| Age | Commit message (Collapse) | Author |
|---|
|
wouldn't correctly get registered in the SubRegion map.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78162 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78000 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77876 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77875 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
manipulate the entire GRState, not just the Store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77870 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
Type::getAsRecordType() -> Type::getAs<RecordType>()
Type::getAsPointerType() -> Type::getAs<PointerType>()
Type::getAsBlockPointerType() -> Type::getAs<BlockPointerType>()
Type::getAsLValueReferenceType() -> Type::getAs<LValueReferenceType>()
Type::getAsRValueReferenceType() -> Type::getAs<RValueReferenceType>()
Type::getAsMemberPointerType() -> Type::getAs<MemberPointerType>()
Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
Type::getAsTagType() -> Type::getAs<TagType>()
And remove Type::getAsReferenceType(), etc.
This change is similar to one I made a couple weeks ago, but that was partly
reverted pending some additional design discussion. With Doug's pending smart
pointer changes for Types, it seemed natural to take this approach.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77510 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in StoreManager to RegionStoreManager, and create a special, highly reduced
version in BasicStoreManager.
These changes are in preparation for future RegionStore-specific changes to
InvalidateRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77483 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instead preferring to use the a region's actual type when creating
symbols and using the QualType passed to Retrieve for implicit
casting. This preprocessor logic is temporary; eventually we will
either remove region casts or keep them.
Temporarily toggle (via preprocessor directives) that SymbolicRegions
with heap storage are not undefined, but instead should be
symbolicated. If we want to model that a SymbolicRegion is
uninitialized, we can explicitly model that by binding UndefinedVal to
that region. It turns out that we want to treat most heap objects as
being defined, not the other way around.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76720 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to SValuator::EvalCast. In the process, the StoreManagers now use this new cast
machinery, and the hack in GRExprEngine::EvalBind to handle implicit casts
involving OSAtomicCompareAndSwap and friends has been removed (and replaced with
logic closer to the logic specific to those functions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76641 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
-refactor logic for retrieving bindings from VarDecls into
RegionStoreManager::RetrieveVar()
- improve RegionStoreManager::CastRetrievedVal() and SimpleSValuate::EvalCastNL
to better handle casts of values of the same canonical type as well as
casts of LocAsInteger values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76516 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointers.
Enhanced RegionStoreManager::Retrieve() to handle automatic casts when the
loaded value is different from the requested value. This should be refined over
time, but essentially we should always symbolicate locations as locations, and
convert them to non-locations on demand.
These changes now cause 'misc-ps.m' to pass again.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76497 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
until Doug Gregor's Type smart pointer code lands (or more discussion occurs).
These methods just call the new Type::getAs<XXX> methods, so we still have
reduced implementation redundancy. Having explicit getAsXXXType() methods makes
it easier to set breakpoints in the debugger.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76193 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Type::getAsMemberPointerType(), Type::getAsTagType(), and Type::getAsRecordType() with their Type::getAs<XXX> equivalents.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76139 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This method is intended to eventually replace the individual
Type::getAsXXXType<> methods.
The motivation behind this change is twofold:
1) Reduce redundant implementations of Type::getAsXXXType() methods. Most of
them are basically copy-and-paste.
2) By centralizing the implementation of the getAs<Type> logic we can more
smoothly move over to Doug Gregor's proposed canonical type smart pointer
scheme.
Along with this patch:
a) Removed 'Type::getAsPointerType()'; now clients use getAs<PointerType>.
b) Removed 'Type::getAsBlockPointerTypE()'; now clients use getAs<BlockPointerType>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76098 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ValueManager::makeArrayIndex()/convertArrayIndex() methods. This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75884 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75865 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
follow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75748 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75745 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75738 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
symbolic arrays that have been invalidated. This uses the new SymbolDerived
construct that was recently introduced.
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75730 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
do this by silently wrapping the region with an ElementRegion. This fixes the failures in misc-ps-region-store.m.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75679 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
invalidate the region correctly. It uses the cast-to type to invalidate
the region when available. To avoid invalid cast-to type like 'void*' or 'id',
region store now only records non-generic casts of regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75580 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and implementing operator<< support for llvm::raw_ostream.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75560 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
convention and style similar to other elements in Clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75548 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MemRegion kinds. This allows the compiler to identify what MemRegions we don't
handle for pointer arithmetic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75326 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
over the types of MemRegions. This allows the compiler to warn us which regions
are not handled, and also is a little faster.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75304 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(its superclass). This will allow us to experiment with using the new CastRegion
with BasicStoreManager, and gradually phase out the old implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74762 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74751 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ValueManager::getRegionValueSymbolVal() with unguarded calls to
ValueManager::getRegionValueSymbolValOrUnknown(). This changes centralizes the
decision of what values to symbolicate in SymbolManager rather than having it
scatter in RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74730 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
structures passed-by-value as function arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74729 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
directly consulting if a VarDecl is an implicit or actual parameter, a global,
etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74716 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
actual lifetime to their logical lifetime.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74665 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pass misc-ps.m. Currently RegionStore/BasicStore don't do any special reasoning
about clang-style vectors, so we should return UnknownVal (in all cases) when
accessing their values via an array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74660 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74581 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unknown for it.
Mark the super region of a live region as live, if the live region is pointed
to by a live pointer variable.
These fixes xfail_regionstore_wine_crash.c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74524 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Remove ASTContext parameter from DeclContext's methods. This change cascaded down to other Decl's methods and changes to call sites started "escalating".
Timings using pre-tokenized "cocoa.h" showed only a ~1% increase in time run between and after this commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74506 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
handled by RetrieveArray().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74409 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74244 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.
We now have one implementation of SValuator: SimpleSValuator.
SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.
As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74229 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74168 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74166 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Revert to setting default value approach for handling struct initialization.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74160 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74136 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74047 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74043 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Change implementation of MemRegion::hasStackStorage()/hasHeapStorage() to use
'getMemorySpace()'. This avoids a double traversal up the region hierarchy
and is simpler.
- Add MemRegion::hasHeapOrStackStorage() as a slightly more efficient
alternative to 'hasStackStorage() || hasHeapStorage()'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73977 91177308-0d34-0410-b5e6-96231b3b80d8
|
