Introduce a new concept to the static analyzer: SValuator.

GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.

We now have one implementation of SValuator: SimpleSValuator.

SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.

As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74229 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 6 insertions, 10 deletions

diff --git a/lib/Analysis/CFRefCount.cpp b/lib/Analysis/CFRefCount.cpp
index 5e542a3c48..f4a28e0c19 100644
--- a/lib/Analysis/CFRefCount.cpp
+++ b/lib/Analysis/CFRefCount.cpp
@@ -12,7 +12,6 @@
 //
 //===----------------------------------------------------------------------===//
 
-#include "GRSimpleVals.h"
 #include "clang/Basic/LangOptions.h"
 #include "clang/Basic/SourceManager.h"
 #include "clang/Analysis/PathSensitive/GRExprEngineBuilders.h"
@@ -22,6 +21,7 @@
 #include "clang/Analysis/PathDiagnostic.h"
 #include "clang/Analysis/PathSensitive/BugReporter.h"
 #include "clang/Analysis/PathSensitive/SymbolManager.h"
+#include "clang/Analysis/PathSensitive/GRTransferFuncs.h"
 #include "clang/AST/DeclObjC.h"   
 #include "llvm/ADT/DenseMap.h"
 #include "llvm/ADT/FoldingSet.h"
@@ -1826,7 +1826,7 @@ static const GRState * SendAutorelease(const GRState *state,
 
 namespace {
   
-class VISIBILITY_HIDDEN CFRefCount : public GRSimpleVals {
+class VISIBILITY_HIDDEN CFRefCount : public GRTransferFuncs {
 public:
   class BindingsPrinter : public GRState::Printer {
   public:
@@ -2789,10 +2789,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst,
         if (Summ.getArg(idx) == DoNothingByRef)
           continue;
         
-        // Invalidate the value of the variable passed by reference.
-        
-        // FIXME: Either this logic should also be replicated in GRSimpleVals
-        //  or should be pulled into a separate "constraint engine."
+        // Invalidate the value of the variable passed by reference.        
         
         // FIXME: We can have collisions on the conjured symbol if the
         //  expression *I also creates conjured symbols.  We probably want
@@ -2941,11 +2938,10 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst,
     default:
       assert (false && "Unhandled RetEffect."); break;
       
-    case RetEffect::NoRet: {
-      
+    case RetEffect::NoRet: {      
       // Make up a symbol for the return value (not reference counted).
-      // FIXME: This is basically copy-and-paste from GRSimpleVals.  We 
-      //  should compose behavior, not copy it.
+      // FIXME: Most of this logic is not specific to the retain/release
+      // checker.
       
       // FIXME: We eventually should handle structs and other compound types
       // that are returned by value.