Implement a heuristic type size comparison method for now.

author Zhongxing Xu <xuzhongxing@gmail.com>

Wed, 6 May 2009 08:08:27 +0000 (08:08 +0000)

committer Zhongxing Xu <xuzhongxing@gmail.com>

Wed, 6 May 2009 08:08:27 +0000 (08:08 +0000)
author Zhongxing Xu <xuzhongxing@gmail.com>
Wed, 6 May 2009 08:08:27 +0000 (08:08 +0000)
committer Zhongxing Xu <xuzhongxing@gmail.com>
Wed, 6 May 2009 08:08:27 +0000 (08:08 +0000)
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp

index 145559e8b81a89eb2a43305cd0d332d492b20d98..5f8e6c3f92a715aee88fa31d729b95ff8ea30e53 100644 (file)
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -554,6 +554,10 @@ SVal RegionStoreManager::getSizeInElements(const GRState* St,
      return UnknownVal();
    }
  
+  if (isa<ElementRegion>(R)) {
+    return UnknownVal();
+  }
+
    assert(0 && "Other regions are not supported yet.");
    return UnknownVal();
  }
@@ -585,6 +589,13 @@ SVal RegionStoreManager::ArrayToPointer(Loc Array) {
    return loc::MemRegionVal(ER);                    
  }
  
+static bool isSmallerThan(QualType T1, QualType T2) {
+  if (T1->isCharType())
+    return true;
+  else
+    return false;
+}
+
  RegionStoreManager::CastResult
  RegionStoreManager::CastRegion(const GRState* state, const MemRegion* R,
                           QualType CastToTy) {
@@ -637,9 +648,14 @@ RegionStoreManager::CastRegion(const GRState* state, const MemRegion* R,
    // VarRegion.
    if (isa<VarRegion>(R) || isa<ElementRegion>(R) || isa<FieldRegion>(R)
        || isa<ObjCIvarRegion>(R) || isa<CompoundLiteralRegion>(R)) {
-    // FIXME: create an ElementRegion when the size of the pointee type is
-    // smaller than the region.
-    return CastResult(state, R);
+    if (isSmallerThan(PointeeTy, 
+                      cast<TypedRegion>(R)->getRValueType(getContext()))) {
+      SVal Idx = ValMgr.makeZeroArrayIndex();
+      ElementRegion* ER = MRMgr.getElementRegion(PointeeTy, Idx, 
+                                                 cast<TypedRegion>(R));
+      return CastResult(state, ER);
+    } else
+      return CastResult(state, R);
    }
  
    if (isa<TypedViewRegion>(R)) {
diff --git a/test/Analysis/rdar-6541136-region.c b/test/Analysis/rdar-6541136-region.c

index 59ee313f4589d75a409e3bd5e983aaf0b17c4768..1e7a2d974bc4d34b0e28dfbc6deb905d16c5bc76 100644 (file)
--- a/test/Analysis/rdar-6541136-region.c
+++ b/test/Analysis/rdar-6541136-region.c
@@ -13,5 +13,7 @@ void foo( void )
    struct load_wine *cmd = (void*) &wonky[1];
    cmd = cmd;
    char *p = (void*) &wonky[1];
-  *p = 1; // expected-warning{{Load or store into an out-of-bound memory}}
+  *p = 1; 
+  kernel_tea_cheese_t *q = &wonky[1];
+  kernel_tea_cheese_t r = *q; // expected-warning{{out-of-bound memory position}}
  }
author	Zhongxing Xu <xuzhongxing@gmail.com>
	Wed, 6 May 2009 08:08:27 +0000 (08:08 +0000)
committer	Zhongxing Xu <xuzhongxing@gmail.com>
	Wed, 6 May 2009 08:08:27 +0000 (08:08 +0000)
lib/Analysis/RegionStore.cpp		patch \| blob \| history
test/Analysis/rdar-6541136-region.c		patch \| blob \| history