From: Ted Kremenek Date: Fri, 17 Feb 2012 23:13:45 +0000 (+0000) Subject: Have conjured symbols depend on LocationContext, to add context sensitivity for funct... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3133f79cf451e6302dd05262b4bb53a3e4fd6300;p=clang Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h b/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h index 7779be0e31..a868e05418 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h @@ -218,6 +218,7 @@ public: /// from Begin to End. Optionally invalidates global regions as well. ProgramStateRef invalidateRegions(ArrayRef Regions, const Expr *E, unsigned BlockCount, + const LocationContext *LCtx, StoreManager::InvalidatedSymbols *IS = 0, const CallOrObjCMessage *Call = 0) const; @@ -378,6 +379,7 @@ private: ProgramStateRef invalidateRegionsImpl(ArrayRef Regions, const Expr *E, unsigned BlockCount, + const LocationContext *LCtx, StoreManager::InvalidatedSymbols &IS, const CallOrObjCMessage *Call) const; }; diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h b/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h index 393afbeb37..f886c3e1b3 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h @@ -142,15 +142,19 @@ public: // Forwarding methods to SymbolManager. - const SymbolConjured* getConjuredSymbol(const Stmt *stmt, QualType type, + const SymbolConjured* getConjuredSymbol(const Stmt *stmt, + const LocationContext *LCtx, + QualType type, unsigned visitCount, const void *symbolTag = 0) { - return SymMgr.getConjuredSymbol(stmt, type, visitCount, symbolTag); + return SymMgr.getConjuredSymbol(stmt, LCtx, type, visitCount, symbolTag); } - const SymbolConjured* getConjuredSymbol(const Expr *expr, unsigned visitCount, + const SymbolConjured* getConjuredSymbol(const Expr *expr, + const LocationContext *LCtx, + unsigned visitCount, const void *symbolTag = 0) { - return SymMgr.getConjuredSymbol(expr, visitCount, symbolTag); + return SymMgr.getConjuredSymbol(expr, LCtx, visitCount, symbolTag); } /// Construct an SVal representing '0' for the specified type. @@ -166,9 +170,13 @@ public: /// preserve the relation between related(or even equivalent) expressions, so /// conjured symbols should be used sparingly. DefinedOrUnknownSVal getConjuredSymbolVal(const void *symbolTag, - const Expr *expr, unsigned count); + const Expr *expr, + const LocationContext *LCtx, + unsigned count); DefinedOrUnknownSVal getConjuredSymbolVal(const void *symbolTag, - const Expr *expr, QualType type, + const Expr *expr, + const LocationContext *LCtx, + QualType type, unsigned count); DefinedOrUnknownSVal getDerivedRegionValueSymbolVal( diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/Store.h b/include/clang/StaticAnalyzer/Core/PathSensitive/Store.h index 3ccd5b7499..2be7aa6304 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/Store.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/Store.h @@ -188,6 +188,7 @@ public: virtual StoreRef invalidateRegions(Store store, ArrayRef Regions, const Expr *E, unsigned Count, + const LocationContext *LCtx, InvalidatedSymbols &IS, const CallOrObjCMessage *Call, InvalidatedRegions *Invalidated) = 0; diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h b/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h index 70e45b3c54..c7de7eff8d 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h @@ -156,12 +156,15 @@ class SymbolConjured : public SymbolData { const Stmt *S; QualType T; unsigned Count; + const LocationContext *LCtx; const void *SymbolTag; public: - SymbolConjured(SymbolID sym, const Stmt *s, QualType t, unsigned count, + SymbolConjured(SymbolID sym, const Stmt *s, const LocationContext *lctx, + QualType t, unsigned count, const void *symbolTag) : SymbolData(ConjuredKind, sym), S(s), T(t), Count(count), + LCtx(lctx), SymbolTag(symbolTag) {} const Stmt *getStmt() const { return S; } @@ -173,16 +176,18 @@ public: virtual void dumpToStream(raw_ostream &os) const; static void Profile(llvm::FoldingSetNodeID& profile, const Stmt *S, - QualType T, unsigned Count, const void *SymbolTag) { + QualType T, unsigned Count, const LocationContext *LCtx, + const void *SymbolTag) { profile.AddInteger((unsigned) ConjuredKind); profile.AddPointer(S); + profile.AddPointer(LCtx); profile.Add(T); profile.AddInteger(Count); profile.AddPointer(SymbolTag); } virtual void Profile(llvm::FoldingSetNodeID& profile) { - Profile(profile, S, T, Count, SymbolTag); + Profile(profile, S, T, Count, LCtx, SymbolTag); } // Implement isa support. @@ -488,13 +493,18 @@ public: /// \brief Make a unique symbol for MemRegion R according to its kind. const SymbolRegionValue* getRegionValueSymbol(const TypedValueRegion* R); - const SymbolConjured* getConjuredSymbol(const Stmt *E, QualType T, + const SymbolConjured* getConjuredSymbol(const Stmt *E, + const LocationContext *LCtx, + QualType T, unsigned VisitCount, const void *SymbolTag = 0); - const SymbolConjured* getConjuredSymbol(const Expr *E, unsigned VisitCount, + const SymbolConjured* getConjuredSymbol(const Expr *E, + const LocationContext *LCtx, + unsigned VisitCount, const void *SymbolTag = 0) { - return getConjuredSymbol(E, E->getType(), VisitCount, SymbolTag); + return getConjuredSymbol(E, LCtx, E->getType(), + VisitCount, SymbolTag); } const SymbolDerived *getDerivedSymbol(SymbolRef parentSymbol, diff --git a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index eab7e89071..802103e396 100644 --- a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -827,7 +827,8 @@ ProgramStateRef CStringChecker::InvalidateBuffer(CheckerContext &C, // Invalidate this region. unsigned Count = C.getCurrentBlockCount(); - return state->invalidateRegions(R, E, Count); + const LocationContext *LCtx = C.getPredecessor()->getLocationContext(); + return state->invalidateRegions(R, E, Count, LCtx); } // If we have a non-region value by chance, just remove the binding. @@ -957,7 +958,7 @@ void CStringChecker::evalCopyCommon(CheckerContext &C, // conjure a return value for later. unsigned Count = C.getCurrentBlockCount(); SVal result = - C.getSValBuilder().getConjuredSymbolVal(NULL, CE, Count); + C.getSValBuilder().getConjuredSymbolVal(NULL, CE, LCtx, Count); state = state->BindExpr(CE, LCtx, result); } @@ -1077,7 +1078,7 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) const { if (state) { // The return value is the comparison result, which we don't know. unsigned Count = C.getCurrentBlockCount(); - SVal CmpV = svalBuilder.getConjuredSymbolVal(NULL, CE, Count); + SVal CmpV = svalBuilder.getConjuredSymbolVal(NULL, CE, LCtx, Count); state = state->BindExpr(CE, LCtx, CmpV); C.addTransition(state); } @@ -1184,7 +1185,7 @@ void CStringChecker::evalstrLengthCommon(CheckerContext &C, const CallExpr *CE, // All we know is the return value is the min of the string length // and the limit. This is better than nothing. unsigned Count = C.getCurrentBlockCount(); - result = C.getSValBuilder().getConjuredSymbolVal(NULL, CE, Count); + result = C.getSValBuilder().getConjuredSymbolVal(NULL, CE, LCtx, Count); NonLoc *resultNL = cast(&result); if (strLengthNL) { @@ -1212,7 +1213,7 @@ void CStringChecker::evalstrLengthCommon(CheckerContext &C, const CallExpr *CE, // value, so it can be used in constraints, at least. if (result.isUnknown()) { unsigned Count = C.getCurrentBlockCount(); - result = C.getSValBuilder().getConjuredSymbolVal(NULL, CE, Count); + result = C.getSValBuilder().getConjuredSymbolVal(NULL, CE, LCtx, Count); } } @@ -1557,7 +1558,7 @@ void CStringChecker::evalStrcpyCommon(CheckerContext &C, const CallExpr *CE, // overflow, we still need a result. Conjure a return value. if (returnEnd && Result.isUnknown()) { unsigned Count = C.getCurrentBlockCount(); - Result = svalBuilder.getConjuredSymbolVal(NULL, CE, Count); + Result = svalBuilder.getConjuredSymbolVal(NULL, CE, LCtx, Count); } // Set the return value. @@ -1703,7 +1704,7 @@ void CStringChecker::evalStrcmpCommon(CheckerContext &C, const CallExpr *CE, if (!canComputeResult) { // Conjure a symbolic value. It's the best we can do. unsigned Count = C.getCurrentBlockCount(); - SVal resultVal = svalBuilder.getConjuredSymbolVal(NULL, CE, Count); + SVal resultVal = svalBuilder.getConjuredSymbolVal(NULL, CE, LCtx, Count); state = state->BindExpr(CE, LCtx, resultVal); } diff --git a/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp b/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp index 96cc2f4d2a..9ba83ce8dc 100644 --- a/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp @@ -3037,7 +3037,7 @@ bool RetainCountChecker::evalCall(const CallExpr *CE, CheckerContext &C) const { // If the receiver is unknown, conjure a return value. SValBuilder &SVB = C.getSValBuilder(); unsigned Count = C.getCurrentBlockCount(); - SVal RetVal = SVB.getConjuredSymbolVal(0, CE, ResultTy, Count); + SVal RetVal = SVB.getConjuredSymbolVal(0, CE, LCtx, ResultTy, Count); } state = state->BindExpr(CE, LCtx, RetVal, false); @@ -3052,7 +3052,7 @@ bool RetainCountChecker::evalCall(const CallExpr *CE, CheckerContext &C) const { // Invalidate the argument region. unsigned Count = C.getCurrentBlockCount(); - state = state->invalidateRegions(ArgRegion, CE, Count); + state = state->invalidateRegions(ArgRegion, CE, Count, LCtx); // Restore the refcount status of the argument. if (Binding) diff --git a/lib/StaticAnalyzer/Checkers/StreamChecker.cpp b/lib/StaticAnalyzer/Checkers/StreamChecker.cpp index 54fd70ab37..3745d4ad39 100644 --- a/lib/StaticAnalyzer/Checkers/StreamChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/StreamChecker.cpp @@ -221,8 +221,9 @@ void StreamChecker::OpenFileAux(CheckerContext &C, const CallExpr *CE) const { ProgramStateRef state = C.getState(); unsigned Count = C.getCurrentBlockCount(); SValBuilder &svalBuilder = C.getSValBuilder(); + const LocationContext *LCtx = C.getPredecessor()->getLocationContext(); DefinedSVal RetVal = - cast(svalBuilder.getConjuredSymbolVal(0, CE, Count)); + cast(svalBuilder.getConjuredSymbolVal(0, CE, LCtx, Count)); state = state->BindExpr(CE, C.getLocationContext(), RetVal); ConstraintManager &CM = C.getConstraintManager(); diff --git a/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/lib/StaticAnalyzer/Core/ExprEngineC.cpp index c1f804ce09..3e1b6b0aec 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineC.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineC.cpp @@ -46,7 +46,7 @@ void ExprEngine::VisitBinaryOperator(const BinaryOperator* B, // FIXME: Handle structs. if (RightV.isUnknown()) { unsigned Count = currentBuilderContext->getCurrentBlockCount(); - RightV = svalBuilder.getConjuredSymbolVal(NULL, B->getRHS(), Count); + RightV = svalBuilder.getConjuredSymbolVal(NULL, B->getRHS(), LCtx, Count); } // Simulate the effects of a "store": bind the value of the RHS // to the L-Value represented by the LHS. @@ -131,8 +131,8 @@ void ExprEngine::VisitBinaryOperator(const BinaryOperator* B, // The symbolic value is actually for the type of the left-hand side // expression, not the computation type, as this is the value the // LValue on the LHS will bind to. - LHSVal = svalBuilder.getConjuredSymbolVal(NULL, B->getRHS(), LTy, - Count); + LHSVal = svalBuilder.getConjuredSymbolVal(NULL, B->getRHS(), LCtx, + LTy, Count); // However, we need to convert the symbol to the computation type. Result = svalBuilder.evalCast(LHSVal, CTy, LTy); @@ -298,12 +298,10 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, QualType resultType = CastE->getType(); if (CastE->isLValue()) resultType = getContext().getPointerType(resultType); - + const LocationContext *LCtx = Pred->getLocationContext(); SVal result = - svalBuilder.getConjuredSymbolVal(NULL, CastE, resultType, + svalBuilder.getConjuredSymbolVal(NULL, CastE, LCtx, resultType, currentBuilderContext->getCurrentBlockCount()); - - const LocationContext *LCtx = Pred->getLocationContext(); ProgramStateRef state = Pred->getState()->BindExpr(CastE, LCtx, result); Bldr.generateNode(CastE, Pred, state); @@ -376,7 +374,7 @@ void ExprEngine::VisitDeclStmt(const DeclStmt *DS, ExplodedNode *Pred, // Recover some path-sensitivity if a scalar value evaluated to // UnknownVal. if (InitVal.isUnknown()) { - InitVal = svalBuilder.getConjuredSymbolVal(NULL, InitEx, + InitVal = svalBuilder.getConjuredSymbolVal(NULL, InitEx, LC, currentBuilderContext->getCurrentBlockCount()); } B.takeNodes(N); @@ -724,7 +722,7 @@ void ExprEngine::VisitIncrementDecrementOperator(const UnaryOperator* U, // Conjure a new symbol if necessary to recover precision. if (Result.isUnknown()){ DefinedOrUnknownSVal SymVal = - svalBuilder.getConjuredSymbolVal(NULL, Ex, + svalBuilder.getConjuredSymbolVal(NULL, Ex, LCtx, currentBuilderContext->getCurrentBlockCount()); Result = SymVal; diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp index 7a5cb87777..45f8cee910 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp @@ -251,8 +251,9 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, StmtNodeBuilder Bldr(Pred, Dst, *currentBuilderContext); unsigned blockCount = currentBuilderContext->getCurrentBlockCount(); + const LocationContext *LCtx = Pred->getLocationContext(); DefinedOrUnknownSVal symVal = - svalBuilder.getConjuredSymbolVal(NULL, CNE, CNE->getType(), blockCount); + svalBuilder.getConjuredSymbolVal(NULL, CNE, LCtx, CNE->getType(), blockCount); const MemRegion *NewReg = cast(symVal).getRegion(); QualType ObjTy = CNE->getType()->getAs()->getPointeeType(); const ElementRegion *EleReg = diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp index c1591397d0..03db6270aa 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp @@ -304,7 +304,7 @@ ExprEngine::invalidateArguments(ProgramStateRef State, // NOTE: Even if RegionsToInvalidate is empty, we may still invalidate // global variables. return State->invalidateRegions(RegionsToInvalidate, - Call.getOriginExpr(), Count, + Call.getOriginExpr(), Count, LC, &IS, &Call); } @@ -375,10 +375,10 @@ void ExprEngine::VisitCallExpr(const CallExpr *CE, ExplodedNode *Pred, // Conjure a symbol value to use as the result. SValBuilder &SVB = Eng.getSValBuilder(); unsigned Count = Eng.currentBuilderContext->getCurrentBlockCount(); - SVal RetVal = SVB.getConjuredSymbolVal(0, CE, ResultTy, Count); + const LocationContext *LCtx = Pred->getLocationContext(); + SVal RetVal = SVB.getConjuredSymbolVal(0, CE, LCtx, ResultTy, Count); // Generate a new state with the return value set. - const LocationContext *LCtx = Pred->getLocationContext(); state = state->BindExpr(CE, LCtx, RetVal); // Invalidate the arguments. diff --git a/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp b/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp index 853b196144..b5ceb64fab 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp @@ -113,7 +113,7 @@ void ExprEngine::VisitObjCForCollectionStmt(const ObjCForCollectionStmt *S, QualType T = R->getValueType(); assert(Loc::isLocType(T)); unsigned Count = currentBuilderContext->getCurrentBlockCount(); - SymbolRef Sym = SymMgr.getConjuredSymbol(elem, T, Count); + SymbolRef Sym = SymMgr.getConjuredSymbol(elem, LCtx, T, Count); SVal V = svalBuilder.makeLoc(Sym); hasElems = hasElems->bindLoc(elementV, V); @@ -255,7 +255,8 @@ void ExprEngine::evalObjCMessage(StmtNodeBuilder &Bldr, QualType ResultTy = msg.getResultType(getContext()); unsigned Count = currentBuilderContext->getCurrentBlockCount(); const Expr *CurrentE = cast(currentStmt); - ReturnValue = SVB.getConjuredSymbolVal(NULL, CurrentE, ResultTy, Count); + const LocationContext *LCtx = Pred->getLocationContext(); + ReturnValue = SVB.getConjuredSymbolVal(NULL, CurrentE, LCtx, ResultTy, Count); } // Bind the return value. diff --git a/lib/StaticAnalyzer/Core/ProgramState.cpp b/lib/StaticAnalyzer/Core/ProgramState.cpp index f52369ef4a..6f39c0321e 100644 --- a/lib/StaticAnalyzer/Core/ProgramState.cpp +++ b/lib/StaticAnalyzer/Core/ProgramState.cpp @@ -155,19 +155,21 @@ ProgramStateRef ProgramState::bindDefault(SVal loc, SVal V) const { ProgramStateRef ProgramState::invalidateRegions(ArrayRef Regions, const Expr *E, unsigned Count, + const LocationContext *LCtx, StoreManager::InvalidatedSymbols *IS, const CallOrObjCMessage *Call) const { if (!IS) { StoreManager::InvalidatedSymbols invalidated; - return invalidateRegionsImpl(Regions, E, Count, + return invalidateRegionsImpl(Regions, E, Count, LCtx, invalidated, Call); } - return invalidateRegionsImpl(Regions, E, Count, *IS, Call); + return invalidateRegionsImpl(Regions, E, Count, LCtx, *IS, Call); } ProgramStateRef ProgramState::invalidateRegionsImpl(ArrayRef Regions, const Expr *E, unsigned Count, + const LocationContext *LCtx, StoreManager::InvalidatedSymbols &IS, const CallOrObjCMessage *Call) const { ProgramStateManager &Mgr = getStateManager(); @@ -176,14 +178,14 @@ ProgramState::invalidateRegionsImpl(ArrayRef Regions, if (Eng && Eng->wantsRegionChangeUpdate(this)) { StoreManager::InvalidatedRegions Invalidated; const StoreRef &newStore - = Mgr.StoreMgr->invalidateRegions(getStore(), Regions, E, Count, IS, + = Mgr.StoreMgr->invalidateRegions(getStore(), Regions, E, Count, LCtx, IS, Call, &Invalidated); ProgramStateRef newState = makeWithStore(newStore); return Eng->processRegionChanges(newState, &IS, Regions, Invalidated, Call); } const StoreRef &newStore = - Mgr.StoreMgr->invalidateRegions(getStore(), Regions, E, Count, IS, + Mgr.StoreMgr->invalidateRegions(getStore(), Regions, E, Count, LCtx, IS, Call, NULL); return makeWithStore(newStore); } diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index b9130a754c..4cafddc08a 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -239,11 +239,13 @@ public: RegionBindings invalidateGlobalRegion(MemRegion::Kind K, const Expr *Ex, unsigned Count, + const LocationContext *LCtx, RegionBindings B, InvalidatedRegions *Invalidated); StoreRef invalidateRegions(Store store, ArrayRef Regions, const Expr *E, unsigned Count, + const LocationContext *LCtx, InvalidatedSymbols &IS, const CallOrObjCMessage *Call, InvalidatedRegions *Invalidated); @@ -594,6 +596,7 @@ class invalidateRegionsWorker : public ClusterAnalysis { const Expr *Ex; unsigned Count; + const LocationContext *LCtx; StoreManager::InvalidatedSymbols &IS; StoreManager::InvalidatedRegions *Regions; public: @@ -601,11 +604,12 @@ public: ProgramStateManager &stateMgr, RegionBindings b, const Expr *ex, unsigned count, + const LocationContext *lctx, StoreManager::InvalidatedSymbols &is, StoreManager::InvalidatedRegions *r, bool includeGlobals) : ClusterAnalysis(rm, stateMgr, b, includeGlobals), - Ex(ex), Count(count), IS(is), Regions(r) {} + Ex(ex), Count(count), LCtx(lctx), IS(is), Regions(r) {} void VisitCluster(const MemRegion *baseR, BindingKey *I, BindingKey *E); void VisitBaseRegion(const MemRegion *baseR); @@ -681,7 +685,7 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { // Invalidate the region by setting its default value to // conjured symbol. The type of the symbol is irrelavant. DefinedOrUnknownSVal V = - svalBuilder.getConjuredSymbolVal(baseR, Ex, Ctx.IntTy, Count); + svalBuilder.getConjuredSymbolVal(baseR, Ex, LCtx, Ctx.IntTy, Count); B = RM.addBinding(B, baseR, BindingKey::Default, V); return; } @@ -697,7 +701,7 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { // Invalidate the region by setting its default value to // conjured symbol. The type of the symbol is irrelavant. DefinedOrUnknownSVal V = - svalBuilder.getConjuredSymbolVal(baseR, Ex, Ctx.IntTy, Count); + svalBuilder.getConjuredSymbolVal(baseR, Ex, LCtx, Ctx.IntTy, Count); B = RM.addBinding(B, baseR, BindingKey::Default, V); return; } @@ -705,7 +709,8 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { if (const ArrayType *AT = Ctx.getAsArrayType(T)) { // Set the default value of the array to conjured symbol. DefinedOrUnknownSVal V = - svalBuilder.getConjuredSymbolVal(baseR, Ex, AT->getElementType(), Count); + svalBuilder.getConjuredSymbolVal(baseR, Ex, LCtx, + AT->getElementType(), Count); B = RM.addBinding(B, baseR, BindingKey::Default, V); return; } @@ -720,7 +725,8 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { } - DefinedOrUnknownSVal V = svalBuilder.getConjuredSymbolVal(baseR, Ex, T,Count); + DefinedOrUnknownSVal V = svalBuilder.getConjuredSymbolVal(baseR, Ex, LCtx, + T,Count); assert(SymbolManager::canSymbolicate(T) || V.isUnknown()); B = RM.addBinding(B, baseR, BindingKey::Direct, V); } @@ -728,13 +734,14 @@ void invalidateRegionsWorker::VisitBaseRegion(const MemRegion *baseR) { RegionBindings RegionStoreManager::invalidateGlobalRegion(MemRegion::Kind K, const Expr *Ex, unsigned Count, + const LocationContext *LCtx, RegionBindings B, InvalidatedRegions *Invalidated) { // Bind the globals memory space to a new symbol that we will use to derive // the bindings for all globals. const GlobalsSpaceRegion *GS = MRMgr.getGlobalsRegion(K); SVal V = - svalBuilder.getConjuredSymbolVal(/* SymbolTag = */ (void*) GS, Ex, + svalBuilder.getConjuredSymbolVal(/* SymbolTag = */ (void*) GS, Ex, LCtx, /* symbol type, doesn't matter */ Ctx.IntTy, Count); @@ -752,12 +759,13 @@ RegionBindings RegionStoreManager::invalidateGlobalRegion(MemRegion::Kind K, StoreRef RegionStoreManager::invalidateRegions(Store store, ArrayRef Regions, const Expr *Ex, unsigned Count, + const LocationContext *LCtx, InvalidatedSymbols &IS, const CallOrObjCMessage *Call, InvalidatedRegions *Invalidated) { invalidateRegionsWorker W(*this, StateMgr, RegionStoreManager::GetRegionBindings(store), - Ex, Count, IS, Invalidated, false); + Ex, Count, LCtx, IS, Invalidated, false); // Scan the bindings and generate the clusters. W.GenerateClusters(); @@ -779,13 +787,13 @@ StoreRef RegionStoreManager::invalidateRegions(Store store, // System calls invalidate only system globals. if (Call && Call->isInSystemHeader()) { B = invalidateGlobalRegion(MemRegion::GlobalSystemSpaceRegionKind, - Ex, Count, B, Invalidated); + Ex, Count, LCtx, B, Invalidated); // Internal calls might invalidate both system and internal globals. } else { B = invalidateGlobalRegion(MemRegion::GlobalSystemSpaceRegionKind, - Ex, Count, B, Invalidated); + Ex, Count, LCtx, B, Invalidated); B = invalidateGlobalRegion(MemRegion::GlobalInternalSpaceRegionKind, - Ex, Count, B, Invalidated); + Ex, Count, LCtx, B, Invalidated); } return StoreRef(B.getRootWithoutRetain(), *this); diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp index 9e1c7cc2a5..6f5eb375f4 100644 --- a/lib/StaticAnalyzer/Core/SValBuilder.cpp +++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp @@ -108,19 +108,21 @@ SValBuilder::getRegionValueSymbolVal(const TypedValueRegion* region) { DefinedOrUnknownSVal SValBuilder::getConjuredSymbolVal(const void *symbolTag, const Expr *expr, + const LocationContext *LCtx, unsigned count) { QualType T = expr->getType(); - return getConjuredSymbolVal(symbolTag, expr, T, count); + return getConjuredSymbolVal(symbolTag, expr, LCtx, T, count); } DefinedOrUnknownSVal SValBuilder::getConjuredSymbolVal(const void *symbolTag, const Expr *expr, + const LocationContext *LCtx, QualType type, unsigned count) { if (!SymbolManager::canSymbolicate(type)) return UnknownVal(); - SymbolRef sym = SymMgr.getConjuredSymbol(expr, type, count, symbolTag); + SymbolRef sym = SymMgr.getConjuredSymbol(expr, LCtx, type, count, symbolTag); if (Loc::isLocType(type)) return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); diff --git a/lib/StaticAnalyzer/Core/SymbolManager.cpp b/lib/StaticAnalyzer/Core/SymbolManager.cpp index bdb9ea74c2..adefb5858e 100644 --- a/lib/StaticAnalyzer/Core/SymbolManager.cpp +++ b/lib/StaticAnalyzer/Core/SymbolManager.cpp @@ -181,16 +181,17 @@ SymbolManager::getRegionValueSymbol(const TypedValueRegion* R) { } const SymbolConjured* -SymbolManager::getConjuredSymbol(const Stmt *E, QualType T, unsigned Count, +SymbolManager::getConjuredSymbol(const Stmt *E, const LocationContext *LCtx, + QualType T, unsigned Count, const void *SymbolTag) { llvm::FoldingSetNodeID profile; - SymbolConjured::Profile(profile, E, T, Count, SymbolTag); + SymbolConjured::Profile(profile, E, T, Count, LCtx, SymbolTag); void *InsertPos; SymExpr *SD = DataSet.FindNodeOrInsertPos(profile, InsertPos); if (!SD) { SD = (SymExpr*) BPAlloc.Allocate(); - new (SD) SymbolConjured(SymbolCounter, E, T, Count, SymbolTag); + new (SD) SymbolConjured(SymbolCounter, E, LCtx, T, Count, SymbolTag); DataSet.InsertNode(SD, InsertPos); ++SymbolCounter; }