Fixed a horribly insidious bit-masking bug in the implementation of

author Ted Kremenek <kremenek@apple.com>

Wed, 5 Mar 2008 19:08:55 +0000 (19:08 +0000)

committer Ted Kremenek <kremenek@apple.com>

Wed, 5 Mar 2008 19:08:55 +0000 (19:08 +0000)
author Ted Kremenek <kremenek@apple.com>
Wed, 5 Mar 2008 19:08:55 +0000 (19:08 +0000)
committer Ted Kremenek <kremenek@apple.com>
Wed, 5 Mar 2008 19:08:55 +0000 (19:08 +0000)
diff --git a/Analysis/ExplodedGraph.cpp b/Analysis/ExplodedGraph.cpp

index 69d190d09fb26ef00e37ef833c4babbfc91a0ef3..274565bf6c886d34b382542a7d6fcfe00dee0b35 100644 (file)
--- a/Analysis/ExplodedGraph.cpp
+++ b/Analysis/ExplodedGraph.cpp
@@ -23,18 +23,28 @@ static inline std::vector<ExplodedNodeImpl*>& getVector(void* P) {
  }
  
  void ExplodedNodeImpl::NodeGroup::addNode(ExplodedNodeImpl* N) {
+  
+  assert ((reinterpret_cast<uintptr_t>(N) & Mask) == 0x0);
+  
    if (getKind() == Size1) {
      if (ExplodedNodeImpl* NOld = getNode()) {
        std::vector<ExplodedNodeImpl*>* V = new std::vector<ExplodedNodeImpl*>();
+      assert ((reinterpret_cast<uintptr_t>(V) & Mask) == 0x0);
        V->push_back(NOld);
        V->push_back(N);
        P = reinterpret_cast<uintptr_t>(V) | SizeOther;
+      assert (getPtr() == (void*) V);
+      assert (getKind() == SizeOther);
      }
-    else
+    else {
        P = reinterpret_cast<uintptr_t>(N);
+      assert (getKind() == Size1);
+    }
    }
-  else
+  else {
+    assert (getKind() == SizeOther);
      getVector(getPtr()).push_back(N);
+  }
  }
  
  bool ExplodedNodeImpl::NodeGroup::empty() const {
@@ -62,7 +72,7 @@ ExplodedNodeImpl** ExplodedNodeImpl::NodeGroup::end() const {
    if (getKind() == Size1)
      return (ExplodedNodeImpl**) (P ? &P+1 : &P);
    else
-    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).rbegin())+1);
+    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).end()));
  }
  
  ExplodedNodeImpl::NodeGroup::~NodeGroup() {
diff --git a/include/clang/Analysis/PathSensitive/ExplodedGraph.h b/include/clang/Analysis/PathSensitive/ExplodedGraph.h

index ca76c48387c2ebcbec9f385abb29fb2eedfdcc1e..c1dc2224f89f58c16f12917c11555552efd3b8b8 100644 (file)
--- a/include/clang/Analysis/PathSensitive/ExplodedGraph.h
+++ b/include/clang/Analysis/PathSensitive/ExplodedGraph.h
@@ -51,7 +51,7 @@ protected:
      uintptr_t P;
      
      unsigned getKind() const {
-      return P & Mask;
+      return P & 0x1;
      }
      
      void* getPtr() const {
author	Ted Kremenek <kremenek@apple.com>
	Wed, 5 Mar 2008 19:08:55 +0000 (19:08 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Wed, 5 Mar 2008 19:08:55 +0000 (19:08 +0000)
Analysis/ExplodedGraph.cpp		patch \| blob \| history
include/clang/Analysis/PathSensitive/ExplodedGraph.h		patch \| blob \| history