From 43b82b823a6113fdbee54243b280db9c55ef72cb Mon Sep 17 00:00:00 2001 From: Ted Kremenek Date: Sun, 24 Feb 2013 07:21:01 +0000 Subject: [analyzer] tracking stores/constraints now works for ObjC ivars or struct fields. This required more changes than I originally expected: - ObjCIvarRegion implements "canPrintPretty" et al - DereferenceChecker indicates the null pointer source is an ivar - bugreporter::trackNullOrUndefValue() uses an alternate algorithm to compute the location region to track by scouring the ExplodedGraph. This allows us to get the actual MemRegion for variables, ivars, fields, etc. We only hand construct a VarRegion for C++ references. - ExplodedGraph no longer drops nodes for expressions that are marked 'lvalue'. This is to facilitate the logic in the previous bullet. This may lead to a slight increase in size in the ExplodedGraph, which I have not measured, but it is likely not to be a big deal. I have validated each of the changed plist output. Fixes git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/ExplodedGraph.cpp | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'lib/StaticAnalyzer/Core/ExplodedGraph.cpp') diff --git a/lib/StaticAnalyzer/Core/ExplodedGraph.cpp b/lib/StaticAnalyzer/Core/ExplodedGraph.cpp index a72f49d805..443d87076a 100644 --- a/lib/StaticAnalyzer/Core/ExplodedGraph.cpp +++ b/lib/StaticAnalyzer/Core/ExplodedGraph.cpp @@ -66,9 +66,10 @@ bool ExplodedGraph::shouldCollect(const ExplodedNode *node) { // (5) The 'store' is the same as the predecessor. // (6) The 'GDM' is the same as the predecessor. // (7) The LocationContext is the same as the predecessor. - // (8) The PostStmt isn't for a non-consumed Stmt or Expr. - // (9) The successor is not a CallExpr StmtPoint (so that we would be able to - // find it when retrying a call with no inlining). + // (8) Expressions that are *not* lvalue expressions. + // (9) The PostStmt isn't for a non-consumed Stmt or Expr. + // (10) The successor is not a CallExpr StmtPoint (so that we would + // be able to find it when retrying a call with no inlining). // FIXME: It may be safe to reclaim PreCall and PostCall nodes as well. // Conditions 1 and 2. @@ -99,20 +100,23 @@ bool ExplodedGraph::shouldCollect(const ExplodedNode *node) { if (state->store != pred_state->store || state->GDM != pred_state->GDM || progPoint.getLocationContext() != pred->getLocationContext()) return false; - + // Condition 8. - // Do not collect nodes for non-consumed Stmt or Expr to ensure precise - // diagnostic generation; specifically, so that we could anchor arrows - // pointing to the beginning of statements (as written in code). + // Do not collect nodes for lvalue expressions since they are + // used extensively for generating path diagnostics. const Expr *Ex = dyn_cast(ps.getStmt()); - if (!Ex) + if (!Ex || Ex->isLValue()) return false; + // Condition 9. + // Do not collect nodes for non-consumed Stmt or Expr to ensure precise + // diagnostic generation; specifically, so that we could anchor arrows + // pointing to the beginning of statements (as written in code). ParentMap &PM = progPoint.getLocationContext()->getParentMap(); if (!PM.isConsumedExpr(Ex)) return false; - - // Condition 9. + + // Condition 10. const ProgramPoint SuccLoc = succ->getLocation(); if (Optional SP = SuccLoc.getAs()) if (CallEvent::isCallStmt(SP->getStmt())) -- cgit v1.2.3-18-g5258