Add SymExpr::SymbolTooComplex

Author: balazs-benics-sonarsource

clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h

@@ -317,21 +317,21 @@ class SValBuilder {
     return nonloc::LocAsInteger(BasicVals.getPersistentSValWithData(loc, bits));
   }
 
-  DefinedOrUnknownSVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-                                  APSIntPtr rhs, QualType type);
+  nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
+                               APSIntPtr rhs, QualType type);
 
-  DefinedOrUnknownSVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
-                                  const SymExpr *lhs, QualType type);
+  nonloc::SymbolVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
+                               const SymExpr *lhs, QualType type);
 
-  DefinedOrUnknownSVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-                                  const SymExpr *rhs, QualType type);
+  nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
+                               const SymExpr *rhs, QualType type);
 
-  DefinedOrUnknownSVal makeNonLoc(const SymExpr *operand,
-                                  UnaryOperator::Opcode op, QualType type);
+  nonloc::SymbolVal makeNonLoc(const SymExpr *operand, UnaryOperator::Opcode op,
+                               QualType type);
 
   /// Create a NonLoc value for cast.
-  DefinedOrUnknownSVal makeNonLoc(const SymExpr *operand, QualType fromTy,
-                                  QualType toTy);
+  nonloc::SymbolVal makeNonLoc(const SymExpr *operand, QualType fromTy,
+                               QualType toTy);
 
   nonloc::ConcreteInt makeTruthVal(bool b, QualType type) {
     return nonloc::ConcreteInt(BasicVals.getTruthValue(b, type));

clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h

@@ -15,6 +15,7 @@
 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_SYMBOLMANAGER_H
 
 #include "clang/AST/Expr.h"
+#include "clang/AST/OperationKinds.h"
 #include "clang/AST/Type.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/Basic/LLVM.h"
@@ -27,9 +28,11 @@
 #include "llvm/ADT/DenseSet.h"
 #include "llvm/ADT/FoldingSet.h"
 #include "llvm/ADT/ImmutableSet.h"
+#include "llvm/ADT/STLExtras.h"
 #include "llvm/ADT/iterator_range.h"
 #include "llvm/Support/Allocator.h"
 #include <cassert>
+#include <type_traits>
 
 namespace clang {
 
@@ -47,7 +50,7 @@ class SymbolRegionValue : public SymbolData {
 
   friend class SymExprAllocator;
   SymbolRegionValue(SymbolID sym, const TypedValueRegion *r)
-      : SymbolData(SymbolRegionValueKind, sym), R(r) {
+      : SymbolData(ClassKind, sym), R(r) {
     assert(r);
     assert(isValidTypeForSymbol(r->getValueType()));
   }
@@ -57,7 +60,7 @@ class SymbolRegionValue : public SymbolData {
   const TypedValueRegion *getRegion() const { return R; }
 
   static void Profile(llvm::FoldingSetNodeID& profile, const TypedValueRegion* R) {
-    profile.AddInteger((unsigned) SymbolRegionValueKind);
+    profile.AddInteger((unsigned)ClassKind);
     profile.AddPointer(R);
   }
 
@@ -91,8 +94,8 @@ class SymbolConjured : public SymbolData {
   SymbolConjured(SymbolID sym, ConstCFGElementRef elem,
                  const LocationContext *lctx, QualType t, unsigned count,
                  const void *symbolTag)
-      : SymbolData(SymbolConjuredKind, sym), Elem(elem), T(t), Count(count),
-        LCtx(lctx), SymbolTag(symbolTag) {
+      : SymbolData(ClassKind, sym), Elem(elem), T(t), Count(count), LCtx(lctx),
+        SymbolTag(symbolTag) {
     assert(lctx);
     assert(isValidTypeForSymbol(t));
   }
@@ -116,7 +119,7 @@ class SymbolConjured : public SymbolData {
   static void Profile(llvm::FoldingSetNodeID &profile, ConstCFGElementRef Elem,
                       const LocationContext *LCtx, QualType T, unsigned Count,
                       const void *SymbolTag) {
-    profile.AddInteger((unsigned)SymbolConjuredKind);
+    profile.AddInteger((unsigned)ClassKind);
     profile.Add(Elem);
     profile.AddPointer(LCtx);
     profile.Add(T);
@@ -134,6 +137,101 @@ class SymbolConjured : public SymbolData {
   static constexpr bool classof(Kind K) { return K == ClassKind; }
 };
 
+/// A symbol representing the result of an expression that became too
+/// complicated. In other words, its complexity would have surpassed the
+/// MaxSymbolComplexity threshold.
+/// TODO: When the MaxSymbolComplexity is reached, we should propagate the taint
+/// info to it.
+class SymbolTooComplex final : public SymbolData {
+  // Pointer to either "SymExpr" or "APSInt".
+  const void *LHS;
+  const void *RHS = nullptr; // optional
+  QualType Ty;
+  using OpKindType = std::make_unsigned_t<
+      std::common_type_t<BinaryOperatorKind, UnaryOperatorKind>>;
+  OpKindType Op = 0;
+
+  friend class SymExprAllocator;
+
+  static const void *getPointer(APSIntPtr Value) { return Value.get(); }
+  static const void *getPointer(const SymExpr *Value) { return Value; }
+
+  template <typename LHSTYPE, typename RHSTYPE>
+  using assertTypesForOperands = std::enable_if_t<
+      llvm::is_one_of<LHSTYPE, const SymExpr *, APSIntPtr>::value &&
+      llvm::is_one_of<RHSTYPE, const SymExpr *, APSIntPtr>::value>;
+
+  // Constructing from BinarySymExprImpl ctor arguments.
+  template <typename LHSTYPE, typename RHSTYPE,
+            typename = assertTypesForOperands<LHSTYPE, RHSTYPE>>
+  SymbolTooComplex(SymbolID Sym, LHSTYPE LHS, BinaryOperatorKind Op,
+                   RHSTYPE RHS, QualType Ty)
+      : SymbolData(ClassKind, Sym), LHS(getPointer(LHS)), RHS(getPointer(RHS)),
+        Ty(Ty), Op(static_cast<OpKindType>(Op)) {
+    assert(this->LHS);
+    assert(this->RHS);
+  }
+
+  // Constructing from UnarySymExpr ctor arguments.
+  SymbolTooComplex(SymbolID Sym, const SymExpr *Operand, UnaryOperatorKind Op,
+                   QualType Ty)
+      : SymbolData(ClassKind, Sym), LHS(Operand), Ty(Ty),
+        Op(static_cast<OpKindType>(Op)) {
+    assert(LHS);
+    assert(!RHS);
+  }
+
+  // Constructing from SymbolCast ctor arguments.
+  SymbolTooComplex(SymbolID Sym, const SymExpr *Operand, QualType,
+                   QualType ToTy)
+      : SymbolData(ClassKind, Sym), LHS(Operand), Ty(ToTy), Op(~0) {}
+
+public:
+  QualType getType() const override { return Ty; }
+
+  StringRef getKindStr() const override;
+
+  void dumpToStream(raw_ostream &os) const override;
+
+  static void Profile(llvm::FoldingSetNodeID &profile, const void *LHS,
+                      OpKindType Op, const void *RHS, QualType Ty) {
+    profile.AddInteger((unsigned)ClassKind);
+    profile.AddPointer(LHS);
+    profile.AddPointer(RHS);
+    profile.Add(Ty);
+    profile.AddInteger(Op);
+  }
+
+  // Profile from BinarySymExprImpl ctor arguments.
+  template <typename LHSTYPE, typename RHSTYPE,
+            typename = assertTypesForOperands<LHSTYPE, RHSTYPE>>
+  static void Profile(llvm::FoldingSetNodeID &profile, LHSTYPE LHS,
+                      OpKindType Op, RHSTYPE RHS, QualType Ty) {
+    Profile(profile, getPointer(LHS), Op, getPointer(RHS), Ty);
+  }
+
+  // Profile from UnarySymExpr ctor arguments.
+  static void Profile(llvm::FoldingSetNodeID &profile, const SymExpr *Operand,
+                      UnaryOperatorKind Op, QualType Ty) {
+    Profile(profile, Operand, Op, /*RHS=*/nullptr, Ty);
+  }
+
+  // Profile from SymbolCast ctor arguments.
+  static void Profile(llvm::FoldingSetNodeID &profile, const SymExpr *Operand,
+                      QualType, QualType ToTy) {
+    Profile(profile, Operand, /*Op=*/~0, /*RHS=*/nullptr, ToTy);
+  }
+
+  void Profile(llvm::FoldingSetNodeID &profile) override {
+    Profile(profile, LHS, Op, RHS, Ty);
+  }
+
+  // Implement isa<T> support.
+  static constexpr Kind ClassKind = SymbolTooComplexKind;
+  static bool classof(const SymExpr *SE) { return classof(SE->getKind()); }
+  static constexpr bool classof(Kind K) { return K == ClassKind; }
+};
+
 /// A symbol representing the value of a MemRegion whose parent region has
 /// symbolic value.
 class SymbolDerived : public SymbolData {
@@ -142,7 +240,7 @@ class SymbolDerived : public SymbolData {
 
   friend class SymExprAllocator;
   SymbolDerived(SymbolID sym, SymbolRef parent, const TypedValueRegion *r)
-      : SymbolData(SymbolDerivedKind, sym), parentSymbol(parent), R(r) {
+      : SymbolData(ClassKind, sym), parentSymbol(parent), R(r) {
     assert(parent);
     assert(r);
     assert(isValidTypeForSymbol(r->getValueType()));
@@ -163,7 +261,7 @@ class SymbolDerived : public SymbolData {
 
   static void Profile(llvm::FoldingSetNodeID& profile, SymbolRef parent,
                       const TypedValueRegion *r) {
-    profile.AddInteger((unsigned) SymbolDerivedKind);
+    profile.AddInteger((unsigned)ClassKind);
     profile.AddPointer(r);
     profile.AddPointer(parent);
   }
@@ -188,7 +286,7 @@ class SymbolExtent : public SymbolData {
 
   friend class SymExprAllocator;
   SymbolExtent(SymbolID sym, const SubRegion *r)
-      : SymbolData(SymbolExtentKind, sym), R(r) {
+      : SymbolData(ClassKind, sym), R(r) {
     assert(r);
   }
 
@@ -203,7 +301,7 @@ class SymbolExtent : public SymbolData {
   void dumpToStream(raw_ostream &os) const override;
 
   static void Profile(llvm::FoldingSetNodeID& profile, const SubRegion *R) {
-    profile.AddInteger((unsigned) SymbolExtentKind);
+    profile.AddInteger((unsigned)ClassKind);
     profile.AddPointer(R);
   }
 
@@ -214,7 +312,7 @@ class SymbolExtent : public SymbolData {
   // Implement isa<T> support.
   static constexpr Kind ClassKind = SymbolExtentKind;
   static bool classof(const SymExpr *SE) { return classof(SE->getKind()); }
-  static constexpr bool classof(Kind K) { return K == SymbolExtentKind; }
+  static constexpr bool classof(Kind K) { return K == ClassKind; }
 };
 
 /// SymbolMetadata - Represents path-dependent metadata about a specific region.
@@ -232,16 +330,16 @@ class SymbolMetadata : public SymbolData {
   const void *Tag;
 
   friend class SymExprAllocator;
-  SymbolMetadata(SymbolID sym, const MemRegion* r, const Stmt *s, QualType t,
+  SymbolMetadata(SymbolID sym, const MemRegion *r, const Stmt *s, QualType t,
                  const LocationContext *LCtx, unsigned count, const void *tag)
-      : SymbolData(SymbolMetadataKind, sym), R(r), S(s), T(t), LCtx(LCtx),
-        Count(count), Tag(tag) {
-      assert(r);
-      assert(s);
-      assert(isValidTypeForSymbol(t));
-      assert(LCtx);
-      assert(tag);
-    }
+      : SymbolData(ClassKind, sym), R(r), S(s), T(t), LCtx(LCtx), Count(count),
+        Tag(tag) {
+    assert(r);
+    assert(s);
+    assert(isValidTypeForSymbol(t));
+    assert(LCtx);
+    assert(tag);
+  }
 
   public:
     LLVM_ATTRIBUTE_RETURNS_NONNULL
@@ -267,7 +365,7 @@ class SymbolMetadata : public SymbolData {
     static void Profile(llvm::FoldingSetNodeID &profile, const MemRegion *R,
                         const Stmt *S, QualType T, const LocationContext *LCtx,
                         unsigned Count, const void *Tag) {
-      profile.AddInteger((unsigned)SymbolMetadataKind);
+      profile.AddInteger((unsigned)ClassKind);
       profile.AddPointer(R);
       profile.AddPointer(S);
       profile.Add(T);
@@ -299,8 +397,8 @@ class SymbolCast : public SymExpr {
 
   friend class SymExprAllocator;
   SymbolCast(SymbolID Sym, const SymExpr *In, QualType From, QualType To)
-      : SymExpr(SymbolCastKind, Sym, computeComplexity(In, From, To)),
-        Operand(In), FromTy(From), ToTy(To) {
+      : SymExpr(ClassKind, Sym, computeComplexity(In, From, To)), Operand(In),
+        FromTy(From), ToTy(To) {
     assert(In);
     assert(isValidTypeForSymbol(From));
     // FIXME: GenericTaintChecker creates symbols of void type.
@@ -321,7 +419,7 @@ class SymbolCast : public SymExpr {
 
   static void Profile(llvm::FoldingSetNodeID& ID,
                       const SymExpr *In, QualType From, QualType To) {
-    ID.AddInteger((unsigned) SymbolCastKind);
+    ID.AddInteger((unsigned)ClassKind);
     ID.AddPointer(In);
     ID.Add(From);
     ID.Add(To);
@@ -347,8 +445,8 @@ class UnarySymExpr : public SymExpr {
   friend class SymExprAllocator;
   UnarySymExpr(SymbolID Sym, const SymExpr *In, UnaryOperator::Opcode Op,
                QualType T)
-      : SymExpr(UnarySymExprKind, Sym, computeComplexity(In, Op, T)),
-        Operand(In), Op(Op), T(T) {
+      : SymExpr(ClassKind, Sym, computeComplexity(In, Op, T)), Operand(In),
+        Op(Op), T(T) {
     // Note, some unary operators are modeled as a binary operator. E.g. ++x is
     // modeled as x + 1.
     assert((Op == UO_Minus || Op == UO_Not) && "non-supported unary expression");
@@ -373,7 +471,7 @@ class UnarySymExpr : public SymExpr {
 
   static void Profile(llvm::FoldingSetNodeID &ID, const SymExpr *In,
                       UnaryOperator::Opcode Op, QualType T) {
-    ID.AddInteger((unsigned)UnarySymExprKind);
+    ID.AddInteger((unsigned)ClassKind);
     ID.AddPointer(In);
     ID.AddInteger(Op);
     ID.Add(T);
@@ -498,33 +596,6 @@ using IntSymExpr = BinarySymExprImpl<APSIntPtr, const SymExpr *,
 using SymSymExpr = BinarySymExprImpl<const SymExpr *, const SymExpr *,
                                      SymExpr::Kind::SymSymExprKind>;
 
-struct MaybeSymExpr {
-  MaybeSymExpr() = default;
-  explicit MaybeSymExpr(SymbolRef Sym) : Sym(Sym) {}
-  bool isValid() const { return Sym; }
-  bool isInvalid() const { return !isValid(); }
-  SymbolRef operator->() const { return Sym; }
-
-  SymbolRef getOrNull() const { return Sym; }
-  template <typename SymT> const SymT *getOrNull() const {
-    return llvm::dyn_cast_if_present<SymT>(Sym);
-  }
-
-  DefinedOrUnknownSVal getOrUnknown() const {
-    if (isInvalid())
-      return UnknownVal();
-    return nonloc::SymbolVal(Sym);
-  }
-
-  nonloc::SymbolVal getOrAssert() const {
-    assert(Sym);
-    return nonloc::SymbolVal(Sym);
-  }
-
-private:
-  SymbolRef Sym = nullptr;
-};
-
 class SymExprAllocator {
   SymbolID NextSymbolID = 0;
   llvm::BumpPtrAllocator &Alloc;
@@ -569,7 +640,8 @@ class SymbolManager {
   /// Create or retrieve a SymExpr of type \p SymExprT for the given arguments.
   /// Use the arguments to check for an existing SymExpr and return it,
   /// otherwise, create a new one and keep a pointer to it to avoid duplicates.
-  template <typename SymExprT, typename... Args> auto acquire(Args &&...args);
+  template <typename SymExprT, typename... Args>
+  LLVM_ATTRIBUTE_RETURNS_NONNULL const auto *acquire(Args &&...args);
 
   const SymbolConjured *conjureSymbol(ConstCFGElementRef Elem,
                                       const LocationContext *LCtx, QualType T,
@@ -707,14 +779,15 @@ class SymbolVisitor {
   virtual bool VisitMemRegion(const MemRegion *) { return true; }
 };
 
+// Returns a pointer to T if T is a SymbolData, otherwise SymExpr.
 template <typename T, typename... Args>
-auto SymbolManager::acquire(Args &&...args) {
+const auto *SymbolManager::acquire(Args &&...args) {
   constexpr bool IsSymbolData = SymbolData::classof(T::ClassKind);
   if constexpr (IsSymbolData) {
     assert(T::computeComplexity(args...) == 1);
   } else {
     if (T::computeComplexity(args...) > MaxCompComplexity) {
-      return MaybeSymExpr();
+      return static_cast<const SymExpr *>(acquire<SymbolTooComplex>(args...));
     }
   }
 
@@ -725,12 +798,13 @@ auto SymbolManager::acquire(Args &&...args) {
   if (!SD) {
     SD = Alloc.make<T>(std::forward<Args>(args)...);
     DataSet.InsertNode(SD, InsertPos);
+    assert(SD->complexity() <= MaxCompComplexity);
   }
 
   if constexpr (IsSymbolData) {
     return cast<T>(SD);
   } else {
-    return MaybeSymExpr(SD);
+    return SD;
   }
 }
 

clang/include/clang/StaticAnalyzer/Core/PathSensitive/Symbols.def

@@ -45,6 +45,7 @@ SYMBOL(SymbolCast, SymExpr)
 
 ABSTRACT_SYMBOL(SymbolData, SymExpr)
   SYMBOL(SymbolConjured, SymbolData)
+  SYMBOL(SymbolTooComplex, SymbolData)
   SYMBOL(SymbolDerived, SymbolData)
   SYMBOL(SymbolExtent, SymbolData)
   SYMBOL(SymbolMetadata, SymbolData)