<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
You've peeled off too much information. In this example you only
need to track the element (in the form of the specific
ElementRegion), but you're trying to track the whole array instead.
The information about index is crucial for that. You should not peel
it off, but instead use it.<br>
<br>
Also, the trackNullOrUndefValue visitor is a mess. These
getDerefExpr/peelOffOuterExpr/etc functions have really weird
contracts that nobody understands. Getting anything done here is
very hard unless somebody actually does the work of decomposing the
solution into simple clear steps (which is, well, the hardest part
of programming).<br>
<br>
If you ever need to see if a LazyCompoundVal is fully or partially
(un)initialized, you can iterBindings(). This is non-typechecked
lookup (i.e., you cannot figure out which specific sub-region is
initialized by the value you look at, you only get a byte offset).
You can also improve iterBindings() to make it possible to restrict
the iteration to a single cluster, because within the
LazyCompoundVal's Store only the cluster that corresponds to the
LazyCompoundVal's parent region is relevant.<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/7/18 3:50 AM, Henry Wong via
cfe-dev wrote:<br>
</div>
<blockquote type="cite"
cite="mid:PS1PR04MB2871ADDBD41538EDE2F10D64A4270@PS1PR04MB2871.apcprd04.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Hi all,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
For the code below, there is a undefined value assignment.
However the report is incomplete, based on the report, we can't
know where the undefined value came from.</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
```</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
// clang -cc1 -analyze -analyzer-checker=core
-analyzer-output=text test.c</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
void foo() {</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
char *argv[10];</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
const char* s = argv[2];</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
}</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
// R<span style=" background-color: rgb(255, 255, 255); display:
inline !important">eport information.</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span>test.c:3:2: warning: Assigned value is garbage or
undefined<br>
</span>
<div> const char *s = argv[2];<br>
</div>
<div> ^ ~~~~~~~<br>
</div>
<div>test.c:3:2: note: Assigned value is garbage or undefined<br>
</div>
<div> const char *s = argv[2];<br>
</div>
<div> ^ ~~~~~~~<br>
</div>
<span>1 warning generated.</span><br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
```</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
The fix for this is not complex, adding the special hanle for
`ArraySubscriptExpr` in `peelOffOuterExpr()` can achieve the
goal.</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
```</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span>static const Expr *peelOffOuterExpr(const Expr *Ex, </span><span>const
ExplodedNode *N) {</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
// ...</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span>if (auto *ASE = dyn_cast<ArraySubscriptExpr>(Ex))<br>
</span>
<div> return peelOffOuterExpr(ASE->getBase(), N);<br>
</div>
<span></span><br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
// ...</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
}</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
```</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
However, After we modified `peelOffOuterExpr()`, another problem
emerged at this time. Although we got the information where the
undefined value came from, the description is not correct. </div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
```</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span>test.c:3:2: warning: Assigned value is garbage or
undefined<br>
</span>
<div> const char *s = argv[2];<br>
</div>
<div> ^ ~~~~~~~<br>
</div>
<div>test.c:2:2: note: 'argv' initialized here<br>
</div>
<div> char *argv[10];<br>
</div>
<div> ^~~~~~~~~~<br>
</div>
<div>test.c:3:2: note: Assigned value is garbage or undefined<br>
</div>
<div> const char *s = argv[2];<br>
</div>
<div> ^ ~~~~~~~<br>
</div>
<span>1 warning generated.</span><br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
```</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
The essential reason is that analyzer <span>treat </span><span>completely-undefined
structures as defined values, see
<a
href="http://clang-developers.42468.n3.nabble.com/uninitialized-variable-tp4053392p4053393.html"
id="LPlnk313727" moz-do-not-send="true">
http://clang-developers.42468.n3.nabble.com/uninitialized-variable-tp4053392p4053393.html</a>.
That's why `showBRDiagnostics()` gave the wrong description.</span></div>
<div
id="LPBorder_GTaHR0cDovL2NsYW5nLWRldmVsb3BlcnMuNDI0NjgubjMubmFiYmxlLmNvbS91bmluaXRpYWxpemVkLXZhcmlhYmxlLXRwNDA1MzM5MnA0MDUzMzkzLmh0bWw."
class="LPBorder689043" style="width: 100%; margin-top: 16px;
margin-bottom: 16px; position: relative; max-width: 800px;
min-width: 424px;" contenteditable="false">
<table id="LPContainer689043" role="presentation"
style="padding: 12px 36px 12px 12px; width: 100%;
border-width: 1px; border-style: solid; border-color: rgb(200,
200, 200); border-radius: 2px;">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td style="width: 100%;">
<div id="LPTitle689043" style="font-size: 21px;
font-weight: 300; margin-right: 8px; font-family:
wf_segoe-ui_light, "Segoe UI Light",
"Segoe WP Light", "Segoe UI",
"Segoe WP", Tahoma, Arial, sans-serif;
margin-bottom: 12px;">
<a target="_blank" id="LPUrlAnchor689043"
href="http://clang-developers.42468.n3.nabble.com/uninitialized-variable-tp4053392p4053393.html"
istemptitle="true" style="text-decoration: none;
color: var(--themePrimary);" moz-do-not-send="true">Clang
Developers - uninitialized variable</a></div>
<div id="LPDescription689043" style="font-size: 14px;
max-height: 100px; color: rgb(102, 102, 102);
font-family: wf_segoe-ui_normal, "Segoe UI",
"Segoe WP", Tahoma, Arial, sans-serif;
margin-bottom: 12px; margin-right: 8px; overflow:
hidden;">
uninitialized variable. I am writing a checker to
check that a variable is given a value before it is
accessed. So I created a checkLocation call-back: void
checkLocation(SVal L, bool IsLoad, const...</div>
<div id="LPMetadata689043" style="font-size: 14px;
font-weight: 400; color: rgb(166, 166, 166);
font-family: wf_segoe-ui_normal, "Segoe UI",
"Segoe WP", Tahoma, Arial, sans-serif;">
clang-developers.42468.n3.nabble.com</div>
</td>
</tr>
</tbody>
</table>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
I want to know if there is a simple and efficient way to
determine whether the `LazyCompoundVal` is undefined or
partially-undefined except iterating the `ElementRegion`
bindings?</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Thanks in advance!</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="signature">
<div style="font-family:Calibri,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Henry Wong</div>
<div style="font-family:Calibri,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Qihoo 360 Codesafe Team</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>