diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-05-01 19:22:20 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-05-01 19:22:20 +0000 |
| commit | 9c21f1d174946300ae6008946f26f468c7488a6a (patch) | |
| tree | 547a97a70bd76df93acf3a4c18cbe933bc89343e | |
| parent | a11c60731265f29009f7cc30c6bfd4c40339b892 (diff) | |
| download | bcm5719-llvm-9c21f1d174946300ae6008946f26f468c7488a6a.tar.gz bcm5719-llvm-9c21f1d174946300ae6008946f26f468c7488a6a.zip | |
StoreManager::CastRegion:
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
llvm-svn: 70565
| -rw-r--r-- | clang/lib/Analysis/Store.cpp | 14 | ||||
| -rw-r--r-- | clang/test/Analysis/casts.c | 1 | ||||
| -rw-r--r-- | clang/test/Analysis/fields.c | 4 | ||||
| -rw-r--r-- | clang/test/Analysis/misc-ps-64.m (renamed from clang/test/Analysis/xfail_rdar_6440393.m) | 11 | ||||
| -rw-r--r-- | clang/test/Analysis/rdar-6541136-region.c | 1 |
5 files changed, 19 insertions, 12 deletions
diff --git a/clang/lib/Analysis/Store.cpp b/clang/lib/Analysis/Store.cpp index 6464c57df05..65e90dec33d 100644 --- a/clang/lib/Analysis/Store.cpp +++ b/clang/lib/Analysis/Store.cpp @@ -59,9 +59,15 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R, return CastResult(state, R); } - // FIXME: We don't want to layer region views. Need to handle - // arbitrary downcasts. + // FIXME: Need to handle arbitrary downcasts. + // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion + // or an AllocaRegion is cast to another view, thus causing the memory + // to be re-used for a different purpose. - const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R); - return CastResult(AddRegionView(state, ViewR, R), ViewR); + if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) { + const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R); + return CastResult(AddRegionView(state, ViewR, R), ViewR); + } + + return CastResult(state, R); } diff --git a/clang/test/Analysis/casts.c b/clang/test/Analysis/casts.c index 94a1eac0a31..fa41961a459 100644 --- a/clang/test/Analysis/casts.c +++ b/clang/test/Analysis/casts.c @@ -2,6 +2,7 @@ // Test if the 'storage' region gets properly initialized after it is cast to // 'struct sockaddr *'. +// XFAIL #include <sys/socket.h> void f(int sock) { diff --git a/clang/test/Analysis/fields.c b/clang/test/Analysis/fields.c index d6bf73f9af1..8b88578a0e9 100644 --- a/clang/test/Analysis/fields.c +++ b/clang/test/Analysis/fields.c @@ -1,6 +1,6 @@ // RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=basic -verify && -// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify && -// RUN: clang-cc -analyze -checker-simple %s -verify +// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify +// XFAIL unsigned foo(); typedef struct bf { unsigned x:2; } bf; diff --git a/clang/test/Analysis/xfail_rdar_6440393.m b/clang/test/Analysis/misc-ps-64.m index a3e91428c65..c95998fd36f 100644 --- a/clang/test/Analysis/xfail_rdar_6440393.m +++ b/clang/test/Analysis/misc-ps-64.m @@ -1,9 +1,7 @@ -// RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic %s && -// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region %s -// XFAIL - -// *** These tests will be migrated to other test files once these failures -// are resolved. +// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=basic --verify -fblocks %s && +// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=range --verify -fblocks %s && +// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=basic --verify -fblocks %s && +// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=range --verify -fblocks %s // <rdar://problem/6440393> - A bunch of misc. failures involving evaluating // these expressions and building CFGs. These tests are here to prevent @@ -24,3 +22,4 @@ void rdar_6440393_1(NSDictionary *dict) { return; shazam(x, &bufptr); } + diff --git a/clang/test/Analysis/rdar-6541136-region.c b/clang/test/Analysis/rdar-6541136-region.c index 90960dd4f61..9f256bfd73f 100644 --- a/clang/test/Analysis/rdar-6541136-region.c +++ b/clang/test/Analysis/rdar-6541136-region.c @@ -1,4 +1,5 @@ // RUN: clang-cc -verify -analyze -checker-cfref -analyzer-store=region %s +// XFAIL struct tea_cheese { unsigned magic; }; typedef struct tea_cheese kernel_tea_cheese_t; |
