<html><head><meta http-equiv="Content-Type" content="text/html charset=GB2312"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>I recommend reading up on the <a href="http://clang-analyzer.llvm.org/checker_dev_manual.html#values">Checker Developer Manual</a> on the analyzer site, but here's the gist of it:</div><div><br></div><div>- Values are immutable things. Regions represent regions of memory. The address of a region can be a value.</div><div>- Any local variable or parameter is a VarRegion. VarRegions are TypedRegions, so the analyzer does know that 'ptr' is a pointer, but the value might be some integer casted to a pointer, which can't actually behave as a region.</div><div>- The Store is what keeps tracking of what <i>value</i> is bound to a particular <i>region.</i></div><div><br></div><div>So, when you do "ptr = ptr + 3", the analyzer will do this:</div><div><br></div><div>1. Get the value currently stored in the VarRegion for 'ptr'. Call it '$ptr', though if the value is symbolic it may be represented as an ElementRegion '&$ptr[0]'. This is because we don't know if '*ptr' is a single object or part of an array.</div><div>2. Create a new value of '$ptr + 3', which happens in SValBuilder. The result is also represented as an ElementRegion, i.e. '&$ptr[3]'.</div><div>3. Update the Store: bind '$ptr + 3' to the VarRegion for 'ptr'.</div><div><br></div><div>Does that clear things up?</div><div>Jordan</div><div><br></div><br><div><div>On Nov 5, 2013, at 6:09 , Arthur Yoo <<a href="mailto:phjy007@gmail.com">phjy007@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><p class="MsoNormal">Hi Jordan, </p><p class="MsoNormal"><br></p><p class="MsoNormal">What does it mean by ¡°when you do ¡®ptr = ptr + 3¡¯, you're
storing a new value into the same location¡±? In other words, what do ¡®a new
value¡¯ and ¡®the same location¡¯ mean respectively? Does it mean that the pointee
region referred by ptr is ¡®element{arr,3 S32b,int}¡¯ rather than ptr¡¯s region
itself? And what¡¯s the kind of MemRegion does ¡®ptr¡¯ is? Just ¡®VarRegion¡¯? Is it
right that Static Analyzer doesn¡¯t know that ¡®ptr¡¯ is a pointer?</p><p class="MsoNormal"><br></p><p class="MsoNormal">Actually, I want to track the pointer offsets for two
platforms. How does Static Analyzer know that before ¡°ptr = ptr + 3¡±, ¡®ptr¡¯ pointed
to ¡®element{arr,0 S32b,int}¡¯ and after that, ¡®ptr¡¯ points to ¡®element{arr,3
S32b,int}¡¯? Thanks a lot.</p>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/11/5 Jordan Rose <span dir="ltr"><<a href="mailto:jordan_rose@apple.com" target="_blank">jordan_rose@apple.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><div>That's correct. Also, remember that symbolic values are immutable; when you do "ptr = ptr + 3", you're storing a new <i>value</i> into the same <i>location</i>. So the ElementRegion's index doesn't change, but 'ptr' now refers to a different ElementRegion.</div>
<div><br></div><div>Jordan</div><div><br></div><br><div><div><div class="h5"><div>On Nov 4, 2013, at 4:33 , Arthur Yoo <<a href="mailto:phjy007@gmail.com" target="_blank">phjy007@gmail.com</a>> wrote:</div><br></div>
</div><blockquote type="cite"><div><div class="h5"><div dir="ltr">It seems that<i> evalBinOp() </i>will do the related things.<i> evalBinOp()</i> also calls <i>evalBinOpLN()</i> and evalBinOpNN().</div><div class="gmail_extra">
<br><br><div class="gmail_quote">2013/10/30 Arthur Yoo <span dir="ltr"><<a href="mailto:phjy007@gmail.com" target="_blank">phjy007@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p class="MsoNormal">Hi all,</p><p class="MsoNormal"><br></p><p class="MsoNormal">ElementRegion has a field named <i>Index (NoLoc) </i>to record the index of that Array Element. We can
also use pointer offset operation to calculate a new index and get the
corresponding array element. For example:</p><p class="MsoNormal">1 void func() {</p><p class="MsoNormal">2 int arr[10];</p><p class="MsoNormal">3 int *ptr, *ptr2;</p><p class="MsoNormal">4 ptr = arr;</p><p class="MsoNormal">
5 ptr = ptr + 3;</p><p class="MsoNormal">6 *ptr = 9;</p><p class="MsoNormal">7 ptr2 = ptr + 1;</p><p class="MsoNormal">8 *ptr2 = 10;</p><p class="MsoNormal">9 }</p><p class="MsoNormal"><br></p><p class="MsoNormal">
Line 5 shows the pointer offset operation. I dumped the
information of the pointee MemRegion referenced by ptr, the Static Analyzer gave
me such result: element{arr,3 S32b,int}. That means after the pointer offset
operation by line 5, the ptr¡¯s pointee MemRegion became an ElementRegion of
arr[], which index was <i>3 S32b</i>. The
line 7¡¯s effect is same, it showed me element{arr,4 S32b,int}. Obviously, after
the pointer offset operation, the ElementRegion¡¯s Index will be changed. I want
to know where are the methods that handle the Element Region¡¯s index in pointer
offset operation. Cause I want to find these methods and add some codes into
them. </p><p class="MsoNormal">Thanks a lot.</p><span><font color="#888888">
<div><br></div>-- <br><div dir="ltr"><font color="#444444">Best regards,</font><div><font color="#444444">Arthur Yoo</font></div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font color="#444444">Best regards,</font><div><font color="#444444">ÔÀ¼ÑÔ² | Yue Jiayuan | Arthur Yoo</font></div></div>
</div></div></div>
_______________________________________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
</blockquote></div><br></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font color="#444444">Best regards,</font><div><font color="#444444">ÔÀ¼ÑÔ² | Yue Jiayuan | Arthur Yoo</font></div></div>
</div>
</blockquote></div><br></body></html>