commit bc965a603a67c59d49fad2ea0d4d2eef2e5c52ad
author Ted Kremenek <kremenek@apple.com> Mon Feb 18 22:57:02 2008 +0000
committer Ted Kremenek <kremenek@apple.com> Mon Feb 18 22:57:02 2008 +0000
tree 32571c1bf44115b4ae1666f14e12cc3be674efdb
parent 9eb37a2a5598ea05447e54632b0221adbe442d53

Added more assertions and checks in transfer function logic to check for
UninitializedVals and UnknownVals.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47288 91177308-0d34-0410-b5e6-96231b3b80d8

Analysis/GRExprEngine.cpp

diff --git a/Analysis/GRExprEngine.cpp b/Analysis/GRExprEngine.cpp
index 4bcdd5f..d709eff 100644
--- a/Analysis/GRExprEngine.cpp
+++ b/Analysis/GRExprEngine.cpp
@@ -209,7 +209,8 @@
   typedef SwitchNodeBuilder::iterator iterator;
   
   StateTy St = builder.getState();  
-  NonLValue CondV = cast<NonLValue>(GetValue(St, builder.getCondition()));
+  Expr* CondE = builder.getCondition();
+  NonLValue CondV = cast<NonLValue>(GetValue(St, CondE));
 
   if (isa<UninitializedVal>(CondV)) {
     NodeTy* N = builder.generateDefaultCaseNode(St, true);
@@ -221,7 +222,10 @@
   
   // While most of this can be assumed (such as the signedness), having it
   // just computed makes sure everything makes the same assumptions end-to-end.
-  unsigned bits = getContext().getTypeSize(getContext().IntTy,SourceLocation());
+  
+  unsigned bits = getContext().getTypeSize(CondE->getType(),
+                                           CondE->getExprLoc());
+
   APSInt V1(bits, false);
   APSInt V2 = V1;
   
@@ -258,7 +262,7 @@
       NonLValue Res = EvalBinaryOp(ValMgr, BinaryOperator::EQ, CondV, CaseVal);
       
       // Now "assume" that the case matches.
-      bool isFeasible;
+      bool isFeasible = false;
       
       StateTy StNew = Assume(St, Res, true, isFeasible);
       
@@ -588,7 +592,7 @@
         // FIXME: Stop when dereferencing an uninitialized value.
         // FIXME: Bifurcate when dereferencing a symbolic with no constraints?
         
-        const RValue& V = GetValue(St, U->getSubExpr());
+        const RValue& V = GetValue(St, U->getSubExpr());        
         const LValue& L1 = cast<LValue>(V);
         
         // After a dereference, one of two possible situations arise:
@@ -608,6 +612,9 @@
                                       GetValue(StNotNull, L1, &T)));
         }
         
+        if (V.isUnknown())
+          return;
+        
         bool isFeasibleNull;
         
         // "Assume" that the pointer is NULL.
@@ -868,8 +875,15 @@
 //===----------------------------------------------------------------------===//
 
 GRExprEngine::StateTy GRExprEngine::Assume(StateTy St, LValue Cond,
-                                         bool Assumption, 
-                                         bool& isFeasible) {    
+                                           bool Assumption, 
+                                           bool& isFeasible) {    
+  
+  assert (!isa<UninitializedVal>(Cond));
+
+  if (isa<UnknownVal>(Cond)) {
+    isFeasible = true;
+    return St;  
+  }
   
   switch (Cond.getSubKind()) {
     default:
@@ -901,6 +915,13 @@
                                          bool Assumption, 
                                          bool& isFeasible) {
   
+  assert (!isa<UninitializedVal>(Cond));
+  
+  if (isa<UnknownVal>(Cond)) {
+    isFeasible = true;
+    return St;  
+  }
+  
   switch (Cond.getSubKind()) {
     default:
       assert (false && "'Assume' not implemented for this NonLValue.");
@@ -936,7 +957,7 @@
 GRExprEngine::StateTy
 GRExprEngine::AssumeSymNE(StateTy St, SymbolID sym,
                          const llvm::APSInt& V, bool& isFeasible) {
-
+  
   // First, determine if sym == X, where X != V.
   if (const llvm::APSInt* X = St.getSymVal(sym)) {
     isFeasible = *X != V;