clang: clang::ento::ExprEngine Class Reference (original) (raw)
#include "[clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h](ExprEngine%5F8h%5Fsource.html)"
| Public Member Functions | |
|---|---|
| ExprEngine (cross_tu::CrossTranslationUnitContext &CTU, AnalysisManager &mgr, SetOfConstDecls *VisitedCalleesIn, FunctionSummariesTy *FS, InliningModes HowToInlineIn) | |
| virtual | ~ExprEngine ()=default |
| bool | ExecuteWorkList (const LocationContext *L, unsigned Steps=150000) |
| Returns true if there is still simulation state on the worklist. | |
| ASTContext & | getContext () const |
| getContext - Return the ASTContext associated with this analysis. | |
| AnalysisManager & | getAnalysisManager () |
| AnalysisDeclContextManager & | getAnalysisDeclContextManager () |
| CheckerManager & | getCheckerManager () const |
| SValBuilder & | getSValBuilder () |
| BugReporter & | getBugReporter () |
| cross_tu::CrossTranslationUnitContext * | getCrossTranslationUnitContext () |
| const NodeBuilderContext & | getBuilderContext () |
| const Stmt * | getStmt () const |
| const LocationContext * | getRootLocationContext () const |
| CFGBlock::ConstCFGElementRef | getCFGElementRef () const |
| std::string | DumpGraph (bool trim=false, StringRef Filename="") |
| Dump graph to the specified filename. | |
| std::string | DumpGraph (ArrayRef< const ExplodedNode * > Nodes, StringRef Filename="") |
| Dump the graph consisting of the given nodes to a specified filename. | |
| void | ViewGraph (bool trim=false) |
| Visualize the ExplodedGraph created by executing the simulation. | |
| void | ViewGraph (ArrayRef< const ExplodedNode * > Nodes) |
| Visualize a trimmed ExplodedGraph that only contains paths to the given nodes. | |
| ProgramStateRef | getInitialState (const LocationContext *InitLoc) |
| getInitialState - Return the initial state used for the root vertex in the ExplodedGraph. | |
| ExplodedGraph & | getGraph () |
| const ExplodedGraph & | getGraph () const |
| void | removeDead (ExplodedNode *Node, ExplodedNodeSet &Out, const Stmt *ReferenceStmt, const LocationContext *LC, const Stmt *DiagnosticStmt=nullptr, ProgramPoint::Kind K=ProgramPoint::PreStmtPurgeDeadSymbolsKind) |
| Run the analyzer's garbage collection - remove dead symbols and bindings from the state. | |
| void | processCFGElement (const CFGElement E, ExplodedNode *Pred, unsigned StmtIdx, NodeBuilderContext *Ctx) |
| processCFGElement - Called by CoreEngine. | |
| void | ProcessStmt (const Stmt *S, ExplodedNode *Pred) |
| void | ProcessLoopExit (const Stmt *S, ExplodedNode *Pred) |
| void | ProcessInitializer (const CFGInitializer I, ExplodedNode *Pred) |
| void | ProcessImplicitDtor (const CFGImplicitDtor D, ExplodedNode *Pred) |
| void | ProcessNewAllocator (const CXXNewExpr *NE, ExplodedNode *Pred) |
| void | ProcessAutomaticObjDtor (const CFGAutomaticObjDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessDeleteDtor (const CFGDeleteDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessBaseDtor (const CFGBaseDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessMemberDtor (const CFGMemberDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | ProcessTemporaryDtor (const CFGTemporaryDtor D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | processCFGBlockEntrance (const BlockEdge &L, NodeBuilderWithSinks &nodeBuilder, ExplodedNode *Pred) |
| Called by CoreEngine when processing the entrance of a CFGBlock. | |
| void | processBranch (const Stmt *Condition, NodeBuilderContext &BuilderCtx, ExplodedNode *Pred, ExplodedNodeSet &Dst, const CFGBlock *DstT, const CFGBlock *DstF, std::optional< unsigned > IterationsCompletedInLoop) |
| ProcessBranch - Called by CoreEngine. | |
| void | processCleanupTemporaryBranch (const CXXBindTemporaryExpr *BTE, NodeBuilderContext &BldCtx, ExplodedNode *Pred, ExplodedNodeSet &Dst, const CFGBlock *DstT, const CFGBlock *DstF) |
| Called by CoreEngine. | |
| void | processStaticInitializer (const DeclStmt *DS, NodeBuilderContext &BuilderCtx, ExplodedNode *Pred, ExplodedNodeSet &Dst, const CFGBlock *DstT, const CFGBlock *DstF) |
| Called by CoreEngine. | |
| void | processIndirectGoto (IndirectGotoNodeBuilder &builder) |
| processIndirectGoto - Called by CoreEngine. | |
| void | processSwitch (SwitchNodeBuilder &builder) |
| ProcessSwitch - Called by CoreEngine. | |
| void | processBeginOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, ExplodedNodeSet &Dst, const BlockEdge &L) |
| Called by CoreEngine. | |
| void | processEndOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, const ReturnStmt *RS=nullptr) |
| Called by CoreEngine. | |
| void | removeDeadOnEndOfFunction (NodeBuilderContext &BC, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Remove dead bindings/symbols before exiting a function. | |
| void | processCallEnter (NodeBuilderContext &BC, CallEnter CE, ExplodedNode *Pred) |
| Generate the entry node of the callee. | |
| void | processCallExit (ExplodedNode *Pred) |
| Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr. | |
| void | processEndWorklist () |
| Called by CoreEngine when the analysis worklist has terminated. | |
| ProgramStateRef | processAssume (ProgramStateRef state, SVal cond, bool assumption) |
| evalAssume - Callback function invoked by the ConstraintManager when making assumptions about state values. | |
| ProgramStateRef | processRegionChanges (ProgramStateRef state, const InvalidatedSymbols *invalidated, ArrayRef< const MemRegion * > ExplicitRegions, ArrayRef< const MemRegion * > Regions, const LocationContext *LCtx, const CallEvent *Call) |
| processRegionChanges - Called by ProgramStateManager whenever a change is made to the store. | |
| ProgramStateRef | processRegionChange (ProgramStateRef state, const MemRegion *MR, const LocationContext *LCtx) |
| void | printJson (raw_ostream &Out, ProgramStateRef State, const LocationContext *LCtx, const char *NL, unsigned int Space, bool IsDot) const |
| printJson - Called by ProgramStateManager to print checker-specific data. | |
| ProgramStateManager & | getStateManager () |
| StoreManager & | getStoreManager () |
| ConstraintManager & | getConstraintManager () |
| BasicValueFactory & | getBasicVals () |
| SymbolManager & | getSymbolManager () |
| MemRegionManager & | getRegionManager () |
| DataTag::Factory & | getDataTags () |
| bool | wasBlocksExhausted () const |
| bool | hasEmptyWorkList () const |
| bool | hasWorkRemaining () const |
| const CoreEngine & | getCoreEngine () const |
| void | Visit (const Stmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Visit - Transfer function logic for all statements. | |
| void | VisitArrayInitLoopExpr (const ArrayInitLoopExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitArrayInitLoopExpr - Transfer function for array init loop. | |
| void | VisitArraySubscriptExpr (const ArraySubscriptExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitArraySubscriptExpr - Transfer function for array accesses. | |
| void | VisitGCCAsmStmt (const GCCAsmStmt *A, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitGCCAsmStmt - Transfer function logic for inline asm. | |
| void | VisitMSAsmStmt (const MSAsmStmt *A, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitMSAsmStmt - Transfer function logic for MS inline asm. | |
| void | VisitBlockExpr (const BlockExpr *BE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitBlockExpr - Transfer function logic for BlockExprs. | |
| void | VisitLambdaExpr (const LambdaExpr *LE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitLambdaExpr - Transfer function logic for LambdaExprs. | |
| void | VisitBinaryOperator (const BinaryOperator *B, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitBinaryOperator - Transfer function logic for binary operators. | |
| void | VisitCallExpr (const CallExpr *CE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitCall - Transfer function for function calls. | |
| void | VisitCast (const CastExpr *CastE, const Expr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitCast - Transfer function logic for all casts (implicit and explicit). | |
| void | VisitCompoundLiteralExpr (const CompoundLiteralExpr *CL, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitCompoundLiteralExpr - Transfer function logic for compound literals. | |
| void | VisitCommonDeclRefExpr (const Expr *DR, const NamedDecl *D, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Transfer function logic for DeclRefExprs and BlockDeclRefExprs. | |
| void | VisitDeclStmt (const DeclStmt *DS, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitDeclStmt - Transfer function logic for DeclStmts. | |
| void | VisitGuardedExpr (const Expr *Ex, const Expr *L, const Expr *R, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitGuardedExpr - Transfer function logic for ?, __builtin_choose. | |
| void | VisitInitListExpr (const InitListExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitLogicalExpr (const BinaryOperator *B, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitLogicalExpr - Transfer function logic for '&&', '| | |
| void | VisitMemberExpr (const MemberExpr *M, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitMemberExpr - Transfer function for member expressions. | |
| void | VisitAtomicExpr (const AtomicExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitAtomicExpr - Transfer function for builtin atomic expressions. | |
| void | VisitObjCAtSynchronizedStmt (const ObjCAtSynchronizedStmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Transfer function logic for ObjCAtSynchronizedStmts. | |
| void | VisitLvalObjCIvarRefExpr (const ObjCIvarRefExpr *DR, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Transfer function logic for computing the lvalue of an Objective-C ivar. | |
| void | VisitObjCForCollectionStmt (const ObjCForCollectionStmt *S, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitObjCForCollectionStmt - Transfer function logic for ObjCForCollectionStmt. | |
| void | VisitObjCMessage (const ObjCMessageExpr *ME, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitReturnStmt (const ReturnStmt *R, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitReturnStmt - Transfer function logic for return statements. | |
| void | VisitOffsetOfExpr (const OffsetOfExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitOffsetOfExpr - Transfer function for offsetof. | |
| void | VisitUnaryExprOrTypeTraitExpr (const UnaryExprOrTypeTraitExpr *Ex, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof. | |
| void | VisitUnaryOperator (const UnaryOperator *B, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| VisitUnaryOperator - Transfer function logic for unary operators. | |
| void | VisitIncrementDecrementOperator (const UnaryOperator *U, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Handle ++ and – (both pre- and post-increment). | |
| void | VisitCXXBindTemporaryExpr (const CXXBindTemporaryExpr *BTE, ExplodedNodeSet &PreVisit, ExplodedNodeSet &Dst) |
| void | VisitCXXCatchStmt (const CXXCatchStmt *CS, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXThisExpr (const CXXThisExpr *TE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXConstructExpr (const CXXConstructExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXInheritedCtorInitExpr (const CXXInheritedCtorInitExpr *E, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXDestructor (QualType ObjectType, const MemRegion *Dest, const Stmt *S, bool IsBaseDtor, ExplodedNode *Pred, ExplodedNodeSet &Dst, EvalCallOptions &Options) |
| void | VisitCXXNewAllocatorCall (const CXXNewExpr *CNE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXNewExpr (const CXXNewExpr *CNE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | VisitCXXDeleteExpr (const CXXDeleteExpr *CDE, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| void | CreateCXXTemporaryObject (const MaterializeTemporaryExpr *ME, ExplodedNode *Pred, ExplodedNodeSet &Dst) |
| Create a C++ temporary object for an rvalue. | |
| void | evalEagerlyAssumeBifurcation (ExplodedNodeSet &Dst, ExplodedNodeSet &Src, const Expr *Ex) |
| evalEagerlyAssumeBifurcation - Given the nodes in 'Src', eagerly assume concrete boolean values for 'Ex', storing the resulting nodes in 'Dst'. | |
| bool | didEagerlyAssumeBifurcateAt (ProgramStateRef State, const Expr *Ex) const |
| ProgramStateRef | handleLValueBitCast (ProgramStateRef state, const Expr *Ex, const LocationContext *LCtx, QualType T, QualType ExTy, const CastExpr *CastE, StmtNodeBuilder &Bldr, ExplodedNode *Pred) |
| void | handleUOExtension (ExplodedNode *N, const UnaryOperator *U, StmtNodeBuilder &Bldr) |
| SVal | evalBinOp (ProgramStateRef ST, BinaryOperator::Opcode Op, SVal LHS, SVal RHS, QualType T) |
| ProgramStateRef | processPointerEscapedOnBind (ProgramStateRef State, ArrayRef< std::pair< SVal, SVal > > LocAndVals, const LocationContext *LCtx, PointerEscapeKind Kind, const CallEvent *Call) |
| Call PointerEscape callback when a value escapes as a result of bind. | |
| ProgramStateRef | notifyCheckersOfPointerEscape (ProgramStateRef State, const InvalidatedSymbols *Invalidated, ArrayRef< const MemRegion * > ExplicitRegions, const CallEvent *Call, RegionAndSymbolInvalidationTraits &ITraits) |
| Call PointerEscape callback when a value escapes as a result of region invalidation. | |
| void | evalLoad (ExplodedNodeSet &Dst, const Expr *NodeEx, const Expr *BoundExpr, ExplodedNode *Pred, ProgramStateRef St, SVal location, const ProgramPointTag *tag=nullptr, QualType LoadTy=QualType()) |
| Simulate a read of the result of Ex. | |
| void | evalStore (ExplodedNodeSet &Dst, const Expr *AssignE, const Expr *StoreE, ExplodedNode *Pred, ProgramStateRef St, SVal TargetLV, SVal Val, const ProgramPointTag *tag=nullptr) |
| evalStore - Handle the semantics of a store via an assignment. | |
| CFGElement | getCurrentCFGElement () |
| Return the CFG element corresponding to the worklist element that is currently being processed by ExprEngine. | |
| ProgramStateRef | bindReturnValue (const CallEvent &Call, const LocationContext *LCtx, ProgramStateRef State) |
| Create a new state in which the call return value is binded to the call origin expression. | |
| void | evalCall (ExplodedNodeSet &Dst, ExplodedNode *Pred, const CallEvent &Call) |
| Evaluate a call, running pre- and post-call checkers and allowing checkers to be responsible for handling the evaluation of the call itself. | |
| void | defaultEvalCall (NodeBuilder &B, ExplodedNode *Pred, const CallEvent &Call, const EvalCallOptions &CallOpts={}) |
| Default implementation of call evaluation. | |
| SVal | computeObjectUnderConstruction (const Expr *E, ProgramStateRef State, const NodeBuilderContext *BldrCtx, const LocationContext *LCtx, const ConstructionContext *CC, EvalCallOptions &CallOpts, unsigned Idx=0) |
| Find location of the object that is being constructed by a given constructor. | |
| ProgramStateRef | updateObjectsUnderConstruction (SVal V, const Expr *E, ProgramStateRef State, const LocationContext *LCtx, const ConstructionContext *CC, const EvalCallOptions &CallOpts) |
| Update the program state with all the path-sensitive information that's necessary to perform construction of an object with a given syntactic construction context. | |
| std::pair< ProgramStateRef, SVal > | handleConstructionContext (const Expr *E, ProgramStateRef State, const NodeBuilderContext *BldrCtx, const LocationContext *LCtx, const ConstructionContext *CC, EvalCallOptions &CallOpts, unsigned Idx=0) |
| A convenient wrapper around computeObjectUnderConstruction and updateObjectsUnderConstruction. | |
| Static Public Member Functions | |
|---|---|
| static const ProgramPointTag * | cleanupNodeTag () |
| A tag to track convenience transitions, which can be removed at cleanup. | |
| static std::pair< const ProgramPointTag *, const ProgramPointTag * > | getEagerlyAssumeBifurcationTags () |
| static std::optional< unsigned > | getIndexOfElementToConstruct (ProgramStateRef State, const CXXConstructExpr *E, const LocationContext *LCtx) |
| Retreives which element is being constructed in a non-POD type array. | |
| static std::optional< unsigned > | getPendingArrayDestruction (ProgramStateRef State, const LocationContext *LCtx) |
| Retreives which element is being destructed in a non-POD type array. | |
| static std::optional< unsigned > | getPendingInitLoop (ProgramStateRef State, const CXXConstructExpr *E, const LocationContext *LCtx) |
| Retreives the size of the array in the pending ArrayInitLoopExpr. | |
| static std::optional< SVal > | getObjectUnderConstruction (ProgramStateRef State, const ConstructionContextItem &Item, const LocationContext *LC) |
| By looking at a certain item that may be potentially part of an object's ConstructionContext, retrieve such object's location. | |
| static ProgramStateRef | setWhetherHasMoreIteration (ProgramStateRef State, const ObjCForCollectionStmt *O, const LocationContext *LC, bool HasMoreIteraton) |
| Note whether this loop has any more iteratios to model. | |
| static ProgramStateRef | removeIterationState (ProgramStateRef State, const ObjCForCollectionStmt *O, const LocationContext *LC) |
| static bool | hasMoreIteration (ProgramStateRef State, const ObjCForCollectionStmt *O, const LocationContext *LC) |
Definition at line 124 of file ExprEngine.h.
◆ InliningModes
The modes of inlining, which override the default analysis-wide settings.
| Enumerator | |
|---|---|
| Inline_Regular | Follow the default settings for inlining callees. |
| Inline_Minimal | Do minimal inlining of callees. |
Definition at line 129 of file ExprEngine.h.
◆ ~ExprEngine()
| virtual clang::ento::ExprEngine::~ExprEngine ( ) | virtualdefault |
|---|
◆ bindReturnValue()
Create a new state in which the call return value is binded to the call origin expression.
Definition at line 745 of file ExprEngineCallAndReturn.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::C, clang::Call, clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), E, clang::ento::SValBuilder::evalBinOp(), clang::ento::SValBuilder::getArrayIndexType(), clang::ento::SVal::getAsRegion(), clang::ento::SValBuilder::getConjuredHeapSymbolVal(), getCurrentCFGElement(), clang::ento::getElementExtent(), clang::Expr::getType(), handleConstructionContext(), clang::ento::SValBuilder::makeIntVal(), clang::OMF_autorelease, clang::OMF_retain, clang::OMF_self, clang::ento::setDynamicExtent(), clang::ento::RegionAndSymbolInvalidationTraits::setTrait(), clang::ento::MemRegion::StripCasts(), clang::Target, and clang::ento::RegionAndSymbolInvalidationTraits::TK_DoNotInvalidateSuperRegion.
◆ cleanupNodeTag()
A tag to track convenience transitions, which can be removed at cleanup.
This tag applies to a node created after removeDead.
Definition at line 1107 of file ExprEngine.cpp.
Referenced by removeDead().
◆ computeObjectUnderConstruction()
Find location of the object that is being constructed by a given constructor.
This should ideally always succeed but due to not being fully implemented it sometimes indicates that it failed via its out-parameter CallOpts; in such cases a fake temporary region is returned, which is better than nothing but does not represent the actual behavior of the program. The Idx parameter is used if we construct an array of objects. In that case it points to the index of the continuous memory region. E.g.: For int arr[4] this index can be 0,1,2,3. For int arr2[3][3] this index can be 0,1,...,7,8. A multi-dimensional array is also a continuous memory location in a row major order, so for arr[0][0] Idx is 0 and for arr[2][2] Idx is 8.
Definition at line 113 of file ExprEngineCXX.cpp.
References clang::ConstructionContext::ArgumentKind, clang::ento::NodeBuilderContext::blockCount(), computeObjectUnderConstruction(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ConstructionContext::CXX17ElidedCopyConstructorInitializerKind, clang::ConstructionContext::CXX17ElidedCopyReturnedValueKind, clang::ConstructionContext::CXX17ElidedCopyVariableKind, E, clang::ConstructionContext::ElidedTemporaryObjectKind, clang::ento::AnalysisManager::getAnalyzerOptions(), clang::ento::SVal::getAsRegion(), clang::ento::ProgramStateManager::getCallEventManager(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), getCFGElementRef(), clang::ento::SValBuilder::getContext(), getContext(), getCoreEngine(), clang::ento::MemRegionManager::getCXXBaseObjectRegion(), clang::ento::CallEventManager::getCXXConstructorCall(), clang::ento::MemRegionManager::getCXXLifetimeExtendedObjectRegion(), clang::ento::MemRegionManager::getCXXStaticLifetimeExtendedObjectRegion(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::MemRegionManager::getElementRegion(), clang::MaterializeTemporaryExpr::getExtendingDecl(), clang::StackFrameContext::getIndex(), getIndexOfElementToConstruct(), clang::ConstructionContext::getKind(), clang::ento::CallEventManager::getObjCMethodCall(), getObjectUnderConstruction(), clang::LocationContext::getParent(), clang::ASTContext::getPointerType(), clang::ento::SValBuilder::getRegionManager(), clang::ento::CallEventManager::getSimpleCall(), clang::LocationContext::getStackFrame(), getStateManager(), clang::MaterializeTemporaryExpr::getStorageDuration(), getSValBuilder(), clang::Expr::getType(), clang::Init, clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::EvalCallOptions::IsElidableCtorThatHasNotBeenElided, clang::ento::EvalCallOptions::IsTemporaryCtorOrDtor, clang::ento::EvalCallOptions::IsTemporaryLifetimeExtendedViaAggregate, clang::ento::CallEvent::isVariadic(), clang::ConstructionContext::LambdaCaptureKind, clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeLoc(), clang::ConstructionContext::NewAllocatedObjectKind, clang::SD_FullExpression, clang::SD_Static, clang::SD_Thread, clang::ConstructionContext::SimpleConstructorInitializerKind, clang::ConstructionContext::SimpleReturnedValueKind, clang::ConstructionContext::SimpleTemporaryObjectKind, clang::ConstructionContext::SimpleVariableKind, and V.
Referenced by computeObjectUnderConstruction(), clang::ento::CallEvent::getReturnValueUnderConstruction(), and handleConstructionContext().
◆ CreateCXXTemporaryObject()
◆ defaultEvalCall()
Default implementation of call evaluation.
Definition at line 1218 of file ExprEngineCallAndReturn.cpp.
References clang::Call, clang::ento::CallEvent::cloneWithState(), D, E, getAnalysisManager(), clang::ento::RuntimeDefinition::getDecl(), clang::ento::RuntimeDefinition::getDispatchRegion(), getInlineFailedState(), clang::ento::ExplodedNode::getState(), clang::IPAK_DynamicDispatch, clang::IPAK_DynamicDispatchBifurcate, clang::ento::RuntimeDefinition::isForeign(), isTrivialObjectAssignment(), clang::ento::RuntimeDefinition::mayHaveOtherDefinitions(), and clang::ento::AnalysisManager::options.
Referenced by clang::ento::CheckerManager::runCheckersForEvalCall(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), and VisitObjCMessage().
◆ didEagerlyAssumeBifurcateAt()
◆ DumpGraph() [1/2]
| std::string ExprEngine::DumpGraph | ( | ArrayRef< const ExplodedNode * > | Nodes, |
|---|---|---|---|
| StringRef | Filename = "" | ||
| ) |
◆ DumpGraph() [2/2]
| std::string ExprEngine::DumpGraph | ( | bool | trim = false, |
|---|---|---|---|
| StringRef | Filename = "" | ||
| ) |
◆ evalBinOp()
◆ evalCall()
Evaluate a call, running pre- and post-call checkers and allowing checkers to be responsible for handling the evaluation of the call itself.
Definition at line 677 of file ExprEngineCallAndReturn.cpp.
References clang::Call, clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::Type::getPointeeType(), clang::ento::ExplodedNodeSet::insert(), clang::QualType::isConstQualified(), clang::QualType::isNull(), clang::Type::isPointerType(), clang::Type::isReferenceType(), clang::Type::isVoidType(), processPointerEscapedOnBind(), clang::ento::PSK_EscapeOutParameters, clang::ento::CheckerManager::runCheckersForEvalCall(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().
Referenced by VisitCallExpr().
◆ evalEagerlyAssumeBifurcation()
evalEagerlyAssumeBifurcation - Given the nodes in 'Src', eagerly assume concrete boolean values for 'Ex', storing the resulting nodes in 'Dst'.
Referenced by Visit().
◆ evalLoad()
Simulate a read of the result of Ex.
Definition at line 3681 of file ExprEngine.cpp.
References clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::empty(), clang::ento::StmtNodeBuilder::generateNode(), clang::Expr::getType(), clang::QualType::isNull(), clang::ento::SVal::isUndef(), clang::ento::SVal::isValid(), clang::ProgramPoint::PostLoadKind, and V.
Referenced by VisitBinaryOperator(), VisitCast(), VisitIncrementDecrementOperator(), and VisitMemberExpr().
◆ evalStore()
◆ ExecuteWorkList()
◆ getAnalysisDeclContextManager()
◆ getAnalysisManager()
◆ getBasicVals()
◆ getBugReporter()
| BugReporter & clang::ento::ExprEngine::getBugReporter ( ) | inline |
|---|
◆ getBuilderContext()
◆ getCFGElementRef()
Definition at line 229 of file ExprEngine.h.
References clang::ento::NodeBuilderContext::getBlock().
Referenced by computeObjectUnderConstruction(), ProcessAutomaticObjDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), ProcessNewAllocator(), ProcessTemporaryDtor(), VisitCallExpr(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), and VisitObjCMessage().
◆ getCheckerManager()
| CheckerManager & clang::ento::ExprEngine::getCheckerManager ( ) const | inline |
|---|
Definition at line 204 of file ExprEngine.h.
References clang::ento::AnalysisManager::getCheckerManager().
Referenced by evalCall(), notifyCheckersOfPointerEscape(), printJson(), processAssume(), processBeginOfFunction(), processBranch(), processCallExit(), processEndOfFunction(), processEndWorklist(), processRegionChanges(), removeDead(), Visit(), VisitArrayInitLoopExpr(), VisitArraySubscriptExpr(), VisitAtomicExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCallExpr(), VisitCast(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitDeclStmt(), VisitLambdaExpr(), VisitLvalObjCIvarRefExpr(), VisitMemberExpr(), VisitObjCAtSynchronizedStmt(), VisitObjCForCollectionStmt(), VisitObjCMessage(), VisitReturnStmt(), VisitUnaryExprOrTypeTraitExpr(), and VisitUnaryOperator().
◆ getConstraintManager()
◆ getContext()
| ASTContext & clang::ento::ExprEngine::getContext ( ) const | inline |
|---|
getContext - Return the ASTContext associated with this analysis.
Definition at line 196 of file ExprEngine.h.
References clang::ento::AnalysisManager::getASTContext().
Referenced by computeObjectUnderConstruction(), clang::ento::CheckerContext::getASTContext(), clang::ento::CheckerContext::getLangOpts(), handleLValueBitCast(), ProcessAutomaticObjDtor(), processBranch(), processCallExit(), ProcessDeleteDtor(), ProcessInitializer(), ProcessLoopExit(), ProcessMemberDtor(), ProcessStmt(), processSwitch(), ProcessTemporaryDtor(), Visit(), VisitArraySubscriptExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCast(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXThisExpr(), VisitDeclStmt(), VisitInitListExpr(), VisitLambdaExpr(), VisitOffsetOfExpr(), and VisitUnaryExprOrTypeTraitExpr().
◆ getCoreEngine()
| const CoreEngine & clang::ento::ExprEngine::getCoreEngine ( ) const | inline |
|---|
◆ getCrossTranslationUnitContext()
◆ getCurrentCFGElement()
| CFGElement clang::ento::ExprEngine::getCurrentCFGElement ( ) | inline |
|---|
◆ getDataTags()
◆ getEagerlyAssumeBifurcationTags()
◆ getGraph() [1/2]
◆ getGraph() [2/2]
| const ExplodedGraph & clang::ento::ExprEngine::getGraph ( ) const | inline |
|---|
◆ getIndexOfElementToConstruct()
◆ getInitialState()
getInitialState - Return the initial state used for the root vertex in the ExplodedGraph.
Definition at line 244 of file ExprEngine.cpp.
References D, evalBinOp(), clang::ento::SVal::getAs(), clang::ento::SValBuilder::getConditionType(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ProgramStateManager::getInitialState(), clang::IdentifierInfo::getName(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::ValueDecl::getType(), clang::ento::SValBuilder::makeZeroVal(), clang::T, and V.
Referenced by clang::ento::CoreEngine::ExecuteWorkList().
◆ getObjectUnderConstruction()
By looking at a certain item that may be potentially part of an object's ConstructionContext, retrieve such object's location.
A particular statement can be transparently passed as Item in most cases.
Definition at line 603 of file ExprEngine.cpp.
References clang::LocationContext::getStackFrame(), and V.
Referenced by computeObjectUnderConstruction(), clang::ento::CXXAllocatorCall::getObjectUnderConstruction(), clang::ento::CallEvent::isArgumentConstructedDirectly(), processCleanupTemporaryBranch(), ProcessInitializer(), ProcessTemporaryDtor(), VisitCXXBindTemporaryExpr(), VisitCXXNewExpr(), VisitDeclStmt(), and VisitLambdaExpr().
◆ getPendingArrayDestruction()
◆ getPendingInitLoop()
◆ getRegionManager()
◆ getRootLocationContext()
| const LocationContext * clang::ento::ExprEngine::getRootLocationContext ( ) const | inline |
|---|
◆ getStateManager()
Definition at line 414 of file ExprEngine.h.
Referenced by computeObjectUnderConstruction(), clang::ento::CheckerContext::getStateManager(), clang::ento::PathSensitiveBugReporter::getStateManager(), processCallExit(), processEndOfFunction(), VisitCallExpr(), VisitCXXDeleteExpr(), VisitCXXDestructor(), VisitCXXNewAllocatorCall(), VisitCXXNewExpr(), and VisitObjCMessage().
◆ getStmt()
| const Stmt * clang::ento::ExprEngine::getStmt | ( | ) | const |
|---|
◆ getStoreManager()
| StoreManager & clang::ento::ExprEngine::getStoreManager ( ) | inline |
|---|
◆ getSValBuilder()
| SValBuilder & clang::ento::ExprEngine::getSValBuilder ( ) | inline |
|---|
◆ getSymbolManager()
| SymbolManager & clang::ento::ExprEngine::getSymbolManager ( ) | inline |
|---|
◆ handleConstructionContext()
◆ handleLValueBitCast()
Definition at line 254 of file ExprEngineC.cpp.
References clang::ento::SValBuilder::evalCast(), clang::ento::SValBuilder::evalMinus(), clang::ento::StmtNodeBuilder::generateNode(), clang::CastExpr::getCastKind(), getContext(), clang::ASTContext::getLValueReferenceType(), clang::ASTContext::getRValueReferenceType(), clang::Expr::getType(), clang::Type::isLValueReferenceType(), clang::Type::isRValueReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::PSK_EscapeOther, clang::ento::SValBuilder::simplifySVal(), clang::T, and V.
Referenced by VisitCast().
◆ handleUOExtension()
◆ hasEmptyWorkList()
| bool clang::ento::ExprEngine::hasEmptyWorkList ( ) const | inline |
|---|
◆ hasMoreIteration()
◆ hasWorkRemaining()
| bool clang::ento::ExprEngine::hasWorkRemaining ( ) const | inline |
|---|
◆ notifyCheckersOfPointerEscape()
◆ printJson()
◆ processAssume()
◆ ProcessAutomaticObjDtor()
Definition at line 1337 of file ExprEngine.cpp.
References clang::ento::SVal::castAs(), clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::ento::SVal::getAsInteger(), clang::ento::SVal::getAsRegion(), clang::ento::MemRegion::getBaseRegion(), getBuilderContext(), getCFGElementRef(), getContext(), clang::CFGImplicitDtor::getDestructorDecl(), clang::ento::ExplodedNode::getLocationContext(), getRegion(), clang::ento::ExplodedNode::getState(), clang::CFGAutomaticObjDtor::getTriggerStmt(), clang::CFGAutomaticObjDtor::getVarDecl(), clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::ento::SVal::isConstant(), clang::Type::isReferenceType(), clang::ento::NodeBuilder::takeNodes(), clang::ast_matchers::varDecl, and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
◆ ProcessBaseDtor()
Definition at line 1485 of file ExprEngine.cpp.
References D, clang::ento::StoreManager::evalDerivedToBase(), clang::ento::SVal::getAsRegion(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStoreManager(), getSValBuilder(), and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
◆ processBeginOfFunction()
◆ processBranch()
ProcessBranch - Called by CoreEngine.
Used to generate successor nodes by processing the 'effects' of a branch condition. If the branch condition is a loop condition, IterationsCompletedInLoop is the number of completed iterations (otherwise it's std::nullopt).
Definition at line 2766 of file ExprEngine.cpp.
References assumeCondition(), clang::Condition, didEagerlyAssumeBifurcateAt(), clang::ento::ExplodedNodeSet::empty(), clang::ento::BranchNodeBuilder::generateNode(), clang::ento::NodeBuilderContext::getBlock(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::AnalysisManager::options, ResolveCondition(), and clang::ento::CheckerManager::runCheckersForBranchCondition().
◆ processCallEnter()
◆ processCallExit()
Generate the sequence of nodes that simulate the call exit and the post visit for CallExpr.
The call exit is simulated with a sequence of nodes, which occur between CallExitBegin and CallExitEnd.
The following operations occur between the two program points:
- CallExitBegin (triggers the start of call exit sequence)
- Bind the return value
- Run Remove dead bindings to clean up the dead symbols from the callee.
- CallExitEnd (switch to the caller context)
- PostStmt
Definition at line 254 of file ExprEngineCallAndReturn.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::ento::ExplodedNode::addPredecessor(), adjustReturnValue(), clang::AnalyzerOptions::AnalysisPurgeOpt, clang::ento::ExplodedNodeSet::begin(), clang::Call, clang::ento::SVal::castAs(), clang::ento::ExplodedNodeSet::end(), clang::ento::WorkList::enqueue(), clang::ento::SValBuilder::evalCast(), clang::LocationContext::getAnalysisDeclContext(), clang::ento::AnalysisManager::getAnalyzerOptions(), clang::AnalysisDeclContext::getBody(), clang::ento::CallEventManager::getCaller(), clang::ento::ProgramStateManager::getCallEventManager(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), clang::ento::ExplodedNode::getCFG(), getCheckerManager(), getContext(), getCoreEngine(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::CallEvent::getDeclaredResultType(), clang::CFG::getExit(), clang::StackFrameContext::getIndex(), getLastStmt(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedGraph::getNode(), clang::LocationContext::getParent(), getPendingArrayDestruction(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getStackFrame(), clang::ento::ExplodedNode::getState(), getStateManager(), getStoreManager(), clang::ento::SVal::getType(), clang::ento::CoreEngine::getWorkList(), clang::ento::ExplodedNodeSet::insert(), clang::QualType::isNull(), clang::ento::AnalysisManager::options, clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, removeDead(), clang::ento::CheckerManager::runCheckersForNewAllocator(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPostStmt(), V, and wasDifferentDeclUsedForInlining().
Referenced by clang::ento::CoreEngine::dispatchWorkItem().
◆ processCFGBlockEntrance()
Called by CoreEngine when processing the entrance of a CFGBlock.
Block entrance. (Update counters).
Definition at line 2514 of file ExprEngine.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::NodeBuilderWithSinks::generateNode(), clang::ento::NodeBuilderWithSinks::generateSink(), clang::ento::AnalysisManager::getASTContext(), clang::ento::NodeBuilderContext::getBlock(), clang::ento::NodeBuilder::getContext(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocation(), clang::ProgramPoint::getLocationContext(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::CFGBlock::getTerminatorStmt(), clang::ento::getWidenedLoopState(), clang::ento::isUnrolledState(), clang::ento::FunctionSummariesTy::markReachedMaxBlockCount(), clang::AnalyzerOptions::maxBlockVisitOnPath, clang::AnalyzerOptions::NoRetryExhausted, clang::ento::AnalysisManager::options, clang::ento::ExplodedGraph::roots_begin(), and clang::ento::updateLoopStack().
◆ processCFGElement()
processCFGElement - Called by CoreEngine.
Used to generate new successor nodes by processing the 'effects' of a CFG element.
Definition at line 966 of file ExprEngine.cpp.
References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, clang::CFGElement::CleanupFunction, clang::CFGElement::Constructor, clang::CFGElement::CXXRecordTypedCall, clang::CFGElement::DeleteDtor, E, clang::CFGNewAllocator::getAllocatorExpr(), clang::ento::ExplodedNode::getLocationContext(), clang::CFGLoopExit::getLoopStmt(), clang::CFGStmt::getStmt(), clang::CFGElement::Initializer, clang::CFGElement::LifetimeEnds, clang::CFGElement::LoopExit, clang::CFGElement::MemberDtor, clang::CFGElement::NewAllocator, ProcessImplicitDtor(), ProcessInitializer(), ProcessLoopExit(), ProcessNewAllocator(), ProcessStmt(), clang::CFGElement::ScopeBegin, clang::CFGElement::ScopeEnd, clang::CFGElement::Statement, and clang::CFGElement::TemporaryDtor.
◆ processCleanupTemporaryBranch()
◆ ProcessDeleteDtor()
Definition at line 1409 of file ExprEngine.cpp.
References clang::ento::NodeBuilder::generateNode(), clang::CXXDeleteExpr::getArgument(), clang::ASTContext::getAsArrayType(), clang::Type::getAsCXXRecordDecl(), clang::ento::SVal::getAsInteger(), clang::ento::SVal::getAsRegion(), clang::ASTContext::getBaseElementType(), clang::CXXDeleteExpr::getBeginLoc(), getBuilderContext(), getCFGElementRef(), getContext(), clang::CFGDeleteDtor::getDeleteExpr(), clang::CXXDeleteExpr::getDestroyedType(), clang::CXXRecordDecl::getDestructor(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::CXXDeleteExpr::isArrayForm(), clang::ento::SVal::isConstant(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::NodeBuilder::takeNodes(), and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
◆ processEndOfFunction()
Called by CoreEngine.
ProcessEndPath - Called by CoreEngine.
Used to notify checkers that processing a function has ended. Called for both inlined and top-level functions.
Used to generate end-of-path nodes when the control reaches the end of a function.
Definition at line 2929 of file ExprEngine.cpp.
References clang::ConstructionContextItem::ElidedDestructorKind, clang::ento::CoreEngine::enqueueEndOfFunction(), clang::ento::NodeBuilder::generateNode(), getCheckerManager(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getStackFrame(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::LocationContext::inTopFrame(), clang::StackFrameContext::inTopFrame(), removeDeadOnEndOfFunction(), clang::ento::CheckerManager::runCheckersForEndFunction(), and clang::ConstructionContextItem::TemporaryDestructorKind.
◆ processEndWorklist()
| void ExprEngine::processEndWorklist | ( | ) |
|---|
◆ ProcessImplicitDtor()
Definition at line 1290 of file ExprEngine.cpp.
References clang::CFGElement::AutomaticObjectDtor, clang::CFGElement::BaseDtor, D, clang::CFGElement::DeleteDtor, clang::ento::CoreEngine::enqueue(), clang::ento::NodeBuilderContext::getBlock(), clang::Decl::getKind(), clang::CFGElement::MemberDtor, ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), ProcessTemporaryDtor(), and clang::CFGElement::TemporaryDtor.
Referenced by processCFGElement().
◆ processIndirectGoto()
◆ ProcessInitializer()
Definition at line 1160 of file ExprEngine.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ast_matchers::decl, clang::ento::CoreEngine::enqueue(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::NodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::ArraySubscriptExpr::getBase(), clang::CXXCtorInitializer::getBaseClass(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::SValBuilder::getCXXThis(), clang::CXXCtorInitializer::getIndirectMember(), clang::CXXCtorInitializer::getInit(), clang::CFGInitializer::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXCtorInitializer::getMember(), getObjectUnderConstruction(), clang::CXXCtorInitializer::getSourceLocation(), clang::ento::ExplodedNode::getState(), getStoreManager(), getSValBuilder(), clang::Expr::IgnoreImplicit(), clang::Init, clang::ento::ExplodedNodeSet::insert(), clang::CXXCtorInitializer::isAnyMemberInitializer(), clang::CXXCtorInitializer::isBaseInitializer(), clang::CXXCtorInitializer::isBaseVirtual(), clang::CXXCtorInitializer::isDelegatingInitializer(), clang::CXXCtorInitializer::isIndirectMemberInitializer(), and clang::ento::SVal::isUnknownOrUndef().
Referenced by processCFGElement().
◆ ProcessLoopExit()
◆ ProcessMemberDtor()
Definition at line 1505 of file ExprEngine.cpp.
References D, clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::ento::SVal::getAsInteger(), getBuilderContext(), getCFGElementRef(), getContext(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getSValBuilder(), clang::ento::EvalCallOptions::IsArrayCtorOrDtor, clang::ento::SVal::isConstant(), clang::Member, clang::T, clang::ento::NodeBuilder::takeNodes(), and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
◆ ProcessNewAllocator()
◆ processPointerEscapedOnBind()
◆ processRegionChange()
◆ processRegionChanges()
◆ processStaticInitializer()
Called by CoreEngine.
Used to processing branching behavior at static initializers.
◆ ProcessStmt()
Definition at line 1112 of file ExprEngine.cpp.
References clang::ento::ExplodedNodeSet::Add(), clang::ento::CoreEngine::enqueue(), clang::Stmt::getBeginLoc(), clang::ento::NodeBuilderContext::getBlock(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNodeSet::insert(), clang::ento::ExplodedGraph::reclaimRecentlyAllocatedNodes(), removeDead(), shouldRemoveDeadBindings(), and Visit().
Referenced by processCFGElement().
◆ processSwitch()
ProcessSwitch - Called by CoreEngine.
Used to generate successor nodes by processing the 'effects' of a switch statement.
Definition at line 3003 of file ExprEngine.cpp.
References clang::ento::SwitchNodeBuilder::begin(), clang::ento::SVal::castAs(), E, clang::ento::SwitchNodeBuilder::end(), clang::Expr::EvaluateKnownConstInt(), clang::ento::SwitchNodeBuilder::generateCaseStmtNode(), clang::ento::SwitchNodeBuilder::generateDefaultCaseNode(), clang::Type::getAs(), clang::ento::SVal::getAs(), clang::SwitchStmt::getCond(), clang::ento::SwitchNodeBuilder::getCondition(), getContext(), clang::CaseStmt::getLHS(), clang::ento::SwitchNodeBuilder::getLocationContext(), clang::CaseStmt::getRHS(), clang::ento::SwitchNodeBuilder::getState(), clang::ento::SwitchNodeBuilder::getSwitch(), clang::Expr::getType(), clang::Expr::IgnoreParenImpCasts(), clang::SwitchStmt::isAllEnumCasesCovered(), and clang::ento::SVal::isUndef().
◆ ProcessTemporaryDtor()
Definition at line 1564 of file ExprEngine.cpp.
References clang::ento::ExplodedNodeSet::begin(), D, clang::ento::ExplodedNodeSet::empty(), clang::ento::NodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateNode(), clang::Decl::getBeginLoc(), getCFGElementRef(), getContext(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ento::ExplodedNode::getState(), clang::ento::EvalCallOptions::IsTemporaryCtorOrDtor, clang::ento::ExplodedNodeSet::size(), clang::T, V, and VisitCXXDestructor().
Referenced by ProcessImplicitDtor().
◆ removeDead()
Run the analyzer's garbage collection - remove dead symbols and bindings from the state.
Checkers can participate in this process with two callbacks: checkLiveSymbols and checkDeadSymbols. See the CheckerDocumentation class for more information.
Parameters
| Node | The predecessor node, from which the processing should start. |
|---|---|
| Out | The returned set of output nodes. |
| ReferenceStmt | The statement which is about to be processed. Everything needed for this statement should be considered live. A null statement means that everything in child LocationContexts is dead. |
| LC | The location context of the ReferenceStmt. A null location context means that we have reached the end of analysis and that all statements and local variables should be considered dead. |
| DiagnosticStmt | Used as a location for any warnings that should occur while removing the dead (e.g. leaks). By default, the ReferenceStmt is used. |
| K | Denotes whether this is a pre- or post-statement purge. This must only be ProgramPoint::PostStmtPurgeDeadSymbolsKind if an entire location context is being cleared, in which case the ReferenceStmt must either be a ReturnStmt or NULL. Otherwise, it must be ProgramPoint::PreStmtPurgeDeadSymbolsKind (the default) and ReferenceStmt must be valid (non-null). |
Definition at line 1029 of file ExprEngine.cpp.
References cleanupNodeTag(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getConstraintManager(), clang::LocationContext::getParent(), clang::ento::ProgramStateManager::getPersistentStateWithGDM(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::ento::ProgramStateManager::haveEqualEnvironments(), clang::ento::ProgramStateManager::haveEqualStores(), clang::ento::SymbolReaper::markLive(), clang::ProgramPoint::PostStmtPurgeDeadSymbolsKind, clang::ProgramPoint::PreStmtPurgeDeadSymbolsKind, clang::ento::ConstraintManager::removeDeadBindings(), clang::ento::ProgramStateManager::removeDeadBindingsFromEnvironmentAndStore(), clang::ento::CheckerManager::runCheckersForDeadSymbols(), and clang::ento::CheckerManager::runCheckersForLiveSymbols().
Referenced by processCallExit(), ProcessStmt(), and removeDeadOnEndOfFunction().
◆ removeDeadOnEndOfFunction()
◆ removeIterationState()
◆ setWhetherHasMoreIteration()
◆ updateObjectsUnderConstruction()
Update the program state with all the path-sensitive information that's necessary to perform construction of an object with a given syntactic construction context.
V and CallOpts have to be obtained from computeObjectUnderConstruction() invoked with the same set of the remaining arguments (E, State, LCtx, CC).
Definition at line 391 of file ExprEngineCXX.cpp.
References clang::ConstructionContext::ArgumentKind, clang::ConstructionContext::CXX17ElidedCopyConstructorInitializerKind, clang::ConstructionContext::CXX17ElidedCopyReturnedValueKind, clang::ConstructionContext::CXX17ElidedCopyVariableKind, clang::ConstructionContext::ElidedTemporaryObjectKind, clang::ento::AnalysisManager::getAnalyzerOptions(), clang::StackFrameContext::getCallSite(), clang::StackFrameContext::getCallSiteBlock(), clang::StackFrameContext::getIndex(), clang::ConstructionContext::getKind(), clang::LocationContext::getParent(), clang::LocationContext::getStackFrame(), clang::Init, clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::EvalCallOptions::IsElidableCtorThatHasNotBeenElided, clang::ConstructionContext::LambdaCaptureKind, clang::ConstructionContext::NewAllocatedObjectKind, clang::ConstructionContext::SimpleConstructorInitializerKind, clang::ConstructionContext::SimpleReturnedValueKind, clang::ConstructionContext::SimpleTemporaryObjectKind, clang::ConstructionContext::SimpleVariableKind, updateObjectsUnderConstruction(), and V.
Referenced by handleConstructionContext(), and updateObjectsUnderConstruction().
◆ ViewGraph() [1/2]
◆ ViewGraph() [2/2]
| void ExprEngine::ViewGraph | ( | bool | trim = false | ) |
|---|
◆ Visit()
Visit - Transfer function logic for all statements.
Dispatches to other functions that handle specific kinds of statements.
Definition at line 1710 of file ExprEngine.cpp.
References clang::ento::CoreEngine::addAbortedBlock(), clang::ento::NodeBuilder::addNodes(), clang::ento::NodeBuilderContext::blockCount(), clang::C, clang::ento::SValBuilder::conjureSymbolVal(), CreateCXXTemporaryObject(), E, evalEagerlyAssumeBifurcation(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::ento::NodeBuilderContext::getBlock(), getCheckerManager(), clang::ento::SValBuilder::getConstantVal(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), isRecordType(), clang::ento::SValBuilder::makeIntValWithWidth(), Node, clang::Stmt::NoStmtClass, clang::ento::AnalysisManager::options, PostVisit, clang::ProgramPoint::PreStmtKind, clang::ento::PSK_EscapeOther, clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), V, VisitArrayInitLoopExpr(), VisitArraySubscriptExpr(), VisitAtomicExpr(), VisitBinaryOperator(), VisitBlockExpr(), VisitCallExpr(), VisitCast(), VisitCommonDeclRefExpr(), VisitCompoundLiteralExpr(), VisitCXXBindTemporaryExpr(), VisitCXXCatchStmt(), VisitCXXConstructExpr(), VisitCXXDeleteExpr(), VisitCXXInheritedCtorInitExpr(), VisitCXXNewExpr(), VisitCXXThisExpr(), VisitDeclStmt(), VisitGCCAsmStmt(), VisitGuardedExpr(), VisitInitListExpr(), VisitLambdaExpr(), VisitLogicalExpr(), VisitLvalObjCIvarRefExpr(), VisitMemberExpr(), VisitMSAsmStmt(), VisitObjCAtSynchronizedStmt(), VisitObjCForCollectionStmt(), VisitObjCMessage(), VisitOffsetOfExpr(), VisitReturnStmt(), VisitUnaryExprOrTypeTraitExpr(), and VisitUnaryOperator().
Referenced by ProcessStmt().
◆ VisitArrayInitLoopExpr()
◆ VisitArraySubscriptExpr()
VisitArraySubscriptExpr - Transfer function for array accesses.
Definition at line 3324 of file ExprEngine.cpp.
References clang::ASTContext::CharTy, clang::ento::StmtNodeBuilder::generateNode(), clang::ArraySubscriptExpr::getBase(), getCheckerManager(), getContext(), clang::ArraySubscriptExpr::getIdx(), clang::ento::AnalysisManager::getLangOpts(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::QualType::isCForbiddenLValueType(), clang::Expr::isGLValue(), clang::Type::isVectorType(), clang::Type::isVoidType(), Node, clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::T, and V.
Referenced by Visit().
◆ VisitAtomicExpr()
◆ VisitBinaryOperator()
VisitBinaryOperator - Transfer function logic for binary operators.
Definition at line 40 of file ExprEngineC.cpp.
References clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), conjureOffsetSymbolOnLocation(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::ExplodedNodeSet::end(), evalBinOp(), clang::ento::SValBuilder::evalCast(), evalLoad(), evalStore(), clang::ento::StmtNodeBuilder::generateNode(), clang::ASTContext::getCanonicalType(), getCheckerManager(), getContext(), clang::BinaryOperator::getLHS(), clang::BinaryOperator::getOpcode(), clang::BinaryOperator::getRHS(), clang::Expr::getType(), clang::Expr::IgnoreParens(), clang::BinaryOperator::isAdditiveOp(), clang::BinaryOperator::isAssignmentOp(), clang::BinaryOperator::isCompoundAssignmentOp(), clang::Expr::isGLValue(), clang::ento::SVal::isUnknown(), clang::ento::PSK_EscapeOther, clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and V.
Referenced by Visit().
◆ VisitBlockExpr()
VisitBlockExpr - Transfer function logic for BlockExprs.
Definition at line 193 of file ExprEngineC.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::BlockDecl::capture_begin(), clang::BlockDecl::capture_end(), clang::ento::StmtNodeBuilder::generateNode(), clang::BlockExpr::getBlockDecl(), clang::ento::SValBuilder::getBlockPointer(), clang::ASTContext::getCanonicalType(), getCheckerManager(), getContext(), clang::ento::VarRegion::getDecl(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::T, and V.
Referenced by Visit().
◆ VisitCallExpr()
◆ VisitCast()
VisitCast - Transfer function logic for all casts (implicit and explicit).
Definition at line 282 of file ExprEngineC.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StoreManager::evalBaseToDerived(), clang::ento::SValBuilder::evalCast(), clang::ento::StoreManager::evalDerivedToBase(), clang::ento::SValBuilder::evalIntegralCast(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), getBasicVals(), clang::CastExpr::getCastKind(), getCheckerManager(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::SValBuilder::getMemberPointer(), clang::ASTContext::getPointerType(), clang::ento::ExplodedNode::getState(), getStoreManager(), clang::ento::ProgramStateManager::getStoreManager(), clang::Expr::getType(), handleLValueBitCast(), clang::ento::SVal::isConstant(), clang::Expr::isGLValue(), clang::Type::isReferenceType(), clang::ento::SVal::isUnknown(), clang::ento::SVal::isZeroConstant(), clang::ento::SValBuilder::makeNullWithType(), clang::ento::SValBuilder::makePointerToMember(), clang::ento::SValBuilder::makeTruthVal(), clang::ento::AnalysisManager::options, clang::CastExpr::path(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::T, and V.
Referenced by Visit().
◆ VisitCommonDeclRefExpr()
Transfer function logic for DeclRefExprs and BlockDeclRefExprs.
Definition at line 3086 of file ExprEngine.cpp.
References clang::CXXThis, D, clang::ento::StmtNodeBuilder::generateNode(), clang::CXXRecordDecl::getCaptureFields(), clang::ento::SValBuilder::getCXXThis(), clang::LocationContext::getDecl(), clang::ento::SValBuilder::getFunctionPointer(), clang::ento::ExplodedNode::getLocationContext(), clang::DeclContext::getParent(), clang::LocationContext::getStackFrame(), clang::ento::ExplodedNode::getState(), clang::ento::SVal::isConstant(), clang::Expr::isGLValue(), clang::ento::SValBuilder::makeIntVal(), clang::ento::AnalysisManager::options, clang::ProgramPoint::PostLValueKind, and V.
Referenced by Visit(), and VisitMemberExpr().
◆ VisitCompoundLiteralExpr()
◆ VisitCXXBindTemporaryExpr()
◆ VisitCXXCatchStmt()
◆ VisitCXXConstructExpr()
◆ VisitCXXDeleteExpr()
Definition at line 1074 of file ExprEngineCXX.cpp.
References clang::Call, defaultEvalCall(), clang::ento::AnalysisManager::getAnalyzerOptions(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::CallEventManager::getCXXDeallocatorCall(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().
Referenced by Visit().
◆ VisitCXXDestructor()
Definition at line 803 of file ExprEngineCXX.cpp.
References clang::Call, defaultEvalCall(), E, clang::ento::NodeBuilder::generateNode(), clang::ento::NodeBuilder::generateSink(), clang::Type::getAsCXXRecordDecl(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), getContext(), clang::ento::CallEventManager::getCXXDestructorCall(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::EvalCallOptions::IsCtorOrDtorWithImproperlyModeledTargetRegion, clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPreCall(), clang::T, and clang::ProgramPoint::withTag().
Referenced by ProcessAutomaticObjDtor(), ProcessBaseDtor(), ProcessDeleteDtor(), ProcessMemberDtor(), and ProcessTemporaryDtor().
◆ VisitCXXInheritedCtorInitExpr()
◆ VisitCXXNewAllocatorCall()
Definition at line 870 of file ExprEngineCXX.cpp.
References clang::Call, clang::ento::SVal::castAs(), defaultEvalCall(), clang::ento::StmtNodeBuilder::generateNode(), clang::Type::getAs(), clang::CXXNewExpr::getBeginLoc(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), getContext(), clang::ento::CallEventManager::getCXXAllocatorCall(), clang::ento::ExplodedNode::getLocationContext(), clang::CXXNewExpr::getOperatorNew(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ento::CheckerManager::runCheckersForNewAllocator(), clang::ento::CheckerManager::runCheckersForPostCall(), and clang::ento::CheckerManager::runCheckersForPreCall().
Referenced by ProcessNewAllocator().
◆ VisitCXXNewExpr()
Definition at line 942 of file ExprEngineCXX.cpp.
References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::Call, clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::SValBuilder::evalCast(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::AnalysisManager::getAnalyzerOptions(), clang::Type::getAs(), clang::ento::SVal::getAs(), clang::ento::SVal::getAsRegion(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), clang::ento::SValBuilder::getConjuredHeapSymbolVal(), clang::ento::SValBuilder::getContext(), clang::ento::CallEventManager::getCXXAllocatorCall(), clang::ento::MemRegionManager::getElementRegion(), clang::CXXNewExpr::getInitializer(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::CXXNewExpr::getOperatorNew(), clang::CXXNewExpr::getPlacementArg(), clang::Type::getPointeeType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ValueDecl::getType(), clang::Expr::getType(), clang::Init, clang::CXXNewExpr::isArray(), clang::FunctionDecl::isReplaceableGlobalAllocationFunction(), clang::FunctionDecl::isReservedGlobalPlacementOperator(), clang::ento::SVal::isUnknown(), clang::ento::SValBuilder::makeArrayIndex(), clang::Result, clang::ento::ExplodedNodeSet::size(), clang::ento::NodeBuilder::takeNodes(), and V.
Referenced by Visit().
◆ VisitCXXThisExpr()
◆ VisitDeclStmt()
VisitDeclStmt - Transfer function logic for DeclStmts.
Definition at line 565 of file ExprEngineC.cpp.
References clang::ento::NodeBuilder::addNodes(), clang::ento::ExplodedNodeSet::begin(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SValBuilder::conjureSymbolVal(), clang::DeclStmt::decl_begin(), E, clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getContext(), clang::VarDecl::getInit(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ASTContext::getPointerType(), clang::ento::NodeBuilder::getResults(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::DeclStmt::isSingleDecl(), clang::ento::SVal::isUnknown(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::ento::NodeBuilder::takeNodes().
Referenced by Visit().
◆ VisitGCCAsmStmt()
◆ VisitGuardedExpr()
VisitGuardedExpr - Transfer function logic for ?, __builtin_choose.
Definition at line 783 of file ExprEngineC.cpp.
References clang::ento::NodeBuilderContext::blockCount(), clang::ProgramPoint::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), clang::ento::StmtNodeBuilder::generateNode(), clang::ProgramPoint::getAs(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::IgnoreParens(), clang::ento::ExplodedNode::pred_begin(), and V.
Referenced by Visit().
◆ VisitIncrementDecrementOperator()
Handle ++ and – (both pre- and post-increment).
Definition at line 1059 of file ExprEngineC.cpp.
References clang::ento::NodeBuilder::addNodes(), clang::ento::NodeBuilderContext::blockCount(), clang::ento::SVal::castAs(), clang::ento::SValBuilder::conjureSymbolVal(), evalBinOp(), clang::ento::SValBuilder::evalEQ(), evalLoad(), evalStore(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::ento::ExplodedNodeSet::insert(), clang::ento::Loc::isLocType(), clang::ento::SVal::isUnknownOrUndef(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeIntVal(), clang::ento::SValBuilder::makeTruthVal(), clang::ento::SValBuilder::makeZeroVal(), clang::Result, and clang::ento::NodeBuilder::takeNodes().
Referenced by VisitUnaryOperator().
◆ VisitInitListExpr()
Definition at line 735 of file ExprEngineC.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getBasicVals(), clang::ASTContext::getCanonicalType(), getContext(), clang::ento::BasicValueFactory::getEmptySValList(), clang::InitListExpr::getInit(), clang::ento::ExplodedNode::getLocationContext(), clang::InitListExpr::getNumInits(), clang::ento::ExplodedNode::getState(), getSValBuilder(), clang::Expr::getType(), clang::Type::isAnyComplexType(), clang::Type::isArrayType(), clang::Expr::isGLValue(), clang::Type::isRecordType(), clang::InitListExpr::isTransparent(), clang::Type::isVectorType(), clang::ento::SValBuilder::makeCompoundVal(), clang::ento::SValBuilder::makeZeroVal(), clang::ento::BasicValueFactory::prependSVal(), clang::T, and V.
Referenced by Visit().
◆ VisitLambdaExpr()
VisitLambdaExpr - Transfer function logic for LambdaExprs.
Definition at line 1130 of file ExprEngineCXX.cpp.
References clang::ento::StmtNodeBuilder::generateNode(), getCheckerManager(), getContext(), clang::ento::MemRegionManager::getCXXTempObjectRegion(), clang::ento::ExplodedNode::getLocationContext(), getObjectUnderConstruction(), clang::ento::SValBuilder::getRegionManager(), clang::ento::ExplodedNode::getState(), clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), and V.
Referenced by Visit().
◆ VisitLogicalExpr()
VisitLogicalExpr - Transfer function logic for '&&', '||'.
Definition at line 641 of file ExprEngineC.cpp.
References clang::CFGElement::castAs(), clang::ProgramPoint::castAs(), clang::CFGBlock::empty(), evalBinOp(), clang::ento::SValBuilder::evalCast(), clang::ento::StmtNodeBuilder::generateNode(), clang::ProgramPoint::getAs(), getBasicVals(), clang::BlockEdge::getDst(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::BinaryOperator::getOpcode(), clang::BlockEdge::getSrc(), clang::ento::ExplodedNode::getState(), clang::CFGStmt::getStmt(), clang::CFGBlock::getTerminator(), clang::Expr::getType(), clang::ento::SVal::isUndef(), clang::Type::isVectorType(), clang::ento::SValBuilder::makeIntVal(), P, clang::ento::ExplodedNode::pred_begin(), clang::ento::ExplodedNode::pred_size(), clang::CFGBlock::rbegin(), clang::CFGBlock::succ_begin(), clang::CFGBlock::succ_size(), clang::T, and X.
Referenced by Visit().
◆ VisitLvalObjCIvarRefExpr()
◆ VisitMemberExpr()
VisitMemberExpr - Transfer function for member expressions.
Definition at line 3375 of file ExprEngine.cpp.
References clang::ento::NodeBuilder::addNodes(), evalLoad(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::SVal::getAsRegion(), clang::MemberExpr::getBase(), getCheckerManager(), clang::ento::SValBuilder::getFunctionPointer(), clang::MemberExpr::getMemberDecl(), getStoreManager(), clang::Expr::getType(), clang::Type::isArrayType(), clang::Expr::isGLValue(), clang::Member, clang::ProgramPoint::PostLValueKind, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::T, clang::ento::NodeBuilder::takeNodes(), and VisitCommonDeclRefExpr().
Referenced by Visit().
◆ VisitMSAsmStmt()
◆ VisitObjCAtSynchronizedStmt()
◆ VisitObjCForCollectionStmt()
◆ VisitObjCMessage()
Definition at line 147 of file ExprEngineObjC.cpp.
References clang::ento::ExplodedNodeSet::begin(), clang::ento::SVal::castAs(), clang::ento::CallEventRef< T >::cloneWithState(), defaultEvalCall(), clang::ento::ExplodedNodeSet::end(), clang::ento::StmtNodeBuilder::generateNode(), clang::ento::StmtNodeBuilder::generateSink(), clang::ento::ProgramStateManager::getCallEventManager(), getCFGElementRef(), getCheckerManager(), clang::ento::ExplodedNode::getLocation(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::CallEventManager::getObjCMethodCall(), clang::ento::ExplodedNode::getState(), getStateManager(), clang::ProgramPoint::getTag(), clang::ObjCNoReturn::isImplicitNoReturn(), clang::ento::SVal::isUndef(), clang::ProgramPoint::PreStmtKind, clang::ento::CheckerManager::runCheckersForObjCMessageNil(), clang::ento::CheckerManager::runCheckersForPostCall(), clang::ento::CheckerManager::runCheckersForPostObjCMessage(), clang::ento::CheckerManager::runCheckersForPreCall(), and clang::ento::CheckerManager::runCheckersForPreObjCMessage().
Referenced by Visit().
◆ VisitOffsetOfExpr()
VisitOffsetOfExpr - Transfer function for offsetof.
Definition at line 847 of file ExprEngineC.cpp.
References clang::Type::castAs(), clang::Expr::EvaluateAsInt(), clang::ento::StmtNodeBuilder::generateNode(), getContext(), clang::ento::ExplodedNode::getLocationContext(), clang::ento::ExplodedNode::getState(), clang::Expr::getType(), clang::BuiltinType::isInteger(), clang::Type::isSignedIntegerType(), clang::ento::SValBuilder::makeIntVal(), clang::Result, and X.
Referenced by Visit().
◆ VisitReturnStmt()
◆ VisitUnaryExprOrTypeTraitExpr()
VisitUnaryExprOrTypeTraitExpr - Transfer function for sizeof.
Definition at line 866 of file ExprEngineC.cpp.
References clang::Expr::EvaluateKnownConstInt(), clang::CharUnits::fromQuantity(), clang::ento::StmtNodeBuilder::generateNode(), clang::Type::getAs(), getCheckerManager(), getContext(), clang::UnaryExprOrTypeTraitExpr::getKind(), clang::CharUnits::getQuantity(), clang::Expr::getType(), clang::UnaryExprOrTypeTraitExpr::getTypeOfArgument(), clang::Type::isConstantSizeType(), clang::Type::isIncompleteType(), clang::Type::isVariableArrayType(), clang::ento::SValBuilder::makeIntVal(), clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), and clang::T.
Referenced by Visit().
◆ VisitUnaryOperator()
VisitUnaryOperator - Transfer function logic for unary operators.
Definition at line 923 of file ExprEngineC.cpp.
References clang::ento::NodeBuilder::addNodes(), evalBinOp(), clang::ento::SValBuilder::evalComplement(), clang::ento::SValBuilder::evalMinus(), clang::ento::StmtNodeBuilder::generateNode(), getBasicVals(), getCheckerManager(), clang::ento::SValBuilder::getMemberPointer(), clang::Expr::getType(), handleUOExtension(), clang::Type::isAnyComplexType(), clang::Type::isFloatingType(), clang::ento::SValBuilder::makeNullWithType(), clang::ento::SValBuilder::makeZeroVal(), clang::Result, clang::ento::CheckerManager::runCheckersForPostStmt(), clang::ento::CheckerManager::runCheckersForPreStmt(), clang::ento::NodeBuilder::takeNodes(), V, VisitIncrementDecrementOperator(), and X.
Referenced by Visit().
◆ wasBlocksExhausted()
| bool clang::ento::ExprEngine::wasBlocksExhausted ( ) const | inline |
|---|
The documentation for this class was generated from the following files:
- include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
- lib/StaticAnalyzer/Core/ExprEngine.cpp
- lib/StaticAnalyzer/Core/ExprEngineC.cpp
- lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
- lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
- lib/StaticAnalyzer/Core/ExprEngineObjC.cpp