return StateMgr.SetRVal(St, LV, RV);
}
+GRExprEngine::StateTy
+GRExprEngine::MarkBranch(StateTy St, Stmt* Terminator, bool branchTaken) {
+
+ switch (Terminator->getStmtClass()) {
+ default:
+ return St;
+
+ case Stmt::BinaryOperatorClass: { // '&&' and '||'
+
+ BinaryOperator* B = cast<BinaryOperator>(Terminator);
+ BinaryOperator::Opcode Op = B->getOpcode();
+
+ assert (Op == BinaryOperator::LAnd || Op == BinaryOperator::LOr);
+
+ // For &&, if we take the true branch, then the value of the whole
+ // expression is that of the RHS expression.
+ //
+ // For ||, if we take the false branch, then the value of the whole
+ // expression is that of the RHS expression.
+
+ Expr* Ex = (Op == BinaryOperator::LAnd && branchTaken) ||
+ (Op == BinaryOperator::LOr && !branchTaken)
+ ? B->getRHS() : B->getLHS();
+
+ return SetBlkExprRVal(St, B, UninitializedVal(Ex));
+ }
+
+ case Stmt::ConditionalOperatorClass: { // ?:
+
+ ConditionalOperator* C = cast<ConditionalOperator>(Terminator);
+
+ // For ?, if branchTaken == true then the value is either the LHS or
+ // the condition itself. (GNU extension).
+
+ Expr* Ex;
+
+ if (branchTaken)
+ Ex = C->getLHS() ? C->getLHS() : C->getCond();
+ else
+ Ex = C->getRHS();
+
+ return SetBlkExprRVal(St, C, UninitializedVal(Ex));
+ }
+
+ case Stmt::ChooseExprClass: { // ?:
+
+ ChooseExpr* C = cast<ChooseExpr>(Terminator);
+
+ Expr* Ex = branchTaken ? C->getLHS() : C->getRHS();
+ return SetBlkExprRVal(St, C, UninitializedVal(Ex));
+ }
+ }
+}
+
void GRExprEngine::ProcessBranch(Expr* Condition, Stmt* Term,
BranchNodeBuilder& builder) {
StateTy St = Assume(PrevState, V, true, isFeasible);
if (isFeasible)
- builder.generateNode(St, true);
+ builder.generateNode(MarkBranch(St, Term, true), true);
else
builder.markInfeasible(true);
}
StateTy St = Assume(PrevState, V, false, isFeasible);
if (isFeasible)
- builder.generateNode(St, false);
+ builder.generateNode(MarkBranch(St, Term, false), false);
else
builder.markInfeasible(false);
}
void GRExprEngine::VisitLogicalExpr(BinaryOperator* B, NodeTy* Pred,
NodeSet& Dst) {
-
- bool hasR2;
- StateTy PrevState = Pred->getState();
-
- RVal R1 = GetRVal(PrevState, B->getLHS());
- RVal R2 = GetRVal(PrevState, B->getRHS(), hasR2);
- if (hasR2) {
- if (R2.isUnknownOrUninit()) {
- Nodify(Dst, B, Pred, SetRVal(PrevState, B, R2));
- return;
- }
- }
- else if (R1.isUnknownOrUninit()) {
- Nodify(Dst, B, Pred, SetRVal(PrevState, B, R1));
- return;
- }
-
- // R1 is an expression that can evaluate to either 'true' or 'false'.
- if (B->getOpcode() == BinaryOperator::LAnd) {
- // hasR2 == 'false' means that LHS evaluated to 'false' and that
- // we short-circuited, leading to a value of '0' for the '&&' expression.
- if (hasR2 == false) {
- Nodify(Dst, B, Pred, SetRVal(PrevState, B, MakeConstantVal(0U, B)));
- return;
- }
+ assert (B->getOpcode() == BinaryOperator::LAnd ||
+ B->getOpcode() == BinaryOperator::LOr);
+
+ assert (B == CurrentStmt && getCFG().isBlkExpr(B));
+
+ StateTy St = Pred->getState();
+ RVal X = GetBlkExprRVal(St, B);
+
+ assert (X.isUninit());
+
+ Expr* Ex = (Expr*) cast<UninitializedVal>(X).getData();
+
+ assert (Ex);
+
+ if (Ex == B->getRHS()) {
+
+ X = GetBlkExprRVal(St, Ex);
+
+ // We took the RHS. Because the value of the '&&' or '||' expression must
+ // evaluate to 0 or 1, we must assume the value of the RHS evaluates to 0
+ // or 1. Alternatively, we could take a lazy approach, and calculate this
+ // value later when necessary. We don't have the machinery in place for
+ // this right now, and since most logical expressions are used for branches,
+ // the payoff is not likely to be large. Instead, we do eager evaluation.
+
+ bool isFeasible = false;
+ StateTy NewState = Assume(St, X, true, isFeasible);
+
+ if (isFeasible)
+ Nodify(Dst, B, Pred, SetBlkExprRVal(NewState, B, MakeConstantVal(1U, B)));
+
+ isFeasible = false;
+ NewState = Assume(St, X, false, isFeasible);
+
+ if (isFeasible)
+ Nodify(Dst, B, Pred, SetBlkExprRVal(NewState, B, MakeConstantVal(0U, B)));
}
else {
- assert (B->getOpcode() == BinaryOperator::LOr);
- // hasR2 == 'false' means that the LHS evaluate to 'true' and that
- // we short-circuited, leading to a value of '1' for the '||' expression.
- if (hasR2 == false) {
- Nodify(Dst, B, Pred, SetRVal(PrevState, B, MakeConstantVal(1U, B)));
- return;
- }
- }
-
- // If we reach here we did not short-circuit. Assume R2 == true and
- // R2 == false.
+ // We took the LHS expression. Depending on whether we are '&&' or
+ // '||' we know what the value of the expression is via properties of
+ // the short-circuiting.
- bool isFeasible;
- StateTy St = Assume(PrevState, R2, true, isFeasible);
-
- if (isFeasible)
- Nodify(Dst, B, Pred, SetRVal(PrevState, B, MakeConstantVal(1U, B)));
-
- St = Assume(PrevState, R2, false, isFeasible);
-
- if (isFeasible)
- Nodify(Dst, B, Pred, SetRVal(PrevState, B, MakeConstantVal(0U, B)));
+ X = MakeConstantVal( B->getOpcode() == BinaryOperator::LAnd ? 0U : 1U, B);
+ Nodify(Dst, B, Pred, SetBlkExprRVal(St, B, X));
+ }
}
-
-
+
void GRExprEngine::ProcessStmt(Stmt* S, StmtNodeBuilder& builder) {
void GRExprEngine::VisitGuardedExpr(Expr* Ex, Expr* L, Expr* R,
NodeTy* Pred, NodeSet& Dst) {
+ assert (Ex == CurrentStmt && getCFG().isBlkExpr(Ex));
+
StateTy St = Pred->getState();
+ RVal X = GetBlkExprRVal(St, Ex);
- RVal V = GetRVal(St, L);
- if (isa<UnknownVal>(V)) V = GetRVal(St, R);
+ assert (X.isUninit());
- Nodify(Dst, Ex, Pred, SetRVal(St, Ex, V));
+ Expr* SE = (Expr*) cast<UninitializedVal>(X).getData();
+
+ assert (SE);
+
+ X = GetBlkExprRVal(St, SE);
+ Nodify(Dst, Ex, Pred, SetBlkExprRVal(St, Ex, X));
}
/// VisitSizeOfAlignOfTypeExpr - Transfer function for sizeof(type).
void operator=(const ValueStateImpl& R) const;
public:
- vstate::ExprBindingsTy SubExprBindings;
- vstate::ExprBindingsTy BlockExprBindings;
- vstate::VarBindingsTy VarBindings;
- vstate::ConstNotEqTy ConstNotEq;
- vstate::ConstEqTy ConstEq;
+ vstate::ExprBindingsTy SubExprBindings;
+ vstate::ExprBindingsTy BlockExprBindings;
+ vstate::VarBindingsTy VarBindings;
+ vstate::ConstNotEqTy ConstNotEq;
+ vstate::ConstEqTy ConstEq;
/// This ctor is used when creating the first ValueStateImpl object.
ValueStateImpl(vstate::ExprBindingsTy EB, vstate::VarBindingsTy VB,
ValueState SetRVal(ValueState St, Expr* E, bool isBlkExpr, RVal V);
ValueState SetRVal(ValueState St, LVal LV, RVal V);
- RVal GetRVal(ValueState St, Expr* E, bool* hasVal = NULL);
- RVal GetRVal(ValueState St, const LVal& LV, QualType T = QualType());
+ RVal GetRVal(ValueState St, Expr* E);
+ RVal GetRVal(ValueState St, const LVal& LV, QualType T = QualType());
RVal GetLVal(ValueState St, Expr* E);
+ RVal GetBlkExprRVal(ValueState St, Expr* Ex);
+
ValueState getPersistentState(const ValueStateImpl& Impl);
ValueState AddEQ(ValueState St, SymbolID sym, const llvm::APSInt& V);
/// ProcessSwitch - Called by GRCoreEngine. Used to generate successor
/// nodes by processing the 'effects' of a switch statement.
- void ProcessSwitch(SwitchNodeBuilder& builder);
+ void ProcessSwitch(SwitchNodeBuilder& builder);
+
+protected:
/// RemoveDeadBindings - Return a new state that is the same as 'St' except
/// that all subexpression mappings are removed and that any
StateTy SetRVal(StateTy St, const Expr* Ex, const RVal& V) {
return SetRVal(St, const_cast<Expr*>(Ex), V);
}
+
+ StateTy SetBlkExprRVal(StateTy St, Expr* Ex, const RVal& V) {
+ return StateMgr.SetRVal(St, Ex, true, V);
+ }
/// SetRVal - This version of SetRVal is used to batch process a set
/// of different possible RVals and return a set of different states.
RVal GetRVal(const StateTy& St, Expr* Ex) {
return StateMgr.GetRVal(St, Ex);
}
-
- RVal GetRVal(const StateTy& St, Expr* Ex, bool& hasVal) {
- return StateMgr.GetRVal(St, Ex, &hasVal);
- }
-
+
RVal GetRVal(const StateTy& St, const Expr* Ex) {
return GetRVal(St, const_cast<Expr*>(Ex));
}
- RVal GetRVal(const StateTy& St, const LVal& LV,
- QualType T = QualType()) {
+ RVal GetBlkExprRVal(const StateTy& St, Expr* Ex) {
+ return StateMgr.GetBlkExprRVal(St, Ex);
+ }
+ RVal GetRVal(const StateTy& St, const LVal& LV, QualType T = QualType()) {
return StateMgr.GetRVal(St, LV, T);
}
StateTy EvalCall(CallExpr* CE, LVal L, StateTy St) {
return St;
}
+
+ StateTy MarkBranch(StateTy St, Stmt* Terminator, bool branchTaken);
};
} // end clang namespace
\ No newline at end of file
projects / clang / commitdiff