[cfe-commits] r59869 - in /cfe/trunk: include/clang/Analysis/PathSensitive/BasicValueFactory.h include/clang/Analysis/PathSensitive/ConstraintManager.h include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Analysis/PathSensitive/GRState.h include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/BasicConstraintManager.cpp lib/Analysis/BasicValueFactory.cpp lib/Analysis/GRExprEngine.cpp lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp
Ted Kremenek
kremenek at apple.com
Mon Nov 24 10:49:50 PST 2008
Looks great!
On Nov 22, 2008, at 5:21 AM, Zhongxing Xu wrote:
> Author: zhongxingxu
> Date: Sat Nov 22 07:21:46 2008
> New Revision: 59869
>
> URL: http://llvm.org/viewvc/llvm-project?rev=59869&view=rev
> Log:
> Initial support for checking out of bound memory access. Only support
> ConcreteInt index for now.
>
> Modified:
> cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h
> cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h
> cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
> cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
> cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
> cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
> cfe/trunk/lib/Analysis/BasicValueFactory.cpp
> cfe/trunk/lib/Analysis/GRExprEngine.cpp
> cfe/trunk/lib/Analysis/RegionStore.cpp
> cfe/trunk/lib/Analysis/SVals.cpp
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/
> BasicValueFactory.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/
> BasicValueFactory.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/
> BasicValueFactory.h Sat Nov 22 07:21:46 2008
> @@ -72,6 +72,7 @@
> ASTContext& getContext() const { return Ctx; }
>
> const llvm::APSInt& getValue(const llvm::APSInt& X);
> + const llvm::APSInt& getValue(const llvm::APInt& X, bool
> isUnsigned);
> const llvm::APSInt& getValue(uint64_t X, unsigned BitWidth, bool
> isUnsigned);
> const llvm::APSInt& getValue(uint64_t X, QualType T);
>
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/
> ConstraintManager.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/
> ConstraintManager.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/
> ConstraintManager.h Sat Nov 22 07:21:46 2008
> @@ -34,6 +34,10 @@
> virtual const GRState* Assume(const GRState* St, SVal Cond,
> bool Assumption, bool& isFeasible) =
> 0;
>
> + virtual const GRState* AssumeInBound(const GRState* St, SVal Idx,
> + SVal UpperBound, bool
> Assumption,
> + bool& isFeasible) = 0;
> +
> virtual const GRState* AddNE(const GRState* St, SymbolID sym,
> const llvm::APSInt& V) = 0;
> virtual const llvm::APSInt* getSymVal(const GRState* St, SymbolID
> sym) = 0;
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/
> GRExprEngine.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
> (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
> Sat Nov 22 07:21:46 2008
> @@ -468,11 +468,7 @@
>
> const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal
> UpperBound,
> bool Assumption, bool& isFeasible) {
> - // FIXME: In this function, we will check if Idx can be in/out
> - // [0, UpperBound) according to the assumption. We can extend
> the
> - // interface to include a LowerBound parameter.
> - isFeasible = true;
> - return St;
> + return StateMgr.AssumeInBound(St, Idx, UpperBound, Assumption,
> isFeasible);
> }
>
> NodeTy* MakeNode(NodeSet& Dst, Stmt* S, NodeTy* Pred, const
> GRState* St,
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
> (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h Sat Nov
> 22 07:21:46 2008
> @@ -523,6 +523,12 @@
> return ConstraintMgr->Assume(St, Cond, Assumption, isFeasible);
> }
>
> + const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal
> UpperBound,
> + bool Assumption, bool& isFeasible) {
> + return ConstraintMgr->AssumeInBound(St, Idx, UpperBound,
> Assumption,
> + isFeasible);
> + }
> +
> const GRState* AddNE(const GRState* St, SymbolID sym, const
> llvm::APSInt& V) {
> return ConstraintMgr->AddNE(St, sym, V);
> }
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Sat Nov
> 22 07:21:46 2008
> @@ -173,6 +173,9 @@
> static NonLoc MakeVal(BasicValueFactory& BasicVals, uint64_t X,
> QualType T);
>
> static NonLoc MakeVal(BasicValueFactory& BasicVals,
> IntegerLiteral* I);
> +
> + static NonLoc MakeVal(BasicValueFactory& BasicVals, const
> llvm::APInt& I,
> + bool isUnsigned);
>
> static NonLoc MakeIntTruthVal(BasicValueFactory& BasicVals, bool b);
>
>
> Modified: cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicConstraintManager.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/BasicConstraintManager.cpp (original)
> +++ cfe/trunk/lib/Analysis/BasicConstraintManager.cpp Sat Nov 22
> 07:21:46 2008
> @@ -69,6 +69,9 @@
> const GRState* AssumeSymLE(const GRState* St, SymbolID sym,
> const llvm::APSInt& V, bool& isFeasible);
>
> + const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal
> UpperBound,
> + bool Assumption, bool& isFeasible);
> +
> const GRState* AddEQ(const GRState* St, SymbolID sym, const
> llvm::APSInt& V);
>
> const GRState* AddNE(const GRState* St, SymbolID sym, const
> llvm::APSInt& V);
> @@ -83,6 +86,9 @@
>
> void print(const GRState* St, std::ostream& Out,
> const char* nl, const char *sep);
> +
> +private:
> + BasicValueFactory& getBasicVals() { return
> StateMgr.getBasicVals(); }
> };
>
> } // end anonymous namespace
> @@ -352,6 +358,27 @@
> return St;
> }
>
> +const GRState*
> +BasicConstraintManager::AssumeInBound(const GRState* St, SVal Idx,
> + SVal UpperBound, bool
> Assumption,
> + bool& isFeasible) {
> + // Only support ConcreteInt for now.
> + if (!(isa<nonloc::ConcreteInt>(Idx) &&
> isa<nonloc::ConcreteInt>(UpperBound))){
> + isFeasible = true;
> + return St;
> + }
> +
> + const llvm::APSInt& Zero =
> getBasicVals().getZeroWithPtrWidth(false);
> + const llvm::APSInt& IdxV =
> cast<nonloc::ConcreteInt>(Idx).getValue();
> + const llvm::APSInt& UBV =
> cast<nonloc::ConcreteInt>(UpperBound).getValue();
> +
> + bool InBound = (Zero <= IdxV) && (IdxV < UBV);
> +
> + isFeasible = Assumption ? InBound : !InBound;
> +
> + return St;
> +}
> +
> static int ConstEqTyIndex = 0;
> static int ConstNotEqTyIndex = 0;
>
>
> Modified: cfe/trunk/lib/Analysis/BasicValueFactory.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicValueFactory.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/BasicValueFactory.cpp (original)
> +++ cfe/trunk/lib/Analysis/BasicValueFactory.cpp Sat Nov 22 07:21:46
> 2008
> @@ -76,6 +76,12 @@
> return *P;
> }
>
> +const llvm::APSInt& BasicValueFactory::getValue(const llvm::APInt& X,
> + bool isUnsigned) {
> + llvm::APSInt V(X, isUnsigned);
> + return getValue(V);
> +}
> +
> const llvm::APSInt& BasicValueFactory::getValue(uint64_t X, unsigned
> BitWidth,
> bool isUnsigned) {
> llvm::APSInt V(BitWidth, isUnsigned);
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Sat Nov 22 07:21:46 2008
> @@ -1084,9 +1084,14 @@
> bool isFeasibleOutBound = false;
> const GRState* StOutBound = AssumeInBound(StNotNull, Idx,
> NumElements,
> false,
> isFeasibleOutBound);
> - StInBound = StOutBound = 0; // FIXME: squeltch warning.
>
> - // Report warnings ...
> + if (isFeasibleOutBound) {
> + // Report warning.
> +
> + StOutBound = 0;
> + }
> +
> + return isFeasibleInBound ? StInBound : NULL;
> }
> }
>
>
> Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
> +++ cfe/trunk/lib/Analysis/RegionStore.cpp Sat Nov 22 07:21:46 2008
> @@ -80,6 +80,8 @@
>
> SVal getLValueElement(const GRState* St, SVal Base, SVal Offset);
>
> + SVal getSizeInElements(const GRState* St, const MemRegion* R);
> +
> SVal ArrayToPointer(SVal Array);
>
> std::pair<const GRState*, SVal>
> @@ -257,6 +259,40 @@
> return UnknownVal();
> }
>
> +SVal RegionStoreManager::getSizeInElements(const GRState* St,
> + const MemRegion* R) {
> + if (const VarRegion* VR = dyn_cast<VarRegion>(R)) {
> + // Get the type of the variable.
> + QualType T = VR->getType(getContext());
> +
> + // It must be of array type.
> + const ConstantArrayType* CAT =
> cast<ConstantArrayType>(T.getTypePtr());
> +
> + // return the size as signed integer.
> + return NonLoc::MakeVal(getBasicVals(), CAT->getSize(), false);
> + }
> +
> + if (const StringRegion* SR = dyn_cast<StringRegion>(R)) {
> + // FIXME: Unsupported yet.
> + SR = 0;
> + return UnknownVal();
> + }
> +
> + if (const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R)) {
> + // FIXME: Unsupported yet.
> + ATR = 0;
> + return UnknownVal();
> + }
> +
> + if (const FieldRegion* FR = dyn_cast<FieldRegion>(R)) {
> + // FIXME: Unsupported yet.
> + FR = 0;
> + return UnknownVal();
> + }
> + printf("kidn = %d\n", R->getKind());
> + assert(0 && "Other regions are not supported yet.");
> +}
> +
> // Cast 'pointer to array' to 'pointer to the first element of array'.
>
> SVal RegionStoreManager::ArrayToPointer(SVal Array) {
>
> Modified: cfe/trunk/lib/Analysis/SVals.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/SVals.cpp (original)
> +++ cfe/trunk/lib/Analysis/SVals.cpp Sat Nov 22 07:21:46 2008
> @@ -253,6 +253,11 @@
> I->getType()-
> >isUnsignedIntegerType())));
> }
>
> +NonLoc NonLoc::MakeVal(BasicValueFactory& BasicVals, const
> llvm::APInt& I,
> + bool isUnsigned) {
> + return nonloc::ConcreteInt(BasicVals.getValue(I, isUnsigned));
> +}
> +
> NonLoc NonLoc::MakeIntTruthVal(BasicValueFactory& BasicVals, bool b) {
> return nonloc::ConcreteInt(BasicVals.getTruthValue(b));
> }
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list