQ => NE */
129 (unsigned char) BinaryOperator::EQ /* NE => EQ */
130};
131
Ted Kremeneke04a5cb2008-11-15 00:20:05 +0000[diff] [blame]132SVal GRSimpleVals::DetermEvalBinOpNN(GRExprEngine& Eng,
Ted Kremenekad8329e2008-07-18 15:27:58 +0000[diff] [blame]133 BinaryOperator::Opcode Op,
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]134 NonLoc L, NonLoc R,
135 QualType T) {
Ted Kremenek26758752008-09-19 17:31:13 +0000[diff] [blame]136
Ted Kremeneke04a5cb2008-11-15 00:20:05 +0000[diff] [blame]137 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenek26758752008-09-19 17:31:13 +0000[diff] [blame]138 unsigned subkind = L.getSubKind();
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]139
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]140 while (1) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]141
Ted Kremenek26758752008-09-19 17:31:13 +0000[diff] [blame]142 switch (subkind) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]143 default:
Ted Kremenek9258a642008-02-21 19:10:12 +0000[diff] [blame]144 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]145
Ted Kremeneke04a5cb2008-11-15 00:20:05 +0000[diff] [blame]146 case nonloc::LocAsIntegerKind: {
147 Loc LL = cast<nonloc::LocAsInteger>(L).getLoc();
148
149 switch (R.getSubKind()) {
150 case nonloc::LocAsIntegerKind:
151 return EvalBinOp(Eng, Op, LL,
152 cast<nonloc::LocAsInteger>(R).getLoc());
153
154 case nonloc::ConcreteIntKind: {
155 // Transform the integer into a location and compare.
156 ASTContext& Ctx = Eng.getContext();
157 llvm::APSInt V = cast<nonloc::ConcreteInt>(R).getValue();
158 V.setIsUnsigned(true);
159 V.extOrTrunc(Ctx.getTypeSize(Ctx.VoidPtrTy));
160 return EvalBinOp(Eng, Op, LL,
161 loc::ConcreteInt(BasicVals.getValue(V)));
162 }
163
164 default:
165 switch (Op) {
166 case BinaryOperator::EQ:
167 return NonLoc::MakeIntTruthVal(BasicVals, false);
168 case BinaryOperator::NE:
169 return NonLoc::MakeIntTruthVal(BasicVals, true);
170 default:
171 // This case also handles pointer arithmetic.
172 return UnknownVal();
173 }
174 }
175 }
176
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]177 case nonloc::SymExprValKind: {
Ted Kremenek40fc5c72008-07-18 15:54:51 +0000[diff] [blame]178 // Logical not?
179 if (!(Op == BinaryOperator::EQ && R.isZeroConstant()))
180 return UnknownVal();
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]181
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]182 const SymExpr &SE=*cast<nonloc::SymExprVal>(L).getSymbolicExpression();
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]183
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]184 // Only handle ($sym op constant) for now.
185 if (const SymIntExpr *E = dyn_cast<SymIntExpr>(&SE)) {
186 BinaryOperator::Opcode Opc = E->getOpcode();
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]187
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]188 if (Opc < BinaryOperator::LT || Opc > BinaryOperator::NE)
189 return UnknownVal();
190
191 // For comparison operators, translate the constraint by
192 // changing the opcode.
193 int idx = (unsigned) Opc - (unsigned) BinaryOperator::LT;
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]194
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]195 assert (idx >= 0 &&
196 (unsigned) idx < sizeof(LNotOpMap)/sizeof(unsigned char));
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]197
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]198 Opc = (BinaryOperator::Opcode) LNotOpMap[idx];
199 assert(E->getType(Eng.getContext()) == T);
200 E = Eng.getSymbolManager().getSymIntExpr(E->getLHS(), Opc,
201 E->getRHS(), T);
202 return nonloc::SymExprVal(E);
203 }
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]204
Ted Kremeneke0e4ebf2009-03-26 03:35:11 +0000[diff] [blame]205 return UnknownVal();
Ted Kremenek1e38f852008-07-18 15:46:06 +0000[diff] [blame]206 }
207
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]208 case nonloc::ConcreteIntKind:
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]209
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]210 if (isa<nonloc::ConcreteInt>(R)) {
211 const nonloc::ConcreteInt& L_CI = cast<nonloc::ConcreteInt>(L);
212 const nonloc::ConcreteInt& R_CI = cast<nonloc::ConcreteInt>(R);
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]213 return L_CI.EvalBinOp(BasicVals, Op, R_CI);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]214 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]215 else {
Ted Kremenek26758752008-09-19 17:31:13 +0000[diff] [blame]216 subkind = R.getSubKind();
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]217 NonLoc tmp = R;
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]218 R = L;
219 L = tmp;
Ted Kremenek26758752008-09-19 17:31:13 +0000[diff] [blame]220
221 // Swap the operators.
222 switch (Op) {
223 case BinaryOperator::LT: Op = BinaryOperator::GT; break;
224 case BinaryOperator::GT: Op = BinaryOperator::LT; break;
225 case BinaryOperator::LE: Op = BinaryOperator::GE; break;
226 case BinaryOperator::GE: Op = BinaryOperator::LE; break;
227 default: break;
228 }
229
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]230 continue;
231 }
232
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]233 case nonloc::SymbolValKind:
Ted Kremenekfc3388d2009-04-10 18:11:44 +0000[diff] [blame]234 if (isa<nonloc::ConcreteInt>(R)) {
235 ValueManager &ValMgr = Eng.getValueManager();
236 return ValMgr.makeNonLoc(cast<nonloc::SymbolVal>(L).getSymbol(), Op,
237 cast<nonloc::ConcreteInt>(R).getValue(), T);
238 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]239 else
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]240 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]241 }
242 }
243}
244
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]245
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]246// Binary Operators (except assignments and comma).
247
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]248SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
249 Loc L, Loc R) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]250
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]251 switch (Op) {
252 default:
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]253 return UnknownVal();
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]254 case BinaryOperator::EQ:
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]255 case BinaryOperator::NE:
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]256 return EvalEquality(Eng, L, R, Op == BinaryOperator::EQ);
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]257 }
258}
259
Zhongxing Xu262fd032009-05-20 09:00:16 +0000[diff] [blame]260SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, const GRState *state,
261 BinaryOperator::Opcode Op, Loc L, NonLoc R) {
Ted Kremenek5fa93d52009-04-29 16:03:27 +0000[diff] [blame]262
263 // Special case: 'R' is an integer that has the same width as a pointer and
264 // we are using the integer location in a comparison. Normally this cannot be
265 // triggered, but transfer functions like those for OSCommpareAndSwapBarrier32
266 // can generate comparisons that trigger this code.
267 // FIXME: Are all locations guaranteed to have pointer width?
268 if (BinaryOperator::isEqualityOp(Op)) {
269 if (nonloc::ConcreteInt *RInt = dyn_cast<nonloc::ConcreteInt>(&R)) {
Ted Kremenek25258f82009-05-08 00:32:39 +0000[diff] [blame]270 const llvm::APSInt *X = &RInt->getValue();
Ted Kremenek5fa93d52009-04-29 16:03:27 +0000[diff] [blame]271 ASTContext &C = Eng.getContext();
Ted Kremenek25258f82009-05-08 00:32:39 +0000[diff] [blame]272 if (C.getTypeSize(C.VoidPtrTy) == X->getBitWidth()) {
273 // Convert the signedness of the integer (if necessary).
274 if (X->isSigned())
275 X = &Eng.getBasicVals().getValue(*X, true);
276
277 return EvalBinOp(Eng, Op, L, loc::ConcreteInt(*X));
278 }
Ted Kremenek5fa93d52009-04-29 16:03:27 +0000[diff] [blame]279 }
280 }
281
Zhongxing Xu94aa6c12009-03-02 07:52:23 +0000[diff] [blame]282 // Delegate pointer arithmetic to store manager.
Zhongxing Xu262fd032009-05-20 09:00:16 +0000[diff] [blame]283 return Eng.getStoreManager().EvalBinOp(state, Op, L, R);
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]284}
285
Zhongxing Xuc565b632009-04-09 07:39:46 +0000[diff] [blame]286// Equality operators for Locs.
287// FIXME: All this logic will be revamped when we have MemRegion::getLocation()
288// implemented.
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]289
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]290SVal GRSimpleVals::EvalEquality(GRExprEngine& Eng, Loc L, Loc R, bool isEqual) {
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]291
292 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenek214c6cb2009-03-09 20:35:15 +0000[diff] [blame]293
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]294 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]295
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]296 default:
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]297 assert(false && "EQ/NE not implemented for this Loc.");
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]298 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]299
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]300 case loc::ConcreteIntKind:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]301
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]302 if (isa<loc::ConcreteInt>(R)) {
303 bool b = cast<loc::ConcreteInt>(L).getValue() ==
304 cast<loc::ConcreteInt>(R).getValue();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]305
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]306 // Are we computing '!='? Flip the result.
307 if (!isEqual)
308 b = !b;
309
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]310 return NonLoc::MakeIntTruthVal(BasicVals, b);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]311 }
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]312 else if (SymbolRef Sym = R.getAsSymbol()) {
313 const SymIntExpr * SE =
314 Eng.getSymbolManager().getSymIntExpr(Sym,
315 isEqual ? BinaryOperator::EQ
316 : BinaryOperator::NE,
317 cast<loc::ConcreteInt>(L).getValue(),
318 Eng.getContext().IntTy);
319 return nonloc::SymExprVal(SE);
320 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]321
322 break;
323
Ted Kremenek214c6cb2009-03-09 20:35:15 +0000[diff] [blame]324 case loc::MemRegionKind: {
Zhongxing Xuc565b632009-04-09 07:39:46 +0000[diff] [blame]325 if (SymbolRef LSym = L.getAsLocSymbol()) {
326 if (isa<loc::ConcreteInt>(R)) {
327 const SymIntExpr *SE =
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]328 Eng.getSymbolManager().getSymIntExpr(LSym,
329 isEqual ? BinaryOperator::EQ
330 : BinaryOperator::NE,
Zhongxing Xuc565b632009-04-09 07:39:46 +0000[diff] [blame]331 cast<loc::ConcreteInt>(R).getValue(),
332 Eng.getContext().IntTy);
333
334 return nonloc::SymExprVal(SE);
335 }
Ted Kremenek214c6cb2009-03-09 20:35:15 +0000[diff] [blame]336 }
337 }
338
339 // Fall-through.
340
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]341 case loc::GotoLabelKind:
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]342 return NonLoc::MakeIntTruthVal(BasicVals, isEqual ? L == R : L != R);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]343 }
344
Ted Kremenek65d80fd2009-05-04 17:53:11 +0000[diff] [blame]345 return NonLoc::MakeIntTruthVal(BasicVals, isEqual ? false : true);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]346}
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]347
348//===----------------------------------------------------------------------===//
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]349// Transfer function for function calls.
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]350//===----------------------------------------------------------------------===//
351
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]352void GRSimpleVals::EvalCall(ExplodedNodeSet<GRState>& Dst,
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]353 GRExprEngine& Eng,
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]354 GRStmtNodeBuilder<GRState>& Builder,
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]355 CallExpr* CE, SVal L,
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]356 ExplodedNode<GRState>* Pred) {
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]357
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]358 GRStateManager& StateMgr = Eng.getStateManager();
359 const GRState* St = Builder.GetState(Pred);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]360
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]361 // Invalidate all arguments passed in by reference (Locs).
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]362
363 for (CallExpr::arg_iterator I = CE->arg_begin(), E = CE->arg_end();
364 I != E; ++I) {
365
Ted Kremenek23ec48c2009-06-18 23:58:37 +0000[diff] [blame]366 SVal V = St->getSVal(*I);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]367
Zhongxing Xu78d5b5e2009-06-16 06:18:21 +0000[diff] [blame]368 if (isa<loc::MemRegionVal>(V)) {
369 const MemRegion *R = cast<loc::MemRegionVal>(V).getRegion();
Ted Kremeneka43484a2009-06-23 00:46:41 +0000[diff] [blame^]370 if (R->isBoundable())
371 St = StateMgr.BindLoc(St, cast<Loc>(V), UnknownVal());
Zhongxing Xu78d5b5e2009-06-16 06:18:21 +0000[diff] [blame]372 } else if (isa<nonloc::LocAsInteger>(V))
Zhongxing Xu8cd5aae2008-10-30 05:33:54 +0000[diff] [blame]373 St = StateMgr.BindLoc(St, cast<nonloc::LocAsInteger>(V).getLoc(),
Ted Kremeneka5488462008-04-22 21:39:21 +0000[diff] [blame]374 UnknownVal());
375
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]376 }
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]377
Ted Kremenekfd301942008-10-17 22:23:12 +0000[diff] [blame]378 // Make up a symbol for the return value of this function.
379 // FIXME: We eventually should handle structs and other compound types
380 // that are returned by value.
381 QualType T = CE->getType();
Ted Kremenek062e2f92008-11-13 06:10:40 +0000[diff] [blame]382 if (Loc::IsLocType(T) || (T->isIntegerType() && T->isScalarType())) {
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]383 unsigned Count = Builder.getCurrentBlockCount();
Ted Kremenek8d7f5482009-04-09 22:22:44 +0000[diff] [blame]384 SVal X = Eng.getValueManager().getConjuredSymbolVal(CE, Count);
Ted Kremenek23ec48c2009-06-18 23:58:37 +0000[diff] [blame]385 St = St->bindExpr(CE, X, Eng.getCFG().isBlkExpr(CE), false);
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]386 }
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]387
Ted Kremenek0e561a32008-03-21 21:30:14 +0000[diff] [blame]388 Builder.MakeNode(Dst, CE, Pred, St);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]389}
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]390
391//===----------------------------------------------------------------------===//
392// Transfer function for Objective-C message expressions.
393//===----------------------------------------------------------------------===//
394
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]395void GRSimpleVals::EvalObjCMessageExpr(ExplodedNodeSet<GRState>& Dst,
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]396 GRExprEngine& Eng,
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]397 GRStmtNodeBuilder<GRState>& Builder,
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]398 ObjCMessageExpr* ME,
Ted Kremenek4adc81e2008-08-13 04:27:00 +0000[diff] [blame]399 ExplodedNode<GRState>* Pred) {
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]400
401
402 // The basic transfer function logic for message expressions does nothing.
Ted Kremenek23ec48c2009-06-18 23:58:37 +0000[diff] [blame]403 // We just invalidate all arguments passed in by references.
404 const GRState *St = Builder.GetState(Pred);
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]405
406 for (ObjCMessageExpr::arg_iterator I = ME->arg_begin(), E = ME->arg_end();
407 I != E; ++I) {
408
Ted Kremenek23ec48c2009-06-18 23:58:37 +0000[diff] [blame]409 SVal V = St->getSVal(*I);
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]410
Zhongxing Xu1c96b242008-10-17 05:57:07 +0000[diff] [blame]411 if (isa<Loc>(V))
Ted Kremenek23ec48c2009-06-18 23:58:37 +0000[diff] [blame]412 St = St->bindLoc(cast<Loc>(V), UnknownVal());
Ted Kremeneke695e1c2008-04-15 23:06:53 +0000[diff] [blame]413 }
414
415 Builder.MakeNode(Dst, ME, Pred, St);
416}