Coverage Report

Created: 2019-07-24 05:18

/Users/buildslave/jenkins/workspace/clang-stage2-coverage-R/llvm/tools/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
Line
Count
Source (jump to first uncovered line)
1
//===- MemRegion.cpp - Abstract memory regions for static analysis --------===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
//  This file defines MemRegion and its subclasses.  MemRegion defines a
10
//  partially-typed abstraction of memory useful for path-sensitive dataflow
11
//  analyses.
12
//
13
//===----------------------------------------------------------------------===//
14
15
#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
16
#include "clang/AST/ASTContext.h"
17
#include "clang/AST/Attr.h"
18
#include "clang/AST/CharUnits.h"
19
#include "clang/AST/Decl.h"
20
#include "clang/AST/DeclCXX.h"
21
#include "clang/AST/DeclObjC.h"
22
#include "clang/AST/Expr.h"
23
#include "clang/AST/PrettyPrinter.h"
24
#include "clang/AST/RecordLayout.h"
25
#include "clang/AST/Type.h"
26
#include "clang/Analysis/AnalysisDeclContext.h"
27
#include "clang/Analysis/Support/BumpVector.h"
28
#include "clang/Basic/IdentifierTable.h"
29
#include "clang/Basic/LLVM.h"
30
#include "clang/Basic/SourceManager.h"
31
#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
32
#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
33
#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
34
#include "llvm/ADT/APInt.h"
35
#include "llvm/ADT/FoldingSet.h"
36
#include "llvm/ADT/Optional.h"
37
#include "llvm/ADT/PointerUnion.h"
38
#include "llvm/ADT/SmallString.h"
39
#include "llvm/ADT/StringRef.h"
40
#include "llvm/ADT/Twine.h"
41
#include "llvm/Support/Allocator.h"
42
#include "llvm/Support/Casting.h"
43
#include "llvm/Support/CheckedArithmetic.h"
44
#include "llvm/Support/Compiler.h"
45
#include "llvm/Support/Debug.h"
46
#include "llvm/Support/ErrorHandling.h"
47
#include "llvm/Support/raw_ostream.h"
48
#include <cassert>
49
#include <cstdint>
50
#include <functional>
51
#include <iterator>
52
#include <string>
53
#include <tuple>
54
#include <utility>
55
56
using namespace clang;
57
using namespace ento;
58
59
#define DEBUG_TYPE "MemRegion"
60
61
//===----------------------------------------------------------------------===//
62
// MemRegion Construction.
63
//===----------------------------------------------------------------------===//
64
65
template <typename RegionTy, typename SuperTy, typename Arg1Ty>
66
RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1,
67
501k
                                         const SuperTy *superRegion) {
68
501k
  llvm::FoldingSetNodeID ID;
69
501k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
501k
  void *InsertPos;
71
501k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
501k
73
501k
  if (!R) {
74
91.9k
    R = A.Allocate<RegionTy>();
75
91.9k
    new (R) RegionTy(arg1, superRegion);
76
91.9k
    Regions.InsertNode(R, InsertPos);
77
91.9k
  }
78
501k
79
501k
  return R;
80
501k
}
clang::ento::StringRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::StringRegion, clang::ento::GlobalInternalSpaceRegion, clang::StringLiteral const*>(clang::StringLiteral const*, clang::ento::GlobalInternalSpaceRegion const*)
Line
Count
Source
67
5.18k
                                         const SuperTy *superRegion) {
68
5.18k
  llvm::FoldingSetNodeID ID;
69
5.18k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
5.18k
  void *InsertPos;
71
5.18k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
5.18k
73
5.18k
  if (!R) {
74
2.22k
    R = A.Allocate<RegionTy>();
75
2.22k
    new (R) RegionTy(arg1, superRegion);
76
2.22k
    Regions.InsertNode(R, InsertPos);
77
2.22k
  }
78
5.18k
79
5.18k
  return R;
80
5.18k
}
clang::ento::ObjCStringRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::ObjCStringRegion, clang::ento::GlobalInternalSpaceRegion, clang::ObjCStringLiteral const*>(clang::ObjCStringLiteral const*, clang::ento::GlobalInternalSpaceRegion const*)
Line
Count
Source
67
1.11k
                                         const SuperTy *superRegion) {
68
1.11k
  llvm::FoldingSetNodeID ID;
69
1.11k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
1.11k
  void *InsertPos;
71
1.11k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
1.11k
73
1.11k
  if (!R) {
74
281
    R = A.Allocate<RegionTy>();
75
281
    new (R) RegionTy(arg1, superRegion);
76
281
    Regions.InsertNode(R, InsertPos);
77
281
  }
78
1.11k
79
1.11k
  return R;
80
1.11k
}
clang::ento::VarRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::VarRegion, clang::ento::MemRegion, clang::VarDecl const*>(clang::VarDecl const*, clang::ento::MemRegion const*)
Line
Count
Source
67
213k
                                         const SuperTy *superRegion) {
68
213k
  llvm::FoldingSetNodeID ID;
69
213k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
213k
  void *InsertPos;
71
213k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
213k
73
213k
  if (!R) {
74
36.2k
    R = A.Allocate<RegionTy>();
75
36.2k
    new (R) RegionTy(arg1, superRegion);
76
36.2k
    Regions.InsertNode(R, InsertPos);
77
36.2k
  }
78
213k
79
213k
  return R;
80
213k
}
clang::ento::CXXTempObjectRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::CXXTempObjectRegion, clang::ento::GlobalsSpaceRegion, clang::Expr const*>(clang::Expr const*, clang::ento::GlobalsSpaceRegion const*)
Line
Count
Source
67
15
                                         const SuperTy *superRegion) {
68
15
  llvm::FoldingSetNodeID ID;
69
15
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
15
  void *InsertPos;
71
15
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
15
73
15
  if (!R) {
74
15
    R = A.Allocate<RegionTy>();
75
15
    new (R) RegionTy(arg1, superRegion);
76
15
    Regions.InsertNode(R, InsertPos);
77
15
  }
78
15
79
15
  return R;
80
15
}
clang::ento::CompoundLiteralRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::CompoundLiteralRegion, clang::ento::MemSpaceRegion, clang::CompoundLiteralExpr const*>(clang::CompoundLiteralExpr const*, clang::ento::MemSpaceRegion const*)
Line
Count
Source
67
52
                                         const SuperTy *superRegion) {
68
52
  llvm::FoldingSetNodeID ID;
69
52
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
52
  void *InsertPos;
71
52
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
52
73
52
  if (!R) {
74
48
    R = A.Allocate<RegionTy>();
75
48
    new (R) RegionTy(arg1, superRegion);
76
48
    Regions.InsertNode(R, InsertPos);
77
48
  }
78
52
79
52
  return R;
80
52
}
clang::ento::FunctionCodeRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::FunctionCodeRegion, clang::ento::CodeSpaceRegion, clang::NamedDecl const*>(clang::NamedDecl const*, clang::ento::CodeSpaceRegion const*)
Line
Count
Source
67
54.5k
                                         const SuperTy *superRegion) {
68
54.5k
  llvm::FoldingSetNodeID ID;
69
54.5k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
54.5k
  void *InsertPos;
71
54.5k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
54.5k
73
54.5k
  if (!R) {
74
15.9k
    R = A.Allocate<RegionTy>();
75
15.9k
    new (R) RegionTy(arg1, superRegion);
76
15.9k
    Regions.InsertNode(R, InsertPos);
77
15.9k
  }
78
54.5k
79
54.5k
  return R;
80
54.5k
}
clang::ento::SymbolicRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::SymbolicRegion, clang::ento::UnknownSpaceRegion, clang::ento::SymExpr const*>(clang::ento::SymExpr const*, clang::ento::UnknownSpaceRegion const*)
Line
Count
Source
67
48.0k
                                         const SuperTy *superRegion) {
68
48.0k
  llvm::FoldingSetNodeID ID;
69
48.0k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
48.0k
  void *InsertPos;
71
48.0k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
48.0k
73
48.0k
  if (!R) {
74
11.3k
    R = A.Allocate<RegionTy>();
75
11.3k
    new (R) RegionTy(arg1, superRegion);
76
11.3k
    Regions.InsertNode(R, InsertPos);
77
11.3k
  }
78
48.0k
79
48.0k
  return R;
80
48.0k
}
clang::ento::SymbolicRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::SymbolicRegion, clang::ento::HeapSpaceRegion, clang::ento::SymExpr const*>(clang::ento::SymExpr const*, clang::ento::HeapSpaceRegion const*)
Line
Count
Source
67
1.41k
                                         const SuperTy *superRegion) {
68
1.41k
  llvm::FoldingSetNodeID ID;
69
1.41k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
1.41k
  void *InsertPos;
71
1.41k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
1.41k
73
1.41k
  if (!R) {
74
1.40k
    R = A.Allocate<RegionTy>();
75
1.40k
    new (R) RegionTy(arg1, superRegion);
76
1.40k
    Regions.InsertNode(R, InsertPos);
77
1.40k
  }
78
1.41k
79
1.41k
  return R;
80
1.41k
}
clang::ento::FieldRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::FieldRegion, clang::ento::SubRegion, clang::FieldDecl const*>(clang::FieldDecl const*, clang::ento::SubRegion const*)
Line
Count
Source
67
105k
                                         const SuperTy *superRegion) {
68
105k
  llvm::FoldingSetNodeID ID;
69
105k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
105k
  void *InsertPos;
71
105k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
105k
73
105k
  if (!R) {
74
11.8k
    R = A.Allocate<RegionTy>();
75
11.8k
    new (R) RegionTy(arg1, superRegion);
76
11.8k
    Regions.InsertNode(R, InsertPos);
77
11.8k
  }
78
105k
79
105k
  return R;
80
105k
}
clang::ento::ObjCIvarRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::ObjCIvarRegion, clang::ento::SubRegion, clang::ObjCIvarDecl const*>(clang::ObjCIvarDecl const*, clang::ento::SubRegion const*)
Line
Count
Source
67
1.40k
                                         const SuperTy *superRegion) {
68
1.40k
  llvm::FoldingSetNodeID ID;
69
1.40k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
1.40k
  void *InsertPos;
71
1.40k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
1.40k
73
1.40k
  if (!R) {
74
626
    R = A.Allocate<RegionTy>();
75
626
    new (R) RegionTy(arg1, superRegion);
76
626
    Regions.InsertNode(R, InsertPos);
77
626
  }
78
1.40k
79
1.40k
  return R;
80
1.40k
}
clang::ento::CXXTempObjectRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::CXXTempObjectRegion, clang::ento::StackLocalsSpaceRegion, clang::Expr const*>(clang::Expr const*, clang::ento::StackLocalsSpaceRegion const*)
Line
Count
Source
67
12.1k
                                         const SuperTy *superRegion) {
68
12.1k
  llvm::FoldingSetNodeID ID;
69
12.1k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
12.1k
  void *InsertPos;
71
12.1k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
12.1k
73
12.1k
  if (!R) {
74
2.32k
    R = A.Allocate<RegionTy>();
75
2.32k
    new (R) RegionTy(arg1, superRegion);
76
2.32k
    Regions.InsertNode(R, InsertPos);
77
2.32k
  }
78
12.1k
79
12.1k
  return R;
80
12.1k
}
clang::ento::CXXDerivedObjectRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::CXXDerivedObjectRegion, clang::ento::SubRegion, clang::CXXRecordDecl const*>(clang::CXXRecordDecl const*, clang::ento::SubRegion const*)
Line
Count
Source
67
65
                                         const SuperTy *superRegion) {
68
65
  llvm::FoldingSetNodeID ID;
69
65
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
65
  void *InsertPos;
71
65
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
65
73
65
  if (!R) {
74
32
    R = A.Allocate<RegionTy>();
75
32
    new (R) RegionTy(arg1, superRegion);
76
32
    Regions.InsertNode(R, InsertPos);
77
32
  }
78
65
79
65
  return R;
80
65
}
clang::ento::CXXThisRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::CXXThisRegion, clang::ento::StackArgumentsSpaceRegion, clang::PointerType const*>(clang::PointerType const*, clang::ento::StackArgumentsSpaceRegion const*)
Line
Count
Source
67
58.9k
                                         const SuperTy *superRegion) {
68
58.9k
  llvm::FoldingSetNodeID ID;
69
58.9k
  RegionTy::ProfileRegion(ID, arg1, superRegion);
70
58.9k
  void *InsertPos;
71
58.9k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
72
58.9k
73
58.9k
  if (!R) {
74
9.64k
    R = A.Allocate<RegionTy>();
75
9.64k
    new (R) RegionTy(arg1, superRegion);
76
9.64k
    Regions.InsertNode(R, InsertPos);
77
9.64k
  }
78
58.9k
79
58.9k
  return R;
80
58.9k
}
81
82
template <typename RegionTy, typename SuperTy, typename Arg1Ty, typename Arg2Ty>
83
RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
84
1.96k
                                         const SuperTy *superRegion) {
85
1.96k
  llvm::FoldingSetNodeID ID;
86
1.96k
  RegionTy::ProfileRegion(ID, arg1, arg2, superRegion);
87
1.96k
  void *InsertPos;
88
1.96k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
89
1.96k
90
1.96k
  if (!R) {
91
1.05k
    R = A.Allocate<RegionTy>();
92
1.05k
    new (R) RegionTy(arg1, arg2, superRegion);
93
1.05k
    Regions.InsertNode(R, InsertPos);
94
1.05k
  }
95
1.96k
96
1.96k
  return R;
97
1.96k
}
clang::ento::CXXBaseObjectRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::CXXBaseObjectRegion, clang::ento::SubRegion, clang::CXXRecordDecl const*, bool>(clang::CXXRecordDecl const*, bool, clang::ento::SubRegion const*)
Line
Count
Source
84
1.87k
                                         const SuperTy *superRegion) {
85
1.87k
  llvm::FoldingSetNodeID ID;
86
1.87k
  RegionTy::ProfileRegion(ID, arg1, arg2, superRegion);
87
1.87k
  void *InsertPos;
88
1.87k
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
89
1.87k
90
1.87k
  if (!R) {
91
968
    R = A.Allocate<RegionTy>();
92
968
    new (R) RegionTy(arg1, arg2, superRegion);
93
968
    Regions.InsertNode(R, InsertPos);
94
968
  }
95
1.87k
96
1.87k
  return R;
97
1.87k
}
clang::ento::AllocaRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::AllocaRegion, clang::ento::StackLocalsSpaceRegion, clang::Expr const*, unsigned int>(clang::Expr const*, unsigned int, clang::ento::StackLocalsSpaceRegion const*)
Line
Count
Source
84
91
                                         const SuperTy *superRegion) {
85
91
  llvm::FoldingSetNodeID ID;
86
91
  RegionTy::ProfileRegion(ID, arg1, arg2, superRegion);
87
91
  void *InsertPos;
88
91
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
89
91
90
91
  if (!R) {
91
91
    R = A.Allocate<RegionTy>();
92
91
    new (R) RegionTy(arg1, arg2, superRegion);
93
91
    Regions.InsertNode(R, InsertPos);
94
91
  }
95
91
96
91
  return R;
97
91
}
98
99
template <typename RegionTy, typename SuperTy,
100
          typename Arg1Ty, typename Arg2Ty, typename Arg3Ty>
101
RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
102
                                         const Arg3Ty arg3,
103
759
                                         const SuperTy *superRegion) {
104
759
  llvm::FoldingSetNodeID ID;
105
759
  RegionTy::ProfileRegion(ID, arg1, arg2, arg3, superRegion);
106
759
  void *InsertPos;
107
759
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
108
759
109
759
  if (!R) {
110
711
    R = A.Allocate<RegionTy>();
111
711
    new (R) RegionTy(arg1, arg2, arg3, superRegion);
112
711
    Regions.InsertNode(R, InsertPos);
113
711
  }
114
759
115
759
  return R;
116
759
}
clang::ento::BlockDataRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::BlockDataRegion, clang::ento::MemSpaceRegion, clang::ento::BlockCodeRegion const*, clang::LocationContext const*, unsigned int>(clang::ento::BlockCodeRegion const*, clang::LocationContext const*, unsigned int, clang::ento::MemSpaceRegion const*)
Line
Count
Source
103
373
                                         const SuperTy *superRegion) {
104
373
  llvm::FoldingSetNodeID ID;
105
373
  RegionTy::ProfileRegion(ID, arg1, arg2, arg3, superRegion);
106
373
  void *InsertPos;
107
373
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
108
373
109
373
  if (!R) {
110
359
    R = A.Allocate<RegionTy>();
111
359
    new (R) RegionTy(arg1, arg2, arg3, superRegion);
112
359
    Regions.InsertNode(R, InsertPos);
113
359
  }
114
373
115
373
  return R;
116
373
}
clang::ento::BlockCodeRegion* clang::ento::MemRegionManager::getSubRegion<clang::ento::BlockCodeRegion, clang::ento::CodeSpaceRegion, clang::BlockDecl const*, clang::CanQual<clang::Type>, clang::AnalysisDeclContext*>(clang::BlockDecl const*, clang::CanQual<clang::Type>, clang::AnalysisDeclContext*, clang::ento::CodeSpaceRegion const*)
Line
Count
Source
103
386
                                         const SuperTy *superRegion) {
104
386
  llvm::FoldingSetNodeID ID;
105
386
  RegionTy::ProfileRegion(ID, arg1, arg2, arg3, superRegion);
106
386
  void *InsertPos;
107
386
  auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
108
386
109
386
  if (!R) {
110
352
    R = A.Allocate<RegionTy>();
111
352
    new (R) RegionTy(arg1, arg2, arg3, superRegion);
112
352
    Regions.InsertNode(R, InsertPos);
113
352
  }
114
386
115
386
  return R;
116
386
}
117
118
//===----------------------------------------------------------------------===//
119
// Object destruction.
120
//===----------------------------------------------------------------------===//
121
122
0
MemRegion::~MemRegion() = default;
123
124
// All regions and their data are BumpPtrAllocated.  No need to call their
125
// destructors.
126
10.8k
MemRegionManager::~MemRegionManager() = default;
127
128
//===----------------------------------------------------------------------===//
129
// Basic methods.
130
//===----------------------------------------------------------------------===//
131
132
5.58k
bool SubRegion::isSubRegionOf(const MemRegion* R) const {
133
5.58k
  const MemRegion* r = this;
134
9.74k
  do {
135
9.74k
    if (r == R)
136
2.53k
      return true;
137
7.21k
    if (const auto *sr = dyn_cast<SubRegion>(r))
138
4.15k
      r = sr->getSuperRegion();
139
3.05k
    else
140
3.05k
      break;
141
4.15k
  } while (r != nullptr);
142
5.58k
  
return false3.05k
;
143
5.58k
}
144
145
573k
MemRegionManager* SubRegion::getMemRegionManager() const {
146
573k
  const SubRegion* r = this;
147
795k
  do {
148
795k
    const MemRegion *superRegion = r->getSuperRegion();
149
795k
    if (const auto *sr = dyn_cast<SubRegion>(superRegion)) {
150
221k
      r = sr;
151
221k
      continue;
152
221k
    }
153
573k
    return superRegion->getMemRegionManager();
154
573k
  } while (
true221k
);
155
573k
}
156
157
802k
const StackFrameContext *VarRegion::getStackFrame() const {
158
802k
  const auto *SSR = dyn_cast<StackSpaceRegion>(getMemorySpace());
159
802k
  return SSR ? 
SSR->getStackFrame()717k
:
nullptr84.4k
;
160
802k
}
161
162
//===----------------------------------------------------------------------===//
163
// Region extents.
164
//===----------------------------------------------------------------------===//
165
166
29.3k
DefinedOrUnknownSVal TypedValueRegion::getExtent(SValBuilder &svalBuilder) const {
167
29.3k
  ASTContext &Ctx = svalBuilder.getContext();
168
29.3k
  QualType T = getDesugaredValueType(Ctx);
169
29.3k
170
29.3k
  if (isa<VariableArrayType>(T))
171
44
    return nonloc::SymbolVal(svalBuilder.getSymbolManager().getExtentSymbol(this));
172
29.3k
  if (T->isIncompleteType())
173
4
    return UnknownVal();
174
29.3k
175
29.3k
  CharUnits size = Ctx.getTypeSizeInChars(T);
176
29.3k
  QualType sizeTy = svalBuilder.getArrayIndexType();
177
29.3k
  return svalBuilder.makeIntVal(size.getQuantity(), sizeTy);
178
29.3k
}
179
180
17.3k
DefinedOrUnknownSVal FieldRegion::getExtent(SValBuilder &svalBuilder) const {
181
17.3k
  // Force callers to deal with bitfields explicitly.
182
17.3k
  if (getDecl()->isBitField())
183
37
    return UnknownVal();
184
17.3k
185
17.3k
  DefinedOrUnknownSVal Extent = DeclRegion::getExtent(svalBuilder);
186
17.3k
187
17.3k
  // A zero-length array at the end of a struct often stands for dynamically-
188
17.3k
  // allocated extra memory.
189
17.3k
  if (Extent.isZeroConstant()) {
190
3
    QualType T = getDesugaredValueType(svalBuilder.getContext());
191
3
192
3
    if (isa<ConstantArrayType>(T))
193
3
      return UnknownVal();
194
17.3k
  }
195
17.3k
196
17.3k
  return Extent;
197
17.3k
}
198
199
93
DefinedOrUnknownSVal AllocaRegion::getExtent(SValBuilder &svalBuilder) const {
200
93
  return nonloc::SymbolVal(svalBuilder.getSymbolManager().getExtentSymbol(this));
201
93
}
202
203
1.95k
DefinedOrUnknownSVal SymbolicRegion::getExtent(SValBuilder &svalBuilder) const {
204
1.95k
  return nonloc::SymbolVal(svalBuilder.getSymbolManager().getExtentSymbol(this));
205
1.95k
}
206
207
8
DefinedOrUnknownSVal StringRegion::getExtent(SValBuilder &svalBuilder) const {
208
8
  return svalBuilder.makeIntVal(getStringLiteral()->getByteLength()+1,
209
8
                                svalBuilder.getArrayIndexType());
210
8
}
211
212
ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl *ivd, const SubRegion *sReg)
213
626
    : DeclRegion(ivd, sReg, ObjCIvarRegionKind) {}
214
215
15.0k
const ObjCIvarDecl *ObjCIvarRegion::getDecl() const {
216
15.0k
  return cast<ObjCIvarDecl>(D);
217
15.0k
}
218
219
14.1k
QualType ObjCIvarRegion::getValueType() const {
220
14.1k
  return getDecl()->getType();
221
14.1k
}
222
223
4.92k
QualType CXXBaseObjectRegion::getValueType() const {
224
4.92k
  return QualType(getDecl()->getTypeForDecl(), 0);
225
4.92k
}
226
227
49
QualType CXXDerivedObjectRegion::getValueType() const {
228
49
  return QualType(getDecl()->getTypeForDecl(), 0);
229
49
}
230
231
//===----------------------------------------------------------------------===//
232
// FoldingSet profiling.
233
//===----------------------------------------------------------------------===//
234
235
0
void MemSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
236
0
  ID.AddInteger(static_cast<unsigned>(getKind()));
237
0
}
238
239
0
void StackSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
240
0
  ID.AddInteger(static_cast<unsigned>(getKind()));
241
0
  ID.AddPointer(getStackFrame());
242
0
}
243
244
0
void StaticGlobalSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
245
0
  ID.AddInteger(static_cast<unsigned>(getKind()));
246
0
  ID.AddPointer(getCodeRegion());
247
0
}
248
249
void StringRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
250
                                 const StringLiteral *Str,
251
8.67k
                                 const MemRegion *superRegion) {
252
8.67k
  ID.AddInteger(static_cast<unsigned>(StringRegionKind));
253
8.67k
  ID.AddPointer(Str);
254
8.67k
  ID.AddPointer(superRegion);
255
8.67k
}
256
257
void ObjCStringRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
258
                                     const ObjCStringLiteral *Str,
259
2.11k
                                     const MemRegion *superRegion) {
260
2.11k
  ID.AddInteger(static_cast<unsigned>(ObjCStringRegionKind));
261
2.11k
  ID.AddPointer(Str);
262
2.11k
  ID.AddPointer(superRegion);
263
2.11k
}
264
265
void AllocaRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
266
                                 const Expr *Ex, unsigned cnt,
267
220
                                 const MemRegion *superRegion) {
268
220
  ID.AddInteger(static_cast<unsigned>(AllocaRegionKind));
269
220
  ID.AddPointer(Ex);
270
220
  ID.AddInteger(cnt);
271
220
  ID.AddPointer(superRegion);
272
220
}
273
274
129
void AllocaRegion::Profile(llvm::FoldingSetNodeID& ID) const {
275
129
  ProfileRegion(ID, Ex, Cnt, superRegion);
276
129
}
277
278
10
void CompoundLiteralRegion::Profile(llvm::FoldingSetNodeID& ID) const {
279
10
  CompoundLiteralRegion::ProfileRegion(ID, CL, superRegion);
280
10
}
281
282
void CompoundLiteralRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
283
                                          const CompoundLiteralExpr *CL,
284
62
                                          const MemRegion* superRegion) {
285
62
  ID.AddInteger(static_cast<unsigned>(CompoundLiteralRegionKind));
286
62
  ID.AddPointer(CL);
287
62
  ID.AddPointer(superRegion);
288
62
}
289
290
void CXXThisRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
291
                                  const PointerType *PT,
292
122k
                                  const MemRegion *sRegion) {
293
122k
  ID.AddInteger(static_cast<unsigned>(CXXThisRegionKind));
294
122k
  ID.AddPointer(PT);
295
122k
  ID.AddPointer(sRegion);
296
122k
}
297
298
63.6k
void CXXThisRegion::Profile(llvm::FoldingSetNodeID &ID) const {
299
63.6k
  CXXThisRegion::ProfileRegion(ID, ThisPointerTy, superRegion);
300
63.6k
}
301
302
void ObjCIvarRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
303
                                   const ObjCIvarDecl *ivd,
304
1.40k
                                   const MemRegion* superRegion) {
305
1.40k
  DeclRegion::ProfileRegion(ID, ivd, superRegion, ObjCIvarRegionKind);
306
1.40k
}
307
308
void DeclRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, const Decl *D,
309
704k
                               const MemRegion* superRegion, Kind k) {
310
704k
  ID.AddInteger(static_cast<unsigned>(k));
311
704k
  ID.AddPointer(D);
312
704k
  ID.AddPointer(superRegion);
313
704k
}
314
315
140k
void DeclRegion::Profile(llvm::FoldingSetNodeID& ID) const {
316
140k
  DeclRegion::ProfileRegion(ID, D, superRegion, getKind());
317
140k
}
318
319
244k
void VarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
320
244k
  VarRegion::ProfileRegion(ID, getDecl(), superRegion);
321
244k
}
322
323
void SymbolicRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym,
324
117k
                                   const MemRegion *sreg) {
325
117k
  ID.AddInteger(static_cast<unsigned>(MemRegion::SymbolicRegionKind));
326
117k
  ID.Add(sym);
327
117k
  ID.AddPointer(sreg);
328
117k
}
329
330
67.9k
void SymbolicRegion::Profile(llvm::FoldingSetNodeID& ID) const {
331
67.9k
  SymbolicRegion::ProfileRegion(ID, sym, getSuperRegion());
332
67.9k
}
333
334
void ElementRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
335
                                  QualType ElementType, SVal Idx,
336
152k
                                  const MemRegion* superRegion) {
337
152k
  ID.AddInteger(MemRegion::ElementRegionKind);
338
152k
  ID.Add(ElementType);
339
152k
  ID.AddPointer(superRegion);
340
152k
  Idx.Profile(ID);
341
152k
}
342
343
111k
void ElementRegion::Profile(llvm::FoldingSetNodeID& ID) const {
344
111k
  ElementRegion::ProfileRegion(ID, ElementType, Index, superRegion);
345
111k
}
346
347
void FunctionCodeRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
348
                                       const NamedDecl *FD,
349
101k
                                       const MemRegion*) {
350
101k
  ID.AddInteger(MemRegion::FunctionCodeRegionKind);
351
101k
  ID.AddPointer(FD);
352
101k
}
353
354
47.2k
void FunctionCodeRegion::Profile(llvm::FoldingSetNodeID& ID) const {
355
47.2k
  FunctionCodeRegion::ProfileRegion(ID, FD, superRegion);
356
47.2k
}
357
358
void BlockCodeRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
359
                                    const BlockDecl *BD, CanQualType,
360
                                    const AnalysisDeclContext *AC,
361
460
                                    const MemRegion*) {
362
460
  ID.AddInteger(MemRegion::BlockCodeRegionKind);
363
460
  ID.AddPointer(BD);
364
460
}
365
366
74
void BlockCodeRegion::Profile(llvm::FoldingSetNodeID& ID) const {
367
74
  BlockCodeRegion::ProfileRegion(ID, BD, locTy, AC, superRegion);
368
74
}
369
370
void BlockDataRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
371
                                    const BlockCodeRegion *BC,
372
                                    const LocationContext *LC,
373
                                    unsigned BlkCount,
374
412
                                    const MemRegion *sReg) {
375
412
  ID.AddInteger(MemRegion::BlockDataRegionKind);
376
412
  ID.AddPointer(BC);
377
412
  ID.AddPointer(LC);
378
412
  ID.AddInteger(BlkCount);
379
412
  ID.AddPointer(sReg);
380
412
}
381
382
39
void BlockDataRegion::Profile(llvm::FoldingSetNodeID& ID) const {
383
39
  BlockDataRegion::ProfileRegion(ID, BC, LC, BlockCount, getSuperRegion());
384
39
}
385
386
void CXXTempObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
387
                                        Expr const *Ex,
388
23.7k
                                        const MemRegion *sReg) {
389
23.7k
  ID.AddPointer(Ex);
390
23.7k
  ID.AddPointer(sReg);
391
23.7k
}
392
393
11.5k
void CXXTempObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
394
11.5k
  ProfileRegion(ID, Ex, getSuperRegion());
395
11.5k
}
396
397
void CXXBaseObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
398
                                        const CXXRecordDecl *RD,
399
                                        bool IsVirtual,
400
3.08k
                                        const MemRegion *SReg) {
401
3.08k
  ID.AddPointer(RD);
402
3.08k
  ID.AddBoolean(IsVirtual);
403
3.08k
  ID.AddPointer(SReg);
404
3.08k
}
405
406
1.20k
void CXXBaseObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
407
1.20k
  ProfileRegion(ID, getDecl(), isVirtual(), superRegion);
408
1.20k
}
409
410
void CXXDerivedObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
411
                                           const CXXRecordDecl *RD,
412
104
                                           const MemRegion *SReg) {
413
104
  ID.AddPointer(RD);
414
104
  ID.AddPointer(SReg);
415
104
}
416
417
39
void CXXDerivedObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
418
39
  ProfileRegion(ID, getDecl(), superRegion);
419
39
}
420
421
//===----------------------------------------------------------------------===//
422
// Region anchors.
423
//===----------------------------------------------------------------------===//
424
425
0
void GlobalsSpaceRegion::anchor() {}
426
427
0
void NonStaticGlobalSpaceRegion::anchor() {}
428
429
0
void StackSpaceRegion::anchor() {}
430
431
0
void TypedRegion::anchor() {}
432
433
0
void TypedValueRegion::anchor() {}
434
435
0
void CodeTextRegion::anchor() {}
436
437
0
void SubRegion::anchor() {}
438
439
//===----------------------------------------------------------------------===//
440
// Region pretty-printing.
441
//===----------------------------------------------------------------------===//
442
443
0
LLVM_DUMP_METHOD void MemRegion::dump() const {
444
0
  dumpToStream(llvm::errs());
445
0
}
446
447
40
std::string MemRegion::getString() const {
448
40
  std::string s;
449
40
  llvm::raw_string_ostream os(s);
450
40
  dumpToStream(os);
451
40
  return os.str();
452
40
}
453
454
0
void MemRegion::dumpToStream(raw_ostream &os) const {
455
0
  os << "<Unknown Region>";
456
0
}
457
458
0
void AllocaRegion::dumpToStream(raw_ostream &os) const {
459
0
  os << "alloca{S" << Ex->getID(getContext()) << ',' << Cnt << '}';
460
0
}
461
462
4
void FunctionCodeRegion::dumpToStream(raw_ostream &os) const {
463
4
  os << "code{" << getDecl()->getDeclName().getAsString() << '}';
464
4
}
465
466
0
void BlockCodeRegion::dumpToStream(raw_ostream &os) const {
467
0
  os << "block_code{" << static_cast<const void *>(this) << '}';
468
0
}
469
470
0
void BlockDataRegion::dumpToStream(raw_ostream &os) const {
471
0
  os << "block_data{" << BC;
472
0
  os << "; ";
473
0
  for (BlockDataRegion::referenced_vars_iterator
474
0
         I = referenced_vars_begin(),
475
0
         E = referenced_vars_end(); I != E; ++I)
476
0
    os << "(" << I.getCapturedRegion() << "<-" <<
477
0
                 I.getOriginalRegion() << ") ";
478
0
  os << '}';
479
0
}
480
481
0
void CompoundLiteralRegion::dumpToStream(raw_ostream &os) const {
482
0
  // FIXME: More elaborate pretty-printing.
483
0
  os << "{ S" << CL->getID(getContext()) <<  " }";
484
0
}
485
486
0
void CXXTempObjectRegion::dumpToStream(raw_ostream &os) const {
487
0
  os << "temp_object{" << getValueType().getAsString() << ", "
488
0
     << "S" << Ex->getID(getContext()) << '}';
489
0
}
490
491
0
void CXXBaseObjectRegion::dumpToStream(raw_ostream &os) const {
492
0
  os << "Base{" << superRegion << ',' << getDecl()->getName() << '}';
493
0
}
494
495
0
void CXXDerivedObjectRegion::dumpToStream(raw_ostream &os) const {
496
0
  os << "Derived{" << superRegion << ',' << getDecl()->getName() << '}';
497
0
}
498
499
0
void CXXThisRegion::dumpToStream(raw_ostream &os) const {
500
0
  os << "this";
501
0
}
502
503
0
void ElementRegion::dumpToStream(raw_ostream &os) const {
504
0
  os << "Element{" << superRegion << ','
505
0
     << Index << ',' << getElementType().getAsString() << '}';
506
0
}
507
508
4
void FieldRegion::dumpToStream(raw_ostream &os) const {
509
4
  os << superRegion << "->" << *getDecl();
510
4
}
511
512
0
void ObjCIvarRegion::dumpToStream(raw_ostream &os) const {
513
0
  os << "Ivar{" << superRegion << ',' << *getDecl() << '}';
514
0
}
515
516
1
void StringRegion::dumpToStream(raw_ostream &os) const {
517
1
  assert(Str != nullptr && "Expecting non-null StringLiteral");
518
1
  Str->printPretty(os, nullptr, PrintingPolicy(getContext().getLangOpts()));
519
1
}
520
521
0
void ObjCStringRegion::dumpToStream(raw_ostream &os) const {
522
0
  assert(Str != nullptr && "Expecting non-null ObjCStringLiteral");
523
0
  Str->printPretty(os, nullptr, PrintingPolicy(getContext().getLangOpts()));
524
0
}
525
526
0
void SymbolicRegion::dumpToStream(raw_ostream &os) const {
527
0
  if (isa<HeapSpaceRegion>(getSuperRegion()))
528
0
    os << "Heap";
529
0
  os << "SymRegion{" << sym << '}';
530
0
}
531
532
50
void VarRegion::dumpToStream(raw_ostream &os) const {
533
50
  const auto *VD = cast<VarDecl>(D);
534
50
  if (const IdentifierInfo *ID = VD->getIdentifier())
535
50
    os << ID->getName();
536
0
  else
537
0
    os << "VarRegion{D" << VD->getID() << '}';
538
50
}
539
540
0
LLVM_DUMP_METHOD void RegionRawOffset::dump() const {
541
0
  dumpToStream(llvm::errs());
542
0
}
543
544
0
void RegionRawOffset::dumpToStream(raw_ostream &os) const {
545
0
  os << "raw_offset{" << getRegion() << ',' << getOffset().getQuantity() << '}';
546
0
}
547
548
0
void CodeSpaceRegion::dumpToStream(raw_ostream &os) const {
549
0
  os << "CodeSpaceRegion";
550
0
}
551
552
0
void StaticGlobalSpaceRegion::dumpToStream(raw_ostream &os) const {
553
0
  os << "StaticGlobalsMemSpace{" << CR << '}';
554
0
}
555
556
1
void GlobalInternalSpaceRegion::dumpToStream(raw_ostream &os) const {
557
1
  os << "GlobalInternalSpaceRegion";
558
1
}
559
560
1
void GlobalSystemSpaceRegion::dumpToStream(raw_ostream &os) const {
561
1
  os << "GlobalSystemSpaceRegion";
562
1
}
563
564
0
void GlobalImmutableSpaceRegion::dumpToStream(raw_ostream &os) const {
565
0
  os << "GlobalImmutableSpaceRegion";
566
0
}
567
568
0
void HeapSpaceRegion::dumpToStream(raw_ostream &os) const {
569
0
  os << "HeapSpaceRegion";
570
0
}
571
572
0
void UnknownSpaceRegion::dumpToStream(raw_ostream &os) const {
573
0
  os << "UnknownSpaceRegion";
574
0
}
575
576
0
void StackArgumentsSpaceRegion::dumpToStream(raw_ostream &os) const {
577
0
  os << "StackArgumentsSpaceRegion";
578
0
}
579
580
0
void StackLocalsSpaceRegion::dumpToStream(raw_ostream &os) const {
581
0
  os << "StackLocalsSpaceRegion";
582
0
}
583
584
2.58k
bool MemRegion::canPrintPretty() const {
585
2.58k
  return canPrintPrettyAsExpr();
586
2.58k
}
587
588
106
bool MemRegion::canPrintPrettyAsExpr() const {
589
106
  return false;
590
106
}
591
592
1.31k
void MemRegion::printPretty(raw_ostream &os) const {
593
1.31k
  assert(canPrintPretty() && "This region cannot be printed pretty.");
594
1.31k
  os << "'";
595
1.31k
  printPrettyAsExpr(os);
596
1.31k
  os << "'";
597
1.31k
}
598
599
0
void MemRegion::printPrettyAsExpr(raw_ostream &) const {
600
0
  llvm_unreachable("This region cannot be printed pretty.");
601
0
}
602
603
2.60k
bool VarRegion::canPrintPrettyAsExpr() const {
604
2.60k
  return true;
605
2.60k
}
606
607
1.42k
void VarRegion::printPrettyAsExpr(raw_ostream &os) const {
608
1.42k
  os << getDecl()->getName();
609
1.42k
}
610
611
25
bool ObjCIvarRegion::canPrintPrettyAsExpr() const {
612
25
  return true;
613
25
}
614
615
14
void ObjCIvarRegion::printPrettyAsExpr(raw_ostream &os) const {
616
14
  os << getDecl()->getName();
617
14
}
618
619
120
bool FieldRegion::canPrintPretty() const {
620
120
  return true;
621
120
}
622
623
88
bool FieldRegion::canPrintPrettyAsExpr() const {
624
88
  return superRegion->canPrintPrettyAsExpr();
625
88
}
626
627
60
void FieldRegion::printPrettyAsExpr(raw_ostream &os) const {
628
60
  assert(canPrintPrettyAsExpr());
629
60
  superRegion->printPrettyAsExpr(os);
630
60
  os << "." << getDecl()->getName();
631
60
}
632
633
77
void FieldRegion::printPretty(raw_ostream &os) const {
634
77
  if (canPrintPrettyAsExpr()) {
635
51
    os << "\'";
636
51
    printPrettyAsExpr(os);
637
51
    os << "'";
638
51
  } else {
639
26
    os << "field " << "\'" << getDecl()->getName() << "'";
640
26
  }
641
77
}
642
643
3
bool CXXBaseObjectRegion::canPrintPrettyAsExpr() const {
644
3
  return superRegion->canPrintPrettyAsExpr();
645
3
}
646
647
3
void CXXBaseObjectRegion::printPrettyAsExpr(raw_ostream &os) const {
648
3
  superRegion->printPrettyAsExpr(os);
649
3
}
650
651
0
bool CXXDerivedObjectRegion::canPrintPrettyAsExpr() const {
652
0
  return superRegion->canPrintPrettyAsExpr();
653
0
}
654
655
0
void CXXDerivedObjectRegion::printPrettyAsExpr(raw_ostream &os) const {
656
0
  superRegion->printPrettyAsExpr(os);
657
0
}
658
659
77
std::string MemRegion::getDescriptiveName(bool UseQuotes) const {
660
77
  std::string VariableName;
661
77
  std::string ArrayIndices;
662
77
  const MemRegion *R = this;
663
77
  SmallString<50> buf;
664
77
  llvm::raw_svector_ostream os(buf);
665
77
666
77
  // Obtain array indices to add them to the variable name.
667
77
  const ElementRegion *ER = nullptr;
668
104
  while ((ER = R->getAs<ElementRegion>())) {
669
27
    // Index is a ConcreteInt.
670
27
    if (auto CI = ER->getIndex().getAs<nonloc::ConcreteInt>()) {
671
27
      llvm::SmallString<2> Idx;
672
27
      CI->getValue().toString(Idx);
673
27
      ArrayIndices = (llvm::Twine("[") + Idx.str() + "]" + ArrayIndices).str();
674
27
    }
675
0
    // If not a ConcreteInt, try to obtain the variable
676
0
    // name by calling 'getDescriptiveName' recursively.
677
0
    else {
678
0
      std::string Idx = ER->getDescriptiveName(false);
679
0
      if (!Idx.empty()) {
680
0
        ArrayIndices = (llvm::Twine("[") + Idx + "]" + ArrayIndices).str();
681
0
      }
682
0
    }
683
27
    R = ER->getSuperRegion();
684
27
  }
685
77
686
77
  // Get variable name.
687
77
  if (R && R->canPrintPrettyAsExpr()) {
688
71
    R->printPrettyAsExpr(os);
689
71
    if (UseQuotes)
690
71
      return (llvm::Twine("'") + os.str() + ArrayIndices + "'").str();
691
0
    else
692
0
      return (llvm::Twine(os.str()) + ArrayIndices).str();
693
6
  }
694
6
695
6
  return VariableName;
696
6
}
697
698
34
SourceRange MemRegion::sourceRange() const {
699
34
  const auto *const VR = dyn_cast<VarRegion>(this->getBaseRegion());
700
34
  const auto *const FR = dyn_cast<FieldRegion>(this);
701
34
702
34
  // Check for more specific regions first.
703
34
  // FieldRegion
704
34
  if (FR) {
705
3
    return FR->getDecl()->getSourceRange();
706
3
  }
707
31
  // VarRegion
708
31
  else if (VR) {
709
31
    return VR->getDecl()->getSourceRange();
710
31
  }
711
0
  // Return invalid source range (can be checked by client).
712
0
  else
713
0
    return {};
714
34
}
715
716
//===----------------------------------------------------------------------===//
717
// MemRegionManager methods.
718
//===----------------------------------------------------------------------===//
719
720
template <typename REG>
721
172k
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
172k
  if (!region) {
723
25.8k
    region = A.Allocate<REG>();
724
25.8k
    new (region) REG(this);
725
25.8k
  }
726
172k
727
172k
  return region;
728
172k
}
clang::ento::GlobalSystemSpaceRegion const* clang::ento::MemRegionManager::LazyAllocate<clang::ento::GlobalSystemSpaceRegion>(clang::ento::GlobalSystemSpaceRegion*&)
Line
Count
Source
721
27.5k
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
27.5k
  if (!region) {
723
5.46k
    region = A.Allocate<REG>();
724
5.46k
    new (region) REG(this);
725
5.46k
  }
726
27.5k
727
27.5k
  return region;
728
27.5k
}
clang::ento::GlobalImmutableSpaceRegion const* clang::ento::MemRegionManager::LazyAllocate<clang::ento::GlobalImmutableSpaceRegion>(clang::ento::GlobalImmutableSpaceRegion*&)
Line
Count
Source
721
347
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
347
  if (!region) {
723
216
    region = A.Allocate<REG>();
724
216
    new (region) REG(this);
725
216
  }
726
347
727
347
  return region;
728
347
}
clang::ento::GlobalInternalSpaceRegion const* clang::ento::MemRegionManager::LazyAllocate<clang::ento::GlobalInternalSpaceRegion>(clang::ento::GlobalInternalSpaceRegion*&)
Line
Count
Source
721
37.9k
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
37.9k
  if (!region) {
723
5.59k
    region = A.Allocate<REG>();
724
5.59k
    new (region) REG(this);
725
5.59k
  }
726
37.9k
727
37.9k
  return region;
728
37.9k
}
clang::ento::HeapSpaceRegion const* clang::ento::MemRegionManager::LazyAllocate<clang::ento::HeapSpaceRegion>(clang::ento::HeapSpaceRegion*&)
Line
Count
Source
721
1.41k
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
1.41k
  if (!region) {
723
1.12k
    region = A.Allocate<REG>();
724
1.12k
    new (region) REG(this);
725
1.12k
  }
726
1.41k
727
1.41k
  return region;
728
1.41k
}
clang::ento::UnknownSpaceRegion const* clang::ento::MemRegionManager::LazyAllocate<clang::ento::UnknownSpaceRegion>(clang::ento::UnknownSpaceRegion*&)
Line
Count
Source
721
50.1k
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
50.1k
  if (!region) {
723
6.05k
    region = A.Allocate<REG>();
724
6.05k
    new (region) REG(this);
725
6.05k
  }
726
50.1k
727
50.1k
  return region;
728
50.1k
}
clang::ento::CodeSpaceRegion const* clang::ento::MemRegionManager::LazyAllocate<clang::ento::CodeSpaceRegion>(clang::ento::CodeSpaceRegion*&)
Line
Count
Source
721
54.8k
const REG *MemRegionManager::LazyAllocate(REG*& region) {
722
54.8k
  if (!region) {
723
7.38k
    region = A.Allocate<REG>();
724
7.38k
    new (region) REG(this);
725
7.38k
  }
726
54.8k
727
54.8k
  return region;
728
54.8k
}
729
730
template <typename REG, typename ARG>
731
const REG *MemRegionManager::LazyAllocate(REG*& region, ARG a) {
732
  if (!region) {
733
    region = A.Allocate<REG>();
734
    new (region) REG(this, a);
735
  }
736
737
  return region;
738
}
739
740
const StackLocalsSpaceRegion*
741
131k
MemRegionManager::getStackLocalsRegion(const StackFrameContext *STC) {
742
131k
  assert(STC);
743
131k
  StackLocalsSpaceRegion *&R = StackLocalsSpaceRegions[STC];
744
131k
745
131k
  if (R)
746
122k
    return R;
747
9.52k
748
9.52k
  R = A.Allocate<StackLocalsSpaceRegion>();
749
9.52k
  new (R) StackLocalsSpaceRegion(this, STC);
750
9.52k
  return R;
751
9.52k
}
752
753
const StackArgumentsSpaceRegion *
754
144k
MemRegionManager::getStackArgumentsRegion(const StackFrameContext *STC) {
755
144k
  assert(STC);
756
144k
  StackArgumentsSpaceRegion *&R = StackArgumentsSpaceRegions[STC];
757
144k
758
144k
  if (R)
759
123k
    return R;
760
21.0k
761
21.0k
  R = A.Allocate<StackArgumentsSpaceRegion>();
762
21.0k
  new (R) StackArgumentsSpaceRegion(this, STC);
763
21.0k
  return R;
764
21.0k
}
765
766
const GlobalsSpaceRegion
767
*MemRegionManager::getGlobalsRegion(MemRegion::Kind K,
768
66.5k
                                    const CodeTextRegion *CR) {
769
66.5k
  if (!CR) {
770
65.9k
    if (K == MemRegion::GlobalSystemSpaceRegionKind)
771
27.5k
      return LazyAllocate(SystemGlobals);
772
38.3k
    if (K == MemRegion::GlobalImmutableSpaceRegionKind)
773
347
      return LazyAllocate(ImmutableGlobals);
774
37.9k
    assert(K == MemRegion::GlobalInternalSpaceRegionKind);
775
37.9k
    return LazyAllocate(InternalGlobals);
776
37.9k
  }
777
631
778
631
  assert(K == MemRegion::StaticGlobalSpaceRegionKind);
779
631
  StaticGlobalSpaceRegion *&R = StaticsGlobalSpaceRegions[CR];
780
631
  if (R)
781
466
    return R;
782
165
783
165
  R = A.Allocate<StaticGlobalSpaceRegion>();
784
165
  new (R) StaticGlobalSpaceRegion(this, CR);
785
165
  return R;
786
165
}
787
788
1.41k
const HeapSpaceRegion *MemRegionManager::getHeapRegion() {
789
1.41k
  return LazyAllocate(heap);
790
1.41k
}
791
792
50.1k
const UnknownSpaceRegion *MemRegionManager::getUnknownRegion() {
793
50.1k
  return LazyAllocate(unknown);
794
50.1k
}
795
796
54.8k
const CodeSpaceRegion *MemRegionManager::getCodeRegion() {
797
54.8k
  return LazyAllocate(code);
798
54.8k
}
799
800
//===----------------------------------------------------------------------===//
801
// Constructing regions.
802
//===----------------------------------------------------------------------===//
803
804
5.18k
const StringRegion *MemRegionManager::getStringRegion(const StringLiteral *Str){
805
5.18k
  return getSubRegion<StringRegion>(
806
5.18k
      Str, cast<GlobalInternalSpaceRegion>(getGlobalsRegion()));
807
5.18k
}
808
809
const ObjCStringRegion *
810
1.11k
MemRegionManager::getObjCStringRegion(const ObjCStringLiteral *Str){
811
1.11k
  return getSubRegion<ObjCStringRegion>(
812
1.11k
      Str, cast<GlobalInternalSpaceRegion>(getGlobalsRegion()));
813
1.11k
}
814
815
/// Look through a chain of LocationContexts to either find the
816
/// StackFrameContext that matches a DeclContext, or find a VarRegion
817
/// for a variable captured by a block.
818
static llvm::PointerUnion<const StackFrameContext *, const VarRegion *>
819
getStackOrCaptureRegionForDeclContext(const LocationContext *LC,
820
                                      const DeclContext *DC,
821
205k
                                      const VarDecl *VD) {
822
205k
  while (LC) {
823
205k
    if (const auto *SFC = dyn_cast<StackFrameContext>(LC)) {
824
205k
      if (cast<DeclContext>(SFC->getDecl()) == DC)
825
205k
        return SFC;
826
566
    }
827
566
    if (const auto *BC = dyn_cast<BlockInvocationContext>(LC)) {
828
161
      const auto *BR =
829
161
          static_cast<const BlockDataRegion *>(BC->getContextData());
830
161
      // FIXME: This can be made more efficient.
831
161
      for (BlockDataRegion::referenced_vars_iterator
832
161
           I = BR->referenced_vars_begin(),
833
203
           E = BR->referenced_vars_end(); I != E; 
++I42
) {
834
203
        const VarRegion *VR = I.getOriginalRegion();
835
203
        if (VR->getDecl() == VD)
836
161
          return cast<VarRegion>(I.getCapturedRegion());
837
203
      }
838
161
    }
839
566
840
566
    LC = LC->getParent();
841
405
  }
842
205k
  
return (const StackFrameContext *)nullptr189
;
843
205k
}
844
845
const VarRegion* MemRegionManager::getVarRegion(const VarDecl *D,
846
212k
                                                const LocationContext *LC) {
847
212k
  D = D->getCanonicalDecl();
848
212k
  const MemRegion *sReg = nullptr;
849
212k
850
212k
  if (D->hasGlobalStorage() && 
!D->isStaticLocal()8.14k
) {
851
7.49k
852
7.49k
    // First handle the globals defined in system headers.
853
7.49k
    if (C.getSourceManager().isInSystemHeader(D->getLocation())) {
854
59
      // Whitelist the system globals which often DO GET modified, assume the
855
59
      // rest are immutable.
856
59
      if (D->getName().find("errno") != StringRef::npos)
857
6
        sReg = getGlobalsRegion(MemRegion::GlobalSystemSpaceRegionKind);
858
53
      else
859
53
        sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind);
860
59
861
59
    // Treat other globals as GlobalInternal unless they are constants.
862
7.43k
    } else {
863
7.43k
      QualType GQT = D->getType();
864
7.43k
      const Type *GT = GQT.getTypePtrOrNull();
865
7.43k
      // TODO: We could walk the complex types here and see if everything is
866
7.43k
      // constified.
867
7.43k
      if (GT && GQT.isConstQualified() && 
GT->isArithmeticType()405
)
868
146
        sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind);
869
7.28k
      else
870
7.28k
        sReg = getGlobalsRegion();
871
7.43k
    }
872
7.49k
873
7.49k
  // Finally handle static locals.
874
205k
  } else {
875
205k
    // FIXME: Once we implement scope handling, we will need to properly lookup
876
205k
    // 'D' to the proper LocationContext.
877
205k
    const DeclContext *DC = D->getDeclContext();
878
205k
    llvm::PointerUnion<const StackFrameContext *, const VarRegion *> V =
879
205k
      getStackOrCaptureRegionForDeclContext(LC, DC, D);
880
205k
881
205k
    if (V.is<const VarRegion*>())
882
161
      return V.get<const VarRegion*>();
883
205k
884
205k
    const auto *STC = V.get<const StackFrameContext *>();
885
205k
886
205k
    if (!STC) {
887
189
      // FIXME: Assign a more sensible memory space to static locals
888
189
      // we see from within blocks that we analyze as top-level declarations.
889
189
      sReg = getUnknownRegion();
890
205k
    } else {
891
205k
      if (D->hasLocalStorage()) {
892
204k
        sReg = isa<ParmVarDecl>(D) || 
isa<ImplicitParamDecl>(D)125k
893
204k
               ? 
static_cast<const MemRegion*>(getStackArgumentsRegion(STC))85.5k
894
204k
               : 
static_cast<const MemRegion*>(getStackLocalsRegion(STC))118k
;
895
204k
      }
896
631
      else {
897
631
        assert(D->isStaticLocal());
898
631
        const Decl *STCD = STC->getDecl();
899
631
        if (isa<FunctionDecl>(STCD) || 
isa<ObjCMethodDecl>(STCD)82
)
900
618
          sReg = getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,
901
618
                                  getFunctionCodeRegion(cast<NamedDecl>(STCD)));
902
13
        else if (const auto *BD = dyn_cast<BlockDecl>(STCD)) {
903
13
          // FIXME: The fallback type here is totally bogus -- though it should
904
13
          // never be queried, it will prevent uniquing with the real
905
13
          // BlockCodeRegion. Ideally we'd fix the AST so that we always had a
906
13
          // signature.
907
13
          QualType T;
908
13
          if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())
909
11
            T = TSI->getType();
910
13
          if (T.isNull())
911
2
            T = getContext().VoidTy;
912
13
          if (!T->getAs<FunctionType>())
913
5
            T = getContext().getFunctionNoProtoType(T);
914
13
          T = getContext().getBlockPointerType(T);
915
13
916
13
          const BlockCodeRegion *BTR =
917
13
            getBlockCodeRegion(BD, C.getCanonicalType(T),
918
13
                               STC->getAnalysisDeclContext());
919
13
          sReg = getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,
920
13
                                  BTR);
921
13
        }
922
0
        else {
923
0
          sReg = getGlobalsRegion();
924
0
        }
925
631
      }
926
205k
    }
927
205k
  }
928
212k
929
212k
  
return getSubRegion<VarRegion>(D, sReg)212k
;
930
212k
}
931
932
const VarRegion *MemRegionManager::getVarRegion(const VarDecl *D,
933
190
                                                const MemRegion *superR) {
934
190
  D = D->getCanonicalDecl();
935
190
  return getSubRegion<VarRegion>(D, superR);
936
190
}
937
938
const BlockDataRegion *
939
MemRegionManager::getBlockDataRegion(const BlockCodeRegion *BC,
940
                                     const LocationContext *LC,
941
373
                                     unsigned blockCount) {
942
373
  const MemSpaceRegion *sReg = nullptr;
943
373
  const BlockDecl *BD = BC->getDecl();
944
373
  if (!BD->hasCaptures()) {
945
148
    // This handles 'static' blocks.
946
148
    sReg = getGlobalsRegion(MemRegion::GlobalImmutableSpaceRegionKind);
947
148
  }
948
225
  else {
949
225
    if (LC) {
950
225
      // FIXME: Once we implement scope handling, we want the parent region
951
225
      // to be the scope.
952
225
      const StackFrameContext *STC = LC->getStackFrame();
953
225
      assert(STC);
954
225
      sReg = getStackLocalsRegion(STC);
955
225
    }
956
0
    else {
957
0
      // We allow 'LC' to be NULL for cases where want BlockDataRegions
958
0
      // without context-sensitivity.
959
0
      sReg = getUnknownRegion();
960
0
    }
961
225
  }
962
373
963
373
  return getSubRegion<BlockDataRegion>(BC, LC, blockCount, sReg);
964
373
}
965
966
const CXXTempObjectRegion *
967
15
MemRegionManager::getCXXStaticTempObjectRegion(const Expr *Ex) {
968
15
  return getSubRegion<CXXTempObjectRegion>(
969
15
      Ex, getGlobalsRegion(MemRegion::GlobalInternalSpaceRegionKind, nullptr));
970
15
}
971
972
const CompoundLiteralRegion*
973
MemRegionManager::getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
974
52
                                           const LocationContext *LC) {
975
52
  const MemSpaceRegion *sReg = nullptr;
976
52
977
52
  if (CL->isFileScope())
978
0
    sReg = getGlobalsRegion();
979
52
  else {
980
52
    const StackFrameContext *STC = LC->getStackFrame();
981
52
    assert(STC);
982
52
    sReg = getStackLocalsRegion(STC);
983
52
  }
984
52
985
52
  return getSubRegion<CompoundLiteralRegion>(CL, sReg);
986
52
}
987
988
const ElementRegion*
989
MemRegionManager::getElementRegion(QualType elementType, NonLoc Idx,
990
                                   const SubRegion* superRegion,
991
41.4k
                                   ASTContext &Ctx){
992
41.4k
  QualType T = Ctx.getCanonicalType(elementType).getUnqualifiedType();
993
41.4k
994
41.4k
  llvm::FoldingSetNodeID ID;
995
41.4k
  ElementRegion::ProfileRegion(ID, T, Idx, superRegion);
996
41.4k
997
41.4k
  void *InsertPos;
998
41.4k
  MemRegion* data = Regions.FindNodeOrInsertPos(ID, InsertPos);
999
41.4k
  auto *R = cast_or_null<ElementRegion>(data);
1000
41.4k
1001
41.4k
  if (!R) {
1002
10.3k
    R = A.Allocate<ElementRegion>();
1003
10.3k
    new (R) ElementRegion(T, Idx, superRegion);
1004
10.3k
    Regions.InsertNode(R, InsertPos);
1005
10.3k
  }
1006
41.4k
1007
41.4k
  return R;
1008
41.4k
}
1009
1010
const FunctionCodeRegion *
1011
54.5k
MemRegionManager::getFunctionCodeRegion(const NamedDecl *FD) {
1012
54.5k
  // To think: should we canonicalize the declaration here?
1013
54.5k
  return getSubRegion<FunctionCodeRegion>(FD, getCodeRegion());
1014
54.5k
}
1015
1016
const BlockCodeRegion *
1017
MemRegionManager::getBlockCodeRegion(const BlockDecl *BD, CanQualType locTy,
1018
386
                                     AnalysisDeclContext *AC) {
1019
386
  return getSubRegion<BlockCodeRegion>(BD, locTy, AC, getCodeRegion());
1020
386
}
1021
1022
/// getSymbolicRegion - Retrieve or create a "symbolic" memory region.
1023
48.0k
const SymbolicRegion *MemRegionManager::getSymbolicRegion(SymbolRef sym) {
1024
48.0k
  return getSubRegion<SymbolicRegion>(sym, getUnknownRegion());
1025
48.0k
}
1026
1027
1.41k
const SymbolicRegion *MemRegionManager::getSymbolicHeapRegion(SymbolRef Sym) {
1028
1.41k
  return getSubRegion<SymbolicRegion>(Sym, getHeapRegion());
1029
1.41k
}
1030
1031
const FieldRegion*
1032
MemRegionManager::getFieldRegion(const FieldDecl *d,
1033
105k
                                 const SubRegion* superRegion){
1034
105k
  return getSubRegion<FieldRegion>(d, superRegion);
1035
105k
}
1036
1037
const ObjCIvarRegion*
1038
MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl *d,
1039
1.40k
                                    const SubRegion* superRegion) {
1040
1.40k
  return getSubRegion<ObjCIvarRegion>(d, superRegion);
1041
1.40k
}
1042
1043
const CXXTempObjectRegion*
1044
MemRegionManager::getCXXTempObjectRegion(Expr const *E,
1045
12.1k
                                         LocationContext const *LC) {
1046
12.1k
  const StackFrameContext *SFC = LC->getStackFrame();
1047
12.1k
  assert(SFC);
1048
12.1k
  return getSubRegion<CXXTempObjectRegion>(E, getStackLocalsRegion(SFC));
1049
12.1k
}
1050
1051
/// Checks whether \p BaseClass is a valid virtual or direct non-virtual base
1052
/// class of the type of \p Super.
1053
static bool isValidBaseClass(const CXXRecordDecl *BaseClass,
1054
                             const TypedValueRegion *Super,
1055
0
                             bool IsVirtual) {
1056
0
  BaseClass = BaseClass->getCanonicalDecl();
1057
0
1058
0
  const CXXRecordDecl *Class = Super->getValueType()->getAsCXXRecordDecl();
1059
0
  if (!Class)
1060
0
    return true;
1061
0
1062
0
  if (IsVirtual)
1063
0
    return Class->isVirtuallyDerivedFrom(BaseClass);
1064
0
1065
0
  for (const auto &I : Class->bases()) {
1066
0
    if (I.getType()->getAsCXXRecordDecl()->getCanonicalDecl() == BaseClass)
1067
0
      return true;
1068
0
  }
1069
0
1070
0
  return false;
1071
0
}
1072
1073
const CXXBaseObjectRegion *
1074
MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *RD,
1075
                                         const SubRegion *Super,
1076
1.87k
                                         bool IsVirtual) {
1077
1.87k
  if (isa<TypedValueRegion>(Super)) {
1078
1.50k
    assert(isValidBaseClass(RD, dyn_cast<TypedValueRegion>(Super), IsVirtual));
1079
1.50k
    (void)&isValidBaseClass;
1080
1.50k
1081
1.50k
    if (IsVirtual) {
1082
157
      // Virtual base regions should not be layered, since the layout rules
1083
157
      // are different.
1084
195
      while (const auto *Base = dyn_cast<CXXBaseObjectRegion>(Super))
1085
38
        Super = cast<SubRegion>(Base->getSuperRegion());
1086
157
      assert(Super && !isa<MemSpaceRegion>(Super));
1087
157
    }
1088
1.50k
  }
1089
1.87k
1090
1.87k
  return getSubRegion<CXXBaseObjectRegion>(RD, IsVirtual, Super);
1091
1.87k
}
1092
1093
const CXXDerivedObjectRegion *
1094
MemRegionManager::getCXXDerivedObjectRegion(const CXXRecordDecl *RD,
1095
65
                                            const SubRegion *Super) {
1096
65
  return getSubRegion<CXXDerivedObjectRegion>(RD, Super);
1097
65
}
1098
1099
const CXXThisRegion*
1100
MemRegionManager::getCXXThisRegion(QualType thisPointerTy,
1101
58.9k
                                   const LocationContext *LC) {
1102
58.9k
  const auto *PT = thisPointerTy->getAs<PointerType>();
1103
58.9k
  assert(PT);
1104
58.9k
  // Inside the body of the operator() of a lambda a this expr might refer to an
1105
58.9k
  // object in one of the parent location contexts.
1106
58.9k
  const auto *D = dyn_cast<CXXMethodDecl>(LC->getDecl());
1107
58.9k
  // FIXME: when operator() of lambda is analyzed as a top level function and
1108
58.9k
  // 'this' refers to a this to the enclosing scope, there is no right region to
1109
58.9k
  // return.
1110
59.0k
  while (!LC->inTopFrame() && 
(57.2k
!D57.2k
||
D->isStatic()57.2k
||
1111
57.2k
                               
PT != D->getThisType()->getAs<PointerType>()57.1k
)) {
1112
80
    LC = LC->getParent();
1113
80
    D = dyn_cast<CXXMethodDecl>(LC->getDecl());
1114
80
  }
1115
58.9k
  const StackFrameContext *STC = LC->getStackFrame();
1116
58.9k
  assert(STC);
1117
58.9k
  return getSubRegion<CXXThisRegion>(PT, getStackArgumentsRegion(STC));
1118
58.9k
}
1119
1120
const AllocaRegion*
1121
MemRegionManager::getAllocaRegion(const Expr *E, unsigned cnt,
1122
91
                                  const LocationContext *LC) {
1123
91
  const StackFrameContext *STC = LC->getStackFrame();
1124
91
  assert(STC);
1125
91
  return getSubRegion<AllocaRegion>(E, cnt, getStackLocalsRegion(STC));
1126
91
}
1127
1128
1.41M
const MemSpaceRegion *MemRegion::getMemorySpace() const {
1129
1.41M
  const MemRegion *R = this;
1130
1.41M
  const auto *SR = dyn_cast<SubRegion>(this);
1131
1.41M
1132
2.91M
  while (SR) {
1133
1.50M
    R = SR->getSuperRegion();
1134
1.50M
    SR = dyn_cast<SubRegion>(R);
1135
1.50M
  }
1136
1.41M
1137
1.41M
  return dyn_cast<MemSpaceRegion>(R);
1138
1.41M
}
1139
1140
69.1k
bool MemRegion::hasStackStorage() const {
1141
69.1k
  return isa<StackSpaceRegion>(getMemorySpace());
1142
69.1k
}
1143
1144
57.5k
bool MemRegion::hasStackNonParametersStorage() const {
1145
57.5k
  return isa<StackLocalsSpaceRegion>(getMemorySpace());
1146
57.5k
}
1147
1148
52.6k
bool MemRegion::hasStackParametersStorage() const {
1149
52.6k
  return isa<StackArgumentsSpaceRegion>(getMemorySpace());
1150
52.6k
}
1151
1152
0
bool MemRegion::hasGlobalsOrParametersStorage() const {
1153
0
  const MemSpaceRegion *MS = getMemorySpace();
1154
0
  return isa<StackArgumentsSpaceRegion>(MS) ||
1155
0
         isa<GlobalsSpaceRegion>(MS);
1156
0
}
1157
1158
// getBaseRegion strips away all elements and fields, and get the base region
1159
// of them.
1160
4.96M
const MemRegion *MemRegion::getBaseRegion() const {
1161
4.96M
  const MemRegion *R = this;
1162
7.33M
  while (true) {
1163
7.33M
    switch (R->getKind()) {
1164
7.33M
      case MemRegion::ElementRegionKind:
1165
2.36M
      case MemRegion::FieldRegionKind:
1166
2.36M
      case MemRegion::ObjCIvarRegionKind:
1167
2.36M
      case MemRegion::CXXBaseObjectRegionKind:
1168
2.36M
      case MemRegion::CXXDerivedObjectRegionKind:
1169
2.36M
        R = cast<SubRegion>(R)->getSuperRegion();
1170
2.36M
        continue;
1171
4.96M
      default:
1172
4.96M
        break;
1173
4.96M
    }
1174
4.96M
    break;
1175
4.96M
  }
1176
4.96M
  return R;
1177
4.96M
}
1178
1179
// getgetMostDerivedObjectRegion gets the region of the root class of a C++
1180
// class hierarchy.
1181
8.82k
const MemRegion *MemRegion::getMostDerivedObjectRegion() const {
1182
8.82k
  const MemRegion *R = this;
1183
8.92k
  while (const auto *BR = dyn_cast<CXXBaseObjectRegion>(R))
1184
94
    R = BR->getSuperRegion();
1185
8.82k
  return R;
1186
8.82k
}
1187
1188
0
bool MemRegion::isSubRegionOf(const MemRegion *) const {
1189
0
  return false;
1190
0
}
1191
1192
//===----------------------------------------------------------------------===//
1193
// View handling.
1194
//===----------------------------------------------------------------------===//
1195
1196
252k
const MemRegion *MemRegion::StripCasts(bool StripBaseAndDerivedCasts) const {
1197
252k
  const MemRegion *R = this;
1198
282k
  while (true) {
1199
282k
    switch (R->getKind()) {
1200
282k
    case ElementRegionKind: {
1201
60.1k
      const auto *ER = cast<ElementRegion>(R);
1202
60.1k
      if (!ER->getIndex().isZeroConstant())
1203
32.6k
        return R;
1204
27.5k
      R = ER->getSuperRegion();
1205
27.5k
      break;
1206
27.5k
    }
1207
27.5k
    case CXXBaseObjectRegionKind:
1208
2.41k
    case CXXDerivedObjectRegionKind:
1209
2.41k
      if (!StripBaseAndDerivedCasts)
1210
0
        return R;
1211
2.41k
      R = cast<TypedValueRegion>(R)->getSuperRegion();
1212
2.41k
      break;
1213
219k
    default:
1214
219k
      return R;
1215
282k
    }
1216
282k
  }
1217
252k
}
1218
1219
1.39M
const SymbolicRegion *MemRegion::getSymbolicBase() const {
1220
1.39M
  const auto *SubR = dyn_cast<SubRegion>(this);
1221
1.39M
1222
3.03M
  while (SubR) {
1223
1.84M
    if (const auto *SymR = dyn_cast<SymbolicRegion>(SubR))
1224
204k
      return SymR;
1225
1.64M
    SubR = dyn_cast<SubRegion>(SubR->getSuperRegion());
1226
1.64M
  }
1227
1.39M
  
return nullptr1.18M
;
1228
1.39M
}
1229
1230
8.65k
RegionRawOffset ElementRegion::getAsArrayOffset() const {
1231
8.65k
  int64_t offset = 0;
1232
8.65k
  const ElementRegion *ER = this;
1233
8.65k
  const MemRegion *superR = nullptr;
1234
8.65k
  ASTContext &C = getContext();
1235
8.65k
1236
8.65k
  // FIXME: Handle multi-dimensional arrays.
1237
8.65k
1238
14.6k
  while (ER) {
1239
9.13k
    superR = ER->getSuperRegion();
1240
9.13k
1241
9.13k
    // FIXME: generalize to symbolic offsets.
1242
9.13k
    SVal index = ER->getIndex();
1243
9.13k
    if (auto CI = index.getAs<nonloc::ConcreteInt>()) {
1244
6.04k
      // Update the offset.
1245
6.04k
      int64_t i = CI->getValue().getSExtValue();
1246
6.04k
1247
6.04k
      if (i != 0) {
1248
3.10k
        QualType elemType = ER->getElementType();
1249
3.10k
1250
3.10k
        // If we are pointing to an incomplete type, go no further.
1251
3.10k
        if (elemType->isIncompleteType()) {
1252
0
          superR = ER;
1253
0
          break;
1254
0
        }
1255
3.10k
1256
3.10k
        int64_t size = C.getTypeSizeInChars(elemType).getQuantity();
1257
3.10k
        if (auto NewOffset = llvm::checkedMulAdd(i, size, offset)) {
1258
3.10k
          offset = *NewOffset;
1259
3.10k
        } else {
1260
6
          LLVM_DEBUG(llvm::dbgs() << "MemRegion::getAsArrayOffset: "
1261
6
                                  << "offset overflowing, returning unknown\n");
1262
6
1263
6
          return nullptr;
1264
6
        }
1265
6.04k
      }
1266
6.04k
1267
6.04k
      // Go to the next ElementRegion (if any).
1268
6.04k
      ER = dyn_cast<ElementRegion>(superR);
1269
6.04k
      continue;
1270
6.04k
    }
1271
3.08k
1272
3.08k
    return nullptr;
1273
3.08k
  }
1274
8.65k
1275
8.65k
  assert(superR && "super region cannot be NULL");
1276
5.56k
  return RegionRawOffset(superR, CharUnits::fromQuantity(offset));
1277
8.65k
}
1278
1279
/// Returns true if \p Base is an immediate base class of \p Child
1280
static bool isImmediateBase(const CXXRecordDecl *Child,
1281
144
                            const CXXRecordDecl *Base) {
1282
144
  assert(Child && "Child must not be null");
1283
144
  // Note that we do NOT canonicalize the base class here, because
1284
144
  // ASTRecordLayout doesn't either. If that leads us down the wrong path,
1285
144
  // so be it; at least we won't crash.
1286
160
  for (const auto &I : Child->bases()) {
1287
160
    if (I.getType()->getAsCXXRecordDecl() == Base)
1288
134
      return true;
1289
160
  }
1290
144
1291
144
  
return false10
;
1292
144
}
1293
1294
83.4k
static RegionOffset calculateOffset(const MemRegion *R) {
1295
83.4k
  const MemRegion *SymbolicOffsetBase = nullptr;
1296
83.4k
  int64_t Offset = 0;
1297
83.4k
1298
104k
  while (true) {
1299
104k
    switch (R->getKind()) {
1300
104k
    case MemRegion::CodeSpaceRegionKind:
1301
12.7k
    case MemRegion::StackLocalsSpaceRegionKind:
1302
12.7k
    case MemRegion::StackArgumentsSpaceRegionKind:
1303
12.7k
    case MemRegion::HeapSpaceRegionKind:
1304
12.7k
    case MemRegion::UnknownSpaceRegionKind:
1305
12.7k
    case MemRegion::StaticGlobalSpaceRegionKind:
1306
12.7k
    case MemRegion::GlobalInternalSpaceRegionKind:
1307
12.7k
    case MemRegion::GlobalSystemSpaceRegionKind:
1308
12.7k
    case MemRegion::GlobalImmutableSpaceRegionKind:
1309
12.7k
      // Stores can bind directly to a region space to set a default value.
1310
12.7k
      assert(Offset == 0 && !SymbolicOffsetBase);
1311
12.7k
      goto Finish;
1312
12.7k
1313
12.7k
    case MemRegion::FunctionCodeRegionKind:
1314
16
    case MemRegion::BlockCodeRegionKind:
1315
16
    case MemRegion::BlockDataRegionKind:
1316
16
      // These will never have bindings, but may end up having values requested
1317
16
      // if the user does some strange casting.
1318
16
      if (Offset != 0)
1319
6
        SymbolicOffsetBase = R;
1320
16
      goto Finish;
1321
16
1322
70.0k
    case MemRegion::SymbolicRegionKind:
1323
70.0k
    case MemRegion::AllocaRegionKind:
1324
70.0k
    case MemRegion::CompoundLiteralRegionKind:
1325
70.0k
    case MemRegion::CXXThisRegionKind:
1326
70.0k
    case MemRegion::StringRegionKind:
1327
70.0k
    case MemRegion::ObjCStringRegionKind:
1328
70.0k
    case MemRegion::VarRegionKind:
1329
70.0k
    case MemRegion::CXXTempObjectRegionKind:
1330
70.0k
      // Usual base regions.
1331
70.0k
      goto Finish;
1332
70.0k
1333
70.0k
    case MemRegion::ObjCIvarRegionKind:
1334
615
      // This is a little strange, but it's a compromise between
1335
615
      // ObjCIvarRegions having unknown compile-time offsets (when using the
1336
615
      // non-fragile runtime) and yet still being distinct, non-overlapping
1337
615
      // regions. Thus we treat them as "like" base regions for the purposes
1338
615
      // of computing offsets.
1339
615
      goto Finish;
1340
70.0k
1341
70.0k
    case MemRegion::CXXBaseObjectRegionKind: {
1342
1.37k
      const auto *BOR = cast<CXXBaseObjectRegion>(R);
1343
1.37k
      R = BOR->getSuperRegion();
1344
1.37k
1345
1.37k
      QualType Ty;
1346
1.37k
      bool RootIsSymbolic = false;
1347
1.37k
      if (const auto *TVR = dyn_cast<TypedValueRegion>(R)) {
1348
1.20k
        Ty = TVR->getDesugaredValueType(R->getContext());
1349
1.20k
      } else 
if (const auto *176
SR176
= dyn_cast<SymbolicRegion>(R)) {
1350
176
        // If our base region is symbolic, we don't know what type it really is.
1351
176
        // Pretend the type of the symbol is the true dynamic type.
1352
176
        // (This will at least be self-consistent for the life of the symbol.)
1353
176
        Ty = SR->getSymbol()->getType()->getPointeeType();
1354
176
        RootIsSymbolic = true;
1355
176
      }
1356
1.37k
1357
1.37k
      const CXXRecordDecl *Child = Ty->getAsCXXRecordDecl();
1358
1.37k
      if (!Child) {
1359
0
        // We cannot compute the offset of the base class.
1360
0
        SymbolicOffsetBase = R;
1361
1.37k
      } else {
1362
1.37k
        if (RootIsSymbolic) {
1363
176
          // Base layers on symbolic regions may not be type-correct.
1364
176
          // Double-check the inheritance here, and revert to a symbolic offset
1365
176
          // if it's invalid (e.g. due to a reinterpret_cast).
1366
176
          if (BOR->isVirtual()) {
1367
32
            if (!Child->isVirtuallyDerivedFrom(BOR->getDecl()))
1368
0
              SymbolicOffsetBase = R;
1369
144
          } else {
1370
144
            if (!isImmediateBase(Child, BOR->getDecl()))
1371
10
              SymbolicOffsetBase = R;
1372
144
          }
1373
176
        }
1374
1.37k
      }
1375
1.37k
1376
1.37k
      // Don't bother calculating precise offsets if we already have a
1377
1.37k
      // symbolic offset somewhere in the chain.
1378
1.37k
      if (SymbolicOffsetBase)
1379
13
        continue;
1380
1.36k
1381
1.36k
      CharUnits BaseOffset;
1382
1.36k
      const ASTRecordLayout &Layout = R->getContext().getASTRecordLayout(Child);
1383
1.36k
      if (BOR->isVirtual())
1384
93
        BaseOffset = Layout.getVBaseClassOffset(BOR->getDecl());
1385
1.27k
      else
1386
1.27k
        BaseOffset = Layout.getBaseClassOffset(BOR->getDecl());
1387
1.36k
1388
1.36k
      // The base offset is in chars, not in bits.
1389
1.36k
      Offset += BaseOffset.getQuantity() * R->getContext().getCharWidth();
1390
1.36k
      break;
1391
1.36k
    }
1392
1.36k
1393
1.36k
    case MemRegion::CXXDerivedObjectRegionKind: {
1394
52
      // TODO: Store the base type in the CXXDerivedObjectRegion and use it.
1395
52
      goto Finish;
1396
1.36k
    }
1397
1.36k
1398
6.51k
    case MemRegion::ElementRegionKind: {
1399
6.51k
      const auto *ER = cast<ElementRegion>(R);
1400
6.51k
      R = ER->getSuperRegion();
1401
6.51k
1402
6.51k
      QualType EleTy = ER->getValueType();
1403
6.51k
      if (EleTy->isIncompleteType()) {
1404
6
        // We cannot compute the offset of the base class.
1405
6
        SymbolicOffsetBase = R;
1406
6
        continue;
1407
6
      }
1408
6.50k
1409
6.50k
      SVal Index = ER->getIndex();
1410
6.50k
      if (Optional<nonloc::ConcreteInt> CI =
1411
6.09k
              Index.getAs<nonloc::ConcreteInt>()) {
1412
6.09k
        // Don't bother calculating precise offsets if we already have a
1413
6.09k
        // symbolic offset somewhere in the chain.
1414
6.09k
        if (SymbolicOffsetBase)
1415
3
          continue;
1416
6.08k
1417
6.08k
        int64_t i = CI->getValue().getSExtValue();
1418
6.08k
        // This type size is in bits.
1419
6.08k
        Offset += i * R->getContext().getTypeSize(EleTy);
1420
6.08k
      } else {
1421
416
        // We cannot compute offset for non-concrete index.
1422
416
        SymbolicOffsetBase = R;
1423
416
      }
1424
6.50k
      
break6.50k
;
1425
6.50k
    }
1426
12.7k
    case MemRegion::FieldRegionKind: {
1427
12.7k
      const auto *FR = cast<FieldRegion>(R);
1428
12.7k
      R = FR->getSuperRegion();
1429
12.7k
1430
12.7k
      const RecordDecl *RD = FR->getDecl()->getParent();
1431
12.7k
      if (RD->isUnion() || 
!RD->isCompleteDefinition()12.6k
) {
1432
105
        // We cannot compute offset for incomplete type.
1433
105
        // For unions, we could treat everything as offset 0, but we'd rather
1434
105
        // treat each field as a symbolic offset so they aren't stored on top
1435
105
        // of each other, since we depend on things in typed regions actually
1436
105
        // matching their types.
1437
105
        SymbolicOffsetBase = R;
1438
105
      }
1439
12.7k
1440
12.7k
      // Don't bother calculating precise offsets if we already have a
1441
12.7k
      // symbolic offset somewhere in the chain.
1442
12.7k
      if (SymbolicOffsetBase)
1443
244
        continue;
1444
12.5k
1445
12.5k
      // Get the field number.
1446
12.5k
      unsigned idx = 0;
1447
12.5k
      for (RecordDecl::field_iterator FI = RD->field_begin(),
1448
17.8k
             FE = RD->field_end(); FI != FE; 
++FI, ++idx5.26k
) {
1449
17.8k
        if (FR->getDecl() == *FI)
1450
12.5k
          break;
1451
17.8k
      }
1452
12.5k
      const ASTRecordLayout &Layout = R->getContext().getASTRecordLayout(RD);
1453
12.5k
      // This is offset in bits.
1454
12.5k
      Offset += Layout.getFieldOffset(idx);
1455
12.5k
      break;
1456
12.5k
    }
1457
104k
    }
1458
104k
  }
1459
83.4k
1460
83.4k
 Finish:
1461
83.4k
  if (SymbolicOffsetBase)
1462
535
    return RegionOffset(SymbolicOffsetBase, RegionOffset::Symbolic);
1463
82.9k
  return RegionOffset(R, Offset);
1464
82.9k
}
1465
1466
1.28M
RegionOffset MemRegion::getAsOffset() const {
1467
1.28M
  if (!cachedOffset)
1468
83.4k
    cachedOffset = calculateOffset(this);
1469
1.28M
  return *cachedOffset;
1470
1.28M
}
1471
1472
//===----------------------------------------------------------------------===//
1473
// BlockDataRegion
1474
//===----------------------------------------------------------------------===//
1475
1476
std::pair<const VarRegion *, const VarRegion *>
1477
292
BlockDataRegion::getCaptureRegions(const VarDecl *VD) {
1478
292
  MemRegionManager &MemMgr = *getMemRegionManager();
1479
292
  const VarRegion *VR = nullptr;
1480
292
  const VarRegion *OriginalVR = nullptr;
1481
292
1482
292
  if (!VD->hasAttr<BlocksAttr>() && 
VD->hasLocalStorage()230
) {
1483
190
    VR = MemMgr.getVarRegion(VD, this);
1484
190
    OriginalVR = MemMgr.getVarRegion(VD, LC);
1485
190
  }
1486
102
  else {
1487
102
    if (LC) {
1488
102
      VR = MemMgr.getVarRegion(VD, LC);
1489
102
      OriginalVR = VR;
1490
102
    }
1491
0
    else {
1492
0
      VR = MemMgr.getVarRegion(VD, MemMgr.getUnknownRegion());
1493
0
      OriginalVR = MemMgr.getVarRegion(VD, LC);
1494
0
    }
1495
102
  }
1496
292
  return std::make_pair(VR, OriginalVR);
1497
292
}
1498
1499
5.88k
void BlockDataRegion::LazyInitializeReferencedVars() {
1500
5.88k
  if (ReferencedVars)
1501
5.52k
    return;
1502
359
1503
359
  AnalysisDeclContext *AC = getCodeRegion()->getAnalysisDeclContext();
1504
359
  const auto &ReferencedBlockVars = AC->getReferencedBlockVars(BC->getDecl());
1505
359
  auto NumBlockVars =
1506
359
      std::distance(ReferencedBlockVars.begin(), ReferencedBlockVars.end());
1507
359
1508
359
  if (NumBlockVars == 0) {
1509
128
    ReferencedVars = (void*) 0x1;
1510
128
    return;
1511
128
  }
1512
231
1513
231
  MemRegionManager &MemMgr = *getMemRegionManager();
1514
231
  llvm::BumpPtrAllocator &A = MemMgr.getAllocator();
1515
231
  BumpVectorContext BC(A);
1516
231
1517
231
  using VarVec = BumpVector<const MemRegion *>;
1518
231
1519
231
  auto *BV = A.Allocate<VarVec>();
1520
231
  new (BV) VarVec(BC, NumBlockVars);
1521
231
  auto *BVOriginal = A.Allocate<VarVec>();
1522
231
  new (BVOriginal) VarVec(BC, NumBlockVars);
1523
231
1524
292
  for (const auto *VD : ReferencedBlockVars) {
1525
292
    const VarRegion *VR = nullptr;
1526
292
    const VarRegion *OriginalVR = nullptr;
1527
292
    std::tie(VR, OriginalVR) = getCaptureRegions(VD);
1528
292
    assert(VR);
1529
292
    assert(OriginalVR);
1530
292
    BV->push_back(VR, BC);
1531
292
    BVOriginal->push_back(OriginalVR, BC);
1532
292
  }
1533
231
1534
231
  ReferencedVars = BV;
1535
231
  OriginalVars = BVOriginal;
1536
231
}
1537
1538
BlockDataRegion::referenced_vars_iterator
1539
2.94k
BlockDataRegion::referenced_vars_begin() const {
1540
2.94k
  const_cast<BlockDataRegion*>(this)->LazyInitializeReferencedVars();
1541
2.94k
1542
2.94k
  auto *Vec = static_cast<BumpVector<const MemRegion *> *>(ReferencedVars);
1543
2.94k
1544
2.94k
  if (Vec == (void*) 0x1)
1545
684
    return BlockDataRegion::referenced_vars_iterator(nullptr, nullptr);
1546
2.26k
1547
2.26k
  auto *VecOriginal =
1548
2.26k
      static_cast<BumpVector<const MemRegion *> *>(OriginalVars);
1549
2.26k
1550
2.26k
  return BlockDataRegion::referenced_vars_iterator(Vec->begin(),
1551
2.26k
                                                   VecOriginal->begin());
1552
2.26k
}
1553
1554
BlockDataRegion::referenced_vars_iterator
1555
2.93k
BlockDataRegion::referenced_vars_end() const {
1556
2.93k
  const_cast<BlockDataRegion*>(this)->LazyInitializeReferencedVars();
1557
2.93k
1558
2.93k
  auto *Vec = static_cast<BumpVector<const MemRegion *> *>(ReferencedVars);
1559
2.93k
1560
2.93k
  if (Vec == (void*) 0x1)
1561
684
    return BlockDataRegion::referenced_vars_iterator(nullptr, nullptr);
1562
2.25k
1563
2.25k
  auto *VecOriginal =
1564
2.25k
      static_cast<BumpVector<const MemRegion *> *>(OriginalVars);
1565
2.25k
1566
2.25k
  return BlockDataRegion::referenced_vars_iterator(Vec->end(),
1567
2.25k
                                                   VecOriginal->end());
1568
2.25k
}
1569
1570
4
const VarRegion *BlockDataRegion::getOriginalRegion(const VarRegion *R) const {
1571
4
  for (referenced_vars_iterator I = referenced_vars_begin(),
1572
4
                                E = referenced_vars_end();
1573
6
       I != E; 
++I2
) {
1574
6
    if (I.getCapturedRegion() == R)
1575
4
      return I.getOriginalRegion();
1576
6
  }
1577
4
  
return nullptr0
;
1578
4
}
1579
1580
//===----------------------------------------------------------------------===//
1581
// RegionAndSymbolInvalidationTraits
1582
//===----------------------------------------------------------------------===//
1583
1584
void RegionAndSymbolInvalidationTraits::setTrait(SymbolRef Sym,
1585
1.27k
                                                 InvalidationKinds IK) {
1586
1.27k
  SymTraitsMap[Sym] |= IK;
1587
1.27k
}
1588
1589
void RegionAndSymbolInvalidationTraits::setTrait(const MemRegion *MR,
1590
5.80k
                                                 InvalidationKinds IK) {
1591
5.80k
  assert(MR);
1592
5.80k
  if (const auto *SR = dyn_cast<SymbolicRegion>(MR))
1593
1.17k
    setTrait(SR->getSymbol(), IK);
1594
4.63k
  else
1595
4.63k
    MRTraitsMap[MR] |= IK;
1596
5.80k
}
1597
1598
bool RegionAndSymbolInvalidationTraits::hasTrait(SymbolRef Sym,
1599
85.1k
                                                 InvalidationKinds IK) const {
1600
85.1k
  const_symbol_iterator I = SymTraitsMap.find(Sym);
1601
85.1k
  if (I != SymTraitsMap.end())
1602
3.62k
    return I->second & IK;
1603
81.5k
1604
81.5k
  return false;
1605
81.5k
}
1606
1607
bool RegionAndSymbolInvalidationTraits::hasTrait(const MemRegion *MR,
1608
120k
                                                 InvalidationKinds IK) const {
1609
120k
  if (!MR)
1610
0
    return false;
1611
120k
1612
120k
  if (const auto *SR = dyn_cast<SymbolicRegion>(MR))
1613
13.1k
    return hasTrait(SR->getSymbol(), IK);
1614
107k
1615
107k
  const_region_iterator I = MRTraitsMap.find(MR);
1616
107k
  if (I != MRTraitsMap.end())
1617
7.51k
    return I->second & IK;
1618
99.7k
1619
99.7k
  return false;
1620
99.7k
}