[cfe-dev] checkBind: distinguish between MemRegionVal/ElementRegion
Aitor San Juan
aitor.sj at opendeusto.es
Wed May 7 05:00:31 PDT 2014
Hello,
After a bit of research, I've concluded the following:
Bearing in mind this signature:
void checkBind(SVal VLoc, SVal Val, const Stmt *S, CheckerContext &C) const;
To solve questions #1 and #2 in my previous message as:
Optional<Loc> L = VLoc.getAs<Loc>();
if (L) {
// VLoc is of type Loc
if (Optional<loc::MemRegionVal> MR = L->getAs<loc::MemRegionVal>()) {
// VLoc isa MemRegionVal
const MemRegion *R = MR->getRegion()->StripCasts();
// Are we dealing with an ElementRegion?
if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
// VLoc is an ElementRegion
} else {
// VLoc is NOT an ElementRegion
}
} else {
// VLoc is NOT a MemRegionVal
}
I'm a bit confused about SVals and SymbolRefs. I've read this thread (
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2012-December/026641.html) which
is quite clarifying. I wonder what the difference is between the following
3 statements:
SymbolRef sym = L->getAsLocSymbol();
SymbolRef sym = VLoc.getAsLocSymbol();
SymbolRef sym = VLoc.getAsSymbol();
My goal is to be able to detect something like the following. For that, I'd
like the checker to store (as the checker's ProgramState info) a variable
name (symbol?). In the example below, when statement #1 is processed, the
checker should store "p" as a means of tracking "p" for future references.
Thus, the checker would be able to signal a warning when statement #2 is
processed:
1) p = "/tmp/file"; // p is declared as char *p;
2) *(p+3) = 'S'; // I'm aware this is undefined behavior
How can I get the symbolic value of variable "p"? I think the best is as a
SymbolRef (because depending on variables scope, I might come across with
another "p", but I'm unsure)
Any hint or suggestion would be highly appreciated.
Many thanks.
2014-05-05 11:09 GMT+02:00 Aitor San Juan <aitor.sj at opendeusto.es>:
> Hello,
>
> In a checker, I want to distinguish between these kinds of statements:
>
> 1) p = "/tmp/file"; // p is declared as char *p;
> 2) *(p+3) = 'S'; // I'm aware this is undefined behavior
>
> If I'm not wrong, I've decided that the best place to be aware of that is
> in a check::Bind event:
>
> void checkBind(SVal Loc, SVal Val, const Stmt *S, CheckerContext &C) const;
>
> In the first case above, the location Loc is a MemRegionVal, and in the
> 2nd, it is an ElementRegion.
>
> 1) To test if Loc is a MemRegionVal I use the following, but there's
> something wrong I can't figure out (it doesn't compile), and I'm stuck (as
> far as I know, MemRegionVal is a subclass of SVal):
>
> if (clang::isa<loc::MemRegionVal>(Loc)) ...
>
> 2) ElementRegion doesn't belong to the SVal class hierarchy. How can I
> know if Loc is an ElementRegin?
>
> Thanks a lot.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140507/f87d07cc/attachment.html>
More information about the cfe-dev
mailing list