[cfe-commits] r68757 - in /cfe/trunk: lib/Analysis/GRExprEngine.cpp test/Analysis/misc-ps.m

Ted Kremenek kremenek at apple.com
Thu Apr 9 17:59:52 PDT 2009 

Author: kremenek
Date: Thu Apr  9 19:59:50 2009
New Revision: 68757

URL: http://llvm.org/viewvc/llvm-project?rev=68757&view=rev
Log:
Fix: <rdar://problem/6776949> Branch condition evaluates to an uninitialized value (argc is guaranteed to be >= 1)

The analyzer now adds the precondition that the first argument of 'main' is > 0.

Modified:
    cfe/trunk/lib/Analysis/GRExprEngine.cpp
    cfe/trunk/test/Analysis/misc-ps.m

Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=68757&r1=68756&r2=68757&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Thu Apr  9 19:59:50 2009
@@ -161,7 +161,31 @@
 }
 
 const GRState* GRExprEngine::getInitialState() {
-  return StateMgr.getInitialState();
+  const GRState *state = StateMgr.getInitialState();
+  
+  // Precondition: the first argument of 'main' is an integer guaranteed
+  //  to be > 0.
+  // FIXME: It would be nice if we had a more general mechanism to add
+  // such preconditions.  Some day.
+  if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(&StateMgr.getCodeDecl()))
+    if (strcmp(FD->getIdentifier()->getName(), "main") == 0 &&
+        FD->getNumParams() > 0) {
+      const ParmVarDecl *PD = FD->getParamDecl(0);
+      QualType T = PD->getType();
+      if (T->isIntegerType())
+        if (const MemRegion *R = StateMgr.getRegion(PD)) {
+          SVal V = GetSVal(state, loc::MemRegionVal(R));
+          SVal Constraint = EvalBinOp(BinaryOperator::GT, V,
+                                      ValMgr.makeZeroVal(T),
+                                      getContext().IntTy);          
+          bool isFeasible = false;          
+          const GRState *newState = Assume(state, Constraint, true,
+                                           isFeasible);
+          if (newState) state = newState;
+        }
+    }
+  
+  return state;
 }
 
 //===----------------------------------------------------------------------===//

Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=68757&r1=68756&r2=68757&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Thu Apr  9 19:59:50 2009
@@ -245,3 +245,25 @@
   *p = 1; // expected-warning{{Dereference of null pointer}}  
 }
 
+// <rdar://problem/6776949>
+// main's 'argc' argument is always > 0
+int main(int argc, char* argv[]) {
+  int *p = 0;
+
+  if (argc == 0)
+    *p = 1;
+
+  if (argc == 1)
+    return 1;
+
+  int x = 1;
+  int i;
+  
+  for(i=1;i<argc;i++){
+    p = &x;
+  }
+
+  return *p; // no-warning
+}
+
+

More information about the cfe-commits mailing list