[cfe-dev] Get assumed value of function call in CSA
Gábor Horváth via cfe-dev
cfe-dev at lists.llvm.org
Wed Jan 22 08:32:35 PST 2020
Hi!
Adding Artem as he already did some heroic work hunting down liveness bugs.
On Wed, Jan 22, 2020 at 6:38 AM Balázs Kéri via cfe-dev <
cfe-dev at lists.llvm.org> wrote:
> void test() {
> int ret = (function() != 0);
> if (ret == 0) { }
> }
>
There are actually two possible scenarios that can happen for a code like
that.
1. We conjure a symbol for function, and build a symbolic expression from
the initialization expression and bind this symbolic expression to ret. In
this case the symbol returned by the function is still in use, it will not
be garbage collected.
2. We conjure a symbol for the function but for some reason we cannot build
a symbolic expression from the initialization expression (either something
is not representable using the current implementation, or we explicitly
chose not to represent the expression due to solver limitations or
performance tradeoffs). In this case we will conjure a new symbol for ret
and since we never ever mention the symbol returned by the function
anywhere it can be garbage collected.
While this behavior might be annoying, given the current limitations of the
constraint solver, you might not be able to leverage the information even
if the symbol wasn't garbage collected in the first place. But in case you
want to experiment a bit, you can always subscribe to checkLiveSymbols
callback and keep the symbols alive artificially to see if you can get
something useful out of them. For the cases where you can we might want to
change the behavior.
Cheers,
Gabor
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200122/9556b69d/attachment.html>
More information about the cfe-dev
mailing list