diff options
| author | Anna Zaks <ganna@apple.com> | 2012-05-01 21:10:26 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-05-01 21:10:26 +0000 |
| commit | e2241cbb0455a60ba27d6c4b9d601ffef3ed103f (patch) | |
| tree | 47272326c9e21833382e29d15cc9b1ba8331762c /lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp | |
| parent | 4e31b4d6cf25029aa280d691e9023359c0ef4204 (diff) | |
[analyzer] Construct a SymExpr even when the constraint solver cannot
reason about the expression.
This essentially keeps more history about how symbolic values were
constructed. As an optimization, previous to this commit, we only kept
the history if one of the symbols was tainted, but it's valuable keep
the history around for other purposes as well: it allows us to avoid
constructing conjured symbols.
Specifically, we need to identify the value of ptr as
ElementRegion (result of pointer arithmetic) in the following code.
However, before this commit '(2-x)' evaluated to Unknown value, and as
the result, 'p + (2-x)' evaluated to Unknown value as well.
int *p = malloc(sizeof(int));
ptr = p + (2-x);
This change brings 2% slowdown on sqlite. Fixes radar://11329382.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155944 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp index 45be5db10c..2522cbbd24 100644 --- a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp +++ b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp @@ -304,7 +304,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, while (1) { switch (lhs.getSubKind()) { default: - return makeGenericVal(state, op, lhs, rhs, resultTy); + return makeSymExprValNN(state, op, lhs, rhs, resultTy); case nonloc::LocAsIntegerKind: { Loc lhsL = cast<nonloc::LocAsInteger>(lhs).getLoc(); switch (rhs.getSubKind()) { @@ -327,7 +327,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, return makeTruthVal(true, resultTy); default: // This case also handles pointer arithmetic. - return makeGenericVal(state, op, lhs, rhs, resultTy); + return makeSymExprValNN(state, op, lhs, rhs, resultTy); } } } @@ -389,9 +389,9 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, if (lhsValue == 0) // At this point lhs and rhs have been swapped. return rhs; - return makeGenericVal(state, op, rhs, lhs, resultTy); + return makeSymExprValNN(state, op, rhs, lhs, resultTy); default: - return makeGenericVal(state, op, rhs, lhs, resultTy); + return makeSymExprValNN(state, op, rhs, lhs, resultTy); } } } @@ -406,7 +406,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, dyn_cast<SymIntExpr>(selhs->getSymbol()); if (!symIntExpr) - return makeGenericVal(state, op, lhs, rhs, resultTy); + return makeSymExprValNN(state, op, lhs, rhs, resultTy); // Is this a logical not? (!x is represented as x == 0.) if (op == BO_EQ && rhs.isZeroConstant()) { @@ -454,7 +454,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, // For now, only handle expressions whose RHS is a constant. const nonloc::ConcreteInt *rhsInt = dyn_cast<nonloc::ConcreteInt>(&rhs); if (!rhsInt) - return makeGenericVal(state, op, lhs, rhs, resultTy); + return makeSymExprValNN(state, op, lhs, rhs, resultTy); // If both the LHS and the current expression are additive, // fold their constants. @@ -539,7 +539,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, resultTy); } - return makeGenericVal(state, op, lhs, rhs, resultTy); + return makeSymExprValNN(state, op, lhs, rhs, resultTy); } } } |