Turn -analyzer-inline-call on for C functions. This also fixed a bug that

after inlining post-call checking shouldn't be done. llvm-svn: 103161
2010-05-06 03:38:27 +00:00 · 2010-05-06 03:38:27 +00:00 · 1a56a488ed
parent 9174b2c2f9
commit 1a56a488ed
6 changed files with 34 additions and 8 deletions
--- a/clang/include/clang/Checker/PathSensitive/GRExprEngine.h
+++ b/clang/include/clang/Checker/PathSensitive/GRExprEngine.h
@ -456,6 +456,8 @@ private:
  void EvalLocation(ExplodedNodeSet &Dst, Stmt *S, ExplodedNode* Pred,
                    const GRState* St, SVal location,
                    const void *tag, bool isLoad);
+
+  bool InlineCall(ExplodedNodeSet &Dst, const CallExpr *CE, ExplodedNode *Pred);
 };

 } // end clang namespace
--- a/clang/lib/Checker/GRExprEngine.cpp
+++ b/clang/lib/Checker/GRExprEngine.cpp
@ -1810,6 +1810,28 @@ void GRExprEngine::EvalLocation(ExplodedNodeSet &Dst, Stmt *S,
  }
 }

+bool GRExprEngine::InlineCall(ExplodedNodeSet &Dst, const CallExpr *CE, 
+                              ExplodedNode *Pred) {
+  const GRState *state = GetState(Pred);
+  const Expr *Callee = CE->getCallee();
+  SVal L = state->getSVal(Callee);
+  
+  const FunctionDecl *FD = L.getAsFunctionDecl();
+  if (!FD)
+    return false;
+
+  if (!FD->getBody(FD))
+    return false;
+
+  // Now we have the definition of the callee, create a CallEnter node.
+  CallEnter Loc(CE, FD, Pred->getLocationContext());
+
+  ExplodedNode *N = Builder->generateNode(Loc, state, Pred);
+  if (N)
+    Dst.Add(N);
+  return true;
+}
+
 void GRExprEngine::VisitCall(CallExpr* CE, ExplodedNode* Pred,
                             CallExpr::arg_iterator AI,
                             CallExpr::arg_iterator AE,
@ -1889,6 +1911,10 @@ void GRExprEngine::VisitCall(CallExpr* CE, ExplodedNode* Pred,
    // If the callee is processed by a checker, skip the rest logic.
    if (CheckerEvalCall(CE, DstChecker, *DI))
      DstTmp3.insert(DstChecker);
+    else if (AMgr.shouldInlineCall() && InlineCall(Dst, CE, *DI)) {
+      // Callee is inlined. We shouldn't do post call checking.
+      return;
+    }
    else {
      for (ExplodedNodeSet::iterator DI_Checker = DstChecker.begin(),
           DE_Checker = DstChecker.end();
--- a/clang/test/Analysis/inline.c
+++ b/clang/test/Analysis/inline.c
@ -1,5 +1,5 @@
-// RUN: false
-// XFAIL: *
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-inline-call -analyzer-store region -verify %s
+
 int f1() {
  int y = 1;
  y++;
--- a/clang/test/Analysis/inline2.c
+++ b/clang/test/Analysis/inline2.c
@ -1,5 +1,4 @@
-// RUN: false
-// XFAIL: *
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-inline-call -analyzer-store region -verify %s

 // Test parameter 'a' is registered to LiveVariables analysis data although it
 // is not referenced in the function body. 
--- a/clang/test/Analysis/inline3.c
+++ b/clang/test/Analysis/inline3.c
@ -1,5 +1,4 @@
-// RUN: false
-// XFAIL: *
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-inline-call -analyzer-store region -verify %s

 // Test when entering f1(), we set the right AnalysisContext to Environment.
 // Otherwise, block-level expr '1 && a' would not be block-level.
--- a/clang/test/Analysis/inline4.c
+++ b/clang/test/Analysis/inline4.c
@ -1,5 +1,5 @@
-// RUN: false
-// XFAIL: *
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-inline-call -analyzer-store region -verify %s
+
 int g(int a) {    
  return a;
 }