[cfe-dev] Odd Clang Static Analyzer Output
Jon Eyolfson
jon at eyolfson.com
Fri Jul 17 14:29:36 PDT 2015
Hi, sorry if this question is answered somewhere else, but I couldn't find
anything about it. I've read the checker development manual and looking at
past mailing list emails. My question is about how the analysis framework
determines how a pointer escapes.
I have the following code:
class A {
int y;
public:
void getY(int * i) const {
*i = y;
}
};
Assuming that the analyzer uses getY as the top level function, I have a
bind
to: &SymRegion{reg_$2<i>} (the region, or pointer, represented by i)
from: reg_$1<SymRegion{reg_$0<this>}->y> (the value of y)
Directly after this bind, the analyse says there's a pointer escape
symbol: reg_$1<SymRegion{reg_$0<this>}->y>
This doesn't make sense to me, especially when the value that escapes is of
type int.
The pointer to y didn't escape, the value was merely copied into *i. Am I
missing something obvious? Why does it think the field y escaped?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150717/58ec89be/attachment.html>
More information about the cfe-dev
mailing list