r275290 - [analyzer] Implement a methond to discover origin region of a symbol.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Wed Jul 13 11:07:26 PDT 2016
Author: dergachev
Date: Wed Jul 13 13:07:26 2016
New Revision: 275290
URL: http://llvm.org/viewvc/llvm-project?rev=275290&view=rev
Log:
[analyzer] Implement a methond to discover origin region of a symbol.
This encourages checkers to make logical decisions depending on
value of which region was the symbol under consideration
introduced to denote.
A similar technique is already used in a couple of checkers;
they were modified to call the new method.
Differential Revision: http://reviews.llvm.org/D22242
Modified:
cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h
cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h?rev=275290&r1=275289&r2=275290&view=diff
==============================================================================
--- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h (original)
+++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h Wed Jul 13 13:07:26 2016
@@ -22,6 +22,8 @@
namespace clang {
namespace ento {
+class MemRegion;
+
/// \brief Symbolic value. These values used to capture symbolic execution of
/// the program.
class SymExpr : public llvm::FoldingSetNode {
@@ -76,6 +78,18 @@ public:
static symbol_iterator symbol_end() { return symbol_iterator(); }
unsigned computeComplexity() const;
+
+ /// \brief Find the region from which this symbol originates.
+ ///
+ /// Whenever the symbol was constructed to denote an unknown value of
+ /// a certain memory region, return this region. This method
+ /// allows checkers to make decisions depending on the origin of the symbol.
+ /// Symbol classes for which the origin region is known include
+ /// SymbolRegionValue which denotes the value of the region before
+ /// the beginning of the analysis, and SymbolDerived which denotes the value
+ /// of a certain memory region after its super region (a memory space or
+ /// a larger record region) is default-bound with a certain symbol.
+ virtual const MemRegion *getOriginRegion() const { return nullptr; }
};
typedef const SymExpr *SymbolRef;
Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h?rev=275290&r1=275289&r2=275290&view=diff
==============================================================================
--- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h (original)
+++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h Wed Jul 13 13:07:26 2016
@@ -58,6 +58,7 @@ public:
}
void dumpToStream(raw_ostream &os) const override;
+ const MemRegion *getOriginRegion() const override { return getRegion(); }
QualType getType() const override;
@@ -127,6 +128,7 @@ public:
QualType getType() const override;
void dumpToStream(raw_ostream &os) const override;
+ const MemRegion *getOriginRegion() const override { return getRegion(); }
static void Profile(llvm::FoldingSetNodeID& profile, SymbolRef parent,
const TypedValueRegion *r) {
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp?rev=275290&r1=275289&r2=275290&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp Wed Jul 13 13:07:26 2016
@@ -315,15 +315,7 @@ void ObjCDeallocChecker::checkBeginFunct
/// Returns nullptr if the instance symbol cannot be found.
const ObjCIvarRegion *
ObjCDeallocChecker::getIvarRegionForIvarSymbol(SymbolRef IvarSym) const {
- const MemRegion *RegionLoadedFrom = nullptr;
- if (auto *DerivedSym = dyn_cast<SymbolDerived>(IvarSym))
- RegionLoadedFrom = DerivedSym->getRegion();
- else if (auto *RegionSym = dyn_cast<SymbolRegionValue>(IvarSym))
- RegionLoadedFrom = RegionSym->getRegion();
- else
- return nullptr;
-
- return dyn_cast<ObjCIvarRegion>(RegionLoadedFrom);
+ return dyn_cast_or_null<ObjCIvarRegion>(IvarSym->getOriginRegion());
}
/// Given a symbol for an ivar, return a symbol for the instance containing
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp?rev=275290&r1=275289&r2=275290&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp Wed Jul 13 13:07:26 2016
@@ -2833,14 +2833,6 @@ void RetainCountChecker::checkPostStmt(c
C.addTransition(State);
}
-static bool wasLoadedFromIvar(SymbolRef Sym) {
- if (auto DerivedVal = dyn_cast<SymbolDerived>(Sym))
- return isa<ObjCIvarRegion>(DerivedVal->getRegion());
- if (auto RegionVal = dyn_cast<SymbolRegionValue>(Sym))
- return isa<ObjCIvarRegion>(RegionVal->getRegion());
- return false;
-}
-
void RetainCountChecker::checkPostStmt(const ObjCIvarRefExpr *IRE,
CheckerContext &C) const {
Optional<Loc> IVarLoc = C.getSVal(IRE).getAs<Loc>();
@@ -2849,7 +2841,7 @@ void RetainCountChecker::checkPostStmt(c
ProgramStateRef State = C.getState();
SymbolRef Sym = State->getSVal(*IVarLoc).getAsSymbol();
- if (!Sym || !wasLoadedFromIvar(Sym))
+ if (!Sym || !dyn_cast_or_null<ObjCIvarRegion>(Sym->getOriginRegion()))
return;
// Accessing an ivar directly is unusual. If we've done that, be more
More information about the cfe-commits
mailing list