diff options
Diffstat (limited to 'lib/Analysis/RegionStore.cpp')
| -rw-r--r-- | lib/Analysis/RegionStore.cpp | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp index b5eeb1ea1170..3bc9dccda6bf 100644 --- a/lib/Analysis/RegionStore.cpp +++ b/lib/Analysis/RegionStore.cpp @@ -349,6 +349,7 @@ public: SVal RetrieveArray(const GRState *St, const TypedRegion* R); + /// Get the state and region whose binding this region R corresponds to. std::pair<const GRState*, const MemRegion*> GetLazyBinding(RegionBindings B, const MemRegion *R); @@ -539,8 +540,7 @@ const GRState *RegionStoreManager::InvalidateRegions(const GRState *state, } // Handle the region itself. - if (isa<AllocaRegion>(R) || isa<SymbolicRegion>(R) || - isa<ObjCObjectRegion>(R)) { + if (isa<AllocaRegion>(R) || isa<SymbolicRegion>(R)) { // Invalidate the region by setting its default value to // conjured symbol. The type of the symbol is irrelavant. DefinedOrUnknownSVal V = ValMgr.getConjuredSymbolVal(R, Ex, Ctx.IntTy, @@ -744,8 +744,8 @@ DefinedOrUnknownSVal RegionStoreManager::getSizeInElements(const GRState *state, case MemRegion::ElementRegionKind: case MemRegion::FieldRegionKind: case MemRegion::ObjCIvarRegionKind: - case MemRegion::ObjCObjectRegionKind: case MemRegion::SymbolicRegionKind: + case MemRegion::CXXObjectRegionKind: return UnknownVal(); case MemRegion::StringRegionKind: { @@ -867,8 +867,8 @@ SVal RegionStoreManager::EvalBinOp(const GRState *state, // Fall-through. case MemRegion::CompoundLiteralRegionKind: case MemRegion::FieldRegionKind: - case MemRegion::ObjCObjectRegionKind: case MemRegion::ObjCIvarRegionKind: + case MemRegion::CXXObjectRegionKind: return UnknownVal(); case MemRegion::FunctionTextRegionKind: @@ -987,12 +987,12 @@ RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { assert(!isa<UnknownVal>(L) && "location unknown"); assert(!isa<UndefinedVal>(L) && "location undefined"); - + // FIXME: Is this even possible? Shouldn't this be treated as a null // dereference at a higher level? if (isa<loc::ConcreteInt>(L)) return SValuator::CastResult(state, UndefinedVal()); - + const MemRegion *MR = cast<loc::MemRegionVal>(L).getRegion(); // FIXME: return symbolic value for these cases. @@ -1090,8 +1090,7 @@ RegionStoreManager::Retrieve(const GRState *state, Loc L, QualType T) { } // All other values are symbolic. - return SValuator::CastResult(state, - ValMgr.getRegionValueSymbolValOrUnknown(R, RTy)); + return SValuator::CastResult(state, ValMgr.getRegionValueSymbolVal(R, RTy)); } std::pair<const GRState*, const MemRegion*> @@ -1256,7 +1255,7 @@ SVal RegionStoreManager::RetrieveFieldOrElementCommon(const GRState *state, } // All other values are symbolic. - return ValMgr.getRegionValueSymbolValOrUnknown(R, Ty); + return ValMgr.getRegionValueSymbolVal(R, Ty); } SVal RegionStoreManager::RetrieveObjCIvar(const GRState* state, @@ -1296,7 +1295,7 @@ SVal RegionStoreManager::RetrieveVar(const GRState *state, if (R->hasGlobalsOrParametersStorage() || isa<UnknownSpaceRegion>(R->getMemorySpace())) - return ValMgr.getRegionValueSymbolValOrUnknown(R, VD->getType()); + return ValMgr.getRegionValueSymbolVal(R, VD->getType()); return UndefinedVal(); } @@ -1307,7 +1306,7 @@ SVal RegionStoreManager::RetrieveLazySymbol(const GRState *state, QualType valTy = R->getValueType(getContext()); // All other values are symbolic. - return ValMgr.getRegionValueSymbolValOrUnknown(R, valTy); + return ValMgr.getRegionValueSymbolVal(R, valTy); } SVal RegionStoreManager::RetrieveStruct(const GRState *state, @@ -1425,7 +1424,13 @@ const GRState *RegionStoreManager::Bind(const GRState *state, Loc L, SVal V) { // Binding directly to a symbolic region should be treated as binding // to element 0. QualType T = SR->getSymbol()->getType(getContext()); - T = T->getAs<PointerType>()->getPointeeType(); + + // FIXME: Is this the right way to handle symbols that are references? + if (const PointerType *PT = T->getAs<PointerType>()) + T = PT->getPointeeType(); + else + T = T->getAs<ReferenceType>()->getPointeeType(); + R = GetElementZeroRegion(SR, T); } |