[cfe-commits] r61147 - in /cfe/trunk: lib/Analysis/CFRefCount.cpp test/Analysis/uninit-vals-ps.c
Ted Kremenek
kremenek at apple.com
Wed Dec 17 11:42:36 PST 2008
Author: kremenek
Date: Wed Dec 17 13:42:34 2008
New Revision: 61147
URL: http://llvm.org/viewvc/llvm-project?rev=61147&view=rev
Log:
Fix <rdar://problem/6451816>:
- Because of the introduction of AnonTypedRegions when reasoning about casts, we
had a regression in the "symbolication" of variable values passed-by-reference
to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
blasting through the layer of AnonTypedRegions when symbolicating the value of
the variable. This logic may get moved elsewhere. Note that this change
affects only -checker-cfref and not -checker-simple; eventually this logic
should get pulled out of CFRefCount.cpp into a more common place. All users
use -checker-cfref by default, and -checker-simple should probably just be
removed.
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
a test case for this regression.
Modified:
cfe/trunk/lib/Analysis/CFRefCount.cpp
cfe/trunk/test/Analysis/uninit-vals-ps.c
Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=61147&r1=61146&r2=61147&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/lib/Analysis/CFRefCount.cpp Wed Dec 17 13:42:34 2008
@@ -1599,6 +1599,14 @@
}
const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion());
+
+ // Blast through AnonTypedRegions to get the original region type.
+ while (R) {
+ const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R);
+ if (!ATR) break;
+ R = dyn_cast<TypedRegion>(ATR->getSuperRegion());
+ }
+
if (R) {
// Set the value of the variable to be a conjured symbol.
unsigned Count = Builder.getCurrentBlockCount();
@@ -1609,7 +1617,7 @@
SymbolRef NewSym =
Eng.getSymbolManager().getConjuredSymbol(*I, T, Count);
- state = state.BindLoc(*MR,
+ state = state.BindLoc(Loc::MakeVal(R),
Loc::IsLocType(T)
? cast<SVal>(loc::SymbolVal(NewSym))
: cast<SVal>(nonloc::SymbolVal(NewSym)));
Modified: cfe/trunk/test/Analysis/uninit-vals-ps.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/uninit-vals-ps.c?rev=61147&r1=61146&r2=61147&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/uninit-vals-ps.c (original)
+++ cfe/trunk/test/Analysis/uninit-vals-ps.c Wed Dec 17 13:42:34 2008
@@ -1,5 +1,5 @@
-// RUN: clang -checker-simple -verify %s &&
-// RUN: clang -checker-simple -analyzer-store-region -verify %s
+// RUN: clang -checker-cfref -verify %s &&
+// RUN: clang -checker-cfref -analyzer-store-region -verify %s
struct FPRec {
void (*my_func)(int * x);
@@ -49,4 +49,22 @@
return *p; // expected-warning{{Uninitialized or undefined return value returned to caller.}}
}
+// <rdar://problem/6451816>
+typedef unsigned char Boolean;
+typedef const struct __CFNumber * CFNumberRef;
+typedef signed long CFIndex;
+typedef CFIndex CFNumberType;
+typedef unsigned long UInt32;
+typedef UInt32 CFStringEncoding;
+typedef const struct __CFString * CFStringRef;
+extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr);
+extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding);
+
+CFStringRef rdar_6451816(CFNumberRef nr) {
+ CFStringEncoding encoding;
+ // &encoding is casted to void*. This test case tests whether or not
+ // we properly invalidate the value of 'encoding'.
+ CFNumberGetValue(nr, 9, &encoding);
+ return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning
+}
More information about the cfe-commits
mailing list