commit 3ed04d37573c566205d965d2e91d54ccae898d0a
author Zhongxing Xu <xuzhongxing@gmail.com> Mon Jan 18 08:54:31 2010 +0000
committer Zhongxing Xu <xuzhongxing@gmail.com> Mon Jan 18 08:54:31 2010 +0000
tree 3dceac07a4d604c2957a8b608f0e60926dcc3637
parent 7a2132a5d2fead49f6fddc39137e1c14b70c0193

Add support for computing size in elements for symbolic regions obtained from
malloc().


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93722 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Analysis/MallocChecker.cpp

diff --git a/lib/Analysis/MallocChecker.cpp b/lib/Analysis/MallocChecker.cpp
index 5bd2791..28f4db7 100644
--- a/lib/Analysis/MallocChecker.cpp
+++ b/lib/Analysis/MallocChecker.cpp
@@ -72,7 +72,7 @@
 private:
   void MallocMem(CheckerContext &C, const CallExpr *CE);
   const GRState *MallocMemAux(CheckerContext &C, const CallExpr *CE,
-                              const GRState *state);
+                              const Expr *SizeEx, const GRState *state);
   void FreeMem(CheckerContext &C, const CallExpr *CE);
   const GRState *FreeMemAux(CheckerContext &C, const CallExpr *CE,
                             const GRState *state);
@@ -136,18 +136,24 @@
 }
 
 void MallocChecker::MallocMem(CheckerContext &C, const CallExpr *CE) {
-  const GRState *state = MallocMemAux(C, CE, C.getState());
+  const GRState *state = MallocMemAux(C, CE, CE->getArg(0), C.getState());
   C.addTransition(state);
 }
 
 const GRState *MallocChecker::MallocMemAux(CheckerContext &C,  
                                            const CallExpr *CE,
+                                           const Expr *SizeEx,
                                            const GRState *state) {
   unsigned Count = C.getNodeBuilder().getCurrentBlockCount();
   ValueManager &ValMgr = C.getValueManager();
 
   SVal RetVal = ValMgr.getConjuredSymbolVal(NULL, CE, CE->getType(), Count);
 
+  SVal Size = state->getSVal(SizeEx);
+
+  state = C.getEngine().getStoreManager().setExtent(state, RetVal.getAsRegion(),
+                                                    Size);
+
   state = state->BindExpr(CE, RetVal);
   
   SymbolRef Sym = RetVal.getAsLocSymbol();
@@ -216,7 +222,7 @@
     if (Sym)
       stateEqual = stateEqual->set<RegionState>(Sym, RefState::getReleased(CE));
 
-    const GRState *stateMalloc = MallocMemAux(C, CE, stateEqual);
+    const GRState *stateMalloc = MallocMemAux(C, CE, CE->getArg(1), stateEqual);
     C.addTransition(stateMalloc);
   }
 
@@ -237,7 +243,8 @@
       const GRState *stateFree = FreeMemAux(C, CE, stateSizeNotZero);
       if (stateFree) {
         // FIXME: We should copy the content of the original buffer.
-        const GRState *stateRealloc = MallocMemAux(C, CE, stateFree);
+        const GRState *stateRealloc = MallocMemAux(C, CE, CE->getArg(1), 
+                                                   stateFree);
         C.addTransition(stateRealloc);
       }
     }