Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 77349cb20bfd7069d081f84c91975bfa8ef60a32 / . / Analysis / GRExprEngine.cpp
blob: ce504c10b08cecd4a755407fc78af8824bb3960b [file] [log] [blame]
Ted Kremenek77349cb2008-02-14 22:13:12 +0000[diff] [blame^]1//=-- GRExprEngine.cpp - Path-Sensitive Expression-Level Dataflow ---*- C++ -*-=
Ted Kremenek64924852008-01-31 02:35:41 +0000[diff] [blame]2//
Ted Kremenek4af84312008-01-31 06:49:09 +0000[diff] [blame]3// The LLVM Compiler Infrastructure
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
Ted Kremenek77349cb2008-02-14 22:13:12 +0000[diff] [blame^]10// This file defines a meta-engine for path-sensitive dataflow analysis that
11// is built on GREngine, but provides the boilerplate to execute transfer
12// functions and build the ExplodedGraph at the expression level.
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]13//
14//===----------------------------------------------------------------------===//
15
Ted Kremenek77349cb2008-02-14 22:13:12 +0000[diff] [blame^]16#include "clang/Analysis/PathSensitive/GRExprEngine.h"
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]17
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]18GRExprEngine::StateTy
19GRExprEngine::SetValue(StateTy St, Expr* S, const RValue& V) {
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]20
Ted Kremeneke070a1d2008-02-04 21:59:01 +0000[diff] [blame]21 if (!StateCleaned) {
22 St = RemoveDeadBindings(CurrentStmt, St);
23 StateCleaned = true;
24 }
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]25
Ted Kremeneke070a1d2008-02-04 21:59:01 +0000[diff] [blame]26 bool isBlkExpr = false;
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]27
Ted Kremeneke070a1d2008-02-04 21:59:01 +0000[diff] [blame]28 if (S == CurrentStmt) {
29 isBlkExpr = getCFG().isBlkExpr(S);
30
31 if (!isBlkExpr)
32 return St;
33 }
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]34
Ted Kremeneke070a1d2008-02-04 21:59:01 +0000[diff] [blame]35 return StateMgr.SetValue(St, S, isBlkExpr, V);
36}
37
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]38const GRExprEngine::StateTy::BufferTy&
39GRExprEngine::SetValue(StateTy St, Expr* S, const RValue::BufferTy& RB,
Ted Kremenekcba2e432008-02-05 19:35:18 +0000[diff] [blame]40 StateTy::BufferTy& RetBuf) {
41
42 assert (RetBuf.empty());
43
44 for (RValue::BufferTy::const_iterator I=RB.begin(), E=RB.end(); I!=E; ++I)
45 RetBuf.push_back(SetValue(St, S, *I));
46
47 return RetBuf;
48}
49
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]50GRExprEngine::StateTy
51GRExprEngine::SetValue(StateTy St, const LValue& LV, const RValue& V) {
Ted Kremeneke070a1d2008-02-04 21:59:01 +0000[diff] [blame]52
Ted Kremenek53c641a2008-02-08 03:02:48 +0000[diff] [blame]53 if (LV.isUnknown())
Ted Kremeneke070a1d2008-02-04 21:59:01 +0000[diff] [blame]54 return St;
55
56 if (!StateCleaned) {
57 St = RemoveDeadBindings(CurrentStmt, St);
58 StateCleaned = true;
59 }
60
61 return StateMgr.SetValue(St, LV, V);
62}
63
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]64void GRExprEngine::ProcessBranch(Expr* Condition, Stmt* Term,
Ted Kremenek71c29bd2008-01-29 23:32:35 +0000[diff] [blame]65 BranchNodeBuilder& builder) {
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]66
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]67 // Remove old bindings for subexpressions.
68 StateTy PrevState = StateMgr.RemoveSubExprBindings(builder.getState());
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]69
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]70 RValue V = GetValue(PrevState, Condition);
71
72 switch (V.getBaseKind()) {
73 default:
74 break;
75
Ted Kremenek53c641a2008-02-08 03:02:48 +0000[diff] [blame]76 case RValue::UnknownKind:
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]77 builder.generateNode(PrevState, true);
78 builder.generateNode(PrevState, false);
79 return;
80
81 case RValue::UninitializedKind: {
82 NodeTy* N = builder.generateNode(PrevState, true);
83
84 if (N) {
85 N->markAsSink();
86 UninitBranches.insert(N);
87 }
88
89 builder.markInfeasible(false);
90 return;
91 }
92 }
93
Ted Kremenek8e49dd62008-02-12 18:08:17 +0000[diff] [blame]94 // Get the current block counter.
95 GRBlockCounter BC = builder.getBlockCounter();
96
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]97 unsigned BlockID = builder.getTargetBlock(true)->getBlockID();
98 unsigned NumVisited = BC.getNumVisited(BlockID);
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]99
Ted Kremenek8e49dd62008-02-12 18:08:17 +0000[diff] [blame]100 if (isa<nonlval::ConcreteInt>(V) ||
101 BC.getNumVisited(builder.getTargetBlock(true)->getBlockID()) < 1) {
102
103 // Process the true branch.
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]104
Ted Kremenek8e49dd62008-02-12 18:08:17 +0000[diff] [blame]105 bool isFeasible = true;
106
107 StateTy St = Assume(PrevState, V, true, isFeasible);
108
109 if (isFeasible)
110 builder.generateNode(St, true);
111 else
112 builder.markInfeasible(true);
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]113 }
Ted Kremenek8e49dd62008-02-12 18:08:17 +0000[diff] [blame]114 else
115 builder.markInfeasible(true);
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]116
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]117 BlockID = builder.getTargetBlock(false)->getBlockID();
118 NumVisited = BC.getNumVisited(BlockID);
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]119
Ted Kremenek8e49dd62008-02-12 18:08:17 +0000[diff] [blame]120 if (isa<nonlval::ConcreteInt>(V) ||
121 BC.getNumVisited(builder.getTargetBlock(false)->getBlockID()) < 1) {
122
123 // Process the false branch.
124
125 bool isFeasible = false;
126
127 StateTy St = Assume(PrevState, V, false, isFeasible);
128
129 if (isFeasible)
130 builder.generateNode(St, false);
131 else
132 builder.markInfeasible(false);
133 }
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]134 else
135 builder.markInfeasible(false);
Ted Kremenek71c29bd2008-01-29 23:32:35 +0000[diff] [blame]136}
137
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]138/// ProcessIndirectGoto - Called by GRCoreEngine. Used to generate successor
Ted Kremenek754607e2008-02-13 00:24:44 +0000[diff] [blame]139/// nodes by processing the 'effects' of a computed goto jump.
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]140void GRExprEngine::ProcessIndirectGoto(IndirectGotoNodeBuilder& builder) {
Ted Kremenek754607e2008-02-13 00:24:44 +0000[diff] [blame]141
142 StateTy St = builder.getState();
143 LValue V = cast<LValue>(GetValue(St, builder.getTarget()));
144
145 // Three possibilities:
146 //
147 // (1) We know the computed label.
148 // (2) The label is NULL (or some other constant), or Uninitialized.
149 // (3) We have no clue about the label. Dispatch to all targets.
150 //
151
152 typedef IndirectGotoNodeBuilder::iterator iterator;
153
154 if (isa<lval::GotoLabel>(V)) {
155 LabelStmt* L = cast<lval::GotoLabel>(V).getLabel();
156
157 for (iterator I=builder.begin(), E=builder.end(); I != E; ++I) {
Ted Kremenek24f1a962008-02-13 17:27:37 +0000[diff] [blame]158 if (I.getLabel() == L) {
159 builder.generateNode(I, St);
Ted Kremenek754607e2008-02-13 00:24:44 +0000[diff] [blame]160 return;
161 }
162 }
163
164 assert (false && "No block with label.");
165 return;
166 }
167
168 if (isa<lval::ConcreteInt>(V) || isa<UninitializedVal>(V)) {
169 // Dispatch to the first target and mark it as a sink.
Ted Kremenek24f1a962008-02-13 17:27:37 +0000[diff] [blame]170 NodeTy* N = builder.generateNode(builder.begin(), St, true);
Ted Kremenek754607e2008-02-13 00:24:44 +0000[diff] [blame]171 UninitBranches.insert(N);
172 return;
173 }
174
175 // This is really a catch-all. We don't support symbolics yet.
176
177 assert (isa<UnknownVal>(V));
178
179 for (iterator I=builder.begin(), E=builder.end(); I != E; ++I)
Ted Kremenek24f1a962008-02-13 17:27:37 +0000[diff] [blame]180 builder.generateNode(I, St);
Ted Kremenek754607e2008-02-13 00:24:44 +0000[diff] [blame]181}
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]182
Ted Kremenekdaeb9a72008-02-13 23:08:21 +0000[diff] [blame]183/// ProcessSwitch - Called by GRCoreEngine. Used to generate successor
184/// nodes by processing the 'effects' of a switch statement.
185void GRExprEngine::ProcessSwitch(SwitchNodeBuilder& builder) {
186
187 typedef SwitchNodeBuilder::iterator iterator;
188
189 StateTy St = builder.getState();
190 NonLValue CondV = cast<NonLValue>(GetValue(St, builder.getCondition()));
191
192 if (isa<UninitializedVal>(CondV)) {
193 NodeTy* N = builder.generateDefaultCaseNode(St, true);
194 UninitBranches.insert(N);
195 return;
196 }
197
198 StateTy DefaultSt = St;
199
200 // While most of this can be assumed (such as the signedness), having it
201 // just computed makes sure everything makes the same assumptions end-to-end.
202 unsigned bits = getContext().getTypeSize(getContext().IntTy,SourceLocation());
203 APSInt V1(bits, false);
204 APSInt V2 = V1;
205
206 for (iterator I=builder.begin(), E=builder.end(); I!=E; ++I) {
207
208 CaseStmt* Case = cast<CaseStmt>(I.getCase());
209
210 // Evaluate the case.
211 if (!Case->getLHS()->isIntegerConstantExpr(V1, getContext(), 0, true)) {
212 assert (false && "Case condition must evaluate to an integer constant.");
213 return;
214 }
215
216 // Get the RHS of the case, if it exists.
217
218 if (Expr* E = Case->getRHS()) {
219 if (!E->isIntegerConstantExpr(V2, getContext(), 0, true)) {
220 assert (false &&
221 "Case condition (RHS) must evaluate to an integer constant.");
222 return ;
223 }
224
225 assert (V1 <= V2);
226 }
227 else V2 = V1;
228
229 // FIXME: Eventually we should replace the logic below with a range
230 // comparison, rather than concretize the values within the range.
231 // This should be easy once we have "ranges" for NonLValues.
232
233 do {
234 nonlval::ConcreteInt CaseVal(ValMgr.getValue(V1));
235
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]236 NonLValue Res = EvalBinaryOp(ValMgr, BinaryOperator::EQ, CondV, CaseVal);
Ted Kremenekdaeb9a72008-02-13 23:08:21 +0000[diff] [blame]237
238 // Now "assume" that the case matches.
239 bool isFeasible;
240
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]241 StateTy StNew = Assume(St, Res, true, isFeasible);
Ted Kremenekdaeb9a72008-02-13 23:08:21 +0000[diff] [blame]242
243 if (isFeasible) {
244 builder.generateCaseStmtNode(I, StNew);
245
246 // If CondV evaluates to a constant, then we know that this
247 // is the *only* case that we can take, so stop evaluating the
248 // others.
249 if (isa<nonlval::ConcreteInt>(CondV))
250 return;
251 }
252
253 // Now "assume" that the case doesn't match. Add this state
254 // to the default state (if it is feasible).
255
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]256 StNew = Assume(DefaultSt, Res, false, isFeasible);
Ted Kremenekdaeb9a72008-02-13 23:08:21 +0000[diff] [blame]257
258 if (isFeasible)
259 DefaultSt = StNew;
260
261 // Concretize the next value in the range.
262 ++V1;
263
264 } while (V1 < V2);
265 }
266
267 // If we reach here, than we know that the default branch is
268 // possible.
269 builder.generateDefaultCaseNode(DefaultSt);
270}
271
272
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]273void GRExprEngine::VisitLogicalExpr(BinaryOperator* B, NodeTy* Pred,
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]274 NodeSet& Dst) {
275
276 bool hasR2;
277 StateTy PrevState = Pred->getState();
278
279 RValue R1 = GetValue(PrevState, B->getLHS());
280 RValue R2 = GetValue(PrevState, B->getRHS(), hasR2);
281
Ted Kremenek22031182008-02-08 02:57:34 +0000[diff] [blame]282 if (isa<UnknownVal>(R1) &&
283 (isa<UnknownVal>(R2) ||
284 isa<UninitializedVal>(R2))) {
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]285
286 Nodify(Dst, B, Pred, SetValue(PrevState, B, R2));
287 return;
288 }
Ted Kremenek22031182008-02-08 02:57:34 +0000[diff] [blame]289 else if (isa<UninitializedVal>(R1)) {
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]290 Nodify(Dst, B, Pred, SetValue(PrevState, B, R1));
291 return;
292 }
293
294 // R1 is an expression that can evaluate to either 'true' or 'false'.
295 if (B->getOpcode() == BinaryOperator::LAnd) {
296 // hasR2 == 'false' means that LHS evaluated to 'false' and that
297 // we short-circuited, leading to a value of '0' for the '&&' expression.
298 if (hasR2 == false) {
299 Nodify(Dst, B, Pred, SetValue(PrevState, B, GetRValueConstant(0U, B)));
300 return;
301 }
302 }
303 else {
304 assert (B->getOpcode() == BinaryOperator::LOr);
305 // hasR2 == 'false' means that the LHS evaluate to 'true' and that
306 // we short-circuited, leading to a value of '1' for the '||' expression.
307 if (hasR2 == false) {
308 Nodify(Dst, B, Pred, SetValue(PrevState, B, GetRValueConstant(1U, B)));
309 return;
310 }
311 }
312
313 // If we reach here we did not short-circuit. Assume R2 == true and
314 // R2 == false.
315
316 bool isFeasible;
317 StateTy St = Assume(PrevState, R2, true, isFeasible);
318
319 if (isFeasible)
320 Nodify(Dst, B, Pred, SetValue(PrevState, B, GetRValueConstant(1U, B)));
321
322 St = Assume(PrevState, R2, false, isFeasible);
323
324 if (isFeasible)
325 Nodify(Dst, B, Pred, SetValue(PrevState, B, GetRValueConstant(0U, B)));
326}
327
328
329
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]330void GRExprEngine::ProcessStmt(Stmt* S, StmtNodeBuilder& builder) {
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]331 Builder = &builder;
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]332
333 StmtEntryNode = builder.getLastNode();
334 CurrentStmt = S;
335 NodeSet Dst;
336 StateCleaned = false;
337
338 Visit(S, StmtEntryNode, Dst);
339
340 // If no nodes were generated, generate a new node that has all the
341 // dead mappings removed.
342 if (Dst.size() == 1 && *Dst.begin() == StmtEntryNode) {
343 StateTy St = RemoveDeadBindings(S, StmtEntryNode->getState());
344 builder.generateNode(S, St, StmtEntryNode);
345 }
Ted Kremenekf84469b2008-01-18 00:41:32 +0000[diff] [blame]346
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]347 CurrentStmt = NULL;
348 StmtEntryNode = NULL;
349 Builder = NULL;
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]350}
351
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]352GRExprEngine::NodeTy*
353GRExprEngine::Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred, StateTy St) {
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]354
355 // If the state hasn't changed, don't generate a new node.
Ted Kremenek7e593362008-02-07 15:20:13 +0000[diff] [blame]356 if (St == Pred->getState())
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]357 return NULL;
Ted Kremenekcb448ca2008-01-16 00:53:15 +0000[diff] [blame]358
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]359 NodeTy* N = Builder->generateNode(S, St, Pred);
360 Dst.Add(N);
361 return N;
Ted Kremenekcb448ca2008-01-16 00:53:15 +0000[diff] [blame]362}
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]363
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]364void GRExprEngine::Nodify(NodeSet& Dst, Stmt* S, NodeTy* Pred,
Ted Kremenekcba2e432008-02-05 19:35:18 +0000[diff] [blame]365 const StateTy::BufferTy& SB) {
366
367 for (StateTy::BufferTy::const_iterator I=SB.begin(), E=SB.end(); I!=E; ++I)
368 Nodify(Dst, S, Pred, *I);
369}
370
Ted Kremenek44842c22008-02-13 18:06:44 +0000[diff] [blame]371void GRExprEngine::VisitDeclRefExpr(DeclRefExpr* D, NodeTy* Pred, NodeSet& Dst){
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]372 if (D != CurrentStmt) {
373 Dst.Add(Pred); // No-op. Simply propagate the current state unchanged.
374 return;
375 }
376
377 // If we are here, we are loading the value of the decl and binding
378 // it to the block-level expression.
379
380 StateTy St = Pred->getState();
381
382 Nodify(Dst, D, Pred,
383 SetValue(St, D, GetValue(St, lval::DeclVal(D->getDecl()))));
384}
385
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]386void GRExprEngine::VisitCast(Expr* CastE, Expr* E, NodeTy* Pred, NodeSet& Dst) {
Ted Kremenek874d63f2008-01-24 02:02:54 +0000[diff] [blame]387
388 QualType T = CastE->getType();
389
390 // Check for redundant casts.
391 if (E->getType() == T) {
392 Dst.Add(Pred);
393 return;
394 }
395
396 NodeSet S1;
397 Visit(E, Pred, S1);
398
399 for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
400 NodeTy* N = *I1;
401 StateTy St = N->getState();
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]402 const RValue& V = GetValue(St, E);
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]403 Nodify(Dst, CastE, N, SetValue(St, CastE, EvalCast(ValMgr, V, CastE)));
Ted Kremenek874d63f2008-01-24 02:02:54 +0000[diff] [blame]404 }
Ted Kremenek9de04c42008-01-24 20:55:43 +0000[diff] [blame]405}
406
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]407void GRExprEngine::VisitDeclStmt(DeclStmt* DS, GRExprEngine::NodeTy* Pred,
408 GRExprEngine::NodeSet& Dst) {
Ted Kremenek9de04c42008-01-24 20:55:43 +0000[diff] [blame]409
410 StateTy St = Pred->getState();
411
412 for (const ScopedDecl* D = DS->getDecl(); D; D = D->getNextDeclarator())
Ted Kremenek403c1812008-01-28 22:51:57 +0000[diff] [blame]413 if (const VarDecl* VD = dyn_cast<VarDecl>(D)) {
414 const Expr* E = VD->getInit();
Ted Kremenek329f8542008-02-05 21:52:21 +0000[diff] [blame]415 St = SetValue(St, lval::DeclVal(VD),
Ted Kremenek22031182008-02-08 02:57:34 +0000[diff] [blame]416 E ? GetValue(St, E) : UninitializedVal());
Ted Kremenek403c1812008-01-28 22:51:57 +0000[diff] [blame]417 }
Ted Kremenek9de04c42008-01-24 20:55:43 +0000[diff] [blame]418
419 Nodify(Dst, DS, Pred, St);
420
421 if (Dst.empty())
422 Dst.Add(Pred);
423}
Ted Kremenek874d63f2008-01-24 02:02:54 +0000[diff] [blame]424
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]425
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]426void GRExprEngine::VisitGuardedExpr(Expr* S, Expr* LHS, Expr* RHS,
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]427 NodeTy* Pred, NodeSet& Dst) {
428
429 StateTy St = Pred->getState();
430
431 RValue R = GetValue(St, LHS);
Ted Kremenek22031182008-02-08 02:57:34 +0000[diff] [blame]432 if (isa<UnknownVal>(R)) R = GetValue(St, RHS);
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]433
434 Nodify(Dst, S, Pred, SetValue(St, S, R));
435}
436
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]437/// VisitSizeOfAlignOfTypeExpr - Transfer function for sizeof(type).
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]438void GRExprEngine::VisitSizeOfAlignOfTypeExpr(SizeOfAlignOfTypeExpr* S,
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]439 NodeTy* Pred,
440 NodeSet& Dst) {
441
442 // 6.5.3.4 sizeof: "The result type is an integer."
443
444 QualType T = S->getArgumentType();
445
446 // FIXME: Add support for VLAs.
447 if (isa<VariableArrayType>(T.getTypePtr()))
448 return;
449
450 SourceLocation L = S->getExprLoc();
451 uint64_t size = getContext().getTypeSize(T, L) / 8;
452
453 Nodify(Dst, S, Pred,
454 SetValue(Pred->getState(), S,
455 NonLValue::GetValue(ValMgr, size, getContext().IntTy, L)));
456
457}
458
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]459void GRExprEngine::VisitUnaryOperator(UnaryOperator* U,
460 GRExprEngine::NodeTy* Pred,
461 GRExprEngine::NodeSet& Dst) {
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]462
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]463 NodeSet S1;
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]464 UnaryOperator::Opcode Op = U->getOpcode();
465
466 // FIXME: This is a hack so that for '*' and '&' we don't recurse
467 // on visiting the subexpression if it is a DeclRefExpr. We should
468 // probably just handle AddrOf and Deref in their own methods to make
469 // this cleaner.
470 if ((Op == UnaryOperator::Deref || Op == UnaryOperator::AddrOf) &&
471 isa<DeclRefExpr>(U->getSubExpr()))
472 S1.Add(Pred);
473 else
474 Visit(U->getSubExpr(), Pred, S1);
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]475
476 for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
477 NodeTy* N1 = *I1;
478 StateTy St = N1->getState();
479
480 switch (U->getOpcode()) {
481 case UnaryOperator::PostInc: {
482 const LValue& L1 = GetLValue(St, U->getSubExpr());
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]483 NonLValue R1 = cast<NonLValue>(GetValue(St, L1));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]484
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]485 NonLValue Result = EvalBinaryOp(ValMgr, BinaryOperator::Add,
486 R1, GetRValueConstant(1U, U));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]487
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]488 Nodify(Dst, U, N1, SetValue(SetValue(St, U, R1), L1, Result));
489 break;
490 }
491
492 case UnaryOperator::PostDec: {
493 const LValue& L1 = GetLValue(St, U->getSubExpr());
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]494 NonLValue R1 = cast<NonLValue>(GetValue(St, L1));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]495
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]496 NonLValue Result = EvalBinaryOp(ValMgr, BinaryOperator::Sub,
497 R1, GetRValueConstant(1U, U));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]498
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]499 Nodify(Dst, U, N1, SetValue(SetValue(St, U, R1), L1, Result));
500 break;
501 }
502
503 case UnaryOperator::PreInc: {
504 const LValue& L1 = GetLValue(St, U->getSubExpr());
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]505 NonLValue R1 = cast<NonLValue>(GetValue(St, L1));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]506
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]507 NonLValue Result = EvalBinaryOp(ValMgr, BinaryOperator::Add,
508 R1, GetRValueConstant(1U, U));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]509
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]510 Nodify(Dst, U, N1, SetValue(SetValue(St, U, Result), L1, Result));
511 break;
512 }
513
514 case UnaryOperator::PreDec: {
515 const LValue& L1 = GetLValue(St, U->getSubExpr());
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]516 NonLValue R1 = cast<NonLValue>(GetValue(St, L1));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]517
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]518 NonLValue Result = EvalBinaryOp(ValMgr, BinaryOperator::Sub,
519 R1, GetRValueConstant(1U, U));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]520
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]521 Nodify(Dst, U, N1, SetValue(SetValue(St, U, Result), L1, Result));
522 break;
523 }
524
Ted Kremenekdacbb4f2008-01-24 08:20:02 +0000[diff] [blame]525 case UnaryOperator::Minus: {
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]526 const NonLValue& R1 = cast<NonLValue>(GetValue(St, U->getSubExpr()));
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]527 Nodify(Dst, U, N1, SetValue(St, U, EvalMinus(ValMgr, U, R1)));
Ted Kremenekdacbb4f2008-01-24 08:20:02 +0000[diff] [blame]528 break;
529 }
530
Ted Kremenekc5d3b4c2008-02-04 16:58:30 +0000[diff] [blame]531 case UnaryOperator::Not: {
532 const NonLValue& R1 = cast<NonLValue>(GetValue(St, U->getSubExpr()));
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]533 Nodify(Dst, U, N1, SetValue(St, U, EvalComplement(ValMgr, R1)));
Ted Kremenekc5d3b4c2008-02-04 16:58:30 +0000[diff] [blame]534 break;
535 }
536
Ted Kremenekc60f0f72008-02-06 17:56:00 +0000[diff] [blame]537 case UnaryOperator::LNot: {
538 // C99 6.5.3.3: "The expression !E is equivalent to (0==E)."
539 //
540 // Note: technically we do "E == 0", but this is the same in the
541 // transfer functions as "0 == E".
542
543 RValue V1 = GetValue(St, U->getSubExpr());
544
545 if (isa<LValue>(V1)) {
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]546 const LValue& L1 = cast<LValue>(V1);
547 lval::ConcreteInt V2(ValMgr.getZeroWithPtrWidth());
548 Nodify(Dst, U, N1,
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]549 SetValue(St, U, EvalBinaryOp(ValMgr, BinaryOperator::EQ,
550 L1, V2)));
Ted Kremenekc60f0f72008-02-06 17:56:00 +0000[diff] [blame]551 }
552 else {
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]553 const NonLValue& R1 = cast<NonLValue>(V1);
Ted Kremenekc60f0f72008-02-06 17:56:00 +0000[diff] [blame]554 nonlval::ConcreteInt V2(ValMgr.getZeroWithPtrWidth());
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]555 Nodify(Dst, U, N1,
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]556 SetValue(St, U, EvalBinaryOp(ValMgr, BinaryOperator::EQ,
557 R1, V2)));
Ted Kremenekc60f0f72008-02-06 17:56:00 +0000[diff] [blame]558 }
559
560 break;
561 }
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]562
563 case UnaryOperator::SizeOf: {
564 // 6.5.3.4 sizeof: "The result type is an integer."
565
566 QualType T = U->getSubExpr()->getType();
567
568 // FIXME: Add support for VLAs.
569 if (isa<VariableArrayType>(T.getTypePtr()))
570 return;
571
572 SourceLocation L = U->getExprLoc();
573 uint64_t size = getContext().getTypeSize(T, L) / 8;
574
575 Nodify(Dst, U, N1,
576 SetValue(St, U, NonLValue::GetValue(ValMgr, size,
577 getContext().IntTy, L)));
578
579 break;
580 }
Ted Kremenekc60f0f72008-02-06 17:56:00 +0000[diff] [blame]581
Ted Kremenek64924852008-01-31 02:35:41 +0000[diff] [blame]582 case UnaryOperator::AddrOf: {
583 const LValue& L1 = GetLValue(St, U->getSubExpr());
584 Nodify(Dst, U, N1, SetValue(St, U, L1));
585 break;
586 }
587
588 case UnaryOperator::Deref: {
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]589 // FIXME: Stop when dereferencing an uninitialized value.
590 // FIXME: Bifurcate when dereferencing a symbolic with no constraints?
591
592 const RValue& V = GetValue(St, U->getSubExpr());
593 const LValue& L1 = cast<LValue>(V);
594
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]595 // After a dereference, one of two possible situations arise:
596 // (1) A crash, because the pointer was NULL.
597 // (2) The pointer is not NULL, and the dereference works.
598 //
599 // We add these assumptions.
600
Ted Kremenek63a4f692008-02-07 06:04:18 +0000[diff] [blame]601 bool isFeasibleNotNull;
602
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]603 // "Assume" that the pointer is Not-NULL.
Ted Kremenek63a4f692008-02-07 06:04:18 +0000[diff] [blame]604 StateTy StNotNull = Assume(St, L1, true, isFeasibleNotNull);
605
606 if (isFeasibleNotNull) {
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]607 QualType T = U->getType();
608 Nodify(Dst, U, N1, SetValue(StNotNull, U,
609 GetValue(StNotNull, L1, &T)));
610 }
611
Ted Kremenek63a4f692008-02-07 06:04:18 +0000[diff] [blame]612 bool isFeasibleNull;
613
614 // "Assume" that the pointer is NULL.
615 StateTy StNull = Assume(St, L1, false, isFeasibleNull);
616
617 if (isFeasibleNull) {
Ted Kremenek7e593362008-02-07 15:20:13 +0000[diff] [blame]618 // We don't use "Nodify" here because the node will be a sink
619 // and we have no intention of processing it later.
620 NodeTy* NullNode = Builder->generateNode(U, StNull, N1);
621
Ted Kremenek63a4f692008-02-07 06:04:18 +0000[diff] [blame]622 if (NullNode) {
623 NullNode->markAsSink();
624
625 if (isFeasibleNotNull)
626 ImplicitNullDeref.insert(NullNode);
627 else
628 ExplicitNullDeref.insert(NullNode);
629 }
630 }
631
Ted Kremenek64924852008-01-31 02:35:41 +0000[diff] [blame]632 break;
633 }
634
Ted Kremenek7b8009a2008-01-24 02:28:56 +0000[diff] [blame]635 default: ;
636 assert (false && "Not implemented.");
637 }
638 }
639}
640
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]641void GRExprEngine::VisitAssignmentLHS(Expr* E, GRExprEngine::NodeTy* Pred,
642 GRExprEngine::NodeSet& Dst) {
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]643
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]644 if (isa<DeclRefExpr>(E)) {
645 Dst.Add(Pred);
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]646 return;
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]647 }
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]648
649 if (UnaryOperator* U = dyn_cast<UnaryOperator>(E)) {
650 if (U->getOpcode() == UnaryOperator::Deref) {
651 Visit(U->getSubExpr(), Pred, Dst);
652 return;
653 }
654 }
655
656 Visit(E, Pred, Dst);
657}
658
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]659void GRExprEngine::VisitBinaryOperator(BinaryOperator* B,
Ted Kremenekdaeb9a72008-02-13 23:08:21 +0000[diff] [blame]660 GRExprEngine::NodeTy* Pred,
661 GRExprEngine::NodeSet& Dst) {
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]662 NodeSet S1;
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]663
664 if (B->isAssignmentOp())
665 VisitAssignmentLHS(B->getLHS(), Pred, S1);
666 else
667 Visit(B->getLHS(), Pred, S1);
Ted Kremenekcb448ca2008-01-16 00:53:15 +0000[diff] [blame]668
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]669 for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
670 NodeTy* N1 = *I1;
Ted Kremeneke00fe3f2008-01-17 00:52:48 +0000[diff] [blame]671
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]672 // When getting the value for the LHS, check if we are in an assignment.
673 // In such cases, we want to (initially) treat the LHS as an LValue,
674 // so we use GetLValue instead of GetValue so that DeclRefExpr's are
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]675 // evaluated to LValueDecl's instead of to an NonLValue.
676 const RValue& V1 =
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]677 B->isAssignmentOp() ? GetLValue(N1->getState(), B->getLHS())
678 : GetValue(N1->getState(), B->getLHS());
Ted Kremenekcb448ca2008-01-16 00:53:15 +0000[diff] [blame]679
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]680 NodeSet S2;
681 Visit(B->getRHS(), N1, S2);
682
683 for (NodeSet::iterator I2=S2.begin(), E2=S2.end(); I2 != E2; ++I2) {
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]684
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]685 NodeTy* N2 = *I2;
686 StateTy St = N2->getState();
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]687 const RValue& V2 = GetValue(St, B->getRHS());
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]688
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]689 BinaryOperator::Opcode Op = B->getOpcode();
690
691 if (Op <= BinaryOperator::Or) {
692
Ted Kremenek22031182008-02-08 02:57:34 +0000[diff] [blame]693 if (isa<UnknownVal>(V1) || isa<UninitializedVal>(V1)) {
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]694 Nodify(Dst, B, N2, SetValue(St, B, V1));
695 continue;
696 }
697
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]698 if (isa<LValue>(V1)) {
699 // FIXME: Add support for RHS being a non-lvalue.
700 const LValue& L1 = cast<LValue>(V1);
701 const LValue& L2 = cast<LValue>(V2);
Ted Kremenek687af802008-01-29 19:43:15 +0000[diff] [blame]702
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]703 Nodify(Dst, B, N2, SetValue(St, B, EvalBinaryOp(ValMgr, Op, L1, L2)));
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]704 }
705 else {
Ted Kremenekbd03f1d2008-01-28 22:09:13 +0000[diff] [blame]706 const NonLValue& R1 = cast<NonLValue>(V1);
707 const NonLValue& R2 = cast<NonLValue>(V2);
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]708
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]709 Nodify(Dst, B, N2, SetValue(St, B, EvalBinaryOp(ValMgr, Op, R1, R2)));
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]710 }
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]711
712 continue;
Ted Kremenek3271f8d2008-02-07 04:16:04 +0000[diff] [blame]713
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]714 }
715
716 switch (Op) {
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]717 case BinaryOperator::Assign: {
718 const LValue& L1 = cast<LValue>(V1);
Ted Kremenek3434b082008-02-06 04:41:14 +0000[diff] [blame]719 Nodify(Dst, B, N2, SetValue(SetValue(St, B, V2), L1, V2));
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]720 break;
721 }
722
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]723 default: { // Compound assignment operators.
Ted Kremenek687af802008-01-29 19:43:15 +0000[diff] [blame]724
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]725 assert (B->isCompoundAssignmentOp());
726
727 const LValue& L1 = cast<LValue>(V1);
Ted Kremenek22031182008-02-08 02:57:34 +0000[diff] [blame]728 RValue Result = cast<NonLValue>(UnknownVal());
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]729
Ted Kremenekda9bd092008-02-08 07:05:39 +0000[diff] [blame]730 if (Op >= BinaryOperator::AndAssign)
731 ((int&) Op) -= (BinaryOperator::AndAssign - BinaryOperator::And);
732 else
733 ((int&) Op) -= BinaryOperator::MulAssign;
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]734
735 if (isa<LValue>(V2)) {
736 // FIXME: Add support for Non-LValues on RHS.
Ted Kremenek687af802008-01-29 19:43:15 +0000[diff] [blame]737 const LValue& L2 = cast<LValue>(V2);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]738 Result = EvalBinaryOp(ValMgr, Op, L1, L2);
Ted Kremenek687af802008-01-29 19:43:15 +0000[diff] [blame]739 }
740 else {
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]741 const NonLValue& R1 = cast<NonLValue>(GetValue(N1->getState(), L1));
Ted Kremenek687af802008-01-29 19:43:15 +0000[diff] [blame]742 const NonLValue& R2 = cast<NonLValue>(V2);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]743 Result = EvalBinaryOp(ValMgr, Op, R1, R2);
Ted Kremenek687af802008-01-29 19:43:15 +0000[diff] [blame]744 }
745
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]746 Nodify(Dst, B, N2, SetValue(SetValue(St, B, Result), L1, Result));
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]747 break;
Ted Kremenekcf78b6a2008-02-06 22:50:25 +0000[diff] [blame]748 }
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]749 }
Ted Kremenekcb448ca2008-01-16 00:53:15 +0000[diff] [blame]750 }
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]751 }
Ted Kremenekd27f8162008-01-15 23:55:06 +0000[diff] [blame]752}
Ted Kremenekee985462008-01-16 18:18:48 +0000[diff] [blame]753
Ted Kremenek1ccd31c2008-01-16 19:42:59 +0000[diff] [blame]754
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]755void GRExprEngine::Visit(Stmt* S, GRExprEngine::NodeTy* Pred,
756 GRExprEngine::NodeSet& Dst) {
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]757
758 // FIXME: add metadata to the CFG so that we can disable
759 // this check when we KNOW that there is no block-level subexpression.
760 // The motivation is that this check requires a hashtable lookup.
761
762 if (S != CurrentStmt && getCFG().isBlkExpr(S)) {
763 Dst.Add(Pred);
764 return;
765 }
766
767 switch (S->getStmtClass()) {
Ted Kremenek230aaab2008-02-12 21:37:25 +0000[diff] [blame]768
769 default:
770 // Cases we intentionally have "default" handle:
771 // AddrLabelExpr, CharacterLiteral, IntegerLiteral
772
773 Dst.Add(Pred); // No-op. Simply propagate the current state unchanged.
774 break;
775
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]776 case Stmt::BinaryOperatorClass: {
777 BinaryOperator* B = cast<BinaryOperator>(S);
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]778
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]779 if (B->isLogicalOp()) {
780 VisitLogicalExpr(B, Pred, Dst);
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]781 break;
782 }
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]783 else if (B->getOpcode() == BinaryOperator::Comma) {
Ted Kremenekda9bd092008-02-08 07:05:39 +0000[diff] [blame]784 StateTy St = Pred->getState();
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]785 Nodify(Dst, B, Pred, SetValue(St, B, GetValue(St, B->getRHS())));
Ted Kremenekda9bd092008-02-08 07:05:39 +0000[diff] [blame]786 break;
787 }
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]788
789 VisitBinaryOperator(cast<BinaryOperator>(S), Pred, Dst);
790 break;
791 }
792
793 case Stmt::CastExprClass: {
794 CastExpr* C = cast<CastExpr>(S);
795 VisitCast(C, C->getSubExpr(), Pred, Dst);
796 break;
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]797 }
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]798
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]799 case Stmt::ChooseExprClass: { // __builtin_choose_expr
800 ChooseExpr* C = cast<ChooseExpr>(S);
801 VisitGuardedExpr(C, C->getLHS(), C->getRHS(), Pred, Dst);
802 break;
803 }
Ted Kremenekf233d482008-02-05 00:26:40 +0000[diff] [blame]804
Ted Kremenekb4ae33f2008-01-23 23:38:00 +0000[diff] [blame]805 case Stmt::CompoundAssignOperatorClass:
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]806 VisitBinaryOperator(cast<BinaryOperator>(S), Pred, Dst);
807 break;
808
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]809 case Stmt::ConditionalOperatorClass: { // '?' operator
810 ConditionalOperator* C = cast<ConditionalOperator>(S);
811 VisitGuardedExpr(C, C->getLHS(), C->getRHS(), Pred, Dst);
812 break;
813 }
814
815 case Stmt::DeclRefExprClass:
816 VisitDeclRefExpr(cast<DeclRefExpr>(S), Pred, Dst);
817 break;
818
819 case Stmt::DeclStmtClass:
820 VisitDeclStmt(cast<DeclStmt>(S), Pred, Dst);
821 break;
822
823 case Stmt::ImplicitCastExprClass: {
824 ImplicitCastExpr* C = cast<ImplicitCastExpr>(S);
825 VisitCast(C, C->getSubExpr(), Pred, Dst);
826 break;
827 }
828
829 case Stmt::ParenExprClass:
830 Visit(cast<ParenExpr>(S)->getSubExpr(), Pred, Dst);
831 break;
832
833 case Stmt::SizeOfAlignOfTypeExprClass:
834 VisitSizeOfAlignOfTypeExpr(cast<SizeOfAlignOfTypeExpr>(S), Pred, Dst);
835 break;
836
Ted Kremenekda9bd092008-02-08 07:05:39 +0000[diff] [blame]837 case Stmt::StmtExprClass: {
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]838 StmtExpr* SE = cast<StmtExpr>(S);
839
Ted Kremenekda9bd092008-02-08 07:05:39 +0000[diff] [blame]840 StateTy St = Pred->getState();
Ted Kremenekd70b62e2008-02-08 20:29:23 +0000[diff] [blame]841 Expr* LastExpr = cast<Expr>(*SE->getSubStmt()->body_rbegin());
842 Nodify(Dst, SE, Pred, SetValue(St, SE, GetValue(St, LastExpr)));
Ted Kremenekda9bd092008-02-08 07:05:39 +0000[diff] [blame]843 break;
844 }
845
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]846 case Stmt::ReturnStmtClass: {
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]847 if (Expr* R = cast<ReturnStmt>(S)->getRetValue())
848 Visit(R, Pred, Dst);
849 else
850 Dst.Add(Pred);
851
852 break;
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]853 }
Ted Kremenek5b6dc2d2008-02-07 01:08:27 +0000[diff] [blame]854
Ted Kremenekd9435bf2008-02-12 19:49:57 +0000[diff] [blame]855 case Stmt::UnaryOperatorClass:
856 VisitUnaryOperator(cast<UnaryOperator>(S), Pred, Dst);
Ted Kremenek9de04c42008-01-24 20:55:43 +0000[diff] [blame]857 break;
Ted Kremenek79649df2008-01-17 18:25:22 +0000[diff] [blame]858 }
Ted Kremenek1ccd31c2008-01-16 19:42:59 +0000[diff] [blame]859}
860
Ted Kremenekee985462008-01-16 18:18:48 +0000[diff] [blame]861//===----------------------------------------------------------------------===//
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]862// "Assume" logic.
863//===----------------------------------------------------------------------===//
864
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]865GRExprEngine::StateTy GRExprEngine::Assume(StateTy St, LValue Cond,
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]866 bool Assumption,
Ted Kremeneka90ccfe2008-01-31 19:34:24 +0000[diff] [blame]867 bool& isFeasible) {
Ted Kremeneka6e4d212008-02-01 06:36:40 +0000[diff] [blame]868
869 switch (Cond.getSubKind()) {
870 default:
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]871 assert (false && "'Assume' not implemented for this LValue.");
Ted Kremeneka6e4d212008-02-01 06:36:40 +0000[diff] [blame]872 return St;
873
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]874 case lval::SymbolValKind:
875 if (Assumption)
876 return AssumeSymNE(St, cast<lval::SymbolVal>(Cond).getSymbol(),
877 ValMgr.getZeroWithPtrWidth(), isFeasible);
878 else
879 return AssumeSymEQ(St, cast<lval::SymbolVal>(Cond).getSymbol(),
880 ValMgr.getZeroWithPtrWidth(), isFeasible);
881
Ted Kremenek08b66252008-02-06 04:31:33 +0000[diff] [blame]882
Ted Kremenek329f8542008-02-05 21:52:21 +0000[diff] [blame]883 case lval::DeclValKind:
Ted Kremeneka6e4d212008-02-01 06:36:40 +0000[diff] [blame]884 isFeasible = Assumption;
885 return St;
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]886
Ted Kremenek329f8542008-02-05 21:52:21 +0000[diff] [blame]887 case lval::ConcreteIntKind: {
888 bool b = cast<lval::ConcreteInt>(Cond).getValue() != 0;
Ted Kremeneka6e4d212008-02-01 06:36:40 +0000[diff] [blame]889 isFeasible = b ? Assumption : !Assumption;
890 return St;
891 }
892 }
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]893}
894
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]895GRExprEngine::StateTy GRExprEngine::Assume(StateTy St, NonLValue Cond,
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]896 bool Assumption,
Ted Kremeneka90ccfe2008-01-31 19:34:24 +0000[diff] [blame]897 bool& isFeasible) {
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]898
899 switch (Cond.getSubKind()) {
900 default:
901 assert (false && "'Assume' not implemented for this NonLValue.");
902 return St;
903
Ted Kremenekfeb01f62008-02-06 17:32:17 +0000[diff] [blame]904
905 case nonlval::SymbolValKind: {
Ted Kremenek230aaab2008-02-12 21:37:25 +0000[diff] [blame]906 nonlval::SymbolVal& SV = cast<nonlval::SymbolVal>(Cond);
Ted Kremenekfeb01f62008-02-06 17:32:17 +0000[diff] [blame]907 SymbolID sym = SV.getSymbol();
908
909 if (Assumption)
910 return AssumeSymNE(St, sym, ValMgr.getValue(0, SymMgr.getType(sym)),
911 isFeasible);
912 else
913 return AssumeSymEQ(St, sym, ValMgr.getValue(0, SymMgr.getType(sym)),
914 isFeasible);
915 }
916
Ted Kremenek08b66252008-02-06 04:31:33 +0000[diff] [blame]917 case nonlval::SymIntConstraintValKind:
918 return
919 AssumeSymInt(St, Assumption,
920 cast<nonlval::SymIntConstraintVal>(Cond).getConstraint(),
921 isFeasible);
922
Ted Kremenek329f8542008-02-05 21:52:21 +0000[diff] [blame]923 case nonlval::ConcreteIntKind: {
924 bool b = cast<nonlval::ConcreteInt>(Cond).getValue() != 0;
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]925 isFeasible = b ? Assumption : !Assumption;
926 return St;
927 }
928 }
929}
930
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]931GRExprEngine::StateTy
932GRExprEngine::AssumeSymNE(StateTy St, SymbolID sym,
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]933 const llvm::APSInt& V, bool& isFeasible) {
934
935 // First, determine if sym == X, where X != V.
936 if (const llvm::APSInt* X = St.getSymVal(sym)) {
937 isFeasible = *X != V;
938 return St;
939 }
940
941 // Second, determine if sym != V.
942 if (St.isNotEqual(sym, V)) {
943 isFeasible = true;
944 return St;
945 }
946
947 // If we reach here, sym is not a constant and we don't know if it is != V.
948 // Make that assumption.
949
950 isFeasible = true;
951 return StateMgr.AddNE(St, sym, V);
952}
953
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]954GRExprEngine::StateTy
955GRExprEngine::AssumeSymEQ(StateTy St, SymbolID sym,
Ted Kremenek862d5bb2008-02-06 00:54:14 +0000[diff] [blame]956 const llvm::APSInt& V, bool& isFeasible) {
957
958 // First, determine if sym == X, where X != V.
959 if (const llvm::APSInt* X = St.getSymVal(sym)) {
960 isFeasible = *X == V;
961 return St;
962 }
963
964 // Second, determine if sym != V.
965 if (St.isNotEqual(sym, V)) {
966 isFeasible = false;
967 return St;
968 }
969
970 // If we reach here, sym is not a constant and we don't know if it is == V.
971 // Make that assumption.
972
973 isFeasible = true;
974 return StateMgr.AddEQ(St, sym, V);
975}
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]976
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]977GRExprEngine::StateTy
978GRExprEngine::AssumeSymInt(StateTy St, bool Assumption,
Ted Kremenek08b66252008-02-06 04:31:33 +0000[diff] [blame]979 const SymIntConstraint& C, bool& isFeasible) {
980
981 switch (C.getOpcode()) {
982 default:
983 // No logic yet for other operators.
984 return St;
985
986 case BinaryOperator::EQ:
987 if (Assumption)
988 return AssumeSymEQ(St, C.getSymbol(), C.getInt(), isFeasible);
989 else
990 return AssumeSymNE(St, C.getSymbol(), C.getInt(), isFeasible);
991
992 case BinaryOperator::NE:
993 if (Assumption)
994 return AssumeSymNE(St, C.getSymbol(), C.getInt(), isFeasible);
995 else
996 return AssumeSymEQ(St, C.getSymbol(), C.getInt(), isFeasible);
997 }
998}
999
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]1000//===----------------------------------------------------------------------===//
Ted Kremenekee985462008-01-16 18:18:48 +0000[diff] [blame]1001// Driver.
1002//===----------------------------------------------------------------------===//
1003
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1004#ifndef NDEBUG
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1005static GRExprEngine* GraphPrintCheckerState;
Ted Kremenek3b4f6702008-01-30 23:24:39 +0000[diff] [blame]1006
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1007namespace llvm {
1008template<>
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1009struct VISIBILITY_HIDDEN DOTGraphTraits<GRExprEngine::NodeTy*> :
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1010 public DefaultDOTGraphTraits {
Ted Kremenek016f52f2008-02-08 21:10:02 +0000[diff] [blame]1011
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1012 static void PrintVarBindings(std::ostream& Out, GRExprEngine::StateTy St) {
Ted Kremenek016f52f2008-02-08 21:10:02 +0000[diff] [blame]1013
1014 Out << "Variables:\\l";
1015
Ted Kremenek9ff731d2008-01-24 22:27:20 +0000[diff] [blame]1016 bool isFirst = true;
1017
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1018 for (GRExprEngine::StateTy::vb_iterator I=St.vb_begin(),
Ted Kremenek016f52f2008-02-08 21:10:02 +0000[diff] [blame]1019 E=St.vb_end(); I!=E;++I) {
1020
1021 if (isFirst)
1022 isFirst = false;
1023 else
1024 Out << "\\l";
1025
1026 Out << ' ' << I.getKey()->getName() << " : ";
1027 I.getData().print(Out);
1028 }
1029
1030 }
1031
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1032
Ted Kremenek44842c22008-02-13 18:06:44 +0000[diff] [blame]1033 static void PrintSubExprBindings(std::ostream& Out, GRExprEngine::StateTy St){
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1034
1035 bool isFirst = true;
1036
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1037 for (GRExprEngine::StateTy::seb_iterator I=St.seb_begin(), E=St.seb_end();
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1038 I != E;++I) {
1039
1040 if (isFirst) {
1041 Out << "\\l\\lSub-Expressions:\\l";
1042 isFirst = false;
1043 }
1044 else
1045 Out << "\\l";
1046
1047 Out << " (" << (void*) I.getKey() << ") ";
1048 I.getKey()->printPretty(Out);
1049 Out << " : ";
1050 I.getData().print(Out);
1051 }
1052 }
1053
Ted Kremenek44842c22008-02-13 18:06:44 +0000[diff] [blame]1054 static void PrintBlkExprBindings(std::ostream& Out, GRExprEngine::StateTy St){
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1055
Ted Kremenek016f52f2008-02-08 21:10:02 +0000[diff] [blame]1056 bool isFirst = true;
1057
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1058 for (GRExprEngine::StateTy::beb_iterator I=St.beb_begin(), E=St.beb_end();
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1059 I != E; ++I) {
Ted Kremenek9ff731d2008-01-24 22:27:20 +0000[diff] [blame]1060 if (isFirst) {
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1061 Out << "\\l\\lBlock-level Expressions:\\l";
Ted Kremenek9ff731d2008-01-24 22:27:20 +0000[diff] [blame]1062 isFirst = false;
1063 }
1064 else
1065 Out << "\\l";
Ted Kremenek016f52f2008-02-08 21:10:02 +0000[diff] [blame]1066
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1067 Out << " (" << (void*) I.getKey() << ") ";
1068 I.getKey()->printPretty(Out);
Ted Kremenek9ff731d2008-01-24 22:27:20 +0000[diff] [blame]1069 Out << " : ";
1070 I.getData().print(Out);
1071 }
1072 }
1073
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1074 static void PrintEQ(std::ostream& Out, GRExprEngine::StateTy St) {
Ted Kremeneked4de312008-02-06 03:56:15 +0000[diff] [blame]1075 ValueState::ConstantEqTy CE = St.getImpl()->ConstantEq;
1076
1077 if (CE.isEmpty())
1078 return;
1079
1080 Out << "\\l\\|'==' constraints:";
1081
1082 for (ValueState::ConstantEqTy::iterator I=CE.begin(), E=CE.end(); I!=E;++I)
1083 Out << "\\l $" << I.getKey() << " : " << I.getData()->toString();
1084 }
1085
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1086 static void PrintNE(std::ostream& Out, GRExprEngine::StateTy St) {
Ted Kremeneked4de312008-02-06 03:56:15 +0000[diff] [blame]1087 ValueState::ConstantNotEqTy NE = St.getImpl()->ConstantNotEq;
1088
1089 if (NE.isEmpty())
1090 return;
1091
1092 Out << "\\l\\|'!=' constraints:";
1093
1094 for (ValueState::ConstantNotEqTy::iterator I=NE.begin(), EI=NE.end();
1095 I != EI; ++I){
1096
1097 Out << "\\l $" << I.getKey() << " : ";
1098 bool isFirst = true;
1099
1100 ValueState::IntSetTy::iterator J=I.getData().begin(),
1101 EJ=I.getData().end();
1102 for ( ; J != EJ; ++J) {
1103 if (isFirst) isFirst = false;
1104 else Out << ", ";
1105
1106 Out << (*J)->toString();
1107 }
1108 }
1109 }
1110
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1111 static std::string getNodeLabel(const GRExprEngine::NodeTy* N, void*) {
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1112 std::ostringstream Out;
Ted Kremenek803c9ed2008-01-23 22:30:44 +0000[diff] [blame]1113
1114 // Program Location.
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1115 ProgramPoint Loc = N->getLocation();
1116
1117 switch (Loc.getKind()) {
1118 case ProgramPoint::BlockEntranceKind:
1119 Out << "Block Entrance: B"
1120 << cast<BlockEntrance>(Loc).getBlock()->getBlockID();
1121 break;
1122
1123 case ProgramPoint::BlockExitKind:
1124 assert (false);
1125 break;
1126
1127 case ProgramPoint::PostStmtKind: {
1128 const PostStmt& L = cast<PostStmt>(Loc);
Ted Kremenek9ff731d2008-01-24 22:27:20 +0000[diff] [blame]1129 Out << L.getStmt()->getStmtClassName() << ':'
1130 << (void*) L.getStmt() << ' ';
1131
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1132 L.getStmt()->printPretty(Out);
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]1133
1134 if (GraphPrintCheckerState->isImplicitNullDeref(N)) {
1135 Out << "\\|Implicit-Null Dereference.\\l";
1136 }
Ted Kremenek63a4f692008-02-07 06:04:18 +0000[diff] [blame]1137 else if (GraphPrintCheckerState->isExplicitNullDeref(N)) {
1138 Out << "\\|Explicit-Null Dereference.\\l";
1139 }
Ted Kremenekd131c4f2008-02-07 05:48:01 +0000[diff] [blame]1140
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1141 break;
1142 }
1143
1144 default: {
1145 const BlockEdge& E = cast<BlockEdge>(Loc);
1146 Out << "Edge: (B" << E.getSrc()->getBlockID() << ", B"
1147 << E.getDst()->getBlockID() << ')';
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]1148
1149 if (Stmt* T = E.getSrc()->getTerminator()) {
1150 Out << "\\|Terminator: ";
1151 E.getSrc()->printTerminator(Out);
1152
Ted Kremenekdaeb9a72008-02-13 23:08:21 +0000[diff] [blame]1153 if (isa<SwitchStmt>(T)) {
1154 Stmt* Label = E.getDst()->getLabel();
1155
1156 if (Label) {
1157 if (CaseStmt* C = dyn_cast<CaseStmt>(Label)) {
1158 Out << "\\lcase ";
1159 C->getLHS()->printPretty(Out);
1160
1161 if (Stmt* RHS = C->getRHS()) {
1162 Out << " .. ";
1163 RHS->printPretty(Out);
1164 }
1165
1166 Out << ":";
1167 }
1168 else {
1169 assert (isa<DefaultStmt>(Label));
1170 Out << "\\ldefault:";
1171 }
1172 }
1173 else
1174 Out << "\\l(implicit) default:";
1175 }
1176 else if (isa<IndirectGotoStmt>(T)) {
Ted Kremenekb38911f2008-01-30 23:03:39 +0000[diff] [blame]1177 // FIXME
1178 }
1179 else {
1180 Out << "\\lCondition: ";
1181 if (*E.getSrc()->succ_begin() == E.getDst())
1182 Out << "true";
1183 else
1184 Out << "false";
1185 }
1186
1187 Out << "\\l";
1188 }
Ted Kremenek3b4f6702008-01-30 23:24:39 +0000[diff] [blame]1189
1190 if (GraphPrintCheckerState->isUninitControlFlow(N)) {
1191 Out << "\\|Control-flow based on\\lUninitialized value.\\l";
1192 }
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1193 }
1194 }
1195
Ted Kremenek9153f732008-02-05 07:17:49 +0000[diff] [blame]1196 Out << "\\|StateID: " << (void*) N->getState().getImpl() << "\\|";
Ted Kremenek016f52f2008-02-08 21:10:02 +0000[diff] [blame]1197
Ted Kremeneke7d22112008-02-11 19:21:59 +0000[diff] [blame]1198 N->getState().printDOT(Out);
Ted Kremenek803c9ed2008-01-23 22:30:44 +0000[diff] [blame]1199
Ted Kremenek803c9ed2008-01-23 22:30:44 +0000[diff] [blame]1200 Out << "\\l";
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1201 return Out.str();
1202 }
1203};
1204} // end llvm namespace
1205#endif
1206
Ted Kremenekee985462008-01-16 18:18:48 +0000[diff] [blame]1207namespace clang {
Ted Kremenek0ee25712008-02-13 17:45:18 +0000[diff] [blame]1208void RunGRConstants(CFG& cfg, FunctionDecl& FD, ASTContext& Ctx,
Ted Kremenek19227e32008-02-07 06:33:19 +0000[diff] [blame]1209 Diagnostic& Diag) {
1210
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1211 GRCoreEngine<GRExprEngine> Engine(cfg, FD, Ctx);
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]1212 GRExprEngine* CheckerState = &Engine.getCheckerState();
Ted Kremenek77349cb2008-02-14 22:13:12 +0000[diff] [blame^]1213 GRSimpleVals GRSV;
1214 CheckerState->setTransferFunctions(GRSV);
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]1215
1216 // Execute the worklist algorithm.
Ted Kremenek19227e32008-02-07 06:33:19 +0000[diff] [blame]1217 Engine.ExecuteWorkList();
1218
1219 // Look for explicit-Null dereferences and warn about them.
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]1220
Ted Kremenek19227e32008-02-07 06:33:19 +0000[diff] [blame]1221
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1222 for (GRExprEngine::null_iterator I=CheckerState->null_begin(),
Ted Kremenek19227e32008-02-07 06:33:19 +0000[diff] [blame]1223 E=CheckerState->null_end(); I!=E; ++I) {
1224
1225 const PostStmt& L = cast<PostStmt>((*I)->getLocation());
1226 Expr* E = cast<Expr>(L.getStmt());
1227
1228 Diag.Report(FullSourceLoc(E->getExprLoc(), Ctx.getSourceManager()),
1229 diag::chkr_null_deref_after_check);
1230 }
1231
1232
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1233#ifndef NDEBUG
Ted Kremenek19227e32008-02-07 06:33:19 +0000[diff] [blame]1234 GraphPrintCheckerState = CheckerState;
Ted Kremenek4d4dd852008-02-13 17:41:41 +0000[diff] [blame]1235 llvm::ViewGraph(*Engine.getGraph().roots_begin(),"GRExprEngine");
Ted Kremenek3b4f6702008-01-30 23:24:39 +0000[diff] [blame]1236 GraphPrintCheckerState = NULL;
Ted Kremenekaa66a322008-01-16 21:46:15 +0000[diff] [blame]1237#endif
Ted Kremenekee985462008-01-16 18:18:48 +0000[diff] [blame]1238}
Ted Kremenekab2b8c52008-01-23 19:59:44 +0000[diff] [blame]1239} // end clang namespace