analyzer: Provide temporary workaround for false positive reported by

<rdar://problem/6704930> involving SimpleConstraintManager not reasoning well
about symbolic constraint values involving arithmetic operators.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67534 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Analysis/SimpleConstraintManager.cpp b/lib/Analysis/SimpleConstraintManager.cpp
index a4d59bec887381ecc6b880ef0b56b798fd1d7f54..e6f940e57cc28f6c5aa82ab34752fd25a03d4c3e 100644 (file)
--- a/lib/Analysis/SimpleConstraintManager.cpp
+++ b/lib/Analysis/SimpleConstraintManager.cpp
@@ -29,6 +29,17 @@ bool SimpleConstraintManager::canReasonAbout(SVal X) const {
       case BinaryOperator::Or:
       case BinaryOperator::Xor:
         return false;
+        // We don't reason yet about arithmetic constraints on symbolic values.
+      case BinaryOperator::Mul:
+      case BinaryOperator::Div:
+      case BinaryOperator::Rem:
+      case BinaryOperator::Add:
+      case BinaryOperator::Sub:
+      case BinaryOperator::Shl:
+      case BinaryOperator::Shr:
+        return false;
+
+        // All other cases.
       default:
         return true;
     }

diff --git a/test/Analysis/retain-release.m b/test/Analysis/retain-release.m
index 50a809c36a95d569ddaaff90e499e25882fc8151..9fd15d3e7a5b3e1231007e5dbe03c3c8514ff457 100644 (file)
--- a/test/Analysis/retain-release.m
+++ b/test/Analysis/retain-release.m
@@ -299,8 +299,8 @@ static void rdar_6659160(char *inkind, char *inname)
   NSString *kind = [[NSString alloc] initWithUTF8String:inkind];  // expected-warning{{leak}}
   
   // We do allow stringWithUTF8String to fail.  This isn't really correct, as
-  // far as returning nil.  In most error conditions it will throw an exception.
-  // If allocation fails it could return nil, but again this
+  // far as returning 0.  In most error conditions it will throw an exception.
+  // If allocation fails it could return 0, but again this
   // isn't expected.
   NSString *name = [NSString stringWithUTF8String:inname];
   if(!name)
@@ -360,3 +360,37 @@ void pr3820_DeallocAfterRelease(void)
   [foo dealloc]; // expected-warning{{used after it is released}}
   // message sent to released object
 }
+
+// From <rdar://problem/6704930>.  The problem here is that 'length' binds to
+// '($0 - 1)' after '--length', but SimpleConstraintManager doesn't know how to
+// reason about '($0 - 1) > constant'.  As a temporary hack, we drop the value
+// of '($0 - 1)' and conjure a new symbol.
+void rdar6704930(unsigned char *s, unsigned int length) {
+  NSString* name = 0;
+  if (s != 0) {
+    if (length > 0) {
+      while (length > 0) {
+        if (*s == ':') {
+          ++s;
+          --length;
+          name = [[NSString alloc] init]; // no-warning
+          break;
+        }
+        ++s;
+        --length;
+      }
+      if ((length == 0) && (name != 0)) {
+        [name release];
+        name = 0;
+      }
+      if (length == 0) { // no ':' found -> use it all as name
+        name = [[NSString alloc] init]; // no-warning
+      }
+    }
+  }
+
+  if (name != 0) {
+    [name release];
+  }
+}
+