aboutsummaryrefslogtreecommitdiff
path: root/lib/Analysis
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Analysis')
-rw-r--r--lib/Analysis/BasicConstraintManager.cpp15
-rw-r--r--lib/Analysis/BasicStore.cpp6
-rw-r--r--lib/Analysis/MemRegion.cpp32
-rw-r--r--lib/Analysis/RegionStore.cpp6
4 files changed, 40 insertions, 19 deletions
diff --git a/lib/Analysis/BasicConstraintManager.cpp b/lib/Analysis/BasicConstraintManager.cpp
index 0c98bf6450..58c4727d51 100644
--- a/lib/Analysis/BasicConstraintManager.cpp
+++ b/lib/Analysis/BasicConstraintManager.cpp
@@ -165,17 +165,14 @@ const GRState* BasicConstraintManager::AssumeAux(const GRState* St, Loc Cond,
// FIXME: Should this go into the storemanager?
const MemRegion* R = cast<loc::MemRegionVal>(Cond).getRegion();
-
- while (R) {
- if (const SubRegion* SubR = dyn_cast<SubRegion>(R)) {
- R = SubR->getSuperRegion();
- continue;
- }
- else if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(R))
+ const SubRegion* SubR = dyn_cast<SubRegion>(R);
+
+ while (SubR) {
+ // FIXME: now we only find the first symbolic region.
+ if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(SubR))
return AssumeAux(St, loc::SymbolVal(SymR->getSymbol()), Assumption,
isFeasible);
-
- break;
+ SubR = dyn_cast<SubRegion>(SubR->getSuperRegion());
}
// FALL-THROUGH.
diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp
index 2feea594b8..ad542b884a 100644
--- a/lib/Analysis/BasicStore.cpp
+++ b/lib/Analysis/BasicStore.cpp
@@ -173,7 +173,8 @@ SVal BasicStoreManager::getLValueField(const GRState* St, SVal Base,
switch(BaseL.getSubKind()) {
case loc::SymbolValKind:
- BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol(),
+ StateMgr.getSymbolManager());
break;
case loc::GotoLabelKind:
@@ -218,7 +219,8 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base,
// Create a region to represent this symbol.
// FIXME: In the future we may just use symbolic regions instead of
// SymbolVals to reason about symbolic memory chunks.
- const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym);
+ const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym,
+ StateMgr.getSymbolManager());
// Layered a typed region on top of this.
QualType T = StateMgr.getSymbolManager().getType(Sym);
BaseR = MRMgr.getAnonTypedRegion(T, SymR);
diff --git a/lib/Analysis/MemRegion.cpp b/lib/Analysis/MemRegion.cpp
index 82f4423541..e41c5f937b 100644
--- a/lib/Analysis/MemRegion.cpp
+++ b/lib/Analysis/MemRegion.cpp
@@ -107,6 +107,28 @@ void ElementRegion::Profile(llvm::FoldingSetNodeID& ID) const {
ElementRegion::ProfileRegion(ID, Index, superRegion);
}
+//===----------------------------------------------------------------------===//
+// getLValueType() and getRValueType()
+//===----------------------------------------------------------------------===//
+
+QualType SymbolicRegion::getRValueType(ASTContext& C) const {
+ const SymbolData& data = SymMgr.getSymbolData(sym);
+
+ // FIXME: We could use the SymbolManager::getType() directly. But that
+ // would hide the assumptions we made here. What is the type of a symbolic
+ // region is unclear for other cases.
+
+ // For now we assume the symbol is a typed region rvalue.
+ const TypedRegion* R
+ = cast<TypedRegion>(cast<SymbolRegionRValue>(data).getRegion());
+
+ // Assume the region rvalue has a pointer type, only then we could have a
+ // symbolic region associated with it.
+ PointerType* PTy = cast<PointerType>(R->getRValueType(C).getTypePtr());
+
+ return PTy->getPointeeType();
+}
+
QualType ElementRegion::getRValueType(ASTContext& C) const {
// Strip off typedefs from the ArrayRegion's RvalueType.
QualType T = getArrayRegion()->getRValueType(C)->getDesugaredType();
@@ -119,10 +141,6 @@ QualType ElementRegion::getRValueType(ASTContext& C) const {
return T;
}
-//===----------------------------------------------------------------------===//
-// getLValueType() and getRValueType()
-//===----------------------------------------------------------------------===//
-
QualType StringRegion::getRValueType(ASTContext& C) const {
return Str->getType();
}
@@ -308,7 +326,8 @@ MemRegionManager::getElementRegion(SVal Idx, const TypedRegion* superRegion){
}
/// getSymbolicRegion - Retrieve or create a "symbolic" memory region.
-SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym) {
+SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym,
+ const SymbolManager& mgr) {
llvm::FoldingSetNodeID ID;
SymbolicRegion::ProfileRegion(ID, sym);
@@ -319,7 +338,8 @@ SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym) {
if (!R) {
R = (SymbolicRegion*) A.Allocate<SymbolicRegion>();
- new (R) SymbolicRegion(sym);
+ // SymbolicRegion's storage class is usually unknown.
+ new (R) SymbolicRegion(sym, mgr, getUnknownRegion());
Regions.InsertNode(R, InsertPos);
}
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index 8d36d10a8a..e640087acb 100644
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -312,7 +312,8 @@ SVal RegionStoreManager::getLValueField(const GRState* St, SVal Base,
break;
case loc::SymbolValKind:
- BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol(),
+ StateMgr.getSymbolManager());
break;
case loc::GotoLabelKind:
@@ -701,7 +702,8 @@ Store RegionStoreManager::Remove(Store store, Loc L) {
if (isa<loc::MemRegionVal>(L))
R = cast<loc::MemRegionVal>(L).getRegion();
else if (isa<loc::SymbolVal>(L))
- R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol());
+ R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol(),
+ StateMgr.getSymbolManager());
if (R) {
RegionBindingsTy B = GetRegionBindings(store);
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-08-04 05:57:01 +0000