1 //== Store.h - Interface for maps from Locations to Values ------*- C++ -*--==// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defined the types Store and StoreManager. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #ifndef LLVM_CLANG_GR_STORE_H 15 #define LLVM_CLANG_GR_STORE_H 16 17 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h" 18 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h" 19 #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 20 #include "llvm/ADT/DenseSet.h" 21 #include "llvm/ADT/Optional.h" 22 23 namespace clang { 24 25 class Stmt; 26 class Expr; 27 class ObjCIvarDecl; 28 class StackFrameContext; 29 30 namespace ento { 31 32 class CallOrObjCMessage; 33 class ProgramState; 34 class ProgramStateManager; 35 class SubRegionMap; 36 37 class StoreManager { 38 protected: 39 SValBuilder &svalBuilder; 40 ProgramStateManager &StateMgr; 41 42 /// MRMgr - Manages region objects associated with this StoreManager. 43 MemRegionManager &MRMgr; 44 ASTContext &Ctx; 45 46 StoreManager(ProgramStateManager &stateMgr); 47 48 public: 49 virtual ~StoreManager() {} 50 51 /// Return the value bound to specified location in a given state. 52 /// \param[in] state The analysis state. 53 /// \param[in] loc The symbolic memory location. 54 /// \param[in] T An optional type that provides a hint indicating the 55 /// expected type of the returned value. This is used if the value is 56 /// lazily computed. 57 /// \return The value bound to the location \c loc. 58 virtual SVal getBinding(Store store, Loc loc, QualType T = QualType()) = 0; 59 60 /// Return a state with the specified value bound to the given location. 61 /// \param[in] state The analysis state. 62 /// \param[in] loc The symbolic memory location. 63 /// \param[in] val The value to bind to location \c loc. 64 /// \return A pointer to a ProgramState object that contains the same bindings as 65 /// \c state with the addition of having the value specified by \c val bound 66 /// to the location given for \c loc. 67 virtual StoreRef Bind(Store store, Loc loc, SVal val) = 0; 68 69 virtual StoreRef BindDefault(Store store, const MemRegion *R, SVal V); 70 virtual StoreRef Remove(Store St, Loc L) = 0; 71 72 /// BindCompoundLiteral - Return the store that has the bindings currently 73 /// in 'store' plus the bindings for the CompoundLiteral. 'R' is the region 74 /// for the compound literal and 'BegInit' and 'EndInit' represent an 75 /// array of initializer values. 76 virtual StoreRef BindCompoundLiteral(Store store, 77 const CompoundLiteralExpr *cl, 78 const LocationContext *LC, SVal v) = 0; 79 80 /// getInitialStore - Returns the initial "empty" store representing the 81 /// value bindings upon entry to an analyzed function. 82 virtual StoreRef getInitialStore(const LocationContext *InitLoc) = 0; 83 84 /// getRegionManager - Returns the internal RegionManager object that is 85 /// used to query and manipulate MemRegion objects. 86 MemRegionManager& getRegionManager() { return MRMgr; } 87 88 /// getSubRegionMap - Returns an opaque map object that clients can query 89 /// to get the subregions of a given MemRegion object. It is the 90 // caller's responsibility to 'delete' the returned map. 91 virtual SubRegionMap *getSubRegionMap(Store store) = 0; 92 93 virtual Loc getLValueVar(const VarDecl *VD, const LocationContext *LC) { 94 return svalBuilder.makeLoc(MRMgr.getVarRegion(VD, LC)); 95 } 96 97 Loc getLValueCompoundLiteral(const CompoundLiteralExpr *CL, 98 const LocationContext *LC) { 99 return loc::MemRegionVal(MRMgr.getCompoundLiteralRegion(CL, LC)); 100 } 101 102 virtual SVal getLValueIvar(const ObjCIvarDecl *decl, SVal base); 103 104 virtual SVal getLValueField(const FieldDecl *D, SVal Base) { 105 return getLValueFieldOrIvar(D, Base); 106 } 107 108 virtual SVal getLValueElement(QualType elementType, NonLoc offset, SVal Base); 109 110 // FIXME: This should soon be eliminated altogether; clients should deal with 111 // region extents directly. 112 virtual DefinedOrUnknownSVal getSizeInElements(ProgramStateRef state, 113 const MemRegion *region, 114 QualType EleTy) { 115 return UnknownVal(); 116 } 117 118 /// ArrayToPointer - Used by ExprEngine::VistCast to handle implicit 119 /// conversions between arrays and pointers. 120 virtual SVal ArrayToPointer(Loc Array) = 0; 121 122 /// Evaluates DerivedToBase casts. 123 virtual SVal evalDerivedToBase(SVal derived, QualType basePtrType) = 0; 124 125 /// \brief Evaluates C++ dynamic_cast cast. 126 /// The callback may result in the following 3 scenarios: 127 /// - Successful cast (ex: derived is subclass of base). 128 /// - Failed cast (ex: derived is definitely not a subclass of base). 129 /// - We don't know (base is a symbolic region and we don't have 130 /// enough info to determine if the cast will succeed at run time). 131 /// The function returns an SVal representing the derived class; it's 132 /// valid only if Failed flag is set to false. 133 virtual SVal evalDynamicCast(SVal base, QualType derivedPtrType, 134 bool &Failed) = 0; 135 136 class CastResult { 137 ProgramStateRef state; 138 const MemRegion *region; 139 public: 140 ProgramStateRef getState() const { return state; } 141 const MemRegion* getRegion() const { return region; } 142 CastResult(ProgramStateRef s, const MemRegion* r = 0) : state(s), region(r){} 143 }; 144 145 const ElementRegion *GetElementZeroRegion(const MemRegion *R, QualType T); 146 147 /// castRegion - Used by ExprEngine::VisitCast to handle casts from 148 /// a MemRegion* to a specific location type. 'R' is the region being 149 /// casted and 'CastToTy' the result type of the cast. 150 const MemRegion *castRegion(const MemRegion *region, QualType CastToTy); 151 152 virtual StoreRef removeDeadBindings(Store store, const StackFrameContext *LCtx, 153 SymbolReaper& SymReaper) = 0; 154 155 virtual StoreRef BindDecl(Store store, const VarRegion *VR, SVal initVal) = 0; 156 157 virtual StoreRef BindDeclWithNoInit(Store store, const VarRegion *VR) = 0; 158 159 virtual bool includedInBindings(Store store, 160 const MemRegion *region) const = 0; 161 162 /// If the StoreManager supports it, increment the reference count of 163 /// the specified Store object. 164 virtual void incrementReferenceCount(Store store) {} 165 166 /// If the StoreManager supports it, decrement the reference count of 167 /// the specified Store object. If the reference count hits 0, the memory 168 /// associated with the object is recycled. 169 virtual void decrementReferenceCount(Store store) {} 170 171 typedef llvm::DenseSet<SymbolRef> InvalidatedSymbols; 172 typedef SmallVector<const MemRegion *, 8> InvalidatedRegions; 173 174 /// invalidateRegions - Clears out the specified regions from the store, 175 /// marking their values as unknown. Depending on the store, this may also 176 /// invalidate additional regions that may have changed based on accessing 177 /// the given regions. Optionally, invalidates non-static globals as well. 178 /// \param[in] store The initial store 179 /// \param[in] Begin A pointer to the first region to invalidate. 180 /// \param[in] End A pointer just past the last region to invalidate. 181 /// \param[in] E The current statement being evaluated. Used to conjure 182 /// symbols to mark the values of invalidated regions. 183 /// \param[in] Count The current block count. Used to conjure 184 /// symbols to mark the values of invalidated regions. 185 /// \param[in,out] IS A set to fill with any symbols that are no longer 186 /// accessible. Pass \c NULL if this information will not be used. 187 /// \param[in] Call The call expression which will be used to determine which 188 /// globals should get invalidated. 189 /// \param[in,out] Regions A vector to fill with any regions being 190 /// invalidated. This should include any regions explicitly invalidated 191 /// even if they do not currently have bindings. Pass \c NULL if this 192 /// information will not be used. 193 virtual StoreRef invalidateRegions(Store store, 194 ArrayRef<const MemRegion *> Regions, 195 const Expr *E, unsigned Count, 196 const LocationContext *LCtx, 197 InvalidatedSymbols &IS, 198 const CallOrObjCMessage *Call, 199 InvalidatedRegions *Invalidated) = 0; 200 201 /// enterStackFrame - Let the StoreManager to do something when execution 202 /// engine is about to execute into a callee. 203 virtual StoreRef enterStackFrame(ProgramStateRef state, 204 const LocationContext *callerCtx, 205 const StackFrameContext *calleeCtx); 206 207 virtual void print(Store store, raw_ostream &Out, 208 const char* nl, const char *sep) = 0; 209 210 class BindingsHandler { 211 public: 212 virtual ~BindingsHandler(); 213 virtual bool HandleBinding(StoreManager& SMgr, Store store, 214 const MemRegion *region, SVal val) = 0; 215 }; 216 217 class FindUniqueBinding : 218 public BindingsHandler { 219 SymbolRef Sym; 220 const MemRegion* Binding; 221 bool First; 222 223 public: 224 FindUniqueBinding(SymbolRef sym) : Sym(sym), Binding(0), First(true) {} 225 226 bool HandleBinding(StoreManager& SMgr, Store store, const MemRegion* R, 227 SVal val); 228 operator bool() { return First && Binding; } 229 const MemRegion *getRegion() { return Binding; } 230 }; 231 232 /// iterBindings - Iterate over the bindings in the Store. 233 virtual void iterBindings(Store store, BindingsHandler& f) = 0; 234 235 protected: 236 const MemRegion *MakeElementRegion(const MemRegion *baseRegion, 237 QualType pointeeTy, uint64_t index = 0); 238 239 /// CastRetrievedVal - Used by subclasses of StoreManager to implement 240 /// implicit casts that arise from loads from regions that are reinterpreted 241 /// as another region. 242 SVal CastRetrievedVal(SVal val, const TypedValueRegion *region, 243 QualType castTy, bool performTestOnly = true); 244 245 private: 246 SVal getLValueFieldOrIvar(const Decl *decl, SVal base); 247 }; 248 249 250 inline StoreRef::StoreRef(Store store, StoreManager & smgr) 251 : store(store), mgr(smgr) { 252 if (store) 253 mgr.incrementReferenceCount(store); 254 } 255 256 inline StoreRef::StoreRef(const StoreRef &sr) 257 : store(sr.store), mgr(sr.mgr) 258 { 259 if (store) 260 mgr.incrementReferenceCount(store); 261 } 262 263 inline StoreRef::~StoreRef() { 264 if (store) 265 mgr.decrementReferenceCount(store); 266 } 267 268 inline StoreRef &StoreRef::operator=(StoreRef const &newStore) { 269 assert(&newStore.mgr == &mgr); 270 if (store != newStore.store) { 271 mgr.incrementReferenceCount(newStore.store); 272 mgr.decrementReferenceCount(store); 273 store = newStore.getStore(); 274 } 275 return *this; 276 } 277 278 // FIXME: Do we still need this? 279 /// SubRegionMap - An abstract interface that represents a queryable map 280 /// between MemRegion objects and their subregions. 281 class SubRegionMap { 282 virtual void anchor(); 283 public: 284 virtual ~SubRegionMap() {} 285 286 class Visitor { 287 virtual void anchor(); 288 public: 289 virtual ~Visitor() {} 290 virtual bool Visit(const MemRegion* Parent, const MemRegion* SubRegion) = 0; 291 }; 292 293 virtual bool iterSubRegions(const MemRegion *region, Visitor& V) const = 0; 294 }; 295 296 // FIXME: Do we need to pass ProgramStateManager anymore? 297 StoreManager *CreateRegionStoreManager(ProgramStateManager& StMgr); 298 StoreManager *CreateFieldsOnlyRegionStoreManager(ProgramStateManager& StMgr); 299 300 } // end GR namespace 301 302 } // end clang namespace 303 304 #endif 305
