[cfe-commits] r58886 - in /cfe/trunk: include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Analysis/PathSensitive/Store.h lib/Analysis/GRExprEngine.cpp
Zhongxing Xu
xuzhongxing at gmail.com
Fri Nov 7 19:45:42 PST 2008
Author: zhongxingxu
Date: Fri Nov 7 21:45:42 2008
New Revision: 58886
URL: http://llvm.org/viewvc/llvm-project?rev=58886&view=rev
Log:
Add a boilerplate for out-of-bound array checking. This has no real function currently.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
cfe/trunk/lib/Analysis/GRExprEngine.cpp
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=58886&r1=58885&r2=58886&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Fri Nov 7 21:45:42 2008
@@ -455,6 +455,15 @@
return StateMgr.Assume(St, Cond, Assumption, isFeasible);
}
+ const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
+ bool Assumption, bool& isFeasible) {
+ // FIXME: In this function, we will check if Idx can be in/out
+ // [0, UpperBound) according to the assumption. We can extend the
+ // interface to include a LowerBound parameter.
+ isFeasible = true;
+ return St;
+ }
+
NodeTy* MakeNode(NodeSet& Dst, Stmt* S, NodeTy* Pred, const GRState* St,
ProgramPoint::Kind K = ProgramPoint::PostStmtKind) {
assert (Builder && "GRStmtNodeBuilder not present.");
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Store.h?rev=58886&r1=58885&r2=58886&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Store.h Fri Nov 7 21:45:42 2008
@@ -72,7 +72,11 @@
const FieldDecl* D) = 0;
virtual SVal getLValueElement(const GRState* St, SVal Base, SVal Offset) = 0;
-
+
+ virtual SVal getSizeInElements(const GRState* St, const MemRegion* R) {
+ return UnknownVal();
+ }
+
/// ArrayToPointer - Used by GRExprEngine::VistCast to handle implicit
/// conversions between arrays and pointers.
virtual SVal ArrayToPointer(SVal Array) = 0;
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=58886&r1=58885&r2=58886&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Fri Nov 7 21:45:42 2008
@@ -1067,6 +1067,28 @@
else ExplicitNullDeref.insert(NullNode);
}
}
+
+ // Check for out-of-bound array access.
+ if (isFeasibleNotNull && isa<loc::MemRegionVal>(LV)) {
+ const MemRegion* R = cast<loc::MemRegionVal>(LV).getRegion();
+ if (const ElementRegion* ER = dyn_cast<ElementRegion>(R)) {
+ // Get the index of the accessed element.
+ SVal Idx = ER->getIndex();
+ // Get the extent of the array.
+ SVal NumElements = StateMgr.getStoreManager().getSizeInElements(StNotNull,
+ ER->getSuperRegion());
+
+ bool isFeasibleInBound = false;
+ const GRState* StInBound = AssumeInBound(StNotNull, Idx, NumElements,
+ true, isFeasibleInBound);
+
+ bool isFeasibleOutBound = false;
+ const GRState* StOutBound = AssumeInBound(StNotNull, Idx, NumElements,
+ false, isFeasibleOutBound);
+
+ // Report warnings ...
+ }
+ }
return isFeasibleNotNull ? StNotNull : NULL;
}
More information about the cfe-commits
mailing list