[cfe-dev] [Static Analyzer] temp_object chaos?
Gábor Kozár
kozargabor at gmail.com
Wed Sep 11 14:03:53 PDT 2013
I'm analyzing the following source line:
auto it = v.begin(); // v is an std::vector<int>
As far as I'm able to reconstruct what happens using the checker
callbacks, it goes somehow like this:
- checkPostCall on v.begin(): the call has been interpreted, the
result is a lazyCompoundVal with a temp_object within it
- checkPostStmt on v.begin(): ProgramState::getSVal() yields the same
result as above (the same lazyCompoundVal with the same temp_object
within it)
- bind: some lazyCompoundVal with a temp_object within it to loc '&it'
-- but this lazyCompoundVal and temp_object are different than above!!!
- checkPostStmt on v.begin() again: ProgramState::getSVal() yields
&it, getting the SVal inside the region gives a lazyCompoundVal with
'it' in it
My problem is that I'm unable to implement a checker that would need to
track iterator values, as temp_objects just seem to pop and disappear
without leaving a trace and without having any followable connection
between them.
Is this working as intended, and if so, how should I approach this? I
recall there being an open project for better modelling of C++
temporary objects, is that whose effect I'm seeing here?
Thanks!
--
Gábor Kozár -- ShdNx
kozargabor at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130911/cfd17df6/attachment.html>
More information about the cfe-dev
mailing list