[cfe-commits] [PATCH] Fix for PR7218, and analyzer support for calloc()
Ted Kremenek
kremenek at apple.com
Sun May 30 15:03:55 PDT 2010
On May 30, 2010, at 12:46 AM, Jordy Rose wrote:
> Binding a symbolic region whose type is a reference shows up when the
> reference is an argument, like so:
>
> char t3 (char& r) {
> r = 'c';
> if (r) return r;
> return '0';
> }
>
> The reason for the SymbolicRegion section in canHaveDirectBinding(),
> though, was originally more about having a way to set default values by
> taking advantages of a fact about SymbolicRegions (if you're accessing them
> directly, it's either *p or a reference, or an explicit call to Bind()),
> not enforcing a rule.
I don't binding directly to the SymbolicRegion is the right way to handle references. In this case, I'd expect 'r' to evaluate to:
ElementRegion(SymbolicRegion, "char", 0)
and then the binding at:
r = 'c'
binds to the ElementRegion. There's no reason to special case references. Indeed, we should be treating them just as pointers. Consider:
int *p = 0;
int &q = *p;
q = 1;
At the assignment to 'q' we still need do a null check, an out-of-bounds check, etc.
More information about the cfe-commits
mailing list