[cfe-commits] [PATCH] Fix for PR7218, and analyzer support for calloc()
Zhongxing Xu
xuzhongxing at gmail.com
Fri May 28 23:55:08 PDT 2010
I'm thinking about the whole logic below. Does it make sense to try to get
the direct binding of the super region of an element region?
I can only think of one case:
int x = 1;
char *y = &x;
y[2];
But this case only triggers 'return UnknownVal();' in the last. What cases
does the 3 'if' above deal with?
RegionStore.cpp:1177
// Check if the immediate super region has a direct binding.
if (const Optional<SVal> &V = getDirectBinding(B, superR)) {
if (SymbolRef parentSym = V->getAsSymbol()) {
return ValMgr.getDerivedRegionValueSymbolVal(parentSym, R);
}
if (V->isUnknownOrUndef())
return *V;
// Handle LazyCompoundVals for the immediate super region. Other cases
// are handled in 'RetrieveFieldOrElementCommon'.
if (const nonloc::LazyCompoundVal *LCV =
dyn_cast<nonloc::LazyCompoundVal>(V)) {
R = MRMgr.getElementRegionWithSuper(R, LCV->getRegion());
return RetrieveElement(LCV->getStore(), R);
}
// Other cases: give up.
return UnknownVal();
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20100529/03434c4a/attachment.html>
More information about the cfe-commits
mailing list