From: Ted Kremenek Date: Wed, 1 Sep 2010 23:00:46 +0000 (+0000) Subject: Don't assert in the analyzer when analyze code does a byte load from a function's... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1e4a32acfad6a9f4cf555fdbc5c6c44c558b9fcb;p=clang Don't assert in the analyzer when analyze code does a byte load from a function's address. Fixes PR 8052. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112761 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp index 595fb6f19b..19945a7b3c 100644 --- a/lib/Checker/RegionStore.cpp +++ b/lib/Checker/RegionStore.cpp @@ -1087,6 +1087,10 @@ SVal RegionStoreManager::RetrieveElement(Store store, return ValMgr.makeIntVal(c, T); } } + + // Check for loads from a code text region. For such loads, just give up. + if (const CodeTextRegion *cR = dyn_cast(superR)) + return UnknownVal(); // Handle the case where we are indexing into a larger scalar object. // For example, this handles: diff --git a/lib/Checker/Store.cpp b/lib/Checker/Store.cpp index 7c80eed0ea..1cb5cd70ca 100644 --- a/lib/Checker/Store.cpp +++ b/lib/Checker/Store.cpp @@ -101,17 +101,10 @@ const MemRegion *StoreManager::CastRegion(const MemRegion *R, QualType CastToTy) assert(0 && "Invalid region cast"); break; } - + case MemRegion::FunctionTextRegionKind: case MemRegion::BlockTextRegionKind: - case MemRegion::BlockDataRegionKind: { - // CodeTextRegion should be cast to only a function or block pointer type, - // although they can in practice be casted to anything, e.g, void*, char*, - // etc. - // Just return the region. - return R; - } - + case MemRegion::BlockDataRegionKind: case MemRegion::StringRegionKind: // FIXME: Need to handle arbitrary downcasts. case MemRegion::SymbolicRegionKind: diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 38275335ee..8e84de1768 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -1066,3 +1066,27 @@ int r8258814() // Do not warn that the value of 'foo' is uninitialized. return foo; // no-warning } + +// PR 8052 - Don't crash when reasoning about loads from a function address.\n +typedef unsigned int __uint32_t; +typedef unsigned long vm_offset_t; +typedef __uint32_t pd_entry_t; +typedef unsigned char u_char; +typedef unsigned int u_int; +typedef unsigned long u_long; +extern int bootMP_size; +void bootMP(void); +static void +pr8052(u_int boot_addr) +{ + int x; + int size = *(int *) ((u_long) & bootMP_size); + u_char *src = (u_char *) ((u_long) bootMP); + u_char *dst = (u_char *) boot_addr + ((vm_offset_t) ((((((((1 << +12) / (sizeof(pd_entry_t))) - 1) - 1) - (260 - 2))) << 22) | ((0) << 12))); + for (x = 0; + x < size; + ++x) + *dst++ = *src++; +} +