[cfe-commits] r82523 - in /cfe/trunk: lib/Analysis/CFRefCount.cpp test/Analysis/misc-ps.m

Ted Kremenek kremenek at apple.com
Mon Sep 21 21:48:39 PDT 2009 

Author: kremenek
Date: Mon Sep 21 23:48:39 2009
New Revision: 82523

URL: http://llvm.org/viewvc/llvm-project?rev=82523&view=rev
Log:
Fix: <rdar://problem/7242015> [RegionStore] variable passed-by-reference (via integer) to function call not invalidated

Modified:
    cfe/trunk/lib/Analysis/CFRefCount.cpp
    cfe/trunk/test/Analysis/misc-ps.m

Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=82523&r1=82522&r2=82523&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/lib/Analysis/CFRefCount.cpp Mon Sep 21 23:48:39 2009
@@ -2786,6 +2786,7 @@
         continue;
       }
 
+  tryAgain:
     if (isa<Loc>(V)) {
       if (loc::MemRegionVal* MR = dyn_cast<loc::MemRegionVal>(&V)) {
         if (Summ.getArg(idx) == DoNothingByRef)
@@ -2837,17 +2838,17 @@
       }
       else {
         // Nuke all other arguments passed by reference.
-        // FIXME: is this necessary or correct? unbind only removes the binding.
-        // We should bind it to UnknownVal explicitly. Otherwise default value
-        // may be loaded.
+        // FIXME: is this necessary or correct? This handles the non-Region
+        //  cases.  Is it ever valid to store to these?
         state = state->unbindLoc(cast<Loc>(V));
       }
     }
-    else if (isa<nonloc::LocAsInteger>(V))
-      // FIXME: is this necessary or correct? unbind only removes the binding.
-      // We should bind it to UnknownVal explicitly. Otherwise default value
-      // may be loaded.
-      state = state->unbindLoc(cast<nonloc::LocAsInteger>(V).getLoc());
+    else if (isa<nonloc::LocAsInteger>(V)) {
+      // If we are passing a location wrapped as an integer, unwrap it and
+      // invalidate the values referred by the location.
+      V = cast<nonloc::LocAsInteger>(V).getLoc();
+      goto tryAgain;
+    }
   }
 
   // Evaluate the effect on the message receiver.

Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=82523&r1=82522&r2=82523&view=diff

==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Mon Sep 21 23:48:39 2009
@@ -632,3 +632,14 @@
   return self;
 }
 @end
+
+// <rdar://problem/7242015> - Invalidate values passed-by-reference
+// to functions when the pointer to the value is passed as an integer.
+void test_7242015_aux(unsigned long);
+int rdar_7242015() {
+  int x;
+  test_7242015_aux((unsigned long) &x); // no-warning
+  return x; // Previously we return and uninitialized value when
+            // using RegionStore.
+}
+

More information about the cfe-commits mailing list