diff options
| author | Zhongxing Xu <xuzhongxing@gmail.com> | 2009-12-11 03:09:01 +0000 |
|---|---|---|
| committer | Zhongxing Xu <xuzhongxing@gmail.com> | 2009-12-11 03:09:01 +0000 |
| commit | a49c6b7da5684e061612de70b62fe892b67f35c4 (patch) | |
| tree | 0fa7786d5cbd0c9cdfccd9c53d8d227076f23aa2 /lib/Analysis/MallocChecker.cpp | |
| parent | a970c57771c362c78925e9a9740a02bbf7d4b921 (diff) | |
Completely evaluate malloc/free in MallocChecker.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91100 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/MallocChecker.cpp')
| -rw-r--r-- | lib/Analysis/MallocChecker.cpp | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/lib/Analysis/MallocChecker.cpp b/lib/Analysis/MallocChecker.cpp index 6fd43c11db..f514f7ce1a 100644 --- a/lib/Analysis/MallocChecker.cpp +++ b/lib/Analysis/MallocChecker.cpp @@ -58,7 +58,7 @@ class MallocChecker : public CheckerVisitor<MallocChecker> { public: MallocChecker() : BT_DoubleFree(0), BT_Leak(0), II_malloc(0), II_free(0) {} static void *getTag(); - void PostVisitCallExpr(CheckerContext &C, const CallExpr *CE); + bool EvalCallExpr(CheckerContext &C, const CallExpr *CE); void EvalDeadSymbols(CheckerContext &C,const Stmt *S,SymbolReaper &SymReaper); void EvalEndPath(GREndPathNodeBuilder &B, void *tag, GRExprEngine &Eng); void PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *S); @@ -85,10 +85,14 @@ void *MallocChecker::getTag() { return &x; } -void MallocChecker::PostVisitCallExpr(CheckerContext &C, const CallExpr *CE) { - const FunctionDecl *FD = CE->getDirectCallee(); +bool MallocChecker::EvalCallExpr(CheckerContext &C, const CallExpr *CE) { + const GRState *state = C.getState(); + const Expr *Callee = CE->getCallee(); + SVal L = state->getSVal(Callee); + + const FunctionDecl *FD = L.getAsFunctionDecl(); if (!FD) - return; + return false; ASTContext &Ctx = C.getASTContext(); if (!II_malloc) @@ -98,19 +102,27 @@ void MallocChecker::PostVisitCallExpr(CheckerContext &C, const CallExpr *CE) { if (FD->getIdentifier() == II_malloc) { MallocMem(C, CE); - return; + return true; } if (FD->getIdentifier() == II_free) { FreeMem(C, CE); - return; + return true; } + + return false; } void MallocChecker::MallocMem(CheckerContext &C, const CallExpr *CE) { + unsigned Count = C.getNodeBuilder().getCurrentBlockCount(); + ValueManager &ValMgr = C.getValueManager(); + + SVal RetVal = ValMgr.getConjuredSymbolVal(NULL, CE, CE->getType(), Count); + const GRState *state = C.getState(); - SVal CallVal = state->getSVal(CE); - SymbolRef Sym = CallVal.getAsLocSymbol(); + state = state->BindExpr(CE, RetVal); + + SymbolRef Sym = RetVal.getAsLocSymbol(); assert(Sym); // Set the symbol's state to Allocated. C.addTransition(state->set<RegionState>(Sym, RefState::getAllocated(CE))); |