1 //===--- CheckerManager.cpp - Static Analyzer Checker Manager -------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // Defines the Static Analyzer Checker Manager. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "clang/StaticAnalyzer/Core/CheckerManager.h" 15 #include "clang/AST/DeclBase.h" 16 #include "clang/Analysis/ProgramPoint.h" 17 #include "clang/StaticAnalyzer/Core/Checker.h" 18 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 19 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 20 21 using namespace clang; 22 using namespace ento; 23 24 bool CheckerManager::hasPathSensitiveCheckers() const { 25 return !StmtCheckers.empty() || 26 !PreObjCMessageCheckers.empty() || 27 !PostObjCMessageCheckers.empty() || 28 !PreCallCheckers.empty() || 29 !PostCallCheckers.empty() || 30 !LocationCheckers.empty() || 31 !BindCheckers.empty() || 32 !EndAnalysisCheckers.empty() || 33 !EndFunctionCheckers.empty() || 34 !BranchConditionCheckers.empty() || 35 !LiveSymbolsCheckers.empty() || 36 !DeadSymbolsCheckers.empty() || 37 !RegionChangesCheckers.empty() || 38 !EvalAssumeCheckers.empty() || 39 !EvalCallCheckers.empty(); 40 } 41 42 void CheckerManager::finishedCheckerRegistration() { 43 #ifndef NDEBUG 44 // Make sure that for every event that has listeners, there is at least 45 // one dispatcher registered for it. 46 for (llvm::DenseMap<EventTag, EventInfo>::iterator 47 I = Events.begin(), E = Events.end(); I != E; ++I) 48 assert(I->second.HasDispatcher && "No dispatcher registered for an event"); 49 #endif 50 } 51 52 //===----------------------------------------------------------------------===// 53 // Functions for running checkers for AST traversing.. 54 //===----------------------------------------------------------------------===// 55 56 void CheckerManager::runCheckersOnASTDecl(const Decl *D, AnalysisManager& mgr, 57 BugReporter &BR) { 58 assert(D); 59 60 unsigned DeclKind = D->getKind(); 61 CachedDeclCheckers *checkers = nullptr; 62 CachedDeclCheckersMapTy::iterator CCI = CachedDeclCheckersMap.find(DeclKind); 63 if (CCI != CachedDeclCheckersMap.end()) { 64 checkers = &(CCI->second); 65 } else { 66 // Find the checkers that should run for this Decl and cache them. 67 checkers = &CachedDeclCheckersMap[DeclKind]; 68 for (unsigned i = 0, e = DeclCheckers.size(); i != e; ++i) { 69 DeclCheckerInfo &info = DeclCheckers[i]; 70 if (info.IsForDeclFn(D)) 71 checkers->push_back(info.CheckFn); 72 } 73 } 74 75 assert(checkers); 76 for (CachedDeclCheckers::iterator 77 I = checkers->begin(), E = checkers->end(); I != E; ++I) 78 (*I)(D, mgr, BR); 79 } 80 81 void CheckerManager::runCheckersOnASTBody(const Decl *D, AnalysisManager& mgr, 82 BugReporter &BR) { 83 assert(D && D->hasBody()); 84 85 for (unsigned i = 0, e = BodyCheckers.size(); i != e; ++i) 86 BodyCheckers[i](D, mgr, BR); 87 } 88 89 //===----------------------------------------------------------------------===// 90 // Functions for running checkers for path-sensitive checking. 91 //===----------------------------------------------------------------------===// 92 93 template <typename CHECK_CTX> 94 static void expandGraphWithCheckers(CHECK_CTX checkCtx, 95 ExplodedNodeSet &Dst, 96 const ExplodedNodeSet &Src) { 97 const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext(); 98 if (Src.empty()) 99 return; 100 101 typename CHECK_CTX::CheckersTy::const_iterator 102 I = checkCtx.checkers_begin(), E = checkCtx.checkers_end(); 103 if (I == E) { 104 Dst.insert(Src); 105 return; 106 } 107 108 ExplodedNodeSet Tmp1, Tmp2; 109 const ExplodedNodeSet *PrevSet = &Src; 110 111 for (; I != E; ++I) { 112 ExplodedNodeSet *CurrSet = nullptr; 113 if (I+1 == E) 114 CurrSet = &Dst; 115 else { 116 CurrSet = (PrevSet == &Tmp1) ? &Tmp2 : &Tmp1; 117 CurrSet->clear(); 118 } 119 120 NodeBuilder B(*PrevSet, *CurrSet, BldrCtx); 121 for (ExplodedNodeSet::iterator NI = PrevSet->begin(), NE = PrevSet->end(); 122 NI != NE; ++NI) { 123 checkCtx.runChecker(*I, B, *NI); 124 } 125 126 // If all the produced transitions are sinks, stop. 127 if (CurrSet->empty()) 128 return; 129 130 // Update which NodeSet is the current one. 131 PrevSet = CurrSet; 132 } 133 } 134 135 namespace { 136 struct CheckStmtContext { 137 typedef SmallVectorImpl<CheckerManager::CheckStmtFunc> CheckersTy; 138 bool IsPreVisit; 139 const CheckersTy &Checkers; 140 const Stmt *S; 141 ExprEngine &Eng; 142 bool WasInlined; 143 144 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 145 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 146 147 CheckStmtContext(bool isPreVisit, const CheckersTy &checkers, 148 const Stmt *s, ExprEngine &eng, bool wasInlined = false) 149 : IsPreVisit(isPreVisit), Checkers(checkers), S(s), Eng(eng), 150 WasInlined(wasInlined) {} 151 152 void runChecker(CheckerManager::CheckStmtFunc checkFn, 153 NodeBuilder &Bldr, ExplodedNode *Pred) { 154 // FIXME: Remove respondsToCallback from CheckerContext; 155 ProgramPoint::Kind K = IsPreVisit ? ProgramPoint::PreStmtKind : 156 ProgramPoint::PostStmtKind; 157 const ProgramPoint &L = ProgramPoint::getProgramPoint(S, K, 158 Pred->getLocationContext(), checkFn.Checker); 159 CheckerContext C(Bldr, Eng, Pred, L, WasInlined); 160 checkFn(S, C); 161 } 162 }; 163 } 164 165 /// \brief Run checkers for visiting Stmts. 166 void CheckerManager::runCheckersForStmt(bool isPreVisit, 167 ExplodedNodeSet &Dst, 168 const ExplodedNodeSet &Src, 169 const Stmt *S, 170 ExprEngine &Eng, 171 bool WasInlined) { 172 CheckStmtContext C(isPreVisit, getCachedStmtCheckersFor(S, isPreVisit), 173 S, Eng, WasInlined); 174 expandGraphWithCheckers(C, Dst, Src); 175 } 176 177 namespace { 178 struct CheckObjCMessageContext { 179 typedef std::vector<CheckerManager::CheckObjCMessageFunc> CheckersTy; 180 181 ObjCMessageVisitKind Kind; 182 bool WasInlined; 183 const CheckersTy &Checkers; 184 const ObjCMethodCall &Msg; 185 ExprEngine &Eng; 186 187 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 188 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 189 190 CheckObjCMessageContext(ObjCMessageVisitKind visitKind, 191 const CheckersTy &checkers, 192 const ObjCMethodCall &msg, ExprEngine &eng, 193 bool wasInlined) 194 : Kind(visitKind), WasInlined(wasInlined), Checkers(checkers), 195 Msg(msg), Eng(eng) { } 196 197 void runChecker(CheckerManager::CheckObjCMessageFunc checkFn, 198 NodeBuilder &Bldr, ExplodedNode *Pred) { 199 200 bool IsPreVisit; 201 202 switch (Kind) { 203 case ObjCMessageVisitKind::Pre: 204 IsPreVisit = true; 205 break; 206 case ObjCMessageVisitKind::MessageNil: 207 case ObjCMessageVisitKind::Post: 208 IsPreVisit = false; 209 break; 210 } 211 212 const ProgramPoint &L = Msg.getProgramPoint(IsPreVisit,checkFn.Checker); 213 CheckerContext C(Bldr, Eng, Pred, L, WasInlined); 214 215 checkFn(*Msg.cloneWithState<ObjCMethodCall>(Pred->getState()), C); 216 } 217 }; 218 } 219 220 /// \brief Run checkers for visiting obj-c messages. 221 void CheckerManager::runCheckersForObjCMessage(ObjCMessageVisitKind visitKind, 222 ExplodedNodeSet &Dst, 223 const ExplodedNodeSet &Src, 224 const ObjCMethodCall &msg, 225 ExprEngine &Eng, 226 bool WasInlined) { 227 auto &checkers = getObjCMessageCheckers(visitKind); 228 CheckObjCMessageContext C(visitKind, checkers, msg, Eng, WasInlined); 229 expandGraphWithCheckers(C, Dst, Src); 230 } 231 232 const std::vector<CheckerManager::CheckObjCMessageFunc> & 233 CheckerManager::getObjCMessageCheckers(ObjCMessageVisitKind Kind) { 234 switch (Kind) { 235 case ObjCMessageVisitKind::Pre: 236 return PreObjCMessageCheckers; 237 break; 238 case ObjCMessageVisitKind::Post: 239 return PostObjCMessageCheckers; 240 case ObjCMessageVisitKind::MessageNil: 241 return ObjCMessageNilCheckers; 242 } 243 llvm_unreachable("Unknown Kind"); 244 } 245 namespace { 246 // FIXME: This has all the same signatures as CheckObjCMessageContext. 247 // Is there a way we can merge the two? 248 struct CheckCallContext { 249 typedef std::vector<CheckerManager::CheckCallFunc> CheckersTy; 250 bool IsPreVisit, WasInlined; 251 const CheckersTy &Checkers; 252 const CallEvent &Call; 253 ExprEngine &Eng; 254 255 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 256 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 257 258 CheckCallContext(bool isPreVisit, const CheckersTy &checkers, 259 const CallEvent &call, ExprEngine &eng, 260 bool wasInlined) 261 : IsPreVisit(isPreVisit), WasInlined(wasInlined), Checkers(checkers), 262 Call(call), Eng(eng) { } 263 264 void runChecker(CheckerManager::CheckCallFunc checkFn, 265 NodeBuilder &Bldr, ExplodedNode *Pred) { 266 const ProgramPoint &L = Call.getProgramPoint(IsPreVisit,checkFn.Checker); 267 CheckerContext C(Bldr, Eng, Pred, L, WasInlined); 268 269 checkFn(*Call.cloneWithState(Pred->getState()), C); 270 } 271 }; 272 } 273 274 /// \brief Run checkers for visiting an abstract call event. 275 void CheckerManager::runCheckersForCallEvent(bool isPreVisit, 276 ExplodedNodeSet &Dst, 277 const ExplodedNodeSet &Src, 278 const CallEvent &Call, 279 ExprEngine &Eng, 280 bool WasInlined) { 281 CheckCallContext C(isPreVisit, 282 isPreVisit ? PreCallCheckers 283 : PostCallCheckers, 284 Call, Eng, WasInlined); 285 expandGraphWithCheckers(C, Dst, Src); 286 } 287 288 namespace { 289 struct CheckLocationContext { 290 typedef std::vector<CheckerManager::CheckLocationFunc> CheckersTy; 291 const CheckersTy &Checkers; 292 SVal Loc; 293 bool IsLoad; 294 const Stmt *NodeEx; /* Will become a CFGStmt */ 295 const Stmt *BoundEx; 296 ExprEngine &Eng; 297 298 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 299 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 300 301 CheckLocationContext(const CheckersTy &checkers, 302 SVal loc, bool isLoad, const Stmt *NodeEx, 303 const Stmt *BoundEx, 304 ExprEngine &eng) 305 : Checkers(checkers), Loc(loc), IsLoad(isLoad), NodeEx(NodeEx), 306 BoundEx(BoundEx), Eng(eng) {} 307 308 void runChecker(CheckerManager::CheckLocationFunc checkFn, 309 NodeBuilder &Bldr, ExplodedNode *Pred) { 310 ProgramPoint::Kind K = IsLoad ? ProgramPoint::PreLoadKind : 311 ProgramPoint::PreStoreKind; 312 const ProgramPoint &L = 313 ProgramPoint::getProgramPoint(NodeEx, K, 314 Pred->getLocationContext(), 315 checkFn.Checker); 316 CheckerContext C(Bldr, Eng, Pred, L); 317 checkFn(Loc, IsLoad, BoundEx, C); 318 } 319 }; 320 } 321 322 /// \brief Run checkers for load/store of a location. 323 324 void CheckerManager::runCheckersForLocation(ExplodedNodeSet &Dst, 325 const ExplodedNodeSet &Src, 326 SVal location, bool isLoad, 327 const Stmt *NodeEx, 328 const Stmt *BoundEx, 329 ExprEngine &Eng) { 330 CheckLocationContext C(LocationCheckers, location, isLoad, NodeEx, 331 BoundEx, Eng); 332 expandGraphWithCheckers(C, Dst, Src); 333 } 334 335 namespace { 336 struct CheckBindContext { 337 typedef std::vector<CheckerManager::CheckBindFunc> CheckersTy; 338 const CheckersTy &Checkers; 339 SVal Loc; 340 SVal Val; 341 const Stmt *S; 342 ExprEngine &Eng; 343 const ProgramPoint &PP; 344 345 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 346 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 347 348 CheckBindContext(const CheckersTy &checkers, 349 SVal loc, SVal val, const Stmt *s, ExprEngine &eng, 350 const ProgramPoint &pp) 351 : Checkers(checkers), Loc(loc), Val(val), S(s), Eng(eng), PP(pp) {} 352 353 void runChecker(CheckerManager::CheckBindFunc checkFn, 354 NodeBuilder &Bldr, ExplodedNode *Pred) { 355 const ProgramPoint &L = PP.withTag(checkFn.Checker); 356 CheckerContext C(Bldr, Eng, Pred, L); 357 358 checkFn(Loc, Val, S, C); 359 } 360 }; 361 } 362 363 /// \brief Run checkers for binding of a value to a location. 364 void CheckerManager::runCheckersForBind(ExplodedNodeSet &Dst, 365 const ExplodedNodeSet &Src, 366 SVal location, SVal val, 367 const Stmt *S, ExprEngine &Eng, 368 const ProgramPoint &PP) { 369 CheckBindContext C(BindCheckers, location, val, S, Eng, PP); 370 expandGraphWithCheckers(C, Dst, Src); 371 } 372 373 void CheckerManager::runCheckersForEndAnalysis(ExplodedGraph &G, 374 BugReporter &BR, 375 ExprEngine &Eng) { 376 for (unsigned i = 0, e = EndAnalysisCheckers.size(); i != e; ++i) 377 EndAnalysisCheckers[i](G, BR, Eng); 378 } 379 380 namespace { 381 struct CheckBeginFunctionContext { 382 typedef std::vector<CheckerManager::CheckBeginFunctionFunc> CheckersTy; 383 const CheckersTy &Checkers; 384 ExprEngine &Eng; 385 const ProgramPoint &PP; 386 387 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 388 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 389 390 CheckBeginFunctionContext(const CheckersTy &Checkers, ExprEngine &Eng, 391 const ProgramPoint &PP) 392 : Checkers(Checkers), Eng(Eng), PP(PP) {} 393 394 void runChecker(CheckerManager::CheckBeginFunctionFunc checkFn, 395 NodeBuilder &Bldr, ExplodedNode *Pred) { 396 const ProgramPoint &L = PP.withTag(checkFn.Checker); 397 CheckerContext C(Bldr, Eng, Pred, L); 398 399 checkFn(C); 400 } 401 }; 402 } 403 404 void CheckerManager::runCheckersForBeginFunction(ExplodedNodeSet &Dst, 405 const BlockEdge &L, 406 ExplodedNode *Pred, 407 ExprEngine &Eng) { 408 ExplodedNodeSet Src; 409 Src.insert(Pred); 410 CheckBeginFunctionContext C(BeginFunctionCheckers, Eng, L); 411 expandGraphWithCheckers(C, Dst, Src); 412 } 413 414 /// \brief Run checkers for end of path. 415 // Note, We do not chain the checker output (like in expandGraphWithCheckers) 416 // for this callback since end of path nodes are expected to be final. 417 void CheckerManager::runCheckersForEndFunction(NodeBuilderContext &BC, 418 ExplodedNodeSet &Dst, 419 ExplodedNode *Pred, 420 ExprEngine &Eng) { 421 422 // We define the builder outside of the loop bacause if at least one checkers 423 // creates a sucsessor for Pred, we do not need to generate an 424 // autotransition for it. 425 NodeBuilder Bldr(Pred, Dst, BC); 426 for (unsigned i = 0, e = EndFunctionCheckers.size(); i != e; ++i) { 427 CheckEndFunctionFunc checkFn = EndFunctionCheckers[i]; 428 429 const ProgramPoint &L = BlockEntrance(BC.Block, 430 Pred->getLocationContext(), 431 checkFn.Checker); 432 CheckerContext C(Bldr, Eng, Pred, L); 433 checkFn(C); 434 } 435 } 436 437 namespace { 438 struct CheckBranchConditionContext { 439 typedef std::vector<CheckerManager::CheckBranchConditionFunc> CheckersTy; 440 const CheckersTy &Checkers; 441 const Stmt *Condition; 442 ExprEngine &Eng; 443 444 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 445 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 446 447 CheckBranchConditionContext(const CheckersTy &checkers, 448 const Stmt *Cond, ExprEngine &eng) 449 : Checkers(checkers), Condition(Cond), Eng(eng) {} 450 451 void runChecker(CheckerManager::CheckBranchConditionFunc checkFn, 452 NodeBuilder &Bldr, ExplodedNode *Pred) { 453 ProgramPoint L = PostCondition(Condition, Pred->getLocationContext(), 454 checkFn.Checker); 455 CheckerContext C(Bldr, Eng, Pred, L); 456 checkFn(Condition, C); 457 } 458 }; 459 } 460 461 /// \brief Run checkers for branch condition. 462 void CheckerManager::runCheckersForBranchCondition(const Stmt *Condition, 463 ExplodedNodeSet &Dst, 464 ExplodedNode *Pred, 465 ExprEngine &Eng) { 466 ExplodedNodeSet Src; 467 Src.insert(Pred); 468 CheckBranchConditionContext C(BranchConditionCheckers, Condition, Eng); 469 expandGraphWithCheckers(C, Dst, Src); 470 } 471 472 namespace { 473 struct CheckNewAllocatorContext { 474 typedef std::vector<CheckerManager::CheckNewAllocatorFunc> CheckersTy; 475 const CheckersTy &Checkers; 476 const CXXNewExpr *NE; 477 SVal Target; 478 bool WasInlined; 479 ExprEngine &Eng; 480 481 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 482 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 483 484 CheckNewAllocatorContext(const CheckersTy &Checkers, const CXXNewExpr *NE, 485 SVal Target, bool WasInlined, ExprEngine &Eng) 486 : Checkers(Checkers), NE(NE), Target(Target), WasInlined(WasInlined), 487 Eng(Eng) {} 488 489 void runChecker(CheckerManager::CheckNewAllocatorFunc checkFn, 490 NodeBuilder &Bldr, ExplodedNode *Pred) { 491 ProgramPoint L = PostAllocatorCall(NE, Pred->getLocationContext()); 492 CheckerContext C(Bldr, Eng, Pred, L, WasInlined); 493 checkFn(NE, Target, C); 494 } 495 }; 496 } 497 498 void CheckerManager::runCheckersForNewAllocator( 499 const CXXNewExpr *NE, SVal Target, ExplodedNodeSet &Dst, ExplodedNode *Pred, 500 ExprEngine &Eng, bool WasInlined) { 501 ExplodedNodeSet Src; 502 Src.insert(Pred); 503 CheckNewAllocatorContext C(NewAllocatorCheckers, NE, Target, WasInlined, Eng); 504 expandGraphWithCheckers(C, Dst, Src); 505 } 506 507 /// \brief Run checkers for live symbols. 508 void CheckerManager::runCheckersForLiveSymbols(ProgramStateRef state, 509 SymbolReaper &SymReaper) { 510 for (unsigned i = 0, e = LiveSymbolsCheckers.size(); i != e; ++i) 511 LiveSymbolsCheckers[i](state, SymReaper); 512 } 513 514 namespace { 515 struct CheckDeadSymbolsContext { 516 typedef std::vector<CheckerManager::CheckDeadSymbolsFunc> CheckersTy; 517 const CheckersTy &Checkers; 518 SymbolReaper &SR; 519 const Stmt *S; 520 ExprEngine &Eng; 521 ProgramPoint::Kind ProgarmPointKind; 522 523 CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); } 524 CheckersTy::const_iterator checkers_end() { return Checkers.end(); } 525 526 CheckDeadSymbolsContext(const CheckersTy &checkers, SymbolReaper &sr, 527 const Stmt *s, ExprEngine &eng, 528 ProgramPoint::Kind K) 529 : Checkers(checkers), SR(sr), S(s), Eng(eng), ProgarmPointKind(K) { } 530 531 void runChecker(CheckerManager::CheckDeadSymbolsFunc checkFn, 532 NodeBuilder &Bldr, ExplodedNode *Pred) { 533 const ProgramPoint &L = ProgramPoint::getProgramPoint(S, ProgarmPointKind, 534 Pred->getLocationContext(), checkFn.Checker); 535 CheckerContext C(Bldr, Eng, Pred, L); 536 537 // Note, do not pass the statement to the checkers without letting them 538 // differentiate if we ran remove dead bindings before or after the 539 // statement. 540 checkFn(SR, C); 541 } 542 }; 543 } 544 545 /// \brief Run checkers for dead symbols. 546 void CheckerManager::runCheckersForDeadSymbols(ExplodedNodeSet &Dst, 547 const ExplodedNodeSet &Src, 548 SymbolReaper &SymReaper, 549 const Stmt *S, 550 ExprEngine &Eng, 551 ProgramPoint::Kind K) { 552 CheckDeadSymbolsContext C(DeadSymbolsCheckers, SymReaper, S, Eng, K); 553 expandGraphWithCheckers(C, Dst, Src); 554 } 555 556 /// \brief Run checkers for region changes. 557 ProgramStateRef 558 CheckerManager::runCheckersForRegionChanges(ProgramStateRef state, 559 const InvalidatedSymbols *invalidated, 560 ArrayRef<const MemRegion *> ExplicitRegions, 561 ArrayRef<const MemRegion *> Regions, 562 const LocationContext *LCtx, 563 const CallEvent *Call) { 564 for (unsigned i = 0, e = RegionChangesCheckers.size(); i != e; ++i) { 565 // If any checker declares the state infeasible (or if it starts that way), 566 // bail out. 567 if (!state) 568 return nullptr; 569 state = RegionChangesCheckers[i](state, invalidated, 570 ExplicitRegions, Regions, 571 LCtx, Call); 572 } 573 return state; 574 } 575 576 /// \brief Run checkers to process symbol escape event. 577 ProgramStateRef 578 CheckerManager::runCheckersForPointerEscape(ProgramStateRef State, 579 const InvalidatedSymbols &Escaped, 580 const CallEvent *Call, 581 PointerEscapeKind Kind, 582 RegionAndSymbolInvalidationTraits *ETraits) { 583 assert((Call != nullptr || 584 (Kind != PSK_DirectEscapeOnCall && 585 Kind != PSK_IndirectEscapeOnCall)) && 586 "Call must not be NULL when escaping on call"); 587 for (unsigned i = 0, e = PointerEscapeCheckers.size(); i != e; ++i) { 588 // If any checker declares the state infeasible (or if it starts that 589 // way), bail out. 590 if (!State) 591 return nullptr; 592 State = PointerEscapeCheckers[i](State, Escaped, Call, Kind, ETraits); 593 } 594 return State; 595 } 596 597 /// \brief Run checkers for handling assumptions on symbolic values. 598 ProgramStateRef 599 CheckerManager::runCheckersForEvalAssume(ProgramStateRef state, 600 SVal Cond, bool Assumption) { 601 for (unsigned i = 0, e = EvalAssumeCheckers.size(); i != e; ++i) { 602 // If any checker declares the state infeasible (or if it starts that way), 603 // bail out. 604 if (!state) 605 return nullptr; 606 state = EvalAssumeCheckers[i](state, Cond, Assumption); 607 } 608 return state; 609 } 610 611 /// \brief Run checkers for evaluating a call. 612 /// Only one checker will evaluate the call. 613 void CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst, 614 const ExplodedNodeSet &Src, 615 const CallEvent &Call, 616 ExprEngine &Eng) { 617 const CallExpr *CE = cast<CallExpr>(Call.getOriginExpr()); 618 for (ExplodedNodeSet::iterator 619 NI = Src.begin(), NE = Src.end(); NI != NE; ++NI) { 620 ExplodedNode *Pred = *NI; 621 bool anyEvaluated = false; 622 623 ExplodedNodeSet checkDst; 624 NodeBuilder B(Pred, checkDst, Eng.getBuilderContext()); 625 626 // Check if any of the EvalCall callbacks can evaluate the call. 627 for (std::vector<EvalCallFunc>::iterator 628 EI = EvalCallCheckers.begin(), EE = EvalCallCheckers.end(); 629 EI != EE; ++EI) { 630 ProgramPoint::Kind K = ProgramPoint::PostStmtKind; 631 const ProgramPoint &L = ProgramPoint::getProgramPoint(CE, K, 632 Pred->getLocationContext(), EI->Checker); 633 bool evaluated = false; 634 { // CheckerContext generates transitions(populates checkDest) on 635 // destruction, so introduce the scope to make sure it gets properly 636 // populated. 637 CheckerContext C(B, Eng, Pred, L); 638 evaluated = (*EI)(CE, C); 639 } 640 assert(!(evaluated && anyEvaluated) 641 && "There are more than one checkers evaluating the call"); 642 if (evaluated) { 643 anyEvaluated = true; 644 Dst.insert(checkDst); 645 #ifdef NDEBUG 646 break; // on release don't check that no other checker also evals. 647 #endif 648 } 649 } 650 651 // If none of the checkers evaluated the call, ask ExprEngine to handle it. 652 if (!anyEvaluated) { 653 NodeBuilder B(Pred, Dst, Eng.getBuilderContext()); 654 Eng.defaultEvalCall(B, Pred, Call); 655 } 656 } 657 } 658 659 /// \brief Run checkers for the entire Translation Unit. 660 void CheckerManager::runCheckersOnEndOfTranslationUnit( 661 const TranslationUnitDecl *TU, 662 AnalysisManager &mgr, 663 BugReporter &BR) { 664 for (unsigned i = 0, e = EndOfTranslationUnitCheckers.size(); i != e; ++i) 665 EndOfTranslationUnitCheckers[i](TU, mgr, BR); 666 } 667 668 void CheckerManager::runCheckersForPrintState(raw_ostream &Out, 669 ProgramStateRef State, 670 const char *NL, const char *Sep) { 671 for (llvm::DenseMap<CheckerTag, CheckerRef>::iterator 672 I = CheckerTags.begin(), E = CheckerTags.end(); I != E; ++I) 673 I->second->printState(Out, State, NL, Sep); 674 } 675 676 //===----------------------------------------------------------------------===// 677 // Internal registration functions for AST traversing. 678 //===----------------------------------------------------------------------===// 679 680 void CheckerManager::_registerForDecl(CheckDeclFunc checkfn, 681 HandlesDeclFunc isForDeclFn) { 682 DeclCheckerInfo info = { checkfn, isForDeclFn }; 683 DeclCheckers.push_back(info); 684 } 685 686 void CheckerManager::_registerForBody(CheckDeclFunc checkfn) { 687 BodyCheckers.push_back(checkfn); 688 } 689 690 //===----------------------------------------------------------------------===// 691 // Internal registration functions for path-sensitive checking. 692 //===----------------------------------------------------------------------===// 693 694 void CheckerManager::_registerForPreStmt(CheckStmtFunc checkfn, 695 HandlesStmtFunc isForStmtFn) { 696 StmtCheckerInfo info = { checkfn, isForStmtFn, /*IsPreVisit*/true }; 697 StmtCheckers.push_back(info); 698 } 699 void CheckerManager::_registerForPostStmt(CheckStmtFunc checkfn, 700 HandlesStmtFunc isForStmtFn) { 701 StmtCheckerInfo info = { checkfn, isForStmtFn, /*IsPreVisit*/false }; 702 StmtCheckers.push_back(info); 703 } 704 705 void CheckerManager::_registerForPreObjCMessage(CheckObjCMessageFunc checkfn) { 706 PreObjCMessageCheckers.push_back(checkfn); 707 } 708 709 void CheckerManager::_registerForObjCMessageNil(CheckObjCMessageFunc checkfn) { 710 ObjCMessageNilCheckers.push_back(checkfn); 711 } 712 713 void CheckerManager::_registerForPostObjCMessage(CheckObjCMessageFunc checkfn) { 714 PostObjCMessageCheckers.push_back(checkfn); 715 } 716 717 void CheckerManager::_registerForPreCall(CheckCallFunc checkfn) { 718 PreCallCheckers.push_back(checkfn); 719 } 720 void CheckerManager::_registerForPostCall(CheckCallFunc checkfn) { 721 PostCallCheckers.push_back(checkfn); 722 } 723 724 void CheckerManager::_registerForLocation(CheckLocationFunc checkfn) { 725 LocationCheckers.push_back(checkfn); 726 } 727 728 void CheckerManager::_registerForBind(CheckBindFunc checkfn) { 729 BindCheckers.push_back(checkfn); 730 } 731 732 void CheckerManager::_registerForEndAnalysis(CheckEndAnalysisFunc checkfn) { 733 EndAnalysisCheckers.push_back(checkfn); 734 } 735 736 void CheckerManager::_registerForBeginFunction(CheckBeginFunctionFunc checkfn) { 737 BeginFunctionCheckers.push_back(checkfn); 738 } 739 740 void CheckerManager::_registerForEndFunction(CheckEndFunctionFunc checkfn) { 741 EndFunctionCheckers.push_back(checkfn); 742 } 743 744 void CheckerManager::_registerForBranchCondition( 745 CheckBranchConditionFunc checkfn) { 746 BranchConditionCheckers.push_back(checkfn); 747 } 748 749 void CheckerManager::_registerForNewAllocator(CheckNewAllocatorFunc checkfn) { 750 NewAllocatorCheckers.push_back(checkfn); 751 } 752 753 void CheckerManager::_registerForLiveSymbols(CheckLiveSymbolsFunc checkfn) { 754 LiveSymbolsCheckers.push_back(checkfn); 755 } 756 757 void CheckerManager::_registerForDeadSymbols(CheckDeadSymbolsFunc checkfn) { 758 DeadSymbolsCheckers.push_back(checkfn); 759 } 760 761 void CheckerManager::_registerForRegionChanges(CheckRegionChangesFunc checkfn) { 762 RegionChangesCheckers.push_back(checkfn); 763 } 764 765 void CheckerManager::_registerForPointerEscape(CheckPointerEscapeFunc checkfn){ 766 PointerEscapeCheckers.push_back(checkfn); 767 } 768 769 void CheckerManager::_registerForConstPointerEscape( 770 CheckPointerEscapeFunc checkfn) { 771 PointerEscapeCheckers.push_back(checkfn); 772 } 773 774 void CheckerManager::_registerForEvalAssume(EvalAssumeFunc checkfn) { 775 EvalAssumeCheckers.push_back(checkfn); 776 } 777 778 void CheckerManager::_registerForEvalCall(EvalCallFunc checkfn) { 779 EvalCallCheckers.push_back(checkfn); 780 } 781 782 void CheckerManager::_registerForEndOfTranslationUnit( 783 CheckEndOfTranslationUnit checkfn) { 784 EndOfTranslationUnitCheckers.push_back(checkfn); 785 } 786 787 //===----------------------------------------------------------------------===// 788 // Implementation details. 789 //===----------------------------------------------------------------------===// 790 791 const CheckerManager::CachedStmtCheckers & 792 CheckerManager::getCachedStmtCheckersFor(const Stmt *S, bool isPreVisit) { 793 assert(S); 794 795 unsigned Key = (S->getStmtClass() << 1) | unsigned(isPreVisit); 796 CachedStmtCheckersMapTy::iterator CCI = CachedStmtCheckersMap.find(Key); 797 if (CCI != CachedStmtCheckersMap.end()) 798 return CCI->second; 799 800 // Find the checkers that should run for this Stmt and cache them. 801 CachedStmtCheckers &Checkers = CachedStmtCheckersMap[Key]; 802 for (unsigned i = 0, e = StmtCheckers.size(); i != e; ++i) { 803 StmtCheckerInfo &Info = StmtCheckers[i]; 804 if (Info.IsPreVisit == isPreVisit && Info.IsForStmtFn(S)) 805 Checkers.push_back(Info.CheckFn); 806 } 807 return Checkers; 808 } 809 810 CheckerManager::~CheckerManager() { 811 for (unsigned i = 0, e = CheckerDtors.size(); i != e; ++i) 812 CheckerDtors[i](); 813 } 814