diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-09-27 20:45:21 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-09-27 20:45:21 +0000 |
| commit | 8780679b02bea5ab6360f3f8ebf3b221aaeda93f (patch) | |
| tree | c9a0f9eb4bc2acdfb1b1f347cd0d2f85deffe238 /lib/Analysis/GRExprEngine.cpp | |
| parent | 50755b0dcc81eed9dcf27abe9162527013f26bd4 (diff) | |
Fix:
<rdar://problem/6914474> checker doesn't realize that variable might
have been assigned if a pointer to that variable was passed to another
function via a structure
The problem here was the RegionStoreManager::InvalidateRegion didn't
invalidate the bindings of invalidated regions. This required a
rewrite of this method using a worklist.
As part of this fix, changed ValueManager::getConjuredSymbolVal() to
require a 'void*' SymbolTag argument. This tag is used to
differentiate two different symbols created at the same location.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82920 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/GRExprEngine.cpp')
| -rw-r--r-- | lib/Analysis/GRExprEngine.cpp | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp index 735949cd4a..dc39d8b041 100644 --- a/lib/Analysis/GRExprEngine.cpp +++ b/lib/Analysis/GRExprEngine.cpp @@ -2203,7 +2203,7 @@ void GRExprEngine::VisitDeclStmt(DeclStmt *DS, ExplodedNode *Pred, // UnknownVal. if (InitVal.isUnknown() || !getConstraintManager().canReasonAbout(InitVal)) { - InitVal = ValMgr.getConjuredSymbolVal(InitEx, Count); + InitVal = ValMgr.getConjuredSymbolVal(NULL, InitEx, Count); } state = state->bindDecl(VD, LC, InitVal); @@ -2608,7 +2608,8 @@ void GRExprEngine::VisitUnaryOperator(UnaryOperator* U, ExplodedNode* Pred, // Conjure a new symbol if necessary to recover precision. if (Result.isUnknown() || !getConstraintManager().canReasonAbout(Result)){ DefinedOrUnknownSVal SymVal = - ValMgr.getConjuredSymbolVal(Ex, Builder->getCurrentBlockCount()); + ValMgr.getConjuredSymbolVal(NULL, Ex, + Builder->getCurrentBlockCount()); Result = SymVal; // If the value is a location, ++/-- should always preserve @@ -2812,7 +2813,7 @@ void GRExprEngine::VisitBinaryOperator(BinaryOperator* B, && (Loc::IsLocType(T) || (T->isScalarType() && T->isIntegerType()))) { unsigned Count = Builder->getCurrentBlockCount(); - RightV = ValMgr.getConjuredSymbolVal(B->getRHS(), Count); + RightV = ValMgr.getConjuredSymbolVal(NULL, B->getRHS(), Count); } // Simulate the effects of a "store": bind the value of the RHS @@ -2936,7 +2937,7 @@ void GRExprEngine::VisitBinaryOperator(BinaryOperator* B, // The symbolic value is actually for the type of the left-hand side // expression, not the computation type, as this is the value the // LValue on the LHS will bind to. - LHSVal = ValMgr.getConjuredSymbolVal(B->getRHS(), LTy, Count); + LHSVal = ValMgr.getConjuredSymbolVal(NULL, B->getRHS(), LTy, Count); // However, we need to convert the symbol to the computation type. llvm::tie(state, Result) = SVator.EvalCast(LHSVal, state, CTy, LTy); |