From 20bd746306ecdc61125800d53ff7e07321704064 Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Mon, 4 May 2009 07:04:36 +0000
Subject: [PATCH] BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.
 StoreManager: Handle casts from one element region to another. Update test
 cases.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70836 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Analysis/BasicStore.cpp                   | 19 ++++++++++---------
 lib/Analysis/Store.cpp                        |  7 ++++++-
 ...rray_bounds_failure.c => no-outofbounds.c} |  7 ++-----
 test/Analysis/xfail_regionstore_wine_crash.c  |  3 +--
 4 files changed, 19 insertions(+), 17 deletions(-)
 rename test/Analysis/{xfail_regionstore_bogus_array_bounds_failure.c => no-outofbounds.c} (58%)

diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp
index e4ac6b92a1..969e4c9654 100644
--- a/lib/Analysis/BasicStore.cpp
+++ b/lib/Analysis/BasicStore.cpp
@@ -217,7 +217,7 @@ SVal BasicStoreManager::getLValueElement(const GRState* St,
         //   char buf[100];
         //   char *q = &buf[1];  // p points to ElementRegion(buf,Unknown)
         //   &q[10]
-        assert(cast<ElementRegion>(R)->getIndex().isUnknown());
+        //assert(cast<ElementRegion>(R)->getIndex().isUnknown());
         return Base;
       }
       
@@ -287,18 +287,18 @@ SVal BasicStoreManager::Retrieve(const GRState* state, Loc loc, QualType T) {
     case loc::MemRegionKind: {
       const MemRegion* R = cast<loc::MemRegionVal>(loc).getRegion();
       
-      if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R)) {
+      if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
         // Just support void**, void***, intptr_t*, intptr_t**, etc., for now.
         // This is needed to handle OSCompareAndSwapPtr() and friends.
         ASTContext &Ctx = StateMgr.getContext();
-        QualType T = TR->getLValueType(Ctx);
+        QualType T = ER->getLValueType(Ctx);
 
         if (!isHigherOrderRawPtr(T, Ctx))
           return UnknownVal();
         
-        // Otherwise, strip the views.
-        // FIXME: Should we layer a TypedView on the result?
-        R = TR->removeViews();
+        // FIXME: Should check for element 0.
+        // Otherwise, strip the element region.
+        R = ER->getSuperRegion();
       }
       
       if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))
@@ -333,11 +333,12 @@ Store BasicStoreManager::BindInternal(Store store, Loc loc, SVal V) {
       // a cast to intXX_t*, void*, etc.  This is needed to handle
       // OSCompareAndSwap32Barrier/OSCompareAndSwap64Barrier.
       if (isa<Loc>(V) || isa<nonloc::LocAsInteger>(V))
-        if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R)) {
-          QualType T = TR->getLValueType(C);
+        if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
+          // FIXME: Should check for index 0.
+          QualType T = ER->getLValueType(C);
         
           if (isHigherOrderRawPtr(T, C))
-            R = TR->removeViews();
+            R = ER->getSuperRegion();
         }      
       
       if (!(isa<VarRegion>(R) || isa<ObjCIvarRegion>(R)))
diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp
index e9b8f6a27f..76437d2c86 100644
--- a/lib/Analysis/Store.cpp
+++ b/lib/Analysis/Store.cpp
@@ -68,7 +68,12 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R,
         // FIXME: We should have a standard query function to get the size
         //  of the array index.
         SVal Idx = ValMgr.makeZeroVal(ValMgr.getContext().VoidPtrTy);
-        ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, TR);
+        
+        // If the super region is an element region, strip it away.
+        // FIXME: Is this the right thing to do in all cases?
+        const TypedRegion *Base = isa<ElementRegion>(TR) ?
+                                  cast<TypedRegion>(TR->getSuperRegion()) : TR;
+        ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, Base);
         return CastResult(state, ER);
       }
     }
diff --git a/test/Analysis/xfail_regionstore_bogus_array_bounds_failure.c b/test/Analysis/no-outofbounds.c
similarity index 58%
rename from test/Analysis/xfail_regionstore_bogus_array_bounds_failure.c
rename to test/Analysis/no-outofbounds.c
index 0eb36519ca..df21fb27fe 100644
--- a/test/Analysis/xfail_regionstore_bogus_array_bounds_failure.c
+++ b/test/Analysis/no-outofbounds.c
@@ -1,8 +1,5 @@
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s
-// XFAIL
-
-// What we are seeing: Load or store into an out-of-bound memory position
-// This is bogus.
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s &&
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic -verify %s
 
 void f() {
   long x = 0;
diff --git a/test/Analysis/xfail_regionstore_wine_crash.c b/test/Analysis/xfail_regionstore_wine_crash.c
index 55143f8805..b6968c73a4 100644
--- a/test/Analysis/xfail_regionstore_wine_crash.c
+++ b/test/Analysis/xfail_regionstore_wine_crash.c
@@ -1,5 +1,4 @@
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region %s &&
-// RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic %s
+// RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s
 // XFAIL
 
 // When this test passes we should put it in the misc-ps.m test file.
-- 
2.40.0