• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //===--- AnalyzerOptions.h - Analysis Engine Options ------------*- C++ -*-===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This header defines various options for the static analyzer that are set
11 // by the frontend and are consulted throughout the analyzer.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #ifndef LLVM_CLANG_ANALYZEROPTIONS_H
16 #define LLVM_CLANG_ANALYZEROPTIONS_H
17 
18 #include "clang/Basic/LLVM.h"
19 #include "llvm/ADT/IntrusiveRefCntPtr.h"
20 #include "llvm/ADT/Optional.h"
21 #include "llvm/ADT/StringMap.h"
22 #include <string>
23 #include <vector>
24 
25 namespace clang {
26 class ASTConsumer;
27 class DiagnosticsEngine;
28 class Preprocessor;
29 class LangOptions;
30 
31 /// Analysis - Set of available source code analyses.
32 enum Analyses {
33 #define ANALYSIS(NAME, CMDFLAG, DESC, SCOPE) NAME,
34 #include "clang/StaticAnalyzer/Core/Analyses.def"
35 NumAnalyses
36 };
37 
38 /// AnalysisStores - Set of available analysis store models.
39 enum AnalysisStores {
40 #define ANALYSIS_STORE(NAME, CMDFLAG, DESC, CREATFN) NAME##Model,
41 #include "clang/StaticAnalyzer/Core/Analyses.def"
42 NumStores
43 };
44 
45 /// AnalysisConstraints - Set of available constraint models.
46 enum AnalysisConstraints {
47 #define ANALYSIS_CONSTRAINTS(NAME, CMDFLAG, DESC, CREATFN) NAME##Model,
48 #include "clang/StaticAnalyzer/Core/Analyses.def"
49 NumConstraints
50 };
51 
52 /// AnalysisDiagClients - Set of available diagnostic clients for rendering
53 ///  analysis results.
54 enum AnalysisDiagClients {
55 #define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATFN, AUTOCREAT) PD_##NAME,
56 #include "clang/StaticAnalyzer/Core/Analyses.def"
57 NUM_ANALYSIS_DIAG_CLIENTS
58 };
59 
60 /// AnalysisPurgeModes - Set of available strategies for dead symbol removal.
61 enum AnalysisPurgeMode {
62 #define ANALYSIS_PURGE(NAME, CMDFLAG, DESC) NAME,
63 #include "clang/StaticAnalyzer/Core/Analyses.def"
64 NumPurgeModes
65 };
66 
67 /// AnalysisInlineFunctionSelection - Set of inlining function selection heuristics.
68 enum AnalysisInliningMode {
69 #define ANALYSIS_INLINING_MODE(NAME, CMDFLAG, DESC) NAME,
70 #include "clang/StaticAnalyzer/Core/Analyses.def"
71 NumInliningModes
72 };
73 
74 /// \brief Describes the different kinds of C++ member functions which can be
75 /// considered for inlining by the analyzer.
76 ///
77 /// These options are cumulative; enabling one kind of member function will
78 /// enable all kinds with lower enum values.
79 enum CXXInlineableMemberKind {
80   // Uninitialized = 0,
81 
82   /// A dummy mode in which no C++ inlining is enabled.
83   CIMK_None = 1,
84 
85   /// Refers to regular member function and operator calls.
86   CIMK_MemberFunctions,
87 
88   /// Refers to constructors (implicit or explicit).
89   ///
90   /// Note that a constructor will not be inlined if the corresponding
91   /// destructor is non-trivial.
92   CIMK_Constructors,
93 
94   /// Refers to destructors (implicit or explicit).
95   CIMK_Destructors
96 };
97 
98 /// \brief Describes the different modes of inter-procedural analysis.
99 enum IPAKind {
100   IPAK_NotSet = 0,
101 
102   /// Perform only intra-procedural analysis.
103   IPAK_None = 1,
104 
105   /// Inline C functions and blocks when their definitions are available.
106   IPAK_BasicInlining = 2,
107 
108   /// Inline callees(C, C++, ObjC) when their definitions are available.
109   IPAK_Inlining = 3,
110 
111   /// Enable inlining of dynamically dispatched methods.
112   IPAK_DynamicDispatch = 4,
113 
114   /// Enable inlining of dynamically dispatched methods, bifurcate paths when
115   /// exact type info is unavailable.
116   IPAK_DynamicDispatchBifurcate = 5
117 };
118 
119 class AnalyzerOptions : public RefCountedBase<AnalyzerOptions> {
120 public:
121   typedef llvm::StringMap<std::string> ConfigTable;
122 
123   /// \brief Pair of checker name and enable/disable.
124   std::vector<std::pair<std::string, bool> > CheckersControlList;
125 
126   /// \brief A key-value table of use-specified configuration values.
127   ConfigTable Config;
128   AnalysisStores AnalysisStoreOpt;
129   AnalysisConstraints AnalysisConstraintsOpt;
130   AnalysisDiagClients AnalysisDiagOpt;
131   AnalysisPurgeMode AnalysisPurgeOpt;
132 
133   std::string AnalyzeSpecificFunction;
134 
135   /// \brief The maximum number of times the analyzer visits a block.
136   unsigned maxBlockVisitOnPath;
137 
138 
139   unsigned ShowCheckerHelp : 1;
140   unsigned AnalyzeAll : 1;
141   unsigned AnalyzerDisplayProgress : 1;
142   unsigned AnalyzeNestedBlocks : 1;
143 
144   /// \brief The flag regulates if we should eagerly assume evaluations of
145   /// conditionals, thus, bifurcating the path.
146   ///
147   /// This flag indicates how the engine should handle expressions such as: 'x =
148   /// (y != 0)'.  When this flag is true then the subexpression 'y != 0' will be
149   /// eagerly assumed to be true or false, thus evaluating it to the integers 0
150   /// or 1 respectively.  The upside is that this can increase analysis
151   /// precision until we have a better way to lazily evaluate such logic.  The
152   /// downside is that it eagerly bifurcates paths.
153   unsigned eagerlyAssumeBinOpBifurcation : 1;
154 
155   unsigned TrimGraph : 1;
156   unsigned visualizeExplodedGraphWithGraphViz : 1;
157   unsigned visualizeExplodedGraphWithUbiGraph : 1;
158   unsigned UnoptimizedCFG : 1;
159   unsigned PrintStats : 1;
160 
161   /// \brief Do not re-analyze paths leading to exhausted nodes with a different
162   /// strategy. We get better code coverage when retry is enabled.
163   unsigned NoRetryExhausted : 1;
164 
165   /// \brief The inlining stack depth limit.
166   unsigned InlineMaxStackDepth;
167 
168   /// \brief The mode of function selection used during inlining.
169   AnalysisInliningMode InliningMode;
170 
171 private:
172   /// \brief Describes the kinds for high-level analyzer mode.
173   enum UserModeKind {
174     UMK_NotSet = 0,
175     /// Perform shallow but fast analyzes.
176     UMK_Shallow = 1,
177     /// Perform deep analyzes.
178     UMK_Deep = 2
179   };
180 
181   /// Controls the high-level analyzer mode, which influences the default
182   /// settings for some of the lower-level config options (such as IPAMode).
183   /// \sa getUserMode
184   UserModeKind UserMode;
185 
186   /// Controls the mode of inter-procedural analysis.
187   IPAKind IPAMode;
188 
189   /// Controls which C++ member functions will be considered for inlining.
190   CXXInlineableMemberKind CXXMemberInliningMode;
191 
192   /// \sa includeTemporaryDtorsInCFG
193   Optional<bool> IncludeTemporaryDtorsInCFG;
194 
195   /// \sa mayInlineCXXStandardLibrary
196   Optional<bool> InlineCXXStandardLibrary;
197 
198   /// \sa mayInlineTemplateFunctions
199   Optional<bool> InlineTemplateFunctions;
200 
201   /// \sa mayInlineObjCMethod
202   Optional<bool> ObjCInliningMode;
203 
204   // Cache of the "ipa-always-inline-size" setting.
205   // \sa getAlwaysInlineSize
206   Optional<unsigned> AlwaysInlineSize;
207 
208   /// \sa shouldSuppressNullReturnPaths
209   Optional<bool> SuppressNullReturnPaths;
210 
211   // \sa getMaxInlinableSize
212   Optional<unsigned> MaxInlinableSize;
213 
214   /// \sa shouldAvoidSuppressingNullArgumentPaths
215   Optional<bool> AvoidSuppressingNullArgumentPaths;
216 
217   /// \sa shouldSuppressInlinedDefensiveChecks
218   Optional<bool> SuppressInlinedDefensiveChecks;
219 
220   /// \sa getGraphTrimInterval
221   Optional<unsigned> GraphTrimInterval;
222 
223   /// \sa getMaxTimesInlineLarge
224   Optional<unsigned> MaxTimesInlineLarge;
225 
226   /// \sa getMaxNodesPerTopLevelFunction
227   Optional<unsigned> MaxNodesPerTopLevelFunction;
228 
229   /// Interprets an option's string value as a boolean.
230   ///
231   /// Accepts the strings "true" and "false".
232   /// If an option value is not provided, returns the given \p DefaultVal.
233   bool getBooleanOption(StringRef Name, bool DefaultVal);
234 
235   /// Variant that accepts a Optional value to cache the result.
236   bool getBooleanOption(Optional<bool> &V, StringRef Name, bool DefaultVal);
237 
238   /// Interprets an option's string value as an integer value.
239   int getOptionAsInteger(StringRef Name, int DefaultVal);
240 
241 public:
242   /// \brief Retrieves and sets the UserMode. This is a high-level option,
243   /// which is used to set other low-level options. It is not accessible
244   /// outside of AnalyzerOptions.
245   UserModeKind getUserMode();
246 
247   /// \brief Returns the inter-procedural analysis mode.
248   IPAKind getIPAMode();
249 
250   /// Returns the option controlling which C++ member functions will be
251   /// considered for inlining.
252   ///
253   /// This is controlled by the 'c++-inlining' config option.
254   ///
255   /// \sa CXXMemberInliningMode
256   bool mayInlineCXXMemberFunction(CXXInlineableMemberKind K);
257 
258   /// Returns true if ObjectiveC inlining is enabled, false otherwise.
259   bool mayInlineObjCMethod();
260 
261   /// Returns whether or not the destructors for C++ temporary objects should
262   /// be included in the CFG.
263   ///
264   /// This is controlled by the 'cfg-temporary-dtors' config option, which
265   /// accepts the values "true" and "false".
266   bool includeTemporaryDtorsInCFG();
267 
268   /// Returns whether or not C++ standard library functions may be considered
269   /// for inlining.
270   ///
271   /// This is controlled by the 'c++-stdlib-inlining' config option, which
272   /// accepts the values "true" and "false".
273   bool mayInlineCXXStandardLibrary();
274 
275   /// Returns whether or not templated functions may be considered for inlining.
276   ///
277   /// This is controlled by the 'c++-template-inlining' config option, which
278   /// accepts the values "true" and "false".
279   bool mayInlineTemplateFunctions();
280 
281   /// Returns whether or not paths that go through null returns should be
282   /// suppressed.
283   ///
284   /// This is a heuristic for avoiding bug reports with paths that go through
285   /// inlined functions that are more defensive than their callers.
286   ///
287   /// This is controlled by the 'suppress-null-return-paths' config option,
288   /// which accepts the values "true" and "false".
289   bool shouldSuppressNullReturnPaths();
290 
291   /// Returns whether a bug report should \em not be suppressed if its path
292   /// includes a call with a null argument, even if that call has a null return.
293   ///
294   /// This option has no effect when #shouldSuppressNullReturnPaths() is false.
295   ///
296   /// This is a counter-heuristic to avoid false negatives.
297   ///
298   /// This is controlled by the 'avoid-suppressing-null-argument-paths' config
299   /// option, which accepts the values "true" and "false".
300   bool shouldAvoidSuppressingNullArgumentPaths();
301 
302   /// Returns whether or not diagnostics containing inlined defensive NULL
303   /// checks should be suppressed.
304   ///
305   /// This is controlled by the 'suppress-inlined-defensive-checks' config
306   /// option, which accepts the values "true" and "false".
307   bool shouldSuppressInlinedDefensiveChecks();
308 
309   /// Returns whether irrelevant parts of a bug report path should be pruned
310   /// out of the final output.
311   ///
312   /// This is controlled by the 'prune-paths' config option, which accepts the
313   /// values "true" and "false".
314   bool shouldPrunePaths();
315 
316   // Returns the size of the functions (in basic blocks), which should be
317   // considered to be small enough to always inline.
318   //
319   // This is controlled by "ipa-always-inline-size" analyzer-config option.
320   unsigned getAlwaysInlineSize();
321 
322   // Returns the bound on the number of basic blocks in an inlined function
323   // (50 by default).
324   //
325   // This is controlled by "-analyzer-config max-inlinable-size" option.
326   unsigned getMaxInlinableSize();
327 
328   /// Returns true if the analyzer engine should synthesize fake bodies
329   /// for well-known functions.
330   bool shouldSynthesizeBodies();
331 
332   /// Returns how often nodes in the ExplodedGraph should be recycled to save
333   /// memory.
334   ///
335   /// This is controlled by the 'graph-trim-interval' config option. To disable
336   /// node reclamation, set the option to "0".
337   unsigned getGraphTrimInterval();
338 
339   /// Returns the maximum times a large function could be inlined.
340   ///
341   /// This is controlled by the 'max-times-inline-large' config option.
342   unsigned getMaxTimesInlineLarge();
343 
344   /// Returns the maximum number of nodes the analyzer can generate while
345   /// exploring a top level function (for each exploded graph).
346   /// 150000 is default; 0 means no limit.
347   ///
348   /// This is controlled by the 'max-nodes' config option.
349   unsigned getMaxNodesPerTopLevelFunction();
350 
351 public:
AnalyzerOptions()352   AnalyzerOptions() :
353     AnalysisStoreOpt(RegionStoreModel),
354     AnalysisConstraintsOpt(RangeConstraintsModel),
355     AnalysisDiagOpt(PD_HTML),
356     AnalysisPurgeOpt(PurgeStmt),
357     ShowCheckerHelp(0),
358     AnalyzeAll(0),
359     AnalyzerDisplayProgress(0),
360     AnalyzeNestedBlocks(0),
361     eagerlyAssumeBinOpBifurcation(0),
362     TrimGraph(0),
363     visualizeExplodedGraphWithGraphViz(0),
364     visualizeExplodedGraphWithUbiGraph(0),
365     UnoptimizedCFG(0),
366     PrintStats(0),
367     NoRetryExhausted(0),
368     // Cap the stack depth at 4 calls (5 stack frames, base + 4 calls).
369     InlineMaxStackDepth(5),
370     InliningMode(NoRedundancy),
371     UserMode(UMK_NotSet),
372     IPAMode(IPAK_NotSet),
373     CXXMemberInliningMode() {}
374 
375 };
376 
377 typedef IntrusiveRefCntPtr<AnalyzerOptions> AnalyzerOptionsRef;
378 
379 }
380 
381 #endif
382