From: Ted Kremenek Date: Tue, 29 Sep 2009 03:34:03 +0000 (+0000) Subject: Reapply most of r82939, but add a guard that FieldRegions and friends X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a5971b3b18ee00f799c646644c7c04014b88fdcd;p=clang Reapply most of r82939, but add a guard that FieldRegions and friends are only specially treated by RegionStore::InvalidateRegion() when their super region is also invalidated. When this isn't the case, conjure a new symbol for a FieldRegion. Thanks to Zhongxing Xu and Daniel Dunbar for pointing out this issue. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83043 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp index da04d68dcf..3b27150baa 100644 --- a/lib/Analysis/RegionStore.cpp +++ b/lib/Analysis/RegionStore.cpp @@ -514,15 +514,20 @@ const GRState *RegionStoreManager::InvalidateRegion(const GRState *state, continue; } - // FIXME: Special case FieldRegion/ElementRegion for more - // efficient invalidation. We don't need to conjure symbols for - // these regions in all cases. - // Get the old binding. Is it a region? If so, add it to the worklist. if (const SVal *OldV = B.lookup(R)) { if (const MemRegion *RV = OldV->getAsRegion()) WorkList.push_back(RV); } + + if ((isa(R)||isa(R)||isa(R)) + && Visited[cast(R)->getSuperRegion()]) { + // For fields and elements whose super region has also been invalidated, + // only remove the old binding. The super region will get set with a + // default value from which we can lazily derive a new symbolic value. + B = RBFactory.Remove(B, R); + continue; + } // Invalidate the binding. DefinedOrUnknownSVal V = ValMgr.getConjuredSymbolVal(R, Ex, T, Count); diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 76084d5c9e..03e3f6f2dc 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -249,3 +249,20 @@ int rdar_6914474(void) { return x; // no-warning } +// Test invalidation of a single field. +struct s_test_field_invalidate { + int x; +}; +extern void test_invalidate_field(int *x); +int test_invalidate_field_test() { + struct s_test_field_invalidate y; + test_invalidate_field(&y.x); + return y.x; // no-warning +} +int test_invalidate_field_test_positive() { + struct s_test_field_invalidate y; + return y.x; // expected-warning{{garbage}} +} + + +