diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-07-15 02:31:43 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-07-15 02:31:43 +0000 |
| commit | a6275a534da701f37d19a068e6361e5f10f983a1 (patch) | |
| tree | 93a060553f74507c52ba489ab9b0b2733b1704a7 /lib/Analysis/RegionStore.cpp | |
| parent | fb91c70e24e20f8704edf9bc5049ffbe7e234a38 (diff) | |
More test cases revealed that the logic in StoreManager::InvalidateRegion() needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
symbolic arrays that have been invalidated. This uses the new SymbolDerived
construct that was recently introduced.
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75730 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/RegionStore.cpp')
| -rw-r--r-- | lib/Analysis/RegionStore.cpp | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp index 4e83720f9f..b4eb4b8e19 100644 --- a/lib/Analysis/RegionStore.cpp +++ b/lib/Analysis/RegionStore.cpp @@ -781,6 +781,16 @@ SVal RegionStoreManager::EvalBinOp(const GRState *state, // Loading values from regions. //===----------------------------------------------------------------------===// +static bool IsReinterpreted(QualType RTy, QualType UsedTy, ASTContext &Ctx) { + RTy = Ctx.getCanonicalType(RTy); + UsedTy = Ctx.getCanonicalType(UsedTy); + + if (RTy == UsedTy) + return false; + + return !(Loc::IsLocType(RTy) && Loc::IsLocType(UsedTy)); +} + SVal RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { assert(!isa<UnknownVal>(L) && "location unknown"); @@ -805,13 +815,14 @@ SVal RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { if (isa<SymbolicRegion>(MR)) { ASTContext &Ctx = getContext(); SVal idx = ValMgr.makeIntVal(0, Ctx.IntTy); + assert(!T.isNull()); MR = MRMgr.getElementRegion(T, idx, MR, Ctx); } // FIXME: Perhaps this method should just take a 'const MemRegion*' argument // instead of 'Loc', and have the other Loc cases handled at a higher level. const TypedRegion *R = cast<TypedRegion>(MR); - assert(R && "bad region"); + QualType RTy = R->getValueType(getContext()); // FIXME: We should eventually handle funny addressing. e.g.: // @@ -822,7 +833,13 @@ SVal RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { // // Such funny addressing will occur due to layering of regions. - QualType RTy = R->getValueType(getContext()); + ASTContext &Ctx = getContext(); + if (!T.isNull() && IsReinterpreted(RTy, T, Ctx)) { + SVal idx = ValMgr.makeIntVal(0, Ctx.IntTy); + R = MRMgr.getElementRegion(T, idx, R, Ctx); + RTy = T; + assert(RTy == R->getValueType(Ctx)); + } if (RTy->isStructureType()) return RetrieveStruct(state, R); @@ -929,8 +946,11 @@ SVal RegionStoreManager::RetrieveElement(const GRState* state, } // Check if the super region has a binding. - if (B.lookup(superR)) { - // We do not extract the bit value from super region for now. + if (const SVal *V = B.lookup(superR)) { + if (SymbolRef parentSym = V->getAsSymbol()) + return ValMgr.getDerivedRegionValueSymbolVal(parentSym, R); + + // Other cases: give up. return UnknownVal(); } |