[PATCH] D50509: [analyzer][UninitializedObjectChecker] Refactoring p6.: Move dereferencing to a function
Umann Kristóf via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 17 14:18:46 PDT 2018
Szelethus added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp:223
+ // int*).
+ while (auto Tmp = V.getAs<loc::MemRegionVal>()) {
+ // We can't reason about symbolic regions, assume its initialized.
----------------
NoQ wrote:
> Szelethus wrote:
> > NoQ wrote:
> > > Hmm, i still have concerns about things like `int *x = (int *)&x;`. Why not just check the type to terminate the loop? Type hierarchy is guaranteed to be finite.
> > There actually is a testcase for that -- it would create a nonloc::LocAsInteger, not a loc::MemRegionVal.
> >
> > I'll add a TODO to revisit this loop condition (again :) ).
> Ok, let's try with one more asterisk:
> ```
> 1 void test() {
> 2 int **x = (int **)&x;
> 3 int *y = *x;
> 4 int z = *y;
> 5 }
> ```
>
> Here's what i get in the Store:
> ```
> (x,0,direct) : &element{x,0 S64b,int *}
> (y,0,direct) : &element{x,0 S64b,int *}
> (z,0,direct) : &element{x,0 S64b,int *}
> ```
Sounds fun, I'll see how the checker behaves to these when I'm in the office.
https://reviews.llvm.org/D50509
More information about the cfe-commits
mailing list