[cfe-dev] Allowing checkers to mark symbols as live
Jordy Rose
jediknil at belkadan.com
Mon Aug 9 13:14:34 PDT 2010
On Mon, 9 Aug 2010 12:56:07 -0700, Ted Kremenek <kremenek at apple.com>
wrote:
> On Aug 9, 2010, at 12:31 PM, Jordy Rose wrote:
>
>> 1. Look up the strlen of some string.
>> 2. Conjure a symbol to represent it if we don't have one.
>> 3. At the end of the statement, symbols are cleaned. Any information
>> about
>> the strlen is now lost.
>
> I don't see how these symbols are getting lost. This is the code from
> SymbolManager::isLive()
>
> if (const SymbolExtent *extent = dyn_cast<SymbolExtent>(sym)) {
> const MemRegion *Base = extent->getRegion()->getBaseRegion();
> if (const VarRegion *VR = dyn_cast<VarRegion>(Base))
> return isLive(VR);
> if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(Base))
> return isLive(SR->getSymbol());
> return false;
> }
>
> As long as the SymbolicRegion 'SR' is live, the symbol representing the
> extent should be live. In your example, 'x' binds to a SymbolicRegion.
> Since 'x' is live, so is that binding, and thus so is the symbol
> representing the extent. If this not working?
No, it's just that the extent usually isn't the string length. For this
definition the strlen and extent are clearly different.
char x[5] = "abc"
In addition, information about string lengths is easily invalidated (hence
the motivation for ProcessRegionChange), while extents stay constant for
the entire life of the region. So SymbolExtent would have to be modified to
be suitable for this.
More information about the cfe-dev
mailing list