[cfe-dev] Static Analyzer: immortal objects and getting the symbol for 'this'

Mon Jul 15 09:42:37 PDT 2013

Hi, Gabor. Objects that live on the stack don't have symbols; the properties of a stack object's region is entirely known and doesn't need to be symbolic. It's a VarRegion, not a SymbolicRegion.

The good news is that regions are also uniqued, and so if you're just looking to identify an object, using the region as the key is often reasonable as well, possibly with a call to stripCasts().

Additionally, symbol death is not quite the same as local variable death. If the value of a local variable is symbolic, and that value gets copied somewhere else, the symbol won't die when the local variable does. (Symbol information is basically garbage collected—each cleanup starts by crawling through all the live regions and values to see what's still accessible.) Local variables have very well-defined scope rules, so all of their control is in the CFG.

Rather than using the 'this' region and checkEndFunction, why not use checkPostCall and CXXDestructorCall's getCXXThisVal? (What are you actually trying to do?)

Jordan

On Jul 13, 2013, at 10:30 , Gábor Kozár <kozargabor at gmail.com> wrote:

> Hi,
> 
> 
> I'm using the Clang Static Analyzer from Clang 3.3. I want to check object's state when they die. I tried using checkDeadSymbols, but according to the SymbolReaper, the objects of interest never die. This is my test code:
> 
> struct Foo
> {
>      int* x;
>      Foo() { x = new int(10); }
> };
> 
> int main(int argc, const char** argv)
> {
>       Foo f;
>       return 0;
> }
> 
> The int* does die, but f does not. (I cannot check this directly: I just made the SymbolReaper print all symbols are regions that died, using the dead_begin(), etc. and region_begin() etc. methods). Why is this, and how can I work around it?
> 
> Even when there is a user-made destructor, which I can get using checkEndFunction, I'm unable to get back the symbol that represents 'f'. I spent like an hour digging through clang::ento's reference, and this was my best tip:
> 
> const CXXThisRegion* thisRegion = context.getStoreManager().getRegionManager().getCXXThisRegion(
>             dtor->getThisType(context.getASTContext()),
>             context.getLocationContext());
> 
> Unfortunately, this gives something that doesn't seem to have anything to do with 'f'. How can I get the symbol representing 'f', using only the CheckerContext and the const CXXDestructorDecl* I can obtain from the LocationContext?
> 
> I'm really stuck, and any help would be greatly appreciated. Thank you!
> 
> Gabor
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130715/584ba1c3/attachment.html>