From: Artem Dergachev Date: Wed, 30 Nov 2016 18:26:43 +0000 (+0000) Subject: [analyzer] SValExplainer: Support ObjC ivars and __block variables. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1c4f222049918ecd0ff86a0b491d2dc9b0c35e72;p=clang [analyzer] SValExplainer: Support ObjC ivars and __block variables. Additionally, explain the difference between normal and heap-based symbolic regions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@288260 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/StaticAnalyzer/Checkers/SValExplainer.h b/include/clang/StaticAnalyzer/Checkers/SValExplainer.h index 28cfbef910..62bb0f666d 100644 --- a/include/clang/StaticAnalyzer/Checkers/SValExplainer.h +++ b/include/clang/StaticAnalyzer/Checkers/SValExplainer.h @@ -142,6 +142,14 @@ public: // TODO: Explain CXXThisRegion itself, find a way to test it. if (isThisObject(R)) return "'this' object"; + // Objective-C objects are not normal symbolic regions. At least, + // they're always on the heap. + if (R->getSymbol()->getType() + .getCanonicalType()->getAs()) + return "object at " + Visit(R->getSymbol()); + // Other heap-based symbolic regions are also special. + if (isa(R->getMemorySpace())) + return "heap segment that starts at " + Visit(R->getSymbol()); return "pointee of " + Visit(R->getSymbol()); } @@ -176,6 +184,8 @@ public: std::string Name = VD->getQualifiedNameAsString(); if (isa(VD)) return "parameter '" + Name + "'"; + else if (VD->hasAttr()) + return "block variable '" + Name + "'"; else if (VD->hasLocalStorage()) return "local variable '" + Name + "'"; else if (VD->isStaticLocal()) @@ -186,6 +196,11 @@ public: llvm_unreachable("A variable is either local or global"); } + std::string VisitObjCIvarRegion(const ObjCIvarRegion *R) { + return "instance variable '" + R->getDecl()->getNameAsString() + "' of " + + Visit(R->getSuperRegion()); + } + std::string VisitFieldRegion(const FieldRegion *R) { return "field '" + R->getDecl()->getNameAsString() + "' of " + Visit(R->getSuperRegion()); diff --git a/test/Analysis/explain-svals.cpp b/test/Analysis/explain-svals.cpp index c0ed74914e..ef2ebc244a 100644 --- a/test/Analysis/explain-svals.cpp +++ b/test/Analysis/explain-svals.cpp @@ -47,7 +47,7 @@ void test_2(char *ptr, int ext) { clang_analyzer_explain(glob_ptr); // expected-warning-re{{{{^value derived from \(symbol of type 'int' conjured at statement 'conjure\(\)'\) for global variable 'glob_ptr'$}}}} clang_analyzer_explain(clang_analyzer_getExtent(ptr)); // expected-warning-re{{{{^extent of pointee of argument 'ptr'$}}}} int *x = new int[ext]; - clang_analyzer_explain(x); // expected-warning-re{{{{^pointer to element of type 'int' with index 0 of pointee of symbol of type 'int \*' conjured at statement 'new int \[ext\]'$}}}} + clang_analyzer_explain(x); // expected-warning-re{{{{^pointer to element of type 'int' with index 0 of heap segment that starts at symbol of type 'int \*' conjured at statement 'new int \[ext\]'$}}}} // Sic! What gets computed is the extent of the element-region. clang_analyzer_explain(clang_analyzer_getExtent(x)); // expected-warning-re{{{{^signed 32-bit integer '4'$}}}} delete[] x; diff --git a/test/Analysis/explain-svals.m b/test/Analysis/explain-svals.m new file mode 100644 index 0000000000..34cdacfa28 --- /dev/null +++ b/test/Analysis/explain-svals.m @@ -0,0 +1,27 @@ +// RUN: %clang_cc1 -w -triple i386-apple-darwin10 -fblocks -analyze -analyzer-checker=core.builtin,debug.ExprInspection -verify %s + +#include "Inputs/system-header-simulator-objc.h" + +void clang_analyzer_explain(void *); + +@interface Object : NSObject { +@public + Object *x; +} +@end + +void test_1(Object *p) { + clang_analyzer_explain(p); // expected-warning-re{{{{^argument 'p'$}}}} + clang_analyzer_explain(p->x); // expected-warning-re{{{{^initial value of instance variable 'x' of object at argument 'p'$}}}} + Object *q = [[Object alloc] init]; + clang_analyzer_explain(q); // expected-warning-re{{{{^symbol of type 'Object \*' conjured at statement '\[\[Object alloc\] init\]'$}}}} + clang_analyzer_explain(q->x); // expected-warning-re{{{{^initial value of instance variable 'x' of object at symbol of type 'Object \*' conjured at statement '\[\[Object alloc\] init\]'$}}}} +} + +void test_2() { + __block int x; + ^{ + clang_analyzer_explain(&x); // expected-warning-re{{{{^pointer to block variable 'x'$}}}} + }; + clang_analyzer_explain(&x); // expected-warning-re{{{{^pointer to block variable 'x'$}}}} +}