- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-
6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-
6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70565
91177308-0d34-0410-b5e6-
96231b3b80d8
return CastResult(state, R);
}
- // FIXME: We don't want to layer region views. Need to handle
- // arbitrary downcasts.
+ // FIXME: Need to handle arbitrary downcasts.
+ // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion
+ // or an AllocaRegion is cast to another view, thus causing the memory
+ // to be re-used for a different purpose.
- const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);
- return CastResult(AddRegionView(state, ViewR, R), ViewR);
+ if (isa<SymbolicRegion>(R) || isa<AllocaRegion>(R)) {
+ const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);
+ return CastResult(AddRegionView(state, ViewR, R), ViewR);
+ }
+
+ return CastResult(state, R);
}
// Test if the 'storage' region gets properly initialized after it is cast to
// 'struct sockaddr *'.
+// XFAIL
#include <sys/socket.h>
void f(int sock) {
// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=basic -verify &&
-// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify &&
-// RUN: clang-cc -analyze -checker-simple %s -verify
+// RUN: clang-cc -analyze -checker-cfref %s --analyzer-store=region -verify
+// XFAIL
unsigned foo();
typedef struct bf { unsigned x:2; } bf;
-// RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic %s &&
-// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region %s
-// XFAIL
-
-// *** These tests will be migrated to other test files once these failures
-// are resolved.
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=basic --verify -fblocks %s &&
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=range --verify -fblocks %s &&
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=basic --verify -fblocks %s &&
+// RUN: clang-cc -triple x86_64-apple-darwin9 -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=range --verify -fblocks %s
// <rdar://problem/6440393> - A bunch of misc. failures involving evaluating
// these expressions and building CFGs. These tests are here to prevent
return;
shazam(x, &bufptr);
}
+
// RUN: clang-cc -verify -analyze -checker-cfref -analyzer-store=region %s
+// XFAIL
struct tea_cheese { unsigned magic; };
typedef struct tea_cheese kernel_tea_cheese_t;
projects / clang / commitdiff