[cfe-dev] Static Analyzer: pointer alias assignment

[Gábor Kozár]

During the analysis of a test code, the following two bindings happen
(checkBind), with their respective source lines:

(Bind: location <= value)

Bind: &fp <= &SymRegion{conj_$4{struct Foo *}}
Code: Foo* fp = getFooPtr();

Bind: &ap <= &SymRegion{conj_$4{struct Foo *}}
Code: Foo* ap = fp;

In the second line, I need to detect that 'ap' is in fact the alias of
'fp'. Unfortunately, I cannot seem to find any way to get Clang SA to tell
me that "&SymRegion{conj_$4{struct Foo *}}" is stored in "fp", which seems
weird, because the source code is very clear.

Some of the information I extracted, but is not really useful to me:
 - original SVal: &SymRegion{conj_$4{struct Foo *}}
 - getAsRegion(): SymRegion{conj_$4{struct Foo *}}
 - state->getSVal(): &SymRegion{reg_$6<element{SymRegion{conj_$4{struct Foo
*}},0 S32b,struct Foo *}>} -- in fact, I have no idea what this is
 - getAsSymbol(): conj_$4{struct Foo *}

As a workaround, I can keep track of this information myself, but there
must be a built-in way to do this.
Any help would be appreciated. Many thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130723/8834ddbd/attachment.html>