[cfe-commits] r59869 - in /cfe/trunk: include/clang/Analysis/PathSensitive/BasicValueFactory.h include/clang/Analysis/PathSensitive/ConstraintManager.h include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Analysis/PathSensitive/GRState.h include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/BasicConstraintManager.cpp lib/Analysis/BasicValueFactory.cpp lib/Analysis/GRExprEngine.cpp lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp

Ted Kremenek kremenek at apple.com
Mon Nov 24 10:49:50 PST 2008


Looks great!

On Nov 22, 2008, at 5:21 AM, Zhongxing Xu wrote:

> Author: zhongxingxu
> Date: Sat Nov 22 07:21:46 2008
> New Revision: 59869
>
> URL: http://llvm.org/viewvc/llvm-project?rev=59869&view=rev
> Log:
> Initial support for checking out of bound memory access. Only support
> ConcreteInt index for now.
>
> Modified:
>    cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h
>    cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h
>    cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
>    cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
>    cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
>    cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
>    cfe/trunk/lib/Analysis/BasicValueFactory.cpp
>    cfe/trunk/lib/Analysis/GRExprEngine.cpp
>    cfe/trunk/lib/Analysis/RegionStore.cpp
>    cfe/trunk/lib/Analysis/SVals.cpp
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ 
> BasicValueFactory.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/BasicValueFactory.h?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/ 
> BasicValueFactory.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/ 
> BasicValueFactory.h Sat Nov 22 07:21:46 2008
> @@ -72,6 +72,7 @@
>   ASTContext& getContext() const { return Ctx; }
>
>   const llvm::APSInt& getValue(const llvm::APSInt& X);
> +  const llvm::APSInt& getValue(const llvm::APInt& X, bool  
> isUnsigned);
>   const llvm::APSInt& getValue(uint64_t X, unsigned BitWidth, bool  
> isUnsigned);
>   const llvm::APSInt& getValue(uint64_t X, QualType T);
>
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ 
> ConstraintManager.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/ConstraintManager.h?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/ 
> ConstraintManager.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/ 
> ConstraintManager.h Sat Nov 22 07:21:46 2008
> @@ -34,6 +34,10 @@
>   virtual const GRState* Assume(const GRState* St, SVal Cond,
>                                 bool Assumption, bool& isFeasible) =  
> 0;
>
> +  virtual const GRState* AssumeInBound(const GRState* St, SVal Idx,
> +                                       SVal UpperBound, bool  
> Assumption,
> +                                       bool& isFeasible) = 0;
> +
>   virtual const GRState* AddNE(const GRState* St, SymbolID sym,
>                                const llvm::APSInt& V) = 0;
>   virtual const llvm::APSInt* getSymVal(const GRState* St, SymbolID  
> sym) = 0;
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ 
> GRExprEngine.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h  
> (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h  
> Sat Nov 22 07:21:46 2008
> @@ -468,11 +468,7 @@
>
>   const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal  
> UpperBound,
>                                bool Assumption, bool& isFeasible) {
> -    // FIXME: In this function, we will check if Idx can be in/out
> -    // [0, UpperBound) according to the assumption.  We can extend  
> the
> -    // interface to include a LowerBound parameter.
> -    isFeasible = true;
> -    return St;
> +    return StateMgr.AssumeInBound(St, Idx, UpperBound, Assumption,  
> isFeasible);
>   }
>
>   NodeTy* MakeNode(NodeSet& Dst, Stmt* S, NodeTy* Pred, const  
> GRState* St,
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h  
> (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h Sat Nov  
> 22 07:21:46 2008
> @@ -523,6 +523,12 @@
>     return ConstraintMgr->Assume(St, Cond, Assumption, isFeasible);
>   }
>
> +  const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal  
> UpperBound,
> +                               bool Assumption, bool& isFeasible) {
> +    return ConstraintMgr->AssumeInBound(St, Idx, UpperBound,  
> Assumption,
> +                                        isFeasible);
> +  }
> +
>   const GRState* AddNE(const GRState* St, SymbolID sym, const  
> llvm::APSInt& V) {
>     return ConstraintMgr->AddNE(St, sym, V);
>   }
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Sat Nov  
> 22 07:21:46 2008
> @@ -173,6 +173,9 @@
>   static NonLoc MakeVal(BasicValueFactory& BasicVals, uint64_t X,  
> QualType T);
>
>   static NonLoc MakeVal(BasicValueFactory& BasicVals,  
> IntegerLiteral* I);
> +
> +  static NonLoc MakeVal(BasicValueFactory& BasicVals, const  
> llvm::APInt& I,
> +                        bool isUnsigned);
>
>   static NonLoc MakeIntTruthVal(BasicValueFactory& BasicVals, bool b);
>
>
> Modified: cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicConstraintManager.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/BasicConstraintManager.cpp (original)
> +++ cfe/trunk/lib/Analysis/BasicConstraintManager.cpp Sat Nov 22  
> 07:21:46 2008
> @@ -69,6 +69,9 @@
>   const GRState* AssumeSymLE(const GRState* St, SymbolID sym,
>                              const llvm::APSInt& V, bool& isFeasible);
>
> +  const GRState* AssumeInBound(const GRState* St, SVal Idx, SVal  
> UpperBound,
> +                               bool Assumption, bool& isFeasible);
> +
>   const GRState* AddEQ(const GRState* St, SymbolID sym, const  
> llvm::APSInt& V);
>
>   const GRState* AddNE(const GRState* St, SymbolID sym, const  
> llvm::APSInt& V);
> @@ -83,6 +86,9 @@
>
>   void print(const GRState* St, std::ostream& Out,
>              const char* nl, const char *sep);
> +
> +private:
> +  BasicValueFactory& getBasicVals() { return  
> StateMgr.getBasicVals(); }
> };
>
> } // end anonymous namespace
> @@ -352,6 +358,27 @@
>   return St;
> }
>
> +const GRState*
> +BasicConstraintManager::AssumeInBound(const GRState* St, SVal Idx,
> +                                      SVal UpperBound, bool  
> Assumption,
> +                                      bool& isFeasible) {
> +  // Only support ConcreteInt for now.
> +  if (!(isa<nonloc::ConcreteInt>(Idx) &&  
> isa<nonloc::ConcreteInt>(UpperBound))){
> +    isFeasible = true;
> +    return St;
> +  }
> +
> +  const llvm::APSInt& Zero =  
> getBasicVals().getZeroWithPtrWidth(false);
> +  const llvm::APSInt& IdxV =  
> cast<nonloc::ConcreteInt>(Idx).getValue();
> +  const llvm::APSInt& UBV =  
> cast<nonloc::ConcreteInt>(UpperBound).getValue();
> +
> +  bool InBound = (Zero <= IdxV) && (IdxV < UBV);
> +
> +  isFeasible = Assumption ? InBound : !InBound;
> +
> +  return St;
> +}
> +
> static int ConstEqTyIndex = 0;
> static int ConstNotEqTyIndex = 0;
>
>
> Modified: cfe/trunk/lib/Analysis/BasicValueFactory.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicValueFactory.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/BasicValueFactory.cpp (original)
> +++ cfe/trunk/lib/Analysis/BasicValueFactory.cpp Sat Nov 22 07:21:46  
> 2008
> @@ -76,6 +76,12 @@
>   return *P;
> }
>
> +const llvm::APSInt& BasicValueFactory::getValue(const llvm::APInt& X,
> +                                                bool isUnsigned) {
> +  llvm::APSInt V(X, isUnsigned);
> +  return getValue(V);
> +}
> +
> const llvm::APSInt& BasicValueFactory::getValue(uint64_t X, unsigned  
> BitWidth,
>                                            bool isUnsigned) {
>   llvm::APSInt V(BitWidth, isUnsigned);
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Sat Nov 22 07:21:46 2008
> @@ -1084,9 +1084,14 @@
>       bool isFeasibleOutBound = false;
>       const GRState* StOutBound = AssumeInBound(StNotNull, Idx,  
> NumElements,
>                                                 false,  
> isFeasibleOutBound);
> -      StInBound = StOutBound = 0; // FIXME: squeltch warning.
>
> -      // Report warnings ...
> +      if (isFeasibleOutBound) {
> +        // Report warning.
> +
> +        StOutBound = 0;
> +      }
> +
> +      return isFeasibleInBound ? StInBound : NULL;
>     }
>   }
>
>
> Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
> +++ cfe/trunk/lib/Analysis/RegionStore.cpp Sat Nov 22 07:21:46 2008
> @@ -80,6 +80,8 @@
>
>   SVal getLValueElement(const GRState* St, SVal Base, SVal Offset);
>
> +  SVal getSizeInElements(const GRState* St, const MemRegion* R);
> +
>   SVal ArrayToPointer(SVal Array);
>
>   std::pair<const GRState*, SVal>
> @@ -257,6 +259,40 @@
>   return UnknownVal();
> }
>
> +SVal RegionStoreManager::getSizeInElements(const GRState* St,
> +                                           const MemRegion* R) {
> +  if (const VarRegion* VR = dyn_cast<VarRegion>(R)) {
> +    // Get the type of the variable.
> +    QualType T = VR->getType(getContext());
> +
> +    // It must be of array type.
> +    const ConstantArrayType* CAT =  
> cast<ConstantArrayType>(T.getTypePtr());
> +
> +    // return the size as signed integer.
> +    return NonLoc::MakeVal(getBasicVals(), CAT->getSize(), false);
> +  }
> +
> +  if (const StringRegion* SR = dyn_cast<StringRegion>(R)) {
> +    // FIXME: Unsupported yet.
> +    SR = 0;
> +    return UnknownVal();
> +  }
> +
> +  if (const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R)) {
> +    // FIXME: Unsupported yet.
> +    ATR = 0;
> +    return UnknownVal();
> +  }
> +
> +  if (const FieldRegion* FR = dyn_cast<FieldRegion>(R)) {
> +    // FIXME: Unsupported yet.
> +    FR = 0;
> +    return UnknownVal();
> +  }
> +  printf("kidn = %d\n", R->getKind());
> +  assert(0 && "Other regions are not supported yet.");
> +}
> +
> // Cast 'pointer to array' to 'pointer to the first element of array'.
>
> SVal RegionStoreManager::ArrayToPointer(SVal Array) {
>
> Modified: cfe/trunk/lib/Analysis/SVals.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=59869&r1=59868&r2=59869&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/SVals.cpp (original)
> +++ cfe/trunk/lib/Analysis/SVals.cpp Sat Nov 22 07:21:46 2008
> @@ -253,6 +253,11 @@
>                               I->getType()- 
> >isUnsignedIntegerType())));
> }
>
> +NonLoc NonLoc::MakeVal(BasicValueFactory& BasicVals, const  
> llvm::APInt& I,
> +                       bool isUnsigned) {
> +  return nonloc::ConcreteInt(BasicVals.getValue(I, isUnsigned));
> +}
> +
> NonLoc NonLoc::MakeIntTruthVal(BasicValueFactory& BasicVals, bool b) {
>   return nonloc::ConcreteInt(BasicVals.getTruthValue(b));
> }
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits




More information about the cfe-commits mailing list