aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Kremenek <kremenek@apple.com>2009-09-22 04:48:39 +0000
committerTed Kremenek <kremenek@apple.com>2009-09-22 04:48:39 +0000
commitcc969fd8360e315a0244a1192ddaedcd751fc7a7 (patch)
treea54e9a8d35546b51708f7c99409bd6f3f8ce3fc9
parent718bb483a4bd39f08a1ab45db624c6089919b57d (diff)
Fix: <rdar://problem/7242015> [RegionStore] variable passed-by-reference (via integer) to function call not invalidated
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82523 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r--lib/Analysis/CFRefCount.cpp17
-rw-r--r--test/Analysis/misc-ps.m11
2 files changed, 20 insertions, 8 deletions
diff --git a/lib/Analysis/CFRefCount.cpp b/lib/Analysis/CFRefCount.cpp
index 81ebccb76a..970646f764 100644
--- a/lib/Analysis/CFRefCount.cpp
+++ b/lib/Analysis/CFRefCount.cpp
@@ -2786,6 +2786,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst,
continue;
}
+ tryAgain:
if (isa<Loc>(V)) {
if (loc::MemRegionVal* MR = dyn_cast<loc::MemRegionVal>(&V)) {
if (Summ.getArg(idx) == DoNothingByRef)
@@ -2837,17 +2838,17 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst,
}
else {
// Nuke all other arguments passed by reference.
- // FIXME: is this necessary or correct? unbind only removes the binding.
- // We should bind it to UnknownVal explicitly. Otherwise default value
- // may be loaded.
+ // FIXME: is this necessary or correct? This handles the non-Region
+ // cases. Is it ever valid to store to these?
state = state->unbindLoc(cast<Loc>(V));
}
}
- else if (isa<nonloc::LocAsInteger>(V))
- // FIXME: is this necessary or correct? unbind only removes the binding.
- // We should bind it to UnknownVal explicitly. Otherwise default value
- // may be loaded.
- state = state->unbindLoc(cast<nonloc::LocAsInteger>(V).getLoc());
+ else if (isa<nonloc::LocAsInteger>(V)) {
+ // If we are passing a location wrapped as an integer, unwrap it and
+ // invalidate the values referred by the location.
+ V = cast<nonloc::LocAsInteger>(V).getLoc();
+ goto tryAgain;
+ }
}
// Evaluate the effect on the message receiver.
diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m
index f05ec95643..c7074d153c 100644
--- a/test/Analysis/misc-ps.m
+++ b/test/Analysis/misc-ps.m
@@ -632,3 +632,14 @@ double rdar_6829164_2();
return self;
}
@end
+
+// <rdar://problem/7242015> - Invalidate values passed-by-reference
+// to functions when the pointer to the value is passed as an integer.
+void test_7242015_aux(unsigned long);
+int rdar_7242015() {
+ int x;
+ test_7242015_aux((unsigned long) &x); // no-warning
+ return x; // Previously we return and uninitialized value when
+ // using RegionStore.
+}
+