MemRegion.h source code [clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h]

1	//==- MemRegion.h - Abstract memory regions for static analysis -- C++ ---==//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defines MemRegion and its subclasses. MemRegion defines a
10	// partially-typed abstraction of memory useful for path-sensitive dataflow
11	// analyses.
12	//
13	//===----------------------------------------------------------------------===//
14
15	#ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_MEMREGION_H
16	#define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_MEMREGION_H
17
18	#include "clang/AST/ASTContext.h"
19	#include "clang/AST/CharUnits.h"
20	#include "clang/AST/Decl.h"
21	#include "clang/AST/DeclObjC.h"
22	#include "clang/AST/DeclarationName.h"
23	#include "clang/AST/Expr.h"
24	#include "clang/AST/ExprObjC.h"
25	#include "clang/AST/Type.h"
26	#include "clang/Analysis/AnalysisDeclContext.h"
27	#include "clang/Basic/LLVM.h"
28	#include "clang/Basic/SourceLocation.h"
29	#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
30	#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
31	#include "llvm/ADT/DenseMap.h"
32	#include "llvm/ADT/FoldingSet.h"
33	#include "llvm/ADT/PointerIntPair.h"
34	#include "llvm/ADT/iterator_range.h"
35	#include "llvm/Support/Allocator.h"
36	#include "llvm/Support/Casting.h"
37	#include <cassert>
38	#include <cstdint>
39	#include <limits>
40	#include <optional>
41	#include <string>
42	#include <utility>
43
44	namespace clang {
45
46	class AnalysisDeclContext;
47	class CXXRecordDecl;
48	class Decl;
49	class LocationContext;
50	class StackFrameContext;
51
52	namespace ento {
53
54	class CodeTextRegion;
55	class MemRegion;
56	class MemRegionManager;
57	class MemSpaceRegion;
58	class SValBuilder;
59	class SymbolicRegion;
60	class VarRegion;
61
62	/// Represent a region's offset within the top level base region.
63	class RegionOffset {
64	/// The base region.
65	const MemRegion R = nullptr*;
66
67	/// The bit offset within the base region. Can be negative.
68	int64_t Offset;
69
70	public:
71	// We're using a const instead of an enumeration due to the size required;
72	// Visual Studio will only create enumerations of size int, not long long.
73	static const int64_t Symbolic = std::numeric_limits<int64_t>::max();
74
75	RegionOffset() = default;
76	RegionOffset(const MemRegion *r, int64_t off) : R(r), Offset(off) {}
77
78	/// It might return null.
79	const MemRegion getRegion() const* { return R; }
80
81	bool hasSymbolicOffset() const { return Offset == Symbolic; }
82
83	int64_t getOffset() const {
84	assert(!hasSymbolicOffset());
85	return Offset;
86	}
87
88	bool isValid() const { return R; }
89	};
90
91	//===----------------------------------------------------------------------===//
92	// Base region classes.
93	//===----------------------------------------------------------------------===//
94
95	/// MemRegion - The root abstract class for all memory regions.
96	class MemRegion : public llvm::FoldingSetNode {
97	public:
98	enum Kind {
99	#define REGION(Id, Parent) Id ## Kind,
100	#define REGION_RANGE(Id, First, Last) BEGIN_##Id = First, END_##Id = Last,
101	#include "clang/StaticAnalyzer/Core/PathSensitive/Regions.def"
102	};
103
104	private:
105	const Kind kind;
106	mutable std::optional<RegionOffset> cachedOffset;
107
108	protected:
109	MemRegion(Kind k) : kind(k) {}
110	virtual ~MemRegion();
111
112	public:
113	ASTContext &getContext() const;
114
115	virtual void Profile(llvm::FoldingSetNodeID& ID) const = `0`;
116
117	virtual MemRegionManager &getMemRegionManager() const = `0`;
118
119	LLVM_ATTRIBUTE_RETURNS_NONNULL const MemSpaceRegion getMemorySpace() const*;
120
121	LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion getBaseRegion() const*;
122
123	/// Recursively retrieve the region of the most derived class instance of
124	/// regions of C++ base class instances.
125	LLVM_ATTRIBUTE_RETURNS_NONNULL
126	const MemRegion getMostDerivedObjectRegion() const*;
127
128	/// Check if the region is a subregion of the given region.
129	/// Each region is a subregion of itself.
130	virtual bool isSubRegionOf(const MemRegion R) const*;
131
132	LLVM_ATTRIBUTE_RETURNS_NONNULL
133	const MemRegion StripCasts(bool* StripBaseAndDerivedCasts = true) const;
134
135	/// If this is a symbolic region, returns the region. Otherwise,
136	/// goes up the base chain looking for the first symbolic base region.
137	/// It might return null.
138	const SymbolicRegion getSymbolicBase() const*;
139
140	bool hasStackStorage() const;
141
142	bool hasStackNonParametersStorage() const;
143
144	bool hasStackParametersStorage() const;
145
146	/// Compute the offset within the top level memory object.
147	RegionOffset getAsOffset() const;
148
149	/// Get a string representation of a region for debug use.
150	std::string getString() const;
151
152	virtual void dumpToStream(raw_ostream &os) const;
153
154	void dump() const;
155
156	/// Returns true if this region can be printed in a user-friendly way.
157	virtual bool canPrintPretty() const;
158
159	/// Print the region for use in diagnostics.
160	virtual void printPretty(raw_ostream &os) const;
161
162	/// Returns true if this region's textual representation can be used
163	/// as part of a larger expression.
164	virtual bool canPrintPrettyAsExpr() const;
165
166	/// Print the region as expression.
167	///
168	/// When this region represents a subexpression, the method is for printing
169	/// an expression containing it.
170	virtual void printPrettyAsExpr(raw_ostream &os) const;
171
172	Kind getKind() const { return kind; }
173
174	template<typename RegionTy> const RegionTy* getAs() const;
175	template <typename RegionTy>
176	LLVM_ATTRIBUTE_RETURNS_NONNULL const RegionTy castAs() const*;
177
178	virtual bool isBoundable() const { return false; }
179
180	/// Get descriptive name for memory region. The name is obtained from
181	/// the variable/field declaration retrieved from the memory region.
182	/// Regions that point to an element of an array are returned as: "arr[0]".
183	/// Regions that point to a struct are returned as: "st.var".
184	//
185	/// \param UseQuotes Set if the name should be quoted.
186	///
187	/// \returns variable name for memory region
188	std::string getDescriptiveName(bool UseQuotes = true) const;
189
190	/// Retrieve source range from memory region. The range retrieval
191	/// is based on the decl obtained from the memory region.
192	/// For a VarRegion the range of the base region is returned.
193	/// For a FieldRegion the range of the field is returned.
194	/// If no declaration is found, an empty source range is returned.
195	/// The client is responsible for checking if the returned range is valid.
196	///
197	/// \returns source range for declaration retrieved from memory region
198	SourceRange sourceRange() const;
199	};
200
201	/// MemSpaceRegion - A memory region that represents a "memory space";
202	/// for example, the set of global variables, the stack frame, etc.
203	class MemSpaceRegion : public MemRegion {
204	protected:
205	MemRegionManager &Mgr;
206
207	MemSpaceRegion(MemRegionManager &mgr, Kind k) : MemRegion (k), Mgr(mgr) {
208	assert(classof(this));
209	}
210
211	MemRegionManager &getMemRegionManager() const override { return Mgr; }
212
213	public:
214	bool isBoundable() const override { return false; }
215
216	void Profile(llvm::FoldingSetNodeID &ID) const override;
217
218	static bool classof(const MemRegion *R) {
219	Kind k = R->getKind();
220	return k >= BEGIN_MEMSPACES && k <= END_MEMSPACES;
221	}
222	};
223
224	/// CodeSpaceRegion - The memory space that holds the executable code of
225	/// functions and blocks.
226	class CodeSpaceRegion : public MemSpaceRegion {
227	friend class MemRegionManager;
228
229	CodeSpaceRegion(MemRegionManager &mgr)
230	: MemSpaceRegion (mgr, CodeSpaceRegionKind) {}
231
232	public:
233	void dumpToStream(raw_ostream &os) const override;
234
235	static bool classof(const MemRegion *R) {
236	return R->getKind() == CodeSpaceRegionKind;
237	}
238	};
239
240	class GlobalsSpaceRegion : public MemSpaceRegion {
241	virtual void anchor();
242
243	protected:
244	GlobalsSpaceRegion(MemRegionManager &mgr, Kind k) : MemSpaceRegion (mgr, k) {
245	assert(classof(this));
246	}
247
248	public:
249	static bool classof(const MemRegion *R) {
250	Kind k = R->getKind();
251	return k >= BEGIN_GLOBAL_MEMSPACES && k <= END_GLOBAL_MEMSPACES;
252	}
253	};
254
255	/// The region of the static variables within the current CodeTextRegion
256	/// scope.
257	///
258	/// Currently, only the static locals are placed there, so we know that these
259	/// variables do not get invalidated by calls to other functions.
260	class StaticGlobalSpaceRegion : public GlobalsSpaceRegion {
261	friend class MemRegionManager;
262
263	const CodeTextRegion *CR;
264
265	StaticGlobalSpaceRegion(MemRegionManager &mgr, const CodeTextRegion *cr)
266	: GlobalsSpaceRegion (mgr, StaticGlobalSpaceRegionKind), CR(cr) {
267	assert(cr);
268	}
269
270	public:
271	void Profile(llvm::FoldingSetNodeID &ID) const override;
272
273	void dumpToStream(raw_ostream &os) const override;
274
275	LLVM_ATTRIBUTE_RETURNS_NONNULL
276	const CodeTextRegion getCodeRegion() const* { return CR; }
277
278	static bool classof(const MemRegion *R) {
279	return R->getKind() == StaticGlobalSpaceRegionKind;
280	}
281	};
282
283	/// The region for all the non-static global variables.
284	///
285	/// This class is further split into subclasses for efficient implementation of
286	/// invalidating a set of related global values as is done in
287	/// RegionStoreManager::invalidateRegions (instead of finding all the dependent
288	/// globals, we invalidate the whole parent region).
289	class NonStaticGlobalSpaceRegion : public GlobalsSpaceRegion {
290	void anchor() override;
291
292	protected:
293	NonStaticGlobalSpaceRegion(MemRegionManager &mgr, Kind k)
294	: GlobalsSpaceRegion (mgr, k) {
295	assert(classof(this));
296	}
297
298	public:
299	static bool classof(const MemRegion *R) {
300	Kind k = R->getKind();
301	return k >= BEGIN_NON_STATIC_GLOBAL_MEMSPACES &&
302	k <= END_NON_STATIC_GLOBAL_MEMSPACES;
303	}
304	};
305
306	/// The region containing globals which are defined in system/external
307	/// headers and are considered modifiable by system calls (ex: errno).
308	class GlobalSystemSpaceRegion : public NonStaticGlobalSpaceRegion {
309	friend class MemRegionManager;
310
311	GlobalSystemSpaceRegion(MemRegionManager &mgr)
312	: NonStaticGlobalSpaceRegion (mgr, GlobalSystemSpaceRegionKind) {}
313
314	public:
315	void dumpToStream(raw_ostream &os) const override;
316
317	static bool classof(const MemRegion *R) {
318	return R->getKind() == GlobalSystemSpaceRegionKind;
319	}
320	};
321
322	/// The region containing globals which are considered not to be modified
323	/// or point to data which could be modified as a result of a function call
324	/// (system or internal). Ex: Const global scalars would be modeled as part of
325	/// this region. This region also includes most system globals since they have
326	/// low chance of being modified.
327	class GlobalImmutableSpaceRegion : public NonStaticGlobalSpaceRegion {
328	friend class MemRegionManager;
329
330	GlobalImmutableSpaceRegion(MemRegionManager &mgr)
331	: NonStaticGlobalSpaceRegion (mgr, GlobalImmutableSpaceRegionKind) {}
332
333	public:
334	void dumpToStream(raw_ostream &os) const override;
335
336	static bool classof(const MemRegion *R) {
337	return R->getKind() == GlobalImmutableSpaceRegionKind;
338	}
339	};
340
341	/// The region containing globals which can be modified by calls to
342	/// "internally" defined functions - (for now just) functions other then system
343	/// calls.
344	class GlobalInternalSpaceRegion : public NonStaticGlobalSpaceRegion {
345	friend class MemRegionManager;
346
347	GlobalInternalSpaceRegion(MemRegionManager &mgr)
348	: NonStaticGlobalSpaceRegion (mgr, GlobalInternalSpaceRegionKind) {}
349
350	public:
351	void dumpToStream(raw_ostream &os) const override;
352
353	static bool classof(const MemRegion *R) {
354	return R->getKind() == GlobalInternalSpaceRegionKind;
355	}
356	};
357
358	class HeapSpaceRegion : public MemSpaceRegion {
359	friend class MemRegionManager;
360
361	HeapSpaceRegion(MemRegionManager &mgr)
362	: MemSpaceRegion (mgr, HeapSpaceRegionKind) {}
363
364	public:
365	void dumpToStream(raw_ostream &os) const override;
366
367	static bool classof(const MemRegion *R) {
368	return R->getKind() == HeapSpaceRegionKind;
369	}
370	};
371
372	class UnknownSpaceRegion : public MemSpaceRegion {
373	friend class MemRegionManager;
374
375	UnknownSpaceRegion(MemRegionManager &mgr)
376	: MemSpaceRegion (mgr, UnknownSpaceRegionKind) {}
377
378	public:
379	void dumpToStream(raw_ostream &os) const override;
380
381	static bool classof(const MemRegion *R) {
382	return R->getKind() == UnknownSpaceRegionKind;
383	}
384	};
385
386	class StackSpaceRegion : public MemSpaceRegion {
387	virtual void anchor();
388
389	const StackFrameContext *SFC;
390
391	protected:
392	StackSpaceRegion(MemRegionManager &mgr, Kind k, const StackFrameContext *sfc)
393	: MemSpaceRegion (mgr, k), SFC(sfc) {
394	assert(classof(this));
395	assert(sfc);
396	}
397
398	public:
399	LLVM_ATTRIBUTE_RETURNS_NONNULL
400	const StackFrameContext getStackFrame() const* { return SFC; }
401
402	void Profile(llvm::FoldingSetNodeID &ID) const override;
403
404	static bool classof(const MemRegion *R) {
405	Kind k = R->getKind();
406	return k >= BEGIN_STACK_MEMSPACES && k <= END_STACK_MEMSPACES;
407	}
408	};
409
410	class StackLocalsSpaceRegion : public StackSpaceRegion {
411	friend class MemRegionManager;
412
413	StackLocalsSpaceRegion(MemRegionManager &mgr, const StackFrameContext *sfc)
414	: StackSpaceRegion (mgr, StackLocalsSpaceRegionKind, sfc) {}
415
416	public:
417	void dumpToStream(raw_ostream &os) const override;
418
419	static bool classof(const MemRegion *R) {
420	return R->getKind() == StackLocalsSpaceRegionKind;
421	}
422	};
423
424	class StackArgumentsSpaceRegion : public StackSpaceRegion {
425	private:
426	friend class MemRegionManager;
427
428	StackArgumentsSpaceRegion(MemRegionManager &mgr, const StackFrameContext *sfc)
429	: StackSpaceRegion (mgr, StackArgumentsSpaceRegionKind, sfc) {}
430
431	public:
432	void dumpToStream(raw_ostream &os) const override;
433
434	static bool classof(const MemRegion *R) {
435	return R->getKind() == StackArgumentsSpaceRegionKind;
436	}
437	};
438
439	/// SubRegion - A region that subsets another larger region. Most regions
440	/// are subclasses of SubRegion.
441	class SubRegion : public MemRegion {
442	virtual void anchor();
443
444	protected:
445	const MemRegion* superRegion;
446
447	SubRegion(const MemRegion *sReg, Kind k) : MemRegion (k), superRegion(sReg) {
448	assert(classof(this));
449	assert(sReg);
450	}
451
452	public:
453	LLVM_ATTRIBUTE_RETURNS_NONNULL
454	const MemRegion* getSuperRegion() const {
455	return superRegion;
456	}
457
458	MemRegionManager &getMemRegionManager() const override;
459
460	bool isSubRegionOf(const MemRegion* R) const override;
461
462	static bool classof(const MemRegion* R) {
463	return R->getKind() > END_MEMSPACES;
464	}
465	};
466
467	//===----------------------------------------------------------------------===//
468	// MemRegion subclasses.
469	//===----------------------------------------------------------------------===//
470
471	/// AllocaRegion - A region that represents an untyped blob of bytes created
472	/// by a call to 'alloca'.
473	class AllocaRegion : public SubRegion {
474	friend class MemRegionManager;
475
476	// Block counter. Used to distinguish different pieces of memory allocated by
477	// alloca at the same call site.
478	unsigned Cnt;
479
480	const Expr *Ex;
481
482	AllocaRegion(const Expr ex, unsigned* cnt, const MemSpaceRegion *superRegion)
483	: SubRegion (superRegion, AllocaRegionKind), Cnt(cnt), Ex(ex) {
484	assert(Ex);
485	}
486
487	static void ProfileRegion(llvm::FoldingSetNodeID& ID, const Expr *Ex,
488	unsigned Cnt, const MemRegion *superRegion);
489
490	public:
491	LLVM_ATTRIBUTE_RETURNS_NONNULL
492	const Expr getExpr() const* { return Ex; }
493
494	bool isBoundable() const override { return true; }
495
496	void Profile(llvm::FoldingSetNodeID& ID) const override;
497
498	void dumpToStream(raw_ostream &os) const override;
499
500	static bool classof(const MemRegion* R) {
501	return R->getKind() == AllocaRegionKind;
502	}
503	};
504
505	/// TypedRegion - An abstract class representing regions that are typed.
506	class TypedRegion : public SubRegion {
507	void anchor() override;
508
509	protected:
510	TypedRegion(const MemRegion *sReg, Kind k) : SubRegion (sReg, k) {
511	assert(classof(this));
512	}
513
514	public:
515	virtual QualType getLocationType() const = `0`;
516
517	QualType getDesugaredLocationType(ASTContext &Context) const {
518	return getLocationType().getDesugaredType(Context);
519	}
520
521	bool isBoundable() const override { return true; }
522
523	static bool classof(const MemRegion* R) {
524	unsigned k = R->getKind();
525	return k >= BEGIN_TYPED_REGIONS && k <= END_TYPED_REGIONS;
526	}
527	};
528
529	/// TypedValueRegion - An abstract class representing regions having a typed value.
530	class TypedValueRegion : public TypedRegion {
531	void anchor() override;
532
533	protected:
534	TypedValueRegion(const MemRegion* sReg, Kind k) : TypedRegion (sReg, k) {
535	assert(classof(this));
536	}
537
538	public:
539	virtual QualType getValueType() const = `0`;
540
541	QualType getLocationType() const override {
542	// FIXME: We can possibly optimize this later to cache this value.
543	QualType T = getValueType();
544	ASTContext &ctx = getContext();
545	if (T ->getAs<ObjCObjectType>())
546	return ctx.getObjCObjectPointerType(OIT: T);
547	return ctx.getPointerType(T: getValueType());
548	}
549
550	QualType getDesugaredValueType(ASTContext &Context) const {
551	QualType T = getValueType();
552	return T.getTypePtrOrNull() ? T.getDesugaredType(Context) : T;
553	}
554
555	static bool classof(const MemRegion* R) {
556	unsigned k = R->getKind();
557	return k >= BEGIN_TYPED_VALUE_REGIONS && k <= END_TYPED_VALUE_REGIONS;
558	}
559	};
560
561	class CodeTextRegion : public TypedRegion {
562	void anchor() override;
563
564	protected:
565	CodeTextRegion(const MemSpaceRegion *sreg, Kind k) : TypedRegion (sreg, k) {
566	assert(classof(this));
567	}
568
569	public:
570	bool isBoundable() const override { return false; }
571
572	static bool classof(const MemRegion* R) {
573	Kind k = R->getKind();
574	return k >= BEGIN_CODE_TEXT_REGIONS && k <= END_CODE_TEXT_REGIONS;
575	}
576	};
577
578	/// FunctionCodeRegion - A region that represents code texts of function.
579	class FunctionCodeRegion : public CodeTextRegion {
580	friend class MemRegionManager;
581
582	const NamedDecl *FD;
583
584	FunctionCodeRegion(const NamedDecl fd, const* CodeSpaceRegion* sreg)
585	: CodeTextRegion (sreg, FunctionCodeRegionKind), FD(fd) {
586	assert(isa<ObjCMethodDecl>(fd) \|\| isa<FunctionDecl>(fd));
587	}
588
589	static void ProfileRegion(llvm::FoldingSetNodeID& ID, const NamedDecl *FD,
590	const MemRegion*);
591
592	public:
593	QualType getLocationType() const override {
594	const ASTContext &Ctx = getContext();
595	if (const auto *D = dyn_cast<FunctionDecl>(Val: FD)) {
596	return Ctx.getPointerType(D->getType());
597	}
598
599	assert(isa<ObjCMethodDecl>(FD));
600	assert(false && "Getting the type of ObjCMethod is not supported yet");
601
602	// TODO: We might want to return a different type here (ex: id (ty)(...))*
603	// depending on how it is used.
604	return {};
605	}
606
607	const NamedDecl getDecl() const* {
608	return FD;
609	}
610
611	void dumpToStream(raw_ostream &os) const override;
612
613	void Profile(llvm::FoldingSetNodeID& ID) const override;
614
615	static bool classof(const MemRegion* R) {
616	return R->getKind() == FunctionCodeRegionKind;
617	}
618	};
619
620	/// BlockCodeRegion - A region that represents code texts of blocks (closures).
621	/// Blocks are represented with two kinds of regions. BlockCodeRegions
622	/// represent the "code", while BlockDataRegions represent instances of blocks,
623	/// which correspond to "code+data". The distinction is important, because
624	/// like a closure a block captures the values of externally referenced
625	/// variables.
626	class BlockCodeRegion : public CodeTextRegion {
627	friend class MemRegionManager;
628
629	const BlockDecl *BD;
630	AnalysisDeclContext *AC;
631	CanQualType locTy;
632
633	BlockCodeRegion(const BlockDecl *bd, CanQualType lTy,
634	AnalysisDeclContext ac, const* CodeSpaceRegion* sreg)
635	: CodeTextRegion (sreg, BlockCodeRegionKind), BD(bd), AC(ac), locTy(lTy) {
636	assert(bd);
637	assert(ac);
638	assert(lTy->getTypePtr()->isBlockPointerType());
639	}
640
641	static void ProfileRegion(llvm::FoldingSetNodeID& ID, const BlockDecl *BD,
642	CanQualType, const AnalysisDeclContext*,
643	const MemRegion*);
644
645	public:
646	QualType getLocationType() const override {
647	return locTy;
648	}
649
650	LLVM_ATTRIBUTE_RETURNS_NONNULL
651	const BlockDecl getDecl() const* {
652	return BD;
653	}
654
655	LLVM_ATTRIBUTE_RETURNS_NONNULL
656	AnalysisDeclContext getAnalysisDeclContext() const* { return AC; }
657
658	void dumpToStream(raw_ostream &os) const override;
659
660	void Profile(llvm::FoldingSetNodeID& ID) const override;
661
662	static bool classof(const MemRegion* R) {
663	return R->getKind() == BlockCodeRegionKind;
664	}
665	};
666
667	/// BlockDataRegion - A region that represents a block instance.
668	/// Blocks are represented with two kinds of regions. BlockCodeRegions
669	/// represent the "code", while BlockDataRegions represent instances of blocks,
670	/// which correspond to "code+data". The distinction is important, because
671	/// like a closure a block captures the values of externally referenced
672	/// variables.
673	class BlockDataRegion : public TypedRegion {
674	friend class MemRegionManager;
675
676	const BlockCodeRegion *BC;
677	const LocationContext LC; // Can be null*
678	unsigned BlockCount;
679	void ReferencedVars = nullptr*;
680	void OriginalVars = nullptr*;
681
682	BlockDataRegion(const BlockCodeRegion bc, const* LocationContext *lc,
683	unsigned count, const MemSpaceRegion *sreg)
684	: TypedRegion (sreg, BlockDataRegionKind), BC(bc), LC(lc),
685	BlockCount(count) {
686	assert(bc);
687	assert(bc->getDecl());
688	assert(lc);
689	assert(isa<GlobalImmutableSpaceRegion>(sreg) \|\|
690	isa<StackLocalsSpaceRegion>(sreg) \|\|
691	isa<UnknownSpaceRegion>(sreg));
692	}
693
694	static void ProfileRegion(llvm::FoldingSetNodeID&, const BlockCodeRegion *,
695	const LocationContext , unsigned*,
696	const MemRegion *);
697
698	public:
699	LLVM_ATTRIBUTE_RETURNS_NONNULL
700	const BlockCodeRegion getCodeRegion() const* { return BC; }
701
702	LLVM_ATTRIBUTE_RETURNS_NONNULL
703	const BlockDecl getDecl() const* { return BC->getDecl(); }
704
705	QualType getLocationType() const override { return BC->getLocationType(); }
706
707	class referenced_vars_iterator {
708	const MemRegion * const *R;
709	const MemRegion * const *OriginalR;
710
711	public:
712	explicit referenced_vars_iterator(const MemRegion * const *r,
713	const MemRegion * const *originalR)
714	: R(r), OriginalR(originalR) {}
715
716	LLVM_ATTRIBUTE_RETURNS_NONNULL
717	const VarRegion getCapturedRegion() const* {
718	return cast<VarRegion>(Val: *R);
719	}
720
721	LLVM_ATTRIBUTE_RETURNS_NONNULL
722	const VarRegion getOriginalRegion() const* {
723	return cast<VarRegion>(Val: *OriginalR);
724	}
725
726	bool operator==(const referenced_vars_iterator &I) const {
727	assert((R == nullptr) == (I.R == nullptr));
728	return I.R == R;
729	}
730
731	bool operator!=(const referenced_vars_iterator &I) const {
732	assert((R == nullptr) == (I.R == nullptr));
733	return I.R != R;
734	}
735
736	referenced_vars_iterator &operator++() {
737	++R;
738	++OriginalR;
739	return *this;
740	}
741
742	// This isn't really a conventional iterator.
743	// We just implement the deref as a no-op for now to make range-based for
744	// loops work.
745	const referenced_vars_iterator &operator() const* { return *this; }
746	};
747
748	/// Return the original region for a captured region, if
749	/// one exists. It might return null.
750	const VarRegion getOriginalRegion(const* VarRegion VR) const*;
751
752	referenced_vars_iterator referenced_vars_begin() const;
753	referenced_vars_iterator referenced_vars_end() const;
754	llvm::iterator_range<referenced_vars_iterator> referenced_vars() const;
755
756	void dumpToStream(raw_ostream &os) const override;
757
758	void Profile(llvm::FoldingSetNodeID& ID) const override;
759
760	static bool classof(const MemRegion* R) {
761	return R->getKind() == BlockDataRegionKind;
762	}
763
764	private:
765	void LazyInitializeReferencedVars();
766	std::pair<const VarRegion , const* VarRegion *>
767	getCaptureRegions(const VarDecl *VD);
768	};
769
770	/// SymbolicRegion - A special, "non-concrete" region. Unlike other region
771	/// classes, SymbolicRegion represents a region that serves as an alias for
772	/// either a real region, a NULL pointer, etc. It essentially is used to
773	/// map the concept of symbolic values into the domain of regions. Symbolic
774	/// regions do not need to be typed.
775	class SymbolicRegion : public SubRegion {
776	friend class MemRegionManager;
777
778	const SymbolRef sym;
779
780	SymbolicRegion(const SymbolRef s, const MemSpaceRegion *sreg)
781	: SubRegion (sreg, SymbolicRegionKind), sym(s) {
782	// Because pointer arithmetic is represented by ElementRegion layers,
783	// the base symbol here should not contain any arithmetic.
784	assert(s && isa<SymbolData>(s));
785	assert(s->getType()->isAnyPointerType() \|\|
786	s->getType()->isReferenceType() \|\|
787	s->getType()->isBlockPointerType());
788	assert(isa<UnknownSpaceRegion>(sreg) \|\| isa<HeapSpaceRegion>(sreg) \|\|
789	isa<GlobalSystemSpaceRegion>(sreg));
790	}
791
792	public:
793	/// It might return null.
794	SymbolRef getSymbol() const { return sym; }
795
796	/// Gets the type of the wrapped symbol.
797	/// This type might not be accurate at all times - it's just our best guess.
798	/// Consider these cases:
799	/// void foo(void data, char str, base obj) {...}*
800	/// The type of the pointee of `data` is of course not `void`, yet that's our
801	/// best guess. `str` might point to any object and `obj` might point to some
802	/// derived instance. `TypedRegions` other hand are representing the cases
803	/// when we actually know their types.
804	QualType getPointeeStaticType() const {
805	return sym->getType()->getPointeeType();
806	}
807
808	bool isBoundable() const override { return true; }
809
810	void Profile(llvm::FoldingSetNodeID& ID) const override;
811
812	static void ProfileRegion(llvm::FoldingSetNodeID& ID,
813	SymbolRef sym,
814	const MemRegion* superRegion);
815
816	void dumpToStream(raw_ostream &os) const override;
817
818	static bool classof(const MemRegion* R) {
819	return R->getKind() == SymbolicRegionKind;
820	}
821	};
822
823	/// StringRegion - Region associated with a StringLiteral.
824	class StringRegion : public TypedValueRegion {
825	friend class MemRegionManager;
826
827	const StringLiteral *Str;
828
829	StringRegion(const StringLiteral str, const* GlobalInternalSpaceRegion *sreg)
830	: TypedValueRegion (sreg, StringRegionKind), Str(str) {
831	assert(str);
832	}
833
834	static void ProfileRegion(llvm::FoldingSetNodeID &ID,
835	const StringLiteral *Str,
836	const MemRegion *superRegion);
837
838	public:
839	LLVM_ATTRIBUTE_RETURNS_NONNULL
840	const StringLiteral getStringLiteral() const* { return Str; }
841
842	QualType getValueType() const override { return Str->getType(); }
843
844	bool isBoundable() const override { return false; }
845
846	void Profile(llvm::FoldingSetNodeID& ID) const override {
847	ProfileRegion(ID, Str, superRegion);
848	}
849
850	void dumpToStream(raw_ostream &os) const override;
851
852	static bool classof(const MemRegion* R) {
853	return R->getKind() == StringRegionKind;
854	}
855	};
856
857	/// The region associated with an ObjCStringLiteral.
858	class ObjCStringRegion : public TypedValueRegion {
859	friend class MemRegionManager;
860
861	const ObjCStringLiteral *Str;
862
863	ObjCStringRegion(const ObjCStringLiteral *str,
864	const GlobalInternalSpaceRegion *sreg)
865	: TypedValueRegion (sreg, ObjCStringRegionKind), Str(str) {
866	assert(str);
867	}
868
869	static void ProfileRegion(llvm::FoldingSetNodeID &ID,
870	const ObjCStringLiteral *Str,
871	const MemRegion *superRegion);
872
873	public:
874	LLVM_ATTRIBUTE_RETURNS_NONNULL
875	const ObjCStringLiteral getObjCStringLiteral() const* { return Str; }
876
877	QualType getValueType() const override { return Str->getType(); }
878
879	bool isBoundable() const override { return false; }
880
881	void Profile(llvm::FoldingSetNodeID& ID) const override {
882	ProfileRegion(ID, Str, superRegion);
883	}
884
885	void dumpToStream(raw_ostream &os) const override;
886
887	static bool classof(const MemRegion* R) {
888	return R->getKind() == ObjCStringRegionKind;
889	}
890	};
891
892	/// CompoundLiteralRegion - A memory region representing a compound literal.
893	/// Compound literals are essentially temporaries that are stack allocated
894	/// or in the global constant pool.
895	class CompoundLiteralRegion : public TypedValueRegion {
896	friend class MemRegionManager;
897
898	const CompoundLiteralExpr *CL;
899
900	CompoundLiteralRegion(const CompoundLiteralExpr *cl,
901	const MemSpaceRegion *sReg)
902	: TypedValueRegion (sReg, CompoundLiteralRegionKind), CL(cl) {
903	assert(cl);
904	assert(isa<GlobalInternalSpaceRegion>(sReg) \|\|
905	isa<StackLocalsSpaceRegion>(sReg));
906	}
907
908	static void ProfileRegion(llvm::FoldingSetNodeID& ID,
909	const CompoundLiteralExpr *CL,
910	const MemRegion* superRegion);
911
912	public:
913	QualType getValueType() const override { return CL->getType(); }
914
915	bool isBoundable() const override { return !CL->isFileScope(); }
916
917	void Profile(llvm::FoldingSetNodeID& ID) const override;
918
919	void dumpToStream(raw_ostream &os) const override;
920
921	LLVM_ATTRIBUTE_RETURNS_NONNULL
922	const CompoundLiteralExpr getLiteralExpr() const* { return CL; }
923
924	static bool classof(const MemRegion* R) {
925	return R->getKind() == CompoundLiteralRegionKind;
926	}
927	};
928
929	class DeclRegion : public TypedValueRegion {
930	protected:
931	DeclRegion(const MemRegion *sReg, Kind k) : TypedValueRegion (sReg, k) {
932	assert(classof(this));
933	}
934
935	public:
936	// TODO what does this return?
937	virtual const ValueDecl getDecl() const* = `0`;
938
939	static bool classof(const MemRegion* R) {
940	unsigned k = R->getKind();
941	return k >= BEGIN_DECL_REGIONS && k <= END_DECL_REGIONS;
942	}
943	};
944
945	class VarRegion : public DeclRegion {
946	friend class MemRegionManager;
947
948	protected:
949	// Constructors and protected methods.
950	VarRegion(const MemRegion *sReg, Kind k) : DeclRegion (sReg, k) {
951	// VarRegion appears in unknown space when it's a block variable as seen
952	// from a block using it, when this block is analyzed at top-level.
953	// Other block variables appear within block data regions,
954	// which, unlike everything else on this list, are not memory spaces.
955	assert(isa<GlobalsSpaceRegion>(sReg) \|\| isa<StackSpaceRegion>(sReg) \|\|
956	isa<BlockDataRegion>(sReg) \|\| isa<UnknownSpaceRegion>(sReg));
957	}
958
959	public:
960	// TODO what does this return?
961	const VarDecl getDecl() const* override = `0`;
962
963	/// It might return null.
964	const StackFrameContext getStackFrame() const*;
965
966	QualType getValueType() const override {
967	// FIXME: We can cache this if needed.
968	return getDecl()->getType();
969	}
970
971	static bool classof(const MemRegion *R) {
972	unsigned k = R->getKind();
973	return k >= BEGIN_VAR_REGIONS && k <= END_VAR_REGIONS;
974	}
975	};
976
977	class NonParamVarRegion : public VarRegion {
978	friend class MemRegionManager;
979
980	const VarDecl *VD;
981
982	// Constructors and private methods.
983	NonParamVarRegion(const VarDecl vd, const* MemRegion *sReg)
984	: VarRegion (sReg, NonParamVarRegionKind), VD(vd) {
985	// VarRegion appears in unknown space when it's a block variable as seen
986	// from a block using it, when this block is analyzed at top-level.
987	// Other block variables appear within block data regions,
988	// which, unlike everything else on this list, are not memory spaces.
989	assert(isa<GlobalsSpaceRegion>(sReg) \|\| isa<StackSpaceRegion>(sReg) \|\|
990	isa<BlockDataRegion>(sReg) \|\| isa<UnknownSpaceRegion>(sReg));
991	assert(vd);
992	}
993
994	static void ProfileRegion(llvm::FoldingSetNodeID &ID, const VarDecl *VD,
995	const MemRegion *superRegion);
996
997	public:
998	void Profile(llvm::FoldingSetNodeID &ID) const override;
999
1000	LLVM_ATTRIBUTE_RETURNS_NONNULL
1001	const VarDecl getDecl() const* override { return VD; }
1002
1003	QualType getValueType() const override {
1004	// FIXME: We can cache this if needed.
1005	return getDecl()->getType();
1006	}
1007
1008	void dumpToStream(raw_ostream &os) const override;
1009
1010	bool canPrintPrettyAsExpr() const override;
1011
1012	void printPrettyAsExpr(raw_ostream &os) const override;
1013
1014	static bool classof(const MemRegion* R) {
1015	return R->getKind() == NonParamVarRegionKind;
1016	}
1017	};
1018
1019	/// ParamVarRegion - Represents a region for paremters. Only parameters of the
1020	/// function in the current stack frame are represented as `ParamVarRegion`s.
1021	/// Parameters of top-level analyzed functions as well as captured paremeters
1022	/// by lambdas and blocks are repesented as `VarRegion`s.
1023
1024	// FIXME: `ParamVarRegion` only supports parameters of functions, C++
1025	// constructors, blocks and Objective-C methods with existing `Decl`. Upon
1026	// implementing stack frame creations for functions without decl (functions
1027	// passed by unknown function pointer) methods of `ParamVarRegion` must be
1028	// updated.
1029	class ParamVarRegion : public VarRegion {
1030	friend class MemRegionManager;
1031
1032	const Expr *OriginExpr;
1033	unsigned Index;
1034
1035	ParamVarRegion(const Expr OE, unsigned* Idx, const MemRegion *SReg)
1036	: VarRegion (SReg, ParamVarRegionKind), OriginExpr(OE), Index(Idx) {
1037	assert(!cast<StackSpaceRegion>(SReg)->getStackFrame()->inTopFrame());
1038	assert(OriginExpr);
1039	}
1040
1041	static void ProfileRegion(llvm::FoldingSetNodeID &ID, const Expr *OE,
1042	unsigned Idx, const MemRegion *SReg);
1043
1044	public:
1045	LLVM_ATTRIBUTE_RETURNS_NONNULL
1046	const Expr getOriginExpr() const* { return OriginExpr; }
1047	unsigned getIndex() const { return Index; }
1048
1049	void Profile(llvm::FoldingSetNodeID& ID) const override;
1050
1051	void dumpToStream(raw_ostream &os) const override;
1052
1053	QualType getValueType() const override;
1054
1055	/// TODO: What does this return?
1056	const ParmVarDecl getDecl() const* override;
1057
1058	bool canPrintPrettyAsExpr() const override;
1059	void printPrettyAsExpr(raw_ostream &os) const override;
1060
1061	static bool classof(const MemRegion *R) {
1062	return R->getKind() == ParamVarRegionKind;
1063	}
1064	};
1065
1066	/// CXXThisRegion - Represents the region for the implicit 'this' parameter
1067	/// in a call to a C++ method. This region doesn't represent the object
1068	/// referred to by 'this', but rather 'this' itself.
1069	class CXXThisRegion : public TypedValueRegion {
1070	friend class MemRegionManager;
1071
1072	CXXThisRegion(const PointerType *thisPointerTy,
1073	const StackArgumentsSpaceRegion *sReg)
1074	: TypedValueRegion (sReg, CXXThisRegionKind),
1075	ThisPointerTy(thisPointerTy) {
1076	assert(ThisPointerTy->getPointeeType()->getAsCXXRecordDecl() &&
1077	"Invalid region type!");
1078	}
1079
1080	static void ProfileRegion(llvm::FoldingSetNodeID &ID,
1081	const PointerType *PT,
1082	const MemRegion *sReg);
1083
1084	public:
1085	void Profile(llvm::FoldingSetNodeID &ID) const override;
1086
1087	QualType getValueType() const override {
1088	return QualType(ThisPointerTy, `0`);
1089	}
1090
1091	void dumpToStream(raw_ostream &os) const override;
1092
1093	static bool classof(const MemRegion* R) {
1094	return R->getKind() == CXXThisRegionKind;
1095	}
1096
1097	private:
1098	const PointerType *ThisPointerTy;
1099	};
1100
1101	class FieldRegion : public DeclRegion {
1102	friend class MemRegionManager;
1103
1104	const FieldDecl *FD;
1105
1106	FieldRegion(const FieldDecl fd, const* SubRegion *sReg)
1107	: DeclRegion (sReg, FieldRegionKind), FD(fd) {
1108	assert(FD);
1109	}
1110
1111	static void ProfileRegion(llvm::FoldingSetNodeID &ID, const FieldDecl *FD,
1112	const MemRegion* superRegion) {
1113	ID.AddInteger(I: static_cast<unsigned>(FieldRegionKind));
1114	ID.AddPointer(Ptr: FD);
1115	ID.AddPointer(Ptr: superRegion);
1116	}
1117
1118	public:
1119	LLVM_ATTRIBUTE_RETURNS_NONNULL
1120	const FieldDecl getDecl() const* override { return FD; }
1121
1122	void Profile(llvm::FoldingSetNodeID &ID) const override;
1123
1124	QualType getValueType() const override {
1125	// FIXME: We can cache this if needed.
1126	return getDecl()->getType();
1127	}
1128
1129	void dumpToStream(raw_ostream &os) const override;
1130
1131	bool canPrintPretty() const override;
1132	void printPretty(raw_ostream &os) const override;
1133	bool canPrintPrettyAsExpr() const override;
1134	void printPrettyAsExpr(raw_ostream &os) const override;
1135
1136	static bool classof(const MemRegion* R) {
1137	return R->getKind() == FieldRegionKind;
1138	}
1139	};
1140
1141	class ObjCIvarRegion : public DeclRegion {
1142	friend class MemRegionManager;
1143
1144	const ObjCIvarDecl *IVD;
1145
1146	ObjCIvarRegion(const ObjCIvarDecl ivd, const* SubRegion *sReg);
1147
1148	static void ProfileRegion(llvm::FoldingSetNodeID& ID, const ObjCIvarDecl *ivd,
1149	const MemRegion* superRegion);
1150
1151	public:
1152	LLVM_ATTRIBUTE_RETURNS_NONNULL
1153	const ObjCIvarDecl getDecl() const* override;
1154
1155	void Profile(llvm::FoldingSetNodeID& ID) const override;
1156
1157	QualType getValueType() const override;
1158
1159	bool canPrintPrettyAsExpr() const override;
1160	void printPrettyAsExpr(raw_ostream &os) const override;
1161
1162	void dumpToStream(raw_ostream &os) const override;
1163
1164	static bool classof(const MemRegion* R) {
1165	return R->getKind() == ObjCIvarRegionKind;
1166	}
1167	};
1168
1169	//===----------------------------------------------------------------------===//
1170	// Auxiliary data classes for use with MemRegions.
1171	//===----------------------------------------------------------------------===//
1172
1173	class RegionRawOffset {
1174	friend class ElementRegion;
1175
1176	const MemRegion *Region;
1177	CharUnits Offset;
1178
1179	RegionRawOffset(const MemRegion* reg, CharUnits offset = CharUnits::Zero())
1180	: Region(reg), Offset (offset) {}
1181
1182	public:
1183	// FIXME: Eventually support symbolic offsets.
1184	CharUnits getOffset() const { return Offset; }
1185
1186	// It might return null.
1187	const MemRegion getRegion() const* { return Region; }
1188
1189	void dumpToStream(raw_ostream &os) const;
1190	void dump() const;
1191	};
1192
1193	/// ElementRegion is used to represent both array elements and casts.
1194	class ElementRegion : public TypedValueRegion {
1195	friend class MemRegionManager;
1196
1197	QualType ElementType;
1198	NonLoc Index;
1199
1200	ElementRegion(QualType elementType, NonLoc Idx, const SubRegion *sReg)
1201	: TypedValueRegion (sReg, ElementRegionKind), ElementType(elementType),
1202	Index (Idx) {
1203	assert((!isa<nonloc::ConcreteInt>(Idx) \|\|
1204	Idx.castAs<nonloc::ConcreteInt>().getValue().isSigned()) &&
1205	"The index must be signed");
1206	assert(!elementType.isNull() && !elementType ->isVoidType() &&
1207	"Invalid region type!");
1208	}
1209
1210	static void ProfileRegion(llvm::FoldingSetNodeID& ID, QualType elementType,
1211	SVal Idx, const MemRegion* superRegion);
1212
1213	public:
1214	NonLoc getIndex() const { return Index; }
1215
1216	QualType getValueType() const override { return ElementType; }
1217
1218	QualType getElementType() const { return ElementType; }
1219
1220	/// Compute the offset within the array. The array might also be a subobject.
1221	RegionRawOffset getAsArrayOffset() const;
1222
1223	void dumpToStream(raw_ostream &os) const override;
1224
1225	void Profile(llvm::FoldingSetNodeID& ID) const override;
1226
1227	static bool classof(const MemRegion* R) {
1228	return R->getKind() == ElementRegionKind;
1229	}
1230	};
1231
1232	// C++ temporary object associated with an expression.
1233	class CXXTempObjectRegion : public TypedValueRegion {
1234	friend class MemRegionManager;
1235
1236	Expr const *Ex;
1237
1238	CXXTempObjectRegion(Expr const E, MemSpaceRegion const* *sReg)
1239	: TypedValueRegion (sReg, CXXTempObjectRegionKind), Ex(E) {
1240	assert(E);
1241	assert(isa<StackLocalsSpaceRegion>(sReg));
1242	}
1243
1244	static void ProfileRegion(llvm::FoldingSetNodeID &ID,
1245	Expr const E, const* MemRegion *sReg);
1246
1247	public:
1248	LLVM_ATTRIBUTE_RETURNS_NONNULL
1249	const Expr getExpr() const* { return Ex; }
1250
1251	LLVM_ATTRIBUTE_RETURNS_NONNULL
1252	const StackFrameContext getStackFrame() const*;
1253
1254	QualType getValueType() const override { return Ex->getType(); }
1255
1256	void dumpToStream(raw_ostream &os) const override;
1257
1258	void Profile(llvm::FoldingSetNodeID &ID) const override;
1259
1260	static bool classof(const MemRegion* R) {
1261	return R->getKind() == CXXTempObjectRegionKind;
1262	}
1263	};
1264
1265	// C++ temporary object that have lifetime extended to lifetime of the
1266	// variable. Usually they represent temporary bounds to reference variables.
1267	class CXXLifetimeExtendedObjectRegion : public TypedValueRegion {
1268	friend class MemRegionManager;
1269
1270	Expr const *Ex;
1271	ValueDecl const *ExD;
1272
1273	CXXLifetimeExtendedObjectRegion(Expr const E, ValueDecl const* *D,
1274	MemSpaceRegion const *sReg)
1275	: TypedValueRegion (sReg, CXXLifetimeExtendedObjectRegionKind), Ex(E),
1276	ExD(D) {
1277	assert(E);
1278	assert(D);
1279	assert((isa<StackLocalsSpaceRegion, GlobalInternalSpaceRegion>(sReg)));
1280	}
1281
1282	static void ProfileRegion(llvm::FoldingSetNodeID &ID, Expr const *E,
1283	ValueDecl const D, const* MemRegion *sReg);
1284
1285	public:
1286	LLVM_ATTRIBUTE_RETURNS_NONNULL
1287	const Expr getExpr() const* { return Ex; }
1288	LLVM_ATTRIBUTE_RETURNS_NONNULL
1289	const ValueDecl getExtendingDecl() const* { return ExD; }
1290	/// It might return null.
1291	const StackFrameContext getStackFrame() const*;
1292
1293	QualType getValueType() const override { return Ex->getType(); }
1294
1295	void dumpToStream(raw_ostream &os) const override;
1296
1297	void Profile(llvm::FoldingSetNodeID &ID) const override;
1298
1299	static bool classof(const MemRegion *R) {
1300	return R->getKind() == CXXLifetimeExtendedObjectRegionKind;
1301	}
1302	};
1303
1304	// CXXBaseObjectRegion represents a base object within a C++ object. It is
1305	// identified by the base class declaration and the region of its parent object.
1306	class CXXBaseObjectRegion : public TypedValueRegion {
1307	friend class MemRegionManager;
1308
1309	llvm::PointerIntPair<const CXXRecordDecl , `1`, bool*> Data;
1310
1311	CXXBaseObjectRegion(const CXXRecordDecl RD, bool* IsVirtual,
1312	const SubRegion *SReg)
1313	: TypedValueRegion (SReg, CXXBaseObjectRegionKind), Data (RD, IsVirtual) {
1314	assert(RD);
1315	}
1316
1317	static void ProfileRegion(llvm::FoldingSetNodeID &ID, const CXXRecordDecl *RD,
1318	bool IsVirtual, const MemRegion *SReg);
1319
1320	public:
1321	LLVM_ATTRIBUTE_RETURNS_NONNULL
1322	const CXXRecordDecl getDecl() const* { return Data.getPointer(); }
1323	bool isVirtual() const { return Data.getInt(); }
1324
1325	QualType getValueType() const override;
1326
1327	void dumpToStream(raw_ostream &os) const override;
1328
1329	void Profile(llvm::FoldingSetNodeID &ID) const override;
1330
1331	bool canPrintPrettyAsExpr() const override;
1332
1333	void printPrettyAsExpr(raw_ostream &os) const override;
1334
1335	static bool classof(const MemRegion *region) {
1336	return region->getKind() == CXXBaseObjectRegionKind;
1337	}
1338	};
1339
1340	// CXXDerivedObjectRegion represents a derived-class object that surrounds
1341	// a C++ object. It is identified by the derived class declaration and the
1342	// region of its parent object. It is a bit counter-intuitive (but not otherwise
1343	// unseen) that this region represents a larger segment of memory that its
1344	// super-region.
1345	class CXXDerivedObjectRegion : public TypedValueRegion {
1346	friend class MemRegionManager;
1347
1348	const CXXRecordDecl *DerivedD;
1349
1350	CXXDerivedObjectRegion(const CXXRecordDecl DerivedD, const* SubRegion *SReg)
1351	: TypedValueRegion (SReg, CXXDerivedObjectRegionKind), DerivedD(DerivedD) {
1352	assert(DerivedD);
1353	// In case of a concrete region, it should always be possible to model
1354	// the base-to-derived cast by undoing a previous derived-to-base cast,
1355	// otherwise the cast is most likely ill-formed.
1356	assert(SReg->getSymbolicBase() &&
1357	"Should have unwrapped a base region instead!");
1358	}
1359
1360	static void ProfileRegion(llvm::FoldingSetNodeID &ID, const CXXRecordDecl *RD,
1361	const MemRegion *SReg);
1362
1363	public:
1364	LLVM_ATTRIBUTE_RETURNS_NONNULL
1365	const CXXRecordDecl getDecl() const* { return DerivedD; }
1366
1367	QualType getValueType() const override;
1368
1369	void dumpToStream(raw_ostream &os) const override;
1370
1371	void Profile(llvm::FoldingSetNodeID &ID) const override;
1372
1373	bool canPrintPrettyAsExpr() const override;
1374
1375	void printPrettyAsExpr(raw_ostream &os) const override;
1376
1377	static bool classof(const MemRegion *region) {
1378	return region->getKind() == CXXDerivedObjectRegionKind;
1379	}
1380	};
1381
1382	template<typename RegionTy>
1383	const RegionTy* MemRegion::getAs() const {
1384	if (const auto RT = dyn_cast<RegionTy>(this*))
1385	return RT;
1386
1387	return nullptr;
1388	}
1389
1390	template <typename RegionTy>
1391	LLVM_ATTRIBUTE_RETURNS_NONNULL const RegionTy MemRegion::castAs() const* {
1392	return cast<RegionTy>(this);
1393	}
1394
1395	//===----------------------------------------------------------------------===//
1396	// MemRegionManager - Factory object for creating regions.
1397	//===----------------------------------------------------------------------===//
1398
1399	class MemRegionManager {
1400	ASTContext &Ctx;
1401	llvm::BumpPtrAllocator& A;
1402
1403	llvm::FoldingSet<MemRegion> Regions;
1404
1405	GlobalInternalSpaceRegion InternalGlobals = nullptr*;
1406	GlobalSystemSpaceRegion SystemGlobals = nullptr*;
1407	GlobalImmutableSpaceRegion ImmutableGlobals = nullptr*;
1408
1409	llvm::DenseMap<const StackFrameContext , StackLocalsSpaceRegion >
1410	StackLocalsSpaceRegions;
1411	llvm::DenseMap<const StackFrameContext , StackArgumentsSpaceRegion >
1412	StackArgumentsSpaceRegions;
1413	llvm::DenseMap<const CodeTextRegion , StaticGlobalSpaceRegion >
1414	StaticsGlobalSpaceRegions;
1415
1416	HeapSpaceRegion heap = nullptr*;
1417	UnknownSpaceRegion unknown = nullptr*;
1418	CodeSpaceRegion code = nullptr*;
1419
1420	public:
1421	MemRegionManager(ASTContext &c, llvm::BumpPtrAllocator &a) : Ctx(c), A(a) {}
1422	~MemRegionManager();
1423
1424	ASTContext &getContext() { return Ctx; }
1425	const ASTContext &getContext() const { return Ctx; }
1426
1427	llvm::BumpPtrAllocator &getAllocator() { return A; }
1428
1429	/// \returns The static size in bytes of the region \p MR.
1430	/// \note The region \p MR must be a 'SubRegion'.
1431	DefinedOrUnknownSVal getStaticSize(const MemRegion *MR,
1432	SValBuilder &SVB) const;
1433
1434	/// getStackLocalsRegion - Retrieve the memory region associated with the
1435	/// specified stack frame.
1436	const StackLocalsSpaceRegion *
1437	getStackLocalsRegion(const StackFrameContext *STC);
1438
1439	/// getStackArgumentsRegion - Retrieve the memory region associated with
1440	/// function/method arguments of the specified stack frame.
1441	const StackArgumentsSpaceRegion *
1442	getStackArgumentsRegion(const StackFrameContext *STC);
1443
1444	/// getGlobalsRegion - Retrieve the memory region associated with
1445	/// global variables.
1446	const GlobalsSpaceRegion *getGlobalsRegion(
1447	MemRegion::Kind K = MemRegion::GlobalInternalSpaceRegionKind,
1448	const CodeTextRegion R = nullptr*);
1449
1450	/// getHeapRegion - Retrieve the memory region associated with the
1451	/// generic "heap".
1452	const HeapSpaceRegion *getHeapRegion();
1453
1454	/// getUnknownRegion - Retrieve the memory region associated with unknown
1455	/// memory space.
1456	const UnknownSpaceRegion *getUnknownRegion();
1457
1458	const CodeSpaceRegion *getCodeRegion();
1459
1460	/// getAllocaRegion - Retrieve a region associated with a call to alloca().
1461	const AllocaRegion getAllocaRegion(const* Expr Ex, unsigned* Cnt,
1462	const LocationContext *LC);
1463
1464	/// getCompoundLiteralRegion - Retrieve the region associated with a
1465	/// given CompoundLiteral.
1466	const CompoundLiteralRegion*
1467	getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
1468	const LocationContext *LC);
1469
1470	/// getCXXThisRegion - Retrieve the [artificial] region associated with the
1471	/// parameter 'this'.
1472	const CXXThisRegion *getCXXThisRegion(QualType thisPointerTy,
1473	const LocationContext *LC);
1474
1475	/// Retrieve or create a "symbolic" memory region.
1476	/// If no memory space is specified, `UnknownSpaceRegion` will be used.
1477	const SymbolicRegion *
1478	getSymbolicRegion(SymbolRef Sym, const MemSpaceRegion MemSpace = nullptr*);
1479
1480	/// Return a unique symbolic region belonging to heap memory space.
1481	const SymbolicRegion *getSymbolicHeapRegion(SymbolRef sym);
1482
1483	const StringRegion getStringRegion(const* StringLiteral *Str);
1484
1485	const ObjCStringRegion getObjCStringRegion(const* ObjCStringLiteral *Str);
1486
1487	/// getVarRegion - Retrieve or create the memory region associated with
1488	/// a specified VarDecl and LocationContext.
1489	const VarRegion getVarRegion(const* VarDecl VD, const* LocationContext *LC);
1490
1491	/// getVarRegion - Retrieve or create the memory region associated with
1492	/// a specified VarDecl and LocationContext.
1493	const NonParamVarRegion getNonParamVarRegion(const* VarDecl *VD,
1494	const MemRegion *superR);
1495
1496	/// getParamVarRegion - Retrieve or create the memory region
1497	/// associated with a specified CallExpr, Index and LocationContext.
1498	const ParamVarRegion getParamVarRegion(const* Expr *OriginExpr,
1499	unsigned Index,
1500	const LocationContext *LC);
1501
1502	/// getElementRegion - Retrieve the memory region associated with the
1503	/// associated element type, index, and super region.
1504	const ElementRegion *getElementRegion(QualType elementType, NonLoc Idx,
1505	const SubRegion *superRegion,
1506	ASTContext &Ctx);
1507
1508	const ElementRegion getElementRegionWithSuper(const* ElementRegion *ER,
1509	const SubRegion *superRegion) {
1510	return getElementRegion(elementType: ER->getElementType(), Idx: ER->getIndex(),
1511	superRegion, Ctx&: ER->getContext());
1512	}
1513
1514	/// getFieldRegion - Retrieve or create the memory region associated with
1515	/// a specified FieldDecl. 'superRegion' corresponds to the containing
1516	/// memory region (which typically represents the memory representing
1517	/// a structure or class).
1518	const FieldRegion getFieldRegion(const* FieldDecl *fd,
1519	const SubRegion* superRegion);
1520
1521	const FieldRegion getFieldRegionWithSuper(const* FieldRegion *FR,
1522	const SubRegion *superRegion) {
1523	return getFieldRegion(fd: FR->getDecl(), superRegion);
1524	}
1525
1526	/// getObjCIvarRegion - Retrieve or create the memory region associated with
1527	/// a specified Objective-c instance variable. 'superRegion' corresponds
1528	/// to the containing region (which typically represents the Objective-C
1529	/// object).
1530	const ObjCIvarRegion getObjCIvarRegion(const* ObjCIvarDecl *ivd,
1531	const SubRegion* superRegion);
1532
1533	const CXXTempObjectRegion getCXXTempObjectRegion(Expr const* *Ex,
1534	LocationContext const *LC);
1535
1536	/// Create a CXXLifetimeExtendedObjectRegion for temporaries which are
1537	/// lifetime-extended by local references.
1538	const CXXLifetimeExtendedObjectRegion *
1539	getCXXLifetimeExtendedObjectRegion(Expr const Ex, ValueDecl const* *VD,
1540	LocationContext const *LC);
1541
1542	/// Create a CXXLifetimeExtendedObjectRegion for temporaries which are
1543	/// lifetime-extended by static* references.*
1544	/// This differs from \ref getCXXLifetimeExtendedObjectRegion(Expr const ,*
1545	/// ValueDecl const , LocationContext const ) in the super-region used.
1546	const CXXLifetimeExtendedObjectRegion *
1547	getCXXStaticLifetimeExtendedObjectRegion(const Expr Ex, ValueDecl const* *VD);
1548
1549	/// Create a CXXBaseObjectRegion with the given base class for region
1550	/// \p Super.
1551	///
1552	/// The type of \p Super is assumed be a class deriving from \p BaseClass.
1553	const CXXBaseObjectRegion *
1554	getCXXBaseObjectRegion(const CXXRecordDecl BaseClass, const* SubRegion *Super,
1555	bool IsVirtual);
1556
1557	/// Create a CXXBaseObjectRegion with the same CXXRecordDecl but a different
1558	/// super region.
1559	const CXXBaseObjectRegion *
1560	getCXXBaseObjectRegionWithSuper(const CXXBaseObjectRegion *baseReg,
1561	const SubRegion *superRegion) {
1562	return getCXXBaseObjectRegion(BaseClass: baseReg->getDecl(), Super: superRegion,
1563	IsVirtual: baseReg->isVirtual());
1564	}
1565
1566	/// Create a CXXDerivedObjectRegion with the given derived class for region
1567	/// \p Super. This should not be used for casting an existing
1568	/// CXXBaseObjectRegion back to the derived type; instead, CXXBaseObjectRegion
1569	/// should be removed.
1570	const CXXDerivedObjectRegion *
1571	getCXXDerivedObjectRegion(const CXXRecordDecl *BaseClass,
1572	const SubRegion *Super);
1573
1574	const FunctionCodeRegion getFunctionCodeRegion(const* NamedDecl *FD);
1575	const BlockCodeRegion getBlockCodeRegion(const* BlockDecl *BD,
1576	CanQualType locTy,
1577	AnalysisDeclContext *AC);
1578
1579	/// getBlockDataRegion - Get the memory region associated with an instance
1580	/// of a block. Unlike many other MemRegions, the LocationContext*
1581	/// argument is allowed to be NULL for cases where we have no known
1582	/// context.
1583	const BlockDataRegion getBlockDataRegion(const* BlockCodeRegion *bc,
1584	const LocationContext *lc,
1585	unsigned blockCount);
1586
1587	private:
1588	template <typename RegionTy, typename SuperTy,
1589	typename Arg1Ty>
1590	RegionTy* getSubRegion(const Arg1Ty arg1,
1591	const SuperTy* superRegion);
1592
1593	template <typename RegionTy, typename SuperTy,
1594	typename Arg1Ty, typename Arg2Ty>
1595	RegionTy* getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
1596	const SuperTy* superRegion);
1597
1598	template <typename RegionTy, typename SuperTy,
1599	typename Arg1Ty, typename Arg2Ty, typename Arg3Ty>
1600	RegionTy* getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
1601	const Arg3Ty arg3,
1602	const SuperTy* superRegion);
1603
1604	template <typename REG>
1605	const REG* LazyAllocate(REG*& region);
1606
1607	template <typename REG, typename ARG>
1608	const REG* LazyAllocate(REG*& region, ARG a);
1609	};
1610
1611	//===----------------------------------------------------------------------===//
1612	// Out-of-line member definitions.
1613	//===----------------------------------------------------------------------===//
1614
1615	inline ASTContext &MemRegion::getContext() const {
1616	return getMemRegionManager().getContext();
1617	}
1618
1619	//===----------------------------------------------------------------------===//
1620	// Means for storing region/symbol handling traits.
1621	//===----------------------------------------------------------------------===//
1622
1623	/// Information about invalidation for a particular region/symbol.
1624	class RegionAndSymbolInvalidationTraits {
1625	using StorageTypeForKinds = unsigned char;
1626
1627	llvm::DenseMap<const MemRegion *, StorageTypeForKinds> MRTraitsMap;
1628	llvm::DenseMap<SymbolRef, StorageTypeForKinds> SymTraitsMap;
1629
1630	using const_region_iterator =
1631	llvm::DenseMap<const MemRegion *, StorageTypeForKinds>::const_iterator;
1632	using const_symbol_iterator =
1633	llvm::DenseMap<SymbolRef, StorageTypeForKinds>::const_iterator;
1634
1635	public:
1636	/// Describes different invalidation traits.
1637	enum InvalidationKinds {
1638	/// Tells that a region's contents is not changed.
1639	TK_PreserveContents = `0x1`,
1640
1641	/// Suppress pointer-escaping of a region.
1642	TK_SuppressEscape = `0x2`,
1643
1644	// Do not invalidate super region.
1645	TK_DoNotInvalidateSuperRegion = `0x4`,
1646
1647	/// When applied to a MemSpaceRegion, indicates the entire memory space
1648	/// should be invalidated.
1649	TK_EntireMemSpace = `0x8`
1650
1651	// Do not forget to extend StorageTypeForKinds if number of traits exceed
1652	// the number of bits StorageTypeForKinds can store.
1653	};
1654
1655	void setTrait(SymbolRef Sym, InvalidationKinds IK);
1656	void setTrait(const MemRegion *MR, InvalidationKinds IK);
1657	bool hasTrait(SymbolRef Sym, InvalidationKinds IK) const;
1658	bool hasTrait(const MemRegion MR, InvalidationKinds IK) const*;
1659	};
1660
1661	//===----------------------------------------------------------------------===//
1662	// Pretty-printing regions.
1663	//===----------------------------------------------------------------------===//
1664	inline raw_ostream &operator<<(raw_ostream &os, const MemRegion *R) {
1665	R->dumpToStream(os);
1666	return os;
1667	}
1668
1669	} // namespace ento
1670
1671	} // namespace clang
1672
1673	#endif // LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_MEMREGION_H
1674

source code of clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h