| Age | Commit message (Collapse) | Author |
|---|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89375 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89373 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
sugared types. The basic problem is that our qualifier accessors
(getQualifiers, getCVRQualifiers, isConstQualified, etc.) only look at
the current QualType and not at any qualifiers that come from sugared
types, meaning that we won't see these qualifiers through, e.g.,
typedefs:
typedef const int CInt;
typedef CInt Self;
Self.isConstQualified() currently returns false!
Various bugs (e.g., PR5383) have cropped up all over the front end due
to such problems. I'm addressing this problem by splitting each
qualifier accessor into two versions:
- the "local" version only returns qualifiers on this particular
QualType instance
- the "normal" version that will eventually combine qualifiers from this
QualType instance with the qualifiers on the canonical type to
produce the full set of qualifiers.
This commit adds the local versions and switches a few callers from
the "normal" version (e.g., isConstQualified) over to the "local"
version (e.g., isLocalConstQualified) when that is the right thing to
do, e.g., because we're printing or serializing the qualifiers. Also,
switch a bunch of
Context.getCanonicalType(T1).getUnqualifiedType() == Context.getCanonicalType(T2).getQualifiedType()
expressions over to
Context.hasSameUnqualifiedType(T1, T2)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88969 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the
region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
we can let all Retrieve() methods simply return SVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88888 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
getBaseRegion will be used in another method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86649 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84081 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointers. Most logic cares first about whether or not a region is
symbolic, and second if represents code. This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80335 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
implicit cast logic in RegionStoreManager to BasicStoreManager. This involved
moving CastRetriedVal from RegionStoreManager to StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80026 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'void*' (or 'const void*') as an identity transformation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77860 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
Type::getAsRecordType() -> Type::getAs<RecordType>()
Type::getAsPointerType() -> Type::getAs<PointerType>()
Type::getAsBlockPointerType() -> Type::getAs<BlockPointerType>()
Type::getAsLValueReferenceType() -> Type::getAs<LValueReferenceType>()
Type::getAsRValueReferenceType() -> Type::getAs<RValueReferenceType>()
Type::getAsMemberPointerType() -> Type::getAs<MemberPointerType>()
Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
Type::getAsTagType() -> Type::getAs<TagType>()
And remove Type::getAsReferenceType(), etc.
This change is similar to one I made a couple weeks ago, but that was partly
reverted pending some additional design discussion. With Doug's pending smart
pointer changes for Types, it seemed natural to take this approach.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77510 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in StoreManager to RegionStoreManager, and create a special, highly reduced
version in BasicStoreManager.
These changes are in preparation for future RegionStore-specific changes to
InvalidateRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77483 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'cast type' of a region to invalidate its binding. This only occurs
when using RegionStoreManager, as it records the cast type. I'm
currently considering removing the notion of a cast type (see
comments in code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76719 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
whatever) to a BlockPointerType.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76288 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
until Doug Gregor's Type smart pointer code lands (or more discussion occurs).
These methods just call the new Type::getAs<XXX> methods, so we still have
reduced implementation redundancy. Having explicit getAsXXXType() methods makes
it easier to set breakpoints in the debugger.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76193 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Type::getAsMemberPointerType(), Type::getAsTagType(), and Type::getAsRecordType() with their Type::getAs<XXX> equivalents.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76139 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This method is intended to eventually replace the individual
Type::getAsXXXType<> methods.
The motivation behind this change is twofold:
1) Reduce redundant implementations of Type::getAsXXXType() methods. Most of
them are basically copy-and-paste.
2) By centralizing the implementation of the getAs<Type> logic we can more
smoothly move over to Doug Gregor's proposed canonical type smart pointer
scheme.
Along with this patch:
a) Removed 'Type::getAsPointerType()'; now clients use getAs<PointerType>.
b) Removed 'Type::getAsBlockPointerTypE()'; now clients use getAs<BlockPointerType>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76098 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Convert all clients to use the new predicate on Type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76076 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75750 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
symbolic arrays that have been invalidated. This uses the new SymbolDerived
construct that was recently introduced.
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75730 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75713 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
invalidate the region correctly. It uses the cast-to type to invalidate
the region when available. To avoid invalid cast-to type like 'void*' or 'id',
region store now only records non-generic casts of regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75580 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
CodeTextRegions can only be casted to FunctionPointer or BlockPointerTypes. This
simply isn't true. We can handle bogus operations on CodeTextRegions (e.g, an
array access) elsewhere.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75285 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
void**, void***, etc. Such casts should just pass the region through.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75281 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74890 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74884 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74877 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
region type. This better shows the logic of the method and allows the compiler
to check if we didn't handle a specific region kind.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74876 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74875 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74874 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74872 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Refactor logic that creates ElementRegions into a help method 'MakeElementRegion'.
- Fix crash due to not handling StringRegions. Casts of StringRegions now
result in a new ElementRegion layered on the original StringRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74867 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Have test for 'CodeTextRegion' dominate other region tests.
- Use 'getAsRecordType' instead of isa<RecordType>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74853 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74852 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(its superclass). This will allow us to experiment with using the new CastRegion
with BasicStoreManager, and gradually phase out the old implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74816 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74812 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
TypedRegion. While we plan on removing this code at some point, it serves as a
good reference implementation for use with BasicStore until we are sure the new
CastRegion logic (in RegionStore.cpp) is correct.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74559 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
be unique.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73482 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RValueType => ObjectType
LValueType => LocationType
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71304 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
- Strip ElementRegions when the ElementRegion is just a 'raw data' view
on top of the underlying typed region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71094 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70865 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70864 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70844 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
StoreManager: Handle casts from one element region to another.
Update test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70836 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'ElementRegion' on top of the VarRegion for 'x'. This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager. It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70832 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70565 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
some refactoring I did recently to StoreManager.
StoreManager::CastRegion: Handle casts to void* by stripping TypedViewRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69751 91177308-0d34-0410-b5e6-96231b3b80d8
|
