Lines Matching full:state
43 void checkLiveSymbols(const GRState *state, SymbolReaper &SR) const;
45 bool wantsRegionChangeUpdate(const GRState *state) const;
47 const GRState *checkRegionChanges(const GRState *state,
60 const GRState *state,
91 const GRState *state, SVal V, QualType Ty);
93 static const GRState *setCStringLength(const GRState *state,
96 const GRState *&state,
99 SVal getCStringLength(CheckerContext &C, const GRState *&state,
104 const GRState *&state,
109 const GRState *state,
116 const GRState *checkNonNull(CheckerContext &C, const GRState *state,
118 const GRState *CheckLocation(CheckerContext &C, const GRState *state,
121 const GRState *CheckBufferAccess(CheckerContext &C, const GRState *state,
128 const GRState *CheckBufferAccess(CheckerContext &C, const GRState *state,
133 return CheckBufferAccess(C, state, Size, Buf, NULL, message, NULL,
136 const GRState *CheckOverlap(CheckerContext &C, const GRState *state,
139 void emitOverlapBug(CheckerContext &C, const GRState *state,
141 const GRState *checkAdditionOverflow(CheckerContext &C, const GRState *state,
166 CStringChecker::assumeZero(CheckerContext &C, const GRState *state, SVal V,
170 return std::pair<const GRState*, const GRState *>(state, state);
174 return state->assume(svalBuilder.evalEQ(state, *val, zero));
178 const GRState *state,
181 if (!state)
185 llvm::tie(stateNull, stateNonNull) = assumeZero(C, state, l, S->getType());
218 const GRState *state,
222 if (!state)
228 return state;
232 return state;
247 const GRState *StInBound = state->assumeInBound(Idx, Size, true);
248 const GRState *StOutBound = state->assumeInBound(Idx, Size, false);
291 const GRState *state,
299 if (!state)
309 SVal BufVal = state->getSVal(FirstBuf);
310 state = checkNonNull(C, state, FirstBuf, BufVal);
311 if (!state)
317 SVal LengthVal = state->getSVal(Size);
320 return state;
324 NonLoc LastOffset = cast<NonLoc>(svalBuilder.evalBinOpNN(state, BO_Sub,
332 SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
334 state = CheckLocation(C, state, warningExpr, BufEnd, firstMessage);
337 if (!state)
343 BufVal = state->getSVal(SecondBuf);
344 state = checkNonNull(C, state, SecondBuf, BufVal);
345 if (!state)
352 SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
354 state = CheckLocation(C, state, warningExpr, BufEnd, secondMessage);
358 // Large enough or not, return this state!
359 return state;
363 const GRState *state,
372 if (!state)
378 SVal firstVal = state->getSVal(First);
379 SVal secondVal = state->getSVal(Second);
383 return state;
387 return state;
392 state->assume(svalBuilder.evalEQ(state, *firstLoc, *secondLoc));
402 state = stateFalse;
406 state, BO_GT,
410 return state;
412 llvm::tie(stateTrue, stateFalse) = state->assume(*reverseTest);
416 return state;
431 SVal LengthVal = state->getSVal(Size);
434 return state;
444 return state;
447 SVal FirstEnd = svalBuilder.evalBinOpLN(state, BO_Add,
451 return state;
454 SVal Overlap = svalBuilder.evalBinOpLL(state, BO_GT,
458 return state;
460 llvm::tie(stateTrue, stateFalse) = state->assume(*OverlapTest);
473 void CStringChecker::emitOverlapBug(CheckerContext &C, const GRState *state,
475 ExplodedNode *N = C.generateSink(state);
493 const GRState *state,
497 if (!state)
507 SVal maxMinusRight = svalBuilder.evalBinOpNN(state, BO_Sub, maxVal, right,
513 maxMinusRight = svalBuilder.evalBinOpNN(state, BO_Sub, maxVal, left,
521 SVal willOverflow = svalBuilder.evalBinOpNN(state, BO_GT, left,
526 state->assume(cast<DefinedOrUnknownSVal>(willOverflow));
554 state = stateOkay;
557 return state;
560 const GRState *CStringChecker::setCStringLength(const GRState *state,
571 return state;
584 return state;
591 return state;
595 return state->remove<CStringLength>(MR);
597 return state->set<CStringLength>(MR, strLength);
601 const GRState *&state,
607 const SVal *Recorded = state->get<CStringLength>(MR);
612 // Otherwise, get a new symbol and update the state.
620 state = state->set<CStringLength>(MR, strLength);
625 SVal CStringChecker::getCStringLength(CheckerContext &C, const GRState *&state,
634 if (ExplodedNode *N = C.generateNode(state)) {
679 return getCStringLengthForRegion(C, state, Ex, MR, hypothetical);
691 if (ExplodedNode *N = C.generateNode(state)) {
720 const GRState *&state, const Expr *expr, SVal val) const {
740 const GRState *state,
744 return state;
761 return state->invalidateRegion(R, E, Count, NULL);
767 return state->unbindLoc(*L);
815 const GRState *state,
822 SVal sizeVal = state->getSVal(Size);
827 assumeZero(C, state, sizeVal, sizeTy);
830 SVal destVal = state->getSVal(Dest);
841 state = stateNonZeroSize;
845 state = checkNonNull(C, state, Dest, destVal);
846 if (!state)
850 SVal srcVal = state->getSVal(Source);
854 state = checkNonNull(C, state, Source, srcVal);
855 if (!state)
861 state = CheckBufferAccess(C, state, Size, Dest, Source,
864 state = CheckOverlap(C, state, Size, Dest, Source);
866 if (!state)
880 SVal lastElement = C.getSValBuilder().evalBinOpLN(state, BO_Add,
886 state = state->BindExpr(CE, lastElement);
893 state = state->BindExpr(CE, result);
899 state = state->BindExpr(CE, destVal);
907 state = InvalidateBuffer(C, state, Dest, state->getSVal(Dest));
908 C.addTransition(state);
917 const GRState *state = C.getState();
919 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1), true);
926 const GRState *state = C.getState();
928 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1), true, true);
935 const GRState *state = C.getState();
937 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1));
954 const GRState *state = C.getState();
958 SVal sizeVal = state->getSVal(Size);
963 assumeZero(C, state, sizeVal, sizeTy);
968 state = stateZeroSize;
969 state = state->BindExpr(CE, svalBuilder.makeZeroVal(CE->getType()));
970 C.addTransition(state);
975 state = stateNonZeroSize;
979 DefinedOrUnknownSVal LV = cast<DefinedOrUnknownSVal>(state->getSVal(Left));
980 DefinedOrUnknownSVal RV = cast<DefinedOrUnknownSVal>(state->getSVal(Right));
983 DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
985 llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
990 state = StSameBuf;
991 state = CheckBufferAccess(C, state, Size, Left);
992 if (state) {
993 state = StSameBuf->BindExpr(CE, svalBuilder.makeZeroVal(CE->getType()));
994 C.addTransition(state);
1001 state = StNotSameBuf;
1002 state = CheckBufferAccess(C, state, Size, Left, Right);
1003 if (state) {
1007 state = state->BindExpr(CE, CmpV);
1008 C.addTransition(state);
1029 const GRState *state = C.getState();
1033 SVal maxlenVal = state->getSVal(maxlenExpr);
1037 assumeZero(C, state, maxlenVal, maxlenExpr->getType());
1052 state = stateNonZeroSize;
1057 SVal ArgVal = state->getSVal(Arg);
1059 state = checkNonNull(C, state, Arg, ArgVal);
1061 if (!state)
1064 SVal strLength = getCStringLength(C, state, Arg, ArgVal);
1066 // If the argument isn't a valid C string, there's no valid state to
1081 SVal maxlenVal = state->getSVal(maxlenExpr);
1091 state->assume(cast<DefinedOrUnknownSVal>
1092 (C.getSValBuilder().evalBinOpNN(state, BO_GT,
1116 state = state->assume(cast<DefinedOrUnknownSVal>
1117 (C.getSValBuilder().evalBinOpNN(state, BO_LE,
1124 state = state->assume(cast<DefinedOrUnknownSVal>
1125 (C.getSValBuilder().evalBinOpNN(state, BO_LE,
1146 state = state->BindExpr(CE, result);
1147 C.addTransition(state);
1194 const GRState *state = C.getState();
1198 SVal DstVal = state->getSVal(Dst);
1200 state = checkNonNull(C, state, Dst, DstVal);
1201 if (!state)
1206 SVal srcVal = state->getSVal(srcExpr);
1207 state = checkNonNull(C, state, srcExpr, srcVal);
1208 if (!state)
1212 SVal strLength = getCStringLength(C, state, srcExpr, srcVal);
1233 SVal lenVal = state->getSVal(lenExpr);
1250 state->assume(cast<DefinedOrUnknownSVal>
1251 (svalBuilder.evalBinOpNN(state, BO_GE, *strLengthNL,
1257 state = stateSourceTooLong;
1262 state = stateSourceNotTooLong;
1275 SVal dstStrLength = getCStringLength(C, state, Dst, DstVal);
1280 maxLastElementIndex = svalBuilder.evalBinOpNN(state, BO_Add,
1293 maxLastElementIndex = svalBuilder.evalBinOpNN(state, BO_Sub, *lenValNL,
1307 amountCopied = getCStringLength(C, state, lenExpr, srcVal, true);
1313 SVal copiedLessThanBound = svalBuilder.evalBinOpNN(state, BO_LE,
1317 state = state->assume(cast<DefinedOrUnknownSVal>(copiedLessThanBound),
1319 if (!state)
1325 SVal copiedLessThanSrc = svalBuilder.evalBinOpNN(state, BO_LE,
1329 state = state->assume(cast<DefinedOrUnknownSVal>(copiedLessThanSrc),
1331 if (!state)
1343 assert(state);
1356 SVal dstStrLength = getCStringLength(C, state, Dst, DstVal);
1366 state = checkAdditionOverflow(C, state, *srcStrLengthNL, *dstStrLengthNL);
1367 if (!state)
1370 finalStrLength = svalBuilder.evalBinOpNN(state, BO_Add, *srcStrLengthNL,
1379 finalStrLength = getCStringLength(C, state, CE, DstVal, true);
1385 SVal sourceInResult = svalBuilder.evalBinOpNN(state, BO_GE,
1389 state = state->assume(cast<DefinedOrUnknownSVal>(sourceInResult),
1391 if (!state)
1397 SVal destInResult = svalBuilder.evalBinOpNN(state, BO_GE,
1401 state = state->assume(cast<DefinedOrUnknownSVal>(destInResult),
1403 if (!state)
1419 assert(state);
1430 SVal maxLastElement = svalBuilder.evalBinOpLN(state, BO_Add, *dstRegVal,
1432 state = CheckLocation(C, state, CE->getArg(2), maxLastElement,
1434 if (!state)
1441 SVal lastElement = svalBuilder.evalBinOpLN(state, BO_Add, *dstRegVal,
1448 state = CheckLocation(C, state, Dst, lastElement, warningMsg);
1449 if (!state)
1464 state = InvalidateBuffer(C, state, Dst, *dstRegVal);
1475 state = setCStringLength(state, dstRegVal->getRegion(), finalStrLength);
1478 assert(state);
1488 state = state->BindExpr(CE, Result);
1489 C.addTransition(state);
1517 const GRState *state = C.getState();
1521 SVal s1Val = state->getSVal(s1);
1522 state = checkNonNull(C, state, s1, s1Val);
1523 if (!state)
1528 SVal s2Val = state->getSVal(s2);
1529 state = checkNonNull(C, state, s2, s2Val);
1530 if (!state)
1534 SVal s1Length = getCStringLength(C, state, s1, s1Val);
1539 SVal s2Length = getCStringLength(C, state, s2, s2Val);
1551 DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
1553 llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
1567 state = StNotSameBuf;
1573 const StringLiteral *s1StrLiteral = getCStringLiteral(C, state, s1, s1Val);
1574 const StringLiteral *s2StrLiteral = getCStringLiteral(C, state, s2, s2Val);
1584 SVal lenVal = state->getSVal(lenExpr);
1587 if (const llvm::APSInt *len = svalBuilder.getKnownValue(state, lenVal)) {
1621 state = state->BindExpr(CE, resultVal);
1629 state = state->BindExpr(CE, resultVal);
1633 C.addTransition(state);
1643 const GRState *state = C.getState();
1645 const FunctionDecl *FD = state->getSVal(Callee).getAsFunctionDecl();
1692 const GRState *state = C.getState();
1710 Loc VarLoc = state->getLValue(D, C.getPredecessor()->getLocationContext());
1715 SVal StrVal = state->getSVal(Init);
1718 = cast<DefinedOrUnknownSVal>(getCStringLength(C, state, Init, StrVal));
1720 state = state->set<CStringLength>(MR, strLength);
1723 C.addTransition(state);
1726 bool CStringChecker::wantsRegionChangeUpdate(const GRState *state) const {
1727 CStringLength::EntryMap Entries = state->get<CStringLength>();
1732 CStringChecker::checkRegionChanges(const GRState *state,
1736 CStringLength::EntryMap Entries = state->get<CStringLength>();
1738 return state;
1755 CStringLength::EntryMap::Factory &F = state->get_context<CStringLength>();
1757 // Then loop over the entries in the current state.
1779 return state->set<CStringLength>(Entries);
1782 void CStringChecker::checkLiveSymbols(const GRState *state,
1785 CStringLength::EntryMap Entries = state->get<CStringLength>();
1802 const GRState *state = C.getState();
1803 CStringLength::EntryMap Entries = state->get<CStringLength>();
1807 CStringLength::EntryMap::Factory &F = state->get_context<CStringLength>();
1817 state = state->set<CStringLength>(Entries);
1818 C.generateNode(state);
