virtual const GRState *Assume(const GRState *state, DefinedSVal Cond,
bool Assumption) = 0;
- virtual const GRState *AssumeInBound(const GRState *state, DefinedSVal Idx,
- DefinedSVal UpperBound, bool Assumption) = 0;
-
std::pair<const GRState*, const GRState*> AssumeDual(const GRState *state,
DefinedSVal Cond) {
return std::make_pair(Assume(state, Cond, true),
if (Idx.isUnknown() || UpperBound.isUnknown())
return this;
- ConstraintManager &CM = *getStateManager().ConstraintMgr;
- return CM.AssumeInBound(this, cast<DefinedSVal>(Idx),
- cast<DefinedSVal>(UpperBound), Assumption);
+ // Build an expression for 0 <= Idx < UpperBound.
+ // This is the same as Idx + MIN < UpperBound + MIN, if overflow is allowed.
+ // FIXME: This should probably be part of SValuator.
+ GRStateManager &SM = getStateManager();
+ ValueManager &VM = SM.getValueManager();
+ SValuator &SV = VM.getSValuator();
+ ASTContext &Ctx = VM.getContext();
+
+ // Get the offset: the minimum value of the array index type.
+ BasicValueFactory &BVF = VM.getBasicValueFactory();
+ // FIXME: This should be using ValueManager::ArrayIndexTy...somehow.
+ QualType IndexTy = Ctx.IntTy;
+ nonloc::ConcreteInt Min = BVF.getMinValue(IndexTy);
+
+ // Adjust the index.
+ SVal NewIdx = SV.EvalBinOpNN(this, BinaryOperator::Add,
+ cast<NonLoc>(Idx), Min, IndexTy);
+ if (NewIdx.isUnknownOrUndef())
+ return this;
+
+ // Adjust the upper bound.
+ SVal NewBound = SV.EvalBinOpNN(this, BinaryOperator::Add,
+ cast<NonLoc>(UpperBound), Min, IndexTy);
+ if (NewBound.isUnknownOrUndef())
+ return this;
+
+ // Build the actual comparison.
+ SVal InBound = SV.EvalBinOpNN(this, BinaryOperator::LT,
+ cast<NonLoc>(NewIdx), cast<NonLoc>(NewBound),
+ Ctx.IntTy);
+ if (InBound.isUnknownOrUndef())
+ return this;
+
+ // Finally, let the constraint manager take care of it.
+ ConstraintManager &CM = SM.getConstraintManager();
+ return CM.Assume(this, cast<DefinedSVal>(InBound), Assumption);
}
inline const GRState *GRState::bindLoc(SVal LV, SVal V) const {
SVal FlatStoreManager::Retrieve(Store store, Loc L, QualType T) {
const MemRegion *R = cast<loc::MemRegionVal>(L).getRegion();
RegionInterval RI = RegionToInterval(R);
-
- assert(RI.R && "should handle regions with unknown interval");
+ // FIXME: FlatStore should handle regions with unknown intervals.
+ if (!RI.R)
+ return UnknownVal();
RegionBindings B = getRegionBindings(store);
const BindingVal *BV = B.lookup(RI.R);
BV = *V;
RegionInterval RI = RegionToInterval(R);
- assert(RI.R && "should handle regions with unknown interval");
+ // FIXME: FlatStore should handle regions with unknown intervals.
+ if (!RI.R)
+ return B.getRoot();
BV = BVFactory.Add(BV, RI.I, val);
B = RBFactory.Add(B, RI.R, BV);
return B.getRoot();
uint64_t Offset;
explicit BindingKey(const MemRegion *r, uint64_t offset, Kind k)
- : P(r, (unsigned) k), Offset(offset) { assert(r); }
+ : P(r, (unsigned) k), Offset(offset) {}
public:
bool isDefault() const { return P.getInt() == Default; }
return P.getOpaqueValue() == X.P.getOpaqueValue() &&
Offset == X.Offset;
}
+
+ operator bool() const {
+ return getRegion() != NULL;
+ }
};
} // end anonymous namespace
if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
const RegionRawOffset &O = ER->getAsArrayOffset();
- if (O.getRegion())
- return BindingKey(O.getRegion(), O.getByteOffset(), k);
-
// FIXME: There are some ElementRegions for which we cannot compute
- // raw offsets yet, including regions with symbolic offsets.
+ // raw offsets yet, including regions with symbolic offsets. These will be
+ // ignored by the store.
+ return BindingKey(O.getRegion(), O.getByteOffset(), k);
}
return BindingKey(R, 0, k);
}
RegionBindings RegionStoreManager::Add(RegionBindings B, BindingKey K, SVal V) {
+ if (!K)
+ return B;
return RBFactory.Add(B, K, V);
}
}
const SVal *RegionStoreManager::Lookup(RegionBindings B, BindingKey K) {
+ if (!K)
+ return NULL;
return B.lookup(K);
}
}
RegionBindings RegionStoreManager::Remove(RegionBindings B, BindingKey K) {
+ if (!K)
+ return B;
return RBFactory.Remove(B, K);
}
} // end switch
}
-const GRState *SimpleConstraintManager::AssumeInBound(const GRState *state,
- DefinedSVal Idx,
- DefinedSVal UpperBound,
- bool Assumption) {
-
- // Only support ConcreteInt for now.
- if (!(isa<nonloc::ConcreteInt>(Idx) && isa<nonloc::ConcreteInt>(UpperBound)))
- return state;
-
- const llvm::APSInt& Zero = state->getBasicVals().getZeroWithPtrWidth(false);
- llvm::APSInt IdxV = cast<nonloc::ConcreteInt>(Idx).getValue();
- // IdxV might be too narrow.
- if (IdxV.getBitWidth() < Zero.getBitWidth())
- IdxV.extend(Zero.getBitWidth());
- // UBV might be too narrow, too.
- llvm::APSInt UBV = cast<nonloc::ConcreteInt>(UpperBound).getValue();
- if (UBV.getBitWidth() < Zero.getBitWidth())
- UBV.extend(Zero.getBitWidth());
-
- bool InBound = (Zero <= IdxV) && (IdxV < UBV);
- bool isFeasible = Assumption ? InBound : !InBound;
- return isFeasible ? state : NULL;
-}
-
} // end of namespace clang
BinaryOperator::Opcode op,
const llvm::APSInt& Int);
- const GRState *AssumeInBound(const GRState *state, DefinedSVal Idx,
- DefinedSVal UpperBound,
- bool Assumption);
-
protected:
//===------------------------------------------------------------------===//
if (Base.isUnknownOrUndef() || isa<loc::ConcreteInt>(Base))
return Base;
- // Only handle integer offsets... for now.
- if (!isa<nonloc::ConcreteInt>(Offset))
- return UnknownVal();
-
const MemRegion* BaseRegion = cast<loc::MemRegionVal>(Base).getRegion();
// Pointer of any type can be cast and used as array base.
return UnknownVal();
const llvm::APSInt& BaseIdxI = cast<nonloc::ConcreteInt>(BaseIdx).getValue();
+
+ // Only allow non-integer offsets if the base region has no offset itself.
+ // FIXME: This is a somewhat arbitrary restriction. We should be using
+ // SValuator here to add the two offsets without checking their types.
+ if (!isa<nonloc::ConcreteInt>(Offset)) {
+ if (isa<ElementRegion>(BaseRegion->StripCasts()))
+ return UnknownVal();
+
+ return loc::MemRegionVal(MRMgr.getElementRegion(elementType, Offset,
+ ElemR->getSuperRegion(),
+ Ctx));
+ }
+
const llvm::APSInt& OffI = cast<nonloc::ConcreteInt>(Offset).getValue();
assert(BaseIdxI.isSigned());
x[5] = 5; // expected-warning{{out-of-bound}}
}
}
+
+int symbolic_index(int a) {
+ int x[2] = {1, 2};
+ if (a == 2) {
+ return x[a]; // expected-warning{{out-of-bound}}
+ }
+ return 0;
+}
+
+int symbolic_index2(int a) {
+ int x[2] = {1, 2};
+ if (a < 0) {
+ return x[a]; // expected-warning{{out-of-bound}}
+ }
+ return 0;
+}
projects / clang / commitdiff