diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-05-01 19:22:20 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-05-01 19:22:20 +0000 |
| commit | a8607d13c8df25a8c10d46db016d26f9e327418d (patch) | |
| tree | 175a09409d1429e21102da691cbf9af54a0d6114 /lib/Analysis/Store.cpp | |
| parent | d91719abc2f06304aed05ff4c804b38967d99782 (diff) | |
StoreManager::CastRegion:
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70565 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/Store.cpp')
| -rw-r--r-- | lib/Analysis/Store.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp index 6464c57df0..65e90dec33 100644 --- a/lib/Analysis/Store.cpp +++ b/lib/Analysis/Store.cpp @@ -59,9 +59,15 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R, return CastResult(state, R); } - // FIXME: We don't want to layer region views. Need to handle - // arbitrary downcasts. + // FIXME: Need to handle arbitrary downcasts. + // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion + // or an AllocaRegion is cast to another view, thus causing the memory + // to be re-used for a different purpose. - const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R); - return CastResult(AddRegionView(state, ViewR, R), ViewR); + if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) { + const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R); + return CastResult(AddRegionView(state, ViewR, R), ViewR); + } + + return CastResult(state, R); } |