================
@@ -3713,52 +3721,41 @@
ExprEngine::notifyCheckersOfPointerEscape(ProgramStateRef State,
}
/// evalBind - Handle the semantics of binding a value to a specific location.
-/// This method is used by evalStore and (soon) VisitDeclStmt, and others.
+/// This method is used by evalStore, VisitDeclStmt, and others.
void ExprEngine::evalBind(ExplodedNodeSet &Dst, const Stmt *StoreE,
- ExplodedNode *Pred, SVal location, SVal Val,
+ ExplodedNode *Pred, SVal Location, SVal Val,
bool AtDeclInit, const ProgramPoint *PP) {
+ // It may be a Loc, UnknownVal or perhaps UndefinedVal.
+ assert(!isa<NonLoc>(Location) && "evalBind location should not be NonLoc!");
+
const LocationContext *LC = Pred->getLocationContext();
- PostStmt PS(StoreE, LC);
+ PostStmt DefaultPP(StoreE, LC);
if (!PP)
- PP = &PS;
+ PP = &DefaultPP;
// Do a previsit of the bind.
ExplodedNodeSet CheckedSet;
- getCheckerManager().runCheckersForBind(CheckedSet, Pred, location, Val,
+ getCheckerManager().runCheckersForBind(CheckedSet, Pred, Location, Val,
StoreE, AtDeclInit, *this, *PP);
- NodeBuilder Bldr(CheckedSet, Dst, *currBldrCtx);
+ for (ExplodedNode *PredI : CheckedSet) {
+ ProgramStateRef State = PredI->getState();
- // If the location is not a 'Loc', it will already be handled by
- // the checkers. There is nothing left to do.
- if (!isa<Loc>(location)) {
- const ProgramPoint L = PostStore(StoreE, LC, /*Loc*/nullptr,
- /*tag*/nullptr);
- ProgramStateRef state = Pred->getState();
- state = processPointerEscapedOnBind(state, location, Val, LC);
- Bldr.generateNode(L, state, Pred);
- return;
- }
-
- for (const auto PredI : CheckedSet) {
- ProgramStateRef state = PredI->getState();
+ State = processPointerEscapedOnBind(State, Location, Val, LC);
- state = processPointerEscapedOnBind(state, location, Val, LC);
-
- // When binding the value, pass on the hint that this is a initialization.
- // For initializations, we do not need to inform clients of region
- // changes.
- state = state->bindLoc(location.castAs<Loc>(), Val, LC,
- /* notifyChanges = */ !AtDeclInit);
+ if (auto AsLoc = Location.getAs<Loc>()) {
+ // When binding the value, pass on the hint that this is a
+ // initialization. For initializations, we do not need to inform clients
+ // of region changes.
+ State = State->bindLoc(*AsLoc, Val, LC, /*notifyChanges=*/!AtDeclInit);
+ }
const MemRegion *LocReg = nullptr;
- if (std::optional<loc::MemRegionVal> LocRegVal =
- location.getAs<loc::MemRegionVal>()) {
+ if (auto LocRegVal = Location.getAs<loc::MemRegionVal>())
----------------
NagyDonat wrote:
> we shouldn't have two versions of `LocAsInteger`.
I guess you mean either "we shouldn't have two versions of `ConcreteInt`
(`loc::` and `nonloc::`)" or "we shouldn't differentiate `loc::MemRegionVal`
and `nonloc::LocAsInteger`".
I agree with this, although I don't have a concrete opinion for "what should
the `SVal` hierarchy look like" yet.
My general feeling is that in an ideal world a pure `SVal` would represent a
symbolic _value_ without type information (like `loc` vs `nonloc` distinctions
or the bit width and signedness of a number), while typed values would be
represented by `{SVal, QualType}` pairs. In the current system `SVal` "falls to
the ground between two chairs": it contains some type information (which
complicates things and introduces unwanted distinctions), but doesn't have
_full accurate_ type information so we cannot fully rely on it.
Instead of embedding type info into the `SVal` I think we should gradually
transition towards a model where the `SVal` represents an untyped
("mathematical") value (e.g. `(int)0`, `(char)0` and a nullpointer are all
identical) and the type information comes from the AST node that
produces/accesses the symbolic value. (Or it is specified by a checker when it
"summarizes" things happening inside a library functions that are not spelled
out in the AST.)
I don't know how feasible is this and I don't have any concrete plans yet, but
I'll perhaps think about this in the future.
https://github.com/llvm/llvm-project/pull/196313
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
