[cfe-commits] r72164 - in /cfe/trunk: include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Analysis/PathSensitive/GRTransferFuncs.h include/clang/Analysis/PathSensitive/Store.h lib/Analysis/GRExprEngine.cpp lib/Analysis/GRSimpleVals.cpp lib/Analysis/GRSimpleVals.h lib/Analysis/RegionStore.cpp test/Analysis/array-struct.c
Zhongxing Xu
xuzhongxing at gmail.com
Wed May 20 02:00:31 PDT 2009
Author: zhongxingxu
Date: Wed May 20 04:00:16 2009
New Revision: 72164
URL: http://llvm.org/viewvc/llvm-project?rev=72164&view=rev
Log:
* API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
RegionStore needs to know the type of alloca region.
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
element region, as what is done to symbolic region.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
cfe/trunk/include/clang/Analysis/PathSensitive/GRTransferFuncs.h
cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
cfe/trunk/lib/Analysis/GRExprEngine.cpp
cfe/trunk/lib/Analysis/GRSimpleVals.cpp
cfe/trunk/lib/Analysis/GRSimpleVals.h
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/test/Analysis/array-struct.c
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Wed May 20 04:00:16 2009
@@ -693,7 +693,8 @@
void EvalBinOp(GRStateSet& OStates, const GRState* St, Expr* Ex,
BinaryOperator::Opcode Op, NonLoc L, NonLoc R, QualType T);
- SVal EvalBinOp(BinaryOperator::Opcode Op, SVal L, SVal R, QualType T);
+ SVal EvalBinOp(const GRState *state, BinaryOperator::Opcode Op, SVal L,SVal R,
+ QualType T);
protected:
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRTransferFuncs.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRTransferFuncs.h?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRTransferFuncs.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRTransferFuncs.h Wed May 20 04:00:16 2009
@@ -67,8 +67,8 @@
// Pointer arithmetic.
- virtual SVal EvalBinOp(GRExprEngine& Engine, BinaryOperator::Opcode Op,
- Loc L, NonLoc R) = 0;
+ virtual SVal EvalBinOp(GRExprEngine& Engine, const GRState *state,
+ BinaryOperator::Opcode Op, Loc L, NonLoc R) = 0;
// Calls.
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Store.h?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Store.h Wed May 20 04:00:16 2009
@@ -137,7 +137,8 @@
QualType CastToTy);
/// EvalBinOp - Perform pointer arithmetic.
- virtual SVal EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R) {
+ virtual SVal EvalBinOp(const GRState *state,
+ BinaryOperator::Opcode Op, Loc L, NonLoc R) {
return UnknownVal();
}
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Wed May 20 04:00:16 2009
@@ -177,7 +177,7 @@
if (T->isIntegerType())
if (const MemRegion *R = StateMgr.getRegion(PD)) {
SVal V = GetSVal(state, loc::MemRegionVal(R));
- SVal Constraint = EvalBinOp(BinaryOperator::GT, V,
+ SVal Constraint = EvalBinOp(state, BinaryOperator::GT, V,
ValMgr.makeZeroVal(T),
getContext().IntTy);
bool isFeasible = false;
@@ -841,7 +841,7 @@
do {
nonloc::ConcreteInt CaseVal(getBasicVals().getValue(V1.Val.getInt()));
- SVal Res = EvalBinOp(BinaryOperator::EQ, CondV, CaseVal,
+ SVal Res = EvalBinOp(DefaultSt, BinaryOperator::EQ, CondV, CaseVal,
getContext().IntTy);
// Now "assume" that the case matches.
@@ -1333,7 +1333,8 @@
SVal oldValueVal = StateMgr.GetSVal(stateLoad, oldValueExpr);
// Perform the comparison.
- SVal Cmp = Engine.EvalBinOp(BinaryOperator::EQ, theValueVal, oldValueVal,
+ SVal Cmp = Engine.EvalBinOp(stateLoad,
+ BinaryOperator::EQ, theValueVal, oldValueVal,
Engine.getContext().IntTy);
bool isFeasible = false;
const GRState *stateEqual = StateMgr.Assume(stateLoad, Cmp, true,
@@ -2622,7 +2623,7 @@
if (isa<Loc>(V)) {
Loc X = Loc::MakeNull(getBasicVals());
- SVal Result = EvalBinOp(BinaryOperator::EQ, cast<Loc>(V), X,
+ SVal Result = EvalBinOp(state,BinaryOperator::EQ, cast<Loc>(V), X,
U->getType());
state = BindExpr(state, U, Result);
}
@@ -2679,7 +2680,8 @@
BinaryOperator::Opcode Op = U->isIncrementOp() ? BinaryOperator::Add
: BinaryOperator::Sub;
- SVal Result = EvalBinOp(Op, V2, MakeConstantVal(1U, U), U->getType());
+ SVal Result = EvalBinOp(state, Op, V2, MakeConstantVal(1U, U),
+ U->getType());
// Conjure a new symbol if necessary to recover precision.
if (Result.isUnknown() || !getConstraintManager().canReasonAbout(Result)){
@@ -2690,7 +2692,7 @@
// non-nullness. Check if the original value was non-null, and if so propagate
// that constraint.
if (Loc::IsLocType(U->getType())) {
- SVal Constraint = EvalBinOp(BinaryOperator::EQ, V2,
+ SVal Constraint = EvalBinOp(state, BinaryOperator::EQ, V2,
ValMgr.makeZeroVal(U->getType()),
getContext().IntTy);
@@ -2699,7 +2701,7 @@
if (!isFeasible) {
// It isn't feasible for the original value to be null.
// Propagate this constraint.
- Constraint = EvalBinOp(BinaryOperator::EQ, Result,
+ Constraint = EvalBinOp(state, BinaryOperator::EQ, Result,
ValMgr.makeZeroVal(U->getType()),
getContext().IntTy);
@@ -2965,7 +2967,7 @@
// Process non-assignements except commas or short-circuited
// logical expressions (LAnd and LOr).
- SVal Result = EvalBinOp(Op, LeftV, RightV, B->getType());
+ SVal Result = EvalBinOp(state, Op, LeftV, RightV, B->getType());
if (Result.isUnknown()) {
if (OldSt != state) {
@@ -3079,7 +3081,8 @@
}
// Compute the result of the operation.
- SVal Result = EvalCast(EvalBinOp(Op, V, RightV, CTy), B->getType());
+ SVal Result = EvalCast(EvalBinOp(state, Op, V, RightV, CTy),
+ B->getType());
if (Result.isUndef()) {
// The operands were not undefined, but the result is undefined.
@@ -3147,8 +3150,8 @@
if (R.isValid()) getTF().EvalBinOpNN(OStates, *this, state, Ex, Op, L, R, T);
}
-SVal GRExprEngine::EvalBinOp(BinaryOperator::Opcode Op, SVal L, SVal R,
- QualType T) {
+SVal GRExprEngine::EvalBinOp(const GRState* state, BinaryOperator::Opcode Op,
+ SVal L, SVal R, QualType T) {
if (L.isUndef() || R.isUndef())
return UndefinedVal();
@@ -3160,7 +3163,7 @@
if (isa<Loc>(R))
return getTF().EvalBinOp(*this, Op, cast<Loc>(L), cast<Loc>(R));
else
- return getTF().EvalBinOp(*this, Op, cast<Loc>(L), cast<NonLoc>(R));
+ return getTF().EvalBinOp(*this, state, Op, cast<Loc>(L), cast<NonLoc>(R));
}
if (isa<Loc>(R)) {
@@ -3170,8 +3173,7 @@
assert (Op == BinaryOperator::Add || Op == BinaryOperator::Sub);
// Commute the operands.
- return getTF().EvalBinOp(*this, Op, cast<Loc>(R),
- cast<NonLoc>(L));
+ return getTF().EvalBinOp(*this, state, Op, cast<Loc>(R), cast<NonLoc>(L));
}
else
return getTF().DetermEvalBinOpNN(*this, Op, cast<NonLoc>(L),
Modified: cfe/trunk/lib/Analysis/GRSimpleVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRSimpleVals.cpp?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRSimpleVals.cpp (original)
+++ cfe/trunk/lib/Analysis/GRSimpleVals.cpp Wed May 20 04:00:16 2009
@@ -257,8 +257,8 @@
}
}
-SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
- Loc L, NonLoc R) {
+SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, const GRState *state,
+ BinaryOperator::Opcode Op, Loc L, NonLoc R) {
// Special case: 'R' is an integer that has the same width as a pointer and
// we are using the integer location in a comparison. Normally this cannot be
@@ -280,7 +280,7 @@
}
// Delegate pointer arithmetic to store manager.
- return Eng.getStoreManager().EvalBinOp(Op, L, R);
+ return Eng.getStoreManager().EvalBinOp(state, Op, L, R);
}
// Equality operators for Locs.
Modified: cfe/trunk/lib/Analysis/GRSimpleVals.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRSimpleVals.h?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRSimpleVals.h (original)
+++ cfe/trunk/lib/Analysis/GRSimpleVals.h Wed May 20 04:00:16 2009
@@ -53,8 +53,8 @@
// Pointer arithmetic.
- virtual SVal EvalBinOp(GRExprEngine& Engine, BinaryOperator::Opcode Op,
- Loc L, NonLoc R);
+ virtual SVal EvalBinOp(GRExprEngine& Engine, const GRState *state,
+ BinaryOperator::Opcode Op, Loc L, NonLoc R);
// Calls.
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Wed May 20 04:00:16 2009
@@ -214,7 +214,7 @@
CastResult CastRegion(const GRState* state, const MemRegion* R,
QualType CastToTy);
- SVal EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R);
+ SVal EvalBinOp(const GRState *state,BinaryOperator::Opcode Op,Loc L,NonLoc R);
/// The high level logic for this method is this:
/// Retrieve (L)
@@ -636,15 +636,17 @@
return 0;
}
-SVal RegionStoreManager::EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R) {
+SVal RegionStoreManager::EvalBinOp(const GRState *state,
+ BinaryOperator::Opcode Op, Loc L, NonLoc R) {
// Assume the base location is MemRegionVal.
if (!isa<loc::MemRegionVal>(L))
return UnknownVal();
const MemRegion* MR = cast<loc::MemRegionVal>(L).getRegion();
const ElementRegion *ER = 0;
- // If the operand is a symbolic region, we convert it to the first element
- // region implicitly.
+
+ // If the operand is a symbolic or alloca region, create the first element
+ // region on it.
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(MR)) {
// Get symbol's type. It should be a pointer type.
SymbolRef Sym = SR->getSymbol();
@@ -653,7 +655,18 @@
SVal ZeroIdx = ValMgr.makeZeroArrayIndex();
ER = MRMgr.getElementRegion(EleTy, ZeroIdx, SR);
- } else
+ }
+ else if (const AllocaRegion *AR = dyn_cast<AllocaRegion>(MR)) {
+ // Get the alloca region's current cast type.
+ GRStateRef StRef(state, StateMgr);
+
+ GRStateTrait<RegionCasts>::lookup_type T = StRef.get<RegionCasts>(AR);
+ assert(T && "alloca region has no type.");
+ QualType EleTy = cast<PointerType>(T->getTypePtr())->getPointeeType();
+ SVal ZeroIdx = ValMgr.makeZeroArrayIndex();
+ ER = MRMgr.getElementRegion(EleTy, ZeroIdx, AR);
+ }
+ else
ER = cast<ElementRegion>(MR);
SVal Idx = ER->getIndex();
Modified: cfe/trunk/test/Analysis/array-struct.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/array-struct.c?rev=72164&r1=72163&r2=72164&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/array-struct.c (original)
+++ cfe/trunk/test/Analysis/array-struct.c Wed May 20 04:00:16 2009
@@ -63,6 +63,7 @@
char *p;
p = __builtin_alloca(10);
p[1] = 'a';
+ p += 2;
}
struct s2;
More information about the cfe-commits
mailing list