[cfe-commits] r71685 - in /cfe/trunk: lib/Analysis/CFRefCount.cpp test/Analysis/pr4209.m

Ted Kremenek kremenek at apple.com
Wed May 13 11:16:12 PDT 2009 

Author: kremenek
Date: Wed May 13 13:16:01 2009
New Revision: 71685

URL: http://llvm.org/viewvc/llvm-project?rev=71685&view=rev
Log:
Fix crasher reported in PR 4209 caused by an invalid summary
generation when EvalObjCMessageExpr() did not resolve the
ObjCInterfaceDecl* for a receiver when the receiver's symbolic value
wasn't being explicitly tracked.

Added:
    cfe/trunk/test/Analysis/pr4209.m
Modified:
    cfe/trunk/lib/Analysis/CFRefCount.cpp

Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=71685&r1=71684&r2=71685&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/lib/Analysis/CFRefCount.cpp Wed May 13 13:16:01 2009
@@ -439,6 +439,9 @@
 
   ObjCSummaryKey(const ObjCInterfaceDecl* d, Selector s)
     : II(d ? d->getIdentifier() : 0), S(s) {}
+
+  ObjCSummaryKey(const ObjCInterfaceDecl* d, IdentifierInfo *ii, Selector s)
+    : II(d ? d->getIdentifier() : ii), S(s) {}
   
   ObjCSummaryKey(Selector s)
     : II(0), S(s) {}
@@ -1265,7 +1268,7 @@
   updateSummaryFromAnnotations(*Summ, MD);
   
   // Memoize the summary.
-  ObjCMethodSummaries[ObjCSummaryKey(ClsName, S)] = Summ;
+  ObjCMethodSummaries[ObjCSummaryKey(ID, ClsName, S)] = Summ;
   return Summ;
 }
 
@@ -1288,7 +1291,7 @@
   updateSummaryFromAnnotations(*Summ, MD);
 
   // Memoize the summary.
-  ObjCClassMethodSummaries[ObjCSummaryKey(ClsName, S)] = Summ;
+  ObjCClassMethodSummaries[ObjCSummaryKey(ID, ClsName, S)] = Summ;
   return Summ;
 }
 
@@ -2926,7 +2929,7 @@
   if (Expr* Receiver = ME->getReceiver()) {
     // We need the type-information of the tracked receiver object
     // Retrieve it from the state.
-    ObjCInterfaceDecl* ID = 0;
+    const ObjCInterfaceDecl* ID = 0;
 
     // FIXME: Wouldn't it be great if this code could be reduced?  It's just
     // a chain of lookups.
@@ -2948,7 +2951,16 @@
         }
       }
     }
-    
+
+    // FIXME: this is a hack.  This may or may not be the actual method
+    //  that is called.
+    if (!ID) {
+      if (const PointerType *PT = Receiver->getType()->getAsPointerType())
+        if (const ObjCInterfaceType *p =
+            PT->getPointeeType()->getAsObjCInterfaceType())
+          ID = p->getDecl();
+    }
+
     // FIXME: The receiver could be a reference to a class, meaning that
     //  we should use the class method.
     Summ = Summaries.getInstanceMethodSummary(ME, ID);

Added: cfe/trunk/test/Analysis/pr4209.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/pr4209.m?rev=71685&view=auto

==============================================================================
--- cfe/trunk/test/Analysis/pr4209.m (added)
+++ cfe/trunk/test/Analysis/pr4209.m Wed May 13 13:16:01 2009
@@ -0,0 +1,70 @@
+// RUN: clang-cc -triple i386-apple-darwin9 -analyze -checker-cfref -verify %s &&
+// RUN: clang-cc -triple i386-apple-darwin9 -analyze -checker-cfref -analyzer-store=region -verify %s
+
+// This test case was crashing due to how CFRefCount.cpp resolved the
+// ObjCInterfaceDecl* and ClassName in EvalObjCMessageExpr.
+
+typedef signed char BOOL;
+typedef unsigned int NSUInteger;
+typedef struct _NSZone NSZone;
+ at class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
+ at protocol NSObject  - (BOOL)isEqual:(id)object;
+ at end  @protocol NSCopying  - (id)copyWithZone:(NSZone *)zone;
+ at end  @protocol NSMutableCopying  - (id)mutableCopyWithZone:(NSZone *)zone;
+ at end  @protocol NSCoding  - (void)encodeWithCoder:(NSCoder *)aCoder;
+ at end    @interface NSObject <NSObject> {
+}
+ at end  typedef float CGFloat;
+typedef struct _NSPoint {
+}
+NSFastEnumerationState;
+ at protocol NSFastEnumeration  - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len;
+ at end        @class NSString;
+ at interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration>  - (NSUInteger)count;
+ at end    @interface NSMutableArray : NSArray  - (void)addObject:(id)anObject;
+ at end         typedef unsigned short unichar;
+ at interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding>    - (NSUInteger)length;
+- (int)intValue;
+ at end @interface NSSimpleCString : NSString {
+}
+ at end  @interface NSConstantString : NSSimpleCString @end   extern void *_NSConstantStringClassReference;
+ at interface NSDictionary : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration>  - (NSUInteger)count;
+ at end    @interface NSMutableDictionary : NSDictionary  - (void)removeObjectForKey:(id)aKey;
+ at end       typedef struct {
+}
+CMProfileLocation;
+ at interface NSResponder : NSObject <NSCoding> {
+}
+ at end  @class NSAttributedString, NSEvent, NSFont, NSFormatter, NSImage, NSMenu, NSText, NSView;
+ at interface NSCell : NSObject <NSCopying, NSCoding> {
+}
+ at end  extern NSString *NSControlTintDidChangeNotification;
+ at interface NSActionCell : NSCell {
+}
+ at end  @class NSArray, NSDocument, NSWindow;
+ at interface NSWindowController : NSResponder <NSCoding> {
+}
+ at end         @class EBayCategoryType, GSEbayCategory, GBSearchRequest;
+ at interface GBCategoryChooserPanelController : NSWindowController {
+  GSEbayCategory *rootCategory;
+}
+- (NSMutableDictionary*)categoryDictionaryForCategoryID:(int)inID inRootTreeCategories:(NSMutableArray*)inRootTreeCategories;
+-(NSString*) categoryID;
+ at end @interface GSEbayCategory : NSObject <NSCoding> {
+}
+- (int) categoryID;
+- (GSEbayCategory *) parent;
+- (GSEbayCategory*) subcategoryWithID:(int) inID;
+ at end   @implementation GBCategoryChooserPanelController  + (int) chooseCategoryIDFromCategories:(NSArray*) inCategories        searchRequest:(GBSearchRequest*)inRequest         parentWindow:(NSWindow*) inParent {
+}
+- (void) addCategory:(EBayCategoryType*)inCategory toRootTreeCategory:(NSMutableArray*)inRootTreeCategories {
+  GSEbayCategory *category = [rootCategory subcategoryWithID:[[inCategory categoryID] intValue]];
+  if (rootCategory != category)  {
+    GSEbayCategory *parent = category;
+    while ((((void*)0) != (parent = [parent parent])) && ([parent categoryID] != 0))   {
+      NSMutableDictionary *treeCategoryDict = [self categoryDictionaryForCategoryID:[parent categoryID] inRootTreeCategories:inRootTreeCategories];
+      if (((void*)0) == treeCategoryDict)    {
+      }
+    }
+  }
+}

More information about the cfe-commits mailing list