diff options
| -rw-r--r-- | include/clang/Analysis/PathSensitive/GRExprEngine.h | 10 | ||||
| -rw-r--r-- | lib/Analysis/GRExprEngine.cpp | 72 |
2 files changed, 74 insertions, 8 deletions
diff --git a/include/clang/Analysis/PathSensitive/GRExprEngine.h b/include/clang/Analysis/PathSensitive/GRExprEngine.h index b15d3baf56..c96324f4cd 100644 --- a/include/clang/Analysis/PathSensitive/GRExprEngine.h +++ b/include/clang/Analysis/PathSensitive/GRExprEngine.h @@ -72,6 +72,7 @@ protected: typedef llvm::SmallPtrSet<NodeTy*,2> UndefStoresTy; typedef llvm::SmallPtrSet<NodeTy*,2> BadDerefTy; typedef llvm::SmallPtrSet<NodeTy*,2> BadCallsTy; + typedef llvm::SmallPtrSet<NodeTy*,2> UndefReceiversTy; typedef llvm::DenseMap<NodeTy*, Expr*> UndefArgsTy; typedef llvm::SmallPtrSet<NodeTy*,2> BadDividesTy; typedef llvm::SmallPtrSet<NodeTy*,2> NoReturnCallsTy; @@ -120,10 +121,19 @@ protected: /// pointers that are NULL (or other constants) or Undefined. BadCallsTy BadCalls; + /// UndefReceiver - Nodes in the ExplodedGraph resulting from message + /// ObjC message expressions where the receiver is undefined (uninitialized). + UndefReceiversTy UndefReceivers; + /// UndefArg - Nodes in the ExplodedGraph resulting from calls to functions /// where a pass-by-value argument has an undefined value. UndefArgsTy UndefArgs; + /// MsgExprUndefArgs - Nodes in the ExplodedGraph resulting from + /// message expressions where a pass-by-value argument has an undefined + /// value. + UndefArgsTy MsgExprUndefArgs; + public: GRExprEngine(GraphTy& g) : G(g), Liveness(G.getCFG()), diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp index c143bd5dd3..55bfe55119 100644 --- a/lib/Analysis/GRExprEngine.cpp +++ b/lib/Analysis/GRExprEngine.cpp @@ -1088,10 +1088,10 @@ void GRExprEngine::VisitObjCMessageExpr(ObjCMessageExpr* ME, NodeTy* Pred, } void GRExprEngine::VisitObjCMessageExprHelper(ObjCMessageExpr* ME, - ObjCMessageExpr::arg_iterator I, - ObjCMessageExpr::arg_iterator E, + ObjCMessageExpr::arg_iterator AI, + ObjCMessageExpr::arg_iterator AE, NodeTy* Pred, NodeSet& Dst) { - if (I == E) { + if (AI == AE) { // Process the receiver. @@ -1101,19 +1101,75 @@ void GRExprEngine::VisitObjCMessageExprHelper(ObjCMessageExpr* ME, // FIXME: More logic for the processing the method call. - for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI) - Dst.Add(*NI); + for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI) { + + ValueState* St = GetState(*NI); + RVal L = GetLVal(St, Receiver); + + // Check for undefined control-flow or calls to NULL. + + if (L.isUndef()) { + NodeTy* N = Builder->generateNode(ME, St, *NI); + + if (N) { + N->markAsSink(); + UndefReceivers.insert(N); + } + + continue; + } + + // Check for any arguments that are uninitialized/undefined. + + bool badArg = false; + + for (ObjCMessageExpr::arg_iterator I = ME->arg_begin(), E = ME->arg_end(); + I != E; ++I) { + + if (GetRVal(St, *I).isUndef()) { + + NodeTy* N = Builder->generateNode(ME, St, *NI); + + if (N) { + N->markAsSink(); + MsgExprUndefArgs[N] = *I; + } + + badArg = true; + break; + } + + RVal V = GetRVal(St, *I); + } + + if (badArg) + continue; + + // FIXME: Eventually we will properly handle the effects of a message + // expr. For now invalidate all arguments passed in by references. + + for (ObjCMessageExpr::arg_iterator I = ME->arg_begin(), E = ME->arg_end(); + I != E; ++I) { + + RVal V = GetRVal(St, *I); + + if (isa<LVal>(V)) + St = SetRVal(St, cast<LVal>(V), UnknownVal()); + } + + MakeNode(Dst, ME, *NI, St); + } return; } NodeSet Tmp; - Visit(*I, Pred, Tmp); + Visit(*AI, Pred, Tmp); - ++I; + ++AI; for (NodeSet::iterator NI = Tmp.begin(), NE = Tmp.end(); NI != NE; ++NI) - VisitObjCMessageExprHelper(ME, I, E, *NI, Dst); + VisitObjCMessageExprHelper(ME, AI, AE, *NI, Dst); } |