<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Let's discriminate between void*-typed regions and expressions.<br>
<br>
Ex.1:<br>
<br>
void foo(void *p) {<br>
p; // ???<br>
}<br>
<br>
Ex.2:<br>
<br>
void foo() {<br>
int x;<br>
void *p = &x;<br>
p; // ???<br>
}<br>
<br>
In example 1, assuming foo() is the top frame of the analysis, we
have a symbolic region based on an external pointer about which we
know literally nothing. The region is untyped and you won't ever be
able to obtain any type information about its contents. This is
example of a memory region that doesn't have a type.<br>
<br>
In example 2, we have a void*-typed expression that evaluates to a
variable-region '&x'. The expression has type 'void *', but the
analyzer knows that the "dynamic type" of the object pointed to by
'p' is 'int'. You can retrieve that type by casting the region to
TypedValueRegion and taking the value type, or conveniently via the
getDynamicTypeInfo() API, which additionally knows about other
potential sources of type information (not only the region object's
type) (in fact, i believe that the region's type should have been a
trait, not property of the region, to begin with).<br>
<br>
So i encourage you to look at region types rather than at
variable/field/expression types because the former are [not always
but] often richer.<br>
<br>
One thing you're totally right about, though, is that none of this
has changed since the statement was written :)<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 6/21/18 10:47 AM, Kristóf Umann via
cfe-dev wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAGcXOD6bc9TWULPVUhDnuO166hn95asxUbGdaia8RvfgUQx3cQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hello! :)<br>
<br>
In short: Is it possible to obtain the type of the region a
void* or nonloc::LocAsInteger object points to? Note that this
is a C++-only checker.<br>
<br>
In detail:<br>
<br>
I'm working on numerous fixes to UninitializedObjectChecker. I
am however stuck at two of them:<br>
<br>
* instead of ignoring void pointer types, I intend to obtain the
object it points to by first acquiring the dynamic type of the
pointer<br>
* handle nonloc::LocAsInteger, where I'll also need obtain a
dynamic type.<br>
<br>
However, after carefully reading Artem Degrachev's (absolutely
outstanding!) guide "Clang Static Analyzer -- A Checker
Developer's Guide", in section 4.3.6 (about check::Bind) I found
this statement:<br>
"Not every memory region has a type; for example, any void
pointer points to a certain memory region, but the analyzer
cannot afford making assumptions about the type of values stored
in such region.".<br>
<br>
I have looked around in the code, have found
`getDynamicTypeInfo`, and tried various other methods, but I
start to think that this hasn't changed since the time that
statement was written. Is this correct?<br>
<br>
Best regards,<br>
Kristóf Umann<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>