summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/BasicStore.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* Add array index assertion: BasicStore should not expect any fancyTed Kremenek2009-05-041-1/+4
| | | | | | ElementRegions that have non-zero array indices. llvm-svn: 70867
* array indexes are unsigned integers of the same width as pointer.Zhongxing Xu2009-05-041-5/+4
| | | | | | | no-outofbounds.c still fails. Previously it passed because the array index is mistakenly a loc::ConcreteInt. llvm-svn: 70844
* BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.Ted Kremenek2009-05-041-9/+10
| | | | | | | StoreManager: Handle casts from one element region to another. Update test cases. llvm-svn: 70836
* Per conversations with Zhongxing, add an 'element type' toTed Kremenek2009-05-041-4/+7
| | | | | | | | | | | | | | | | | | | ElementRegion. I also removed 'ElementRegion::getArrayRegion', although we may need to add this back. This breaks a few test cases with RegionStore: - 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate. - misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic: 'Line 159: Uninitialized or undefined return value returned to caller.' There were a bunch of places that needed to be edit RegionStoreManager, and we may not be passing all the correct 'element types' down from GRExprEngine. Zhongxing: When you get a chance, could you review this? I could have easily screwed up something basic in RegionStoreManager. llvm-svn: 70830
* Basic Store: Always convert a non::LocAsInteger to a Loc when storing to a ↵Ted Kremenek2009-05-011-17/+16
| | | | | | pointer. llvm-svn: 70564
* Add corner case logic to BasicStoreManager and GRSimpleVals::EvalBinOp to enableTed Kremenek2009-04-291-5/+36
| | | | | | | | | | | | | | reasoning about OSCompareAndSwap32Barrier/OSCompareAndSwap64Barrier. Essentially the address of reference to a region (pointer-to-pointer) can be casted to (int32_t*), and we need to handle the logic to convert the involved locations back and forth from nonloc::LocAsInteger, nonloc::ConcreteInt, to Loc and loc::ConcreteInt respectively. This adds some potentially suspect logic to BasicStoreManager that allows the analyzer to reason about abuses of the C type system. This should probably be refined, be ported over to RegionStoreManager, and extended with "path-sensitive type checking" to flag bugs in clearly incoherent code. llvm-svn: 70382
* Refactor 'BasicStoreManager::CastRegion' and 'RegionStoreManager::CastRegion'Ted Kremenek2009-04-211-29/+1
| | | | | | | | into StoreManager::CastRegion. Both methods were practically identical, and this is core logic that is common to all StoreManagers since it defines the basic invariants of the abstract memory model. llvm-svn: 69730
* Remove loc::FuncVal.Zhongxing Xu2009-04-201-5/+0
| | | | llvm-svn: 69577
* FunctionDecl::getBody() is getting an ASTContext argument for use inDouglas Gregor2009-04-181-1/+1
| | | | | | | | lazy PCH deserialization. Propagate that argument wherever it needs to be. No functionality change, except that I've tightened up a few PCH tests in preparation. llvm-svn: 69406
* Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"Ted Kremenek2009-04-111-0/+31
| | | | | | | | | ProgramPoints all the way through to GRCoreEngine. NSString.m now fails with RegionStoreManager because of the void** cast. Disabling use of region store for that test for now. llvm-svn: 68845
* Finally nuke loc::SymbolVal.Zhongxing Xu2009-04-101-23/+0
| | | | llvm-svn: 68771
* - Move ownership of MemRegionManager into ValueManager.Ted Kremenek2009-04-091-7/+4
| | | | | | | - Pull SVal::GetConjuredSymbol() and friends into ValueManager. This greatly simplifies the calling interface to clients. llvm-svn: 68731
* This is the first step to gradually remove the use of loc::SymbolVal. NowZhongxing Xu2009-04-031-5/+9
| | | | | | | | when creating symbolic values, we distinguish between location and non-location values. For location values, we create a symbolic region instead of a loc::SymbolVal. llvm-svn: 68373
* Simplify more code by using SVal::getAsSymbol().Ted Kremenek2009-03-301-1/+1
| | | | llvm-svn: 68052
* Implement a FIXME.Zhongxing Xu2009-03-301-1/+1
| | | | llvm-svn: 68024
* analyzer infrastructure: make a bunch of changes to symbolic expressions thatTed Kremenek2009-03-261-4/+3
| | | | | | | | | | | | | | | | Zhongxing and I discussed by email. Main changes: - Removed SymIntConstraintVal and SymIntConstraint - Added SymExpr as a parent class to SymbolData, SymSymExpr, SymIntExpr - Added nonloc::SymExprVal to wrap SymExpr - SymbolRef is now just a typedef of 'const SymbolData*' - Bunch of minor code cleanups in how some methods were invoked (no functionality change) This changes are part of a long-term plan to have full symbolic expression trees. This will be useful for lazily evaluating complicated expressions. llvm-svn: 67731
* analyzer: Fix embarrassing regression in BasicStore when invalidating structTed Kremenek2009-03-231-0/+4
| | | | | | values passed-by-reference to unknown functions. llvm-svn: 67519
* Fix crash reported in <rdar://problem/6695527>. We now haveTed Kremenek2009-03-181-13/+9
| | | | | | | | | SVal::GetRValueSymbolVal do the checking if we can symbolicate a type instead of having BasicStoreManager do it (which wasn't always doing the check consistently). Having this check in SVal::GetRValueSymbolVal keeps the check in one centralized place. llvm-svn: 67245
* Retrofit some basic tracking of ivars (for the current object) into BasicStore.Ted Kremenek2009-03-051-30/+85
| | | | llvm-svn: 66166
* Minor code compaction. No functionality change.Ted Kremenek2009-03-051-11/+5
| | | | llvm-svn: 66165
* Rename VarBindings -> Bindings.Ted Kremenek2009-03-051-15/+15
| | | | llvm-svn: 66164
* BasicStore:Ted Kremenek2009-03-051-14/+16
| | | | | | | | | | | | | - Store bindings using a MemRegion -> SVal binding instead of VarDecl -> SVal binding. This mirrors some of the idea of RegionStore, but is far simpler and not nearly as functional. This leads to some code simplification and some potential for some minor precision hacks. Along the way... - constify the use of MemRegion* in a few places - add operator<<(llvm::raw_ostream, const MemRegion*) llvm-svn: 66163
* Don't use std::auto_ptr with getSubRegionMap().Ted Kremenek2009-03-031-2/+2
| | | | llvm-svn: 65957
* Implement FIXME: GRStateManager::scanReachableSymbols now supports scanning ↵Ted Kremenek2009-03-031-1/+2
| | | | | | MemRegions. llvm-svn: 65919
* Add StoreManager::getSubRegionMap(). This method returns an opaque mapping ↵Ted Kremenek2009-03-031-0/+13
| | | | | | for clients of StoreManagers from MemRegions to their subregions. llvm-svn: 65914
* Rename AnonTypedRegion to TypedViewRegion.Ted Kremenek2009-03-011-2/+2
| | | | llvm-svn: 65764
* Make SymbolicRegion subclass TypedRegion, for symbols usually have types, so Zhongxing Xu2009-02-051-2/+4
| | | | | | | | | | | | | | do the symblic regions associated with them and we need them to be typed. Current SymbolicRegion::getRValueType() method is very restricting. It may be modified when we are more clear about what could be the types of symblic regions. BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a subclass of SubRegion. llvm-svn: 63844
* Fix bug in BasicStore::getLValueElement where if the base of an array ↵Ted Kremenek2009-01-271-2/+12
| | | | | | | | subscript expression was an ElementRegion we stacked another ElementRegion on top of that. This fixes PR 3422. llvm-svn: 63110
* Static analyzer: Remove a bunch of outdated SymbolData objects andTed Kremenek2009-01-221-3/+4
| | | | | | | | | | | | | | | | | | | | their associated APIs. We no longer need separate SymbolData objects for fields, variables, etc. Instead, we now associated symbols with the "rvalue" of a MemRegion (i.e., the value stored at that region). Now we only have two kinds of SymbolData objects: SymbolRegionRValue and SymbolConjured. This cleanup also makes the distinction between a SymbolicRegion and a symbolic value that is a location much clearer. A SymbolicRegion represents a chunk of symbolic memory, while a symbolic location is just a "pointer" with different possible values. Without any specific knowledge, a symbolic location resolves (i.e., via a dereference) to a SymbolicRegion. In the future, when we do better alias reasoning, a symbolic location can become an alias for another location, thus merging the constraints on the referred SymbolicRegion with the other region. llvm-svn: 62769
* Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object ↵Ted Kremenek2009-01-211-13/+13
| | | | | | called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore. llvm-svn: 62722
* Update some doxygen comments to be more rich. Remove ↵Ted Kremenek2009-01-071-16/+16
| | | | | | StoreManager::GetRegionSVal. llvm-svn: 61894
* Refactor MemRegionManager instance variable into parent class. No ↵Ted Kremenek2009-01-071-4/+2
| | | | | | functionality change. llvm-svn: 61888
* Use utility method.Zhongxing Xu2008-12-211-1/+1
| | | | llvm-svn: 61304
* Use utility methods. No functional change.Zhongxing Xu2008-12-211-10/+10
| | | | llvm-svn: 61300
* Remove unused function.Zhongxing Xu2008-12-211-6/+0
| | | | llvm-svn: 61299
* Lazy bingding for region-store manager.Zhongxing Xu2008-12-201-15/+41
| | | | | | | | | | | | | * Now Bind() methods take and return GRState* because binding could also alter GDM. * No variables are initialized except those declared with initial values. * failed C test cases are due to bugs in RemoveDeadBindings(), which removes constraints that is still alive. This will be fixed in later patch. * default value of array and struct regions will be implemented in later patch. llvm-svn: 61274
* MemRegion:Ted Kremenek2008-12-131-5/+24
| | | | | | | | | | | | | | | | | | | | | | - Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs. - Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts. StoreManager: - Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*. - BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes. - Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion(). AuditCFNumberCreate check: - Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion. GRExprEngine::VisitCast: - Conform to the new interface of StoreManager::CastRegion. Tests: - None of the analysis tests fail now for using the "basic store". - Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing. llvm-svn: 60995
* A series of cleanups/fixes motivated by <rdar://problem/6442306>:Ted Kremenek2008-12-131-6/+17
| | | | | | | | | | | | | | | | | | GRExprEngine (VisitCast): - When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored. MemRegion: - Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions. - Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region. - Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design. BasicStore: - Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion. RegionStore: - In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion. llvm-svn: 60990
* Fix to BasicStoreManager::getElementLValue: If the base region is a symbol, ↵Ted Kremenek2008-12-091-2/+13
| | | | | | layer an AnonTypedRegion on top of it. llvm-svn: 60808
* Have BasicStoreManager::getLValueElement() have logic similar to ↵Ted Kremenek2008-12-091-2/+37
| | | | | | BasicStoreManager::getLValueField() (i.e., don't just return the 'base' as the SVal) llvm-svn: 60795
* StoreManager::Retrieve and StoreManager::RemoveDeadBindings now take a ↵Ted Kremenek2008-12-051-10/+13
| | | | | | GRState* argument instead of a Store. This allows them to use the GDM for storing other data. llvm-svn: 60570
* Update comment.Ted Kremenek2008-12-041-0/+3
| | | | llvm-svn: 60520
* Use std::make_pair instead of std::pair's ctor.Zhongxing Xu2008-11-281-1/+1
| | | | llvm-svn: 60205
* Migrate some stuff from NamedDecl::getName() to Chris Lattner2008-11-241-1/+1
| | | | | | NamedDecl::getNameAsString() to make it more explicit. llvm-svn: 59937
* Enhance modularization: return a <state,loc> pair to let GRExprEngine modify theZhongxing Xu2008-11-161-3/+3
| | | | | | environment. llvm-svn: 59407
* Enhances SCA to process untyped region to typed region conversion.Zhongxing Xu2008-11-161-0/+6
| | | | | | | | | | | | - RegionView and RegionViewMap is introduced to assist back-mapping from super region to subregions. - GDM is used to carry RegionView information. - AnonTypedRegion is added to represent a typed region introduced by pointer casting. Later AnonTypedRegion can be used in other similar cases, e.g., malloc()'ed region. - The specific conversion is delegated to store manager. llvm-svn: 59382
* Use the allocator of ExplodedGraph. The whole static analysis module uses it.Zhongxing Xu2008-11-151-1/+4
| | | | llvm-svn: 59359
* StoreManager::BindDecl now takes an SVal* for the initialization value ↵Ted Kremenek2008-11-121-19/+8
| | | | | | instead of an Expr* (which can be null). Lazy symbolication of conjured symbols is now the sole responsibility of GRExprEngine. llvm-svn: 59151
* Finish the implementation of VisitCompoundLiteralExpr. As VisitInitListExpr is Zhongxing Xu2008-11-071-3/+10
| | | | | | | | | available, things get much simplified. One addition is that CompoundLiteralExpr can appear both in rvalue and lvalue context. llvm-svn: 58837
* Rename: AddDecl => BindDeclZhongxing Xu2008-10-291-6/+4
| | | | | | | | BindDecl better describes what the function does: - Bind the VarDecl to its memory region - Bind the memory region to some initial value. llvm-svn: 58359
OpenPOWER on IntegriCloud