Make SymbolicRegion subclass TypedRegion, for symbols usually have types, so
do the symblic regions associated with them and we need them to be typed.
Current SymbolicRegion::getRValueType() method is very restricting. It may be
modified when we are more clear about what could be the types of symblic
regions.
BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a
subclass of SubRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63844 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/Analysis/BasicConstraintManager.cpp b/lib/Analysis/BasicConstraintManager.cpp
index 0c98bf6..58c4727 100644
--- a/lib/Analysis/BasicConstraintManager.cpp
+++ b/lib/Analysis/BasicConstraintManager.cpp
@@ -165,17 +165,14 @@
// FIXME: Should this go into the storemanager?
const MemRegion* R = cast<loc::MemRegionVal>(Cond).getRegion();
-
- while (R) {
- if (const SubRegion* SubR = dyn_cast<SubRegion>(R)) {
- R = SubR->getSuperRegion();
- continue;
- }
- else if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(R))
+ const SubRegion* SubR = dyn_cast<SubRegion>(R);
+
+ while (SubR) {
+ // FIXME: now we only find the first symbolic region.
+ if (const SymbolicRegion* SymR = dyn_cast<SymbolicRegion>(SubR))
return AssumeAux(St, loc::SymbolVal(SymR->getSymbol()), Assumption,
isFeasible);
-
- break;
+ SubR = dyn_cast<SubRegion>(SubR->getSuperRegion());
}
// FALL-THROUGH.
diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp
index 2feea59..ad542b8 100644
--- a/lib/Analysis/BasicStore.cpp
+++ b/lib/Analysis/BasicStore.cpp
@@ -173,7 +173,8 @@
switch(BaseL.getSubKind()) {
case loc::SymbolValKind:
- BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol(),
+ StateMgr.getSymbolManager());
break;
case loc::GotoLabelKind:
@@ -218,7 +219,8 @@
// Create a region to represent this symbol.
// FIXME: In the future we may just use symbolic regions instead of
// SymbolVals to reason about symbolic memory chunks.
- const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym);
+ const MemRegion* SymR = MRMgr.getSymbolicRegion(Sym,
+ StateMgr.getSymbolManager());
// Layered a typed region on top of this.
QualType T = StateMgr.getSymbolManager().getType(Sym);
BaseR = MRMgr.getAnonTypedRegion(T, SymR);
diff --git a/lib/Analysis/MemRegion.cpp b/lib/Analysis/MemRegion.cpp
index 82f4423..e41c5f9 100644
--- a/lib/Analysis/MemRegion.cpp
+++ b/lib/Analysis/MemRegion.cpp
@@ -107,6 +107,28 @@
ElementRegion::ProfileRegion(ID, Index, superRegion);
}
+//===----------------------------------------------------------------------===//
+// getLValueType() and getRValueType()
+//===----------------------------------------------------------------------===//
+
+QualType SymbolicRegion::getRValueType(ASTContext& C) const {
+ const SymbolData& data = SymMgr.getSymbolData(sym);
+
+ // FIXME: We could use the SymbolManager::getType() directly. But that
+ // would hide the assumptions we made here. What is the type of a symbolic
+ // region is unclear for other cases.
+
+ // For now we assume the symbol is a typed region rvalue.
+ const TypedRegion* R
+ = cast<TypedRegion>(cast<SymbolRegionRValue>(data).getRegion());
+
+ // Assume the region rvalue has a pointer type, only then we could have a
+ // symbolic region associated with it.
+ PointerType* PTy = cast<PointerType>(R->getRValueType(C).getTypePtr());
+
+ return PTy->getPointeeType();
+}
+
QualType ElementRegion::getRValueType(ASTContext& C) const {
// Strip off typedefs from the ArrayRegion's RvalueType.
QualType T = getArrayRegion()->getRValueType(C)->getDesugaredType();
@@ -119,10 +141,6 @@
return T;
}
-//===----------------------------------------------------------------------===//
-// getLValueType() and getRValueType()
-//===----------------------------------------------------------------------===//
-
QualType StringRegion::getRValueType(ASTContext& C) const {
return Str->getType();
}
@@ -308,7 +326,8 @@
}
/// getSymbolicRegion - Retrieve or create a "symbolic" memory region.
-SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym) {
+SymbolicRegion* MemRegionManager::getSymbolicRegion(const SymbolRef sym,
+ const SymbolManager& mgr) {
llvm::FoldingSetNodeID ID;
SymbolicRegion::ProfileRegion(ID, sym);
@@ -319,7 +338,8 @@
if (!R) {
R = (SymbolicRegion*) A.Allocate<SymbolicRegion>();
- new (R) SymbolicRegion(sym);
+ // SymbolicRegion's storage class is usually unknown.
+ new (R) SymbolicRegion(sym, mgr, getUnknownRegion());
Regions.InsertNode(R, InsertPos);
}
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index 8d36d10..e640087 100644
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -312,7 +312,8 @@
break;
case loc::SymbolValKind:
- BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol());
+ BaseR = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(&BaseL)->getSymbol(),
+ StateMgr.getSymbolManager());
break;
case loc::GotoLabelKind:
@@ -701,7 +702,8 @@
if (isa<loc::MemRegionVal>(L))
R = cast<loc::MemRegionVal>(L).getRegion();
else if (isa<loc::SymbolVal>(L))
- R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol());
+ R = MRMgr.getSymbolicRegion(cast<loc::SymbolVal>(L).getSymbol(),
+ StateMgr.getSymbolManager());
if (R) {
RegionBindingsTy B = GetRegionBindings(store);