diff options
| author | Ted Kremenek <kremenek@apple.com> | 2008-12-17 19:42:34 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2008-12-17 19:42:34 +0000 |
| commit | 90b3236cbea10044c38ea40585dce8150236f1ca (patch) | |
| tree | b8d945b5fec794545f9450e750674ac423251340 /lib/Analysis/CFRefCount.cpp | |
| parent | 500d2ee83d407106d80920fb4325fa2e06fa61a5 (diff) | |
Fix <rdar://problem/6451816>:
- Because of the introduction of AnonTypedRegions when reasoning about casts, we
had a regression in the "symbolication" of variable values passed-by-reference
to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
blasting through the layer of AnonTypedRegions when symbolicating the value of
the variable. This logic may get moved elsewhere. Note that this change
affects only -checker-cfref and not -checker-simple; eventually this logic
should get pulled out of CFRefCount.cpp into a more common place. All users
use -checker-cfref by default, and -checker-simple should probably just be
removed.
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
a test case for this regression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61147 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/CFRefCount.cpp')
| -rw-r--r-- | lib/Analysis/CFRefCount.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/Analysis/CFRefCount.cpp b/lib/Analysis/CFRefCount.cpp index e044d1d789..c85d934ebb 100644 --- a/lib/Analysis/CFRefCount.cpp +++ b/lib/Analysis/CFRefCount.cpp @@ -1599,6 +1599,14 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst, } const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion()); + + // Blast through AnonTypedRegions to get the original region type. + while (R) { + const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R); + if (!ATR) break; + R = dyn_cast<TypedRegion>(ATR->getSuperRegion()); + } + if (R) { // Set the value of the variable to be a conjured symbol. unsigned Count = Builder.getCurrentBlockCount(); @@ -1609,7 +1617,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst, SymbolRef NewSym = Eng.getSymbolManager().getConjuredSymbol(*I, T, Count); - state = state.BindLoc(*MR, + state = state.BindLoc(Loc::MakeVal(R), Loc::IsLocType(T) ? cast<SVal>(loc::SymbolVal(NewSym)) : cast<SVal>(nonloc::SymbolVal(NewSym))); |