* Do the same thing to the basicstore as in r84163.

* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the
  region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
  we can let all Retrieve() methods simply return SVal.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88888 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/clang/Analysis/PathSensitive/GRExprEngine.h b/include/clang/Analysis/PathSensitive/GRExprEngine.h
index 05920da924b7ef782bb13b6199b433013c493f77..1b6d0bdf9c10b8b604d1af22175151dd46c74b84 100644 (file)
--- a/include/clang/Analysis/PathSensitive/GRExprEngine.h
+++ b/include/clang/Analysis/PathSensitive/GRExprEngine.h
@@ -472,7 +472,8 @@ public:
   // FIXME: 'tag' should be removed, and a LocationContext should be used
   // instead.
   void EvalLoad(ExplodedNodeSet& Dst, Expr* Ex, ExplodedNode* Pred,
-                const GRState* St, SVal location, const void *tag = 0);
+                const GRState* St, SVal location, const void *tag = 0,
+                QualType LoadTy = QualType());
 
   // FIXME: 'tag' should be removed, and a LocationContext should be used
   // instead.

diff --git a/include/clang/Analysis/PathSensitive/Store.h b/include/clang/Analysis/PathSensitive/Store.h
index 6c6804bc3f6852d2ac1599aff214c22e7f673e5b..55fa83d9ecc33c6faa5b8f6c3aee54828361949a 100644 (file)
--- a/include/clang/Analysis/PathSensitive/Store.h
+++ b/include/clang/Analysis/PathSensitive/Store.h
@@ -181,8 +181,7 @@ protected:
   /// CastRetrievedVal - Used by subclasses of StoreManager to implement
   ///  implicit casts that arise from loads from regions that are reinterpreted
   ///  as another region.
-  SValuator::CastResult CastRetrievedVal(SVal val, const GRState *state,
-                                         const TypedRegion *R, QualType castTy);
+  SVal CastRetrievedVal(SVal val, const TypedRegion *R, QualType castTy);
 };
 
 // FIXME: Do we still need this?

diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp
index 7a36a3ee08c4bd3a2d96e07f8be54357f621a42f..800a76fb0aee0dc97cb71f5b74ab08cce55505ca 100644 (file)
--- a/lib/Analysis/BasicStore.cpp
+++ b/lib/Analysis/BasicStore.cpp
@@ -268,20 +268,6 @@ SValuator::CastResult BasicStoreManager::Retrieve(const GRState *state,
     case loc::MemRegionKind: {
       const MemRegion* R = cast<loc::MemRegionVal>(loc).getRegion();
 
-      if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
-        // Just support void**, void***, intptr_t*, intptr_t**, etc., for now.
-        // This is needed to handle OSCompareAndSwapPtr() and friends.
-        ASTContext &Ctx = StateMgr.getContext();
-        QualType T = ER->getLocationType(Ctx);
-
-        if (!isHigherOrderRawPtr(T, Ctx))
-          return SValuator::CastResult(state, UnknownVal());
-
-        // FIXME: Should check for element 0.
-        // Otherwise, strip the element region.
-        R = ER->getSuperRegion();
-      }
-
       if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))
         return SValuator::CastResult(state, UnknownVal());
 
@@ -291,7 +277,8 @@ SValuator::CastResult BasicStoreManager::Retrieve(const GRState *state,
       if (!Val)
         break;
 
-      return CastRetrievedVal(*Val, state, cast<TypedRegion>(R), T);
+      return SValuator::CastResult(state,
+                              CastRetrievedVal(*Val, cast<TypedRegion>(R), T));
     }
 
     case loc::ConcreteIntKind:

diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index 8ae7f1e5d07227036a8a75f7146d04ec8b951029..eb7e2778a9c8f2968716cc9f8e7bb537d08a7561 100644 (file)
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -1237,7 +1237,7 @@ void GRExprEngine::EvalStore(ExplodedNodeSet& Dst, Expr *AssignE,
 
 void GRExprEngine::EvalLoad(ExplodedNodeSet& Dst, Expr *Ex, ExplodedNode* Pred,
                             const GRState* state, SVal location,
-                            const void *tag) {
+                            const void *tag, QualType LoadTy) {
 
   // Evaluate the location (checks for bad dereferences).
   ExplodedNodeSet Tmp;
@@ -1260,7 +1260,8 @@ void GRExprEngine::EvalLoad(ExplodedNodeSet& Dst, Expr *Ex, ExplodedNode* Pred,
                ProgramPoint::PostLoadKind, tag);
     }
     else {
-      SVal V = state->getSVal(cast<Loc>(location), Ex->getType());
+      SVal V = state->getSVal(cast<Loc>(location), LoadTy.isNull() ? 
+                                                     Ex->getType() : LoadTy);
       MakeNode(Dst, Ex, *NI, state->BindExpr(Ex, V), ProgramPoint::PostLoadKind,
                tag);
     }
@@ -1355,7 +1356,13 @@ static bool EvalOSAtomicCompareAndSwap(ExplodedNodeSet& Dst,
   const GRState *state = Pred->getState();
   ExplodedNodeSet Tmp;
   SVal location = state->getSVal(theValueExpr);
-  Engine.EvalLoad(Tmp, theValueExpr, Pred, state, location, OSAtomicLoadTag);
+  // Here we should use the value type of the region as the load type.
+  const MemRegion *R = location.getAsRegion();
+  QualType LoadTy;
+  if (R)
+    LoadTy = cast<TypedRegion>(R)->getValueType(C);
+  Engine.EvalLoad(Tmp, theValueExpr, Pred, state, location, OSAtomicLoadTag,
+                  LoadTy);
 
   for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end();
        I != E; ++I) {

diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index 46cddd0da1b3261a1b95846fc3136d424c6ea844..ae3fa14c2a2683eb58c814c06da1977d57112e2e 100644 (file)
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -1029,16 +1029,20 @@ RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) {
     return SValuator::CastResult(state, UnknownVal());
 
   if (const FieldRegion* FR = dyn_cast<FieldRegion>(R))
-    return CastRetrievedVal(RetrieveField(state, FR), state, FR, T);
+    return SValuator::CastResult(state, 
+                            CastRetrievedVal(RetrieveField(state, FR), FR, T));
 
   if (const ElementRegion* ER = dyn_cast<ElementRegion>(R))
-    return CastRetrievedVal(RetrieveElement(state, ER), state, ER, T);
+    return SValuator::CastResult(state,
+                          CastRetrievedVal(RetrieveElement(state, ER), ER, T));
 
   if (const ObjCIvarRegion *IVR = dyn_cast<ObjCIvarRegion>(R))
-    return CastRetrievedVal(RetrieveObjCIvar(state, IVR), state, IVR, T);
+    return SValuator::CastResult(state,
+                       CastRetrievedVal(RetrieveObjCIvar(state, IVR), IVR, T));
 
   if (const VarRegion *VR = dyn_cast<VarRegion>(R))
-    return CastRetrievedVal(RetrieveVar(state, VR), state, VR, T);
+    return SValuator::CastResult(state,
+                              CastRetrievedVal(RetrieveVar(state, VR), VR, T));
 
   RegionBindings B = GetRegionBindings(state->getStore());
   RegionBindings::data_type* V = B.lookup(R);

diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp
index 16af1be91ecef0be8e7c8712063c12dd63274e43..afe2b4e7bd663392e8e8b0f2cd9e2b8f209559cb 100644 (file)
--- a/lib/Analysis/Store.cpp
+++ b/lib/Analysis/Store.cpp
@@ -21,7 +21,7 @@ StoreManager::StoreManager(GRStateManager &stateMgr)
     MRMgr(ValMgr.getRegionManager()) {}
 
 const MemRegion *StoreManager::MakeElementRegion(const MemRegion *Base,
-                                                 QualType EleTy, uint64_t index) {
+                                              QualType EleTy, uint64_t index) {
   SVal idx = ValMgr.makeArrayIndex(index);
   return MRMgr.getElementRegion(EleTy, idx, Base, ValMgr.getContext());
 }
@@ -192,14 +192,16 @@ const MemRegion *StoreManager::CastRegion(const MemRegion *R, QualType CastToTy)
 /// CastRetrievedVal - Used by subclasses of StoreManager to implement
 ///  implicit casts that arise from loads from regions that are reinterpreted
 ///  as another region.
-SValuator::CastResult StoreManager::CastRetrievedVal(SVal V,
-                                                     const GRState *state,
-                                                     const TypedRegion *R,
-                                                     QualType castTy) {
+SVal  StoreManager::CastRetrievedVal(SVal V, const TypedRegion *R,
+                                     QualType castTy) {
+  ASTContext &Ctx = ValMgr.getContext();
+
   if (castTy.isNull())
-    return SValuator::CastResult(state, V);
+    return V;
+  
+  assert(Ctx.getCanonicalType(castTy).getUnqualifiedType() == 
+         Ctx.getCanonicalType(R->getValueType(Ctx)).getUnqualifiedType());
 
-  ASTContext &Ctx = ValMgr.getContext();
-  return ValMgr.getSValuator().EvalCast(V, state, castTy, R->getValueType(Ctx));
+  return V;
 }