maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Add optional record of "location" SVals in the environment. When we analyzing loads/stores, we lose the location SVal, which makes it difficult to recover in some cases (e.g., for post diagnostics). This is prep for pending changes to GRExprEngine. 

llvm-svn: 112930
This commit is contained in:
Ted Kremenek 2010-09-03 01:07:02 +00:00
parent db4c128f2f
commit 5b24adda26
4 changed files with 96 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
clang/include/clang/Checker/PathSensitive/Environment.h
View File

@ -83,8 +83,14 @@ public:
return Environment(F.GetEmptyMap()); return Environment(F.GetEmptyMap());
} }
Environment BindExpr(Environment Env, const Stmt *S, SVal V, /// Bind the value 'V' to the statement 'S'.
Environment bindExpr(Environment Env, const Stmt *S, SVal V,
bool Invalidate); bool Invalidate);
/// Bind the location 'location' and value 'V' to the statement 'S'. This
/// is used when simulating loads/stores.
Environment bindExprAndLocation(Environment Env, const Stmt *S, SVal location,
SVal V);
Environment RemoveDeadBindings(Environment Env, Environment RemoveDeadBindings(Environment Env,
SymbolReaper &SymReaper, const GRState *ST, SymbolReaper &SymReaper, const GRState *ST,

7
clang/include/clang/Checker/PathSensitive/GRState.h
View File

@ -201,8 +201,15 @@ public:
const LocationContext *LC, const LocationContext *LC,
SVal V) const; SVal V) const;
/// Create a new state by binding the value 'V' to the statement 'S' in the
/// state's environment.
const GRState *BindExpr(const Stmt *S, SVal V, bool Invalidate = true) const; const GRState *BindExpr(const Stmt *S, SVal V, bool Invalidate = true) const;
/// Create a new state by binding the value 'V' and location 'locaton' to the
/// statement 'S' in the state's environment.
const GRState *bindExprAndLocation(const Stmt *S, SVal location, SVal V)
const;
const GRState *bindDecl(const VarRegion *VR, SVal V) const; const GRState *bindDecl(const VarRegion *VR, SVal V) const;
const GRState *bindDeclWithNoInit(const VarRegion *VR) const; const GRState *bindDeclWithNoInit(const VarRegion *VR) const;

41
clang/lib/Checker/Environment.cpp
View File

@ -80,7 +80,7 @@ SVal Environment::GetSVal(const Stmt *E, ValueManager& ValMgr) const {
return LookupExpr(E); return LookupExpr(E);
} }
Environment EnvironmentManager::BindExpr(Environment Env, const Stmt *S, Environment EnvironmentManager::bindExpr(Environment Env, const Stmt *S,
SVal V, bool Invalidate) { SVal V, bool Invalidate) {
assert(S); assert(S);
@ -94,6 +94,16 @@ Environment EnvironmentManager::BindExpr(Environment Env, const Stmt *S,
return Environment(F.Add(Env.ExprBindings, S, V)); return Environment(F.Add(Env.ExprBindings, S, V));
} }
static inline const Stmt *MakeLocation(const Stmt *S) {
return (const Stmt*) (((uintptr_t) S) | 0x1);
}
Environment EnvironmentManager::bindExprAndLocation(Environment Env,
const Stmt *S,
SVal location, SVal V) {
return Environment(F.Add(F.Add(Env.ExprBindings, MakeLocation(S), V), S, V));
}
namespace { namespace {
class MarkLiveCallback : public SymbolVisitor { class MarkLiveCallback : public SymbolVisitor {
SymbolReaper &SymReaper; SymbolReaper &SymReaper;
@ -115,6 +125,12 @@ static bool isBlockExprInCallers(const Stmt *E, const LocationContext *LC) {
return false; return false;
} }
// In addition to mapping from Stmt * - > SVals in the Environment, we also
// maintain a mapping from Stmt * -> SVals (locations) that were used during
// a load and store.
static inline bool IsLocation(const Stmt *S) {
return (bool) (((uintptr_t) S) & 0x1);
}
// RemoveDeadBindings: // RemoveDeadBindings:
// - Remove subexpression bindings. // - Remove subexpression bindings.
@ -123,7 +139,6 @@ static bool isBlockExprInCallers(const Stmt *E, const LocationContext *LC) {
// - Mark their reachable symbols live in SymbolReaper, // - Mark their reachable symbols live in SymbolReaper,
// see ScanReachableSymbols. // see ScanReachableSymbols.
// - Mark the region in DRoots if the binding is a loc::MemRegionVal. // - Mark the region in DRoots if the binding is a loc::MemRegionVal.
Environment Environment
EnvironmentManager::RemoveDeadBindings(Environment Env, EnvironmentManager::RemoveDeadBindings(Environment Env,
SymbolReaper &SymReaper, SymbolReaper &SymReaper,
@ -136,12 +151,25 @@ EnvironmentManager::RemoveDeadBindings(Environment Env,
// individually removing all the subexpression bindings (which will greatly // individually removing all the subexpression bindings (which will greatly
// outnumber block-level expression bindings). // outnumber block-level expression bindings).
Environment NewEnv = getInitialEnvironment(); Environment NewEnv = getInitialEnvironment();
llvm::SmallVector<std::pair<const Stmt*, SVal>, 10> deferredLocations;
// Iterate over the block-expr bindings. // Iterate over the block-expr bindings.
for (Environment::iterator I = Env.begin(), E = Env.end(); for (Environment::iterator I = Env.begin(), E = Env.end();
I != E; ++I) { I != E; ++I) {
const Stmt *BlkExpr = I.getKey(); const Stmt *BlkExpr = I.getKey();
// For recorded locations (used when evaluating loads and stores), we
// consider them live only when their associated normal expression is
// also live.
// NOTE: This assumes that loads/stores that evaluated to UnknownVal
// still have an entry in the map.
if (IsLocation(BlkExpr)) {
deferredLocations.push_back(std::make_pair(BlkExpr, I.getData()));
continue;
}
const SVal &X = I.getData(); const SVal &X = I.getData();
// Block-level expressions in callers are assumed always live. // Block-level expressions in callers are assumed always live.
@ -186,6 +214,15 @@ EnvironmentManager::RemoveDeadBindings(Environment Env,
if (X.isUndef() && cast<UndefinedVal>(X).getData()) if (X.isUndef() && cast<UndefinedVal>(X).getData())
NewEnv.ExprBindings = F.Add(NewEnv.ExprBindings, BlkExpr, X); NewEnv.ExprBindings = F.Add(NewEnv.ExprBindings, BlkExpr, X);
} }
// Go through he deferred locations and add them to the new environment if
// the correspond Stmt* is in the map as well.
for (llvm::SmallVectorImpl<std::pair<const Stmt*, SVal> >::iterator
I = deferredLocations.begin(), E = deferredLocations.end(); I != E; ++I) {
const Stmt *S = (Stmt*) (((uintptr_t) I->first) & (uintptr_t) ~0x1);
if (NewEnv.ExprBindings.lookup(S))
NewEnv.ExprBindings = F.Add(NewEnv.ExprBindings, I->first, I->second);
}
return NewEnv; return NewEnv;
} }

46
clang/lib/Checker/GRState.cpp
View File

@ -206,8 +206,8 @@ SVal GRState::getSimplifiedSVal(Loc location, QualType T) const {
return V; return V;
} }
const GRState *GRState::BindExpr(const Stmt* Ex, SVal V, bool Invalidate) const{ const GRState *GRState::BindExpr(const Stmt* S, SVal V, bool Invalidate) const{
Environment NewEnv = getStateManager().EnvMgr.BindExpr(Env, Ex, V, Environment NewEnv = getStateManager().EnvMgr.bindExpr(Env, S, V,
Invalidate); Invalidate);
if (NewEnv == Env) if (NewEnv == Env)
return this; return this;
@ -217,6 +217,19 @@ const GRState *GRState::BindExpr(const Stmt* Ex, SVal V, bool Invalidate) const{
return getStateManager().getPersistentState(NewSt); return getStateManager().getPersistentState(NewSt);
} }
const GRState *GRState::bindExprAndLocation(const Stmt *S, SVal location,
SVal V) const {
Environment NewEnv =
getStateManager().EnvMgr.bindExprAndLocation(Env, S, location, V);
if (NewEnv == Env)
return this;
GRState NewSt = *this;
NewSt.Env = NewEnv;
return getStateManager().getPersistentState(NewSt);
}
const GRState *GRState::AssumeInBound(DefinedOrUnknownSVal Idx, const GRState *GRState::AssumeInBound(DefinedOrUnknownSVal Idx,
DefinedOrUnknownSVal UpperBound, DefinedOrUnknownSVal UpperBound,
bool Assumption) const { bool Assumption) const {
@ -295,6 +308,11 @@ const GRState* GRState::makeWithStore(Store store) const {
// State pretty-printing. // State pretty-printing.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
static bool IsEnvLoc(const Stmt *S) {
// FIXME: This is a layering violation. Should be in environment.
return (bool) (((uintptr_t) S) & 0x1);
}
void GRState::print(llvm::raw_ostream& Out, CFG &C, const char* nl, void GRState::print(llvm::raw_ostream& Out, CFG &C, const char* nl,
const char* sep) const { const char* sep) const {
// Print the store. // Print the store.
@ -304,8 +322,9 @@ void GRState::print(llvm::raw_ostream& Out, CFG &C, const char* nl,
// Print Subexpression bindings. // Print Subexpression bindings.
bool isFirst = true; bool isFirst = true;
// FIXME: All environment printing should be moved inside Environment.
for (Environment::iterator I = Env.begin(), E = Env.end(); I != E; ++I) { for (Environment::iterator I = Env.begin(), E = Env.end(); I != E; ++I) {
if (C.isBlkExpr(I.getKey())) if (C.isBlkExpr(I.getKey()) || IsEnvLoc(I.getKey()))
continue; continue;
if (isFirst) { if (isFirst) {
@ -338,6 +357,27 @@ void GRState::print(llvm::raw_ostream& Out, CFG &C, const char* nl,
I.getKey()->printPretty(Out, 0, PrintingPolicy(LO)); I.getKey()->printPretty(Out, 0, PrintingPolicy(LO));
Out << " : " << I.getData(); Out << " : " << I.getData();
} }
// Print locations.
isFirst = true;
for (Environment::iterator I = Env.begin(), E = Env.end(); I != E; ++I) {
if (!IsEnvLoc(I.getKey()))
continue;
if (isFirst) {
Out << nl << nl << "Load/store locations:" << nl;
isFirst = false;
}
else { Out << nl; }
const Stmt *S = (Stmt*) (((uintptr_t) I.getKey()) & ((uintptr_t) ~0x1));
Out << " (" << (void*) S << ") ";
LangOptions LO; // FIXME.
S->printPretty(Out, 0, PrintingPolicy(LO));
Out << " : " << I.getData();
}
Mgr.getConstraintManager().print(this, Out, nl, sep); Mgr.getConstraintManager().print(this, Out, nl, sep);