summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
diff options
context:
space:
mode:
Diffstat (limited to 'clang/lib/Analysis')
-rw-r--r--clang/lib/Analysis/BasicObjCFoundationChecks.cpp6
-rw-r--r--clang/lib/Analysis/BasicStore.cpp44
-rw-r--r--clang/lib/Analysis/CFRefCount.cpp4
-rw-r--r--clang/lib/Analysis/CheckNSError.cpp6
-rw-r--r--clang/lib/Analysis/MemRegion.cpp56
-rw-r--r--clang/lib/Analysis/RegionStore.cpp2
6 files changed, 99 insertions, 19 deletions
diff --git a/clang/lib/Analysis/BasicObjCFoundationChecks.cpp b/clang/lib/Analysis/BasicObjCFoundationChecks.cpp
index 8e322189e62..96a7ea1c168 100644
--- a/clang/lib/Analysis/BasicObjCFoundationChecks.cpp
+++ b/clang/lib/Analysis/BasicObjCFoundationChecks.cpp
@@ -367,7 +367,7 @@ public:
private:
- void AddError(TypedRegion* R, Expr* Ex, ExplodedNode<GRState> *N,
+ void AddError(const TypedRegion* R, Expr* Ex, ExplodedNode<GRState> *N,
uint64_t SourceSize, uint64_t TargetSize, uint64_t NumberKind);
};
} // end anonymous namespace
@@ -503,7 +503,7 @@ bool AuditCFNumberCreate::Audit(ExplodedNode<GRState>* N,GRStateManager&){
if (!LV)
return false;
- TypedRegion* R = dyn_cast<TypedRegion>(LV->getRegion());
+ const TypedRegion* R = dyn_cast<TypedRegion>(LV->getRegion());
if (!R)
return false;
@@ -530,7 +530,7 @@ bool AuditCFNumberCreate::Audit(ExplodedNode<GRState>* N,GRStateManager&){
return SourceSize < TargetSize;
}
-void AuditCFNumberCreate::AddError(TypedRegion* R, Expr* Ex,
+void AuditCFNumberCreate::AddError(const TypedRegion* R, Expr* Ex,
ExplodedNode<GRState> *N,
uint64_t SourceSize, uint64_t TargetSize,
uint64_t NumberKind) {
diff --git a/clang/lib/Analysis/BasicStore.cpp b/clang/lib/Analysis/BasicStore.cpp
index 7998ef4613f..e1220ce674d 100644
--- a/clang/lib/Analysis/BasicStore.cpp
+++ b/clang/lib/Analysis/BasicStore.cpp
@@ -90,7 +90,41 @@ SVal BasicStoreManager::getLValueIvar(const GRState* St, const ObjCIvarDecl* D,
SVal BasicStoreManager::getLValueField(const GRState* St, const FieldDecl* D,
SVal Base) {
- return UnknownVal();
+
+ if (Base.isUnknownOrUndef())
+ return Base;
+
+ Loc BaseL = cast<Loc>(Base);
+ const MemRegion* BaseR = 0;
+
+ switch(BaseL.getSubKind()) {
+ case loc::SymbolValKind:
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ break;
+
+ case loc::GotoLabelKind:
+ case loc::FuncValKind:
+ // Technically we can get here if people do funny things with casts.
+ return UndefinedVal();
+
+ case loc::MemRegionKind:
+ BaseR = cast<loc::MemRegionVal>(BaseL).getRegion();
+ break;
+
+ case loc::ConcreteIntKind:
+ case loc::StringLiteralValKind:
+ // While these seem funny, this can happen through casts.
+ // FIXME: What we should return is the field offset. For example,
+ // add the field offset to the integer value. That way funny things
+ // like this work properly: &(((struct foo *) 0xa)->f)
+ return Base;
+
+ default:
+ assert ("Unhandled Base.");
+ return Base;
+ }
+
+ return loc::MemRegionVal(MRMgr.getFieldRegion(D, BaseR));
}
SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base,
@@ -108,7 +142,7 @@ SVal BasicStoreManager::GetSVal(Store St, Loc LV, QualType T) {
switch (LV.getSubKind()) {
case loc::MemRegionKind: {
- VarRegion* R =
+ const VarRegion* R =
dyn_cast<VarRegion>(cast<loc::MemRegionVal>(LV).getRegion());
if (!R)
@@ -145,7 +179,7 @@ SVal BasicStoreManager::GetSVal(Store St, Loc LV, QualType T) {
Store BasicStoreManager::SetSVal(Store store, Loc LV, SVal V) {
switch (LV.getSubKind()) {
case loc::MemRegionKind: {
- VarRegion* R =
+ const VarRegion* R =
dyn_cast<VarRegion>(cast<loc::MemRegionVal>(LV).getRegion());
if (!R)
@@ -165,8 +199,8 @@ Store BasicStoreManager::SetSVal(Store store, Loc LV, SVal V) {
Store BasicStoreManager::Remove(Store store, Loc LV) {
switch (LV.getSubKind()) {
case loc::MemRegionKind: {
- VarRegion* R =
- dyn_cast<VarRegion>(cast<loc::MemRegionVal>(LV).getRegion());
+ const VarRegion* R =
+ dyn_cast<VarRegion>(cast<loc::MemRegionVal>(LV).getRegion());
if (!R)
return store;
diff --git a/clang/lib/Analysis/CFRefCount.cpp b/clang/lib/Analysis/CFRefCount.cpp
index 9d632314b2d..e720096aaf7 100644
--- a/clang/lib/Analysis/CFRefCount.cpp
+++ b/clang/lib/Analysis/CFRefCount.cpp
@@ -1513,7 +1513,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst,
state = state.remove<RefBindings>(Sym);
}
- TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion());
+ const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion());
if (R) {
// Set the value of the variable to be a conjured symbol.
unsigned Count = Builder.getCurrentBlockCount();
@@ -1717,7 +1717,7 @@ void CFRefCount::EvalStore(ExplodedNodeSet<GRState>& Dst,
if (!isa<loc::MemRegionVal>(TargetLV))
escapes = true;
else {
- MemRegion* R = cast<loc::MemRegionVal>(TargetLV).getRegion();
+ const MemRegion* R = cast<loc::MemRegionVal>(TargetLV).getRegion();
escapes = !Eng.getStateManager().hasStackStorage(R);
}
diff --git a/clang/lib/Analysis/CheckNSError.cpp b/clang/lib/Analysis/CheckNSError.cpp
index 38d32a731dd..f76b601e2d5 100644
--- a/clang/lib/Analysis/CheckNSError.cpp
+++ b/clang/lib/Analysis/CheckNSError.cpp
@@ -216,7 +216,11 @@ void NSErrorCheck::CheckParamDeref(VarDecl* Param, GRStateRef rootState,
GRExprEngine& Eng, GRBugReporter& BR,
bool isNSErrorWarning) {
- SVal ParamSVal = rootState.GetLValue(Param);
+ SVal ParamL = rootState.GetLValue(Param);
+ const MemRegion* ParamR = cast<loc::MemRegionVal>(ParamL).getRegionAs<VarRegion>();
+ assert (ParamR && "Parameters always have VarRegions.");
+ SVal ParamSVal = rootState.GetSVal(ParamR);
+
// FIXME: For now assume that ParamSVal is symbolic. We need to generalize
// this later.
diff --git a/clang/lib/Analysis/MemRegion.cpp b/clang/lib/Analysis/MemRegion.cpp
index 747d2f68181..97a4fbc2950 100644
--- a/clang/lib/Analysis/MemRegion.cpp
+++ b/clang/lib/Analysis/MemRegion.cpp
@@ -56,6 +56,15 @@ void DeclRegion::Profile(llvm::FoldingSetNodeID& ID) const {
DeclRegion::ProfileRegion(ID, D, superRegion, getKind());
}
+void SymbolicRegion::ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolID sym) {
+ ID.AddInteger((unsigned) MemRegion::SymbolicRegionKind);
+ ID.AddInteger(sym.getNumber());
+}
+
+void SymbolicRegion::Profile(llvm::FoldingSetNodeID& ID) const {
+ SymbolicRegion::ProfileRegion(ID, sym);
+}
+
//===----------------------------------------------------------------------===//
// Region pretty-printing.
//===----------------------------------------------------------------------===//
@@ -75,6 +84,10 @@ void VarRegion::print(llvm::raw_ostream& os) const {
os << cast<VarDecl>(D)->getName();
}
+void SymbolicRegion::print(llvm::raw_ostream& os) const {
+ os << "$" << sym.getNumber();
+}
+
//===----------------------------------------------------------------------===//
// MemRegionManager methods.
//===----------------------------------------------------------------------===//
@@ -106,7 +119,7 @@ MemSpaceRegion* MemRegionManager::getUnknownRegion() {
}
VarRegion* MemRegionManager::getVarRegion(const VarDecl* d,
- MemRegion* superRegion) {
+ const MemRegion* superRegion) {
llvm::FoldingSetNodeID ID;
DeclRegion::ProfileRegion(ID, d, superRegion, MemRegion::VarRegionKind);
@@ -123,8 +136,27 @@ VarRegion* MemRegionManager::getVarRegion(const VarDecl* d,
return R;
}
+/// getSymbolicRegion - Retrieve or create a "symbolic" memory region.
+SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolID sym) {
+
+ llvm::FoldingSetNodeID ID;
+ SymbolicRegion::ProfileRegion(ID, sym);
+
+ void* InsertPos;
+ MemRegion* data = Regions.FindNodeOrInsertPos(ID, InsertPos);
+ SymbolicRegion* R = cast_or_null<SymbolicRegion>(data);
+
+ if (!R) {
+ R = (SymbolicRegion*) A.Allocate<SymbolicRegion>();
+ new (R) SymbolicRegion(sym);
+ Regions.InsertNode(R, InsertPos);
+ }
+
+ return R;
+}
+
FieldRegion* MemRegionManager::getFieldRegion(const FieldDecl* d,
- MemRegion* superRegion) {
+ const MemRegion* superRegion) {
llvm::FoldingSetNodeID ID;
DeclRegion::ProfileRegion(ID, d, superRegion, MemRegion::FieldRegionKind);
@@ -141,8 +173,9 @@ FieldRegion* MemRegionManager::getFieldRegion(const FieldDecl* d,
return R;
}
-ObjCIvarRegion* MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl* d,
- MemRegion* superRegion) {
+ObjCIvarRegion*
+MemRegionManager::getObjCIvarRegion(const ObjCIvarDecl* d,
+ const MemRegion* superRegion) {
llvm::FoldingSetNodeID ID;
DeclRegion::ProfileRegion(ID, d, superRegion, MemRegion::ObjCIvarRegionKind);
@@ -181,11 +214,20 @@ AnonPointeeRegion* MemRegionManager::getAnonPointeeRegion(const VarDecl* d) {
}
bool MemRegionManager::hasStackStorage(const MemRegion* R) {
+ const SubRegion* SR = dyn_cast<SubRegion>(R);
+
+ // Only subregions can have stack storage.
+ if (!SR)
+ return false;
+
MemSpaceRegion* S = getStackRegion();
- while (R) {
- if (R == S) return true;
- R = R->getSuperRegion();
+ while (SR) {
+ R = SR->getSuperRegion();
+ if (R == S)
+ return true;
+
+ SR = dyn_cast<SubRegion>(R);
}
return false;
diff --git a/clang/lib/Analysis/RegionStore.cpp b/clang/lib/Analysis/RegionStore.cpp
index 6757f43ae10..48706ce8054 100644
--- a/clang/lib/Analysis/RegionStore.cpp
+++ b/clang/lib/Analysis/RegionStore.cpp
@@ -52,7 +52,7 @@ public:
Store RegionStoreManager::SetSVal(Store store, Loc LV, SVal V) {
assert(LV.getSubKind() == loc::MemRegionKind);
- MemRegion* R = cast<loc::MemRegionVal>(LV).getRegion();
+ const MemRegion* R = cast<loc::MemRegionVal>(LV).getRegion();
if (!R)
return store;
OpenPOWER on IntegriCloud