[cfe-dev] clang analyzer: exit of CompoundStmt

scott constable via cfe-dev cfe-dev at lists.llvm.org
Mon Oct 19 05:39:31 PDT 2015 

Matthias,

I can at least give you a partial solution. The reason that
checkDeadSymbols() is not triggered by 'i' going out of scope is that 'i'
is not symbolic. Symbols refer to values which the analyzer cannot properly
model, other than by assigning constraints to them. Since 'i' is declared
locally, and a reference to 'i' never leaves this translation unit, 'i' is
never assigned a symbolic value. I think that what you need is provided by
the analysis context. You can do something like:

const CFGBlock *currentBlock =
Ctx.getLocationContext()->getCurrentStackFrame()->getCallSiteBlock();
LiveVariables *analysisLV =
Ctx.getLocationContext()->getAnalysis<RelaxedLiveVariables>();
if (!analysisLV->isLive(currentBlock, iVar)) {
    // iVar went out of scope, handle it somehow
}

The next question would be concern which callback to hook. Although
checkEndFunction() would be the easiest, it's not precise enough to handle
compoundStmts. But I'm not aware of a better option (someone else might
be?).

~Scott

On Sun, Oct 18, 2015 at 6:39 PM, Matthias Gehre via cfe-dev <
cfe-dev at lists.llvm.org> wrote:

> Hi,
>
> I'm currently trying to implement a clang analyzer check
> to detect dangling pointers to a local (that went out of scope), like in:
>
> void pointer_leaves_scope(bool bb) {
>     int* p;
>     {
>         int i = 0;
>         p = &i;
>     } // need to get a callback here
>     *p = 1; // should produce warning: i went out-of-scope
> }
>
> I first though that checkDeadSymbols(..) will be called when i goes out
> of scope,
> but it does not. Seems that I don't understand what checkDeadSymbols is
> supposed to do.
>
> I also tried checkPostStmt(CompoundStmt*,..), but that is not called
> either.
>
> Now I'm looking how to implement this callback (could be named
> checkSymbolLeavesScope).
> Or something like checkEndFunction() but for all local scopes.
>
> Could anyone please give me some hints where to add this to the analyzer
> core?
> I'm I missing something obvious?
>
> Thanks,
>
> Matthias
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151019/4d37aa3e/attachment.html>

More information about the cfe-dev mailing list