Skip to content
  1. Jan 07, 2009
  3. Dec 21, 2008
  5. Dec 20, 2008
    • Zhongxing Xu's avatar
      Lazy bingding for region-store manager. · af7415ff
      Zhongxing Xu authored 
      * Now Bind() methods take and return GRState* because binding could
  also alter GDM.
* No variables are initialized except those declared with initial
  values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.

llvm-svn: 61274
      af7415ff
  7. Dec 13, 2008
    • Ted Kremenek's avatar
      MemRegion: · b5670fd5
      Ted Kremenek authored 
      - Overhauled the notion of "types" for TypedRegions.  We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()).  Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type.  We can add it back once there is a need for it and we can resolve its role with these concepts.

StoreManager:
- Overhauled StoreManager::CastRegion.  It expects an *lvalue* type for a region.  This is actually what motivated the overhaul to the MemRegion type mechanism.  It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts.  This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().

AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type.  This change was needed to work with the changes to StoreManager::CastRegion.

GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.

Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.

llvm-svn: 60995
      b5670fd5
    • Ted Kremenek's avatar
      A series of cleanups/fixes motivated by <rdar://problem/6442306>: · f065b15f
      Ted Kremenek authored 
      GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node.  Failure to do so means that region values returned that don't require the state to be modified will get ignored.

MemRegion:
- Tighten the interface for ElementRegion.  Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion.  Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion.  All that matters is that it is a TypedRegion, which is now true all the time by design.

BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion.  This conforms to the updated interface for ElementRegion.

RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.

llvm-svn: 60990
      f065b15f
  9. Dec 10, 2008
  11. Dec 09, 2008
  13. Dec 05, 2008
  15. Dec 04, 2008
  17. Nov 28, 2008
  19. Nov 24, 2008
  21. Nov 16, 2008
  23. Nov 15, 2008
  25. Nov 12, 2008
  27. Nov 07, 2008
  29. Oct 29, 2008
    • Zhongxing Xu's avatar
      Rename: AddDecl => BindDecl · 628ae879
      Zhongxing Xu authored 
      BindDecl better describes what the function does:
  - Bind the VarDecl to its memory region
  - Bind the memory region to some initial value.

llvm-svn: 58359
      628ae879
  31. Oct 27, 2008
    • Ted Kremenek's avatar
      Added preliminary support for CompoundLiterals in the static analyzer: · bf263682
      Ted Kremenek authored 
      - GRExprEngine::VisitCompoundLiteral...
   (1) visits the initializer list (generating ExplodedNodes)
   (2) creates a CompoundMemRegion for the literal
   (3) creates a new state with the bound literal values using
       GRStateManager::BindCompoundLiteral

- GRStateManager::BindCompoundLiteral simply calls 
  StoreManager::BindCompoundLiteral to get a new store and returns a persistent
  GRState with that store.

- BasicStore::BindCompoundLiteral simply returns the same store, as it
  doesn't handle field sensitivity
  
- RegionStore::BindCompoundLiteral currently fires an assert (pending discussion
  of how to best implement mappings for CompoundLiteralRegion).

llvm-svn: 58277
      bf263682
  33. Oct 26, 2008
  35. Oct 25, 2008
  37. Oct 24, 2008
  39. Oct 23, 2008
  41. Oct 22, 2008
  43. Oct 21, 2008
  45. Oct 18, 2008
  47. Oct 17, 2008
  49. Oct 16, 2008
  51. Oct 07, 2008
  53. Oct 05, 2008
  55. Oct 04, 2008
    • Ted Kremenek's avatar
      This is a big patch, but the functionality change is small and the rest of the... · 5ca90a24
      Ted Kremenek authored 
      This is a big patch, but the functionality change is small and the rest of the patch consists of deltas due to API changes.

This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h.  This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses.  This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.  

The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls.  In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal.  Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.

There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.

The memory region abstraction also allows type-information to literally be affixed to a memory region.  This will allow the some now redundant logic to be removed from the retain/release checker.

llvm-svn: 57042
      5ca90a24
  57. Sep 03, 2008
    • Ted Kremenek's avatar
      Store: (static analyzer) · 1b9e1039
      Ted Kremenek authored 
      - Change definition of store::Region and store::Binding (once again) to make
  them real classes that just wrap pointers. This makes them more strictly
  typed, and allows specific implementations of Regions/Bindings to just
  subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments

StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
  store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
  versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'

BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager

llvm-svn: 55688
      1b9e1039
  59. Aug 29, 2008