public virtual ProgramState PreProcessInstruction(ProgramPoint programPoint, ProgramState programState)
{
return(programState);
}
public virtual ProgramState PreProcessUsingStatement(ProgramPoint programPoint, ProgramState programState)
{
return(programState);
}
protected override void VisitInstruction(ExplodedGraphNode node)
{
var instruction = node.ProgramPoint.Block.Instructions[node.ProgramPoint.Offset];
var expression = instruction as ExpressionSyntax;
var parenthesizedExpression = expression?.GetSelfOrTopParenthesizedExpression();
var newProgramPoint = new ProgramPoint(node.ProgramPoint.Block, node.ProgramPoint.Offset + 1);
var newProgramState = node.ProgramState;
newProgramState = InvokeChecks(newProgramState, (ps, check) => check.PreProcessInstruction(node.ProgramPoint, ps));
if (newProgramState == null)
{
return;
}
switch (instruction.Kind())
{
case SyntaxKind.VariableDeclarator:
newProgramState = VisitVariableDeclarator((VariableDeclaratorSyntax)instruction, newProgramState);
break;
case SyntaxKind.SimpleAssignmentExpression:
newProgramState = VisitSimpleAssignment((AssignmentExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.OrAssignmentExpression:
newProgramState = VisitBooleanBinaryOpAssignment(newProgramState, (AssignmentExpressionSyntax)instruction, (l, r) => new OrSymbolicValue(l, r));
break;
case SyntaxKind.AndAssignmentExpression:
newProgramState = VisitBooleanBinaryOpAssignment(newProgramState, (AssignmentExpressionSyntax)instruction, (l, r) => new AndSymbolicValue(l, r));
break;
case SyntaxKind.ExclusiveOrAssignmentExpression:
newProgramState = VisitBooleanBinaryOpAssignment(newProgramState, (AssignmentExpressionSyntax)instruction, (l, r) => new XorSymbolicValue(l, r));
break;
case SyntaxKind.SubtractAssignmentExpression:
case SyntaxKind.AddAssignmentExpression:
case SyntaxKind.DivideAssignmentExpression:
case SyntaxKind.MultiplyAssignmentExpression:
case SyntaxKind.ModuloAssignmentExpression:
case SyntaxKind.LeftShiftAssignmentExpression:
case SyntaxKind.RightShiftAssignmentExpression:
newProgramState = VisitOpAssignment((AssignmentExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.PreIncrementExpression:
case SyntaxKind.PreDecrementExpression:
newProgramState = VisitPrefixIncrement((PrefixUnaryExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.PostIncrementExpression:
case SyntaxKind.PostDecrementExpression:
newProgramState = VisitPostfixIncrement((PostfixUnaryExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.IdentifierName:
newProgramState = VisitIdentifier((IdentifierNameSyntax)instruction, newProgramState);
break;
case SyntaxKind.BitwiseOrExpression:
newProgramState = VisitBinaryOperator(newProgramState, (l, r) => new OrSymbolicValue(l, r));
break;
case SyntaxKind.BitwiseAndExpression:
newProgramState = VisitBinaryOperator(newProgramState, (l, r) => new AndSymbolicValue(l, r));
break;
case SyntaxKind.ExclusiveOrExpression:
newProgramState = VisitBinaryOperator(newProgramState, (l, r) => new XorSymbolicValue(l, r));
break;
case SyntaxKind.LessThanExpression:
newProgramState = VisitComparisonBinaryOperator(newProgramState, (BinaryExpressionSyntax)instruction, (l, r) => new ComparisonSymbolicValue(ComparisonKind.Less, l, r));
break;
case SyntaxKind.LessThanOrEqualExpression:
newProgramState = VisitComparisonBinaryOperator(newProgramState, (BinaryExpressionSyntax)instruction, (l, r) => new ComparisonSymbolicValue(ComparisonKind.LessOrEqual, l, r));
break;
case SyntaxKind.GreaterThanExpression:
newProgramState = VisitComparisonBinaryOperator(newProgramState, (BinaryExpressionSyntax)instruction, (l, r) => new ComparisonSymbolicValue(ComparisonKind.Less, r, l));
break;
case SyntaxKind.GreaterThanOrEqualExpression:
newProgramState = VisitComparisonBinaryOperator(newProgramState, (BinaryExpressionSyntax)instruction, (l, r) => new ComparisonSymbolicValue(ComparisonKind.LessOrEqual, r, l));
break;
case SyntaxKind.SubtractExpression:
case SyntaxKind.AddExpression:
case SyntaxKind.DivideExpression:
case SyntaxKind.MultiplyExpression:
case SyntaxKind.ModuloExpression:
case SyntaxKind.LeftShiftExpression:
case SyntaxKind.RightShiftExpression:
newProgramState = newProgramState.PopValues(2);
newProgramState = newProgramState.PushValue(new SymbolicValue());
break;
case SyntaxKind.EqualsExpression:
var binary = (BinaryExpressionSyntax)instruction;
newProgramState = IsOperatorOnObject(instruction)
? VisitReferenceEquals(binary, newProgramState)
: VisitValueEquals(newProgramState);
break;
case SyntaxKind.NotEqualsExpression:
newProgramState = IsOperatorOnObject(instruction)
? VisitBinaryOperator(newProgramState, (l, r) => new ReferenceNotEqualsSymbolicValue(l, r))
: VisitBinaryOperator(newProgramState, (l, r) => new ValueNotEqualsSymbolicValue(l, r));
break;
case SyntaxKind.BitwiseNotExpression:
case SyntaxKind.UnaryMinusExpression:
case SyntaxKind.UnaryPlusExpression:
case SyntaxKind.AddressOfExpression:
case SyntaxKind.PointerIndirectionExpression:
case SyntaxKind.MakeRefExpression:
case SyntaxKind.RefTypeExpression:
case SyntaxKind.RefValueExpression:
case SyntaxKind.MemberBindingExpression:
case SyntaxKind.AwaitExpression:
newProgramState = newProgramState.PopValue();
newProgramState = newProgramState.PushValue(new SymbolicValue());
break;
case SyntaxKind.AsExpression:
case SyntaxKind.IsExpression:
newProgramState = VisitSafeCastExpression((BinaryExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.SimpleMemberAccessExpression:
{
var memberAccess = (MemberAccessExpressionSyntax)instruction;
var check = explodedGraphChecks.OfType <EmptyNullableValueAccess.NullValueAccessedCheck>().FirstOrDefault();
if (check == null ||
!check.TryProcessInstruction(memberAccess, newProgramState, out newProgramState))
{
// Default behavior
newProgramState = VisitMemberAccess(memberAccess, newProgramState);
}
}
break;
case SyntaxKind.PointerMemberAccessExpression:
{
newProgramState = VisitMemberAccess((MemberAccessExpressionSyntax)instruction, newProgramState);
}
break;
case SyntaxKind.GenericName:
case SyntaxKind.AliasQualifiedName:
case SyntaxKind.QualifiedName:
case SyntaxKind.PredefinedType:
case SyntaxKind.NullableType:
case SyntaxKind.OmittedArraySizeExpression:
case SyntaxKind.AnonymousMethodExpression:
case SyntaxKind.ParenthesizedLambdaExpression:
case SyntaxKind.SimpleLambdaExpression:
case SyntaxKind.QueryExpression:
case SyntaxKind.ArgListExpression:
newProgramState = newProgramState.PushValue(new SymbolicValue());
break;
case SyntaxKind.LogicalNotExpression:
{
newProgramState = newProgramState.PopValue(out var sv);
newProgramState = newProgramState.PushValue(new LogicalNotSymbolicValue(sv));
}
break;
case SyntaxKind.TrueLiteralExpression:
newProgramState = newProgramState.PushValue(SymbolicValue.True);
break;
case SyntaxKind.FalseLiteralExpression:
newProgramState = newProgramState.PushValue(SymbolicValue.False);
break;
case SyntaxKind.NullLiteralExpression:
newProgramState = newProgramState.PushValue(SymbolicValue.Null);
break;
case SyntaxKind.ThisExpression:
newProgramState = newProgramState.PushValue(SymbolicValue.This);
break;
case SyntaxKind.BaseExpression:
newProgramState = newProgramState.PushValue(SymbolicValue.Base);
break;
case SyntaxKind.CharacterLiteralExpression:
case SyntaxKind.StringLiteralExpression:
case SyntaxKind.NumericLiteralExpression:
case SyntaxKind.SizeOfExpression:
case SyntaxKind.TypeOfExpression:
case SyntaxKind.ArrayCreationExpression:
case SyntaxKind.ImplicitArrayCreationExpression:
case SyntaxKind.StackAllocArrayCreationExpression:
{
var sv = new SymbolicValue();
newProgramState = newProgramState.SetConstraint(sv, ObjectConstraint.NotNull);
newProgramState = newProgramState.PushValue(sv);
newProgramState = InvokeChecks(newProgramState,
(ps, check) => check.ObjectCreated(ps, sv, instruction));
}
break;
case SyntaxKind.DefaultExpression:
newProgramState = VisitDefaultExpression((DefaultExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.AnonymousObjectCreationExpression:
{
var creation = (AnonymousObjectCreationExpressionSyntax)instruction;
newProgramState = newProgramState.PopValues(creation.Initializers.Count);
var sv = new SymbolicValue();
newProgramState = newProgramState.SetConstraint(sv, ObjectConstraint.NotNull);
newProgramState = newProgramState.PushValue(sv);
newProgramState = InvokeChecks(newProgramState,
(ps, check) => check.ObjectCreated(ps, sv, instruction));
}
break;
case SyntaxKind.CastExpression:
case SyntaxKind.CheckedExpression:
case SyntaxKind.UncheckedExpression:
// Do nothing
break;
case SyntaxKind.InterpolatedStringExpression:
newProgramState = newProgramState.PopValues(((InterpolatedStringExpressionSyntax)instruction).Contents.OfType <InterpolationSyntax>().Count());
newProgramState = newProgramState.PushValue(new SymbolicValue());
break;
case SyntaxKind.ObjectCreationExpression:
newProgramState = VisitObjectCreation((ObjectCreationExpressionSyntax)instruction, newProgramState);
break;
case SyntaxKind.ElementAccessExpression:
newProgramState = newProgramState.PopValues((((ElementAccessExpressionSyntax)instruction).ArgumentList?.Arguments.Count ?? 0) + 1);
newProgramState = newProgramState.PushValue(new SymbolicValue());
break;
case SyntaxKind.ImplicitElementAccess:
newProgramState = newProgramState
.PopValues(((ImplicitElementAccessSyntax)instruction).ArgumentList?.Arguments.Count ?? 0)
.PushValue(new SymbolicValue());
break;
case SyntaxKind.ObjectInitializerExpression:
case SyntaxKind.ArrayInitializerExpression:
case SyntaxKind.CollectionInitializerExpression:
case SyntaxKind.ComplexElementInitializerExpression:
newProgramState = VisitInitializer(instruction, parenthesizedExpression, newProgramState);
break;
case SyntaxKind.ArrayType:
newProgramState = newProgramState.PopValues(((ArrayTypeSyntax)instruction).RankSpecifiers.SelectMany(rs => rs.Sizes).Count());
break;
case SyntaxKind.ElementBindingExpression:
newProgramState = newProgramState.PopValues(((ElementBindingExpressionSyntax)instruction).ArgumentList?.Arguments.Count ?? 0);
newProgramState = newProgramState.PushValue(new SymbolicValue());
break;
case SyntaxKind.InvocationExpression:
{
var invocation = (InvocationExpressionSyntax)instruction;
var invocationVisitor = new InvocationVisitor(invocation, SemanticModel, newProgramState);
newProgramState = invocationVisitor.ProcessInvocation();
if (invocation.Expression.IsOnThis() && !invocation.IsNameof(SemanticModel))
{
newProgramState = newProgramState.RemoveSymbols(IsFieldSymbol);
}
}
break;
default:
throw new NotImplementedException($"{instruction.Kind()}");
}
newProgramState = EnsureStackState(parenthesizedExpression, newProgramState);
OnInstructionProcessed(instruction, node.ProgramPoint, newProgramState);
EnqueueNewNode(newProgramPoint, newProgramState);
}
public virtual ProgramState PreProcessUsingStatement(ProgramPoint programPoint, ProgramState programState) => programState;
public virtual ProgramState PostProcessInstruction(ProgramPoint programPoint, ProgramState programState) => programState;
public ExplodedGraphNode(ProgramPoint programPoint, ProgramState programState)
{
ProgramState = programState;
ProgramPoint = programPoint;
}
protected virtual void VisitBranchBlock(ExplodedGraphNode node, ProgramPoint programPoint)
{
var newProgramState = node.ProgramState.PopValue();
newProgramState = CleanStateAfterBlock(newProgramState, node.ProgramPoint.Block);
EnqueueAllSuccessors(programPoint.Block, newProgramState);
}
