Teach GRSimpleVals::EvalNE and GRSimplVals::EvalEQ about TypedRegionViews and
SymbolicRegions. This fixes a serious regression when checking symbolic pointers
against null.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66444 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/Analysis/GRSimpleVals.cpp b/lib/Analysis/GRSimpleVals.cpp
index 90d9e57..e2dde76 100644
--- a/lib/Analysis/GRSimpleVals.cpp
+++ b/lib/Analysis/GRSimpleVals.cpp
@@ -262,6 +262,17 @@
}
// Pointer arithmetic.
+static Loc StripViews(Loc X) {
+ if (isa<loc::MemRegionVal>(X)) {
+ const SymbolicRegion *Region =
+ cast<loc::MemRegionVal>(X).getRegion()->getAs<SymbolicRegion>();
+
+ if (Region)
+ return Loc::MakeVal(Region->getSymbol());
+ }
+
+ return X;
+}
SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op,
Loc L, NonLoc R) {
@@ -274,7 +285,8 @@
SVal GRSimpleVals::EvalEQ(GRExprEngine& Eng, Loc L, Loc R) {
BasicValueFactory& BasicVals = Eng.getBasicVals();
-
+
+TryAgain:
switch (L.getSubKind()) {
default:
@@ -320,7 +332,20 @@
return UnknownVal();
}
- case loc::MemRegionKind:
+ case loc::MemRegionKind: {
+ // See if 'L' and 'R' both wrap symbols.
+ Loc LTmp = StripViews(L);
+ Loc RTmp = StripViews(R);
+
+ if (LTmp != L || RTmp != R) {
+ L = LTmp;
+ R = RTmp;
+ goto TryAgain;
+ }
+ }
+
+ // Fall-through.
+
case loc::FuncValKind:
case loc::GotoLabelKind:
return NonLoc::MakeIntTruthVal(BasicVals, L == R);
@@ -333,6 +358,7 @@
BasicValueFactory& BasicVals = Eng.getBasicVals();
+TryAgain:
switch (L.getSubKind()) {
default:
@@ -357,7 +383,7 @@
}
break;
-
+
case loc::SymbolValKind: {
if (isa<loc::ConcreteInt>(R)) {
const SymIntConstraint& C =
@@ -378,7 +404,18 @@
break;
}
- case loc::MemRegionKind:
+ case loc::MemRegionKind: {
+ // See if 'L' and 'R' both wrap symbols.
+ Loc LTmp = StripViews(L);
+ Loc RTmp = StripViews(R);
+
+ if (LTmp != L || RTmp != R) {
+ L = LTmp;
+ R = RTmp;
+ goto TryAgain;
+ }
+ }
+
case loc::FuncValKind:
case loc::GotoLabelKind:
return NonLoc::MakeIntTruthVal(BasicVals, L != R);