[cfe-commits] r75580 - in /cfe/trunk: include/clang/Analysis/PathSensitive/Store.h lib/Analysis/GRExprEngine.cpp lib/Analysis/RegionStore.cpp lib/Analysis/Store.cpp

Zhongxing Xu xuzhongxing at gmail.com
Mon Jul 13 18:12:46 PDT 2009 

Author: zhongxingxu
Date: Mon Jul 13 20:12:46 2009
New Revision: 75580

URL: http://llvm.org/viewvc/llvm-project?rev=75580&view=rev
Log:
Instead of recovering from a wrong invalidation, this patch aims to 
invalidate the region correctly. It uses the cast-to type to invalidate 
the region when available. To avoid invalid cast-to type like 'void*' or 'id',
region store now only records non-generic casts of regions.

Modified:
    cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
    cfe/trunk/lib/Analysis/GRExprEngine.cpp
    cfe/trunk/lib/Analysis/RegionStore.cpp
    cfe/trunk/lib/Analysis/Store.cpp

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Store.h?rev=75580&r1=75579&r2=75580&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Store.h Mon Jul 13 20:12:46 2009
@@ -145,6 +145,10 @@
     return state;
   }
 
+  virtual const QualType *getCastType(const GRState *state, const MemRegion *R){
+    return 0;
+  }
+
   /// EvalBinOp - Perform pointer arithmetic.
   virtual SVal EvalBinOp(const GRState *state, BinaryOperator::Opcode Op,
                          Loc lhs, NonLoc rhs, QualType resultTy) {

Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=75580&r1=75579&r2=75580&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Mon Jul 13 20:12:46 2009
@@ -1119,9 +1119,9 @@
     //  invalidate(y);  // 'x' now binds to a symbolic region
     //  int z = *y;
     //    
-    if (isa<Loc>(V) && !Loc::IsLocType(Ex->getType())) {
-      V = EvalCast(V, Ex->getType());
-    }
+    //if (isa<Loc>(V) && !Loc::IsLocType(Ex->getType())) {
+    //  V = EvalCast(V, Ex->getType());
+    //}
     
     MakeNode(Dst, Ex, Pred, state->bindExpr(Ex, V), K, tag);
   }

Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=75580&r1=75579&r2=75580&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Mon Jul 13 20:12:46 2009
@@ -327,6 +327,10 @@
   const GRState *setCastType(const GRState *state, const MemRegion* R,
                              QualType T);
 
+  const QualType *getCastType(const GRState *state, const MemRegion *R) {
+    return state->get<RegionCasts>(R);
+  }
+
   static inline RegionBindingsTy GetRegionBindings(Store store) {
    return RegionBindingsTy(static_cast<const RegionBindingsTy::TreeTy*>(store));
   }
@@ -349,6 +353,27 @@
 
 } // end anonymous namespace
 
+static bool isGenericPtr(ASTContext &Ctx, QualType Ty) {
+  if (Ty->isObjCIdType() || Ty->isObjCQualifiedIdType())
+    return true;
+
+  while (true) {
+    Ty = Ctx.getCanonicalType(Ty);
+    
+    if (Ty->isVoidType())
+      return true;
+    
+    if (const PointerType *PT = Ty->getAsPointerType()) {
+      Ty = PT->getPointeeType();
+      continue;
+    }
+    
+    break;
+  }
+  
+  return false;
+}
+
 //===----------------------------------------------------------------------===//
 // RegionStore creation.
 //===----------------------------------------------------------------------===//
@@ -1251,6 +1276,13 @@
 
 const GRState *RegionStoreManager::setCastType(const GRState *state, 
 					       const MemRegion* R, QualType T) {
+  // We do not record generic cast type, since we are using cast type to
+  // invlidate regions, and generic type is meaningless for invalidating
+  // regions.
+  // If the region already has a cast type before, that type is preserved.
+  // FIXME: is this the right thing to do?
+  if (isGenericPtr(getContext(), T))
+    return state;
   return state->set<RegionCasts>(R, T);
 }
 

Modified: cfe/trunk/lib/Analysis/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/Store.cpp?rev=75580&r1=75579&r2=75580&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/Store.cpp (original)
+++ cfe/trunk/lib/Analysis/Store.cpp Mon Jul 13 20:12:46 2009
@@ -235,7 +235,14 @@
 
   const TypedRegion *TR = cast<TypedRegion>(R);
 
-  QualType T = TR->getValueType(Ctx);
+  QualType T;
+ 
+  // If the region is cast to another type, use that type.
+  if (const QualType *CastTy = getCastType(state, R)) {
+    assert(!(*CastTy)->isObjCObjectPointerType());
+    T = (*CastTy)->getAsPointerType()->getPointeeType();
+  } else
+    T = TR->getValueType(Ctx);
 
   if (Loc::IsLocType(T) || (T->isIntegerType() && T->isScalarType())) {
     SVal V = ValMgr.getConjuredSymbolVal(E, T, Count);

More information about the cfe-commits mailing list