From acd080b956d8a0007a36ca6727977cdfd5c284db Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Wed, 28 Aug 2013 17:07:04 +0000 Subject: [analyzer] Add support for testing the presence of weak functions. When casting the address of a FunctionTextRegion to bool, or when adding constraints to such an address, use a stand-in symbol to represent the presence or absence of the function if the function is weakly linked. This is groundwork for possible simple availability testing checks, and can already catch mistakes involving inverted null checks for weakly-linked functions. Currently, the implementation reuses the "extent" symbols, originally created for tracking the size of a malloc region. Since FunctionTextRegions cannot be dereferenced, the extent symbol will never be used for anything else. Still, this probably deserves a refactoring in the future. This patch does not attempt to support testing the presence of weak /variables/ (global variables), which would likely require much more of a change and a generalization of "region structure metadata", like the current "extents", vs. "region contents metadata", like CStringChecker's "string length". Patch by Richard ! llvm-svn: 189492 --- .../Core/SimpleConstraintManager.cpp | 59 +++++----------------- 1 file changed, 14 insertions(+), 45 deletions(-) (limited to 'clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp') diff --git a/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp index a06268dd331..e6653ae6e4b 100644 --- a/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp +++ b/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp @@ -68,51 +68,20 @@ bool SimpleConstraintManager::canReasonAbout(SVal X) const { ProgramStateRef SimpleConstraintManager::assume(ProgramStateRef state, DefinedSVal Cond, bool Assumption) { - if (Optional NV = Cond.getAs()) - return assume(state, *NV, Assumption); - return assume(state, Cond.castAs(), Assumption); -} - -ProgramStateRef SimpleConstraintManager::assume(ProgramStateRef state, Loc cond, - bool assumption) { - state = assumeAux(state, cond, assumption); - if (NotifyAssumeClients && SU) - return SU->processAssume(state, cond, assumption); - return state; -} - -ProgramStateRef SimpleConstraintManager::assumeAux(ProgramStateRef state, - Loc Cond, bool Assumption) { - switch (Cond.getSubKind()) { - default: - assert (false && "'Assume' not implemented for this Loc."); - return state; - - case loc::MemRegionKind: { - // FIXME: Should this go into the storemanager? - const MemRegion *R = Cond.castAs().getRegion(); - - // FIXME: now we only find the first symbolic region. - if (const SymbolicRegion *SymR = R->getSymbolicBase()) { - const llvm::APSInt &zero = getBasicVals().getZeroWithPtrWidth(); - if (Assumption) - return assumeSymNE(state, SymR->getSymbol(), zero, zero); - else - return assumeSymEQ(state, SymR->getSymbol(), zero, zero); - } - - // FALL-THROUGH. + // If we have a Loc value, cast it to a bool NonLoc first. + if (Optional LV = Cond.getAs()) { + SValBuilder &SVB = state->getStateManager().getSValBuilder(); + QualType T; + const MemRegion *MR = LV->getAsRegion(); + if (const TypedRegion *TR = dyn_cast_or_null(MR)) + T = TR->getLocationType(); + else + T = SVB.getContext().VoidPtrTy; + + Cond = SVB.evalCast(*LV, SVB.getContext().BoolTy, T).castAs(); } - case loc::GotoLabelKind: - return Assumption ? state : NULL; - - case loc::ConcreteIntKind: { - bool b = Cond.castAs().getValue() != 0; - bool isFeasible = b ? Assumption : !Assumption; - return isFeasible ? state : NULL; - } - } // end switch + return assume(state, Cond.castAs(), Assumption); } ProgramStateRef SimpleConstraintManager::assume(ProgramStateRef state, @@ -216,8 +185,8 @@ ProgramStateRef SimpleConstraintManager::assumeAux(ProgramStateRef state, } case nonloc::LocAsIntegerKind: - return assumeAux(state, Cond.castAs().getLoc(), - Assumption); + return assume(state, Cond.castAs().getLoc(), + Assumption); } // end switch } -- cgit v1.2.3