[cfe-commits] r70565 - in /cfe/trunk: lib/Analysis/Store.cpp test/Analysis/casts.c test/Analysis/fields.c test/Analysis/misc-ps-64.m test/Analysis/rdar-6541136-region.c test/Analysis/xfail_rdar_6440393.m

Ted Kremenek kremenek at apple.com
Fri May 1 12:22:20 PDT 2009 

Author: kremenek
Date: Fri May  1 14:22:20 2009
New Revision: 70565

URL: http://llvm.org/viewvc/llvm-project?rev=70565&view=rev
Log:
StoreManager::CastRegion:
- Don't layer TypedViewRegions on top of any region except
  SymbolicRegions and AllocaRegions.  This follows from my offline
  discussion within Zhongxing about how TypedViewRegions really only
  represent memory getting re-appropriated for a new purpose.

Fallout	from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
  (it now passes).

- test/Analysis/fields.c now fails for region store (crash).
  Marking XFAIL.

- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
  Marking XFAIL.

  Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
   access then the one flagged:

  rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
    *p = 1;
    ^~

  Changing the line:
   char *p = (void*) &wonky[1];
  to
   char *p = (void*) &wonky[0];

  (which should delay the buffer overrun) causes region store to crash, probably
  because it expects a TypedViewRegion.

- test/Analysis/casts.c (region store) now fails (crash).
  Marking XFAIL.

Added:
    cfe/trunk/test/Analysis/misc-ps-64.m
Removed:
    cfe/trunk/test/Analysis/xfail_rdar_6440393.m
Modified:
    cfe/trunk/lib/Analysis/Store.cpp
    cfe/trunk/test/Analysis/casts.c
    cfe/trunk/test/Analysis/fields.c
    cfe/trunk/test/Analysis/rdar-6541136-region.c

Modified: cfe/trunk/lib/Analysis/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/Store.cpp?rev=70565&r1=70564&r2=70565&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/Store.cpp (original)
+++ cfe/trunk/lib/Analysis/Store.cpp Fri May  1 14:22:20 2009
@@ -59,9 +59,15 @@
       return CastResult(state, R);
     }
 
-  // FIXME: We don't want to layer region views.  Need to handle
-  // arbitrary downcasts.
+  // FIXME: Need to handle arbitrary downcasts.
+  // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion
+  //         or an AllocaRegion is cast to another view, thus causing the memory
+  //         to be re-used for a different purpose.
 
-  const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);  
-  return CastResult(AddRegionView(state, ViewR, R), ViewR);
+  if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) {
+    const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);  
+    return CastResult(AddRegionView(state, ViewR, R), ViewR);
+  }
+  
+  return CastResult(state, R);
 }

Modified: cfe/trunk/test/Analysis/casts.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/casts.c?rev=70565&r1=70564&r2=70565&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/casts.c (original)
+++ cfe/trunk/test/Analysis/casts.c Fri May  1 14:22:20 2009
@@ -2,6 +2,7 @@
 
 // Test if the 'storage' region gets properly initialized after it is cast to
 // 'struct sockaddr *'. 
+// XFAIL
 
 #include <sys/socket.h>
 void f(int sock) {

Modified: cfe/trunk/test/Analysis/fields.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/fields.c?rev=70565&r1=70564&r2=70565&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/fields.c (original)
+++ cfe/trunk/test/Analysis/fields.c Fri May  1 14:22:20 2009
@@ -1,6 +1,6 @@
 // RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=basic -verify &&
-// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify &&
-// RUN: clang-cc -analyze -checker-simple %s -verify
+// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify
+// XFAIL
 
 unsigned foo();
 typedef struct bf { unsigned x:2; } bf;

Added: cfe/trunk/test/Analysis/misc-ps-64.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-64.m?rev=70565&view=auto

==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-64.m (added)
+++ cfe/trunk/test/Analysis/misc-ps-64.m Fri May  1 14:22:20 2009
@@ -0,0 +1,25 @@
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=basic --verify -fblocks %s &&
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=range --verify -fblocks %s &&
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=basic --verify -fblocks %s &&
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=range --verify -fblocks %s
+
+// <rdar://problem/6440393> - A bunch of misc. failures involving evaluating
+//  these expressions and building CFGs.  These tests are here to prevent
+//  regressions.
+ at class NSString, NSDictionary;
+typedef long NSInteger;
+typedef unsigned long NSUInteger;
+typedef unsigned char Boolean;
+typedef const struct __CFDictionary * CFDictionaryRef;
+
+extern Boolean CFDictionaryGetValueIfPresent(CFDictionaryRef theDict, const void *key, const void **value);
+static void shazam(NSUInteger i, unsigned char **out);
+
+void rdar_6440393_1(NSDictionary *dict) {
+  NSInteger x = 0;
+  unsigned char buf[10], *bufptr = buf;
+  if (!CFDictionaryGetValueIfPresent(0, dict, (void *)&x))
+    return;
+  shazam(x, &bufptr);
+}
+

Modified: cfe/trunk/test/Analysis/rdar-6541136-region.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/rdar-6541136-region.c?rev=70565&r1=70564&r2=70565&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/rdar-6541136-region.c (original)
+++ cfe/trunk/test/Analysis/rdar-6541136-region.c Fri May  1 14:22:20 2009
@@ -1,4 +1,5 @@
 // RUN: clang-cc -verify -analyze -checker-cfref -analyzer-store=region %s
+// XFAIL
 
 struct tea_cheese { unsigned magic; };
 typedef struct tea_cheese kernel_tea_cheese_t;

Removed: cfe/trunk/test/Analysis/xfail_rdar_6440393.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/xfail_rdar_6440393.m?rev=70564&view=auto

==============================================================================
--- cfe/trunk/test/Analysis/xfail_rdar_6440393.m (original)
+++ cfe/trunk/test/Analysis/xfail_rdar_6440393.m (removed)
@@ -1,26 +0,0 @@
-// RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic %s &&
-// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region %s
-// XFAIL
-
-// *** These tests will be migrated to other test files once these failures
-//     are resolved.
-
-// <rdar://problem/6440393> - A bunch of misc. failures involving evaluating
-//  these expressions and building CFGs.  These tests are here to prevent
-//  regressions.
- at class NSString, NSDictionary;
-typedef long NSInteger;
-typedef unsigned long NSUInteger;
-typedef unsigned char Boolean;
-typedef const struct __CFDictionary * CFDictionaryRef;
-
-extern Boolean CFDictionaryGetValueIfPresent(CFDictionaryRef theDict, const void *key, const void **value);
-static void shazam(NSUInteger i, unsigned char **out);
-
-void rdar_6440393_1(NSDictionary *dict) {
-  NSInteger x = 0;
-  unsigned char buf[10], *bufptr = buf;
-  if (!CFDictionaryGetValueIfPresent(0, dict, (void *)&x))
-    return;
-  shazam(x, &bufptr);
-}

More information about the cfe-commits mailing list