[PATCH] D50509: [analyzer][UninitializedObjectChecker] Refactoring p6.: Move dereferencing to a function

Artem Dergachev via Phabricator via cfe-commits Fri, 17 Aug 2018 13:32:20 -0700

NoQ added inline comments.


================
Comment at: 
lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp:223
+  // int*).
+  while (auto Tmp = V.getAs<loc::MemRegionVal>()) {
+    // We can't reason about symbolic regions, assume its initialized.
----------------
Szelethus wrote:
> NoQ wrote:
> > Hmm, i still have concerns about things like `int *x = (int *)&x;`. Why not 
> > just check the type to terminate the loop? Type hierarchy is guaranteed to 
> > be finite.
> There actually is a testcase for that -- it would create a 
> nonloc::LocAsInteger, not a loc::MemRegionVal.
> 
> I'll add a TODO to revisit this loop condition (again :) ).
Ok, let's try with one more asterisk:
```
    1 void test() {
    2   int **x = (int **)&x;
    3   int *y = *x;
    4   int z = *y;
    5 }
```

Here's what i get in the Store:
```
(x,0,direct) : &element{x,0 S64b,int *}
(y,0,direct) : &element{x,0 S64b,int *}
(z,0,direct) : &element{x,0 S64b,int *}
```


https://reviews.llvm.org/D50509



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D50509: [analyzer][UninitializedObjectChecker] Refactoring p6.: Move dereferencing to a function

Reply via email to