[cfe-dev] Iterator Checkers: Understanding Bindings
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Thu May 12 08:35:22 PDT 2016
> If I understand it correctly, we need to implement a new function in
> RegionStoreManager that retrieves the raw binding for an SVal.
> This function must also be declared in StoreManager class as a pure
> virtual function. This function must be able to retrieve default bindings
> as well. Should it try to retrieve a direct binding first? And how to
call
> that function? getRawBinding()? Or maybe getBindingForOpaqVal()?
Hmm. As long as the contents of the structure remain unchanged,
LazyCompoundVal retains its original region (it is simply copied around
as an value). Have a look at this quick debug.ExprInspection -based test:
struct S {
int z;
};
S conjure_S();
void test_6() {
S s1 = conjure_S();
S s2 = s1;
// lazily frozen compound value of temporary object constructed at
statement 'conjure_S()'
clang_analyzer_explain(s2);
s2.z = 3;
// lazily frozen compound value of local variable 's2'
clang_analyzer_explain(s2);
}
Maybe it'd be a good idea to try to identify iterators by that region.
You'd probably need to able to evalCall() their methods (and probably a
few other functions) in order to avoid corrupting their contents through
invalidation. On methods like operator++, which are bound to invalidate
contents, you can still transfer your id to the new region.
More information about the cfe-dev
mailing list