[cfe-commits] r48306 - in /cfe/trunk: Analysis/CFRefCount.cpp Analysis/GRExprEngine.cpp Analysis/GRSimpleVals.cpp Analysis/SymbolManager.cpp include/clang/Analysis/PathSensitive/SymbolManager.h
Ted Kremenek
kremenek at apple.com
Wed Mar 12 14:45:48 PDT 2008
Author: kremenek
Date: Wed Mar 12 16:45:47 2008
New Revision: 48306
URL: http://llvm.org/viewvc/llvm-project?rev=48306&view=rev
Log:
Changed CallRetValSymbol to SymbolConjured to allow "conjured" symbols to be created for any expression, not just CallExprs.
Added experimental support for conjuring symbols during assingments where the RHS is "unknown". This allows more value tracking for path-sensitivity.
Fixed bug in "assumption" logic when processing symbolic constraints; we would improperly mark constraints we didn't support as infeasible.
Modified:
cfe/trunk/Analysis/CFRefCount.cpp
cfe/trunk/Analysis/GRExprEngine.cpp
cfe/trunk/Analysis/GRSimpleVals.cpp
cfe/trunk/Analysis/SymbolManager.cpp
cfe/trunk/include/clang/Analysis/PathSensitive/SymbolManager.h
Modified: cfe/trunk/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/CFRefCount.cpp?rev=48306&r1=48305&r2=48306&view=diff
==============================================================================
--- cfe/trunk/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/Analysis/CFRefCount.cpp Wed Mar 12 16:45:47 2008
@@ -588,7 +588,7 @@
if (CE->getType() != Eng.getContext().VoidTy) {
unsigned Count = Builder.getCurrentBlockCount();
- SymbolID Sym = Eng.getSymbolManager().getCallRetValSymbol(CE, Count);
+ SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
RVal X = CE->getType()->isPointerType()
? cast<RVal>(lval::SymbolVal(Sym))
@@ -664,7 +664,7 @@
case RetEffect::OwnedSymbol: {
unsigned Count = Builder.getCurrentBlockCount();
- SymbolID Sym = Eng.getSymbolManager().getCallRetValSymbol(CE, Count);
+ SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
ValueState StImpl = *St;
RefBindings B = GetRefBindings(StImpl);
@@ -679,7 +679,7 @@
case RetEffect::NotOwnedSymbol: {
unsigned Count = Builder.getCurrentBlockCount();
- SymbolID Sym = Eng.getSymbolManager().getCallRetValSymbol(CE, Count);
+ SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
ValueState StImpl = *St;
RefBindings B = GetRefBindings(StImpl);
Modified: cfe/trunk/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRExprEngine.cpp?rev=48306&r1=48305&r2=48306&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/Analysis/GRExprEngine.cpp Wed Mar 12 16:45:47 2008
@@ -177,7 +177,7 @@
// Process the true branch.
- bool isFeasible = true;
+ bool isFeasible = false;
ValueState* St = Assume(PrevState, V, true, isFeasible);
if (isFeasible)
@@ -300,8 +300,8 @@
RVal Res = EvalBinOp(BinaryOperator::EQ, CondV, CaseVal);
// Now "assume" that the case matches.
- bool isFeasible = false;
+ bool isFeasible = false;
ValueState* StNew = Assume(St, Res, true, isFeasible);
if (isFeasible) {
@@ -317,6 +317,7 @@
// Now "assume" that the case doesn't match. Add this state
// to the default state (if it is feasible).
+ isFeasible = false;
StNew = Assume(DefaultSt, Res, false, isFeasible);
if (isFeasible)
@@ -1114,10 +1115,27 @@
continue;
}
+ // EXPERIMENTAL: "Conjured" symbols.
+
+ if (RightV.isUnknown()) {
+ unsigned Count = Builder->getCurrentBlockCount();
+ SymbolID Sym = SymMgr.getConjuredSymbol(B->getRHS(), Count);
+
+ RightV = B->getRHS()->getType()->isPointerType()
+ ? cast<RVal>(lval::SymbolVal(Sym))
+ : cast<RVal>(nonlval::SymbolVal(Sym));
+ }
+
+ // Even if the LHS evaluates to an unknown L-Value, the entire
+ // expression still evaluates to the RHS.
+
if (LeftV.isUnknown()) {
St = SetRVal(St, B, RightV);
break;
}
+
+ // Simulate the effects of a "store": bind the value of the RHS
+ // to the L-Value represented by the LHS.
St = SetRVal(SetRVal(St, B, RightV), cast<LVal>(LeftV), RightV);
break;
@@ -1531,6 +1549,7 @@
switch (C.getOpcode()) {
default:
// No logic yet for other operators.
+ isFeasible = true;
return St;
case BinaryOperator::EQ:
Modified: cfe/trunk/Analysis/GRSimpleVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRSimpleVals.cpp?rev=48306&r1=48305&r2=48306&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRSimpleVals.cpp (original)
+++ cfe/trunk/Analysis/GRSimpleVals.cpp Wed Mar 12 16:45:47 2008
@@ -432,7 +432,7 @@
if (CE->getType() != Eng.getContext().VoidTy) {
unsigned Count = Builder.getCurrentBlockCount();
- SymbolID Sym = Eng.getSymbolManager().getCallRetValSymbol(CE, Count);
+ SymbolID Sym = Eng.getSymbolManager().getConjuredSymbol(CE, Count);
RVal X = CE->getType()->isPointerType()
? cast<RVal>(lval::SymbolVal(Sym))
Modified: cfe/trunk/Analysis/SymbolManager.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/SymbolManager.cpp?rev=48306&r1=48305&r2=48306&view=diff
==============================================================================
--- cfe/trunk/Analysis/SymbolManager.cpp (original)
+++ cfe/trunk/Analysis/SymbolManager.cpp Wed Mar 12 16:45:47 2008
@@ -72,10 +72,10 @@
return SymbolCounter++;
}
-SymbolID SymbolManager::getCallRetValSymbol(CallExpr* CE, unsigned Count) {
+SymbolID SymbolManager::getConjuredSymbol(Expr* E, unsigned Count) {
llvm::FoldingSetNodeID profile;
- SymbolDataCallRetVal::Profile(profile, CE, Count);
+ SymbolConjured::Profile(profile, E, Count);
void* InsertPos;
SymbolData* SD = DataSet.FindNodeOrInsertPos(profile, InsertPos);
@@ -83,8 +83,8 @@
if (SD)
return SD->getSymbol();
- SD = (SymbolData*) BPAlloc.Allocate<SymbolDataCallRetVal>();
- new (SD) SymbolDataCallRetVal(SymbolCounter, CE, Count);
+ SD = (SymbolData*) BPAlloc.Allocate<SymbolConjured>();
+ new (SD) SymbolConjured(SymbolCounter, E, Count);
DataSet.InsertNode(SD, InsertPos);
DataMap[SymbolCounter] = SD;
@@ -116,8 +116,8 @@
return T->getAsPointerType()->getPointeeType();
}
- case CallRetValKind:
- return cast<SymbolDataCallRetVal>(this)->getCallExpr()->getType();
+ case ConjuredKind:
+ return cast<SymbolConjured>(this)->getExpr()->getType();
}
}
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SymbolManager.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SymbolManager.h?rev=48306&r1=48305&r2=48306&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/SymbolManager.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/SymbolManager.h Wed Mar 12 16:45:47 2008
@@ -69,7 +69,7 @@
class SymbolData : public llvm::FoldingSetNode {
public:
- enum Kind { UndefKind, ParmKind, GlobalKind, ContentsOfKind, CallRetValKind };
+ enum Kind { UndefKind, ParmKind, GlobalKind, ContentsOfKind, ConjuredKind };
private:
Kind K;
@@ -165,32 +165,32 @@
}
};
-class SymbolDataCallRetVal : public SymbolData {
- CallExpr* CE;
+class SymbolConjured : public SymbolData {
+ Expr* E;
unsigned Count;
public:
- SymbolDataCallRetVal(SymbolID Sym, CallExpr* ce, unsigned count)
- : SymbolData(CallRetValKind, Sym), CE(ce), Count(count) {}
+ SymbolConjured(SymbolID Sym, Expr* exp, unsigned count)
+ : SymbolData(ConjuredKind, Sym), E(exp), Count(count) {}
- CallExpr* getCallExpr() const { return CE; }
+ Expr* getExpr() const { return E; }
unsigned getCount() const { return Count; }
static void Profile(llvm::FoldingSetNodeID& profile,
- CallExpr* CE, unsigned Count) {
+ Expr* E, unsigned Count) {
- profile.AddInteger((unsigned) CallRetValKind);
- profile.AddPointer(CE);
+ profile.AddInteger((unsigned) ConjuredKind);
+ profile.AddPointer(E);
profile.AddInteger(Count);
}
virtual void Profile(llvm::FoldingSetNodeID& profile) {
- Profile(profile, CE, Count);
+ Profile(profile, E, Count);
}
// Implement isa<T> support.
static inline bool classof(const SymbolData* D) {
- return D->getKind() == CallRetValKind;
+ return D->getKind() == ConjuredKind;
}
};
@@ -243,7 +243,7 @@
SymbolID getSymbol(VarDecl* D);
SymbolID getContentsOfSymbol(SymbolID sym);
- SymbolID getCallRetValSymbol(CallExpr* CE, unsigned VisitCount);
+ SymbolID getConjuredSymbol(Expr* E, unsigned VisitCount);
const SymbolData& getSymbolData(SymbolID ID) const;
More information about the cfe-commits
mailing list