[cfe-commits] r68629 - in /cfe/trunk: include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/GRExprEngine.cpp lib/Analysis/SVals.cpp test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m

[Ted Kremenek]

Author: kremenek
Date: Wed Apr  8 13:51:08 2009
New Revision: 68629

URL: http://llvm.org/viewvc/llvm-project?rev=68629&view=rev
Log:
Enhance analyzer reasoning about sending messages to nil.  A nil receiver returns 0 for scalars of size <= sizeof(void*).

Modified:
    cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
    cfe/trunk/lib/Analysis/GRExprEngine.cpp
    cfe/trunk/lib/Analysis/SVals.cpp
    cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=68629&r1=68628&r2=68629&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Wed Apr  8 13:51:08 2009
@@ -95,6 +95,8 @@
     return getRawKind() > UnknownKind;
   }
   
+  static SVal MakeZero(BasicValueFactory &BasicVals, QualType T);
+  
   bool isZeroConstant() const;
   
   /// getAsLocSymbol - If this SVal is a location (subclasses Loc) and 
@@ -211,11 +213,7 @@
 protected:
   Loc(unsigned SubKind, const void* D)
   : SVal(const_cast<void*>(D), true, SubKind) {}
-  
-//  // Equality operators.
-//  NonLoc EQ(SymbolManager& SM, Loc R) const;
-//  NonLoc NE(SymbolManager& SM, Loc R) const;
-  
+
 public:
   void print(llvm::raw_ostream& Out) const;
 
@@ -228,6 +226,8 @@
 
   static Loc MakeVal(SymbolRef sym);
   
+  static Loc MakeNull(BasicValueFactory &BasicVals);
+  
   // Implement isa<T> support.
   static inline bool classof(const SVal* V) {
     return V->getBaseKind() == LocKind;

Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=68629&r1=68628&r2=68629&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Wed Apr  8 13:51:08 2009
@@ -1682,7 +1682,7 @@
     
     // "Assume" that the receiver is not NULL.    
     bool isFeasibleNotNull = false;
-    Assume(state, L, true, isFeasibleNotNull);
+    const GRState *StNotNull = Assume(state, L, true, isFeasibleNotNull);
     
     // "Assume" that the receiver is NULL.    
     bool isFeasibleNull = false;
@@ -1724,8 +1724,21 @@
                 NilReceiverLargerThanVoidPtrRetExplicit.insert(N);
             }
           }
+          else {
+            // Handle the safe cases where the return value is 0 if the receiver
+            // is nil.
+            SVal V = SVal::MakeZero(getBasicVals(), ME->getType());
+            MakeNode(Dst, ME, Pred, BindExpr(StNull, ME, V));
+          }
         }
       }
+      
+      // We have handled the cases where the receiver is nil.  The remainder
+      // of this method should assume that the receiver is not nil.      
+      if (!isFeasibleNotNull)
+        return;
+
+      state = StNotNull;
     }
     
     // Check if the "raise" message was sent.
@@ -2445,7 +2458,7 @@
             //    transfer functions as "0 == E".
             
             if (isa<Loc>(V)) {
-              loc::ConcreteInt X(getBasicVals().getZeroWithPtrWidth());
+              Loc X = Loc::MakeNull(getBasicVals());
               SVal Result = EvalBinOp(BinaryOperator::EQ, cast<Loc>(V), X,
                                       U->getType());
               state = BindExpr(state, U, Result);

Modified: cfe/trunk/lib/Analysis/SVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=68629&r1=68628&r2=68629&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/SVals.cpp (original)
+++ cfe/trunk/lib/Analysis/SVals.cpp Wed Apr  8 13:51:08 2009
@@ -202,6 +202,22 @@
 }
 
 //===----------------------------------------------------------------------===//
+// Utility methods for constructing SVals.
+//===----------------------------------------------------------------------===//
+
+SVal SVal::MakeZero(BasicValueFactory &BasicVals, QualType T) {
+  if (Loc::IsLocType(T))
+    return Loc::MakeNull(BasicVals);
+
+  if (T->isIntegerType())
+    return NonLoc::MakeVal(BasicVals, 0, T);
+  
+  // FIXME: Handle floats.
+  // FIXME: Handle structs.
+  return UnknownVal();  
+}
+
+//===----------------------------------------------------------------------===//
 // Utility methods for constructing Non-Locs.
 //===----------------------------------------------------------------------===//
 
@@ -314,6 +330,10 @@
 
 Loc Loc::MakeVal(SymbolRef sym) { return loc::SymbolVal(sym); }
 
+Loc Loc::MakeNull(BasicValueFactory &BasicVals) {
+  return loc::ConcreteInt(BasicVals.getZeroWithPtrWidth());
+}
+
 //===----------------------------------------------------------------------===//
 // Pretty-Printing.
 //===----------------------------------------------------------------------===//

Modified: cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m?rev=68629&r1=68628&r2=68629&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m (original)
+++ cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m Wed Apr  8 13:51:08 2009
@@ -46,3 +46,14 @@
   double d = [obj doubleM]; // no-warning
 }
 
+void handleNilPruneLoop(MyClass *obj) {
+  if (!!obj)
+    return;
+  
+  // Test if [obj intM] evaluates to 0, thus pruning the entire loop.
+  for (int i = 0; i < [obj intM]; i++) {
+    long long j = [obj longlongM]; // no-warning
+  }
+  
+  long long j = [obj longlongM]; // expected-warning{{The receiver in the message expression is 'nil' and results in the returned value}}
+}