[cfe-commits] r90993 - in /cfe/trunk: lib/Analysis/OSAtomicChecker.cpp test/Analysis/NSString-failed-cases.m test/Analysis/NSString.m
Ted Kremenek
kremenek at apple.com
Wed Dec 9 15:29:55 PST 2009
Author: kremenek
Date: Wed Dec 9 17:29:55 2009
New Revision: 90993
URL: http://llvm.org/viewvc/llvm-project?rev=90993&view=rev
Log:
Fix null dereference in OSAtomicChecker and special case SymbolicRegions. We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m.
Added:
cfe/trunk/test/Analysis/NSString-failed-cases.m
Modified:
cfe/trunk/lib/Analysis/OSAtomicChecker.cpp
cfe/trunk/test/Analysis/NSString.m
Modified: cfe/trunk/lib/Analysis/OSAtomicChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/OSAtomicChecker.cpp?rev=90993&r1=90992&r2=90993&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/OSAtomicChecker.cpp (original)
+++ cfe/trunk/lib/Analysis/OSAtomicChecker.cpp Wed Dec 9 17:29:55 2009
@@ -98,11 +98,20 @@
ExplodedNodeSet Tmp;
SVal location = state->getSVal(theValueExpr);
// Here we should use the value type of the region as the load type.
- const MemRegion *R = location.getAsRegion()->StripCasts();
QualType LoadTy;
- if (R) {
- LoadTy = cast<TypedRegion>(R)->getValueType(Ctx);
- location = loc::MemRegionVal(R);
+ if (const MemRegion *R = location.getAsRegion()) {
+ // We must be careful, as SymbolicRegions aren't typed.
+ const MemRegion *strippedR = R->StripCasts();
+ // FIXME: This isn't quite the right solution. One test case in 'test/Analysis/NSString.m'
+ // is giving the wrong result.
+ const TypedRegion *typedR =
+ isa<SymbolicRegion>(strippedR) ? cast<TypedRegion>(R) :
+ dyn_cast<TypedRegion>(strippedR);
+
+ if (typedR) {
+ LoadTy = typedR->getValueType(Ctx);
+ location = loc::MemRegionVal(typedR);
+ }
}
Engine.EvalLoad(Tmp, const_cast<Expr *>(theValueExpr), C.getPredecessor(),
state, location, OSAtomicLoadTag, LoadTy);
Added: cfe/trunk/test/Analysis/NSString-failed-cases.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/NSString-failed-cases.m?rev=90993&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/NSString-failed-cases.m (added)
+++ cfe/trunk/test/Analysis/NSString-failed-cases.m Wed Dec 9 17:29:55 2009
@@ -0,0 +1,115 @@
+// RUN: clang-cc -triple i386-apple-darwin10 -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=region -analyzer-constraints=basic -verify %s
+// RUN: clang-cc -triple i386-apple-darwin10 -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=region -analyzer-constraints=range -verify %s
+// RUN: clang-cc -DTEST_64 -triple x86_64-apple-darwin10 -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=region -analyzer-constraints=basic -verify %s
+// RUN: clang-cc -DTEST_64 -triple x86_64-apple-darwin10 -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=region -analyzer-constraints=range -verify %s
+// XFAIL: *
+
+//===----------------------------------------------------------------------===//
+// The following code is reduced using delta-debugging from
+// Foundation.h (Mac OS X).
+//
+// It includes the basic definitions for the test cases below.
+// Not directly including Foundation.h directly makes this test case
+// both svelte and portable to non-Mac platforms.
+//===----------------------------------------------------------------------===//
+
+#ifdef TEST_64
+typedef long long int64_t;
+_Bool OSAtomicCompareAndSwap64Barrier( int64_t __oldValue, int64_t __newValue, volatile int64_t *__theValue );
+#define COMPARE_SWAP_BARRIER OSAtomicCompareAndSwap64Barrier
+typedef int64_t intptr_t;
+#else
+typedef int int32_t;
+_Bool OSAtomicCompareAndSwap32Barrier( int32_t __oldValue, int32_t __newValue, volatile int32_t *__theValue );
+#define COMPARE_SWAP_BARRIER OSAtomicCompareAndSwap32Barrier
+typedef int32_t intptr_t;
+#endif
+
+typedef const void * CFTypeRef;
+typedef const struct __CFString * CFStringRef;
+typedef const struct __CFAllocator * CFAllocatorRef;
+extern const CFAllocatorRef kCFAllocatorDefault;
+extern CFTypeRef CFRetain(CFTypeRef cf);
+void CFRelease(CFTypeRef cf);
+typedef const struct __CFDictionary * CFDictionaryRef;
+const void *CFDictionaryGetValue(CFDictionaryRef theDict, const void *key);
+extern CFStringRef CFStringCreateWithFormat(CFAllocatorRef alloc, CFDictionaryRef formatOptions, CFStringRef format, ...);
+typedef signed char BOOL;
+typedef int NSInteger;
+typedef unsigned int NSUInteger;
+ at class NSString, Protocol;
+extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2)));
+typedef NSInteger NSComparisonResult;
+typedef struct _NSZone NSZone;
+ at class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
+ at protocol NSObject
+- (BOOL)isEqual:(id)object;
+- (oneway void)release;
+- (id)retain;
+- (id)autorelease;
+ at end
+ at protocol NSCopying
+- (id)copyWithZone:(NSZone *)zone;
+ at end
+ at protocol NSMutableCopying
+- (id)mutableCopyWithZone:(NSZone *)zone;
+ at end
+ at protocol NSCoding
+- (void)encodeWithCoder:(NSCoder *)aCoder;
+ at end
+ at interface NSObject <NSObject> {}
+- (id)init;
++ (id)alloc;
+ at end
+extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone);
+typedef struct {} NSFastEnumerationState;
+ at protocol NSFastEnumeration
+- (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len;
+ at end
+ at class NSString;
+typedef struct _NSRange {} NSRange;
+ at interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration>
+- (NSUInteger)count;
+ at end
+ at interface NSMutableArray : NSArray
+- (void)addObject:(id)anObject;
+- (id)initWithCapacity:(NSUInteger)numItems;
+ at end
+typedef unsigned short unichar;
+ at class NSData, NSArray, NSDictionary, NSCharacterSet, NSData, NSURL, NSError, NSLocale;
+typedef NSUInteger NSStringCompareOptions;
+ at interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length;
+- (NSComparisonResult)compare:(NSString *)string;
+- (NSComparisonResult)compare:(NSString *)string options:(NSStringCompareOptions)mask;
+- (NSComparisonResult)compare:(NSString *)string options:(NSStringCompareOptions)mask range:(NSRange)compareRange;
+- (NSComparisonResult)compare:(NSString *)string options:(NSStringCompareOptions)mask range:(NSRange)compareRange locale:(id)locale;
+- (NSComparisonResult)caseInsensitiveCompare:(NSString *)string;
+- (NSArray *)componentsSeparatedByCharactersInSet:(NSCharacterSet *)separator;
++ (id)stringWithFormat:(NSString *)format, ... __attribute__((format(__NSString__, 1, 2)));
+ at end
+ at interface NSSimpleCString : NSString {} @end
+ at interface NSConstantString : NSSimpleCString @end
+extern void *_NSConstantStringClassReference;
+
+//===----------------------------------------------------------------------===//
+// Test cases. These should all be merged into NSString.m once these tests
+// stop reporting leaks.
+//===----------------------------------------------------------------------===//
+
+// FIXME: THIS TEST CASE INCORRECTLY REPORTS A LEAK.
+void testOSCompareAndSwapXXBarrier_parameter(NSString **old) {
+ NSString *s = [[NSString alloc] init]; // no-warning
+ if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) old))
+ [s release];
+ else
+ [*old release];
+}
+
+// FIXME: THIS TEST CASE INCORRECTLY REPORTS A LEAK.
+void testOSCompareAndSwapXXBarrier_parameter_no_direct_release(NSString **old) {
+ NSString *s = [[NSString alloc] init]; // no-warning
+ if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) old))
+ return;
+ else
+ [*old release];
+}
Modified: cfe/trunk/test/Analysis/NSString.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/NSString.m?rev=90993&r1=90992&r2=90993&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/NSString.m (original)
+++ cfe/trunk/test/Analysis/NSString.m Wed Dec 9 17:29:55 2009
@@ -291,7 +291,7 @@
[old release];
}
-void testOSCompareAndSwapXXBarrier() {
+void testOSCompareAndSwapXXBarrier_local() {
NSString *old = 0;
NSString *s = [[NSString alloc] init]; // no-warning
if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) &old))
@@ -300,7 +300,7 @@
[old release];
}
-void testOSCompareAndSwapXXBarrier_positive() {
+void testOSCompareAndSwapXXBarrier_local_no_direct_release() {
NSString *old = 0;
NSString *s = [[NSString alloc] init]; // no-warning
if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) &old))
@@ -315,7 +315,7 @@
return 0;
}
-void test_objc_atomicCompareAndSwap() {
+void test_objc_atomicCompareAndSwap_local() {
NSString *old = 0;
NSString *s = [[NSString alloc] init]; // no-warning
if (!objc_atomicCompareAndSwapPtr(0, s, &old))
@@ -324,7 +324,7 @@
[old release];
}
-void test_objc_atomicCompareAndSwap_positive() {
+void test_objc_atomicCompareAndSwap_local_no_direct_release() {
NSString *old = 0;
NSString *s = [[NSString alloc] init]; // no-warning
if (!objc_atomicCompareAndSwapPtr(0, s, &old))
@@ -333,6 +333,22 @@
[old release];
}
+void test_objc_atomicCompareAndSwap_parameter(NSString **old) {
+ NSString *s = [[NSString alloc] init]; // no-warning
+ if (!objc_atomicCompareAndSwapPtr(0, s, old))
+ [s release];
+ else
+ [*old release];
+}
+
+void test_objc_atomicCompareAndSwap_parameter_no_direct_release(NSString **old) {
+ NSString *s = [[NSString alloc] init]; // expected-warning{{leak}}
+ if (!objc_atomicCompareAndSwapPtr(0, s, old))
+ return;
+ else
+ [*old release];
+}
+
// Test stringWithFormat (<rdar://problem/6815234>)
void test_stringWithFormat() {
More information about the cfe-commits
mailing list