search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[analyzer] Refactoring: include/clang/Checker -> include/clang/GR
[clang.git] / lib / Checker / Environment.cpp
blob5846d6aceed998f987346dd281f0cebe5ff78f8c
1 //== Environment.cpp - Map from Stmt* to Locations/Values -------*- C++ -*--==//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file defined the Environment and EnvironmentManager classes.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "clang/Analysis/AnalysisContext.h"
15 #include "clang/Analysis/CFG.h"
16 #include "clang/GR/PathSensitive/GRState.h"
17
18 using namespace clang;
19
20 SVal Environment::lookupExpr(const Stmt* E) const {
21 const SVal* X = ExprBindings.lookup(E);
22 if (X) {
23 SVal V = *X;
24 return V;
25 }
26 return UnknownVal();
27 }
28
29 SVal Environment::getSVal(const Stmt *E, SValBuilder& svalBuilder) const {
30 for (;;) {
31 switch (E->getStmtClass()) {
32 case Stmt::AddrLabelExprClass:
33 return svalBuilder.makeLoc(cast<AddrLabelExpr>(E));
34 case Stmt::ParenExprClass:
35 // ParenExprs are no-ops.
36 E = cast<ParenExpr>(E)->getSubExpr();
37 continue;
38 case Stmt::CharacterLiteralClass: {
39 const CharacterLiteral* C = cast<CharacterLiteral>(E);
40 return svalBuilder.makeIntVal(C->getValue(), C->getType());
41 }
42 case Stmt::CXXBoolLiteralExprClass: {
43 const SVal *X = ExprBindings.lookup(E);
44 if (X)
45 return *X;
46 else
47 return svalBuilder.makeIntVal(cast<CXXBoolLiteralExpr>(E));
48 }
49 case Stmt::IntegerLiteralClass: {
50 // In C++, this expression may have been bound to a temporary object.
51 SVal const *X = ExprBindings.lookup(E);
52 if (X)
53 return *X;
54 else
55 return svalBuilder.makeIntVal(cast<IntegerLiteral>(E));
56 }
57 case Stmt::ImplicitCastExprClass:
58 case Stmt::CStyleCastExprClass: {
59 // We blast through no-op casts to get the descendant
60 // subexpression that has a value.
61 const CastExpr* C = cast<CastExpr>(E);
62 QualType CT = C->getType();
63 if (CT->isVoidType())
64 return UnknownVal();
65 if (C->getCastKind() == CK_NoOp) {
66 E = C->getSubExpr();
67 continue;
68 }
69 break;
70 }
71 case Stmt::ExprWithCleanupsClass:
72 E = cast<ExprWithCleanups>(E)->getSubExpr();
73 continue;
74 case Stmt::CXXBindTemporaryExprClass:
75 E = cast<CXXBindTemporaryExpr>(E)->getSubExpr();
76 continue;
77 case Stmt::CXXFunctionalCastExprClass:
78 E = cast<CXXFunctionalCastExpr>(E)->getSubExpr();
79 continue;
80 // Handle all other Stmt* using a lookup.
81 default:
82 break;
83 };
84 break;
85 }
86 return lookupExpr(E);
87 }
88
89 Environment EnvironmentManager::bindExpr(Environment Env, const Stmt *S,
90 SVal V, bool Invalidate) {
91 assert(S);
92
93 if (V.isUnknown()) {
94 if (Invalidate)
95 return Environment(F.remove(Env.ExprBindings, S));
96 else
97 return Env;
98 }
99
100 return Environment(F.add(Env.ExprBindings, S, V));
101 }
102
103 static inline const Stmt *MakeLocation(const Stmt *S) {
104 return (const Stmt*) (((uintptr_t) S) | 0x1);
105 }
106
107 Environment EnvironmentManager::bindExprAndLocation(Environment Env,
108 const Stmt *S,
109 SVal location, SVal V) {
110 return Environment(F.add(F.add(Env.ExprBindings, MakeLocation(S), location),
111 S, V));
112 }
113
114 namespace {
115 class MarkLiveCallback : public SymbolVisitor {
116 SymbolReaper &SymReaper;
117 public:
118 MarkLiveCallback(SymbolReaper &symreaper) : SymReaper(symreaper) {}
119 bool VisitSymbol(SymbolRef sym) { SymReaper.markLive(sym); return true; }
120 };
121 } // end anonymous namespace
122
123 static bool isBlockExprInCallers(const Stmt *E, const LocationContext *LC) {
124 const LocationContext *ParentLC = LC->getParent();
125 while (ParentLC) {
126 CFG &C = *ParentLC->getCFG();
127 if (C.isBlkExpr(E))
128 return true;
129 ParentLC = ParentLC->getParent();
130 }
131
132 return false;
133 }
134
135 // In addition to mapping from Stmt * - > SVals in the Environment, we also
136 // maintain a mapping from Stmt * -> SVals (locations) that were used during
137 // a load and store.
138 static inline bool IsLocation(const Stmt *S) {
139 return (bool) (((uintptr_t) S) & 0x1);
140 }
141
142 // RemoveDeadBindings:
143 // - Remove subexpression bindings.
144 // - Remove dead block expression bindings.
145 // - Keep live block expression bindings:
146 // - Mark their reachable symbols live in SymbolReaper,
147 // see ScanReachableSymbols.
148 // - Mark the region in DRoots if the binding is a loc::MemRegionVal.
149 Environment
150 EnvironmentManager::RemoveDeadBindings(Environment Env,
151 SymbolReaper &SymReaper,
152 const GRState *ST,
153 llvm::SmallVectorImpl<const MemRegion*> &DRoots) {
154
155 CFG &C = *SymReaper.getLocationContext()->getCFG();
156
157 // We construct a new Environment object entirely, as this is cheaper than
158 // individually removing all the subexpression bindings (which will greatly
159 // outnumber block-level expression bindings).
160 Environment NewEnv = getInitialEnvironment();
161
162 llvm::SmallVector<std::pair<const Stmt*, SVal>, 10> deferredLocations;
163
164 // Iterate over the block-expr bindings.
165 for (Environment::iterator I = Env.begin(), E = Env.end();
166 I != E; ++I) {
167
168 const Stmt *BlkExpr = I.getKey();
169
170 // For recorded locations (used when evaluating loads and stores), we
171 // consider them live only when their associated normal expression is
172 // also live.
173 // NOTE: This assumes that loads/stores that evaluated to UnknownVal
174 // still have an entry in the map.
175 if (IsLocation(BlkExpr)) {
176 deferredLocations.push_back(std::make_pair(BlkExpr, I.getData()));
177 continue;
178 }
179
180 const SVal &X = I.getData();
181
182 // Block-level expressions in callers are assumed always live.
183 if (isBlockExprInCallers(BlkExpr, SymReaper.getLocationContext())) {
184 NewEnv.ExprBindings = F.add(NewEnv.ExprBindings, BlkExpr, X);
185
186 if (isa<loc::MemRegionVal>(X)) {
187 const MemRegion* R = cast<loc::MemRegionVal>(X).getRegion();
188 DRoots.push_back(R);
189 }
190
191 // Mark all symbols in the block expr's value live.
192 MarkLiveCallback cb(SymReaper);
193 ST->scanReachableSymbols(X, cb);
194 continue;
195 }
196
197 // Not a block-level expression?
198 if (!C.isBlkExpr(BlkExpr))
199 continue;
200
201 if (SymReaper.isLive(BlkExpr)) {
202 // Copy the binding to the new map.
203 NewEnv.ExprBindings = F.add(NewEnv.ExprBindings, BlkExpr, X);
204
205 // If the block expr's value is a memory region, then mark that region.
206 if (isa<loc::MemRegionVal>(X)) {
207 const MemRegion* R = cast<loc::MemRegionVal>(X).getRegion();
208 DRoots.push_back(R);
209 }
210
211 // Mark all symbols in the block expr's value live.
212 MarkLiveCallback cb(SymReaper);
213 ST->scanReachableSymbols(X, cb);
214 continue;
215 }
216
217 // Otherwise the expression is dead with a couple exceptions.
218 // Do not misclean LogicalExpr or ConditionalOperator. It is dead at the
219 // beginning of itself, but we need its UndefinedVal to determine its
220 // SVal.
221 if (X.isUndef() && cast<UndefinedVal>(X).getData())
222 NewEnv.ExprBindings = F.add(NewEnv.ExprBindings, BlkExpr, X);
223 }
224
225 // Go through he deferred locations and add them to the new environment if
226 // the correspond Stmt* is in the map as well.
227 for (llvm::SmallVectorImpl<std::pair<const Stmt*, SVal> >::iterator
228 I = deferredLocations.begin(), E = deferredLocations.end(); I != E; ++I) {
229 const Stmt *S = (Stmt*) (((uintptr_t) I->first) & (uintptr_t) ~0x1);
230 if (NewEnv.ExprBindings.lookup(S))
231 NewEnv.ExprBindings = F.add(NewEnv.ExprBindings, I->first, I->second);
232 }
233
234 return NewEnv;
235 }
GIT mirror of clang project