[cfe-commits] r73690 - in /cfe/trunk: include/clang/Analysis/PathSensitive/ValueManager.h lib/Analysis/RegionStore.cpp lib/Analysis/SVals.cpp test/Analysis/casts.c

Zhongxing Xu xuzhongxing at gmail.com
Wed Jun 17 23:29:11 PDT 2009 

Author: zhongxingxu
Date: Thu Jun 18 01:29:10 2009
New Revision: 73690

URL: http://llvm.org/viewvc/llvm-project?rev=73690&view=rev
Log:
When casting region, if we do not create an element region, record the cast-to 
type. 

When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.

Modified:
    cfe/trunk/include/clang/Analysis/PathSensitive/ValueManager.h
    cfe/trunk/lib/Analysis/RegionStore.cpp
    cfe/trunk/lib/Analysis/SVals.cpp
    cfe/trunk/test/Analysis/casts.c

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ValueManager.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/ValueManager.h?rev=73690&r1=73689&r2=73690&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/ValueManager.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/ValueManager.h Thu Jun 18 01:29:10 2009
@@ -81,7 +81,7 @@
   SVal makeZeroArrayIndex();
 
   /// GetRegionValueSymbolVal - make a unique symbol for value of R.
-  SVal getRegionValueSymbolVal(const MemRegion* R);
+  SVal getRegionValueSymbolVal(const MemRegion* R, QualType T = QualType());
   
   SVal getConjuredSymbolVal(const Expr *E, unsigned Count);  
   SVal getConjuredSymbolVal(const Expr* E, QualType T, unsigned Count);

Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=73690&r1=73689&r2=73690&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Thu Jun 18 01:29:10 2009
@@ -584,6 +584,7 @@
       QualType VarTy = VR->getValueType(getContext());
       uint64_t EleSize = getContext().getTypeSize(EleTy);
       uint64_t VarSize = getContext().getTypeSize(VarTy);
+      assert(VarSize != 0);
       return NonLoc::MakeIntVal(getBasicVals(), VarSize / EleSize, false);
     }
 
@@ -710,15 +711,18 @@
     uint64_t ObjTySize = getContext().getTypeSize(ObjTy);
 
     if ((PointeeTySize > 0 && PointeeTySize < ObjTySize) ||
-        (ObjTy->isAggregateType() && PointeeTy->isScalarType())) {
+        (ObjTy->isAggregateType() && PointeeTy->isScalarType()) ||
+	ObjTySize == 0 /* R has 'void*' type. */) {
       // Record the cast type of the region.
       state = setCastType(state, R, ToTy);
 
       SVal Idx = ValMgr.makeZeroArrayIndex();
       ElementRegion* ER = MRMgr.getElementRegion(PointeeTy, Idx,R,getContext());
       return CastResult(state, ER);
-    } else
+    } else {
+      state = setCastType(state, R, ToTy);
       return CastResult(state, R);
+    }
   }
 
   if (isa<ObjCObjectRegion>(R)) {
@@ -930,14 +934,22 @@
     return UndefinedVal();
   }
 
+  // If the region is already cast to another type, use that type to create the
+  // symbol value.
+  if (const QualType *p = state->get<RegionCasts>(R)) {
+    QualType T = *p;
+    RTy = T->getAsPointerType()->getPointeeType();
+  }
+
   // All other integer values are symbolic.
   if (Loc::IsLocType(RTy) || RTy->isIntegerType())
-    return ValMgr.getRegionValueSymbolVal(R);
+    return ValMgr.getRegionValueSymbolVal(R, RTy);
   else
     return UnknownVal();
 }
 
-SVal RegionStoreManager::RetrieveStruct(const GRState *state, const TypedRegion* R){
+SVal RegionStoreManager::RetrieveStruct(const GRState *state, 
+					const TypedRegion* R){
   QualType T = R->getValueType(getContext());
   assert(T->isStructureType());
 
@@ -1220,8 +1232,8 @@
   return state->set<RegionViewMap>(Base, RVFactory.Remove(*d, View));
 }
 
-const GRState *RegionStoreManager::setCastType(const GRState *state, const MemRegion* R,
-                                           QualType T) {
+const GRState *RegionStoreManager::setCastType(const GRState *state, 
+					       const MemRegion* R, QualType T) {
   return state->set<RegionCasts>(R, T);
 }
 

Modified: cfe/trunk/lib/Analysis/SVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=73690&r1=73689&r2=73690&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/SVals.cpp (original)
+++ cfe/trunk/lib/Analysis/SVals.cpp Thu Jun 18 01:29:10 2009
@@ -322,11 +322,12 @@
   return nonloc::CompoundVal(BasicVals.getCompoundValData(T, Vals));
 }
 
-SVal ValueManager::getRegionValueSymbolVal(const MemRegion* R) {
+SVal ValueManager::getRegionValueSymbolVal(const MemRegion* R, QualType T) {
   SymbolRef sym = SymMgr.getRegionValueSymbol(R);
                                 
   if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
-    QualType T = TR->getValueType(SymMgr.getContext());
+    if (!T.getTypePtr())
+      T = TR->getValueType(SymMgr.getContext());
 
     // If T is of function pointer type, create a CodeTextRegion wrapping a
     // symbol.

Modified: cfe/trunk/test/Analysis/casts.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/casts.c?rev=73690&r1=73689&r2=73690&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/casts.c (original)
+++ cfe/trunk/test/Analysis/casts.c Thu Jun 18 01:29:10 2009
@@ -14,3 +14,19 @@
     ;
   }
 }
+
+struct s {
+  struct s *value;
+};
+
+// ElementRegion and cast-to pointee type may be of the same size:
+// 'struct s **' and 'int'.
+
+int f1(struct s **pval) {
+  int *tbool = ((void*)0);
+  struct s *t = *pval;
+  pval = &(t->value);
+  tbool = (int *)pval;
+  char c = (unsigned char) *tbool;
+}
+

More information about the cfe-commits mailing list