1 //== SubEngine.h - Interface of the subengine of CoreEngine --------*- C++ -*-// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines the interface of a subengine of the CoreEngine. 11 // 12 //===----------------------------------------------------------------------===// 13 #ifndef LLVM_CLANG_GR_SUBENGINE_H 14 #define LLVM_CLANG_GR_SUBENGINE_H 15 16 #include "clang/Analysis/ProgramPoint.h" 17 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h" 18 #include "clang/StaticAnalyzer/Core/PathSensitive/Store.h" 19 20 namespace clang { 21 22 class CFGBlock; 23 class CFGElement; 24 class LocationContext; 25 class Stmt; 26 27 namespace ento { 28 29 struct NodeBuilderContext; 30 class AnalysisManager; 31 class ExplodedNodeSet; 32 class ExplodedNode; 33 class ProgramState; 34 class ProgramStateManager; 35 class BlockCounter; 36 class BranchNodeBuilder; 37 class IndirectGotoNodeBuilder; 38 class SwitchNodeBuilder; 39 class EndOfFunctionNodeBuilder; 40 class NodeBuilderWithSinks; 41 class MemRegion; 42 43 class SubEngine { 44 virtual void anchor(); 45 public: 46 virtual ~SubEngine() {} 47 48 virtual ProgramStateRef getInitialState(const LocationContext *InitLoc) = 0; 49 50 virtual AnalysisManager &getAnalysisManager() = 0; 51 52 virtual ProgramStateManager &getStateManager() = 0; 53 54 /// Called by CoreEngine. Used to generate new successor 55 /// nodes by processing the 'effects' of a block-level statement. 56 virtual void processCFGElement(const CFGElement E, ExplodedNode* Pred, 57 unsigned StmtIdx, NodeBuilderContext *Ctx)=0; 58 59 /// Called by CoreEngine when it starts processing a CFGBlock. The 60 /// SubEngine is expected to populate dstNodes with new nodes representing 61 /// updated analysis state, or generate no nodes at all if it doesn't. 62 virtual void processCFGBlockEntrance(const BlockEdge &L, 63 NodeBuilderWithSinks &nodeBuilder, 64 ExplodedNode *Pred) = 0; 65 66 /// Called by CoreEngine. Used to generate successor 67 /// nodes by processing the 'effects' of a branch condition. 68 virtual void processBranch(const Stmt *Condition, const Stmt *Term, 69 NodeBuilderContext& BuilderCtx, 70 ExplodedNode *Pred, 71 ExplodedNodeSet &Dst, 72 const CFGBlock *DstT, 73 const CFGBlock *DstF) = 0; 74 75 /// Called by CoreEngine. Used to processing branching behavior 76 /// at static initalizers. 77 virtual void processStaticInitializer(const DeclStmt *DS, 78 NodeBuilderContext& BuilderCtx, 79 ExplodedNode *Pred, 80 ExplodedNodeSet &Dst, 81 const CFGBlock *DstT, 82 const CFGBlock *DstF) = 0; 83 84 /// Called by CoreEngine. Used to generate successor 85 /// nodes by processing the 'effects' of a computed goto jump. 86 virtual void processIndirectGoto(IndirectGotoNodeBuilder& builder) = 0; 87 88 /// Called by CoreEngine. Used to generate successor 89 /// nodes by processing the 'effects' of a switch statement. 90 virtual void processSwitch(SwitchNodeBuilder& builder) = 0; 91 92 /// Called by CoreEngine. Used to generate end-of-path 93 /// nodes when the control reaches the end of a function. 94 virtual void processEndOfFunction(NodeBuilderContext& BC, 95 ExplodedNode *Pred) = 0; 96 97 // Generate the entry node of the callee. 98 virtual void processCallEnter(CallEnter CE, ExplodedNode *Pred) = 0; 99 100 // Generate the first post callsite node. 101 virtual void processCallExit(ExplodedNode *Pred) = 0; 102 103 /// Called by ConstraintManager. Used to call checker-specific 104 /// logic for handling assumptions on symbolic values. 105 virtual ProgramStateRef processAssume(ProgramStateRef state, 106 SVal cond, bool assumption) = 0; 107 108 /// wantsRegionChangeUpdate - Called by ProgramStateManager to determine if a 109 /// region change should trigger a processRegionChanges update. 110 virtual bool wantsRegionChangeUpdate(ProgramStateRef state) = 0; 111 112 /// processRegionChanges - Called by ProgramStateManager whenever a change is 113 /// made to the store. Used to update checkers that track region values. 114 virtual ProgramStateRef 115 processRegionChanges(ProgramStateRef state, 116 const InvalidatedSymbols *invalidated, 117 ArrayRef<const MemRegion *> ExplicitRegions, 118 ArrayRef<const MemRegion *> Regions, 119 const CallEvent *Call) = 0; 120 121 122 inline ProgramStateRef 123 processRegionChange(ProgramStateRef state, 124 const MemRegion* MR) { 125 return processRegionChanges(state, 0, MR, MR, 0); 126 } 127 128 virtual ProgramStateRef 129 processPointerEscapedOnBind(ProgramStateRef State, SVal Loc, SVal Val) = 0; 130 131 virtual ProgramStateRef 132 notifyCheckersOfPointerEscape(ProgramStateRef State, 133 const InvalidatedSymbols *Invalidated, 134 ArrayRef<const MemRegion *> ExplicitRegions, 135 ArrayRef<const MemRegion *> Regions, 136 const CallEvent *Call, 137 RegionAndSymbolInvalidationTraits &HTraits) = 0; 138 139 /// printState - Called by ProgramStateManager to print checker-specific data. 140 virtual void printState(raw_ostream &Out, ProgramStateRef State, 141 const char *NL, const char *Sep) = 0; 142 143 /// Called by CoreEngine when the analysis worklist is either empty or the 144 // maximum number of analysis steps have been reached. 145 virtual void processEndWorklist(bool hasWorkRemaining) = 0; 146 }; 147 148 } // end GR namespace 149 150 } // end clang namespace 151 152 #endif 153