2009-04-22 05:51:34 +08:00
|
|
|
//== Store.cpp - Interface for maps from Locations to Values ----*- C++ -*--==//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// This file defined the types Store and StoreManager.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#include "clang/Analysis/PathSensitive/Store.h"
|
|
|
|
#include "clang/Analysis/PathSensitive/GRState.h"
|
|
|
|
|
|
|
|
using namespace clang;
|
|
|
|
|
|
|
|
StoreManager::StoreManager(GRStateManager &stateMgr)
|
|
|
|
: ValMgr(stateMgr.getValueManager()),
|
|
|
|
StateMgr(stateMgr),
|
|
|
|
MRMgr(ValMgr.getRegionManager()) {}
|
|
|
|
|
|
|
|
StoreManager::CastResult
|
|
|
|
StoreManager::CastRegion(const GRState* state, const MemRegion* R,
|
2009-05-04 14:35:49 +08:00
|
|
|
QualType CastToTy) {
|
2009-04-22 05:51:34 +08:00
|
|
|
|
2009-04-22 07:31:46 +08:00
|
|
|
ASTContext& Ctx = StateMgr.getContext();
|
|
|
|
|
|
|
|
// We need to know the real type of CastToTy.
|
|
|
|
QualType ToTy = Ctx.getCanonicalType(CastToTy);
|
|
|
|
|
2009-04-22 05:51:34 +08:00
|
|
|
// Return the same region if the region types are compatible.
|
|
|
|
if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
|
2009-05-09 08:50:33 +08:00
|
|
|
QualType Ta = Ctx.getCanonicalType(TR->getLocationType(Ctx));
|
2009-04-22 07:31:46 +08:00
|
|
|
|
|
|
|
if (Ta == ToTy)
|
2009-04-22 05:51:34 +08:00
|
|
|
return CastResult(state, R);
|
|
|
|
}
|
|
|
|
|
2009-05-04 14:35:49 +08:00
|
|
|
if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr())) {
|
|
|
|
// Check if we are casting to 'void*'.
|
|
|
|
// FIXME: Handle arbitrary upcasts.
|
|
|
|
QualType Pointee = PTy->getPointeeType();
|
|
|
|
if (Pointee->isVoidType()) {
|
2009-04-22 07:31:46 +08:00
|
|
|
|
2009-05-07 02:19:24 +08:00
|
|
|
do {
|
|
|
|
if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R)) {
|
|
|
|
// Casts to void* removes TypedViewRegion. This happens when:
|
|
|
|
//
|
|
|
|
// void foo(void*);
|
|
|
|
// ...
|
|
|
|
// void bar() {
|
|
|
|
// int x;
|
|
|
|
// foo(&x);
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
R = TR->removeViews();
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
|
|
|
|
// Casts to void* also removes ElementRegions. This happens when:
|
|
|
|
//
|
|
|
|
// void foo(void*);
|
|
|
|
// ...
|
|
|
|
// void bar() {
|
|
|
|
// int x;
|
|
|
|
// foo((char*)&x);
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
R = ER->getSuperRegion();
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
while (0);
|
2009-04-22 07:31:46 +08:00
|
|
|
|
|
|
|
return CastResult(state, R);
|
|
|
|
}
|
2009-05-04 14:35:49 +08:00
|
|
|
else if (Pointee->isIntegerType()) {
|
|
|
|
// FIXME: At some point, it stands to reason that this 'dyn_cast' should
|
|
|
|
// become a 'cast' and that 'R' will always be a TypedRegion.
|
|
|
|
if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) {
|
|
|
|
// Check if we are casting to a region with an integer type. We now
|
|
|
|
// the types aren't the same, so we construct an ElementRegion.
|
2009-05-04 23:17:38 +08:00
|
|
|
SVal Idx = ValMgr.makeZeroArrayIndex();
|
2009-05-04 15:04:36 +08:00
|
|
|
|
|
|
|
// If the super region is an element region, strip it away.
|
|
|
|
// FIXME: Is this the right thing to do in all cases?
|
|
|
|
const TypedRegion *Base = isa<ElementRegion>(TR) ?
|
|
|
|
cast<TypedRegion>(TR->getSuperRegion()) : TR;
|
|
|
|
ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, Base);
|
2009-05-04 14:35:49 +08:00
|
|
|
return CastResult(state, ER);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2009-04-22 07:31:46 +08:00
|
|
|
|
2009-05-02 03:22:20 +08:00
|
|
|
// FIXME: Need to handle arbitrary downcasts.
|
|
|
|
// FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion
|
|
|
|
// or an AllocaRegion is cast to another view, thus causing the memory
|
|
|
|
// to be re-used for a different purpose.
|
2009-04-22 07:31:46 +08:00
|
|
|
|
2009-05-02 03:22:20 +08:00
|
|
|
if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) {
|
|
|
|
const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);
|
|
|
|
return CastResult(AddRegionView(state, ViewR, R), ViewR);
|
|
|
|
}
|
|
|
|
|
|
|
|
return CastResult(state, R);
|
2009-04-22 05:51:34 +08:00
|
|
|
}
|