[cfe-commits] [PATCH] Set region size in GRRegionVals transfer function
xuzhongxing at gmail.com
Fri Nov 7 08:37:10 PST 2008
On Fri, Nov 7, 2008 at 11:40 PM, Ted Kremenek <kremenek at apple.com> wrote:
> On Nov 7, 2008, at 12:44 AM, Zhongxing Xu wrote:
> From what I can tell, an out-of-bounds check has three components:
>> (1) a location L, which is an offset within a region X
>> (2) the extent of region X
>> (3) some logic to determine if the location L is outside the extent of
>> region X
>> We need to decide if we currently represent (1) for the interesting cases
>> that we are initially interested in going after.
>> I have some difficulty to understand this sentence. I think a we will just
>> get a location MemRegionVal with a out-of-bound ElementRegion, returned by
>> getLValue(). And nobody is aware of its illegality at that time.
> Sorry. ;-)
> I meant can we represent all "locations" (using SVals) for the cases that
> would be most interesting for array bounds checking? At this point I think
> the answer is no, since we don't have a location that represents a "base" +
> "offset", where the base is a location (i.e., a MemRegion) and offset is an
> index off of that base. Currently we drop all pointer arithmetic operations
> on the floor, so we haven't had to reason about such things yet.
I think we have. That is an ElementRegion with a symbolic SVal as its index.
Because all 'base'+'offset' boils down to an array element.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cfe-commits