#include "clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/GRState.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/TransferFuncs.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/ObjCMessage.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
#include "clang/AST/Type.h"
#include "clang/AST/ExprObjC.h"
const void *tag, bool isLoad);
bool InlineCall(ExplodedNodeSet &Dst, const CallExpr *CE, ExplodedNode *Pred);
+
+
+public:
+ /// Returns true if calling the specific function or method would possibly
+ /// cause global variables to be invalidated.
+ bool doesInvalidateGlobals(const CallOrObjCMessage &callOrMessage) const;
+
};
} // end ento namespace
return CallE && isa<CXXMemberCallExpr>(CallE);
}
+ SVal getFunctionCallee() const;
SVal getCXXCallee() const;
unsigned getNumArgs() const {
// NOTE: Even if RegionsToInvalidate is empty, we must still invalidate
// global variables.
// NOTE: RetainReleaseChecker handles the actual invalidation of symbols.
- state = state->invalidateRegions(RegionsToInvalidate.data(),
- RegionsToInvalidate.data() +
- RegionsToInvalidate.size(),
- Ex, Count, &IS,
- /* invalidateGlobals = */ true);
+ state =
+ state->invalidateRegions(RegionsToInvalidate.data(),
+ RegionsToInvalidate.data() +
+ RegionsToInvalidate.size(),
+ Ex, Count, &IS,
+ /* invalidateGlobals = */
+ Eng.doesInvalidateGlobals(callOrMsg));
// Evaluate the effect on the message receiver.
if (!ErrorRange.isValid() && Receiver) {
return state;
}
+bool
+ExprEngine::doesInvalidateGlobals(const CallOrObjCMessage &callOrMessage) const
+{
+ if (callOrMessage.isFunctionCall() && !callOrMessage.isCXXCall()) {
+ SVal calleeV = callOrMessage.getFunctionCallee();
+ if (const FunctionTextRegion *codeR =
+ llvm::dyn_cast_or_null<FunctionTextRegion>(calleeV.getAsRegion())) {
+
+ const FunctionDecl *fd = codeR->getDecl();
+ if (const IdentifierInfo *ii = fd->getIdentifier()) {
+ llvm::StringRef fname = ii->getName();
+ if (fname == "strlen")
+ return false;
+ }
+ }
+ }
+
+ // The conservative answer: invalidates globals.
+ return true;
+}
+
//===----------------------------------------------------------------------===//
// Top-level transfer function logic (Dispatcher).
//===----------------------------------------------------------------------===//
return UnknownVal();
}
+SVal CallOrObjCMessage::getFunctionCallee() const {
+ assert(isFunctionCall());
+ assert(!isCXXCall());
+ const Expr *callee = CallE->getCallee()->IgnoreParenCasts();
+ return State->getSVal(callee);
+}
+
SVal CallOrObjCMessage::getCXXCallee() const {
assert(isCXXCall());
const Expr *callee =
--- /dev/null
+// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=deadcode -verify %s
+
+unsigned long strlen(const char *);
+
+int size_rdar9373039 = 1;
+int rdar9373039() {
+ int x;
+ int j = 0;
+
+ for (int i = 0 ; i < size_rdar9373039 ; ++i)
+ x = 1;
+
+ // strlen doesn't invalidate the value of 'size_rdar9373039'.
+ int extra = (2 + strlen ("Clang") + ((4 - ((unsigned int) (2 + strlen ("Clang")) % 4)) % 4)) + (2 + strlen ("1.0") + ((4 - ((unsigned int) (2 + strlen ("1.0")) % 4)) % 4));
+
+ for (int i = 0 ; i < size_rdar9373039 ; ++i)
+ j += x; // no-warning
+
+ return j;
+}
+
+int foo_rdar9373039(const char *);
+
+int rdar93730392() {
+ int x;
+ int j = 0;
+
+ for (int i = 0 ; i < size_rdar9373039 ; ++i)
+ x = 1;
+
+ int extra = (2 + foo_rdar9373039 ("Clang") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("Clang")) % 4)) % 4)) + (2 + foo_rdar9373039 ("1.0") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("1.0")) % 4)) % 4)); // expected-warning {{never read}}
+
+ for (int i = 0 ; i < size_rdar9373039 ; ++i)
+ j += x; // expected-warning {{garbage}}
+
+ return j;
+}
+
projects / clang / commitdiff