[cfe-commits] r130292 - in /cfe/trunk: include/clang/StaticAnalyzer/Core/PathSensitive/Environment.h include/clang/StaticAnalyzer/Core/PathSensitive/GRState.h lib/StaticAnalyzer/Checkers/OSAtomicChecker.cpp lib/StaticAnalyzer/Core/Environment.cpp test/Analysis/OSAtomic_mac.cpp

Ted Kremenek kremenek at apple.com
Tue Apr 26 22:34:09 PDT 2011 

Author: kremenek
Date: Wed Apr 27 00:34:09 2011
New Revision: 130292

URL: http://llvm.org/viewvc/llvm-project?rev=130292&view=rev
Log:
Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without
resulting to lazy logic.  This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.

Added:
    cfe/trunk/test/Analysis/OSAtomic_mac.cpp
Modified:
    cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/Environment.h
    cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/GRState.h
    cfe/trunk/lib/StaticAnalyzer/Checkers/OSAtomicChecker.cpp
    cfe/trunk/lib/StaticAnalyzer/Core/Environment.cpp

Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/Environment.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/Environment.h?rev=130292&r1=130291&r2=130292&view=diff
==============================================================================
--- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/Environment.h (original)
+++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/Environment.h Wed Apr 27 00:34:09 2011
@@ -51,9 +51,10 @@
   iterator end() const { return ExprBindings.end(); }
 
 
-  /// GetSVal - Fetches the current binding of the expression in the
+  /// getSVal - Fetches the current binding of the expression in the
   ///  Environment.
-  SVal getSVal(const Stmt* Ex, SValBuilder& svalBuilder) const;
+  SVal getSVal(const Stmt* Ex, SValBuilder& svalBuilder,
+	       bool useOnlyDirectBindings = false) const;
 
   /// Profile - Profile the contents of an Environment object for use
   ///  in a FoldingSet.

Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/GRState.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/GRState.h?rev=130292&r1=130291&r2=130292&view=diff
==============================================================================
--- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/GRState.h (original)
+++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/GRState.h Wed Apr 27 00:34:09 2011
@@ -260,7 +260,7 @@
   const llvm::APSInt *getSymVal(SymbolRef sym) const;
 
   /// Returns the SVal bound to the statement 'S' in the state's environment.
-  SVal getSVal(const Stmt* S) const;
+  SVal getSVal(const Stmt* S, bool useOnlyDirectBindings = false) const;
   
   SVal getSValAsScalarOrLoc(const Stmt *Ex) const;
 
@@ -683,8 +683,9 @@
   return getStateManager().getSymVal(this, sym);
 }
 
-inline SVal GRState::getSVal(const Stmt* Ex) const {
-  return Env.getSVal(Ex, *getStateManager().svalBuilder);
+inline SVal GRState::getSVal(const Stmt* Ex, bool useOnlyDirectBindings) const{
+  return Env.getSVal(Ex, *getStateManager().svalBuilder,
+		     useOnlyDirectBindings);
 }
 
 inline SVal GRState::getSValAsScalarOrLoc(const Stmt *S) const {

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/OSAtomicChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/OSAtomicChecker.cpp?rev=130292&r1=130291&r2=130292&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/OSAtomicChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/OSAtomicChecker.cpp Wed Apr 27 00:34:09 2011
@@ -127,7 +127,12 @@
 
     ExplodedNode *N = *I;
     const GRState *stateLoad = N->getState();
-    SVal theValueVal_untested = stateLoad->getSVal(theValueExpr);
+
+    // Use direct bindings from the environment since we are forcing a load
+    // from a location that the Environment would typically not be used
+    // to bind a value.
+    SVal theValueVal_untested = stateLoad->getSVal(theValueExpr, true);
+
     SVal oldValueVal_untested = stateLoad->getSVal(oldValueExpr);
 
     // FIXME: Issue an error.

Modified: cfe/trunk/lib/StaticAnalyzer/Core/Environment.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/Environment.cpp?rev=130292&r1=130291&r2=130292&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/Environment.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/Environment.cpp Wed Apr 27 00:34:09 2011
@@ -27,7 +27,17 @@
   return UnknownVal();
 }
 
-SVal Environment::getSVal(const Stmt *E, SValBuilder& svalBuilder) const {
+SVal Environment::getSVal(const Stmt *E, SValBuilder& svalBuilder,
+			  bool useOnlyDirectBindings) const {
+
+  if (useOnlyDirectBindings) {
+    // This branch is rarely taken, but can be exercised by
+    // checkers that explicitly bind values to arbitrary
+    // expressions.  It is crucial that we do not ignore any
+    // expression here, and do a direct lookup.
+    return lookupExpr(E);
+  }
+
   for (;;) {
     switch (E->getStmtClass()) {
       case Stmt::AddrLabelExprClass:

Added: cfe/trunk/test/Analysis/OSAtomic_mac.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/OSAtomic_mac.cpp?rev=130292&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/OSAtomic_mac.cpp (added)
+++ cfe/trunk/test/Analysis/OSAtomic_mac.cpp Wed Apr 27 00:34:09 2011
@@ -0,0 +1,19 @@
+// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -analyze -analyzer-checker=core,osx -analyzer-store=region -verify -fblocks   -analyzer-opt-analyze-nested-blocks %s
+
+// Test handling of OSAtomicCompareAndSwap when C++ inserts "no-op" casts and we
+// do a forced load and binding to the environment on an expression that would regularly
+// not have an environment binding.  This previously triggered a crash (<rdar://problem/9339920>).
+// NOTE: It is critical that the function called is OSAtomicCompareAndSwapIntBarrier.
+bool OSAtomicCompareAndSwapIntBarrier( int __oldValue, int __newValue, volatile int *__theValue ) ;
+static int _rdar9339920_x = 0;
+int rdar9339920_aux();
+
+int rdar9339920_test() {
+  int rdar9339920_x = rdar9339920_aux();
+  if (rdar9339920_x != _rdar9339920_x) {
+    if (OSAtomicCompareAndSwapIntBarrier(_rdar9339920_x, rdar9339920_x, &_rdar9339920_x))
+      return 1;
+  }
+  return 0;
+}
+

More information about the cfe-commits mailing list