diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-09-24 04:11:44 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-09-24 04:11:44 +0000 |
| commit | 267e45adab7f7dbbcf3299565840b95c21e6e3c0 (patch) | |
| tree | 7d0b0683ca0dd01a2c1684117a3d33bce867448d | |
| parent | f24b18fb06b7e0b4a21a7b5bcb57f5e82be68b27 (diff) | |
| download | bcm5719-llvm-267e45adab7f7dbbcf3299565840b95c21e6e3c0.tar.gz bcm5719-llvm-267e45adab7f7dbbcf3299565840b95c21e6e3c0.zip | |
Fix: <rdar://problem/7249340> [RegionStore] model stores to symbolic parameter regions
The issue was a discrepancy between how RegionStoreManager::Bind() and
RegionStoreManager::Retrieve() derived the "key" for the first element
of a symbolic region.
llvm-svn: 82680
| -rw-r--r-- | clang/lib/Analysis/RegionStore.cpp | 28 | ||||
| -rw-r--r-- | clang/test/Analysis/misc-ps-region-store.m | 11 |
2 files changed, 33 insertions, 6 deletions
diff --git a/clang/lib/Analysis/RegionStore.cpp b/clang/lib/Analysis/RegionStore.cpp index b54fa272a00..31f52a55b3d 100644 --- a/clang/lib/Analysis/RegionStore.cpp +++ b/clang/lib/Analysis/RegionStore.cpp @@ -315,6 +315,9 @@ public: const GRState *state, const TypedRegion *R); + const ElementRegion *GetElementZeroRegion(const SymbolicRegion *SR, + QualType T); + //===------------------------------------------------------------------===// // State pruning. //===------------------------------------------------------------------===// @@ -857,6 +860,16 @@ static bool IsReinterpreted(QualType RTy, QualType UsedTy, ASTContext &Ctx) { return true; } +const ElementRegion * +RegionStoreManager::GetElementZeroRegion(const SymbolicRegion *SR, QualType T) { + ASTContext &Ctx = getContext(); + SVal idx = ValMgr.makeZeroArrayIndex(); + assert(!T.isNull()); + return MRMgr.getElementRegion(T, idx, SR, Ctx); +} + + + SValuator::CastResult RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { @@ -879,12 +892,8 @@ RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { if (isa<AllocaRegion>(MR)) return SValuator::CastResult(state, UnknownVal()); - if (isa<SymbolicRegion>(MR)) { - ASTContext &Ctx = getContext(); - SVal idx = ValMgr.makeZeroArrayIndex(); - assert(!T.isNull()); - MR = MRMgr.getElementRegion(T, idx, MR, Ctx); - } + if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(MR)) + MR = GetElementZeroRegion(SR, T); if (isa<CodeTextRegion>(MR)) return SValuator::CastResult(state, UnknownVal()); @@ -1309,6 +1318,13 @@ const GRState *RegionStoreManager::Bind(const GRState *state, Loc L, SVal V) { } } } + else if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R)) { + // Binding directly to a symbolic region should be treated as binding + // to element 0. + QualType T = SR->getSymbol()->getType(getContext()); + T = cast<PointerType>(T)->getPointeeType(); + R = GetElementZeroRegion(SR, T); + } // Perform the binding. RegionBindings B = GetRegionBindings(state->getStore()); diff --git a/clang/test/Analysis/misc-ps-region-store.m b/clang/test/Analysis/misc-ps-region-store.m index 4c753484bc9..569fc790d63 100644 --- a/clang/test/Analysis/misc-ps-region-store.m +++ b/clang/test/Analysis/misc-ps-region-store.m @@ -195,3 +195,14 @@ CGFloat rdar7242006_negative(CGFloat x) { return y.width; // expected-warning{{garbage}} } +// <rdar://problem/7249340> - Allow binding of values to symbolic regions. +// This test case shows how RegionStore tracks the value bound to 'x' +// after the assignment. +void rdar_7249340(int *x) { + *x = 1; + if (*x) + return; + int *p = 0; // This is unreachable. + *p = 0xDEADBEEF; // no-warning +} + |
