Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 47cbd0f3892c7965cf16a58393f9f17a22d4d4d9^! / . / lib / StaticAnalyzer / Checkers / MallocChecker.cpp
commit47cbd0f3892c7965cf16a58393f9f17a22d4d4d9[log] [tgz]
authorTed Kremenek <kremenek@apple.com>Fri Sep 07 22:31:01 2012 +0000
committerTed Kremenek <kremenek@apple.com>Fri Sep 07 22:31:01 2012 +0000
treea3c1edfe3895bb75f32a958aa6183524d2de53e5
parentb4b4523cc52bebc5ed47cc501959ab31286a1065 [diff] [blame]
Remove ProgramState::getSymVal().  It was being misused by Checkers,
with at least one subtle bug in MacOSXKeyChainAPIChecker where the
calling the method was a substitute for assuming a symbolic value
was null (which is not the case).

We still keep ConstraintManager::getSymVal(), but we use that as
an optimization in SValBuilder and ProgramState::getSVal() to
constant-fold SVals.  This is only if the ConstraintManager can
provide us with that information, which is no longer a requirement.
As part of this, introduce a default implementation of
ConstraintManager::getSymVal() which returns null.

For Checkers, introduce ConstraintManager::isNull(), which queries
the state to see if the symbolic value is constrained to be a null
value.  It does this without assuming it has been implicitly constant
folded.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index a8ef2e5..b3107c8 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp

@@ -1275,9 +1275,8 @@
                                               bool Assumption) const {
   RegionStateTy RS = state->get<RegionState>();
   for (RegionStateTy::iterator I = RS.begin(), E = RS.end(); I != E; ++I) {
-    // If the symbol is assumed to NULL or another constant, this will
-    // return an APSInt*.
-    if (state->getSymVal(I.getKey()))
+    // If the symbol is assumed to be NULL, remove it from consideration.
+    if (state->getConstraintManager().isNull(state, I.getKey()).isTrue())
       state = state->remove<RegionState>(I.getKey());
   }
 
@@ -1285,12 +1284,10 @@
   // restore the state of the pointer being reallocated.
   ReallocMap RP = state->get<ReallocPairs>();
   for (ReallocMap::iterator I = RP.begin(), E = RP.end(); I != E; ++I) {
-    // If the symbol is assumed to NULL or another constant, this will
-    // return an APSInt*.
-    if (state->getSymVal(I.getKey())) {
+    // If the symbol is assumed to be NULL, remove it from consideration.
+    if (state->getConstraintManager().isNull(state, I.getKey()).isTrue()) {
       SymbolRef ReallocSym = I.getData().ReallocatedSym;
-      const RefState *RS = state->get<RegionState>(ReallocSym);
-      if (RS) {
+      if (const RefState *RS = state->get<RegionState>(ReallocSym)) {
         if (RS->isReleased() && ! I.getData().IsFreeOnFailure)
           state = state->set<RegionState>(ReallocSym,
                              RefState::getAllocated(RS->getStmt()));