[cfe-dev] [analyzer] Modeling a function with an out parameter pointer in check::PostCall

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Sun Jun 14 02:05:22 PDT 2020 

 > Is this possible to achieve with ProgramState::BindExpr or 
ProgramState::bindLoc

Yes, ProgramState::bindLoc does literally what you want. Take the 
parameter region and bind the true value into that. Also if it's really 
a bool you can ProgramState::assume it to be true (but you can't do 
anything more specific that way).

 > How do I get the SVal for the memory pointed to by 
CallEvent::getArgSVal(0)?

ProgramState::getSVal (the overload that accepts the location/region).

 > I thought of "synthesizing" a UnaryOperator expression using UO_Deref 
on CallEvent::getArgExpr(0) and passing that to ProgramState::BindExpr

Apart from "don't do this", another thing you should know about C/C++ is 
that operator * (aka UO_Deref) does not dereference a pointer! - it 
simply converts the rvalue of the pointer into an lvalue it points to. 
 From the perspective of the actual behavior of the program (or, for 
that matter, the static analyzer) operator * is a no-op as both values 
are simply "the address of the object". In order to actually perform a 
dereference you have to perform an implicit lvalue-to-rvalue conversion 
on that lvalue. The same applies to operator & that is the opposite of 
operator *.

In any case, even if you could synthesize ASTs, i wouldn't recommend 
that unless you've already been developing Sema for many years.

Also BindExpr does nothing unless it's the expression that you're 
currently evaluating.

Generally i recommend checking out a few links at the bottom of 
http://clang-analyzer.llvm.org/checker_dev_manual.html

14.06.2020 12:05 AM, via cfe-dev wrote:
> Hi list,
>
> I am writing a static analyzer checker and trying to model a function 
> of the following type in check::PostCall:
>
> void func(bool* outParam) {
>     assert(outParam);
>     *outParam = true;
> }
>
> (in real life there are some other inputs that determine the value 
> stored in the out parameter, and a return value indicating whether 
> there was an error, but let's use this for the sake of a simple example)
>
> Suppose I want my PostCall callback to store "true" in *outParam. Is 
> this possible to achieve with ProgramState::BindExpr or 
> ProgramState::bindLoc? How do I get the SVal for the memory pointed to 
> by CallEvent::getArgSVal(0)?
>
> I thought of "synthesizing" a UnaryOperator expression using UO_Deref 
> on CallEvent::getArgExpr(0) and passing that to 
> ProgramState::BindExpr, but it seems that getArgExpr returns a const 
> Expr* and a non-const one is required to construct a UnaryOperator 
> expression.
>
> Best regards,
> -- 
> Philip
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200614/14f180e3/attachment.html>

More information about the cfe-dev mailing list