[PATCH] D104550: [analyzer] Implement getType for SVal

Valeriy Savchenko via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Jun 22 02:03:58 PDT 2021 

vsavchenko marked an inline comment as done.
vsavchenko added inline comments.


================
Comment at: clang/lib/StaticAnalyzer/Core/SVals.cpp:151
+  Optional<QualType> VisitNonLocLazyCompoundVal(nonloc::LazyCompoundVal LCV) {
+    return Visit(LCV.getRegion());
+  }
----------------
NoQ wrote:
> vsavchenko wrote:
> > NoQ wrote:
> > > This is correct except you need to get the value type, not the pointer type.
> > > 
> > > `LazyCompoundVal` is a `prvalue` and its parent region is the location in which this `prvalue` resided some time in the past. So the parent region is of the right type and it's always typed but you need the pointee type.
> > OK then, can you maybe hint how can I write a test where this is going to be a pointer type (or maybe then `getType` for regions works incorrectly).
> Regions have `getLocationType()` (the pointer type) and `getValueType()` (the pointee type). I think you need to call the latter directly in this case, bypassing recursion.
> 
> In order to obtain a live `LazyCompoundVal` specimen for testing purposes, you need to load an entire compound object (not necessarily represented by a `CompoundVal`) from Region Store.
> 
> Eg.,
> ```lang=c
>   struct MyStruct a;
>   // ...
>   struct MyStruct b = a; // Avoid C++ though, constructors are a different beast.
> ```
> 
> Or you could construct one directly. But that, of course, wouldn't give you any hints about the appropriate type.
> 
> > maybe then `getType` for regions works incorrectly
> 
> Hmm that's actually a good separate question. How do you know if a region represents a prvalue of pointer type or a glvalue of pointee type (including, but not limited to, references)? This can't be figured out without more context just by looking at the `SVal`.
> In order to obtain a live LazyCompoundVal specimen for testing purposes.
That's not a problem:
```
TestUnion d = {.c=b};
```
does produce LazyCompundVal and we don't get a pointer, but the value type.  That's why I was asking how I can construct an example when this current implementation fails.

> Hmm that's actually a good separate question. How do you know if a region represents a prvalue of pointer type or a glvalue of pointee type (including, but not limited to, references)? This can't be figured out without more context just by looking at the SVal.
Value categories are orthogonal to types, so I don't see why we should care for those in `getType`.  How do you think it should affect this particular functionality?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D104550/new/

https://reviews.llvm.org/D104550

More information about the cfe-commits mailing list