[cfe-commits] r78000 - in /cfe/trunk: lib/Analysis/RegionStore.cpp test/Analysis/misc-ps.m

Ted Kremenek kremenek at apple.com
Mon Aug 3 14:41:49 PDT 2009 

Author: kremenek
Date: Mon Aug  3 16:41:46 2009
New Revision: 78000

URL: http://llvm.org/viewvc/llvm-project?rev=78000&view=rev
Log:
Handle disgusting corner case where a byte is loaded from the address of a function.

Modified:
    cfe/trunk/lib/Analysis/RegionStore.cpp
    cfe/trunk/test/Analysis/misc-ps.m

Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=78000&r1=77999&r2=78000&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Mon Aug  3 16:41:46 2009
@@ -882,6 +882,9 @@
     MR = MRMgr.getElementRegion(T, idx, MR, Ctx);
   }
   
+  if (isa<CodeTextRegion>(MR))
+    return SValuator::CastResult(state, UnknownVal());
+  
   // FIXME: Perhaps this method should just take a 'const MemRegion*' argument
   //  instead of 'Loc', and have the other Loc cases handled at a higher level.
   const TypedRegion *R = cast<TypedRegion>(MR);
@@ -1000,7 +1003,6 @@
   if (R->getIndex().isZeroConstant()) {
     if (const TypedRegion *superTR = dyn_cast<TypedRegion>(superR)) {
       ASTContext &Ctx = getContext();
-
       if (IsAnyPointerOrIntptr(superTR->getValueType(Ctx), Ctx)) {
         QualType valTy = R->getValueType(Ctx);
         if (IsAnyPointerOrIntptr(valTy, Ctx)) {

Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=78000&r1=77999&r2=78000&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Mon Aug  3 16:41:46 2009
@@ -499,3 +499,12 @@
   char *p = &x[1];
   const void* q = p;
 }
+
+// Reduced from a crash when analyzing Wine.  This test handles loads from
+// function addresses.
+typedef long (*FARPROC)();
+FARPROC test_load_func(FARPROC origfun) {
+  if (!*(unsigned char*) origfun)
+    return origfun;
+  return 0;
+}

More information about the cfe-commits mailing list