diff options
author | Ted Kremenek <kremenek@apple.com> | 2009-09-22 04:48:39 +0000 |
---|---|---|
committer | Ted Kremenek <kremenek@apple.com> | 2009-09-22 04:48:39 +0000 |
commit | cc969fd8360e315a0244a1192ddaedcd751fc7a7 (patch) | |
tree | a54e9a8d35546b51708f7c99409bd6f3f8ce3fc9 | |
parent | 718bb483a4bd39f08a1ab45db624c6089919b57d (diff) |
Fix: <rdar://problem/7242015> [RegionStore] variable passed-by-reference (via integer) to function call not invalidated
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82523 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/Analysis/CFRefCount.cpp | 17 | ||||
-rw-r--r-- | test/Analysis/misc-ps.m | 11 |
2 files changed, 20 insertions, 8 deletions
diff --git a/lib/Analysis/CFRefCount.cpp b/lib/Analysis/CFRefCount.cpp index 81ebccb76a..970646f764 100644 --- a/lib/Analysis/CFRefCount.cpp +++ b/lib/Analysis/CFRefCount.cpp @@ -2786,6 +2786,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, continue; } + tryAgain: if (isa<Loc>(V)) { if (loc::MemRegionVal* MR = dyn_cast<loc::MemRegionVal>(&V)) { if (Summ.getArg(idx) == DoNothingByRef) @@ -2837,17 +2838,17 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, } else { // Nuke all other arguments passed by reference. - // FIXME: is this necessary or correct? unbind only removes the binding. - // We should bind it to UnknownVal explicitly. Otherwise default value - // may be loaded. + // FIXME: is this necessary or correct? This handles the non-Region + // cases. Is it ever valid to store to these? state = state->unbindLoc(cast<Loc>(V)); } } - else if (isa<nonloc::LocAsInteger>(V)) - // FIXME: is this necessary or correct? unbind only removes the binding. - // We should bind it to UnknownVal explicitly. Otherwise default value - // may be loaded. - state = state->unbindLoc(cast<nonloc::LocAsInteger>(V).getLoc()); + else if (isa<nonloc::LocAsInteger>(V)) { + // If we are passing a location wrapped as an integer, unwrap it and + // invalidate the values referred by the location. + V = cast<nonloc::LocAsInteger>(V).getLoc(); + goto tryAgain; + } } // Evaluate the effect on the message receiver. diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m index f05ec95643..c7074d153c 100644 --- a/test/Analysis/misc-ps.m +++ b/test/Analysis/misc-ps.m @@ -632,3 +632,14 @@ double rdar_6829164_2(); return self; } @end + +// <rdar://problem/7242015> - Invalidate values passed-by-reference +// to functions when the pointer to the value is passed as an integer. +void test_7242015_aux(unsigned long); +int rdar_7242015() { + int x; + test_7242015_aux((unsigned long) &x); // no-warning + return x; // Previously we return and uninitialized value when + // using RegionStore. +} + |