[cfe-dev] [SCA] Should the super region of the ElementRegion always be typed?
Ted Kremenek
kremenek at apple.com
Wed Feb 4 10:18:01 PST 2009
On Feb 3, 2009, at 7:04 PM, Zhongxing Xu wrote:
> Consider this code:
>
> void foo(int *p) {
> p[0] = 1;
> }
>
> Currently we evaluate p[0] to loc::SymbolVal. I want it to be
> loc
> ::MemRegionVal(ElementRegion(SymbolicRegion(SymbolRegionRValue(p)),
> 0)). But
> ElementRegion assumes its super region be typed. Is this assumption
> too strong?
>
> -Zhongxing Xu
I think we can go ahead make SymbolicRegions typed until we have a
reason for them not to be. FWIW, symbols themselves are typed, so it
makes sense for their associated regions to also be typed.
I think for "untyped" symbolic regions the RValueType can be "void".
AnonTypedRegions can then help with layering the appropriate type
information, e.g. in the following case:
void bar(void *p) {
((char*) p)[0] = 1;
}
Here ((char*) p)[0] would evaluate to:
loc::MemRegionVal(ElementRegion(AnonTypedRegion(char,
SymbolicRegion(SymbolRegionRValue(p))), 0))
More information about the cfe-dev
mailing list