[cfe-commits] [PATCH] Set region size in GRRegionVals transfer function

Ted Kremenek kremenek at apple.com
Fri Nov 7 07:40:40 PST 2008

On Nov 7, 2008, at 12:44 AM, Zhongxing Xu wrote:

> From what I can tell, an out-of-bounds check has three components:
> (1) a location L, which is an offset within a region X
> (2) the extent of region X
> (3) some logic to determine if the location L is outside the extent  
> of region X
> We need to decide if we currently represent (1) for the interesting  
> cases that we are initially interested in going after.
> I have some difficulty to understand this sentence. I think a we  
> will just get a location MemRegionVal with a out-of-bound  
> ElementRegion, returned by getLValue(). And nobody is aware of its  
> illegality at that time.

Sorry.  ;-)

I meant can we represent all "locations" (using SVals) for the cases  
that would be most interesting for array bounds checking?  At this  
point I think the answer is no, since we don't have a location that  
represents a "base" + "offset", where the base is a location (i.e., a  
MemRegion) and offset is an index off of that base.  Currently we drop  
all pointer arithmetic operations on the floor, so we haven't had to  
reason about such things yet.

More information about the cfe-commits mailing list