/// \brief Run checkers when pointers escape.
///
/// This notifies the checkers about pointer escape, which occurs whenever
- /// the analzyer cannot track the symbol any more. For example, as a
+ /// the analyzer cannot track the symbol any more. For example, as a
/// result of assigning a pointer into a global or when it's passed to a
/// function call the analyzer cannot model.
///
/// \param State The state at the point of escape.
/// \param Escaped The list of escaped symbols.
/// \param Call The corresponding CallEvent, if the symbols escape as
- /// parameters to the given call.
+ /// parameters to the given call.
/// \returns Checkers can modify the state by returning a new one.
- ProgramStateRef runCheckersForPointerEscape(ProgramStateRef State,
- const InvalidatedSymbols &Escaped,
- const CallEvent *Call);
+ ProgramStateRef
+ runCheckersForPointerEscape(ProgramStateRef State,
+ const InvalidatedSymbols &Escaped,
+ const CallEvent *Call);
/// \brief Run checkers for handling assumptions on symbolic values.
ProgramStateRef runCheckersForEvalAssume(ProgramStateRef state,
- SVal Cond, bool Assumption);
+ SVal Cond, bool Assumption);
/// \brief Run checkers for evaluating a call.
///
SVal location, SVal Val, bool atDeclInit = false,
const ProgramPoint *PP = 0);
+ /// Call PointerEscape callback when a value escapes as a result of bind.
ProgramStateRef processPointerEscapedOnBind(ProgramStateRef State,
SVal Loc, SVal Val);
-
+ /// Call PointerEscape callback when a value escapes as a result of
+ /// region invalidation.
ProgramStateRef processPointerEscapedOnInvalidateRegions(
ProgramStateRef State,
const InvalidatedSymbols *Invalidated,
///
/// \param Regions the set of regions to be invalidated.
/// \param E the expression that caused the invalidation.
- /// \param BlockCount the current basic block count.
- /// \param ResultsInPointerEscape the flag is set to true when
- /// the invalidation is due to escape of a symbol (representing a pointer).
- /// For example, due to it being passed as an argument in a call.
+ /// \param BlockCount The number of times the current basic block has been
+ // visited.
+ /// \param CausedByPointerEscape the flag is set to true when
+ /// the invalidation is due to escape of a symbol (representing a
+ /// pointer). For example, due to it being passed as an argument in a
+ /// call.
/// \param IS the set of invalidated symbols.
- /// \param If Call is non-null, the invalidated regions were directly
- /// invalidated by the call - as parameters.
+ /// \param Call if non-null, the invalidated regions represent parameters to
+ /// the call and should be considered directly invalidated.
ProgramStateRef invalidateRegions(ArrayRef<const MemRegion *> Regions,
- const Expr *E, unsigned BlockCount,
- const LocationContext *LCtx,
- bool ResultsInPointerEscape,
- InvalidatedSymbols *IS = 0,
- const CallEvent *Call = 0) const;
+ const Expr *E, unsigned BlockCount,
+ const LocationContext *LCtx,
+ bool CausedByPointerEscape,
+ InvalidatedSymbols *IS = 0,
+ const CallEvent *Call = 0) const;
/// enterStackFrame - Returns the state for entry to the given stack frame,
/// preserving the current state.
// Invalidate this region.
const LocationContext *LCtx = C.getPredecessor()->getLocationContext();
return state->invalidateRegions(R, E, C.blockCount(), LCtx,
- /*ResultsInPointerEscape*/ false);
+ /*CausedByPointerEscape*/ false);
}
// If we have a non-region value by chance, just remove the binding.
/// \brief Called when pointers escape.
///
/// This notifies the checkers about pointer escape, which occurs whenever
- /// the analzyer cannot track the symbol any more. For example, as a
+ /// the analyzer cannot track the symbol any more. For example, as a
/// result of assigning a pointer into a global or when it's passed to a
/// function call the analyzer cannot model.
///
// Invalidate the argument region.
state = state->invalidateRegions(ArgRegion, CE, C.blockCount(), LCtx,
- /*ResultsInPointerEscape*/ false);
+ /*CausedByPointerEscape*/ false);
// Restore the refcount status of the argument.
if (Binding)
// global variables.
return Result->invalidateRegions(RegionsToInvalidate, getOriginExpr(),
BlockCount, getLocationContext(),
- /*ResultsInPointerEscape*/ true,
+ /*CausedByPointerEscape*/ true,
/*Symbols=*/0, this);
}
};
} // end anonymous namespace
-/// Call PointerEscape callback when a value escapes as a result of bind.
-/// A value escapes in three possible cases:
-/// (1) we are binding to something that is not a memory region.
-/// (2) we are binding to a memregion that does not have stack storage
-/// (3) we are binding to a memregion with stack storage that the store
-/// does not understand.
+// A value escapes in three possible cases:
+// (1) We are binding to something that is not a memory region.
+// (2) We are binding to a MemrRegion that does not have stack storage.
+// (3) We are binding to a MemRegion with stack storage that the store
+// does not understand.
ProgramStateRef ExprEngine::processPointerEscapedOnBind(ProgramStateRef State,
- SVal Loc, SVal Val) {
+ SVal Loc, SVal Val) {
// Are we storing to something that causes the value to "escape"?
bool escapes = true;
return State;
}
-/// Call PointerEscape callback when a value escapes as a result of
-/// region invalidation.
ProgramStateRef
ExprEngine::processPointerEscapedOnInvalidateRegions(ProgramStateRef State,
const InvalidatedSymbols *Invalidated,
ProgramState::invalidateRegions(ArrayRef<const MemRegion *> Regions,
const Expr *E, unsigned Count,
const LocationContext *LCtx,
- bool ResultsInPointerEscape,
+ bool CausedByPointerEscape,
InvalidatedSymbols *IS,
const CallEvent *Call) const {
if (!IS) {
InvalidatedSymbols invalidated;
return invalidateRegionsImpl(Regions, E, Count, LCtx,
- ResultsInPointerEscape,
+ CausedByPointerEscape,
invalidated, Call);
}
- return invalidateRegionsImpl(Regions, E, Count, LCtx, ResultsInPointerEscape,
+ return invalidateRegionsImpl(Regions, E, Count, LCtx, CausedByPointerEscape,
*IS, Call);
}
ProgramState::invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions,
const Expr *E, unsigned Count,
const LocationContext *LCtx,
- bool ResultsInPointerEscape,
+ bool CausedByPointerEscape,
InvalidatedSymbols &IS,
const CallEvent *Call) const {
ProgramStateManager &Mgr = getStateManager();
ProgramStateRef newState = makeWithStore(newStore);
- if (ResultsInPointerEscape)
+ if (CausedByPointerEscape)
newState = Eng->processPointerEscapedOnInvalidateRegions(newState,
&IS, Regions, Invalidated, Call);
projects / clang / commitdiff