[cfe-commits] r105195 - in /cfe/trunk: lib/Checker/RegionStore.cpp test/Analysis/PR7218.c
Ted Kremenek
kremenek at apple.com
Sun May 30 18:22:04 PDT 2010
Author: kremenek
Date: Sun May 30 20:22:04 2010
New Revision: 105195
URL: http://llvm.org/viewvc/llvm-project?rev=105195&view=rev
Log:
After conversations with Zhongxing Xu and Jordy Rose, refine the logic in
RegionStoreManager::RetrieveElement() that handles indexing into a larger scalar
object to only consult the direct binding of a super region if it is a scalar.
This isn't perfect yet, and a big FIXME is attached to the code. This causes
the test case for PR 7218 now to pass.
Modified:
cfe/trunk/lib/Checker/RegionStore.cpp
cfe/trunk/test/Analysis/PR7218.c
Modified: cfe/trunk/lib/Checker/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/RegionStore.cpp?rev=105195&r1=105194&r2=105195&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/RegionStore.cpp (original)
+++ cfe/trunk/lib/Checker/RegionStore.cpp Sun May 30 20:22:04 2010
@@ -1173,27 +1173,33 @@
}
}
- // Check if the immediate super region has a direct binding.
- if (const Optional<SVal> &V = getDirectBinding(B, superR)) {
- if (SymbolRef parentSym = V->getAsSymbol()) {
- return ValMgr.getDerivedRegionValueSymbolVal(parentSym, R);
- }
-
- if (V->isUnknownOrUndef())
- return *V;
-
- // Handle LazyCompoundVals for the immediate super region. Other cases
- // are handled in 'RetrieveFieldOrElementCommon'.
- if (const nonloc::LazyCompoundVal *LCV =
- dyn_cast<nonloc::LazyCompoundVal>(V)) {
- R = MRMgr.getElementRegionWithSuper(R, LCV->getRegion());
- return RetrieveElement(LCV->getStore(), R);
+ // Handle the case where we are indexing into a larger scalar object.
+ // For example, this handles:
+ // int x = ...
+ // char *y = &x;
+ // return *y;
+ // FIXME: This is a hack, and doesn't do anything really intelligent yet.
+ const RegionRawOffset &O = R->getAsRawOffset();
+ if (const TypedRegion *baseR = dyn_cast_or_null<TypedRegion>(O.getRegion())) {
+ QualType baseT = baseR->getValueType(Ctx);
+ if (baseT->isScalarType()) {
+ QualType elemT = R->getElementType();
+ if (elemT->isScalarType()) {
+ if (Ctx.getTypeSizeInChars(baseT) >= Ctx.getTypeSizeInChars(elemT)) {
+ if (const Optional<SVal> &V = getDirectBinding(B, superR)) {
+ if (SymbolRef parentSym = V->getAsSymbol())
+ return ValMgr.getDerivedRegionValueSymbolVal(parentSym, R);
+
+ if (V->isUnknownOrUndef())
+ return *V;
+ // Other cases: give up. We are indexing into a larger object
+ // that has some value, but we don't know how to handle that yet.
+ return UnknownVal();
+ }
+ }
+ }
}
-
- // Other cases: give up.
- return UnknownVal();
}
-
return RetrieveFieldOrElementCommon(store, R, R->getElementType(), superR);
}
Modified: cfe/trunk/test/Analysis/PR7218.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/PR7218.c?rev=105195&r1=105194&r2=105195&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/PR7218.c (original)
+++ cfe/trunk/test/Analysis/PR7218.c Sun May 30 20:22:04 2010
@@ -1,5 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-store region -verify %s
-// XFAIL: *
char PR7218(char a) {
char buf[2];
buf[0] = a;
More information about the cfe-commits
mailing list