summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/RegionStore.cpp
Commit message (Collapse)AuthorAgeFilesLines
* For now, return UnknownVal() in RegionStore::getElementsSize() for ↵Ted Kremenek2009-01-221-0/+10
| | | | | | AnonTypedRegions. It wasn't really doing the right thing and was crashing on rdar-6442306-1.m. This fix causes all path-sensitive test cases to pass with RegionStore. llvm-svn: 62816
* Add RegionStore support for the implicit object region that 'self' ↵Ted Kremenek2009-01-221-5/+24
| | | | | | references. This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore. llvm-svn: 62814
* Fix RegionStore::getLValueElement() to handle the case when the base region ↵Ted Kremenek2009-01-221-37/+50
| | | | | | | | is not an ElementRegion (also do some cleanups of its core logic). This gets array-struct.c to work with RegionStore. llvm-svn: 62781
* Static analyzer: Remove a bunch of outdated SymbolData objects andTed Kremenek2009-01-221-6/+3
| | | | | | | | | | | | | | | | | | | | their associated APIs. We no longer need separate SymbolData objects for fields, variables, etc. Instead, we now associated symbols with the "rvalue" of a MemRegion (i.e., the value stored at that region). Now we only have two kinds of SymbolData objects: SymbolRegionRValue and SymbolConjured. This cleanup also makes the distinction between a SymbolicRegion and a symbolic value that is a location much clearer. A SymbolicRegion represents a chunk of symbolic memory, while a symbolic location is just a "pointer" with different possible values. Without any specific knowledge, a symbolic location resolves (i.e., via a dereference) to a SymbolicRegion. In the future, when we do better alias reasoning, a symbolic location can become an alias for another location, thus merging the constraints on the referred SymbolicRegion with the other region. llvm-svn: 62769
* Combine two branches into one. No functionality change.Ted Kremenek2009-01-211-3/+1
| | | | llvm-svn: 62727
* Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object ↵Ted Kremenek2009-01-211-20/+15
| | | | | | called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore. llvm-svn: 62722
* Get RegionStore to work with the retain/release checker and its test cases.Ted Kremenek2009-01-211-20/+16
| | | | | | Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings). llvm-svn: 62667
* add a fixme.Zhongxing Xu2009-01-131-0/+2
| | | | llvm-svn: 62142
* Add KillStruct to region store. Zhongxing Xu2009-01-131-10/+62
| | | | | | | | - put the killed region in the kill set. - set its default value to unknown. - removes all bindings for its subregions. llvm-svn: 62138
* Invert condition on branch (was causing RegionStore::ArrayToPointer to ↵Ted Kremenek2009-01-131-1/+1
| | | | | | return 'unknown' on most cases. llvm-svn: 62129
* Refactor MemRegionManager instance variable into parent class. No ↵Ted Kremenek2009-01-071-4/+4
| | | | | | functionality change. llvm-svn: 61888
* Return UnknownVal in RegionStoreManager::getSizeInElements() for unsupported ↵Ted Kremenek2009-01-061-0/+1
| | | | | | regions. This silences a warning when compiling Release-Asserts builds. llvm-svn: 61818
* Add a bunch of comments and FIXMEs.Ted Kremenek2008-12-241-13/+90
| | | | llvm-svn: 61419
* set region default value if there are not enough init values for array and ↵Zhongxing Xu2008-12-241-5/+5
| | | | | | struct. llvm-svn: 61418
* Comment and fixup GDM entries for RegionStore to use unique 'tag classes' to ↵Ted Kremenek2008-12-241-40/+66
| | | | | | identify GDM entries. llvm-svn: 61409
* Lazy bingding for region-store manager.Zhongxing Xu2008-12-201-350/+183
| | | | | | | | | | | | | * Now Bind() methods take and return GRState* because binding could also alter GDM. * No variables are initialized except those declared with initial values. * failed C test cases are due to bugs in RemoveDeadBindings(), which removes constraints that is still alive. This will be fixed in later patch. * default value of array and struct regions will be implemented in later patch. llvm-svn: 61274
* Implement RegionStoreManager::Remove().Zhongxing Xu2008-12-161-6/+12
| | | | llvm-svn: 61069
* I think we should getRValueType here. The lvaluetype of an array region is ↵Zhongxing Xu2008-12-141-1/+1
| | | | | | 'pointer to array'. llvm-svn: 61003
* MemRegion:Ted Kremenek2008-12-131-33/+48
| | | | | | | | | | | | | | | | | | | | | | - Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs. - Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts. StoreManager: - Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*. - BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes. - Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion(). AuditCFNumberCreate check: - Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion. GRExprEngine::VisitCast: - Conform to the new interface of StoreManager::CastRegion. Tests: - None of the analysis tests fail now for using the "basic store". - Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing. llvm-svn: 60995
* A series of cleanups/fixes motivated by <rdar://problem/6442306>:Ted Kremenek2008-12-131-3/+13
| | | | | | | | | | | | | | | | | | GRExprEngine (VisitCast): - When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored. MemRegion: - Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions. - Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region. - Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design. BasicStore: - Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion. RegionStore: - In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion. llvm-svn: 60990
* Address some comments on the name lookup/DeclContext patch from ChrisDouglas Gregor2008-12-111-6/+5
| | | | llvm-svn: 60897
* Unifies the name-lookup mechanisms used in various parts of the ASTDouglas Gregor2008-12-111-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and separates lexical name lookup from qualified name lookup. In particular: * Make DeclContext the central data structure for storing and looking up declarations within existing declarations, e.g., members of structs/unions/classes, enumerators in C++0x enums, members of C++ namespaces, and (later) members of Objective-C interfaces/implementations. DeclContext uses a lazily-constructed data structure optimized for fast lookup (array for small contexts, hash table for larger contexts). * Implement C++ qualified name lookup in terms of lookup into DeclContext. * Implement C++ unqualified name lookup in terms of qualified+unqualified name lookup (since unqualified lookup is not purely lexical in C++!) * Limit the use of the chains of declarations stored in IdentifierInfo to those names declared lexically. * Eliminate CXXFieldDecl, collapsing its behavior into FieldDecl. (FieldDecl is now a ScopedDecl). * Make RecordDecl into a DeclContext and eliminates its Members/NumMembers fields (since one can just iterate through the DeclContext to get the fields). llvm-svn: 60878
* Rename SymbolID to SymbolRef. This is a precursor to some overhauling of ↵Ted Kremenek2008-12-051-1/+1
| | | | | | the representation of symbolic values. llvm-svn: 60575
* StoreManager::Retrieve and StoreManager::RemoveDeadBindings now take a ↵Ted Kremenek2008-12-051-19/+17
| | | | | | GRState* argument instead of a Store. This allows them to use the GDM for storing other data. llvm-svn: 60570
* Revamp RegionStoreManager::RemoveDeadBindings. This method now does a ↵Ted Kremenek2008-12-041-7/+131
| | | | | | complete mark-and-sweep of the store, removing dead regions and recording the set of live and dead symbols appropriately. llvm-svn: 60523
* Add comments.Zhongxing Xu2008-12-041-0/+6
| | | | llvm-svn: 60516
* Make RegionStoreManager::InitializeArray safe against array sizes that don't ↵Sebastian Redl2008-12-021-1/+2
| | | | | | | | have pointer width. This may be the case on 64-bit systems. Whether that fact is a bug is a different question, but it's easy to cure the symptom. llvm-svn: 60422
* Add support for initializing array with string literal.Zhongxing Xu2008-11-301-5/+30
| | | | | | | This fixes PR3127 http://llvm.org/bugs/show_bug.cgi?id=3127 llvm-svn: 60280
* To be consistent, make the index of the ElementRegion always signed.Zhongxing Xu2008-11-291-1/+1
| | | | llvm-svn: 60248
* Fix a serious bug.Zhongxing Xu2008-11-281-2/+3
| | | | | | | | | | | When initialized, the index of the ElementRegion was unsigned. But the index value of the ArraySubscriptExpr is signed. This inconsistency caused the value of the array element retrieved to be UnknownVal despite it was initialized to symbolic. This is only a hack. Real fix of this problem is required. llvm-svn: 60207
* Use std::make_pair instead of std::pair's ctor.Zhongxing Xu2008-11-281-3/+2
| | | | llvm-svn: 60205
* RegionViewMap factory is actually not used. All GDMs should use factories fromZhongxing Xu2008-11-271-2/+0
| | | | | | GDMContext. llvm-svn: 60150
* Fix the fix of revision 59974. Now array-struct.c passes too.Sebastian Redl2008-11-241-1/+2
| | | | llvm-svn: 59975
* Fix crash of array bounds checking under 64-bit.Sebastian Redl2008-11-241-3/+6
| | | | | | There might be other, similar bugs lurking there. llvm-svn: 59974
* Add support for AllocaRegion extent with GDM.Zhongxing Xu2008-11-241-5/+56
| | | | | | | | | | | | One design problem that is emerging is the signed-ness problem during static analysis. Many unsigned value have to be converted into signed value because it partipates in operations with signed values. On the other hand, we cannot blindly make all values occuring in static analysis signed, because we do have cases where unsignedness is required, for example, integer overflow detection. llvm-svn: 59957
* Strings are NULL terminated. So the region size should plus one.Zhongxing Xu2008-11-241-1/+1
| | | | llvm-svn: 59943
* Add a comment about the signedness.Zhongxing Xu2008-11-241-0/+2
| | | | llvm-svn: 59932
* Add getSize() support for StringRegion.Zhongxing Xu2008-11-241-3/+2
| | | | llvm-svn: 59930
* Clean up code by using utility methods.Zhongxing Xu2008-11-231-11/+7
| | | | llvm-svn: 59899
* Remove debug code.Zhongxing Xu2008-11-221-1/+1
| | | | llvm-svn: 59870
* Initial support for checking out of bound memory access. Only support Zhongxing Xu2008-11-221-0/+36
| | | | | | ConcreteInt index for now. llvm-svn: 59869
* Add support for symbolicating global structs and arrays in ↵Zhongxing Xu2008-11-191-1/+78
| | | | | | RegionStoreManager::getInitialStore(). llvm-svn: 59619
* Fix warning about RegionStoreManager::Retrieve() not always returning a value.Ted Kremenek2008-11-191-1/+1
| | | | llvm-svn: 59571
* handle the case that the array element is of structure type when bind the ↵Zhongxing Xu2008-11-181-1/+4
| | | | | | whole array to a single value (for example, UnknownVal, UndefinedVal). llvm-svn: 59521
* Enhance modularization: return a <state,loc> pair to let GRExprEngine modify theZhongxing Xu2008-11-161-10/+8
| | | | | | environment. llvm-svn: 59407
* Enhances SCA to process untyped region to typed region conversion.Zhongxing Xu2008-11-161-1/+67
| | | | | | | | | | | | - RegionView and RegionViewMap is introduced to assist back-mapping from super region to subregions. - GDM is used to carry RegionView information. - AnonTypedRegion is added to represent a typed region introduced by pointer casting. Later AnonTypedRegion can be used in other similar cases, e.g., malloc()'ed region. - The specific conversion is delegated to store manager. llvm-svn: 59382
* Improve zero value generation.Zhongxing Xu2008-11-151-2/+1
| | | | llvm-svn: 59356
* Process array base expression of any type.Zhongxing Xu2008-11-131-0/+8
| | | | llvm-svn: 59240
* Array index might be unsigned. We have to generate a temporary signed value forZhongxing Xu2008-11-131-0/+12
| | | | | | it to be evaluated by APSInt::operators. llvm-svn: 59238
* Incomplete struct pointer can be used as a function argument.Zhongxing Xu2008-11-131-1/+7
| | | | llvm-svn: 59235
OpenPOWER on IntegriCloud