Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / 1e4a32acfad6a9f4cf555fdbc5c6c44c558b9fcb^! / .
commit1e4a32acfad6a9f4cf555fdbc5c6c44c558b9fcb[log] [tgz]
authorTed Kremenek <kremenek@apple.com>Wed Sep 01 23:00:46 2010 +0000
committerTed Kremenek <kremenek@apple.com>Wed Sep 01 23:00:46 2010 +0000
treeb2f92470c4383d3cf141c4be7b5d707e56d90aee
parent710672485039d3dd355748876299fff88e8ad84c [diff]
Don't assert in the analyzer when analyze code does a byte load from a function's address.  Fixes PR 8052.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112761 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp
index 595fb6f..19945a7 100644
--- a/lib/Checker/RegionStore.cpp
+++ b/lib/Checker/RegionStore.cpp

@@ -1087,6 +1087,10 @@
       return ValMgr.makeIntVal(c, T);
     }
   }
+  
+  // Check for loads from a code text region.  For such loads, just give up.
+  if (const CodeTextRegion *cR = dyn_cast<CodeTextRegion>(superR))
+    return UnknownVal();
 
   // Handle the case where we are indexing into a larger scalar object.
   // For example, this handles:

diff --git a/lib/Checker/Store.cpp b/lib/Checker/Store.cpp
index 7c80eed..1cb5cd7 100644
--- a/lib/Checker/Store.cpp
+++ b/lib/Checker/Store.cpp

@@ -101,17 +101,10 @@
       assert(0 && "Invalid region cast");
       break;
     }
-    
+
     case MemRegion::FunctionTextRegionKind:
     case MemRegion::BlockTextRegionKind:
-    case MemRegion::BlockDataRegionKind: {
-      // CodeTextRegion should be cast to only a function or block pointer type,
-      // although they can in practice be casted to anything, e.g, void*, char*,
-      // etc.  
-      // Just return the region.
-      return R;
-    }
-
+    case MemRegion::BlockDataRegionKind:
     case MemRegion::StringRegionKind:
       // FIXME: Need to handle arbitrary downcasts.
     case MemRegion::SymbolicRegionKind:

diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index 3827533..8e84de1 100644
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m

@@ -1066,3 +1066,27 @@
   // Do not warn that the value of 'foo' is uninitialized.
   return foo; // no-warning
 }
+
+// PR 8052 - Don't crash when reasoning about loads from a function address.\n
+typedef unsigned int __uint32_t;
+typedef unsigned long vm_offset_t;
+typedef __uint32_t pd_entry_t;
+typedef unsigned char u_char;
+typedef unsigned int u_int;
+typedef unsigned long u_long;
+extern int      bootMP_size;
+void            bootMP(void);
+static void 
+pr8052(u_int boot_addr)
+{
+    int             x;
+    int             size = *(int *) ((u_long) & bootMP_size);
+    u_char         *src = (u_char *) ((u_long) bootMP);
+    u_char         *dst = (u_char *) boot_addr + ((vm_offset_t) ((((((((1 <<
+12) / (sizeof(pd_entry_t))) - 1) - 1) - (260 - 2))) << 22) | ((0) << 12)));
+    for (x = 0;
+         x < size;
+         ++x)
+        *dst++ = *src++;
+}
+