[cfe-commits] r75679 - in /cfe/trunk: lib/Analysis/RegionStore.cpp test/Analysis/misc-ps-region-store.m
Ted Kremenek
kremenek at apple.com
Tue Jul 14 13:48:30 PDT 2009
Author: kremenek
Date: Tue Jul 14 15:48:22 2009
New Revision: 75679
URL: http://llvm.org/viewvc/llvm-project?rev=75679&view=rev
Log:
Enhance RegionStoreManager to handle 'Retrieve's from SymbolicRegions. We do this by silently wrapping the region with an ElementRegion. This fixes the failures in misc-ps-region-store.m.
Modified:
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/test/Analysis/misc-ps-region-store.m
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=75679&r1=75678&r2=75679&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Tue Jul 14 15:48:22 2009
@@ -799,9 +799,15 @@
// char* p = alloca();
// read(p);
// c = *p;
- if (isa<SymbolicRegion>(MR) || isa<AllocaRegion>(MR))
+ if (isa<AllocaRegion>(MR))
return UnknownVal();
-
+
+ if (isa<SymbolicRegion>(MR)) {
+ ASTContext &Ctx = getContext();
+ SVal idx = ValMgr.makeIntVal(0, Ctx.IntTy);
+ MR = MRMgr.getElementRegion(T, idx, MR, Ctx);
+ }
+
// FIXME: Perhaps this method should just take a 'const MemRegion*' argument
// instead of 'Loc', and have the other Loc cases handled at a higher level.
const TypedRegion *R = cast<TypedRegion>(MR);
Modified: cfe/trunk/test/Analysis/misc-ps-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.m?rev=75679&r1=75678&r2=75679&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.m (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.m Tue Jul 14 15:48:22 2009
@@ -1,5 +1,4 @@
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=region --verify -fblocks %s
-// XFAIL
typedef struct objc_selector *SEL;
typedef signed char BOOL;
@@ -69,7 +68,6 @@
return 'a';
}
-// *** THIS TEST IS CURRENTLY FAILING ***
// BasicStore handles this case incorrectly because it doesn't reason about
// the value pointed to by 'x' and thus creates different symbolic values
// at the declarations of 'a' and 'b' respectively. RegionStore handles
@@ -83,3 +81,45 @@
}
}
+// This is a modified test from 'misc-ps.m'. Here we have the extra
+// NULL dereferences which are pruned out by RegionStore's symbolic reasoning
+// of fields.
+typedef struct _BStruct { void *grue; } BStruct;
+void testB_aux(void *ptr);
+void testB(BStruct *b) {
+ {
+ int *__gruep__ = ((int *)&((b)->grue));
+ int __gruev__ = *__gruep__;
+ int __gruev2__ = *__gruep__;
+ if (__gruev__ != __gruev2__) {
+ int *p = 0;
+ *p = 0xDEADBEEF;
+ }
+
+ testB_aux(__gruep__);
+ }
+ {
+ int *__gruep__ = ((int *)&((b)->grue));
+ int __gruev__ = *__gruep__;
+ int __gruev2__ = *__gruep__;
+ if (__gruev__ != __gruev2__) {
+ int *p = 0;
+ *p = 0xDEADBEEF;
+ }
+
+ if (~0 != __gruev__) {}
+ }
+}
+
+void testB_2(BStruct *b) {
+ {
+ int **__gruep__ = ((int **)&((b)->grue));
+ int *__gruev__ = *__gruep__;
+ testB_aux(__gruep__);
+ }
+ {
+ int **__gruep__ = ((int **)&((b)->grue));
+ int *__gruev__ = *__gruep__;
+ if ((int*)~0 != __gruev__) {}
+ }
+}
More information about the cfe-commits
mailing list