[cfe-dev] Symbolic Extents
Ted Kremenek
kremenek at apple.com
Tue Jun 29 10:23:17 PDT 2010
On Jun 28, 2010, at 11:35 PM, Jordy Rose wrote:
> As for the extent symbols themselves, I'm not quite sure what to do.
> Variable-length arrays aren't symbolic regions, so there's no "parent
> symbol" for a SymbolDerived to attach to, but we do need to bound them
> symbolically. So we'd at least need a new kind of symbol that attached
> itself to regions, rather than other symbols.
The extent of a variable length array is just the value of the size expression when it was declared. e.g.:
int buf[10 * n];
Here the extent is '10 * n' when at the point of the DeclStmt for 'buf'. We already evaluate '10 * n', and should just capture it as part of the region definition for the VLA. This would require creating a specialized VarRegion that had an SVal entry for the extent. SValuator::getExtent() would just need to know for that type of region that it can obtain the extent by querying the region.
More information about the cfe-dev
mailing list