diff options
| author | Ted Kremenek <kremenek@apple.com> | 2013-02-24 07:21:01 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2013-02-24 07:21:01 +0000 |
| commit | 43b82b823a6113fdbee54243b280db9c55ef72cb (patch) | |
| tree | 7fffa0612f4d6204f3554521ca6a77bd2f0ba87f /lib/StaticAnalyzer/Core/ExplodedGraph.cpp | |
| parent | 0dd15d78fb0c99faa5df724139ba4c16a9a345c6 (diff) | |
[analyzer] tracking stores/constraints now works for ObjC ivars or struct fields.
This required more changes than I originally expected:
- ObjCIvarRegion implements "canPrintPretty" et al
- DereferenceChecker indicates the null pointer source is an ivar
- bugreporter::trackNullOrUndefValue() uses an alternate algorithm
to compute the location region to track by scouring the ExplodedGraph.
This allows us to get the actual MemRegion for variables, ivars,
fields, etc. We only hand construct a VarRegion for C++ references.
- ExplodedGraph no longer drops nodes for expressions that are marked
'lvalue'. This is to facilitate the logic in the previous bullet.
This may lead to a slight increase in size in the ExplodedGraph,
which I have not measured, but it is likely not to be a big deal.
I have validated each of the changed plist output.
Fixes <rdar://problem/12114812>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core/ExplodedGraph.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExplodedGraph.cpp | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/lib/StaticAnalyzer/Core/ExplodedGraph.cpp b/lib/StaticAnalyzer/Core/ExplodedGraph.cpp index a72f49d805..443d87076a 100644 --- a/lib/StaticAnalyzer/Core/ExplodedGraph.cpp +++ b/lib/StaticAnalyzer/Core/ExplodedGraph.cpp @@ -66,9 +66,10 @@ bool ExplodedGraph::shouldCollect(const ExplodedNode *node) { // (5) The 'store' is the same as the predecessor. // (6) The 'GDM' is the same as the predecessor. // (7) The LocationContext is the same as the predecessor. - // (8) The PostStmt isn't for a non-consumed Stmt or Expr. - // (9) The successor is not a CallExpr StmtPoint (so that we would be able to - // find it when retrying a call with no inlining). + // (8) Expressions that are *not* lvalue expressions. + // (9) The PostStmt isn't for a non-consumed Stmt or Expr. + // (10) The successor is not a CallExpr StmtPoint (so that we would + // be able to find it when retrying a call with no inlining). // FIXME: It may be safe to reclaim PreCall and PostCall nodes as well. // Conditions 1 and 2. @@ -99,20 +100,23 @@ bool ExplodedGraph::shouldCollect(const ExplodedNode *node) { if (state->store != pred_state->store || state->GDM != pred_state->GDM || progPoint.getLocationContext() != pred->getLocationContext()) return false; - + // Condition 8. - // Do not collect nodes for non-consumed Stmt or Expr to ensure precise - // diagnostic generation; specifically, so that we could anchor arrows - // pointing to the beginning of statements (as written in code). + // Do not collect nodes for lvalue expressions since they are + // used extensively for generating path diagnostics. const Expr *Ex = dyn_cast<Expr>(ps.getStmt()); - if (!Ex) + if (!Ex || Ex->isLValue()) return false; + // Condition 9. + // Do not collect nodes for non-consumed Stmt or Expr to ensure precise + // diagnostic generation; specifically, so that we could anchor arrows + // pointing to the beginning of statements (as written in code). ParentMap &PM = progPoint.getLocationContext()->getParentMap(); if (!PM.isConsumedExpr(Ex)) return false; - - // Condition 9. + + // Condition 10. const ProgramPoint SuccLoc = succ->getLocation(); if (Optional<StmtPoint> SP = SuccLoc.getAs<StmtPoint>()) if (CallEvent::isCallStmt(SP->getStmt())) |