diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-09-24 04:11:44 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-09-24 04:11:44 +0000 |
| commit | 0954cdec4b13f1b3fd4c8711e02ded914968000b (patch) | |
| tree | 02b3c476c3b057749860b3667bcf8797c433d573 /lib/Analysis/RegionStore.cpp | |
| parent | 1345bd2b093e78620c32f5148b1279ed290188e8 (diff) | |
Fix: <rdar://problem/7249340> [RegionStore] model stores to symbolic parameter regions
The issue was a discrepancy between how RegionStoreManager::Bind() and
RegionStoreManager::Retrieve() derived the "key" for the first element
of a symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82680 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/RegionStore.cpp')
| -rw-r--r-- | lib/Analysis/RegionStore.cpp | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp index b54fa272a0..31f52a55b3 100644 --- a/lib/Analysis/RegionStore.cpp +++ b/lib/Analysis/RegionStore.cpp @@ -315,6 +315,9 @@ public: const GRState *state, const TypedRegion *R); + const ElementRegion *GetElementZeroRegion(const SymbolicRegion *SR, + QualType T); + //===------------------------------------------------------------------===// // State pruning. //===------------------------------------------------------------------===// @@ -857,6 +860,16 @@ static bool IsReinterpreted(QualType RTy, QualType UsedTy, ASTContext &Ctx) { return true; } +const ElementRegion * +RegionStoreManager::GetElementZeroRegion(const SymbolicRegion *SR, QualType T) { + ASTContext &Ctx = getContext(); + SVal idx = ValMgr.makeZeroArrayIndex(); + assert(!T.isNull()); + return MRMgr.getElementRegion(T, idx, SR, Ctx); +} + + + SValuator::CastResult RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { @@ -879,12 +892,8 @@ RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { if (isa<AllocaRegion>(MR)) return SValuator::CastResult(state, UnknownVal()); - if (isa<SymbolicRegion>(MR)) { - ASTContext &Ctx = getContext(); - SVal idx = ValMgr.makeZeroArrayIndex(); - assert(!T.isNull()); - MR = MRMgr.getElementRegion(T, idx, MR, Ctx); - } + if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(MR)) + MR = GetElementZeroRegion(SR, T); if (isa<CodeTextRegion>(MR)) return SValuator::CastResult(state, UnknownVal()); @@ -1309,6 +1318,13 @@ const GRState *RegionStoreManager::Bind(const GRState *state, Loc L, SVal V) { } } } + else if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R)) { + // Binding directly to a symbolic region should be treated as binding + // to element 0. + QualType T = SR->getSymbol()->getType(getContext()); + T = cast<PointerType>(T)->getPointeeType(); + R = GetElementZeroRegion(SR, T); + } // Perform the binding. RegionBindings B = GetRegionBindings(state->getStore()); |