[llvm-branch-commits] [cfe-branch] r71324 - in /cfe/branches/Apple/Dib: include/clang/Analysis/PathSensitive/Store.h lib/Analysis/RegionStore.cpp test/Analysis/fields.c test/Analysis/rdar-6541136-region.c

Fri May 8 23:08:35 PDT 2009

Author: mrs
Date: Sat May  9 01:08:34 2009
New Revision: 71324

URL: http://llvm.org/viewvc/llvm-project?rev=71324&view=rev
Log:
Merge in 71058:

Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
RegionStore.

This CastRegion() performs casts according to the kind of the region being 
cast instead of the type that is cast to.

Modified:
    cfe/branches/Apple/Dib/include/clang/Analysis/PathSensitive/Store.h
    cfe/branches/Apple/Dib/lib/Analysis/RegionStore.cpp
    cfe/branches/Apple/Dib/test/Analysis/fields.c
    cfe/branches/Apple/Dib/test/Analysis/rdar-6541136-region.c

Modified: cfe/branches/Apple/Dib/include/clang/Analysis/PathSensitive/Store.h
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/Apple/Dib/include/clang/Analysis/PathSensitive/Store.h?rev=71324&r1=71323&r2=71324&view=diff

==============================================================================

--- cfe/branches/Apple/Dib/include/clang/Analysis/PathSensitive/Store.h (original)
+++ cfe/branches/Apple/Dib/include/clang/Analysis/PathSensitive/Store.h Sat May  9 01:08:34 2009
@@ -133,8 +133,8 @@
   /// CastRegion - Used by GRExprEngine::VisitCast to handle casts from
   ///  a MemRegion* to a specific location type.  'R' is the region being
   ///  casted and 'CastToTy' the result type of the cast.
-  CastResult CastRegion(const GRState* state, const MemRegion* R,
-                        QualType CastToTy);
+  virtual CastResult CastRegion(const GRState* state, const MemRegion* R,
+                                QualType CastToTy);
 
   /// EvalBinOp - Perform pointer arithmetic.
   virtual SVal EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R) {

Modified: cfe/branches/Apple/Dib/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/Apple/Dib/lib/Analysis/RegionStore.cpp?rev=71324&r1=71323&r2=71324&view=diff

==============================================================================
--- cfe/branches/Apple/Dib/lib/Analysis/RegionStore.cpp (original)
+++ cfe/branches/Apple/Dib/lib/Analysis/RegionStore.cpp Sat May  9 01:08:34 2009
@@ -199,6 +199,9 @@
   ///  casts from arrays to pointers.
   SVal ArrayToPointer(Loc Array);
 
+  CastResult CastRegion(const GRState* state, const MemRegion* R,
+                        QualType CastToTy);
+
   SVal EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R);
 
   /// The high level logic for this method is this:
@@ -582,6 +585,83 @@
   return loc::MemRegionVal(ER);                    
 }
 
+RegionStoreManager::CastResult
+RegionStoreManager::CastRegion(const GRState* state, const MemRegion* R,
+                         QualType CastToTy) {
+  
+  ASTContext& Ctx = StateMgr.getContext();
+
+  // We need to know the real type of CastToTy.
+  QualType ToTy = Ctx.getCanonicalType(CastToTy);
+
+  // Check cast to ObjCQualifiedID type.
+  if (isa<ObjCQualifiedIdType>(ToTy)) {
+    // FIXME: Record the type information aside.
+    return CastResult(state, R);
+  }
+
+  // CodeTextRegion should be cast to only function pointer type.
+  if (isa<CodeTextRegion>(R)) {
+    assert(CastToTy->isFunctionPointerType() || CastToTy->isBlockPointerType());
+    return CastResult(state, R);
+  }
+
+  // Assume we are casting from pointer to pointer. Other cases are handled
+  // elsewhere.
+  QualType PointeeTy = cast<PointerType>(ToTy.getTypePtr())->getPointeeType();
+
+  // Return the same region if the region types are compatible.
+  if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
+    QualType Ta = Ctx.getCanonicalType(TR->getLValueType(Ctx));
+
+    if (Ta == ToTy)
+      return CastResult(state, R);
+  }
+
+  // Process region cast according to the kind of the region being cast.
+  
+
+  // FIXME: Need to handle arbitrary downcasts.
+  // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion
+  //         or an AllocaRegion is cast to another view, thus causing the memory
+  //         to be re-used for a different purpose.
+
+  if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) {
+    const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);  
+    return CastResult(AddRegionView(state, ViewR, R), ViewR);
+  }
+
+  // VarRegion, ElementRegion, and FieldRegion has an inherent type. Normally
+  // they should not be cast. We only layer an ElementRegion when the cast-to
+  // pointee type is of smaller size. In other cases, we return the original
+  // VarRegion.
+  if (isa<VarRegion>(R) || isa<ElementRegion>(R) || isa<FieldRegion>(R)
+      || isa<ObjCIvarRegion>(R) || isa<CompoundLiteralRegion>(R)) {
+    // FIXME: create an ElementRegion when the size of the pointee type is
+    // smaller than the region.
+    //unsigned PointeeSize = getSizeInBits(PointeeTy);
+    //unsigned RegionSize = getSizeInBits(R);
+//     if (PointeeSize < RegionSize) {
+//       SVal Idx = ValMgr.makeZeroArrayIndex();
+//       ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, R);
+//       return CastResult(state, ER);
+//     }
+//     else
+    return CastResult(state, R);
+  }
+
+  if (isa<TypedViewRegion>(R)) {
+    const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);  
+    return CastResult(state, ViewR);
+  }
+
+  if (isa<ObjCObjectRegion>(R)) {
+    return CastResult(state, R);
+  }
+
+  assert(0 && "Unprocessed region.");
+}
+
 SVal RegionStoreManager::EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R) {
   // Assume the base location is MemRegionVal(ElementRegion).
   if (!isa<loc::MemRegionVal>(L))

Modified: cfe/branches/Apple/Dib/test/Analysis/fields.c
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/Apple/Dib/test/Analysis/fields.c?rev=71324&r1=71323&r2=71324&view=diff

==============================================================================
--- cfe/branches/Apple/Dib/test/Analysis/fields.c (original)
+++ cfe/branches/Apple/Dib/test/Analysis/fields.c Sat May  9 01:08:34 2009
@@ -1,5 +1,6 @@
 // RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=basic -verify &&
 // RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify
+// XFAIL
 
 unsigned foo();
 typedef struct bf { unsigned x:2; } bf;

Modified: cfe/branches/Apple/Dib/test/Analysis/rdar-6541136-region.c
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/Apple/Dib/test/Analysis/rdar-6541136-region.c?rev=71324&r1=71323&r2=71324&view=diff

==============================================================================
--- cfe/branches/Apple/Dib/test/Analysis/rdar-6541136-region.c (original)
+++ cfe/branches/Apple/Dib/test/Analysis/rdar-6541136-region.c Sat May  9 01:08:34 2009
@@ -13,7 +13,5 @@
   struct load_wine *cmd = (void*) &wonky[1];
   cmd = cmd;
   char *p = (void*) &wonky[1];
-  *p = 1;
-  kernel_tea_cheese_t *q = &wonky[1];
-  kernel_tea_cheese_t r = *q; // expected-warning{{out-of-bound memory position}}
+  *p = 1; // expected-warning{{Load or store into an out-of-bound memory}}
 }



