summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/RegionStore.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* Initial support for pointer arithmetic. Only support concrete indexes and Zhongxing Xu2009-03-021-0/+29
| | | | | | offsets for now. llvm-svn: 65814
* Rename AnonTypedRegion to TypedViewRegion.Ted Kremenek2009-03-011-3/+3
| | | | llvm-svn: 65764
* Fix <rdar://problem/6611677>: Add basic transfer function support in the staticTed Kremenek2009-02-241-2/+8
| | | | | | | | | analyzer for array subscript expressions involving bases that are vectors. This solution is probably a hack: it gets the lvalue of the vector instead of an rvalue like all other types. This should be reviewed (big FIXME in GRExprEngine). llvm-svn: 65366
* Add an example in comments.Zhongxing Xu2009-02-201-1/+6
| | | | llvm-svn: 65110
* only track integer and pointer values for now.Zhongxing Xu2009-02-191-2/+7
| | | | llvm-svn: 65041
* Convert the offset to signed before making an ElementRegion with it. It seemsZhongxing Xu2009-02-191-1/+11
| | | | | | | that this problem arises from time to time. We should find a fundamental solution for it. llvm-svn: 65035
* SymbolicRegions really have unknown sizes.Zhongxing Xu2009-02-061-3/+1
| | | | llvm-svn: 63929
* Create ElementRegion when the base is SymbolicRegion. This is like what we doZhongxing Xu2009-02-061-3/+14
| | | | | | | | | for FieldRegion. This enables us to track more values. Simplify SymbolicRegion::getRValueType(). We assume the symbol always has pointer type. llvm-svn: 63928
* Make SymbolicRegion subclass TypedRegion, for symbols usually have types, so Zhongxing Xu2009-02-051-2/+4
| | | | | | | | | | | | | | do the symblic regions associated with them and we need them to be typed. Current SymbolicRegion::getRValueType() method is very restricting. It may be modified when we are more clear about what could be the types of symblic regions. BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a subclass of SubRegion. llvm-svn: 63844
* Fix a couple bugs:Ted Kremenek2009-01-301-11/+18
| | | | | | | | | | | | | | - NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting ASTContext for the size (in bits) of 'int'. While it worked, it was a conflation of concepts and using ASTContext.IntTy is 100% correct. - RegionStore::getSizeInElements() no longer assumes that a VarRegion has the type "ConstantArray", and handles the case when uses use ordinary variables as if they were arrays. - Fixed ElementRegion::getRValueType() to just return the rvalue type of its "array region" in the case the array didn't have ArrayType. - All of this fixes <rdar://problem/6541136> llvm-svn: 63347
* Correct size assumption; fixes a crash on amd64.Sebastian Redl2009-01-261-1/+2
| | | | llvm-svn: 63031
* Implement retrieval of the default value of element and field regions.Zhongxing Xu2009-01-231-0/+9
| | | | llvm-svn: 62847
* Now this comment should be resolved. See the comments for the KillSet.Zhongxing Xu2009-01-231-6/+0
| | | | llvm-svn: 62846
* For now, return UnknownVal() in RegionStore::getElementsSize() for ↵Ted Kremenek2009-01-221-0/+10
| | | | | | AnonTypedRegions. It wasn't really doing the right thing and was crashing on rdar-6442306-1.m. This fix causes all path-sensitive test cases to pass with RegionStore. llvm-svn: 62816
* Add RegionStore support for the implicit object region that 'self' ↵Ted Kremenek2009-01-221-5/+24
| | | | | | references. This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore. llvm-svn: 62814
* Fix RegionStore::getLValueElement() to handle the case when the base region ↵Ted Kremenek2009-01-221-37/+50
| | | | | | | | is not an ElementRegion (also do some cleanups of its core logic). This gets array-struct.c to work with RegionStore. llvm-svn: 62781
* Static analyzer: Remove a bunch of outdated SymbolData objects andTed Kremenek2009-01-221-6/+3
| | | | | | | | | | | | | | | | | | | | their associated APIs. We no longer need separate SymbolData objects for fields, variables, etc. Instead, we now associated symbols with the "rvalue" of a MemRegion (i.e., the value stored at that region). Now we only have two kinds of SymbolData objects: SymbolRegionRValue and SymbolConjured. This cleanup also makes the distinction between a SymbolicRegion and a symbolic value that is a location much clearer. A SymbolicRegion represents a chunk of symbolic memory, while a symbolic location is just a "pointer" with different possible values. Without any specific knowledge, a symbolic location resolves (i.e., via a dereference) to a SymbolicRegion. In the future, when we do better alias reasoning, a symbolic location can become an alias for another location, thus merging the constraints on the referred SymbolicRegion with the other region. llvm-svn: 62769
* Combine two branches into one. No functionality change.Ted Kremenek2009-01-211-3/+1
| | | | llvm-svn: 62727
* Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object ↵Ted Kremenek2009-01-211-20/+15
| | | | | | called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore. llvm-svn: 62722
* Get RegionStore to work with the retain/release checker and its test cases.Ted Kremenek2009-01-211-20/+16
| | | | | | Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings). llvm-svn: 62667
* add a fixme.Zhongxing Xu2009-01-131-0/+2
| | | | llvm-svn: 62142
* Add KillStruct to region store. Zhongxing Xu2009-01-131-10/+62
| | | | | | | | - put the killed region in the kill set. - set its default value to unknown. - removes all bindings for its subregions. llvm-svn: 62138
* Invert condition on branch (was causing RegionStore::ArrayToPointer to ↵Ted Kremenek2009-01-131-1/+1
| | | | | | return 'unknown' on most cases. llvm-svn: 62129
* Refactor MemRegionManager instance variable into parent class. No ↵Ted Kremenek2009-01-071-4/+4
| | | | | | functionality change. llvm-svn: 61888
* Return UnknownVal in RegionStoreManager::getSizeInElements() for unsupported ↵Ted Kremenek2009-01-061-0/+1
| | | | | | regions. This silences a warning when compiling Release-Asserts builds. llvm-svn: 61818
* Add a bunch of comments and FIXMEs.Ted Kremenek2008-12-241-13/+90
| | | | llvm-svn: 61419
* set region default value if there are not enough init values for array and ↵Zhongxing Xu2008-12-241-5/+5
| | | | | | struct. llvm-svn: 61418
* Comment and fixup GDM entries for RegionStore to use unique 'tag classes' to ↵Ted Kremenek2008-12-241-40/+66
| | | | | | identify GDM entries. llvm-svn: 61409
* Lazy bingding for region-store manager.Zhongxing Xu2008-12-201-350/+183
| | | | | | | | | | | | | * Now Bind() methods take and return GRState* because binding could also alter GDM. * No variables are initialized except those declared with initial values. * failed C test cases are due to bugs in RemoveDeadBindings(), which removes constraints that is still alive. This will be fixed in later patch. * default value of array and struct regions will be implemented in later patch. llvm-svn: 61274
* Implement RegionStoreManager::Remove().Zhongxing Xu2008-12-161-6/+12
| | | | llvm-svn: 61069
* I think we should getRValueType here. The lvaluetype of an array region is ↵Zhongxing Xu2008-12-141-1/+1
| | | | | | 'pointer to array'. llvm-svn: 61003
* MemRegion:Ted Kremenek2008-12-131-33/+48
| | | | | | | | | | | | | | | | | | | | | | - Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs. - Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts. StoreManager: - Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*. - BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes. - Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion(). AuditCFNumberCreate check: - Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion. GRExprEngine::VisitCast: - Conform to the new interface of StoreManager::CastRegion. Tests: - None of the analysis tests fail now for using the "basic store". - Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing. llvm-svn: 60995
* A series of cleanups/fixes motivated by <rdar://problem/6442306>:Ted Kremenek2008-12-131-3/+13
| | | | | | | | | | | | | | | | | | GRExprEngine (VisitCast): - When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored. MemRegion: - Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions. - Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region. - Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design. BasicStore: - Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion. RegionStore: - In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion. llvm-svn: 60990
* Address some comments on the name lookup/DeclContext patch from ChrisDouglas Gregor2008-12-111-6/+5
| | | | llvm-svn: 60897
* Unifies the name-lookup mechanisms used in various parts of the ASTDouglas Gregor2008-12-111-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and separates lexical name lookup from qualified name lookup. In particular: * Make DeclContext the central data structure for storing and looking up declarations within existing declarations, e.g., members of structs/unions/classes, enumerators in C++0x enums, members of C++ namespaces, and (later) members of Objective-C interfaces/implementations. DeclContext uses a lazily-constructed data structure optimized for fast lookup (array for small contexts, hash table for larger contexts). * Implement C++ qualified name lookup in terms of lookup into DeclContext. * Implement C++ unqualified name lookup in terms of qualified+unqualified name lookup (since unqualified lookup is not purely lexical in C++!) * Limit the use of the chains of declarations stored in IdentifierInfo to those names declared lexically. * Eliminate CXXFieldDecl, collapsing its behavior into FieldDecl. (FieldDecl is now a ScopedDecl). * Make RecordDecl into a DeclContext and eliminates its Members/NumMembers fields (since one can just iterate through the DeclContext to get the fields). llvm-svn: 60878
* Rename SymbolID to SymbolRef. This is a precursor to some overhauling of ↵Ted Kremenek2008-12-051-1/+1
| | | | | | the representation of symbolic values. llvm-svn: 60575
* StoreManager::Retrieve and StoreManager::RemoveDeadBindings now take a ↵Ted Kremenek2008-12-051-19/+17
| | | | | | GRState* argument instead of a Store. This allows them to use the GDM for storing other data. llvm-svn: 60570
* Revamp RegionStoreManager::RemoveDeadBindings. This method now does a ↵Ted Kremenek2008-12-041-7/+131
| | | | | | complete mark-and-sweep of the store, removing dead regions and recording the set of live and dead symbols appropriately. llvm-svn: 60523
* Add comments.Zhongxing Xu2008-12-041-0/+6
| | | | llvm-svn: 60516
* Make RegionStoreManager::InitializeArray safe against array sizes that don't ↵Sebastian Redl2008-12-021-1/+2
| | | | | | | | have pointer width. This may be the case on 64-bit systems. Whether that fact is a bug is a different question, but it's easy to cure the symptom. llvm-svn: 60422
* Add support for initializing array with string literal.Zhongxing Xu2008-11-301-5/+30
| | | | | | | This fixes PR3127 http://llvm.org/bugs/show_bug.cgi?id=3127 llvm-svn: 60280
* To be consistent, make the index of the ElementRegion always signed.Zhongxing Xu2008-11-291-1/+1
| | | | llvm-svn: 60248
* Fix a serious bug.Zhongxing Xu2008-11-281-2/+3
| | | | | | | | | | | When initialized, the index of the ElementRegion was unsigned. But the index value of the ArraySubscriptExpr is signed. This inconsistency caused the value of the array element retrieved to be UnknownVal despite it was initialized to symbolic. This is only a hack. Real fix of this problem is required. llvm-svn: 60207
* Use std::make_pair instead of std::pair's ctor.Zhongxing Xu2008-11-281-3/+2
| | | | llvm-svn: 60205
* RegionViewMap factory is actually not used. All GDMs should use factories fromZhongxing Xu2008-11-271-2/+0
| | | | | | GDMContext. llvm-svn: 60150
* Fix the fix of revision 59974. Now array-struct.c passes too.Sebastian Redl2008-11-241-1/+2
| | | | llvm-svn: 59975
* Fix crash of array bounds checking under 64-bit.Sebastian Redl2008-11-241-3/+6
| | | | | | There might be other, similar bugs lurking there. llvm-svn: 59974
* Add support for AllocaRegion extent with GDM.Zhongxing Xu2008-11-241-5/+56
| | | | | | | | | | | | One design problem that is emerging is the signed-ness problem during static analysis. Many unsigned value have to be converted into signed value because it partipates in operations with signed values. On the other hand, we cannot blindly make all values occuring in static analysis signed, because we do have cases where unsignedness is required, for example, integer overflow detection. llvm-svn: 59957
* Strings are NULL terminated. So the region size should plus one.Zhongxing Xu2008-11-241-1/+1
| | | | llvm-svn: 59943
* Add a comment about the signedness.Zhongxing Xu2008-11-241-0/+2
| | | | llvm-svn: 59932
OpenPOWER on IntegriCloud