1 //===- ConstraintManager.cpp - Constraints on symbolic values. ------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 //  This file defined the interface to manage constraints on symbolic values.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h"
14 #include "clang/AST/Type.h"
15 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
16 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
17 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
19 
20 using namespace clang;
21 using namespace ento;
22 
23 ConstraintManager::~ConstraintManager() = default;
24 
25 static DefinedSVal getLocFromSymbol(const ProgramStateRef &State,
26                                     SymbolRef Sym) {
27   const MemRegion *R =
28       State->getStateManager().getRegionManager().getSymbolicRegion(Sym);
29   return loc::MemRegionVal(R);
30 }
31 
32 ConditionTruthVal ConstraintManager::checkNull(ProgramStateRef State,
33                                                SymbolRef Sym) {
34   QualType Ty = Sym->getType();
35   DefinedSVal V = Loc::isLocType(Ty) ? getLocFromSymbol(State, Sym)
36                                      : nonloc::SymbolVal(Sym);
37   const ProgramStatePair &P = assumeDual(State, V);
38   if (P.first && !P.second)
39     return ConditionTruthVal(false);
40   if (!P.first && P.second)
41     return ConditionTruthVal(true);
42   return {};
43 }
44 
45 ConstraintManager::ProgramStatePair
46 ConstraintManager::assumeDual(ProgramStateRef State, DefinedSVal Cond) {
47   ProgramStateRef StTrue = assumeInternal(State, Cond, true);
48 
49   if (!StTrue) {
50     ProgramStateRef StFalse = assumeInternal(State, Cond, false);
51     if (LLVM_UNLIKELY(!StFalse)) { // both infeasible
52       ProgramStateRef StInfeasible = State->cloneAsPosteriorlyOverconstrained();
53       assert(StInfeasible->isPosteriorlyOverconstrained());
54       // Checkers might rely on the API contract that both returned states
55       // cannot be null. Thus, we return StInfeasible for both branches because
56       // it might happen that a Checker uncoditionally uses one of them if the
57       // other is a nullptr. This may also happen with the non-dual and
58       // adjacent `assume(true)` and `assume(false)` calls. By implementing
59       // assume in therms of assumeDual, we can keep our API contract there as
60       // well.
61       return ProgramStatePair(StInfeasible, StInfeasible);
62     }
63     return ProgramStatePair(nullptr, StFalse);
64   }
65 
66   ProgramStateRef StFalse = assumeInternal(State, Cond, false);
67   if (!StFalse) {
68     return ProgramStatePair(StTrue, nullptr);
69   }
70 
71   return ProgramStatePair(StTrue, StFalse);
72 }
73 
74 ProgramStateRef ConstraintManager::assume(ProgramStateRef State,
75                                           DefinedSVal Cond, bool Assumption) {
76   ConstraintManager::ProgramStatePair R = assumeDual(State, Cond);
77   return Assumption ? R.first : R.second;
78 }
79