From 281e9dc6ba6ff10bf910b0fc8898dff2a429f156 Mon Sep 17 00:00:00 2001 From: Ted Kremenek Date: Thu, 29 Jul 2010 00:28:47 +0000 Subject: [PATCH] Augment RegionStore::BindStruct() to bind symbolicated struct values. This fixes a false path issue reported in and also spurs another cause where the idempotent operations checker fires. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109710 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Checker/RegionStore.cpp | 14 ++++++++------ test/Analysis/misc-ps-region-store.m | 16 ++++++++++++++++ test/Analysis/uninit-vals-ps-region.m | 2 +- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp index 74a7fee048..7d708f8877 100644 --- a/lib/Checker/RegionStore.cpp +++ b/lib/Checker/RegionStore.cpp @@ -289,7 +289,7 @@ public: // Part of public interface to class. Store BindArray(Store store, const TypedRegion* R, SVal V); /// KillStruct - Set the entire struct to unknown. - Store KillStruct(Store store, const TypedRegion* R); + Store KillStruct(Store store, const TypedRegion* R, SVal DefaultVal); Store Remove(Store store, Loc LV); @@ -1560,10 +1560,11 @@ Store RegionStoreManager::BindStruct(Store store, const TypedRegion* R, if (const nonloc::LazyCompoundVal *LCV=dyn_cast(&V)) return CopyLazyBindings(*LCV, store, R); - // We may get non-CompoundVal accidentally due to imprecise cast logic. - // Ignore them and kill the field values. + // We may get non-CompoundVal accidentally due to imprecise cast logic or + // that we are binding symbolic struct value. Kill the field values, and if + // the value is symbolic go and bind it as a "default" binding. if (V.isUnknown() || !isa(V)) - return KillStruct(store, R); + return KillStruct(store, R, isa(V) ? V : UnknownVal()); nonloc::CompoundVal& CV = cast(V); nonloc::CompoundVal::iterator VI = CV.begin(), VE = CV.end(); @@ -1596,14 +1597,15 @@ Store RegionStoreManager::BindStruct(Store store, const TypedRegion* R, return store; } -Store RegionStoreManager::KillStruct(Store store, const TypedRegion* R) { +Store RegionStoreManager::KillStruct(Store store, const TypedRegion* R, + SVal DefaultVal) { RegionBindings B = GetRegionBindings(store); llvm::OwningPtr SubRegions(getRegionStoreSubRegionMap(store)); RemoveSubRegionBindings(B, R, *SubRegions); // Set the default value of the struct region to "unknown". - return Add(B, R, BindingKey::Default, UnknownVal()).getRoot(); + return Add(B, R, BindingKey::Default, DefaultVal).getRoot(); } Store RegionStoreManager::CopyLazyBindings(nonloc::LazyCompoundVal V, diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 6b4f658a3f..e8b9533de5 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -1041,3 +1041,19 @@ void pr_7450() { pr_7450_aux(p + 8); } +// - Symbolicate struct values returned by value. +struct s_rdar_8243408 { int x; }; +extern struct s_rdar_8243408 rdar_8243408_aux(void); +void rdar_8243408(void) { + struct s_rdar_8243408 a = { 1 }, *b = 0; + while (a.x && !b) + a = rdar_8243408_aux(); + + // Previously there was a false error here with 'b' being null. + (void) (a.x && b->x); // no-warning + + // Introduce a null deref to ensure we are checking this path. + int *p = 0; + *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer}} +} + diff --git a/test/Analysis/uninit-vals-ps-region.m b/test/Analysis/uninit-vals-ps-region.m index 69c1ecd1e3..ae8f1322f4 100644 --- a/test/Analysis/uninit-vals-ps-region.m +++ b/test/Analysis/uninit-vals-ps-region.m @@ -42,7 +42,7 @@ void test_uninit_pos_3() { void test_uninit_neg() { struct TestUninit v1 = { 0, 0 }; struct TestUninit v2 = test_uninit_aux(); - test_unit_aux2(v2.x + v1.y); // no-warning + test_unit_aux2(v2.x + v1.y); // expected-warning{{The right operand to '+' is always 0}} } extern void test_uninit_struct_arg_aux(struct TestUninit arg); -- 2.40.0