d8242f19f7
Rename SymbolID to SymbolRef. This is a precursor to some overhauling of the representation of symbolic values.
...
llvm-svn: 60575
2008-12-05 02:27:51 +00:00
d368de794a
StoreManager::Retrieve and StoreManager::RemoveDeadBindings now take a GRState* argument instead of a Store. This allows them to use the GDM for storing other data.
...
llvm-svn: 60570
2008-12-05 00:47:52 +00:00
677779ab36
Revamp RegionStoreManager::RemoveDeadBindings. This method now does a complete mark-and-sweep of the store, removing dead regions and recording the set of live and dead symbols appropriately.
...
llvm-svn: 60523
2008-12-04 02:08:27 +00:00
96c0fa8b42
Add comments.
...
llvm-svn: 60516
2008-12-04 01:12:41 +00:00
6ef75e9ee8
Make RegionStoreManager::InitializeArray safe against array sizes that don't have pointer width.
...
This may be the case on 64-bit systems. Whether that fact is a bug is a different question, but it's easy to cure the symptom.
llvm-svn: 60422
2008-12-02 16:47:35 +00:00
d2fa1e0999
Add support for initializing array with string literal.
...
This fixes PR3127
http://llvm.org/bugs/show_bug.cgi?id=3127
llvm-svn: 60280
2008-11-30 05:49:49 +00:00
452273d9c6
To be consistent, make the index of the ElementRegion always signed.
...
llvm-svn: 60248
2008-11-29 12:05:04 +00:00
e31a8ebfdc
Fix a serious bug.
...
When initialized, the index of the ElementRegion was unsigned. But the index
value of the ArraySubscriptExpr is signed. This inconsistency caused the value
of the array element retrieved to be UnknownVal despite it was initialized to
symbolic.
This is only a hack. Real fix of this problem is required.
llvm-svn: 60207
2008-11-28 08:41:39 +00:00
85b6e201f4
Use std::make_pair instead of std::pair's ctor.
...
llvm-svn: 60205
2008-11-28 03:55:52 +00:00
b670f294c9
RegionViewMap factory is actually not used. All GDMs should use factories from
...
GDMContext.
llvm-svn: 60150
2008-11-27 06:03:03 +00:00
f7cb84d771
Fix the fix of revision 59974. Now array-struct.c passes too.
...
llvm-svn: 59975
2008-11-24 19:39:40 +00:00
81c1e1306c
Fix crash of array bounds checking under 64-bit.
...
There might be other, similar bugs lurking there.
llvm-svn: 59974
2008-11-24 19:35:33 +00:00
9165ed69af
Add support for AllocaRegion extent with GDM.
...
One design problem that is emerging is the signed-ness problem during static
analysis. Many unsigned value have to be converted into signed value because
it partipates in operations with signed values.
On the other hand, we cannot blindly make all values occuring in static analysis
signed, because we do have cases where unsignedness is required, for example,
integer overflow detection.
llvm-svn: 59957
2008-11-24 09:44:56 +00:00
f556cd6cb9
Strings are NULL terminated. So the region size should plus one.
...
llvm-svn: 59943
2008-11-24 05:16:01 +00:00
8361d4c51b
Add a comment about the signedness.
...
llvm-svn: 59932
2008-11-24 02:30:48 +00:00
a61731dd0d
Add getSize() support for StringRegion.
...
llvm-svn: 59930
2008-11-24 02:18:56 +00:00
cdf25053ee
Clean up code by using utility methods.
...
llvm-svn: 59899
2008-11-23 04:30:35 +00:00
4c8bf0086a
Remove debug code.
...
llvm-svn: 59870
2008-11-22 13:23:00 +00:00
4d45b34a8a
Initial support for checking out of bound memory access. Only support
...
ConcreteInt index for now.
llvm-svn: 59869
2008-11-22 13:21:46 +00:00
e5816f213d
Add support for symbolicating global structs and arrays in RegionStoreManager::getInitialStore().
...
llvm-svn: 59619
2008-11-19 11:06:24 +00:00
c0145fd0bf
Fix warning about RegionStoreManager::Retrieve() not always returning a value.
...
llvm-svn: 59571
2008-11-19 00:27:37 +00:00
f87a7abcd4
handle the case that the array element is of structure type when bind the whole array to a single value (for example, UnknownVal, UndefinedVal).
...
llvm-svn: 59521
2008-11-18 13:11:04 +00:00
99a96d6ef3
Enhance modularization: return a <state,loc> pair to let GRExprEngine modify the
...
environment.
llvm-svn: 59407
2008-11-16 07:06:26 +00:00
ceca80619f
Enhances SCA to process untyped region to typed region conversion.
...
- RegionView and RegionViewMap is introduced to assist back-mapping from
super region to subregions.
- GDM is used to carry RegionView information.
- AnonTypedRegion is added to represent a typed region introduced by pointer
casting. Later AnonTypedRegion can be used in other similar cases, e.g.,
malloc()'ed region.
- The specific conversion is delegated to store manager.
llvm-svn: 59382
2008-11-16 04:07:26 +00:00
6a276cf5b7
Improve zero value generation.
...
llvm-svn: 59356
2008-11-15 05:18:50 +00:00
d4e72fca45
Process array base expression of any type.
...
llvm-svn: 59240
2008-11-13 09:48:44 +00:00
189a30796a
Array index might be unsigned. We have to generate a temporary signed value for
...
it to be evaluated by APSInt::operators.
llvm-svn: 59238
2008-11-13 09:15:14 +00:00
29188c2948
Incomplete struct pointer can be used as a function argument.
...
llvm-svn: 59235
2008-11-13 08:41:36 +00:00
cd639218e4
StoreManager::BindDecl now takes an SVal* for the initialization value instead of an Expr* (which can be null). Lazy symbolication of conjured symbols is now the sole responsibility of GRExprEngine.
...
llvm-svn: 59151
2008-11-12 19:18:35 +00:00
18d6fd45de
Implement RegionStoreManager::RemoveDeadBindings(). This prunes several false warning caused by removal of symbolic constraints. Currently we just mark all symbols live. Further optimization for dead binding removal needed.
...
llvm-svn: 58982
2008-11-10 09:39:04 +00:00
2c677c34d5
Finish the implementation of VisitCompoundLiteralExpr. As VisitInitListExpr is
...
available, things get much simplified.
One addition is that CompoundLiteralExpr can appear both in rvalue and lvalue
context.
llvm-svn: 58837
2008-11-07 10:38:33 +00:00
e79a4e667b
Make the assertion real.
...
llvm-svn: 58833
2008-11-07 08:57:30 +00:00
2e8e604704
1. When a pointer to struct is used as an argument, GRSimpleVals::EvalCall()
...
sets the whole struct to Unknown. Then we cannot assume the V passed to
BindStruct() is always a CompoundVal. When it is an UnknownVal, we call
BindStructToVal(UnknownVal).
2. Change the signature of InitializeStructToUndefined() to BindStructToVal()
to reuse the code.
llvm-svn: 58564
2008-11-02 12:13:30 +00:00
73f006e800
Simplify interface. We can get canonical type from the base region directly. No need for an extra type argument.
...
llvm-svn: 58507
2008-10-31 11:02:48 +00:00
b393b5080c
Implement struct initialization for SCA.
...
llvm-svn: 58506
2008-10-31 10:53:01 +00:00
98bb1fa69e
Implement array initialization for SCA.
...
llvm-svn: 58504
2008-10-31 10:24:47 +00:00
ce71638c0d
Implement BindStruct and fix a bug in RetriveStruct.
...
llvm-svn: 58496
2008-10-31 08:10:01 +00:00
6c0d588942
Implement load from struct region. Instead of returning an UnknownVal(), we create a CompoundVal by loading from each field of the struct.
...
llvm-svn: 58494
2008-10-31 07:16:08 +00:00
628ae879ea
Rename: AddDecl => BindDecl
...
BindDecl better describes what the function does:
- Bind the VarDecl to its memory region
- Bind the memory region to some initial value.
llvm-svn: 58359
2008-10-29 02:34:02 +00:00
bf26368255
Added preliminary support for CompoundLiterals in the static analyzer:
...
- GRExprEngine::VisitCompoundLiteral...
(1) visits the initializer list (generating ExplodedNodes)
(2) creates a CompoundMemRegion for the literal
(3) creates a new state with the bound literal values using
GRStateManager::BindCompoundLiteral
- GRStateManager::BindCompoundLiteral simply calls
StoreManager::BindCompoundLiteral to get a new store and returns a persistent
GRState with that store.
- BasicStore::BindCompoundLiteral simply returns the same store, as it
doesn't handle field sensitivity
- RegionStore::BindCompoundLiteral currently fires an assert (pending discussion
of how to best implement mappings for CompoundLiteralRegion).
llvm-svn: 58277
2008-10-27 21:54:31 +00:00
144d7554c4
Use ASTContext::getCanonicalType() to get TypedRegion's type.
...
llvm-svn: 58247
2008-10-27 13:35:03 +00:00
36d4ade4be
We cannot get precise lvalue for symbolic base array region.
...
llvm-svn: 58243
2008-10-27 12:23:17 +00:00
bb18b57f53
Get the canonical type for struct initialization. The original code would crash on TypedefType.
...
llvm-svn: 58236
2008-10-27 09:24:07 +00:00
60de6c6c63
Remove loc::StringLiteralVal. Now we allocate regions for string literals in the Store.
...
llvm-svn: 58182
2008-10-26 02:27:21 +00:00
bf47dc85fe
Simplify ArrayToPointer conversion. Actually the only thing we need to do is to get the first element region. It is not necessary to care about the kind of the base array region.
...
llvm-svn: 58181
2008-10-26 02:23:57 +00:00
0d2706f6b8
Add code for get the lvalue for string literals. Now we return a StringRegion
...
for StringLiteral lvalue evaluation, instead of directly returning a
loc::StringLiteralVal by the Environment.
llvm-svn: 58138
2008-10-25 14:18:57 +00:00
f3be44f191
Added method "getSelfRegion" to Store. This method returns the region associated with the "this" or "self" object (C++ and Objective-C respectively).
...
llvm-svn: 58107
2008-10-24 20:32:16 +00:00
e834fc1249
The Decl of an array region can be VarDecl or FieldDecl. Handle this in RegionStoreManager::ArrayToPointer().
...
llvm-svn: 58086
2008-10-24 09:06:51 +00:00
729518be3a
Implement struct initialization. Make it into a recursive function. Also make
...
the array initialization code into a function.
llvm-svn: 58083
2008-10-24 08:42:28 +00:00
1359e00f9c
Add printing method to RegionStoreManager.
...
llvm-svn: 58074
2008-10-24 06:01:33 +00:00
Ted Kremenek