diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-05-06 18:19:24 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-05-06 18:19:24 +0000 |
| commit | 0626df4eeba5e0f396ecc921662d6a8c345ce7fd (patch) | |
| tree | 5ce5697470f7daea257c8f020b242029ecf4e262 /clang/lib/Analysis/CFRefCount.cpp | |
| parent | 342053cd2767d8a07fe0e73737c00089c3ffba5c (diff) | |
| download | bcm5719-llvm-0626df4eeba5e0f396ecc921662d6a8c345ce7fd.tar.gz bcm5719-llvm-0626df4eeba5e0f396ecc921662d6a8c345ce7fd.zip | |
Fix analyzer regression reported in PR 4164:
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
- Strip ElementRegions when the ElementRegion is just a 'raw data' view
on top of the underlying typed region.
llvm-svn: 71094
Diffstat (limited to 'clang/lib/Analysis/CFRefCount.cpp')
| -rw-r--r-- | clang/lib/Analysis/CFRefCount.cpp | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/clang/lib/Analysis/CFRefCount.cpp b/clang/lib/Analysis/CFRefCount.cpp index ca420006d24..4c517fd537c 100644 --- a/clang/lib/Analysis/CFRefCount.cpp +++ b/clang/lib/Analysis/CFRefCount.cpp @@ -2606,7 +2606,29 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst, const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion()); - if (R) { + if (R) { + // Are we dealing with an ElementRegion? If the element type is + // a basic integer type (e.g., char, int) and the underying region + // is also typed then strip off the ElementRegion. + // FIXME: We really need to think about this for the general case + // as sometimes we are reasoning about arrays and other times + // about (char*), etc., is just a form of passing raw bytes. + // e.g., void *p = alloca(); foo((char*)p); + if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) { + // Checking for 'integral type' is probably too promiscuous, but + // we'll leave it in for now until we have a systematic way of + // handling all of these cases. Eventually we need to come up + // with an interface to StoreManager so that this logic can be + // approriately delegated to the respective StoreManagers while + // still allowing us to do checker-specific logic (e.g., + // invalidating reference counts), probably via callbacks. + if (ER->getElementType()->isIntegralType()) + if (const TypedRegion *superReg = + dyn_cast<TypedRegion>(ER->getSuperRegion())) + R = superReg; + // FIXME: What about layers of ElementRegions? + } + // Is the invalidated variable something that we were tracking? SymbolRef Sym = state.GetSValAsScalarOrLoc(R).getAsLocSymbol(); |
