const VarDecl *VD,
const LocationContext *LC) = 0;
+ typedef llvm::DenseSet<SymbolRef> InvalidatedSymbols;
+
virtual const GRState *InvalidateRegion(const GRState *state,
const MemRegion *R,
- const Expr *E, unsigned Count) = 0;
+ const Expr *E, unsigned Count,
+ InvalidatedSymbols *IS) = 0;
// FIXME: Make out-of-line.
virtual const GRState *setExtent(const GRState *state,
QualType T = QualType());
const GRState *InvalidateRegion(const GRState *state, const MemRegion *R,
- const Expr *E, unsigned Count);
+ const Expr *E, unsigned Count,
+ InvalidatedSymbols *IS);
const GRState *Bind(const GRState *state, Loc L, SVal V) {
return state->makeWithStore(BindInternal(state->getStore(), L, V));
const GRState *BasicStoreManager::InvalidateRegion(const GRState *state,
const MemRegion *R,
const Expr *E,
- unsigned Count) {
+ unsigned Count,
+ InvalidatedSymbols *IS) {
R = R->getBaseRegion();
if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))
return state;
+ if (IS) {
+ BindingsTy B = GetBindings(state->getStore());
+ if (BindingsTy::data_type *Val = B.lookup(R)) {
+ if (SymbolRef Sym = Val->getAsSymbol())
+ IS->insert(Sym);
+ }
+ }
+
QualType T = cast<TypedRegion>(R)->getValueType(R->getContext());
SVal V = ValMgr.getConjuredSymbolVal(R, E, T, Count);
return Bind(state, loc::MemRegionVal(R), V);
// FIXME: What about layers of ElementRegions?
}
- // Is the invalidated variable something that we were tracking?
- SymbolRef Sym = state->getSValAsScalarOrLoc(R).getAsLocSymbol();
-
- // Remove any existing reference-count binding.
- if (Sym)
- state = state->remove<RefBindings>(Sym);
-
- state = StoreMgr.InvalidateRegion(state, R, *I, Count);
+ StoreManager::InvalidatedSymbols IS;
+ state = StoreMgr.InvalidateRegion(state, R, *I, Count, &IS);
+ for (StoreManager::InvalidatedSymbols::iterator I = IS.begin(),
+ E = IS.end(); I!=E; ++I) {
+ // Remove any existing reference-count binding.
+ state = state->remove<RefBindings>(*I);
+ }
}
else {
// Nuke all other arguments passed by reference.
//===-------------------------------------------------------------------===//
const GRState *InvalidateRegion(const GRState *state, const MemRegion *R,
- const Expr *E, unsigned Count);
+ const Expr *E, unsigned Count,
+ InvalidatedSymbols *IS);
private:
void RemoveSubRegionBindings(RegionBindings &B, const MemRegion *R,
const GRState *RegionStoreManager::InvalidateRegion(const GRState *state,
const MemRegion *R,
const Expr *Ex,
- unsigned Count) {
+ unsigned Count,
+ InvalidatedSymbols *IS) {
ASTContext& Ctx = StateMgr.getContext();
// Strip away casts.
if (Optional<SVal> V = getDirectBinding(B, R)) {
if (const MemRegion *RV = V->getAsRegion())
WorkList.push_back(RV);
+
+ // A symbol? Mark it touched by the invalidation.
+ if (IS) {
+ if (SymbolRef Sym = V->getAsSymbol())
+ IS->insert(Sym);
+ }
+ }
+
+ // Symbolic region? Mark that symbol touched by the invalidation.
+ if (IS) {
+ if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
+ IS->insert(SR->getSymbol());
}
- // Handle region.
+ // Handle the region itself.
if (isa<AllocaRegion>(R) || isa<SymbolicRegion>(R) ||
isa<ObjCObjectRegion>(R)) {
// Invalidate the region by setting its default value to
// For now, just invalidate the fields of the struct/union/class.
// FIXME: Precisely handle the fields of the record.
if (superTy->isRecordType())
- return InvalidateRegion(state, superR, NULL, 0);
+ return InvalidateRegion(state, superR, NULL, 0, NULL);
}
}
}
// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s
-// XFAIL
//===----------------------------------------------------------------------===//
// The following code is reduced using delta-debugging from
typedef const struct __DADissenter * DADissenterRef;
extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string );
@interface NSNumber : NSObject
- - (id)initWithInt:(int)value;
- @end
+- (id)initWithInt:(int)value;
+@end
+typedef unsigned long NSUInteger;
+@interface NSArray : NSObject
+-(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt;
+@end
//===----------------------------------------------------------------------===//
// Test cases.
}
@end
-//===----------------------------------------------------------------------===//
-// <rdar://problem/7257223> - False positive due to not invalidating the
-// reference count of a tracked region that was itself invalidated.
-//===----------------------------------------------------------------------===//
+//===------------------------------------------------------------------------------------------===//
+// <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating
+// the reference count of a tracked region that was itself invalidated.
+//===------------------------------------------------------------------------------------------===//
typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223;
void rdar_7257223_aux(RDar7257223 *p);
-// THIS CASE CURRENTLY FAILS.
CFDateRef rdar7257223_Create(void) {
RDar7257223 s;
CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
return s.x;
}
-//===----------------------------------------------------------------------===//
-// <rdar://problem/7283470>
-//===----------------------------------------------------------------------===//
-
void rdar7283470(void) {
NSNumber *numbers[] = {
[[NSNumber alloc] initWithInt:1], // no-warning
};
}
+void rdar7283470_2(void) {
+ NSNumber *numbers[] = {
+ [[NSNumber alloc] initWithInt:1], // no-warning
+ [[NSNumber alloc] initWithInt:2], // no-warning
+ [[NSNumber alloc] initWithInt:3], // no-warning
+ [[NSNumber alloc] initWithInt:4], // no-warning
+ [[NSNumber alloc] initWithInt:5] // no-warning
+ };
+
+ NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])];
+
+ for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
+ [numbers[i] release];
+
+ [s_numbers release];
+}
+
+void rdar7283470_2_positive(void) {
+ NSNumber *numbers[] = {
+ [[NSNumber alloc] initWithInt:1], // no-warning
+ [[NSNumber alloc] initWithInt:2], // no-warning
+ [[NSNumber alloc] initWithInt:3], // no-warning
+ [[NSNumber alloc] initWithInt:4], // no-warning
+ [[NSNumber alloc] initWithInt:5] // no-warning
+ };
+
+ NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}}
+
+ for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
+ [numbers[i] release];
+}
+
projects / clang / commitdiff