Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / dd5981177b3d2677cf3d14bd3e454264a3c3c39b / . / lib / Analysis / GRSimpleVals.cpp
blob: 0c62ae70c359f9dc7087d91fef39373cded57992 [file] [log] [blame]
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]1// GRSimpleVals.cpp - Transfer functions for tracking simple values -*- C++ -*--
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
Gabor Greif843e9342008-03-06 10:40:09 +0000[diff] [blame]10// This file defines GRSimpleVals, a sub-class of GRTransferFuncs that
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]11// provides transfer functions for performing simple value tracking with
12// limited support for symbolics.
13//
14//===----------------------------------------------------------------------===//
15
16#include "GRSimpleVals.h"
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]17#include "BasicObjCFoundationChecks.h"
Ted Kremenek0f5f0592008-02-27 06:07:00 +0000[diff] [blame]18#include "clang/Analysis/PathSensitive/ValueState.h"
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]19#include "clang/Analysis/PathDiagnostic.h"
Ted Kremenek5c061212008-02-27 17:56:16 +0000[diff] [blame]20#include <sstream>
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]21
22using namespace clang;
23
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]24//===----------------------------------------------------------------------===//
25// Bug Descriptions.
26//===----------------------------------------------------------------------===//
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]27
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]28namespace bugdesc {
29
30struct NullDeref {
31 static const char* getName() { return "Null pointer dereference"; }
32
33 static PathDiagnosticPiece* getEndPath(SourceManager& SMgr,
34 ExplodedNode<ValueState> *N);
35};
36
37PathDiagnosticPiece* NullDeref::getEndPath(SourceManager& SMgr,
38 ExplodedNode<ValueState> *N) {
39
40 Expr* E = cast<Expr>(cast<PostStmt>(N->getLocation()).getStmt());
41
42 // FIXME: Do better ranges for different kinds of null dereferences.
43
44 FullSourceLoc L(E->getLocStart(), SMgr);
45
46 PathDiagnosticPiece* P = new PathDiagnosticPiece(L, getName());
47 P->addRange(E->getSourceRange());
48
49 return P;
50}
51
52} // end namespace: bugdesc
53
54//===----------------------------------------------------------------------===//
55// Utility functions.
56//===----------------------------------------------------------------------===//
57
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]58template <typename ITERATOR>
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]59static inline ExplodedNode<ValueState>* GetNode(ITERATOR I) {
60 return *I;
61}
62
63template <>
64static inline ExplodedNode<ValueState>*
65GetNode(GRExprEngine::undef_arg_iterator I) {
66 return I->first;
67}
68
69template <typename ITERATOR>
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]70static inline ProgramPoint GetLocation(ITERATOR I) {
71 return (*I)->getLocation();
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]72}
73
74template <>
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]75static inline ProgramPoint GetLocation(GRExprEngine::undef_arg_iterator I) {
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]76 return I->first->getLocation();
77}
78
79static inline Stmt* GetStmt(const ProgramPoint& P) {
80 if (const PostStmt* PS = dyn_cast<PostStmt>(&P)) {
81 return PS->getStmt();
82 }
83 else if (const BlockEdge* BE = dyn_cast<BlockEdge>(&P)) {
84 return BE->getSrc()->getTerminator();
85 }
86
87 assert (false && "Unsupported ProgramPoint.");
88 return NULL;
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]89}
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]90
91//===----------------------------------------------------------------------===//
92// Pathless Warnings
93//===----------------------------------------------------------------------===//
94
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]95template <typename ITERATOR>
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]96static void EmitDiag(Diagnostic& Diag, PathDiagnosticClient* PD,
97 SourceManager& SrcMgr,
98unsigned ErrorDiag, ITERATOR I) {
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]99
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]100 Stmt* S = GetStmt(GetLocation(I));
Ted Kremenek5297e5f2008-03-31 18:44:32 +0000[diff] [blame]101 SourceRange R = S->getSourceRange();
102 Diag.Report(PD, FullSourceLoc(S->getLocStart(), SrcMgr), ErrorDiag,
103 NULL, 0, &R, 1);
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]104}
105
106
107template <>
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]108static void EmitDiag(Diagnostic& Diag, PathDiagnosticClient* PD,
109 SourceManager& SrcMgr, unsigned ErrorDiag,
110 GRExprEngine::undef_arg_iterator I) {
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]111
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]112 Stmt* S1 = GetStmt(GetLocation(I));
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]113 Expr* E2 = cast<Expr>(I->second);
114
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]115 SourceLocation Loc = S1->getLocStart();
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]116 SourceRange R = E2->getSourceRange();
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]117 Diag.Report(PD, FullSourceLoc(Loc, SrcMgr), ErrorDiag, 0, 0, &R, 1);
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]118}
119
120template <typename ITERATOR>
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]121static void EmitWarning(Diagnostic& Diag, PathDiagnosticClient* PD,
122 SourceManager& SrcMgr,
123 ITERATOR I, ITERATOR E, const char* msg) {
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]124
Ted Kremenek5c061212008-02-27 17:56:16 +0000[diff] [blame]125 std::ostringstream Out;
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]126 std::string Str(msg);
Ted Kremenek6bb205c2008-03-31 20:42:43 +0000[diff] [blame]127
128 if (!PD) {
129 Out << "[CHECKER] " << msg;
Ted Kremeneka6fb4e02008-04-01 22:35:58 +0000[diff] [blame]130 Str = Out.str();
131 msg = Str.c_str();
Ted Kremenek6bb205c2008-03-31 20:42:43 +0000[diff] [blame]132 }
Ted Kremenek5c061212008-02-27 17:56:16 +0000[diff] [blame]133
Ted Kremenek2bebc402008-02-27 20:47:56 +0000[diff] [blame]134 bool isFirst = true;
Ted Kremenekd9d1cbf2008-03-15 07:58:36 +0000[diff] [blame]135 unsigned ErrorDiag = 0;
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]136 llvm::SmallPtrSet<void*,10> CachedErrors;
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]137
138 for (; I != E; ++I) {
139
140 if (isFirst) {
141 isFirst = false;
142 ErrorDiag = Diag.getCustomDiagID(Diagnostic::Warning, msg);
143 }
Ted Kremenek5c61e7a2008-02-28 20:38:16 +0000[diff] [blame]144 else {
145
146 // HACK: Cache the location of the error. Don't emit the same
147 // warning for the same error type that occurs at the same program
148 // location but along a different path.
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]149 void* p = GetLocation(I).getRawData();
Ted Kremenek5c61e7a2008-02-28 20:38:16 +0000[diff] [blame]150
151 if (CachedErrors.count(p))
152 continue;
153
154 CachedErrors.insert(p);
155 }
Ted Kremenek1e80aa42008-03-04 00:42:54 +0000[diff] [blame]156
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]157 EmitDiag(Diag, PD, SrcMgr, ErrorDiag, I);
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]158 }
159}
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]160
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]161//===----------------------------------------------------------------------===//
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]162// Path warnings.
163//===----------------------------------------------------------------------===//
164
165static void GeneratePathDiagnostic(PathDiagnostic& PD,
166 SourceManager& SMgr,
167 ExplodedNode<ValueState>* N) {
168
169 if (N->pred_empty())
170 return;
171
172 N = *(N->pred_begin());
173
174 ProgramPoint P = N->getLocation();
175
176 if (const BlockEdge* BE = dyn_cast<BlockEdge>(&P)) {
177
178 CFGBlock* Src = BE->getSrc();
179 CFGBlock* Dst = BE->getDst();
180
181 // FIXME: Better handling for switches.
182
183 if (Src->succ_size() == 2) {
184
185 Stmt* T = Src->getTerminator();
186
187 if (!Src)
188 return;
189
190 FullSourceLoc L(T->getLocStart(), SMgr);
191
192 if (*(Src->succ_begin()+1) == Dst)
193 PD.push_front(new PathDiagnosticPiece(L, "Taking false branch."));
194 else
195 PD.push_front(new PathDiagnosticPiece(L, "Taking true branch."));
196 }
197 }
198
199 GeneratePathDiagnostic(PD, SMgr, N);
200}
201
202template <typename ITERATOR, typename DESC>
203static void Report(PathDiagnosticClient& PDC, SourceManager& SMgr, DESC,
204 ITERATOR I, ITERATOR E) {
205
206
207 if (I == E)
208 return;
209
210 const char* BugName = DESC::getName();
211
212 llvm::SmallPtrSet<void*,10> CachedErrors;
213
214 for (; I != E; ++I) {
215
216 // HACK: Cache the location of the error. Don't emit the same
217 // warning for the same error type that occurs at the same program
218 // location but along a different path.
219 void* p = GetLocation(I).getRawData();
220
221 if (CachedErrors.count(p))
222 continue;
223
224 CachedErrors.insert(p);
225
226 // Create the PathDiagnostic.
227
228 PathDiagnostic D(BugName);
229
230 // Get the end-of-path diagnostic.
231 D.push_back(DESC::getEndPath(SMgr, GetNode(I)));
232
233 // Generate the rest of the diagnostic.
234 GeneratePathDiagnostic(D, SMgr, GetNode(I));
235
236 PDC.HandlePathDiagnostic(D);
237 }
238}
239
240
241//===----------------------------------------------------------------------===//
Ted Kremenek503d6132008-04-02 05:15:22 +0000[diff] [blame]242// Analysis Driver.
243//===----------------------------------------------------------------------===//
244
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]245namespace clang {
246
Ted Kremenek63bbe532008-03-14 17:31:00 +0000[diff] [blame]247unsigned RunGRSimpleVals(CFG& cfg, Decl& CD, ASTContext& Ctx,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]248 Diagnostic& Diag, PathDiagnosticClient* PD,
249 bool Visualize, bool TrimGraph) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]250
Ted Kremenek63bbe532008-03-14 17:31:00 +0000[diff] [blame]251 GRCoreEngine<GRExprEngine> Eng(cfg, CD, Ctx);
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]252 GRExprEngine* CS = &Eng.getCheckerState();
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]253
254 // Set base transfer functions.
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]255 GRSimpleVals GRSV;
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]256 CS->setTransferFunctions(GRSV);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]257
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]258 // Add extra checkers.
259 llvm::OwningPtr<GRSimpleAPICheck> FoundationCheck(
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]260 CreateBasicObjCFoundationChecks(Ctx, &CS->getStateManager()));
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]261
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]262 CS->AddObjCMessageExprCheck(FoundationCheck.get());
Ted Kremenek52755612008-03-27 17:17:22 +0000[diff] [blame]263
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]264 // Execute the worklist algorithm.
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]265 Eng.ExecuteWorkList(120000);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]266
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]267 SourceManager& SrcMgr = Ctx.getSourceManager();
268
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]269 if (!PD)
270 EmitWarning(Diag, PD, SrcMgr,
271 CS->null_derefs_begin(), CS->null_derefs_end(),
272 "Dereference of NULL pointer.");
273 else
274 Report(*PD, SrcMgr, bugdesc::NullDeref(),
275 CS->null_derefs_begin(), CS->null_derefs_end());
276
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]277
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]278 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]279 CS->undef_derefs_begin(),
280 CS->undef_derefs_end(),
Ted Kremenek4a4e5242008-02-28 09:25:22 +0000[diff] [blame]281 "Dereference of undefined value.");
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]282
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]283 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]284 CS->undef_branches_begin(),
285 CS->undef_branches_end(),
Ted Kremenekdbfe41a2008-03-25 16:40:05 +0000[diff] [blame]286 "Branch condition evaluates to an uninitialized value.");
Ted Kremenekd87a3212008-02-26 21:31:18 +0000[diff] [blame]287
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]288 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]289 CS->explicit_bad_divides_begin(),
290 CS->explicit_bad_divides_end(),
Ted Kremenek4a4e5242008-02-28 09:25:22 +0000[diff] [blame]291 "Division by zero/undefined value.");
Ted Kremenek8cc13ea2008-02-28 20:32:03 +0000[diff] [blame]292
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]293 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]294 CS->undef_results_begin(),
295 CS->undef_results_end(),
Ted Kremenek8cc13ea2008-02-28 20:32:03 +0000[diff] [blame]296 "Result of operation is undefined.");
Ted Kremenek5e03fcb2008-02-29 23:14:48 +0000[diff] [blame]297
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]298 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]299 CS->bad_calls_begin(),
300 CS->bad_calls_end(),
Ted Kremenek5e03fcb2008-02-29 23:14:48 +0000[diff] [blame]301 "Call using a NULL or undefined function pointer value.");
Ted Kremenek2ded35a2008-02-29 23:53:11 +0000[diff] [blame]302
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]303 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]304 CS->undef_arg_begin(),
305 CS->undef_arg_end(),
Ted Kremenekdbfe41a2008-03-25 16:40:05 +0000[diff] [blame]306 "Pass-by-value argument in function is undefined.");
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]307
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]308 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]309 CS->msg_expr_undef_arg_begin(),
310 CS->msg_expr_undef_arg_end(),
Ted Kremenekdbfe41a2008-03-25 16:40:05 +0000[diff] [blame]311 "Pass-by-value argument in message expression is undefined.");
312
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]313 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]314 CS->undef_receivers_begin(),
315 CS->undef_receivers_end(),
Ted Kremenekdbfe41a2008-03-25 16:40:05 +0000[diff] [blame]316 "Receiver in message expression is an uninitialized value.");
Ted Kremenek02737ed2008-03-31 15:02:58 +0000[diff] [blame]317
Ted Kremenek4dc41cc2008-03-31 18:26:32 +0000[diff] [blame]318 EmitWarning(Diag, PD, SrcMgr,
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]319 CS->ret_stackaddr_begin(),
320 CS->ret_stackaddr_end(),
Ted Kremenek02737ed2008-03-31 15:02:58 +0000[diff] [blame]321 "Address of stack-allocated variable returned.");
Ted Kremenekdbfe41a2008-03-25 16:40:05 +0000[diff] [blame]322
Ted Kremeneke5d5c202008-03-27 21:15:17 +0000[diff] [blame]323 FoundationCheck.get()->ReportResults(Diag);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]324#ifndef NDEBUG
Ted Kremenekdd598112008-04-02 07:05:46 +0000[diff] [blame^]325 if (Visualize) CS->ViewGraph(TrimGraph);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]326#endif
327
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]328 return Eng.getGraph().size();
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]329}
330
Ted Kremeneke01c9872008-02-14 22:36:46 +0000[diff] [blame]331} // end clang namespace
332
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]333//===----------------------------------------------------------------------===//
334// Transfer function for Casts.
335//===----------------------------------------------------------------------===//
336
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]337RVal GRSimpleVals::EvalCast(GRExprEngine& Eng, NonLVal X, QualType T) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]338
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]339 if (!isa<nonlval::ConcreteInt>(X))
340 return UnknownVal();
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]341
342 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]343
344 llvm::APSInt V = cast<nonlval::ConcreteInt>(X).getValue();
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]345 V.setIsUnsigned(T->isUnsignedIntegerType() || T->isPointerType()
346 || T->isObjCQualifiedIdType());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]347 V.extOrTrunc(Eng.getContext().getTypeSize(T));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]348
Ted Kremenek9ef1ec92008-02-21 18:43:30 +0000[diff] [blame]349 if (T->isPointerType())
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]350 return lval::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]351 else
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]352 return nonlval::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]353}
354
355// Casts.
356
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]357RVal GRSimpleVals::EvalCast(GRExprEngine& Eng, LVal X, QualType T) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]358
Ted Kremenek1b9df4c2008-03-14 18:14:50 +0000[diff] [blame]359 if (T->isPointerType() || T->isReferenceType() || T->isObjCQualifiedIdType())
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]360 return X;
361
Ted Kremenek9ef1ec92008-02-21 18:43:30 +0000[diff] [blame]362 assert (T->isIntegerType());
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]363
364 if (!isa<lval::ConcreteInt>(X))
365 return UnknownVal();
366
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]367 BasicValueFactory& BasicVals = Eng.getBasicVals();
368
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]369 llvm::APSInt V = cast<lval::ConcreteInt>(X).getValue();
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]370 V.setIsUnsigned(T->isUnsignedIntegerType() || T->isPointerType());
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]371 V.extOrTrunc(Eng.getContext().getTypeSize(T));
Ted Kremenekd59cccc2008-02-14 18:28:23 +0000[diff] [blame]372
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]373 return nonlval::ConcreteInt(BasicVals.getValue(V));
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]374}
375
376// Unary operators.
377
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]378RVal GRSimpleVals::EvalMinus(GRExprEngine& Eng, UnaryOperator* U, NonLVal X){
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]379
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]380 switch (X.getSubKind()) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]381
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]382 case nonlval::ConcreteIntKind:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]383 return cast<nonlval::ConcreteInt>(X).EvalMinus(Eng.getBasicVals(), U);
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]384
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]385 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]386 return UnknownVal();
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]387 }
388}
389
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]390RVal GRSimpleVals::EvalComplement(GRExprEngine& Eng, NonLVal X) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]391
Ted Kremenek90e42032008-02-20 04:12:31 +0000[diff] [blame]392 switch (X.getSubKind()) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]393
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]394 case nonlval::ConcreteIntKind:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]395 return cast<nonlval::ConcreteInt>(X).EvalComplement(Eng.getBasicVals());
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]396
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]397 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]398 return UnknownVal();
Ted Kremenekc3f261d2008-02-14 18:40:24 +0000[diff] [blame]399 }
400}
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]401
402// Binary operators.
403
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]404RVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
405 NonLVal L, NonLVal R) {
406
407 BasicValueFactory& BasicVals = Eng.getBasicVals();
408
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]409 while (1) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]410
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]411 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]412 default:
Ted Kremenek9258a642008-02-21 19:10:12 +0000[diff] [blame]413 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]414
415 case nonlval::ConcreteIntKind:
416
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]417 if (isa<nonlval::ConcreteInt>(R)) {
418 const nonlval::ConcreteInt& L_CI = cast<nonlval::ConcreteInt>(L);
419 const nonlval::ConcreteInt& R_CI = cast<nonlval::ConcreteInt>(R);
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]420 return L_CI.EvalBinOp(BasicVals, Op, R_CI);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]421 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]422 else {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]423 NonLVal tmp = R;
424 R = L;
425 L = tmp;
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]426 continue;
427 }
428
429 case nonlval::SymbolValKind: {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]430
431 if (isa<nonlval::ConcreteInt>(R)) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]432 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]433 BasicVals.getConstraint(cast<nonlval::SymbolVal>(L).getSymbol(), Op,
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]434 cast<nonlval::ConcreteInt>(R).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]435
436 return nonlval::SymIntConstraintVal(C);
437 }
438 else
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]439 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]440 }
441 }
442 }
443}
444
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]445
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]446// Binary Operators (except assignments and comma).
447
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]448RVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]449 LVal L, LVal R) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]450
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]451 switch (Op) {
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]452
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]453 default:
454 return UnknownVal();
455
456 case BinaryOperator::EQ:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]457 return EvalEQ(Eng, L, R);
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]458
459 case BinaryOperator::NE:
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]460 return EvalNE(Eng, L, R);
Ted Kremenekc6fbdcd2008-02-15 23:15:23 +0000[diff] [blame]461 }
462}
463
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]464// Pointer arithmetic.
465
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]466RVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]467 LVal L, NonLVal R) {
468 return UnknownVal();
Ted Kremenekb640b3b2008-02-15 00:52:26 +0000[diff] [blame]469}
470
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]471// Equality operators for LVals.
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]472
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]473RVal GRSimpleVals::EvalEQ(GRExprEngine& Eng, LVal L, LVal R) {
474
475 BasicValueFactory& BasicVals = Eng.getBasicVals();
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]476
477 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]478
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]479 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]480 assert(false && "EQ not implemented for this LVal.");
481 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]482
483 case lval::ConcreteIntKind:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]484
485 if (isa<lval::ConcreteInt>(R)) {
486 bool b = cast<lval::ConcreteInt>(L).getValue() ==
487 cast<lval::ConcreteInt>(R).getValue();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]488
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]489 return NonLVal::MakeIntTruthVal(BasicVals, b);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]490 }
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]491 else if (isa<lval::SymbolVal>(R)) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]492
493 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]494 BasicVals.getConstraint(cast<lval::SymbolVal>(R).getSymbol(),
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]495 BinaryOperator::EQ,
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]496 cast<lval::ConcreteInt>(L).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]497
498 return nonlval::SymIntConstraintVal(C);
499 }
500
501 break;
502
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]503 case lval::SymbolValKind: {
504
505 if (isa<lval::ConcreteInt>(R)) {
506 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]507 BasicVals.getConstraint(cast<lval::SymbolVal>(L).getSymbol(),
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]508 BinaryOperator::EQ,
509 cast<lval::ConcreteInt>(R).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]510
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]511 return nonlval::SymIntConstraintVal(C);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]512 }
513
Ted Kremenekf700df22008-02-22 18:41:59 +0000[diff] [blame]514 // FIXME: Implement == for lval Symbols. This is mainly useful
515 // in iterator loops when traversing a buffer, e.g. while(z != zTerm).
516 // Since this is not useful for many checkers we'll punt on this for
517 // now.
518
519 return UnknownVal();
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]520 }
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]521
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]522 case lval::DeclValKind:
Ted Kremenekdc3936b2008-02-22 00:54:56 +0000[diff] [blame]523 case lval::FuncValKind:
524 case lval::GotoLabelKind:
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]525 return NonLVal::MakeIntTruthVal(BasicVals, L == R);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]526 }
527
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]528 return NonLVal::MakeIntTruthVal(BasicVals, false);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]529}
530
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]531RVal GRSimpleVals::EvalNE(GRExprEngine& Eng, LVal L, LVal R) {
Ted Kremenek692416c2008-02-18 22:57:02 +0000[diff] [blame]532
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]533 BasicValueFactory& BasicVals = Eng.getBasicVals();
534
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]535 switch (L.getSubKind()) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]536
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]537 default:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]538 assert(false && "NE not implemented for this LVal.");
539 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]540
541 case lval::ConcreteIntKind:
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]542
543 if (isa<lval::ConcreteInt>(R)) {
544 bool b = cast<lval::ConcreteInt>(L).getValue() !=
545 cast<lval::ConcreteInt>(R).getValue();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]546
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]547 return NonLVal::MakeIntTruthVal(BasicVals, b);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]548 }
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]549 else if (isa<lval::SymbolVal>(R)) {
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]550 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]551 BasicVals.getConstraint(cast<lval::SymbolVal>(R).getSymbol(),
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]552 BinaryOperator::NE,
553 cast<lval::ConcreteInt>(L).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]554
555 return nonlval::SymIntConstraintVal(C);
556 }
557
558 break;
559
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]560 case lval::SymbolValKind: {
561 if (isa<lval::ConcreteInt>(R)) {
562 const SymIntConstraint& C =
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]563 BasicVals.getConstraint(cast<lval::SymbolVal>(L).getSymbol(),
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]564 BinaryOperator::NE,
565 cast<lval::ConcreteInt>(R).getValue());
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]566
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]567 return nonlval::SymIntConstraintVal(C);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]568 }
569
Ted Kremenekf700df22008-02-22 18:41:59 +0000[diff] [blame]570 // FIXME: Implement != for lval Symbols. This is mainly useful
571 // in iterator loops when traversing a buffer, e.g. while(z != zTerm).
572 // Since this is not useful for many checkers we'll punt on this for
573 // now.
574
575 return UnknownVal();
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]576
577 break;
Ted Kremenekaa1c4e52008-02-21 18:02:17 +0000[diff] [blame]578 }
579
580 case lval::DeclValKind:
Ted Kremenekdc3936b2008-02-22 00:54:56 +0000[diff] [blame]581 case lval::FuncValKind:
582 case lval::GotoLabelKind:
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]583 return NonLVal::MakeIntTruthVal(BasicVals, L != R);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]584 }
585
Ted Kremenek240f1f02008-03-07 20:13:31 +0000[diff] [blame]586 return NonLVal::MakeIntTruthVal(BasicVals, true);
Ted Kremenek6cb0b542008-02-14 19:37:24 +0000[diff] [blame]587}
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]588
589//===----------------------------------------------------------------------===//
590// Transfer function for Function Calls.
591//===----------------------------------------------------------------------===//
592
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]593void GRSimpleVals::EvalCall(ExplodedNodeSet<ValueState>& Dst,
Ted Kremenek00a3a5f2008-03-12 01:21:45 +0000[diff] [blame]594 GRExprEngine& Eng,
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]595 GRStmtNodeBuilder<ValueState>& Builder,
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]596 CallExpr* CE, LVal L,
597 ExplodedNode<ValueState>* Pred) {
598
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]599 ValueStateManager& StateMgr = Eng.getStateManager();
600 ValueState* St = Builder.GetState(Pred);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]601
602 // Invalidate all arguments passed in by reference (LVals).
603
604 for (CallExpr::arg_iterator I = CE->arg_begin(), E = CE->arg_end();
605 I != E; ++I) {
606
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]607 RVal V = StateMgr.GetRVal(St, *I);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]608
609 if (isa<LVal>(V))
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]610 St = StateMgr.SetRVal(St, cast<LVal>(V), UnknownVal());
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]611 }
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]612
613 // Make up a symbol for the return value of this function.
614
615 if (CE->getType() != Eng.getContext().VoidTy) {
616 unsigned Count = Builder.getCurrentBlockCount();
Ted Kremenek361fa8e2008-03-12 21:45:47 +0000[diff] [blame]617 SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
Ted Kremenekf923a912008-03-12 21:04:07 +0000[diff] [blame]618
619 RVal X = CE->getType()->isPointerType()
620 ? cast<RVal>(lval::SymbolVal(Sym))
621 : cast<RVal>(nonlval::SymbolVal(Sym));
622
623 St = StateMgr.SetRVal(St, CE, X, Eng.getCFG().isBlkExpr(CE), false);
624 }
Ted Kremenek330dddd2008-03-05 00:33:14 +0000[diff] [blame]625
Ted Kremenek0e561a32008-03-21 21:30:14 +0000[diff] [blame]626 Builder.MakeNode(Dst, CE, Pred, St);
Ted Kremenek06747692008-02-26 23:04:29 +0000[diff] [blame]627}