1 //===- ConstraintManager.cpp - Constraints on symbolic values. ------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file defined the interface to manage constraints on symbolic values. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" 14 #include "clang/AST/Type.h" 15 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h" 16 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 17 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h" 18 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h" 19 20 using namespace clang; 21 using namespace ento; 22 23 ConstraintManager::~ConstraintManager() = default; 24 25 static DefinedSVal getLocFromSymbol(const ProgramStateRef &State, 26 SymbolRef Sym) { 27 const MemRegion *R = 28 State->getStateManager().getRegionManager().getSymbolicRegion(Sym); 29 return loc::MemRegionVal(R); 30 } 31 32 ConditionTruthVal ConstraintManager::checkNull(ProgramStateRef State, 33 SymbolRef Sym) { 34 QualType Ty = Sym->getType(); 35 DefinedSVal V = Loc::isLocType(Ty) ? getLocFromSymbol(State, Sym) 36 : nonloc::SymbolVal(Sym); 37 const ProgramStatePair &P = assumeDual(State, V); 38 if (P.first && !P.second) 39 return ConditionTruthVal(false); 40 if (!P.first && P.second) 41 return ConditionTruthVal(true); 42 return {}; 43 } 44 45 template <typename AssumeFunction> 46 ConstraintManager::ProgramStatePair 47 ConstraintManager::assumeDualImpl(ProgramStateRef &State, 48 AssumeFunction &Assume) { 49 ProgramStateRef StTrue = Assume(true); 50 51 if (!StTrue) { 52 ProgramStateRef StFalse = Assume(false); 53 if (LLVM_UNLIKELY(!StFalse)) { // both infeasible 54 ProgramStateRef StInfeasible = State->cloneAsPosteriorlyOverconstrained(); 55 assert(StInfeasible->isPosteriorlyOverconstrained()); 56 // Checkers might rely on the API contract that both returned states 57 // cannot be null. Thus, we return StInfeasible for both branches because 58 // it might happen that a Checker uncoditionally uses one of them if the 59 // other is a nullptr. This may also happen with the non-dual and 60 // adjacent `assume(true)` and `assume(false)` calls. By implementing 61 // assume in therms of assumeDual, we can keep our API contract there as 62 // well. 63 return ProgramStatePair(StInfeasible, StInfeasible); 64 } 65 return ProgramStatePair(nullptr, StFalse); 66 } 67 68 ProgramStateRef StFalse = Assume(false); 69 if (!StFalse) { 70 return ProgramStatePair(StTrue, nullptr); 71 } 72 73 return ProgramStatePair(StTrue, StFalse); 74 } 75 76 ConstraintManager::ProgramStatePair 77 ConstraintManager::assumeDual(ProgramStateRef State, DefinedSVal Cond) { 78 auto AssumeFun = [&](bool Assumption) { 79 return assumeInternal(State, Cond, Assumption); 80 }; 81 return assumeDualImpl(State, AssumeFun); 82 } 83 84 ConstraintManager::ProgramStatePair 85 ConstraintManager::assumeInclusiveRangeDual(ProgramStateRef State, NonLoc Value, 86 const llvm::APSInt &From, 87 const llvm::APSInt &To) { 88 auto AssumeFun = [&](bool Assumption) { 89 return assumeInclusiveRangeInternal(State, Value, From, To, Assumption); 90 }; 91 return assumeDualImpl(State, AssumeFun); 92 } 93 94 ProgramStateRef ConstraintManager::assume(ProgramStateRef State, 95 DefinedSVal Cond, bool Assumption) { 96 ConstraintManager::ProgramStatePair R = assumeDual(State, Cond); 97 return Assumption ? R.first : R.second; 98 } 99 100 ProgramStateRef 101 ConstraintManager::assumeInclusiveRange(ProgramStateRef State, NonLoc Value, 102 const llvm::APSInt &From, 103 const llvm::APSInt &To, bool InBound) { 104 ConstraintManager::ProgramStatePair R = 105 assumeInclusiveRangeDual(State, Value, From, To); 106 return InBound ? R.first : R.second; 107 } 108