[cfe-commits] r123458 - in /cfe/trunk: lib/StaticAnalyzer/RegionStore.cpp test/Analysis/inline.c
Ted Kremenek
kremenek at apple.com
Fri Jan 14 12:29:43 PST 2011
Author: kremenek
Date: Fri Jan 14 14:29:43 2011
New Revision: 123458
URL: http://llvm.org/viewvc/llvm-project?rev=123458&view=rev
Log:
Teach RegionStore::EnterStackFrame() to handle
the case where the called function has fewer
formal arguments than actual arguments. This
fixes a crash in the analyzer when doing
function call inlining.
Patch by Zhenbo Xu!
Modified:
cfe/trunk/lib/StaticAnalyzer/RegionStore.cpp
cfe/trunk/test/Analysis/inline.c
Modified: cfe/trunk/lib/StaticAnalyzer/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/RegionStore.cpp?rev=123458&r1=123457&r2=123458&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/RegionStore.cpp Fri Jan 14 14:29:43 2011
@@ -1868,17 +1868,20 @@
Store RegionStoreManager::EnterStackFrame(const GRState *state,
const StackFrameContext *frame) {
FunctionDecl const *FD = cast<FunctionDecl>(frame->getDecl());
- FunctionDecl::param_const_iterator PI = FD->param_begin();
+ FunctionDecl::param_const_iterator PI = FD->param_begin(),
+ PE = FD->param_end();
Store store = state->getStore();
if (CallExpr const *CE = dyn_cast<CallExpr>(frame->getCallSite())) {
CallExpr::const_arg_iterator AI = CE->arg_begin(), AE = CE->arg_end();
- // Copy the arg expression value to the arg variables.
- for (; AI != AE; ++AI, ++PI) {
+ // Copy the arg expression value to the arg variables. We check that
+ // PI != PE because the actual number of arguments may be different than
+ // the function declaration.
+ for (; AI != AE && PI != PE; ++AI, ++PI) {
SVal ArgVal = state->getSVal(*AI);
store = Bind(store,
- svalBuilder.makeLoc(MRMgr.getVarRegion(*PI,frame)), ArgVal);
+ svalBuilder.makeLoc(MRMgr.getVarRegion(*PI, frame)), ArgVal);
}
} else if (const CXXConstructExpr *CE =
dyn_cast<CXXConstructExpr>(frame->getCallSite())) {
Modified: cfe/trunk/test/Analysis/inline.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inline.c?rev=123458&r1=123457&r2=123458&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/inline.c (original)
+++ cfe/trunk/test/Analysis/inline.c Fri Jan 14 14:29:43 2011
@@ -1,14 +1,14 @@
// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-inline-call -analyzer-store region -verify %s
-int f1() {
+int test1_f1() {
int y = 1;
y++;
return y;
}
-void f2() {
+void test1_f2() {
int x = 1;
- x = f1();
+ x = test1_f1();
if (x == 1) {
int *p = 0;
*p = 3; // no-warning
@@ -18,3 +18,13 @@
*p = 3; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}}
}
}
+
+// Test that inlining works when the declared function has less arguments
+// than the actual number in the declaration.
+void test2_f1() {}
+int test2_f2();
+
+void test2_f3() {
+ test2_f1(test2_f2()); // expected-warning{{too many arguments in call to 'test2_f1'}}
+}
+
More information about the cfe-commits
mailing list