From: Ted Kremenek Date: Tue, 8 May 2012 21:49:54 +0000 (+0000) Subject: Having RegionStore lower field bindings to raw offsets, just like ElementRegions... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4213e389d6f8fa96ab30eec0d932e4e3eee32997;p=clang Having RegionStore lower field bindings to raw offsets, just like ElementRegions. This is a bit disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values as structs. Fixes . git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156428 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index bf79b9da0b..8b1371d28f 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -81,14 +81,9 @@ public: } // end anonymous namespace BindingKey BindingKey::Make(const MemRegion *R, Kind k) { - if (const ElementRegion *ER = dyn_cast(R)) { - const RegionRawOffset &O = ER->getAsArrayOffset(); - - // FIXME: There are some ElementRegions for which we cannot compute - // raw offsets yet, including regions with symbolic offsets. These will be - // ignored by the store. - return BindingKey(O.getRegion(), O.getOffset().getQuantity(), k); - } + const RegionOffset &RO = R->getAsOffset(); + if (RO.getRegion()) + return BindingKey(RO.getRegion(), RO.getOffset(), k); return BindingKey(R, 0, k); } @@ -648,7 +643,7 @@ void invalidateRegionsWorker::VisitBinding(SVal V) { for (RegionBindings::iterator RI = B.begin(), RE = B.end(); RI != RE; ++RI){ const SubRegion *baseR = dyn_cast(RI.getKey().getRegion()); - if (baseR && baseR->isSubRegionOf(LazyR)) + if (baseR && (baseR == LazyR || baseR->isSubRegionOf(LazyR))) VisitBinding(RI.getData()); } diff --git a/test/Analysis/misc-ps-arm.m b/test/Analysis/misc-ps-arm.m new file mode 100644 index 0000000000..a909ef13d0 --- /dev/null +++ b/test/Analysis/misc-ps-arm.m @@ -0,0 +1,18 @@ +// RUN: %clang_cc1 -triple thumbv7-apple-ios0.0.0 -analyze -analyzer-checker=core -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks -Wno-objc-root-class %s + +// - Handle casts of vectors to structs, and loading +// a value. +typedef float float32_t; +typedef __attribute__((neon_vector_type(2))) float32_t float32x2_t; + +typedef struct +{ + float x, y; +} Rdar11405978Vec; + +float32x2_t rdar11405978_bar(); +float32_t rdar11405978() { + float32x2_t v = rdar11405978_bar(); + Rdar11405978Vec w = *(Rdar11405978Vec *)&v; + return w.x; // no-warning +} diff --git a/test/Analysis/taint-tester.c b/test/Analysis/taint-tester.c index 377333505e..a83ee32bac 100644 --- a/test/Analysis/taint-tester.c +++ b/test/Analysis/taint-tester.c @@ -40,7 +40,7 @@ void taintTracking(int x) { // FIXME: We fail to propagate the taint here because RegionStore does not // handle ElementRegions with symbolic indexes. int addrDeref = *addr; // expected-warning + {{tainted}} - int _addrDeref = addrDeref; + int _addrDeref = addrDeref; // expected-warning + {{tainted}} // Tainted struct address, casts. struct XYStruct *xyPtr = 0;