Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / d71ed26dd80cdfebb5bb49000cce538e6c9a90e3 / . / lib / Analysis / GRSimpleVals.cpp
blob: c350ab9752addab80caf130745f3c25cbf0cf876 [file] [log] [blame]
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]1// GRSimpleVals.cpp - Transfer functions for tracking simple values -*- C++ -*--
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
Gabor Greif843e9342008-03-06 10:40:09 +0000[diff] [blame]10// This file defines GRSimpleVals, a sub-class of GRTransferFuncs that
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]11// provides transfer functions for performing simple value tracking with
12// limited support for symbolics.
13//
14//===----------------------------------------------------------------------===//
15
16#include "GRSimpleVals.h"
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]17#include "BasicObjCFoundationChecks.h"
Ted Kremenek87abc032008-04-02 22:03:53 +0000[diff] [blame]18#include "clang/Basic/SourceManager.h"
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]19#include "clang/Analysis/PathDiagnostic.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]20#include "clang/Analysis/PathSensitive/ValueState.h"
21#include "clang/Analysis/PathSensitive/BugReporter.h"
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame^]22#include "clang/Analysis/LocalCheckers.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]23#include "llvm/Support/Compiler.h"
Ted Kremenek5c061212008-02-27 17:56:16 +0000[diff] [blame]24#include <sstream>
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]25
26using namespace clang;
27
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame]28//===----------------------------------------------------------------------===//
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame]29// Utility functions.
30//===----------------------------------------------------------------------===//
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]31
Chris Lattner3ae30f82008-04-06 04:22:39 +0000[diff] [blame]32template <typename ITERATOR> inline
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]33ExplodedNode<ValueState>* GetNode(ITERATOR I) {
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]34 return *I;
35}
36
Chris Lattner3ae30f82008-04-06 04:22:39 +0000[diff] [blame]37template <> inline
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]38ExplodedNode<ValueState>* GetNode(GRExprEngine::undef_arg_iterator I) {
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]39 return I->first;
40}
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame]41
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]42template <typename ITER>
43void GenericEmitWarnings(BugReporter& BR, const BugType& D,
44 ITER I, ITER E) {
45
46 for (; I != E; ++I) {
47 BugReport R(D);
48 BR.EmitPathWarning(R, GetNode(I));
49 }
50}
51
52//===----------------------------------------------------------------------===//
53// Bug Descriptions.
54//===----------------------------------------------------------------------===//
55
56namespace {
57
58class VISIBILITY_HIDDEN NullDeref : public BugType {
59public:
60 virtual const char* getName() const {
61 return "null dereference";
62 }
63
64 virtual const char* getDescription() const {
65 return "Dereference of null pointer.";
66 }
67
68 virtual void EmitWarnings(BugReporter& BR) {
69 GRExprEngine& Eng = BR.getEngine();
70 GenericEmitWarnings(BR, *this, Eng.null_derefs_begin(),
71 Eng.null_derefs_end());
72 }
73};
74
75class VISIBILITY_HIDDEN UndefDeref : public BugType {
76public:
77 virtual const char* getName() const {
78 return "bad dereference";
79 }
80
81 virtual const char* getDescription() const {
82 return "Dereference of undefined value.";
83 }
84
85 virtual void EmitWarnings(BugReporter& BR) {
86 GRExprEngine& Eng = BR.getEngine();
87 GenericEmitWarnings(BR, *this, Eng.undef_derefs_begin(),
88 Eng.undef_derefs_end());
89 }
90};
91
92class VISIBILITY_HIDDEN UndefBranch : public BugType {
93public:
94 virtual const char* getName() const {
95 return "uninitialized value";
96 }
97
98 virtual const char* getDescription() const {
99 return "Branch condition evaluates to an uninitialized value.";
100 }
101
102 virtual void EmitWarnings(BugReporter& BR) {
103 GRExprEngine& Eng = BR.getEngine();
104 GenericEmitWarnings(BR, *this, Eng.undef_branches_begin(),
105 Eng.undef_branches_end());
106 }
107};
108
109class VISIBILITY_HIDDEN DivZero : public BugType {
110public:
111 virtual const char* getName() const {
112 return "divide-by-zero";
113 }
114
115 virtual const char* getDescription() const {
116 return "Division by zero/undefined value.";
117 }
118
119 virtual void EmitWarnings(BugReporter& BR) {
120 GRExprEngine& Eng = BR.getEngine();
121 GenericEmitWarnings(BR, *this, Eng.explicit_bad_divides_begin(),
122 Eng.explicit_bad_divides_end());
123 }
124};
125
126class VISIBILITY_HIDDEN UndefResult : public BugType {
127public:
128 virtual const char* getName() const {
129 return "undefined result";
130 }
131
132 virtual const char* getDescription() const {
133 return "Result of operation is undefined.";
134 }
135
136 virtual void EmitWarnings(BugReporter& BR) {
137 GRExprEngine& Eng = BR.getEngine();
138 GenericEmitWarnings(BR, *this, Eng.undef_results_begin(),
Ted Kremenek4d35dac2008-04-10 16:05:13 +0000[diff] [blame]139 Eng.undef_results_end());
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]140 }
141};
142
143class VISIBILITY_HIDDEN BadCall : public BugType {
144public:
145 virtual const char* getName() const {
146 return "invalid function call";
147 }
148
149 virtual const char* getDescription() const {
150 return "Called function is a NULL or undefined function pointer value.";
151 }
152
153 virtual void EmitWarnings(BugReporter& BR) {
154 GRExprEngine& Eng = BR.getEngine();
155 GenericEmitWarnings(BR, *this, Eng.bad_calls_begin(),
Ted Kremenek4d35dac2008-04-10 16:05:13 +0000[diff] [blame]156 Eng.bad_calls_end());
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]157 }
158};
159
160
161class VISIBILITY_HIDDEN BadArg : public BugType {
162protected:
163
164 class Report : public BugReport {
165 const SourceRange R;
166 public:
167 Report(BugType& D, Expr* E) : BugReport(D), R(E->getSourceRange()) {}
168 virtual ~Report() {}
169
170 virtual void getRanges(const SourceRange*& B, const SourceRange*& E) const {
171 B = &R;
172 E = B+1;
173 }
174 };
175
176public:
177
178 virtual ~BadArg() {}
179
180 virtual const char* getName() const {
181 return "bad argument";
182 }
183
184 virtual const char* getDescription() const {
185 return "Pass-by-value argument in function is undefined.";
186 }
187
188 virtual void EmitWarnings(BugReporter& BR) {
189 GRExprEngine& Eng = BR.getEngine();
190
191 for (GRExprEngine::UndefArgsTy::iterator I = Eng.undef_arg_begin(),
192 E = Eng.undef_arg_end(); I!=E; ++I) {
193
194 // Generate a report for this bug.
195 Report report(*this, I->second);
196
197 // Emit the warning.
198 BR.EmitPathWarning(report, I->first);
199 }
200
201 }
202};
203
204class VISIBILITY_HIDDEN BadMsgExprArg : public BadArg {
205public:
206 virtual const char* getName() const {
207 return "bad argument";
208 }
209
210 virtual const char* getDescription() const {
211 return "Pass-by-value argument in message expression is undefined.";
212 }
213
214 virtual void EmitWarnings(BugReporter& BR) {
215 GRExprEngine& Eng = BR.getEngine();
216
217 for (GRExprEngine::UndefArgsTy::iterator I=Eng.msg_expr_undef_arg_begin(),
Ted Kremenek4d35dac2008-04-10 16:05:13 +0000[diff] [blame]218 E = Eng.msg_expr_undef_arg_end(); I!=E; ++I) {
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]219
220 // Generate a report for this bug.
221 Report report(*this, I->second);
222
223 // Emit the warning.
224 BR.EmitPathWarning(report, I->first);
225 }
226
227 }
228};
229
230class VISIBILITY_HIDDEN BadReceiver : public BugType {
231
232 class Report : public BugReport {
233 SourceRange R;
234 public:
235 Report(BugType& D, ExplodedNode<ValueState> *N) : BugReport(D) {
236 Stmt *S = cast<PostStmt>(N->getLocation()).getStmt();
237 Expr* E = cast<ObjCMessageExpr>(S)->getReceiver();
238 assert (E && "Receiver cannot be NULL");
239 R = E->getSourceRange();
240 }
241
242 virtual ~Report() {}
243
244 virtual void getRanges(const SourceRange*& B, const SourceRange*& E) const {
245 B = &R;
246 E = B+1;
247 }
248 };
249
250public:
251 virtual const char* getName() const {
252 return "bad receiver";
253 }
254
255 virtual const char* getDescription() const {
256 return "Receiver in message expression is an uninitialized value.";
257 }
258
259 virtual void EmitWarnings(BugReporter& BR) {
260 GRExprEngine& Eng = BR.getEngine();
261
262 for (GRExprEngine::UndefReceiversTy::iterator I=Eng.undef_receivers_begin(),
263 E = Eng.undef_receivers_end(); I!=E; ++I) {
264
265 // Generate a report for this bug.
266 Report report(*this, *I);
267
268 // Emit the warning.
269 BR.EmitPathWarning(report, *I);
270 }
271 }
272};
273
274class VISIBILITY_HIDDEN RetStack : public BugType {
275public:
276 virtual const char* getName() const {
277 return "return of stack address";
278 }
279
280 virtual const char* getDescription() const {
281 return "Address of stack-allocated variable returned.";
282 }
283
284 virtual void EmitWarnings(BugReporter& BR) {
285 GRExprEngine& Eng = BR.getEngine();
286 GenericEmitWarnings(BR, *this, Eng.ret_stackaddr_begin(),
Ted Kremenek4d35dac2008-04-10 16:05:13 +0000[diff] [blame]287 Eng.ret_stackaddr_end());
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]288 }
289};
290
291} // end anonymous namespace
292
293void GRSimpleVals::RegisterChecks(GRExprEngine& Eng) {
294 Eng.Register(new NullDeref());
295 Eng.Register(new UndefDeref());
296 Eng.Register(new UndefBranch());
297 Eng.Register(new DivZero());
298 Eng.Register(new UndefResult());
299 Eng.Register(new BadCall());
300 Eng.Register(new RetStack());
301 Eng.Register(new BadArg());
302 Eng.Register(new BadMsgExprArg());
303 Eng.Register(new BadReceiver());
304
305 // Add extra checkers.
306
307 GRSimpleAPICheck* FoundationCheck =
308 CreateBasicObjCFoundationChecks(Eng.getContext(), &Eng.getStateManager());
309
310 Eng.AddObjCMessageExprCheck(FoundationCheck);
311}
312
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame]313//===----------------------------------------------------------------------===//
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame^]314// Transfer Function creation for External clients.
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]315//===----------------------------------------------------------------------===//
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]316
Ted Kremenekd71ed262008-04-10 22:16:52 +0000[diff] [blame^]317GRTransferFuncs* clang::MakeGRSimpleValsTF() { return new GRSimpleVals(); }
Ted Kremeneke01c9872008-02-14 22:36:46 +0000[diff] [blame]318
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]319//===----------------------------------------------------------------------===//
320// Transfer function for Casts.
321//===----------------------------------------------------------------------===//
322
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]323RVal GRSimpleVals::EvalCast(GRExprEngine& Eng, NonLVal X, QualType T) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]324
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]325 if (!isa<nonlval::ConcreteInt>(X))
326 return UnknownVal();
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]327
328 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]329
330 llvm::APSInt V = cast<nonlval::ConcreteInt>(X).getValue();
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]331 V.setIsUnsigned(T->isUnsignedIntegerType() || T->isPointerType()
332 || T->isObjCQualifiedIdType());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]333 V.extOrTrunc(Eng.getContext().getTypeSize(T));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]334
Ted Kremenek9ef1ec92008-02-21 18:43:30 +0000[diff] [blame]335 if (T->isPointerType())
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]336 return lval::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]337 else
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]338 return nonlval::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]339}
340
341// Casts.
342
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]343RVal GRSimpleVals::EvalCast(GRExprEngine& Eng, LVal X, QualType T) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]344
Chris Lattner423a3c92008-04-02 17:45:06 +0000[diff] [blame]345 if (T->isPointerLikeType() || T->isObjCQualifiedIdType())
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]346 return X;
347
Ted Kremenek9ef1ec92008-02-21 18:43:30 +0000[diff] [blame]348 assert (T->isIntegerType());
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]349
350 if (!isa<lval::ConcreteInt>(X))
351 return UnknownVal();
352
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]353 BasicValueFactory& BasicVals = Eng.getBasicVals();
354
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]355 llvm::APSInt V = cast<lval::ConcreteInt>(X).getValue();
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]356 V.setIsUnsigned(T->isUnsignedIntegerType() || T->isPointerType());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]357 V.extOrTrunc(Eng.getContext().getTypeSize(T));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]358
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]359 return nonlval::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]360}
361
362// Unary operators.
363
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]364RVal GRSimpleVals::EvalMinus(GRExprEngine& Eng, UnaryOperator* U, NonLVal X){
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]365
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]366 switch (X.getSubKind()) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]367
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]368 case nonlval::ConcreteIntKind:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]369 return cast<nonlval::ConcreteInt>(X).EvalMinus(Eng.getBasicVals(), U);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]370
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]371 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]372 return UnknownVal();
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]373 }
374}
375
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]376RVal GRSimpleVals::EvalComplement(GRExprEngine& Eng, NonLVal X) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]377
Ted Kremenek90e42032008-02-20 04:12:31 +0000[diff] [blame]378 switch (X.getSubKind()) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]379
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]380 case nonlval::ConcreteIntKind:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]381 return cast<nonlval::ConcreteInt>(X).EvalComplement(Eng.getBasicVals());
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]382
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]383 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]384 return UnknownVal();
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]385 }
386}
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]387
388// Binary operators.
389
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]390RVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
391 NonLVal L, NonLVal R) {
392
393 BasicValueFactory& BasicVals = Eng.getBasicVals();
394
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]395 while (1) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]396
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]397 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]398 default:
Ted Kremenek9258a642008-02-21 19:10:12 +0000[diff] [blame]399 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]400
401 case nonlval::ConcreteIntKind:
402
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]403 if (isa<nonlval::ConcreteInt>(R)) {
404 const nonlval::ConcreteInt& L_CI = cast<nonlval::ConcreteInt>(L);
405 const nonlval::ConcreteInt& R_CI = cast<nonlval::ConcreteInt>(R);
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]406 return L_CI.EvalBinOp(BasicVals, Op, R_CI);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]407 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]408 else {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]409 NonLVal tmp = R;
410 R = L;
411 L = tmp;
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]412 continue;
413 }
414
415 case nonlval::SymbolValKind: {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]416
417 if (isa<nonlval::ConcreteInt>(R)) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]418 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]419 BasicVals.getConstraint(cast<nonlval::SymbolVal>(L).getSymbol(), Op,
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]420 cast<nonlval::ConcreteInt>(R).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]421
422 return nonlval::SymIntConstraintVal(C);
423 }
424 else
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]425 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]426 }
427 }
428 }
429}
430
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]431
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]432// Binary Operators (except assignments and comma).
433
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]434RVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]435 LVal L, LVal R) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]436
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]437 switch (Op) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]438
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]439 default:
440 return UnknownVal();
441
442 case BinaryOperator::EQ:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]443 return EvalEQ(Eng, L, R);
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]444
445 case BinaryOperator::NE:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]446 return EvalNE(Eng, L, R);
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]447 }
448}
449
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]450// Pointer arithmetic.
451
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]452RVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]453 LVal L, NonLVal R) {
454 return UnknownVal();
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]455}
456
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]457// Equality operators for LVals.
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]458
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]459RVal GRSimpleVals::EvalEQ(GRExprEngine& Eng, LVal L, LVal R) {
460
461 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]462
463 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]464
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]465 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]466 assert(false && "EQ not implemented for this LVal.");
467 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]468
469 case lval::ConcreteIntKind:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]470
471 if (isa<lval::ConcreteInt>(R)) {
472 bool b = cast<lval::ConcreteInt>(L).getValue() ==
473 cast<lval::ConcreteInt>(R).getValue();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]474
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]475 return NonLVal::MakeIntTruthVal(BasicVals, b);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]476 }
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]477 else if (isa<lval::SymbolVal>(R)) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]478
479 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]480 BasicVals.getConstraint(cast<lval::SymbolVal>(R).getSymbol(),
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]481 BinaryOperator::EQ,
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]482 cast<lval::ConcreteInt>(L).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]483
484 return nonlval::SymIntConstraintVal(C);
485 }
486
487 break;
488
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]489 case lval::SymbolValKind: {
490
491 if (isa<lval::ConcreteInt>(R)) {
492 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]493 BasicVals.getConstraint(cast<lval::SymbolVal>(L).getSymbol(),
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]494 BinaryOperator::EQ,
495 cast<lval::ConcreteInt>(R).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]496
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]497 return nonlval::SymIntConstraintVal(C);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]498 }
499
Ted Kremenekf700df22008-02-22 18:41:59 +0000[diff] [blame]500 // FIXME: Implement == for lval Symbols. This is mainly useful
501 // in iterator loops when traversing a buffer, e.g. while(z != zTerm).
502 // Since this is not useful for many checkers we'll punt on this for
503 // now.
504
505 return UnknownVal();
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]506 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]507
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]508 case lval::DeclValKind:
Ted Kremenekdc3936b2008-02-22 00:54:56 +0000[diff] [blame]509 case lval::FuncValKind:
510 case lval::GotoLabelKind:
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]511 return NonLVal::MakeIntTruthVal(BasicVals, L == R);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]512 }
513
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]514 return NonLVal::MakeIntTruthVal(BasicVals, false);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]515}
516
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]517RVal GRSimpleVals::EvalNE(GRExprEngine& Eng, LVal L, LVal R) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]518
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]519 BasicValueFactory& BasicVals = Eng.getBasicVals();
520
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]521 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]522
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]523 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]524 assert(false && "NE not implemented for this LVal.");
525 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]526
527 case lval::ConcreteIntKind:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]528
529 if (isa<lval::ConcreteInt>(R)) {
530 bool b = cast<lval::ConcreteInt>(L).getValue() !=
531 cast<lval::ConcreteInt>(R).getValue();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]532
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]533 return NonLVal::MakeIntTruthVal(BasicVals, b);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]534 }
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]535 else if (isa<lval::SymbolVal>(R)) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]536 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]537 BasicVals.getConstraint(cast<lval::SymbolVal>(R).getSymbol(),
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]538 BinaryOperator::NE,
539 cast<lval::ConcreteInt>(L).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]540
541 return nonlval::SymIntConstraintVal(C);
542 }
543
544 break;
545
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]546 case lval::SymbolValKind: {
547 if (isa<lval::ConcreteInt>(R)) {
548 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]549 BasicVals.getConstraint(cast<lval::SymbolVal>(L).getSymbol(),
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]550 BinaryOperator::NE,
551 cast<lval::ConcreteInt>(R).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]552
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]553 return nonlval::SymIntConstraintVal(C);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]554 }
555
Ted Kremenekf700df22008-02-22 18:41:59 +0000[diff] [blame]556 // FIXME: Implement != for lval Symbols. This is mainly useful
557 // in iterator loops when traversing a buffer, e.g. while(z != zTerm).
558 // Since this is not useful for many checkers we'll punt on this for
559 // now.
560
561 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]562
563 break;
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]564 }
565
566 case lval::DeclValKind:
Ted Kremenekdc3936b2008-02-22 00:54:56 +0000[diff] [blame]567 case lval::FuncValKind:
568 case lval::GotoLabelKind:
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]569 return NonLVal::MakeIntTruthVal(BasicVals, L != R);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]570 }
571
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]572 return NonLVal::MakeIntTruthVal(BasicVals, true);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]573}
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]574
575//===----------------------------------------------------------------------===//
576// Transfer function for Function Calls.
577//===----------------------------------------------------------------------===//
578
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]579void GRSimpleVals::EvalCall(ExplodedNodeSet<ValueState>& Dst,
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]580 GRExprEngine& Eng,
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]581 GRStmtNodeBuilder<ValueState>& Builder,
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]582 CallExpr* CE, LVal L,
583 ExplodedNode<ValueState>* Pred) {
584
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]585 ValueStateManager& StateMgr = Eng.getStateManager();
586 ValueState* St = Builder.GetState(Pred);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]587
588 // Invalidate all arguments passed in by reference (LVals).
589
590 for (CallExpr::arg_iterator I = CE->arg_begin(), E = CE->arg_end();
591 I != E; ++I) {
592
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]593 RVal V = StateMgr.GetRVal(St, *I);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]594
595 if (isa<LVal>(V))
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]596 St = StateMgr.SetRVal(St, cast<LVal>(V), UnknownVal());
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]597 }
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]598
599 // Make up a symbol for the return value of this function.
600
601 if (CE->getType() != Eng.getContext().VoidTy) {
602 unsigned Count = Builder.getCurrentBlockCount();
Ted Kremenek361fa8e2008-03-12 21:45:47 +0000[diff] [blame]603 SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]604
605 RVal X = CE->getType()->isPointerType()
606 ? cast<RVal>(lval::SymbolVal(Sym))
607 : cast<RVal>(nonlval::SymbolVal(Sym));
608
609 St = StateMgr.SetRVal(St, CE, X, Eng.getCFG().isBlkExpr(CE), false);
610 }
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]611
Ted Kremenek0e561a32008-03-21 21:30:14 +0000[diff] [blame]612 Builder.MakeNode(Dst, CE, Pred, St);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]613}