OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity

This is the first step to gradually remove the use of loc::SymbolVal. Now 

when creating symbolic values, we distinguish between location and non-location
values. For location values, we create a symbolic region instead of a
loc::SymbolVal.

llvm-svn: 68373
This commit is contained in:
Zhongxing Xu 2009-04-03 07:33:13 +00:00
parent 8554a77e8d
commit ec7e7dfe0a
5 changed files with 64 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
clang/include/clang/Analysis/PathSensitive/SVals.h
View File

@ -28,6 +28,7 @@ namespace clang {
class CompoundValData;
class BasicValueFactory;
class MemRegion;
class MemRegionManager;
class GRStateManager;
class SVal {
@ -72,7 +73,8 @@ public:
}
/// GetRValueSymbolVal - make a unique symbol for value of R.
static SVal GetRValueSymbolVal(SymbolManager& SymMgr, const MemRegion* R);
static SVal GetRValueSymbolVal(SymbolManager& SymMgr, MemRegionManager& MRMgr,
const MemRegion* R);
static SVal GetConjuredSymbolVal(SymbolManager& SymMgr, const Expr *E,
unsigned Count);

14
clang/lib/Analysis/BasicStore.cpp
View File

@ -125,6 +125,9 @@ public:
}
void print(Store store, std::ostream& Out, const char* nl, const char *sep);
private:
ASTContext& getContext() { return StateMgr.getContext(); }
};
} // end anonymous namespace
@ -273,9 +276,10 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base,
break;
}
// FIXME: Handle SymbolRegions? Shouldn't be possible in
// BasicStoreManager.
assert(!isa<SymbolicRegion>(R));
if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(R)) {
SymbolRef Sym = SR->getSymbol();
BaseR = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
}
break;
}
@ -477,7 +481,7 @@ Store BasicStoreManager::scanForIvars(Stmt *B, const Decl* SelfDecl, Store St) {
SelfRegion);
SVal X = SVal::GetRValueSymbolVal(StateMgr.getSymbolManager(),
IVR);
MRMgr, IVR);
St = BindInternal(St, Loc::MakeVal(IVR), X);
}
@ -534,7 +538,7 @@ Store BasicStoreManager::getInitialStore() {
const MemRegion *R = StateMgr.getRegion(VD);
SVal X = (VD->hasGlobalStorage() || isa<ParmVarDecl>(VD) ||
isa<ImplicitParamDecl>(VD))
? SVal::GetRValueSymbolVal(StateMgr.getSymbolManager(), R)
? SVal::GetRValueSymbolVal(StateMgr.getSymbolManager(), MRMgr,R)
: UndefinedVal();
St = BindInternal(St, Loc::MakeVal(R), X);

19
clang/lib/Analysis/GRExprEngine.cpp
View File

@ -1138,7 +1138,7 @@ GRExprEngine::NodeTy* GRExprEngine::EvalLocation(Stmt* Ex, NodeTy* Pred,
bool isFeasibleNull = false;
GRStateRef StNull = GRStateRef(Assume(state, LV, false, isFeasibleNull),
getStateManager());
if (isFeasibleNull) {
// Use the Generic Data Map to mark in the state what lval was null.
@ -1920,7 +1920,22 @@ void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){
// to a desugared type.
assert(Loc::IsLocType(T));
assert(Loc::IsLocType(ExTy));
// We get a symbolic function pointer for a dereference of a function
// pointer, but it is of function type. Example:
// struct FPRec {
// void (*my_func)(int * x);
// };
//
// int bar(int x);
//
// int f1_a(struct FPRec* foo) {
// int x;
// (*foo->my_func)(&x);
// return bar(x)+1; // no-warning
// }
assert(Loc::IsLocType(ExTy) || ExTy->isFunctionType());
const MemRegion* R = RV->getRegion();
StoreManager& StoreMgr = getStoreManager();

43
clang/lib/Analysis/RegionStore.cpp
View File

@ -360,6 +360,10 @@ SVal RegionStoreManager::getLValueFieldOrIvar(const GRState* St, SVal Base,
switch (BaseL.getSubKind()) {
case loc::MemRegionKind:
BaseR = cast<loc::MemRegionVal>(BaseL).getRegion();
if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(BaseR)) {
SymbolRef Sym = SR->getSymbol();
BaseR = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
}
break;
case loc::SymbolValKind: {
@ -412,13 +416,20 @@ SVal RegionStoreManager::getLValueElement(const GRState* St,
const TypedRegion* BaseRegion = 0;
if (isa<loc::SymbolVal>(Base)) {
// FIXME: This case will be removed.
SymbolRef Sym = cast<loc::SymbolVal>(Base).getSymbol();
SymbolicRegion* SR = MRMgr.getSymbolicRegion(Sym);
// Layer the type information.
BaseRegion = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
}
else
BaseRegion = cast<TypedRegion>(cast<loc::MemRegionVal>(Base).getRegion());
} else {
const MemRegion* R = cast<loc::MemRegionVal>(Base).getRegion();
if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(R)) {
SymbolRef Sym = SR->getSymbol();
BaseRegion = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR);
}
else
BaseRegion = cast<TypedRegion>(R);
}
// Pointer of any type can be cast and used as array base.
const ElementRegion *ElemR = dyn_cast<ElementRegion>(BaseRegion);
@ -617,8 +628,11 @@ SVal RegionStoreManager::EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R) {
if (!isa<loc::MemRegionVal>(L))
return UnknownVal();
const TypedRegion* TR
= cast<TypedRegion>(cast<loc::MemRegionVal>(L).getRegion());
const MemRegion* MR = cast<loc::MemRegionVal>(L).getRegion();
if (isa<SymbolicRegion>(MR))
return UnknownVal();
const TypedRegion* TR = cast<TypedRegion>(MR);
const ElementRegion* ER = dyn_cast<ElementRegion>(TR);
@ -683,10 +697,17 @@ SVal RegionStoreManager::Retrieve(const GRState* St, Loc L, QualType T) {
if (isa<loc::FuncVal>(L))
return L;
const MemRegion* MR = cast<loc::MemRegionVal>(L).getRegion();
// We return unknown for symbolic region for now. This might be improved.
// Example:
// void f(int* p) { int x = *p; }
if (isa<SymbolicRegion>(MR))
return UnknownVal();
// FIXME: Perhaps this method should just take a 'const MemRegion*' argument
// instead of 'Loc', and have the other Loc cases handled at a higher level.
const TypedRegion* R
= cast<TypedRegion>(cast<loc::MemRegionVal>(L).getRegion());
const TypedRegion* R = cast<TypedRegion>(MR);
assert(R && "bad region");
// FIXME: We should eventually handle funny addressing. e.g.:
@ -735,7 +756,7 @@ SVal RegionStoreManager::Retrieve(const GRState* St, Loc L, QualType T) {
if (SR == SelfRegion) {
// FIXME: Do we need to handle the case where the super region
// has a view? We want to canonicalize the bindings.
return SVal::GetRValueSymbolVal(getSymbolManager(), R);
return SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, R);
}
// Otherwise, we need a new symbol. For now return Unknown.
@ -757,7 +778,7 @@ SVal RegionStoreManager::Retrieve(const GRState* St, Loc L, QualType T) {
VD->hasGlobalStorage()) {
QualType VTy = VD->getType();
if (Loc::IsLocType(VTy) || VTy->isIntegerType())
return SVal::GetRValueSymbolVal(getSymbolManager(), VR);
return SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, VR);
else
return UnknownVal();
}
@ -773,7 +794,7 @@ SVal RegionStoreManager::Retrieve(const GRState* St, Loc L, QualType T) {
// All other integer values are symbolic.
if (Loc::IsLocType(RTy) || RTy->isIntegerType())
return SVal::GetRValueSymbolVal(getSymbolManager(), R);
return SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, R);
else
return UnknownVal();
}
@ -811,7 +832,7 @@ SVal RegionStoreManager::RetrieveStruct(const GRState* St,const TypedRegion* R){
if (MRMgr.onStack(FR) || MRMgr.onHeap(FR))
FieldValue = UndefinedVal();
else
FieldValue = SVal::GetRValueSymbolVal(getSymbolManager(), FR);
FieldValue = SVal::GetRValueSymbolVal(getSymbolManager(), MRMgr, FR);
}
StructVal = getBasicVals().consVals(FieldValue, StructVal);

5
clang/lib/Analysis/SVals.cpp
View File

@ -264,14 +264,15 @@ NonLoc NonLoc::MakeCompoundVal(QualType T, llvm::ImmutableList<SVal> Vals,
return nonloc::CompoundVal(BasicVals.getCompoundValData(T, Vals));
}
SVal SVal::GetRValueSymbolVal(SymbolManager& SymMgr, const MemRegion* R) {
SVal SVal::GetRValueSymbolVal(SymbolManager& SymMgr, MemRegionManager& MRMgr,
const MemRegion* R) {
SymbolRef sym = SymMgr.getRegionRValueSymbol(R);
if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
QualType T = TR->getRValueType(SymMgr.getContext());
if (Loc::IsLocType(T))
return Loc::MakeVal(sym);
return Loc::MakeVal(MRMgr.getSymbolicRegion(sym));
// Only handle integers for now.
if (T->isIntegerType())