[cfe-commits] r76719 - in /cfe/trunk: lib/Analysis/Store.cpp test/Analysis/misc-ps.m

Ted Kremenek kremenek at apple.com
Tue Jul 21 21:23:20 PDT 2009 

Author: kremenek
Date: Tue Jul 21 23:23:20 2009
New Revision: 76719

URL: http://llvm.org/viewvc/llvm-project?rev=76719&view=rev
Log:
Fix a crasher in StoreManager::InvalidateRegion() caused by using the
'cast type' of a region to invalidate its binding.  This only occurs
when using RegionStoreManager, as it records the cast type.  I'm
currently considering removing the notion of a cast type (see
comments in code).

Modified:
    cfe/trunk/lib/Analysis/Store.cpp
    cfe/trunk/test/Analysis/misc-ps.m

Modified: cfe/trunk/lib/Analysis/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/Store.cpp?rev=76719&r1=76718&r2=76719&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/Store.cpp (original)
+++ cfe/trunk/lib/Analysis/Store.cpp Tue Jul 21 23:23:20 2009
@@ -258,6 +258,13 @@
   const TypedRegion *TR = cast<TypedRegion>(R);
   QualType T = TR->getValueType(Ctx);
 
+  // FIXME: The code causes a crash when using RegionStore on the test case
+  // 'test_invalidate_cast_int' (misc-ps.m).  Consider removing it
+  // permanently.  Region casts are probably not too strict to handle
+  // the transient interpretation of memory.  Instead we can use the QualType
+  // passed to 'Retrieve' and friends to determine the most current
+  // interpretation of memory when it is actually used.
+#if 0
   // If the region is cast to another type, use that type.  
   if (const QualType *CastTy = getCastType(state, R)) {
     assert(!(*CastTy)->isObjCObjectPointerType());
@@ -270,6 +277,7 @@
     if (!(Loc::IsLocType(T) && !Loc::IsLocType(NewT)))
       T = NewT;
   }
+#endif
   
   if (Loc::IsLocType(T) || (T->isIntegerType() && T->isScalarType())) {
     SVal V = ValMgr.getConjuredSymbolVal(E, T, Count);

Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=76719&r1=76718&r2=76719&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Tue Jul 21 23:23:20 2009
@@ -459,3 +459,14 @@
   char **foo = buf;
   *foo = "test";
 }
+
+// Test invalidation logic where an integer is casted to an array with a
+// different sign and then invalidated.
+void test_invalidate_cast_int() {
+  void test_invalidate_cast_int_aux(unsigned *i);
+  signed i;  
+  test_invalidate_cast_int_aux((unsigned*) &i);
+  if (i < 0)
+    return;
+}
+

More information about the cfe-commits mailing list