Add support for AllocaRegion extent with GDM.

One design problem that is emerging is the signed-ness problem during static
analysis. Many unsigned value have to be converted into signed value because
it partipates in operations with signed values.

On the other hand, we cannot blindly make all values occuring in static analysis
signed, because we do have cases where unsignedness is required, for example,
integer overflow detection.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59957 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/clang/Analysis/PathSensitive/Store.h b/include/clang/Analysis/PathSensitive/Store.h
index e31b6d4ddcd45697c8cf59818a6fd1ca2b3e732e..b067fba812e314de2d9dfab0065db2834ec7e195 100644 (file)
--- a/include/clang/Analysis/PathSensitive/Store.h
+++ b/include/clang/Analysis/PathSensitive/Store.h
@@ -97,6 +97,11 @@ public:
   virtual Store BindDecl(Store store, const VarDecl* VD, SVal* InitVal,
                          unsigned Count) = 0;
 
+  virtual const GRState* setExtent(const GRState* St,
+                                   const MemRegion* R, SVal Extent) {
+    return St;
+  }
+
   virtual void print(Store store, std::ostream& Out,
                      const char* nl, const char *sep) = 0;
       

diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index cb1aceaface29a2ce31c60789fb6d5f392eb9631..ea88e70afa2da59ac09f617558d8b8813920bd9e 100644 (file)
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -1291,6 +1291,13 @@ void GRExprEngine::VisitCallRec(CallExpr* CE, NodeTy* Pred,
             MemRegionManager& RM = getStateManager().getRegionManager();
             const MemRegion* R =
               RM.getAllocaRegion(CE, Builder->getCurrentBlockCount());
+
+            // Set the extent of the region in bytes. This enables us to use the
+            // SVal of the argument directly. If we save the extent in bits, we
+            // cannot represent values like symbol*8.
+            SVal Extent = GetSVal(St, *(CE->arg_begin()));
+            St = getStoreManager().setExtent(St, R, Extent);
+
             MakeNode(Dst, CE, *DI, BindExpr(St, CE, loc::MemRegionVal(R)));
             continue;            
           }

diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index 99c225f5e83d31a7dcfcb2f848a8f4c3ebde74a2..9a1f3eca34468e8576419f3c2b27d077435c081a 100644 (file)
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -26,12 +26,13 @@
 
 using namespace clang;
 
+// Actual Store type.
 typedef llvm::ImmutableMap<const MemRegion*, SVal> RegionBindingsTy;
+
+// RegionView GDM stuff.
 typedef llvm::ImmutableList<const MemRegion*> RegionViewTy;
 typedef llvm::ImmutableMap<const MemRegion*, RegionViewTy> RegionViewMapTy;
-
 static int RegionViewMapTyIndex = 0;
-
 namespace clang {
 template<> struct GRStateTrait<RegionViewMapTy> 
   : public GRStatePartialTrait<RegionViewMapTy> {
@@ -39,6 +40,18 @@ template<> struct GRStateTrait<RegionViewMapTy>
 };
 }
 
+// RegionExtents GDM stuff.
+// Currently RegionExtents are in bytes. We can change this representation when
+// there are real requirements.
+typedef llvm::ImmutableMap<const MemRegion*, SVal> RegionExtentsTy;
+static int RegionExtentsTyIndex = 0;
+namespace clang {
+template<> struct GRStateTrait<RegionExtentsTy>
+  : public GRStatePartialTrait<RegionExtentsTy> {
+  static void* GDMIndex() { return &RegionExtentsTyIndex; }
+};
+}
+
 namespace {
 
 class VISIBILITY_HIDDEN RegionStoreManager : public StoreManager {
@@ -112,6 +125,8 @@ public:
 
   Store BindDecl(Store store, const VarDecl* VD, SVal* InitVal, unsigned Count);
 
+  const GRState* setExtent(const GRState* St, const MemRegion* R, SVal Extent);
+
   static inline RegionBindingsTy GetRegionBindings(Store store) {
    return RegionBindingsTy(static_cast<const RegionBindingsTy::TreeTy*>(store));
   }
@@ -279,9 +294,38 @@ SVal RegionStoreManager::getSizeInElements(const GRState* St,
   }
 
   if (const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R)) {
-    // FIXME: Unsupported yet.
-    ATR = 0;
-    return UnknownVal();
+    GRStateRef state(St, StateMgr);
+
+    // Get the size of the super region in bytes.
+    RegionExtentsTy::data_type* T 
+      = state.get<RegionExtentsTy>(ATR->getSuperRegion());
+
+    assert(T && "region extent not exist");
+
+    // Assume it's ConcreteInt for now.
+    llvm::APSInt SSize = cast<nonloc::ConcreteInt>(*T).getValue();
+
+    // Get the size of the element in bits.
+    QualType ElemTy = cast<PointerType>(ATR->getType(getContext()).getTypePtr())
+                      ->getPointeeType();
+
+    uint64_t X = getContext().getTypeSize(ElemTy);
+
+    const llvm::APSInt& ESize = getBasicVals().getValue(X, SSize.getBitWidth(),
+                                                        false);
+
+    // Calculate the number of elements. 
+
+    // FIXME: What do we do with signed-ness problem? Shall we make all APSInts
+    // signed?
+    if (SSize.isUnsigned())
+      SSize.setIsSigned(true);
+
+    // FIXME: move this operation into BasicVals.
+    const llvm::APSInt S = 
+      (SSize * getBasicVals().getValue(8, SSize.getBitWidth(), false)) / ESize;
+
+    return NonLoc::MakeVal(getBasicVals(), S);
   }
 
   if (const FieldRegion* FR = dyn_cast<FieldRegion>(R)) {
@@ -547,6 +591,13 @@ Store RegionStoreManager::BindCompoundLiteral(Store store,
   return store;
 }
 
+const GRState* RegionStoreManager::setExtent(const GRState* St,
+                                             const MemRegion* R, SVal Extent) {
+  GRStateRef state(St, StateMgr);
+  return state.set<RegionExtentsTy>(R, Extent);
+}
+
+
 Store RegionStoreManager::RemoveDeadBindings(Store store, Stmt* Loc, 
                                              const LiveVariables& Live,
                            llvm::SmallVectorImpl<const MemRegion*>& RegionRoots,