Lines Matching refs:state
62 void checkLiveSymbols(ProgramStateRef state, SymbolReaper &SR) const;
64 bool wantsRegionChangeUpdate(ProgramStateRef state) const;
67 checkRegionChanges(ProgramStateRef state,
81 ProgramStateRef state,
122 ProgramStateRef state, SVal V, QualType Ty);
124 static ProgramStateRef setCStringLength(ProgramStateRef state,
128 ProgramStateRef &state,
133 ProgramStateRef &state,
139 ProgramStateRef &state,
144 ProgramStateRef state,
152 ProgramStateRef state,
156 ProgramStateRef state,
161 ProgramStateRef state,
170 ProgramStateRef state,
176 return CheckBufferAccess(C, state, Size, Buf, NULL, message, NULL,
180 ProgramStateRef state,
185 ProgramStateRef state,
190 ProgramStateRef state,
204 CStringChecker::assumeZero(CheckerContext &C, ProgramStateRef state, SVal V,
208 return std::pair<ProgramStateRef , ProgramStateRef >(state, state);
212 return state->assume(svalBuilder.evalEQ(state, *val, zero));
216 ProgramStateRef state,
219 if (!state)
223 llvm::tie(stateNull, stateNonNull) = assumeZero(C, state, l, S->getType());
259 ProgramStateRef state,
263 if (!state)
269 return state;
273 return state;
288 ProgramStateRef StInBound = state->assumeInBound(Idx, Size, true);
289 ProgramStateRef StOutBound = state->assumeInBound(Idx, Size, false);
332 ProgramStateRef state,
340 if (!state)
351 SVal BufVal = state->getSVal(FirstBuf, LCtx);
352 state = checkNonNull(C, state, FirstBuf, BufVal);
353 if (!state)
358 return state;
363 SVal LengthVal = state->getSVal(Size, LCtx);
366 return state;
371 .evalBinOpNN(state, BO_Sub, *Length, One, sizeTy).castAs<NonLoc>();
378 SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
380 state = CheckLocation(C, state, warningExpr, BufEnd, firstMessage);
383 if (!state)
389 BufVal = state->getSVal(SecondBuf, LCtx);
390 state = checkNonNull(C, state, SecondBuf, BufVal);
391 if (!state)
398 SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
400 state = CheckLocation(C, state, warningExpr, BufEnd, secondMessage);
404 // Large enough or not, return this state!
405 return state;
409 ProgramStateRef state,
414 return state;
421 if (!state)
428 SVal firstVal = state->getSVal(First, LCtx);
429 SVal secondVal = state->getSVal(Second, LCtx);
433 return state;
437 return state;
442 state->assume(svalBuilder.evalEQ(state, *firstLoc, *secondLoc));
452 state = stateFalse;
456 SVal reverse = svalBuilder.evalBinOpLL(state, BO_GT,
461 return state;
463 llvm::tie(stateTrue, stateFalse) = state->assume(*reverseTest);
467 return state;
478 SVal LengthVal = state->getSVal(Size, LCtx);
481 return state;
491 return state;
494 SVal FirstEnd = svalBuilder.evalBinOpLN(state, BO_Add,
498 return state;
501 SVal Overlap = svalBuilder.evalBinOpLL(state, BO_GT,
506 return state;
508 llvm::tie(stateTrue, stateFalse) = state->assume(*OverlapTest);
521 void CStringChecker::emitOverlapBug(CheckerContext &C, ProgramStateRef state,
523 ExplodedNode *N = C.generateSink(state);
541 ProgramStateRef state,
546 return state;
549 if (!state)
561 maxMinusRight = svalBuilder.evalBinOpNN(state, BO_Sub, maxVal, right,
566 maxMinusRight = svalBuilder.evalBinOpNN(state, BO_Sub, maxVal, left,
574 SVal willOverflow = svalBuilder.evalBinOpNN(state, BO_GT, left,
579 state->assume(willOverflow.castAs<DefinedOrUnknownSVal>());
607 state = stateOkay;
610 return state;
613 ProgramStateRef CStringChecker::setCStringLength(ProgramStateRef state,
624 return state;
637 return state;
644 return state;
648 return state->remove<CStringLength>(MR);
650 return state->set<CStringLength>(MR, strLength);
654 ProgramStateRef &state,
660 const SVal *Recorded = state->get<CStringLength>(MR);
665 // Otherwise, get a new symbol and update the state.
673 state = state->set<CStringLength>(MR, strLength);
678 SVal CStringChecker::getCStringLength(CheckerContext &C, ProgramStateRef &state,
690 if (ExplodedNode *N = C.addTransition(state)) {
735 return getCStringLengthForRegion(C, state, Ex, MR, hypothetical);
750 if (ExplodedNode *N = C.addTransition(state)) {
779 ProgramStateRef &state, const Expr *expr, SVal val) const {
799 ProgramStateRef state,
803 return state;
820 return state->invalidateRegions(R, E, C.blockCount(), LCtx,
827 return state->killBinding(*L);
873 ProgramStateRef state,
881 SVal sizeVal = state->getSVal(Size, LCtx);
886 assumeZero(C, state, sizeVal, sizeTy);
889 SVal destVal = state->getSVal(Dest, LCtx);
901 state = stateNonZeroSize;
905 state = checkNonNull(C, state, Dest, destVal);
906 if (!state)
910 SVal srcVal = state->getSVal(Source, LCtx);
914 state = checkNonNull(C, state, Source, srcVal);
915 if (!state)
921 state = CheckBufferAccess(C, state, Size, Dest, Source,
924 state = CheckOverlap(C, state, Size, Dest, Source);
926 if (!state)
937 SVal lastElement = C.getSValBuilder().evalBinOpLN(state, BO_Add,
943 state = state->BindExpr(CE, LCtx, lastElement);
949 state = state->BindExpr(CE, LCtx, result);
955 state = state->BindExpr(CE, LCtx, destVal);
963 state = InvalidateBuffer(C, state, Dest,
964 state->getSVal(Dest, C.getLocationContext()));
965 C.addTransition(state);
977 ProgramStateRef state = C.getState();
979 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1), true);
989 ProgramStateRef state = C.getState();
991 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1), true, true);
1001 ProgramStateRef state = C.getState();
1003 evalCopyCommon(C, CE, state, CE->getArg(2), Dest, CE->getArg(1));
1026 ProgramStateRef state = C.getState();
1031 SVal sizeVal = state->getSVal(Size, LCtx);
1036 assumeZero(C, state, sizeVal, sizeTy);
1041 state = stateZeroSize;
1042 state = state->BindExpr(CE, LCtx,
1044 C.addTransition(state);
1049 state = stateNonZeroSize;
1054 state->getSVal(Left, LCtx).castAs<DefinedOrUnknownSVal>();
1056 state->getSVal(Right, LCtx).castAs<DefinedOrUnknownSVal>();
1059 DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
1061 llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
1066 state = StSameBuf;
1067 state = CheckBufferAccess(C, state, Size, Left);
1068 if (state) {
1069 state = StSameBuf->BindExpr(CE, LCtx,
1071 C.addTransition(state);
1078 state = StNotSameBuf;
1079 state = CheckBufferAccess(C, state, Size, Left, Right);
1080 if (state) {
1083 state = state->BindExpr(CE, LCtx, CmpV);
1084 C.addTransition(state);
1111 ProgramStateRef state = C.getState();
1116 SVal maxlenVal = state->getSVal(maxlenExpr, LCtx);
1120 assumeZero(C, state, maxlenVal, maxlenExpr->getType());
1135 state = stateNonZeroSize;
1140 SVal ArgVal = state->getSVal(Arg, LCtx);
1142 state = checkNonNull(C, state, Arg, ArgVal);
1144 if (!state)
1147 SVal strLength = getCStringLength(C, state, Arg, ArgVal);
1149 // If the argument isn't a valid C string, there's no valid state to
1164 SVal maxlenVal = state->getSVal(maxlenExpr, LCtx);
1174 state->assume(C.getSValBuilder().evalBinOpNN(
1175 state, BO_GT, *strLengthNL, *maxlenValNL, cmpTy)
1196 state = state->assume(C.getSValBuilder().evalBinOpNN(
1197 state, BO_LE, resultNL, *strLengthNL, cmpTy)
1202 state = state->assume(C.getSValBuilder().evalBinOpNN(
1203 state, BO_LE, resultNL, *maxlenValNL, cmpTy)
1221 state = state->BindExpr(CE, LCtx, result);
1222 C.addTransition(state);
1284 ProgramStateRef state = C.getState();
1289 SVal DstVal = state->getSVal(Dst, LCtx);
1291 state = checkNonNull(C, state, Dst, DstVal);
1292 if (!state)
1297 SVal srcVal = state->getSVal(srcExpr, LCtx);
1298 state = checkNonNull(C, state, srcExpr, srcVal);
1299 if (!state)
1303 SVal strLength = getCStringLength(C, state, srcExpr, srcVal);
1324 SVal lenVal = state->getSVal(lenExpr, LCtx);
1340 llvm::tie(stateSourceTooLong, stateSourceNotTooLong) = state->assume(
1341 svalBuilder.evalBinOpNN(state, BO_GE, *strLengthNL, *lenValNL, cmpTy)
1347 state = stateSourceTooLong;
1352 state = stateSourceNotTooLong;
1365 SVal dstStrLength = getCStringLength(C, state, Dst, DstVal);
1370 maxLastElementIndex = svalBuilder.evalBinOpNN(state, BO_Add,
1388 assumeZero(C, state, *lenValNL, sizeTy);
1401 maxLastElementIndex = svalBuilder.evalBinOpNN(state, BO_Sub, *lenValNL,
1415 amountCopied = getCStringLength(C, state, lenExpr, srcVal, true);
1421 SVal copiedLessThanBound = svalBuilder.evalBinOpNN(state, BO_LE,
1425 state = state->assume(
1427 if (!state)
1433 SVal copiedLessThanSrc = svalBuilder.evalBinOpNN(state, BO_LE,
1437 state = state->assume(
1439 if (!state)
1451 assert(state);
1464 SVal dstStrLength = getCStringLength(C, state, Dst, DstVal);
1474 state = checkAdditionOverflow(C, state, *srcStrLengthNL, *dstStrLengthNL);
1475 if (!state)
1478 finalStrLength = svalBuilder.evalBinOpNN(state, BO_Add, *srcStrLengthNL,
1487 finalStrLength = getCStringLength(C, state, CE, DstVal, true);
1493 SVal sourceInResult = svalBuilder.evalBinOpNN(state, BO_GE,
1497 state = state->assume(sourceInResult.castAs<DefinedOrUnknownSVal>(),
1499 if (!state)
1505 SVal destInResult = svalBuilder.evalBinOpNN(state, BO_GE,
1509 state =
1510 state->assume(destInResult.castAs<DefinedOrUnknownSVal>(), true);
1511 if (!state)
1527 assert(state);
1539 SVal maxLastElement = svalBuilder.evalBinOpLN(state, BO_Add, *dstRegVal,
1541 state = CheckLocation(C, state, CE->getArg(2), maxLastElement,
1543 if (!state)
1550 SVal lastElement = svalBuilder.evalBinOpLN(state, BO_Add, *dstRegVal,
1557 state = CheckLocation(C, state, Dst, lastElement, warningMsg);
1558 if (!state)
1573 state = InvalidateBuffer(C, state, Dst, *dstRegVal);
1584 state = setCStringLength(state, dstRegVal->getRegion(), finalStrLength);
1587 assert(state);
1596 state = state->BindExpr(CE, LCtx, Result);
1597 C.addTransition(state);
1637 ProgramStateRef state = C.getState();
1642 SVal s1Val = state->getSVal(s1, LCtx);
1643 state = checkNonNull(C, state, s1, s1Val);
1644 if (!state)
1649 SVal s2Val = state->getSVal(s2, LCtx);
1650 state = checkNonNull(C, state, s2, s2Val);
1651 if (!state)
1655 SVal s1Length = getCStringLength(C, state, s1, s1Val);
1660 SVal s2Length = getCStringLength(C, state, s2, s2Val);
1672 DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
1674 llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
1689 state = StNotSameBuf;
1695 const StringLiteral *s1StrLiteral = getCStringLiteral(C, state, s1, s1Val);
1696 const StringLiteral *s2StrLiteral = getCStringLiteral(C, state, s2, s2Val);
1706 SVal lenVal = state->getSVal(lenExpr, LCtx);
1709 if (const llvm::APSInt *len = svalBuilder.getKnownValue(state, lenVal)) {
1743 state = state->BindExpr(CE, LCtx, resultVal);
1750 state = state->BindExpr(CE, LCtx, resultVal);
1754 C.addTransition(state);
1770 ProgramStateRef State = C.getState();
1775 SVal SearchStrVal = State->getSVal(SearchStrPtr, LCtx);
1776 State = checkNonNull(C, State, SearchStrPtr, SearchStrVal);
1777 if (!State)
1782 SVal DelimStrVal = State->getSVal(DelimStr, LCtx);
1783 State = checkNonNull(C, State, DelimStr, DelimStrVal);
1784 if (!State)
1791 Result = State->getSVal(*SearchStrLoc, CharPtrTy);
1795 State = InvalidateBuffer(C, State, SearchStrPtr, Result);
1799 State = State->bindLoc(*SearchStrLoc,
1809 State = State->BindExpr(CE, LCtx, Result);
1810 C.addTransition(State);
1888 ProgramStateRef state = C.getState();
1906 Loc VarLoc = state->getLValue(D, C.getLocationContext());
1911 SVal StrVal = state->getSVal(Init, C.getLocationContext());
1914 getCStringLength(C, state, Init, StrVal).castAs<DefinedOrUnknownSVal>();
1916 state = state->set<CStringLength>(MR, strLength);
1919 C.addTransition(state);
1922 bool CStringChecker::wantsRegionChangeUpdate(ProgramStateRef state) const {
1923 CStringLengthTy Entries = state->get<CStringLength>();
1928 CStringChecker::checkRegionChanges(ProgramStateRef state,
1933 CStringLengthTy Entries = state->get<CStringLength>();
1935 return state;
1953 CStringLengthTy::Factory &F = state->get_context<CStringLength>();
1955 // Then loop over the entries in the current state.
1977 return state->set<CStringLength>(Entries);
1980 void CStringChecker::checkLiveSymbols(ProgramStateRef state,
1983 CStringLengthTy Entries = state->get<CStringLength>();
2000 ProgramStateRef state = C.getState();
2001 CStringLengthTy Entries = state->get<CStringLength>();
2005 CStringLengthTy::Factory &F = state->get_context<CStringLength>();
2015 state = state->set<CStringLength>(Entries);
2016 C.addTransition(state);
