[cfe-dev] Static Analyzer: pointer alias assignment

Anna Zaks ganna at apple.com
Tue Jul 23 10:11:21 PDT 2013


On Jul 23, 2013, at 9:21 AM, Gábor Kozár <kozargabor at gmail.com> wrote:

> During the analysis of a test code, the following two bindings happen (checkBind), with their respective source lines:
> 
> (Bind: location <= value)
> 
> Bind: &fp <= &SymRegion{conj_$4{struct Foo *}}
> Code: Foo* fp = getFooPtr();
> 
> Bind: &ap <= &SymRegion{conj_$4{struct Foo *}}
> Code: Foo* ap = fp;
> 
> In the second line, I need to detect that 'ap' is in fact the alias of 'fp'. Unfortunately, I cannot seem to find any way to get Clang SA to tell me that "&SymRegion{conj_$4{struct Foo *}}" is stored in "fp", which seems weird, because the source code is very clear.

As you observe the two binds you see that the same value is stored in both.

The analyzer does not perform alias analyzes as in it does not build sets of aliases. As it models the execution in presence of aliases, we did not find a need for the alias sets. Can you give a bit more background on why you need this info? Maybe your goal can be achieved differently?

> 
> Some of the information I extracted, but is not really useful to me:
>  - original SVal: &SymRegion{conj_$4{struct Foo *}}
>  - getAsRegion(): SymRegion{conj_$4{struct Foo *}}
>  - state->getSVal(): &SymRegion{reg_$6<element{SymRegion{conj_$4{struct Foo *}},0 S32b,struct Foo *}>} -- in fact, I have no idea what this is
>  - getAsSymbol(): conj_$4{struct Foo *}
> 
> As a workaround, I can keep track of this information myself, but there must be a built-in way to do this.
> Any help would be appreciated. Many thanks!
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130723/ba0068b1/attachment.html>


More information about the cfe-dev mailing list