diff options
| author | Ted Kremenek <kremenek@apple.com> | 2012-09-07 22:31:01 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2012-09-07 22:31:01 +0000 |
| commit | 47cbd0f3892c7965cf16a58393f9f17a22d4d4d9 (patch) | |
| tree | a3c1edfe3895bb75f32a958aa6183524d2de53e5 /lib/StaticAnalyzer/Checkers/MallocChecker.cpp | |
| parent | b4b4523cc52bebc5ed47cc501959ab31286a1065 (diff) | |
Remove ProgramState::getSymVal(). It was being misused by Checkers,
with at least one subtle bug in MacOSXKeyChainAPIChecker where the
calling the method was a substitute for assuming a symbolic value
was null (which is not the case).
We still keep ConstraintManager::getSymVal(), but we use that as
an optimization in SValBuilder and ProgramState::getSVal() to
constant-fold SVals. This is only if the ConstraintManager can
provide us with that information, which is no longer a requirement.
As part of this, introduce a default implementation of
ConstraintManager::getSymVal() which returns null.
For Checkers, introduce ConstraintManager::isNull(), which queries
the state to see if the symbolic value is constrained to be a null
value. It does this without assuming it has been implicitly constant
folded.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Checkers/MallocChecker.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index a8ef2e5bf8..b3107c8447 100644 --- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -1275,9 +1275,8 @@ ProgramStateRef MallocChecker::evalAssume(ProgramStateRef state, bool Assumption) const { RegionStateTy RS = state->get<RegionState>(); for (RegionStateTy::iterator I = RS.begin(), E = RS.end(); I != E; ++I) { - // If the symbol is assumed to NULL or another constant, this will - // return an APSInt*. - if (state->getSymVal(I.getKey())) + // If the symbol is assumed to be NULL, remove it from consideration. + if (state->getConstraintManager().isNull(state, I.getKey()).isTrue()) state = state->remove<RegionState>(I.getKey()); } @@ -1285,12 +1284,10 @@ ProgramStateRef MallocChecker::evalAssume(ProgramStateRef state, // restore the state of the pointer being reallocated. ReallocMap RP = state->get<ReallocPairs>(); for (ReallocMap::iterator I = RP.begin(), E = RP.end(); I != E; ++I) { - // If the symbol is assumed to NULL or another constant, this will - // return an APSInt*. - if (state->getSymVal(I.getKey())) { + // If the symbol is assumed to be NULL, remove it from consideration. + if (state->getConstraintManager().isNull(state, I.getKey()).isTrue()) { SymbolRef ReallocSym = I.getData().ReallocatedSym; - const RefState *RS = state->get<RegionState>(ReallocSym); - if (RS) { + if (const RefState *RS = state->get<RegionState>(ReallocSym)) { if (RS->isReleased() && ! I.getData().IsFreeOnFailure) state = state->set<RegionState>(ReallocSym, RefState::getAllocated(RS->getStmt())); |