| Age | Commit message (Collapse) | Author |
|---|
|
- Store bindings using a MemRegion -> SVal binding instead of VarDecl -> SVal
binding. This mirrors some of the idea of RegionStore, but is far simpler and
not nearly as functional. This leads to some code simplification and
some potential for some minor precision hacks.
Along the way...
- constify the use of MemRegion* in a few places
- add operator<<(llvm::raw_ostream, const MemRegion*)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66163 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65957 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MemRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65919 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
for clients of StoreManagers from MemRegions to their subregions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65914 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65764 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
do the symblic regions associated with them and we need them to be typed.
Current SymbolicRegion::getRValueType() method is very restricting. It may be
modified when we are more clear about what could be the types of symblic
regions.
BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a
subclass of SubRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63844 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
subscript expression was an ElementRegion we stacked another ElementRegion on top of that.
This fixes PR 3422.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63110 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
their associated APIs. We no longer need separate SymbolData objects
for fields, variables, etc. Instead, we now associated symbols with
the "rvalue" of a MemRegion (i.e., the value stored at that region).
Now we only have two kinds of SymbolData objects: SymbolRegionRValue
and SymbolConjured.
This cleanup also makes the distinction between a SymbolicRegion and a
symbolic value that is a location much clearer. A SymbolicRegion
represents a chunk of symbolic memory, while a symbolic location is
just a "pointer" with different possible values. Without any specific
knowledge, a symbolic location resolves (i.e., via a dereference) to a
SymbolicRegion. In the future, when we do better alias reasoning, a
symbolic location can become an alias for another location, thus
merging the constraints on the referred SymbolicRegion with the other
region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62769 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62722 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
StoreManager::GetRegionSVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61894 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61888 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61304 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61300 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61299 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* Now Bind() methods take and return GRState* because binding could
also alter GDM.
* No variables are initialized except those declared with initial
values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61274 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts.
StoreManager:
- Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().
AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion.
GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.
Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60995 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored.
MemRegion:
- Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design.
BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion.
RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60990 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
layer an AnonTypedRegion on top of it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60808 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BasicStoreManager::getLValueField() (i.e., don't just return the 'base' as the SVal)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60795 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRState* argument instead of a Store. This allows them to use the GDM for storing other data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60570 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60520 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60205 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
NamedDecl::getNameAsString() to make it more explicit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59937 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
environment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- RegionView and RegionViewMap is introduced to assist back-mapping from
super region to subregions.
- GDM is used to carry RegionView information.
- AnonTypedRegion is added to represent a typed region introduced by pointer
casting. Later AnonTypedRegion can be used in other similar cases, e.g.,
malloc()'ed region.
- The specific conversion is delegated to store manager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59382 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59359 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instead of an Expr* (which can be null). Lazy symbolication of conjured symbols is now the sole responsibility of GRExprEngine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59151 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
available, things get much simplified.
One addition is that CompoundLiteralExpr can appear both in rvalue and lvalue
context.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58837 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BindDecl better describes what the function does:
- Bind the VarDecl to its memory region
- Bind the memory region to some initial value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58359 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- GRExprEngine::VisitCompoundLiteral...
(1) visits the initializer list (generating ExplodedNodes)
(2) creates a CompoundMemRegion for the literal
(3) creates a new state with the bound literal values using
GRStateManager::BindCompoundLiteral
- GRStateManager::BindCompoundLiteral simply calls
StoreManager::BindCompoundLiteral to get a new store and returns a persistent
GRState with that store.
- BasicStore::BindCompoundLiteral simply returns the same store, as it
doesn't handle field sensitivity
- RegionStore::BindCompoundLiteral currently fires an assert (pending discussion
of how to best implement mappings for CompoundLiteralRegion).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58277 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the Store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58182 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
for StringLiteral lvalue evaluation, instead of directly returning a
loc::StringLiteralVal by the Environment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58138 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
associated with the "this" or "self" object (C++ and Objective-C respectively).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58107 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
intact.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58028 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57964 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57909 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRExprEngine::VisitCast() so that other parts of the analyzer can be ignorant.
When we cast "array of type T" to "pointer to T", we get the loc::MemRegionVal
corresponding to the array variable. This is sufficient for BasicStore, but not
for RegionStore. RegionStore should get the element region for the first array
element in the cast. So next comes to the revamping of transfer functions for
different store model.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57897 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57896 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
restores null dereference checking with array accesses.
BasicStore::RemoveDeadBindings: handle regions besides VarRegions (we now have FieldRegions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57741 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Added new region "SymbolicRegion", which maps symbol values to the region domain.
- Enhanced BasicStore::getFieldLValue() to return a FieldRegion (using SymbolicRegion)
- Added some utility methods to GRState for fetch svals from the store.
- Fixed regression in CheckNSError (we weren't getting the value bound to the parameter)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57717 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RVal => SVal
LVal => Loc
NonLVal => NonLoc
lval => loc
nonlval => nonloc
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57671 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
struct s {};
void f() {
int a[10];
int (*p)[10];
p = &a;
(*p)[3] =1;
struct s d;
struct s *q;
q = &d;
}
We return the corresponding MemRegionVal for them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57664 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
regions.
Remove GRExprEngine::getLVal and RValues::MakeVal.
Enhance StoreManager "GetLValue" methods to dispatch for specific kinds of lvalue queries, as opposed to interogating the expression tree (GRExprEngine already does this).
Added FIXMEs. In particular, we no longer "assume" that a base pointer in a field/array access is null (this logic was removed). Perhaps we should do this when fetching the lvalue for fields and array elements?
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57657 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57654 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
new VisitLValue method is added to replace the old VisitLVal. The semantics
model becomes more explicit to separate rvalue evaluation from lvalue
evaluation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57627 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57225 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57107 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the patch consists of deltas due to API changes.
This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h. This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses. This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.
The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls. In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal. Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.
There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.
The memory region abstraction also allows type-information to literally be affixed to a memory region. This will allow the some now redundant logic to be removed from the retain/release checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57042 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Change definition of store::Region and store::Binding (once again) to make
them real classes that just wrap pointers. This makes them more strictly
typed, and allows specific implementations of Regions/Bindings to just
subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments
StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'
BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55688 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55522 91177308-0d34-0410-b5e6-96231b3b80d8
|
