[cfe-commits] r59869 - in /cfe/trunk: include/clang/Analysis/PathSensitive/BasicValueFactory.h include/clang/Analysis/PathSensitive/ConstraintManager.h include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Analysis/PathSensitive/GRState.h include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/BasicConstraintManager.cpp lib/Analysis/BasicValueFactory.cpp lib/Analysis/GRExprEngine.cpp lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp
Zhongxing Xu
xuzhongxing at gmail.com
Sat Nov 22 05:21:48 PST 2008
Author: zhongxingxu
Date: Sat Nov 22 07:21:46 2008
New Revision: 59869
URL: http://llvm.org/viewvc/llvm-project?rev=59869&view=rev
Log:
Initial support for checking out of bound memory access. Only support
ConcreteInt index for now.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h
cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
cfe/trunk/lib/Analysis/BasicValueFactory.cpp
cfe/trunk/lib/Analysis/GRExprEngine.cpp
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/lib/Analysis/SVals.cpp
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h Sat Nov 22 07:21:46 2008
@@ -72,6 +72,7 @@
ASTContext& getContext() const { return Ctx; }
const llvm::APSInt& getValue(const llvm::APSInt& X);
+ const llvm::APSInt& getValue(const llvm::APInt& X, bool isUnsigned);
const llvm::APSInt& getValue(uint64_t X, unsigned BitWidth, bool isUnsigned);
const llvm::APSInt& getValue(uint64_t X, QualType T);
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h Sat Nov 22 07:21:46 2008
@@ -34,6 +34,10 @@
virtual const GRState* Assume(const GRState* St, SVal Cond,
bool Assumption, bool& isFeasible) = 0;
+ virtual const GRState* AssumeInBound(const GRState* St, SVal Idx,
+ SVal UpperBound, bool Assumption,
+ bool& isFeasible) = 0;
+
virtual const GRState* AddNE(const GRState* St, SymbolID sym,
const llvm::APSInt& V) = 0;
virtual const llvm::APSInt* getSymVal(const GRState* St, SymbolID sym) = 0;
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Sat Nov 22 07:21:46 2008
@@ -468,11 +468,7 @@
const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
bool Assumption, bool& isFeasible) {
- // FIXME: In this function, we will check if Idx can be in/out
- // [0, UpperBound) according to the assumption. We can extend the
- // interface to include a LowerBound parameter.
- isFeasible = true;
- return St;
+ return StateMgr.AssumeInBound(St, Idx, UpperBound, Assumption, isFeasible);
}
NodeTy* MakeNode(NodeSet& Dst, Stmt* S, NodeTy* Pred, const GRState* St,
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h Sat Nov 22 07:21:46 2008
@@ -523,6 +523,12 @@
return ConstraintMgr->Assume(St, Cond, Assumption, isFeasible);
}
+ const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
+ bool Assumption, bool& isFeasible) {
+ return ConstraintMgr->AssumeInBound(St, Idx, UpperBound, Assumption,
+ isFeasible);
+ }
+
const GRState* AddNE(const GRState* St, SymbolID sym, const llvm::APSInt& V) {
return ConstraintMgr->AddNE(St, sym, V);
}
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Sat Nov 22 07:21:46 2008
@@ -173,6 +173,9 @@
static NonLoc MakeVal(BasicValueFactory& BasicVals, uint64_t X, QualType T);
static NonLoc MakeVal(BasicValueFactory& BasicVals, IntegerLiteral* I);
+
+ static NonLoc MakeVal(BasicValueFactory& BasicVals, const llvm::APInt& I,
+ bool isUnsigned);
static NonLoc MakeIntTruthVal(BasicValueFactory& BasicVals, bool b);
Modified: cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicConstraintManager.cpp?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/BasicConstraintManager.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicConstraintManager.cpp Sat Nov 22 07:21:46 2008
@@ -69,6 +69,9 @@
const GRState* AssumeSymLE(const GRState* St, SymbolID sym,
const llvm::APSInt& V, bool& isFeasible);
+ const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal UpperBound,
+ bool Assumption, bool& isFeasible);
+
const GRState* AddEQ(const GRState* St, SymbolID sym, const llvm::APSInt& V);
const GRState* AddNE(const GRState* St, SymbolID sym, const llvm::APSInt& V);
@@ -83,6 +86,9 @@
void print(const GRState* St, std::ostream& Out,
const char* nl, const char *sep);
+
+private:
+ BasicValueFactory& getBasicVals() { return StateMgr.getBasicVals(); }
};
} // end anonymous namespace
@@ -352,6 +358,27 @@
return St;
}
+const GRState*
+BasicConstraintManager::AssumeInBound(const GRState* St, SVal Idx,
+ SVal UpperBound, bool Assumption,
+ bool& isFeasible) {
+ // Only support ConcreteInt for now.
+ if (!(isa<nonloc::ConcreteInt>(Idx) && isa<nonloc::ConcreteInt>(UpperBound))){
+ isFeasible = true;
+ return St;
+ }
+
+ const llvm::APSInt& Zero = getBasicVals().getZeroWithPtrWidth(false);
+ const llvm::APSInt& IdxV = cast<nonloc::ConcreteInt>(Idx).getValue();
+ const llvm::APSInt& UBV = cast<nonloc::ConcreteInt>(UpperBound).getValue();
+
+ bool InBound = (Zero <= IdxV) && (IdxV < UBV);
+
+ isFeasible = Assumption ? InBound : !InBound;
+
+ return St;
+}
+
static int ConstEqTyIndex = 0;
static int ConstNotEqTyIndex = 0;
Modified: cfe/trunk/lib/Analysis/BasicValueFactory.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicValueFactory.cpp?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/BasicValueFactory.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicValueFactory.cpp Sat Nov 22 07:21:46 2008
@@ -76,6 +76,12 @@
return *P;
}
+const llvm::APSInt& BasicValueFactory::getValue(const llvm::APInt& X,
+ bool isUnsigned) {
+ llvm::APSInt V(X, isUnsigned);
+ return getValue(V);
+}
+
const llvm::APSInt& BasicValueFactory::getValue(uint64_t X, unsigned BitWidth,
bool isUnsigned) {
llvm::APSInt V(BitWidth, isUnsigned);
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Sat Nov 22 07:21:46 2008
@@ -1084,9 +1084,14 @@
bool isFeasibleOutBound = false;
const GRState* StOutBound = AssumeInBound(StNotNull, Idx, NumElements,
false, isFeasibleOutBound);
- StInBound = StOutBound = 0; // FIXME: squeltch warning.
- // Report warnings ...
+ if (isFeasibleOutBound) {
+ // Report warning.
+
+ StOutBound = 0;
+ }
+
+ return isFeasibleInBound ? StInBound : NULL;
}
}
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Sat Nov 22 07:21:46 2008
@@ -80,6 +80,8 @@
SVal getLValueElement(const GRState* St, SVal Base, SVal Offset);
+ SVal getSizeInElements(const GRState* St, const MemRegion* R);
+
SVal ArrayToPointer(SVal Array);
std::pair<const GRState*, SVal>
@@ -257,6 +259,40 @@
return UnknownVal();
}
+SVal RegionStoreManager::getSizeInElements(const GRState* St,
+ const MemRegion* R) {
+ if (const VarRegion* VR = dyn_cast<VarRegion>(R)) {
+ // Get the type of the variable.
+ QualType T = VR->getType(getContext());
+
+ // It must be of array type.
+ const ConstantArrayType* CAT = cast<ConstantArrayType>(T.getTypePtr());
+
+ // return the size as signed integer.
+ return NonLoc::MakeVal(getBasicVals(), CAT->getSize(), false);
+ }
+
+ if (const StringRegion* SR = dyn_cast<StringRegion>(R)) {
+ // FIXME: Unsupported yet.
+ SR = 0;
+ return UnknownVal();
+ }
+
+ if (const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R)) {
+ // FIXME: Unsupported yet.
+ ATR = 0;
+ return UnknownVal();
+ }
+
+ if (const FieldRegion* FR = dyn_cast<FieldRegion>(R)) {
+ // FIXME: Unsupported yet.
+ FR = 0;
+ return UnknownVal();
+ }
+ printf("kidn = %d\n", R->getKind());
+ assert(0 && "Other regions are not supported yet.");
+}
+
// Cast 'pointer to array' to 'pointer to the first element of array'.
SVal RegionStoreManager::ArrayToPointer(SVal Array) {
Modified: cfe/trunk/lib/Analysis/SVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=59869&r1=59868&r2=59869&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/SVals.cpp (original)
+++ cfe/trunk/lib/Analysis/SVals.cpp Sat Nov 22 07:21:46 2008
@@ -253,6 +253,11 @@
I->getType()->isUnsignedIntegerType())));
}
+NonLoc NonLoc::MakeVal(BasicValueFactory& BasicVals, const llvm::APInt& I,
+ bool isUnsigned) {
+ return nonloc::ConcreteInt(BasicVals.getValue(I, isUnsigned));
+}
+
NonLoc NonLoc::MakeIntTruthVal(BasicValueFactory& BasicVals, bool b) {
return nonloc::ConcreteInt(BasicVals.getTruthValue(b));
}
More information about the cfe-commits
mailing list