r174016 - [analyzer] Fix a bug in region store that lead to undefined value false
Anna Zaks
ganna at apple.com
Wed Jan 30 17:19:52 PST 2013
Author: zaks
Date: Wed Jan 30 19:19:52 2013
New Revision: 174016
URL: http://llvm.org/viewvc/llvm-project?rev=174016&view=rev
Log:
[analyzer] Fix a bug in region store that lead to undefined value false
positives.
The includeSuffix was only set on the first iteration through the
function, resulting in invalid regions being produced by getLazyBinding
(ex: zoomRegion.y).
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
cfe/trunk/test/Analysis/array-struct-region.c
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=174016&r1=174015&r2=174016&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Wed Jan 30 19:19:52 2013
@@ -489,8 +489,7 @@ public: // Part of public interface to c
/// Get the state and region whose binding this region R corresponds to.
std::pair<Store, const MemRegion*>
getLazyBinding(RegionBindingsConstRef B, const MemRegion *R,
- const MemRegion *originalRegion,
- bool includeSuffix = false);
+ const MemRegion *originalRegion);
//===------------------------------------------------------------------===//
// State pruning.
@@ -1220,9 +1219,7 @@ SVal RegionStoreManager::getBinding(Regi
std::pair<Store, const MemRegion *>
RegionStoreManager::getLazyBinding(RegionBindingsConstRef B,
const MemRegion *R,
- const MemRegion *originalRegion,
- bool includeSuffix) {
-
+ const MemRegion *originalRegion) {
if (originalRegion != R) {
if (Optional<SVal> OV = B.getDefaultBinding(R)) {
if (const nonloc::LazyCompoundVal *V =
@@ -1244,10 +1241,8 @@ RegionStoreManager::getLazyBinding(Regio
getLazyBinding(B, FR->getSuperRegion(), originalRegion);
if (X.second) {
- if (includeSuffix)
- return std::make_pair(X.first,
- MRMgr.getFieldRegionWithSuper(FR, X.second));
- return X;
+ return std::make_pair(X.first,
+ MRMgr.getFieldRegionWithSuper(FR, X.second));
}
}
@@ -1259,11 +1254,9 @@ RegionStoreManager::getLazyBinding(Regio
getLazyBinding(B, baseReg->getSuperRegion(), originalRegion);
if (X.second) {
- if (includeSuffix)
- return std::make_pair(X.first,
- MRMgr.getCXXBaseObjectRegionWithSuper(baseReg,
- X.second));
- return X;
+ return std::make_pair(X.first,
+ MRMgr.getCXXBaseObjectRegionWithSuper(baseReg,
+ X.second));
}
}
@@ -1408,8 +1401,7 @@ RegionStoreManager::getBindingForFieldOr
// Lazy binding?
Store lazyBindingStore = NULL;
const MemRegion *lazyBindingRegion = NULL;
- llvm::tie(lazyBindingStore, lazyBindingRegion) = getLazyBinding(B, R, R,
- true);
+ llvm::tie(lazyBindingStore, lazyBindingRegion) = getLazyBinding(B, R, R);
if (lazyBindingRegion)
return getLazyBinding(lazyBindingRegion,
getRegionBindings(lazyBindingStore));
Modified: cfe/trunk/test/Analysis/array-struct-region.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/array-struct-region.c?rev=174016&r1=174015&r2=174016&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/array-struct-region.c (original)
+++ cfe/trunk/test/Analysis/array-struct-region.c Wed Jan 30 19:19:52 2013
@@ -253,6 +253,19 @@ int testStructFieldChainsNested(int inde
return 0;
}
+typedef struct {
+ int zoomLevel;
+ struct point center;
+} Outer;
+
+extern int test13116945(struct point x);
+static void radar13116945(struct point centerCoordinate) {
+ Outer zoomRegion;
+ zoomRegion.zoomLevel = 0;
+ zoomRegion.center = centerCoordinate;
+ Outer r = zoomRegion;
+ test13116945(r.center); // no-warning
+}
// --------------------
// False positives
@@ -289,4 +302,3 @@ void testFieldChainIsNotEnough(int index
// FIXME: Should be TRUE.
clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}
}
-
More information about the cfe-commits
mailing list