Check in some design documents to centralize ideas around region store and the
analysis engine. llvm-svn: 67747
This commit is contained in:
Zhongxing Xu
parent
6568eef9f9
commit
2d44866316
|
|
@ -0,0 +1,53 @@
|
||||||
|
Symbolic Region
|
||||||
|
|
||||||
|
A symbolic region is a map of the concept of symbolic values into the domain of
|
||||||
|
regions. It is the way that we represent symbolic pointers. Whenever a symbolic
|
||||||
|
pointer value is needed, a symbolic region is created to represent it.
|
||||||
|
|
||||||
|
A symbolic region has no type. It wraps a SymbolData. But sometimes we have type
|
||||||
|
information associated with a symbolic region. For this case, a TypedViewRegion
|
||||||
|
is created to layer the type information on top of the symbolic region. The
|
||||||
|
reason we do not carry type information with the symbolic region is that
|
||||||
|
the symbolic regions can have no type. To be consistent, we don't let them to
|
||||||
|
carry type information.
|
||||||
|
|
||||||
|
Like a symbolic pointer, a symbolic region may be NULL, has unknown extent, and
|
||||||
|
represents a generic chunk of memory.
|
||||||
|
|
||||||
|
We plan not to use loc::SymbolVal in RegionStore and remove it gradually.
|
||||||
|
|
||||||
|
Pointer Casts
|
||||||
|
|
||||||
|
Pointer casts allow people to impose different 'views' onto a chunk of memory.
|
||||||
|
|
||||||
|
Usually we have two kinds of casts. One kind of casts cast down with in the type
|
||||||
|
hierarchy. It imposes more specific views onto more generic memory regions. The
|
||||||
|
other kind of casts cast up with in the type hierarchy. It strips away more
|
||||||
|
specific views on top of the more generic memory regions.
|
||||||
|
|
||||||
|
We simulate the down casts by layering another TypedViewRegion on top of the
|
||||||
|
original region. We simulate the up casts by striping away the top
|
||||||
|
TypedViewRegion. Down casts is usually simple. For up casts, if the there is no
|
||||||
|
TypedViewRegion to be stripped, we return the original region. If the underlying
|
||||||
|
region is of the different type than the cast-to type, we flag an error state.
|
||||||
|
|
||||||
|
For toll-free bridging casts, we return the original region.
|
||||||
|
|
||||||
|
Region Bindings
|
||||||
|
|
||||||
|
The following region kinds are boundable: VarRegion, CompoundLiteralRegion,
|
||||||
|
StringRegion, ElementRegion, FieldRegion, and ObjCIvarRegion.
|
||||||
|
|
||||||
|
When binding regions, we perform canonicalization on element regions and field
|
||||||
|
regions. This is because we can have different views on the same region, some of
|
||||||
|
which are essentially the same view with different sugar type names.
|
||||||
|
|
||||||
|
To canonicalize a region, we get the canonical types for all TypedViewRegions
|
||||||
|
along the way up to the root region, and make new TypedViewRegions with those
|
||||||
|
canonical types.
|
||||||
|
|
||||||
|
All bindings and retrievings are done on the canonicalized regions.
|
||||||
|
|
||||||
|
Canonicalization is transparent outside the region store manager, and more
|
||||||
|
specifically, unaware outside the Bind() and Retrieve() method. We don't need to
|
||||||
|
consider region canonicalization when doing pointer cast.
|
||||||
Loading…
Reference in New Issue