VarRegionKind = BEG_DECL_REGIONS,
FieldRegionKind,
ObjCIvarRegionKind,
+ END_DECL_REGIONS = ObjCIvarRegionKind,
CXXObjectRegionKind,
- END_DECL_REGIONS = CXXObjectRegionKind,
+ CXXBaseObjectRegionKind,
END_TYPED_REGIONS = END_DECL_REGIONS
};
}
};
+// CXXBaseObjectRegion represents a base object within a C++ object. It is
+// identified by the base class declaration and the region of its parent object.
+class CXXBaseObjectRegion : public TypedRegion {
+ friend class MemRegionManager;
+
+ const CXXRecordDecl *decl;
+
+ CXXBaseObjectRegion(const CXXRecordDecl *d, const MemRegion *sReg)
+ : TypedRegion(sReg, CXXBaseObjectRegionKind), decl(d) {}
+
+ static void ProfileRegion(llvm::FoldingSetNodeID &ID,
+ const CXXRecordDecl *decl, const MemRegion *sReg);
+
+public:
+ QualType getValueType() const;
+
+ void dumpToStream(llvm::raw_ostream& os) const;
+
+ void Profile(llvm::FoldingSetNodeID &ID) const;
+
+ static bool classof(const MemRegion *region) {
+ return region->getKind() == CXXBaseObjectRegionKind;
+ }
+};
+
template<typename RegionTy>
const RegionTy* MemRegion::getAs() const {
if (const RegionTy* RT = dyn_cast<RegionTy>(this))
const CXXObjectRegion *getCXXObjectRegion(Expr const *Ex,
LocationContext const *LC);
+ const CXXBaseObjectRegion *getCXXBaseObjectRegion(const CXXRecordDecl *decl,
+ const MemRegion *superRegion);
+
const FunctionTextRegion *getFunctionTextRegion(const FunctionDecl *FD);
const BlockTextRegion *getBlockTextRegion(const BlockDecl *BD,
CanQualType locTy,
/// conversions between arrays and pointers.
virtual SVal ArrayToPointer(Loc Array) = 0;
+ /// Evaluates DerivedToBase casts.
+ virtual SVal evalDerivedToBase(SVal derived, QualType basePtrType) {
+ return UnknownVal();
+ }
+
class CastResult {
const GRState *state;
const MemRegion *region;
case CK_IntegralComplexToFloatingComplex:
case CK_AnyPointerToObjCPointerCast:
case CK_AnyPointerToBlockPointerCast:
- case CK_DerivedToBase:
- case CK_UncheckedDerivedToBase:
+
case CK_ObjCObjectLValueCast: {
// Delegate to SValuator to process.
for (ExplodedNodeSet::iterator I = S2.begin(), E = S2.end(); I != E; ++I) {
}
return;
}
-
+
+ case CK_DerivedToBase:
+ case CK_UncheckedDerivedToBase:
+ // For DerivedToBase cast, delegate to the store manager.
+ for (ExplodedNodeSet::iterator I = S2.begin(), E = S2.end(); I != E; ++I) {
+ ExplodedNode *node = *I;
+ const GRState *state = GetState(node);
+ SVal val = state->getSVal(Ex);
+ val = getStoreManager().evalDerivedToBase(val, T);
+ state = state->BindExpr(CastE, val);
+ MakeNode(Dst, CastE, node, state);
+ }
+ return;
+
// Various C++ casts that are not handled yet.
case CK_Dynamic:
case CK_ToUnion:
return ValMgr.makeIntVal(getStringLiteral()->getByteLength()+1, SizeTy);
}
+QualType CXXBaseObjectRegion::getValueType() const {
+ return QualType(decl->getTypeForDecl(), 0);
+}
+
//===----------------------------------------------------------------------===//
// FoldingSet profiling.
//===----------------------------------------------------------------------===//
ProfileRegion(ID, Ex, getSuperRegion());
}
+void CXXBaseObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
+ const CXXRecordDecl *decl,
+ const MemRegion *sReg) {
+ ID.AddPointer(decl);
+ ID.AddPointer(sReg);
+}
+
+void CXXBaseObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
+ ProfileRegion(ID, decl, superRegion);
+}
+
//===----------------------------------------------------------------------===//
// Region pretty-printing.
//===----------------------------------------------------------------------===//
os << "temp_object";
}
+void CXXBaseObjectRegion::dumpToStream(llvm::raw_ostream &os) const {
+ os << "base " << decl->getName();
+}
+
void CXXThisRegion::dumpToStream(llvm::raw_ostream &os) const {
os << "this";
}
return getSubRegion<CXXObjectRegion>(E, getStackLocalsRegion(SFC));
}
+const CXXBaseObjectRegion *
+MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *decl,
+ const MemRegion *superRegion) {
+ return getSubRegion<CXXBaseObjectRegion>(decl, superRegion);
+}
+
const CXXThisRegion*
MemRegionManager::getCXXThisRegion(QualType thisPointerTy,
const LocationContext *LC) {
/// casts from arrays to pointers.
SVal ArrayToPointer(Loc Array);
+ /// For DerivedToBase casts, create a CXXBaseObjectRegion and return it.
+ virtual SVal evalDerivedToBase(SVal derived, QualType basePtrType);
+
SVal EvalBinOp(BinaryOperator::Opcode Op,Loc L, NonLoc R, QualType resultTy);
Store getInitialStore(const LocationContext *InitLoc) {
return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, ArrayR, Ctx));
}
+SVal RegionStoreManager::evalDerivedToBase(SVal derived, QualType basePtrType) {
+ const CXXRecordDecl *baseDecl = basePtrType->getCXXRecordDeclForPointerType();
+ assert(baseDecl && "not a CXXRecordDecl?");
+ loc::MemRegionVal &derivedRegVal = cast<loc::MemRegionVal>(derived);
+ const MemRegion *baseReg =
+ MRMgr.getCXXBaseObjectRegion(baseDecl, derivedRegVal.getRegion());
+ return loc::MemRegionVal(baseReg);
+}
//===----------------------------------------------------------------------===//
// Pointer arithmetic.
//===----------------------------------------------------------------------===//
case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind:
case MemRegion::CXXObjectRegionKind:
+ case MemRegion::CXXBaseObjectRegionKind:
return UnknownVal();
case MemRegion::FunctionTextRegionKind:
--- /dev/null
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-store region %s
+
+class A {
+protected:
+ int x;
+};
+
+class B : public A {
+public:
+ void f();
+};
+
+void B::f() {
+ x = 3;
+}
projects / clang / commitdiff