[cfe-dev] PreStmtPurgeDeadSymbols and LazyCompoundVal bindings
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Tue Jul 12 18:07:02 PDT 2016
Hmm! I didn't quite understand what's going on in your case (perhaps
some minimal code samples with state dumps could help), but in general i
think i understand your point:
* If the origin region of a lazy compound value has symbolic base, then
its base symbol must be kept alive for as long as the lazy compound
value is present in the state *
I think that the following test (in the sense of
test/Analysis/symbol-reaper.c) would expose the problem:
struct S2 *conjure_S2();
struct S2 global_S2;
void test_lcv_base_symbol_lifetime() {
struct S2 *Sp = conjure_S2();
clang_analyzer_warnOnDeadSymbol((int)Sp);
global_S2 = *Sp; // no-warning
}
I agree that this test should pass (and now it fails), and your analysis
of the problem seems correct at a glance :)
In fact, this test doesn't even deal with temporary objects - it's a
plain C test. Additionally, this test in fact tests the similar problem
in Environment, rather than in RegionStore - there's a moment just
before assigning to the global, when the LCV only exists in the
Environment (as value of *Sp), and symbol death is announced at that
particular moment. I think that both Store and Environment suffers from
this problem.
I'd probably also throw in the following requirement:
* if the origin region of a lazy compound value has symbolic offset in
its base region, then the offset symbol should also be kept alive *
Could you confirm that i understand your problem correctly? I'd make a
patch for my understanding anyway, but perhaps there are more things
that i've missed.
More information about the cfe-dev
mailing list