[cfe-dev] [analyzer][GSoC] Problem Statement: Improving BugReporter with static backward program slicing

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Wed Apr 3 16:05:19 PDT 2019


Yup, works now!

What i just proposed should hopefully end up looking like this:

1  void useInt(int);
2
3  int getInt(int x) {
4    int a;
5
6    if (x > 0)
7      a = 3;
***~~^~~ // (8) Assigning 3 to 'a'*
8    else
9      a = 2;
10
11   return a;
12 }
13
14 int g();
15
16 int main() {
17   int arr[10];
18
19   for (int i = 0; i < 3; ++i)
***^~~~~~~~~~~~~~~~~~~~~~~~~~~ (1)--(6) Looping around the loop*
20     arr[i] = 0;
21
22   int x = g();
23   int n = getInt(x);
**             ^~~~~~~~~ // (7) Calling getInt**
****             ^~~~~~~~~ // (9) Returning '3'**
***     ~~~~~~^~~~~~~~~~~ // (10) Assigning 'n' to '3'*
24   useInt(arr[n]);
*            ~~~~^~ // (11) Loading uninitialized value at index '3'**
**     ~~~~~~~^~~~~~ // (12) Use of uninitialized value!*
25 }

And all we need is to add note (11) by pattern-matching the current 
statement in trackExpressionValue() (which is a pretty good start 
regardless) and then invoke another trackExpressionValue() recursively 
over the index expression.

On 4/3/19 3:51 PM, Kristóf Umann wrote:
> Let's hope this works now:
>
> image.png
>
> On Thu, 4 Apr 2019 at 00:45, Artem Dergachev <noqnoqneo at gmail.com 
> <mailto:noqnoqneo at gmail.com>> wrote:
>
>     If i understand correctly (hmm, there seem to be image problems
>     again), in this bug report it's about doing
>     trackNullOrUndefValue() over `n` whenever we track the
>     uninitialized value back to a load from an array with index `n` -
>     i think it easily gets us straight to `a = 3` and it doesn't
>     require introducing any new analyses.
>
>
> The problem is, as seen on the image, that it isn't obvious at all 
> from the report that a == 3.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190403/12dfd127/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 57345 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190403/12dfd127/attachment-0001.png>


More information about the cfe-dev mailing list