<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Yes, totally, just take a MemRegionManager, construct the right
FieldRegion of the LCV's parent region, and then do getBinding() of
that region within the LCV's Store.<br>
<br>
Small structures are unwrapped in
RegionStoreManager::tryBindSmallStruct().<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 6/27/19 3:45 PM, Torry Chen wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CADmWND9Z9x-DyGg5O2PEXJGb-rof82uCVjb-qRef46EdoLZsoA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">I build my Clang in Release mode without
assertions. For pos2, LCVal = StoreMgr.getDefaultBinding(*LCV)
indeed returns None. I'm surprised LCVal->dump() didn't
crash.<br>
<br>
So this seems to be an expected behavior for getDefaultBinding()
due to small struct optimization. Can I retrieve the two field
symbols for pos2 in this case (in evalCall or checkPreCall)? Or
you could point me to the code where the small struct
optimization happens with unwrapped binds.<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, 27 Jun 2019 at 14:32,
Artem Dergachev <<a href="mailto:noqnoqneo@gmail.com"
moz-do-not-send="true">noqnoqneo@gmail.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> (in my case it's None because of small
struct optimization; you see the value as
lazyCompoundVal{0x5d4bb38,pos1} in checkBind but during the
actual bind it gets unwrapped into two symbols)<br>
<br>
<div class="gmail-m_379797272037330046moz-cite-prefix">On
6/27/19 2:22 PM, Artem Dergachev wrote:<br>
</div>
<blockquote type="cite"> Mmm, weird. I tried and for me it
crashes unwrapping an empty optional. My only guess is -
do you build your clang with assertions enabled? Otherwise
your checker would behave in undefined manner in this
scenario. Could you check if the optional actually does
contain a value?<br>
<br>
<div class="gmail-m_379797272037330046moz-cite-prefix">On
6/25/19 9:10 PM, Torry Chen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thank you Artem! It seems
StoreManager::getDefaultBinding() won't work if the
struct variable is copied. As shown below,
getDefaultBinding() returns an undefined SVal.<br>
<br>
I could go down into fields to get the derived symbols
for X and Y respectively, and then use
getParentSymbol() to get the symbol for the whole
struct. This looks cumbersome though. Is there a more
convenient way to get the symbol for the whole struct
in this case?<br>
<br>
<font face="courier new, monospace">// checkBind: pos1
-> conj_$3{struct XY, LC1, S45418, #1}<br>
struct XY pos1 = next_pos(10, 20);<br>
<br>
// checkBind: pos2 ->
lazyCompoundVal{0x5d4bb38,pos1}<br>
struct XY pos2 = pos1;<br>
<br>
move_to_pos(pos2);</font><br>
<br>
<font face="courier new, monospace">/** evalCall for
move_to_pos():<br>
SVal Pos = C.getSVal(CE->getArg(0));<br>
ProgramStateRef State = C.getState();<br>
StoreManager &StoreMgr =
State->getStateManager().getStoreManager();<br>
auto LCV =
Pos.getAs<nonloc::LazyCompoundVal>();<br>
SVal LCSVal = *StoreMgr.getDefaultBinding(*LCV);<br>
LCSVal.dump() // <- Undefined<br>
...<br>
const Store St =
LCV->getCVData()->getStore();<br>
const SVal FieldSVal = StoreMgr.getBinding(St,
loc::MemRegionVal(FieldReg));<br>
FieldSVal.dump(); // <-
derived_$4{conj_$3{struct XY, LC1, S45418,
#1},pos1->X}<br>
<br>
const auto *SD =
dyn_cast<SymbolDerived>(FieldSVal.getAsSymbol());<br>
const auto ParentSym = SD->getParentSymbol();<br>
ParentSym.dump(); // <- conj_$3{struct XY, LC1,
S45418, #1}<br>
**/</font><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 25 Jun 2019
at 14:06, Artem Dergachev <<a
href="mailto:noqnoqneo@gmail.com" target="_blank"
moz-do-not-send="true">noqnoqneo@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> The "0x4aa1c58" part of
"lazyCompoundVal{0x4aa1c58,pos1}" is a Store
object. You can access it with getStore() and then
read it with the help of a StoreManager.<br>
<br>
Hmm, we seem to already have a convenient API for
that, you can do
StoreManager::getDefaultBinding(nonloc::LazyCompoundVal)
directly if all you need is a default-bound
conjured symbol. But if you want to lookup, say,
specific fields in the structure (X and Y
separately), you'll need to do getBinding() on
manually constructed FieldRegions (in your case it
doesn't look very useful because the whole
structure is conjured anyway).<br>
<br>
I guess at this point you might like the chapter 5
of my old workbook (<a
class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-txt-link-freetext"
href="https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf"
target="_blank" moz-do-not-send="true">https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf</a>),
as for now it seems to be the only place where
different kinds of values are explained.<br>
<br>
<br>
<div
class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-cite-prefix">On
6/25/19 2:35 AM, Torry Chen via cfe-dev wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">My project has a struct type as
follows and I'm writing a checker for some
functions that take the struct value as an
argument. In the checkPreCall function I see
the argument is an LazyCompoundVal, not a
symbol as it would be for a primitive type. I
tried a few ways to extract the symbol from
the LazyCompountVal with no luck. Hope to get
some help here.<br>
<br>
<font face="courier new, monospace">struct XY
{<br>
uint64_t X;<br>
uint64_t Y;<br>
};<br>
<br>
...<br>
// checkBind: pos1 -> conj_$3{struct XY,
LC1, S63346, #1}</font>
<div><span>struct XY pos1 = next_pos(...);</span> <font
face="courier new, monospace"><br>
<br>
// checkPreCall: Arg0:
lazyCompoundVal{0x4aa1c58,pos1}<br>
move_to_pos(pos1);</font><br>
</div>
</div>
<br>
<fieldset
class="gmail-m_379797272037330046gmail-m_-4861931114608865060mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-quote-pre">_______________________________________________
cfe-dev mailing list
<a class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org" target="_blank" moz-do-not-send="true">cfe-dev@lists.llvm.org</a>
<a class="gmail-m_379797272037330046gmail-m_-4861931114608865060moz-txt-link-freetext" href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank" moz-do-not-send="true">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>