[cfe-commits] r156428 - in /cfe/trunk: lib/StaticAnalyzer/Core/RegionStore.cpp test/Analysis/misc-ps-arm.m test/Analysis/taint-tester.c
Ted Kremenek
kremenek at apple.com
Tue May 8 14:49:55 PDT 2012
Author: kremenek
Date: Tue May 8 16:49:54 2012
New Revision: 156428
URL: http://llvm.org/viewvc/llvm-project?rev=156428&view=rev
Log:
Having RegionStore lower field bindings to raw offsets, just like ElementRegions. This is a bit
disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values
as structs. Fixes <rdar://problem/11405978>.
Added:
cfe/trunk/test/Analysis/misc-ps-arm.m
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
cfe/trunk/test/Analysis/taint-tester.c
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=156428&r1=156427&r2=156428&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Tue May 8 16:49:54 2012
@@ -81,14 +81,9 @@
} // end anonymous namespace
BindingKey BindingKey::Make(const MemRegion *R, Kind k) {
- if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
- const RegionRawOffset &O = ER->getAsArrayOffset();
-
- // FIXME: There are some ElementRegions for which we cannot compute
- // raw offsets yet, including regions with symbolic offsets. These will be
- // ignored by the store.
- return BindingKey(O.getRegion(), O.getOffset().getQuantity(), k);
- }
+ const RegionOffset &RO = R->getAsOffset();
+ if (RO.getRegion())
+ return BindingKey(RO.getRegion(), RO.getOffset(), k);
return BindingKey(R, 0, k);
}
@@ -648,7 +643,7 @@
for (RegionBindings::iterator RI = B.begin(), RE = B.end(); RI != RE; ++RI){
const SubRegion *baseR = dyn_cast<SubRegion>(RI.getKey().getRegion());
- if (baseR && baseR->isSubRegionOf(LazyR))
+ if (baseR && (baseR == LazyR || baseR->isSubRegionOf(LazyR)))
VisitBinding(RI.getData());
}
Added: cfe/trunk/test/Analysis/misc-ps-arm.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-arm.m?rev=156428&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-arm.m (added)
+++ cfe/trunk/test/Analysis/misc-ps-arm.m Tue May 8 16:49:54 2012
@@ -0,0 +1,18 @@
+// RUN: %clang_cc1 -triple thumbv7-apple-ios0.0.0 -analyze -analyzer-checker=core -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks -Wno-objc-root-class %s
+
+// <rdar://problem/11405978> - Handle casts of vectors to structs, and loading
+// a value.
+typedef float float32_t;
+typedef __attribute__((neon_vector_type(2))) float32_t float32x2_t;
+
+typedef struct
+{
+ float x, y;
+} Rdar11405978Vec;
+
+float32x2_t rdar11405978_bar();
+float32_t rdar11405978() {
+ float32x2_t v = rdar11405978_bar();
+ Rdar11405978Vec w = *(Rdar11405978Vec *)&v;
+ return w.x; // no-warning
+}
Modified: cfe/trunk/test/Analysis/taint-tester.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/taint-tester.c?rev=156428&r1=156427&r2=156428&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/taint-tester.c (original)
+++ cfe/trunk/test/Analysis/taint-tester.c Tue May 8 16:49:54 2012
@@ -40,7 +40,7 @@
// FIXME: We fail to propagate the taint here because RegionStore does not
// handle ElementRegions with symbolic indexes.
int addrDeref = *addr; // expected-warning + {{tainted}}
- int _addrDeref = addrDeref;
+ int _addrDeref = addrDeref; // expected-warning + {{tainted}}
// Tainted struct address, casts.
struct XYStruct *xyPtr = 0;
More information about the cfe-commits
mailing list