[cfe-commits] r68373 - in /cfe/trunk: include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/BasicStore.cpp lib/Analysis/GRExprEngine.cpp lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp
Zhongxing Xu
xuzhongxing at gmail.com
Fri Apr 3 00:33:14 PDT 2009
Author: zhongxingxu
Date: Fri Apr 3 02:33:13 2009
New Revision: 68373
URL: http://llvm.org/viewvc/llvm-project?rev=68373&view=rev
Log:
This is the first step to gradually remove the use of loc::SymbolVal. Now
when creating symbolic values, we distinguish between location and non-location
values. For location values, we create a symbolic region instead of a
loc::SymbolVal.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
cfe/trunk/lib/Analysis/BasicStore.cpp
cfe/trunk/lib/Analysis/GRExprEngine.cpp
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/lib/Analysis/SVals.cpp
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=68373&r1=68372&r2=68373&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Fri Apr 3 02:33:13 2009
@@ -28,6 +28,7 @@
class CompoundValData;
class BasicValueFactory;
class MemRegion;
+class MemRegionManager;
class GRStateManager;
class SVal {
@@ -72,7 +73,8 @@
}
/// GetRValueSymbolVal - make a unique symbol for value of R.
- static SVal GetRValueSymbolVal(SymbolManager& SymMgr, const MemRegion* R);
+ static SVal GetRValueSymbolVal(SymbolManager& SymMgr, MemRegionManager& MRMgr,
+ const MemRegion* R);
static SVal GetConjuredSymbolVal(SymbolManager& SymMgr, const Expr *E,
unsigned Count);
Modified: cfe/trunk/lib/Analysis/BasicStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicStore.cpp?rev=68373&r1=68372&r2=68373&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/BasicStore.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicStore.cpp Fri Apr 3 02:33:13 2009
@@ -125,6 +125,9 @@
}
void print(Store store, std::ostream& Out, const char* nl, const char *sep);
+
+private:
+ ASTContext& getContext() { return StateMgr.getContext(); }
};
} // end anonymous namespace
@@ -273,9 +276,10 @@
break;
}
- // FIXME: Handle SymbolRegions? Shouldn't be possible in
- // BasicStoreManager.
- assert(!isa<SymbolicRegion>(R));
+ if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(R)) {
+ SymbolRef Sym = SR->getSymbol();
+ BaseR = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
+ }
break;
}
@@ -477,7 +481,7 @@
SelfRegion);
SVal X = SVal::GetRValueSymbolVal(StateMgr.getSymbolManager(),
- IVR);
+ MRMgr, IVR);
St = BindInternal(St, Loc::MakeVal(IVR), X);
}
@@ -534,7 +538,7 @@
const MemRegion *R = StateMgr.getRegion(VD);
SVal X = (VD->hasGlobalStorage() || isa<ParmVarDecl>(VD) ||
isa<ImplicitParamDecl>(VD))
- ? SVal::GetRValueSymbolVal(StateMgr.getSymbolManager(), R)
+ ? SVal::GetRValueSymbolVal(StateMgr.getSymbolManager(), MRMgr,R)
: UndefinedVal();
St = BindInternal(St, Loc::MakeVal(R), X);
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=68373&r1=68372&r2=68373&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Fri Apr 3 02:33:13 2009
@@ -1138,7 +1138,7 @@
bool isFeasibleNull = false;
GRStateRef StNull = GRStateRef(Assume(state, LV, false, isFeasibleNull),
getStateManager());
-
+
if (isFeasibleNull) {
// Use the Generic Data Map to mark in the state what lval was null.
@@ -1920,7 +1920,22 @@
// to a desugared type.
assert(Loc::IsLocType(T));
- assert(Loc::IsLocType(ExTy));
+ // We get a symbolic function pointer for a dereference of a function
+ // pointer, but it is of function type. Example:
+
+ // struct FPRec {
+ // void (*my_func)(int * x);
+ // };
+ //
+ // int bar(int x);
+ //
+ // int f1_a(struct FPRec* foo) {
+ // int x;
+ // (*foo->my_func)(&x);
+ // return bar(x)+1; // no-warning
+ // }
+
+ assert(Loc::IsLocType(ExTy) || ExTy->isFunctionType());
const MemRegion* R = RV->getRegion();
StoreManager& StoreMgr = getStoreManager();
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=68373&r1=68372&r2=68373&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Fri Apr 3 02:33:13 2009
@@ -360,6 +360,10 @@
switch (BaseL.getSubKind()) {
case loc::MemRegionKind:
BaseR = cast<loc::MemRegionVal>(BaseL).getRegion();
+ if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(BaseR)) {
+ SymbolRef Sym = SR->getSymbol();
+ BaseR = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
+ }
break;
case loc::SymbolValKind: {
@@ -412,13 +416,20 @@
const TypedRegion* BaseRegion = 0;
if (isa<loc::SymbolVal>(Base)) {
+ // FIXME: This case will be removed.
SymbolRef Sym = cast<loc::SymbolVal>(Base).getSymbol();
SymbolicRegion* SR = MRMgr.getSymbolicRegion(Sym);
// Layer the type information.
BaseRegion = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
- }
- else
- BaseRegion = cast<TypedRegion>(cast<loc::MemRegionVal>(Base).getRegion());
+ } else {
+ const MemRegion* R = cast<loc::MemRegionVal>(Base).getRegion();
+ if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(R)) {
+ SymbolRef Sym = SR->getSymbol();
+ BaseRegion = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
+ }
+ else
+ BaseRegion = cast<TypedRegion>(R);
+ }
// Pointer of any type can be cast and used as array base.
const ElementRegion *ElemR = dyn_cast<ElementRegion>(BaseRegion);
@@ -617,8 +628,11 @@
if (!isa<loc::MemRegionVal>(L))
return UnknownVal();
- const TypedRegion* TR
- = cast<TypedRegion>(cast<loc::MemRegionVal>(L).getRegion());
+ const MemRegion* MR = cast<loc::MemRegionVal>(L).getRegion();
+ if (isa<SymbolicRegion>(MR))
+ return UnknownVal();
+
+ const TypedRegion* TR = cast<TypedRegion>(MR);
const ElementRegion* ER = dyn_cast<ElementRegion>(TR);
@@ -683,10 +697,17 @@
if (isa<loc::FuncVal>(L))
return L;
+ const MemRegion* MR = cast<loc::MemRegionVal>(L).getRegion();
+
+ // We return unknown for symbolic region for now. This might be improved.
+ // Example:
+ // void f(int* p) { int x = *p; }
+ if (isa<SymbolicRegion>(MR))
+ return UnknownVal();
+
// FIXME: Perhaps this method should just take a 'const MemRegion*' argument
// instead of 'Loc', and have the other Loc cases handled at a higher level.
- const TypedRegion* R
- = cast<TypedRegion>(cast<loc::MemRegionVal>(L).getRegion());
+ const TypedRegion* R = cast<TypedRegion>(MR);
assert(R && "bad region");
// FIXME: We should eventually handle funny addressing. e.g.:
@@ -735,7 +756,7 @@
if (SR == SelfRegion) {
// FIXME: Do we need to handle the case where the super region
// has a view? We want to canonicalize the bindings.
- return SVal::GetRValueSymbolVal(getSymbolManager(), R);
+ return SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, R);
}
// Otherwise, we need a new symbol. For now return Unknown.
@@ -757,7 +778,7 @@
VD->hasGlobalStorage()) {
QualType VTy = VD->getType();
if (Loc::IsLocType(VTy) || VTy->isIntegerType())
- return SVal::GetRValueSymbolVal(getSymbolManager(), VR);
+ return SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, VR);
else
return UnknownVal();
}
@@ -773,7 +794,7 @@
// All other integer values are symbolic.
if (Loc::IsLocType(RTy) || RTy->isIntegerType())
- return SVal::GetRValueSymbolVal(getSymbolManager(), R);
+ return SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, R);
else
return UnknownVal();
}
@@ -811,7 +832,7 @@
if (MRMgr.onStack(FR) || MRMgr.onHeap(FR))
FieldValue = UndefinedVal();
else
- FieldValue = SVal::GetRValueSymbolVal(getSymbolManager(), FR);
+ FieldValue = SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, FR);
}
StructVal = getBasicVals().consVals(FieldValue, StructVal);
Modified: cfe/trunk/lib/Analysis/SVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=68373&r1=68372&r2=68373&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/SVals.cpp (original)
+++ cfe/trunk/lib/Analysis/SVals.cpp Fri Apr 3 02:33:13 2009
@@ -264,14 +264,15 @@
return nonloc::CompoundVal(BasicVals.getCompoundValData(T, Vals));
}
-SVal SVal::GetRValueSymbolVal(SymbolManager& SymMgr, const MemRegion* R) {
+SVal SVal::GetRValueSymbolVal(SymbolManager& SymMgr, MemRegionManager& MRMgr,
+ const MemRegion* R) {
SymbolRef sym = SymMgr.getRegionRValueSymbol(R);
if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
QualType T = TR->getRValueType(SymMgr.getContext());
if (Loc::IsLocType(T))
- return Loc::MakeVal(sym);
+ return Loc::MakeVal(MRMgr.getSymbolicRegion(sym));
// Only handle integers for now.
if (T->isIntegerType())
More information about the cfe-commits
mailing list