diff options
| author | Anna Zaks <ganna@apple.com> | 2012-09-12 22:57:30 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-09-12 22:57:30 +0000 |
| commit | 522fc21f3adc647817edc8017e6928a64c96899b (patch) | |
| tree | 58cb3520520b25a193a6708523574a0b7913abc5 /lib/StaticAnalyzer/Core | |
| parent | 1a7bcc41efb73d80fd45eb71494b073f388d333c (diff) | |
[analyzer] Teach UndefOrNullArgVisitor to track parent regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163748 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core')
| -rw-r--r-- | lib/StaticAnalyzer/Core/BugReporterVisitors.cpp | 8 | ||||
| -rw-r--r-- | lib/StaticAnalyzer/Core/MemRegion.cpp | 20 |
2 files changed, 25 insertions, 3 deletions
diff --git a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp index 0d0006c5eb..be946842fc 100644 --- a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -517,6 +517,8 @@ void bugreporter::trackNullOrUndefValue(const ExplodedNode *N, const Stmt *S, // However, if the rvalue is a symbolic region, we should track it as well. SVal RVal = state->getSVal(L->getRegion()); const MemRegion *RegionRVal = RVal.getAsRegion(); + report.addVisitor(new UndefOrNullArgVisitor(L->getRegion())); + if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) { report.markInteresting(RegionRVal); @@ -985,8 +987,8 @@ UndefOrNullArgVisitor::VisitNode(const ExplodedNode *N, E = Call->param_end(); I != E; ++I, ++Idx) { const MemRegion *ArgReg = Call->getArgSVal(Idx).getAsRegion(); - // Are we tracking the argument? - if ( !ArgReg || ArgReg != R) + // Are we tracking the argument or its subregion? + if ( !ArgReg || (ArgReg != R && !R->isSubRegionOf(ArgReg->StripCasts()))) continue; // Check the function parameter type. @@ -1006,7 +1008,7 @@ UndefOrNullArgVisitor::VisitNode(const ExplodedNode *N, // Mark the call site (LocationContext) as interesting if the value of the // argument is undefined or '0'/'NULL'. - SVal BoundVal = State->getSVal(ArgReg); + SVal BoundVal = State->getSVal(R); if (BoundVal.isUndef() || BoundVal.isZeroConstant()) { BR.markInteresting(CEnter->getCalleeContext()); return 0; diff --git a/lib/StaticAnalyzer/Core/MemRegion.cpp b/lib/StaticAnalyzer/Core/MemRegion.cpp index b29327efcf..6d6bb20818 100644 --- a/lib/StaticAnalyzer/Core/MemRegion.cpp +++ b/lib/StaticAnalyzer/Core/MemRegion.cpp @@ -990,6 +990,26 @@ const MemRegion *MemRegion::getBaseRegion() const { return R; } +bool MemRegion::isSubRegionOf(const MemRegion *PR) const { + const MemRegion *R = this; + while (true) { + switch (R->getKind()) { + case MemRegion::ElementRegionKind: + case MemRegion::FieldRegionKind: + case MemRegion::ObjCIvarRegionKind: + case MemRegion::CXXBaseObjectRegionKind: + R = cast<SubRegion>(R)->getSuperRegion(); + if (R == PR) + return true; + continue; + default: + break; + } + break; + } + return false; +} + //===----------------------------------------------------------------------===// // View handling. //===----------------------------------------------------------------------===// |