[cfe-dev] CFGElement changes and initializers addition (with patch)
Zhongxing Xu
xuzhongxing at gmail.com
Sun Aug 29 00:09:43 PDT 2010
On Sat, Aug 28, 2010 at 8:43 AM, Ted Kremenek <kremenek at apple.com> wrote:
> On Aug 25, 2010, at 6:42 PM, Zhongxing Xu wrote:
>
>>>> The sequence that the engine sees the VarDecl first or the initializer
>>>> first makes no difference for C. But it makes difference for C++.
>>>>
>>>> When evaluating the CXXConstructExpr, GRExprEngine delegates to
>>>> AggExprVisitor, which needs a Dest pointer to the object it will
>>>> construct into. If the engine sees the CXXConstructExpr first, it has
>>>> to create a temporary object to construct in, then lazy-copy it into
>>>> the variable being declared. If the engine can see the VarDecl first,
>>>> it can pass the VarRegion of it to the AggExprVisitor.
>>>
>>> I think I see what you mean. If we make CXXConstructExpr a block-level expression, it will be seen before the DeclStmt that declares the variable. Is this what you mean?
>>
>> Yes.
>
> Here's one possibility. It's a half-baked idea.
>
> Consider the following:
>
> $ cat t.cpp
> class A {
> public:
> A(int x);
> ~A();
> };
>
> void test(unsigned i) {
> A a(3);
> }
>
> $ clang -fsyntax-only -Xclang -ast-dump t.cpp
> ...
> <SNIP>
> ...
> void test(unsigned int i) (CompoundStmt 0x101840d38 <t.cpp:7:23, line:9:1>
> (DeclStmt 0x101840d18 <line:8:3, col:6>
> 0x101840af0 "A a =
> (CXXConstructExpr 0x101840cd8 <col:5> 'class A''void (void)')"))
>
> Here we have a DeclStmt that has as the initializer a CXXConstructExpr. In this particular case, instead of making the CXXConstructExpr a CFGElement, we can just treat it as a subexpression and just evaluate the DeclStmt and CXXConstructExpr as one unit. More specifically, instead of simulating the "call" to the constructor at happening at the CXXConstructExpr (which isn't a CFGElement), just base the CallEnter and CallReturn program points around the DeclStmt. When we process the DeclStmt in GRExprEngine, we just recognize this particular case and treat it differently. This allows us to get the VarRegion first before evaluating the constructor logic.
This is basically what happens when constructor definition is
available and -analyzer-inline-call is enabled. For now we don't have
to do anything special for CallEnter and CallReturn for this case.
>
> On the CFG side, when building the CFG, we just don't make CXXConstructExprs that appear as the initializer to a DeclStmt into CFGElements.
More information about the cfe-dev
mailing list