[clang] 8434fbb - Revert "[analyzer] Keep track of escaped locals"
Gabor Horvath via cfe-commits
cfe-commits at lists.llvm.org
Tue Dec 10 16:45:35 PST 2019
Author: Gabor Horvath
Date: 2019-12-10T16:42:03-08:00
New Revision: 8434fbbee62e382376a39787785909bd55ae1696
URL: https://github.com/llvm/llvm-project/commit/8434fbbee62e382376a39787785909bd55ae1696
DIFF: https://github.com/llvm/llvm-project/commit/8434fbbee62e382376a39787785909bd55ae1696.diff
LOG: Revert "[analyzer] Keep track of escaped locals"
It was a step in the right direction but it is not clear how can this
fit into the checker API at this point. The pre-escape happens in the
analyzer core and the checker has no control over it. If the checker
is not interestd in a pre-escape it would need to do additional work
on each escape to check if the escaped symbol is originated from an
"uninteresting" pre-escaped memory region. In order to keep the
checker API simple we abandoned this solution for now.
We will reland this once we have a better answer for what to do on the
checker side.
This reverts commit f3a28202ef58551db15818f8f51afd21e0f3e231.
Added:
Modified:
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
clang/lib/StaticAnalyzer/Core/ProgramState.cpp
clang/test/Analysis/symbol-escape.cpp
Removed:
################################################################################
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
index c85a66db3457..2d0967616ff2 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
@@ -627,9 +627,6 @@ class ExprEngine : public SubEngine {
const CallEvent *Call,
RegionAndSymbolInvalidationTraits &ITraits) override;
- ProgramStateRef processLocalRegionEscape(ProgramStateRef State,
- const MemRegion *R) const override;
-
/// A simple wrapper when you only need to notify checkers of pointer-escape
/// of a single value.
ProgramStateRef escapeValue(ProgramStateRef State, SVal V,
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
index b6b4a86acbb2..bdd12a3ffe33 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
@@ -27,7 +27,7 @@
namespace llvm {
class APSInt;
-} // namespace llvm
+}
namespace clang {
class ASTContext;
@@ -872,8 +872,8 @@ class ScanReachableSymbols {
bool scan(const SymExpr *sym);
};
-} // namespace ento
+} // end ento namespace
-} // namespace clang
+} // end clang namespace
#endif
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h
index 5866be2b2e7c..7789b431c0a6 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h
@@ -149,16 +149,14 @@ class SubEngine {
}
virtual ProgramStateRef
- processPointerEscapedOnBind(ProgramStateRef State, SVal Loc, SVal Val,
- const LocationContext *LCtx) = 0;
-
- virtual ProgramStateRef notifyCheckersOfPointerEscape(
- ProgramStateRef State, const InvalidatedSymbols *Invalidated,
- ArrayRef<const MemRegion *> ExplicitRegions, const CallEvent *Call,
- RegionAndSymbolInvalidationTraits &HTraits) = 0;
+ processPointerEscapedOnBind(ProgramStateRef State, SVal Loc, SVal Val, const LocationContext *LCtx) = 0;
virtual ProgramStateRef
- processLocalRegionEscape(ProgramStateRef State, const MemRegion *R) const = 0;
+ notifyCheckersOfPointerEscape(ProgramStateRef State,
+ const InvalidatedSymbols *Invalidated,
+ ArrayRef<const MemRegion *> ExplicitRegions,
+ const CallEvent *Call,
+ RegionAndSymbolInvalidationTraits &HTraits) = 0;
/// printJson - Called by ProgramStateManager to print checker-specific data.
virtual void printJson(raw_ostream &Out, ProgramStateRef State,
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
index b6f6481c369d..efbc20f09250 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -193,8 +193,6 @@ typedef llvm::ImmutableMap<ConstructedObjectKey, SVal>
REGISTER_TRAIT_WITH_PROGRAMSTATE(ObjectsUnderConstruction,
ObjectsUnderConstructionMap)
-REGISTER_SET_WITH_PROGRAMSTATE(EscapedLocals, const MemRegion *)
-
//===----------------------------------------------------------------------===//
// Engine construction and deletion.
//===----------------------------------------------------------------------===//
@@ -725,12 +723,6 @@ void ExprEngine::removeDead(ExplodedNode *Pred, ExplodedNodeSet &Out,
SymReaper.markLive(MR);
}
- EscapedLocalsTy EscapedRegions = CleanedState->get<EscapedLocals>();
- for (const MemRegion *MR : EscapedRegions) {
- if (!SymReaper.isLiveRegion(MR))
- CleanedState = CleanedState->remove<EscapedLocals>(MR);
- }
-
getCheckerManager().runCheckersForLiveSymbols(CleanedState, SymReaper);
// Create a state in which dead bindings are removed from the environment
@@ -1202,11 +1194,6 @@ ProgramStateRef ExprEngine::escapeValue(ProgramStateRef State, SVal V,
State, Scanner.getSymbols(), /*CallEvent*/ nullptr, K, nullptr);
}
-ProgramStateRef ExprEngine::processLocalRegionEscape(ProgramStateRef State,
- const MemRegion *R) const {
- return State->add<EscapedLocals>(R);
-}
-
void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
ExplodedNodeSet &DstTop) {
PrettyStackTraceLoc CrashInfo(getContext().getSourceManager(),
@@ -2693,8 +2680,7 @@ void ExprEngine::VisitAtomicExpr(const AtomicExpr *AE, ExplodedNode *Pred,
// A value escapes in four possible cases:
// (1) We are binding to something that is not a memory region.
-// (2) We are binding to a MemRegion that does not have stack storage
-// or the stack storage is escaped.
+// (2) We are binding to a MemRegion that does not have stack storage.
// (3) We are binding to a top-level parameter region with a non-trivial
// destructor. We won't see the destructor during analysis, but it's there.
// (4) We are binding to a MemRegion with stack storage that the store
@@ -2705,7 +2691,7 @@ ExprEngine::processPointerEscapedOnBind(ProgramStateRef State, SVal Loc,
// Cases (1) and (2).
const MemRegion *MR = Loc.getAsRegion();
- if (!MR || !MR->hasStackStorage() || State->contains<EscapedLocals>(MR))
+ if (!MR || !MR->hasStackStorage())
return escapeValue(State, Val, PSK_EscapeOnBind);
// Case (3).
diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
index 35c10a7624e6..14006f79fd0f 100644
--- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -41,8 +41,7 @@ void ProgramStateRelease(const ProgramState *state) {
Mgr.freeStates.push_back(s);
}
}
-} // namespace ento
-} // namespace clang
+}}
ProgramState::ProgramState(ProgramStateManager *mgr, const Environment& env,
StoreRef st, GenericDataMap gdm)
@@ -210,13 +209,6 @@ ProgramState::invalidateRegionsImpl(ValueList Values,
ProgramStateRef newState = makeWithStore(newStore);
if (CausedByPointerEscape) {
- for (const MemRegion *R : Invalidated) {
- if (!R->hasStackStorage())
- continue;
-
- newState = Eng.processLocalRegionEscape(newState, R->getBaseRegion());
- }
-
newState = Eng.notifyCheckersOfPointerEscape(newState, IS,
TopLevelInvalidated,
Call,
diff --git a/clang/test/Analysis/symbol-escape.cpp b/clang/test/Analysis/symbol-escape.cpp
index dcdfe7b9717d..be5dfbcd9ef5 100644
--- a/clang/test/Analysis/symbol-escape.cpp
+++ b/clang/test/Analysis/symbol-escape.cpp
@@ -31,12 +31,3 @@ C **indirect_escape_in_bitwise_op() {
return Baz;
}
-void save_ptr(int **);
-void delete_saved();
-
-void store_to_escaped_region() {
- int *p;
- save_ptr(&p);
- p = new int;
- delete_saved();
-} // no-warning
More information about the cfe-commits
mailing list