<div dir="ltr">Thank you very much!<div><br></div><div>But I still have a question. I am writing a checker to check if a function is called during ctor/dtor.</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>void VirtualCallChecker::<wbr>checkPreCall(const CallEvent &Call, </div></div><div><div> CheckerContext &C) const {</div></div><div><div> const Decl *D = dyn_cast_or_null<Decl>(Call.<wbr>getDecl());</div></div><div><div> if (!D)</div></div><div><div> return;</div></div><div><div> ProgramStateRef state = C.getState();</div></div><div><div> // Enter a constructor, increase the corresponding integer</div></div><div><div> if (dyn_cast<CXXConstructorDecl>(<wbr>D)) {</div></div><div><div> unsigned constructorflag = state->get<ConstructorFlag>();</div></div><div><div> state = state->set<ConstructorFlag>(++<wbr>constructorflag);</div></div><div><div> C.addTransition(state);</div></div><div><div> return;</div></div><div><div> }</div></div><div><div> if (state->get<ConstructorFlag>() > 0) {</div><div> if (!BT_CT) {</div><div> BT_CT.reset(new BugType(this, "Call to virtual function during construction", </div><div> "not pure"));</div><div> }</div><div> ExplodedNode *N = C.generateNonFatalErrorNode();</div><div> auto Reporter = llvm::make_unique<BugReport>(*<wbr>BT_CT, BT_CT->getName(), N);</div><div> C.emitReport(std::move(<wbr>Reporter));</div><div> return;</div><div> }</div></div><div>}</div><div><br></div></blockquote>If I use this checker to check the code which use the pointer to construct the class, it seems that the static analyzer doesn't enter the construction which is not inline. Is it true that the static analyzer doesn't enter the exploded graph which is not inline?<div><br></div><div>Regards,</div><div>Xin</div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-06-19 12:00 GMT-07:00 Artem Dergachev <span dir="ltr"><<a href="mailto:noqnoqneo@gmail.com" target="_blank">noqnoqneo@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It seems that in the first case the analyzer decides to inline the constructor - i.e. jump into it and see what exactly is going on inside it, and apply these operations within the current analysis. And then it decides not to analyze the constructor separately, because it has a better idea about this part of the program when it knows what's going on around the code.<br>
<br>
Normally we don't guarantee that we inline any particular function, just try our best. In this case, it might be that the analyzer just wasn't ever taught that operator-new calls *that* constructor; instead, he decides to behave as if an unknown function is being called.<br>
<br>
In fact, you can see and confirm all the details by looking at the exploded graphs themselves; they should be quite easy to understand, even though they often contain too much information.<span class=""><br>
<br>
On 6/19/17 7:05 PM, Xin Wang via cfe-dev wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hello everyone,<br>
<br>
I have some questions about the exploded graph.<br>
<br></span>
/class A {<span class=""><br>
public:<br>
A() {foo();}<br>
void foo();<br>
};<br>
int main() {<br></span>
/<br>
/ A a;<br>
/<br>
/}<br>
/<span class=""><br>
When I use the clang to dump the exploded graph of the code above. There is only one exploded graph.<br>
<br></span>
/class A {<span class=""><br>
public:<br>
A() {foo();}<br>
void foo();<br>
};<br>
int main() {<br>
A *a = new A();<br></span>
/<br>
/ delete a;<br>
/<br>
/}<br>
<br>
/<span class=""><br>
But when I dump the code above. There is two exploded graph, one for main and another for the construction of the class A.<br>
<br>
My question is: what is the difference between using the pointer and using the object to initialize a class? Can I use the path-sensitive checker to explore the exploded graph of the construction.<br>
<br>
Regards,<br>
Xin<br>
<br>
<br></span>
______________________________<wbr>_________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a><br>
</blockquote>
<br>
</blockquote></div><br></div>