Newer
Older
St = SetRVal(SetRVal(St, U, Result), SubLV, Result);
continue;
}
// Handle all other unary operators.
switch (U->getOpcode()) {
case UnaryOperator::Extension:
St = SetRVal(St, U, SubV);
break;
case UnaryOperator::Minus:
St = SetRVal(St, U, EvalMinus(U, cast<NonLVal>(SubV)));
case UnaryOperator::Not:
St = SetRVal(St, U, EvalComplement(cast<NonLVal>(SubV)));
case UnaryOperator::LNot:
// C99 6.5.3.3: "The expression !E is equivalent to (0==E)."
//
// Note: technically we do "E == 0", but this is the same in the
// transfer functions as "0 == E".
if (isa<LVal>(SubV)) {
lval::ConcreteInt V(BasicVals.getZeroWithPtrWidth());
RVal Result = EvalBinOp(BinaryOperator::EQ, cast<LVal>(SubV), V);
St = SetRVal(St, U, Result);
}
else {
Ted Kremenek
committed
Expr* Ex = U->getSubExpr();
nonlval::ConcreteInt V(BasicVals.getValue(0, Ex->getType()));
RVal Result = EvalBinOp(BinaryOperator::EQ, cast<NonLVal>(SubV), V);
St = SetRVal(St, U, Result);
}
break;
case UnaryOperator::AddrOf: {
assert (isa<LVal>(SubV));
St = SetRVal(St, U, SubV);
break;
}
default: ;
assert (false && "Not implemented.");
}
}
}
void GRExprEngine::VisitSizeOfExpr(UnaryOperator* U, NodeTy* Pred,
NodeSet& Dst) {
QualType T = U->getSubExpr()->getType();
// FIXME: Add support for VLAs.
if (!T.getTypePtr()->isConstantSizeType())
return;
uint64_t size = getContext().getTypeSize(T) / 8;
ValueState* St = GetState(Pred);
St = SetRVal(St, U, NonLVal::MakeVal(BasicVals, size, U->getType()));
}
void GRExprEngine::VisitLVal(Expr* Ex, NodeTy* Pred, NodeSet& Dst) {
Ted Kremenek
committed
if (Ex != CurrentStmt && getCFG().isBlkExpr(Ex)) {
Dst.Add(Pred);
return;
}
Ex = Ex->IgnoreParens();
if (isa<DeclRefExpr>(Ex)) {
Dst.Add(Pred);
if (UnaryOperator* U = dyn_cast<UnaryOperator>(Ex))
if (U->getOpcode() == UnaryOperator::Deref) {
VisitDeref(U, Pred, Dst, true);
Visit(Ex, Pred, Dst);
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
void GRExprEngine::VisitAsmStmt(AsmStmt* A, NodeTy* Pred, NodeSet& Dst) {
VisitAsmStmtHelperOutputs(A, A->begin_outputs(), A->end_outputs(), Pred, Dst);
}
void GRExprEngine::VisitAsmStmtHelperOutputs(AsmStmt* A,
AsmStmt::outputs_iterator I,
AsmStmt::outputs_iterator E,
NodeTy* Pred, NodeSet& Dst) {
if (I == E) {
VisitAsmStmtHelperInputs(A, A->begin_inputs(), A->end_inputs(), Pred, Dst);
return;
}
NodeSet Tmp;
VisitLVal(*I, Pred, Tmp);
++I;
for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI)
VisitAsmStmtHelperOutputs(A, I, E, *NI, Dst);
}
void GRExprEngine::VisitAsmStmtHelperInputs(AsmStmt* A,
AsmStmt::inputs_iterator I,
AsmStmt::inputs_iterator E,
NodeTy* Pred, NodeSet& Dst) {
if (I == E) {
// We have processed both the inputs and the outputs. All of the outputs
// should evaluate to LVals. Nuke all of their values.
// FIXME: Some day in the future it would be nice to allow a "plug-in"
// which interprets the inline asm and stores proper results in the
// outputs.
ValueState* St = GetState(Pred);
for (AsmStmt::outputs_iterator OI = A->begin_outputs(),
OE = A->end_outputs(); OI != OE; ++OI) {
RVal X = GetLVal(St, *OI);
assert (!isa<NonLVal>(X));
if (isa<LVal>(X))
St = SetRVal(St, cast<LVal>(X), UnknownVal());
}
return;
}
NodeSet Tmp;
Visit(*I, Pred, Tmp);
++I;
for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI)
VisitAsmStmtHelperInputs(A, I, E, *NI, Dst);
}
void GRExprEngine::VisitObjCMessageExpr(ObjCMessageExpr* ME, NodeTy* Pred,
NodeSet& Dst){
VisitObjCMessageExprArgHelper(ME, ME->arg_begin(), ME->arg_end(), Pred, Dst);
void GRExprEngine::VisitObjCMessageExprArgHelper(ObjCMessageExpr* ME,
Ted Kremenek
committed
ObjCMessageExpr::arg_iterator AI,
ObjCMessageExpr::arg_iterator AE,
NodeTy* Pred, NodeSet& Dst) {
Ted Kremenek
committed
if (AI == AE) {
// Process the receiver.
if (Expr* Receiver = ME->getReceiver()) {
NodeSet Tmp;
Visit(Receiver, Pred, Tmp);
for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI)
VisitObjCMessageExprDispatchHelper(ME, *NI, Dst);
Ted Kremenek
committed
return;
Ted Kremenek
committed
}
VisitObjCMessageExprDispatchHelper(ME, Pred, Dst);
return;
}
NodeSet Tmp;
Ted Kremenek
committed
Visit(*AI, Pred, Tmp);
Ted Kremenek
committed
++AI;
for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI)
VisitObjCMessageExprArgHelper(ME, AI, AE, *NI, Dst);
void GRExprEngine::VisitObjCMessageExprDispatchHelper(ObjCMessageExpr* ME,
NodeTy* Pred, NodeSet& Dst) {
// FIXME: More logic for the processing the method call.
ValueState* St = GetState(Pred);
if (Expr* Receiver = ME->getReceiver()) {
RVal L = GetRVal(St, Receiver);
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
// Check for undefined control-flow or calls to NULL.
if (L.isUndef()) {
NodeTy* N = Builder->generateNode(ME, St, Pred);
if (N) {
N->markAsSink();
UndefReceivers.insert(N);
}
return;
}
}
// Check for any arguments that are uninitialized/undefined.
for (ObjCMessageExpr::arg_iterator I = ME->arg_begin(), E = ME->arg_end();
I != E; ++I) {
if (GetRVal(St, *I).isUndef()) {
NodeTy* N = Builder->generateNode(ME, St, Pred);
if (N) {
N->markAsSink();
MsgExprUndefArgs[N] = *I;
}
return;
}
}
// FIXME: Eventually we will properly handle the effects of a message
// expr. For now invalidate all arguments passed in by references.
for (ObjCMessageExpr::arg_iterator I = ME->arg_begin(), E = ME->arg_end();
I != E; ++I) {
RVal V = GetRVal(St, *I);
if (isa<LVal>(V))
St = SetRVal(St, cast<LVal>(V), UnknownVal());
}
MakeNode(Dst, ME, Pred, St);
}
void GRExprEngine::VisitReturnStmt(ReturnStmt* S, NodeTy* Pred, NodeSet& Dst) {
Expr* R = S->getRetValue();
if (!R) {
Dst.Add(Pred);
return;
}
QualType T = R->getType();
if (T->isPointerLikeType()) {
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
// Check if any of the return values return the address of a stack variable.
NodeSet Tmp;
Visit(R, Pred, Tmp);
for (NodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
RVal X = GetRVal((*I)->getState(), R);
if (isa<lval::DeclVal>(X)) {
if (cast<lval::DeclVal>(X).getDecl()->hasLocalStorage()) {
// Create a special node representing the v
NodeTy* RetStackNode = Builder->generateNode(S, GetState(*I), *I);
if (RetStackNode) {
RetStackNode->markAsSink();
RetsStackAddr.insert(RetStackNode);
}
continue;
}
}
Dst.Add(*I);
}
}
else
Visit(R, Pred, Dst);
}
void GRExprEngine::VisitBinaryOperator(BinaryOperator* B,
GRExprEngine::NodeTy* Pred,
GRExprEngine::NodeSet& Dst) {
Ted Kremenek
committed
NodeSet S1;
if (B->isAssignmentOp())
VisitLVal(B->getLHS(), Pred, S1);
else
Visit(B->getLHS(), Pred, S1);
Ted Kremenek
committed
for (NodeSet::iterator I1=S1.begin(), E1=S1.end(); I1 != E1; ++I1) {
Ted Kremenek
committed
NodeTy* N1 = *I1;
Ted Kremenek
committed
// When getting the value for the LHS, check if we are in an assignment.
// In such cases, we want to (initially) treat the LHS as an LVal,
// so we use GetLVal instead of GetRVal so that DeclRefExpr's are
// evaluated to LValDecl's instead of to an NonLVal.
RVal LeftV = B->isAssignmentOp() ? GetLVal(GetState(N1), B->getLHS())
: GetRVal(GetState(N1), B->getLHS());
// Visit the RHS...
NodeSet S2;
Ted Kremenek
committed
Visit(B->getRHS(), N1, S2);
// Process the binary operator.
Ted Kremenek
committed
for (NodeSet::iterator I2 = S2.begin(), E2 = S2.end(); I2 != E2; ++I2) {
Ted Kremenek
committed
NodeTy* N2 = *I2;
ValueState* St = GetState(N2);
Expr* RHS = B->getRHS();
RVal RightV = GetRVal(St, RHS);
Ted Kremenek
committed
BinaryOperator::Opcode Op = B->getOpcode();
if ((Op == BinaryOperator::Div || Op == BinaryOperator::Rem)
&& RHS->getType()->isIntegerType()) {
Ted Kremenek
committed
// Check if the denominator is undefined.
if (!RightV.isUnknown()) {
Ted Kremenek
committed
if (RightV.isUndef()) {
NodeTy* DivUndef = Builder->generateNode(B, St, N2);
Ted Kremenek
committed
if (DivUndef) {
DivUndef->markAsSink();
ExplicitBadDivides.insert(DivUndef);
}
continue;
}
// Check for divide/remainder-by-zero.
//
Ted Kremenek
committed
// First, "assume" that the denominator is 0 or undefined.
bool isFeasibleZero = false;
ValueState* ZeroSt = Assume(St, RightV, false, isFeasibleZero);
// Second, "assume" that the denominator cannot be 0.
bool isFeasibleNotZero = false;
St = Assume(St, RightV, true, isFeasibleNotZero);
// Create the node for the divide-by-zero (if it occurred).
if (isFeasibleZero)
Ted Kremenek
committed
if (NodeTy* DivZeroNode = Builder->generateNode(B, ZeroSt, N2)) {
DivZeroNode->markAsSink();
if (isFeasibleNotZero)
ImplicitBadDivides.insert(DivZeroNode);
else
ExplicitBadDivides.insert(DivZeroNode);
if (!isFeasibleNotZero)
continue;
}
// Fall-through. The logic below processes the divide.
}
Ted Kremenek
committed
if (Op <= BinaryOperator::Or) {
// Process non-assignements except commas or short-circuited
// logical expressions (LAnd and LOr).
RVal Result = EvalBinOp(Op, LeftV, RightV);
if (Result.isUnknown()) {
Dst.Add(N2);
Ted Kremenek
committed
if (Result.isUndef() && !LeftV.isUndef() && !RightV.isUndef()) {
// The operands were not undefined, but the result is undefined.
if (NodeTy* UndefNode = Builder->generateNode(B, St, N2)) {
UndefNode->markAsSink();
UndefResults.insert(UndefNode);
}
continue;
}
MakeNode(Dst, B, N2, SetRVal(St, B, Result));
continue;
}
// Process assignments.
switch (Op) {
Ted Kremenek
committed
case BinaryOperator::Assign: {
// Simple assignments.
Ted Kremenek
committed
if (LeftV.isUndef()) {
HandleUndefinedStore(B, N2);
continue;
}
Ted Kremenek
committed
// EXPERIMENTAL: "Conjured" symbols.
if (RightV.isUnknown()) {
unsigned Count = Builder->getCurrentBlockCount();
SymbolID Sym = SymMgr.getConjuredSymbol(B->getRHS(), Count);
RightV = B->getRHS()->getType()->isPointerType()
? cast<RVal>(lval::SymbolVal(Sym))
: cast<RVal>(nonlval::SymbolVal(Sym));
}
// Even if the LHS evaluates to an unknown L-Value, the entire
// expression still evaluates to the RHS.
if (LeftV.isUnknown()) {
St = SetRVal(St, B, RightV);
break;
}
Ted Kremenek
committed
// Simulate the effects of a "store": bind the value of the RHS
// to the L-Value represented by the LHS.
St = SetRVal(SetRVal(St, B, RightV), cast<LVal>(LeftV), RightV);
Ted Kremenek
committed
break;
}
// Compound assignment operators.
default: {
assert (B->isCompoundAssignmentOp());
if (Op >= BinaryOperator::AndAssign)
((int&) Op) -= (BinaryOperator::AndAssign - BinaryOperator::And);
else
((int&) Op) -= BinaryOperator::MulAssign;
Ted Kremenek
committed
// Check if the LHS is undefined.
Ted Kremenek
committed
if (LeftV.isUndef()) {
HandleUndefinedStore(B, N2);
continue;
}
if (LeftV.isUnknown()) {
assert (isa<UnknownVal>(GetRVal(St, B)));
Dst.Add(N2);
continue;
}
// At this pointer we know that the LHS evaluates to an LVal
// that is neither "Unknown" or "Undefined."
LVal LeftLV = cast<LVal>(LeftV);
// Fetch the value of the LHS (the value of the variable, etc.).
RVal V = GetRVal(GetState(N1), LeftLV, B->getLHS()->getType());
Ted Kremenek
committed
// Propagate undefined value (left-side). We
// propogate undefined values for the RHS below when
// we also check for divide-by-zero.
Ted Kremenek
committed
if (V.isUndef()) {
St = SetRVal(St, B, V);
break;
}
// Propagate unknown values.
if (V.isUnknown()) {
// The value bound to LeftV is unknown. Thus we just
// propagate the current node (as "B" is already bound to nothing).
assert (isa<UnknownVal>(GetRVal(St, B)));
Dst.Add(N2);
continue;
}
if (RightV.isUnknown()) {
assert (isa<UnknownVal>(GetRVal(St, B)));
St = SetRVal(St, LeftLV, UnknownVal());
break;
}
// At this point:
//
Ted Kremenek
committed
// The LHS is not Undef/Unknown.
// The RHS is not Unknown.
// Get the computation type.
QualType CTy = cast<CompoundAssignOperator>(B)->getComputationType();
// Perform promotions.
V = EvalCast(V, CTy);
// Evaluate operands and promote to result type.
if ((Op == BinaryOperator::Div || Op == BinaryOperator::Rem)
&& RHS->getType()->isIntegerType()) {
Ted Kremenek
committed
// Check if the denominator is undefined.
Ted Kremenek
committed
if (RightV.isUndef()) {
NodeTy* DivUndef = Builder->generateNode(B, St, N2);
Ted Kremenek
committed
if (DivUndef) {
DivUndef->markAsSink();
ExplicitBadDivides.insert(DivUndef);
}
continue;
}
// First, "assume" that the denominator is 0.
bool isFeasibleZero = false;
ValueState* ZeroSt = Assume(St, RightV, false, isFeasibleZero);
// Second, "assume" that the denominator cannot be 0.
bool isFeasibleNotZero = false;
St = Assume(St, RightV, true, isFeasibleNotZero);
// Create the node for the divide-by-zero error (if it occurred).
if (isFeasibleZero) {
NodeTy* DivZeroNode = Builder->generateNode(B, ZeroSt, N2);
if (DivZeroNode) {
DivZeroNode->markAsSink();
if (isFeasibleNotZero)
ImplicitBadDivides.insert(DivZeroNode);
else
ExplicitBadDivides.insert(DivZeroNode);
}
}
if (!isFeasibleNotZero)
continue;
// Fall-through. The logic below processes the divide.
}
else {
Ted Kremenek
committed
// Propagate undefined values (right-side).
Ted Kremenek
committed
if (RightV.isUndef()) {
St = SetRVal(SetRVal(St, B, RightV), LeftLV, RightV);
break;
}
}
RVal Result = EvalCast(EvalBinOp(Op, V, RightV), B->getType());
Ted Kremenek
committed
if (Result.isUndef()) {
// The operands were not undefined, but the result is undefined.
if (NodeTy* UndefNode = Builder->generateNode(B, St, N2)) {
UndefNode->markAsSink();
UndefResults.insert(UndefNode);
}
continue;
}
St = SetRVal(SetRVal(St, B, Result), LeftLV, Result);
Ted Kremenek
committed
}
}
}
}
Ted Kremenek
committed
void GRExprEngine::HandleUndefinedStore(Stmt* S, NodeTy* Pred) {
NodeTy* N = Builder->generateNode(S, GetState(Pred), Pred);
N->markAsSink();
Ted Kremenek
committed
UndefStores.insert(N);
void GRExprEngine::Visit(Stmt* S, NodeTy* Pred, NodeSet& Dst) {
Ted Kremenek
committed
// FIXME: add metadata to the CFG so that we can disable
// this check when we KNOW that there is no block-level subexpression.
// The motivation is that this check requires a hashtable lookup.
Ted Kremenek
committed
if (S != CurrentStmt && getCFG().isBlkExpr(S)) {
Dst.Add(Pred);
return;
}
switch (S->getStmtClass()) {
default:
// Cases we intentionally have "default" handle:
// AddrLabelExpr, IntegerLiteral, CharacterLiteral
Dst.Add(Pred); // No-op. Simply propagate the current state unchanged.
break;
Ted Kremenek
committed
case Stmt::AsmStmtClass:
VisitAsmStmt(cast<AsmStmt>(S), Pred, Dst);
break;
case Stmt::BinaryOperatorClass: {
BinaryOperator* B = cast<BinaryOperator>(S);
if (B->isLogicalOp()) {
VisitLogicalExpr(B, Pred, Dst);
break;
}
else if (B->getOpcode() == BinaryOperator::Comma) {
ValueState* St = GetState(Pred);
MakeNode(Dst, B, Pred, SetRVal(St, B, GetRVal(St, B->getRHS())));
break;
}
Ted Kremenek
committed
VisitBinaryOperator(cast<BinaryOperator>(S), Pred, Dst);
break;
}
case Stmt::CallExprClass: {
CallExpr* C = cast<CallExpr>(S);
VisitCall(C, Pred, C->arg_begin(), C->arg_end(), Dst);
break;
}
case Stmt::CastExprClass: {
CastExpr* C = cast<CastExpr>(S);
VisitCast(C, C->getSubExpr(), Pred, Dst);
break;
}
// FIXME: ChooseExpr is really a constant. We need to fix
// the CFG do not model them as explicit control-flow.
case Stmt::ChooseExprClass: { // __builtin_choose_expr
ChooseExpr* C = cast<ChooseExpr>(S);
VisitGuardedExpr(C, C->getLHS(), C->getRHS(), Pred, Dst);
break;
}
case Stmt::CompoundAssignOperatorClass:
VisitBinaryOperator(cast<BinaryOperator>(S), Pred, Dst);
break;
case Stmt::ConditionalOperatorClass: { // '?' operator
ConditionalOperator* C = cast<ConditionalOperator>(S);
VisitGuardedExpr(C, C->getLHS(), C->getRHS(), Pred, Dst);
Ted Kremenek
committed
break;
}
case Stmt::DeclRefExprClass:
VisitDeclRefExpr(cast<DeclRefExpr>(S), Pred, Dst);
break;
Ted Kremenek
committed
case Stmt::DeclStmtClass:
VisitDeclStmt(cast<DeclStmt>(S), Pred, Dst);
break;
case Stmt::ImplicitCastExprClass: {
ImplicitCastExpr* C = cast<ImplicitCastExpr>(S);
VisitCast(C, C->getSubExpr(), Pred, Dst);
break;
}
case Stmt::ObjCMessageExprClass: {
VisitObjCMessageExpr(cast<ObjCMessageExpr>(S), Pred, Dst);
break;
}
case Stmt::ParenExprClass:
Visit(cast<ParenExpr>(S)->getSubExpr(), Pred, Dst);
break;
case Stmt::SizeOfAlignOfTypeExprClass:
VisitSizeOfAlignOfTypeExpr(cast<SizeOfAlignOfTypeExpr>(S), Pred, Dst);
break;
case Stmt::StmtExprClass: {
StmtExpr* SE = cast<StmtExpr>(S);
ValueState* St = GetState(Pred);
// FIXME: Not certain if we can have empty StmtExprs. If so, we should
// probably just remove these from the CFG.
assert (!SE->getSubStmt()->body_empty());
if (Expr* LastExpr = dyn_cast<Expr>(*SE->getSubStmt()->body_rbegin()))
MakeNode(Dst, SE, Pred, SetRVal(St, SE, GetRVal(St, LastExpr)));
else
Dst.Add(Pred);
break;
}
// FIXME: We may wish to always bind state to ReturnStmts so
// that users can quickly query what was the state at the
// exit points of a function.
case Stmt::ReturnStmtClass:
VisitReturnStmt(cast<ReturnStmt>(S), Pred, Dst); break;
case Stmt::UnaryOperatorClass: {
UnaryOperator* U = cast<UnaryOperator>(S);
switch (U->getOpcode()) {
case UnaryOperator::Deref: VisitDeref(U, Pred, Dst); break;
case UnaryOperator::Plus: Visit(U->getSubExpr(), Pred, Dst); break;
case UnaryOperator::SizeOf: VisitSizeOfExpr(U, Pred, Dst); break;
default: VisitUnaryOperator(U, Pred, Dst); break;
}
}
}
//===----------------------------------------------------------------------===//
// "Assume" logic.
//===----------------------------------------------------------------------===//
ValueState* GRExprEngine::Assume(ValueState* St, LVal Cond,
bool Assumption,
bool& isFeasible) {
switch (Cond.getSubKind()) {
default:
assert (false && "'Assume' not implemented for this LVal.");
return St;
Ted Kremenek
committed
case lval::SymbolValKind:
if (Assumption)
return AssumeSymNE(St, cast<lval::SymbolVal>(Cond).getSymbol(),
BasicVals.getZeroWithPtrWidth(), isFeasible);
Ted Kremenek
committed
else
return AssumeSymEQ(St, cast<lval::SymbolVal>(Cond).getSymbol(),
BasicVals.getZeroWithPtrWidth(), isFeasible);
Ted Kremenek
committed
Ted Kremenek
committed
case lval::DeclValKind:
Ted Kremenek
committed
case lval::FuncValKind:
case lval::GotoLabelKind:
isFeasible = Assumption;
return St;
Ted Kremenek
committed
case lval::ConcreteIntKind: {
bool b = cast<lval::ConcreteInt>(Cond).getValue() != 0;
isFeasible = b ? Assumption : !Assumption;
return St;
}
}
}
ValueState* GRExprEngine::Assume(ValueState* St, NonLVal Cond,
Ted Kremenek
committed
bool Assumption,
bool& isFeasible) {
switch (Cond.getSubKind()) {
default:
assert (false && "'Assume' not implemented for this NonLVal.");
return St;
Ted Kremenek
committed
case nonlval::SymbolValKind: {
nonlval::SymbolVal& SV = cast<nonlval::SymbolVal>(Cond);
Ted Kremenek
committed
SymbolID sym = SV.getSymbol();
if (Assumption)
return AssumeSymNE(St, sym, BasicVals.getValue(0, SymMgr.getType(sym)),
Ted Kremenek
committed
isFeasible);
else
return AssumeSymEQ(St, sym, BasicVals.getValue(0, SymMgr.getType(sym)),
Ted Kremenek
committed
isFeasible);
}
Ted Kremenek
committed
case nonlval::SymIntConstraintValKind:
return
AssumeSymInt(St, Assumption,
cast<nonlval::SymIntConstraintVal>(Cond).getConstraint(),
isFeasible);
case nonlval::ConcreteIntKind: {
bool b = cast<nonlval::ConcreteInt>(Cond).getValue() != 0;
isFeasible = b ? Assumption : !Assumption;
return St;
}
}
}
ValueState*
GRExprEngine::AssumeSymNE(ValueState* St, SymbolID sym,
Ted Kremenek
committed
const llvm::APSInt& V, bool& isFeasible) {
Ted Kremenek
committed
// First, determine if sym == X, where X != V.
if (const llvm::APSInt* X = St->getSymVal(sym)) {
Ted Kremenek
committed
isFeasible = *X != V;
return St;
}
// Second, determine if sym != V.
if (St->isNotEqual(sym, V)) {
Ted Kremenek
committed
isFeasible = true;
return St;
}
// If we reach here, sym is not a constant and we don't know if it is != V.
// Make that assumption.
isFeasible = true;
return StateMgr.AddNE(St, sym, V);
}
ValueState*
GRExprEngine::AssumeSymEQ(ValueState* St, SymbolID sym,
Ted Kremenek
committed
const llvm::APSInt& V, bool& isFeasible) {
// First, determine if sym == X, where X != V.
if (const llvm::APSInt* X = St->getSymVal(sym)) {
Ted Kremenek
committed
isFeasible = *X == V;
return St;
}
// Second, determine if sym != V.
if (St->isNotEqual(sym, V)) {
Ted Kremenek
committed
isFeasible = false;
return St;
}
// If we reach here, sym is not a constant and we don't know if it is == V.
// Make that assumption.
isFeasible = true;
return StateMgr.AddEQ(St, sym, V);
}
ValueState*
GRExprEngine::AssumeSymInt(ValueState* St, bool Assumption,
Ted Kremenek
committed
const SymIntConstraint& C, bool& isFeasible) {
switch (C.getOpcode()) {
default:
// No logic yet for other operators.
Ted Kremenek
committed
isFeasible = true;
Ted Kremenek
committed
return St;
case BinaryOperator::EQ:
if (Assumption)
return AssumeSymEQ(St, C.getSymbol(), C.getInt(), isFeasible);
else
return AssumeSymNE(St, C.getSymbol(), C.getInt(), isFeasible);
case BinaryOperator::NE:
if (Assumption)
return AssumeSymNE(St, C.getSymbol(), C.getInt(), isFeasible);
else
return AssumeSymEQ(St, C.getSymbol(), C.getInt(), isFeasible);
}
}
//===----------------------------------------------------------------------===//
//===----------------------------------------------------------------------===//
#ifndef NDEBUG
static GRExprEngine* GraphPrintCheckerState;
Ted Kremenek
committed
static SourceManager* GraphPrintSourceManager;
Ted Kremenek
committed
static ValueState::CheckerStatePrinter* GraphCheckerStatePrinter;
namespace llvm {
template<>
struct VISIBILITY_HIDDEN DOTGraphTraits<GRExprEngine::NodeTy*> :
public DefaultDOTGraphTraits {
static void PrintVarBindings(std::ostream& Out, ValueState* St) {
Out << "Variables:\\l";
bool isFirst = true;
for (ValueState::vb_iterator I=St->vb_begin(), E=St->vb_end(); I!=E;++I) {
if (isFirst)
isFirst = false;
else
Out << "\\l";
Out << ' ' << I.getKey()->getName() << " : ";
I.getData().print(Out);
}
}
static void PrintSubExprBindings(std::ostream& Out, ValueState* St){
bool isFirst = true;
for (ValueState::seb_iterator I=St->seb_begin(), E=St->seb_end();I!=E;++I) {
if (isFirst) {
Out << "\\l\\lSub-Expressions:\\l";
isFirst = false;
}
else
Out << "\\l";
Out << " (" << (void*) I.getKey() << ") ";
I.getKey()->printPretty(Out);
Out << " : ";
I.getData().print(Out);
}
}
static void PrintBlkExprBindings(std::ostream& Out, ValueState* St){
bool isFirst = true;
for (ValueState::beb_iterator I=St->beb_begin(), E=St->beb_end(); I!=E;++I){
if (isFirst) {
Out << "\\l\\lBlock-level Expressions:\\l";
isFirst = false;
}
else
Out << "\\l";
Out << " (" << (void*) I.getKey() << ") ";
I.getKey()->printPretty(Out);
Out << " : ";
I.getData().print(Out);
}
}
static void PrintEQ(std::ostream& Out, ValueState* St) {
ValueState::ConstEqTy CE = St->ConstEq;
if (CE.isEmpty())
return;
Out << "\\l\\|'==' constraints:";
for (ValueState::ConstEqTy::iterator I=CE.begin(), E=CE.end(); I!=E;++I)
Out << "\\l $" << I.getKey() << " : " << I.getData()->toString();
}
static void PrintNE(std::ostream& Out, ValueState* St) {
ValueState::ConstNotEqTy NE = St->ConstNotEq;
if (NE.isEmpty())
return;
Out << "\\l\\|'!=' constraints:";
for (ValueState::ConstNotEqTy::iterator I=NE.begin(), EI=NE.end();
I != EI; ++I){
Out << "\\l $" << I.getKey() << " : ";
bool isFirst = true;
ValueState::IntSetTy::iterator J=I.getData().begin(),
EJ=I.getData().end();
for ( ; J != EJ; ++J) {
if (isFirst) isFirst = false;
else Out << ", ";
Out << (*J)->toString();
}
}