Store.cpp source code [clang_source_code/lib/StaticAnalyzer/Core/Store.cpp]

1	//===- Store.cpp - Interface for maps from Locations to Values ------------===//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defined the types Store and StoreManager.
10	//
11	//===----------------------------------------------------------------------===//
12
13	#include "clang/StaticAnalyzer/Core/PathSensitive/Store.h"
14	#include "clang/AST/ASTContext.h"
15	#include "clang/AST/CXXInheritance.h"
16	#include "clang/AST/CharUnits.h"
17	#include "clang/AST/Decl.h"
18	#include "clang/AST/DeclCXX.h"
19	#include "clang/AST/DeclObjC.h"
20	#include "clang/AST/Expr.h"
21	#include "clang/AST/Type.h"
22	#include "clang/Basic/LLVM.h"
23	#include "clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h"
24	#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
25	#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
26	#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
27	#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
28	#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
29	#include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
30	#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
31	#include "llvm/ADT/APSInt.h"
32	#include "llvm/ADT/Optional.h"
33	#include "llvm/ADT/SmallVector.h"
34	#include "llvm/Support/Casting.h"
35	#include "llvm/Support/ErrorHandling.h"
36	#include <cassert>
37	#include <cstdint>
38
39	using namespace clang;
40	using namespace ento;
41
42	StoreManager::StoreManager(ProgramStateManager &stateMgr)
43	: svalBuilder(stateMgr.getSValBuilder()), StateMgr(stateMgr),
44	MRMgr(svalBuilder.getRegionManager()), Ctx(stateMgr.getContext()) {}
45
46	StoreRef StoreManager::enterStackFrame(Store OldStore,
47	const CallEvent &Call,
48	const StackFrameContext *LCtx) {
49	StoreRef Store = StoreRef(OldStore, *this);
50
51	SmallVector<CallEvent::FrameBindingTy, 16> InitialBindings;
52	Call.getInitialStackFrameContents(LCtx, InitialBindings);
53
54	for (const auto &I : InitialBindings)
55	Store = Bind(Store.getStore(), I.first, I.second);
56
57	return Store;
58	}
59
60	const ElementRegion StoreManager::MakeElementRegion(const SubRegion Base,
61	QualType EleTy,
62	uint64_t index) {
63	NonLoc idx = svalBuilder.makeArrayIndex(index);
64	return MRMgr.getElementRegion(EleTy, idx, Base, svalBuilder.getContext());
65	}
66
67	const ElementRegion StoreManager::GetElementZeroRegion(const SubRegion R,
68	QualType T) {
69	NonLoc idx = svalBuilder.makeZeroArrayIndex();
70	assert(!T.isNull());
71	return MRMgr.getElementRegion(T, idx, R, Ctx);
72	}
73
74	const MemRegion StoreManager::castRegion(const MemRegion R, QualType CastToTy) {
75	ASTContext &Ctx = StateMgr.getContext();
76
77	// Handle casts to Objective-C objects.
78	if (CastToTy->isObjCObjectPointerType())
79	return R->StripCasts();
80
81	if (CastToTy->isBlockPointerType()) {
82	// FIXME: We may need different solutions, depending on the symbol
83	// involved. Blocks can be casted to/from 'id', as they can be treated
84	// as Objective-C objects. This could possibly be handled by enhancing
85	// our reasoning of downcasts of symbolic objects.
86	if (isa<CodeTextRegion>(R) \|\| isa<SymbolicRegion>(R))
87	return R;
88
89	// We don't know what to make of it. Return a NULL region, which
90	// will be interpreted as UnknownVal.
91	return nullptr;
92	}
93
94	// Now assume we are casting from pointer to pointer. Other cases should
95	// already be handled.
96	QualType PointeeTy = CastToTy->getPointeeType();
97	QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy);
98
99	// Handle casts to void*. We just pass the region through.
100	if (CanonPointeeTy.getLocalUnqualifiedType() == Ctx.VoidTy)
101	return R;
102
103	// Handle casts from compatible types.
104	if (R->isBoundable())
105	if (const auto *TR = dyn_cast<TypedValueRegion>(R)) {
106	QualType ObjTy = Ctx.getCanonicalType(TR->getValueType());
107	if (CanonPointeeTy == ObjTy)
108	return R;
109	}
110
111	// Process region cast according to the kind of the region being cast.
112	switch (R->getKind()) {
113	case MemRegion::CXXThisRegionKind:
114	case MemRegion::CodeSpaceRegionKind:
115	case MemRegion::StackLocalsSpaceRegionKind:
116	case MemRegion::StackArgumentsSpaceRegionKind:
117	case MemRegion::HeapSpaceRegionKind:
118	case MemRegion::UnknownSpaceRegionKind:
119	case MemRegion::StaticGlobalSpaceRegionKind:
120	case MemRegion::GlobalInternalSpaceRegionKind:
121	case MemRegion::GlobalSystemSpaceRegionKind:
122	case MemRegion::GlobalImmutableSpaceRegionKind: {
123	llvm_unreachable("Invalid region cast");
124	}
125
126	case MemRegion::FunctionCodeRegionKind:
127	case MemRegion::BlockCodeRegionKind:
128	case MemRegion::BlockDataRegionKind:
129	case MemRegion::StringRegionKind:
130	// FIXME: Need to handle arbitrary downcasts.
131	case MemRegion::SymbolicRegionKind:
132	case MemRegion::AllocaRegionKind:
133	case MemRegion::CompoundLiteralRegionKind:
134	case MemRegion::FieldRegionKind:
135	case MemRegion::ObjCIvarRegionKind:
136	case MemRegion::ObjCStringRegionKind:
137	case MemRegion::VarRegionKind:
138	case MemRegion::CXXTempObjectRegionKind:
139	case MemRegion::CXXBaseObjectRegionKind:
140	case MemRegion::CXXDerivedObjectRegionKind:
141	return MakeElementRegion(cast<SubRegion>(R), PointeeTy);
142
143	case MemRegion::ElementRegionKind: {
144	// If we are casting from an ElementRegion to another type, the
145	// algorithm is as follows:
146	//
147	// (1) Compute the "raw offset" of the ElementRegion from the
148	// base region. This is done by calling 'getAsRawOffset()'.
149	//
150	// (2a) If we get a 'RegionRawOffset' after calling
151	// 'getAsRawOffset()', determine if the absolute offset
152	// can be exactly divided into chunks of the size of the
153	// casted-pointee type. If so, create a new ElementRegion with
154	// the pointee-cast type as the new ElementType and the index
155	// being the offset divded by the chunk size. If not, create
156	// a new ElementRegion at offset 0 off the raw offset region.
157	//
158	// (2b) If we don't a get a 'RegionRawOffset' after calling
159	// 'getAsRawOffset()', it means that we are at offset 0.
160	//
161	// FIXME: Handle symbolic raw offsets.
162
163	const ElementRegion *elementR = cast<ElementRegion>(R);
164	const RegionRawOffset &rawOff = elementR->getAsArrayOffset();
165	const MemRegion *baseR = rawOff.getRegion();
166
167	// If we cannot compute a raw offset, throw up our hands and return
168	// a NULL MemRegion*.
169	if (!baseR)
170	return nullptr;
171
172	CharUnits off = rawOff.getOffset();
173
174	if (off.isZero()) {
175	// Edge case: we are at 0 bytes off the beginning of baseR. We
176	// check to see if type we are casting to is the same as the base
177	// region. If so, just return the base region.
178	if (const auto *TR = dyn_cast<TypedValueRegion>(baseR)) {
179	QualType ObjTy = Ctx.getCanonicalType(TR->getValueType());
180	QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy);
181	if (CanonPointeeTy == ObjTy)
182	return baseR;
183	}
184
185	// Otherwise, create a new ElementRegion at offset 0.
186	return MakeElementRegion(cast<SubRegion>(baseR), PointeeTy);
187	}
188
189	// We have a non-zero offset from the base region. We want to determine
190	// if the offset can be evenly divided by sizeof(PointeeTy). If so,
191	// we create an ElementRegion whose index is that value. Otherwise, we
192	// create two ElementRegions, one that reflects a raw offset and the other
193	// that reflects the cast.
194
195	// Compute the index for the new ElementRegion.
196	int64_t newIndex = 0;
197	const MemRegion *newSuperR = nullptr;
198
199	// We can only compute sizeof(PointeeTy) if it is a complete type.
200	if (!PointeeTy->isIncompleteType()) {
201	// Compute the size in bytes.
202	CharUnits pointeeTySize = Ctx.getTypeSizeInChars(PointeeTy);
203	if (!pointeeTySize.isZero()) {
204	// Is the offset a multiple of the size? If so, we can layer the
205	// ElementRegion (with elementType == PointeeTy) directly on top of
206	// the base region.
207	if (off % pointeeTySize == 0) {
208	newIndex = off / pointeeTySize;
209	newSuperR = baseR;
210	}
211	}
212	}
213
214	if (!newSuperR) {
215	// Create an intermediate ElementRegion to represent the raw byte.
216	// This will be the super region of the final ElementRegion.
217	newSuperR = MakeElementRegion(cast<SubRegion>(baseR), Ctx.CharTy,
218	off.getQuantity());
219	}
220
221	return MakeElementRegion(cast<SubRegion>(newSuperR), PointeeTy, newIndex);
222	}
223	}
224
225	llvm_unreachable("unreachable");
226	}
227
228	static bool regionMatchesCXXRecordType(SVal V, QualType Ty) {
229	const MemRegion *MR = V.getAsRegion();
230	if (!MR)
231	return true;
232
233	const auto *TVR = dyn_cast<TypedValueRegion>(MR);
234	if (!TVR)
235	return true;
236
237	const CXXRecordDecl *RD = TVR->getValueType()->getAsCXXRecordDecl();
238	if (!RD)
239	return true;
240
241	const CXXRecordDecl *Expected = Ty->getPointeeCXXRecordDecl();
242	if (!Expected)
243	Expected = Ty->getAsCXXRecordDecl();
244
245	return Expected->getCanonicalDecl() == RD->getCanonicalDecl();
246	}
247
248	SVal StoreManager::evalDerivedToBase(SVal Derived, const CastExpr *Cast) {
249	// Sanity check to avoid doing the wrong thing in the face of
250	// reinterpret_cast.
251	if (!regionMatchesCXXRecordType(Derived, Cast->getSubExpr()->getType()))
252	return UnknownVal();
253
254	// Walk through the cast path to create nested CXXBaseRegions.
255	SVal Result = Derived;
256	for (CastExpr::path_const_iterator I = Cast->path_begin(),
257	E = Cast->path_end();
258	I != E; ++I) {
259	Result = evalDerivedToBase(Result, (I)->getType(), (I)->isVirtual());
260	}
261	return Result;
262	}
263
264	SVal StoreManager::evalDerivedToBase(SVal Derived, const CXXBasePath &Path) {
265	// Walk through the path to create nested CXXBaseRegions.
266	SVal Result = Derived;
267	for (const auto &I : Path)
268	Result = evalDerivedToBase(Result, I.Base->getType(),
269	I.Base->isVirtual());
270	return Result;
271	}
272
273	SVal StoreManager::evalDerivedToBase(SVal Derived, QualType BaseType,
274	bool IsVirtual) {
275	const MemRegion *DerivedReg = Derived.getAsRegion();
276	if (!DerivedReg)
277	return Derived;
278
279	const CXXRecordDecl *BaseDecl = BaseType->getPointeeCXXRecordDecl();
280	if (!BaseDecl)
281	BaseDecl = BaseType->getAsCXXRecordDecl();
282	(0) . __assert_fail ("BaseDecl && \"not a C++ object?\"", "/home/seafit/code_projects/clang_source/clang/lib/StaticAnalyzer/Core/Store.cpp", 282, __PRETTY_FUNCTION__))" file_link="../../../../include/assert.h.html#88" macro="true">assert(BaseDecl && "not a C++ object?");
283
284	if (const auto *AlreadyDerivedReg =
285	dyn_cast<CXXDerivedObjectRegion>(DerivedReg)) {
286	if (const auto *SR =
287	dyn_cast<SymbolicRegion>(AlreadyDerivedReg->getSuperRegion()))
288	if (SR->getSymbol()->getType()->getPointeeCXXRecordDecl() == BaseDecl)
289	return loc::MemRegionVal(SR);
290
291	DerivedReg = AlreadyDerivedReg->getSuperRegion();
292	}
293
294	const MemRegion *BaseReg = MRMgr.getCXXBaseObjectRegion(
295	BaseDecl, cast<SubRegion>(DerivedReg), IsVirtual);
296
297	return loc::MemRegionVal(BaseReg);
298	}
299
300	/// Returns the static type of the given region, if it represents a C++ class
301	/// object.
302	///
303	/// This handles both fully-typed regions, where the dynamic type is known, and
304	/// symbolic regions, where the dynamic type is merely bounded (and even then,
305	/// only ostensibly!), but does not take advantage of any dynamic type info.
306	static const CXXRecordDecl getCXXRecordType(const MemRegion MR) {
307	if (const auto *TVR = dyn_cast<TypedValueRegion>(MR))
308	return TVR->getValueType()->getAsCXXRecordDecl();
309	if (const auto *SR = dyn_cast<SymbolicRegion>(MR))
310	return SR->getSymbol()->getType()->getPointeeCXXRecordDecl();
311	return nullptr;
312	}
313
314	SVal StoreManager::attemptDownCast(SVal Base, QualType TargetType,
315	bool &Failed) {
316	Failed = false;
317
318	const MemRegion *MR = Base.getAsRegion();
319	if (!MR)
320	return UnknownVal();
321
322	// Assume the derived class is a pointer or a reference to a CXX record.
323	TargetType = TargetType->getPointeeType();
324	assert(!TargetType.isNull());
325	const CXXRecordDecl *TargetClass = TargetType->getAsCXXRecordDecl();
326	if (!TargetClass && !TargetType->isVoidType())
327	return UnknownVal();
328
329	// Drill down the CXXBaseObject chains, which represent upcasts (casts from
330	// derived to base).
331	while (const CXXRecordDecl *MRClass = getCXXRecordType(MR)) {
332	// If found the derived class, the cast succeeds.
333	if (MRClass == TargetClass)
334	return loc::MemRegionVal(MR);
335
336	// We skip over incomplete types. They must be the result of an earlier
337	// reinterpret_cast, as one can only dynamic_cast between types in the same
338	// class hierarchy.
339	if (!TargetType->isVoidType() && MRClass->hasDefinition()) {
340	// Static upcasts are marked as DerivedToBase casts by Sema, so this will
341	// only happen when multiple or virtual inheritance is involved.
342	CXXBasePaths Paths(/FindAmbiguities=/false, /RecordPaths=/true,
343	/DetectVirtual=/false);
344	if (MRClass->isDerivedFrom(TargetClass, Paths))
345	return evalDerivedToBase(loc::MemRegionVal(MR), Paths.front());
346	}
347
348	if (const auto *BaseR = dyn_cast<CXXBaseObjectRegion>(MR)) {
349	// Drill down the chain to get the derived classes.
350	MR = BaseR->getSuperRegion();
351	continue;
352	}
353
354	// If this is a cast to void*, return the region.
355	if (TargetType->isVoidType())
356	return loc::MemRegionVal(MR);
357
358	// Strange use of reinterpret_cast can give us paths we don't reason
359	// about well, by putting in ElementRegions where we'd expect
360	// CXXBaseObjectRegions. If it's a valid reinterpret_cast (i.e. if the
361	// derived class has a zero offset from the base class), then it's safe
362	// to strip the cast; if it's invalid, -Wreinterpret-base-class should
363	// catch it. In the interest of performance, the analyzer will silently
364	// do the wrong thing in the invalid case (because offsets for subregions
365	// will be wrong).
366	const MemRegion Uncasted = MR->StripCasts(/IncludeBaseCasts=*/false);
367	if (Uncasted == MR) {
368	// We reached the bottom of the hierarchy and did not find the derived
369	// class. We must be casting the base to derived, so the cast should
370	// fail.
371	break;
372	}
373
374	MR = Uncasted;
375	}
376
377	// If we're casting a symbolic base pointer to a derived class, use
378	// CXXDerivedObjectRegion to represent the cast. If it's a pointer to an
379	// unrelated type, it must be a weird reinterpret_cast and we have to
380	// be fine with ElementRegion. TODO: Should we instead make
381	// Derived{TargetClass, Element{SourceClass, SR}}?
382	if (const auto *SR = dyn_cast<SymbolicRegion>(MR)) {
383	QualType T = SR->getSymbol()->getType();
384	const CXXRecordDecl *SourceClass = T->getPointeeCXXRecordDecl();
385	if (TargetClass && SourceClass && TargetClass->isDerivedFrom(SourceClass))
386	return loc::MemRegionVal(
387	MRMgr.getCXXDerivedObjectRegion(TargetClass, SR));
388	return loc::MemRegionVal(GetElementZeroRegion(SR, TargetType));
389	}
390
391	// We failed if the region we ended up with has perfect type info.
392	Failed = isa<TypedValueRegion>(MR);
393	return UnknownVal();
394	}
395
396	/// CastRetrievedVal - Used by subclasses of StoreManager to implement
397	/// implicit casts that arise from loads from regions that are reinterpreted
398	/// as another region.
399	SVal StoreManager::CastRetrievedVal(SVal V, const TypedValueRegion *R,
400	QualType castTy) {
401	if (castTy.isNull() \|\| V.isUnknownOrUndef())
402	return V;
403
404	// The dispatchCast() call below would convert the int into a float.
405	// What we want, however, is a bit-by-bit reinterpretation of the int
406	// as a float, which usually yields nothing garbage. For now skip casts
407	// from ints to floats.
408	// TODO: What other combinations of types are affected?
409	if (castTy->isFloatingType()) {
410	SymbolRef Sym = V.getAsSymbol();
411	if (Sym && !Sym->getType()->isFloatingType())
412	return UnknownVal();
413	}
414
415	// When retrieving symbolic pointer and expecting a non-void pointer,
416	// wrap them into element regions of the expected type if necessary.
417	// SValBuilder::dispatchCast() doesn't do that, but it is necessary to
418	// make sure that the retrieved value makes sense, because there's no other
419	// cast in the AST that would tell us to cast it to the correct pointer type.
420	// We might need to do that for non-void pointers as well.
421	// FIXME: We really need a single good function to perform casts for us
422	// correctly every time we need it.
423	if (castTy->isPointerType() && !castTy->isVoidPointerType())
424	if (const auto *SR = dyn_cast_or_null<SymbolicRegion>(V.getAsRegion()))
425	if (SR->getSymbol()->getType().getCanonicalType() !=
426	castTy.getCanonicalType())
427	return loc::MemRegionVal(castRegion(SR, castTy));
428
429	return svalBuilder.dispatchCast(V, castTy);
430	}
431
432	SVal StoreManager::getLValueFieldOrIvar(const Decl *D, SVal Base) {
433	if (Base.isUnknownOrUndef())
434	return Base;
435
436	Loc BaseL = Base.castAs<Loc>();
437	const SubRegion* BaseR = nullptr;
438
439	switch (BaseL.getSubKind()) {
440	case loc::MemRegionValKind:
441	BaseR = cast<SubRegion>(BaseL.castAs<loc::MemRegionVal>().getRegion());
442	break;
443
444	case loc::GotoLabelKind:
445	// These are anormal cases. Flag an undefined value.
446	return UndefinedVal();
447
448	case loc::ConcreteIntKind:
449	// While these seem funny, this can happen through casts.
450	// FIXME: What we should return is the field offset, not base. For example,
451	// add the field offset to the integer value. That way things
452	// like this work properly: &(((struct foo *) 0xa)->f)
453	// However, that's not easy to fix without reducing our abilities
454	// to catch null pointer dereference. Eg., ((struct foo *)0x0)->f = 7
455	// is a null dereference even though we're dereferencing offset of f
456	// rather than null. Coming up with an approach that computes offsets
457	// over null pointers properly while still being able to catch null
458	// dereferences might be worth it.
459	return Base;
460
461	default:
462	llvm_unreachable("Unhandled Base.");
463	}
464
465	// NOTE: We must have this check first because ObjCIvarDecl is a subclass
466	// of FieldDecl.
467	if (const auto *ID = dyn_cast<ObjCIvarDecl>(D))
468	return loc::MemRegionVal(MRMgr.getObjCIvarRegion(ID, BaseR));
469
470	return loc::MemRegionVal(MRMgr.getFieldRegion(cast<FieldDecl>(D), BaseR));
471	}
472
473	SVal StoreManager::getLValueIvar(const ObjCIvarDecl *decl, SVal base) {
474	return getLValueFieldOrIvar(decl, base);
475	}
476
477	SVal StoreManager::getLValueElement(QualType elementType, NonLoc Offset,
478	SVal Base) {
479	// If the base is an unknown or undefined value, just return it back.
480	// FIXME: For absolute pointer addresses, we just return that value back as
481	// well, although in reality we should return the offset added to that
482	// value. See also the similar FIXME in getLValueFieldOrIvar().
483	if (Base.isUnknownOrUndef() \|\| Base.getAs<loc::ConcreteInt>())
484	return Base;
485
486	if (Base.getAs<loc::GotoLabel>())
487	return UnknownVal();
488
489	const SubRegion *BaseRegion =
490	Base.castAs<loc::MemRegionVal>().getRegionAs<SubRegion>();
491
492	// Pointer of any type can be cast and used as array base.
493	const auto *ElemR = dyn_cast<ElementRegion>(BaseRegion);
494
495	// Convert the offset to the appropriate size and signedness.
496	Offset = svalBuilder.convertToArrayIndex(Offset).castAs<NonLoc>();
497
498	if (!ElemR) {
499	// If the base region is not an ElementRegion, create one.
500	// This can happen in the following example:
501	//
502	// char *p = __builtin_alloc(10);
503	// p[1] = 8;
504	//
505	// Observe that 'p' binds to an AllocaRegion.
506	return loc::MemRegionVal(MRMgr.getElementRegion(elementType, Offset,
507	BaseRegion, Ctx));
508	}
509
510	SVal BaseIdx = ElemR->getIndex();
511
512	if (!BaseIdx.getAs<nonloc::ConcreteInt>())
513	return UnknownVal();
514
515	const llvm::APSInt &BaseIdxI =
516	BaseIdx.castAs<nonloc::ConcreteInt>().getValue();
517
518	// Only allow non-integer offsets if the base region has no offset itself.
519	// FIXME: This is a somewhat arbitrary restriction. We should be using
520	// SValBuilder here to add the two offsets without checking their types.
521	if (!Offset.getAs<nonloc::ConcreteInt>()) {
522	if (isa<ElementRegion>(BaseRegion->StripCasts()))
523	return UnknownVal();
524
525	return loc::MemRegionVal(MRMgr.getElementRegion(
526	elementType, Offset, cast<SubRegion>(ElemR->getSuperRegion()), Ctx));
527	}
528
529	const llvm::APSInt& OffI = Offset.castAs<nonloc::ConcreteInt>().getValue();
530	assert(BaseIdxI.isSigned());
531
532	// Compute the new index.
533	nonloc::ConcreteInt NewIdx(svalBuilder.getBasicValueFactory().getValue(BaseIdxI +
534	OffI));
535
536	// Construct the new ElementRegion.
537	const SubRegion *ArrayR = cast<SubRegion>(ElemR->getSuperRegion());
538	return loc::MemRegionVal(MRMgr.getElementRegion(elementType, NewIdx, ArrayR,
539	Ctx));
540	}
541
542	StoreManager::BindingsHandler::~BindingsHandler() = default;
543
544	bool StoreManager::FindUniqueBinding::HandleBinding(StoreManager& SMgr,
545	Store store,
546	const MemRegion* R,
547	SVal val) {
548	SymbolRef SymV = val.getAsLocSymbol();
549	if (!SymV \|\| SymV != Sym)
550	return true;
551
552	if (Binding) {
553	First = false;
554	return false;
555	}
556	else
557	Binding = R;
558
559	return true;
560	}
561

clang::ento::StoreManager::enterStackFrame

clang::ento::StoreManager::MakeElementRegion

clang::ento::StoreManager::GetElementZeroRegion

clang::ento::StoreManager::castRegion

clang::ento::StoreManager::evalDerivedToBase

clang::ento::StoreManager::attemptDownCast

clang::ento::StoreManager::CastRetrievedVal

clang::ento::StoreManager::getLValueFieldOrIvar

clang::ento::StoreManager::getLValueIvar

clang::ento::StoreManager::getLValueElement

clang::ento::StoreManager::FindUniqueBinding::HandleBinding

Clang Project