[cfe-dev] [analyzer] Evaluating a call to operator bool()
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Fri Jan 10 22:41:34 PST 2020
Operator bool() is never invoked in your code. The body of the operator
is analyzed separately, outside of any known context (call site). For
that reason you get a "symbolic region" for it, which is a notation for
the memory region around a pointer that isn't known to point into any
specific memory location on the current execution path (in this case,
it's the pointer 'this' during the unknown invocation of operator
bool()). A symbolic region is always an alias for a particular
"concrete" region, it's simply not known *which* one; it may or may not
be the struct you've constructed in your other function.
Studying the static analyzer by printing values to standard output may
get very confusing because the analyzer doesn't explore the program in
any particular linear order. Analysis is much better represented as a
graph which can be easily dumped
(https://www.youtube.com/watch?v=g0Mqx1niUi0). If you want to debug your
checker this way, you should implement the "printState()" method in the
checker, so that to see the extra information from it in the graph.
On 1/11/20 9:05 AM, philip.chimento at gmail.com wrote:
> On Wed, Jan 1, 2020 at 11:57 AM Artem Dergachev <noqnoqneo at gmail.com
> <mailto:noqnoqneo at gmail.com>> wrote:
>
> On 12/30/19 7:55 PM, philip.chimento at gmail.com
> <mailto:philip.chimento at gmail.com> wrote:
> > However, the returned region seems to be different in the
> constructor
> > and in the get() method. For example I'm testing my code with a
> > "struct MyStruct : std::unique_ptr<char>" and I'll get debug output
> > such as:
> >
> > constructor: Storing 0 (Loc) into map with key
> > SymRegion{conj_$5{struct MyStruct *, LC1, S3038538, #1}}
> > get(): Retrieving key SymRegion{reg_$0<const struct MyStruct *
> > this>}: not present
> That sounds strange because i think i fixed most of these problems
> (https://www.youtube.com/watch?v=4n3l-ZcDJNY). Can you post the
> specific
> code you're trying to analyze? Is your Clang fresh enough?
>
>
> I'm using 9.0.0, would this be something that I need to build the
> master branch for?
>
> The test code I'm trying to analyze is this:
>
> struct Context;
> char* StringFunc(Context* cx);
>
> struct MyStruct : public std::unique_ptr<char> {
> MyStruct(char* p) : MyStruct::unique_ptr(p) {}
> operator bool() const { return !!get(); }
> };
>
> MyStruct OkayBoolConvertibleReturn(Context* cx) {
> char* ptr = StringFunc(cx);
> if (ptr)
> return ptr;
> return nullptr;
> }
>
> Cheers,
> --
> Philip
More information about the cfe-dev
mailing list