[PATCH] D41250: [analyzer] Model implied cast around operator new().

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Jan 9 19:32:58 PST 2018 

NoQ updated this revision to Diff 129212.
NoQ added a comment.

In https://reviews.llvm.org/D41250#959755, @NoQ wrote:

> > I also noticed that `evalCast` from `void *` to `T *` is uncomfortable to use because sometimes it transforms `&SymRegion{$x}` into `&element{T, 0S32b, SymRegion{$x}}` even when `$x` is already of type `T *`. The form `&SymRegion{$x}` seems to be the canonical form of this symbolic pointer value in the rest of the analyzer, so i decided to change `evalCast` to preserve it.
>
> Suddenly it turns out that this is not needed anymore. I'm struggling quite a bit to get the casts right, and still failing to identify the actual system we're trying to follow when representing pointer casts. I'd love to get to the bottom of it eventually.


Model the cast only around allocators that were inlined. Additionally, produce array element for array `new[]` allocator calls. This completely reverts the rather-accidental-than-intended change in behavior in the conservative case which i described above: we no longer get this

> `&element{T, 0S32b, SymRegion{$x}}` even when `$x` is already of type `T *`

thing in the conservative case, while still behaving reasonably in the inlined case, without touching any other behavior of the analyzer (i.e. not touching the whole `evalCast` thing). So i believe this is the right thing to do, at least for this patch.

Eventually it might be better to return `&element{T, 0S32b, SymRegion{$x}}` where `$x` is a conjured `void` pointer - this would express the semantics and the origins of that `SVal` better. However, we cannot do that, because we cannot conjure a symbol without a void-pointer-type expression, and we don't have the expression that represents the call site for the allocator call.


https://reviews.llvm.org/D41250

Files:
  include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
  lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
  lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
  test/Analysis/new-ctor-conservative.cpp
  test/Analysis/new-ctor-inlined.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D41250.129212.patch
Type: text/x-patch
Size: 6521 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180110/601630e9/attachment.bin>

More information about the cfe-commits mailing list