const llvm::APSInt *getSymVal(SymbolRef sym) const;
- SVal getExprVal(const Stmt* Ex) const;
+ SVal getSVal(const Stmt* Ex) const;
- SVal getExprValAsScalarOrLoc(const Stmt *Ex) const;
+ SVal getSValAsScalarOrLoc(const Stmt *Ex) const;
- SVal Load(Loc LV, QualType T = QualType()) const;
+ SVal getSVal(Loc LV, QualType T = QualType()) const;
- SVal Load(const MemRegion* R) const;
+ SVal getSVal(const MemRegion* R) const;
- SVal LoadAsScalarOrLoc(const MemRegion *R) const;
+ SVal getSValAsScalarOrLoc(const MemRegion *R) const;
const llvm::APSInt *getSymVal(SymbolRef sym);
return getStateManager().getSymVal(this, sym);
}
-inline SVal GRState::getExprVal(const Stmt* Ex) const {
+inline SVal GRState::getSVal(const Stmt* Ex) const {
return Env.GetSVal(Ex, getStateManager().ValueMgr);
}
-inline SVal GRState::getExprValAsScalarOrLoc(const Stmt *S) const {
+inline SVal GRState::getSValAsScalarOrLoc(const Stmt *S) const {
if (const Expr *Ex = dyn_cast<Expr>(S)) {
QualType T = Ex->getType();
if (Loc::IsLocType(T) || T->isIntegerType())
- return getExprVal(S);
+ return getSVal(S);
}
return UnknownVal();
}
-inline SVal GRState::Load(Loc LV, QualType T) const {
+inline SVal GRState::getSVal(Loc LV, QualType T) const {
return getStateManager().StoreMgr->Retrieve(St, LV, T);
}
-inline SVal GRState::Load(const MemRegion* R) const {
+inline SVal GRState::getSVal(const MemRegion* R) const {
return getStateManager().StoreMgr->Retrieve(St, loc::MemRegionVal(R));
}
// Fetch the signature of the called function.
const GRState *state = C.getState();
- SVal V = state->getExprVal(CE);
+ SVal V = state->getSVal(CE);
if (V.isUnknown())
return;
return;
}
- const MemRegion *callee = state->getExprVal(CE->getCallee()).getAsRegion();
+ const MemRegion *callee = state->getSVal(CE->getCallee()).getAsRegion();
if (!callee)
return;
const GRState *state = C.getState();
// Check if the callee has a 'nonnull' attribute.
- SVal X = state->getExprVal(CE->getCallee());
+ SVal X = state->getSVal(CE->getCallee());
const FunctionDecl* FD = X.getAsFunctionDecl();
if (!FD)
if (!Att->isNonNull(idx))
continue;
- const SVal &V = state->getExprVal(*I);
+ const SVal &V = state->getSVal(*I);
const DefinedSVal *DV = dyn_cast<DefinedSVal>(&V);
if (!DV)
const Expr * E = ME->getArg(Arg);
- if (isNil(N->getState()->getExprVal(E))) {
+ if (isNil(N->getState()->getSVal(E))) {
WarnNilArg(N, ME, Arg);
return true;
}
const CallExpr* CE =
cast<CallExpr>(cast<PostStmt>(N->getLocation()).getStmt());
const Expr* Callee = CE->getCallee();
- SVal CallV = N->getState()->getExprVal(Callee);
+ SVal CallV = N->getState()->getSVal(Callee);
const FunctionDecl* FD = CallV.getAsFunctionDecl();
if (!FD || FD->getIdentifier() != II || CE->getNumArgs()!=3)
return false;
// Get the value of the "theType" argument.
- SVal TheTypeVal = N->getState()->getExprVal(CE->getArg(1));
+ SVal TheTypeVal = N->getState()->getSVal(CE->getArg(1));
// FIXME: We really should allow ranges of valid theType values, and
// bifurcate the state appropriately.
// Look at the value of the integer being passed by reference. Essentially
// we want to catch cases where the value passed in is not equal to the
// size of the type being created.
- SVal TheValueExpr = N->getState()->getExprVal(CE->getArg(2));
+ SVal TheValueExpr = N->getState()->getSVal(CE->getArg(2));
// FIXME: Eventually we should handle arbitrary locations. We can do this
// by having an enhanced memory model that does low-level typing.
// Check if we called CFRetain/CFRelease.
const GRState* state = N->getState();
- SVal X = state->getExprVal(CE->getCallee());
+ SVal X = state->getSVal(CE->getCallee());
const FunctionDecl* FD = X.getAsFunctionDecl();
if (!FD)
if (!DR)
continue;
- SVal Y = N->getState()->getExprVal(DR);
+ SVal Y = N->getState()->getSVal(DR);
if (X != Y)
continue;
return true;
// Check if the previous state has this binding.
- SVal X = PrevSt->Load(loc::MemRegionVal(R));
+ SVal X = PrevSt->getSVal(loc::MemRegionVal(R));
if (X == V) // Same binding?
return true;
}
}
- if (Node->getState()->Load(R) != V)
+ if (Node->getState()->getSVal(R) != V)
break;
}
StateMgr.getRegionManager().getVarRegion(VD, N->getLocationContext());
// What did we load?
- SVal V = state->getExprVal(S);
+ SVal V = state->getSVal(S);
if (isa<loc::ConcreteInt>(V) || isa<nonloc::ConcreteInt>(V)
|| V.isUndef()) {
}
}
- SVal V = state->getExprValAsScalarOrLoc(S);
+ SVal V = state->getSValAsScalarOrLoc(S);
// Uncomment this to find cases where we aren't properly getting the
// base value that was dereferenced.
bool BuiltinFunctionChecker::EvalCallExpr(CheckerContext &C,const CallExpr *CE){
const GRState *state = C.getState();
const Expr *Callee = CE->getCallee();
- SVal L = state->getExprVal(Callee);
+ SVal L = state->getSVal(Callee);
const FunctionDecl *FD = L.getAsFunctionDecl();
if (!FD)
case Builtin::BI__builtin_expect: {
// For __builtin_expect, just return the value of the subexpression.
assert (CE->arg_begin() != CE->arg_end());
- SVal X = state->getExprVal(*(CE->arg_begin()));
+ SVal X = state->getSVal(*(CE->arg_begin()));
C.GenerateNode(state->BindExpr(CE, X));
return true;
}
// Set the extent of the region in bytes. This enables us to use the
// SVal of the argument directly. If we save the extent in bits, we
// cannot represent values like symbol*8.
- SVal Extent = state->getExprVal(*(CE->arg_begin()));
+ SVal Extent = state->getSVal(*(CE->arg_begin()));
state = C.getStoreManager().setExtent(state, R, Extent);
C.GenerateNode(state->BindExpr(CE, loc::MemRegionVal(R)));
return true;
// FIXME: Is this really working as expected? There are cases where
// we just use the 'ID' from the message expression.
- SVal receiverV = state->getExprValAsScalarOrLoc(Receiver);
+ SVal receiverV = state->getSValAsScalarOrLoc(Receiver);
// FIXME: Eventually replace the use of state->get<RefBindings> with
// a generic API for reasoning about the Objective-C types of symbolic
if (const loc::MemRegionVal *L = dyn_cast<loc::MemRegionVal>(&receiverV)) {
// Get the region associated with 'self'.
if (const ImplicitParamDecl *SelfDecl = LC->getSelfDecl()) {
- SVal SelfVal = state->Load(state->getRegion(SelfDecl, LC));
+ SVal SelfVal = state->getSVal(state->getRegion(SelfDecl, LC));
if (L->StripCasts() == SelfVal.getAsRegion()) {
// Update the summary to make the default argument effect
// 'StopTracking'.
if (const CallExpr *CE = dyn_cast<CallExpr>(S)) {
// Get the name of the callee (if it is available).
- SVal X = CurrSt->getExprValAsScalarOrLoc(CE->getCallee());
+ SVal X = CurrSt->getSValAsScalarOrLoc(CE->getCallee());
if (const FunctionDecl* FD = X.getAsFunctionDecl())
os << "Call to function '" << FD->getNameAsString() <<'\'';
else
// Retrieve the value of the argument. Is it the symbol
// we are interested in?
- if (CurrSt->getExprValAsScalarOrLoc(*AI).getAsLocSymbol() != Sym)
+ if (CurrSt->getSValAsScalarOrLoc(*AI).getAsLocSymbol() != Sym)
continue;
// We have an argument. Get the effect!
}
else if (const ObjCMessageExpr *ME = dyn_cast<ObjCMessageExpr>(S)) {
if (const Expr *receiver = ME->getReceiver())
- if (CurrSt->getExprValAsScalarOrLoc(receiver).getAsLocSymbol() == Sym) {
+ if (CurrSt->getSValAsScalarOrLoc(receiver).getAsLocSymbol() == Sym) {
// The symbol we are tracking is the receiver.
AEffects.push_back(Summ->getReceiverEffect());
}
if (contains(AEffects, MakeCollectable)) {
// Get the name of the function.
const Stmt* S = cast<PostStmt>(N->getLocation()).getStmt();
- SVal X = CurrSt->getExprValAsScalarOrLoc(cast<CallExpr>(S)->getCallee());
+ SVal X = CurrSt->getSValAsScalarOrLoc(cast<CallExpr>(S)->getCallee());
const FunctionDecl* FD = X.getAsFunctionDecl();
const std::string& FName = FD->getNameAsString();
for (Stmt::const_child_iterator I = S->child_begin(), E = S->child_end();
I!=E; ++I)
if (const Expr* Exp = dyn_cast_or_null<Expr>(*I))
- if (CurrSt->getExprValAsScalarOrLoc(Exp).getAsLocSymbol() == Sym) {
+ if (CurrSt->getSValAsScalarOrLoc(Exp).getAsLocSymbol() == Sym) {
P->addRange(Exp->getSourceRange());
break;
}
llvm::SmallVector<const MemRegion*, 10> RegionsToInvalidate;
for (ExprIterator I = arg_beg; I != arg_end; ++I, ++idx) {
- SVal V = state->getExprValAsScalarOrLoc(*I);
+ SVal V = state->getSValAsScalarOrLoc(*I);
SymbolRef Sym = V.getAsLocSymbol();
if (Sym)
// Evaluate the effect on the message receiver.
if (!ErrorExpr && Receiver) {
- SymbolRef Sym = state->getExprValAsScalarOrLoc(Receiver).getAsLocSymbol();
+ SymbolRef Sym = state->getSValAsScalarOrLoc(Receiver).getAsLocSymbol();
if (Sym) {
if (const RefVal* T = state->get<RefBindings>(Sym)) {
state = Update(state, Sym, *T, Summ.getReceiverEffect(), hasErr);
if (RE.getKind() == RetEffect::OwnedWhenTrackedReceiver) {
assert(Receiver);
- SVal V = state->getExprValAsScalarOrLoc(Receiver);
+ SVal V = state->getSValAsScalarOrLoc(Receiver);
bool found = false;
if (SymbolRef Sym = V.getAsLocSymbol())
if (state->get<RefBindings>(Sym)) {
// For CallExpr, use the result type to know if it returns a reference.
if (const CallExpr *CE = dyn_cast<CallExpr>(Ex)) {
const Expr *Callee = CE->getCallee();
- if (const FunctionDecl *FD =
- state->getExprVal(Callee).getAsFunctionDecl())
+ if (const FunctionDecl *FD = state->getSVal(Callee).getAsFunctionDecl())
T = FD->getResultType();
}
else if (const ObjCMessageExpr *ME = dyn_cast<ObjCMessageExpr>(Ex)) {
unsigned idx = RE.getIndex();
assert (arg_end >= arg_beg);
assert (idx < (unsigned) (arg_end - arg_beg));
- SVal V = state->getExprValAsScalarOrLoc(*(arg_beg+idx));
+ SVal V = state->getSValAsScalarOrLoc(*(arg_beg+idx));
state = state->BindExpr(Ex, V, false);
break;
}
case RetEffect::ReceiverAlias: {
assert (Receiver);
- SVal V = state->getExprValAsScalarOrLoc(Receiver);
+ SVal V = state->getSValAsScalarOrLoc(Receiver);
state = state->BindExpr(Ex, V, false);
break;
}
return;
const GRState *state = Builder.GetState(Pred);
- SymbolRef Sym = state->getExprValAsScalarOrLoc(RetE).getAsLocSymbol();
+ SymbolRef Sym = state->getSValAsScalarOrLoc(RetE).getAsLocSymbol();
if (!Sym)
return;
const GRState *state = C.getState();
const BlockDataRegion *R =
- cast<BlockDataRegion>(state->getExprVal(BE).getAsRegion());
+ cast<BlockDataRegion>(state->getSVal(BE).getAsRegion());
BlockDataRegion::referenced_vars_iterator I = R->referenced_vars_begin(),
E = R->referenced_vars_end();
const CallExpr *CE){
const Expr *Callee = CE->getCallee()->IgnoreParens();
- SVal L = C.getState()->getExprVal(Callee);
+ SVal L = C.getState()->getSVal(Callee);
if (L.isUndef()) {
if (!BT_call_undef)
for (CallExpr::const_arg_iterator I = CE->arg_begin(), E = CE->arg_end();
I != E; ++I) {
- if (C.getState()->getExprVal(*I).isUndef()) {
+ if (C.getState()->getSVal(*I).isUndef()) {
if (ExplodedNode *N = C.GenerateSink()) {
if (!BT_call_arg)
BT_call_arg = new BuiltinBug("Pass-by-value argument in function call"
const GRState *state = C.getState();
if (const Expr *receiver = ME->getReceiver())
- if (state->getExprVal(receiver).isUndef()) {
+ if (state->getSVal(receiver).isUndef()) {
if (ExplodedNode *N = C.GenerateSink()) {
if (!BT_msg_undef)
BT_msg_undef =
// Check for any arguments that are uninitialized/undefined.
for (ObjCMessageExpr::const_arg_iterator I = ME->arg_begin(),
E = ME->arg_end(); I != E; ++I) {
- if (state->getExprVal(*I).isUndef()) {
+ if (state->getSVal(*I).isUndef()) {
if (ExplodedNode *N = C.GenerateSink()) {
if (!BT_msg_arg)
BT_msg_arg =
bool CallInliner::EvalCallExpr(CheckerContext &C, const CallExpr *CE) {
const GRState *state = C.getState();
const Expr *Callee = CE->getCallee();
- SVal L = state->getExprVal(Callee);
+ SVal L = state->getSVal(Callee);
const FunctionDecl *FD = L.getAsFunctionDecl();
if (!FD)
!B->getRHS()->getType()->isScalarType())
return;
- SVal Denom = C.getState()->getExprVal(B->getRHS());
+ SVal Denom = C.getState()->getSVal(B->getRHS());
const DefinedSVal *DV = dyn_cast<DefinedSVal>(&Denom);
// Divide-by-undefined handled in the generic checking for uses of
const GRState *state = C.getState();
- SVal RV = state->getExprVal(B->getRHS());
+ SVal RV = state->getSVal(B->getRHS());
if (!RV.isConstant() || RV.isZeroConstant())
return;
if (!R)
break;
- SVal V = state->Load(loc::MemRegionVal(R));
+ SVal V = state->getSVal(loc::MemRegionVal(R));
SVal Constraint_untested = EvalBinOp(state, BinaryOperator::GT, V,
ValMgr.makeZeroVal(T),
getContext().IntTy);
// method.
const ImplicitParamDecl *SelfD = MD->getSelfDecl();
const MemRegion *R = state->getRegion(SelfD, InitLoc);
- SVal V = state->Load(loc::MemRegionVal(R));
+ SVal V = state->getSVal(loc::MemRegionVal(R));
if (const Loc *LV = dyn_cast<Loc>(&V)) {
// Assume that the pointer value in 'self' is non-null.
}
else if (B->getOpcode() == BinaryOperator::Comma) {
const GRState* state = GetState(Pred);
- MakeNode(Dst, B, Pred, state->BindExpr(B,
- state->getExprVal(B->getRHS())));
+ MakeNode(Dst, B, Pred, state->BindExpr(B, state->getSVal(B->getRHS())));
break;
}
if (Expr* LastExpr = dyn_cast<Expr>(*SE->getSubStmt()->body_rbegin())) {
const GRState* state = GetState(Pred);
- MakeNode(Dst, SE, Pred, state->BindExpr(SE,
- state->getExprVal(LastExpr)));
+ MakeNode(Dst, SE, Pred, state->BindExpr(SE, state->getSVal(LastExpr)));
}
else
Dst.Add(Pred);
if (!bitsInit || !T->isIntegerType() || Ctx.getTypeSize(T) > bits)
return UnknownVal();
- return state->getExprVal(Ex);
+ return state->getSVal(Ex);
}
void GRExprEngine::ProcessBranch(Stmt* Condition, Stmt* Term,
return;
const GRState* PrevState = builder.getState();
- SVal X = PrevState->getExprVal(Condition);
+ SVal X = PrevState->getSVal(Condition);
if (X.isUnknown()) {
// Give it a chance to recover from unknown.
void GRExprEngine::ProcessIndirectGoto(GRIndirectGotoNodeBuilder& builder) {
const GRState *state = builder.getState();
- SVal V = state->getExprVal(builder.getTarget());
+ SVal V = state->getSVal(builder.getTarget());
// Three possibilities:
//
Pred->getLocationContext()->getCFG()->isBlkExpr(Ex));
const GRState* state = GetState(Pred);
- SVal X = state->getExprVal(Ex);
+ SVal X = state->getSVal(Ex);
assert (X.isUndef());
Expr *SE = (Expr*) cast<UndefinedVal>(X).getData();
assert(SE);
- X = state->getExprVal(SE);
+ X = state->getSVal(SE);
// Make sure that we invalidate the previous binding.
MakeNode(Dst, Ex, Pred, state->BindExpr(Ex, X, true));
typedef GRSwitchNodeBuilder::iterator iterator;
const GRState* state = builder.getState();
Expr* CondE = builder.getCondition();
- SVal CondV_untested = state->getExprVal(CondE);
+ SVal CondV_untested = state->getSVal(CondE);
if (CondV_untested.isUndef()) {
//ExplodedNode* N = builder.generateDefaultCaseNode(state, true);
assert(B==CurrentStmt && Pred->getLocationContext()->getCFG()->isBlkExpr(B));
const GRState* state = GetState(Pred);
- SVal X = state->getExprVal(B);
+ SVal X = state->getSVal(B);
assert(X.isUndef());
const Expr *Ex = (const Expr*) cast<UndefinedVal>(X).getData();
assert(Ex);
if (Ex == B->getRHS()) {
- X = state->getExprVal(Ex);
+ X = state->getSVal(Ex);
// Handle undefined values.
if (X.isUndef()) {
// reference region.
if (VD->getType()->isReferenceType()) {
if (const MemRegion *R = V.getAsRegion())
- V = state->Load(R);
+ V = state->getSVal(R);
else
V = UnknownVal();
}
for (ExplodedNodeSet::iterator I2=Tmp3.begin(),E2=Tmp3.end();I2!=E2; ++I2) {
const GRState* state = GetState(*I2);
- SVal V = state->getLValue(A->getType(), state->getExprVal(Idx),
- state->getExprVal(Base));
+ SVal V = state->getLValue(A->getType(), state->getSVal(Idx),
+ state->getSVal(Base));
if (asLValue)
MakeNode(Dst, A, *I2, state->BindExpr(A, V),
// FIXME: Should we insert some assumption logic in here to determine
// if "Base" is a valid piece of memory? Before we put this assumption
// later when using FieldOffset lvals (which we no longer have).
- SVal L = state->getLValue(Field, state->getExprVal(Base));
+ SVal L = state->getLValue(Field, state->getSVal(Base));
if (asLValue)
MakeNode(Dst, M, *I, state->BindExpr(M, L), ProgramPoint::PostLValueKind);
// Perform the load from the referenced value.
for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end() ; I!=E; ++I) {
state = GetState(*I);
- location = state->getExprVal(Ex);
+ location = state->getSVal(Ex);
EvalLoadCommon(Dst, Ex, *I, state, location, tag, LoadTy);
}
return;
ProgramPoint::PostLoadKind, tag);
}
else {
- SVal V = state->Load(cast<Loc>(location), LoadTy.isNull() ?
+ SVal V = state->getSVal(cast<Loc>(location), LoadTy.isNull() ?
Ex->getType() : LoadTy);
MakeNode(Dst, Ex, *NI, state->BindExpr(Ex, V), ProgramPoint::PostLoadKind,
tag);
DI != DE; ++DI) {
const GRState* state = GetState(*DI);
- SVal L = state->getExprVal(Callee);
+ SVal L = state->getSVal(Callee);
// FIXME: Add support for symbolic function calls (calls involving
// function pointer values that are symbolic).
for (ExplodedNodeSet::iterator NI = DstTmp4.begin(), NE = DstTmp4.end();
NI!=NE; ++NI) {
const GRState *state = GetState(*NI);
- EvalLoad(Dst, CE, *NI, state, state->getExprVal(CE),
+ EvalLoad(Dst, CE, *NI, state, state->getSVal(CE),
&ConvertToRvalueTag, LoadTy);
}
}
}
const GRState* state = Pred->getState();
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
if (nonloc::SymExprVal *SEV = dyn_cast<nonloc::SymExprVal>(&V)) {
// First assume that the condition is true.
if (const GRState *stateTrue = state->Assume(*SEV, true)) {
for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
const GRState* state = GetState(*I);
- SVal BaseVal = state->getExprVal(Base);
+ SVal BaseVal = state->getSVal(Base);
SVal location = state->getLValue(Ex->getDecl(), BaseVal);
if (asLValue)
for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I!=E; ++I) {
const GRState* state = GetState(*I);
- VisitObjCForCollectionStmtAux(S, *I, Dst, state->getExprVal(elem));
+ VisitObjCForCollectionStmtAux(S, *I, Dst, state->getSVal(elem));
}
}
// Bifurcate the state into nil and non-nil ones.
DefinedOrUnknownSVal receiverVal =
- cast<DefinedOrUnknownSVal>(state->getExprVal(Receiver));
+ cast<DefinedOrUnknownSVal>(state->getSVal(Receiver));
const GRState *notNilState, *nilState;
llvm::tie(notNilState, nilState) = state->Assume(receiverVal);
NE = DstRValueConvert.end();
NI!=NE; ++NI) {
const GRState *state = GetState(*NI);
- EvalLoad(Dst, ME, *NI, state, state->getExprVal(ME),
+ EvalLoad(Dst, ME, *NI, state, state->getSVal(ME),
&ConvertToRvalueTag, LoadTy);
}
}
// Copy the SVal of Ex to CastE.
ExplodedNode *N = *I;
const GRState *state = GetState(N);
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
state = state->BindExpr(CastE, V);
MakeNode(Dst, CastE, N, state);
}
for (ExplodedNodeSet::iterator I = S2.begin(), E = S2.end(); I != E; ++I) {
ExplodedNode* N = *I;
const GRState* state = GetState(N);
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
V = SVator.EvalCast(V, T, ExTy);
state = state->BindExpr(CastE, V);
MakeNode(Dst, CastE, N, state);
for (ExplodedNodeSet::iterator I = Tmp.begin(), EI = Tmp.end(); I!=EI; ++I) {
const GRState* state = GetState(*I);
- SVal ILV = state->getExprVal(ILE);
+ SVal ILV = state->getSVal(ILE);
const LocationContext *LC = (*I)->getLocationContext();
state = state->bindCompoundLiteral(CL, LC, ILV);
const LocationContext *LC = N->getLocationContext();
if (InitEx) {
- SVal InitVal = state->getExprVal(InitEx);
+ SVal InitVal = state->getSVal(InitEx);
// Recover some path-sensitivity if a scalar value evaluated to
// UnknownVal.
const GRState *state = GetState(N);
const LocationContext *LC = N->getLocationContext();
- SVal InitVal = state->getExprVal(InitEx);
+ SVal InitVal = state->getSVal(InitEx);
// Recover some path-sensitivity if a scalar value evaluated to
// UnknownVal.
for (ExplodedNodeSet::iterator NI=Tmp.begin(),NE=Tmp.end();NI!=NE;++NI) {
// Get the last initializer value.
state = GetState(*NI);
- SVal InitV = state->getExprVal(cast<Expr>(*X.Itr));
+ SVal InitV = state->getSVal(cast<Expr>(*X.Itr));
// Construct the new list of values by prepending the new value to
// the already constructed list.
Visit(Init, Pred, Tmp);
for (ExplodedNodeSet::iterator I=Tmp.begin(), EI=Tmp.end(); I != EI; ++I) {
state = GetState(*I);
- MakeNode(Dst, E, *I, state->BindExpr(E, state->getExprVal(Init)));
+ MakeNode(Dst, E, *I, state->BindExpr(E, state->getSVal(Init)));
}
return;
}
for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
const GRState* state = GetState(*I);
- SVal location = state->getExprVal(Ex);
+ SVal location = state->getSVal(Ex);
if (asLValue)
MakeNode(Dst, U, *I, state->BindExpr(U, location),
// For all other types, UnaryOperator::Real is an identity operation.
assert (U->getType() == Ex->getType());
const GRState* state = GetState(*I);
- MakeNode(Dst, U, *I, state->BindExpr(U, state->getExprVal(Ex)));
+ MakeNode(Dst, U, *I, state->BindExpr(U, state->getSVal(Ex)));
}
return;
for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
const GRState* state = GetState(*I);
- MakeNode(Dst, U, *I, state->BindExpr(U, state->getExprVal(Ex)));
+ MakeNode(Dst, U, *I, state->BindExpr(U, state->getSVal(Ex)));
}
return;
for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
const GRState* state = GetState(*I);
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
state = state->BindExpr(U, V);
MakeNode(Dst, U, *I, state);
}
const GRState* state = GetState(*I);
// Get the value of the subexpression.
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
if (V.isUnknownOrUndef()) {
MakeNode(Dst, U, *I, state->BindExpr(U, V));
for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I!=E; ++I) {
const GRState* state = GetState(*I);
- SVal V1 = state->getExprVal(Ex);
+ SVal V1 = state->getSVal(Ex);
// Perform a load.
ExplodedNodeSet Tmp2;
for (ExplodedNodeSet::iterator I2=Tmp2.begin(), E2=Tmp2.end();I2!=E2;++I2) {
state = GetState(*I2);
- SVal V2_untested = state->getExprVal(Ex);
+ SVal V2_untested = state->getSVal(Ex);
// Propagate unknown and undefined values.
if (V2_untested.isUnknownOrUndef()) {
Pred->getLocationContext());
const GRState *state = GetState(Pred);
- SVal V = state->Load(loc::MemRegionVal(R));
+ SVal V = state->getSVal(loc::MemRegionVal(R));
MakeNode(Dst, TE, Pred, state->BindExpr(TE, V));
}
for (AsmStmt::outputs_iterator OI = A->begin_outputs(),
OE = A->end_outputs(); OI != OE; ++OI) {
- SVal X = state->getExprVal(*OI);
+ SVal X = state->getSVal(*OI);
assert (!isa<NonLoc>(X)); // Should be an Lval, or unknown, undef.
if (isa<Loc>(X))
ExplodedNodeSet Tmp3;
for (ExplodedNodeSet::iterator I1=Tmp1.begin(), E1=Tmp1.end(); I1!=E1; ++I1) {
- SVal LeftV = (*I1)->getState()->getExprVal(LHS);
+ SVal LeftV = (*I1)->getState()->getSVal(LHS);
ExplodedNodeSet Tmp2;
Visit(RHS, *I1, Tmp2);
const GRState *state = GetState(*I2);
const GRState *OldSt = state;
- SVal RightV = state->getExprVal(RHS);
+ SVal RightV = state->getSVal(RHS);
BinaryOperator::Opcode Op = B->getOpcode();
// Perform a load (the LHS). This performs the checks for
// null dereferences, and so on.
ExplodedNodeSet Tmp4;
- SVal location = state->getExprVal(LHS);
+ SVal location = state->getSVal(LHS);
EvalLoad(Tmp4, LHS, *I2, state, location);
for (ExplodedNodeSet::iterator I4=Tmp4.begin(), E4=Tmp4.end(); I4!=E4;
++I4) {
state = GetState(*I4);
- SVal V = state->getExprVal(LHS);
+ SVal V = state->getSVal(LHS);
// Get the computation type.
QualType CTy =
// Bind the temporary object to the value of the expression. Then bind
// the expression to the location of the object.
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
const MemRegion *R =
ValMgr.getRegionManager().getCXXObjectRegion(Ex,
return getStateManager().getPersistentState(NewSt);
}
-SVal GRState::LoadAsScalarOrLoc(const MemRegion *R) const {
+SVal GRState::getSValAsScalarOrLoc(const MemRegion *R) const {
// We only want to do fetches from regions that we can actually bind
// values. For example, SymbolicRegions of type 'id<...>' cannot
// have direct bindings (but their can be bindings on their subregions).
if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) {
QualType T = TR->getValueType(getStateManager().getContext());
if (Loc::IsLocType(T) || T->isIntegerType())
- return Load(R);
+ return getSVal(R);
}
return UnknownVal();
return false;
// Now look at the binding to this region (if any).
- if (!scan(state->LoadAsScalarOrLoc(R)))
+ if (!scan(state->getSValAsScalarOrLoc(R)))
return false;
// Now look at the subregions.
bool GRStateManager::isEqual(const GRState* state, const Expr* Ex,
const llvm::APSInt& Y) {
- SVal V = state->getExprVal(Ex);
+ SVal V = state->getSVal(Ex);
if (loc::ConcreteInt* X = dyn_cast<loc::ConcreteInt>(&V))
return X->getValue() == Y;
bool MallocChecker::EvalCallExpr(CheckerContext &C, const CallExpr *CE) {
const GRState *state = C.getState();
const Expr *Callee = CE->getCallee();
- SVal L = state->getExprVal(Callee);
+ SVal L = state->getSVal(Callee);
const FunctionDecl *FD = L.getAsFunctionDecl();
if (!FD)
SVal RetVal = ValMgr.getConjuredSymbolVal(NULL, CE, CE->getType(), Count);
- SVal Size = state->getExprVal(SizeEx);
+ SVal Size = state->getSVal(SizeEx);
state = C.getEngine().getStoreManager().setExtent(state, RetVal.getAsRegion(),
Size);
const GRState *MallocChecker::FreeMemAux(CheckerContext &C, const CallExpr *CE,
const GRState *state) {
- SVal ArgVal = state->getExprVal(CE->getArg(0));
+ SVal ArgVal = state->getSVal(CE->getArg(0));
SymbolRef Sym = ArgVal.getAsLocSymbol();
assert(Sym);
void MallocChecker::ReallocMem(CheckerContext &C, const CallExpr *CE) {
const GRState *state = C.getState();
const Expr *Arg0 = CE->getArg(0);
- DefinedOrUnknownSVal Arg0Val =
- cast<DefinedOrUnknownSVal>(state->getExprVal(Arg0));
+ DefinedOrUnknownSVal Arg0Val=cast<DefinedOrUnknownSVal>(state->getSVal(Arg0));
ValueManager &ValMgr = C.getValueManager();
SValuator &SVator = C.getSValuator();
if (const GRState *stateNotEqual = state->Assume(PtrEQ, false)) {
const Expr *Arg1 = CE->getArg(1);
DefinedOrUnknownSVal Arg1Val =
- cast<DefinedOrUnknownSVal>(stateNotEqual->getExprVal(Arg1));
+ cast<DefinedOrUnknownSVal>(stateNotEqual->getSVal(Arg1));
DefinedOrUnknownSVal SizeZero = SVator.EvalEQ(stateNotEqual, Arg1Val,
ValMgr.makeIntValWithPtrWidth(0, false));
const GRState *state = C.getState();
- SymbolRef Sym = state->getExprVal(RetE).getAsSymbol();
+ SymbolRef Sym = state->getSVal(RetE).getAsSymbol();
if (!Sym)
return;
SVal ParamL = rootState->getLValue(Param, LC);
const MemRegion* ParamR = cast<loc::MemRegionVal>(ParamL).getRegionAs<VarRegion>();
assert (ParamR && "Parameters always have VarRegions.");
- SVal ParamSVal = rootState->Load(ParamR);
+ SVal ParamSVal = rootState->getSVal(ParamR);
// FIXME: For now assume that ParamSVal is symbolic. We need to generalize
// this later.
llvm::tie(I, E) = GetImplicitNullDereferences(Eng);
for ( ; I != E; ++I) {
const GRState *state = (*I)->getState();
- SVal location =
- state->getExprVal((*I)->getLocationAs<StmtPoint>()->getStmt());
+ SVal location = state->getSVal((*I)->getLocationAs<StmtPoint>()->getStmt());
if (location.getAsSymbol() != ParamSym)
continue;
const CallExpr *CE) {
const GRState *state = C.getState();
const Expr *Callee = CE->getCallee();
- SVal L = state->getExprVal(Callee);
+ SVal L = state->getSVal(Callee);
const FunctionDecl *FD = L.getAsFunctionDecl();
if (!FD)
return false;
bool OSAtomicChecker::EvalCallExpr(CheckerContext &C,const CallExpr *CE) {
const GRState *state = C.getState();
const Expr *Callee = CE->getCallee();
- SVal L = state->getExprVal(Callee);
+ SVal L = state->getSVal(Callee);
const FunctionDecl* FD = L.getAsFunctionDecl();
if (!FD)
GRExprEngine &Engine = C.getEngine();
const GRState *state = C.getState();
ExplodedNodeSet Tmp;
- SVal location = state->getExprVal(theValueExpr);
+ SVal location = state->getSVal(theValueExpr);
// Here we should use the value type of the region as the load type.
QualType LoadTy;
if (const TypedRegion *TR =
ExplodedNode *N = *I;
const GRState *stateLoad = N->getState();
- SVal theValueVal_untested = stateLoad->getExprVal(theValueExpr);
- SVal oldValueVal_untested = stateLoad->getExprVal(oldValueExpr);
+ SVal theValueVal_untested = stateLoad->getSVal(theValueExpr);
+ SVal oldValueVal_untested = stateLoad->getSVal(oldValueExpr);
// FIXME: Issue an error.
if (theValueVal_untested.isUndef() || oldValueVal_untested.isUndef()) {
if (stateEqual) {
// Perform the store.
ExplodedNodeSet TmpStore;
- SVal val = stateEqual->getExprVal(newValueExpr);
+ SVal val = stateEqual->getSVal(newValueExpr);
// Handle implicit value casts.
if (const TypedRegion *R =
return;
const GRState *state = C.getState();
- SVal LV = state->getExprVal(B->getLHS());
- SVal RV = state->getExprVal(B->getRHS());
+ SVal LV = state->getSVal(B->getLHS());
+ SVal RV = state->getSVal(B->getRHS());
const MemRegion *LR = LV.getAsRegion();
return;
const GRState *state = C.getState();
- SVal LV = state->getExprVal(B->getLHS());
- SVal RV = state->getExprVal(B->getRHS());
+ SVal LV = state->getSVal(B->getLHS());
+ SVal RV = state->getSVal(B->getRHS());
const MemRegion *LR = LV.getAsRegion();
const MemRegion *RR = RV.getAsRegion();
const GRState *state = C.getState();
const Expr *Callee = CE->getCallee();
const FunctionTextRegion *R =
- dyn_cast_or_null<FunctionTextRegion>(state->getExprVal(Callee).getAsRegion());
+ dyn_cast_or_null<FunctionTextRegion>(state->getSVal(Callee).getAsRegion());
if (!R)
return;
if (FName == "pthread_mutex_lock") {
if (CE->getNumArgs() != 1)
return;
- AcquireLock(C, CE, state->getExprVal(CE->getArg(0)), false);
+ AcquireLock(C, CE, state->getSVal(CE->getArg(0)), false);
}
else if (FName == "pthread_mutex_trylock") {
if (CE->getNumArgs() != 1)
return;
- AcquireLock(C, CE, state->getExprVal(CE->getArg(0)), true);
+ AcquireLock(C, CE, state->getSVal(CE->getArg(0)), true);
}
else if (FName == "pthread_mutex_unlock") {
if (CE->getNumArgs() != 1)
return;
- ReleaseLock(C, CE, state->getExprVal(CE->getArg(0)));
+ ReleaseLock(C, CE, state->getSVal(CE->getArg(0)));
}
}
const GRState *state = C.getState();
- SVal X = state->getExprVal(CE);
+ SVal X = state->getSVal(CE);
if (X.isUnknownOrUndef())
return;
// Copy the arg expression value to the arg variables.
Store store = state->getStore();
for (; AI != AE; ++AI, ++PI) {
- SVal ArgVal = state->getExprVal(*AI);
+ SVal ArgVal = state->getSVal(*AI);
store = Bind(store, ValMgr.makeLoc(MRMgr.getVarRegion(*PI, frame)), ArgVal);
}
if (!RetE)
return;
- SVal V = state->getExprVal(RetE);
+ SVal V = state->getSVal(RetE);
const MemRegion *R = V.getAsRegion();
if (!R)
return;
if (!RetE)
return;
- SVal V = C.getState()->getExprVal(RetE);
+ SVal V = C.getState()->getSVal(RetE);
const MemRegion *R = V.getAsRegion();
if (!R || !R->hasStackStorage())
if (!RetE)
return;
- if (!C.getState()->getExprVal(RetE).isUndef())
+ if (!C.getState()->getSVal(RetE).isUndef())
return;
ExplodedNode *N = C.GenerateSink();
return Ex;
}
- bool MatchesCriteria(Expr* Ex) { return St->getExprVal(Ex).isUndef(); }
+ bool MatchesCriteria(Expr* Ex) { return St->getSVal(Ex).isUndef(); }
};
public:
GRExprEngine &Eng,
Stmt *Condition, void *tag) {
const GRState *state = Builder.getState();
- SVal X = state->getExprVal(Condition);
+ SVal X = state->getSVal(Condition);
if (X.isUndef()) {
ExplodedNode *N = Builder.generateNode(state, true);
if (N) {
void UndefResultChecker::PostVisitBinaryOperator(CheckerContext &C,
const BinaryOperator *B) {
const GRState *state = C.getState();
- if (state->getExprVal(B).isUndef()) {
+ if (state->getSVal(B).isUndef()) {
// Generate an error node.
ExplodedNode *N = C.GenerateSink();
if (!N)
const Expr *Ex = NULL;
bool isLeft = true;
- if (state->getExprVal(B->getLHS()).isUndef()) {
+ if (state->getSVal(B->getLHS()).isUndef()) {
Ex = B->getLHS()->IgnoreParenCasts();
isLeft = true;
}
- else if (state->getExprVal(B->getRHS()).isUndef()) {
+ else if (state->getSVal(B->getRHS()).isUndef()) {
Ex = B->getRHS()->IgnoreParenCasts();
isLeft = false;
}
void
UndefinedArraySubscriptChecker::PreVisitArraySubscriptExpr(CheckerContext &C,
const ArraySubscriptExpr *A) {
- if (C.getState()->getExprVal(A->getIdx()).isUndef()) {
+ if (C.getState()->getSVal(A->getIdx()).isUndef()) {
if (ExplodedNode *N = C.GenerateSink()) {
if (!BT)
BT = new BuiltinBug("Array subscript is undefined");
// FIXME: Handle multi-dimensional VLAs.
const Expr* SE = VLA->getSizeExpr();
const GRState *state = C.getState();
- SVal sizeV = state->getExprVal(SE);
+ SVal sizeV = state->getSVal(SE);
if (sizeV.isUndef()) {
// Generate an error node.
projects / clang / commitdiff