clang 20.0.0git
NoOwnershipChangeVisitor.cpp
Go to the documentation of this file.
1//===--------------------------------------------------------------*- C++ -*--//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
15#include "llvm/ADT/SetOperations.h"
16
17using namespace clang;
18using namespace ento;
20
21namespace {
22// Collect which entities point to the allocated memory, and could be
23// responsible for deallocating it.
24class OwnershipBindingsHandler : public StoreManager::BindingsHandler {
25 SymbolRef Sym;
26 OwnerSet &Owners;
27
28public:
29 OwnershipBindingsHandler(SymbolRef Sym, OwnerSet &Owners)
30 : Sym(Sym), Owners(Owners) {}
31
32 bool HandleBinding(StoreManager &SMgr, Store Store, const MemRegion *Region,
33 SVal Val) override {
34 if (Val.getAsSymbol() == Sym)
35 Owners.insert(Region);
36 return true;
37 }
38
39 LLVM_DUMP_METHOD void dump() const { dumpToStream(llvm::errs()); }
40 LLVM_DUMP_METHOD void dumpToStream(llvm::raw_ostream &out) const {
41 out << "Owners: {\n";
42 for (const MemRegion *Owner : Owners) {
43 out << " ";
44 Owner->dumpToStream(out);
45 out << ",\n";
46 }
47 out << "}\n";
48 }
49};
50} // namespace
51
52OwnerSet NoOwnershipChangeVisitor::getOwnersAtNode(const ExplodedNode *N) {
54
55 ProgramStateRef State = N->getState();
56 OwnershipBindingsHandler Handler{Sym, Ret};
57 State->getStateManager().getStoreManager().iterBindings(State->getStore(),
58 Handler);
59 return Ret;
60}
61
62LLVM_DUMP_METHOD std::string
64 if (const CallExpr *CE = llvm::dyn_cast_or_null<CallExpr>(
65 CallEnterN->getLocationAs<CallEnter>()->getCallExpr()))
66 if (const FunctionDecl *FD = CE->getDirectCallee())
67 return FD->getQualifiedNameAsString();
68 return "";
69}
70
72 const ExplodedNode *CallEnterN, const ExplodedNode *CallExitEndN) {
73 const Decl *Callee =
74 CallExitEndN->getFirstPred()->getLocationContext()->getDecl();
76 Callee,
77 CallExitEndN->getState()->getAnalysisManager().getASTContext()))
78 return true;
79
80 if (hasResourceStateChanged(CallEnterN->getState(), CallExitEndN->getState()))
81 return true;
82
83 OwnerSet CurrOwners = getOwnersAtNode(CallEnterN);
84 OwnerSet ExitOwners = getOwnersAtNode(CallExitEndN);
85
86 // Owners in the current set may be purged from the analyzer later on.
87 // If a variable is dead (is not referenced directly or indirectly after
88 // some point), it will be removed from the Store before the end of its
89 // actual lifetime.
90 // This means that if the ownership status didn't change, CurrOwners
91 // must be a superset of, but not necessarily equal to ExitOwners.
92 return !llvm::set_is_subset(ExitOwners, CurrOwners);
93}
94
97 // TODO: Factor the logic of "what constitutes as an entity being passed
98 // into a function call" out by reusing the code in
99 // NoStoreFuncVisitor::maybeEmitNoteForParameters, maybe by incorporating
100 // the printing technology in UninitializedObject's FieldChainInfo.
101 ArrayRef<ParmVarDecl *> Parameters = Call.parameters();
102 for (unsigned I = 0; I < Call.getNumArgs() && I < Parameters.size(); ++I) {
103 SVal V = Call.getArgSVal(I);
104 if (V.getAsSymbol() == Sym)
105 return emitNote(N);
106 }
107 return nullptr;
108}
#define V(N, I)
Definition: ASTContext.h:3443
static void dump(llvm::raw_ostream &OS, StringRef FunctionName, ArrayRef< CounterExpression > Expressions, ArrayRef< CounterMappingRegion > Regions)
Represents a point when we begin processing an inlined call.
Definition: ProgramPoint.h:628
const Stmt * getCallExpr() const
Definition: ProgramPoint.h:634
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2874
Decl - This represents one declaration (or definition), e.g.
Definition: DeclBase.h:86
Represents a function declaration or definition.
Definition: Decl.h:1935
const Decl * getDecl() const
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:153
const ProgramStateRef & getState() const
const LocationContext * getLocationContext() const
std::optional< T > getLocationAs() const &
ExplodedNode * getFirstPred()
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:97
static LLVM_DUMP_METHOD std::string getFunctionName(const ExplodedNode *CallEnterN)
virtual bool doesFnIntendToHandleOwnership(const Decl *Callee, ASTContext &ACtx)=0
Heuristically guess whether the callee intended to free the resource.
llvm::SmallPtrSet< const MemRegion *, 8 > OwnerSet
bool wasModifiedInFunction(const ExplodedNode *CallEnterN, const ExplodedNode *CallExitEndN) final
PathDiagnosticPieceRef maybeEmitNoteForParameters(PathSensitiveBugReport &R, const CallEvent &Call, const ExplodedNode *N) final
Consume the information on the non-modifying stack frame in order to either emit a note or not.
virtual PathDiagnosticPieceRef emitNote(const ExplodedNode *N)=0
virtual bool hasResourceStateChanged(ProgramStateRef CallEnterState, ProgramStateRef CallExitEndState)=0
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:56
SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const
If this SVal wraps a symbol return that SymbolRef.
Definition: SVals.cpp:104
virtual bool HandleBinding(StoreManager &SMgr, Store store, const MemRegion *region, SVal val)=0
Symbolic value.
Definition: SymExpr.h:30
const void * Store
Store - This opaque type encapsulates an immutable mapping from locations to values.
Definition: StoreRef.h:27
std::shared_ptr< PathDiagnosticPiece > PathDiagnosticPieceRef
bool Ret(InterpState &S, CodePtr &PC)
Definition: Interp.h:318
The JSON file list parser is used to communicate input to InstallAPI.