[cfe-dev] [analyzer] VisitIncDecOp store

Rafael·Stahl via cfe-dev cfe-dev at lists.llvm.org
Fri Apr 6 04:56:32 PDT 2018


Hi,

While developing a checker I have noticed that in the checkLocation 
callback I received an unexpected Expr. It was an UnaryOperator of 
non-pointer type and its SVal was a loc::ConcreteInt which doesn't 
really make sense in my opinion.

When looking into this in ExprEngineC.cpp 
ExprEngine::VisitIncrementDecrementOperator I noticed that the calls to 
evalStore pass the whole UnaryOperator Expr as third argument LocationE. 
This LocationE is documented as "The location expression that is stored 
to". I would have understood this as the sub-expression of the UnaryOp 
instead of the Op itself.

In particular:

-evalStore(Dst3, U, U, ...);
+evalStore(Dst3, U, Ex, ...);

Example:

volatile int *p;
(*p)++;

UnaryOperator 0x1bad960 'int' postfix '++'
`-ParenExpr 0x1bad940 'volatile int' lvalue
   `-UnaryOperator 0x1bad920 'volatile int' lvalue prefix '*' cannot 
overflow
     `-ImplicitCastExpr 0x1bad908 'volatile int *' <LValueToRValue>
       `-DeclRefExpr 0x1bad8e0 'volatile int *' lvalue Var 0x1bad320 'p' 
'volatile int *'

Here the outer UnaryOp is passed as SVal in checkLocation instead of the 
inner one.

Is my understanding correct? In that case I'm able to submit a patch.

Best regards
Rafael


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20180406/8021e210/attachment-0001.bin>


More information about the cfe-dev mailing list