Add a type (ObjCObjectPointerType) and remove a type (ObjCQualifiedIdType).
This large/tedious patch is just a first step. Next step is to remove ObjCQualifiedInterfaceType. After that, I will remove the magic TypedefType for 'id' (installed by Sema). This work will enable various simplifications throughout clang (when dealing with ObjC types).
No functionality change.
llvm-svn: 73649
GRState object has a direct reference to its GRStateManager, making
the functionality of GRStateRef redunandant. This will lead to some
nice API cleanup and code shrinking across libAnalysis.
llvm-svn: 73644
- Add "sections" to RegionStoreManager.cpp to delineate functionality.
- Add new function "CreateFieldsOnlyRegionStoreManager" that uses the new
RegionStoreFeatures class to use a reduced set of features from
RegionStoreManager (in this case, only field-sensitivity). This isn't
completely hooked up yet.
llvm-svn: 73572
RegionStore needs to know the type of alloca region.
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
element region, as what is done to symbolic region.
llvm-svn: 72164
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.
Also fix some 80 columns violations.
llvm-svn: 71548
Modify getLValueElement accordingly. Now we don't require base region
to be a typed region. Do not create TypedViewRegion when base region is
symbolic or alloca region. We can do so because each element region has
its type information.
llvm-svn: 71355
- add a static function getTypeWidth(), which computes the width of a type
with the help of TargetInfo.
- no-outofbounds.c now passes for region store.
llvm-svn: 71080
ElementRegion. I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.
This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
'Line 159: Uninitialized or undefined return value returned to caller.'
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.
Zhongxing: When you get a chance, could you review this? I could have
easily screwed up something basic in RegionStoreManager.
llvm-svn: 70830
into StoreManager::CastRegion. Both methods were practically identical, and this
is core logic that is common to all StoreManagers since it defines the basic
invariants of the abstract memory model.
llvm-svn: 69730
when creating symbolic values, we distinguish between location and non-location
values. For location values, we create a symbolic region instead of a
loc::SymbolVal.
llvm-svn: 68373
Zhongxing and I discussed by email.
Main changes:
- Removed SymIntConstraintVal and SymIntConstraint
- Added SymExpr as a parent class to SymbolData, SymSymExpr, SymIntExpr
- Added nonloc::SymExprVal to wrap SymExpr
- SymbolRef is now just a typedef of 'const SymbolData*'
- Bunch of minor code cleanups in how some methods were invoked (no functionality change)
This changes are part of a long-term plan to have full symbolic expression
trees. This will be useful for lazily evaluating complicated expressions.
llvm-svn: 67731
offset may be different that the base. Ultimately we need a better solution for
these issues, but this point-by-point fixes are gradually outlining the scope of
the problem.
llvm-svn: 66638
analyzer for array subscript expressions involving bases that are vectors. This
solution is probably a hack: it gets the lvalue of the vector instead of an
rvalue like all other types. This should be reviewed (big FIXME in
GRExprEngine).
llvm-svn: 65366
for FieldRegion. This enables us to track more values.
Simplify SymbolicRegion::getRValueType(). We assume the symbol always has
pointer type.
llvm-svn: 63928
do the symblic regions associated with them and we need them to be typed.
Current SymbolicRegion::getRValueType() method is very restricting. It may be
modified when we are more clear about what could be the types of symblic
regions.
BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a
subclass of SubRegion.
llvm-svn: 63844
- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
ASTContext for the size (in bits) of 'int'. While it worked, it was a
conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
type "ConstantArray", and handles the case when uses use ordinary variables
as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
"array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>
llvm-svn: 63347
their associated APIs. We no longer need separate SymbolData objects
for fields, variables, etc. Instead, we now associated symbols with
the "rvalue" of a MemRegion (i.e., the value stored at that region).
Now we only have two kinds of SymbolData objects: SymbolRegionRValue
and SymbolConjured.
This cleanup also makes the distinction between a SymbolicRegion and a
symbolic value that is a location much clearer. A SymbolicRegion
represents a chunk of symbolic memory, while a symbolic location is
just a "pointer" with different possible values. Without any specific
knowledge, a symbolic location resolves (i.e., via a dereference) to a
SymbolicRegion. In the future, when we do better alias reasoning, a
symbolic location can become an alias for another location, thus
merging the constraints on the referred SymbolicRegion with the other
region.
llvm-svn: 62769
Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings).
llvm-svn: 62667
* Now Bind() methods take and return GRState* because binding could
also alter GDM.
* No variables are initialized except those declared with initial
values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.
llvm-svn: 61274
- Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts.
StoreManager:
- Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().
AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion.
GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.
Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.
llvm-svn: 60995
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored.
MemRegion:
- Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design.
BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion.
RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.
llvm-svn: 60990
and separates lexical name lookup from qualified name lookup. In
particular:
* Make DeclContext the central data structure for storing and
looking up declarations within existing declarations, e.g., members
of structs/unions/classes, enumerators in C++0x enums, members of
C++ namespaces, and (later) members of Objective-C
interfaces/implementations. DeclContext uses a lazily-constructed
data structure optimized for fast lookup (array for small contexts,
hash table for larger contexts).
* Implement C++ qualified name lookup in terms of lookup into
DeclContext.
* Implement C++ unqualified name lookup in terms of
qualified+unqualified name lookup (since unqualified lookup is not
purely lexical in C++!)
* Limit the use of the chains of declarations stored in
IdentifierInfo to those names declared lexically.
* Eliminate CXXFieldDecl, collapsing its behavior into
FieldDecl. (FieldDecl is now a ScopedDecl).
* Make RecordDecl into a DeclContext and eliminates its
Members/NumMembers fields (since one can just iterate through the
DeclContext to get the fields).
llvm-svn: 60878
When initialized, the index of the ElementRegion was unsigned. But the index
value of the ArraySubscriptExpr is signed. This inconsistency caused the value
of the array element retrieved to be UnknownVal despite it was initialized to
symbolic.
This is only a hack. Real fix of this problem is required.
llvm-svn: 60207
One design problem that is emerging is the signed-ness problem during static
analysis. Many unsigned value have to be converted into signed value because
it partipates in operations with signed values.
On the other hand, we cannot blindly make all values occuring in static analysis
signed, because we do have cases where unsignedness is required, for example,
integer overflow detection.
llvm-svn: 59957
- RegionView and RegionViewMap is introduced to assist back-mapping from
super region to subregions.
- GDM is used to carry RegionView information.
- AnonTypedRegion is added to represent a typed region introduced by pointer
casting. Later AnonTypedRegion can be used in other similar cases, e.g.,
malloc()'ed region.
- The specific conversion is delegated to store manager.
llvm-svn: 59382
sets the whole struct to Unknown. Then we cannot assume the V passed to
BindStruct() is always a CompoundVal. When it is an UnknownVal, we call
BindStructToVal(UnknownVal).
2. Change the signature of InitializeStructToUndefined() to BindStructToVal()
to reuse the code.
llvm-svn: 58564
Ted Kremenek