<div dir="ltr">I build my Clang in Release mode without assertions. For pos2, LCVal = StoreMgr.getDefaultBinding(*LCV) indeed returns None. I'm surprised LCVal->dump() didn't crash.<br><br>So this seems to be an expected behavior for getDefaultBinding() due to small struct optimization. Can I retrieve the two field symbols for pos2 in this case (in evalCall or checkPreCall)? Or you could point me to the code where the small struct optimization happens with unwrapped binds.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 27 Jun 2019 at 14:32, Artem Dergachev <<a href="mailto:noqnoqneo@gmail.com">noqnoqneo@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
(in my case it's None because of small struct optimization; you see
the value as lazyCompoundVal{0x5d4bb38,pos1} in checkBind but during
the actual bind it gets unwrapped into two symbols)<br>
<br>
<div class="gmail-m_379797272037330046moz-cite-prefix">On 6/27/19 2:22 PM, Artem Dergachev
wrote:<br>
</div>
<blockquote type="cite">
Mmm, weird. I tried and for me it crashes unwrapping an empty
optional. My only guess is - do you build your clang with
assertions enabled? Otherwise your checker would behave in
undefined manner in this scenario. Could you check if the optional
actually does contain a value?<br>
<br>
<div class="gmail-m_379797272037330046moz-cite-prefix">On 6/25/19 9:10 PM, Torry Chen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thank you Artem! It seems
StoreManager::getDefaultBinding() won't work if the struct
variable is copied. As shown below, getDefaultBinding()
returns an undefined SVal.<br>
<br>
I could go down into fields to get the derived symbols for X
and Y respectively, and then use getParentSymbol() to get the
symbol for the whole struct. This looks cumbersome though. Is
there a more convenient way to get the symbol for the whole
struct in this case?<br>
<br>
<font face="courier new, monospace">// checkBind: pos1 ->
conj_$3{struct XY, LC1, S45418, #1}<br>
struct XY pos1 = next_pos(10, 20);<br>
<br>
// checkBind: pos2 -> lazyCompoundVal{0x5d4bb38,pos1}<br>
struct XY pos2 = pos1;<br>
<br>
move_to_pos(pos2);</font><br>
<br>
<font face="courier new, monospace">/** evalCall for
move_to_pos():<br>
SVal Pos = C.getSVal(CE->getArg(0));<br>
ProgramStateRef State = C.getState();<br>
StoreManager &StoreMgr =
State->getStateManager().getStoreManager();<br>
auto LCV = Pos.getAs<nonloc::LazyCompoundVal>();<br>
SVal LCSVal = *StoreMgr.getDefaultBinding(*LCV);<br>
LCSVal.dump() // <- Undefined<br>
...<br>
const Store St = LCV->getCVData()->getStore();<br>
const SVal FieldSVal = StoreMgr.getBinding(St,
loc::MemRegionVal(FieldReg));<br>
FieldSVal.dump(); // <- derived_$4{conj_$3{struct XY,
LC1, S45418, #1},pos1->X}<br>
<br>
const auto *SD =
dyn_cast<SymbolDerived>(FieldSVal.getAsSymbol());<br>
const auto ParentSym = SD->getParentSymbol();<br>
ParentSym.dump(); // <- conj_$3{struct XY, LC1, S45418,
#1}<br>
**/</font><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 25 Jun 2019 at
14:06, Artem Dergachev <<a href="mailto:noqnoqneo@gmail.com" target="_blank">noqnoqneo@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> The "0x4aa1c58" part of
"lazyCompoundVal{0x4aa1c58,pos1}" is a Store object. You
can access it with getStore() and then read it with the
help of a StoreManager.<br>
<br>
Hmm, we seem to already have a convenient API for that,
you can do
StoreManager::getDefaultBinding(nonloc::LazyCompoundVal)
directly if all you need is a default-bound conjured
symbol. But if you want to lookup, say, specific fields in
the structure (X and Y separately), you'll need to do
getBinding() on manually constructed FieldRegions (in your
case it doesn't look very useful because the whole
structure is conjured anyway).<br>
<br>
I guess at this point you might like the chapter 5 of my
old workbook (<a class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-txt-link-freetext" href="https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf" target="_blank">https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf</a>),
as for now it seems to be the only place where different
kinds of values are explained.<br>
<br>
<br>
<div class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-cite-prefix">On
6/25/19 2:35 AM, Torry Chen via cfe-dev wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">My project has a struct type as follows
and I'm writing a checker for some functions that take
the struct value as an argument. In the checkPreCall
function I see the argument is an LazyCompoundVal, not
a symbol as it would be for a primitive type. I tried
a few ways to extract the symbol from the
LazyCompountVal with no luck. Hope to get some help
here.<br>
<br>
<font face="courier new, monospace">struct XY {<br>
uint64_t X;<br>
uint64_t Y;<br>
};<br>
<br>
...<br>
// checkBind: pos1 -> conj_$3{struct XY, LC1,
S63346, #1}</font>
<div><span>struct XY pos1 =
next_pos(...);</span> <font face="courier new,
monospace"><br>
<br>
// checkPreCall: Arg0:
lazyCompoundVal{0x4aa1c58,pos1}<br>
move_to_pos(pos1);</font><br>
</div>
</div>
<br>
<fieldset class="gmail-m_379797272037330046gmail-m_-4861931114608865060mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-quote-pre">_______________________________________________
cfe-dev mailing list
<a class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>
<a class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-txt-link-freetext" href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
<br>
</div>
</blockquote></div>