BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.

StoreManager: Handle casts from one element region to another.
Update test cases.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70836 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp
index e4ac6b92a1e22b9cc58468affa95190195dd31d5..969e4c965434154b5e482ee5acacbed5d916f6e7 100644 (file)
--- a/lib/Analysis/BasicStore.cpp
+++ b/lib/Analysis/BasicStore.cpp
@@ -217,7 +217,7 @@ SVal BasicStoreManager::getLValueElement(const GRState* St,
         //   char buf[100];
         //   char *q = &buf[1];  // p points to ElementRegion(buf,Unknown)
         //   &q[10]
-        assert(cast<ElementRegion>(R)->getIndex().isUnknown());
+        //assert(cast<ElementRegion>(R)->getIndex().isUnknown());
         return Base;
       }
       
@@ -287,18 +287,18 @@ SVal BasicStoreManager::Retrieve(const GRState* state, Loc loc, QualType T) {
     case loc::MemRegionKind: {
       const MemRegion* R = cast<loc::MemRegionVal>(loc).getRegion();
       
-      if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R)) {
+      if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
         // Just support void**, void***, intptr_t*, intptr_t**, etc., for now.
         // This is needed to handle OSCompareAndSwapPtr() and friends.
         ASTContext &Ctx = StateMgr.getContext();
-        QualType T = TR->getLValueType(Ctx);
+        QualType T = ER->getLValueType(Ctx);
 
         if (!isHigherOrderRawPtr(T, Ctx))
           return UnknownVal();
         
-        // Otherwise, strip the views.
-        // FIXME: Should we layer a TypedView on the result?
-        R = TR->removeViews();
+        // FIXME: Should check for element 0.
+        // Otherwise, strip the element region.
+        R = ER->getSuperRegion();
       }
       
       if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))
@@ -333,11 +333,12 @@ Store BasicStoreManager::BindInternal(Store store, Loc loc, SVal V) {
       // a cast to intXX_t*, void*, etc.  This is needed to handle
       // OSCompareAndSwap32Barrier/OSCompareAndSwap64Barrier.
       if (isa<Loc>(V) || isa<nonloc::LocAsInteger>(V))
-        if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R)) {
-          QualType T = TR->getLValueType(C);
+        if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
+          // FIXME: Should check for index 0.
+          QualType T = ER->getLValueType(C);
         
           if (isHigherOrderRawPtr(T, C))
-            R = TR->removeViews();
+            R = ER->getSuperRegion();
         }      
       
       if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))

diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp
index e9b8f6a27fe7ed4ebf16b23fcc78e5c8e125e97a..76437d2c8645fbf92aa0db70403c7bcdd26f3bd1 100644 (file)
--- a/lib/Analysis/Store.cpp
+++ b/lib/Analysis/Store.cpp
@@ -68,7 +68,12 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R,
         // FIXME: We should have a standard query function to get the size
         //  of the array index.
         SVal Idx = ValMgr.makeZeroVal(ValMgr.getContext().VoidPtrTy);
-        ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, TR);
+        
+        // If the super region is an element region, strip it away.
+        // FIXME: Is this the right thing to do in all cases?
+        const TypedRegion *Base = isa<ElementRegion>(TR) ?
+                                  cast<TypedRegion>(TR->getSuperRegion()) : TR;
+        ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, Base);
         return CastResult(state, ER);
       }
     }

diff --git a/test/Analysis/xfail_regionstore_bogus_array_bounds_failure.c b/test/Analysis/no-outofbounds.c
similarity index 58%
rename from test/Analysis/xfail_regionstore_bogus_array_bounds_failure.c
rename to test/Analysis/no-outofbounds.c
index 0eb36519cac9c8b54c1529cb5088e7c687767f6b..df21fb27fe9fa5073b4ddeeeaf881310d8e9e1ad 100644 (file)
--- a/test/Analysis/xfail_regionstore_bogus_array_bounds_failure.c
+++ b/test/Analysis/no-outofbounds.c
@@ -1,8 +1,5 @@
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s
-// XFAIL
-
-// What we are seeing: Load or store into an out-of-bound memory position
-// This is bogus.
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s &&
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic -verify %s
 
 void f() {
   long x = 0;

diff --git a/test/Analysis/xfail_regionstore_wine_crash.c b/test/Analysis/xfail_regionstore_wine_crash.c
index 55143f88058b1fd119f258e253f5ca3e01e98319..b6968c73a486f587e4d3424c29f6aa8fbf102d86 100644 (file)
--- a/test/Analysis/xfail_regionstore_wine_crash.c
+++ b/test/Analysis/xfail_regionstore_wine_crash.c
@@ -1,5 +1,4 @@
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region %s &&
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic %s
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s
 // XFAIL
 
 // When this test passes we should put it in the misc-ps.m test file.