[PATCH] D49199: [analyzer][UninitializedObjectChecker] Pointer/reference objects are dereferenced according to dynamic type
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 7 13:31:47 PDT 2018
NoQ accepted this revision.
NoQ added a comment.
This looks roughly correct, but at the same time none of the tests actually exercise the dynamic type propagation. In these tests all the necessary information is obtained from the structure of the MemRegion (directly or via the initial `StripCasts`), not from the dynamic type map that is an additional layer of metadata over the program state. The actual test would assume, as an example, chasing undefined values through a symbolic pointer produced by `operator new()` - which is a symbolic void pointer, but it points to a well-defined type of object. Because we skip symbolic pointers for now, i guess you cannot really write such tests. But at the same time chasing through //heap// symbolic pointers (i.e., pointers in the heap //memory space//) should be safe (so safe that they shouldn't really have been implemented as symbolic pointers in the first place).
https://reviews.llvm.org/D49199
More information about the cfe-commits
mailing list