diff options
Diffstat (limited to 'lib/StaticAnalyzer/Core/CoreEngine.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/CoreEngine.cpp | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/lib/StaticAnalyzer/Core/CoreEngine.cpp b/lib/StaticAnalyzer/Core/CoreEngine.cpp index ca662c7992115..1f137424d450e 100644 --- a/lib/StaticAnalyzer/Core/CoreEngine.cpp +++ b/lib/StaticAnalyzer/Core/CoreEngine.cpp @@ -26,6 +26,8 @@ using namespace clang; using namespace ento; +STATISTIC(NumSteps, + "The # of steps executed."); STATISTIC(NumReachedMaxSteps, "The # of times we reached the max number of steps."); STATISTIC(NumPathsExplored, @@ -74,7 +76,7 @@ public: } virtual void enqueue(const WorkListUnit& U) { - Queue.push_front(U); + Queue.push_back(U); } virtual WorkListUnit dequeue() { @@ -207,6 +209,8 @@ bool CoreEngine::ExecuteWorkList(const LocationContext *L, unsigned Steps, --Steps; } + NumSteps++; + const WorkListUnit& WU = WList->dequeue(); // Set the current block counter. @@ -248,7 +252,7 @@ void CoreEngine::dispatchWorkItem(ExplodedNode* Pred, ProgramPoint Loc, break; } - case ProgramPoint::CallExitKind: + case ProgramPoint::CallExitBeginKind: SubEng.processCallExit(Pred); break; @@ -261,7 +265,9 @@ void CoreEngine::dispatchWorkItem(ExplodedNode* Pred, ProgramPoint Loc, } default: assert(isa<PostStmt>(Loc) || - isa<PostInitializer>(Loc)); + isa<PostInitializer>(Loc) || + isa<PostImplicitCall>(Loc) || + isa<CallExitEnd>(Loc)); HandlePostStmt(WU.getBlock(), WU.getIndex(), Pred); break; } @@ -502,7 +508,8 @@ void CoreEngine::enqueueStmtNode(ExplodedNode *N, } // Do not create extra nodes. Move to the next CFG element. - if (isa<PostInitializer>(N->getLocation())) { + if (isa<PostInitializer>(N->getLocation()) || + isa<PostImplicitCall>(N->getLocation())) { WList->enqueue(N, Block, Idx+1); return; } @@ -531,14 +538,13 @@ void CoreEngine::enqueueStmtNode(ExplodedNode *N, WList->enqueue(Succ, Block, Idx+1); } -ExplodedNode *CoreEngine::generateCallExitNode(ExplodedNode *N) { - // Create a CallExit node and enqueue it. +ExplodedNode *CoreEngine::generateCallExitBeginNode(ExplodedNode *N) { + // Create a CallExitBegin node and enqueue it. const StackFrameContext *LocCtx = cast<StackFrameContext>(N->getLocationContext()); - const Stmt *CE = LocCtx->getCallSite(); - // Use the the callee location context. - CallExit Loc(CE, LocCtx); + // Use the callee location context. + CallExitBegin Loc(LocCtx); bool isNew; ExplodedNode *Node = G->getNode(Loc, N->getState(), false, &isNew); @@ -565,12 +571,13 @@ void CoreEngine::enqueue(ExplodedNodeSet &Set, void CoreEngine::enqueueEndOfFunction(ExplodedNodeSet &Set) { for (ExplodedNodeSet::iterator I = Set.begin(), E = Set.end(); I != E; ++I) { ExplodedNode *N = *I; - // If we are in an inlined call, generate CallExit node. + // If we are in an inlined call, generate CallExitBegin node. if (N->getLocationContext()->getParent()) { - N = generateCallExitNode(N); + N = generateCallExitBeginNode(N); if (N) WList->enqueue(N); } else { + // TODO: We should run remove dead bindings here. G->addEndOfPath(N); NumPathsExplored++; } |