<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Hi Artem,</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Thank you for your explanation1 You are right, invalidation of the region </div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
contents of the class object is <span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">correct and common. However `this</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">`
pointer i</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">s no-lvalue
</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">and it's a </span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">`prvalue expression</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">`
in c++17.</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;"> IMHO, invalidation of `CXXThisObjectRegion` </span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">i</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">s</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;"> incorrect
and violates the C++ standard.</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;"><br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">Given the code below:</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
----------<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span><span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">----------</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> // $ clang -cc1 -analyze -analyzer-checker=core,debug.ExprInspection </span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> // -analyzer-config widen-loops=true test.cpp<br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"><br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">
<div></div>
<div></div>
<div> 1 void clang_analyzer_eval(int);</div>
<div> 2</div>
<div> 3 struct A {</div>
<div> 4 int num;</div>
<div> 5 void func(int i) {</div>
<div> 6 int sum = 0;</div>
<div> 7 clang_analyzer_eval(sum == 0); // should be true</div>
<div> 8 for (i = 0; i < 100; ++i) { sum++; }</div>
<div> 9 num = 0;</div>
<div> 10 }</div>
<div> 11 };</div>
<div> 12</div>
<div> 13 int main() {</div>
<div> 14 A a;</div>
<div> 15 a.num = 10;</div>
<div> 16 a.func(10);</div>
<div> 17 clang_analyzer_eval(a.num == 0); // UNKNOWN, should be true.</div>
<div> 18 }</div>
<div></div>
<div>
<div></div>
</div>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">
<div style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">
----------<span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span><span style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 16px; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">----------</span></div>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Before invalidation,</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Store (direct and default bindings), 0x7f9de8014d90 :<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div>(a,0,direct) : 10 S32b</div>
<div><br>
</div>
<div>(i,0,direct) : 3 S32b</div>
<div><br>
</div>
<div>(this,0,direct) : &a</div>
<div><br>
</div>
<div>(sum,0,direct) : 3 S32b</div>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
After invalidation,</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">
<div style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
<div>
<div>Store (direct and default bindings), 0x7f9de8015828 :</div>
<div>(a,0,default) : conj_$2{int}</div>
<div><br>
</div>
<div>(i,0,direct) : conj_$3{int}</div>
<div><br>
</div>
<div>(this,0,direct) : &SymRegion{conj_$1{struct A *}}</div>
<div><br>
</div>
<div>(sum,0,direct) : conj_$0{int}</div>
</div>
</div>
<div style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">
<div style="font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; font-size: 12pt; font-family: Calibri, Helvetica, sans-serif; color: rgb(0, 0, 0);">
--------------------------------------------------------------------------------</div>
</div>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
`<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">(this,0,direct) : &a</span>` -> ` <span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;">(this,0,direct)
: &SymRegion{conj_$1{struct A *}}</span>`</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
is inaccurate and too conservative. The more serious problem is that the </div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
corresponding relationship between `this` pointer and its corresponding </div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Object-Region has been broken. Modifications to data member do not affect </div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
the actual Object-Region because at this time `this` pointer is pointing to a</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
`SymbolicRegion`. For example, there should emit `TRUE` at the line 17 in </div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
the sample code, but emitted `UNKNOWN` instead.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="signature">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Henry Wong</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Qihoo 360 Codesafe Team</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Artem Dergachev <noqnoqneo@gmail.com><br>
<b>Sent:</b> Monday, April 2, 2018 8:31<br>
<b>To:</b> Henry Wong; cfe-dev@lists.llvm.org<br>
<b>Cc:</b> Péter Szécsi<br>
<b>Subject:</b> Re: [cfe-dev] [analyzer] Should we invalidate the `this` pointer?</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">This assertion is pretty fundamental. Invalidation, if done correctly,
<br>
should not have triggered it - after all, invalidation could occur for <br>
any other reason, not necessarily because of loop widening.<br>
<br>
Invalidation of this-region contents (that is, not of the <br>
CXXThisObjectRegion of the current stack frame, but of the actual <br>
this-region which is a pointee of the CXXThisObjectRegion) sounds <br>
reasonable if the region is modified within the loop - which is going to <br>
often be the case.<br>
<br>
On 3/31/18 2:02 AM, Henry Wong via cfe-dev wrote:<br>
> Hi all,<br>
><br>
> I recently encountered a assertion failure as shown below.<br>
><br>
> `Assertion `!InitValWithAdjustments.getAs<Loc>() || <br>
> Loc::isLocType(Result->getType()) || <br>
> Result->getType()->isMemberPointerType()' failed`<br>
><br>
> The code that will trigger this assertion failed.<br>
> ----------------------------------------------------------------------------------------------------<br>
> struct BlockId {<br>
> BlockId();<br>
> };<br>
><br>
> void goo(BlockId id);<br>
><br>
> BlockId::BlockId() {<br>
> int count = 10;<br>
> do {<br>
><br>
> } while (count--);<br>
> }<br>
><br>
> int main() {<br>
> goo(BlockId());<br>
> }<br>
> ----------------------------------------------------------------------------------------------------<br>
><br>
> The reason is that the analyzer invalidate the `this` pointer <br>
> at loop-widen. The more essential question is "Should we invalidate <br>
> the `this` pointer?"<br>
><br>
> Thanks in advance!<br>
><br>
> Henry Wong<br>
> Qihoo 360 Codesafe Team<br>
><br>
><br>
> _______________________________________________<br>
> cfe-dev mailing list<br>
> cfe-dev@lists.llvm.org<br>
> <a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br>
</div>
</span></font></div>
</body>
</html>