summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/RegionStore.cpp
Commit message (Collapse)AuthorAgeFilesLines
* * Do the same thing to the basicstore as in r84163.Zhongxing Xu2009-11-161-4/+8
| | | | | | | | | | * Add a load type to GRExprEngine::EvalLoad(). * When retrieve from 'theValue' of OSAtomic funcitions, use the type of the region instead of the argument expression as the load type. * Then we can convert CastRetrievedSVal to a pure assertion. In the future we can let all Retrieve() methods simply return SVal. llvm-svn: 88888
* Make StoreManager::getSizeInElements() always return DefinedOrUnknownSVal.Zhongxing Xu2009-11-121-3/+4
| | | | llvm-svn: 86932
* Rename: StripCasts describes what it does better. Zhongxing Xu2009-11-101-1/+1
| | | | | | getBaseRegion will be used in another method. llvm-svn: 86649
* Fix clang's use of DenseMap iterators after r86636 fixed their constness.Jeffrey Yasskin2009-11-101-1/+1
| | | | | | Patch by Victor Zverovich! llvm-svn: 86638
* Make sure that Type::getAs<ArrayType>() (or Type::getAs<subclass ofDouglas Gregor2009-11-091-1/+1
| | | | | | | ArrayType>()) does not instantiate. Update all callers that used this unsafe feature to use the appropriate ASTContext::getAs*ArrayType method. llvm-svn: 86596
* Refactor StoreManager::BindDecl() to take a VarRegion* instead of a ↵Ted Kremenek2009-11-041-8/+6
| | | | | | VarDecl*, and modify GRExprEngine::EvalBind() to handle decl initialization as well. This paves the way for adding "checker" visitation in EvalBind(). llvm-svn: 85983
* Fix an insidious bug in RegionStore::RemoveDeadBindings() pointed outTed Kremenek2009-10-291-2/+23
| | | | | | | | by Zhongxing Xu. RemoveDeadBindings() would falsely prune SymbolicRegions from the store that wrapped derived symbols whose liveness could only be determined after scanning the store. llvm-svn: 85484
* RegionStore: Use the *default* binding (instead of the *direct* binding) of ↵Ted Kremenek2009-10-201-3/+3
| | | | | | | | | | an Objective-C object region when doing lazy value retrieval of an ivar. This fixes: <rdar://problem/7312221> llvm-svn: 84584
* use DenseSet instead of SmallSet.Zhongxing Xu2009-10-181-2/+2
| | | | llvm-svn: 84398
* Minor cleanup: move typedef out of anonymous namespace (which now contains ↵Ted Kremenek2009-10-171-4/+2
| | | | | | nothing) and into RemoveDeadBindings. No functionality change. llvm-svn: 84335
* Per discussion with Ted, the 'FromSuper'/'FromSub' logic is invalid. SimplifyZhongxing Xu2009-10-171-72/+33
| | | | | | | the code to standard worklist algorithm. Always add both sub and super regions of live regions. llvm-svn: 84323
* Actually all regions whose super region is not MemSpaceRegion are of these 3Zhongxing Xu2009-10-171-5/+4
| | | | | | kinds. This means we are visiting all regions 'from super region'. llvm-svn: 84319
* retain/release checker: Stop tracking reference counts for any symbols ↵Ted Kremenek2009-10-161-4/+18
| | | | | | | | touched by StoreManager::InvalidateRegion(). This fixes <rdar://problem/7257223> and <rdar://problem/7283470>. llvm-svn: 84223
* Per an astute observation from Zhongxing Xu, remove a "special case" logic inTed Kremenek2009-10-151-22/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RegionStoreManager::Retrieve() that was intended to handle conflated uses of pointers as integers. It turns out this isn't needed, and resulted in inconsistent behavior when creating symbolic values on the following test case in 'tests/Analysis/misc-ps.m': typedef struct _BStruct { void *grue; } BStruct; void testB_aux(void *ptr); void testB(BStruct *b) { { int *__gruep__ = ((int *)&((b)->grue)); int __gruev__ = *__gruep__; testB_aux(__gruep__); } { int *__gruep__ = ((int *)&((b)->grue)); int __gruev__ = *__gruep__; if (~0 != __gruev__) {} } } When the code was analyzed with '-arch x86_64', the value assigned to '__gruev__' be would be a symbolic integer, but for '-arch i386' the value assigned to '__gruev__' would be a symbolic region (a blob of memory). With this change the value created is always a symbolic integer. Since the code being removed was added to support analysis of code calling OSAtomicCompareAndSwapXXX(), I also modified 'test/Analysis/NSString.m' to analyze the code in both '-arch i386' and '-arch x86_64', and also added some complementary test cases to test the presence of leaks when using OSAtomicCompareAndSwap32Barrier()/OSAtomicCompareAndSwap64Barrier() instead of just their absence. This code change reveals that previously both RegionStore and BasicStore were handling these cases wrong, and would never cause the analyzer to emit a leak in these cases (false negatives). Now RegionStore gets it right, but BasicStore still gets it wrong (and hence it has been disabled temporarily for this test case). llvm-svn: 84163
* * Remove unused GRState* parameterZhongxing Xu2009-10-141-25/+18
| | | | | | * Make all Base value the last argument. llvm-svn: 84071
* Add an initial implementation of EnterStackFrame() to the StoreManager.Zhongxing Xu2009-10-131-0/+22
| | | | llvm-svn: 83934
* Introduces a new BindingVal which combines direct andZhongxing Xu2009-10-111-190/+165
| | | | | | | | default binding for regions. This allows us to simply a lot of code. A further simplification could be done is that many methods of regionstore can only work on Store instead of GRState. llvm-svn: 83762
* Make the behavior explicit by not using the method call.Zhongxing Xu2009-10-091-2/+2
| | | | llvm-svn: 83611
* Remove unused code.Zhongxing Xu2009-10-091-7/+0
| | | | llvm-svn: 83610
* Fix: <rdar://problem/7275774> Static analyzer warns about NULL pointer whenTed Kremenek2009-10-061-10/+23
| | | | | | | | | | | | | | | | | adding assert This fix required a few changes: SimpleSValuator: - Eagerly replace a symbolic value with its constant value in EvalBinOpNN when it is constrained to a constant. This allows us to better constant fold values along a path. - Handle trivial case of '<', '>' comparison of pointers when the two pointers are exactly the same. RegionStoreManager: llvm-svn: 83358
* Desugaring optimizations. Add single-step desugaring methods to allJohn McCall2009-09-291-1/+1
| | | | | | | | | concrete types. Use unqualified desugaring for getAs<> and sundry. Fix a few users to either not desugar or use qualified desugar, as seemed appropriate. Removed Type's qualified desugar method, as it was easy to accidentally use instead of QualType's. llvm-svn: 83116
* Fix: <rdar://problem/7261075> [RegionStore] crash when handling load: ↵Ted Kremenek2009-09-291-1/+8
| | | | | | | | '*((unsigned int *)"????")' This issue was originally reported via personal email by Thomas Clement! llvm-svn: 83069
* Fix really insidious bug in RegionStoreManager::RemoveDeadBindings()Ted Kremenek2009-09-291-155/+161
| | | | | | | | | | identified with a false positive reported by Thomas Clement. This involved doing another rewrite of RegionStoreManager::RemoveDeadBindings(), which phrases the entire problem of scanning for dead regions as a graph exploration problem. It is more methodic than the previous implementation. llvm-svn: 83053
* Reapply most of r82939, but add a guard that FieldRegions and friendsTed Kremenek2009-09-291-4/+9
| | | | | | | | | are only specially treated by RegionStore::InvalidateRegion() when their super region is also invalidated. When this isn't the case, conjure a new symbol for a FieldRegion. Thanks to Zhongxing Xu and Daniel Dunbar for pointing out this issue. llvm-svn: 83043
* Revert r82939. We can only not special case FieldRegions when the super ↵Ted Kremenek2009-09-291-9/+5
| | | | | | region has also been invalidated. llvm-svn: 83040
* Specially handle fields, elements, and ivars inTed Kremenek2009-09-271-5/+9
| | | | | | | RegionStoreManager::InvalidateRegion() by only removing their old binding, not conjuring a new symbol. llvm-svn: 82939
* Add FIXME comment.Ted Kremenek2009-09-271-0/+4
| | | | llvm-svn: 82924
* Fix:Ted Kremenek2009-09-271-52/+81
| | | | | | | | | | | | | | | | <rdar://problem/6914474> checker doesn't realize that variable might have been assigned if a pointer to that variable was passed to another function via a structure The problem here was the RegionStoreManager::InvalidateRegion didn't invalidate the bindings of invalidated regions. This required a rewrite of this method using a worklist. As part of this fix, changed ValueManager::getConjuredSymbolVal() to require a 'void*' SymbolTag argument. This tag is used to differentiate two different symbols created at the same location. llvm-svn: 82920
* Fix crash in RegionStoreManager::Bind() by using 'getAs<PointerType>()' ↵Ted Kremenek2009-09-241-1/+1
| | | | | | instead of 'cast<PointerType>()' (to handle pointer typedefs). llvm-svn: 82686
* Fix: <rdar://problem/7249340> [RegionStore] model stores to symbolic ↵Ted Kremenek2009-09-241-6/+22
| | | | | | | | | | parameter regions The issue was a discrepancy between how RegionStoreManager::Bind() and RegionStoreManager::Retrieve() derived the "key" for the first element of a symbolic region. llvm-svn: 82680
* Fix: <rdar://problem/7242006> [RegionStore] compound literal assignment with ↵Ted Kremenek2009-09-221-4/+5
| | | | | | floats not honored llvm-svn: 82575
* Change all the Type::getAsFoo() methods to specializations of Type::getAs().John McCall2009-09-211-1/+1
| | | | | | | | | | | Several of the existing methods were identical to their respective specializations, and so have been removed entirely. Several more 'leaf' optimizations were introduced. The getAsFoo() methods which imposed extra conditions, like getAsObjCInterfacePointerType(), have been left in place. llvm-svn: 82501
* Provide intermediate solution to handling assignments to structs via anTed Kremenek2009-09-211-0/+4
| | | | | | | | integer pointer. For now just invalidate the fields of the struct. This addresses: <rdar://problem/7185607> [RegionStore] support invalidation of bit fields using integer assignment llvm-svn: 82492
* Remove tabs, and whitespace cleanups.Mike Stump2009-09-091-252/+252
| | | | llvm-svn: 81346
* Fix buffer overflow reported in PR 4903.Ted Kremenek2009-09-051-5/+8
| | | | llvm-svn: 81092
* Handle pointer arithmetic in RegionStoreManager involving Objective-C pointersTed Kremenek2009-08-251-2/+8
| | | | | | when using the non-fragile Objective-C ABI. This fixes <rdar://problem/7168531>. llvm-svn: 80047
* Fix crash reported in <rdar://problem/7124210> by "back-porting" some of theTed Kremenek2009-08-251-14/+0
| | | | | | | implicit cast logic in RegionStoreManager to BasicStoreManager. This involved moving CastRetriedVal from RegionStoreManager to StoreManager. llvm-svn: 80026
* Remove 'SelfRegion' field from both BasicStoreManager and RegionStoreManager.Ted Kremenek2009-08-211-36/+3
| | | | | | | | | | | | | | | | | | SelfRegion represented the object bound to 'self' (when analyzing Objective-C methods) upon entry to a method. Having this region stored on the side ignores the current stack frame that we might be analyzing (among other things), and is a problem for interprocedural analysis. For RegionStoreManager, the value for SelfRegion is just lazily created. For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but no explicit tracking of SelfRegion on the side is made. As part of this change, remove the restriction in BasicStoreManager that we only track ivars for 'self'. This shouldn't actually change anything in terms of precision, and simplifies the logic. llvm-svn: 79694
* Add LocationContext* field to VarRegion. This is needed for interprocedural ↵Ted Kremenek2009-08-211-12/+18
| | | | | | analysis. llvm-svn: 79680
* Eagerly bind 'self' to SelfRegion. Thus we do not need to get code decl fromZhongxing Xu2009-08-211-19/+25
| | | | | | GRStateManager to create the SelfRegion. llvm-svn: 79628
* To make the analysis independent on the locally stored liveness and cfgZhongxing Xu2009-08-171-1/+3
| | | | | | | of GRStateManager and GRExprEngine, pass the initial location context to the getInitialState() method. llvm-svn: 79228
* Fix a few more false positives involving RegionStore and unions, but this timeTed Kremenek2009-08-061-85/+55
| | | | | | | with array accesses. In the process, refactor some common logic in RetrieveElement() and RetrieveField() into RetrieveFieldOrElementCommon(). llvm-svn: 78349
* Fix a couple false positive "uninitialized value" warnings with RegionStoreTed Kremenek2009-08-061-1/+22
| | | | | | involving reasoning about unions (which we don't handle yet). llvm-svn: 78342
* I have a dream, one day, we won't need to do this.Mike Stump2009-08-061-0/+1
| | | | llvm-svn: 78305
* Refactor RegionStoreManager::RemoveDeadBindings to also scan the bindings of ↵Ted Kremenek2009-08-061-93/+154
| | | | | | LazyCompoundSVals. llvm-svn: 78284
* Remove unimplemented methods 'AddRegionView' and 'RemoveRegionView'. They ↵Ted Kremenek2009-08-061-10/+0
| | | | | | are no longer needed. llvm-svn: 78280
* Completely remove the code using region cast.Zhongxing Xu2009-08-061-59/+0
| | | | llvm-svn: 78273
* Implement lazy "copying" of structures and arrays in RegionStore. WhileTed Kremenek2009-08-061-37/+168
| | | | | | | | | | | | | | | | RegionStore already lazily abstracted the contents of arrays and structs, when doing an assignment from one array/struct to another we did an explicit element-wise copy, which resulted in a loss of laziness and huge performance problem when analyzing many code bases. Now RegionStoreManager handles such assignments using a new SVal could 'LazyCompoundSVal', which basically means the value of a given struct or array (a MemRegion*) in a specific state (GRState). When we do a load from a field whose encompassing struct binds to a LazyCompoundSVal, we essentially do a field lookup in the original structure. This means we have essentially zero copying of data for structs/arrays and everything stays lazy. llvm-svn: 78268
* Use feedback from RegionStoreSubRegionMap::add() to prune off adding a superTed Kremenek2009-08-051-7/+11
| | | | | | region to the worklist used to create the subregion map. llvm-svn: 78228
* Fix a bug in RegionStoreSubRegionManager::add() where multiple subregions ↵Ted Kremenek2009-08-051-2/+4
| | | | | | wouldn't correctly get registered in the SubRegion map. llvm-svn: 78162
OpenPOWER on IntegriCloud