diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2013-03-20 20:35:53 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2013-03-20 20:35:53 +0000 |
| commit | 5413aaa791c2c35eca1ea041899e1666e8d46602 (patch) | |
| tree | 7547b1c188c032583ac4f4b52b34b7d549fec6df /clang/lib/StaticAnalyzer/Core/ProgramState.cpp | |
| parent | 153c81b7c4736de0627e7b885e1d957dbf19cbf4 (diff) | |
| download | bcm5719-llvm-5413aaa791c2c35eca1ea041899e1666e8d46602.tar.gz bcm5719-llvm-5413aaa791c2c35eca1ea041899e1666e8d46602.zip | |
[analyzer] Invalidate regions indirectly accessible through const pointers.
In this case, the value of 'x' may be changed after the call to indirectAccess:
struct Wrapper {
int *ptr;
};
void indirectAccess(const Wrapper &w);
void test() {
int x = 42;
Wrapper w = { x };
clang_analyzer_eval(x == 42); // TRUE
indirectAccess(w);
clang_analyzer_eval(x == 42); // UNKNOWN
}
This is important for modelling return-by-value objects in C++, to show
that the contents of the struct are escaping in the return copy-constructor.
<rdar://problem/13239826>
llvm-svn: 177570
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/ProgramState.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ProgramState.cpp | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp index 64205f8d998..3e47dcef2bf 100644 --- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp +++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp @@ -140,30 +140,34 @@ ProgramStateRef ProgramState::bindDefault(SVal loc, SVal V) const { new_state; } +typedef ArrayRef<const MemRegion *> RegionList; + ProgramStateRef -ProgramState::invalidateRegions(ArrayRef<const MemRegion *> Regions, +ProgramState::invalidateRegions(RegionList Regions, const Expr *E, unsigned Count, const LocationContext *LCtx, bool CausedByPointerEscape, InvalidatedSymbols *IS, - const CallEvent *Call) const { + const CallEvent *Call, + RegionList ConstRegions) const { if (!IS) { InvalidatedSymbols invalidated; return invalidateRegionsImpl(Regions, E, Count, LCtx, CausedByPointerEscape, - invalidated, Call); + invalidated, Call, ConstRegions); } return invalidateRegionsImpl(Regions, E, Count, LCtx, CausedByPointerEscape, - *IS, Call); + *IS, Call, ConstRegions); } ProgramStateRef -ProgramState::invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, +ProgramState::invalidateRegionsImpl(RegionList Regions, const Expr *E, unsigned Count, const LocationContext *LCtx, bool CausedByPointerEscape, InvalidatedSymbols &IS, - const CallEvent *Call) const { + const CallEvent *Call, + RegionList ConstRegions) const { ProgramStateManager &Mgr = getStateManager(); SubEngine* Eng = Mgr.getOwningEngine(); @@ -171,7 +175,7 @@ ProgramState::invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, StoreManager::InvalidatedRegions Invalidated; const StoreRef &newStore = Mgr.StoreMgr->invalidateRegions(getStore(), Regions, E, Count, LCtx, IS, - Call, &Invalidated); + Call, ConstRegions, &Invalidated); ProgramStateRef newState = makeWithStore(newStore); @@ -184,7 +188,7 @@ ProgramState::invalidateRegionsImpl(ArrayRef<const MemRegion *> Regions, const StoreRef &newStore = Mgr.StoreMgr->invalidateRegions(getStore(), Regions, E, Count, LCtx, IS, - Call, NULL); + Call, ConstRegions, NULL); return makeWithStore(newStore); } |
