<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
(in my case it's None because of small struct optimization; you see
the value as lazyCompoundVal{0x5d4bb38,pos1} in checkBind but during
the actual bind it gets unwrapped into two symbols)<br>
<br>
<div class="moz-cite-prefix">On 6/27/19 2:22 PM, Artem Dergachev
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:528cd097-f0eb-e013-6ece-b4be6c44f414@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Mmm, weird. I tried and for me it crashes unwrapping an empty
optional. My only guess is - do you build your clang with
assertions enabled? Otherwise your checker would behave in
undefined manner in this scenario. Could you check if the optional
actually does contain a value?<br>
<br>
<div class="moz-cite-prefix">On 6/25/19 9:10 PM, Torry Chen wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CADmWND_VMD=U0=fE_RdMtqK35gmAKfWq2jq1VOR6P8nXHnVF_w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<div dir="ltr">Thank you Artem! It seems
StoreManager::getDefaultBinding() won't work if the struct
variable is copied. As shown below, getDefaultBinding()
returns an undefined SVal.<br>
<br>
I could go down into fields to get the derived symbols for X
and Y respectively, and then use getParentSymbol() to get the
symbol for the whole struct. This looks cumbersome though. Is
there a more convenient way to get the symbol for the whole
struct in this case?<br>
<br>
<font face="courier new, monospace">// checkBind: pos1 ->
conj_$3{struct XY, LC1, S45418, #1}<br>
struct XY pos1 = next_pos(10, 20);<br>
<br>
// checkBind: pos2 -> lazyCompoundVal{0x5d4bb38,pos1}<br>
struct XY pos2 = pos1;<br>
<br>
move_to_pos(pos2);</font><br>
<br>
<font face="courier new, monospace">/** evalCall for
move_to_pos():<br>
SVal Pos = C.getSVal(CE->getArg(0));<br>
ProgramStateRef State = C.getState();<br>
StoreManager &StoreMgr =
State->getStateManager().getStoreManager();<br>
auto LCV = Pos.getAs<nonloc::LazyCompoundVal>();<br>
SVal LCSVal = *StoreMgr.getDefaultBinding(*LCV);<br>
LCSVal.dump() // <- Undefined<br>
...<br>
const Store St = LCV->getCVData()->getStore();<br>
const SVal FieldSVal = StoreMgr.getBinding(St,
loc::MemRegionVal(FieldReg));<br>
FieldSVal.dump(); // <- derived_$4{conj_$3{struct XY,
LC1, S45418, #1},pos1->X}<br>
<br>
const auto *SD =
dyn_cast<SymbolDerived>(FieldSVal.getAsSymbol());<br>
const auto ParentSym = SD->getParentSymbol();<br>
ParentSym.dump(); // <- conj_$3{struct XY, LC1, S45418,
#1}<br>
**/</font><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 25 Jun 2019 at
14:06, Artem Dergachev <<a
href="mailto:noqnoqneo@gmail.com" moz-do-not-send="true">noqnoqneo@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> The "0x4aa1c58" part of
"lazyCompoundVal{0x4aa1c58,pos1}" is a Store object. You
can access it with getStore() and then read it with the
help of a StoreManager.<br>
<br>
Hmm, we seem to already have a convenient API for that,
you can do
StoreManager::getDefaultBinding(nonloc::LazyCompoundVal)
directly if all you need is a default-bound conjured
symbol. But if you want to lookup, say, specific fields in
the structure (X and Y separately), you'll need to do
getBinding() on manually constructed FieldRegions (in your
case it doesn't look very useful because the whole
structure is conjured anyway).<br>
<br>
I guess at this point you might like the chapter 5 of my
old workbook (<a
class="gmail-m_-4861931114608865060moz-txt-link-freetext"
href="https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf"
target="_blank" moz-do-not-send="true">https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf</a>),
as for now it seems to be the only place where different
kinds of values are explained.<br>
<br>
<br>
<div class="gmail-m_-4861931114608865060moz-cite-prefix">On
6/25/19 2:35 AM, Torry Chen via cfe-dev wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">My project has a struct type as follows
and I'm writing a checker for some functions that take
the struct value as an argument. In the checkPreCall
function I see the argument is an LazyCompoundVal, not
a symbol as it would be for a primitive type. I tried
a few ways to extract the symbol from the
LazyCompountVal with no luck. Hope to get some help
here.<br>
<br>
<font face="courier new, monospace">struct XY {<br>
uint64_t X;<br>
uint64_t Y;<br>
};<br>
<br>
...<br>
// checkBind: pos1 -> conj_$3{struct XY, LC1,
S63346, #1}</font>
<div><span style="font-family:"courier
new",monospace">struct XY pos1 =
next_pos(...);</span> <font face="courier new,
monospace"><br>
<br>
// checkPreCall: Arg0:
lazyCompoundVal{0x4aa1c58,pos1}<br>
move_to_pos(pos1);</font><br>
</div>
</div>
<br>
<fieldset
class="gmail-m_-4861931114608865060mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-4861931114608865060moz-quote-pre">_______________________________________________
cfe-dev mailing list
<a class="gmail-m_-4861931114608865060moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org" target="_blank" moz-do-not-send="true">cfe-dev@lists.llvm.org</a>
<a class="gmail-m_-4861931114608865060moz-txt-link-freetext" href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank" moz-do-not-send="true">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>