/// MemRegion - The root abstract class for all memory regions.
class MemRegion : public llvm::FoldingSetNode {
public:
- enum Kind { MemSpaceRegionKind, SymbolicRegionKind,
+ enum Kind { MemSpaceRegionKind,
AllocaRegionKind,
// Typed regions.
BEG_TYPED_REGIONS,
+ SymbolicRegionKind,
CompoundLiteralRegionKind,
StringRegionKind, ElementRegionKind,
AnonTypedRegionKind,
bool isSubRegionOf(const MemRegion* R) const;
static bool classof(const MemRegion* R) {
- return R->getKind() > SymbolicRegionKind;
+ return R->getKind() > MemSpaceRegionKind;
}
};
}
};
-/// SymbolicRegion - A special, "non-concrete" region. Unlike other region
-/// clases, SymbolicRegion represents a region that serves as an alias for
-/// either a real region, a NULL pointer, etc. It essentially is used to
-/// map the concept of symbolic values into the domain of regions. Symbolic
-/// regions do not need to be typed.
-class SymbolicRegion : public MemRegion {
-protected:
- const SymbolRef sym;
-
-public:
- SymbolicRegion(const SymbolRef s) : MemRegion(SymbolicRegionKind), sym(s) {}
-
- SymbolRef getSymbol() const {
- return sym;
- }
-
- void Profile(llvm::FoldingSetNodeID& ID) const;
- static void ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym);
-
- void print(llvm::raw_ostream& os) const;
-
- static bool classof(const MemRegion* R) {
- return R->getKind() == SymbolicRegionKind;
- }
-};
-
/// TypedRegion - An abstract class representing regions that are typed.
class TypedRegion : public SubRegion {
protected:
}
};
+/// SymbolicRegion - A special, "non-concrete" region. Unlike other region
+/// clases, SymbolicRegion represents a region that serves as an alias for
+/// either a real region, a NULL pointer, etc. It essentially is used to
+/// map the concept of symbolic values into the domain of regions. Symbolic
+/// regions do not need to be typed.
+class SymbolicRegion : public TypedRegion {
+protected:
+ const SymbolRef sym;
+ const SymbolManager& SymMgr;
+
+public:
+ SymbolicRegion(const SymbolRef s, const SymbolManager& mgr, MemRegion* sreg)
+ : TypedRegion(sreg, SymbolicRegionKind), sym(s), SymMgr(mgr) {}
+
+ SymbolRef getSymbol() const {
+ return sym;
+ }
+
+ QualType getRValueType(ASTContext& C) const;
+
+ void Profile(llvm::FoldingSetNodeID& ID) const;
+
+ static void ProfileRegion(llvm::FoldingSetNodeID& ID, SymbolRef sym);
+
+ void print(llvm::raw_ostream& os) const;
+
+ static bool classof(const MemRegion* R) {
+ return R->getKind() == SymbolicRegionKind;
+ }
+};
+
/// StringRegion - Region associated with a StringLiteral.
class StringRegion : public TypedRegion {
friend class MemRegionManager;
getCompoundLiteralRegion(const CompoundLiteralExpr* CL);
/// getSymbolicRegion - Retrieve or create a "symbolic" memory region.
- SymbolicRegion* getSymbolicRegion(const SymbolRef sym);
+ SymbolicRegion* getSymbolicRegion(const SymbolRef sym, const SymbolManager&);
StringRegion* getStringRegion(const StringLiteral* Str);
// FIXME: Should this go into the storemanager?
const MemRegion* R = cast<loc::MemRegionVal>(Cond).getRegion();
-
- while (R) {
- if (const SubRegion* SubR = dyn_cast<SubRegion>(R)) {
- R = SubR->getSuperRegion();
- continue;
- }
- else if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(R))
+ const SubRegion* SubR = dyn_cast<SubRegion>(R);
+
+ while (SubR) {
+ // FIXME: now we only find the first symbolic region.
+ if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(SubR))
return AssumeAux(St, loc::SymbolVal(SymR->getSymbol()), Assumption,
isFeasible);
-
- break;
+ SubR = dyn_cast<SubRegion>(SubR->getSuperRegion());
}
// FALL-THROUGH.
switch(BaseL.getSubKind()) {
case loc::SymbolValKind:
- BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol(),
+ StateMgr.getSymbolManager());
break;
case loc::GotoLabelKind:
// Create a region to represent this symbol.
// FIXME: In the future we may just use symbolic regions instead of
// SymbolVals to reason about symbolic memory chunks.
- const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym);
+ const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym,
+ StateMgr.getSymbolManager());
// Layered a typed region on top of this.
QualType T = StateMgr.getSymbolManager().getType(Sym);
BaseR = MRMgr.getAnonTypedRegion(T, SymR);
ElementRegion::ProfileRegion(ID, Index, superRegion);
}
+//===----------------------------------------------------------------------===//
+// getLValueType() and getRValueType()
+//===----------------------------------------------------------------------===//
+
+QualType SymbolicRegion::getRValueType(ASTContext& C) const {
+ const SymbolData& data = SymMgr.getSymbolData(sym);
+
+ // FIXME: We could use the SymbolManager::getType() directly. But that
+ // would hide the assumptions we made here. What is the type of a symbolic
+ // region is unclear for other cases.
+
+ // For now we assume the symbol is a typed region rvalue.
+ const TypedRegion* R
+ = cast<TypedRegion>(cast<SymbolRegionRValue>(data).getRegion());
+
+ // Assume the region rvalue has a pointer type, only then we could have a
+ // symbolic region associated with it.
+ PointerType* PTy = cast<PointerType>(R->getRValueType(C).getTypePtr());
+
+ return PTy->getPointeeType();
+}
+
QualType ElementRegion::getRValueType(ASTContext& C) const {
// Strip off typedefs from the ArrayRegion's RvalueType.
QualType T = getArrayRegion()->getRValueType(C)->getDesugaredType();
return T;
}
-//===----------------------------------------------------------------------===//
-// getLValueType() and getRValueType()
-//===----------------------------------------------------------------------===//
-
QualType StringRegion::getRValueType(ASTContext& C) const {
return Str->getType();
}
}
/// getSymbolicRegion - Retrieve or create a "symbolic" memory region.
-SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym) {
+SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym,
+ const SymbolManager& mgr) {
llvm::FoldingSetNodeID ID;
SymbolicRegion::ProfileRegion(ID, sym);
if (!R) {
R = (SymbolicRegion*) A.Allocate<SymbolicRegion>();
- new (R) SymbolicRegion(sym);
+ // SymbolicRegion's storage class is usually unknown.
+ new (R) SymbolicRegion(sym, mgr, getUnknownRegion());
Regions.InsertNode(R, InsertPos);
}
break;
case loc::SymbolValKind:
- BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol(),
+ StateMgr.getSymbolManager());
break;
case loc::GotoLabelKind:
if (isa<loc::MemRegionVal>(L))
R = cast<loc::MemRegionVal>(L).getRegion();
else if (isa<loc::SymbolVal>(L))
- R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol());
+ R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol(),
+ StateMgr.getSymbolManager());
if (R) {
RegionBindingsTy B = GetRegionBindings(store);
projects / clang / commitdiff