summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/RegionStore.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix failure reported by Sebastian of test/Analysis/ptr-arith.c when the targetTed Kremenek2009-03-131-6/+7
| | | | | | | | | | is 64-bit. I used his suggestion of doing a direct bitwidth/signedness conversion of the 'offset' instead of just changing the sign. For more information, see: http://lists.cs.uiuc.edu/pipermail/cfe-dev/2009-March/004587.html llvm-svn: 66892
* Use getAsRecordType() to get around sugar types.Zhongxing Xu2009-03-121-1/+1
| | | | llvm-svn: 66768
* Do not stipulate the record type is a definition in BindStruct().Zhongxing Xu2009-03-111-1/+3
| | | | llvm-svn: 66654
* Fix crash when LHS of pointer arithmetic is not ElementRegion.Zhongxing Xu2009-03-111-3/+15
| | | | llvm-svn: 66649
* RegionStore::getLValueElement: Handle the case where the signedness of theTed Kremenek2009-03-111-2/+6
| | | | | | | | offset may be different that the base. Ultimately we need a better solution for these issues, but this point-by-point fixes are gradually outlining the scope of the problem. llvm-svn: 66638
* RegionStore::getElementLValue(): Handle the case where the base is a null ↵Ted Kremenek2009-03-091-1/+5
| | | | | | pointer. llvm-svn: 66486
* Only track integer and pointer values.Zhongxing Xu2009-03-091-2/+5
| | | | llvm-svn: 66419
* Now we do not retrieve untyped regions.Zhongxing Xu2009-03-091-8/+7
| | | | llvm-svn: 66418
* Fix a serious bug in RegionStore: we got the new state with new store fromZhongxing Xu2009-03-091-4/+2
| | | | | | Bind() and BindStruct(), but we returned a state with the old store. llvm-svn: 66409
* Add initial support for tracking ivars, with special handling for ivars of ↵Ted Kremenek2009-03-051-8/+33
| | | | | | 'self'. llvm-svn: 66133
* RegionStore: Handle implicit parameters.Ted Kremenek2009-03-041-3/+5
| | | | llvm-svn: 65987
* RegionStore::RemoveDeadBindings needs to check all the symbols of the super ↵Ted Kremenek2009-03-041-0/+20
| | | | | | region of a scanned region as well. llvm-svn: 65981
* Don't use std::auto_ptr with getSubRegionMap().Ted Kremenek2009-03-031-4/+3
| | | | llvm-svn: 65957
* Implement FIXME: GRStateManager::scanReachableSymbols now supports scanning ↵Ted Kremenek2009-03-031-8/+9
| | | | | | MemRegions. llvm-svn: 65919
* Add StoreManager::getSubRegionMap(). This method returns an opaque mapping ↵Ted Kremenek2009-03-031-0/+45
| | | | | | for clients of StoreManagers from MemRegions to their subregions. llvm-svn: 65914
* remove an implemented fixme.Zhongxing Xu2009-03-021-2/+0
| | | | llvm-svn: 65817
* Initial support for pointer arithmetic. Only support concrete indexes and Zhongxing Xu2009-03-021-0/+29
| | | | | | offsets for now. llvm-svn: 65814
* Rename AnonTypedRegion to TypedViewRegion.Ted Kremenek2009-03-011-3/+3
| | | | llvm-svn: 65764
* Fix <rdar://problem/6611677>: Add basic transfer function support in the staticTed Kremenek2009-02-241-2/+8
| | | | | | | | | analyzer for array subscript expressions involving bases that are vectors. This solution is probably a hack: it gets the lvalue of the vector instead of an rvalue like all other types. This should be reviewed (big FIXME in GRExprEngine). llvm-svn: 65366
* Add an example in comments.Zhongxing Xu2009-02-201-1/+6
| | | | llvm-svn: 65110
* only track integer and pointer values for now.Zhongxing Xu2009-02-191-2/+7
| | | | llvm-svn: 65041
* Convert the offset to signed before making an ElementRegion with it. It seemsZhongxing Xu2009-02-191-1/+11
| | | | | | | that this problem arises from time to time. We should find a fundamental solution for it. llvm-svn: 65035
* SymbolicRegions really have unknown sizes.Zhongxing Xu2009-02-061-3/+1
| | | | llvm-svn: 63929
* Create ElementRegion when the base is SymbolicRegion. This is like what we doZhongxing Xu2009-02-061-3/+14
| | | | | | | | | for FieldRegion. This enables us to track more values. Simplify SymbolicRegion::getRValueType(). We assume the symbol always has pointer type. llvm-svn: 63928
* Make SymbolicRegion subclass TypedRegion, for symbols usually have types, so Zhongxing Xu2009-02-051-2/+4
| | | | | | | | | | | | | | do the symblic regions associated with them and we need them to be typed. Current SymbolicRegion::getRValueType() method is very restricting. It may be modified when we are more clear about what could be the types of symblic regions. BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a subclass of SubRegion. llvm-svn: 63844
* Fix a couple bugs:Ted Kremenek2009-01-301-11/+18
| | | | | | | | | | | | | | - NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting ASTContext for the size (in bits) of 'int'. While it worked, it was a conflation of concepts and using ASTContext.IntTy is 100% correct. - RegionStore::getSizeInElements() no longer assumes that a VarRegion has the type "ConstantArray", and handles the case when uses use ordinary variables as if they were arrays. - Fixed ElementRegion::getRValueType() to just return the rvalue type of its "array region" in the case the array didn't have ArrayType. - All of this fixes <rdar://problem/6541136> llvm-svn: 63347
* Correct size assumption; fixes a crash on amd64.Sebastian Redl2009-01-261-1/+2
| | | | llvm-svn: 63031
* Implement retrieval of the default value of element and field regions.Zhongxing Xu2009-01-231-0/+9
| | | | llvm-svn: 62847
* Now this comment should be resolved. See the comments for the KillSet.Zhongxing Xu2009-01-231-6/+0
| | | | llvm-svn: 62846
* For now, return UnknownVal() in RegionStore::getElementsSize() for ↵Ted Kremenek2009-01-221-0/+10
| | | | | | AnonTypedRegions. It wasn't really doing the right thing and was crashing on rdar-6442306-1.m. This fix causes all path-sensitive test cases to pass with RegionStore. llvm-svn: 62816
* Add RegionStore support for the implicit object region that 'self' ↵Ted Kremenek2009-01-221-5/+24
| | | | | | references. This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore. llvm-svn: 62814
* Fix RegionStore::getLValueElement() to handle the case when the base region ↵Ted Kremenek2009-01-221-37/+50
| | | | | | | | is not an ElementRegion (also do some cleanups of its core logic). This gets array-struct.c to work with RegionStore. llvm-svn: 62781
* Static analyzer: Remove a bunch of outdated SymbolData objects andTed Kremenek2009-01-221-6/+3
| | | | | | | | | | | | | | | | | | | | their associated APIs. We no longer need separate SymbolData objects for fields, variables, etc. Instead, we now associated symbols with the "rvalue" of a MemRegion (i.e., the value stored at that region). Now we only have two kinds of SymbolData objects: SymbolRegionRValue and SymbolConjured. This cleanup also makes the distinction between a SymbolicRegion and a symbolic value that is a location much clearer. A SymbolicRegion represents a chunk of symbolic memory, while a symbolic location is just a "pointer" with different possible values. Without any specific knowledge, a symbolic location resolves (i.e., via a dereference) to a SymbolicRegion. In the future, when we do better alias reasoning, a symbolic location can become an alias for another location, thus merging the constraints on the referred SymbolicRegion with the other region. llvm-svn: 62769
* Combine two branches into one. No functionality change.Ted Kremenek2009-01-211-3/+1
| | | | llvm-svn: 62727
* Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object ↵Ted Kremenek2009-01-211-20/+15
| | | | | | called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore. llvm-svn: 62722
* Get RegionStore to work with the retain/release checker and its test cases.Ted Kremenek2009-01-211-20/+16
| | | | | | Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings). llvm-svn: 62667
* add a fixme.Zhongxing Xu2009-01-131-0/+2
| | | | llvm-svn: 62142
* Add KillStruct to region store. Zhongxing Xu2009-01-131-10/+62
| | | | | | | | - put the killed region in the kill set. - set its default value to unknown. - removes all bindings for its subregions. llvm-svn: 62138
* Invert condition on branch (was causing RegionStore::ArrayToPointer to ↵Ted Kremenek2009-01-131-1/+1
| | | | | | return 'unknown' on most cases. llvm-svn: 62129
* Refactor MemRegionManager instance variable into parent class. No ↵Ted Kremenek2009-01-071-4/+4
| | | | | | functionality change. llvm-svn: 61888
* Return UnknownVal in RegionStoreManager::getSizeInElements() for unsupported ↵Ted Kremenek2009-01-061-0/+1
| | | | | | regions. This silences a warning when compiling Release-Asserts builds. llvm-svn: 61818
* Add a bunch of comments and FIXMEs.Ted Kremenek2008-12-241-13/+90
| | | | llvm-svn: 61419
* set region default value if there are not enough init values for array and ↵Zhongxing Xu2008-12-241-5/+5
| | | | | | struct. llvm-svn: 61418
* Comment and fixup GDM entries for RegionStore to use unique 'tag classes' to ↵Ted Kremenek2008-12-241-40/+66
| | | | | | identify GDM entries. llvm-svn: 61409
* Lazy bingding for region-store manager.Zhongxing Xu2008-12-201-350/+183
| | | | | | | | | | | | | * Now Bind() methods take and return GRState* because binding could also alter GDM. * No variables are initialized except those declared with initial values. * failed C test cases are due to bugs in RemoveDeadBindings(), which removes constraints that is still alive. This will be fixed in later patch. * default value of array and struct regions will be implemented in later patch. llvm-svn: 61274
* Implement RegionStoreManager::Remove().Zhongxing Xu2008-12-161-6/+12
| | | | llvm-svn: 61069
* I think we should getRValueType here. The lvaluetype of an array region is ↵Zhongxing Xu2008-12-141-1/+1
| | | | | | 'pointer to array'. llvm-svn: 61003
* MemRegion:Ted Kremenek2008-12-131-33/+48
| | | | | | | | | | | | | | | | | | | | | | - Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs. - Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts. StoreManager: - Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*. - BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes. - Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion(). AuditCFNumberCreate check: - Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion. GRExprEngine::VisitCast: - Conform to the new interface of StoreManager::CastRegion. Tests: - None of the analysis tests fail now for using the "basic store". - Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing. llvm-svn: 60995
* A series of cleanups/fixes motivated by <rdar://problem/6442306>:Ted Kremenek2008-12-131-3/+13
| | | | | | | | | | | | | | | | | | GRExprEngine (VisitCast): - When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored. MemRegion: - Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions. - Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region. - Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design. BasicStore: - Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion. RegionStore: - In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion. llvm-svn: 60990
* Address some comments on the name lookup/DeclContext patch from ChrisDouglas Gregor2008-12-111-6/+5
| | | | llvm-svn: 60897
OpenPOWER on IntegriCloud