GRExprEngine::VisitCast() so that other parts of the analyzer can be ignorant.
When we cast "array of type T" to "pointer to T", we get the loc::MemRegionVal
corresponding to the array variable. This is sufficient for BasicStore, but not
for RegionStore. RegionStore should get the element region for the first array
element in the cast. So next comes to the revamping of transfer functions for
different store model.
llvm-svn: 57897
- Added new region "SymbolicRegion", which maps symbol values to the region domain.
- Enhanced BasicStore::getFieldLValue() to return a FieldRegion (using SymbolicRegion)
- Added some utility methods to GRState for fetch svals from the store.
- Fixed regression in CheckNSError (we weren't getting the value bound to the parameter)
llvm-svn: 57717
struct s {};
void f() {
int a[10];
int (*p)[10];
p = &a;
(*p)[3] =1;
struct s d;
struct s *q;
q = &d;
}
We return the corresponding MemRegionVal for them.
llvm-svn: 57664
Remove GRExprEngine::getLVal and RValues::MakeVal.
Enhance StoreManager "GetLValue" methods to dispatch for specific kinds of lvalue queries, as opposed to interogating the expression tree (GRExprEngine already does this).
Added FIXMEs. In particular, we no longer "assume" that a base pointer in a field/array access is null (this logic was removed). Perhaps we should do this when fetching the lvalue for fields and array elements?
llvm-svn: 57657
new VisitLValue method is added to replace the old VisitLVal. The semantics
model becomes more explicit to separate rvalue evaluation from lvalue
evaluation.
llvm-svn: 57627
This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h. This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses. This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.
The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls. In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal. Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.
There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.
The memory region abstraction also allows type-information to literally be affixed to a memory region. This will allow the some now redundant logic to be removed from the retain/release checker.
llvm-svn: 57042
Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.
llvm-svn: 56894
Changed casing of many bug names. The convention will be to have bug names (mostly) lower cased, and categories use some capitalization.
llvm-svn: 56385
GRExprEngine:
Use PostStore in EvalStore.
Use a second version of EvalStore in EvalBinaryOperator to associate the store with the expression on the LHS.
llvm-svn: 56383
For checking if a symbol >= value, we need to check if symbol == value || symbol
> value. When checking symbol > value and we know that symbol != value, the path
is infeasible only if value == maximum integer.
For checking if a symbol <= value, we need to check if symbol == value || symbol
< value. When checking symbol < value and we know that symbol != value, the path
is infeasible only if value == minimum integer.
Updated test case exercising this logic: we only prune paths if the values are
unsigned.
llvm-svn: 56354
'symbol operator-reverse int'. This patch is a combination of code from
Zhongxing Xu and myself (Zhongxing noticed this bug for the cases of
relational operators).
llvm-svn: 56351
"Method accepting NSError** argument should have non-void return value to indicate that an error occurred."
Test case written, but the header needs to be delta-debugged reduced. Will commit shortly.
llvm-svn: 56297
motivated because it became clear that the number of subclasses of ProgramPoint
would expand and we ran out of bits to represent a pointer variant. As a plus of
this change, BlockEdge program points can now be represented explicitly without
using a cache of CFGBlock* pairs in CFG.
llvm-svn: 56245
- Change definition of store::Region and store::Binding (once again) to make
them real classes that just wrap pointers. This makes them more strictly
typed, and allows specific implementations of Regions/Bindings to just
subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments
StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'
BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager
llvm-svn: 55688
Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).
llvm-svn: 55522
Their precise semantics will be implemented by a specific StoreManager.
Use function pointer to create the StoreManager in GRStateManager. This matches how we create ConstraintsManager.
llvm-svn: 55514
Ted Kremenek