Major rewrite/refactoring of static analysis engine. We now use
EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us
to do checks for null dereferences, etc., at any arbitrary load/store (these
were missed checks before). This also resulted in some major cleanups, some
conceptual, and others just in the structure of the code.
This temporarily introduces a regression in the test suite (null-deref-ps.c)
before I add a new LVal type for structure fields.
llvm-svn: 50443
diff --git a/clang/lib/Analysis/GRCoreEngine.cpp b/clang/lib/Analysis/GRCoreEngine.cpp
index c2b8c11..05f9303 100644
--- a/clang/lib/Analysis/GRCoreEngine.cpp
+++ b/clang/lib/Analysis/GRCoreEngine.cpp
@@ -102,7 +102,8 @@
case ProgramPoint::BlockExitKind:
assert (false && "BlockExit location never occur in forward analysis.");
break;
-
+
+ case ProgramPoint::PostLoadKind:
case ProgramPoint::PostStmtKind:
HandlePostStmt(cast<PostStmt>(Node->getLocation()), WU.getBlock(),
WU.getIndex(), Node);
@@ -316,11 +317,13 @@
Eng.WList->Enqueue(Succ, B, Idx+1);
}
-ExplodedNodeImpl* GRStmtNodeBuilderImpl::generateNodeImpl(Stmt* S, void* State,
- ExplodedNodeImpl* Pred) {
+ExplodedNodeImpl*
+GRStmtNodeBuilderImpl::generateNodeImpl(Stmt* S, void* State,
+ ExplodedNodeImpl* Pred, bool isLoad) {
bool IsNew;
- ExplodedNodeImpl* N = Eng.G->getNodeImpl(PostStmt(S), State, &IsNew);
+ ProgramPoint Loc = isLoad ? PostLoad(S) : PostStmt(S);
+ ExplodedNodeImpl* N = Eng.G->getNodeImpl(Loc, State, &IsNew);
N->addPredecessor(Pred);
Deferred.erase(Pred);