lib/Analysis/Store.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

//== Store.cpp - Interface for maps from Locations to Values ----*- C++ -*--==//
//
//                     The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
//  This file defined the types Store and StoreManager.
//
//===----------------------------------------------------------------------===//

#include "clang/Analysis/PathSensitive/Store.h"
#include "clang/Analysis/PathSensitive/GRState.h"

using namespace clang;

StoreManager::StoreManager(GRStateManager &stateMgr)
  : ValMgr(stateMgr.getValueManager()),
    StateMgr(stateMgr),
    MRMgr(ValMgr.getRegionManager()) {}

StoreManager::CastResult
StoreManager::CastRegion(const GRState* state, const MemRegion* R,
                               QualType CastToTy) {
  
  ASTContext& Ctx = StateMgr.getContext();

  // We need to know the real type of CastToTy.
  QualType ToTy = Ctx.getCanonicalType(CastToTy);

  // Return the same region if the region types are compatible.
  if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
    QualType Ta = Ctx.getCanonicalType(TR->getLValueType(Ctx));

    if (Ta == ToTy)
      return CastResult(state, R);
  }
  
  // Check if we are casting to 'void*'.
  // FIXME: Handle arbitrary upcasts.
  if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr()))
    if (PTy->getPointeeType()->isVoidType()) {

      // Casts to void* only removes TypedViewRegion. If there is no
      // TypedViewRegion, leave the region untouched. This happens when:
      //
      // void foo(void*);
      // ...
      // void bar() {
      //   int x;
      //   foo(&x);
      // }

      if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R))
        R = TR->removeViews();
      
      return CastResult(state, R);
    }

  // FIXME: Need to handle arbitrary downcasts.
  // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion
  //         or an AllocaRegion is cast to another view, thus causing the memory
  //         to be re-used for a different purpose.

  if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) {
    const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);  
    return CastResult(AddRegionView(state, ViewR, R), ViewR);
  }
  
  return CastResult(state, R);
}