[cfe-dev] PreStmtPurgeDeadSymbols and LazyCompoundVal bindings

Ádám Balogh via cfe-dev cfe-dev at lists.llvm.org
Tue Jul 12 08:46:02 PDT 2016 

Hi,

I am facing the following problem:

1) I evaluate a function returning a record to a conjured symbol
2) MaterializeTemporaryExpr creates a new temp_object, binds it (default binding) to the conjured symbol and adds a new expression where the function is evaluated to this temp_object.
3) PreStmtPurgeDeadSymbol removes all other expressions, thus the one remaining is the one created by MaterializeTemporaryExpr. This means the function is evaluated to a temp_object which is bound to the conjured symbol.
4) CXXConsturctExpr binds (default binding) a lazyCompoundVal to the variable receiving the function return value, which refers to the temp_object, which is bound to the conjured symbol.
5) PreStmtPurgeDeadSymbol removes the binding of the temp_object to the conjured symbol, but it was not dead! It was used indirectly via the lazyCompoundVal. So the indirect binding between the variable and the conjured symbol is completely lost.

My first (minor) problem is: why creating a lazyCompoundVal for a temp_object? A temp_object as its name says is temporary, so there is no point to do a lazy copy of it. This step could be optimized away by binding the temp_object itself to the receiving variable. In this special case it could also solve the main problem, thus losing the binding between the variable and the expression value (the conjured symbol the function evaluates to in my special case).

However, the second (major) problem is the erroneous removal of a live binding of the base region of the lazyCompoundVal. I checked why this happens in RegionStore.cpp, and I found that function VisitBinding of class invalidateRegionsWorker calls function getInterestingValues of RegionStoreManager which returns the target of the binding and not the source. So in my case it returns the conjured symbol itself and not the temp_object which is bound to it. Because of this the binding of the temp_object is not marked as a live binding and is thus removed. Is this the way it is supposed to work? I do not think so, because it breaks a chain of bindings this way. Any idea how to fix it?

Thanks your suggestions in advance!

Regards,

Ádám

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160712/c49fdd1e/attachment.html>

More information about the cfe-dev mailing list