diff options
| author | dim <dim@FreeBSD.org> | 2011-10-20 21:14:49 +0000 |
|---|---|---|
| committer | dim <dim@FreeBSD.org> | 2011-10-20 21:14:49 +0000 |
| commit | 3963a48221351c61c17fb3f382341ab04809a3d3 (patch) | |
| tree | ee2483e98b09cac943dc93a6969d83ca737ff139 /lib/StaticAnalyzer/Core/RegionStore.cpp | |
| parent | 611ba3ea3300b71eb95dc4e45f20eee5dddd32e1 (diff) | |
| download | FreeBSD-src-3963a48221351c61c17fb3f382341ab04809a3d3.zip FreeBSD-src-3963a48221351c61c17fb3f382341ab04809a3d3.tar.gz | |
Vendor import of clang release_30 branch r142614:
http://llvm.org/svn/llvm-project/cfe/branches/release_30@142614
Diffstat (limited to 'lib/StaticAnalyzer/Core/RegionStore.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/RegionStore.cpp | 162 |
1 files changed, 93 insertions, 69 deletions
diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index 23dd641..4b76cf1 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -20,8 +20,8 @@ #include "clang/Analysis/Analyses/LiveVariables.h" #include "clang/Analysis/AnalysisContext.h" #include "clang/Basic/TargetInfo.h" -#include "clang/StaticAnalyzer/Core/PathSensitive/GRState.h" -#include "clang/StaticAnalyzer/Core/PathSensitive/GRStateTrait.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h" #include "llvm/ADT/ImmutableList.h" #include "llvm/ADT/ImmutableMap.h" @@ -94,7 +94,7 @@ BindingKey BindingKey::Make(const MemRegion *R, Kind k) { namespace llvm { static inline - llvm::raw_ostream& operator<<(llvm::raw_ostream& os, BindingKey K) { + raw_ostream &operator<<(raw_ostream &os, BindingKey K) { os << '(' << K.getRegion() << ',' << K.getOffset() << ',' << (K.isDirect() ? "direct" : "default") << ')'; @@ -157,7 +157,7 @@ public: return false; } - void process(llvm::SmallVectorImpl<const SubRegion*> &WL, const SubRegion *R); + void process(SmallVectorImpl<const SubRegion*> &WL, const SubRegion *R); ~RegionStoreSubRegionMap() {} @@ -183,7 +183,7 @@ public: }; void -RegionStoreSubRegionMap::process(llvm::SmallVectorImpl<const SubRegion*> &WL, +RegionStoreSubRegionMap::process(SmallVectorImpl<const SubRegion*> &WL, const SubRegion *R) { const MemRegion *superR = R->getSuperRegion(); if (add(superR, R)) @@ -196,7 +196,7 @@ class RegionStoreManager : public StoreManager { RegionBindings::Factory RBFactory; public: - RegionStoreManager(GRStateManager& mgr, const RegionStoreFeatures &f) + RegionStoreManager(ProgramStateManager& mgr, const RegionStoreFeatures &f) : StoreManager(mgr), Features(f), RBFactory(mgr.getAllocator()) {} @@ -236,13 +236,11 @@ public: // Binding values to regions. //===-------------------------------------------------------------------===// - StoreRef invalidateRegions(Store store, - const MemRegion * const *Begin, - const MemRegion * const *End, + StoreRef invalidateRegions(Store store, ArrayRef<const MemRegion *> Regions, const Expr *E, unsigned Count, InvalidatedSymbols &IS, bool invalidateGlobals, - InvalidatedRegions *Regions); + InvalidatedRegions *Invalidated); public: // Made public for helper classes. @@ -278,7 +276,7 @@ public: // Part of public interface to class. return StoreRef(addBinding(B, R, BindingKey::Default, V).getRootWithoutRetain(), *this); } - StoreRef BindCompoundLiteral(Store store, const CompoundLiteralExpr* CL, + StoreRef BindCompoundLiteral(Store store, const CompoundLiteralExpr *CL, const LocationContext *LC, SVal V); StoreRef BindDecl(Store store, const VarRegion *VR, SVal InitVal); @@ -288,9 +286,9 @@ public: // Part of public interface to class. } /// BindStruct - Bind a compound value to a structure. - StoreRef BindStruct(Store store, const TypedRegion* R, SVal V); + StoreRef BindStruct(Store store, const TypedValueRegion* R, SVal V); - StoreRef BindArray(Store store, const TypedRegion* R, SVal V); + StoreRef BindArray(Store store, const TypedValueRegion* R, SVal V); /// KillStruct - Set the entire struct to unknown. StoreRef KillStruct(Store store, const TypedRegion* R, SVal DefaultVal); @@ -307,6 +305,8 @@ public: // Part of public interface to class. void decrementReferenceCount(Store store) { GetRegionBindings(store).manualRelease(); } + + bool includedInBindings(Store store, const MemRegion *region) const; //===------------------------------------------------------------------===// // Loading values from regions. @@ -333,9 +333,9 @@ public: // Part of public interface to class. SVal RetrieveVar(Store store, const VarRegion *R); - SVal RetrieveLazySymbol(const TypedRegion *R); + SVal RetrieveLazySymbol(const TypedValueRegion *R); - SVal RetrieveFieldOrElementCommon(Store store, const TypedRegion *R, + SVal RetrieveFieldOrElementCommon(Store store, const TypedValueRegion *R, QualType Ty, const MemRegion *superR); SVal RetrieveLazyBinding(const MemRegion *lazyBindingRegion, @@ -346,15 +346,16 @@ public: // Part of public interface to class. /// struct s x, y; /// x = y; /// y's value is retrieved by this method. - SVal RetrieveStruct(Store store, const TypedRegion* R); + SVal RetrieveStruct(Store store, const TypedValueRegion* R); - SVal RetrieveArray(Store store, const TypedRegion* R); + SVal RetrieveArray(Store store, const TypedValueRegion* R); /// Used to lazily generate derived symbols for bindings that are defined /// implicitly by default bindings in a super region. Optional<SVal> RetrieveDerivedDefaultValue(RegionBindings B, const MemRegion *superR, - const TypedRegion *R, QualType Ty); + const TypedValueRegion *R, + QualType Ty); /// Get the state and region whose binding this region R corresponds to. std::pair<Store, const MemRegion*> @@ -371,17 +372,17 @@ public: // Part of public interface to class. /// removeDeadBindings - Scans the RegionStore of 'state' for dead values. /// It returns a new Store with these values removed. StoreRef removeDeadBindings(Store store, const StackFrameContext *LCtx, - SymbolReaper& SymReaper, - llvm::SmallVectorImpl<const MemRegion*>& RegionRoots); + SymbolReaper& SymReaper); - StoreRef enterStackFrame(const GRState *state, const StackFrameContext *frame); + StoreRef enterStackFrame(const ProgramState *state, + const StackFrameContext *frame); //===------------------------------------------------------------------===// // Region "extents". //===------------------------------------------------------------------===// // FIXME: This method will soon be eliminated; see the note in Store.h. - DefinedOrUnknownSVal getSizeInElements(const GRState *state, + DefinedOrUnknownSVal getSizeInElements(const ProgramState *state, const MemRegion* R, QualType EleTy); //===------------------------------------------------------------------===// @@ -392,7 +393,7 @@ public: // Part of public interface to class. return RegionBindings(static_cast<const RegionBindings::TreeTy*>(store)); } - void print(Store store, llvm::raw_ostream& Out, const char* nl, + void print(Store store, raw_ostream &Out, const char* nl, const char *sep); void iterBindings(Store store, BindingsHandler& f) { @@ -416,12 +417,12 @@ public: // Part of public interface to class. // RegionStore creation. //===----------------------------------------------------------------------===// -StoreManager *ento::CreateRegionStoreManager(GRStateManager& StMgr) { +StoreManager *ento::CreateRegionStoreManager(ProgramStateManager& StMgr) { RegionStoreFeatures F = maximal_features_tag(); return new RegionStoreManager(StMgr, F); } -StoreManager *ento::CreateFieldsOnlyRegionStoreManager(GRStateManager &StMgr) { +StoreManager *ento::CreateFieldsOnlyRegionStoreManager(ProgramStateManager &StMgr) { RegionStoreFeatures F = minimal_features_tag(); F.enableFields(true); return new RegionStoreManager(StMgr, F); @@ -433,7 +434,7 @@ RegionStoreManager::getRegionStoreSubRegionMap(Store store) { RegionBindings B = GetRegionBindings(store); RegionStoreSubRegionMap *M = new RegionStoreSubRegionMap(); - llvm::SmallVector<const SubRegion*, 10> WL; + SmallVector<const SubRegion*, 10> WL; for (RegionBindings::iterator I=B.begin(), E=B.end(); I!=E; ++I) if (const SubRegion *R = dyn_cast<SubRegion>(I.getKey().getRegion())) @@ -461,7 +462,7 @@ protected: typedef BumpVector<BindingKey> RegionCluster; typedef llvm::DenseMap<const MemRegion *, RegionCluster *> ClusterMap; llvm::DenseMap<const RegionCluster*, unsigned> Visited; - typedef llvm::SmallVector<std::pair<const MemRegion *, RegionCluster*>, 10> + typedef SmallVector<std::pair<const MemRegion *, RegionCluster*>, 10> WorkList; BumpVectorContext BVC; @@ -477,7 +478,7 @@ protected: const bool includeGlobals; public: - ClusterAnalysis(RegionStoreManager &rm, GRStateManager &StateMgr, + ClusterAnalysis(RegionStoreManager &rm, ProgramStateManager &StateMgr, RegionBindings b, const bool includeGlobals) : RM(rm), Ctx(StateMgr.getContext()), svalBuilder(StateMgr.getSValBuilder()), @@ -590,7 +591,7 @@ class invalidateRegionsWorker : public ClusterAnalysis<invalidateRegionsWorker> StoreManager::InvalidatedRegions *Regions; public: invalidateRegionsWorker(RegionStoreManager &rm, - GRStateManager &stateMgr, + ProgramStateManager &stateMgr, RegionBindings b, const Expr *ex, unsigned count, StoreManager::InvalidatedSymbols &is, @@ -681,7 +682,7 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { if (!baseR->isBoundable()) return; - const TypedRegion *TR = cast<TypedRegion>(baseR); + const TypedValueRegion *TR = cast<TypedValueRegion>(baseR); QualType T = TR->getValueType(); // Invalidate the binding. @@ -718,21 +719,21 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { } StoreRef RegionStoreManager::invalidateRegions(Store store, - const MemRegion * const *I, - const MemRegion * const *E, + ArrayRef<const MemRegion *> Regions, const Expr *Ex, unsigned Count, InvalidatedSymbols &IS, bool invalidateGlobals, - InvalidatedRegions *Regions) { + InvalidatedRegions *Invalidated) { invalidateRegionsWorker W(*this, StateMgr, RegionStoreManager::GetRegionBindings(store), - Ex, Count, IS, Regions, invalidateGlobals); + Ex, Count, IS, Invalidated, invalidateGlobals); // Scan the bindings and generate the clusters. W.GenerateClusters(); - // Add I .. E to the worklist. - for ( ; I != E; ++I) + // Add the regions to the worklist. + for (ArrayRef<const MemRegion *>::iterator + I = Regions.begin(), E = Regions.end(); I != E; ++I) W.AddToWorkList(*I); W.RunWorkList(); @@ -752,8 +753,8 @@ StoreRef RegionStoreManager::invalidateRegions(Store store, // Even if there are no bindings in the global scope, we still need to // record that we touched it. - if (Regions) - Regions->push_back(GS); + if (Invalidated) + Invalidated->push_back(GS); } return StoreRef(B.getRootWithoutRetain(), *this); @@ -763,7 +764,7 @@ StoreRef RegionStoreManager::invalidateRegions(Store store, // Extents for regions. //===----------------------------------------------------------------------===// -DefinedOrUnknownSVal RegionStoreManager::getSizeInElements(const GRState *state, +DefinedOrUnknownSVal RegionStoreManager::getSizeInElements(const ProgramState *state, const MemRegion *R, QualType EleTy) { SVal Size = cast<SubRegion>(R)->getExtent(svalBuilder); @@ -803,7 +804,7 @@ SVal RegionStoreManager::ArrayToPointer(Loc Array) { return UnknownVal(); const MemRegion* R = cast<loc::MemRegionVal>(&Array)->getRegion(); - const TypedRegion* ArrayR = dyn_cast<TypedRegion>(R); + const TypedValueRegion* ArrayR = dyn_cast<TypedValueRegion>(R); if (!ArrayR) return UnknownVal(); @@ -852,7 +853,7 @@ Optional<SVal> RegionStoreManager::getDirectBinding(RegionBindings B, Optional<SVal> RegionStoreManager::getDefaultBinding(RegionBindings B, const MemRegion *R) { if (R->isBoundable()) - if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) + if (const TypedValueRegion *TR = dyn_cast<TypedValueRegion>(R)) if (TR->getValueType()->isUnionType()) return UnknownVal(); @@ -890,13 +891,12 @@ SVal RegionStoreManager::Retrieve(Store store, Loc L, QualType T) { } if (isa<CodeTextRegion>(MR)) { - assert(0 && "Why load from a code text region?"); - return UnknownVal(); + llvm_unreachable("Why load from a code text region?"); } // FIXME: Perhaps this method should just take a 'const MemRegion*' argument // instead of 'Loc', and have the other Loc cases handled at a higher level. - const TypedRegion *R = cast<TypedRegion>(MR); + const TypedValueRegion *R = cast<TypedValueRegion>(MR); QualType RTy = R->getValueType(); // FIXME: We should eventually handle funny addressing. e.g.: @@ -1042,6 +1042,10 @@ SVal RegionStoreManager::RetrieveElement(Store store, SVal Idx = R->getIndex(); if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) { int64_t i = CI->getValue().getSExtValue(); + // Abort on string underrun. This can be possible by arbitrary + // clients of RetrieveElement(). + if (i < 0) + return UndefinedVal(); int64_t byteLength = Str->getByteLength(); // Technically, only i == byteLength is guaranteed to be null. // However, such overflows should be caught before reaching this point; @@ -1068,7 +1072,8 @@ SVal RegionStoreManager::RetrieveElement(Store store, if (!O.getRegion()) return UnknownVal(); - if (const TypedRegion *baseR = dyn_cast_or_null<TypedRegion>(O.getRegion())) { + if (const TypedValueRegion *baseR = + dyn_cast_or_null<TypedValueRegion>(O.getRegion())) { QualType baseT = baseR->getValueType(); if (baseT->isScalarType()) { QualType elemT = R->getElementType(); @@ -1106,7 +1111,7 @@ SVal RegionStoreManager::RetrieveField(Store store, Optional<SVal> RegionStoreManager::RetrieveDerivedDefaultValue(RegionBindings B, const MemRegion *superR, - const TypedRegion *R, + const TypedValueRegion *R, QualType Ty) { if (const Optional<SVal> &D = getDefaultBinding(B, superR)) { @@ -1124,7 +1129,7 @@ RegionStoreManager::RetrieveDerivedDefaultValue(RegionBindings B, if (isa<nonloc::LazyCompoundVal>(val)) return Optional<SVal>(); - assert(0 && "Unknown default value"); + llvm_unreachable("Unknown default value"); } return Optional<SVal>(); @@ -1140,7 +1145,7 @@ SVal RegionStoreManager::RetrieveLazyBinding(const MemRegion *lazyBindingRegion, } SVal RegionStoreManager::RetrieveFieldOrElementCommon(Store store, - const TypedRegion *R, + const TypedValueRegion *R, QualType Ty, const MemRegion *superR) { @@ -1175,7 +1180,8 @@ SVal RegionStoreManager::RetrieveFieldOrElementCommon(Store store, if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) { // Currently we don't reason specially about Clang-style vectors. Check // if superR is a vector and if so return Unknown. - if (const TypedRegion *typedSuperR = dyn_cast<TypedRegion>(superR)) { + if (const TypedValueRegion *typedSuperR = + dyn_cast<TypedValueRegion>(superR)) { if (typedSuperR->getValueType()->isVectorType()) return UnknownVal(); } @@ -1264,22 +1270,41 @@ SVal RegionStoreManager::RetrieveVar(Store store, const VarRegion *R) { return UndefinedVal(); } -SVal RegionStoreManager::RetrieveLazySymbol(const TypedRegion *R) { +SVal RegionStoreManager::RetrieveLazySymbol(const TypedValueRegion *R) { // All other values are symbolic. return svalBuilder.getRegionValueSymbolVal(R); } -SVal RegionStoreManager::RetrieveStruct(Store store, const TypedRegion* R) { +SVal RegionStoreManager::RetrieveStruct(Store store, + const TypedValueRegion* R) { QualType T = R->getValueType(); assert(T->isStructureOrClassType()); return svalBuilder.makeLazyCompoundVal(StoreRef(store, *this), R); } -SVal RegionStoreManager::RetrieveArray(Store store, const TypedRegion * R) { +SVal RegionStoreManager::RetrieveArray(Store store, + const TypedValueRegion * R) { assert(Ctx.getAsConstantArrayType(R->getValueType())); return svalBuilder.makeLazyCompoundVal(StoreRef(store, *this), R); } +bool RegionStoreManager::includedInBindings(Store store, + const MemRegion *region) const { + RegionBindings B = GetRegionBindings(store); + region = region->getBaseRegion(); + + for (RegionBindings::iterator it = B.begin(), ei = B.end(); it != ei; ++it) { + const BindingKey &K = it.getKey(); + if (region == K.getRegion()) + return true; + const SVal &D = it.getData(); + if (const MemRegion *r = D.getAsRegion()) + if (r == region) + return true; + } + return false; +} + //===----------------------------------------------------------------------===// // Binding values to regions. //===----------------------------------------------------------------------===// @@ -1302,14 +1327,14 @@ StoreRef RegionStoreManager::Bind(Store store, Loc L, SVal V) { const MemRegion *R = cast<loc::MemRegionVal>(L).getRegion(); // Check if the region is a struct region. - if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) + if (const TypedValueRegion* TR = dyn_cast<TypedValueRegion>(R)) if (TR->getValueType()->isStructureOrClassType()) return BindStruct(store, TR, V); if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) { if (ER->getIndex().isZeroConstant()) { - if (const TypedRegion *superR = - dyn_cast<TypedRegion>(ER->getSuperRegion())) { + if (const TypedValueRegion *superR = + dyn_cast<TypedValueRegion>(ER->getSuperRegion())) { QualType superTy = superR->getValueType(); // For now, just invalidate the fields of the struct/union/class. // This is for test rdar_test_7185607 in misc-ps-region-store.m. @@ -1389,7 +1414,7 @@ StoreRef RegionStoreManager::setImplicitDefaultValue(Store store, V).getRootWithoutRetain(), *this); } -StoreRef RegionStoreManager::BindArray(Store store, const TypedRegion* R, +StoreRef RegionStoreManager::BindArray(Store store, const TypedValueRegion* R, SVal Init) { const ArrayType *AT =cast<ArrayType>(Ctx.getCanonicalType(R->getValueType())); @@ -1448,7 +1473,7 @@ StoreRef RegionStoreManager::BindArray(Store store, const TypedRegion* R, return newStore; } -StoreRef RegionStoreManager::BindStruct(Store store, const TypedRegion* R, +StoreRef RegionStoreManager::BindStruct(Store store, const TypedValueRegion* R, SVal V) { if (!Features.supportsFields()) @@ -1458,9 +1483,9 @@ StoreRef RegionStoreManager::BindStruct(Store store, const TypedRegion* R, assert(T->isStructureOrClassType()); const RecordType* RT = T->getAs<RecordType>(); - RecordDecl* RD = RT->getDecl(); + RecordDecl *RD = RT->getDecl(); - if (!RD->isDefinition()) + if (!RD->isCompleteDefinition()) return StoreRef(store, *this); // Handle lazy compound values. @@ -1611,12 +1636,12 @@ RegionBindings RegionStoreManager::removeBinding(RegionBindings B, namespace { class removeDeadBindingsWorker : public ClusterAnalysis<removeDeadBindingsWorker> { - llvm::SmallVector<const SymbolicRegion*, 12> Postponed; + SmallVector<const SymbolicRegion*, 12> Postponed; SymbolReaper &SymReaper; const StackFrameContext *CurrentLCtx; public: - removeDeadBindingsWorker(RegionStoreManager &rm, GRStateManager &stateMgr, + removeDeadBindingsWorker(RegionStoreManager &rm, ProgramStateManager &stateMgr, RegionBindings b, SymbolReaper &symReaper, const StackFrameContext *LCtx) : ClusterAnalysis<removeDeadBindingsWorker>(rm, stateMgr, b, @@ -1736,7 +1761,7 @@ bool removeDeadBindingsWorker::UpdatePostponed() { // having done a scan. bool changed = false; - for (llvm::SmallVectorImpl<const SymbolicRegion*>::iterator + for (SmallVectorImpl<const SymbolicRegion*>::iterator I = Postponed.begin(), E = Postponed.end() ; I != E ; ++I) { if (const SymbolicRegion *SR = cast_or_null<SymbolicRegion>(*I)) { if (SymReaper.isLive(SR->getSymbol())) { @@ -1751,17 +1776,16 @@ bool removeDeadBindingsWorker::UpdatePostponed() { StoreRef RegionStoreManager::removeDeadBindings(Store store, const StackFrameContext *LCtx, - SymbolReaper& SymReaper, - llvm::SmallVectorImpl<const MemRegion*>& RegionRoots) -{ + SymbolReaper& SymReaper) { RegionBindings B = GetRegionBindings(store); removeDeadBindingsWorker W(*this, StateMgr, B, SymReaper, LCtx); W.GenerateClusters(); // Enqueue the region roots onto the worklist. - for (llvm::SmallVectorImpl<const MemRegion*>::iterator I=RegionRoots.begin(), - E=RegionRoots.end(); I!=E; ++I) + for (SymbolReaper::region_iterator I = SymReaper.region_begin(), + E = SymReaper.region_end(); I != E; ++I) { W.AddToWorkList(*I); + } do W.RunWorkList(); while (W.UpdatePostponed()); @@ -1792,7 +1816,7 @@ StoreRef RegionStoreManager::removeDeadBindings(Store store, } -StoreRef RegionStoreManager::enterStackFrame(const GRState *state, +StoreRef RegionStoreManager::enterStackFrame(const ProgramState *state, const StackFrameContext *frame) { FunctionDecl const *FD = cast<FunctionDecl>(frame->getDecl()); FunctionDecl::param_const_iterator PI = FD->param_begin(), @@ -1831,7 +1855,7 @@ StoreRef RegionStoreManager::enterStackFrame(const GRState *state, // Utility methods. //===----------------------------------------------------------------------===// -void RegionStoreManager::print(Store store, llvm::raw_ostream& OS, +void RegionStoreManager::print(Store store, raw_ostream &OS, const char* nl, const char *sep) { RegionBindings B = GetRegionBindings(store); OS << "Store (direct and default bindings):" << nl; |
