[cfe-commits] r74816 - in /cfe/trunk: include/clang/Analysis/PathSensitive/Store.h lib/Analysis/CFRefCount.cpp lib/Analysis/Store.cpp
Zhongxing Xu
xuzhongxing at gmail.com
Sun Jul 5 23:01:24 PDT 2009
Author: zhongxingxu
Date: Mon Jul 6 01:01:24 2009
New Revision: 74816
URL: http://llvm.org/viewvc/llvm-project?rev=74816&view=rev
Log:
Further cleanup of region invalidation code. No functionality change.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
cfe/trunk/lib/Analysis/CFRefCount.cpp
cfe/trunk/lib/Analysis/Store.cpp
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Store.h?rev=74816&r1=74815&r2=74816&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Store.h Mon Jul 6 01:01:24 2009
@@ -157,7 +157,7 @@
virtual const GRState *BindDeclWithNoInit(const GRState *state,
const VarDecl *vd) = 0;
- const GRState *InvalidateRegion(const GRState *state, const TypedRegion *R,
+ const GRState *InvalidateRegion(const GRState *state, const MemRegion *R,
const Expr *E, unsigned Count);
// FIXME: Make out-of-line.
virtual const GRState *setExtent(const GRState *state,
Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=74816&r1=74815&r2=74816&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/lib/Analysis/CFRefCount.cpp Mon Jul 6 01:01:24 2009
@@ -2757,10 +2757,7 @@
ExplodedNode<GRState>* Pred) {
// Get the state.
- GRStateManager& StateMgr = Eng.getStateManager();
const GRState *state = Builder.GetState(Pred);
- ASTContext& Ctx = StateMgr.getContext();
- ValueManager &ValMgr = Eng.getValueManager();
// Evaluate the effect of the arguments.
RefVal::Kind hasErr = (RefVal::Kind) 0;
@@ -2796,59 +2793,54 @@
// expression (the context) and the expression itself. This should
// disambiguate conjured symbols.
unsigned Count = Builder.getCurrentBlockCount();
- const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion());
- StoreManager& StoreMgr =
- Eng.getStateManager().getStoreManager();
- if (R) {
- // Are we dealing with an ElementRegion? If the element type is
- // a basic integer type (e.g., char, int) and the underying region
- // is a variable region then strip off the ElementRegion.
- // FIXME: We really need to think about this for the general case
- // as sometimes we are reasoning about arrays and other times
- // about (char*), etc., is just a form of passing raw bytes.
- // e.g., void *p = alloca(); foo((char*)p);
- if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
- // Checking for 'integral type' is probably too promiscuous, but
- // we'll leave it in for now until we have a systematic way of
- // handling all of these cases. Eventually we need to come up
- // with an interface to StoreManager so that this logic can be
- // approriately delegated to the respective StoreManagers while
- // still allowing us to do checker-specific logic (e.g.,
- // invalidating reference counts), probably via callbacks.
- if (ER->getElementType()->isIntegralType()) {
- const MemRegion *superReg = ER->getSuperRegion();
- if (isa<VarRegion>(superReg) || isa<FieldRegion>(superReg) ||
- isa<ObjCIvarRegion>(superReg))
- R = cast<TypedRegion>(superReg);
- }
+ StoreManager& StoreMgr = Eng.getStateManager().getStoreManager();
- // FIXME: What about layers of ElementRegions?
+ const MemRegion *R = MR->getRegion();
+ // Are we dealing with an ElementRegion? If the element type is
+ // a basic integer type (e.g., char, int) and the underying region
+ // is a variable region then strip off the ElementRegion.
+ // FIXME: We really need to think about this for the general case
+ // as sometimes we are reasoning about arrays and other times
+ // about (char*), etc., is just a form of passing raw bytes.
+ // e.g., void *p = alloca(); foo((char*)p);
+ if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
+ // Checking for 'integral type' is probably too promiscuous, but
+ // we'll leave it in for now until we have a systematic way of
+ // handling all of these cases. Eventually we need to come up
+ // with an interface to StoreManager so that this logic can be
+ // approriately delegated to the respective StoreManagers while
+ // still allowing us to do checker-specific logic (e.g.,
+ // invalidating reference counts), probably via callbacks.
+ if (ER->getElementType()->isIntegralType()) {
+ const MemRegion *superReg = ER->getSuperRegion();
+ if (isa<VarRegion>(superReg) || isa<FieldRegion>(superReg) ||
+ isa<ObjCIvarRegion>(superReg))
+ R = cast<TypedRegion>(superReg);
}
-
- // Is the invalidated variable something that we were tracking?
- SymbolRef Sym = state->getSValAsScalarOrLoc(R).getAsLocSymbol();
-
- // Remove any existing reference-count binding.
- if (Sym) state = state->remove<RefBindings>(Sym);
-
- state = StoreMgr.InvalidateRegion(state, R, *I, Count);
- }
- else if (isa<AllocaRegion>(MR->getRegion())) {
- // Invalidate the alloca region by setting its default value to
- // conjured symbol. The type of the symbol is irrelavant.
- SVal V = ValMgr.getConjuredSymbolVal(*I, Eng.getContext().IntTy,
- Count);
- state = StoreMgr.setDefaultValue(state, MR->getRegion(), V);
+ // FIXME: What about layers of ElementRegions?
}
- else
- state = state->bindLoc(*MR, UnknownVal());
+
+ // Is the invalidated variable something that we were tracking?
+ SymbolRef Sym = state->getSValAsScalarOrLoc(R).getAsLocSymbol();
+
+ // Remove any existing reference-count binding.
+ if (Sym)
+ state = state->remove<RefBindings>(Sym);
+
+ state = StoreMgr.InvalidateRegion(state, R, *I, Count);
}
else {
// Nuke all other arguments passed by reference.
+ // FIXME: is this necessary or correct? unbind only removes the binding.
+ // We should bind it to UnknownVal explicitly. Otherwise default value
+ // may be loaded.
state = state->unbindLoc(cast<Loc>(V));
}
}
else if (isa<nonloc::LocAsInteger>(V))
+ // FIXME: is this necessary or correct? unbind only removes the binding.
+ // We should bind it to UnknownVal explicitly. Otherwise default value
+ // may be loaded.
state = state->unbindLoc(cast<nonloc::LocAsInteger>(V).getLoc());
}
Modified: cfe/trunk/lib/Analysis/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/Store.cpp?rev=74816&r1=74815&r2=74816&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/Store.cpp (original)
+++ cfe/trunk/lib/Analysis/Store.cpp Mon Jul 6 01:01:24 2009
@@ -111,17 +111,28 @@
}
const GRState *StoreManager::InvalidateRegion(const GRState *state,
- const TypedRegion *R,
+ const MemRegion *R,
const Expr *E, unsigned Count) {
+ ASTContext& Ctx = StateMgr.getContext();
+
if (!R->isBoundable())
return state;
- ASTContext& Ctx = StateMgr.getContext();
- QualType T = R->getValueType(Ctx);
+ if (isa<AllocaRegion>(R) || isa<SymbolicRegion>(R)) {
+ // Invalidate the alloca region by setting its default value to
+ // conjured symbol. The type of the symbol is irrelavant.
+ SVal V = ValMgr.getConjuredSymbolVal(E, Ctx.IntTy, Count);
+ state = setDefaultValue(state, R, V);
+ return state;
+ }
+
+ const TypedRegion *TR = cast<TypedRegion>(R);
+
+ QualType T = TR->getValueType(Ctx);
if (Loc::IsLocType(T) || (T->isIntegerType() && T->isScalarType())) {
SVal V = ValMgr.getConjuredSymbolVal(E, T, Count);
- return Bind(state, ValMgr.makeLoc(R), V);
+ return Bind(state, ValMgr.makeLoc(TR), V);
}
else if (const RecordType *RT = T->getAsStructureType()) {
// FIXME: handle structs with default region value.
@@ -138,7 +149,7 @@
// For now just handle scalar fields.
FieldDecl *FD = *FI;
QualType FT = FD->getType();
- const FieldRegion* FR = MRMgr.getFieldRegion(FD, R);
+ const FieldRegion* FR = MRMgr.getFieldRegion(FD, TR);
if (Loc::IsLocType(FT) ||
(FT->isIntegerType() && FT->isScalarType())) {
@@ -158,10 +169,10 @@
// Set the default value of the array to conjured symbol.
SVal V = ValMgr.getConjuredSymbolVal(E, AT->getElementType(),
Count);
- state = setDefaultValue(state, R, V);
+ state = setDefaultValue(state, TR, V);
} else {
// Just blast away other values.
- state = Bind(state, ValMgr.makeLoc(R), UnknownVal());
+ state = Bind(state, ValMgr.makeLoc(TR), UnknownVal());
}
return state;
More information about the cfe-commits
mailing list