[cfe-commits] r71548 - in /cfe/trunk: include/clang/Analysis/PathSensitive/MemRegion.h include/clang/Analysis/PathSensitive/SVals.h include/clang/Analysis/PathSensitive/Store.h lib/Analysis/CFRefCount.cpp lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp test/Analysis/array-struct.c
Zhongxing Xu
xuzhongxing at gmail.com
Tue May 12 03:10:39 PDT 2009
Author: zhongxingxu
Date: Tue May 12 05:10:00 2009
New Revision: 71548
URL: http://llvm.org/viewvc/llvm-project?rev=71548&view=rev
Log:
Add logic for invalidating array region to CFRefCount.cpp. When invalidating
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.
Also fix some 80 columns violations.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/MemRegion.h
cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
cfe/trunk/lib/Analysis/CFRefCount.cpp
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/lib/Analysis/SVals.cpp
cfe/trunk/test/Analysis/array-struct.c
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/MemRegion.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/MemRegion.h?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/MemRegion.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/MemRegion.h Tue May 12 05:10:00 2009
@@ -217,6 +217,7 @@
}
bool isDeclared() const { return codekind == Declared; }
+ bool isSymbolic() const { return codekind == Symbolic; }
const FunctionDecl* getDecl() const {
assert(codekind == Declared);
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Tue May 12 05:10:00 2009
@@ -90,6 +90,9 @@
bool isZeroConstant() const;
+ /// hasConjuredSymbol - If this SVal wraps a conjured symbol, return true;
+ bool hasConjuredSymbol() const;
+
/// getAsFunctionDecl - If this SVal is a MemRegionVal and wraps a
/// CodeTextRegion wrapping a FunctionDecl, return that FunctionDecl.
/// Otherwise return 0.
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Store.h?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Store.h Tue May 12 05:10:00 2009
@@ -161,6 +161,11 @@
return St;
}
+ virtual const GRState* setDefaultValue(const GRState* St,
+ const MemRegion* R, SVal V) {
+ return St;
+ }
+
virtual void print(Store store, std::ostream& Out,
const char* nl, const char *sep) = 0;
Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/lib/Analysis/CFRefCount.cpp Tue May 12 05:10:00 2009
@@ -1721,7 +1721,7 @@
void ProcessNonLeakError(ExplodedNodeSet<GRState>& Dst,
GRStmtNodeBuilder<GRState>& Builder,
- Expr* NodeExpr, Expr* ErrorExpr,
+ Expr* NodeExpr, Expr* ErrorExpr,
ExplodedNode<GRState>* Pred,
const GRState* St,
RefVal::Kind hasErr, SymbolRef Sym);
@@ -1767,7 +1767,7 @@
Expr* Ex,
Expr* Receiver,
const RetainSummary& Summ,
- ExprIterator arg_beg, ExprIterator arg_end,
+ ExprIterator arg_beg, ExprIterator arg_end,
ExplodedNode<GRState>* Pred);
virtual void EvalCall(ExplodedNodeSet<GRState>& Dst,
@@ -1995,7 +1995,7 @@
CFRefReport(CFRefBug& D, const CFRefCount &tf,
ExplodedNode<GRState> *n, SymbolRef sym, const char* endText)
- : RangedBugReport(D, D.getDescription(), endText, n), Sym(sym), TF(tf) {}
+ : RangedBugReport(D, D.getDescription(), endText, n), Sym(sym), TF(tf) {}
virtual ~CFRefReport() {}
@@ -2302,7 +2302,7 @@
if (PrevV.getAutoreleaseCount() == CurrV.getAutoreleaseCount())
return 0;
- assert(PrevV.getAutoreleaseCount() < CurrV.getAutoreleaseCount());
+ assert(PrevV.getAutoreleaseCount() < CurrV.getAutoreleaseCount());
os << "Object sent -autorelease message";
break;
}
@@ -2623,8 +2623,10 @@
ExplodedNode<GRState>* Pred) {
// Get the state.
- GRStateRef state(Builder.GetState(Pred), Eng.getStateManager());
- ASTContext& Ctx = Eng.getStateManager().getContext();
+ GRStateManager& StateMgr = Eng.getStateManager();
+ GRStateRef state(Builder.GetState(Pred), StateMgr);
+ ASTContext& Ctx = StateMgr.getContext();
+ ValueManager &ValMgr = Eng.getValueManager();
// Evaluate the effect of the arguments.
RefVal::Kind hasErr = (RefVal::Kind) 0;
@@ -2680,7 +2682,7 @@
// with an interface to StoreManager so that this logic can be
// approriately delegated to the respective StoreManagers while
// still allowing us to do checker-specific logic (e.g.,
- // invalidating reference counts), probably via callbacks.
+ // invalidating reference counts), probably via callbacks.
if (ER->getElementType()->isIntegralType()) {
const MemRegion *superReg = ER->getSuperRegion();
if (isa<VarRegion>(superReg) || isa<FieldRegion>(superReg) ||
@@ -2730,15 +2732,21 @@
QualType FT = FD->getType();
if (Loc::IsLocType(FT) ||
- (FT->isIntegerType() && FT->isScalarType())) {
+ (FT->isIntegerType() && FT->isScalarType())) {
const FieldRegion* FR = MRMgr.getFieldRegion(FD, R);
- ValueManager &ValMgr = Eng.getValueManager();
+
SVal V = ValMgr.getConjuredSymbolVal(*I, FT, Count);
state = state.BindLoc(Loc::MakeVal(FR), V);
}
}
- }
- else {
+ } else if (const ArrayType *AT = Ctx.getAsArrayType(T)) {
+ // Set the default value of the array to conjured symbol.
+ StoreManager& StoreMgr = Eng.getStateManager().getStoreManager();
+ SVal V = ValMgr.getConjuredSymbolVal(*I, AT->getElementType(),
+ Count);
+ state = GRStateRef(StoreMgr.setDefaultValue(state, R, V),
+ StateMgr);
+ } else {
// Just blast away other values.
state = state.BindLoc(*MR, UnknownVal());
}
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Tue May 12 05:10:00 2009
@@ -276,7 +276,7 @@
void iterBindings(Store store, BindingsHandler& f) {
// FIXME: Implement.
}
-
+ const GRState* setDefaultValue(const GRState* St, const MemRegion* R, SVal V);
private:
const GRState* BindArray(const GRState* St, const TypedRegion* R, SVal V);
@@ -759,8 +759,13 @@
const MemRegion* SuperR = cast<SubRegion>(R)->getSuperRegion();
GRStateTrait<RegionDefaultValue>::lookup_type D =
state.get<RegionDefaultValue>(SuperR);
- if (D)
- return *D;
+ if (D) {
+ // If the default value is symbolic, we need to create a new symbol.
+ if (D->hasConjuredSymbol())
+ return ValMgr.getRegionValueSymbolVal(R);
+ else
+ return *D;
+ }
}
if (const ObjCIvarRegion *IVR = dyn_cast<ObjCIvarRegion>(R)) {
@@ -1274,3 +1279,9 @@
GRStateRef state(St, StateMgr);
return state.set<RegionCasts>(R, T);
}
+
+const GRState* RegionStoreManager::setDefaultValue(const GRState* St,
+ const MemRegion* R, SVal V) {
+ GRStateRef state(St, StateMgr);
+ return state.set<RegionDefaultValue>(R, V);
+}
Modified: cfe/trunk/lib/Analysis/SVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/SVals.cpp (original)
+++ cfe/trunk/lib/Analysis/SVals.cpp Tue May 12 05:10:00 2009
@@ -30,6 +30,31 @@
// Utility methods.
//===----------------------------------------------------------------------===//
+bool SVal::hasConjuredSymbol() const {
+ if (const nonloc::SymbolVal* SV = dyn_cast<nonloc::SymbolVal>(this)) {
+ SymbolRef sym = SV->getSymbol();
+ if (isa<SymbolConjured>(sym))
+ return true;
+ }
+
+ if (const loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(this)) {
+ const MemRegion *R = RV->getRegion();
+ if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R)) {
+ SymbolRef sym = SR->getSymbol();
+ if (isa<SymbolConjured>(sym))
+ return true;
+ } else if (const CodeTextRegion *CTR = dyn_cast<CodeTextRegion>(R)) {
+ if (CTR->isSymbolic()) {
+ SymbolRef sym = CTR->getSymbol();
+ if (isa<SymbolConjured>(sym))
+ return true;
+ }
+ }
+ }
+
+ return false;
+}
+
const FunctionDecl* SVal::getAsFunctionDecl() const {
if (const loc::MemRegionVal* X = dyn_cast<loc::MemRegionVal>(this)) {
const MemRegion* R = X->getRegion();
Modified: cfe/trunk/test/Analysis/array-struct.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/array-struct.c?rev=71548&r1=71547&r2=71548&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/array-struct.c (original)
+++ cfe/trunk/test/Analysis/array-struct.c Tue May 12 05:10:00 2009
@@ -132,3 +132,13 @@
void f14() {
struct s3 my_opt = opt;
}
+
+void bar(int*);
+
+// Test if the array is correctly invalidated.
+void f15() {
+ int a[10];
+ bar(a);
+ if (a[1]) // no-warning
+ 1;
+}
More information about the cfe-commits
mailing list