MemRegion.cpp source code [llvm_projects/clang/lib/StaticAnalyzer/Core/MemRegion.cpp]

1	//===- MemRegion.cpp - Abstract memory regions for static analysis --------===//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defines MemRegion and its subclasses. MemRegion defines a
10	// partially-typed abstraction of memory useful for path-sensitive dataflow
11	// analyses.
12	//
13	//===----------------------------------------------------------------------===//
14
15	#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
16	#include "clang/AST/ASTContext.h"
17	#include "clang/AST/Attr.h"
18	#include "clang/AST/CharUnits.h"
19	#include "clang/AST/Decl.h"
20	#include "clang/AST/DeclCXX.h"
21	#include "clang/AST/DeclObjC.h"
22	#include "clang/AST/Expr.h"
23	#include "clang/AST/PrettyPrinter.h"
24	#include "clang/AST/RecordLayout.h"
25	#include "clang/AST/Type.h"
26	#include "clang/Analysis/AnalysisDeclContext.h"
27	#include "clang/Analysis/Support/BumpVector.h"
28	#include "clang/Basic/IdentifierTable.h"
29	#include "clang/Basic/LLVM.h"
30	#include "clang/Basic/SourceManager.h"
31	#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
32	#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
33	#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
34	#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
35	#include "llvm/ADT/APInt.h"
36	#include "llvm/ADT/FoldingSet.h"
37	#include "llvm/ADT/PointerUnion.h"
38	#include "llvm/ADT/SmallString.h"
39	#include "llvm/ADT/StringRef.h"
40	#include "llvm/ADT/Twine.h"
41	#include "llvm/ADT/iterator_range.h"
42	#include "llvm/Support/Allocator.h"
43	#include "llvm/Support/Casting.h"
44	#include "llvm/Support/CheckedArithmetic.h"
45	#include "llvm/Support/Compiler.h"
46	#include "llvm/Support/Debug.h"
47	#include "llvm/Support/ErrorHandling.h"
48	#include "llvm/Support/raw_ostream.h"
49	#include <cassert>
50	#include <cstdint>
51	#include <iterator>
52	#include <optional>
53	#include <string>
54	#include <tuple>
55	#include <utility>
56
57	using namespace clang;
58	using namespace ento;
59
60	#define DEBUG_TYPE "MemRegion"
61
62	REGISTER_MAP_WITH_PROGRAMSTATE(MemSpacesMap, const MemRegion *,
63	const MemSpaceRegion *)
64
65	//===----------------------------------------------------------------------===//
66	// MemRegion Construction.
67	//===----------------------------------------------------------------------===//
68
69	[[maybe_unused]] static bool isAReferenceTypedValueRegion(const MemRegion *R) {
70	const auto *TyReg = llvm::dyn_cast<TypedValueRegion>(Val: R);
71	return TyReg && TyReg->getValueType()->isReferenceType();
72	}
73
74	template <typename RegionTy, typename SuperTy, typename Arg1Ty>
75	RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1,
76	const SuperTy *superRegion) {
77	llvm::FoldingSetNodeID ID;
78	RegionTy::ProfileRegion(ID, arg1, superRegion);
79	void *InsertPos;
80	auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
81
82	if (!R) {
83	R = new (A) RegionTy(arg1, superRegion);
84	Regions.InsertNode(R, InsertPos);
85	assert(!isAReferenceTypedValueRegion(superRegion));
86	}
87
88	return R;
89	}
90
91	template <typename RegionTy, typename SuperTy, typename Arg1Ty, typename Arg2Ty>
92	RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
93	const SuperTy *superRegion) {
94	llvm::FoldingSetNodeID ID;
95	RegionTy::ProfileRegion(ID, arg1, arg2, superRegion);
96	void *InsertPos;
97	auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
98
99	if (!R) {
100	R = new (A) RegionTy(arg1, arg2, superRegion);
101	Regions.InsertNode(R, InsertPos);
102	assert(!isAReferenceTypedValueRegion(superRegion));
103	}
104
105	return R;
106	}
107
108	template <typename RegionTy, typename SuperTy,
109	typename Arg1Ty, typename Arg2Ty, typename Arg3Ty>
110	RegionTy* MemRegionManager::getSubRegion(const Arg1Ty arg1, const Arg2Ty arg2,
111	const Arg3Ty arg3,
112	const SuperTy *superRegion) {
113	llvm::FoldingSetNodeID ID;
114	RegionTy::ProfileRegion(ID, arg1, arg2, arg3, superRegion);
115	void *InsertPos;
116	auto *R = cast_or_null<RegionTy>(Regions.FindNodeOrInsertPos(ID, InsertPos));
117
118	if (!R) {
119	R = new (A) RegionTy(arg1, arg2, arg3, superRegion);
120	Regions.InsertNode(R, InsertPos);
121	assert(!isAReferenceTypedValueRegion(superRegion));
122	}
123
124	return R;
125	}
126
127	//===----------------------------------------------------------------------===//
128	// Object destruction.
129	//===----------------------------------------------------------------------===//
130
131	MemRegion::~MemRegion() = default;
132
133	// All regions and their data are BumpPtrAllocated. No need to call their
134	// destructors.
135	MemRegionManager::~MemRegionManager() = default;
136
137	//===----------------------------------------------------------------------===//
138	// Basic methods.
139	//===----------------------------------------------------------------------===//
140
141	bool SubRegion::isSubRegionOf(const MemRegion* R) const {
142	const MemRegion* r = this;
143	do {
144	if (r == R)
145	return true;
146	if (const auto *sr = dyn_cast<SubRegion>(Val: r))
147	r = sr->getSuperRegion();
148	else
149	break;
150	} while (r != nullptr);
151	return false;
152	}
153
154	MemRegionManager &SubRegion::getMemRegionManager() const {
155	const SubRegion* r = this;
156	do {
157	const MemRegion *superRegion = r->getSuperRegion();
158	if (const auto *sr = dyn_cast<SubRegion>(Val: superRegion)) {
159	r = sr;
160	continue;
161	}
162	return superRegion->getMemRegionManager();
163	} while (true);
164	}
165
166	const StackFrame VarRegion::getStackFrame() const* {
167	const auto *SSR = dyn_cast<StackSpaceRegion>(Val: getRawMemorySpace());
168	return SSR ? SSR->getStackFrame() : nullptr;
169	}
170
171	const StackFrame CXXLifetimeExtendedObjectRegion::getStackFrame() const* {
172	const auto *SSR = dyn_cast<StackSpaceRegion>(Val: getRawMemorySpace());
173	return SSR ? SSR->getStackFrame() : nullptr;
174	}
175
176	const StackFrame CXXTempObjectRegion::getStackFrame() const* {
177	assert(isa<StackSpaceRegion>(getRawMemorySpace()) &&
178	"A temporary object can only be allocated on the stack");
179	return cast<StackSpaceRegion>(Val: getRawMemorySpace())->getStackFrame();
180	}
181
182	ObjCIvarRegion::ObjCIvarRegion(const ObjCIvarDecl ivd, const* SubRegion *sReg)
183	: DeclRegion (sReg, ObjCIvarRegionKind), IVD(ivd) {
184	assert(IVD);
185	}
186
187	const ObjCIvarDecl ObjCIvarRegion::getDecl() const* { return IVD; }
188
189	QualType ObjCIvarRegion::getValueType() const {
190	return getDecl()->getType();
191	}
192
193	QualType CXXBaseObjectRegion::getValueType() const {
194	return getContext().getCanonicalTagType(TD: getDecl());
195	}
196
197	QualType CXXDerivedObjectRegion::getValueType() const {
198	return getContext().getCanonicalTagType(TD: getDecl());
199	}
200
201	QualType ParamVarRegion::getValueType() const {
202	assert(getDecl() &&
203	"`ParamVarRegion` support functions without `Decl` not implemented"
204	" yet.");
205	return getDecl()->getType();
206	}
207
208	const ParmVarDecl ParamVarRegion::getDecl() const* {
209	const Decl *D = getStackFrame()->getDecl();
210
211	if (const auto *FD = dyn_cast<FunctionDecl>(Val: D)) {
212	assert(Index < FD->param_size());
213	return FD->parameters()[Index];
214	} else if (const auto *BD = dyn_cast<BlockDecl>(Val: D)) {
215	assert(Index < BD->param_size());
216	return BD->parameters()[Index];
217	} else if (const auto *MD = dyn_cast<ObjCMethodDecl>(Val: D)) {
218	assert(Index < MD->param_size());
219	return MD->parameters()[Index];
220	} else if (const auto *CD = dyn_cast<CXXConstructorDecl>(Val: D)) {
221	assert(Index < CD->param_size());
222	return CD->parameters()[Index];
223	} else {
224	llvm_unreachable("Unexpected Decl kind!");
225	}
226	}
227
228	//===----------------------------------------------------------------------===//
229	// FoldingSet profiling.
230	//===----------------------------------------------------------------------===//
231
232	void MemSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
233	ID.AddInteger(I: static_cast<unsigned>(getKind()));
234	}
235
236	void StackSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
237	ID.AddInteger(I: static_cast<unsigned>(getKind()));
238	ID.AddPointer(Ptr: getStackFrame());
239	}
240
241	void StaticGlobalSpaceRegion::Profile(llvm::FoldingSetNodeID &ID) const {
242	ID.AddInteger(I: static_cast<unsigned>(getKind()));
243	ID.AddPointer(Ptr: getCodeRegion());
244	}
245
246	void StringRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
247	const StringLiteral *Str,
248	const MemRegion *superRegion) {
249	ID.AddInteger(I: static_cast<unsigned>(StringRegionKind));
250	ID.AddPointer(Ptr: Str);
251	ID.AddPointer(Ptr: superRegion);
252	}
253
254	void ObjCStringRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
255	const ObjCStringLiteral *Str,
256	const MemRegion *superRegion) {
257	ID.AddInteger(I: static_cast<unsigned>(ObjCStringRegionKind));
258	ID.AddPointer(Ptr: Str);
259	ID.AddPointer(Ptr: superRegion);
260	}
261
262	void AllocaRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
263	const Expr Ex, unsigned* cnt,
264	const MemRegion *superRegion) {
265	ID.AddInteger(I: static_cast<unsigned>(AllocaRegionKind));
266	ID.AddPointer(Ptr: Ex);
267	ID.AddInteger(I: cnt);
268	ID.AddPointer(Ptr: superRegion);
269	}
270
271	void AllocaRegion::Profile(llvm::FoldingSetNodeID& ID) const {
272	ProfileRegion(ID, Ex, cnt: Cnt, superRegion);
273	}
274
275	void CompoundLiteralRegion::Profile(llvm::FoldingSetNodeID& ID) const {
276	CompoundLiteralRegion::ProfileRegion(ID, CL, superRegion);
277	}
278
279	void CompoundLiteralRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
280	const CompoundLiteralExpr *CL,
281	const MemRegion* superRegion) {
282	ID.AddInteger(I: static_cast<unsigned>(CompoundLiteralRegionKind));
283	ID.AddPointer(Ptr: CL);
284	ID.AddPointer(Ptr: superRegion);
285	}
286
287	void CXXThisRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
288	const PointerType *PT,
289	const MemRegion *sRegion) {
290	ID.AddInteger(I: static_cast<unsigned>(CXXThisRegionKind));
291	ID.AddPointer(Ptr: PT);
292	ID.AddPointer(Ptr: sRegion);
293	}
294
295	void CXXThisRegion::Profile(llvm::FoldingSetNodeID &ID) const {
296	CXXThisRegion::ProfileRegion(ID, PT: ThisPointerTy, sRegion: superRegion);
297	}
298
299	void FieldRegion::Profile(llvm::FoldingSetNodeID &ID) const {
300	ProfileRegion(ID, FD: getDecl(), superRegion);
301	}
302
303	void ObjCIvarRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
304	const ObjCIvarDecl *ivd,
305	const MemRegion* superRegion) {
306	ID.AddInteger(I: static_cast<unsigned>(ObjCIvarRegionKind));
307	ID.AddPointer(Ptr: ivd);
308	ID.AddPointer(Ptr: superRegion);
309	}
310
311	void ObjCIvarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
312	ProfileRegion(ID, ivd: getDecl(), superRegion);
313	}
314
315	void NonParamVarRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
316	const VarDecl *VD,
317	const MemRegion *superRegion) {
318	ID.AddInteger(I: static_cast<unsigned>(NonParamVarRegionKind));
319	ID.AddPointer(Ptr: VD);
320	ID.AddPointer(Ptr: superRegion);
321	}
322
323	void NonParamVarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
324	ProfileRegion(ID, VD: getDecl(), superRegion);
325	}
326
327	void ParamVarRegion::ProfileRegion(llvm::FoldingSetNodeID &ID, const Expr *OE,
328	unsigned Idx, const MemRegion *SReg) {
329	ID.AddInteger(I: static_cast<unsigned>(ParamVarRegionKind));
330	ID.AddPointer(Ptr: OE);
331	ID.AddInteger(I: Idx);
332	ID.AddPointer(Ptr: SReg);
333	}
334
335	void ParamVarRegion::Profile(llvm::FoldingSetNodeID &ID) const {
336	ProfileRegion(ID, OE: getOriginExpr(), Idx: getIndex(), SReg: superRegion);
337	}
338
339	void SymbolicRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym,
340	const MemRegion *sreg) {
341	ID.AddInteger(I: static_cast<unsigned>(MemRegion::SymbolicRegionKind));
342	ID.Add(x: sym);
343	ID.AddPointer(Ptr: sreg);
344	}
345
346	void SymbolicRegion::Profile(llvm::FoldingSetNodeID& ID) const {
347	SymbolicRegion::ProfileRegion(ID, sym, sreg: getSuperRegion());
348	}
349
350	void ElementRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
351	QualType ElementType, SVal Idx,
352	const MemRegion* superRegion) {
353	ID.AddInteger(I: MemRegion::ElementRegionKind);
354	ID.Add(x: ElementType);
355	ID.AddPointer(Ptr: superRegion);
356	Idx.Profile(ID);
357	}
358
359	void ElementRegion::Profile(llvm::FoldingSetNodeID& ID) const {
360	ElementRegion::ProfileRegion(ID, ElementType, Idx: Index, superRegion);
361	}
362
363	void FunctionCodeRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
364	const NamedDecl *FD,
365	const MemRegion*) {
366	ID.AddInteger(I: MemRegion::FunctionCodeRegionKind);
367	ID.AddPointer(Ptr: FD);
368	}
369
370	void FunctionCodeRegion::Profile(llvm::FoldingSetNodeID& ID) const {
371	FunctionCodeRegion::ProfileRegion(ID, FD, superRegion);
372	}
373
374	void BlockCodeRegion::ProfileRegion(llvm::FoldingSetNodeID& ID,
375	const BlockDecl *BD, CanQualType,
376	const AnalysisDeclContext *AC,
377	const MemRegion*) {
378	ID.AddInteger(I: MemRegion::BlockCodeRegionKind);
379	ID.AddPointer(Ptr: BD);
380	}
381
382	void BlockCodeRegion::Profile(llvm::FoldingSetNodeID& ID) const {
383	BlockCodeRegion::ProfileRegion(ID, BD, locTy, AC, superRegion);
384	}
385
386	void BlockDataRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
387	const BlockCodeRegion *BC,
388	const StackFrame SF, unsigned* BlkCount,
389	const MemRegion *sReg) {
390	ID.AddInteger(I: MemRegion::BlockDataRegionKind);
391	ID.AddPointer(Ptr: BC);
392	ID.AddPointer(Ptr: SF);
393	ID.AddInteger(I: BlkCount);
394	ID.AddPointer(Ptr: sReg);
395	}
396
397	void BlockDataRegion::Profile(llvm::FoldingSetNodeID& ID) const {
398	BlockDataRegion::ProfileRegion(ID, BC, SF, BlkCount: BlockCount, sReg: getSuperRegion());
399	}
400
401	void CXXTempObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
402	Expr const *Ex,
403	const MemRegion *sReg) {
404	ID.AddPointer(Ptr: Ex);
405	ID.AddPointer(Ptr: sReg);
406	}
407
408	void CXXTempObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
409	ProfileRegion(ID, Ex, sReg: getSuperRegion());
410	}
411
412	void CXXLifetimeExtendedObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
413	const Expr *E,
414	const ValueDecl *D,
415	const MemRegion *sReg) {
416	ID.AddPointer(Ptr: E);
417	ID.AddPointer(Ptr: D);
418	ID.AddPointer(Ptr: sReg);
419	}
420
421	void CXXLifetimeExtendedObjectRegion::Profile(
422	llvm::FoldingSetNodeID &ID) const {
423	ProfileRegion(ID, E: Ex, D: ExD, sReg: getSuperRegion());
424	}
425
426	void CXXBaseObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
427	const CXXRecordDecl *RD,
428	bool IsVirtual,
429	const MemRegion *SReg) {
430	ID.AddPointer(Ptr: RD);
431	ID.AddBoolean(B: IsVirtual);
432	ID.AddPointer(Ptr: SReg);
433	}
434
435	void CXXBaseObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
436	ProfileRegion(ID, RD: getDecl(), IsVirtual: isVirtual(), SReg: superRegion);
437	}
438
439	void CXXDerivedObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
440	const CXXRecordDecl *RD,
441	const MemRegion *SReg) {
442	ID.AddPointer(Ptr: RD);
443	ID.AddPointer(Ptr: SReg);
444	}
445
446	void CXXDerivedObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
447	ProfileRegion(ID, RD: getDecl(), SReg: superRegion);
448	}
449
450	//===----------------------------------------------------------------------===//
451	// Region anchors.
452	//===----------------------------------------------------------------------===//
453
454	void GlobalsSpaceRegion::anchor() {}
455
456	void NonStaticGlobalSpaceRegion::anchor() {}
457
458	void StackSpaceRegion::anchor() {}
459
460	void TypedRegion::anchor() {}
461
462	void TypedValueRegion::anchor() {}
463
464	void CodeTextRegion::anchor() {}
465
466	void SubRegion::anchor() {}
467
468	//===----------------------------------------------------------------------===//
469	// Region pretty-printing.
470	//===----------------------------------------------------------------------===//
471
472	LLVM_DUMP_METHOD void MemRegion::dump() const {
473	dumpToStream(os&: llvm::errs());
474	}
475
476	std::string MemRegion::getString() const {
477	std::string s;
478	llvm::raw_string_ostream os(s);
479	dumpToStream(os);
480	return s;
481	}
482
483	void MemRegion::dumpToStream(raw_ostream &os) const {
484	os << "<Unknown Region>";
485	}
486
487	void AllocaRegion::dumpToStream(raw_ostream &os) const {
488	os << "alloca{S" << Ex->getID(Context: getContext()) << `','` << Cnt << `'}'`;
489	}
490
491	void FunctionCodeRegion::dumpToStream(raw_ostream &os) const {
492	os << "code{" << getDecl()->getDeclName().getAsString() << `'}'`;
493	}
494
495	void BlockCodeRegion::dumpToStream(raw_ostream &os) const {
496	os << "block_code{" << static_cast<const void >(this*) << `'}'`;
497	}
498
499	void BlockDataRegion::dumpToStream(raw_ostream &os) const {
500	os << "block_data{" << BC;
501	os << "; ";
502	for (auto Var : referenced_vars())
503	os << "(" << Var.getCapturedRegion() << "<-" << Var.getOriginalRegion()
504	<< ") ";
505	os << `'}'`;
506	}
507
508	void CompoundLiteralRegion::dumpToStream(raw_ostream &os) const {
509	// FIXME: More elaborate pretty-printing.
510	os << "{ S" << CL->getID(Context: getContext()) << " }";
511	}
512
513	void CXXTempObjectRegion::dumpToStream(raw_ostream &os) const {
514	os << "temp_object{" << getValueType() << ", "
515	<< "S" << Ex->getID(Context: getContext()) << `'}'`;
516	}
517
518	void CXXLifetimeExtendedObjectRegion::dumpToStream(raw_ostream &os) const {
519	os << "lifetime_extended_object{" << getValueType() << ", ";
520	if (const IdentifierInfo *ID = ExD->getIdentifier())
521	os << ID->getName();
522	else
523	os << "D" << ExD->getID();
524	os << ", "
525	<< "S" << Ex->getID(Context: getContext()) << `'}'`;
526	}
527
528	void CXXBaseObjectRegion::dumpToStream(raw_ostream &os) const {
529	os << "Base{" << superRegion << `','` << getDecl()->getName() << `'}'`;
530	}
531
532	void CXXDerivedObjectRegion::dumpToStream(raw_ostream &os) const {
533	os << "Derived{" << superRegion << `','` << getDecl()->getName() << `'}'`;
534	}
535
536	void CXXThisRegion::dumpToStream(raw_ostream &os) const {
537	os << "this";
538	}
539
540	void ElementRegion::dumpToStream(raw_ostream &os) const {
541	os << "Element{" << superRegion << `','` << Index << `','` << getElementType()
542	<< `'}'`;
543	}
544
545	void FieldRegion::dumpToStream(raw_ostream &os) const {
546	os << superRegion << "." << *getDecl();
547	}
548
549	void ObjCIvarRegion::dumpToStream(raw_ostream &os) const {
550	os << "Ivar{" << superRegion << `','` << *getDecl() << `'}'`;
551	}
552
553	void StringRegion::dumpToStream(raw_ostream &os) const {
554	assert(Str != nullptr && "Expecting non-null StringLiteral");
555	Str->printPretty(OS&: os, Helper: nullptr, Policy: PrintingPolicy (getContext().getLangOpts()));
556	}
557
558	void ObjCStringRegion::dumpToStream(raw_ostream &os) const {
559	assert(Str != nullptr && "Expecting non-null ObjCStringLiteral");
560	Str->printPretty(OS&: os, Helper: nullptr, Policy: PrintingPolicy (getContext().getLangOpts()));
561	}
562
563	void SymbolicRegion::dumpToStream(raw_ostream &os) const {
564	if (isa<HeapSpaceRegion>(Val: getSuperRegion()))
565	os << "Heap";
566	os << "SymRegion{" << sym << `'}'`;
567	}
568
569	void NonParamVarRegion::dumpToStream(raw_ostream &os) const {
570	if (const IdentifierInfo *ID = VD->getIdentifier())
571	os << ID->getName();
572	else
573	os << "NonParamVarRegion{D" << VD->getID() << `'}'`;
574	}
575
576	LLVM_DUMP_METHOD void RegionRawOffset::dump() const {
577	dumpToStream(os&: llvm::errs());
578	}
579
580	void RegionRawOffset::dumpToStream(raw_ostream &os) const {
581	os << "raw_offset{" << getRegion() << `','` << getOffset().getQuantity() << `'}'`;
582	}
583
584	void CodeSpaceRegion::dumpToStream(raw_ostream &os) const {
585	os << "CodeSpaceRegion";
586	}
587
588	void StaticGlobalSpaceRegion::dumpToStream(raw_ostream &os) const {
589	os << "StaticGlobalsMemSpace{" << CR << `'}'`;
590	}
591
592	void GlobalInternalSpaceRegion::dumpToStream(raw_ostream &os) const {
593	os << "GlobalInternalSpaceRegion";
594	}
595
596	void GlobalSystemSpaceRegion::dumpToStream(raw_ostream &os) const {
597	os << "GlobalSystemSpaceRegion";
598	}
599
600	void GlobalImmutableSpaceRegion::dumpToStream(raw_ostream &os) const {
601	os << "GlobalImmutableSpaceRegion";
602	}
603
604	void HeapSpaceRegion::dumpToStream(raw_ostream &os) const {
605	os << "HeapSpaceRegion";
606	}
607
608	void UnknownSpaceRegion::dumpToStream(raw_ostream &os) const {
609	os << "UnknownSpaceRegion";
610	}
611
612	void StackArgumentsSpaceRegion::dumpToStream(raw_ostream &os) const {
613	os << "StackArgumentsSpaceRegion";
614	}
615
616	void StackLocalsSpaceRegion::dumpToStream(raw_ostream &os) const {
617	os << "StackLocalsSpaceRegion";
618	}
619
620	void ParamVarRegion::dumpToStream(raw_ostream &os) const {
621	const ParmVarDecl *PVD = getDecl();
622	assert(PVD &&
623	"`ParamVarRegion` support functions without `Decl` not implemented"
624	" yet.");
625	if (const IdentifierInfo *ID = PVD->getIdentifier()) {
626	os << ID->getName();
627	} else {
628	os << "ParamVarRegion{P" << PVD->getID() << `'}'`;
629	}
630	}
631
632	bool MemRegion::canPrintPretty() const {
633	return canPrintPrettyAsExpr();
634	}
635
636	bool MemRegion::canPrintPrettyAsExpr() const {
637	return false;
638	}
639
640	StringRef MemRegion::getKindStr() const {
641	switch (getKind()) {
642	#define REGION(Id, Parent) \
643	case Id##Kind: \
644	return #Id;
645	#include "clang/StaticAnalyzer/Core/PathSensitive/Regions.def"
646	#undef REGION
647	}
648	llvm_unreachable("Unkown kind!");
649	}
650
651	void MemRegion::printPretty(raw_ostream &os) const {
652	assert(canPrintPretty() && "This region cannot be printed pretty.");
653	os << "'";
654	printPrettyAsExpr(os);
655	os << "'";
656	}
657
658	void MemRegion::printPrettyAsExpr(raw_ostream &) const {
659	llvm_unreachable("This region cannot be printed pretty.");
660	}
661
662	bool NonParamVarRegion::canPrintPrettyAsExpr() const { return true; }
663
664	void NonParamVarRegion::printPrettyAsExpr(raw_ostream &os) const {
665	os << getDecl()->getName();
666	}
667
668	bool ParamVarRegion::canPrintPrettyAsExpr() const { return true; }
669
670	void ParamVarRegion::printPrettyAsExpr(raw_ostream &os) const {
671	assert(getDecl() &&
672	"`ParamVarRegion` support functions without `Decl` not implemented"
673	" yet.");
674	os << getDecl()->getName();
675	}
676
677	bool ObjCIvarRegion::canPrintPrettyAsExpr() const {
678	return true;
679	}
680
681	void ObjCIvarRegion::printPrettyAsExpr(raw_ostream &os) const {
682	os << getDecl()->getName();
683	}
684
685	bool FieldRegion::canPrintPretty() const {
686	return true;
687	}
688
689	bool FieldRegion::canPrintPrettyAsExpr() const {
690	return superRegion->canPrintPrettyAsExpr();
691	}
692
693	void FieldRegion::printPrettyAsExpr(raw_ostream &os) const {
694	assert(canPrintPrettyAsExpr());
695	superRegion->printPrettyAsExpr(os);
696	os << "." << getDecl()->getName();
697	}
698
699	void FieldRegion::printPretty(raw_ostream &os) const {
700	if (canPrintPrettyAsExpr()) {
701	os << "\'";
702	printPrettyAsExpr(os);
703	os << "'";
704	} else {
705	os << "field " << "\'" << getDecl()->getName() << "'";
706	}
707	}
708
709	bool CXXBaseObjectRegion::canPrintPrettyAsExpr() const {
710	return superRegion->canPrintPrettyAsExpr();
711	}
712
713	void CXXBaseObjectRegion::printPrettyAsExpr(raw_ostream &os) const {
714	superRegion->printPrettyAsExpr(os);
715	}
716
717	bool CXXDerivedObjectRegion::canPrintPrettyAsExpr() const {
718	return superRegion->canPrintPrettyAsExpr();
719	}
720
721	void CXXDerivedObjectRegion::printPrettyAsExpr(raw_ostream &os) const {
722	superRegion->printPrettyAsExpr(os);
723	}
724
725	std::string MemRegion::getDescriptiveName(bool UseQuotes) const {
726	std::string VariableName;
727	std::string ArrayIndices;
728	const MemRegion R = this*;
729	SmallString<`50`> buf;
730	llvm::raw_svector_ostream os(buf);
731
732	// Enclose subject with single quotes if needed.
733	auto QuoteIfNeeded = [UseQuotes](const Twine &Subject) -> std::string {
734	if (UseQuotes)
735	return ("'" + Subject + "'").str();
736	return Subject.str();
737	};
738
739	// Obtain array indices to add them to the variable name.
740	const ElementRegion ER = nullptr*;
741	while ((ER = R->getAs<ElementRegion>())) {
742	// Index is a ConcreteInt.
743	if (auto CI = ER->getIndex().getAs<nonloc::ConcreteInt>()) {
744	llvm::SmallString<`2`> Idx;
745	CI ->getValue()->toString(Str&: Idx);
746	ArrayIndices = (llvm::Twine("[") + Idx.str() + "]" + ArrayIndices).str();
747	}
748	// Index is symbolic, but may have a descriptive name.
749	else {
750	auto SI = ER->getIndex().getAs<nonloc::SymbolVal>();
751	if (!SI)
752	return "";
753
754	const MemRegion *OR = SI ->getAsSymbol()->getOriginRegion();
755	if (!OR)
756	return "";
757
758	std::string Idx = OR->getDescriptiveName(UseQuotes: false);
759	if (Idx.empty())
760	return "";
761
762	ArrayIndices = (llvm::Twine("[") + Idx + "]" + ArrayIndices).str();
763	}
764	R = ER->getSuperRegion();
765	}
766
767	// Get variable name.
768	if (R) {
769	// MemRegion can be pretty printed.
770	if (R->canPrintPrettyAsExpr()) {
771	R->printPrettyAsExpr(os);
772	return QuoteIfNeeded (llvm::Twine(os.str()) + ArrayIndices);
773	}
774
775	// FieldRegion may have ElementRegion as SuperRegion.
776	if (const auto *FR = R->getAs<FieldRegion>()) {
777	std::string Super = FR->getSuperRegion()->getDescriptiveName(UseQuotes: false);
778	if (Super.empty())
779	return "";
780	return QuoteIfNeeded (Super + "." + FR->getDecl()->getName());
781	}
782	}
783
784	return VariableName;
785	}
786
787	SourceRange MemRegion::sourceRange() const {
788	// Check for more specific regions first.
789	if (auto FR = dyn_cast<FieldRegion>(Val: this*)) {
790	return FR->getDecl()->getSourceRange();
791	}
792
793	if (auto VR = dyn_cast<VarRegion>(Val: this*->getBaseRegion())) {
794	return VR->getDecl()->getSourceRange();
795	}
796
797	// Return invalid source range (can be checked by client).
798	return {};
799	}
800
801	//===----------------------------------------------------------------------===//
802	// MemRegionManager methods.
803	//===----------------------------------------------------------------------===//
804
805	DefinedOrUnknownSVal MemRegionManager::getStaticSize(const MemRegion *MR,
806	SValBuilder &SVB) const {
807	const auto *SR = cast<SubRegion>(Val: MR);
808	SymbolManager &SymMgr = SVB.getSymbolManager();
809
810	switch (SR->getKind()) {
811	case MemRegion::AllocaRegionKind:
812	case MemRegion::SymbolicRegionKind:
813	return nonloc::SymbolVal(SymMgr.acquire<SymbolExtent>(args&: SR));
814	case MemRegion::StringRegionKind:
815	return SVB.makeIntVal(
816	integer: cast<StringRegion>(Val: SR)->getStringLiteral()->getByteLength() + `1`,
817	type: SVB.getArrayIndexType());
818	case MemRegion::CompoundLiteralRegionKind:
819	case MemRegion::CXXBaseObjectRegionKind:
820	case MemRegion::CXXDerivedObjectRegionKind:
821	case MemRegion::CXXTempObjectRegionKind:
822	case MemRegion::CXXLifetimeExtendedObjectRegionKind:
823	case MemRegion::CXXThisRegionKind:
824	case MemRegion::ObjCIvarRegionKind:
825	case MemRegion::NonParamVarRegionKind:
826	case MemRegion::ParamVarRegionKind:
827	case MemRegion::ElementRegionKind:
828	case MemRegion::ObjCStringRegionKind: {
829	QualType Ty = cast<TypedValueRegion>(Val: SR)->getDesugaredValueType(Context&: Ctx);
830	if (isa<VariableArrayType>(Val: Ty))
831	return nonloc::SymbolVal(SymMgr.acquire<SymbolExtent>(args&: SR));
832
833	if (Ty ->isIncompleteType())
834	return UnknownVal ();
835
836	return getElementExtent(Ty, SVB);
837	}
838	case MemRegion::FieldRegionKind: {
839	// Force callers to deal with bitfields explicitly.
840	if (cast<FieldRegion>(Val: SR)->getDecl()->isBitField())
841	return UnknownVal ();
842
843	QualType Ty = cast<TypedValueRegion>(Val: SR)->getDesugaredValueType(Context&: Ctx);
844	const DefinedOrUnknownSVal Size = getElementExtent(Ty, SVB);
845
846	// We currently don't model flexible array members (FAMs), which are:
847	// - int array[]; of IncompleteArrayType
848	// - int array[0]; of ConstantArrayType with size 0
849	// - int array[1]; of ConstantArrayType with size 1
850	// https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
851	const auto isFlexibleArrayMemberCandidate =
852	[this](const ArrayType AT) -> bool* {
853	if (!AT)
854	return false;
855
856	auto IsIncompleteArray = [](const ArrayType *AT) {
857	return isa<IncompleteArrayType>(Val: AT);
858	};
859	auto IsArrayOfZero = [](const ArrayType *AT) {
860	const auto *CAT = dyn_cast<ConstantArrayType>(Val: AT);
861	return CAT && CAT->isZeroSize();
862	};
863	auto IsArrayOfOne = [](const ArrayType *AT) {
864	const auto *CAT = dyn_cast<ConstantArrayType>(Val: AT);
865	return CAT && CAT->getSize() == `1`;
866	};
867
868	using FAMKind = LangOptions::StrictFlexArraysLevelKind;
869	const FAMKind StrictFlexArraysLevel =
870	Ctx.getLangOpts().getStrictFlexArraysLevel();
871
872	// "Default": Any trailing array member is a FAM.
873	// Since we cannot tell at this point if this array is a trailing member
874	// or not, let's just do the same as for "OneZeroOrIncomplete".
875	if (StrictFlexArraysLevel == FAMKind::Default)
876	return IsArrayOfOne(AT) \|\| IsArrayOfZero(AT) \|\| IsIncompleteArray(AT);
877
878	if (StrictFlexArraysLevel == FAMKind::OneZeroOrIncomplete)
879	return IsArrayOfOne(AT) \|\| IsArrayOfZero(AT) \|\| IsIncompleteArray(AT);
880
881	if (StrictFlexArraysLevel == FAMKind::ZeroOrIncomplete)
882	return IsArrayOfZero(AT) \|\| IsIncompleteArray(AT);
883
884	assert(StrictFlexArraysLevel == FAMKind::IncompleteOnly);
885	return IsIncompleteArray(AT);
886	};
887
888	if (isFlexibleArrayMemberCandidate (Ctx.getAsArrayType(T: Ty)))
889	return UnknownVal ();
890
891	return Size;
892	}
893	// FIXME: The following are being used in 'SimpleSValBuilder' because there
894	// is no symbol to represent the regions more appropriately.
895	case MemRegion::BlockDataRegionKind:
896	case MemRegion::BlockCodeRegionKind:
897	case MemRegion::FunctionCodeRegionKind:
898	return nonloc::SymbolVal(SymMgr.acquire<SymbolExtent>(args&: SR));
899	default:
900	llvm_unreachable("Unhandled region");
901	}
902	}
903
904	template <typename REG>
905	const REG MemRegionManager::LazyAllocate(REG& region) {
906	if (!region) {
907	region = new (A) REG(*this);
908	}
909
910	return region;
911	}
912
913	template <typename REG, typename ARG>
914	const REG MemRegionManager::LazyAllocate(REG& region, ARG a) {
915	if (!region) {
916	region = new (A) REG(this, a);
917	}
918
919	return region;
920	}
921
922	const StackLocalsSpaceRegion *
923	MemRegionManager::getStackLocalsRegion(const StackFrame *SF) {
924	assert(SF);
925	StackLocalsSpaceRegion *&R = StackLocalsSpaceRegions [SF];
926
927	if (R)
928	return R;
929
930	R = new (A) StackLocalsSpaceRegion (*this, SF);
931	return R;
932	}
933
934	const StackArgumentsSpaceRegion *
935	MemRegionManager::getStackArgumentsRegion(const StackFrame *SF) {
936	assert(SF);
937	StackArgumentsSpaceRegion *&R = StackArgumentsSpaceRegions [SF];
938
939	if (R)
940	return R;
941
942	R = new (A) StackArgumentsSpaceRegion (*this, SF);
943	return R;
944	}
945
946	const GlobalsSpaceRegion
947	*MemRegionManager::getGlobalsRegion(MemRegion::Kind K,
948	const CodeTextRegion *CR) {
949	if (!CR) {
950	if (K == MemRegion::GlobalSystemSpaceRegionKind)
951	return LazyAllocate(region&: SystemGlobals);
952	if (K == MemRegion::GlobalImmutableSpaceRegionKind)
953	return LazyAllocate(region&: ImmutableGlobals);
954	assert(K == MemRegion::GlobalInternalSpaceRegionKind);
955	return LazyAllocate(region&: InternalGlobals);
956	}
957
958	assert(K == MemRegion::StaticGlobalSpaceRegionKind);
959	StaticGlobalSpaceRegion *&R = StaticsGlobalSpaceRegions [CR];
960	if (R)
961	return R;
962
963	R = new (A) StaticGlobalSpaceRegion (*this, CR);
964	return R;
965	}
966
967	const HeapSpaceRegion *MemRegionManager::getHeapRegion() {
968	return LazyAllocate(region&: heap);
969	}
970
971	const UnknownSpaceRegion *MemRegionManager::getUnknownRegion() {
972	return LazyAllocate(region&: unknown);
973	}
974
975	const CodeSpaceRegion *MemRegionManager::getCodeRegion() {
976	return LazyAllocate(region&: code);
977	}
978
979	//===----------------------------------------------------------------------===//
980	// Constructing regions.
981	//===----------------------------------------------------------------------===//
982
983	const StringRegion MemRegionManager::getStringRegion(const* StringLiteral *Str){
984	return getSubRegion<StringRegion>(
985	arg1: Str, superRegion: cast<GlobalInternalSpaceRegion>(Val: getGlobalsRegion()));
986	}
987
988	const ObjCStringRegion *
989	MemRegionManager::getObjCStringRegion(const ObjCStringLiteral *Str){
990	return getSubRegion<ObjCStringRegion>(
991	arg1: Str, superRegion: cast<GlobalInternalSpaceRegion>(Val: getGlobalsRegion()));
992	}
993
994	/// Look through a chain of StackFrames to either find the
995	/// StackFrame that matches a DeclContext, or find a VarRegion
996	/// for a variable captured by a block.
997	static llvm::PointerUnion<const StackFrame , const* VarRegion *>
998	getStackOrCaptureRegionForDeclContext(const StackFrame *SF,
999	const DeclContext *DC,
1000	const VarDecl *VD) {
1001	while (SF) {
1002	if (cast<DeclContext>(Val: SF->getDecl()) == DC)
1003	return SF;
1004	if (SF->getData()) {
1005	// FIXME: This can be made more efficient.
1006	for (auto Var : static_cast<const BlockDataRegion *>(SF->getData())
1007	->referenced_vars()) {
1008	const TypedValueRegion *OrigR = Var.getOriginalRegion();
1009	if (const auto *VR = dyn_cast<VarRegion>(Val: OrigR)) {
1010	if (VR->getDecl() == VD)
1011	return cast<VarRegion>(Val: Var.getCapturedRegion());
1012	}
1013	}
1014	}
1015
1016	SF = SF->getParent();
1017	}
1018	return (const StackFrame )nullptr*;
1019	}
1020
1021	static bool isStdStreamVar(const VarDecl *D) {
1022	const IdentifierInfo *II = D->getIdentifier();
1023	if (!II)
1024	return false;
1025	if (!D->getDeclContext()->isTranslationUnit())
1026	return false;
1027	StringRef N = II->getName();
1028	QualType FILETy = D->getASTContext().getFILEType();
1029	if (FILETy.isNull())
1030	return false;
1031	FILETy = FILETy.getCanonicalType();
1032	QualType Ty = D->getType().getCanonicalType();
1033	return Ty ->isPointerType() && Ty ->getPointeeType() == FILETy &&
1034	(N == "stdin" \|\| N == "stdout" \|\| N == "stderr");
1035	}
1036
1037	const VarRegion MemRegionManager::getVarRegion(const* VarDecl *D,
1038	const StackFrame *SF) {
1039	const auto *PVD = dyn_cast<ParmVarDecl>(Val: D);
1040	if (PVD) {
1041	unsigned Index = PVD->getFunctionScopeIndex();
1042	const Expr *CallSite = SF->getCallSite();
1043	if (CallSite) {
1044	const Decl *CalleeDecl = SF->getDecl();
1045	bool CurrentParam = true;
1046	if (const auto *FD = dyn_cast<FunctionDecl>(Val: CalleeDecl)) {
1047	CurrentParam =
1048	(Index < FD->param_size() && FD->getParamDecl(i: Index) == PVD);
1049	} else if (const auto *BD = dyn_cast<BlockDecl>(Val: CalleeDecl)) {
1050	CurrentParam =
1051	(Index < BD->param_size() && BD->getParamDecl(i: Index) == PVD);
1052	}
1053
1054	if (CurrentParam) {
1055	// If this is a parameter of the current* stack frame, we can*
1056	// represent it with a `ParamVarRegion`.
1057	return getSubRegion<ParamVarRegion>(arg1: CallSite, arg2: Index,
1058	superRegion: getStackArgumentsRegion(SF));
1059	} else {
1060	// TODO: Parameters of other stack frames (which may have been be
1061	// captured by a lambda or a block) are currently represented by
1062	// `NonParamVarRegion`s. This behavior is present since commit
1063	// 98db1f990fc273adc1ae36d4ce97ce66fd27ac30 which introduced
1064	// `ParamVarRegion` in 2020; and appears to work (at least to some
1065	// extent); but it would be nice to clean this up (if somebody has time
1066	// and knowledge for a proper investigation).
1067	}
1068	} else {
1069	// TODO: Parameters of the entrypoint stack frame (where `CallSite` is
1070	// null) are currently represented by `NonParamVarRegion`s. This behavior
1071	// is also present since 98db1f990fc273adc1ae36d4ce97ce66fd27ac30 which
1072	// introduced `ParamVarRegion` in 2020, but it would be nice to clean it
1073	// up for the sake of clarity and consistency.
1074	}
1075	}
1076
1077	D = D->getCanonicalDecl();
1078	const MemRegion sReg = nullptr*;
1079
1080	if (D->hasGlobalStorage() && !D->isStaticLocal()) {
1081	QualType Ty = D->getType();
1082	assert(!Ty.isNull());
1083	if (Ty.isConstQualified()) {
1084	sReg = getGlobalsRegion(K: MemRegion::GlobalImmutableSpaceRegionKind);
1085	} else {
1086	// Pointer value of C standard streams is usually not modified by calls
1087	// to functions declared in system headers. This means that they should
1088	// not get invalidated by calls to functions declared in system headers,
1089	// so they are placed in the global internal space, which is not
1090	// invalidated by calls to functions declared in system headers.
1091	if (Ctx.getSourceManager().isInSystemHeader(Loc: D->getLocation()) &&
1092	!isStdStreamVar(D)) {
1093	sReg = getGlobalsRegion(K: MemRegion::GlobalSystemSpaceRegionKind);
1094	} else {
1095	sReg = getGlobalsRegion(K: MemRegion::GlobalInternalSpaceRegionKind);
1096	}
1097	}
1098
1099	// Finally handle static locals.
1100	} else {
1101	// FIXME: Once we implement scope handling, we will need to properly lookup
1102	// 'D' to the proper StackFrame.
1103	const DeclContext *DC = D->getDeclContext();
1104	llvm::PointerUnion<const StackFrame , const* VarRegion *> V =
1105	getStackOrCaptureRegionForDeclContext(SF, DC, VD: D);
1106
1107	if (const auto VR = dyn_cast_if_present<const* VarRegion *>(Val&: V))
1108	return VR;
1109
1110	const auto SF = cast<const* StackFrame *>(Val&: V);
1111
1112	if (!SF) {
1113	// FIXME: Assign a more sensible memory space to static locals
1114	// we see from within blocks that we analyze as top-level declarations.
1115	sReg = getUnknownRegion();
1116	} else {
1117	if (D->hasLocalStorage()) {
1118	sReg = isa<ParmVarDecl, ImplicitParamDecl>(Val: D)
1119	? static_cast<const MemRegion *>(getStackArgumentsRegion(SF))
1120	: static_cast<const MemRegion *>(getStackLocalsRegion(SF));
1121	}
1122	else {
1123	assert(D->isStaticLocal());
1124	const Decl *STCD = SF->getDecl();
1125	if (isa<FunctionDecl, ObjCMethodDecl>(Val: STCD))
1126	sReg = getGlobalsRegion(K: MemRegion::StaticGlobalSpaceRegionKind,
1127	CR: getFunctionCodeRegion(FD: cast<NamedDecl>(Val: STCD)));
1128	else if (const auto *BD = dyn_cast<BlockDecl>(Val: STCD)) {
1129	// FIXME: The fallback type here is totally bogus -- though it should
1130	// never be queried, it will prevent uniquing with the real
1131	// BlockCodeRegion. Ideally we'd fix the AST so that we always had a
1132	// signature.
1133	QualType T;
1134	if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())
1135	T = TSI->getType();
1136	if (T.isNull())
1137	T = getContext().VoidTy;
1138	if (!T ->getAs<FunctionType>()) {
1139	FunctionProtoType::ExtProtoInfo Ext;
1140	T = getContext().getFunctionType(ResultTy: T, Args: {}, EPI: Ext);
1141	}
1142	T = getContext().getBlockPointerType(T);
1143
1144	const BlockCodeRegion *BTR = getBlockCodeRegion(
1145	BD, locTy: Ctx.getCanonicalType(T), AC: SF->getAnalysisDeclContext());
1146	sReg = getGlobalsRegion(K: MemRegion::StaticGlobalSpaceRegionKind,
1147	CR: BTR);
1148	}
1149	else {
1150	sReg = getGlobalsRegion();
1151	}
1152	}
1153	}
1154	}
1155
1156	return getNonParamVarRegion(VD: D, superR: sReg);
1157	}
1158
1159	const NonParamVarRegion *
1160	MemRegionManager::getNonParamVarRegion(const VarDecl *D,
1161	const MemRegion *superR) {
1162	// Prefer the definition over the canonical decl as the canonical form.
1163	D = D->getCanonicalDecl();
1164	if (const VarDecl *Def = D->getDefinition())
1165	D = Def;
1166	return getSubRegion<NonParamVarRegion>(arg1: D, superRegion: superR);
1167	}
1168
1169	const ParamVarRegion *
1170	MemRegionManager::getParamVarRegion(const Expr OriginExpr, unsigned* Index,
1171	const StackFrame *SF) {
1172	assert(SF);
1173	return getSubRegion<ParamVarRegion>(arg1: OriginExpr, arg2: Index,
1174	superRegion: getStackArgumentsRegion(SF));
1175	}
1176
1177	const BlockDataRegion *MemRegionManager::getBlockDataRegion(
1178	const BlockCodeRegion BC, const* StackFrame SF, unsigned* blockCount) {
1179	const MemSpaceRegion sReg = nullptr*;
1180	const BlockDecl *BD = BC->getDecl();
1181	if (!BD->hasCaptures()) {
1182	// This handles 'static' blocks.
1183	sReg = getGlobalsRegion(K: MemRegion::GlobalImmutableSpaceRegionKind);
1184	}
1185	else {
1186	bool IsArcManagedBlock = Ctx.getLangOpts().ObjCAutoRefCount;
1187
1188	// ARC managed blocks can be initialized on stack or directly in heap
1189	// depending on the implementations. So we initialize them with
1190	// UnknownRegion.
1191	if (!IsArcManagedBlock && SF) {
1192	// FIXME: Once we implement scope handling, we want the parent region
1193	// to be the scope.
1194	assert(SF);
1195	sReg = getStackLocalsRegion(SF);
1196	} else {
1197	// We allow 'SF' to be NULL for cases where want BlockDataRegions
1198	// without context-sensitivity.
1199	sReg = getUnknownRegion();
1200	}
1201	}
1202
1203	return getSubRegion<BlockDataRegion>(arg1: BC, arg2: SF, arg3: blockCount, superRegion: sReg);
1204	}
1205
1206	const CompoundLiteralRegion *
1207	MemRegionManager::getCompoundLiteralRegion(const CompoundLiteralExpr *CL,
1208	const StackFrame *SF) {
1209	const MemSpaceRegion sReg = nullptr*;
1210
1211	if (CL->isFileScope())
1212	sReg = getGlobalsRegion();
1213	else {
1214	assert(SF);
1215	sReg = getStackLocalsRegion(SF);
1216	}
1217
1218	return getSubRegion<CompoundLiteralRegion>(arg1: CL, superRegion: sReg);
1219	}
1220
1221	const ElementRegion *
1222	MemRegionManager::getElementRegion(QualType elementType, NonLoc Idx,
1223	const SubRegion *superRegion,
1224	const ASTContext &Ctx) {
1225	QualType T = Ctx.getCanonicalType(T: elementType).getUnqualifiedType();
1226
1227	// The address space must be preserved because some target-specific address
1228	// spaces influence the size of the pointer value which is represented by the
1229	// element region.
1230	LangAS AS = elementType.getAddressSpace();
1231	if (AS != LangAS::Default) {
1232	Qualifiers Quals;
1233	Quals.setAddressSpace(AS);
1234	T = Ctx.getQualifiedType(T, Qs: Quals);
1235	}
1236
1237	llvm::FoldingSetNodeID ID;
1238	ElementRegion::ProfileRegion(ID, ElementType: T, Idx, superRegion);
1239
1240	void *InsertPos;
1241	MemRegion* data = Regions.FindNodeOrInsertPos(ID, InsertPos);
1242	auto *R = cast_or_null<ElementRegion>(Val: data);
1243
1244	if (!R) {
1245	R = new (A) ElementRegion (T, Idx, superRegion);
1246	Regions.InsertNode(N: R, InsertPos);
1247	}
1248
1249	return R;
1250	}
1251
1252	const FunctionCodeRegion *
1253	MemRegionManager::getFunctionCodeRegion(const NamedDecl *FD) {
1254	// To think: should we canonicalize the declaration here?
1255	return getSubRegion<FunctionCodeRegion>(arg1: FD, superRegion: getCodeRegion());
1256	}
1257
1258	const BlockCodeRegion *
1259	MemRegionManager::getBlockCodeRegion(const BlockDecl *BD, CanQualType locTy,
1260	AnalysisDeclContext *AC) {
1261	return getSubRegion<BlockCodeRegion>(arg1: BD, arg2: locTy, arg3: AC, superRegion: getCodeRegion());
1262	}
1263
1264	const SymbolicRegion *
1265	MemRegionManager::getSymbolicRegion(SymbolRef sym,
1266	const MemSpaceRegion *MemSpace) {
1267	if (MemSpace == nullptr)
1268	MemSpace = getUnknownRegion();
1269	return getSubRegion<SymbolicRegion>(arg1: sym, superRegion: MemSpace);
1270	}
1271
1272	const SymbolicRegion *MemRegionManager::getSymbolicHeapRegion(SymbolRef Sym) {
1273	return getSubRegion<SymbolicRegion>(arg1: Sym, superRegion: getHeapRegion());
1274	}
1275
1276	const FieldRegion *
1277	MemRegionManager::getFieldRegion(const FieldDecl *FD,
1278	const SubRegion *SuperRegion) {
1279	return getSubRegion<FieldRegion>(arg1: FD->getCanonicalDecl(), superRegion: SuperRegion);
1280	}
1281
1282	const ObjCIvarRegion*
1283	MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl *d,
1284	const SubRegion* superRegion) {
1285	return getSubRegion<ObjCIvarRegion>(arg1: d, superRegion);
1286	}
1287
1288	const CXXTempObjectRegion *
1289	MemRegionManager::getCXXTempObjectRegion(Expr const E, StackFrame const* *SF) {
1290	assert(SF);
1291	return getSubRegion<CXXTempObjectRegion>(arg1: E, superRegion: getStackLocalsRegion(SF));
1292	}
1293
1294	const CXXLifetimeExtendedObjectRegion *
1295	MemRegionManager::getCXXLifetimeExtendedObjectRegion(const Expr *Ex,
1296	const ValueDecl *VD,
1297	const StackFrame *SF) {
1298	assert(SF);
1299	return getSubRegion<CXXLifetimeExtendedObjectRegion>(
1300	arg1: Ex, arg2: VD, superRegion: getStackLocalsRegion(SF));
1301	}
1302
1303	const CXXLifetimeExtendedObjectRegion *
1304	MemRegionManager::getCXXStaticLifetimeExtendedObjectRegion(
1305	const Expr Ex, const* ValueDecl *VD) {
1306	return getSubRegion<CXXLifetimeExtendedObjectRegion>(
1307	arg1: Ex, arg2: VD,
1308	superRegion: getGlobalsRegion(K: MemRegion::GlobalInternalSpaceRegionKind, CR: nullptr));
1309	}
1310
1311	/// Checks whether \p BaseClass is a valid virtual or direct non-virtual base
1312	/// class of the type of \p Super.
1313	static bool isValidBaseClass(const CXXRecordDecl *BaseClass,
1314	const TypedValueRegion *Super,
1315	bool IsVirtual) {
1316	BaseClass = BaseClass->getCanonicalDecl();
1317
1318	const CXXRecordDecl *Class = Super->getValueType()->getAsCXXRecordDecl();
1319	if (!Class)
1320	return true;
1321
1322	if (IsVirtual)
1323	return Class->isVirtuallyDerivedFrom(Base: BaseClass);
1324
1325	for (const auto &I : Class->bases()) {
1326	if (I.getType()->getAsCXXRecordDecl()->getCanonicalDecl() == BaseClass)
1327	return true;
1328	}
1329
1330	return false;
1331	}
1332
1333	const CXXBaseObjectRegion *
1334	MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *RD,
1335	const SubRegion *Super,
1336	bool IsVirtual) {
1337	if (isa<TypedValueRegion>(Val: Super)) {
1338	assert(isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual));
1339	(void)&isValidBaseClass;
1340
1341	if (IsVirtual) {
1342	// Virtual base regions should not be layered, since the layout rules
1343	// are different.
1344	while (const auto *Base = dyn_cast<CXXBaseObjectRegion>(Val: Super))
1345	Super = cast<SubRegion>(Val: Base->getSuperRegion());
1346	assert(Super && !isa<MemSpaceRegion>(Super));
1347	}
1348	}
1349
1350	return getSubRegion<CXXBaseObjectRegion>(arg1: RD, arg2: IsVirtual, superRegion: Super);
1351	}
1352
1353	const CXXDerivedObjectRegion *
1354	MemRegionManager::getCXXDerivedObjectRegion(const CXXRecordDecl *RD,
1355	const SubRegion *Super) {
1356	return getSubRegion<CXXDerivedObjectRegion>(arg1: RD, superRegion: Super);
1357	}
1358
1359	const CXXThisRegion *MemRegionManager::getCXXThisRegion(QualType thisPointerTy,
1360	const StackFrame *SF) {
1361	const auto *PT = thisPointerTy ->getAs<PointerType>();
1362	assert(PT);
1363	// Inside the body of the operator() of a lambda a this expr might refer to an
1364	// object in one of the parent stack frames.
1365	const auto *D = dyn_cast<CXXMethodDecl>(Val: SF->getDecl());
1366	// FIXME: when operator() of lambda is analyzed as a top level function and
1367	// 'this' refers to a this to the enclosing scope, there is no right region to
1368	// return.
1369	while (!SF->inTopFrame() && (!D \|\| D->isStatic() \|\|
1370	PT != D->getThisType()->getAs<PointerType>())) {
1371	SF = SF->getParent();
1372	D = dyn_cast<CXXMethodDecl>(Val: SF->getDecl());
1373	}
1374	assert(SF);
1375	return getSubRegion<CXXThisRegion>(arg1: PT, superRegion: getStackArgumentsRegion(SF));
1376	}
1377
1378	const AllocaRegion MemRegionManager::getAllocaRegion(const* Expr *E,
1379	unsigned cnt,
1380	const StackFrame *SF) {
1381	assert(SF);
1382	return getSubRegion<AllocaRegion>(arg1: E, arg2: cnt, superRegion: getStackLocalsRegion(SF));
1383	}
1384
1385	const MemSpaceRegion MemRegion::getRawMemorySpace() const* {
1386	const MemRegion R = this*;
1387	const auto SR = dyn_cast<SubRegion>(Val: this*);
1388
1389	while (SR) {
1390	R = SR->getSuperRegion();
1391	SR = dyn_cast<SubRegion>(Val: R);
1392	}
1393
1394	return cast<MemSpaceRegion>(Val: R);
1395	}
1396
1397	const MemSpaceRegion MemRegion::getMemorySpace(ProgramStateRef State) const* {
1398	const MemRegion *MR = getBaseRegion();
1399
1400	const MemSpaceRegion *RawSpace = MR->getRawMemorySpace();
1401	if (!isa<UnknownSpaceRegion>(Val: RawSpace))
1402	return RawSpace;
1403
1404	const MemSpaceRegion *const *AssociatedSpace = State ->get<MemSpacesMap>(key: MR);
1405	return AssociatedSpace ? *AssociatedSpace : RawSpace;
1406	}
1407
1408	ProgramStateRef MemRegion::setMemorySpace(ProgramStateRef State,
1409	const MemSpaceRegion Space) const* {
1410	const MemRegion *Base = getBaseRegion();
1411
1412	// Shouldn't set unknown space.
1413	assert(!isa<UnknownSpaceRegion>(Space));
1414
1415	// Currently, it we should have no accurate memspace for this region.
1416	assert(Base->hasMemorySpace<UnknownSpaceRegion>(State));
1417	return State ->set<MemSpacesMap>(K: Base, E: Space);
1418	}
1419
1420	// Strips away all elements and fields.
1421	// Returns the base region of them.
1422	const MemRegion MemRegion::getBaseRegion() const* {
1423	const MemRegion R = this*;
1424	while (true) {
1425	switch (R->getKind()) {
1426	case MemRegion::ElementRegionKind:
1427	case MemRegion::FieldRegionKind:
1428	case MemRegion::ObjCIvarRegionKind:
1429	case MemRegion::CXXBaseObjectRegionKind:
1430	case MemRegion::CXXDerivedObjectRegionKind:
1431	R = cast<SubRegion>(Val: R)->getSuperRegion();
1432	continue;
1433	default:
1434	break;
1435	}
1436	break;
1437	}
1438	return R;
1439	}
1440
1441	// Returns the region of the root class of a C++ class hierarchy.
1442	const MemRegion MemRegion::getMostDerivedObjectRegion() const* {
1443	const MemRegion R = this*;
1444	while (const auto *BR = dyn_cast<CXXBaseObjectRegion>(Val: R))
1445	R = BR->getSuperRegion();
1446	return R;
1447	}
1448
1449	bool MemRegion::isSubRegionOf(const MemRegion ) const* {
1450	return false;
1451	}
1452
1453	//===----------------------------------------------------------------------===//
1454	// View handling.
1455	//===----------------------------------------------------------------------===//
1456
1457	const MemRegion MemRegion::StripCasts(bool* StripBaseAndDerivedCasts) const {
1458	const MemRegion R = this*;
1459	while (true) {
1460	switch (R->getKind()) {
1461	case ElementRegionKind: {
1462	const auto *ER = cast<ElementRegion>(Val: R);
1463	if (!ER->getIndex().isZeroConstant())
1464	return R;
1465	R = ER->getSuperRegion();
1466	break;
1467	}
1468	case CXXBaseObjectRegionKind:
1469	case CXXDerivedObjectRegionKind:
1470	if (!StripBaseAndDerivedCasts)
1471	return R;
1472	R = cast<TypedValueRegion>(Val: R)->getSuperRegion();
1473	break;
1474	default:
1475	return R;
1476	}
1477	}
1478	}
1479
1480	const SymbolicRegion MemRegion::getSymbolicBase() const* {
1481	const auto SubR = dyn_cast<SubRegion>(Val: this*);
1482
1483	while (SubR) {
1484	if (const auto *SymR = dyn_cast<SymbolicRegion>(Val: SubR))
1485	return SymR;
1486	SubR = dyn_cast<SubRegion>(Val: SubR->getSuperRegion());
1487	}
1488	return nullptr;
1489	}
1490
1491	RegionRawOffset ElementRegion::getAsArrayOffset() const {
1492	int64_t offset = `0`;
1493	const ElementRegion ER = this*;
1494	const MemRegion superR = nullptr*;
1495	ASTContext &C = getContext();
1496
1497	// FIXME: Handle multi-dimensional arrays.
1498
1499	while (ER) {
1500	superR = ER->getSuperRegion();
1501
1502	// FIXME: generalize to symbolic offsets.
1503	SVal index = ER->getIndex();
1504	if (auto CI = index.getAs<nonloc::ConcreteInt>()) {
1505	// Update the offset.
1506	if (int64_t i = CI ->getValue()->getSExtValue(); i != `0`) {
1507	QualType elemType = ER->getElementType();
1508
1509	// If we are pointing to an incomplete type, go no further.
1510	if (elemType ->isIncompleteType()) {
1511	superR = ER;
1512	break;
1513	}
1514
1515	int64_t size = C.getTypeSizeInChars(T: elemType).getQuantity();
1516	if (auto NewOffset = llvm::checkedMulAdd(A: i, B: size, C: offset)) {
1517	offset = *NewOffset;
1518	} else {
1519	LLVM_DEBUG(llvm::dbgs() << "MemRegion::getAsArrayOffset: "
1520	<< "offset overflowing, returning unknown\n");
1521
1522	return nullptr;
1523	}
1524	}
1525
1526	// Go to the next ElementRegion (if any).
1527	ER = dyn_cast<ElementRegion>(Val: superR);
1528	continue;
1529	}
1530
1531	return nullptr;
1532	}
1533
1534	assert(superR && "super region cannot be NULL");
1535	return RegionRawOffset (superR, CharUnits::fromQuantity(Quantity: offset));
1536	}
1537
1538	/// Returns true if \p Base is an immediate base class of \p Child
1539	static bool isImmediateBase(const CXXRecordDecl *Child,
1540	const CXXRecordDecl *Base) {
1541	assert(Child && "Child must not be null");
1542	// Note that we do NOT canonicalize the base class here, because
1543	// ASTRecordLayout doesn't either. If that leads us down the wrong path,
1544	// so be it; at least we won't crash.
1545	for (const auto &I : Child->bases()) {
1546	if (I.getType()->getAsCXXRecordDecl() == Base)
1547	return true;
1548	}
1549
1550	return false;
1551	}
1552
1553	static RegionOffset calculateOffset(const MemRegion *R) {
1554	const MemRegion SymbolicOffsetBase = nullptr*;
1555	int64_t Offset = `0`;
1556
1557	while (true) {
1558	switch (R->getKind()) {
1559	case MemRegion::CodeSpaceRegionKind:
1560	case MemRegion::StackLocalsSpaceRegionKind:
1561	case MemRegion::StackArgumentsSpaceRegionKind:
1562	case MemRegion::HeapSpaceRegionKind:
1563	case MemRegion::UnknownSpaceRegionKind:
1564	case MemRegion::StaticGlobalSpaceRegionKind:
1565	case MemRegion::GlobalInternalSpaceRegionKind:
1566	case MemRegion::GlobalSystemSpaceRegionKind:
1567	case MemRegion::GlobalImmutableSpaceRegionKind:
1568	// Stores can bind directly to a region space to set a default value.
1569	assert(Offset == `0` && !SymbolicOffsetBase);
1570	goto Finish;
1571
1572	case MemRegion::FunctionCodeRegionKind:
1573	case MemRegion::BlockCodeRegionKind:
1574	case MemRegion::BlockDataRegionKind:
1575	// These will never have bindings, but may end up having values requested
1576	// if the user does some strange casting.
1577	if (Offset != `0`)
1578	SymbolicOffsetBase = R;
1579	goto Finish;
1580
1581	case MemRegion::SymbolicRegionKind:
1582	case MemRegion::AllocaRegionKind:
1583	case MemRegion::CompoundLiteralRegionKind:
1584	case MemRegion::CXXThisRegionKind:
1585	case MemRegion::StringRegionKind:
1586	case MemRegion::ObjCStringRegionKind:
1587	case MemRegion::NonParamVarRegionKind:
1588	case MemRegion::ParamVarRegionKind:
1589	case MemRegion::CXXTempObjectRegionKind:
1590	case MemRegion::CXXLifetimeExtendedObjectRegionKind:
1591	// Usual base regions.
1592	goto Finish;
1593
1594	case MemRegion::ObjCIvarRegionKind:
1595	// This is a little strange, but it's a compromise between
1596	// ObjCIvarRegions having unknown compile-time offsets (when using the
1597	// non-fragile runtime) and yet still being distinct, non-overlapping
1598	// regions. Thus we treat them as "like" base regions for the purposes
1599	// of computing offsets.
1600	goto Finish;
1601
1602	case MemRegion::CXXBaseObjectRegionKind: {
1603	const auto *BOR = cast<CXXBaseObjectRegion>(Val: R);
1604	R = BOR->getSuperRegion();
1605
1606	QualType Ty;
1607	bool RootIsSymbolic = false;
1608	if (const auto *TVR = dyn_cast<TypedValueRegion>(Val: R)) {
1609	Ty = TVR->getDesugaredValueType(Context&: R->getContext());
1610	} else if (const auto *SR = dyn_cast<SymbolicRegion>(Val: R)) {
1611	// If our base region is symbolic, we don't know what type it really is.
1612	// Pretend the type of the symbol is the true dynamic type.
1613	// (This will at least be self-consistent for the life of the symbol.)
1614	Ty = SR->getPointeeStaticType();
1615	RootIsSymbolic = true;
1616	}
1617
1618	const CXXRecordDecl *Child = Ty ->getAsCXXRecordDecl();
1619	if (!Child) {
1620	// We cannot compute the offset of the base class.
1621	SymbolicOffsetBase = R;
1622	} else {
1623	if (RootIsSymbolic) {
1624	// Base layers on symbolic regions may not be type-correct.
1625	// Double-check the inheritance here, and revert to a symbolic offset
1626	// if it's invalid (e.g. due to a reinterpret_cast).
1627	if (BOR->isVirtual()) {
1628	if (!Child->isVirtuallyDerivedFrom(Base: BOR->getDecl()))
1629	SymbolicOffsetBase = R;
1630	} else {
1631	if (!isImmediateBase(Child, Base: BOR->getDecl()))
1632	SymbolicOffsetBase = R;
1633	}
1634	}
1635	}
1636
1637	// Don't bother calculating precise offsets if we already have a
1638	// symbolic offset somewhere in the chain.
1639	if (SymbolicOffsetBase)
1640	continue;
1641
1642	CharUnits BaseOffset;
1643	const ASTRecordLayout &Layout = R->getContext().getASTRecordLayout(D: Child);
1644	if (BOR->isVirtual())
1645	BaseOffset = Layout.getVBaseClassOffset(VBase: BOR->getDecl());
1646	else
1647	BaseOffset = Layout.getBaseClassOffset(Base: BOR->getDecl());
1648
1649	// The base offset is in chars, not in bits.
1650	Offset += BaseOffset.getQuantity() * R->getContext().getCharWidth();
1651	break;
1652	}
1653
1654	case MemRegion::CXXDerivedObjectRegionKind: {
1655	// TODO: Store the base type in the CXXDerivedObjectRegion and use it.
1656	goto Finish;
1657	}
1658
1659	case MemRegion::ElementRegionKind: {
1660	const auto *ER = cast<ElementRegion>(Val: R);
1661	R = ER->getSuperRegion();
1662
1663	QualType EleTy = ER->getValueType();
1664	if (EleTy ->isIncompleteType()) {
1665	// We cannot compute the offset of the base class.
1666	SymbolicOffsetBase = R;
1667	continue;
1668	}
1669
1670	SVal Index = ER->getIndex();
1671	if (std::optional<nonloc::ConcreteInt> CI =
1672	Index.getAs<nonloc::ConcreteInt>()) {
1673	// Don't bother calculating precise offsets if we already have a
1674	// symbolic offset somewhere in the chain.
1675	if (SymbolicOffsetBase)
1676	continue;
1677
1678	int64_t i = CI ->getValue()->getSExtValue();
1679	// This type size is in bits.
1680	Offset += i * R->getContext().getTypeSize(T: EleTy);
1681	} else {
1682	// We cannot compute offset for non-concrete index.
1683	SymbolicOffsetBase = R;
1684	}
1685	break;
1686	}
1687	case MemRegion::FieldRegionKind: {
1688	const auto *FR = cast<FieldRegion>(Val: R);
1689	R = FR->getSuperRegion();
1690	assert(R);
1691
1692	const RecordDecl *RD = FR->getDecl()->getParent();
1693	if (RD->isUnion() \|\| !RD->isCompleteDefinition()) {
1694	// We cannot compute offset for incomplete type.
1695	// For unions, we could treat everything as offset 0, but we'd rather
1696	// treat each field as a symbolic offset so they aren't stored on top
1697	// of each other, since we depend on things in typed regions actually
1698	// matching their types.
1699	SymbolicOffsetBase = R;
1700	}
1701
1702	// Don't bother calculating precise offsets if we already have a
1703	// symbolic offset somewhere in the chain.
1704	if (SymbolicOffsetBase)
1705	continue;
1706
1707	assert(FR->getDecl()->getCanonicalDecl() == FR->getDecl());
1708	auto MaybeFieldIdx = [FR, RD]() -> std::optional<unsigned> {
1709	for (auto [Idx, Field] : llvm::enumerate(First: RD->fields())) {
1710	if (FR->getDecl() == Field->getCanonicalDecl())
1711	return Idx;
1712	}
1713	return std::nullopt;
1714	}();
1715
1716	if (!MaybeFieldIdx.has_value()) {
1717	assert(false && "Field not found");
1718	goto Finish; // Invalid offset.
1719	}
1720
1721	const ASTRecordLayout &Layout = R->getContext().getASTRecordLayout(D: RD);
1722	// This is offset in bits.
1723	Offset += Layout.getFieldOffset(FieldNo: MaybeFieldIdx.value());
1724	break;
1725	}
1726	}
1727	}
1728
1729	Finish:
1730	if (SymbolicOffsetBase)
1731	return RegionOffset (SymbolicOffsetBase, RegionOffset::Symbolic);
1732	return RegionOffset (R, Offset);
1733	}
1734
1735	RegionOffset MemRegion::getAsOffset() const {
1736	if (!cachedOffset)
1737	cachedOffset = calculateOffset(R: this);
1738	return *cachedOffset;
1739	}
1740
1741	//===----------------------------------------------------------------------===//
1742	// BlockDataRegion
1743	//===----------------------------------------------------------------------===//
1744
1745	std::pair<const VarRegion , const* VarRegion *>
1746	BlockDataRegion::getCaptureRegions(const VarDecl *VD) {
1747	MemRegionManager &MemMgr = getMemRegionManager();
1748	const VarRegion VR = nullptr*;
1749	const VarRegion OriginalVR = nullptr*;
1750
1751	if (!VD->hasAttr<BlocksAttr>() && VD->hasLocalStorage()) {
1752	VR = MemMgr.getNonParamVarRegion(D: VD, superR: this);
1753	OriginalVR = MemMgr.getVarRegion(D: VD, SF);
1754	}
1755	else {
1756	if (SF) {
1757	VR = MemMgr.getVarRegion(D: VD, SF);
1758	OriginalVR = VR;
1759	} else {
1760	VR = MemMgr.getNonParamVarRegion(D: VD, superR: MemMgr.getUnknownRegion());
1761	OriginalVR = MemMgr.getVarRegion(D: VD, SF);
1762	}
1763	}
1764	return std::make_pair(x&: VR, y&: OriginalVR);
1765	}
1766
1767	void BlockDataRegion::LazyInitializeReferencedVars() {
1768	if (ReferencedVars)
1769	return;
1770
1771	AnalysisDeclContext *AC = getCodeRegion()->getAnalysisDeclContext();
1772	const auto &ReferencedBlockVars = AC->getReferencedBlockVars(BD: BC->getDecl());
1773	auto NumBlockVars =
1774	std::distance(first: ReferencedBlockVars.begin(), last: ReferencedBlockVars.end());
1775
1776	if (NumBlockVars == `0`) {
1777	ReferencedVars = (void*) `0x1`;
1778	return;
1779	}
1780
1781	MemRegionManager &MemMgr = getMemRegionManager();
1782	llvm::BumpPtrAllocator &A = MemMgr.getAllocator();
1783	BumpVectorContext BC(A);
1784
1785	using VarVec = BumpVector<const MemRegion *>;
1786
1787	auto BV = new* (A) VarVec (BC, NumBlockVars);
1788	auto BVOriginal = new* (A) VarVec (BC, NumBlockVars);
1789
1790	for (const auto *VD : ReferencedBlockVars) {
1791	const VarRegion VR = nullptr*;
1792	const VarRegion OriginalVR = nullptr*;
1793	std::tie(args&: VR, args&: OriginalVR) = getCaptureRegions(VD);
1794	assert(VR);
1795	assert(OriginalVR);
1796	BV->push_back(Elt: VR, C&: BC);
1797	BVOriginal->push_back(Elt: OriginalVR, C&: BC);
1798	}
1799
1800	ReferencedVars = BV;
1801	OriginalVars = BVOriginal;
1802	}
1803
1804	BlockDataRegion::referenced_vars_iterator
1805	BlockDataRegion::referenced_vars_begin() const {
1806	const_cast<BlockDataRegion>(this*)->LazyInitializeReferencedVars();
1807
1808	auto Vec = static_cast<BumpVector<const* MemRegion > >(ReferencedVars);
1809
1810	if (Vec == (void*) `0x1`)
1811	return BlockDataRegion::referenced_vars_iterator(nullptr, nullptr);
1812
1813	auto *VecOriginal =
1814	static_cast<BumpVector<const MemRegion > >(OriginalVars);
1815
1816	return BlockDataRegion::referenced_vars_iterator(Vec->begin(),
1817	VecOriginal->begin());
1818	}
1819
1820	BlockDataRegion::referenced_vars_iterator
1821	BlockDataRegion::referenced_vars_end() const {
1822	const_cast<BlockDataRegion>(this*)->LazyInitializeReferencedVars();
1823
1824	auto Vec = static_cast<BumpVector<const* MemRegion > >(ReferencedVars);
1825
1826	if (Vec == (void*) `0x1`)
1827	return BlockDataRegion::referenced_vars_iterator(nullptr, nullptr);
1828
1829	auto *VecOriginal =
1830	static_cast<BumpVector<const MemRegion > >(OriginalVars);
1831
1832	return BlockDataRegion::referenced_vars_iterator(Vec->end(),
1833	VecOriginal->end());
1834	}
1835
1836	llvm::iterator_range<BlockDataRegion::referenced_vars_iterator>
1837	BlockDataRegion::referenced_vars() const {
1838	return llvm::make_range(x: referenced_vars_begin(), y: referenced_vars_end());
1839	}
1840
1841	const VarRegion BlockDataRegion::getOriginalRegion(const* VarRegion R) const* {
1842	for (const auto &I : referenced_vars()) {
1843	if (I.getCapturedRegion() == R)
1844	return I.getOriginalRegion();
1845	}
1846	return nullptr;
1847	}
1848
1849	//===----------------------------------------------------------------------===//
1850	// RegionAndSymbolInvalidationTraits
1851	//===----------------------------------------------------------------------===//
1852
1853	void RegionAndSymbolInvalidationTraits::setTrait(SymbolRef Sym,
1854	InvalidationKinds IK) {
1855	SymTraitsMap [Sym] \|= IK;
1856	}
1857
1858	void RegionAndSymbolInvalidationTraits::setTrait(const MemRegion *MR,
1859	InvalidationKinds IK) {
1860	assert(MR);
1861	if (const auto *SR = dyn_cast<SymbolicRegion>(Val: MR))
1862	setTrait(Sym: SR->getSymbol(), IK);
1863	else
1864	MRTraitsMap [MR] \|= IK;
1865	}
1866
1867	bool RegionAndSymbolInvalidationTraits::hasTrait(SymbolRef Sym,
1868	InvalidationKinds IK) const {
1869	const_symbol_iterator I = SymTraitsMap.find(Val: Sym);
1870	if (I != SymTraitsMap.end())
1871	return I ->second & IK;
1872
1873	return false;
1874	}
1875
1876	bool RegionAndSymbolInvalidationTraits::hasTrait(const MemRegion *MR,
1877	InvalidationKinds IK) const {
1878	if (!MR)
1879	return false;
1880
1881	if (const auto *SR = dyn_cast<SymbolicRegion>(Val: MR))
1882	return hasTrait(Sym: SR->getSymbol(), IK);
1883
1884	const_region_iterator I = MRTraitsMap.find(Val: MR);
1885	if (I != MRTraitsMap.end())
1886	return I ->second & IK;
1887
1888	return false;
1889	}
1890

Browse the source code of llvm_projects/clang/lib/StaticAnalyzer/Core/MemRegion.cpp