baloghadamsoftware marked an inline comment as done. baloghadamsoftware added inline comments.
================ Comment at: clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:256 + SVal SubVal = State->getSVal(UO->getSubExpr(), C.getLocationContext()); + SVal Result = State->getSVal(UO, C.getLocationContext()); + ---------------- This is the problematic point which is not working. I left the comments intentionally in the code. The problem is that in `postStmt` we are //after// the operation. Thus the value of the operand (`SubExpr`) is not `i` anymore, but the //former value// of `i` (a pointer to a symbolic region initially). Instead, the result is `i` in case of prefix operators, but also the former value in case of postfix operators. This is correct, of course, because here, after the call the value of `i` was changed, thus it is not equal to the parameter. However, we need the region of `i` here and/or the new value bound to it (e.g. the pointer to an element region which is usually the result of a `++` or `--` on a pointer to a symbolic region). How to reach that? Of course, in `preStmt` the operand is `i` as it should be. The same is true for binary operators `+=` and `-=`. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D82185/new/ https://reviews.llvm.org/D82185 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
