diff options
| author | Ted Kremenek <kremenek@apple.com> | 2010-09-15 03:13:30 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2010-09-15 03:13:30 +0000 |
| commit | c4deb923166ca8e63a9943f1e5b304404709e92a (patch) | |
| tree | c0c1cb2d53275ac0883ffb484095f604499e3e23 /clang/lib/Checker/RegionStore.cpp | |
| parent | 02d6467291e88927afbd9152b71b69c26ca69c59 (diff) | |
| download | bcm5719-llvm-c4deb923166ca8e63a9943f1e5b304404709e92a.tar.gz bcm5719-llvm-c4deb923166ca8e63a9943f1e5b304404709e92a.zip | |
Disallow the use of UnknownVal as the index for ElementRegions. UnknownVals can be used as
the index when the value evaluation isn't powerful enough. By creating ElementRegions with
UnknownVals as the index, this gives the false impression that they are the same element, when
they really aren't. This becomes really problematic when deriving symbols from these regions
(e.g., those representing the initial value of the index), since two different indices will
get the same symbol for their binding.
This fixes an issue with the idempotent operations checker that would cause two indices that
are clearly not the same to make it appear as if they always had the same value.
Fixes <rdar://problem/8431728>.
llvm-svn: 113920
Diffstat (limited to 'clang/lib/Checker/RegionStore.cpp')
| -rw-r--r-- | clang/lib/Checker/RegionStore.cpp | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/clang/lib/Checker/RegionStore.cpp b/clang/lib/Checker/RegionStore.cpp index 4051f4d39b8..91f7cfaf6c8 100644 --- a/clang/lib/Checker/RegionStore.cpp +++ b/clang/lib/Checker/RegionStore.cpp @@ -786,7 +786,7 @@ SVal RegionStoreManager::ArrayToPointer(Loc Array) { ArrayType *AT = cast<ArrayType>(T); T = AT->getElementType(); - SVal ZeroIdx = ValMgr.makeZeroArrayIndex(); + NonLoc ZeroIdx = ValMgr.makeZeroArrayIndex(); return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, ArrayR, Ctx)); } @@ -828,14 +828,14 @@ SVal RegionStoreManager::EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R, else EleTy = T->getAs<ObjCObjectPointerType>()->getPointeeType(); - SVal ZeroIdx = ValMgr.makeZeroArrayIndex(); + const NonLoc &ZeroIdx = ValMgr.makeZeroArrayIndex(); ER = MRMgr.getElementRegion(EleTy, ZeroIdx, SR, Ctx); break; } case MemRegion::AllocaRegionKind: { const AllocaRegion *AR = cast<AllocaRegion>(MR); QualType EleTy = Ctx.CharTy; // Create an ElementRegion of bytes. - SVal ZeroIdx = ValMgr.makeZeroArrayIndex(); + NonLoc ZeroIdx = ValMgr.makeZeroArrayIndex(); ER = MRMgr.getElementRegion(EleTy, ZeroIdx, AR, Ctx); break; } @@ -889,8 +889,12 @@ SVal RegionStoreManager::EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R, SVal NewIdx = Base->evalBinOp(ValMgr, Op, cast<nonloc::ConcreteInt>(ValMgr.convertToArrayIndex(*Offset))); + + if (!isa<NonLoc>(NewIdx)) + return UnknownVal(); + const MemRegion* NewER = - MRMgr.getElementRegion(ER->getElementType(), NewIdx, + MRMgr.getElementRegion(ER->getElementType(), cast<NonLoc>(NewIdx), ER->getSuperRegion(), Ctx); return ValMgr.makeLoc(NewER); } @@ -1449,7 +1453,7 @@ Store RegionStoreManager::BindArray(Store store, const TypedRegion* R, if (VI == VE) break; - SVal Idx = ValMgr.makeArrayIndex(i); + const NonLoc &Idx = ValMgr.makeArrayIndex(i); const ElementRegion *ER = MRMgr.getElementRegion(ElementTy, Idx, R, Ctx); if (ElementTy->isStructureOrClassType()) |
