[cfe-commits] r70832 - in /cfe/trunk: lib/Analysis/Store.cpp test/Analysis/basicstore_wine_crash.c test/Analysis/xfail_regionstore_wine_crash.c test/Analysis/xfail_wine_crash.c

Ted Kremenek kremenek at apple.com
Sun May 3 23:35:49 PDT 2009 

Author: kremenek
Date: Mon May  4 01:35:49 2009
New Revision: 70832

URL: http://llvm.org/viewvc/llvm-project?rev=70832&view=rev
Log:
Handle 'long x = 0; char *y = (char *) x;' by layering an
'ElementRegion' on top of the VarRegion for 'x'.  This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager.  It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.

Added:
    cfe/trunk/test/Analysis/basicstore_wine_crash.c
    cfe/trunk/test/Analysis/xfail_regionstore_wine_crash.c
      - copied unchanged from r70828, cfe/trunk/test/Analysis/xfail_wine_crash.c
Removed:
    cfe/trunk/test/Analysis/xfail_wine_crash.c
Modified:
    cfe/trunk/lib/Analysis/Store.cpp

Modified: cfe/trunk/lib/Analysis/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/Store.cpp?rev=70832&r1=70831&r2=70832&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/Store.cpp (original)
+++ cfe/trunk/lib/Analysis/Store.cpp Mon May  4 01:35:49 2009
@@ -23,7 +23,7 @@
 
 StoreManager::CastResult
 StoreManager::CastRegion(const GRState* state, const MemRegion* R,
-                               QualType CastToTy) {
+                         QualType CastToTy) {
   
   ASTContext& Ctx = StateMgr.getContext();
 
@@ -38,10 +38,11 @@
       return CastResult(state, R);
   }
   
-  // Check if we are casting to 'void*'.
-  // FIXME: Handle arbitrary upcasts.
-  if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr()))
-    if (PTy->getPointeeType()->isVoidType()) {
+  if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr())) {
+    // Check if we are casting to 'void*'.
+    // FIXME: Handle arbitrary upcasts.
+    QualType Pointee = PTy->getPointeeType();
+    if (Pointee->isVoidType()) {
 
       // Casts to void* only removes TypedViewRegion. If there is no
       // TypedViewRegion, leave the region untouched. This happens when:
@@ -58,6 +59,20 @@
       
       return CastResult(state, R);
     }
+    else if (Pointee->isIntegerType()) {
+      // FIXME: At some point, it stands to reason that this 'dyn_cast' should
+      //  become a 'cast' and that 'R' will always be a TypedRegion.
+      if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) {
+        // Check if we are casting to a region with an integer type.  We now
+        // the types aren't the same, so we construct an ElementRegion.
+        // FIXME: We should have a standard query function to get the size
+        //  of the array index.
+        SVal Idx = ValMgr.makeZeroVal(ValMgr.getContext().VoidPtrTy);
+        ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, TR);
+        return CastResult(state, ER);
+      }
+    }
+  }
 
   // FIXME: Need to handle arbitrary downcasts.
   // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion

Added: cfe/trunk/test/Analysis/basicstore_wine_crash.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/basicstore_wine_crash.c?rev=70832&view=auto

==============================================================================
--- cfe/trunk/test/Analysis/basicstore_wine_crash.c (added)
+++ cfe/trunk/test/Analysis/basicstore_wine_crash.c Mon May  4 01:35:49 2009
@@ -0,0 +1,11 @@
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic %s
+
+// Once xfail_regionstore_wine_crash.c passes, move this test case
+// into misc-ps.m.
+
+void foo() {
+  long x = 0;
+  char *y = (char *) &x;
+  if (!*y)
+    return;
+}

Removed: cfe/trunk/test/Analysis/xfail_wine_crash.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/xfail_wine_crash.c?rev=70831&view=auto

==============================================================================
--- cfe/trunk/test/Analysis/xfail_wine_crash.c (original)
+++ cfe/trunk/test/Analysis/xfail_wine_crash.c (removed)
@@ -1,12 +0,0 @@
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region %s &&
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic %s
-// XFAIL
-
-// When this test passes we should put it in the misc-ps.m test file.
-
-void foo() {
-  long x = 0;
-  char *y = (char *) &x;
-  if (!*y)
-    return;
-}

More information about the cfe-commits mailing list