[cfe-commits] r84223 - in /cfe/trunk: include/clang/Analysis/PathSensitive/Store.h lib/Analysis/BasicStore.cpp lib/Analysis/CFRefCount.cpp lib/Analysis/RegionStore.cpp test/Analysis/retain-release-region-store.m
Ted Kremenek
kremenek at apple.com
Thu Oct 15 17:30:50 PDT 2009
Author: kremenek
Date: Thu Oct 15 19:30:49 2009
New Revision: 84223
URL: http://llvm.org/viewvc/llvm-project?rev=84223&view=rev
Log:
retain/release checker: Stop tracking reference counts for any symbols touched by StoreManager::InvalidateRegion().
This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
cfe/trunk/lib/Analysis/BasicStore.cpp
cfe/trunk/lib/Analysis/CFRefCount.cpp
cfe/trunk/lib/Analysis/RegionStore.cpp
cfe/trunk/test/Analysis/retain-release-region-store.m
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Store.h?rev=84223&r1=84222&r2=84223&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Store.h Thu Oct 15 19:30:49 2009
@@ -141,9 +141,12 @@
const VarDecl *VD,
const LocationContext *LC) = 0;
+ typedef llvm::DenseSet<SymbolRef> InvalidatedSymbols;
+
virtual const GRState *InvalidateRegion(const GRState *state,
const MemRegion *R,
- const Expr *E, unsigned Count) = 0;
+ const Expr *E, unsigned Count,
+ InvalidatedSymbols *IS) = 0;
// FIXME: Make out-of-line.
virtual const GRState *setExtent(const GRState *state,
Modified: cfe/trunk/lib/Analysis/BasicStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicStore.cpp?rev=84223&r1=84222&r2=84223&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/BasicStore.cpp (original)
+++ cfe/trunk/lib/Analysis/BasicStore.cpp Thu Oct 15 19:30:49 2009
@@ -49,7 +49,8 @@
QualType T = QualType());
const GRState *InvalidateRegion(const GRState *state, const MemRegion *R,
- const Expr *E, unsigned Count);
+ const Expr *E, unsigned Count,
+ InvalidatedSymbols *IS);
const GRState *Bind(const GRState *state, Loc L, SVal V) {
return state->makeWithStore(BindInternal(state->getStore(), L, V));
@@ -623,12 +624,21 @@
const GRState *BasicStoreManager::InvalidateRegion(const GRState *state,
const MemRegion *R,
const Expr *E,
- unsigned Count) {
+ unsigned Count,
+ InvalidatedSymbols *IS) {
R = R->getBaseRegion();
if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))
return state;
+ if (IS) {
+ BindingsTy B = GetBindings(state->getStore());
+ if (BindingsTy::data_type *Val = B.lookup(R)) {
+ if (SymbolRef Sym = Val->getAsSymbol())
+ IS->insert(Sym);
+ }
+ }
+
QualType T = cast<TypedRegion>(R)->getValueType(R->getContext());
SVal V = ValMgr.getConjuredSymbolVal(R, E, T, Count);
return Bind(state, loc::MemRegionVal(R), V);
Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=84223&r1=84222&r2=84223&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
+++ cfe/trunk/lib/Analysis/CFRefCount.cpp Thu Oct 15 19:30:49 2009
@@ -2859,14 +2859,13 @@
// FIXME: What about layers of ElementRegions?
}
- // Is the invalidated variable something that we were tracking?
- SymbolRef Sym = state->getSValAsScalarOrLoc(R).getAsLocSymbol();
-
- // Remove any existing reference-count binding.
- if (Sym)
- state = state->remove<RefBindings>(Sym);
-
- state = StoreMgr.InvalidateRegion(state, R, *I, Count);
+ StoreManager::InvalidatedSymbols IS;
+ state = StoreMgr.InvalidateRegion(state, R, *I, Count, &IS);
+ for (StoreManager::InvalidatedSymbols::iterator I = IS.begin(),
+ E = IS.end(); I!=E; ++I) {
+ // Remove any existing reference-count binding.
+ state = state->remove<RefBindings>(*I);
+ }
}
else {
// Nuke all other arguments passed by reference.
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=84223&r1=84222&r2=84223&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Thu Oct 15 19:30:49 2009
@@ -262,7 +262,8 @@
//===-------------------------------------------------------------------===//
const GRState *InvalidateRegion(const GRState *state, const MemRegion *R,
- const Expr *E, unsigned Count);
+ const Expr *E, unsigned Count,
+ InvalidatedSymbols *IS);
private:
void RemoveSubRegionBindings(RegionBindings &B, const MemRegion *R,
@@ -455,7 +456,8 @@
const GRState *RegionStoreManager::InvalidateRegion(const GRState *state,
const MemRegion *R,
const Expr *Ex,
- unsigned Count) {
+ unsigned Count,
+ InvalidatedSymbols *IS) {
ASTContext& Ctx = StateMgr.getContext();
// Strip away casts.
@@ -490,9 +492,21 @@
if (Optional<SVal> V = getDirectBinding(B, R)) {
if (const MemRegion *RV = V->getAsRegion())
WorkList.push_back(RV);
+
+ // A symbol? Mark it touched by the invalidation.
+ if (IS) {
+ if (SymbolRef Sym = V->getAsSymbol())
+ IS->insert(Sym);
+ }
+ }
+
+ // Symbolic region? Mark that symbol touched by the invalidation.
+ if (IS) {
+ if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
+ IS->insert(SR->getSymbol());
}
- // Handle region.
+ // Handle the region itself.
if (isa<AllocaRegion>(R) || isa<SymbolicRegion>(R) ||
isa<ObjCObjectRegion>(R)) {
// Invalidate the region by setting its default value to
@@ -1376,7 +1390,7 @@
// For now, just invalidate the fields of the struct/union/class.
// FIXME: Precisely handle the fields of the record.
if (superTy->isRecordType())
- return InvalidateRegion(state, superR, NULL, 0);
+ return InvalidateRegion(state, superR, NULL, 0, NULL);
}
}
}
Modified: cfe/trunk/test/Analysis/retain-release-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/retain-release-region-store.m?rev=84223&r1=84222&r2=84223&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/retain-release-region-store.m (original)
+++ cfe/trunk/test/Analysis/retain-release-region-store.m Thu Oct 15 19:30:49 2009
@@ -1,5 +1,4 @@
// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s
-// XFAIL
//===----------------------------------------------------------------------===//
// The following code is reduced using delta-debugging from
@@ -80,8 +79,12 @@
typedef const struct __DADissenter * DADissenterRef;
extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string );
@interface NSNumber : NSObject
- - (id)initWithInt:(int)value;
- @end
+- (id)initWithInt:(int)value;
+ at end
+typedef unsigned long NSUInteger;
+ at interface NSArray : NSObject
+-(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt;
+ at end
//===----------------------------------------------------------------------===//
// Test cases.
@@ -124,15 +127,14 @@
}
@end
-//===----------------------------------------------------------------------===//
-// <rdar://problem/7257223> - False positive due to not invalidating the
-// reference count of a tracked region that was itself invalidated.
-//===----------------------------------------------------------------------===//
+//===------------------------------------------------------------------------------------------===//
+// <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating
+// the reference count of a tracked region that was itself invalidated.
+//===------------------------------------------------------------------------------------------===//
typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223;
void rdar_7257223_aux(RDar7257223 *p);
-// THIS CASE CURRENTLY FAILS.
CFDateRef rdar7257223_Create(void) {
RDar7257223 s;
CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
@@ -148,10 +150,6 @@
return s.x;
}
-//===----------------------------------------------------------------------===//
-// <rdar://problem/7283470>
-//===----------------------------------------------------------------------===//
-
void rdar7283470(void) {
NSNumber *numbers[] = {
[[NSNumber alloc] initWithInt:1], // no-warning
@@ -175,3 +173,35 @@
};
}
+void rdar7283470_2(void) {
+ NSNumber *numbers[] = {
+ [[NSNumber alloc] initWithInt:1], // no-warning
+ [[NSNumber alloc] initWithInt:2], // no-warning
+ [[NSNumber alloc] initWithInt:3], // no-warning
+ [[NSNumber alloc] initWithInt:4], // no-warning
+ [[NSNumber alloc] initWithInt:5] // no-warning
+ };
+
+ NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])];
+
+ for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
+ [numbers[i] release];
+
+ [s_numbers release];
+}
+
+void rdar7283470_2_positive(void) {
+ NSNumber *numbers[] = {
+ [[NSNumber alloc] initWithInt:1], // no-warning
+ [[NSNumber alloc] initWithInt:2], // no-warning
+ [[NSNumber alloc] initWithInt:3], // no-warning
+ [[NSNumber alloc] initWithInt:4], // no-warning
+ [[NSNumber alloc] initWithInt:5] // no-warning
+ };
+
+ NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}}
+
+ for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
+ [numbers[i] release];
+}
+
More information about the cfe-commits
mailing list