<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Yeah, this looks pretty broken. One does not simply overwrite his
this-pointer using valid C++. Feel free to fix :)<br>
<br>
<div class="moz-cite-prefix">On 4/2/18 12:47 AM, Henry Wong wrote:<br>
</div>
<blockquote type="cite"
cite="mid:HK2PR04MB07533B407120547173E5E8B3A4A60@HK2PR04MB0753.apcprd04.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
Hi Artem,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
Thank you for your explanation1 You are right, invalidation of
the region </div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
contents of the class object is <span style="color: rgb(0, 0,
0); font-family: Calibri, Helvetica, sans-serif; font-size:
12pt;">correct and common. However `this</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 12pt;">` pointer i</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 12pt;">s no-lvalue
</span><span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 12pt;">and it's a </span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 12pt;">`prvalue expression</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 12pt;">` in c++17.</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 12pt;"> IMHO, invalidation of
`CXXThisObjectRegion` </span><span style="color: rgb(0, 0, 0);
font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">i</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 12pt;">s</span><span style="color:
rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt;"> incorrect and violates the C++ standard.</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 12pt;"><br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 12pt;">Given the code below:</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
----------<span style="color: rgb(0, 0, 0); font-family:
Calibri, Helvetica, sans-serif; font-size: 16px; font-style:
normal; font-variant-ligatures: normal; font-variant-caps:
normal; font-weight: 400;">----------</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">----------</span><span style="color: rgb(0,
0, 0); font-family: Calibri, Helvetica, sans-serif; font-size:
16px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400;">----------</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">----------</span><span style="color: rgb(0,
0, 0); font-family: Calibri, Helvetica, sans-serif; font-size:
16px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400;">----------</span><span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">----------</span><span style="color: rgb(0,
0, 0); font-family: Calibri, Helvetica, sans-serif; font-size:
16px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400;">----------</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;"> // $ clang -cc1 -analyze
-analyzer-checker=core,debug.ExprInspection </span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;"> // -analyzer-config widen-loops=true
test.cpp<br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;"><br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">
<div> 1 void clang_analyzer_eval(int);</div>
<div> 2</div>
<div> 3 struct A {</div>
<div> 4 int num;</div>
<div> 5 void func(int i) {</div>
<div> 6 int sum = 0;</div>
<div> 7 clang_analyzer_eval(sum == 0); // should be
true</div>
<div> 8 for (i = 0; i < 100; ++i) { sum++; }</div>
<div> 9 num = 0;</div>
<div> 10 }</div>
<div> 11 };</div>
<div> 12</div>
<div> 13 int main() {</div>
<div> 14 A a;</div>
<div> 15 a.num = 10;</div>
<div> 16 a.func(10);</div>
<div> 17 clang_analyzer_eval(a.num == 0); // UNKNOWN,
should be true.</div>
<div> 18 }</div>
<div>
</div>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">
<div style="font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400;
font-size: 12pt; font-family: Calibri, Helvetica,
sans-serif; color: rgb(0, 0, 0);">
----------<span style="font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; font-size: 16px; font-family: Calibri,
Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span
style="font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; font-size:
16px; font-family: Calibri, Helvetica, sans-serif; color:
rgb(0, 0, 0);">----------</span><span style="font-style:
normal; font-variant-ligatures: normal; font-variant-caps:
normal; font-weight: 400; font-size: 16px; font-family:
Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span
style="font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; font-size:
16px; font-family: Calibri, Helvetica, sans-serif; color:
rgb(0, 0, 0);">----------</span><span style="font-style:
normal; font-variant-ligatures: normal; font-variant-caps:
normal; font-weight: 400; font-size: 16px; font-family:
Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span
style="font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; font-size:
16px; font-family: Calibri, Helvetica, sans-serif; color:
rgb(0, 0, 0);">----------</span><span style="font-style:
normal; font-variant-ligatures: normal; font-variant-caps:
normal; font-weight: 400; font-size: 16px; font-family:
Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span></div>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Before invalidation,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Store (direct and default bindings), 0x7f9de8014d90 :<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<div>(a,0,direct) : 10 S32b</div>
<div><br>
</div>
<div>(i,0,direct) : 3 S32b</div>
<div><br>
</div>
<div>(this,0,direct) : &a</div>
<div><br>
</div>
<div>(sum,0,direct) : 3 S32b</div>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<div style="font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; font-size: 12pt;
font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0,
0);">
--------------------------------------------------------------------------------</div>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
After invalidation,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<div style="font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; font-size: 12pt;
font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0,
0);">
<div style="font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400;
font-size: 12pt; font-family: Calibri, Helvetica,
sans-serif; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
<div>
<div>Store (direct and default bindings), 0x7f9de8015828 :</div>
<div>(a,0,default) : conj_$2{int}</div>
<div><br>
</div>
<div>(i,0,direct) : conj_$3{int}</div>
<div><br>
</div>
<div>(this,0,direct) : &SymRegion{conj_$1{struct A *}}</div>
<div><br>
</div>
<div>(sum,0,direct) : conj_$0{int}</div>
</div>
</div>
<div style="font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; font-size: 12pt;
font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0,
0);">
<div style="font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400;
font-size: 12pt; font-family: Calibri, Helvetica,
sans-serif; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
</div>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
`<span style="color: rgb(0, 0, 0); font-family: Calibri,
Helvetica, sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">(this,0,direct) : &a</span>` -> ` <span
style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica,
sans-serif; font-size: 16px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400;">(this,0,direct) :
&SymRegion{conj_$1{struct A *}}</span>`</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
is inaccurate and too conservative. The more serious problem is
that the </div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
corresponding relationship between `this` pointer and its
corresponding </div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Object-Region has been broken. Modifications to data member do
not affect </div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
the actual Object-Region because at this time `this` pointer is
pointing to a</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
`SymbolicRegion`. For example, there should emit `TRUE` at the
line 17 in </div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
the sample code, but emitted `UNKNOWN` instead.</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="signature">
<div style="font-family:Calibri,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Henry Wong</div>
<div style="font-family:Calibri,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Qihoo 360 Codesafe Team</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b> Artem
Dergachev <a class="moz-txt-link-rfc2396E" href="mailto:noqnoqneo@gmail.com"><noqnoqneo@gmail.com></a><br>
<b>Sent:</b> Monday, April 2, 2018 8:31<br>
<b>To:</b> Henry Wong; <a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a><br>
<b>Cc:</b> Péter Szécsi<br>
<b>Subject:</b> Re: [cfe-dev] [analyzer] Should we invalidate
the `this` pointer?</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span
style="font-size:11pt;">
<div class="PlainText">This assertion is pretty fundamental.
Invalidation, if done correctly,
<br>
should not have triggered it - after all, invalidation
could occur for <br>
any other reason, not necessarily because of loop
widening.<br>
<br>
Invalidation of this-region contents (that is, not of the
<br>
CXXThisObjectRegion of the current stack frame, but of the
actual <br>
this-region which is a pointee of the CXXThisObjectRegion)
sounds <br>
reasonable if the region is modified within the loop -
which is going to <br>
often be the case.<br>
<br>
On 3/31/18 2:02 AM, Henry Wong via cfe-dev wrote:<br>
> Hi all,<br>
><br>
> I recently encountered a assertion failure as
shown below.<br>
><br>
> `Assertion
`!InitValWithAdjustments.getAs<Loc>() || <br>
> Loc::isLocType(Result->getType()) || <br>
> Result->getType()->isMemberPointerType()'
failed`<br>
><br>
> The code that will trigger this assertion failed.<br>
>
----------------------------------------------------------------------------------------------------<br>
> struct BlockId {<br>
> BlockId();<br>
> };<br>
><br>
> void goo(BlockId id);<br>
><br>
> BlockId::BlockId() {<br>
> int count = 10;<br>
> do {<br>
><br>
> } while (count--);<br>
> }<br>
><br>
> int main() {<br>
> goo(BlockId());<br>
> }<br>
>
----------------------------------------------------------------------------------------------------<br>
><br>
> The reason is that the analyzer invalidate the `this`
pointer <br>
> at loop-widen. The more essential question is "Should
we invalidate <br>
> the `this` pointer?"<br>
><br>
> Thanks in advance!<br>
><br>
> Henry Wong<br>
> Qihoo 360 Codesafe Team<br>
><br>
><br>
> _______________________________________________<br>
> cfe-dev mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a><br>
> <a
href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev"
moz-do-not-send="true">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br>
</div>
</span></font></div>
</blockquote>
<br>
</body>
</html>