[cfe-dev] [Analyzer - iterBindings] Why ‘RegionStoreManager::iterBindings()’ doesn't consider the 'offset' when iterate 'RegionBindings'?

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Sun Sep 10 13:13:49 PDT 2017 

No specific reason, just nobody needed it yet - this API is only used in 
a couple of places as far as i remember, so feel free to add the offset.

I'm not sure your approach is perfect though, because it might miss 
constraints on symbols that aren't explicitly present in the Store. For 
example, if you have a global array S of chars, and your analysis 
started with a branch "if (S[10] == '\0') { ... }", then you'd have the 
null character at offset 10, but no specific store binding would be 
present for it, because value of S[10] is still the default value that 
has been there since the beginning of the analysis, i.e. SymbolRegionValue.

Additionally you might need to see if the string has any unknown 
characters before your null character; if they are, your strcat() may be 
inaccurate because nulls may appear earlier; and in order to check that, 
you'd have to get values of all characters through direct getSVal() 
lookup anyway.

On 9/8/17 10:22 AM, Wong Henry via cfe-dev wrote:
> Hi all,
> When I implement a checker that handle "strcat()", I need to 
> iterate all the bindings to get the offset for null character. However 
> "iterBindings()" doesn't consider the region's offset.
>
> I don't know if this can be called a question, but I just want to know 
> why "BindingsHandler::HandleBinding" only takes region as a argument 
> and ignores the region's offset, is there no such demand, or is there 
> any other reason?
>
> -----------------------------------------------------------
>   void iterBindings(Store store, BindingsHandler& f) override {
>     RegionBindingsRef B = getRegionBindings(store);
>     for (RegionBindingsRef::iterator I = B.begin(), E = B.end(); I != 
> E; ++I) {
>       const ClusterBindings &Cluster = I.getData();
>       for (ClusterBindings::iterator CI = Cluster.begin(), CE = 
> Cluster.end();
>            CI != CE; ++CI) {
>         const BindingKey &K = CI.getKey();
>         if (!K.isDirect())
>           continue;
>         if (const SubRegion *R = dyn_cast<SubRegion>(K.getRegion())) {
>           // FIXME: Possibly incorporate the offset?
>           if (!f.HandleBinding(*this, store, R, CI.getData()))
>             return;
>         }
>       }
>     }
>   }
> -----------------------------------------------------------
>
> Thanks,
> Henry Wong
> Qihoo 360 CodeSafe Team
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list