[cfe-dev] checkBind: distinguish between MemRegionVal/ElementRegion
Aitor San Juan
aitor.sj at opendeusto.es
Thu May 8 10:57:12 PDT 2014
Watching that presentation you mention was one of the 1st things I did some
time ago. I think I'll watch it again to refresh.
I'll reread again the docs with your comments in mind.
Thanks for the clarifications, Jordan.
2014-05-08 6:02 GMT+02:00 Jordan Rose <jordan_rose at apple.com>:
> Hello, Aitor. I'm afraid you're still getting SVals, symbols, and
> MemRegions somewhat mixed up. They are not interchangeable. Have you
> watched our presentation on writing a checker yet? (Linked here:
> http://clang-analyzer.llvm.org/checker_dev_manual.html) I'm sorry it's
> not really incorporated into the rest of the Checker Development Manual,
> but the video is probably still the clearest introduction to analyzer core
> concepts that we have.
>
>
> 1) To test if Loc is a MemRegionVal I use the following, but there's
>> something wrong I can't figure out (it doesn't compile), and I'm stuck (as
>> far as I know, MemRegionVal is a subclass of SVal):
>>
>> if (clang::isa<loc::MemRegionVal>(Loc)) ...
>>
>
> This is a bit mundane—you can only use isa<> on pointers and references,
> but SVals are passed around by value. As you discovered, you can use getAs.
>
> SymbolRef sym = L->getAsLocSymbol();
> SymbolRef sym = VLoc.getAsLocSymbol();
> SymbolRef sym = VLoc.getAsSymbol();
>
>
> The second one will handle everything the first one handles, as well as
> locations cast to integer values (like "(intptr_t)&x"). The last one will
> also give you back symbols for non-location values. But not all memory
> regions are based on symbols (a local variable does not need a symbol), and
> of course not all symbolic values are memory regions (the result of
> random() is an integer).
>
>
> 2) ElementRegion doesn't belong to the SVal class hierarchy. How can I
>> know if Loc is an ElementRegin?
>>
>
> That's not really a good question. What you really want to know is if a
> given location is within a constant string region. That's a much simpler
> question.
>
> // Does this value represent the address of a region?
> const MemRegion *MR = V.getAsRegion();
> if (!MR)
> return;
>
> bool isString = isa<StringRegion>(MR->getBaseRegion());
>
> This isn't going to cover *all* use cases, but it does cover this one
> much more nicely than trying to pattern-match on ElementRegion.
>
> (Finally, of course, -fconst-strings is a much safer way to handle this
> kind of issue, but that doesn't help if you have an existing codebase.)
>
> Jordan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140508/8fbc58cf/attachment.html>
More information about the cfe-dev
mailing list