diff options
| -rw-r--r-- | include/clang/Analysis/PathSensitive/SVals.h | 19 | ||||
| -rw-r--r-- | lib/Analysis/BasicStore.cpp | 23 | ||||
| -rw-r--r-- | lib/Analysis/GRExprEngine.cpp | 38 | ||||
| -rw-r--r-- | lib/Analysis/GRSimpleVals.cpp | 52 | ||||
| -rw-r--r-- | lib/Analysis/RegionStore.cpp | 45 | ||||
| -rw-r--r-- | lib/Analysis/SVals.cpp | 7 | ||||
| -rw-r--r-- | lib/Analysis/SimpleConstraintManager.cpp | 19 |
7 files changed, 15 insertions, 188 deletions
diff --git a/include/clang/Analysis/PathSensitive/SVals.h b/include/clang/Analysis/PathSensitive/SVals.h index 73c5509d2e..4df1982143 100644 --- a/include/clang/Analysis/PathSensitive/SVals.h +++ b/include/clang/Analysis/PathSensitive/SVals.h @@ -366,24 +366,7 @@ public: namespace loc { -enum Kind { SymbolValKind, GotoLabelKind, MemRegionKind, FuncValKind, - ConcreteIntKind }; - -class SymbolVal : public Loc { -public: - SymbolVal(SymbolRef sym) : Loc(SymbolValKind, sym) {} - - SymbolRef getSymbol() const { return (SymbolRef) Data; } - - static inline bool classof(const SVal* V) { - return V->getBaseKind() == LocKind && - V->getSubKind() == SymbolValKind; - } - - static inline bool classof(const Loc* V) { - return V->getSubKind() == SymbolValKind; - } -}; +enum Kind { GotoLabelKind, MemRegionKind, FuncValKind, ConcreteIntKind }; class GotoLabel : public Loc { public: diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp index 5c234549a4..41776edbbb 100644 --- a/lib/Analysis/BasicStore.cpp +++ b/lib/Analysis/BasicStore.cpp @@ -199,11 +199,6 @@ SVal BasicStoreManager::getLValueField(const GRState* St, SVal Base, const MemRegion* BaseR = 0; switch(BaseL.getSubKind()) { - case loc::SymbolValKind: - BaseR = - MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol()); - break; - case loc::GotoLabelKind: case loc::FuncValKind: // Technically we can get here if people do funny things with casts. @@ -238,21 +233,6 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base, const TypedRegion* BaseR = 0; switch(BaseL.getSubKind()) { - case loc::SymbolValKind: { - // FIXME: Should we have symbolic regions be typed or typeless? - // Here we assume that these regions are typeless, even though the - // symbol is typed. - SymbolRef Sym = BaseL.getAsSymbol(); - // Create a region to represent this symbol. - // FIXME: In the future we may just use symbolic regions instead of - // SymbolVals to reason about symbolic memory chunks. - const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym); - // Layered a typed region on top of this. - QualType T = StateMgr.getSymbolManager().getType(Sym); - BaseR = MRMgr.getTypedViewRegion(T, SymR); - break; - } - case loc::GotoLabelKind: case loc::FuncValKind: // Technically we can get here if people do funny things with casts. @@ -322,9 +302,6 @@ SVal BasicStoreManager::Retrieve(const GRState* state, Loc loc, QualType T) { return T ? *T : UnknownVal(); } - case loc::SymbolValKind: - return UnknownVal(); - case loc::ConcreteIntKind: // Some clients may call GetSVal with such an option simply because // they are doing a quick scan through their Locs (potentially to diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp index 46d1f798cf..4fe6fd6b90 100644 --- a/lib/Analysis/GRExprEngine.cpp +++ b/lib/Analysis/GRExprEngine.cpp @@ -2027,43 +2027,7 @@ void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){ MakeNode(Dst, CastE, N, BindExpr(Res.getState(), CastE, V)); continue; } - - // If we are casting a symbolic value, make a symbolic region and a - // TypedViewRegion subregion. - if (loc::SymbolVal* SV = dyn_cast<loc::SymbolVal>(&V)) { - SymbolRef Sym = SV->getSymbol(); - QualType SymTy = getSymbolManager().getType(Sym); - - // Just pass through symbols that are function or block pointers. - if (SymTy->isFunctionPointerType() || SymTy->isBlockPointerType()) - goto PassThrough; - - // Are we casting to a function or block pointer? - if (T->isFunctionPointerType() || T->isBlockPointerType()) { - // FIXME: We should verify that the underlying type of the symbolic - // pointer is a void* (or maybe char*). Other things are an abuse - // of the type system. - goto PassThrough; - } - - StoreManager& StoreMgr = getStoreManager(); - const MemRegion* R = StoreMgr.getRegionManager().getSymbolicRegion(Sym); - - // Delegate to store manager to get the result of casting a region - // to a different type. - const StoreManager::CastResult& Res = StoreMgr.CastRegion(state, R, T); - - // Inspect the result. If the MemRegion* returned is NULL, this - // expression evaluates to UnknownVal. - R = Res.getRegion(); - if (R) { V = loc::MemRegionVal(R); } else { V = UnknownVal(); } - - // Generate the new node in the ExplodedGraph. - MakeNode(Dst, CastE, N, BindExpr(Res.getState(), CastE, V)); - continue; - } - - // All other cases. + // All other cases. DispatchCast: { MakeNode(Dst, CastE, N, BindExpr(state, CastE, EvalCast(V, CastE->getType()))); diff --git a/lib/Analysis/GRSimpleVals.cpp b/lib/Analysis/GRSimpleVals.cpp index 8d596955be..1961da20ff 100644 --- a/lib/Analysis/GRSimpleVals.cpp +++ b/lib/Analysis/GRSimpleVals.cpp @@ -288,40 +288,9 @@ SVal GRSimpleVals::EvalEQ(GRExprEngine& Eng, Loc L, Loc R) { return NonLoc::MakeIntTruthVal(BasicVals, b); } - else if (isa<loc::SymbolVal>(R)) { - - const SymIntExpr *SE = - Eng.getSymbolManager().getSymIntExpr(cast<loc::SymbolVal>(R).getSymbol(), - BinaryOperator::EQ, - cast<loc::ConcreteInt>(L).getValue(), - Eng.getContext().IntTy); - - return nonloc::SymExprVal(SE); - } break; - case loc::SymbolValKind: { - - if (isa<loc::ConcreteInt>(R)) { - const SymIntExpr *SE = - Eng.getSymbolManager().getSymIntExpr( - cast<loc::SymbolVal>(L).getSymbol(), - BinaryOperator::EQ, - cast<loc::ConcreteInt>(R).getValue(), - Eng.getContext().IntTy); - - return nonloc::SymExprVal(SE); - } - - // FIXME: Implement == for lval Symbols. This is mainly useful - // in iterator loops when traversing a buffer, e.g. while(z != zTerm). - // Since this is not useful for many checkers we'll punt on this for - // now. - - return UnknownVal(); - } - case loc::MemRegionKind: { if (SymbolRef LSym = L.getAsLocSymbol()) { if (isa<loc::ConcreteInt>(R)) { @@ -373,27 +342,6 @@ SVal GRSimpleVals::EvalNE(GRExprEngine& Eng, Loc L, Loc R) { break; - case loc::SymbolValKind: { - if (isa<loc::ConcreteInt>(R)) { - const SymIntExpr *SE = - Eng.getSymbolManager().getSymIntExpr( - cast<loc::SymbolVal>(L).getSymbol(), - BinaryOperator::NE, - cast<loc::ConcreteInt>(R).getValue(), - Eng.getContext().IntTy); - return nonloc::SymExprVal(SE); - } - - // FIXME: Implement != for lval Symbols. This is mainly useful - // in iterator loops when traversing a buffer, e.g. while(z != zTerm). - // Since this is not useful for many checkers we'll punt on this for - // now. - - return UnknownVal(); - - break; - } - case loc::MemRegionKind: { if (SymbolRef LSym = L.getAsLocSymbol()) { if (isa<loc::ConcreteInt>(R)) { diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp index 4088158627..215fe1c281 100644 --- a/lib/Analysis/RegionStore.cpp +++ b/lib/Analysis/RegionStore.cpp @@ -364,14 +364,6 @@ SVal RegionStoreManager::getLValueFieldOrIvar(const GRState* St, SVal Base, } break; - case loc::SymbolValKind: { - SymbolRef Sym = cast<loc::SymbolVal>(&BaseL)->getSymbol(); - const SymbolicRegion* SR = MRMgr.getSymbolicRegion(Sym); - // Layer the type information. - BaseR = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR); - break; - } - case loc::GotoLabelKind: case loc::FuncValKind: // These are anormal cases. Flag an undefined value. @@ -413,21 +405,13 @@ SVal RegionStoreManager::getLValueElement(const GRState* St, const TypedRegion* BaseRegion = 0; - if (isa<loc::SymbolVal>(Base)) { - // FIXME: This case will be removed. - SymbolRef Sym = cast<loc::SymbolVal>(Base).getSymbol(); - SymbolicRegion* SR = MRMgr.getSymbolicRegion(Sym); - // Layer the type information. + const MemRegion* R = cast<loc::MemRegionVal>(Base).getRegion(); + if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(R)) { + SymbolRef Sym = SR->getSymbol(); BaseRegion = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR); - } else { - const MemRegion* R = cast<loc::MemRegionVal>(Base).getRegion(); - if (const SymbolicRegion* SR = dyn_cast<SymbolicRegion>(R)) { - SymbolRef Sym = SR->getSymbol(); - BaseRegion = MRMgr.getTypedViewRegion(Sym->getType(getContext()), SR); - } - else - BaseRegion = cast<TypedRegion>(R); } + else + BaseRegion = cast<TypedRegion>(R); // Pointer of any type can be cast and used as array base. const ElementRegion *ElemR = dyn_cast<ElementRegion>(BaseRegion); @@ -673,18 +657,6 @@ SVal RegionStoreManager::Retrieve(const GRState* St, Loc L, QualType T) { assert(!isa<UnknownVal>(L) && "location unknown"); assert(!isa<UndefinedVal>(L) && "location undefined"); - // FIXME: What does loc::SymbolVal represent? It represents the value - // of a location but that value is not known. In the future we should - // handle potential aliasing relationships; e.g. a loc::SymbolVal could - // be an alias for a particular region. - // Example: - // void foo(char* buf) { - // char c = *buf; - // } - if (isa<loc::SymbolVal>(L)) { - return UnknownVal(); - } - // FIXME: Is this even possible? Shouldn't this be treated as a null // dereference at a higher level? if (isa<loc::ConcreteInt>(L)) @@ -841,11 +813,6 @@ SVal RegionStoreManager::RetrieveStruct(const GRState* St,const TypedRegion* R){ } const GRState* RegionStoreManager::Bind(const GRState* St, Loc L, SVal V) { - // Currently we don't bind value to symbolic location. But if the logic is - // made clear, we might change this decision. - if (isa<loc::SymbolVal>(L)) - return St; - // If we get here, the location should be a region. const MemRegion* R = cast<loc::MemRegionVal>(L).getRegion(); assert(R); @@ -878,8 +845,6 @@ Store RegionStoreManager::Remove(Store store, Loc L) { if (isa<loc::MemRegionVal>(L)) R = cast<loc::MemRegionVal>(L).getRegion(); - else if (isa<loc::SymbolVal>(L)) - R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol()); if (R) { RegionBindingsTy B = GetRegionBindings(store); diff --git a/lib/Analysis/SVals.cpp b/lib/Analysis/SVals.cpp index acc4111b70..3e958ba801 100644 --- a/lib/Analysis/SVals.cpp +++ b/lib/Analysis/SVals.cpp @@ -34,9 +34,6 @@ using llvm::APSInt; /// wraps a symbol, return that SymbolRef. Otherwise return a SymbolRef /// where 'isValid()' returns false. SymbolRef SVal::getAsLocSymbol() const { - if (const loc::SymbolVal *X = dyn_cast<loc::SymbolVal>(this)) - return X->getSymbol(); - if (const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(this)) { const MemRegion *R = X->getRegion(); @@ -431,10 +428,6 @@ void Loc::print(llvm::raw_ostream& Out) const { << " (Loc)"; break; - case loc::SymbolValKind: - Out << '$' << cast<loc::SymbolVal>(this)->getSymbol(); - break; - case loc::GotoLabelKind: Out << "&&" << cast<loc::GotoLabel>(this)->getLabel()->getID()->getName(); diff --git a/lib/Analysis/SimpleConstraintManager.cpp b/lib/Analysis/SimpleConstraintManager.cpp index 904479c4c3..feaad191ef 100644 --- a/lib/Analysis/SimpleConstraintManager.cpp +++ b/lib/Analysis/SimpleConstraintManager.cpp @@ -94,14 +94,6 @@ SimpleConstraintManager::AssumeAux(const GRState* St, Loc Cond, bool Assumption, assert (false && "'Assume' not implemented for this Loc."); return St; - case loc::SymbolValKind: - if (Assumption) - return AssumeSymNE(St, cast<loc::SymbolVal>(Cond).getSymbol(), - BasicVals.getZeroWithPtrWidth(), isFeasible); - else - return AssumeSymEQ(St, cast<loc::SymbolVal>(Cond).getSymbol(), - BasicVals.getZeroWithPtrWidth(), isFeasible); - case loc::MemRegionKind: { // FIXME: Should this go into the storemanager? @@ -110,9 +102,14 @@ SimpleConstraintManager::AssumeAux(const GRState* St, Loc Cond, bool Assumption, while (SubR) { // FIXME: now we only find the first symbolic region. - if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(SubR)) - return AssumeAux(St, loc::SymbolVal(SymR->getSymbol()), Assumption, - isFeasible); + if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(SubR)) { + if (Assumption) + return AssumeSymNE(St, SymR->getSymbol(), + BasicVals.getZeroWithPtrWidth(), isFeasible); + else + return AssumeSymEQ(St, SymR->getSymbol(), + BasicVals.getZeroWithPtrWidth(), isFeasible); + } SubR = dyn_cast<SubRegion>(SubR->getSuperRegion()); } |