1 //== Store.h - Interface for maps from Locations to Values ------*- C++ -*--==//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file defined the types Store and StoreManager.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #ifndef LLVM_CLANG_GR_STORE_H
15 #define LLVM_CLANG_GR_STORE_H
16
17 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
20 #include "llvm/ADT/DenseSet.h"
21 #include "llvm/ADT/Optional.h"
22
23 namespace clang {
24
25 class Stmt;
26 class Expr;
27 class ObjCIvarDecl;
28 class StackFrameContext;
29
30 namespace ento {
31
32 class GRState;
33 class GRStateManager;
34 class SubRegionMap;
35
36 class StoreManager {
37 protected:
38 SValBuilder &svalBuilder;
39 GRStateManager &StateMgr;
40
41 /// MRMgr - Manages region objects associated with this StoreManager.
42 MemRegionManager &MRMgr;
43 ASTContext &Ctx;
44
45 StoreManager(GRStateManager &stateMgr);
46
47 public:
~StoreManager()48 virtual ~StoreManager() {}
49
50 /// Return the value bound to specified location in a given state.
51 /// \param[in] state The analysis state.
52 /// \param[in] loc The symbolic memory location.
53 /// \param[in] T An optional type that provides a hint indicating the
54 /// expected type of the returned value. This is used if the value is
55 /// lazily computed.
56 /// \return The value bound to the location \c loc.
57 virtual SVal Retrieve(Store store, Loc loc, QualType T = QualType()) = 0;
58
59 /// Return a state with the specified value bound to the given location.
60 /// \param[in] state The analysis state.
61 /// \param[in] loc The symbolic memory location.
62 /// \param[in] val The value to bind to location \c loc.
63 /// \return A pointer to a GRState object that contains the same bindings as
64 /// \c state with the addition of having the value specified by \c val bound
65 /// to the location given for \c loc.
66 virtual StoreRef Bind(Store store, Loc loc, SVal val) = 0;
67
68 virtual StoreRef BindDefault(Store store, const MemRegion *R, SVal V);
69 virtual StoreRef Remove(Store St, Loc L) = 0;
70
71 /// BindCompoundLiteral - Return the store that has the bindings currently
72 /// in 'store' plus the bindings for the CompoundLiteral. 'R' is the region
73 /// for the compound literal and 'BegInit' and 'EndInit' represent an
74 /// array of initializer values.
75 virtual StoreRef BindCompoundLiteral(Store store,
76 const CompoundLiteralExpr* cl,
77 const LocationContext *LC, SVal v) = 0;
78
79 /// getInitialStore - Returns the initial "empty" store representing the
80 /// value bindings upon entry to an analyzed function.
81 virtual StoreRef getInitialStore(const LocationContext *InitLoc) = 0;
82
83 /// getRegionManager - Returns the internal RegionManager object that is
84 /// used to query and manipulate MemRegion objects.
getRegionManager()85 MemRegionManager& getRegionManager() { return MRMgr; }
86
87 /// getSubRegionMap - Returns an opaque map object that clients can query
88 /// to get the subregions of a given MemRegion object. It is the
89 // caller's responsibility to 'delete' the returned map.
90 virtual SubRegionMap *getSubRegionMap(Store store) = 0;
91
getLValueVar(const VarDecl * VD,const LocationContext * LC)92 virtual Loc getLValueVar(const VarDecl *VD, const LocationContext *LC) {
93 return svalBuilder.makeLoc(MRMgr.getVarRegion(VD, LC));
94 }
95
getLValueString(const StringLiteral * S)96 virtual Loc getLValueString(const StringLiteral* S) {
97 return svalBuilder.makeLoc(MRMgr.getStringRegion(S));
98 }
99
getLValueCompoundLiteral(const CompoundLiteralExpr * CL,const LocationContext * LC)100 Loc getLValueCompoundLiteral(const CompoundLiteralExpr* CL,
101 const LocationContext *LC) {
102 return loc::MemRegionVal(MRMgr.getCompoundLiteralRegion(CL, LC));
103 }
104
getLValueIvar(const ObjCIvarDecl * decl,SVal base)105 virtual SVal getLValueIvar(const ObjCIvarDecl* decl, SVal base) {
106 return getLValueFieldOrIvar(decl, base);
107 }
108
getLValueField(const FieldDecl * D,SVal Base)109 virtual SVal getLValueField(const FieldDecl* D, SVal Base) {
110 return getLValueFieldOrIvar(D, Base);
111 }
112
113 virtual SVal getLValueElement(QualType elementType, NonLoc offset, SVal Base);
114
115 // FIXME: This should soon be eliminated altogether; clients should deal with
116 // region extents directly.
getSizeInElements(const GRState * state,const MemRegion * region,QualType EleTy)117 virtual DefinedOrUnknownSVal getSizeInElements(const GRState *state,
118 const MemRegion *region,
119 QualType EleTy) {
120 return UnknownVal();
121 }
122
123 /// ArrayToPointer - Used by ExprEngine::VistCast to handle implicit
124 /// conversions between arrays and pointers.
125 virtual SVal ArrayToPointer(Loc Array) = 0;
126
127 /// Evaluates DerivedToBase casts.
evalDerivedToBase(SVal derived,QualType basePtrType)128 virtual SVal evalDerivedToBase(SVal derived, QualType basePtrType) {
129 return UnknownVal();
130 }
131
132 class CastResult {
133 const GRState *state;
134 const MemRegion *region;
135 public:
getState()136 const GRState *getState() const { return state; }
getRegion()137 const MemRegion* getRegion() const { return region; }
state(s)138 CastResult(const GRState *s, const MemRegion* r = 0) : state(s), region(r){}
139 };
140
141 const ElementRegion *GetElementZeroRegion(const MemRegion *R, QualType T);
142
143 /// castRegion - Used by ExprEngine::VisitCast to handle casts from
144 /// a MemRegion* to a specific location type. 'R' is the region being
145 /// casted and 'CastToTy' the result type of the cast.
146 const MemRegion *castRegion(const MemRegion *region, QualType CastToTy);
147
148 virtual StoreRef removeDeadBindings(Store store, const StackFrameContext *LCtx,
149 SymbolReaper& SymReaper,
150 llvm::SmallVectorImpl<const MemRegion*>& RegionRoots) = 0;
151
152 virtual StoreRef BindDecl(Store store, const VarRegion *VR, SVal initVal) = 0;
153
154 virtual StoreRef BindDeclWithNoInit(Store store, const VarRegion *VR) = 0;
155
156 /// If the StoreManager supports it, increment the reference count of
157 /// the specified Store object.
incrementReferenceCount(Store store)158 virtual void incrementReferenceCount(Store store) {}
159
160 /// If the StoreManager supports it, decrement the reference count of
161 /// the specified Store object. If the reference count hits 0, the memory
162 /// associated with the object is recycled.
decrementReferenceCount(Store store)163 virtual void decrementReferenceCount(Store store) {}
164
165 typedef llvm::DenseSet<SymbolRef> InvalidatedSymbols;
166 typedef llvm::SmallVector<const MemRegion *, 8> InvalidatedRegions;
167
168 /// invalidateRegions - Clears out the specified regions from the store,
169 /// marking their values as unknown. Depending on the store, this may also
170 /// invalidate additional regions that may have changed based on accessing
171 /// the given regions. Optionally, invalidates non-static globals as well.
172 /// \param[in] store The initial store
173 /// \param[in] Begin A pointer to the first region to invalidate.
174 /// \param[in] End A pointer just past the last region to invalidate.
175 /// \param[in] E The current statement being evaluated. Used to conjure
176 /// symbols to mark the values of invalidated regions.
177 /// \param[in] Count The current block count. Used to conjure
178 /// symbols to mark the values of invalidated regions.
179 /// \param[in,out] IS A set to fill with any symbols that are no longer
180 /// accessible. Pass \c NULL if this information will not be used.
181 /// \param[in] invalidateGlobals If \c true, any non-static global regions
182 /// are invalidated as well.
183 /// \param[in,out] Regions A vector to fill with any regions being
184 /// invalidated. This should include any regions explicitly invalidated
185 /// even if they do not currently have bindings. Pass \c NULL if this
186 /// information will not be used.
187 virtual StoreRef invalidateRegions(Store store,
188 const MemRegion * const *Begin,
189 const MemRegion * const *End,
190 const Expr *E, unsigned Count,
191 InvalidatedSymbols &IS,
192 bool invalidateGlobals,
193 InvalidatedRegions *Regions) = 0;
194
195 /// enterStackFrame - Let the StoreManager to do something when execution
196 /// engine is about to execute into a callee.
197 virtual StoreRef enterStackFrame(const GRState *state,
198 const StackFrameContext *frame);
199
200 virtual void print(Store store, llvm::raw_ostream& Out,
201 const char* nl, const char *sep) = 0;
202
203 class BindingsHandler {
204 public:
205 virtual ~BindingsHandler();
206 virtual bool HandleBinding(StoreManager& SMgr, Store store,
207 const MemRegion *region, SVal val) = 0;
208 };
209
210 /// iterBindings - Iterate over the bindings in the Store.
211 virtual void iterBindings(Store store, BindingsHandler& f) = 0;
212
213 protected:
214 const MemRegion *MakeElementRegion(const MemRegion *baseRegion,
215 QualType pointeeTy, uint64_t index = 0);
216
217 /// CastRetrievedVal - Used by subclasses of StoreManager to implement
218 /// implicit casts that arise from loads from regions that are reinterpreted
219 /// as another region.
220 SVal CastRetrievedVal(SVal val, const TypedRegion *region, QualType castTy,
221 bool performTestOnly = true);
222
223 private:
224 SVal getLValueFieldOrIvar(const Decl* decl, SVal base);
225 };
226
227
StoreRef(Store store,StoreManager & smgr)228 inline StoreRef::StoreRef(Store store, StoreManager & smgr)
229 : store(store), mgr(smgr) {
230 if (store)
231 mgr.incrementReferenceCount(store);
232 }
233
StoreRef(const StoreRef & sr)234 inline StoreRef::StoreRef(const StoreRef &sr)
235 : store(sr.store), mgr(sr.mgr)
236 {
237 if (store)
238 mgr.incrementReferenceCount(store);
239 }
240
~StoreRef()241 inline StoreRef::~StoreRef() {
242 if (store)
243 mgr.decrementReferenceCount(store);
244 }
245
246 inline StoreRef &StoreRef::operator=(StoreRef const &newStore) {
247 assert(&newStore.mgr == &mgr);
248 if (store != newStore.store) {
249 mgr.incrementReferenceCount(newStore.store);
250 mgr.decrementReferenceCount(store);
251 store = newStore.getStore();
252 }
253 return *this;
254 }
255
256 // FIXME: Do we still need this?
257 /// SubRegionMap - An abstract interface that represents a queryable map
258 /// between MemRegion objects and their subregions.
259 class SubRegionMap {
260 public:
~SubRegionMap()261 virtual ~SubRegionMap() {}
262
263 class Visitor {
264 public:
~Visitor()265 virtual ~Visitor() {}
266 virtual bool Visit(const MemRegion* Parent, const MemRegion* SubRegion) = 0;
267 };
268
269 virtual bool iterSubRegions(const MemRegion *region, Visitor& V) const = 0;
270 };
271
272 // FIXME: Do we need to pass GRStateManager anymore?
273 StoreManager *CreateBasicStoreManager(GRStateManager& StMgr);
274 StoreManager *CreateRegionStoreManager(GRStateManager& StMgr);
275 StoreManager *CreateFieldsOnlyRegionStoreManager(GRStateManager& StMgr);
276 StoreManager *CreateFlatStoreManager(GRStateManager &StMgr);
277
278 } // end GR namespace
279
280 } // end clang namespace
281
282 #endif
283