//==- MemRegion.h - Abstract memory regions for static analysis -*- C++ -*--==// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // This file defines MemRegion and its subclasses. MemRegion defines a // partially-typed abstraction of memory useful for path-sensitive dataflow // analyses. // //===----------------------------------------------------------------------===// #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_MEMREGION_H #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_MEMREGION_H #include "clang/AST/ASTContext.h" #include "clang/AST/CharUnits.h" #include "clang/AST/Decl.h" #include "clang/AST/DeclObjC.h" #include "clang/AST/DeclarationName.h" #include "clang/AST/Expr.h" #include "clang/AST/ExprObjC.h" #include "clang/AST/Type.h" #include "clang/Analysis/AnalysisDeclContext.h" #include "clang/Basic/LLVM.h" #include "clang/Basic/SourceLocation.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h" #include "llvm/ADT/DenseMap.h" #include "llvm/ADT/FoldingSet.h" #include "llvm/ADT/PointerIntPair.h" #include "llvm/ADT/iterator_range.h" #include "llvm/Support/Allocator.h" #include "llvm/Support/Casting.h" #include "llvm/Support/ErrorHandling.h" #include <cassert> #include <cstdint> #include <limits> #include <optional> #include <string> #include <utility> namespace clang { class AnalysisDeclContext; class CXXRecordDecl; class Decl; class LocationContext; class StackFrameContext; namespace ento { class CodeTextRegion; class MemRegion; class MemRegionManager; class MemSpaceRegion; class SValBuilder; class SymbolicRegion; class VarRegion; /// Represent a region's offset within the top level base region. class RegionOffset { … }; //===----------------------------------------------------------------------===// // Base region classes. //===----------------------------------------------------------------------===// /// MemRegion - The root abstract class for all memory regions. class MemRegion : public llvm::FoldingSetNode { … }; /// MemSpaceRegion - A memory region that represents a "memory space"; /// for example, the set of global variables, the stack frame, etc. class MemSpaceRegion : public MemRegion { … }; /// CodeSpaceRegion - The memory space that holds the executable code of /// functions and blocks. class CodeSpaceRegion : public MemSpaceRegion { … }; class GlobalsSpaceRegion : public MemSpaceRegion { … }; /// The region of the static variables within the current CodeTextRegion /// scope. /// /// Currently, only the static locals are placed there, so we know that these /// variables do not get invalidated by calls to other functions. class StaticGlobalSpaceRegion : public GlobalsSpaceRegion { … }; /// The region for all the non-static global variables. /// /// This class is further split into subclasses for efficient implementation of /// invalidating a set of related global values as is done in /// RegionStoreManager::invalidateRegions (instead of finding all the dependent /// globals, we invalidate the whole parent region). class NonStaticGlobalSpaceRegion : public GlobalsSpaceRegion { … }; /// The region containing globals which are defined in system/external /// headers and are considered modifiable by system calls (ex: errno). class GlobalSystemSpaceRegion : public NonStaticGlobalSpaceRegion { … }; /// The region containing globals which are considered not to be modified /// or point to data which could be modified as a result of a function call /// (system or internal). Ex: Const global scalars would be modeled as part of /// this region. This region also includes most system globals since they have /// low chance of being modified. class GlobalImmutableSpaceRegion : public NonStaticGlobalSpaceRegion { … }; /// The region containing globals which can be modified by calls to /// "internally" defined functions - (for now just) functions other then system /// calls. class GlobalInternalSpaceRegion : public NonStaticGlobalSpaceRegion { … }; class HeapSpaceRegion : public MemSpaceRegion { … }; class UnknownSpaceRegion : public MemSpaceRegion { … }; class StackSpaceRegion : public MemSpaceRegion { … }; class StackLocalsSpaceRegion : public StackSpaceRegion { … }; class StackArgumentsSpaceRegion : public StackSpaceRegion { … }; /// SubRegion - A region that subsets another larger region. Most regions /// are subclasses of SubRegion. class SubRegion : public MemRegion { … }; //===----------------------------------------------------------------------===// // MemRegion subclasses. //===----------------------------------------------------------------------===// /// AllocaRegion - A region that represents an untyped blob of bytes created /// by a call to 'alloca'. class AllocaRegion : public SubRegion { … }; /// TypedRegion - An abstract class representing regions that are typed. class TypedRegion : public SubRegion { … }; /// TypedValueRegion - An abstract class representing regions having a typed value. class TypedValueRegion : public TypedRegion { … }; class CodeTextRegion : public TypedRegion { … }; /// FunctionCodeRegion - A region that represents code texts of function. class FunctionCodeRegion : public CodeTextRegion { … }; /// BlockCodeRegion - A region that represents code texts of blocks (closures). /// Blocks are represented with two kinds of regions. BlockCodeRegions /// represent the "code", while BlockDataRegions represent instances of blocks, /// which correspond to "code+data". The distinction is important, because /// like a closure a block captures the values of externally referenced /// variables. class BlockCodeRegion : public CodeTextRegion { … }; /// BlockDataRegion - A region that represents a block instance. /// Blocks are represented with two kinds of regions. BlockCodeRegions /// represent the "code", while BlockDataRegions represent instances of blocks, /// which correspond to "code+data". The distinction is important, because /// like a closure a block captures the values of externally referenced /// variables. class BlockDataRegion : public TypedRegion { … }; /// SymbolicRegion - A special, "non-concrete" region. Unlike other region /// classes, SymbolicRegion represents a region that serves as an alias for /// either a real region, a NULL pointer, etc. It essentially is used to /// map the concept of symbolic values into the domain of regions. Symbolic /// regions do not need to be typed. class SymbolicRegion : public SubRegion { … }; /// StringRegion - Region associated with a StringLiteral. class StringRegion : public TypedValueRegion { … }; /// The region associated with an ObjCStringLiteral. class ObjCStringRegion : public TypedValueRegion { … }; /// CompoundLiteralRegion - A memory region representing a compound literal. /// Compound literals are essentially temporaries that are stack allocated /// or in the global constant pool. class CompoundLiteralRegion : public TypedValueRegion { … }; class DeclRegion : public TypedValueRegion { … }; class VarRegion : public DeclRegion { … }; class NonParamVarRegion : public VarRegion { … }; /// ParamVarRegion - Represents a region for paremters. Only parameters of the /// function in the current stack frame are represented as `ParamVarRegion`s. /// Parameters of top-level analyzed functions as well as captured paremeters /// by lambdas and blocks are repesented as `VarRegion`s. // FIXME: `ParamVarRegion` only supports parameters of functions, C++ // constructors, blocks and Objective-C methods with existing `Decl`. Upon // implementing stack frame creations for functions without decl (functions // passed by unknown function pointer) methods of `ParamVarRegion` must be // updated. class ParamVarRegion : public VarRegion { … }; /// CXXThisRegion - Represents the region for the implicit 'this' parameter /// in a call to a C++ method. This region doesn't represent the object /// referred to by 'this', but rather 'this' itself. class CXXThisRegion : public TypedValueRegion { … }; class FieldRegion : public DeclRegion { … }; class ObjCIvarRegion : public DeclRegion { … }; //===----------------------------------------------------------------------===// // Auxiliary data classes for use with MemRegions. //===----------------------------------------------------------------------===// class RegionRawOffset { … }; /// ElementRegion is used to represent both array elements and casts. class ElementRegion : public TypedValueRegion { … }; // C++ temporary object associated with an expression. class CXXTempObjectRegion : public TypedValueRegion { … }; // C++ temporary object that have lifetime extended to lifetime of the // variable. Usually they represent temporary bounds to reference variables. class CXXLifetimeExtendedObjectRegion : public TypedValueRegion { … }; // CXXBaseObjectRegion represents a base object within a C++ object. It is // identified by the base class declaration and the region of its parent object. class CXXBaseObjectRegion : public TypedValueRegion { … }; // CXXDerivedObjectRegion represents a derived-class object that surrounds // a C++ object. It is identified by the derived class declaration and the // region of its parent object. It is a bit counter-intuitive (but not otherwise // unseen) that this region represents a larger segment of memory that its // super-region. class CXXDerivedObjectRegion : public TypedValueRegion { … }; template<typename RegionTy> const RegionTy* MemRegion::getAs() const { … } template <typename RegionTy> LLVM_ATTRIBUTE_RETURNS_NONNULL const RegionTy *MemRegion::castAs() const { … } //===----------------------------------------------------------------------===// // MemRegionManager - Factory object for creating regions. //===----------------------------------------------------------------------===// class MemRegionManager { … }; //===----------------------------------------------------------------------===// // Out-of-line member definitions. //===----------------------------------------------------------------------===// inline ASTContext &MemRegion::getContext() const { … } //===----------------------------------------------------------------------===// // Means for storing region/symbol handling traits. //===----------------------------------------------------------------------===// /// Information about invalidation for a particular region/symbol. class RegionAndSymbolInvalidationTraits { … }; //===----------------------------------------------------------------------===// // Pretty-printing regions. //===----------------------------------------------------------------------===// inline raw_ostream &operator<<(raw_ostream &os, const MemRegion *R) { … } } // namespace ento } // namespace clang #endif // LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_MEMREGION_H