Coverage Report

Created: 2021-01-16 07:00

/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
Line
Count
Source (jump to first uncovered line)
1
//===- CheckerManager.cpp - Static Analyzer Checker Manager ---------------===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
// Defines the Static Analyzer Checker Manager.
10
//
11
//===----------------------------------------------------------------------===//
12
13
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
14
#include "clang/AST/DeclBase.h"
15
#include "clang/AST/Stmt.h"
16
#include "clang/Analysis/ProgramPoint.h"
17
#include "clang/Basic/JsonSupport.h"
18
#include "clang/Basic/LLVM.h"
19
#include "clang/Driver/DriverDiagnostic.h"
20
#include "clang/StaticAnalyzer/Core/Checker.h"
21
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
22
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
23
#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h"
24
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
25
#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
26
#include "llvm/ADT/SmallVector.h"
27
#include "llvm/Support/Casting.h"
28
#include "llvm/Support/ErrorHandling.h"
29
#include <cassert>
30
#include <vector>
31
32
using namespace clang;
33
using namespace ento;
34
35
15.2k
bool CheckerManager::hasPathSensitiveCheckers() const {
36
15.2k
  return !StmtCheckers.empty()              ||
37
1.98k
         !PreObjCMessageCheckers.empty()    ||
38
1.97k
         !PostObjCMessageCheckers.empty()   ||
39
1.82k
         !PreCallCheckers.empty()    ||
40
1.77k
         !PostCallCheckers.empty()   ||
41
1.67k
         !LocationCheckers.empty()          ||
42
1.65k
         !BindCheckers.empty()              ||
43
1.65k
         !EndAnalysisCheckers.empty()       ||
44
1.60k
         !EndFunctionCheckers.empty()           ||
45
1.59k
         !BranchConditionCheckers.empty()   ||
46
1.59k
         !LiveSymbolsCheckers.empty()       ||
47
1.59k
         !DeadSymbolsCheckers.empty()       ||
48
1.59k
         !RegionChangesCheckers.empty()     ||
49
1.59k
         !EvalAssumeCheckers.empty()        ||
50
1.59k
         !EvalCallCheckers.empty();
51
15.2k
}
52
53
1.35k
void CheckerManager::finishedCheckerRegistration() {
54
1.35k
#ifndef NDEBUG
55
  // Make sure that for every event that has listeners, there is at least
56
  // one dispatcher registered for it.
57
1.35k
  for (const auto &Event : Events)
58
1.35k
    assert(Event.second.HasDispatcher &&
59
1.35k
           "No dispatcher registered for an event");
60
1.35k
#endif
61
1.35k
}
62
63
void CheckerManager::reportInvalidCheckerOptionValue(
64
    const CheckerBase *C, StringRef OptionName,
65
6
    StringRef ExpectedValueDesc) const {
66
67
6
  getDiagnostics().Report(diag::err_analyzer_checker_option_invalid_input)
68
6
      << (llvm::Twine() + C->getTagDescription() + ":" + OptionName).str()
69
6
      << ExpectedValueDesc;
70
6
}
71
72
//===----------------------------------------------------------------------===//
73
// Functions for running checkers for AST traversing..
74
//===----------------------------------------------------------------------===//
75
76
void CheckerManager::runCheckersOnASTDecl(const Decl *D, AnalysisManager& mgr,
77
80.7k
                                          BugReporter &BR) {
78
80.7k
  assert(D);
79
80
80.7k
  unsigned DeclKind = D->getKind();
81
80.7k
  CachedDeclCheckers *checkers = nullptr;
82
80.7k
  CachedDeclCheckersMapTy::iterator CCI = CachedDeclCheckersMap.find(DeclKind);
83
80.7k
  if (CCI != CachedDeclCheckersMap.end()) {
84
71.2k
    checkers = &(CCI->second);
85
9.53k
  } else {
86
    // Find the checkers that should run for this Decl and cache them.
87
9.53k
    checkers = &CachedDeclCheckersMap[DeclKind];
88
9.53k
    for (const auto &info : DeclCheckers)
89
1.78k
      if (info.IsForDeclFn(D))
90
112
        checkers->push_back(info.CheckFn);
91
9.53k
  }
92
93
80.7k
  assert(checkers);
94
80.7k
  for (const auto &checker : *checkers)
95
708
    checker(D, mgr, BR);
96
80.7k
}
97
98
void CheckerManager::runCheckersOnASTBody(const Decl *D, AnalysisManager& mgr,
99
17.2k
                                          BugReporter &BR) {
100
17.2k
  assert(D && D->hasBody());
101
102
17.2k
  for (const auto &BodyChecker : BodyCheckers)
103
8.26k
    BodyChecker(D, mgr, BR);
104
17.2k
}
105
106
//===----------------------------------------------------------------------===//
107
// Functions for running checkers for path-sensitive checking.
108
//===----------------------------------------------------------------------===//
109
110
template <typename CHECK_CTX>
111
static void expandGraphWithCheckers(CHECK_CTX checkCtx,
112
                                    ExplodedNodeSet &Dst,
113
2.37M
                                    const ExplodedNodeSet &Src) {
114
2.37M
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
2.37M
  if (Src.empty())
116
72.3k
    return;
117
118
2.30M
  typename CHECK_CTX::CheckersTy::const_iterator
119
2.30M
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
2.30M
  if (I == E) {
121
712k
    Dst.insert(Src);
122
712k
    return;
123
712k
  }
124
125
1.58M
  ExplodedNodeSet Tmp1, Tmp2;
126
1.58M
  const ExplodedNodeSet *PrevSet = &Src;
127
128
5.57M
  for (; I != E; 
++I3.98M
) {
129
3.99M
    ExplodedNodeSet *CurrSet = nullptr;
130
3.99M
    if (I+1 == E)
131
1.58M
      CurrSet = &Dst;
132
2.40M
    else {
133
1.51M
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp2887k
: &Tmp1;
134
2.40M
      CurrSet->clear();
135
2.40M
    }
136
137
3.99M
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
3.99M
    for (const auto &NI : *PrevSet)
139
3.99M
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
3.99M
    if (CurrSet->empty())
143
3.93k
      return;
144
145
    // Update which NodeSet is the current one.
146
3.98M
    PrevSet = CurrSet;
147
3.98M
  }
148
1.58M
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckStmtContext>((anonymous namespace)::CheckStmtContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
1.42M
                                    const ExplodedNodeSet &Src) {
114
1.42M
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
1.42M
  if (Src.empty())
116
36.2k
    return;
117
118
1.39M
  typename CHECK_CTX::CheckersTy::const_iterator
119
1.39M
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
1.39M
  if (I == E) {
121
696k
    Dst.insert(Src);
122
696k
    return;
123
696k
  }
124
125
695k
  ExplodedNodeSet Tmp1, Tmp2;
126
695k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
1.65M
  for (; I != E; 
++I959k
) {
129
960k
    ExplodedNodeSet *CurrSet = nullptr;
130
960k
    if (I+1 == E)
131
695k
      CurrSet = &Dst;
132
265k
    else {
133
240k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp225.4k
: &Tmp1;
134
265k
      CurrSet->clear();
135
265k
    }
136
137
960k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
960k
    for (const auto &NI : *PrevSet)
139
960k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
960k
    if (CurrSet->empty())
143
627
      return;
144
145
    // Update which NodeSet is the current one.
146
959k
    PrevSet = CurrSet;
147
959k
  }
148
695k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckObjCMessageContext>((anonymous namespace)::CheckObjCMessageContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
8.87k
                                    const ExplodedNodeSet &Src) {
114
8.87k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
8.87k
  if (Src.empty())
116
691
    return;
117
118
8.18k
  typename CHECK_CTX::CheckersTy::const_iterator
119
8.18k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
8.18k
  if (I == E) {
121
112
    Dst.insert(Src);
122
112
    return;
123
112
  }
124
125
8.06k
  ExplodedNodeSet Tmp1, Tmp2;
126
8.06k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
26.1k
  for (; I != E; 
++I18.0k
) {
129
18.1k
    ExplodedNodeSet *CurrSet = nullptr;
130
18.1k
    if (I+1 == E)
131
8.05k
      CurrSet = &Dst;
132
10.0k
    else {
133
7.13k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp22.95k
: &Tmp1;
134
10.0k
      CurrSet->clear();
135
10.0k
    }
136
137
18.1k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
18.1k
    for (const auto &NI : *PrevSet)
139
18.1k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
18.1k
    if (CurrSet->empty())
143
83
      return;
144
145
    // Update which NodeSet is the current one.
146
18.0k
    PrevSet = CurrSet;
147
18.0k
  }
148
8.06k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckCallContext>((anonymous namespace)::CheckCallContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
237k
                                    const ExplodedNodeSet &Src) {
114
237k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
237k
  if (Src.empty())
116
35.4k
    return;
117
118
202k
  typename CHECK_CTX::CheckersTy::const_iterator
119
202k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
202k
  if (I == E) {
121
4.24k
    Dst.insert(Src);
122
4.24k
    return;
123
4.24k
  }
124
125
197k
  ExplodedNodeSet Tmp1, Tmp2;
126
197k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
1.08M
  for (; I != E; 
++I882k
) {
129
884k
    ExplodedNodeSet *CurrSet = nullptr;
130
884k
    if (I+1 == E)
131
197k
      CurrSet = &Dst;
132
686k
    else {
133
377k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp2309k
: &Tmp1;
134
686k
      CurrSet->clear();
135
686k
    }
136
137
884k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
884k
    for (const auto &NI : *PrevSet)
139
885k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
884k
    if (CurrSet->empty())
143
1.75k
      return;
144
145
    // Update which NodeSet is the current one.
146
882k
    PrevSet = CurrSet;
147
882k
  }
148
197k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckLocationContext>((anonymous namespace)::CheckLocationContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
177k
                                    const ExplodedNodeSet &Src) {
114
177k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
177k
  if (Src.empty())
116
0
    return;
117
118
177k
  typename CHECK_CTX::CheckersTy::const_iterator
119
177k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
177k
  if (I == E) {
121
4.29k
    Dst.insert(Src);
122
4.29k
    return;
123
4.29k
  }
124
125
172k
  ExplodedNodeSet Tmp1, Tmp2;
126
172k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
599k
  for (; I != E; 
++I426k
) {
129
427k
    ExplodedNodeSet *CurrSet = nullptr;
130
427k
    if (I+1 == E)
131
172k
      CurrSet = &Dst;
132
254k
    else {
133
173k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp281.3k
: &Tmp1;
134
254k
      CurrSet->clear();
135
254k
    }
136
137
427k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
427k
    for (const auto &NI : *PrevSet)
139
427k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
427k
    if (CurrSet->empty())
143
993
      return;
144
145
    // Update which NodeSet is the current one.
146
426k
    PrevSet = CurrSet;
147
426k
  }
148
172k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckBindContext>((anonymous namespace)::CheckBindContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
69.4k
                                    const ExplodedNodeSet &Src) {
114
69.4k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
69.4k
  if (Src.empty())
116
0
    return;
117
118
69.4k
  typename CHECK_CTX::CheckersTy::const_iterator
119
69.4k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
69.4k
  if (I == E) {
121
1.47k
    Dst.insert(Src);
122
1.47k
    return;
123
1.47k
  }
124
125
67.9k
  ExplodedNodeSet Tmp1, Tmp2;
126
67.9k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
212k
  for (; I != E; 
++I144k
) {
129
144k
    ExplodedNodeSet *CurrSet = nullptr;
130
144k
    if (I+1 == E)
131
67.9k
      CurrSet = &Dst;
132
76.5k
    else {
133
68.3k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp28.28k
: &Tmp1;
134
76.5k
      CurrSet->clear();
135
76.5k
    }
136
137
144k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
144k
    for (const auto &NI : *PrevSet)
139
144k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
144k
    if (CurrSet->empty())
143
347
      return;
144
145
    // Update which NodeSet is the current one.
146
144k
    PrevSet = CurrSet;
147
144k
  }
148
67.9k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckBeginFunctionContext>((anonymous namespace)::CheckBeginFunctionContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
47.4k
                                    const ExplodedNodeSet &Src) {
114
47.4k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
47.4k
  if (Src.empty())
116
0
    return;
117
118
47.4k
  typename CHECK_CTX::CheckersTy::const_iterator
119
47.4k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
47.4k
  if (I == E) {
121
1.41k
    Dst.insert(Src);
122
1.41k
    return;
123
1.41k
  }
124
125
46.0k
  ExplodedNodeSet Tmp1, Tmp2;
126
46.0k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
113k
  for (; I != E; 
++I67.1k
) {
129
67.1k
    ExplodedNodeSet *CurrSet = nullptr;
130
67.1k
    if (I+1 == E)
131
46.0k
      CurrSet = &Dst;
132
21.1k
    else {
133
11.4k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp29.64k
: &Tmp1;
134
21.1k
      CurrSet->clear();
135
21.1k
    }
136
137
67.1k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
67.1k
    for (const auto &NI : *PrevSet)
139
67.1k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
67.1k
    if (CurrSet->empty())
143
0
      return;
144
145
    // Update which NodeSet is the current one.
146
67.1k
    PrevSet = CurrSet;
147
67.1k
  }
148
46.0k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckBranchConditionContext>((anonymous namespace)::CheckBranchConditionContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
42.3k
                                    const ExplodedNodeSet &Src) {
114
42.3k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
42.3k
  if (Src.empty())
116
0
    return;
117
118
42.3k
  typename CHECK_CTX::CheckersTy::const_iterator
119
42.3k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
42.3k
  if (I == E) {
121
929
    Dst.insert(Src);
122
929
    return;
123
929
  }
124
125
41.4k
  ExplodedNodeSet Tmp1, Tmp2;
126
41.4k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
84.2k
  for (; I != E; 
++I42.7k
) {
129
42.8k
    ExplodedNodeSet *CurrSet = nullptr;
130
42.8k
    if (I+1 == E)
131
41.4k
      CurrSet = &Dst;
132
1.45k
    else {
133
1.45k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp20
: &Tmp1;
134
1.45k
      CurrSet->clear();
135
1.45k
    }
136
137
42.8k
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
42.8k
    for (const auto &NI : *PrevSet)
139
42.8k
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
42.8k
    if (CurrSet->empty())
143
57
      return;
144
145
    // Update which NodeSet is the current one.
146
42.7k
    PrevSet = CurrSet;
147
42.7k
  }
148
41.4k
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckNewAllocatorContext>((anonymous namespace)::CheckNewAllocatorContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
1.01k
                                    const ExplodedNodeSet &Src) {
114
1.01k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
1.01k
  if (Src.empty())
116
0
    return;
117
118
1.01k
  typename CHECK_CTX::CheckersTy::const_iterator
119
1.01k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
1.01k
  if (I == E) {
121
464
    Dst.insert(Src);
122
464
    return;
123
464
  }
124
125
554
  ExplodedNodeSet Tmp1, Tmp2;
126
554
  const ExplodedNodeSet *PrevSet = &Src;
127
128
1.10k
  for (; I != E; 
++I554
) {
129
554
    ExplodedNodeSet *CurrSet = nullptr;
130
554
    if (I+1 == E)
131
554
      CurrSet = &Dst;
132
0
    else {
133
0
      CurrSet = (PrevSet == &Tmp1) ? &Tmp2 : &Tmp1;
134
0
      CurrSet->clear();
135
0
    }
136
137
554
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
554
    for (const auto &NI : *PrevSet)
139
554
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
554
    if (CurrSet->empty())
143
0
      return;
144
145
    // Update which NodeSet is the current one.
146
554
    PrevSet = CurrSet;
147
554
  }
148
554
}
CheckerManager.cpp:void expandGraphWithCheckers<(anonymous namespace)::CheckDeadSymbolsContext>((anonymous namespace)::CheckDeadSymbolsContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
Line
Count
Source
113
360k
                                    const ExplodedNodeSet &Src) {
114
360k
  const NodeBuilderContext &BldrCtx = checkCtx.Eng.getBuilderContext();
115
360k
  if (Src.empty())
116
0
    return;
117
118
360k
  typename CHECK_CTX::CheckersTy::const_iterator
119
360k
      I = checkCtx.checkers_begin(), E = checkCtx.checkers_end();
120
360k
  if (I == E) {
121
3.62k
    Dst.insert(Src);
122
3.62k
    return;
123
3.62k
  }
124
125
357k
  ExplodedNodeSet Tmp1, Tmp2;
126
357k
  const ExplodedNodeSet *PrevSet = &Src;
127
128
1.80M
  for (; I != E; 
++I1.44M
) {
129
1.44M
    ExplodedNodeSet *CurrSet = nullptr;
130
1.44M
    if (I+1 == E)
131
357k
      CurrSet = &Dst;
132
1.09M
    else {
133
640k
      CurrSet = (PrevSet == &Tmp1) ? 
&Tmp2450k
: &Tmp1;
134
1.09M
      CurrSet->clear();
135
1.09M
    }
136
137
1.44M
    NodeBuilder B(*PrevSet, *CurrSet, BldrCtx);
138
1.44M
    for (const auto &NI : *PrevSet)
139
1.44M
      checkCtx.runChecker(*I, B, NI);
140
141
    // If all the produced transitions are sinks, stop.
142
1.44M
    if (CurrSet->empty())
143
78
      return;
144
145
    // Update which NodeSet is the current one.
146
1.44M
    PrevSet = CurrSet;
147
1.44M
  }
148
357k
}
149
150
namespace {
151
152
  struct CheckStmtContext {
153
    using CheckersTy = SmallVectorImpl<CheckerManager::CheckStmtFunc>;
154
155
    bool IsPreVisit;
156
    const CheckersTy &Checkers;
157
    const Stmt *S;
158
    ExprEngine &Eng;
159
    bool WasInlined;
160
161
    CheckStmtContext(bool isPreVisit, const CheckersTy &checkers,
162
                     const Stmt *s, ExprEngine &eng, bool wasInlined = false)
163
        : IsPreVisit(isPreVisit), Checkers(checkers), S(s), Eng(eng),
164
1.42M
          WasInlined(wasInlined) {}
165
166
1.39M
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
167
1.39M
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
168
169
    void runChecker(CheckerManager::CheckStmtFunc checkFn,
170
960k
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
171
      // FIXME: Remove respondsToCallback from CheckerContext;
172
395k
      ProgramPoint::Kind K =  IsPreVisit ? ProgramPoint::PreStmtKind :
173
565k
                                           ProgramPoint::PostStmtKind;
174
960k
      const ProgramPoint &L = ProgramPoint::getProgramPoint(S, K,
175
960k
                                Pred->getLocationContext(), checkFn.Checker);
176
960k
      CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
177
960k
      checkFn(S, C);
178
960k
    }
179
  };
180
181
} // namespace
182
183
/// Run checkers for visiting Stmts.
184
void CheckerManager::runCheckersForStmt(bool isPreVisit,
185
                                        ExplodedNodeSet &Dst,
186
                                        const ExplodedNodeSet &Src,
187
                                        const Stmt *S,
188
                                        ExprEngine &Eng,
189
1.42M
                                        bool WasInlined) {
190
1.42M
  CheckStmtContext C(isPreVisit, getCachedStmtCheckersFor(S, isPreVisit),
191
1.42M
                     S, Eng, WasInlined);
192
1.42M
  expandGraphWithCheckers(C, Dst, Src);
193
1.42M
}
194
195
namespace {
196
197
  struct CheckObjCMessageContext {
198
    using CheckersTy = std::vector<CheckerManager::CheckObjCMessageFunc>;
199
200
    ObjCMessageVisitKind Kind;
201
    bool WasInlined;
202
    const CheckersTy &Checkers;
203
    const ObjCMethodCall &Msg;
204
    ExprEngine &Eng;
205
206
    CheckObjCMessageContext(ObjCMessageVisitKind visitKind,
207
                            const CheckersTy &checkers,
208
                            const ObjCMethodCall &msg, ExprEngine &eng,
209
                            bool wasInlined)
210
        : Kind(visitKind), WasInlined(wasInlined), Checkers(checkers), Msg(msg),
211
8.87k
          Eng(eng) {}
212
213
8.18k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
214
8.18k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
215
216
    void runChecker(CheckerManager::CheckObjCMessageFunc checkFn,
217
18.1k
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
218
18.1k
      bool IsPreVisit;
219
220
18.1k
      switch (Kind) {
221
9.64k
        case ObjCMessageVisitKind::Pre:
222
9.64k
          IsPreVisit = true;
223
9.64k
          break;
224
96
        case ObjCMessageVisitKind::MessageNil:
225
8.49k
        case ObjCMessageVisitKind::Post:
226
8.49k
          IsPreVisit = false;
227
8.49k
          break;
228
18.1k
      }
229
230
18.1k
      const ProgramPoint &L = Msg.getProgramPoint(IsPreVisit,checkFn.Checker);
231
18.1k
      CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
232
233
18.1k
      checkFn(*Msg.cloneWithState<ObjCMethodCall>(Pred->getState()), C);
234
18.1k
    }
235
  };
236
237
} // namespace
238
239
/// Run checkers for visiting obj-c messages.
240
void CheckerManager::runCheckersForObjCMessage(ObjCMessageVisitKind visitKind,
241
                                               ExplodedNodeSet &Dst,
242
                                               const ExplodedNodeSet &Src,
243
                                               const ObjCMethodCall &msg,
244
                                               ExprEngine &Eng,
245
8.87k
                                               bool WasInlined) {
246
8.87k
  const auto &checkers = getObjCMessageCheckers(visitKind);
247
8.87k
  CheckObjCMessageContext C(visitKind, checkers, msg, Eng, WasInlined);
248
8.87k
  expandGraphWithCheckers(C, Dst, Src);
249
8.87k
}
250
251
const std::vector<CheckerManager::CheckObjCMessageFunc> &
252
8.87k
CheckerManager::getObjCMessageCheckers(ObjCMessageVisitKind Kind) const {
253
8.87k
  switch (Kind) {
254
4.09k
  case ObjCMessageVisitKind::Pre:
255
4.09k
    return PreObjCMessageCheckers;
256
0
    break;
257
4.68k
  case ObjCMessageVisitKind::Post:
258
4.68k
    return PostObjCMessageCheckers;
259
96
  case ObjCMessageVisitKind::MessageNil:
260
96
    return ObjCMessageNilCheckers;
261
0
  }
262
0
  llvm_unreachable("Unknown Kind");
263
0
}
264
265
namespace {
266
267
  // FIXME: This has all the same signatures as CheckObjCMessageContext.
268
  // Is there a way we can merge the two?
269
  struct CheckCallContext {
270
    using CheckersTy = std::vector<CheckerManager::CheckCallFunc>;
271
272
    bool IsPreVisit, WasInlined;
273
    const CheckersTy &Checkers;
274
    const CallEvent &Call;
275
    ExprEngine &Eng;
276
277
    CheckCallContext(bool isPreVisit, const CheckersTy &checkers,
278
                     const CallEvent &call, ExprEngine &eng,
279
                     bool wasInlined)
280
        : IsPreVisit(isPreVisit), WasInlined(wasInlined), Checkers(checkers),
281
237k
          Call(call), Eng(eng) {}
282
283
202k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
284
202k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
285
286
    void runChecker(CheckerManager::CheckCallFunc checkFn,
287
885k
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
288
885k
      const ProgramPoint &L = Call.getProgramPoint(IsPreVisit,checkFn.Checker);
289
885k
      CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
290
291
885k
      checkFn(*Call.cloneWithState(Pred->getState()), C);
292
885k
    }
293
  };
294
295
} // namespace
296
297
/// Run checkers for visiting an abstract call event.
298
void CheckerManager::runCheckersForCallEvent(bool isPreVisit,
299
                                             ExplodedNodeSet &Dst,
300
                                             const ExplodedNodeSet &Src,
301
                                             const CallEvent &Call,
302
                                             ExprEngine &Eng,
303
237k
                                             bool WasInlined) {
304
237k
  CheckCallContext C(isPreVisit,
305
99.1k
                     isPreVisit ? PreCallCheckers
306
138k
                                : PostCallCheckers,
307
237k
                     Call, Eng, WasInlined);
308
237k
  expandGraphWithCheckers(C, Dst, Src);
309
237k
}
310
311
namespace {
312
313
  struct CheckLocationContext {
314
    using CheckersTy = std::vector<CheckerManager::CheckLocationFunc>;
315
316
    const CheckersTy &Checkers;
317
    SVal Loc;
318
    bool IsLoad;
319
    const Stmt *NodeEx; /* Will become a CFGStmt */
320
    const Stmt *BoundEx;
321
    ExprEngine &Eng;
322
323
    CheckLocationContext(const CheckersTy &checkers,
324
                         SVal loc, bool isLoad, const Stmt *NodeEx,
325
                         const Stmt *BoundEx,
326
                         ExprEngine &eng)
327
        : Checkers(checkers), Loc(loc), IsLoad(isLoad), NodeEx(NodeEx),
328
177k
          BoundEx(BoundEx), Eng(eng) {}
329
330
177k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
331
177k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
332
333
    void runChecker(CheckerManager::CheckLocationFunc checkFn,
334
427k
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
335
356k
      ProgramPoint::Kind K =  IsLoad ? ProgramPoint::PreLoadKind :
336
70.8k
                                       ProgramPoint::PreStoreKind;
337
427k
      const ProgramPoint &L =
338
427k
        ProgramPoint::getProgramPoint(NodeEx, K,
339
427k
                                      Pred->getLocationContext(),
340
427k
                                      checkFn.Checker);
341
427k
      CheckerContext C(Bldr, Eng, Pred, L);
342
427k
      checkFn(Loc, IsLoad, BoundEx, C);
343
427k
    }
344
  };
345
346
} // namespace
347
348
/// Run checkers for load/store of a location.
349
350
void CheckerManager::runCheckersForLocation(ExplodedNodeSet &Dst,
351
                                            const ExplodedNodeSet &Src,
352
                                            SVal location, bool isLoad,
353
                                            const Stmt *NodeEx,
354
                                            const Stmt *BoundEx,
355
177k
                                            ExprEngine &Eng) {
356
177k
  CheckLocationContext C(LocationCheckers, location, isLoad, NodeEx,
357
177k
                         BoundEx, Eng);
358
177k
  expandGraphWithCheckers(C, Dst, Src);
359
177k
}
360
361
namespace {
362
363
  struct CheckBindContext {
364
    using CheckersTy = std::vector<CheckerManager::CheckBindFunc>;
365
366
    const CheckersTy &Checkers;
367
    SVal Loc;
368
    SVal Val;
369
    const Stmt *S;
370
    ExprEngine &Eng;
371
    const ProgramPoint &PP;
372
373
    CheckBindContext(const CheckersTy &checkers,
374
                     SVal loc, SVal val, const Stmt *s, ExprEngine &eng,
375
                     const ProgramPoint &pp)
376
69.4k
        : Checkers(checkers), Loc(loc), Val(val), S(s), Eng(eng), PP(pp) {}
377
378
69.4k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
379
69.4k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
380
381
    void runChecker(CheckerManager::CheckBindFunc checkFn,
382
144k
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
383
144k
      const ProgramPoint &L = PP.withTag(checkFn.Checker);
384
144k
      CheckerContext C(Bldr, Eng, Pred, L);
385
386
144k
      checkFn(Loc, Val, S, C);
387
144k
    }
388
  };
389
390
} // namespace
391
392
/// Run checkers for binding of a value to a location.
393
void CheckerManager::runCheckersForBind(ExplodedNodeSet &Dst,
394
                                        const ExplodedNodeSet &Src,
395
                                        SVal location, SVal val,
396
                                        const Stmt *S, ExprEngine &Eng,
397
69.4k
                                        const ProgramPoint &PP) {
398
69.4k
  CheckBindContext C(BindCheckers, location, val, S, Eng, PP);
399
69.4k
  expandGraphWithCheckers(C, Dst, Src);
400
69.4k
}
401
402
void CheckerManager::runCheckersForEndAnalysis(ExplodedGraph &G,
403
                                               BugReporter &BR,
404
13.6k
                                               ExprEngine &Eng) {
405
13.6k
  for (const auto &EndAnalysisChecker : EndAnalysisCheckers)
406
7.43k
    EndAnalysisChecker(G, BR, Eng);
407
13.6k
}
408
409
namespace {
410
411
struct CheckBeginFunctionContext {
412
  using CheckersTy = std::vector<CheckerManager::CheckBeginFunctionFunc>;
413
414
  const CheckersTy &Checkers;
415
  ExprEngine &Eng;
416
  const ProgramPoint &PP;
417
418
  CheckBeginFunctionContext(const CheckersTy &Checkers, ExprEngine &Eng,
419
                            const ProgramPoint &PP)
420
47.4k
      : Checkers(Checkers), Eng(Eng), PP(PP) {}
421
422
47.4k
  CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
423
47.4k
  CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
424
425
  void runChecker(CheckerManager::CheckBeginFunctionFunc checkFn,
426
67.1k
                  NodeBuilder &Bldr, ExplodedNode *Pred) {
427
67.1k
    const ProgramPoint &L = PP.withTag(checkFn.Checker);
428
67.1k
    CheckerContext C(Bldr, Eng, Pred, L);
429
430
67.1k
    checkFn(C);
431
67.1k
  }
432
};
433
434
} // namespace
435
436
void CheckerManager::runCheckersForBeginFunction(ExplodedNodeSet &Dst,
437
                                                 const BlockEdge &L,
438
                                                 ExplodedNode *Pred,
439
47.4k
                                                 ExprEngine &Eng) {
440
47.4k
  ExplodedNodeSet Src;
441
47.4k
  Src.insert(Pred);
442
47.4k
  CheckBeginFunctionContext C(BeginFunctionCheckers, Eng, L);
443
47.4k
  expandGraphWithCheckers(C, Dst, Src);
444
47.4k
}
445
446
/// Run checkers for end of path.
447
// Note, We do not chain the checker output (like in expandGraphWithCheckers)
448
// for this callback since end of path nodes are expected to be final.
449
void CheckerManager::runCheckersForEndFunction(NodeBuilderContext &BC,
450
                                               ExplodedNodeSet &Dst,
451
                                               ExplodedNode *Pred,
452
                                               ExprEngine &Eng,
453
61.9k
                                               const ReturnStmt *RS) {
454
  // We define the builder outside of the loop because if at least one checker
455
  // creates a successor for Pred, we do not need to generate an
456
  // autotransition for it.
457
61.9k
  NodeBuilder Bldr(Pred, Dst, BC);
458
103k
  for (const auto &checkFn : EndFunctionCheckers) {
459
103k
    const ProgramPoint &L =
460
103k
        FunctionExitPoint(RS, Pred->getLocationContext(), checkFn.Checker);
461
103k
    CheckerContext C(Bldr, Eng, Pred, L);
462
103k
    checkFn(RS, C);
463
103k
  }
464
61.9k
}
465
466
namespace {
467
468
  struct CheckBranchConditionContext {
469
    using CheckersTy = std::vector<CheckerManager::CheckBranchConditionFunc>;
470
471
    const CheckersTy &Checkers;
472
    const Stmt *Condition;
473
    ExprEngine &Eng;
474
475
    CheckBranchConditionContext(const CheckersTy &checkers,
476
                                const Stmt *Cond, ExprEngine &eng)
477
42.3k
        : Checkers(checkers), Condition(Cond), Eng(eng) {}
478
479
42.3k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
480
42.3k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
481
482
    void runChecker(CheckerManager::CheckBranchConditionFunc checkFn,
483
42.8k
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
484
42.8k
      ProgramPoint L = PostCondition(Condition, Pred->getLocationContext(),
485
42.8k
                                     checkFn.Checker);
486
42.8k
      CheckerContext C(Bldr, Eng, Pred, L);
487
42.8k
      checkFn(Condition, C);
488
42.8k
    }
489
  };
490
491
} // namespace
492
493
/// Run checkers for branch condition.
494
void CheckerManager::runCheckersForBranchCondition(const Stmt *Condition,
495
                                                   ExplodedNodeSet &Dst,
496
                                                   ExplodedNode *Pred,
497
42.3k
                                                   ExprEngine &Eng) {
498
42.3k
  ExplodedNodeSet Src;
499
42.3k
  Src.insert(Pred);
500
42.3k
  CheckBranchConditionContext C(BranchConditionCheckers, Condition, Eng);
501
42.3k
  expandGraphWithCheckers(C, Dst, Src);
502
42.3k
}
503
504
namespace {
505
506
  struct CheckNewAllocatorContext {
507
    using CheckersTy = std::vector<CheckerManager::CheckNewAllocatorFunc>;
508
509
    const CheckersTy &Checkers;
510
    const CXXAllocatorCall &Call;
511
    bool WasInlined;
512
    ExprEngine &Eng;
513
514
    CheckNewAllocatorContext(const CheckersTy &Checkers,
515
                             const CXXAllocatorCall &Call, bool WasInlined,
516
                             ExprEngine &Eng)
517
1.01k
        : Checkers(Checkers), Call(Call), WasInlined(WasInlined), Eng(Eng) {}
518
519
1.01k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
520
1.01k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
521
522
    void runChecker(CheckerManager::CheckNewAllocatorFunc checkFn,
523
554
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
524
554
      ProgramPoint L =
525
554
          PostAllocatorCall(Call.getOriginExpr(), Pred->getLocationContext());
526
554
      CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
527
554
      checkFn(cast<CXXAllocatorCall>(*Call.cloneWithState(Pred->getState())),
528
554
              C);
529
554
    }
530
  };
531
532
} // namespace
533
534
void CheckerManager::runCheckersForNewAllocator(const CXXAllocatorCall &Call,
535
                                                ExplodedNodeSet &Dst,
536
                                                ExplodedNode *Pred,
537
                                                ExprEngine &Eng,
538
1.01k
                                                bool WasInlined) {
539
1.01k
  ExplodedNodeSet Src;
540
1.01k
  Src.insert(Pred);
541
1.01k
  CheckNewAllocatorContext C(NewAllocatorCheckers, Call, WasInlined, Eng);
542
1.01k
  expandGraphWithCheckers(C, Dst, Src);
543
1.01k
}
544
545
/// Run checkers for live symbols.
546
void CheckerManager::runCheckersForLiveSymbols(ProgramStateRef state,
547
360k
                                               SymbolReaper &SymReaper) {
548
360k
  for (const auto &LiveSymbolsChecker : LiveSymbolsCheckers)
549
379k
    LiveSymbolsChecker(state, SymReaper);
550
360k
}
551
552
namespace {
553
554
  struct CheckDeadSymbolsContext {
555
    using CheckersTy = std::vector<CheckerManager::CheckDeadSymbolsFunc>;
556
557
    const CheckersTy &Checkers;
558
    SymbolReaper &SR;
559
    const Stmt *S;
560
    ExprEngine &Eng;
561
    ProgramPoint::Kind ProgarmPointKind;
562
563
    CheckDeadSymbolsContext(const CheckersTy &checkers, SymbolReaper &sr,
564
                            const Stmt *s, ExprEngine &eng,
565
                            ProgramPoint::Kind K)
566
360k
        : Checkers(checkers), SR(sr), S(s), Eng(eng), ProgarmPointKind(K) {}
567
568
360k
    CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
569
360k
    CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
570
571
    void runChecker(CheckerManager::CheckDeadSymbolsFunc checkFn,
572
1.44M
                    NodeBuilder &Bldr, ExplodedNode *Pred) {
573
1.44M
      const ProgramPoint &L = ProgramPoint::getProgramPoint(S, ProgarmPointKind,
574
1.44M
                                Pred->getLocationContext(), checkFn.Checker);
575
1.44M
      CheckerContext C(Bldr, Eng, Pred, L);
576
577
      // Note, do not pass the statement to the checkers without letting them
578
      // differentiate if we ran remove dead bindings before or after the
579
      // statement.
580
1.44M
      checkFn(SR, C);
581
1.44M
    }
582
  };
583
584
} // namespace
585
586
/// Run checkers for dead symbols.
587
void CheckerManager::runCheckersForDeadSymbols(ExplodedNodeSet &Dst,
588
                                               const ExplodedNodeSet &Src,
589
                                               SymbolReaper &SymReaper,
590
                                               const Stmt *S,
591
                                               ExprEngine &Eng,
592
360k
                                               ProgramPoint::Kind K) {
593
360k
  CheckDeadSymbolsContext C(DeadSymbolsCheckers, SymReaper, S, Eng, K);
594
360k
  expandGraphWithCheckers(C, Dst, Src);
595
360k
}
596
597
/// Run checkers for region changes.
598
ProgramStateRef
599
CheckerManager::runCheckersForRegionChanges(ProgramStateRef state,
600
                                            const InvalidatedSymbols *invalidated,
601
                                            ArrayRef<const MemRegion *> ExplicitRegions,
602
                                            ArrayRef<const MemRegion *> Regions,
603
                                            const LocationContext *LCtx,
604
130k
                                            const CallEvent *Call) {
605
157k
  for (const auto &RegionChangesChecker : RegionChangesCheckers) {
606
    // If any checker declares the state infeasible (or if it starts that way),
607
    // bail out.
608
157k
    if (!state)
609
0
      return nullptr;
610
157k
    state = RegionChangesChecker(state, invalidated, ExplicitRegions, Regions,
611
157k
                                 LCtx, Call);
612
157k
  }
613
130k
  return state;
614
130k
}
615
616
/// Run checkers to process symbol escape event.
617
ProgramStateRef
618
CheckerManager::runCheckersForPointerEscape(ProgramStateRef State,
619
                                   const InvalidatedSymbols &Escaped,
620
                                   const CallEvent *Call,
621
                                   PointerEscapeKind Kind,
622
39.7k
                                   RegionAndSymbolInvalidationTraits *ETraits) {
623
39.7k
  assert((Call != nullptr ||
624
39.7k
          (Kind != PSK_DirectEscapeOnCall &&
625
39.7k
           Kind != PSK_IndirectEscapeOnCall)) &&
626
39.7k
         "Call must not be NULL when escaping on call");
627
32.4k
  for (const auto &PointerEscapeChecker : PointerEscapeCheckers) {
628
    // If any checker declares the state infeasible (or if it starts that
629
    //  way), bail out.
630
32.4k
    if (!State)
631
0
      return nullptr;
632
32.4k
    State = PointerEscapeChecker(State, Escaped, Call, Kind, ETraits);
633
32.4k
  }
634
39.7k
  return State;
635
39.7k
}
636
637
/// Run checkers for handling assumptions on symbolic values.
638
ProgramStateRef
639
CheckerManager::runCheckersForEvalAssume(ProgramStateRef state,
640
736k
                                         SVal Cond, bool Assumption) {
641
356k
  for (const auto &EvalAssumeChecker : EvalAssumeCheckers) {
642
    // If any checker declares the state infeasible (or if it starts that way),
643
    // bail out.
644
356k
    if (!state)
645
159k
      return nullptr;
646
197k
    state = EvalAssumeChecker(state, Cond, Assumption);
647
197k
  }
648
577k
  return state;
649
736k
}
650
651
/// Run checkers for evaluating a call.
652
/// Only one checker will evaluate the call.
653
void CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst,
654
                                            const ExplodedNodeSet &Src,
655
                                            const CallEvent &Call,
656
                                            ExprEngine &Eng,
657
79.5k
                                            const EvalCallOptions &CallOpts) {
658
78.8k
  for (auto *const Pred : Src) {
659
78.8k
    bool anyEvaluated = false;
660
661
78.8k
    ExplodedNodeSet checkDst;
662
78.8k
    NodeBuilder B(Pred, checkDst, Eng.getBuilderContext());
663
664
    // Check if any of the EvalCall callbacks can evaluate the call.
665
230k
    for (const auto &EvalCallChecker : EvalCallCheckers) {
666
      // TODO: Support the situation when the call doesn't correspond
667
      // to any Expr.
668
230k
      ProgramPoint L = ProgramPoint::getProgramPoint(
669
230k
          Call.getOriginExpr(), ProgramPoint::PostStmtKind,
670
230k
          Pred->getLocationContext(), EvalCallChecker.Checker);
671
230k
      bool evaluated = false;
672
230k
      { // CheckerContext generates transitions(populates checkDest) on
673
        // destruction, so introduce the scope to make sure it gets properly
674
        // populated.
675
230k
        CheckerContext C(B, Eng, Pred, L);
676
230k
        evaluated = EvalCallChecker(Call, C);
677
230k
      }
678
230k
      assert(!(evaluated && anyEvaluated)
679
230k
             && "There are more than one checkers evaluating the call");
680
230k
      if (evaluated) {
681
20.0k
        anyEvaluated = true;
682
20.0k
        Dst.insert(checkDst);
683
#ifdef NDEBUG
684
        break; // on release don't check that no other checker also evals.
685
#endif
686
20.0k
      }
687
230k
    }
688
689
    // If none of the checkers evaluated the call, ask ExprEngine to handle it.
690
78.8k
    if (!anyEvaluated) {
691
58.8k
      NodeBuilder B(Pred, Dst, Eng.getBuilderContext());
692
58.8k
      Eng.defaultEvalCall(B, Pred, Call, CallOpts);
693
58.8k
    }
694
78.8k
  }
695
79.5k
}
696
697
/// Run checkers for the entire Translation Unit.
698
void CheckerManager::runCheckersOnEndOfTranslationUnit(
699
                                                  const TranslationUnitDecl *TU,
700
                                                  AnalysisManager &mgr,
701
1.31k
                                                  BugReporter &BR) {
702
1.31k
  for (const auto &EndOfTranslationUnitChecker : EndOfTranslationUnitCheckers)
703
30
    EndOfTranslationUnitChecker(TU, mgr, BR);
704
1.31k
}
705
706
void CheckerManager::runCheckersForPrintStateJson(raw_ostream &Out,
707
                                                  ProgramStateRef State,
708
                                                  const char *NL,
709
                                                  unsigned int Space,
710
126
                                                  bool IsDot) const {
711
126
  Indent(Out, Space, IsDot) << "\"checker_messages\": ";
712
713
  // Create a temporary stream to see whether we have any message.
714
126
  SmallString<1024> TempBuf;
715
126
  llvm::raw_svector_ostream TempOut(TempBuf);
716
126
  unsigned int InnerSpace = Space + 2;
717
718
  // Create the new-line in JSON with enough space.
719
126
  SmallString<128> NewLine;
720
126
  llvm::raw_svector_ostream NLOut(NewLine);
721
126
  NLOut << "\", " << NL;                     // Inject the ending and a new line
722
126
  Indent(NLOut, InnerSpace, IsDot) << "\"";  // then begin the next message.
723
724
126
  ++Space;
725
126
  bool HasMessage = false;
726
727
  // Store the last CheckerTag.
728
126
  const void *LastCT = nullptr;
729
2.22k
  for (const auto &CT : CheckerTags) {
730
    // See whether the current checker has a message.
731
2.22k
    CT.second->printState(TempOut, State, /*NL=*/NewLine.c_str(), /*Sep=*/"");
732
733
2.22k
    if (TempBuf.empty())
734
2.19k
      continue;
735
736
35
    if (!HasMessage) {
737
21
      Out << '[' << NL;
738
21
      HasMessage = true;
739
21
    }
740
741
35
    LastCT = &CT;
742
35
    TempBuf.clear();
743
35
  }
744
745
2.22k
  for (const auto &CT : CheckerTags) {
746
    // See whether the current checker has a message.
747
2.22k
    CT.second->printState(TempOut, State, /*NL=*/NewLine.c_str(), /*Sep=*/"");
748
749
2.22k
    if (TempBuf.empty())
750
2.19k
      continue;
751
752
35
    Indent(Out, Space, IsDot)
753
35
        << "{ \"checker\": \"" << CT.second->getCheckerName().getName()
754
35
        << "\", \"messages\": [" << NL;
755
35
    Indent(Out, InnerSpace, IsDot)
756
35
        << '\"' << TempBuf.str().trim() << '\"' << NL;
757
35
    Indent(Out, Space, IsDot) << "]}";
758
759
35
    if (&CT != LastCT)
760
14
      Out << ',';
761
35
    Out << NL;
762
763
35
    TempBuf.clear();
764
35
  }
765
766
  // It is the last element of the 'program_state' so do not add a comma.
767
126
  if (HasMessage)
768
21
    Indent(Out, --Space, IsDot) << "]";
769
105
  else
770
105
    Out << "null";
771
772
126
  Out << NL;
773
126
}
774
775
//===----------------------------------------------------------------------===//
776
// Internal registration functions for AST traversing.
777
//===----------------------------------------------------------------------===//
778
779
void CheckerManager::_registerForDecl(CheckDeclFunc checkfn,
780
292
                                      HandlesDeclFunc isForDeclFn) {
781
292
  DeclCheckerInfo info = { checkfn, isForDeclFn };
782
292
  DeclCheckers.push_back(info);
783
292
}
784
785
669
void CheckerManager::_registerForBody(CheckDeclFunc checkfn) {
786
669
  BodyCheckers.push_back(checkfn);
787
669
}
788
789
//===----------------------------------------------------------------------===//
790
// Internal registration functions for path-sensitive checking.
791
//===----------------------------------------------------------------------===//
792
793
void CheckerManager::_registerForPreStmt(CheckStmtFunc checkfn,
794
8.13k
                                         HandlesStmtFunc isForStmtFn) {
795
8.13k
  StmtCheckerInfo info = { checkfn, isForStmtFn, /*IsPreVisit*/true };
796
8.13k
  StmtCheckers.push_back(info);
797
8.13k
}
798
799
void CheckerManager::_registerForPostStmt(CheckStmtFunc checkfn,
800
5.84k
                                          HandlesStmtFunc isForStmtFn) {
801
5.84k
  StmtCheckerInfo info = { checkfn, isForStmtFn, /*IsPreVisit*/false };
802
5.84k
  StmtCheckers.push_back(info);
803
5.84k
}
804
805
2.36k
void CheckerManager::_registerForPreObjCMessage(CheckObjCMessageFunc checkfn) {
806
2.36k
  PreObjCMessageCheckers.push_back(checkfn);
807
2.36k
}
808
809
1.08k
void CheckerManager::_registerForObjCMessageNil(CheckObjCMessageFunc checkfn) {
810
1.08k
  ObjCMessageNilCheckers.push_back(checkfn);
811
1.08k
}
812
813
2.63k
void CheckerManager::_registerForPostObjCMessage(CheckObjCMessageFunc checkfn) {
814
2.63k
  PostObjCMessageCheckers.push_back(checkfn);
815
2.63k
}
816
817
5.03k
void CheckerManager::_registerForPreCall(CheckCallFunc checkfn) {
818
5.03k
  PreCallCheckers.push_back(checkfn);
819
5.03k
}
820
3.03k
void CheckerManager::_registerForPostCall(CheckCallFunc checkfn) {
821
3.03k
  PostCallCheckers.push_back(checkfn);
822
3.03k
}
823
824
2.53k
void CheckerManager::_registerForLocation(CheckLocationFunc checkfn) {
825
2.53k
  LocationCheckers.push_back(checkfn);
826
2.53k
}
827
828
2.46k
void CheckerManager::_registerForBind(CheckBindFunc checkfn) {
829
2.46k
  BindCheckers.push_back(checkfn);
830
2.46k
}
831
832
322
void CheckerManager::_registerForEndAnalysis(CheckEndAnalysisFunc checkfn) {
833
322
  EndAnalysisCheckers.push_back(checkfn);
834
322
}
835
836
1.32k
void CheckerManager::_registerForBeginFunction(CheckBeginFunctionFunc checkfn) {
837
1.32k
  BeginFunctionCheckers.push_back(checkfn);
838
1.32k
}
839
840
1.64k
void CheckerManager::_registerForEndFunction(CheckEndFunctionFunc checkfn) {
841
1.64k
  EndFunctionCheckers.push_back(checkfn);
842
1.64k
}
843
844
void CheckerManager::_registerForBranchCondition(
845
1.14k
                                             CheckBranchConditionFunc checkfn) {
846
1.14k
  BranchConditionCheckers.push_back(checkfn);
847
1.14k
}
848
849
223
void CheckerManager::_registerForNewAllocator(CheckNewAllocatorFunc checkfn) {
850
223
  NewAllocatorCheckers.push_back(checkfn);
851
223
}
852
853
353
void CheckerManager::_registerForLiveSymbols(CheckLiveSymbolsFunc checkfn) {
854
353
  LiveSymbolsCheckers.push_back(checkfn);
855
353
}
856
857
2.50k
void CheckerManager::_registerForDeadSymbols(CheckDeadSymbolsFunc checkfn) {
858
2.50k
  DeadSymbolsCheckers.push_back(checkfn);
859
2.50k
}
860
861
541
void CheckerManager::_registerForRegionChanges(CheckRegionChangesFunc checkfn) {
862
541
  RegionChangesCheckers.push_back(checkfn);
863
541
}
864
865
608
void CheckerManager::_registerForPointerEscape(CheckPointerEscapeFunc checkfn){
866
608
  PointerEscapeCheckers.push_back(checkfn);
867
608
}
868
869
void CheckerManager::_registerForConstPointerEscape(
870
0
                                          CheckPointerEscapeFunc checkfn) {
871
0
  PointerEscapeCheckers.push_back(checkfn);
872
0
}
873
874
405
void CheckerManager::_registerForEvalAssume(EvalAssumeFunc checkfn) {
875
405
  EvalAssumeCheckers.push_back(checkfn);
876
405
}
877
878
1.91k
void CheckerManager::_registerForEvalCall(EvalCallFunc checkfn) {
879
1.91k
  EvalCallCheckers.push_back(checkfn);
880
1.91k
}
881
882
void CheckerManager::_registerForEndOfTranslationUnit(
883
30
                                            CheckEndOfTranslationUnit checkfn) {
884
30
  EndOfTranslationUnitCheckers.push_back(checkfn);
885
30
}
886
887
//===----------------------------------------------------------------------===//
888
// Implementation details.
889
//===----------------------------------------------------------------------===//
890
891
const CheckerManager::CachedStmtCheckers &
892
1.42M
CheckerManager::getCachedStmtCheckersFor(const Stmt *S, bool isPreVisit) {
893
1.42M
  assert(S);
894
895
1.42M
  unsigned Key = (S->getStmtClass() << 1) | unsigned(isPreVisit);
896
1.42M
  CachedStmtCheckersMapTy::iterator CCI = CachedStmtCheckersMap.find(Key);
897
1.42M
  if (CCI != CachedStmtCheckersMap.end())
898
1.40M
    return CCI->second;
899
900
  // Find the checkers that should run for this Stmt and cache them.
901
19.5k
  CachedStmtCheckers &Checkers = CachedStmtCheckersMap[Key];
902
19.5k
  for (const auto &Info : StmtCheckers)
903
230k
    if (Info.IsPreVisit == isPreVisit && 
Info.IsForStmtFn(S)115k
)
904
7.09k
      Checkers.push_back(Info.CheckFn);
905
19.5k
  return Checkers;
906
19.5k
}