Teach GRSimpleVals::EvalNE and GRSimplVals::EvalEQ about TypedRegionViews and

SymbolicRegions. This fixes a serious regression when checking symbolic pointers against null. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66444 91177308-0d34-0410-b5e6-96231b3b80d8
author: Ted Kremenek <kremenek@apple.com> 2009-03-09 20:35:15 +0000
committer: Ted Kremenek <kremenek@apple.com> 2009-03-09 20:35:15 +0000
commit: 214c6cb45d0682c67502cf4c78ae460b94fd4ed3 (patch)
tree: fe9b773aedf160546f5a08f385bbbf51324ff85a /lib/Analysis/GRSimpleVals.cpp
parent: 688a248e03f31312161db97e5e11a950b5b1369c (diff)
1 files changed, 41 insertions, 4 deletions
diff --git a/lib/Analysis/GRSimpleVals.cpp b/lib/Analysis/GRSimpleVals.cpp
index 90d9e57bfd..e2dde76e20 100644
--- a/lib/Analysis/GRSimpleVals.cpp
+++ b/lib/Analysis/GRSimpleVals.cpp
@@ -262,6 +262,17 @@ SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
 }
 
 // Pointer arithmetic.
+static Loc StripViews(Loc X) {
+  if (isa<loc::MemRegionVal>(X)) {
+    const SymbolicRegion *Region =
+      cast<loc::MemRegionVal>(X).getRegion()->getAs<SymbolicRegion>();
+    
+    if (Region)
+      return Loc::MakeVal(Region->getSymbol());
+  }
+  
+  return X;
+}
 
 SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
                              Loc L, NonLoc R) {  
@@ -274,7 +285,8 @@ SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
 SVal GRSimpleVals::EvalEQ(GRExprEngine& Eng, Loc L, Loc R) {
   
   BasicValueFactory& BasicVals = Eng.getBasicVals();
-  
+
+TryAgain:
   switch (L.getSubKind()) {
 
     default:
@@ -320,7 +332,20 @@ SVal GRSimpleVals::EvalEQ(GRExprEngine& Eng, Loc L, Loc R) {
       return UnknownVal();      
     }
       
-    case loc::MemRegionKind:
+    case loc::MemRegionKind: {
+      // See if 'L' and 'R' both wrap symbols.
+      Loc LTmp = StripViews(L);
+      Loc RTmp = StripViews(R);
+      
+      if (LTmp != L || RTmp != R) {
+        L = LTmp;
+        R = RTmp;
+        goto TryAgain;
+      }
+    }    
+    
+    // Fall-through.
+      
     case loc::FuncValKind:
     case loc::GotoLabelKind:
       return NonLoc::MakeIntTruthVal(BasicVals, L == R);
@@ -333,6 +358,7 @@ SVal GRSimpleVals::EvalNE(GRExprEngine& Eng, Loc L, Loc R) {
   
   BasicValueFactory& BasicVals = Eng.getBasicVals();
 
+TryAgain:
   switch (L.getSubKind()) {
 
     default:
@@ -357,7 +383,7 @@ SVal GRSimpleVals::EvalNE(GRExprEngine& Eng, Loc L, Loc R) {
       }
       
       break;
-      
+
     case loc::SymbolValKind: {
       if (isa<loc::ConcreteInt>(R)) {          
         const SymIntConstraint& C =
@@ -378,7 +404,18 @@ SVal GRSimpleVals::EvalNE(GRExprEngine& Eng, Loc L, Loc R) {
       break;
     }
       
-    case loc::MemRegionKind:
+    case loc::MemRegionKind: {
+      // See if 'L' and 'R' both wrap symbols.
+      Loc LTmp = StripViews(L);
+      Loc RTmp = StripViews(R);
+      
+      if (LTmp != L || RTmp != R) {
+        L = LTmp;
+        R = RTmp;
+        goto TryAgain;
+      }
+    }
+      
     case loc::FuncValKind:
     case loc::GotoLabelKind:
       return NonLoc::MakeIntTruthVal(BasicVals, L != R);
author	Ted Kremenek <kremenek@apple.com>	2009-03-09 20:35:15 +0000
committer	Ted Kremenek <kremenek@apple.com>	2009-03-09 20:35:15 +0000
commit	214c6cb45d0682c67502cf4c78ae460b94fd4ed3 (patch)
tree	fe9b773aedf160546f5a08f385bbbf51324ff85a /lib/Analysis/GRSimpleVals.cpp
parent	688a248e03f31312161db97e5e11a950b5b1369c (diff)