lib/Checker/BuiltinFunctionChecker.cpp

   1 //=== BuiltinFunctionChecker.cpp --------------------------------*- C++ -*-===//
   2 //
   3 //                     The LLVM Compiler Infrastructure
   4 //
   5 // This file is distributed under the University of Illinois Open Source
   6 // License. See LICENSE.TXT for details.
   7 //
   8 //===----------------------------------------------------------------------===//
   9 //
  10 // This checker evaluates clang builtin functions.
  11 //
  12 //===----------------------------------------------------------------------===//
  13
  14 #include "GRExprEngineInternalChecks.h"
  15 #include "clang/GR/PathSensitive/Checker.h"
  16 #include "clang/Basic/Builtins.h"
  17
  18 using namespace clang;
  19
  20 namespace {
  21
  22 class BuiltinFunctionChecker : public Checker {
  23 public:
  24   static void *getTag() { static int tag = 0; return &tag; }
  25   virtual bool evalCallExpr(CheckerContext &C, const CallExpr *CE);
  26 };
  27
  28 }
  29
  30 void clang::RegisterBuiltinFunctionChecker(GRExprEngine &Eng) {
  31   Eng.registerCheck(new BuiltinFunctionChecker());
  32 }
  33
  34 bool BuiltinFunctionChecker::evalCallExpr(CheckerContext &C,const CallExpr *CE){
  35   const GRState *state = C.getState();
  36   const Expr *Callee = CE->getCallee();
  37   SVal L = state->getSVal(Callee);
  38   const FunctionDecl *FD = L.getAsFunctionDecl();
  39
  40   if (!FD)
  41     return false;
  42
  43   unsigned id = FD->getBuiltinID();
  44
  45   if (!id)
  46     return false;
  47
  48   switch (id) {
  49   case Builtin::BI__builtin_expect: {
  50     // For __builtin_expect, just return the value of the subexpression.
  51     assert (CE->arg_begin() != CE->arg_end());
  52     SVal X = state->getSVal(*(CE->arg_begin()));
  53     C.generateNode(state->BindExpr(CE, X));
  54     return true;
  55   }
  56
  57   case Builtin::BI__builtin_alloca: {
  58     // FIXME: Refactor into StoreManager itself?
  59     MemRegionManager& RM = C.getStoreManager().getRegionManager();
  60     const AllocaRegion* R =
  61       RM.getAllocaRegion(CE, C.getNodeBuilder().getCurrentBlockCount(),
  62                          C.getPredecessor()->getLocationContext());
  63
  64     // Set the extent of the region in bytes. This enables us to use the
  65     // SVal of the argument directly. If we save the extent in bits, we
  66     // cannot represent values like symbol*8.
  67     DefinedOrUnknownSVal Size =
  68       cast<DefinedOrUnknownSVal>(state->getSVal(*(CE->arg_begin())));
  69
  70     SValBuilder& svalBuilder = C.getSValBuilder();
  71     DefinedOrUnknownSVal Extent = R->getExtent(svalBuilder);
  72     DefinedOrUnknownSVal extentMatchesSizeArg =
  73       svalBuilder.evalEQ(state, Extent, Size);
  74     state = state->assume(extentMatchesSizeArg, true);
  75
  76     C.generateNode(state->BindExpr(CE, loc::MemRegionVal(R)));
  77     return true;
  78   }
  79   }
  80
  81   return false;
  82 }