[cfe-dev] [analyzer] constructing svals
Michael Katelman
katelman at gmail.com
Thu Feb 27 16:17:41 PST 2014
I'm having some trouble understanding exactly under what circumstances I
can construct a "known" sval for various expressions.
Here's a concrete example that I ran into and was surprised about:
int f(float x){
return (int)x;
}
int main(int argc, char** argv){
int x = -1;
f(x);
return 0;
}
I then created a checker that registered for the PreCall check. When
checkPreCall was invoked, Call.getArgSVal(0) is unknown, which makes sense
to me because the system doesn't reason about floating-point, however, I
was surprised that this also results in an unknown value (regardless of
it's overall sensibility):
C.getState()->getSVal(dyn_cast<ImplicitCastExpr>(Call.getArgExpr(0)->getSubExpr()))
Indeed, if I change the definition of f so that it becomes:
int f(int x){
return x;
}
Then Call.getArgSVal(0) is known and insofar as I can tell should be
equivalent to the above in the earlier context. I'd be interested to
understand why that's not the case and in general what expressions can be
converted to usable svals during the check calls.
Thanks!
-Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140227/5207d4e1/attachment.html>
More information about the cfe-dev
mailing list