aboutsummaryrefslogtreecommitdiff
path: root/lib/Checker
diff options
context:
space:
mode:
authorTed Kremenek <kremenek@apple.com>2010-12-02 07:49:45 +0000
committerTed Kremenek <kremenek@apple.com>2010-12-02 07:49:45 +0000
commitc8413fd03f73084a5c93028f8b4db619fc388087 (patch)
tree0815a7cb0b9c477e280a91e4c89713488e43f7f2 /lib/Checker
parent0608f53744ccf88c4d21d6b500f6d23927533ac9 (diff)
Merge ValueManager into SValBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120696 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Checker')
-rw-r--r--lib/Checker/BasicObjCFoundationChecks.cpp7
-rw-r--r--lib/Checker/BasicStore.cpp28
-rw-r--r--lib/Checker/BuiltinFunctionChecker.cpp10
-rw-r--r--lib/Checker/CFRefCount.cpp22
-rw-r--r--lib/Checker/CMakeLists.txt1
-rw-r--r--lib/Checker/CStringChecker.cpp275
-rw-r--r--lib/Checker/CallAndMessageChecker.cpp16
-rw-r--r--lib/Checker/CastSizeChecker.cpp27
-rw-r--r--lib/Checker/Environment.cpp35
-rw-r--r--lib/Checker/FlatStore.cpp4
-rw-r--r--lib/Checker/GRCXXExprEngine.cpp16
-rw-r--r--lib/Checker/GRExprEngine.cpp63
-rw-r--r--lib/Checker/GRState.cpp29
-rw-r--r--lib/Checker/MallocChecker.cpp82
-rw-r--r--lib/Checker/MemRegion.cpp28
-rw-r--r--lib/Checker/OSAtomicChecker.cpp4
-rw-r--r--lib/Checker/RegionStore.cpp91
-rw-r--r--lib/Checker/SValBuilder.cpp154
-rw-r--r--lib/Checker/SVals.cpp13
-rw-r--r--lib/Checker/SimpleSValBuilder.cpp150
-rw-r--r--lib/Checker/Store.cpp22
-rw-r--r--lib/Checker/StreamChecker.cpp6
-rw-r--r--lib/Checker/UndefCapturedBlockVarChecker.cpp2
-rw-r--r--lib/Checker/UnixAPIChecker.cpp2
-rw-r--r--lib/Checker/VLASizeChecker.cpp20
-rw-r--r--lib/Checker/ValueManager.cpp162
26 files changed, 601 insertions, 668 deletions
diff --git a/lib/Checker/BasicObjCFoundationChecks.cpp b/lib/Checker/BasicObjCFoundationChecks.cpp
index 1e48b1ad44..c7e6a4cde2 100644
--- a/lib/Checker/BasicObjCFoundationChecks.cpp
+++ b/lib/Checker/BasicObjCFoundationChecks.cpp
@@ -409,12 +409,11 @@ void CFRetainReleaseChecker::PreVisitCallExpr(CheckerContext& C,
return;
// Get a NULL value.
- ValueManager &ValMgr = C.getValueManager();
- DefinedSVal Zero = cast<DefinedSVal>(ValMgr.makeZeroVal(Arg->getType()));
+ SValBuilder &svalBuilder = C.getSValBuilder();
+ DefinedSVal zero = cast<DefinedSVal>(svalBuilder.makeZeroVal(Arg->getType()));
// Make an expression asserting that they're equal.
- SValBuilder &svalBuilder = ValMgr.getSValBuilder();
- DefinedOrUnknownSVal ArgIsNull = svalBuilder.evalEQ(state, Zero, *DefArgVal);
+ DefinedOrUnknownSVal ArgIsNull = svalBuilder.evalEQ(state, zero, *DefArgVal);
// Are they equal?
const GRState *stateTrue, *stateFalse;
diff --git a/lib/Checker/BasicStore.cpp b/lib/Checker/BasicStore.cpp
index 4fb0387ed5..bf6eedc578 100644
--- a/lib/Checker/BasicStore.cpp
+++ b/lib/Checker/BasicStore.cpp
@@ -150,10 +150,10 @@ SVal BasicStoreManager::LazyRetrieve(Store store, const TypedRegion *R) {
// FIXME: Copy-and-pasted from RegionStore.cpp.
if (BindingsTy::data_type *Val = B.lookup(MS)) {
if (SymbolRef parentSym = Val->getAsSymbol())
- return ValMgr.getDerivedRegionValueSymbolVal(parentSym, R);
+ return svalBuilder.getDerivedRegionValueSymbolVal(parentSym, R);
if (Val->isZeroConstant())
- return ValMgr.makeZeroVal(T);
+ return svalBuilder.makeZeroVal(T);
if (Val->isUnknownOrUndef())
return *Val;
@@ -164,7 +164,7 @@ SVal BasicStoreManager::LazyRetrieve(Store store, const TypedRegion *R) {
if (VR->hasGlobalsOrParametersStorage() ||
isa<UnknownSpaceRegion>(VR->getMemorySpace()))
- return ValMgr.getRegionValueSymbolVal(R);
+ return svalBuilder.getRegionValueSymbolVal(R);
return UndefinedVal();
}
@@ -349,7 +349,7 @@ Store BasicStoreManager::RemoveDeadBindings(Store store,
const MemRegion* R = I.getKey();
if (!Marked.count(R)) {
- store = Remove(store, ValMgr.makeLoc(R));
+ store = Remove(store, svalBuilder.makeLoc(R));
SVal X = I.getData();
for (symbol_iterator SI=X.symbol_begin(), SE=X.symbol_end(); SI!=SE; ++SI)
@@ -376,8 +376,8 @@ Store BasicStoreManager::scanForIvars(Stmt *B, const Decl* SelfDecl,
if (DR->getDecl() == SelfDecl) {
const ObjCIvarRegion *IVR = MRMgr.getObjCIvarRegion(IV->getDecl(),
SelfRegion);
- SVal X = ValMgr.getRegionValueSymbolVal(IVR);
- St = Bind(St, ValMgr.makeLoc(IVR), X);
+ SVal X = svalBuilder.getRegionValueSymbolVal(IVR);
+ St = Bind(St, svalBuilder.makeLoc(IVR), X);
}
}
}
@@ -408,9 +408,9 @@ Store BasicStoreManager::getInitialStore(const LocationContext *InitLoc) {
// SelfRegion? (i.e., it implements MD->getClassInterface()).
const VarRegion *VR = MRMgr.getVarRegion(PD, InitLoc);
const MemRegion *SelfRegion =
- ValMgr.getRegionValueSymbolVal(VR).getAsRegion();
+ svalBuilder.getRegionValueSymbolVal(VR).getAsRegion();
assert(SelfRegion);
- St = Bind(St, ValMgr.makeLoc(VR), loc::MemRegionVal(SelfRegion));
+ St = Bind(St, svalBuilder.makeLoc(VR), loc::MemRegionVal(SelfRegion));
// Scan the method for ivar references. While this requires an
// entire AST scan, the cost should not be high in practice.
St = scanForIvars(MD->getBody(), PD, SelfRegion, St);
@@ -422,10 +422,10 @@ Store BasicStoreManager::getInitialStore(const LocationContext *InitLoc) {
if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(InitLoc->getDecl())) {
// For C++ methods add symbolic region for 'this' in initial stack frame.
QualType ThisT = MD->getThisType(StateMgr.getContext());
- MemRegionManager &RegMgr = ValMgr.getRegionManager();
+ MemRegionManager &RegMgr = svalBuilder.getRegionManager();
const CXXThisRegion *ThisR = RegMgr.getCXXThisRegion(ThisT, InitLoc);
- SVal ThisV = ValMgr.getRegionValueSymbolVal(ThisR);
- St = Bind(St, ValMgr.makeLoc(ThisR), ThisV);
+ SVal ThisV = svalBuilder.getRegionValueSymbolVal(ThisR);
+ St = Bind(St, svalBuilder.makeLoc(ThisR), ThisV);
}
return St;
@@ -477,7 +477,7 @@ Store BasicStoreManager::BindDeclInternal(Store store, const VarRegion* VR,
QualType T = VD->getType();
// BasicStore only supports scalars.
if ((T->isScalarType() || T->isReferenceType()) &&
- ValMgr.getSymbolManager().canSymbolicate(T)) {
+ svalBuilder.getSymbolManager().canSymbolicate(T)) {
SVal V = InitVal ? *InitVal : UndefinedVal();
store = Bind(store, loc::MemRegionVal(VR), V);
}
@@ -555,7 +555,7 @@ Store BasicStoreManager::InvalidateRegions(Store store,
// use to derive the bindings for all non-static globals.
const GlobalsSpaceRegion *GS = MRMgr.getGlobalsRegion();
SVal V =
- ValMgr.getConjuredSymbolVal(/* SymbolTag = */ (void*) GS, E,
+ svalBuilder.getConjuredSymbolVal(/* SymbolTag = */ (void*) GS, E,
/* symbol type, doesn't matter */ Ctx.IntTy,
Count);
@@ -587,7 +587,7 @@ Store BasicStoreManager::InvalidateRegion(Store store,
}
QualType T = cast<TypedRegion>(R)->getValueType();
- SVal V = ValMgr.getConjuredSymbolVal(R, E, T, Count);
+ SVal V = svalBuilder.getConjuredSymbolVal(R, E, T, Count);
return Bind(store, loc::MemRegionVal(R), V);
}
diff --git a/lib/Checker/BuiltinFunctionChecker.cpp b/lib/Checker/BuiltinFunctionChecker.cpp
index 13875732ef..1a3e401959 100644
--- a/lib/Checker/BuiltinFunctionChecker.cpp
+++ b/lib/Checker/BuiltinFunctionChecker.cpp
@@ -67,13 +67,11 @@ bool BuiltinFunctionChecker::evalCallExpr(CheckerContext &C,const CallExpr *CE){
DefinedOrUnknownSVal Size =
cast<DefinedOrUnknownSVal>(state->getSVal(*(CE->arg_begin())));
- ValueManager& ValMgr = C.getValueManager();
- DefinedOrUnknownSVal Extent = R->getExtent(ValMgr);
-
- SValBuilder& svalBuilder = ValMgr.getSValBuilder();
- DefinedOrUnknownSVal ExtentMatchesSizeArg =
+ SValBuilder& svalBuilder = C.getSValBuilder();
+ DefinedOrUnknownSVal Extent = R->getExtent(svalBuilder);
+ DefinedOrUnknownSVal extentMatchesSizeArg =
svalBuilder.evalEQ(state, Extent, Size);
- state = state->assume(ExtentMatchesSizeArg, true);
+ state = state->assume(extentMatchesSizeArg, true);
C.GenerateNode(state->BindExpr(CE, loc::MemRegionVal(R)));
return true;
diff --git a/lib/Checker/CFRefCount.cpp b/lib/Checker/CFRefCount.cpp
index 0be30b61db..3e5245741f 100644
--- a/lib/Checker/CFRefCount.cpp
+++ b/lib/Checker/CFRefCount.cpp
@@ -2686,8 +2686,8 @@ void CFRefCount::evalSummary(ExplodedNodeSet& Dst,
if (Loc::IsLocType(T) || (T->isIntegerType() && T->isScalarType())) {
unsigned Count = Builder.getCurrentBlockCount();
- ValueManager &ValMgr = Eng.getValueManager();
- SVal X = ValMgr.getConjuredSymbolVal(NULL, Ex, T, Count);
+ SValBuilder &svalBuilder = Eng.getSValBuilder();
+ SVal X = svalBuilder.getConjuredSymbolVal(NULL, Ex, T, Count);
state = state->BindExpr(Ex, X, false);
}
@@ -2713,12 +2713,12 @@ void CFRefCount::evalSummary(ExplodedNodeSet& Dst,
case RetEffect::OwnedAllocatedSymbol:
case RetEffect::OwnedSymbol: {
unsigned Count = Builder.getCurrentBlockCount();
- ValueManager &ValMgr = Eng.getValueManager();
- SymbolRef Sym = ValMgr.getConjuredSymbol(Ex, Count);
- QualType RetT = GetReturnType(Ex, ValMgr.getContext());
+ SValBuilder &svalBuilder = Eng.getSValBuilder();
+ SymbolRef Sym = svalBuilder.getConjuredSymbol(Ex, Count);
+ QualType RetT = GetReturnType(Ex, svalBuilder.getContext());
state = state->set<RefBindings>(Sym, RefVal::makeOwned(RE.getObjKind(),
RetT));
- state = state->BindExpr(Ex, ValMgr.makeLoc(Sym), false);
+ state = state->BindExpr(Ex, svalBuilder.makeLoc(Sym), false);
// FIXME: Add a flag to the checker where allocations are assumed to
// *not fail.
@@ -2736,12 +2736,12 @@ void CFRefCount::evalSummary(ExplodedNodeSet& Dst,
case RetEffect::GCNotOwnedSymbol:
case RetEffect::NotOwnedSymbol: {
unsigned Count = Builder.getCurrentBlockCount();
- ValueManager &ValMgr = Eng.getValueManager();
- SymbolRef Sym = ValMgr.getConjuredSymbol(Ex, Count);
- QualType RetT = GetReturnType(Ex, ValMgr.getContext());
+ SValBuilder &svalBuilder = Eng.getSValBuilder();
+ SymbolRef Sym = svalBuilder.getConjuredSymbol(Ex, Count);
+ QualType RetT = GetReturnType(Ex, svalBuilder.getContext());
state = state->set<RefBindings>(Sym, RefVal::makeNotOwned(RE.getObjKind(),
RetT));
- state = state->BindExpr(Ex, ValMgr.makeLoc(Sym), false);
+ state = state->BindExpr(Ex, svalBuilder.makeLoc(Sym), false);
break;
}
}
@@ -3431,7 +3431,7 @@ void RetainReleaseChecker::PostVisitBlockExpr(CheckerContext &C,
// and in implicit increment/decrement of a retain count.
llvm::SmallVector<const MemRegion*, 10> Regions;
const LocationContext *LC = C.getPredecessor()->getLocationContext();
- MemRegionManager &MemMgr = C.getValueManager().getRegionManager();
+ MemRegionManager &MemMgr = C.getSValBuilder().getRegionManager();
for ( ; I != E; ++I) {
const VarRegion *VR = *I;
diff --git a/lib/Checker/CMakeLists.txt b/lib/Checker/CMakeLists.txt
index e55f733ff9..73e8d119dc 100644
--- a/lib/Checker/CMakeLists.txt
+++ b/lib/Checker/CMakeLists.txt
@@ -82,7 +82,6 @@ add_clang_library(clangChecker
UnixAPIChecker.cpp
UnreachableCodeChecker.cpp
VLASizeChecker.cpp
- ValueManager.cpp
)
add_dependencies(clangChecker ClangAttrClasses ClangAttrList ClangDeclNodes
diff --git a/lib/Checker/CStringChecker.cpp b/lib/Checker/CStringChecker.cpp
index a177710c17..969715e70b 100644
--- a/lib/Checker/CStringChecker.cpp
+++ b/lib/Checker/CStringChecker.cpp
@@ -51,21 +51,21 @@ public:
void evalMemcmp(CheckerContext &C, const CallExpr *CE);
- void evalStrlen(CheckerContext &C, const CallExpr *CE);
+ void evalstrLength(CheckerContext &C, const CallExpr *CE);
void evalStrcpy(CheckerContext &C, const CallExpr *CE);
void evalStpcpy(CheckerContext &C, const CallExpr *CE);
- void evalStrcpyCommon(CheckerContext &C, const CallExpr *CE, bool ReturnEnd);
+ void evalStrcpyCommon(CheckerContext &C, const CallExpr *CE, bool returnEnd);
// Utility methods
std::pair<const GRState*, const GRState*>
assumeZero(CheckerContext &C, const GRState *state, SVal V, QualType Ty);
- const GRState *SetCStringLength(const GRState *state, const MemRegion *MR,
- SVal StrLen);
- SVal GetCStringLengthForRegion(CheckerContext &C, const GRState *&state,
+ const GRState *setCStringLength(const GRState *state, const MemRegion *MR,
+ SVal strLength);
+ SVal getCStringLengthForRegion(CheckerContext &C, const GRState *&state,
const Expr *Ex, const MemRegion *MR);
- SVal GetCStringLength(CheckerContext &C, const GRState *&state,
+ SVal getCStringLength(CheckerContext &C, const GRState *&state,
const Expr *Ex, SVal Buf);
const GRState *InvalidateBuffer(CheckerContext &C, const GRState *state,
@@ -75,7 +75,7 @@ public:
const MemRegion *MR);
// Re-usable checks
- const GRState *CheckNonNull(CheckerContext &C, const GRState *state,
+ const GRState *checkNonNull(CheckerContext &C, const GRState *state,
const Expr *S, SVal l);
const GRState *CheckLocation(CheckerContext &C, const GRState *state,
const Expr *S, SVal l,
@@ -88,7 +88,7 @@ public:
const GRState *CheckOverlap(CheckerContext &C, const GRState *state,
const Expr *Size, const Expr *First,
const Expr *Second);
- void EmitOverlapBug(CheckerContext &C, const GRState *state,
+ void emitOverlapBug(CheckerContext &C, const GRState *state,
const Stmt *First, const Stmt *Second);
};
@@ -117,20 +117,16 @@ void clang::RegisterCStringChecker(GRExprEngine &Eng) {
std::pair<const GRState*, const GRState*>
CStringChecker::assumeZero(CheckerContext &C, const GRState *state, SVal V,
QualType Ty) {
- DefinedSVal *Val = dyn_cast<DefinedSVal>(&V);
- if (!Val)
+ DefinedSVal *val = dyn_cast<DefinedSVal>(&V);
+ if (!val)
return std::pair<const GRState*, const GRState *>(state, state);
- ValueManager &ValMgr = C.getValueManager();
- SValBuilder &SV = ValMgr.getSValBuilder();
-
- DefinedOrUnknownSVal Zero = ValMgr.makeZeroVal(Ty);
- DefinedOrUnknownSVal ValIsZero = SV.evalEQ(state, *Val, Zero);
-
- return state->assume(ValIsZero);
+ SValBuilder &svalBuilder = C.getSValBuilder();
+ DefinedOrUnknownSVal zero = svalBuilder.makeZeroVal(Ty);
+ return state->assume(svalBuilder.evalEQ(state, *val, zero));
}
-const GRState *CStringChecker::CheckNonNull(CheckerContext &C,
+const GRState *CStringChecker::checkNonNull(CheckerContext &C,
const GRState *state,
const Expr *S, SVal l) {
// If a previous check has failed, propagate the failure.
@@ -187,9 +183,9 @@ const GRState *CStringChecker::CheckLocation(CheckerContext &C,
"CheckLocation should only be called with char* ElementRegions");
// Get the size of the array.
- const SubRegion *Super = cast<SubRegion>(ER->getSuperRegion());
- ValueManager &ValMgr = C.getValueManager();
- SVal Extent = ValMgr.convertToArrayIndex(Super->getExtent(ValMgr));
+ const SubRegion *superReg = cast<SubRegion>(ER->getSuperRegion());
+ SValBuilder &svalBuilder = C.getSValBuilder();
+ SVal Extent = svalBuilder.convertToArrayIndex(superReg->getExtent(svalBuilder));
DefinedOrUnknownSVal Size = cast<DefinedOrUnknownSVal>(Extent);
// Get the index of the accessed element.
@@ -244,16 +240,15 @@ const GRState *CStringChecker::CheckBufferAccess(CheckerContext &C,
if (!state)
return NULL;
- ValueManager &VM = C.getValueManager();
- SValBuilder &SV = VM.getSValBuilder();
+ SValBuilder &svalBuilder = C.getSValBuilder();
ASTContext &Ctx = C.getASTContext();
- QualType SizeTy = Size->getType();
+ QualType sizeTy = Size->getType();
QualType PtrTy = Ctx.getPointerType(Ctx.CharTy);
// Check that the first buffer is non-null.
SVal BufVal = state->getSVal(FirstBuf);
- state = CheckNonNull(C, state, FirstBuf, BufVal);
+ state = checkNonNull(C, state, FirstBuf, BufVal);
if (!state)
return NULL;
@@ -264,15 +259,15 @@ const GRState *CStringChecker::CheckBufferAccess(CheckerContext &C,
return state;
// Compute the offset of the last element to be accessed: size-1.
- NonLoc One = cast<NonLoc>(VM.makeIntVal(1, SizeTy));
- NonLoc LastOffset = cast<NonLoc>(SV.evalBinOpNN(state, BO_Sub,
- *Length, One, SizeTy));
+ NonLoc One = cast<NonLoc>(svalBuilder.makeIntVal(1, sizeTy));
+ NonLoc LastOffset = cast<NonLoc>(svalBuilder.evalBinOpNN(state, BO_Sub,
+ *Length, One, sizeTy));
// Check that the first buffer is sufficently long.
- SVal BufStart = SV.evalCast(BufVal, PtrTy, FirstBuf->getType());
+ SVal BufStart = svalBuilder.evalCast(BufVal, PtrTy, FirstBuf->getType());
if (Loc *BufLoc = dyn_cast<Loc>(&BufStart)) {
- SVal BufEnd = SV.evalBinOpLN(state, BO_Add, *BufLoc,
- LastOffset, PtrTy);
+ SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
+ LastOffset, PtrTy);
state = CheckLocation(C, state, FirstBuf, BufEnd, FirstIsDestination);
// If the buffer isn't large enough, abort.
@@ -283,14 +278,14 @@ const GRState *CStringChecker::CheckBufferAccess(CheckerContext &C,
// If there's a second buffer, check it as well.
if (SecondBuf) {
BufVal = state->getSVal(SecondBuf);
- state = CheckNonNull(C, state, SecondBuf, BufVal);
+ state = checkNonNull(C, state, SecondBuf, BufVal);
if (!state)
return NULL;
- BufStart = SV.evalCast(BufVal, PtrTy, SecondBuf->getType());
+ BufStart = svalBuilder.evalCast(BufVal, PtrTy, SecondBuf->getType());
if (Loc *BufLoc = dyn_cast<Loc>(&BufStart)) {
- SVal BufEnd = SV.evalBinOpLN(state, BO_Add, *BufLoc,
- LastOffset, PtrTy);
+ SVal BufEnd = svalBuilder.evalBinOpLN(state, BO_Add, *BufLoc,
+ LastOffset, PtrTy);
state = CheckLocation(C, state, SecondBuf, BufEnd);
}
}
@@ -312,30 +307,28 @@ const GRState *CStringChecker::CheckOverlap(CheckerContext &C,
if (!state)
return NULL;
- ValueManager &VM = state->getStateManager().getValueManager();
- SValBuilder &SV = VM.getSValBuilder();
- ASTContext &Ctx = VM.getContext();
const GRState *stateTrue, *stateFalse;
// Get the buffer values and make sure they're known locations.
- SVal FirstVal = state->getSVal(First);
- SVal SecondVal = state->getSVal(Second);
+ SVal firstVal = state->getSVal(First);
+ SVal secondVal = state->getSVal(Second);
- Loc *FirstLoc = dyn_cast<Loc>(&FirstVal);
- if (!FirstLoc)
+ Loc *firstLoc = dyn_cast<Loc>(&firstVal);
+ if (!firstLoc)
return state;
- Loc *SecondLoc = dyn_cast<Loc>(&SecondVal);
- if (!SecondLoc)
+ Loc *secondLoc = dyn_cast<Loc>(&secondVal);
+ if (!secondLoc)
return state;
// Are the two values the same?
- DefinedOrUnknownSVal EqualTest = SV.evalEQ(state, *FirstLoc, *SecondLoc);
- llvm::tie(stateTrue, stateFalse) = state->assume(EqualTest);
+ SValBuilder &svalBuilder = C.getSValBuilder();
+ llvm::tie(stateTrue, stateFalse) =
+ state->assume(svalBuilder.evalEQ(state, *firstLoc, *secondLoc));
if (stateTrue && !stateFalse) {
// If the values are known to be equal, that's automatically an overlap.
- EmitOverlapBug(C, stateTrue, First, Second);
+ emitOverlapBug(C, stateTrue, First, Second);
return NULL;
}
@@ -344,24 +337,24 @@ const GRState *CStringChecker::CheckOverlap(CheckerContext &C,
state = stateFalse;
// Which value comes first?
- QualType CmpTy = Ctx.IntTy;
- SVal Reverse = SV.evalBinOpLL(state, BO_GT,
- *FirstLoc, *SecondLoc, CmpTy);
- DefinedOrUnknownSVal *ReverseTest = dyn_cast<DefinedOrUnknownSVal>(&Reverse);
- if (!ReverseTest)
+ ASTContext &Ctx = svalBuilder.getContext();
+ QualType cmpTy = Ctx.IntTy;
+ SVal reverse = svalBuilder.evalBinOpLL(state, BO_GT,
+ *firstLoc, *secondLoc, cmpTy);
+ DefinedOrUnknownSVal *reverseTest = dyn_cast<DefinedOrUnknownSVal>(&reverse);
+ if (!reverseTest)
return state;
- llvm::tie(stateTrue, stateFalse) = state->assume(*ReverseTest);
-
+ llvm::tie(stateTrue, stateFalse) = state->assume(*reverseTest);
if (stateTrue) {
if (stateFalse) {
// If we don't know which one comes first, we can't perform this test.
return state;
} else {
- // Switch the values so that FirstVal is before SecondVal.
- Loc *tmpLoc = FirstLoc;
- FirstLoc = SecondLoc;
- SecondLoc = tmpLoc;
+ // Switch the values so that firstVal is before secondVal.
+ Loc *tmpLoc = firstLoc;
+ firstLoc = secondLoc;
+ secondLoc = tmpLoc;
// Switch the Exprs as well, so that they still correspond.
const Expr *tmpExpr = First;
@@ -379,21 +372,21 @@ const GRState *CStringChecker::CheckOverlap(CheckerContext &C,
// Convert the first buffer's start address to char*.
// Bail out if the cast fails.
QualType CharPtrTy = Ctx.getPointerType(Ctx.CharTy);
- SVal FirstStart = SV.evalCast(*FirstLoc, CharPtrTy, First->getType());
+ SVal FirstStart = svalBuilder.evalCast(*firstLoc, CharPtrTy, First->getType());
Loc *FirstStartLoc = dyn_cast<Loc>(&FirstStart);
if (!FirstStartLoc)
return state;
// Compute the end of the first buffer. Bail out if THAT fails.
- SVal FirstEnd = SV.evalBinOpLN(state, BO_Add,
+ SVal FirstEnd = svalBuilder.evalBinOpLN(state, BO_Add,
*FirstStartLoc, *Length, CharPtrTy);
Loc *FirstEndLoc = dyn_cast<Loc>(&FirstEnd);
if (!FirstEndLoc)
return state;
// Is the end of the first buffer past the start of the second buffer?
- SVal Overlap = SV.evalBinOpLL(state, BO_GT,
- *FirstEndLoc, *SecondLoc, CmpTy);
+ SVal Overlap = svalBuilder.evalBinOpLL(state, BO_GT,
+ *FirstEndLoc, *secondLoc, cmpTy);
DefinedOrUnknownSVal *OverlapTest = dyn_cast<DefinedOrUnknownSVal>(&Overlap);
if (!OverlapTest)
return state;
@@ -402,7 +395,7 @@ const GRState *CStringChecker::CheckOverlap(CheckerContext &C,
if (stateTrue && !stateFalse) {
// Overlap!
- EmitOverlapBug(C, stateTrue, First, Second);
+ emitOverlapBug(C, stateTrue, First, Second);
return NULL;
}
@@ -411,7 +404,7 @@ const GRState *CStringChecker::CheckOverlap(CheckerContext &C,
return stateFalse;
}
-void CStringChecker::EmitOverlapBug(CheckerContext &C, const GRState *state,
+void CStringChecker::emitOverlapBug(CheckerContext &C, const GRState *state,
const Stmt *First, const Stmt *Second) {
ExplodedNode *N = C.GenerateSink(state);
if (!N)
@@ -430,11 +423,11 @@ void CStringChecker::EmitOverlapBug(CheckerContext &C, const GRState *state,
C.EmitReport(report);
}
-const GRState *CStringChecker::SetCStringLength(const GRState *state,
+const GRState *CStringChecker::setCStringLength(const GRState *state,
const MemRegion *MR,
- SVal StrLen) {
- assert(!StrLen.isUndef() && "Attempt to set an undefined string length");
- if (StrLen.isUnknown())
+ SVal strLength) {
+ assert(!strLength.isUndef() && "Attempt to set an undefined string length");
+ if (strLength.isUnknown())
return state;
MR = MR->StripCasts();
@@ -450,7 +443,7 @@ const GRState *CStringChecker::SetCStringLength(const GRState *state,
case MemRegion::VarRegionKind:
case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind:
- return state->set<CStringLength>(MR, StrLen);
+ return state->set<CStringLength>(MR, strLength);
case MemRegion::ElementRegionKind:
// FIXME: Handle element regions by upper-bounding the parent region's
@@ -466,7 +459,7 @@ const GRState *CStringChecker::SetCStringLength(const GRState *state,
}
}
-SVal CStringChecker::GetCStringLengthForRegion(CheckerContext &C,
+SVal CStringChecker::getCStringLengthForRegion(CheckerContext &C,
const GRState *&state,
const Expr *Ex,
const MemRegion *MR) {
@@ -477,15 +470,14 @@ SVal CStringChecker::GetCStringLengthForRegion(CheckerContext &C,
// Otherwise, get a new symbol and update the state.
unsigned Count = C.getNodeBuilder().getCurrentBlockCount();
- ValueManager &ValMgr = C.getValueManager();
- QualType SizeTy = ValMgr.getContext().getSizeType();
- SVal Strlen = ValMgr.getMetadataSymbolVal(getTag(), MR, Ex, SizeTy, Count);
-
- state = state->set<CStringLength>(MR, Strlen);
- return Strlen;
+ SValBuilder &svalBuilder = C.getSValBuilder();
+ QualType sizeTy = svalBuilder.getContext().getSizeType();
+ SVal strLength = svalBuilder.getMetadataSymbolVal(getTag(), MR, Ex, sizeTy, Count);
+ state = state->set<CStringLength>(MR, strLength);
+ return strLength;
}
-SVal CStringChecker::GetCStringLength(CheckerContext &C, const GRState *&state,
+SVal CStringChecker::getCStringLength(CheckerContext &C, const GRState *&state,
const Expr *Ex, SVal Buf) {
const MemRegion *MR = Buf.getAsRegion();
if (!MR) {
@@ -527,17 +519,17 @@ SVal CStringChecker::GetCStringLength(CheckerContext &C, const GRState *&state,
case MemRegion::StringRegionKind: {
// Modifying the contents of string regions is undefined [C99 6.4.5p6],
// so we can assume that the byte length is the correct C string length.
- ValueManager &ValMgr = C.getValueManager();
- QualType SizeTy = ValMgr.getContext().getSizeType();
- const StringLiteral *Str = cast<StringRegion>(MR)->getStringLiteral();
- return ValMgr.makeIntVal(Str->getByteLength(), SizeTy);
+ SValBuilder &svalBuilder = C.getSValBuilder();
+ QualType sizeTy = svalBuilder.getContext().getSizeType();
+ const StringLiteral *strLit = cast<StringRegion>(MR)->getStringLiteral();
+ return svalBuilder.makeIntVal(strLit->getByteLength(), sizeTy);
}
case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind:
case MemRegion::VarRegionKind:
case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind:
- return GetCStringLengthForRegion(C, state, Ex, MR);
+ return getCStringLengthForRegion(C, state, Ex, MR);
case MemRegion::CompoundLiteralRegionKind:
// FIXME: Can we track this? Is it necessary?
return UnknownVal();
@@ -654,19 +646,19 @@ void CStringChecker::evalCopyCommon(CheckerContext &C, const GRState *state,
const Expr *Size, const Expr *Dest,
const Expr *Source, bool Restricted) {
// See if the size argument is zero.
- SVal SizeVal = state->getSVal(Size);
- QualType SizeTy = Size->getType();
+ SVal sizeVal = state->getSVal(Size);
+ QualType sizeTy = Size->getType();
- const GRState *StZeroSize, *StNonZeroSize;
- llvm::tie(StZeroSize, StNonZeroSize) = assumeZero(C, state, SizeVal, SizeTy);
+ const GRState *stateZeroSize, *stateNonZeroSize;
+ llvm::tie(stateZeroSize, stateNonZeroSize) = assumeZero(C, state, sizeVal, sizeTy);
// If the size is zero, there won't be any actual memory access.
- if (StZeroSize)
- C.addTransition(StZeroSize);
+ if (stateZeroSize)
+ C.addTransition(stateZeroSize);
// If the size can be nonzero, we have to check the other arguments.
- if (StNonZeroSize) {
- state = StNonZeroSize;
+ if (stateNonZeroSize) {
+ state = stateNonZeroSize;
state = CheckBufferAccess(C, state, Size, Dest, Source,
/* FirstIsDst = */ true);
if (Restricted)
@@ -715,28 +707,27 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) {
const Expr *Size = CE->getArg(2);
const GRState *state = C.getState();
- ValueManager &ValMgr = C.getValueManager();
- SValBuilder &SV = ValMgr.getSValBuilder();
+ SValBuilder &svalBuilder = C.getSValBuilder();
// See if the size argument is zero.
- SVal SizeVal = state->getSVal(Size);
- QualType SizeTy = Size->getType();
+ SVal sizeVal = state->getSVal(Size);
+ QualType sizeTy = Size->getType();
- const GRState *StZeroSize, *StNonZeroSize;
- llvm::tie(StZeroSize, StNonZeroSize) = assumeZero(C, state, SizeVal, SizeTy);
+ const GRState *stateZeroSize, *stateNonZeroSize;
+ llvm::tie(stateZeroSize, stateNonZeroSize) =
+ assumeZero(C, state, sizeVal, sizeTy);
// If the size can be zero, the result will be 0 in that case, and we don't
// have to check either of the buffers.
- if (StZeroSize) {
- state = StZeroSize;
- state = state->BindExpr(CE, ValMgr.makeZeroVal(CE->getType()));
+ if (stateZeroSize) {
+ state = stateZeroSize;
+ state = state->BindExpr(CE, svalBuilder.makeZeroVal(CE->getType()));
C.addTransition(state);
}
// If the size can be nonzero, we have to check the other arguments.
- if (StNonZeroSize) {
- state = StNonZeroSize;
-
+ if (stateNonZeroSize) {
+ state = stateNonZeroSize;
// If we know the two buffers are the same, we know the result is 0.
// First, get the two buffers' addresses. Another checker will have already
// made sure they're not undefined.
@@ -744,7 +735,7 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) {
DefinedOrUnknownSVal RV = cast<DefinedOrUnknownSVal>(state->getSVal(Right));
// See if they are the same.
- DefinedOrUnknownSVal SameBuf = SV.evalEQ(state, LV, RV);
+ DefinedOrUnknownSVal SameBuf = svalBuilder.evalEQ(state, LV, RV);
const GRState *StSameBuf, *StNotSameBuf;
llvm::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
@@ -754,7 +745,7 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) {
state = StSameBuf;
state = CheckBufferAccess(C, state, Size, Left);
if (state) {
- state = StSameBuf->BindExpr(CE, ValMgr.makeZeroVal(CE->getType()));
+ state = StSameBuf->BindExpr(CE, svalBuilder.makeZeroVal(CE->getType()));
C.addTransition(state);
}
}
@@ -767,7 +758,7 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) {
if (state) {
// The return value is the comparison result, which we don't know.
unsigned Count = C.getNodeBuilder().getCurrentBlockCount();
- SVal CmpV = ValMgr.getConjuredSymbolVal(NULL, CE, Count);
+ SVal CmpV = svalBuilder.getConjuredSymbolVal(NULL, CE, Count);
state = state->BindExpr(CE, CmpV);
C.addTransition(state);
}
@@ -775,94 +766,90 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) {
}
}
-void CStringChecker::evalStrlen(CheckerContext &C, const CallExpr *CE) {
+void CStringChecker::evalstrLength(CheckerContext &C, const CallExpr *CE) {
// size_t strlen(const char *s);
const GRState *state = C.getState();
const Expr *Arg = CE->getArg(0);
SVal ArgVal = state->getSVal(Arg);
// Check that the argument is non-null.
- sta