[cfe-dev] How can I get the MemRegion representing an index of an array in Clang Static Analyzer?

Arthur Yoo phjy007 at gmail.com
Thu May 8 06:53:40 PDT 2014 

Hi Jordan,

Actually, I am using the Clang Static Analyzer to do some
platform-dependent detection work by developing a checker. The Static
Analyzer and my checker are running on an X86-64bit/Linux platform. I’ve
set two platform specifications in my checker. So during the evaluation, it
can do some platform-dependent detection work by calculation. As a part of
my design, given a MemRegion, I need to get its ‘Top Region’ and then to
calculate the offset between them. For example:

……

int a = sizeof(long), arr[10][10];

arr[a][3] = 8;

……

For ‘arr[a][3]’, its MemRegion can be represented as
‘&element{element{arr,8 S32b,int [10]},3 S32b,int}’ on an X86-64bit
machine. And its Top Region is ‘&arr’. Now I want to calculate the offset
as if the code was running on an X86-32bit machine. So ‘&arr[a][3]’ should
be ‘&element{element{arr,4 S32b,int [10]},3 S32b,int}’ on that platform,
rather than ‘&element{element{arr,8 S32b,int [10]},3 S32b,int}’. In this
way, I need to know the SVal for ‘variable a’.



Another related problem in my previous mail post (
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-April/036205.html) is for
pointers. For example:

0 /* example 2 */

1 struct st0 {

2     int i;

3 };

4 struct st1 {

5    int i;

6    struct st0 struct0;

7};

8struct st2 {

9    struct st1 *p;

10 };

11 int main() {

12    struct st1 s1;

13    struct st2 s2;

14    s2.p = &s1;

15    s2.p->struct0.i = 3;

16 }

In fact, the ‘s2.p->struct0.i’ in line 15 should be ‘&s1-> struct0.i’. I
want to get the Top Region (&s1) and calculate the offsets between
‘&field_i’ and its Top MemRegion for different platforms. So I tried to use
getSuperRegion() repeatedly to get the Top Region starting from the Button
MemRegion ‘&field_i’. However, there is a pointer reference along this
path. Consequently, if I only use getSuperRegion() all the way, the Top
Region will be MemRegion ‘&s2’. Obviously, it isn’t the right Top Region I
want. And the right Top Region should be ‘&s1’. So during the upward
tracking, if the current MemRegion is a pointer MemRegion, then its pointee
MemRegion (the MemRegion which is referred by the pointer) should be
achieved. Then I tried to get the pointee MemRegion referred by ‘&s2.p’ via
Store (StoreManager.getBinding()). But I got an Undefined SVal. However,
the expected SVal should be a MemRegionVal wrapping MemRegion ‘&s1’. So how
can I get the pointee MemRegion in such situation?

I've been trapped in these problems for weeks. Any help would be greatly
appreciated.

Thanks a lot.


2014-05-08 12:05 GMT+08:00 Jordan Rose <jordan_rose at apple.com>:

> Hi, Arthur. I don't understand what you mean about the MemRegion for 'a'.
> 'a' is an integer variable, and when it's used in line 5 (not 3) you'll
> just get its value back, which will be 2. The expression "arr[a][1]" should
> give you an ElementRegion for "&arr[2][1]", but at that point 'a' isn't
> involved any more. Once a value is loaded from a variable (by an
> LValueToRValue implicit conversion), the variable isn't really interesting
> anymore. What are you actually trying to do?
>
> Jordan
>
> On May 7, 2014, at 5:09 , Arthur Yoo <phjy007 at gmail.com> wrote:
>
> Hi all,
>
> I want to get the MemRegion representing an index of an array in my
> checker. For example:
>
> 1 void func() {
>
> 2     int a, b, arr[10][10];
>
> 3     a = 2;
>
> 4     b = 3;
>
> 3    arr[a][1] = 3;
>
> 4 }
>
>
> In the CheckLocation() method for checking the store operation at line 3 ‘*arr[a][1]
> = 3;*’, I want to get the MemRegion and SVal of variable *a*, which is
> the index of the array. Is there any way to get the corresponding MemRegion
> and SVal of variable *a. *
>
> My previous mail post on a related problem is
> http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-April/036205.html.
> Unfortunately, there was no reply or solution. In fact, this problem has
> trapped me for several weeks. So I really need help.
>
> Any help would be greatly appreciated.
>
> --
> Best regards,
> Arthur Yoo
>  _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
>


-- 
Best regards,
岳佳圆 | Yue Jiayuan | Arthur Yoo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140508/2661214c/attachment.html>

More information about the cfe-dev mailing list