From: Zhongxing Xu Date: Thu, 26 Mar 2009 08:23:58 +0000 (+0000) Subject: Check in some design documents to centralize ideas around region store and the X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7fddc33f4ff7faa0f38a9364258e5854151b7bd9;p=clang Check in some design documents to centralize ideas around region store and the analysis engine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67747 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Analysis/Design.txt b/lib/Analysis/Design.txt new file mode 100644 index 0000000000..f4887cd935 --- /dev/null +++ b/lib/Analysis/Design.txt @@ -0,0 +1,53 @@ +Symbolic Region + +A symbolic region is a map of the concept of symbolic values into the domain of +regions. It is the way that we represent symbolic pointers. Whenever a symbolic +pointer value is needed, a symbolic region is created to represent it. + +A symbolic region has no type. It wraps a SymbolData. But sometimes we have type +information associated with a symbolic region. For this case, a TypedViewRegion +is created to layer the type information on top of the symbolic region. The +reason we do not carry type information with the symbolic region is that +the symbolic regions can have no type. To be consistent, we don't let them to +carry type information. + +Like a symbolic pointer, a symbolic region may be NULL, has unknown extent, and +represents a generic chunk of memory. + +We plan not to use loc::SymbolVal in RegionStore and remove it gradually. + +Pointer Casts + +Pointer casts allow people to impose different 'views' onto a chunk of memory. + +Usually we have two kinds of casts. One kind of casts cast down with in the type +hierarchy. It imposes more specific views onto more generic memory regions. The +other kind of casts cast up with in the type hierarchy. It strips away more +specific views on top of the more generic memory regions. + +We simulate the down casts by layering another TypedViewRegion on top of the +original region. We simulate the up casts by striping away the top +TypedViewRegion. Down casts is usually simple. For up casts, if the there is no +TypedViewRegion to be stripped, we return the original region. If the underlying +region is of the different type than the cast-to type, we flag an error state. + +For toll-free bridging casts, we return the original region. + +Region Bindings + +The following region kinds are boundable: VarRegion, CompoundLiteralRegion, +StringRegion, ElementRegion, FieldRegion, and ObjCIvarRegion. + +When binding regions, we perform canonicalization on element regions and field +regions. This is because we can have different views on the same region, some of +which are essentially the same view with different sugar type names. + +To canonicalize a region, we get the canonical types for all TypedViewRegions +along the way up to the root region, and make new TypedViewRegions with those +canonical types. + +All bindings and retrievings are done on the canonicalized regions. + +Canonicalization is transparent outside the region store manager, and more +specifically, unaware outside the Bind() and Retrieve() method. We don't need to +consider region canonicalization when doing pointer cast.