Index: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h =================================================================== --- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h +++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h @@ -22,6 +22,8 @@ namespace clang { namespace ento { +class MemRegion; + /// \brief Symbolic value. These values used to capture symbolic execution of /// the program. class SymExpr : public llvm::FoldingSetNode { @@ -76,6 +78,18 @@ static symbol_iterator symbol_end() { return symbol_iterator(); } unsigned computeComplexity() const; + + /// \brief Find the region from which this symbol originates. + /// + /// Whenever the symbol was constructed to denote an unknown value of + /// a certain memory region, return this region. This method + /// allows checkers to make decisions depending on the origin of the symbol. + /// Symbol classes for which the origin region is known include + /// SymbolRegionValue which denotes the value of the region before + /// the beginning of the analysis, and SymbolDerived which denotes the value + /// of a certain memory region after its super region (a memory space or + /// a larger record region) is default-bound with a certain symbol. + virtual const MemRegion *getOriginRegion() const { return nullptr; } }; typedef const SymExpr *SymbolRef; Index: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h =================================================================== --- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h +++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h @@ -58,6 +58,7 @@ } void dumpToStream(raw_ostream &os) const override; + const MemRegion *getOriginRegion() const override { return getRegion(); } QualType getType() const override; @@ -127,6 +128,7 @@ QualType getType() const override; void dumpToStream(raw_ostream &os) const override; + const MemRegion *getOriginRegion() const override { return getRegion(); } static void Profile(llvm::FoldingSetNodeID& profile, SymbolRef parent, const TypedValueRegion *r) { Index: cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp =================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp @@ -315,15 +315,7 @@ /// Returns nullptr if the instance symbol cannot be found. const ObjCIvarRegion * ObjCDeallocChecker::getIvarRegionForIvarSymbol(SymbolRef IvarSym) const { - const MemRegion *RegionLoadedFrom = nullptr; - if (auto *DerivedSym = dyn_cast(IvarSym)) - RegionLoadedFrom = DerivedSym->getRegion(); - else if (auto *RegionSym = dyn_cast(IvarSym)) - RegionLoadedFrom = RegionSym->getRegion(); - else - return nullptr; - - return dyn_cast(RegionLoadedFrom); + return dyn_cast_or_null(IvarSym->getOriginRegion()); } /// Given a symbol for an ivar, return a symbol for the instance containing Index: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp =================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp +++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp @@ -2833,14 +2833,6 @@ C.addTransition(State); } -static bool wasLoadedFromIvar(SymbolRef Sym) { - if (auto DerivedVal = dyn_cast(Sym)) - return isa(DerivedVal->getRegion()); - if (auto RegionVal = dyn_cast(Sym)) - return isa(RegionVal->getRegion()); - return false; -} - void RetainCountChecker::checkPostStmt(const ObjCIvarRefExpr *IRE, CheckerContext &C) const { Optional IVarLoc = C.getSVal(IRE).getAs(); @@ -2849,7 +2841,7 @@ ProgramStateRef State = C.getState(); SymbolRef Sym = State->getSVal(*IVarLoc).getAsSymbol(); - if (!Sym || !wasLoadedFromIvar(Sym)) + if (!Sym || !dyn_cast_or_null(Sym->getOriginRegion())) return; // Accessing an ivar directly is unusual. If we've done that, be more