git-try-it
diff --git a/‎clang/docs/analyzer/DebugChecks.rst‎
Lines changed: 35 additions & 0 deletions b/‎clang/docs/analyzer/DebugChecks.rst‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎clang/include/clang/StaticAnalyzer/Checkers/SValExplainer.h‎
Lines changed: 233 additions & 0 deletions b/‎clang/include/clang/StaticAnalyzer/Checkers/SValExplainer.h‎
Lines changed: 233 additions & 0 deletions
diff --git a/‎clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h‎
Lines changed: 6 additions & 45 deletions b/‎clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h‎
Lines changed: 6 additions & 45 deletions
@@ -162,6 +162,41 @@ ExprInspection checks
     } while(0);  // expected-warning{{SYMBOL DEAD}}
 
 
+- void clang_analyzer_explain(a single argument of any type);
+
+  This function explains the value of its argument in a human-readable manner
+  in the warning message. You can make as many overrides of its prototype
+  in the test code as necessary to explain various integral, pointer,
+  or even record-type values.
+
+  Example usage::
+
+    void clang_analyzer_explain(int);
+    void clang_analyzer_explain(void *);
+
+    void foo(int param, void *ptr) {
+      clang_analyzer_explain(param); // expected-warning{{argument 'param'}}
+      if (!ptr)
+        clang_analyzer_explain(ptr); // expected-warning{{memory address '0'}}
+    }
+
+- size_t clang_analyzer_getExtent(void *);
+
+  This function returns the value that represents the extent of a memory region
+  pointed to by the argument. This value is often difficult to obtain otherwise,
+  because no valid code that produces this value. However, it may be useful
+  for testing purposes, to see how well does the analyzer model region extents.
+
+  Example usage::
+
+    void foo() {
+      int x, *y;
+      size_t xs = clang_analyzer_getExtent(&x);
+      clang_analyzer_explain(xs); // expected-warning{{'4'}}
+      size_t ys = clang_analyzer_getExtent(&y);
+      clang_analyzer_explain(ys); // expected-warning{{'8'}}
+    }
+
 Statistics
 ==========
 
 
@@ -0,0 +1,233 @@
+//== SValExplainer.h - Symbolic value explainer -----------------*- C++ -*--==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+//  This file defines SValExplainer, a class for pretty-printing a
+//  human-readable description of a symbolic value. For example,
+//  "reg_$0<x>" is turned into "initial value of variable 'x'".
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef LLVM_CLANG_STATICANALYZER_CHECKERS_SVALEXPLAINER_H
+#define LLVM_CLANG_STATICANALYZER_CHECKERS_SVALEXPLAINER_H
+
+#include "clang/AST/DeclCXX.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h"
+
+namespace clang {
+
+namespace ento {
+
+class SValExplainer : public FullSValVisitor<SValExplainer, std::string> {
+private:
+  ASTContext &ACtx;
+
+  std::string printStmt(const Stmt *S) {
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    S->printPretty(OS, nullptr, PrintingPolicy(ACtx.getLangOpts()));
+    return OS.str();
+  }
+
+  bool isThisObject(const SymbolicRegion *R) {
+    if (auto S = dyn_cast<SymbolRegionValue>(R->getSymbol()))
+      if (isa<CXXThisRegion>(S->getRegion()))
+        return true;
+    return false;
+  }
+
+public:
+  SValExplainer(ASTContext &Ctx) : ACtx(Ctx) {}
+
+  std::string VisitUnknownVal(UnknownVal V) {
+    return "unknown value";
+  }
+
+  std::string VisitUndefinedVal(UndefinedVal V) {
+    return "undefined value";
+  }
+
+  std::string VisitLocMemRegionVal(loc::MemRegionVal V) {
+    const MemRegion *R = V.getRegion();
+    // Avoid the weird "pointer to pointee of ...".
+    if (auto SR = dyn_cast<SymbolicRegion>(R)) {
+      // However, "pointer to 'this' object" is fine.
+      if (!isThisObject(SR))
+        return Visit(SR->getSymbol());
+    }
+    return "pointer to " + Visit(R);
+  }
+
+  std::string VisitLocConcreteInt(loc::ConcreteInt V) {
+    llvm::APSInt I = V.getValue();
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    OS << "concrete memory address '" << I << "'";
+    return OS.str();
+  }
+
+  std::string VisitNonLocSymbolVal(nonloc::SymbolVal V) {
+    return Visit(V.getSymbol());
+  }
+
+  std::string VisitNonLocConcreteInt(nonloc::ConcreteInt V) {
+    llvm::APSInt I = V.getValue();
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    OS << (I.isSigned() ? "signed " : "unsigned ") << I.getBitWidth()
+       << "-bit integer '" << I << "'";
+    return OS.str();
+  }
+
+  std::string VisitNonLocLazyCompoundVal(nonloc::LazyCompoundVal V) {
+    return "lazily frozen compound value of " + Visit(V.getRegion());
+  }
+
+  std::string VisitSymbolRegionValue(const SymbolRegionValue *S) {
+    const MemRegion *R = S->getRegion();
+    // Special handling for argument values.
+    if (auto V = dyn_cast<VarRegion>(R))
+      if (auto D = dyn_cast<ParmVarDecl>(V->getDecl()))
+        return "argument '" + D->getQualifiedNameAsString() + "'";
+    return "initial value of " + Visit(R);
+  }
+
+  std::string VisitSymbolConjured(const SymbolConjured *S) {
+    return "symbol of type '" + S->getType().getAsString() +
+           "' conjured at statement '" + printStmt(S->getStmt()) + "'";
+  }
+
+  std::string VisitSymbolDerived(const SymbolDerived *S) {
+    return "value derived from (" + Visit(S->getParentSymbol()) +
+           ") for " + Visit(S->getRegion());
+  }
+
+  std::string VisitSymbolExtent(const SymbolExtent *S) {
+    return "extent of " + Visit(S->getRegion());
+  }
+
+  std::string VisitSymbolMetadata(const SymbolMetadata *S) {
+    return "metadata of type '" + S->getType().getAsString() + "' tied to " +
+           Visit(S->getRegion());
+  }
+
+  std::string VisitSymIntExpr(const SymIntExpr *S) {
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    OS << "(" << Visit(S->getLHS()) << ") "
+       << std::string(BinaryOperator::getOpcodeStr(S->getOpcode())) << " "
+       << S->getRHS();
+    return OS.str();
+  }
+
+  // TODO: IntSymExpr doesn't appear in practice.
+  // Add the relevant code once it does.
+
+  std::string VisitSymSymExpr(const SymSymExpr *S) {
+    return "(" + Visit(S->getLHS()) + ") " +
+           std::string(BinaryOperator::getOpcodeStr(S->getOpcode())) +
+           " (" + Visit(S->getRHS()) + ")";
+  }
+
+  // TODO: SymbolCast doesn't appear in practice.
+  // Add the relevant code once it does.
+
+  std::string VisitSymbolicRegion(const SymbolicRegion *R) {
+    // Explain 'this' object here.
+    // TODO: Explain CXXThisRegion itself, find a way to test it.
+    if (isThisObject(R))
+      return "'this' object";
+    return "pointee of " + Visit(R->getSymbol());
+  }
+
+  std::string VisitAllocaRegion(const AllocaRegion *R) {
+    return "region allocated by '" + printStmt(R->getExpr()) + "'";
+  }
+
+  std::string VisitCompoundLiteralRegion(const CompoundLiteralRegion *R) {
+    return "compound literal " + printStmt(R->getLiteralExpr());
+  }
+
+  std::string VisitStringRegion(const StringRegion *R) {
+    return "string literal " + R->getString();
+  }
+
+  std::string VisitElementRegion(const ElementRegion *R) {
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    OS << "element of type '" << R->getElementType().getAsString()
+       << "' with index ";
+    // For concrete index: omit type of the index integer.
+    if (auto I = R->getIndex().getAs<nonloc::ConcreteInt>())
+      OS << I->getValue();
+    else
+      OS << "'" << Visit(R->getIndex()) << "'";
+    OS << " of " + Visit(R->getSuperRegion());
+    return OS.str();
+  }
+
+  std::string VisitVarRegion(const VarRegion *R) {
+    const VarDecl *VD = R->getDecl();
+    std::string Name = VD->getQualifiedNameAsString();
+    if (isa<ParmVarDecl>(VD))
+      return "parameter '" + Name + "'";
+    else if (VD->hasLocalStorage())
+      return "local variable '" + Name + "'";
+    else if (VD->isStaticLocal())
+      return "static local variable '" + Name + "'";
+    else if (VD->hasGlobalStorage())
+      return "global variable '" + Name + "'";
+    else
+      llvm_unreachable("A variable is either local or global");
+  }
+
+  std::string VisitFieldRegion(const FieldRegion *R) {
+    return "field '" + R->getDecl()->getNameAsString() + "' of " +
+           Visit(R->getSuperRegion());
+  }
+
+  std::string VisitCXXTempObjectRegion(const CXXTempObjectRegion *R) {
+    return "temporary object constructed at statement '" +
+           printStmt(R->getExpr()) + "'";
+  }
+
+  std::string VisitCXXBaseObjectRegion(const CXXBaseObjectRegion *R) {
+    return "base object '" + R->getDecl()->getQualifiedNameAsString() +
+           "' inside " + Visit(R->getSuperRegion());
+  }
+
+  std::string VisitSVal(SVal V) {
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    OS << V;
+    return "a value unsupported by the explainer: (" +
+           std::string(OS.str()) + ")";
+  }
+
+  std::string VisitSymExpr(SymbolRef S) {
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    S->dumpToStream(OS);
+    return "a symbolic expression unsupported by the explainer: (" +
+           std::string(OS.str()) + ")";
+  }
+
+  std::string VisitMemRegion(const MemRegion *R) {
+    std::string Str;
+    llvm::raw_string_ostream OS(Str);
+    OS << R;
+    return "a memory region unsupported by the explainer (" +
+           std::string(OS.str()) + ")";
+  }
+};
+
+} // end namespace ento
+
+} // end namespace clang
+
+#endif
@@ -76,51 +76,13 @@ class RegionOffset {
 
 /// MemRegion - The root abstract class for all memory regions.
 class MemRegion : public llvm::FoldingSetNode {
-  friend class MemRegionManager;
 public:
   enum Kind {
-    // Memory spaces.
-    CodeSpaceRegionKind,
-    StackLocalsSpaceRegionKind,
-    StackArgumentsSpaceRegionKind,
-    HeapSpaceRegionKind,
-    UnknownSpaceRegionKind,
-    StaticGlobalSpaceRegionKind,
-    GlobalInternalSpaceRegionKind,
-    GlobalSystemSpaceRegionKind,
-    GlobalImmutableSpaceRegionKind,
-    BEGIN_NON_STATIC_GLOBAL_MEMSPACES = GlobalInternalSpaceRegionKind,
-    END_NON_STATIC_GLOBAL_MEMSPACES = GlobalImmutableSpaceRegionKind,
-    BEGIN_GLOBAL_MEMSPACES = StaticGlobalSpaceRegionKind,
-    END_GLOBAL_MEMSPACES = GlobalImmutableSpaceRegionKind,
-    BEGIN_MEMSPACES = CodeSpaceRegionKind,
-    END_MEMSPACES = GlobalImmutableSpaceRegionKind,
-    // Untyped regions.
-    SymbolicRegionKind,
-    AllocaRegionKind,
-    // Typed regions.
-    BEGIN_TYPED_REGIONS,
-    FunctionCodeRegionKind = BEGIN_TYPED_REGIONS,
-    BlockCodeRegionKind,
-    BlockDataRegionKind,
-    BEGIN_TYPED_VALUE_REGIONS,
-    CompoundLiteralRegionKind = BEGIN_TYPED_VALUE_REGIONS,
-    CXXThisRegionKind,
-    StringRegionKind,
-    ObjCStringRegionKind,
-    ElementRegionKind,
-    // Decl Regions.
-    BEGIN_DECL_REGIONS,
-    VarRegionKind = BEGIN_DECL_REGIONS,
-    FieldRegionKind,
-    ObjCIvarRegionKind,
-    END_DECL_REGIONS = ObjCIvarRegionKind,
-    CXXTempObjectRegionKind,
-    CXXBaseObjectRegionKind,
-    END_TYPED_VALUE_REGIONS = CXXBaseObjectRegionKind,
-    END_TYPED_REGIONS = CXXBaseObjectRegionKind
+#define REGION(Id, Parent) Id ## Kind,
+#define REGION_RANGE(Id, First, Last) BEGIN_##Id = First, END_##Id = Last,
+#include "clang/StaticAnalyzer/Core/PathSensitive/Regions.def"
   };
-    
+
 private:
   const Kind kind;
 
@@ -386,8 +348,7 @@ class StackSpaceRegion : public MemSpaceRegion {
 
   static bool classof(const MemRegion *R) {
     Kind k = R->getKind();
-    return k >= StackLocalsSpaceRegionKind &&
-           k <= StackArgumentsSpaceRegionKind;
+    return k >= BEGIN_STACK_MEMSPACES && k <= END_STACK_MEMSPACES;
   }
 };
 
@@ -549,7 +510,7 @@ class CodeTextRegion : public TypedRegion {
 
   static bool classof(const MemRegion* R) {
     Kind k = R->getKind();
-    return k >= FunctionCodeRegionKind && k <= BlockCodeRegionKind;
+    return k >= BEGIN_CODE_TEXT_REGIONS && k <= END_CODE_TEXT_REGIONS;
   }
 };