[cfe-commits] r156428 - in /cfe/trunk: lib/StaticAnalyzer/Core/RegionStore.cpp test/Analysis/misc-ps-arm.m test/Analysis/taint-tester.c

Ted Kremenek kremenek at apple.com
Tue May 8 14:49:55 PDT 2012


Author: kremenek
Date: Tue May  8 16:49:54 2012
New Revision: 156428

URL: http://llvm.org/viewvc/llvm-project?rev=156428&view=rev
Log:
Having RegionStore lower field bindings to raw offsets, just like ElementRegions.  This is a bit
disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values
as structs.  Fixes <rdar://problem/11405978>.

Added:
    cfe/trunk/test/Analysis/misc-ps-arm.m
Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
    cfe/trunk/test/Analysis/taint-tester.c

Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=156428&r1=156427&r2=156428&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Tue May  8 16:49:54 2012
@@ -81,14 +81,9 @@
 } // end anonymous namespace
 
 BindingKey BindingKey::Make(const MemRegion *R, Kind k) {
-  if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
-    const RegionRawOffset &O = ER->getAsArrayOffset();
-
-    // FIXME: There are some ElementRegions for which we cannot compute
-    // raw offsets yet, including regions with symbolic offsets. These will be
-    // ignored by the store.
-    return BindingKey(O.getRegion(), O.getOffset().getQuantity(), k);
-  }
+  const RegionOffset &RO = R->getAsOffset();
+  if (RO.getRegion())
+    return BindingKey(RO.getRegion(), RO.getOffset(), k);
 
   return BindingKey(R, 0, k);
 }
@@ -648,7 +643,7 @@
 
     for (RegionBindings::iterator RI = B.begin(), RE = B.end(); RI != RE; ++RI){
       const SubRegion *baseR = dyn_cast<SubRegion>(RI.getKey().getRegion());
-      if (baseR && baseR->isSubRegionOf(LazyR))
+      if (baseR && (baseR == LazyR || baseR->isSubRegionOf(LazyR)))
         VisitBinding(RI.getData());
     }
 

Added: cfe/trunk/test/Analysis/misc-ps-arm.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-arm.m?rev=156428&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-arm.m (added)
+++ cfe/trunk/test/Analysis/misc-ps-arm.m Tue May  8 16:49:54 2012
@@ -0,0 +1,18 @@
+// RUN: %clang_cc1 -triple thumbv7-apple-ios0.0.0 -analyze -analyzer-checker=core -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks -Wno-objc-root-class %s
+
+// <rdar://problem/11405978> - Handle casts of vectors to structs, and loading
+// a value.
+typedef float float32_t;
+typedef __attribute__((neon_vector_type(2))) float32_t float32x2_t;
+
+typedef struct
+{
+    float x, y;
+} Rdar11405978Vec;
+    
+float32x2_t rdar11405978_bar();
+float32_t rdar11405978() {
+  float32x2_t v = rdar11405978_bar();
+  Rdar11405978Vec w = *(Rdar11405978Vec *)&v;
+  return w.x; // no-warning
+}

Modified: cfe/trunk/test/Analysis/taint-tester.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/taint-tester.c?rev=156428&r1=156427&r2=156428&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/taint-tester.c (original)
+++ cfe/trunk/test/Analysis/taint-tester.c Tue May  8 16:49:54 2012
@@ -40,7 +40,7 @@
   // FIXME: We fail to propagate the taint here because RegionStore does not
   // handle ElementRegions with symbolic indexes.
   int addrDeref = *addr; // expected-warning + {{tainted}}
-  int _addrDeref = addrDeref;
+  int _addrDeref = addrDeref; // expected-warning + {{tainted}}
 
   // Tainted struct address, casts.
   struct XYStruct *xyPtr = 0;





More information about the cfe-commits mailing list