[cfe-dev] Pointers as SVals
Ádám Balogh via cfe-dev
cfe-dev at lists.llvm.org
Thu Jun 18 02:57:03 PDT 2020
Hello,
I am trying to understand how to distinguish the value of the pointer itself and the pointed region. However, I experience some contradictions while testing. Look at the following piece of code:
```
const int* get_ptr();
void f() {
const int *p = get_ptr();
clang_analyzer_dump(p);
clang_analyzer_explain(p);
}
```
The output of this code:
```
ptr_dump_explain.c:8:3: warning: &SymRegion{conj_$2{const int *, LC1, S715, #1}} [debug.ExprInspection]
clang_analyzer_dump(p);
^~~~~~~~~~~~~~~~~~~~~~
ptr_dump_explain.c:9:3: warning: symbol of type 'const int *' conjured at statement 'get_ptr()' [debug.ExprInspection]
clang_analyzer_explain(p);
^~~~~~~~~~~~~~~~~~~~~~~~~
```
Is `p` a region or a symbol? `clang_analyzer_dump()` says it is a region, more specifically a symbolic region, but still a region. However, `clang_analyzer_explain()` says it is a symbol, which I think is wrong. According to `SValExplainer.h` it should print something like `object at...` or `pointee of ...` but not explain the raw symbol without mentioning the region.
I tried to change the code to the following:
```
void f() {
const int *p = get_ptr();
++p;
clang_analyzer_dump(p);
clang_analyzer_explain(p);
}
```
The output changes:
```
ptr_dump_explain.c:9:3: warning: &Element{SymRegion{conj_$2{const int *, LC1, S715, #1}},1 S64b,int} [debug.ExprInspection]
clang_analyzer_dump(p);
^~~~~~~~~~~~~~~~~~~~~~
ptr_dump_explain.c:10:3: warning: pointer to element of type 'int' with index 1 of pointee of symbol of type 'const int *' conjured at statement 'get_ptr()' [debug.ExprInspection]
clang_analyzer_explain(p);
^~~~~~~~~~~~~~~~~~~~~~~~~
```
This is even stranger, because here `clang_analyzer_dump()` says it is an element region, thus a region of the array element. However, here `clang_analyzer_explain()` says it is a pointer to the element, thus not the element itself. According to `SValExplainer.h` the output for an element region should begin with `element of type...`. What is wrong here? Both functions take the same type of parameter:
```
void clang_analyzer_dump(const int*);
void clang_analyzer_explain(const int*);
```
What do I misunderstand here?
Regards,
Ádám
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200618/e4b68b09/attachment.html>
More information about the cfe-dev
mailing list