[cfe-commits] r47288 - in /cfe/trunk: Analysis/GRExprEngine.cpp Analysis/GRSimpleVals.cpp Analysis/ValueState.cpp include/clang/Analysis/PathSensitive/GRExprEngine.h
Ted Kremenek
kremenek at apple.com
Mon Feb 18 14:57:03 PST 2008
Author: kremenek
Date: Mon Feb 18 16:57:02 2008
New Revision: 47288
URL: http://llvm.org/viewvc/llvm-project?rev=47288&view=rev
Log:
Added more assertions and checks in transfer function logic to check for
UninitializedVals and UnknownVals.
Modified:
cfe/trunk/Analysis/GRExprEngine.cpp
cfe/trunk/Analysis/GRSimpleVals.cpp
cfe/trunk/Analysis/ValueState.cpp
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
Modified: cfe/trunk/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRExprEngine.cpp?rev=47288&r1=47287&r2=47288&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/Analysis/GRExprEngine.cpp Mon Feb 18 16:57:02 2008
@@ -209,7 +209,8 @@
typedef SwitchNodeBuilder::iterator iterator;
StateTy St = builder.getState();
- NonLValue CondV = cast<NonLValue>(GetValue(St, builder.getCondition()));
+ Expr* CondE = builder.getCondition();
+ NonLValue CondV = cast<NonLValue>(GetValue(St, CondE));
if (isa<UninitializedVal>(CondV)) {
NodeTy* N = builder.generateDefaultCaseNode(St, true);
@@ -221,7 +222,10 @@
// While most of this can be assumed (such as the signedness), having it
// just computed makes sure everything makes the same assumptions end-to-end.
- unsigned bits = getContext().getTypeSize(getContext().IntTy,SourceLocation());
+
+ unsigned bits = getContext().getTypeSize(CondE->getType(),
+ CondE->getExprLoc());
+
APSInt V1(bits, false);
APSInt V2 = V1;
@@ -258,7 +262,7 @@
NonLValue Res = EvalBinaryOp(ValMgr, BinaryOperator::EQ, CondV, CaseVal);
// Now "assume" that the case matches.
- bool isFeasible;
+ bool isFeasible = false;
StateTy StNew = Assume(St, Res, true, isFeasible);
@@ -588,7 +592,7 @@
// FIXME: Stop when dereferencing an uninitialized value.
// FIXME: Bifurcate when dereferencing a symbolic with no constraints?
- const RValue& V = GetValue(St, U->getSubExpr());
+ const RValue& V = GetValue(St, U->getSubExpr());
const LValue& L1 = cast<LValue>(V);
// After a dereference, one of two possible situations arise:
@@ -608,6 +612,9 @@
GetValue(StNotNull, L1, &T)));
}
+ if (V.isUnknown())
+ return;
+
bool isFeasibleNull;
// "Assume" that the pointer is NULL.
@@ -868,8 +875,15 @@
//===----------------------------------------------------------------------===//
GRExprEngine::StateTy GRExprEngine::Assume(StateTy St, LValue Cond,
- bool Assumption,
- bool& isFeasible) {
+ bool Assumption,
+ bool& isFeasible) {
+
+ assert (!isa<UninitializedVal>(Cond));
+
+ if (isa<UnknownVal>(Cond)) {
+ isFeasible = true;
+ return St;
+ }
switch (Cond.getSubKind()) {
default:
@@ -901,6 +915,13 @@
bool Assumption,
bool& isFeasible) {
+ assert (!isa<UninitializedVal>(Cond));
+
+ if (isa<UnknownVal>(Cond)) {
+ isFeasible = true;
+ return St;
+ }
+
switch (Cond.getSubKind()) {
default:
assert (false && "'Assume' not implemented for this NonLValue.");
@@ -936,7 +957,7 @@
GRExprEngine::StateTy
GRExprEngine::AssumeSymNE(StateTy St, SymbolID sym,
const llvm::APSInt& V, bool& isFeasible) {
-
+
// First, determine if sym == X, where X != V.
if (const llvm::APSInt* X = St.getSymVal(sym)) {
isFeasible = *X != V;
Modified: cfe/trunk/Analysis/GRSimpleVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRSimpleVals.cpp?rev=47288&r1=47287&r2=47288&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRSimpleVals.cpp (original)
+++ cfe/trunk/Analysis/GRSimpleVals.cpp Mon Feb 18 16:57:02 2008
@@ -31,7 +31,7 @@
CheckerState->setTransferFunctions(GRSV);
// Execute the worklist algorithm.
- Engine.ExecuteWorkList(200);
+ Engine.ExecuteWorkList(10000);
// Look for explicit-Null dereferences and warn about them.
for (GRExprEngine::null_iterator I=CheckerState->null_begin(),
@@ -57,6 +57,8 @@
RValue GRSimpleVals::EvalCast(ValueManager& ValMgr, NonLValue X,
Expr* CastExpr) {
+ assert (!isa<UnknownVal>(X) && !isa<UninitializedVal>(X));
+
if (!isa<nonlval::ConcreteInt>(X))
return UnknownVal();
@@ -74,6 +76,8 @@
// Casts.
RValue GRSimpleVals::EvalCast(ValueManager& ValMgr, LValue X, Expr* CastExpr) {
+
+ assert (!isa<UnknownVal>(X) && !isa<UninitializedVal>(X));
if (CastExpr->getType()->isPointerType())
return X;
@@ -96,6 +100,8 @@
NonLValue GRSimpleVals::EvalMinus(ValueManager& ValMgr, UnaryOperator* U,
NonLValue X) {
+ assert (!isa<UnknownVal>(X) && !isa<UninitializedVal>(X));
+
switch (X.getSubKind()) {
case nonlval::ConcreteIntKind:
return cast<nonlval::ConcreteInt>(X).EvalMinus(ValMgr, U);
@@ -105,6 +111,9 @@
}
NonLValue GRSimpleVals::EvalComplement(ValueManager& ValMgr, NonLValue X) {
+
+ assert (!isa<UnknownVal>(X) && !isa<UninitializedVal>(X));
+
switch (X.getSubKind()) {
case nonlval::ConcreteIntKind:
return cast<nonlval::ConcreteInt>(X).EvalComplement(ValMgr);
@@ -119,11 +128,8 @@
BinaryOperator::Opcode Op,
NonLValue LHS, NonLValue RHS) {
- if (isa<UnknownVal>(LHS) || isa<UnknownVal>(RHS))
- return cast<NonLValue>(UnknownVal());
-
- if (isa<UninitializedVal>(LHS) || isa<UninitializedVal>(RHS))
- return cast<NonLValue>(UninitializedVal());
+ assert (!isa<UnknownVal>(LHS) && !isa<UninitializedVal>(LHS));
+ assert (!isa<UnknownVal>(RHS) && !isa<UninitializedVal>(RHS));
while(1) {
@@ -169,6 +175,9 @@
BinaryOperator::Opcode Op,
LValue LHS, LValue RHS) {
+ assert (!isa<UnknownVal>(LHS) && !isa<UninitializedVal>(LHS));
+ assert (!isa<UnknownVal>(RHS) && !isa<UninitializedVal>(RHS));
+
switch (Op) {
default:
return UnknownVal();
@@ -186,6 +195,10 @@
LValue GRSimpleVals::EvalBinaryOp(ValueManager& ValMgr,
BinaryOperator::Opcode Op,
LValue LHS, NonLValue RHS) {
+
+ assert (!isa<UnknownVal>(LHS) && !isa<UninitializedVal>(LHS));
+ assert (!isa<UnknownVal>(RHS) && !isa<UninitializedVal>(RHS));
+
return cast<LValue>(UnknownVal());
}
@@ -194,6 +207,9 @@
NonLValue GRSimpleVals::EvalEQ(ValueManager& ValMgr, LValue LHS, LValue RHS) {
+ assert (!isa<UnknownVal>(LHS) && !isa<UninitializedVal>(LHS));
+ assert (!isa<UnknownVal>(RHS) && !isa<UninitializedVal>(RHS));
+
switch (LHS.getSubKind()) {
default:
assert(false && "EQ not implemented for this LValue.");
@@ -249,6 +265,9 @@
}
NonLValue GRSimpleVals::EvalNE(ValueManager& ValMgr, LValue LHS, LValue RHS) {
+
+ assert (!isa<UnknownVal>(LHS) && !isa<UninitializedVal>(LHS));
+ assert (!isa<UnknownVal>(RHS) && !isa<UninitializedVal>(RHS));
switch (LHS.getSubKind()) {
default:
Modified: cfe/trunk/Analysis/ValueState.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/ValueState.cpp?rev=47288&r1=47287&r2=47288&view=diff
==============================================================================
--- cfe/trunk/Analysis/ValueState.cpp (original)
+++ cfe/trunk/Analysis/ValueState.cpp Mon Feb 18 16:57:02 2008
@@ -129,6 +129,8 @@
if (isa<UnknownVal>(LV))
return UnknownVal();
+ assert (!isa<UninitializedVal>(LV));
+
switch (LV.getSubKind()) {
case lval::DeclValKind: {
ValueState::VarBindingsTy::TreeTy* T =
@@ -327,6 +329,9 @@
ValueState
ValueStateManager::SetValue(ValueState St, const LValue& LV, const RValue& V) {
+ assert (!isa<UnknownVal>(LV));
+ assert (!isa<UninitializedVal>(LV));
+
switch (LV.getSubKind()) {
case lval::DeclValKind:
return V.isKnown() // FIXME: Have DeclVal only contain VarDecl
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=47288&r1=47287&r2=47288&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Mon Feb 18 16:57:02 2008
@@ -308,36 +308,73 @@
void VisitUnaryOperator(UnaryOperator* B, NodeTy* Pred, NodeSet& Dst);
- inline RValue EvalCast(ValueManager& ValMgr, RValue R, Expr* CastExpr) {
- return TF->EvalCast(ValMgr, R, CastExpr);
+ inline RValue EvalCast(ValueManager& ValMgr, RValue X, Expr* CastExpr) {
+ if (isa<UnknownVal>(X) || isa<UninitializedVal>(X))
+ return X;
+
+ return TF->EvalCast(ValMgr, X, CastExpr);
}
inline NonLValue EvalMinus(ValueManager& ValMgr, UnaryOperator* U,
NonLValue X) {
+ if (isa<UnknownVal>(X) || isa<UninitializedVal>(X))
+ return X;
+
return TF->EvalMinus(ValMgr, U, X);
}
inline NonLValue EvalComplement(ValueManager& ValMgr, NonLValue X) {
+ if (isa<UnknownVal>(X) || isa<UninitializedVal>(X))
+ return X;
+
return TF->EvalComplement(ValMgr, X);
}
inline NonLValue EvalBinaryOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
NonLValue LHS, NonLValue RHS) {
+
+ if (isa<UninitializedVal>(LHS) || isa<UninitializedVal>(RHS))
+ return cast<NonLValue>(UninitializedVal());
+
+ if (isa<UnknownVal>(LHS) || isa<UnknownVal>(RHS))
+ return cast<NonLValue>(UnknownVal());
+
return TF->EvalBinaryOp(ValMgr, Op, LHS, RHS);
}
inline RValue EvalBinaryOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
LValue LHS, LValue RHS) {
+
+ if (isa<UninitializedVal>(LHS) || isa<UninitializedVal>(RHS))
+ return UninitializedVal();
+
+ if (isa<UnknownVal>(LHS) || isa<UnknownVal>(RHS))
+ return UnknownVal();
+
return TF->EvalBinaryOp(ValMgr, Op, LHS, RHS);
}
inline RValue EvalBinaryOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
LValue LHS, NonLValue RHS) {
+
+ if (isa<UninitializedVal>(LHS) || isa<UninitializedVal>(RHS))
+ return UninitializedVal();
+
+ if (isa<UnknownVal>(LHS) || isa<UnknownVal>(RHS))
+ return UnknownVal();
+
return TF->EvalBinaryOp(ValMgr, Op, LHS, RHS);
}
inline RValue EvalBinaryOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
RValue LHS, RValue RHS) {
+
+ if (isa<UninitializedVal>(LHS) || isa<UninitializedVal>(RHS))
+ return UninitializedVal();
+
+ if (isa<UnknownVal>(LHS) || isa<UnknownVal>(RHS))
+ return UnknownVal();
+
return TF->EvalBinaryOp(ValMgr, Op, LHS, RHS);
}
};
More information about the cfe-commits
mailing list