Use conjured symbols for variables whose values are invalidated when
passed-by-reference to a function. This allows us to build up constraints for
their new values and restore some lost path-sensitivity. This addresses a few
false positives since in Adium.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53125 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/Analysis/CFRefCount.cpp b/lib/Analysis/CFRefCount.cpp
index 323181a..a9c4f84 100644
--- a/lib/Analysis/CFRefCount.cpp
+++ b/lib/Analysis/CFRefCount.cpp
@@ -1389,8 +1389,35 @@
}
}
else if (isa<LVal>(V)) {
+#if 0
// Nuke all arguments passed by reference.
StateMgr.Unbind(StVals, cast<LVal>(V));
+#else
+ if (lval::DeclVal* DV = dyn_cast<lval::DeclVal>(&V)) {
+
+ // FIXME: Either this logic should also be replicated in GRSimpleVals
+ // or should be pulled into a separate "constraint engine."
+ // FIXME: We can have collisions on the conjured symbol if the
+ // expression *I also creates conjured symbols. We probably want
+ // to identify conjured symbols by an expression pair: the enclosing
+ // expression (the context) and the expression itself. This should
+ // disambiguate conjured symbols.
+
+ // Invalidate the values of all variables passed by reference.
+ // Set the value of the variable to be a conjured symbol.
+ unsigned Count = Builder.getCurrentBlockCount();
+ SymbolID NewSym = Eng.getSymbolManager().getConjuredSymbol(*I, Count);
+
+ StateMgr.BindVar(StVals, DV->getDecl(),
+ LVal::IsLValType(DV->getDecl()->getType())
+ ? cast<RVal>(lval::SymbolVal(NewSym))
+ : cast<RVal>(nonlval::SymbolVal(NewSym)));
+ }
+ else {
+ // Nuke all other arguments passed by reference.
+ StateMgr.Unbind(StVals, cast<LVal>(V));
+ }
+#endif
}
else if (isa<nonlval::LValAsInteger>(V))
StateMgr.Unbind(StVals, cast<nonlval::LValAsInteger>(V).getLVal());