[cfe-commits] r154084 - in /cfe/trunk: lib/StaticAnalyzer/Core/ExprEngineC.cpp test/Analysis/misc-ps-region-store.cpp

Ted Kremenek kremenek at apple.com
Wed Apr 4 22:56:31 PDT 2012 

Author: kremenek
Date: Thu Apr  5 00:56:31 2012
New Revision: 154084

URL: http://llvm.org/viewvc/llvm-project?rev=154084&view=rev
Log:
Handle symbolicating a reference in an initializer expression that we don't understand.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
    cfe/trunk/test/Analysis/misc-ps-region-store.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp?rev=154084&r1=154083&r2=154084&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp Thu Apr  5 00:56:31 2012
@@ -375,7 +375,12 @@
       // Recover some path-sensitivity if a scalar value evaluated to
       // UnknownVal.
       if (InitVal.isUnknown()) {
-        InitVal = svalBuilder.getConjuredSymbolVal(NULL, InitEx, LC,
+	QualType Ty = InitEx->getType();
+	if (InitEx->isLValue()) {
+	  Ty = getContext().getPointerType(Ty);
+	}
+
+        InitVal = svalBuilder.getConjuredSymbolVal(NULL, InitEx, LC, Ty,
                                  currentBuilderContext->getCurrentBlockCount());
       }
       B.takeNodes(N);

Modified: cfe/trunk/test/Analysis/misc-ps-region-store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.cpp?rev=154084&r1=154083&r2=154084&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.cpp (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.cpp Thu Apr  5 00:56:31 2012
@@ -568,3 +568,13 @@
 void PR11146::baz() {
   (void) &Entry::x;
 }
+
+// Test symbolicating a reference.  In this example, the
+// analyzer (originally) didn't know how to handle x[index - index2],
+// returning an UnknownVal.  The conjured symbol wasn't a location,
+// and would result in a crash.
+void rdar10924675(unsigned short x[], int index, int index2) {
+  unsigned short &y = x[index - index2];
+  if (y == 0)
+    return;
+}

More information about the cfe-commits mailing list