[cfe-commits] r61155 - in /cfe/trunk: include/clang/Analysis/PathSensitive/GRState.h lib/Analysis/BasicConstraintManager.cpp test/Analysis/NSString.m

Wed Dec 17 13:50:38 PST 2008

Author: kremenek
Date: Wed Dec 17 15:50:35 2008
New Revision: 61155

URL: http://llvm.org/viewvc/llvm-project?rev=61155&view=rev
Log:
CF-retain/release checker:
- Fix regression reported in <rdar://problem/6452745>.  After a null check, null references to resources should not have a retain count.  This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.

Modified:
    cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
    cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
    cfe/trunk/test/Analysis/NSString.m

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h?rev=61155&r1=61154&r2=61155&view=diff

==============================================================================

--- cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRState.h Wed Dec 17 15:50:35 2008
@@ -325,6 +325,7 @@
         
   ASTContext& getContext() { return BasicVals.getContext(); }
   const Decl& getCodeDecl() { return codedecl; }
+  GRTransferFuncs& getTransferFuncs() { return *TF; }
   BasicValueFactory& getBasicVals() { return BasicVals; }
   const BasicValueFactory& getBasicVals() const { return BasicVals; }
   SymbolManager& getSymbolManager() { return SymMgr; }

Modified: cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicConstraintManager.cpp?rev=61155&r1=61154&r2=61155&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/BasicConstraintManager.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicConstraintManager.cpp Wed Dec 17 15:50:35 2008
@@ -15,6 +15,7 @@
 #include "clang/Analysis/PathSensitive/ConstraintManager.h"
 #include "clang/Analysis/PathSensitive/GRState.h"
 #include "clang/Analysis/PathSensitive/GRStateTrait.h"
+#include "clang/Analysis/PathSensitive/GRTransferFuncs.h"
 #include "llvm/Support/Compiler.h"
 #include "llvm/Support/raw_ostream.h"
 
@@ -115,8 +116,15 @@
 const GRState* BasicConstraintManager::Assume(const GRState* St, Loc Cond,
                                             bool Assumption, bool& isFeasible) {
   St = AssumeAux(St, Cond, Assumption, isFeasible);
-  // TF->EvalAssume(*this, St, Cond, Assumption, isFeasible)
-  return St;
+  
+  if (!isFeasible)
+    return St;
+  
+  // EvalAssume is used to call into the GRTransferFunction object to perform
+  // any checker-specific update of the state based on this assumption being
+  // true or false.
+  return StateMgr.getTransferFuncs().EvalAssume(StateMgr, St, Cond, Assumption,
+                                                isFeasible);
 }
 
 const GRState* BasicConstraintManager::AssumeAux(const GRState* St, Loc Cond,
@@ -173,8 +181,15 @@
 BasicConstraintManager::Assume(const GRState* St, NonLoc Cond, bool Assumption,
                                bool& isFeasible) {
   St = AssumeAux(St, Cond, Assumption, isFeasible);
-  // TF->EvalAssume() does nothing now.
-  return St;
+  
+  if (!isFeasible)
+    return St;
+  
+  // EvalAssume is used to call into the GRTransferFunction object to perform
+  // any checker-specific update of the state based on this assumption being
+  // true or false.
+  return StateMgr.getTransferFuncs().EvalAssume(StateMgr, St, Cond, Assumption,
+                                                  isFeasible);
 }
 
 const GRState*

Modified: cfe/trunk/test/Analysis/NSString.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/NSString.m?rev=61155&r1=61154&r2=61155&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/NSString.m (original)
+++ cfe/trunk/test/Analysis/NSString.m Wed Dec 17 15:50:35 2008
@@ -15,6 +15,7 @@
 extern const CFAllocatorRef kCFAllocatorDefault;
 extern CFTypeRef CFRetain(CFTypeRef cf);
 typedef const struct __CFDictionary * CFDictionaryRef;
+const void *CFDictionaryGetValue(CFDictionaryRef theDict, const void *key);
 extern CFStringRef CFStringCreateWithFormat(CFAllocatorRef alloc, CFDictionaryRef formatOptions, CFStringRef format, ...);
 typedef signed char BOOL;
 typedef int NSInteger;
@@ -27,6 +28,7 @@
 @protocol NSObject
 - (BOOL)isEqual:(id)object;
 - (oneway void)release;
+- (id)retain;
 @end
 @protocol NSCopying
 - (id)copyWithZone:(NSZone *)zone;
@@ -132,14 +134,22 @@
 }
 
 NSString* f10() {
-  
   static NSString* s = 0;
-  
   if (!s) s = [[NSString alloc] init];
-    
   return s; // no-warning
 }
 
+// Test case for regression reported in <rdar://problem/6452745>.
+// Essentially 's' should not be considered allocated on the false branch.
+// This exercises the 'EvalAssume' logic in GRTransferFuncs (CFRefCount.cpp).
+NSString* f11(CFDictionaryRef dict, const char* key) {
+  NSString* s = (NSString*) CFDictionaryGetValue(dict, key);
+  [s retain];
+  if (s) {
+    [s release];
+  }
+}
+
 @interface C1 : NSObject {}
 - (NSString*) getShared;
 + (C1*) sharedInstance;



