using namespace ento;
using llvm::APSInt;
+/// \brief Optionally conjure and return a symbol for offset when processing
+/// an expression \p Expression.
+/// If \p Other is a location, conjure a symbol for \p Symbol
+/// (offset) if it is unknown so that memory arithmetic always
+/// results in an ElementRegion.
+/// \p Count The number of times the current basic block was visited.
+static SVal conjureOffsetSymbolOnLocation(
+ SVal Symbol, SVal Other, Expr* Expression, SValBuilder &svalBuilder,
+ unsigned Count, const LocationContext *LCtx) {
+ QualType Ty = Expression->getType();
+ if (Other.getAs<Loc>() &&
+ Ty->isIntegralOrEnumerationType() &&
+ Symbol.isUnknown()) {
+ return svalBuilder.conjureSymbolVal(Expression, LCtx, Ty, Count);
+ }
+ return Symbol;
+}
+
void ExprEngine::VisitBinaryOperator(const BinaryOperator* B,
ExplodedNode *Pred,
ExplodedNodeSet &Dst) {
StmtNodeBuilder Bldr(*it, Tmp2, *currBldrCtx);
if (B->isAdditiveOp()) {
- // If one of the operands is a location, conjure a symbol for the other
- // one (offset) if it's unknown so that memory arithmetic always
- // results in an ElementRegion.
// TODO: This can be removed after we enable history tracking with
// SymSymExpr.
unsigned Count = currBldrCtx->blockCount();
- if (LeftV.getAs<Loc>() &&
- RHS->getType()->isIntegralOrEnumerationType() &&
- RightV.isUnknown()) {
- RightV = svalBuilder.conjureSymbolVal(RHS, LCtx, RHS->getType(),
- Count);
- }
- if (RightV.getAs<Loc>() &&
- LHS->getType()->isIntegralOrEnumerationType() &&
- LeftV.isUnknown()) {
- LeftV = svalBuilder.conjureSymbolVal(LHS, LCtx, LHS->getType(),
- Count);
- }
+ RightV = conjureOffsetSymbolOnLocation(
+ RightV, LeftV, RHS, svalBuilder, Count, LCtx);
+ LeftV = conjureOffsetSymbolOnLocation(
+ LeftV, RightV, LHS, svalBuilder, Count, LCtx);
}
// Although we don't yet model pointers-to-members, we do need to make