SimpleSValBuilder.cpp revision 135d0fe1ae89c39e3de9849cceda98253b063f14
15f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// SimpleSValBuilder.cpp - A basic SValBuilder -----------------------*- C++ -*- 25f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// 35f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// The LLVM Compiler Infrastructure 45f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// 50bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// This file is distributed under the University of Illinois Open Source 60bc735ffcfb223c0186419547abaa5c84482663eChris Lattner// License. See LICENSE.TXT for details. 75f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// 85f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer//===----------------------------------------------------------------------===// 95f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// 105f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// This file defines SimpleSValBuilder, a basic implementation of SValBuilder. 115f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer// 125f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer//===----------------------------------------------------------------------===// 135f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer 14c4a1dea2dc56bd1357ec91b829a0b9e68229a13eDaniel Dunbar#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 150979c805475d1ba49b5d6ef93c4d2ce6d2eab6edDouglas Gregor#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h" 16a4d55d89c8076b402bb168e3edeef0c2cd2a78c3Chris Lattner#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 172eadfb638eb1bb6ccfd6fd0453e764d47e27eed9Chris Lattner 18a4d55d89c8076b402bb168e3edeef0c2cd2a78c3Chris Lattnerusing namespace clang; 1998cd599ee8a9b259ed7388ee2921a20d97658864Douglas Gregorusing namespace ento; 20aaba5e346dffdbad5d1c42765a89e4a7afb0da67Douglas Gregor 2119cc4abea06a9b49e0e16a50d335c064cd723572Anders Carlssonnamespace { 225f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencerclass SimpleSValBuilder : public SValBuilder { 2308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattnerprotected: 2408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner virtual SVal dispatchCast(SVal val, QualType castTy); 257a614d8380297fcd2bc23986241905d97222948cRichard Smith virtual SVal evalCastFromNonLoc(NonLoc val, QualType castTy); 261b63e4f732dbc73d90abf886b4d21f8e3a165f6dChris Lattner virtual SVal evalCastFromLoc(Loc val, QualType castTy); 2708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner 28da5a6b6d9fd52899499d5b7b46273ec844dcaa6eChris Lattnerpublic: 29cf3293eaeb3853d12cff47e648bbe835004e929fDouglas Gregor SimpleSValBuilder(llvm::BumpPtrAllocator &alloc, ASTContext &context, 303a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson ProgramStateManager &stateMgr) 31ffb4b6e299069139908540ce97be4462e16b53a4Douglas Gregor : SValBuilder(alloc, context, stateMgr) {} 325f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer virtual ~SimpleSValBuilder() {} 335f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer 342b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner virtual SVal evalMinus(NonLoc val); 352b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner virtual SVal evalComplement(NonLoc val); 362b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner virtual SVal evalBinOpNN(ProgramStateRef state, BinaryOperator::Opcode op, 372b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner NonLoc lhs, NonLoc rhs, QualType resultTy); 382b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner virtual SVal evalBinOpLL(ProgramStateRef state, BinaryOperator::Opcode op, 39f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne Loc lhs, Loc rhs, QualType resultTy); 40f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne virtual SVal evalBinOpLN(ProgramStateRef state, BinaryOperator::Opcode op, 412b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner Loc lhs, NonLoc rhs, QualType resultTy); 42f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne 43c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt /// getKnownValue - evaluates a given SVal. If the SVal has only one possible 44f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne /// (integer) value, that value is returned. Otherwise, returns NULL. 45c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt virtual const llvm::APSInt *getKnownValue(ProgramStateRef state, SVal V); 46f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne 472b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner SVal MakeSymIntVal(const SymExpr *LHS, BinaryOperator::Opcode op, 482de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall const llvm::APSInt &RHS, QualType resultTy); 492b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner}; 502b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner} // end anonymous namespace 512b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner 522b334bb3126a67895813e49e6228dad4aec0b4d6Chris LattnerSValBuilder *ento::createSimpleSValBuilder(llvm::BumpPtrAllocator &alloc, 532b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner ASTContext &context, 54c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt ProgramStateManager &stateMgr) { 556907fbe758d23e1aec4c0a67e7b633d1d855feb4John McCall return new SimpleSValBuilder(alloc, context, stateMgr); 566907fbe758d23e1aec4c0a67e7b633d1d855feb4John McCall} 57f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne 582b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner//===----------------------------------------------------------------------===// 59c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt// Transfer function for Casts. 60f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne//===----------------------------------------------------------------------===// 612b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner 622b334bb3126a67895813e49e6228dad4aec0b4d6Chris LattnerSVal SimpleSValBuilder::dispatchCast(SVal Val, QualType CastTy) { 632de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall assert(isa<Loc>(&Val) || isa<NonLoc>(&Val)); 642de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return isa<Loc>(Val) ? evalCastFromLoc(cast<Loc>(Val), CastTy) 652de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall : evalCastFromNonLoc(cast<NonLoc>(Val), CastTy); 662de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall} 672de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall 682de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCallSVal SimpleSValBuilder::evalCastFromNonLoc(NonLoc val, QualType castTy) { 692de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall 702de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall bool isLocType = Loc::isLocType(castTy); 712b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner 72c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt if (nonloc::LocAsInteger *LI = dyn_cast<nonloc::LocAsInteger>(&val)) { 732de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall if (isLocType) 742de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return LI->getLoc(); 752de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall 762b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner // FIXME: Correctly support promotions/truncations. 772b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner unsigned castSize = Context.getTypeSize(castTy); 782b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner if (castSize == LI->getNumBits()) 79c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt return val; 802de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return makeLocAsInteger(LI->getLoc(), castSize); 812de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall } 822b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner 832b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner if (const SymExpr *se = val.getAsSymbolicExpression()) { 842b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner QualType T = Context.getCanonicalType(se->getType()); 85c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt // If types are the same or both are integers, ignore the cast. 86f111d935722ed488144600cea5ed03a6b5069e8fPeter Collingbourne // FIXME: Remove this hack when we support symbolic truncation/extension. 872b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner // HACK: If both castTy and T are integers, ignore the cast. This is 882b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner // not a permanent solution. Eventually we want to precisely handle 89c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt // extension/truncation of symbolic integers. This prevents us from losing 902b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner // precision when we assign 'x = y' and 'y' is symbolic and x and y are 912b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner // different integer types. 922b334bb3126a67895813e49e6228dad4aec0b4d6Chris Lattner if (haveSameType(T, castTy)) 9363c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return val; 9463c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 9563c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall if (!isLocType) 9663c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return makeNonLoc(se, T, castTy); 9763c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return UnknownVal(); 9863c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall } 9963c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 10063c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // If value is a non integer constant, produce unknown. 10163c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall if (!isa<nonloc::ConcreteInt>(val)) 10263c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return UnknownVal(); 10363c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 10463c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // Handle casts to a boolean type. 10563c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall if (castTy->isBooleanType()) { 10663c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall bool b = cast<nonloc::ConcreteInt>(val).getValue().getBoolValue(); 10763c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return makeTruthVal(b, castTy); 10863c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall } 10963c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 11063c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // Only handle casts from integers to integers - if val is an integer constant 11163c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // being cast to a non integer type, produce unknown. 11263c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall if (!isLocType && !castTy->isIntegerType()) 11363c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return UnknownVal(); 11463c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 11563c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall llvm::APSInt i = cast<nonloc::ConcreteInt>(val).getValue(); 11663c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall BasicVals.getAPSIntType(castTy).apply(i); 11763c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 11863c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall if (isLocType) 11963c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return makeIntLocVal(i); 12063c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall else 12163c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall return makeIntVal(i); 12263c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall} 12363c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 12463c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCallSVal SimpleSValBuilder::evalCastFromLoc(Loc val, QualType castTy) { 12563c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall 12663c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // Casts from pointers -> pointers, just return the lval. 12763c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // 12863c00d7f35fa060c0a446c9df3a4402d9c7757feJohn McCall // Casts from pointers -> references, just return the lval. These 1295f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer // can be introduced by the frontend for corner cases, e.g 1305f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer // casting from va_list* to __builtin_va_list&. 1315f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer // 1325f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer if (Loc::isLocType(castTy) || castTy->isReferenceType()) 133561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return val; 134561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 135d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // FIXME: Handle transparent unions where a value can be "transparently" 136d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // lifted into a union type. 137d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor if (castTy->isUnionType()) 138561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return UnknownVal(); 139561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 140d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor if (castTy->isIntegerType()) { 141d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor unsigned BitWidth = Context.getTypeSize(castTy); 142561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 1430da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor if (!isa<loc::ConcreteInt>(val)) 1440da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor return makeLocAsInteger(val, BitWidth); 1450da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor 1460da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); 147c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt BasicVals.getAPSIntType(castTy).apply(i); 1480da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor return makeIntVal(i); 1490da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor } 1500da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor 151d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // All other cases: return 'UnknownVal'. This includes casting pointers 1520da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor // to floats, which is probably badness it itself, but this is a good 1530da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor // intermediate solution until we do something better. 154d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor return UnknownVal(); 155d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor} 156d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor 157561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor//===----------------------------------------------------------------------===// 158d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor// Transfer function for unary operators. 159561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor//===----------------------------------------------------------------------===// 160561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 1610da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas GregorSVal SimpleSValBuilder::evalMinus(NonLoc val) { 162d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor switch (val.getSubKind()) { 1630da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor case nonloc::ConcreteIntKind: 164d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor return cast<nonloc::ConcreteInt>(val).evalMinus(*this); 165561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor default: 166561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return UnknownVal(); 167561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 168561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor} 169561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 170561f81243f665cf2001caadc45df505f826b72d6Douglas GregorSVal SimpleSValBuilder::evalComplement(NonLoc X) { 171561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor switch (X.getSubKind()) { 172561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor case nonloc::ConcreteIntKind: 173561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return cast<nonloc::ConcreteInt>(X).evalComplement(*this); 174561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor default: 175561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return UnknownVal(); 1760da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor } 177561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor} 1780da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor 179d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor//===----------------------------------------------------------------------===// 180d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor// Transfer function for binary operators. 181561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor//===----------------------------------------------------------------------===// 182d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor 183d967e31ee796efff24b84b704a063634f6b55627Douglas Gregorstatic BinaryOperator::Opcode NegateComparison(BinaryOperator::Opcode op) { 184d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor switch (op) { 1850da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor default: 1860da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor llvm_unreachable("Invalid opcode."); 187d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_LT: return BO_GE; 1882ade35e2cfd554e49d35a52047cea98a82787af9Douglas Gregor case BO_GT: return BO_LE; 189501edb6a54524555ad27fbf41a7920dc756b08c6Douglas Gregor case BO_LE: return BO_GT; 19031310a21fb2a9f13950f864f681c86080b05d5b2Sebastian Redl case BO_GE: return BO_LT; 191561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor case BO_EQ: return BO_NE; 192d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_NE: return BO_EQ; 193561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 194561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor} 195bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor 196d967e31ee796efff24b84b704a063634f6b55627Douglas Gregorstatic BinaryOperator::Opcode ReverseComparison(BinaryOperator::Opcode op) { 197bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor switch (op) { 198bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor default: 199bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor llvm_unreachable("Invalid opcode."); 200bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor case BO_LT: return BO_GT; 201561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor case BO_GT: return BO_LT; 202d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_LE: return BO_GE; 203561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor case BO_GE: return BO_LE; 204561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor case BO_EQ: 205d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_NE: 206d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor return op; 207d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor } 208d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor} 209bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor 210bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas GregorSVal SimpleSValBuilder::MakeSymIntVal(const SymExpr *LHS, 211bb6e73fcf60fa5a4cc36c14744dc366b658443b5Douglas Gregor BinaryOperator::Opcode op, 212d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor const llvm::APSInt &RHS, 213d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor QualType resultTy) { 214561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor bool isIdempotent = false; 215d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor 216d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // Check for a few special cases with known reductions first. 217d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor switch (op) { 218d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor default: 219d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // We can't reduce this case; just treat it normally. 220d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor break; 221d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_Mul: 222561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor // a*0 and a*1 223561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor if (RHS == 0) 224561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return makeIntVal(0, resultTy); 225d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor else if (RHS == 1) 226d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor isIdempotent = true; 227d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor break; 228d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_Div: 229d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // a/0 and a/1 230d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor if (RHS == 0) 231d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // This is also handled elsewhere. 232d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor return UndefinedVal(); 233d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor else if (RHS == 1) 234d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor isIdempotent = true; 235d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor break; 236d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_Rem: 237561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor // a%0 and a%1 238561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor if (RHS == 0) 239d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // This is also handled elsewhere. 240d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor return UndefinedVal(); 241561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor else if (RHS == 1) 242d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor return makeIntVal(0, resultTy); 243d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor break; 244d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_Add: 245d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_Sub: 246561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor case BO_Shl: 247d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor case BO_Shr: 24810738d36b150aa65206890c1c845cdba076e4200Douglas Gregor case BO_Xor: 249d967e31ee796efff24b84b704a063634f6b55627Douglas Gregor // a+0, a-0, a<<0, a>>0, a^0 2501fe85ea697fb5c85acded3ac0ddbc19f89c2e181Douglas Gregor if (RHS == 0) 2510da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor isIdempotent = true; 2520da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor break; 2533aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth case BO_And: 2542577743c5650c646fb705df01403707e94f2df04Abramo Bagnara // a&0 and a&(~0) 2553aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth if (RHS == 0) 2562577743c5650c646fb705df01403707e94f2df04Abramo Bagnara return makeIntVal(0, resultTy); 257f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall else if (RHS.isAllOnesValue()) 258561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor isIdempotent = true; 259cb66cff8fdf641f57f85dedb515a5f3240e3a9bbChandler Carruth break; 260cb66cff8fdf641f57f85dedb515a5f3240e3a9bbChandler Carruth case BO_Or: 2617e740bd36772aae16b5cc5e605998ccc5eaf26dbChandler Carruth // a|0 and a|(~0) 2626857c3e12c86fd0271eb46baab5b18756a94f4cbChandler Carruth if (RHS == 0) 2633aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth isIdempotent = true; 2643aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth else if (RHS.isAllOnesValue()) { 2653aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth const llvm::APSInt &Result = BasicVals.Convert(resultTy, RHS); 266cb66cff8fdf641f57f85dedb515a5f3240e3a9bbChandler Carruth return nonloc::ConcreteInt(Result); 267561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 268561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor break; 269561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 270561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 271561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor // Idempotent ops (like a*1) can still change the type of an expression. 272561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor // Wrap the LHS up in a NonLoc again and let evalCastFromNonLoc do the 273561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor // dirty work. 274561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor if (isIdempotent) 275561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return evalCastFromNonLoc(nonloc::SymbolVal(LHS), resultTy); 276561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 277b8da98a2182d2c69c72136b9a9ebabd4694f3d6bBenjamin Kramer // If we reach this point, the expression cannot be simplified. 278b8da98a2182d2c69c72136b9a9ebabd4694f3d6bBenjamin Kramer // Make a SymbolVal for the entire expression, after converting the RHS. 2792577743c5650c646fb705df01403707e94f2df04Abramo Bagnara const llvm::APSInt *ConvertedRHS = &RHS; 2802577743c5650c646fb705df01403707e94f2df04Abramo Bagnara if (BinaryOperator::isComparisonOp(op)) { 2812577743c5650c646fb705df01403707e94f2df04Abramo Bagnara // We're looking for a type big enough to compare the symbolic value 282a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor // with the given constant. 28340d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor // FIXME: This is an approximation of Sema::UsualArithmeticConversions. 284dbd872f273a8dbf22e089b3def6c09f0a460965dJohn McCall ASTContext &Ctx = getContext(); 285a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor QualType SymbolType = LHS->getType(); 2860da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor uint64_t ValWidth = RHS.getBitWidth(); 287f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall uint64_t TypeWidth = Ctx.getTypeSize(SymbolType); 2883aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth 2890da76df9218d7c27b471b0a4d83a5b29fe24e5b4Douglas Gregor if (ValWidth < TypeWidth) { 29040d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor // If the value is too small, extend it. 2912577743c5650c646fb705df01403707e94f2df04Abramo Bagnara ConvertedRHS = &BasicVals.Convert(SymbolType, RHS); 2923aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth } else if (ValWidth == TypeWidth) { 2932577743c5650c646fb705df01403707e94f2df04Abramo Bagnara // If the value is signed but the symbol is unsigned, do the comparison 2942577743c5650c646fb705df01403707e94f2df04Abramo Bagnara // in unsigned space. [C99 6.3.1.8] 2952577743c5650c646fb705df01403707e94f2df04Abramo Bagnara // (For the opposite case, the value is already unsigned.) 29640d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor if (RHS.isSigned() && !SymbolType->isSignedIntegerOrEnumerationType()) 2972577743c5650c646fb705df01403707e94f2df04Abramo Bagnara ConvertedRHS = &BasicVals.Convert(SymbolType, RHS); 2982577743c5650c646fb705df01403707e94f2df04Abramo Bagnara } 2992577743c5650c646fb705df01403707e94f2df04Abramo Bagnara } else 300f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall ConvertedRHS = &BasicVals.Convert(resultTy, RHS); 3013aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth 3022577743c5650c646fb705df01403707e94f2df04Abramo Bagnara return makeNonLoc(LHS, op, *ConvertedRHS, resultTy); 3033aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth} 3043aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth 3053aa8140bde5b9bedf13e46ec0a668daa54814196Chandler CarruthSVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, 3063aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth BinaryOperator::Opcode op, 307a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor NonLoc lhs, NonLoc rhs, 30840d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor QualType resultTy) { 3096857c3e12c86fd0271eb46baab5b18756a94f4cbChandler Carruth NonLoc InputLHS = lhs; 3103aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth NonLoc InputRHS = rhs; 3113aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth 312d5532b6cfff2977e0c59fa6ead7f7973984a620dJohn McCall // Handle trivial case where left-side and right-side are the same. 313b0c3e0909bb04af0bfb82ad01ab6909649d68ccaArgyrios Kyrtzidis if (lhs == rhs) 3143aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth switch (op) { 3153248854a5d16e1de17c58e05f726bdef9f042df2Chris Lattner default: 3163aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth break; 3173aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth case BO_EQ: 318a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor case BO_LE: 319a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor case BO_GE: 3203aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth return makeTruthVal(true, resultTy); 321def0354384d9c4431f7b58b664b59896d4623028Douglas Gregor case BO_LT: 3223aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth case BO_GT: 323def0354384d9c4431f7b58b664b59896d4623028Douglas Gregor case BO_NE: 324663e380d7b2de2bbf20e886e05371195bea9adc4Argyrios Kyrtzidis return makeTruthVal(false, resultTy); 325663e380d7b2de2bbf20e886e05371195bea9adc4Argyrios Kyrtzidis case BO_Xor: 326663e380d7b2de2bbf20e886e05371195bea9adc4Argyrios Kyrtzidis case BO_Sub: 3276857c3e12c86fd0271eb46baab5b18756a94f4cbChandler Carruth if (resultTy->isIntegralOrEnumerationType()) 3283aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth return makeIntVal(0, resultTy); 3293aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth return evalCastFromNonLoc(makeIntVal(0, /*Unsigned=*/false), resultTy); 330def0354384d9c4431f7b58b664b59896d4623028Douglas Gregor case BO_Or: 331b0c3e0909bb04af0bfb82ad01ab6909649d68ccaArgyrios Kyrtzidis case BO_And: 3323aa8140bde5b9bedf13e46ec0a668daa54814196Chandler Carruth return evalCastFromNonLoc(lhs, resultTy); 3333248854a5d16e1de17c58e05f726bdef9f042df2Chris Lattner } 334663e380d7b2de2bbf20e886e05371195bea9adc4Argyrios Kyrtzidis 335663e380d7b2de2bbf20e886e05371195bea9adc4Argyrios Kyrtzidis while (1) { 336663e380d7b2de2bbf20e886e05371195bea9adc4Argyrios Kyrtzidis switch (lhs.getSubKind()) { 337a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor default: 3382577743c5650c646fb705df01403707e94f2df04Abramo Bagnara return makeSymExprValNN(state, op, lhs, rhs, resultTy); 339a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor case nonloc::LocAsIntegerKind: { 34040d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor Loc lhsL = cast<nonloc::LocAsInteger>(lhs).getLoc(); 341096832c5ed5b9106fa177ebc148489760c3bc496John McCall switch (rhs.getSubKind()) { 342a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor case nonloc::LocAsIntegerKind: 343a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor return evalBinOpLL(state, op, lhsL, 344a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor cast<nonloc::LocAsInteger>(rhs).getLoc(), 345a2813cec2605ce7878d1b13471d685f689b251afDouglas Gregor resultTy); 3463a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case nonloc::ConcreteIntKind: { 3473a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // Transform the integer into a location and compare. 348848fa64143fbe5ae62a601ad61277f741e54dfabAnders Carlsson llvm::APSInt i = cast<nonloc::ConcreteInt>(rhs).getValue(); 349848fa64143fbe5ae62a601ad61277f741e54dfabAnders Carlsson BasicVals.getAPSIntType(Context.VoidPtrTy).apply(i); 350848fa64143fbe5ae62a601ad61277f741e54dfabAnders Carlsson return evalBinOpLL(state, op, lhsL, makeLoc(i), resultTy); 3513a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } 352848fa64143fbe5ae62a601ad61277f741e54dfabAnders Carlsson default: 3533a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson switch (op) { 3543a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_EQ: 3553a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson return makeTruthVal(false, resultTy); 3563a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_NE: 3573a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson return makeTruthVal(true, resultTy); 3583a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson default: 359848fa64143fbe5ae62a601ad61277f741e54dfabAnders Carlsson // This case also handles pointer arithmetic. 3603a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy); 3614eadcc569223135e13353c9381b448986e3f7053Sam Weinig } 3624eadcc569223135e13353c9381b448986e3f7053Sam Weinig } 3633a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } 3643a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case nonloc::ConcreteIntKind: { 3653a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson llvm::APSInt LHSValue = cast<nonloc::ConcreteInt>(lhs).getValue(); 3663a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson 3673a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // If we're dealing with two known constants, just perform the operation. 3683a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson if (const llvm::APSInt *KnownRHSValue = getKnownValue(state, rhs)) { 369183700f494ec9b6701b6efe82bcb25f4c79ba561John McCall llvm::APSInt RHSValue = *KnownRHSValue; 3703a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson if (BinaryOperator::isComparisonOp(op)) { 3713a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // We're looking for a type big enough to compare the two values. 3723a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // FIXME: This is not correct. char + short will result in a promotion 3733a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // to int. Unfortunately we have lost types by this point. 3743a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson APSIntType CompareType = std::max(APSIntType(LHSValue), 3753a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson APSIntType(RHSValue)); 3763a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson CompareType.apply(LHSValue); 3773a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson CompareType.apply(RHSValue); 3783a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } else if (!BinaryOperator::isShiftOp(op)) { 3793a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson APSIntType IntType = BasicVals.getAPSIntType(resultTy); 3803a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson IntType.apply(LHSValue); 3813a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson IntType.apply(RHSValue); 3823a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } 3833a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson 3843a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson const llvm::APSInt *Result = 3853a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson BasicVals.evalAPSInt(op, LHSValue, RHSValue); 3863a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson if (!Result) 3873a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson return UndefinedVal(); 3883a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson 3893a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson return nonloc::ConcreteInt(*Result); 3903a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } 3914eadcc569223135e13353c9381b448986e3f7053Sam Weinig 3924eadcc569223135e13353c9381b448986e3f7053Sam Weinig // Swap the left and right sides and flip the operator if doing so 3934eadcc569223135e13353c9381b448986e3f7053Sam Weinig // allows us to better reason about the expression (this is a form 3944eadcc569223135e13353c9381b448986e3f7053Sam Weinig // of expression canonicalization). 3954eadcc569223135e13353c9381b448986e3f7053Sam Weinig // While we're at it, catch some special cases for non-commutative ops. 3964eadcc569223135e13353c9381b448986e3f7053Sam Weinig switch (op) { 3974eadcc569223135e13353c9381b448986e3f7053Sam Weinig case BO_LT: 3984eadcc569223135e13353c9381b448986e3f7053Sam Weinig case BO_GT: 3993a1ce1ed0f5686384e712837bad28c576622e442Sam Weinig case BO_LE: 4003a1ce1ed0f5686384e712837bad28c576622e442Sam Weinig case BO_GE: 4013a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson op = ReverseComparison(op); 4023a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // FALL-THROUGH 4033a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_EQ: 4043a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_NE: 4053a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_Add: 4063a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_Mul: 4073a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_And: 4083a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_Xor: 4093a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case BO_Or: 4103a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson std::swap(lhs, rhs); 4113a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson continue; 412b03d33edaf24af2893a50caee4d2c99839242c44Ted Kremenek case BO_Shr: 413b03d33edaf24af2893a50caee4d2c99839242c44Ted Kremenek // (~0)>>a 414b03d33edaf24af2893a50caee4d2c99839242c44Ted Kremenek if (LHSValue.isAllOnesValue() && LHSValue.isSigned()) 415b03d33edaf24af2893a50caee4d2c99839242c44Ted Kremenek return evalCastFromNonLoc(lhs, resultTy); 416900fc6388e803868a34b9483510c345e9b49d7ebBenjamin Kramer // FALL-THROUGH 417b03d33edaf24af2893a50caee4d2c99839242c44Ted Kremenek case BO_Shl: 4183a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // 0<<a and 0>>a 419900fc6388e803868a34b9483510c345e9b49d7ebBenjamin Kramer if (LHSValue == 0) 420900fc6388e803868a34b9483510c345e9b49d7ebBenjamin Kramer return evalCastFromNonLoc(lhs, resultTy); 421900fc6388e803868a34b9483510c345e9b49d7ebBenjamin Kramer return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy); 4223a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson default: 4233a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy); 4243a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } 4253a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson } 4263a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson case nonloc::SymbolValKind: { 4273a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // We only handle LHS as simple symbols or SymIntExprs. 4283a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson SymbolRef Sym = cast<nonloc::SymbolVal>(lhs).getSymbol(); 4293a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson 4303a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // LHS is a symbolic expression. 4313a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson if (const SymIntExpr *symIntExpr = dyn_cast<SymIntExpr>(Sym)) { 4323a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson 4333a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // Is this a logical not? (!x is represented as x == 0.) 4343a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson if (op == BO_EQ && rhs.isZeroConstant()) { 4353a082d81006e7a2e01a6e431a22e21c78490ff8fAnders Carlsson // We know how to negate certain expressions. Simplify them here. 4369996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis 4379996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis BinaryOperator::Opcode opc = symIntExpr->getOpcode(); 4389996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis switch (opc) { 4399996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis default: 4409996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis // We don't know how to negate this operation. 4419996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis // Just handle it as if it were a normal comparison to 0. 4429996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis break; 4439996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_LAnd: 4449996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_LOr: 4459996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis llvm_unreachable("Logical operators handled by branching logic."); 4469996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_Assign: 4479996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_MulAssign: 4489996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_DivAssign: 4499996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_RemAssign: 4509996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_AddAssign: 4519996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_SubAssign: 4529996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_ShlAssign: 4539996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_ShrAssign: 4549996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_AndAssign: 4559996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_XorAssign: 4569996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_OrAssign: 4579996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_Comma: 4589996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis llvm_unreachable("'=' and ',' operators handled by ExprEngine."); 4599996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_PtrMemD: 4609996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_PtrMemI: 4619996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis llvm_unreachable("Pointer arithmetic not handled here."); 4629996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_LT: 4639996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_GT: 4649996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_LE: 4659996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_GE: 4669996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_EQ: 4679996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis case BO_NE: 4689996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis // Negate the comparison and make a value. 4699996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis opc = NegateComparison(opc); 4709996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis assert(symIntExpr->getType() == resultTy); 4719996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis return makeNonLoc(symIntExpr->getLHS(), opc, 4729996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis symIntExpr->getRHS(), resultTy); 4739996a7f06a3c5b4554692e7177930cf4e8ef09afArgyrios Kyrtzidis } 474da8249e57f3badecf925571881fe57243935c6c1Chris Lattner } 475da8249e57f3badecf925571881fe57243935c6c1Chris Lattner 476da8249e57f3badecf925571881fe57243935c6c1Chris Lattner // For now, only handle expressions whose RHS is a constant. 477da8249e57f3badecf925571881fe57243935c6c1Chris Lattner if (const llvm::APSInt *RHSValue = getKnownValue(state, rhs)) { 478da8249e57f3badecf925571881fe57243935c6c1Chris Lattner // If both the LHS and the current expression are additive, 479ee5a700af3fe9ae1a639c271f093f40677dddc04Dale Johannesen // fold their constants and try again. 480ee5a700af3fe9ae1a639c271f093f40677dddc04Dale Johannesen if (BinaryOperator::isAdditiveOp(op)) { 481ee5a700af3fe9ae1a639c271f093f40677dddc04Dale Johannesen BinaryOperator::Opcode lop = symIntExpr->getOpcode(); 482da8249e57f3badecf925571881fe57243935c6c1Chris Lattner if (BinaryOperator::isAdditiveOp(lop)) { 483da8249e57f3badecf925571881fe57243935c6c1Chris Lattner // Convert the two constants to a common type, then combine them. 484da8249e57f3badecf925571881fe57243935c6c1Chris Lattner 4855f9e272e632e951b1efe824cd16acb4d96077930Chris Lattner // resultTy may not be the best type to convert to, but it's 4865cee1195584fa8672253139c86e922daeda69b9eDouglas Gregor // probably the best choice in expressions with mixed type 4871eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump // (such as x+1U+2LL). The rules for implicit conversions should 488a135fb43eb94524a6529768596a4533eed9aa70dAnders Carlsson // choose a reasonable type to preserve the expression, and will 4892085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner // at least match how the value is going to be used. 4902085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner APSIntType IntType = BasicVals.getAPSIntType(resultTy); 4912085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner const llvm::APSInt &first = IntType.convert(symIntExpr->getRHS()); 4922085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner const llvm::APSInt &second = IntType.convert(*RHSValue); 4933248854a5d16e1de17c58e05f726bdef9f042df2Chris Lattner 4942085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner const llvm::APSInt *newRHS; 4951eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump if (lop == op) 4965f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer newRHS = BasicVals.evalAPSInt(BO_Add, first, second); 49765aa6885818d4b4eea2e5a9d12085b2398148662Jay Foad else 49865aa6885818d4b4eea2e5a9d12085b2398148662Jay Foad newRHS = BasicVals.evalAPSInt(BO_Sub, first, second); 4992085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner 50065aa6885818d4b4eea2e5a9d12085b2398148662Jay Foad assert(newRHS && "Invalid operation despite common type!"); 5015cee1195584fa8672253139c86e922daeda69b9eDouglas Gregor rhs = nonloc::ConcreteInt(*newRHS); 5023e2193ce5feb2feb092e5ae615e85148e06e9fd2Anders Carlsson lhs = nonloc::SymbolVal(symIntExpr->getLHS()); 5032085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner op = lop; 5042085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner continue; 5055f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer } 506726e168dc09fb23f53c7b004f8e919421ee91806Chris Lattner } 5072085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner 5082085fd6cd22ec5c268175251db10d7c60caf7aaaChris Lattner // Otherwise, make a SymIntExpr out of the expression. 509726e168dc09fb23f53c7b004f8e919421ee91806Chris Lattner return MakeSymIntVal(symIntExpr, op, *RHSValue, resultTy); 510726e168dc09fb23f53c7b004f8e919421ee91806Chris Lattner } 511673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor 512673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor 513673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor } else if (isa<SymbolData>(Sym)) { 5143248854a5d16e1de17c58e05f726bdef9f042df2Chris Lattner // Does the symbol simplify to a constant? If so, "fold" the constant 515673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor // by setting 'lhs' to a ConcreteInt and try again. 516673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor if (const llvm::APSInt *Constant = state->getConstraintManager() 517673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor .getSymVal(state, Sym)) { 518673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor lhs = nonloc::ConcreteInt(*Constant); 519673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor continue; 520673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor } 521673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor 5225f9e272e632e951b1efe824cd16acb4d96077930Chris Lattner // Is the RHS a constant? 523b648023da23e8b227cdda57a241db4c6f368726bDaniel Dunbar if (const llvm::APSInt *RHSValue = getKnownValue(state, rhs)) 524b648023da23e8b227cdda57a241db4c6f368726bDaniel Dunbar return MakeSymIntVal(Sym, op, *RHSValue, resultTy); 525673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor } 526b648023da23e8b227cdda57a241db4c6f368726bDaniel Dunbar 527673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor // Give up -- this is not a symbolic expression we can handle. 528673ecd6a4a9f7c12fb6f76f84f654dbdcdc89e76Douglas Gregor return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy); 52908f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 53008f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 53108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 53208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner} 53308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner 53408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner// FIXME: all this logic will change if/when we have MemRegion::getLocation(). 53508f92e3a5dead1f1ee656678a7f06e43279d6e50Chris LattnerSVal SimpleSValBuilder::evalBinOpLL(ProgramStateRef state, 53608f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner BinaryOperator::Opcode op, 53708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner Loc lhs, Loc rhs, 53808f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner QualType resultTy) { 5395cee1195584fa8672253139c86e922daeda69b9eDouglas Gregor // Only comparisons and subtractions are valid operations on two pointers. 5405cee1195584fa8672253139c86e922daeda69b9eDouglas Gregor // See [C99 6.5.5 through 6.5.14] or [C++0x 5.6 through 5.15]. 54108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // However, if a pointer is casted to an integer, evalBinOpNN may end up 54208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // calling this function with another operation (PR7527). We don't attempt to 54308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // model this for now, but it could be useful, particularly when the 54408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // "location" is actually an integer value that's been passed through a void*. 54508f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner if (!(BinaryOperator::isComparisonOp(op) || op == BO_Sub)) 54608f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return UnknownVal(); 54708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner 54808f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // Special cases for when both sides are identical. 54908f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner if (lhs == rhs) { 55008f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner switch (op) { 55108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner default: 55208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner llvm_unreachable("Unimplemented operation for two identical values"); 55308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_Sub: 55408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return makeZeroVal(resultTy); 55508f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_EQ: 5565f9e272e632e951b1efe824cd16acb4d96077930Chris Lattner case BO_LE: 55708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_GE: 55808f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return makeTruthVal(true, resultTy); 55908f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_NE: 56008f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_LT: 56108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_GT: 56208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return makeTruthVal(false, resultTy); 56308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 56408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 56508f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner 56608f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner switch (lhs.getSubKind()) { 56708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner default: 56808f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner llvm_unreachable("Ordering not implemented for this Loc."); 56908f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner 57008f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case loc::GotoLabelKind: 57108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // The only thing we know about labels is that they're non-null. 57208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner if (rhs.isZeroConstant()) { 57308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner switch (op) { 57408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner default: 57508f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner break; 57608f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_Sub: 57708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return evalCastFromLoc(lhs, resultTy); 57808f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_EQ: 579935a70c1e76d78985f20d422940280161b941299Hans Wennborg case BO_LE: 58008f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_LT: 58108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return makeTruthVal(false, resultTy); 58208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_NE: 58308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_GT: 58408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner case BO_GE: 58508f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return makeTruthVal(true, resultTy); 58608f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 58708f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner } 58808f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // There may be two labels for the same location, and a function region may 58908f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // have the same address as a label at the start of the function (depending 59008f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // on the ABI). 59108f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // FIXME: we can probably do a comparison against other MemRegions, though. 59208f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner // FIXME: is there a way to tell if two labels refer to the same location? 59308f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner return UnknownVal(); 59408f92e3a5dead1f1ee656678a7f06e43279d6e50Chris Lattner 5955f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer case loc::ConcreteIntKind: { 5965f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer // If one of the operands is a symbol and the other is a constant, 5975f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer // build an expression for use by the constraint manager. 5985f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer if (SymbolRef rSym = rhs.getAsLocSymbol()) { 599b219cfc4d75f0a03630b7c4509ef791b7e97b2c8David Blaikie // We can only build expressions with symbols on the left, 6002de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall // so we need a reversible operator. 6012de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall if (!BinaryOperator::isComparisonOp(op)) 6022de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return UnknownVal(); 6032de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall 6042de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall const llvm::APSInt &lVal = cast<loc::ConcreteInt>(lhs).getValue(); 6052de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return makeNonLoc(rSym, ReverseComparison(op), lVal, resultTy); 6062de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall } 6072de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall 6082de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall // If both operands are constants, just perform the operation. 6092de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall if (loc::ConcreteInt *rInt = dyn_cast<loc::ConcreteInt>(&rhs)) { 6102de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall SVal ResultVal = cast<loc::ConcreteInt>(lhs).evalBinOp(BasicVals, op, 6112de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall *rInt); 6122de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall if (Loc *Result = dyn_cast<Loc>(&ResultVal)) 6135f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer return evalCastFromLoc(*Result, resultTy); 6145f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer else 6155f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer return UnknownVal(); 6162de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall } 617bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor 618bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor // Special case comparisons against NULL. 619b219cfc4d75f0a03630b7c4509ef791b7e97b2c8David Blaikie // This must come after the test if the RHS is a symbol, which is used to 6202de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall // build constraints. The address of any non-symbolic region is guaranteed 6212de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall // to be non-NULL, as is any label. 6222de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall assert(isa<loc::MemRegionVal>(rhs) || isa<loc::GotoLabel>(rhs)); 6232de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall if (lhs.isZeroConstant()) { 6242de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall switch (op) { 6252de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall default: 6262de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall break; 6272de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall case BO_EQ: 628bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor case BO_GT: 629bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor case BO_GE: 630bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor return makeTruthVal(false, resultTy); 631bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor case BO_NE: 632bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor case BO_LT: 6332de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall case BO_LE: 6342de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return makeTruthVal(true, resultTy); 6352de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall } 6362de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall } 6372de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall 6382de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall // Comparing an arbitrary integer to a region or label address is 6392de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall // completely unknowable. 6402de56d1d0c3a504ad1529de2677628bdfbb95cd4John McCall return UnknownVal(); 641bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor } 642bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor case loc::MemRegionKind: { 643bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor if (loc::ConcreteInt *rInt = dyn_cast<loc::ConcreteInt>(&rhs)) { 644bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor // If one of the operands is a symbol and the other is a constant, 645bc736fceca6f0bca31d16003a7587857190408fbDouglas Gregor // build an expression for use by the constraint manager. 6465f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer if (SymbolRef lSym = lhs.getAsLocSymbol()) 6475f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer return MakeSymIntVal(lSym, op, rInt->getValue(), resultTy); 6485f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer 6495f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer // Special case comparisons to NULL. 650cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne // This must come after the test if the LHS is a symbol, which is used to 651cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne // build constraints. The address of any non-symbolic region is guaranteed 652f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall // to be non-NULL. 653f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall if (rInt->isZeroConstant()) { 654bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor switch (op) { 655bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor default: 656561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor break; 657bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor case BO_Sub: 658898574e7496ba8fd76290079d3a9d06954992734Douglas Gregor return evalCastFromLoc(lhs, resultTy); 6591eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump case BO_EQ: 660cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne case BO_LT: 661b4609806e9232593ece09ce08b630836e825865cDouglas Gregor case BO_LE: 662bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return makeTruthVal(false, resultTy); 663bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor case BO_NE: 664bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor case BO_GT: 665bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor case BO_GE: 666bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return makeTruthVal(true, resultTy); 667561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 668561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 669bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor 670bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // Comparing a region to an arbitrary integer is completely unknowable. 671bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return UnknownVal(); 672cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne } 673bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor 674668bf91d31265b6ea8c3eb854ba450857701f269Ted Kremenek // Get both values as regions, if possible. 675cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne const MemRegion *LeftMR = lhs.getAsRegion(); 676b4609806e9232593ece09ce08b630836e825865cDouglas Gregor assert(LeftMR && "MemRegionKind SVal doesn't have a region!"); 677b4609806e9232593ece09ce08b630836e825865cDouglas Gregor 678e2ce1d9440186cf3332368291cd884a6e3ae8946Nate Begeman const MemRegion *RightMR = rhs.getAsRegion(); 679668bf91d31265b6ea8c3eb854ba450857701f269Ted Kremenek if (!RightMR) 680f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall // The RHS is probably a label, which in theory could address a region. 681f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall // FIXME: we can probably make a more useful statement about non-code 682bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // regions, though. 683bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return UnknownVal(); 684561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 685bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor const MemSpaceRegion *LeftMS = LeftMR->getMemorySpace(); 686898574e7496ba8fd76290079d3a9d06954992734Douglas Gregor const MemSpaceRegion *RightMS = RightMR->getMemorySpace(); 687668bf91d31265b6ea8c3eb854ba450857701f269Ted Kremenek const MemSpaceRegion *UnknownMS = MemMgr.getUnknownRegion(); 688cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne const MemRegion *LeftBase = LeftMR->getBaseRegion(); 68977ed8e4edf6ed78c53fb20ec3210aff2a59c9d87Ted Kremenek const MemRegion *RightBase = RightMR->getBaseRegion(); 690bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor 691bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // If the two regions are from different known memory spaces they cannot be 692bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // equal. Also, assume that no symbolic region (whose memory space is 693bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // unknown) is on the stack. 694bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor if (LeftMS != RightMS && 695561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor ((LeftMS != UnknownMS && RightMS != UnknownMS) || 696561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor (isa<StackSpaceRegion>(LeftMS) || isa<StackSpaceRegion>(RightMS)))) { 697bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor switch (op) { 698bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor default: 699bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return UnknownVal(); 700cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne case BO_EQ: 701bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return makeTruthVal(false, resultTy); 702668bf91d31265b6ea8c3eb854ba450857701f269Ted Kremenek case BO_NE: 703cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne return makeTruthVal(true, resultTy); 7045f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer } 7055f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer } 7065f016e2cb5d11daeb237544de1c5d59f20fe1a6eReid Spencer 7071eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump // If both values wrap regions, see if they're from different base regions. 7081eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump // Note, heap base symbolic regions are assumed to not alias with 709bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // each other; for example, we assume that malloc returns different address 710cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne // on each invocation. 711cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne if (LeftBase != RightBase && 712cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne ((!isa<SymbolicRegion>(LeftBase) && !isa<SymbolicRegion>(RightBase)) || 713cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne (isa<HeapSpaceRegion>(LeftMS) || isa<HeapSpaceRegion>(RightMS))) ){ 714cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne switch (op) { 715cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne default: 716cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne return UnknownVal(); 717cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne case BO_EQ: 718cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne return makeTruthVal(false, resultTy); 719cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne case BO_NE: 7201f0d0133b0e8d1f01f63951ee04927796b34740dDouglas Gregor return makeTruthVal(true, resultTy); 7211f0d0133b0e8d1f01f63951ee04927796b34740dDouglas Gregor } 722d20254f2875d0004c57ee766f258dbcee29f4841Nuno Lopes } 723e8683d6d389def2fce229325435ba3c2b3f75492John McCall 7241ddc9c4674b7c737ec65241a531df8c64e40b0a9Douglas Gregor // FIXME: If/when there is a getAsRawOffset() for FieldRegions, this 7251ddc9c4674b7c737ec65241a531df8c64e40b0a9Douglas Gregor // ElementRegion path and the FieldRegion path below should be unified. 7261ddc9c4674b7c737ec65241a531df8c64e40b0a9Douglas Gregor if (const ElementRegion *LeftER = dyn_cast<ElementRegion>(LeftMR)) { 7271ddc9c4674b7c737ec65241a531df8c64e40b0a9Douglas Gregor // First see if the right region is also an ElementRegion. 7281ddc9c4674b7c737ec65241a531df8c64e40b0a9Douglas Gregor const ElementRegion *RightER = dyn_cast<ElementRegion>(RightMR); 7291ddc9c4674b7c737ec65241a531df8c64e40b0a9Douglas Gregor if (!RightER) 730200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl return UnknownVal(); 731200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl 732200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl // Next, see if the two ERs have the same super-region and matching types. 733200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl // FIXME: This should do something useful even if the types don't match, 734200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl // though if both indexes are constant the RegionRawOffset path will 735200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl // give the correct answer. 736200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl if (LeftER->getSuperRegion() == RightER->getSuperRegion() && 737200121569dc6cff10a1fb6ed7500098770b9dd25Sebastian Redl LeftER->getElementType() == RightER->getElementType()) { 7386346f963145ed18b6edf50a78753b47db505e912Chris Lattner // Get the left index and cast it to the correct type. 739d20254f2875d0004c57ee766f258dbcee29f4841Nuno Lopes // If the index is unknown or undefined, bail out here. 740cb1c77f90d4e747b83a0d0cc125dc01567378f82Nuno Lopes SVal LeftIndexVal = LeftER->getIndex(); 741cb1c77f90d4e747b83a0d0cc125dc01567378f82Nuno Lopes NonLoc *LeftIndex = dyn_cast<NonLoc>(&LeftIndexVal); 742a00425414e8c209cabc25d1826b200aeb94259afZhongxing Xu if (!LeftIndex) 743a00425414e8c209cabc25d1826b200aeb94259afZhongxing Xu return UnknownVal(); 744a00425414e8c209cabc25d1826b200aeb94259afZhongxing Xu LeftIndexVal = evalCastFromNonLoc(*LeftIndex, ArrayIndexTy); 745a00425414e8c209cabc25d1826b200aeb94259afZhongxing Xu LeftIndex = dyn_cast<NonLoc>(&LeftIndexVal); 746d20254f2875d0004c57ee766f258dbcee29f4841Nuno Lopes if (!LeftIndex) 747caabf9bf331156e96dacb072385901fdfa057ec1Chris Lattner return UnknownVal(); 748d20254f2875d0004c57ee766f258dbcee29f4841Nuno Lopes 749d20254f2875d0004c57ee766f258dbcee29f4841Nuno Lopes // Do the same for the right index. 750d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner SVal RightIndexVal = RightER->getIndex(); 751d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner NonLoc *RightIndex = dyn_cast<NonLoc>(&RightIndexVal); 752d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner if (!RightIndex) 7538189cde56b4f6f938cd65f53c932fe1860d0204cTed Kremenek return UnknownVal(); 754d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner RightIndexVal = evalCastFromNonLoc(*RightIndex, ArrayIndexTy); 755d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner RightIndex = dyn_cast<NonLoc>(&RightIndexVal); 7561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump if (!RightIndex) 757d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner return UnknownVal(); 758d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner 759d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner // Actually perform the operation. 760d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner // evalBinOpNN expects the two indexes to already be the right type. 761d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner return evalBinOpNN(state, op, *LeftIndex, *RightIndex, resultTy); 762d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner } 763d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner 764cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne // If the element indexes aren't comparable, see if the raw offsets are. 765cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne RegionRawOffset LeftOffset = LeftER->getAsArrayOffset(); 766d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner RegionRawOffset RightOffset = RightER->getAsArrayOffset(); 767cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne 768d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner if (LeftOffset.getRegion() != NULL && 769d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner LeftOffset.getRegion() == RightOffset.getRegion()) { 770cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne CharUnits left = LeftOffset.getOffset(); 771cc324ad80ab940efca006b0064f7ca70a6181816Peter Collingbourne CharUnits right = RightOffset.getOffset(); 772d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner 7731eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump switch (op) { 77488c9a46f0b84f1ee83e01917825346551ee540d0Douglas Gregor default: 775d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner return UnknownVal(); 776d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner case BO_LT: 777d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner return makeTruthVal(left < right, resultTy); 778d18b3299debb7b0dbd9d34d9369189dc98c87f53Chris Lattner case BO_GT: 779cb888967400a03504c88acedd5248d6778a82f46Chris Lattner return makeTruthVal(left > right, resultTy); 780cb888967400a03504c88acedd5248d6778a82f46Chris Lattner case BO_LE: 7814ba2a17694148e16eaa8d3917f657ffcd3667be4Jay Foad return makeTruthVal(left <= right, resultTy); 782c4f8e8b645b8e0e685c089dde0674c6f29a24168Steve Naroff case BO_GE: 7831eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump return makeTruthVal(left >= right, resultTy); 784c4f8e8b645b8e0e685c089dde0674c6f29a24168Steve Naroff case BO_EQ: 785c4f8e8b645b8e0e685c089dde0674c6f29a24168Steve Naroff return makeTruthVal(left == right, resultTy); 786c4f8e8b645b8e0e685c089dde0674c6f29a24168Steve Naroff case BO_NE: 787cb888967400a03504c88acedd5248d6778a82f46Chris Lattner return makeTruthVal(left != right, resultTy); 7881eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump } 789c4f8e8b645b8e0e685c089dde0674c6f29a24168Steve Naroff } 790c4f8e8b645b8e0e685c089dde0674c6f29a24168Steve Naroff 791cb888967400a03504c88acedd5248d6778a82f46Chris Lattner // If we get here, we have no way of comparing the ElementRegions. 7921eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump return UnknownVal(); 793bcba201a1118d7852b8b97187d495ae2a4f49519Anders Carlsson } 794bcba201a1118d7852b8b97187d495ae2a4f49519Anders Carlsson 795cb888967400a03504c88acedd5248d6778a82f46Chris Lattner // See if both regions are fields of the same structure. 7961eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump // FIXME: This doesn't handle nesting, inheritance, or Objective-C ivars. 7974fcd399a52ae45ed8ebfdd3a25e01cfb76fa366dDouglas Gregor if (const FieldRegion *LeftFR = dyn_cast<FieldRegion>(LeftMR)) { 7984fcd399a52ae45ed8ebfdd3a25e01cfb76fa366dDouglas Gregor // Only comparisons are meaningful here! 7994fcd399a52ae45ed8ebfdd3a25e01cfb76fa366dDouglas Gregor if (!BinaryOperator::isComparisonOp(op)) 8007814e6d6645d587891293d59ecf6576defcfac92Douglas Gregor return UnknownVal(); 801cb888967400a03504c88acedd5248d6778a82f46Chris Lattner 802bcba201a1118d7852b8b97187d495ae2a4f49519Anders Carlsson // First see if the right region is also a FieldRegion. 8036dde78f744382a5627a04f984a97049e0c4b5e73Anders Carlsson const FieldRegion *RightFR = dyn_cast<FieldRegion>(RightMR); 8046dde78f744382a5627a04f984a97049e0c4b5e73Anders Carlsson if (!RightFR) 8056217b80b7a1379b74cced1c076338262c3c980b3Ted Kremenek return UnknownVal(); 8066dde78f744382a5627a04f984a97049e0c4b5e73Anders Carlsson 8076217b80b7a1379b74cced1c076338262c3c980b3Ted Kremenek // Next, see if the two FRs have the same super-region. 8086dde78f744382a5627a04f984a97049e0c4b5e73Anders Carlsson // FIXME: This doesn't handle casts yet, and simply stripping the casts 809864c041e118155c2b1ce0ba36942a3da5a4a055eJohn McCall // doesn't help. 810864c041e118155c2b1ce0ba36942a3da5a4a055eJohn McCall if (LeftFR->getSuperRegion() != RightFR->getSuperRegion()) 811864c041e118155c2b1ce0ba36942a3da5a4a055eJohn McCall return UnknownVal(); 8125291c3cec0dbe8ad1d8e7e67e93af2b1586d5400Douglas Gregor 813864c041e118155c2b1ce0ba36942a3da5a4a055eJohn McCall const FieldDecl *LeftFD = LeftFR->getDecl(); 8146dde78f744382a5627a04f984a97049e0c4b5e73Anders Carlsson const FieldDecl *RightFD = RightFR->getDecl(); 8156dde78f744382a5627a04f984a97049e0c4b5e73Anders Carlsson const RecordDecl *RD = LeftFD->getParent(); 816cb888967400a03504c88acedd5248d6778a82f46Chris Lattner 8172882eca5a184c78f793188083f6ce539740a5cf2John McCall // Make sure the two FRs are from the same kind of record. Just in case! 8182882eca5a184c78f793188083f6ce539740a5cf2John McCall // FIXME: This is probably where inheritance would be a problem. 8192882eca5a184c78f793188083f6ce539740a5cf2John McCall if (RD != RightFD->getParent()) 8202882eca5a184c78f793188083f6ce539740a5cf2John McCall return UnknownVal(); 8212882eca5a184c78f793188083f6ce539740a5cf2John McCall 8222882eca5a184c78f793188083f6ce539740a5cf2John McCall // We know for sure that the two fields are not the same, since that 8232882eca5a184c78f793188083f6ce539740a5cf2John McCall // would have given us the same SVal. 8242882eca5a184c78f793188083f6ce539740a5cf2John McCall if (op == BO_EQ) 8252882eca5a184c78f793188083f6ce539740a5cf2John McCall return makeTruthVal(false, resultTy); 8262882eca5a184c78f793188083f6ce539740a5cf2John McCall if (op == BO_NE) 8272882eca5a184c78f793188083f6ce539740a5cf2John McCall return makeTruthVal(true, resultTy); 8282882eca5a184c78f793188083f6ce539740a5cf2John McCall 8292882eca5a184c78f793188083f6ce539740a5cf2John McCall // Iterate through the fields and see which one comes first. 830c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt // [C99 6.7.2.1.13] "Within a structure object, the non-bit-field 8318ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor // members and the units in which bit-fields reside have addresses that 832c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt // increase in the order in which they are declared." 833c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt bool leftFirst = (op == BO_LT || op == BO_LE); 8348ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor for (RecordDecl::field_iterator I = RD->field_begin(), 8358ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor E = RD->field_end(); I!=E; ++I) { 8368ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor if (*I == LeftFD) 837c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt return makeTruthVal(leftFirst, resultTy); 8388ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor if (*I == RightFD) 8398ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor return makeTruthVal(!leftFirst, resultTy); 8408ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor } 8418ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 8428ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor llvm_unreachable("Fields not found in parent record's definition"); 8438ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor } 8448ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 8458ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor // If we get here, we have no way of comparing the regions. 8468ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor return UnknownVal(); 8478ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor } 8488ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor } 8498ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor} 8508ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 8518ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas GregorSVal SimpleSValBuilder::evalBinOpLN(ProgramStateRef state, 852c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt BinaryOperator::Opcode op, 8538ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor Loc lhs, NonLoc rhs, QualType resultTy) { 854c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt 8558ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor // Special case: rhs is a zero constant. 8568ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor if (rhs.isZeroConstant()) 857f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall return lhs; 858f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall 859bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // Special case: 'rhs' is an integer that has the same width as a pointer and 860561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor // we are using the integer location in a comparison. Normally this cannot be 861bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor // triggered, but transfer functions like those for OSCompareAndSwapBarrier32 862c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt // can generate comparisons that trigger this code. 863c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt // FIXME: Are all locations guaranteed to have pointer width? 8648ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor if (BinaryOperator::isComparisonOp(op)) { 8658ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor if (nonloc::ConcreteInt *rhsInt = dyn_cast<nonloc::ConcreteInt>(&rhs)) { 8668ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor const llvm::APSInt *x = &rhsInt->getValue(); 8678ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor ASTContext &ctx = Context; 868c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt if (ctx.getTypeSize(ctx.VoidPtrTy) == x->getBitWidth()) { 8698ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor // Convert the signedness of the integer (if necessary). 870bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor if (x->isSigned()) 871bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor x = &getBasicValueFactory().getValue(*x, true); 872bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor 873bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor return evalBinOpLL(state, op, lhs, loc::ConcreteInt(*x), resultTy); 874bebbe0d9b7568ce43a464286bee49429489ef483Douglas Gregor } 8758ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor } 8768ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor return UnknownVal(); 8778ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor } 8788ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 8798ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor // We are dealing with pointer arithmetic. 8808ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor 8818ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor // Handle pointer arithmetic on constant values. 8828ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor if (nonloc::ConcreteInt *rhsInt = dyn_cast<nonloc::ConcreteInt>(&rhs)) { 883c302113179a1c2b1254224ea9b6f5316ceeb375cSean Hunt if (loc::ConcreteInt *lhsInt = dyn_cast<loc::ConcreteInt>(&lhs)) { 8848ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor const llvm::APSInt &leftI = lhsInt->getValue(); 8858ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor assert(leftI.isUnsigned()); 8868ecdb65716cd7914ffb2eeee993fa9039fcd31e8Douglas Gregor llvm::APSInt rightI(rhsInt->getValue(), /* isUnsigned */ true); 8871eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 88840d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor // Convert the bitwidth of rightI. This should deal with overflow 889f595cc41c4d95fe323f8a2b209523de9956f874dEli Friedman // since we are dealing with concrete values. 890161755a09898c95d21bfff33707da9ca41cd53c5John McCall rightI = rightI.extOrTrunc(leftI.getBitWidth()); 8912577743c5650c646fb705df01403707e94f2df04Abramo Bagnara 892d5532b6cfff2977e0c59fa6ead7f7973984a620dJohn McCall // Offset the increment by the pointer size. 893f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall llvm::APSInt Multiplicand(rightI.getBitWidth(), /* isUnsigned */ true); 894f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall rightI *= Multiplicand; 895f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall 89683f6faf37d9bf58986bedc9bc0ea897a56b4dbadDouglas Gregor // Compute the adjusted pointer. 8976bb8017bb9e828d118e15e59d71c66bba323c364John McCall switch (op) { 89840d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor case BO_Add: 899161755a09898c95d21bfff33707da9ca41cd53c5John McCall rightI = leftI + rightI; 900161755a09898c95d21bfff33707da9ca41cd53c5John McCall break; 9016bb8017bb9e828d118e15e59d71c66bba323c364John McCall case BO_Sub: 9026bb8017bb9e828d118e15e59d71c66bba323c364John McCall rightI = leftI - rightI; 9031eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump break; 904d5532b6cfff2977e0c59fa6ead7f7973984a620dJohn McCall default: 905b0c3e0909bb04af0bfb82ad01ab6909649d68ccaArgyrios Kyrtzidis llvm_unreachable("Invalid pointer arithmetic operation"); 9061eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump } 9073248854a5d16e1de17c58e05f726bdef9f042df2Chris Lattner return loc::ConcreteInt(getBasicValueFactory().getValue(rightI)); 908f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall } 909f89e55ab1bfb3ea997f8b02997c611a02254eb2dJohn McCall } 9106bb8017bb9e828d118e15e59d71c66bba323c364John McCall 9116bb8017bb9e828d118e15e59d71c66bba323c364John McCall // Handle cases where 'lhs' is a region. 91240d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor if (const MemRegion *region = lhs.getAsRegion()) { 91340d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor rhs = cast<NonLoc>(convertToArrayIndex(rhs)); 9146bb8017bb9e828d118e15e59d71c66bba323c364John McCall SVal index = UnknownVal(); 9156bb8017bb9e828d118e15e59d71c66bba323c364John McCall const MemRegion *superR = 0; 916561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor QualType elementType; 917561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 918561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor if (const ElementRegion *elemReg = dyn_cast<ElementRegion>(region)) { 919561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor assert(op == BO_Add || op == BO_Sub); 920561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor index = evalBinOpNN(state, op, elemReg->getIndex(), rhs, 921561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor getArrayIndexType()); 9226bb8017bb9e828d118e15e59d71c66bba323c364John McCall superR = elemReg->getSuperRegion(); 9236bb8017bb9e828d118e15e59d71c66bba323c364John McCall elementType = elemReg->getElementType(); 9246bb8017bb9e828d118e15e59d71c66bba323c364John McCall } 92540d96a69c0e1e8c10f92d450c305a7aae696ca9cDouglas Gregor else if (isa<SubRegion>(region)) { 9266bb8017bb9e828d118e15e59d71c66bba323c364John McCall superR = region; 9276bb8017bb9e828d118e15e59d71c66bba323c364John McCall index = rhs; 9286bb8017bb9e828d118e15e59d71c66bba323c364John McCall if (resultTy->isAnyPointerType()) 9296bb8017bb9e828d118e15e59d71c66bba323c364John McCall elementType = resultTy->getPointeeType(); 930561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 931561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor 932561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor if (NonLoc *indexV = dyn_cast<NonLoc>(&index)) { 9336bb8017bb9e828d118e15e59d71c66bba323c364John McCall return loc::MemRegionVal(MemMgr.getElementRegion(elementType, *indexV, 934561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor superR, getContext())); 935561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 936561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor } 937561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor return UnknownVal(); 938561f81243f665cf2001caadc45df505f826b72d6Douglas Gregor} 9396bb8017bb9e828d118e15e59d71c66bba323c364John McCall 9406bb8017bb9e828d118e15e59d71c66bba323c364John McCallconst llvm::APSInt *SimpleSValBuilder::getKnownValue(ProgramStateRef state, 9416bb8017bb9e828d118e15e59d71c66bba323c364John McCall SVal V) { 94283f6faf37d9bf58986bedc9bc0ea897a56b4dbadDouglas Gregor if (V.isUnknownOrUndef()) 94383f6faf37d9bf58986bedc9bc0ea897a56b4dbadDouglas Gregor return NULL; 94475e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor 94575e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor if (loc::ConcreteInt* X = dyn_cast<loc::ConcreteInt>(&V)) 94675e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor return &X->getValue(); 94775e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor 94875e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor if (nonloc::ConcreteInt* X = dyn_cast<nonloc::ConcreteInt>(&V)) 94975e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor return &X->getValue(); 95075e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor 95175e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor if (SymbolRef Sym = V.getAsSymbol()) 95275e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor return state->getConstraintManager().getSymVal(state, Sym); 95375e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor 95475e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor // FIXME: Add support for SymExprs. 95575e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor return NULL; 95675e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor} 95775e85048e73fcde2ce9d8a48dfdb1220e132eb59Douglas Gregor