[cfe-commits] r82680 - in /cfe/trunk: lib/Analysis/RegionStore.cpp test/Analysis/misc-ps-region-store.m
Ted Kremenek
kremenek at apple.com
Wed Sep 23 21:11:46 PDT 2009
Author: kremenek
Date: Wed Sep 23 23:11:44 2009
New Revision: 82680
URL: http://llvm.org/viewvc/llvm-project?rev=82680&view=rev
Log:
Fix: <rdar://problem/7249340> [RegionStore] model stores to symbolic parameter regions
The issue was a discrepancy between how RegionStoreManager::Bind() and
RegionStoreManager::Retrieve() derived the "key" for the first element
of a symbolic region.
Modified:
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/test/Analysis/misc-ps-region-store.m
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=82680&r1=82679&r2=82680&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Wed Sep 23 23:11:44 2009
@@ -315,6 +315,9 @@
const GRState *state,
const TypedRegion *R);
+ const ElementRegion *GetElementZeroRegion(const SymbolicRegion *SR,
+ QualType T);
+
//===------------------------------------------------------------------===//
// State pruning.
//===------------------------------------------------------------------===//
@@ -857,6 +860,16 @@
return true;
}
+const ElementRegion *
+RegionStoreManager::GetElementZeroRegion(const SymbolicRegion *SR, QualType T) {
+ ASTContext &Ctx = getContext();
+ SVal idx = ValMgr.makeZeroArrayIndex();
+ assert(!T.isNull());
+ return MRMgr.getElementRegion(T, idx, SR, Ctx);
+}
+
+
+
SValuator::CastResult
RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) {
@@ -879,12 +892,8 @@
if (isa<AllocaRegion>(MR))
return SValuator::CastResult(state, UnknownVal());
- if (isa<SymbolicRegion>(MR)) {
- ASTContext &Ctx = getContext();
- SVal idx = ValMgr.makeZeroArrayIndex();
- assert(!T.isNull());
- MR = MRMgr.getElementRegion(T, idx, MR, Ctx);
- }
+ if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(MR))
+ MR = GetElementZeroRegion(SR, T);
if (isa<CodeTextRegion>(MR))
return SValuator::CastResult(state, UnknownVal());
@@ -1309,6 +1318,13 @@
}
}
}
+ else if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R)) {
+ // Binding directly to a symbolic region should be treated as binding
+ // to element 0.
+ QualType T = SR->getSymbol()->getType(getContext());
+ T = cast<PointerType>(T)->getPointeeType();
+ R = GetElementZeroRegion(SR, T);
+ }
// Perform the binding.
RegionBindings B = GetRegionBindings(state->getStore());
Modified: cfe/trunk/test/Analysis/misc-ps-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.m?rev=82680&r1=82679&r2=82680&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.m (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.m Wed Sep 23 23:11:44 2009
@@ -195,3 +195,14 @@
return y.width; // expected-warning{{garbage}}
}
+// <rdar://problem/7249340> - Allow binding of values to symbolic regions.
+// This test case shows how RegionStore tracks the value bound to 'x'
+// after the assignment.
+void rdar_7249340(int *x) {
+ *x = 1;
+ if (*x)
+ return;
+ int *p = 0; // This is unreachable.
+ *p = 0xDEADBEEF; // no-warning
+}
+
More information about the cfe-commits
mailing list