BinaryOperator::Opcode Op = B->getOpcode();
+ if (Op == BinaryOperator::Div) { // Check for divide-by-zero.
+
+ // First, "assume" that the denominator is 0.
+
+ bool isFeasible = false;
+ StateTy ZeroSt = Assume(St, RightV, false, isFeasible);
+
+ if (isFeasible) {
+ NodeTy* DivZeroNode = Builder->generateNode(B, ZeroSt, N2);
+
+ if (DivZeroNode) {
+ DivZeroNode->markAsSink();
+ DivZeroes.insert(DivZeroNode);
+ }
+ }
+
+ // Second, "assume" that the denominator cannot be 0.
+
+ isFeasible = false;
+ St = Assume(St, RightV, true, isFeasible);
+
+ if (!isFeasible)
+ continue;
+
+ // Fall-through. The logic below processes the divide.
+ }
+
if (Op <= BinaryOperator::Or) {
// Process non-assignements except commas or short-circuited
RightV = EvalCast(RightV, CTy);
// Evaluate operands and promote to result type.
+
+ if (Op == BinaryOperator::Div) { // Check for divide-by-zero.
+
+ // First, "assume" that the denominator is 0.
+
+ bool isFeasible = false;
+ StateTy ZeroSt = Assume(St, RightV, false, isFeasible);
+
+ if (isFeasible) {
+ NodeTy* DivZeroNode = Builder->generateNode(B, ZeroSt, N2);
+
+ if (DivZeroNode) {
+ DivZeroNode->markAsSink();
+ DivZeroes.insert(DivZeroNode);
+ }
+ }
+
+ // Second, "assume" that the denominator cannot be 0.
+
+ isFeasible = false;
+ St = Assume(St, RightV, true, isFeasible);
+
+ if (!isFeasible)
+ continue;
+
+ // Fall-through. The logic below processes the divide.
+ }
+
RVal Result = EvalCast(EvalBinOp(Op, V, RightV), B->getType());
-
St = SetRVal(SetRVal(St, B, Result), LeftLV, Result);
}
}
/// taking a branch based on an uninitialized value.
typedef llvm::SmallPtrSet<NodeTy*,5> UninitBranchesTy;
UninitBranchesTy UninitBranches;
+
+ typedef llvm::SmallPtrSet<NodeTy*,5> UninitStoresTy;
+ typedef llvm::SmallPtrSet<NodeTy*,5> BadDerefTy;
+ typedef llvm::SmallPtrSet<NodeTy*,5> DivZerosTy;
/// UninitStores - Sinks in the ExplodedGraph that result from
/// making a store to an uninitialized lvalue.
- typedef llvm::SmallPtrSet<NodeTy*,5> UninitStoresTy;
UninitStoresTy UninitStores;
/// ImplicitNullDeref - Nodes in the ExplodedGraph that result from
- /// taking a dereference on a symbolic pointer that may be NULL.
- typedef llvm::SmallPtrSet<NodeTy*,5> BadDerefTy;
+ /// taking a dereference on a symbolic pointer that MAY be NULL.
BadDerefTy ImplicitNullDeref;
+
+ /// ExplicitNullDeref - Nodes in the ExplodedGraph that result from
+ /// taking a dereference on a symbolic pointer that MUST be NULL.
BadDerefTy ExplicitNullDeref;
+
+ /// UnitDeref - Nodes in the ExplodedGraph that result from
+ /// taking a dereference on an uninitialized value.
BadDerefTy UninitDeref;
+
+ /// DivZeroes - Nodes in the ExplodedGraph that result from evaluating
+ /// a divide-by-zero.
+ DivZerosTy DivZeroes;
bool StateCleaned;
projects / clang / commitdiff