diff options
| author | rdivacky <rdivacky@FreeBSD.org> | 2010-05-27 15:17:06 +0000 |
|---|---|---|
| committer | rdivacky <rdivacky@FreeBSD.org> | 2010-05-27 15:17:06 +0000 |
| commit | 53992adde3eda3ccf9da63bc7e45673f043de18f (patch) | |
| tree | 3558f327a6f9ab59c5d7a06528d84e1560445247 /lib/Checker | |
| parent | 7e411337c0ed226dace6e07f1420486768161308 (diff) | |
| download | FreeBSD-src-53992adde3eda3ccf9da63bc7e45673f043de18f.zip FreeBSD-src-53992adde3eda3ccf9da63bc7e45673f043de18f.tar.gz | |
Update clang to r104832.
Diffstat (limited to 'lib/Checker')
| -rw-r--r-- | lib/Checker/BasicObjCFoundationChecks.cpp | 4 | ||||
| -rw-r--r-- | lib/Checker/BasicStore.cpp | 8 | ||||
| -rw-r--r-- | lib/Checker/CFRefCount.cpp | 83 | ||||
| -rw-r--r-- | lib/Checker/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | lib/Checker/CastSizeChecker.cpp | 82 | ||||
| -rw-r--r-- | lib/Checker/CheckObjCDealloc.cpp | 3 | ||||
| -rw-r--r-- | lib/Checker/FlatStore.cpp | 4 | ||||
| -rw-r--r-- | lib/Checker/GRCXXExprEngine.cpp | 4 | ||||
| -rw-r--r-- | lib/Checker/GRExprEngine.cpp | 35 | ||||
| -rw-r--r-- | lib/Checker/GRExprEngineExperimentalChecks.cpp | 1 | ||||
| -rw-r--r-- | lib/Checker/GRExprEngineInternalChecks.h | 1 | ||||
| -rw-r--r-- | lib/Checker/GRState.cpp | 7 | ||||
| -rw-r--r-- | lib/Checker/LLVMConventionsChecker.cpp | 2 | ||||
| -rw-r--r-- | lib/Checker/MallocChecker.cpp | 5 | ||||
| -rw-r--r-- | lib/Checker/MemRegion.cpp | 2 | ||||
| -rw-r--r-- | lib/Checker/ObjCUnusedIVarsChecker.cpp | 3 | ||||
| -rw-r--r-- | lib/Checker/RegionStore.cpp | 41 |
17 files changed, 232 insertions, 56 deletions
diff --git a/lib/Checker/BasicObjCFoundationChecks.cpp b/lib/Checker/BasicObjCFoundationChecks.cpp index e7275ca..b852e2a 100644 --- a/lib/Checker/BasicObjCFoundationChecks.cpp +++ b/lib/Checker/BasicObjCFoundationChecks.cpp @@ -521,11 +521,11 @@ void ClassReleaseChecker::PreVisitObjCMessageExpr(CheckerContext &C, ObjCInterfaceDecl *Class = 0; switch (ME->getReceiverKind()) { case ObjCMessageExpr::Class: - Class = ME->getClassReceiver()->getAs<ObjCInterfaceType>()->getDecl(); + Class = ME->getClassReceiver()->getAs<ObjCObjectType>()->getInterface(); break; case ObjCMessageExpr::SuperClass: - Class = ME->getSuperType()->getAs<ObjCInterfaceType>()->getDecl(); + Class = ME->getSuperType()->getAs<ObjCObjectType>()->getInterface(); break; case ObjCMessageExpr::Instance: diff --git a/lib/Checker/BasicStore.cpp b/lib/Checker/BasicStore.cpp index 34470af..5be5ca6 100644 --- a/lib/Checker/BasicStore.cpp +++ b/lib/Checker/BasicStore.cpp @@ -72,7 +72,7 @@ public: /// RemoveDeadBindings - Scans a BasicStore of 'state' for dead values. /// It updatees the GRState object in place with the values removed. - Store RemoveDeadBindings(Store store, Stmt* Loc, + const GRState *RemoveDeadBindings(GRState &state, Stmt* Loc, const StackFrameContext *LCtx, SymbolReaper& SymReaper, llvm::SmallVectorImpl<const MemRegion*>& RegionRoots); @@ -251,11 +251,12 @@ Store BasicStoreManager::Remove(Store store, Loc loc) { } } -Store BasicStoreManager::RemoveDeadBindings(Store store, Stmt* Loc, +const GRState *BasicStoreManager::RemoveDeadBindings(GRState &state, Stmt* Loc, const StackFrameContext *LCtx, SymbolReaper& SymReaper, llvm::SmallVectorImpl<const MemRegion*>& RegionRoots) { + Store store = state.getStore(); BindingsTy B = GetBindings(store); typedef SVal::symbol_iterator symbol_iterator; @@ -329,7 +330,8 @@ Store BasicStoreManager::RemoveDeadBindings(Store store, Stmt* Loc, } } - return store; + state.setStore(store); + return StateMgr.getPersistentState(state); } Store BasicStoreManager::scanForIvars(Stmt *B, const Decl* SelfDecl, diff --git a/lib/Checker/CFRefCount.cpp b/lib/Checker/CFRefCount.cpp index d26ee1d..42e6f67 100644 --- a/lib/Checker/CFRefCount.cpp +++ b/lib/Checker/CFRefCount.cpp @@ -37,6 +37,49 @@ using namespace clang; using llvm::StringRef; using llvm::StrInStrNoCase; +namespace { +class InstanceReceiver { + const ObjCMessageExpr *ME; + const LocationContext *LC; +public: + InstanceReceiver(const ObjCMessageExpr *me = 0, + const LocationContext *lc = 0) : ME(me), LC(lc) {} + + bool isValid() const { + return ME && ME->isInstanceMessage(); + } + operator bool() const { + return isValid(); + } + + SVal getSValAsScalarOrLoc(const GRState *state) { + assert(isValid()); + // We have an expression for the receiver? Fetch the value + // of that expression. + if (const Expr *Ex = ME->getInstanceReceiver()) + return state->getSValAsScalarOrLoc(Ex); + + // Otherwise we are sending a message to super. In this case the + // object reference is the same as 'self'. + if (const ImplicitParamDecl *SelfDecl = LC->getSelfDecl()) + return state->getSVal(state->getRegion(SelfDecl, LC)); + + return UnknownVal(); + } + + SourceRange getSourceRange() const { + assert(isValid()); + if (const Expr *Ex = ME->getInstanceReceiver()) + return Ex->getSourceRange(); + + // Otherwise we are sending a message to super. + SourceLocation L = ME->getSuperLoc(); + assert(L.isValid()); + return SourceRange(L, L); + } +}; +} + static const ObjCMethodDecl* ResolveToInterfaceMethodDecl(const ObjCMethodDecl *MD) { ObjCInterfaceDecl *ID = @@ -618,11 +661,11 @@ public: break; case ObjCMessageExpr::Class: - OD = ME->getClassReceiver()->getAs<ObjCInterfaceType>()->getDecl(); + OD = ME->getClassReceiver()->getAs<ObjCObjectType>()->getInterface(); break; case ObjCMessageExpr::SuperClass: - OD = ME->getSuperType()->getAs<ObjCInterfaceType>()->getDecl(); + OD = ME->getSuperType()->getAs<ObjCObjectType>()->getInterface(); break; } @@ -1374,7 +1417,7 @@ RetainSummaryManager::getInstanceMethodSummary(const ObjCMessageExpr *ME, // we just use the 'ID' from the message expression. SVal receiverV; - if (const Expr *Receiver = ME->getInstanceReceiver()) { + if (Receiver) { receiverV = state->getSValAsScalarOrLoc(Receiver); // FIXME: Eventually replace the use of state->get<RefBindings> with @@ -1724,7 +1767,7 @@ private: void ProcessNonLeakError(ExplodedNodeSet& Dst, GRStmtNodeBuilder& Builder, - Expr* NodeExpr, Expr* ErrorExpr, + Expr* NodeExpr, SourceRange ErrorRange, ExplodedNode* Pred, const GRState* St, RefVal::Kind hasErr, SymbolRef Sym); @@ -1768,7 +1811,7 @@ public: GRExprEngine& Eng, GRStmtNodeBuilder& Builder, Expr* Ex, - Expr* Receiver, + InstanceReceiver Receiver, const RetainSummary& Summ, const MemRegion *Callee, ExprIterator arg_beg, ExprIterator arg_end, @@ -2552,7 +2595,8 @@ static QualType GetReturnType(const Expr* RetE, ASTContext& Ctx) { // is a call to a class method whose type we can resolve. In such // cases, promote the return type to XXX* (where XXX is the class). const ObjCInterfaceDecl *D = ME->getReceiverInterface(); - return !D ? RetTy : Ctx.getPointerType(Ctx.getObjCInterfaceType(D)); + return !D ? RetTy : + Ctx.getObjCObjectPointerType(Ctx.getObjCInterfaceType(D)); } return RetTy; @@ -2562,7 +2606,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, GRExprEngine& Eng, GRStmtNodeBuilder& Builder, Expr* Ex, - Expr* Receiver, + InstanceReceiver Receiver, const RetainSummary& Summ, const MemRegion *Callee, ExprIterator arg_beg, ExprIterator arg_end, @@ -2571,7 +2615,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, // Evaluate the effect of the arguments. RefVal::Kind hasErr = (RefVal::Kind) 0; unsigned idx = 0; - Expr* ErrorExpr = NULL; + SourceRange ErrorRange; SymbolRef ErrorSym = 0; llvm::SmallVector<const MemRegion*, 10> RegionsToInvalidate; @@ -2584,7 +2628,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, if (RefBindings::data_type* T = state->get<RefBindings>(Sym)) { state = Update(state, Sym, *T, Summ.getArg(idx), hasErr); if (hasErr) { - ErrorExpr = *I; + ErrorRange = (*I)->getSourceRange(); ErrorSym = Sym; break; } @@ -2677,13 +2721,13 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, } // Evaluate the effect on the message receiver. - if (!ErrorExpr && Receiver) { - SymbolRef Sym = state->getSValAsScalarOrLoc(Receiver).getAsLocSymbol(); + if (!ErrorRange.isValid() && Receiver) { + SymbolRef Sym = Receiver.getSValAsScalarOrLoc(state).getAsLocSymbol(); if (Sym) { if (const RefVal* T = state->get<RefBindings>(Sym)) { state = Update(state, Sym, *T, Summ.getReceiverEffect(), hasErr); if (hasErr) { - ErrorExpr = Receiver; + ErrorRange = Receiver.getSourceRange(); ErrorSym = Sym; } } @@ -2692,7 +2736,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, // Process any errors. if (hasErr) { - ProcessNonLeakError(Dst, Builder, Ex, ErrorExpr, Pred, state, + ProcessNonLeakError(Dst, Builder, Ex, ErrorRange, Pred, state, hasErr, ErrorSym); return; } @@ -2703,7 +2747,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, if (RE.getKind() == RetEffect::OwnedWhenTrackedReceiver) { bool found = false; if (Receiver) { - SVal V = state->getSValAsScalarOrLoc(Receiver); + SVal V = Receiver.getSValAsScalarOrLoc(state); if (SymbolRef Sym = V.getAsLocSymbol()) if (state->get<RefBindings>(Sym)) { found = true; @@ -2759,8 +2803,8 @@ void CFRefCount::EvalSummary(ExplodedNodeSet& Dst, } case RetEffect::ReceiverAlias: { - assert (Receiver); - SVal V = state->getSValAsScalarOrLoc(Receiver); + assert(Receiver); + SVal V = Receiver.getSValAsScalarOrLoc(state); state = state->BindExpr(Ex, V, false); break; } @@ -2848,7 +2892,8 @@ void CFRefCount::EvalObjCMessageExpr(ExplodedNodeSet& Dst, : Summaries.getClassMethodSummary(ME); assert(Summ && "RetainSummary is null"); - EvalSummary(Dst, Eng, Builder, ME, ME->getInstanceReceiver(), *Summ, NULL, + EvalSummary(Dst, Eng, Builder, ME, + InstanceReceiver(ME, Pred->getLocationContext()), *Summ, NULL, ME->arg_begin(), ME->arg_end(), Pred, state); } @@ -3408,7 +3453,7 @@ void CFRefCount::EvalDeadSymbols(ExplodedNodeSet& Dst, void CFRefCount::ProcessNonLeakError(ExplodedNodeSet& Dst, GRStmtNodeBuilder& Builder, - Expr* NodeExpr, Expr* ErrorExpr, + Expr* NodeExpr, SourceRange ErrorRange, ExplodedNode* Pred, const GRState* St, RefVal::Kind hasErr, SymbolRef Sym) { @@ -3439,7 +3484,7 @@ void CFRefCount::ProcessNonLeakError(ExplodedNodeSet& Dst, } CFRefReport *report = new CFRefReport(*BT, *this, N, Sym); - report->addRange(ErrorExpr->getSourceRange()); + report->addRange(ErrorRange); BR->EmitReport(report); } diff --git a/lib/Checker/CMakeLists.txt b/lib/Checker/CMakeLists.txt index 82e93a4..9c6adc6 100644 --- a/lib/Checker/CMakeLists.txt +++ b/lib/Checker/CMakeLists.txt @@ -14,6 +14,7 @@ add_clang_library(clangChecker BuiltinFunctionChecker.cpp CallAndMessageChecker.cpp CallInliner.cpp + CastSizeChecker.cpp CastToStructChecker.cpp CFRefCount.cpp CheckDeadStores.cpp @@ -69,3 +70,5 @@ add_clang_library(clangChecker ValueManager.cpp VLASizeChecker.cpp ) + +add_dependencies(clangChecker ClangStmtNodes) diff --git a/lib/Checker/CastSizeChecker.cpp b/lib/Checker/CastSizeChecker.cpp new file mode 100644 index 0000000..754d775 --- /dev/null +++ b/lib/Checker/CastSizeChecker.cpp @@ -0,0 +1,82 @@ +//=== CastSizeChecker.cpp ---------------------------------------*- C++ -*-===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// CastSizeChecker checks when casting a malloc'ed symbolic region to type T, +// whether the size of the symbolic region is a multiple of the size of T. +// +//===----------------------------------------------------------------------===// +#include "clang/AST/CharUnits.h" +#include "clang/Checker/BugReporter/BugType.h" +#include "clang/Checker/PathSensitive/CheckerVisitor.h" +#include "GRExprEngineInternalChecks.h" + +using namespace clang; + +namespace { +class CastSizeChecker : public CheckerVisitor<CastSizeChecker> { + BuiltinBug *BT; +public: + CastSizeChecker() : BT(0) {} + static void *getTag(); + void PreVisitCastExpr(CheckerContext &C, const CastExpr *B); +}; +} + +void *CastSizeChecker::getTag() { + static int x; + return &x; +} + +void CastSizeChecker::PreVisitCastExpr(CheckerContext &C, const CastExpr *CE) { + const Expr *E = CE->getSubExpr(); + ASTContext &Ctx = C.getASTContext(); + QualType ToTy = Ctx.getCanonicalType(CE->getType()); + PointerType *ToPTy = dyn_cast<PointerType>(ToTy.getTypePtr()); + + if (!ToPTy) + return; + + QualType ToPointeeTy = ToPTy->getPointeeType(); + + const MemRegion *R = C.getState()->getSVal(E).getAsRegion(); + if (R == 0) + return; + + const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R); + if (SR == 0) + return; + + llvm::Optional<SVal> V = + C.getEngine().getStoreManager().getExtent(C.getState(), SR); + if (!V) + return; + + const nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(V); + if (!CI) + return; + + CharUnits RegionSize = CharUnits::fromQuantity(CI->getValue().getSExtValue()); + CharUnits TypeSize = C.getASTContext().getTypeSizeInChars(ToPointeeTy); + if (RegionSize % TypeSize != 0) { + if (ExplodedNode *N = C.GenerateSink()) { + if (!BT) + BT = new BuiltinBug("Cast region with wrong size.", + "Cast a region whose size is not a multiple of the" + " destination type size."); + RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription(), N); + R->addRange(CE->getSourceRange()); + C.EmitReport(R); + } + } +} + + +void clang::RegisterCastSizeChecker(GRExprEngine &Eng) { + Eng.registerCheck(new CastSizeChecker()); +} diff --git a/lib/Checker/CheckObjCDealloc.cpp b/lib/Checker/CheckObjCDealloc.cpp index c23be87..11ddaca 100644 --- a/lib/Checker/CheckObjCDealloc.cpp +++ b/lib/Checker/CheckObjCDealloc.cpp @@ -115,7 +115,8 @@ void clang::CheckObjCDealloc(const ObjCImplementationDecl* D, QualType T = ID->getType(); if (!T->isObjCObjectPointerType() || - ID->getAttr<IBOutletAttr>()) // Skip IBOutlets. + ID->getAttr<IBOutletAttr>() || // Skip IBOutlets. + ID->getAttr<IBOutletCollectionAttr>()) // Skip IBOutletCollections. continue; containsPointerIvar = true; diff --git a/lib/Checker/FlatStore.cpp b/lib/Checker/FlatStore.cpp index 2af9ffa..7f1c579 100644 --- a/lib/Checker/FlatStore.cpp +++ b/lib/Checker/FlatStore.cpp @@ -44,11 +44,11 @@ public: } SVal ArrayToPointer(Loc Array); - Store RemoveDeadBindings(Store store, Stmt* Loc, + const GRState *RemoveDeadBindings(GRState &state, Stmt* Loc, const StackFrameContext *LCtx, SymbolReaper& SymReaper, llvm::SmallVectorImpl<const MemRegion*>& RegionRoots){ - return store; + return StateMgr.getPersistentState(state); } Store BindDecl(Store store, const VarRegion *VR, SVal initVal); diff --git a/lib/Checker/GRCXXExprEngine.cpp b/lib/Checker/GRCXXExprEngine.cpp index 00ac995..18e112c 100644 --- a/lib/Checker/GRCXXExprEngine.cpp +++ b/lib/Checker/GRCXXExprEngine.cpp @@ -86,7 +86,7 @@ void GRExprEngine::VisitCXXConstructExpr(const CXXConstructExpr *E, SVal Dest, const CXXConstructorDecl *CD = E->getConstructor(); assert(CD); - if (!CD->isThisDeclarationADefinition()) + if (!(CD->isThisDeclarationADefinition() && AMgr.shouldInlineCall())) // FIXME: invalidate the object. return; @@ -147,7 +147,7 @@ void GRExprEngine::VisitCXXMemberCallExpr(const CXXMemberCallExpr *MCE, const CXXMethodDecl *MD = cast<CXXMethodDecl>(ME->getMemberDecl()); assert(MD && "not a CXXMethodDecl?"); - if (!MD->isThisDeclarationADefinition()) + if (!(MD->isThisDeclarationADefinition() && AMgr.shouldInlineCall())) // FIXME: conservative method call evaluation. return; diff --git a/lib/Checker/GRExprEngine.cpp b/lib/Checker/GRExprEngine.cpp index 67090b8..2417658 100644 --- a/lib/Checker/GRExprEngine.cpp +++ b/lib/Checker/GRExprEngine.cpp @@ -1017,9 +1017,8 @@ void GRExprEngine::VisitLValue(Expr* Ex, ExplodedNode* Pred, bool GRExprEngine::ProcessBlockEntrance(CFGBlock* B, const ExplodedNode *Pred, GRBlockCounter BC) { - return BC.getNumVisited(Pred->getLocationContext()->getCurrentStackFrame(), - B->getBlockID()) < 3; + B->getBlockID()) < AMgr.getMaxLoop(); } //===----------------------------------------------------------------------===// @@ -1810,6 +1809,28 @@ void GRExprEngine::EvalLocation(ExplodedNodeSet &Dst, Stmt *S, } } +bool GRExprEngine::InlineCall(ExplodedNodeSet &Dst, const CallExpr *CE, + ExplodedNode *Pred) { + const GRState *state = GetState(Pred); + const Expr *Callee = CE->getCallee(); + SVal L = state->getSVal(Callee); + + const FunctionDecl *FD = L.getAsFunctionDecl(); + if (!FD) + return false; + + if (!FD->getBody(FD)) + return false; + + // Now we have the definition of the callee, create a CallEnter node. + CallEnter Loc(CE, FD, Pred->getLocationContext()); + + ExplodedNode *N = Builder->generateNode(Loc, state, Pred); + if (N) + Dst.Add(N); + return true; +} + void GRExprEngine::VisitCall(CallExpr* CE, ExplodedNode* Pred, CallExpr::arg_iterator AI, CallExpr::arg_iterator AE, @@ -1889,6 +1910,10 @@ void GRExprEngine::VisitCall(CallExpr* CE, ExplodedNode* Pred, // If the callee is processed by a checker, skip the rest logic. if (CheckerEvalCall(CE, DstChecker, *DI)) DstTmp3.insert(DstChecker); + else if (AMgr.shouldInlineCall() && InlineCall(Dst, CE, *DI)) { + // Callee is inlined. We shouldn't do post call checking. + return; + } else { for (ExplodedNodeSet::iterator DI_Checker = DstChecker.begin(), DE_Checker = DstChecker.end(); @@ -1944,7 +1969,7 @@ void GRExprEngine::VisitCall(CallExpr* CE, ExplodedNode* Pred, //===----------------------------------------------------------------------===// static std::pair<const void*,const void*> EagerlyAssumeTag - = std::pair<const void*,const void*>(&EagerlyAssumeTag,0); + = std::pair<const void*,const void*>(&EagerlyAssumeTag,static_cast<void*>(0)); void GRExprEngine::EvalEagerlyAssume(ExplodedNodeSet &Dst, ExplodedNodeSet &Src, Expr *Ex) { @@ -2595,8 +2620,8 @@ void GRExprEngine::VisitSizeOfAlignOfExpr(SizeOfAlignOfExpr* Ex, Dst.Add(Pred); return; } - else if (T->isObjCInterfaceType()) { - // Some code tries to take the sizeof an ObjCInterfaceType, relying that + else if (T->getAs<ObjCObjectType>()) { + // Some code tries to take the sizeof an ObjCObjectType, relying that // the compiler has laid out its representation. Just report Unknown // for these. Dst.Add(Pred); diff --git a/lib/Checker/GRExprEngineExperimentalChecks.cpp b/lib/Checker/GRExprEngineExperimentalChecks.cpp index 89b4e4b..6066a1c 100644 --- a/lib/Checker/GRExprEngineExperimentalChecks.cpp +++ b/lib/Checker/GRExprEngineExperimentalChecks.cpp @@ -36,5 +36,6 @@ void clang::RegisterExperimentalInternalChecks(GRExprEngine &Eng) { RegisterPointerSubChecker(Eng); RegisterPointerArithChecker(Eng); RegisterCastToStructChecker(Eng); + RegisterCastSizeChecker(Eng); RegisterArrayBoundChecker(Eng); } diff --git a/lib/Checker/GRExprEngineInternalChecks.h b/lib/Checker/GRExprEngineInternalChecks.h index d117600..335b85e 100644 --- a/lib/Checker/GRExprEngineInternalChecks.h +++ b/lib/Checker/GRExprEngineInternalChecks.h @@ -26,6 +26,7 @@ void RegisterAttrNonNullChecker(GRExprEngine &Eng); void RegisterBuiltinFunctionChecker(GRExprEngine &Eng); void RegisterCallAndMessageChecker(GRExprEngine &Eng); void RegisterCastToStructChecker(GRExprEngine &Eng); +void RegisterCastSizeChecker(GRExprEngine &Eng); void RegisterDereferenceChecker(GRExprEngine &Eng); void RegisterDivZeroChecker(GRExprEngine &Eng); void RegisterFixedAddressChecker(GRExprEngine &Eng); diff --git a/lib/Checker/GRState.cpp b/lib/Checker/GRState.cpp index f68e10b..b16e922 100644 --- a/lib/Checker/GRState.cpp +++ b/lib/Checker/GRState.cpp @@ -51,11 +51,10 @@ GRStateManager::RemoveDeadBindings(const GRState* state, Stmt* Loc, state, RegionRoots); // Clean up the store. - NewState.St = StoreMgr->RemoveDeadBindings(NewState.St, Loc, LCtx, SymReaper, - RegionRoots); + const GRState *s = StoreMgr->RemoveDeadBindings(NewState, Loc, LCtx, + SymReaper, RegionRoots); - return ConstraintMgr->RemoveDeadBindings(getPersistentState(NewState), - SymReaper); + return ConstraintMgr->RemoveDeadBindings(s, SymReaper); } const GRState *GRState::unbindLoc(Loc LV) const { diff --git a/lib/Checker/LLVMConventionsChecker.cpp b/lib/Checker/LLVMConventionsChecker.cpp index 14f0fc1..39ded43 100644 --- a/lib/Checker/LLVMConventionsChecker.cpp +++ b/lib/Checker/LLVMConventionsChecker.cpp @@ -47,7 +47,7 @@ static bool InStdNamespace(const Decl *D) { } static bool IsStdString(QualType T) { - if (const QualifiedNameType *QT = T->getAs<QualifiedNameType>()) + if (const ElaboratedType *QT = T->getAs<ElaboratedType>()) T = QT->getNamedType(); const TypedefType *TT = T->getAs<TypedefType>(); diff --git a/lib/Checker/MallocChecker.cpp b/lib/Checker/MallocChecker.cpp index a22df30..086dbd8 100644 --- a/lib/Checker/MallocChecker.cpp +++ b/lib/Checker/MallocChecker.cpp @@ -182,7 +182,10 @@ const GRState *MallocChecker::FreeMemAux(CheckerContext &C, const CallExpr *CE, return state; SymbolRef Sym = ArgVal.getAsLocSymbol(); - assert(Sym); + + // Various cases could lead to non-symbol values here. + if (!Sym) + return state; const RefState *RS = state->get<RegionState>(Sym); diff --git a/lib/Checker/MemRegion.cpp b/lib/Checker/MemRegion.cpp index 9a664c7..575458c 100644 --- a/lib/Checker/MemRegion.cpp +++ b/lib/Checker/MemRegion.cpp @@ -539,7 +539,7 @@ MemRegionManager::getElementRegion(QualType elementType, SVal Idx, const MemRegion* superRegion, ASTContext& Ctx){ - QualType T = Ctx.getCanonicalType(elementType); + QualType T = Ctx.getCanonicalType(elementType).getUnqualifiedType(); llvm::FoldingSetNodeID ID; ElementRegion::ProfileRegion(ID, T, Idx, superRegion); diff --git a/lib/Checker/ObjCUnusedIVarsChecker.cpp b/lib/Checker/ObjCUnusedIVarsChecker.cpp index 0e47621..2523cff 100644 --- a/lib/Checker/ObjCUnusedIVarsChecker.cpp +++ b/lib/Checker/ObjCUnusedIVarsChecker.cpp @@ -114,7 +114,8 @@ void clang::CheckObjCUnusedIvar(const ObjCImplementationDecl *D, // (b) explicitly marked unused // (c) are iboutlets if (ID->getAccessControl() != ObjCIvarDecl::Private || - ID->getAttr<UnusedAttr>() || ID->getAttr<IBOutletAttr>()) + ID->getAttr<UnusedAttr>() || ID->getAttr<IBOutletAttr>() || + ID->getAttr<IBOutletCollectionAttr>()) continue; M[ID] = Unused; diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp index 1e15d43..c4072fd 100644 --- a/lib/Checker/RegionStore.cpp +++ b/lib/Checker/RegionStore.cpp @@ -352,9 +352,9 @@ public: // Part of public interface to class. /// RemoveDeadBindings - Scans the RegionStore of 'state' for dead values. /// It returns a new Store with these values removed. - Store RemoveDeadBindings(Store store, Stmt* Loc, - const StackFrameContext *LCtx, - SymbolReaper& SymReaper, + const GRState *RemoveDeadBindings(GRState &state, Stmt* Loc, + const StackFrameContext *LCtx, + SymbolReaper& SymReaper, llvm::SmallVectorImpl<const MemRegion*>& RegionRoots); const GRState *EnterStackFrame(const GRState *state, @@ -364,7 +364,18 @@ public: // Part of public interface to class. // Region "extents". //===------------------------------------------------------------------===// - const GRState *setExtent(const GRState *state,const MemRegion* R,SVal Extent); + const GRState *setExtent(const GRState *state,const MemRegion* R,SVal Extent){ + return state->set<RegionExtents>(R, Extent); + } + + Optional<SVal> getExtent(const GRState *state, const MemRegion *R) { + const SVal *V = state->get<RegionExtents>(R); + if (V) + return *V; + else + return Optional<SVal>(); + } + DefinedOrUnknownSVal getSizeInElements(const GRState *state, const MemRegion* R, QualType EleTy); @@ -798,12 +809,6 @@ DefinedOrUnknownSVal RegionStoreManager::getSizeInElements(const GRState *state, return UnknownVal(); } -const GRState *RegionStoreManager::setExtent(const GRState *state, - const MemRegion *region, - SVal extent) { - return state->set<RegionExtents>(region, extent); -} - //===----------------------------------------------------------------------===// // Location and region casting. //===----------------------------------------------------------------------===// @@ -1817,12 +1822,12 @@ bool RemoveDeadBindingsWorker::UpdatePostponed() { return changed; } -Store RegionStoreManager::RemoveDeadBindings(Store store, Stmt* Loc, +const GRState *RegionStoreManager::RemoveDeadBindings(GRState &state, Stmt* Loc, const StackFrameContext *LCtx, SymbolReaper& SymReaper, llvm::SmallVectorImpl<const MemRegion*>& RegionRoots) { - RegionBindings B = GetRegionBindings(store); + RegionBindings B = GetRegionBindings(state.getStore()); RemoveDeadBindingsWorker W(*this, StateMgr, B, SymReaper, Loc, LCtx); W.GenerateClusters(); @@ -1855,8 +1860,16 @@ Store RegionStoreManager::RemoveDeadBindings(Store store, Stmt* Loc, for (; SI != SE; ++SI) SymReaper.maybeDead(*SI); } - - return B.getRoot(); + state.setStore(B.getRoot()); + const GRState *s = StateMgr.getPersistentState(state); + // Remove the extents of dead symbolic regions. + llvm::ImmutableMap<const MemRegion*,SVal> Extents = s->get<RegionExtents>(); + for (llvm::ImmutableMap<const MemRegion *, SVal>::iterator I=Extents.begin(), + E = Extents.end(); I != E; ++I) { + if (!W.isVisited(I->first)) + s = s->remove<RegionExtents>(I->first); + } + return s; } |
