bool isFeasible = false;
ValueState* ZeroSt = Assume(St, RightV, false, isFeasible);
- if (isFeasible) {
- NodeTy* DivZeroNode = Builder->generateNode(B, ZeroSt, N2);
-
- if (DivZeroNode) {
+ if (isFeasible)
+ if (NodeTy* DivZeroNode = Builder->generateNode(B, ZeroSt, N2)) {
DivZeroNode->markAsSink();
BadDivides.insert(DivZeroNode);
}
- }
// Second, "assume" that the denominator cannot be 0.
// Fall-through. The logic below processes the divide.
}
+
if (Op <= BinaryOperator::Or) {
// Process non-assignements except commas or short-circuited
continue;
}
+ if (Result.isUndef() && !LeftV.isUndef() && !RightV.isUndef()) {
+
+ // The operands were not undefined, but the result is undefined.
+
+ if (NodeTy* UndefNode = Builder->generateNode(B, St, N2)) {
+ UndefNode->markAsSink();
+ UndefResults.insert(UndefNode);
+ }
+
+ continue;
+ }
+
Nodify(Dst, B, N2, SetRVal(St, B, Result));
continue;
}
}
RVal Result = EvalCast(EvalBinOp(Op, V, RightV), B->getType());
+
+ if (Result.isUndef()) {
+
+ // The operands were not undefined, but the result is undefined.
+
+ if (NodeTy* UndefNode = Builder->generateNode(B, St, N2)) {
+ UndefNode->markAsSink();
+ UndefResults.insert(UndefNode);
+ }
+
+ continue;
+ }
+
St = SetRVal(SetRVal(St, B, Result), LeftLV, Result);
}
}
GraphPrintCheckerState->isUndefDeref(N) ||
GraphPrintCheckerState->isUndefStore(N) ||
GraphPrintCheckerState->isUndefControlFlow(N) ||
- GraphPrintCheckerState->isBadDivide(N))
+ GraphPrintCheckerState->isBadDivide(N) ||
+ GraphPrintCheckerState->isUndefResult(N))
return "color=\"red\",style=\"filled\"";
+ if (GraphPrintCheckerState->isNoReturnCall(N))
+ return "color=\"blue\",style=\"filled\"";
+
return "";
}
else if (GraphPrintCheckerState->isBadDivide(N)) {
Out << "\\|Divide-by zero or undefined value.";
}
+ else if (GraphPrintCheckerState->isUndefResult(N)) {
+ Out << "\\|Result of operation is undefined.";
+ }
+ else if (GraphPrintCheckerState->isNoReturnCall(N))
+ Out << "\\|Call to function marked \"noreturn\".";
break;
}
CheckerState->bad_divides_begin(),
CheckerState->bad_divides_end(),
"Division by zero/undefined value.");
+
+ EmitWarning(Diag, SrcMgr,
+ CheckerState->undef_results_begin(),
+ CheckerState->undef_results_end(),
+ "Result of operation is undefined.");
#ifndef NDEBUG
if (Visualize) CheckerState->ViewGraph();
// Transfer function dispatch for Non-LVals.
//===----------------------------------------------------------------------===//
-nonlval::ConcreteInt
+RVal
nonlval::ConcreteInt::EvalBinOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
const nonlval::ConcreteInt& R) const {
- return ValMgr.EvaluateAPSInt(Op, getValue(), R.getValue());
+ const llvm::APSInt* X = ValMgr.EvaluateAPSInt(Op, getValue(), R.getValue());
+
+ if (X)
+ return nonlval::ConcreteInt(*X);
+ else
+ return UndefinedVal();
}
// Transfer function dispatch for LVals.
//===----------------------------------------------------------------------===//
-lval::ConcreteInt
+RVal
lval::ConcreteInt::EvalBinOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
const lval::ConcreteInt& R) const {
assert (Op == BinaryOperator::Add || Op == BinaryOperator::Sub ||
(Op >= BinaryOperator::LT && Op <= BinaryOperator::NE));
- return ValMgr.EvaluateAPSInt(Op, getValue(), R.getValue());
+ const llvm::APSInt* X = ValMgr.EvaluateAPSInt(Op, getValue(), R.getValue());
+
+ if (X)
+ return lval::ConcreteInt(*X);
+ else
+ return UndefinedVal();
}
NonLVal LVal::EQ(ValueManager& ValMgr, const LVal& R) const {
return *C;
}
-const llvm::APSInt&
+const llvm::APSInt*
ValueManager::EvaluateAPSInt(BinaryOperator::Opcode Op,
const llvm::APSInt& V1, const llvm::APSInt& V2) {
assert (false && "Invalid Opcode.");
case BinaryOperator::Mul:
- return getValue( V1 * V2 );
+ return &getValue( V1 * V2 );
case BinaryOperator::Div:
- return getValue( V1 / V2 );
+ return &getValue( V1 / V2 );
case BinaryOperator::Rem:
- return getValue( V1 % V2 );
+ return &getValue( V1 % V2 );
case BinaryOperator::Add:
- return getValue( V1 + V2 );
+ return &getValue( V1 + V2 );
case BinaryOperator::Sub:
- return getValue( V1 - V2 );
+ return &getValue( V1 - V2 );
- case BinaryOperator::Shl:
- return getValue( V1.operator<<( (unsigned) V2.getZExtValue() ));
+ case BinaryOperator::Shl: {
+
+ // FIXME: This logic should probably go higher up, where we can
+ // test these conditions symbolically.
+
+ // FIXME: Expand these checks to include all undefined behavior.
+
+ if (V2.isSigned() && V2.isNegative())
+ return NULL;
+
+ uint64_t Amt = V2.getZExtValue();
+
+ if (Amt > V1.getBitWidth())
+ return NULL;
+
+ return &getValue( V1.operator<<( (unsigned) Amt ));
+ }
+
+ case BinaryOperator::Shr: {
+
+ // FIXME: This logic should probably go higher up, where we can
+ // test these conditions symbolically.
+
+ // FIXME: Expand these checks to include all undefined behavior.
+
+ if (V2.isSigned() && V2.isNegative())
+ return NULL;
+
+ uint64_t Amt = V2.getZExtValue();
+
+ if (Amt > V1.getBitWidth())
+ return NULL;
- case BinaryOperator::Shr:
- return getValue( V1.operator>>( (unsigned) V2.getZExtValue() ));
+ return &getValue( V1.operator>>( (unsigned) Amt ));
+ }
case BinaryOperator::LT:
- return getTruthValue( V1 < V2 );
+ return &getTruthValue( V1 < V2 );
case BinaryOperator::GT:
- return getTruthValue( V1 > V2 );
+ return &getTruthValue( V1 > V2 );
case BinaryOperator::LE:
- return getTruthValue( V1 <= V2 );
+ return &getTruthValue( V1 <= V2 );
case BinaryOperator::GE:
- return getTruthValue( V1 >= V2 );
+ return &getTruthValue( V1 >= V2 );
case BinaryOperator::EQ:
- return getTruthValue( V1 == V2 );
+ return &getTruthValue( V1 == V2 );
case BinaryOperator::NE:
- return getTruthValue( V1 != V2 );
+ return &getTruthValue( V1 != V2 );
// Note: LAnd, LOr, Comma are handled specially by higher-level logic.
case BinaryOperator::And:
- return getValue( V1 & V2 );
+ return &getValue( V1 & V2 );
case BinaryOperator::Or:
- return getValue( V1 | V2 );
+ return &getValue( V1 | V2 );
case BinaryOperator::Xor:
- return getValue( V1 ^ V2 );
+ return &getValue( V1 ^ V2 );
}
}
typedef llvm::SmallPtrSet<NodeTy*,2> BadDerefTy;
typedef llvm::SmallPtrSet<NodeTy*,2> BadDividesTy;
typedef llvm::SmallPtrSet<NodeTy*,2> NoReturnCallsTy;
+ typedef llvm::SmallPtrSet<NodeTy*,2> UndefResultsTy;
+
/// UndefBranches - Nodes in the ExplodedGraph that result from
/// taking a branch based on an undefined value.
/// a divide-by-zero or divide-by-undefined.
BadDividesTy BadDivides;
+ /// UndefResults - Nodes in the ExplodedGraph where the operands are defined
+ /// by the result is not. Excludes divide-by-zero errors.
+ UndefResultsTy UndefResults;
+
bool StateCleaned;
public:
bool isNoReturnCall(const NodeTy* N) const {
return N->isSink() && NoReturnCalls.count(const_cast<NodeTy*>(N)) != 0;
}
-
+
+ bool isUndefResult(const NodeTy* N) const {
+ return N->isSink() && UndefResults.count(const_cast<NodeTy*>(N)) != 0;
+ }
+
typedef BadDerefTy::iterator null_deref_iterator;
null_deref_iterator null_derefs_begin() { return ExplicitNullDeref.begin(); }
null_deref_iterator null_derefs_end() { return ExplicitNullDeref.end(); }
bad_divide_iterator bad_divides_begin() { return BadDivides.begin(); }
bad_divide_iterator bad_divides_end() { return BadDivides.end(); }
+ typedef UndefResultsTy::iterator undef_result_iterator;
+ undef_result_iterator undef_results_begin() { return UndefResults.begin(); }
+ undef_result_iterator undef_results_end() { return UndefResults.end(); }
+
/// ProcessStmt - Called by GRCoreEngine. Used to generate new successor
/// nodes by processing the 'effects' of a block-level statement.
void ProcessStmt(Stmt* S, StmtNodeBuilder& builder);
}
// Transfer functions for binary/unary operations on ConcreteInts.
- ConcreteInt EvalBinOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
- const ConcreteInt& R) const;
+ RVal EvalBinOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
+ const ConcreteInt& R) const;
ConcreteInt EvalComplement(ValueManager& ValMgr) const;
}
// Transfer functions for binary/unary operations on ConcreteInts.
- ConcreteInt EvalBinOp(ValueManager& ValMgr,
- BinaryOperator::Opcode Op,
- const ConcreteInt& R) const;
+ RVal EvalBinOp(ValueManager& ValMgr, BinaryOperator::Opcode Op,
+ const ConcreteInt& R) const;
// Implement isa<T> support.
static inline bool classof(const RVal* V) {
const SymIntConstraint& getConstraint(SymbolID sym, BinaryOperator::Opcode Op,
const llvm::APSInt& V);
- const llvm::APSInt& EvaluateAPSInt(BinaryOperator::Opcode Op,
+ const llvm::APSInt* EvaluateAPSInt(BinaryOperator::Opcode Op,
const llvm::APSInt& V1,
const llvm::APSInt& V2);
};
projects / clang / commitdiff