Lines Matching full:state
60 void checkLiveSymbols(ProgramStateRef state, SymbolReaper &SR) const;
62 bool wantsRegionChangeUpdate(ProgramStateRef state) const;
65 checkRegionChanges(ProgramStateRef state,
79 ProgramStateRef state,
118 ProgramStateRef state, SVal V, QualType Ty);
120 static ProgramStateRef setCStringLength(ProgramStateRef state,
124 ProgramStateRef &state,
129 ProgramStateRef &state,
135 ProgramStateRef &state,
140 ProgramStateRef state,
148 ProgramStateRef state,
152 ProgramStateRef state,
157 ProgramStateRef state,
166 ProgramStateRef state,
172 return CheckBufferAccess(C, state, Size, Buf, NULL, message, NULL,
176 ProgramStateRef state,
181 ProgramStateRef state,
186 ProgramStateRef state,
212 CStringChecker::assumeZero(CheckerContext &C, ProgramStateRef state, SVal V,
216 return std::pair<ProgramStateRef , ProgramStateRef >(state, state);
220 return state->assume(svalBuilder.evalEQ(state, *val, zero));
224 ProgramStateRef state,
227 if (!state)
231 llvm::tie(stateNull, stateNonNull) = assumeZero(C, state, l, S->getType());
267 ProgramStateRef state,
271 if (!state)
277 return state;
281 return state;
296 ProgramStateRef StInBound = state->assumeInBound(Idx, Size, true);
297 ProgramStateRef StOutBound = state->assumeInBound(Idx, Size, false);
340 ProgramStateRef state,
348 if (!state)
359 SVal BufVal = state->getSVal(FirstBuf, LCtx);
360 state = checkNonNull(C, state, FirstBuf, BufVal);
361 if (!state)
366 return state;
371 SVal LengthVal = state->getSVal(Size, LCtx);
374 return state;
378 NonLoc LastOffset = cast<NonLoc>(svalBuilder.evalBinOpNN(state, BO_Sub,
386 SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
388 state = CheckLocation(C, state, warningExpr, BufEnd, firstMessage);
391 if (!state)
397 BufVal = state->getSVal(SecondBuf, LCtx);
398 state = checkNonNull(C, state, SecondBuf, BufVal);
399 if (!state)
406 SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
408 state = CheckLocation(C, state
412 // Large enough or not, return this state!
413 return state;
417 ProgramStateRef state,
422 return state;
429 if (!state)
436 SVal firstVal = state->getSVal(First, LCtx);
437 SVal secondVal = state->getSVal(Second, LCtx);
441 return state;
445 return state;
450 state->assume(svalBuilder.evalEQ(state, *firstLoc, *secondLoc));
460 state = stateFalse;
464 SVal reverse = svalBuilder.evalBinOpLL(state, BO_GT,
468 return state;
470 llvm::tie(stateTrue, stateFalse) = state->assume(*reverseTest);
474 return state;
489 SVal LengthVal = state->getSVal(Size, LCtx);
492 return state;
502 return state;
505 SVal FirstEnd = svalBuilder.evalBinOpLN(state, BO_Add,
509 return state;
512 SVal Overlap = svalBuilder.evalBinOpLL(state, BO_GT,
516 return state;
518 llvm::tie(stateTrue, stateFalse) = state->assume(*OverlapTest);
531 void CStringChecker::emitOverlapBug(CheckerContext &C, ProgramStateRef state,
533 ExplodedNode *N = C.generateSink(state);
551 ProgramStateRef state,
556 return state;
559 if (!state)
571 maxMinusRight = svalBuilder.evalBinOpNN(state, BO_Sub, maxVal, right,
576 maxMinusRight = svalBuilder.evalBinOpNN(state, BO_Sub, maxVal, left,
584 SVal willOverflow = svalBuilder.evalBinOpNN(state, BO_GT, left,
589 state->assume(cast<DefinedOrUnknownSVal>(willOverflow));
617 state = stateOkay;
620 return state;
623 ProgramStateRef CStringChecker::setCStringLength(ProgramStateRef state,
634 return state;
647 return state;
654 return state;
658 return state->remove<CStringLength>(MR);
660 return state->set<CStringLength>(MR, strLength);
664 ProgramStateRef &state,
670 const SVal *Recorded = state->get<CStringLength>(MR);
675 // Otherwise, get a new symbol and update the state.
683 state = state->set<CStringLength>(MR, strLength);
688 SVal CStringChecker::getCStringLength(CheckerContext &C, ProgramStateRef &state,
700 if (ExplodedNode *N = C.addTransition(state)) {
745 return getCStringLengthForRegion(C, state, Ex, MR, hypothetical);
760 if (ExplodedNode *N = C.addTransition(state)) {
789 ProgramStateRef &state, const Expr *expr, SVal val) const {
809 ProgramStateRef state,
813 return state;
830 return state->invalidateRegions(R, E, C.blockCount(), LCtx);
836 return state->killBinding(*L);
882 ProgramStateRef state,
890 SVal sizeVal = state->getSVal(Size, LCtx);
895 assumeZero(C, state, sizeVal, sizeTy);
898 SVal destVal = state->getSVal(Dest, LCtx);
910 state = stateNonZeroSize;
914 state = checkNonNull(C, state, Dest, destVal);
915 if (!state)
919 SVal srcVal = state->getSVal(Source, LCtx);
923 state = checkNonNull(C, state, Source, srcVal);
924 if (!state)
930 state = CheckBufferAccess(C, state, Size, Dest, Source,
933 state = CheckOverlap(C, state, Size, Dest, Source);
935 if (!state)
949 SVal lastElement = C.getSValBuilder().evalBinOpLN(state, BO_Add,
955 state = state->BindExpr(CE, LCtx, lastElement);
961 state = state->BindExpr(CE, LCtx, result);
967 state = state->BindExpr(CE, LCtx, destVal);
975 state = InvalidateBuffer(C, state, Dest,
976 state->getSVal(Dest, C.getLocationContext()));
977 C.addTransition(state);
989 ProgramStateRef state = C.getState();
991 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1), true);
1001 ProgramStateRef state = C.getState();
1003 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1), true, true);
1013 ProgramStateRef state = C.getState();
1015 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1));
1038 ProgramStateRef state = C.getState();
1043 SVal sizeVal = state->getSVal(Size, LCtx);
1048 assumeZero(C, state, sizeVal, sizeTy);
1053 state = stateZeroSize;
1054 state = state->BindExpr(CE, LCtx,
1056 C.addTransition(state);
1061 state = stateNonZeroSize;
1066 cast<DefinedOrUnknownSVal>(state->getSVal(Left, LCtx));
1068 cast<DefinedOrUnknownSVal>(state->getSVal(Right, LCtx));
1071 DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
1073 llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
1078 state = StSameBuf;
1079 state = CheckBufferAccess(C, state, Size, Left);
1080 if (state) {
1081 state = StSameBuf->BindExpr(CE, LCtx,
1083 C.addTransition(state);
1090 state = StNotSameBuf;
1091 state = CheckBufferAccess(C, state, Size, Left, Right);
1092 if (state) {
1095 state = state->BindExpr(CE, LCtx, CmpV);
1096 C.addTransition(state);
1123 ProgramStateRef state = C.getState();
1128 SVal maxlenVal = state->getSVal(maxlenExpr, LCtx);
1132 assumeZero(C, state, maxlenVal, maxlenExpr->getType());
1147 state = stateNonZeroSize;
1152 SVal ArgVal = state->getSVal(Arg, LCtx);
1154 state = checkNonNull(C, state, Arg, ArgVal);
1156 if (!state)
1159 SVal strLength = getCStringLength(C, state, Arg, ArgVal);
1161 // If the argument isn't a valid C string, there's no valid state to
1176 SVal maxlenVal = state->getSVal(maxlenExpr, LCtx);
1186 state->assume(cast<DefinedOrUnknownSVal>
1187 (C.getSValBuilder().evalBinOpNN(state, BO_GT,
1210 state = state->assume(cast<DefinedOrUnknownSVal>
1211 (C.getSValBuilder().evalBinOpNN(state, BO_LE,
1218 state = state->assume(cast<DefinedOrUnknownSVal>
1219 (C.getSValBuilder().evalBinOpNN(state, BO_LE,
1239 state = state->BindExpr(CE, LCtx, result);
1240 C.addTransition(state);
1302 ProgramStateRef state = C.getState();
1307 SVal DstVal = state->getSVal(Dst, LCtx);
1309 state = checkNonNull(C, state, Dst, DstVal);
1310 if (!state)
1315 SVal srcVal = state->getSVal(srcExpr, LCtx);
1316 state = checkNonNull(C, state, srcExpr, srcVal);
1317 if (!state)
1321 SVal strLength = getCStringLength(C, state, srcExpr, srcVal);
1342 SVal lenVal = state->getSVal(lenExpr, LCtx);
1359 state->assume(cast<DefinedOrUnknownSVal>
1360 (svalBuilder.evalBinOpNN(state, BO_GE, *strLengthNL,
1366 state = stateSourceTooLong;
1371 state = stateSourceNotTooLong;
1384 SVal dstStrLength = getCStringLength(C, state, Dst, DstVal);
1389 maxLastElementIndex = svalBuilder.evalBinOpNN(state, BO_Add,
1407 assumeZero(C, state, *lenValNL, sizeTy);
1420 maxLastElementIndex = svalBuilder.evalBinOpNN(state, BO_Sub, *lenValNL,
1434 amountCopied = getCStringLength(C, state, lenExpr, srcVal, true);
1440 SVal copiedLessThanBound = svalBuilder.evalBinOpNN(state, BO_LE,
1444 state = state->assume(cast<DefinedOrUnknownSVal>(copiedLessThanBound),
1446 if (!state)
1452 SVal copiedLessThanSrc = svalBuilder.evalBinOpNN(state, BO_LE,
1456 state = state->assume(cast<DefinedOrUnknownSVal>(copiedLessThanSrc),
1458 if (!state)
1470 assert(state);
1483 SVal dstStrLength = getCStringLength(C, state, Dst, DstVal);
1493 state = checkAdditionOverflow(C, state, *srcStrLengthNL, *dstStrLengthNL);
1494 if (!state)
1497 finalStrLength = svalBuilder.evalBinOpNN(state, BO_Add, *srcStrLengthNL,
1506 finalStrLength = getCStringLength(C, state, CE, DstVal, true);
1512 SVal sourceInResult = svalBuilder.evalBinOpNN(state, BO_GE,
1516 state = state->assume(cast<DefinedOrUnknownSVal>(sourceInResult),
1518 if (!state)
1524 SVal destInResult = svalBuilder.evalBinOpNN(state, BO_GE,
1528 state = state->assume(cast<DefinedOrUnknownSVal>(destInResult),
1530 if (!state)
1546 assert(state);
1557 SVal maxLastElement = svalBuilder.evalBinOpLN(state, BO_Add, *dstRegVal,
1559 state = CheckLocation(C, state, CE->getArg(2), maxLastElement,
1561 if (!state)
1568 SVal lastElement = svalBuilder.evalBinOpLN(state, BO_Add, *dstRegVal,
1575 state = CheckLocation(C, state, Dst, lastElement, warningMsg);
1576 if (!state)
1591 state = InvalidateBuffer(C, state, Dst, *dstRegVal);
1602 state = setCStringLength(state, dstRegVal->getRegion(), finalStrLength);
1605 assert(state);
1614 state = state->BindExpr(CE, LCtx, Result);
1615 C.addTransition(state);
1655 ProgramStateRef state = C.getState();
1660 SVal s1Val = state->getSVal(s1, LCtx);
1661 state = checkNonNull(C, state, s1, s1Val);
1662 if (!state)
1667 SVal s2Val = state->getSVal(s2, LCtx);
1668 state = checkNonNull(C, state, s2, s2Val);
1669 if (!state)
1673 SVal s1Length = getCStringLength(C, state, s1, s1Val);
1678 SVal s2Length = getCStringLength(C, state, s2, s2Val);
1690 DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
1692 llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
1707 state = StNotSameBuf;
1713 const StringLiteral *s1StrLiteral = getCStringLiteral(C, state, s1, s1Val);
1714 const StringLiteral *s2StrLiteral = getCStringLiteral(C, state, s2, s2Val);
1724 SVal lenVal = state->getSVal(lenExpr, LCtx);
1727 if (const llvm::APSInt *len = svalBuilder.getKnownValue(state, lenVal)) {
1761 state = state->BindExpr(CE, LCtx, resultVal);
1768 state = state->BindExpr(CE, LCtx, resultVal);
1772 C.addTransition(state);
1846 ProgramStateRef state = C.getState();
1864 Loc VarLoc = state->getLValue(D, C.getLocationContext());
1869 SVal StrVal = state->getSVal(Init, C.getLocationContext());
1872 = cast<DefinedOrUnknownSVal>(getCStringLength(C, state, Init, StrVal));
1874 state = state->set<CStringLength>(MR, strLength);
1877 C.addTransition(state);
1880 bool CStringChecker::wantsRegionChangeUpdate(ProgramStateRef state) const {
1881 CStringLength::EntryMap Entries = state->get<CStringLength>();
1886 CStringChecker::checkRegionChanges(ProgramStateRef state,
1891 CStringLength::EntryMap Entries = state->get<CStringLength>();
1893 return state;
1911 CStringLength::EntryMap::Factory &F = state->get_context<CStringLength>();
1913 // Then loop over the entries in the current state.
1935 return state->set<CStringLength>(Entries);
1938 void CStringChecker::checkLiveSymbols(ProgramStateRef state,
1941 CStringLength::EntryMap Entries = state->get<CStringLength>();
1958 ProgramStateRef state = C.getState();
1959 CStringLength::EntryMap Entries = state->get<CStringLength>();
1963 CStringLength::EntryMap::Factory &F = state->get_context<CStringLength>();
1973 state = state->set<CStringLength>(Entries);
1974 C.addTransition(state);
