[cfe-commits] r59869 - in /cfe/trunk: include/clang/Analysis/PathSensitive/BasicValueFactory.h include/clang/Analysis/PathSensitive/ConstraintManager.h include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Analysis/PathSensitive/GRState.h include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/BasicConstraintManager.cpp lib/Analysis/BasicValueFactory.cpp lib/Analysis/GRExprEngine.cpp lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp

Zhongxing Xu xuzhongxing at gmail.com
Sat Nov 22 05:21:48 PST 2008


Author: zhongxingxu
Date: Sat Nov 22 07:21:46 2008
New Revision: 59869

URL: http://llvm.org/viewvc/llvm-project?rev=59869&view=rev
Log:
Initial support for checking out of bound memory access. Only support 
ConcreteInt index for now.

Modified:
    cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h
    cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h
    cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
    cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
    cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
    cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
    cfe/trunk/lib/Analysis/BasicValueFactory.cpp
    cfe/trunk/lib/Analysis/GRExprEngine.cpp
    cfe/trunk/lib/Analysis/RegionStore.cpp
    cfe/trunk/lib/Analysis/SVals.cpp

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h Sat Nov 22 07:21:46 2008
@@ -72,6 +72,7 @@
   ASTContext& getContext() const { return Ctx; }  
 
   const llvm::APSInt& getValue(const llvm::APSInt& X);
+  const llvm::APSInt& getValue(const llvm::APInt& X, bool isUnsigned);
   const llvm::APSInt& getValue(uint64_t X, unsigned BitWidth, bool isUnsigned);
   const llvm::APSInt& getValue(uint64_t X, QualType T);
 

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h Sat Nov 22 07:21:46 2008
@@ -34,6 +34,10 @@
   virtual const GRState* Assume(const GRState* St, SVal Cond, 
                                 bool Assumption, bool& isFeasible) = 0;
 
+  virtual const GRState* AssumeInBound(const GRState* St, SVal Idx, 
+                                       SVal UpperBound, bool Assumption,
+                                       bool& isFeasible) = 0;
+
   virtual const GRState* AddNE(const GRState* St, SymbolID sym, 
                                const llvm::APSInt& V) = 0;
   virtual const llvm::APSInt* getSymVal(const GRState* St, SymbolID sym) = 0;

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Sat Nov 22 07:21:46 2008
@@ -468,11 +468,7 @@
 
   const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
                                bool Assumption, bool& isFeasible) {
-    // FIXME: In this function, we will check if Idx can be in/out 
-    // [0, UpperBound) according to the assumption.  We can extend the 
-    // interface to include a LowerBound parameter.
-    isFeasible = true;
-    return St;
+    return StateMgr.AssumeInBound(St, Idx, UpperBound, Assumption, isFeasible);
   }
 
   NodeTy* MakeNode(NodeSet& Dst, Stmt* S, NodeTy* Pred, const GRState* St,

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h Sat Nov 22 07:21:46 2008
@@ -523,6 +523,12 @@
     return ConstraintMgr->Assume(St, Cond, Assumption, isFeasible);
   }
 
+  const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
+                               bool Assumption, bool& isFeasible) {
+    return ConstraintMgr->AssumeInBound(St, Idx, UpperBound, Assumption, 
+                                        isFeasible);
+  }
+
   const GRState* AddNE(const GRState* St, SymbolID sym, const llvm::APSInt& V) {
     return ConstraintMgr->AddNE(St, sym, V);
   }

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Sat Nov 22 07:21:46 2008
@@ -173,6 +173,9 @@
   static NonLoc MakeVal(BasicValueFactory& BasicVals, uint64_t X, QualType T);
   
   static NonLoc MakeVal(BasicValueFactory& BasicVals, IntegerLiteral* I);
+
+  static NonLoc MakeVal(BasicValueFactory& BasicVals, const llvm::APInt& I,
+                        bool isUnsigned);
     
   static NonLoc MakeIntTruthVal(BasicValueFactory& BasicVals, bool b);
 

Modified: cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicConstraintManager.cpp?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/BasicConstraintManager.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicConstraintManager.cpp Sat Nov 22 07:21:46 2008
@@ -69,6 +69,9 @@
   const GRState* AssumeSymLE(const GRState* St, SymbolID sym,
                              const llvm::APSInt& V, bool& isFeasible);
 
+  const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
+                               bool Assumption, bool& isFeasible);
+
   const GRState* AddEQ(const GRState* St, SymbolID sym, const llvm::APSInt& V);
 
   const GRState* AddNE(const GRState* St, SymbolID sym, const llvm::APSInt& V);
@@ -83,6 +86,9 @@
 
   void print(const GRState* St, std::ostream& Out, 
              const char* nl, const char *sep);
+
+private:
+  BasicValueFactory& getBasicVals() { return StateMgr.getBasicVals(); }
 };
 
 } // end anonymous namespace
@@ -352,6 +358,27 @@
   return St;
 }
 
+const GRState* 
+BasicConstraintManager::AssumeInBound(const GRState* St, SVal Idx, 
+                                      SVal UpperBound, bool Assumption, 
+                                      bool& isFeasible) {
+  // Only support ConcreteInt for now.
+  if (!(isa<nonloc::ConcreteInt>(Idx) && isa<nonloc::ConcreteInt>(UpperBound))){
+    isFeasible = true;
+    return St;
+  }
+
+  const llvm::APSInt& Zero = getBasicVals().getZeroWithPtrWidth(false);
+  const llvm::APSInt& IdxV = cast<nonloc::ConcreteInt>(Idx).getValue();
+  const llvm::APSInt& UBV = cast<nonloc::ConcreteInt>(UpperBound).getValue();
+
+  bool InBound = (Zero <= IdxV) && (IdxV < UBV);
+
+  isFeasible = Assumption ? InBound : !InBound;
+
+  return St;
+}
+
 static int ConstEqTyIndex = 0;
 static int ConstNotEqTyIndex = 0;
 

Modified: cfe/trunk/lib/Analysis/BasicValueFactory.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicValueFactory.cpp?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/BasicValueFactory.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicValueFactory.cpp Sat Nov 22 07:21:46 2008
@@ -76,6 +76,12 @@
   return *P;
 }
 
+const llvm::APSInt& BasicValueFactory::getValue(const llvm::APInt& X,
+                                                bool isUnsigned) {
+  llvm::APSInt V(X, isUnsigned);
+  return getValue(V);
+}
+
 const llvm::APSInt& BasicValueFactory::getValue(uint64_t X, unsigned BitWidth,
                                            bool isUnsigned) {
   llvm::APSInt V(BitWidth, isUnsigned);

Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Sat Nov 22 07:21:46 2008
@@ -1084,9 +1084,14 @@
       bool isFeasibleOutBound = false;
       const GRState* StOutBound = AssumeInBound(StNotNull, Idx, NumElements, 
                                                 false, isFeasibleOutBound);
-      StInBound = StOutBound = 0; // FIXME: squeltch warning.
 
-      // Report warnings ...
+      if (isFeasibleOutBound) {
+        // Report warning.
+
+        StOutBound = 0;
+      }
+
+      return isFeasibleInBound ? StInBound : NULL;
     }
   }
   

Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Sat Nov 22 07:21:46 2008
@@ -80,6 +80,8 @@
 
   SVal getLValueElement(const GRState* St, SVal Base, SVal Offset);
 
+  SVal getSizeInElements(const GRState* St, const MemRegion* R);
+
   SVal ArrayToPointer(SVal Array);
 
   std::pair<const GRState*, SVal>
@@ -257,6 +259,40 @@
   return UnknownVal();
 }
 
+SVal RegionStoreManager::getSizeInElements(const GRState* St,
+                                           const MemRegion* R) {
+  if (const VarRegion* VR = dyn_cast<VarRegion>(R)) {
+    // Get the type of the variable.
+    QualType T = VR->getType(getContext());
+
+    // It must be of array type. 
+    const ConstantArrayType* CAT = cast<ConstantArrayType>(T.getTypePtr());
+
+    // return the size as signed integer.
+    return NonLoc::MakeVal(getBasicVals(), CAT->getSize(), false);
+  }
+
+  if (const StringRegion* SR = dyn_cast<StringRegion>(R)) {
+    // FIXME: Unsupported yet.
+    SR = 0;
+    return UnknownVal();
+  }
+
+  if (const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R)) {
+    // FIXME: Unsupported yet.
+    ATR = 0;
+    return UnknownVal();
+  }
+
+  if (const FieldRegion* FR = dyn_cast<FieldRegion>(R)) {
+    // FIXME: Unsupported yet.
+    FR = 0;
+    return UnknownVal();
+  }
+  printf("kidn = %d\n", R->getKind());
+  assert(0 && "Other regions are not supported yet.");
+}
+
 // Cast 'pointer to array' to 'pointer to the first element of array'.
 
 SVal RegionStoreManager::ArrayToPointer(SVal Array) {

Modified: cfe/trunk/lib/Analysis/SVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=59869&r1=59868&r2=59869&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/SVals.cpp (original)
+++ cfe/trunk/lib/Analysis/SVals.cpp Sat Nov 22 07:21:46 2008
@@ -253,6 +253,11 @@
                               I->getType()->isUnsignedIntegerType())));
 }
 
+NonLoc NonLoc::MakeVal(BasicValueFactory& BasicVals, const llvm::APInt& I,
+                       bool isUnsigned) {
+  return nonloc::ConcreteInt(BasicVals.getValue(I, isUnsigned));
+}
+
 NonLoc NonLoc::MakeIntTruthVal(BasicValueFactory& BasicVals, bool b) {
   return nonloc::ConcreteInt(BasicVals.getTruthValue(b));
 }





More information about the cfe-commits mailing list