NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Core/SVals.cpp:151
+ Optional<QualType> VisitNonLocLazyCompoundVal(nonloc::LazyCompoundVal LCV) {
+ return Visit(LCV.getRegion());
+ }
----------------
vsavchenko wrote:
> NoQ wrote:
> > vsavchenko wrote:
> > > NoQ wrote:
> > > > This is correct except you need to get the value type, not the pointer
> > > > type.
> > > >
> > > > `LazyCompoundVal` is a `prvalue` and its parent region is the location
> > > > in which this `prvalue` resided some time in the past. So the parent
> > > > region is of the right type and it's always typed but you need the
> > > > pointee type.
> > > OK then, can you maybe hint how can I write a test where this is going to
> > > be a pointer type (or maybe then `getType` for regions works incorrectly).
> > Regions have `getLocationType()` (the pointer type) and `getValueType()`
> > (the pointee type). I think you need to call the latter directly in this
> > case, bypassing recursion.
> >
> > In order to obtain a live `LazyCompoundVal` specimen for testing purposes,
> > you need to load an entire compound object (not necessarily represented by
> > a `CompoundVal`) from Region Store.
> >
> > Eg.,
> > ```lang=c
> > struct MyStruct a;
> > // ...
> > struct MyStruct b = a; // Avoid C++ though, constructors are a different
> > beast.
> > ```
> >
> > Or you could construct one directly. But that, of course, wouldn't give you
> > any hints about the appropriate type.
> >
> > > maybe then `getType` for regions works incorrectly
> >
> > Hmm that's actually a good separate question. How do you know if a region
> > represents a prvalue of pointer type or a glvalue of pointee type
> > (including, but not limited to, references)? This can't be figured out
> > without more context just by looking at the `SVal`.
> > In order to obtain a live LazyCompoundVal specimen for testing purposes.
> That's not a problem:
> ```
> TestUnion d = {.c=b};
> ```
> does produce LazyCompundVal and we don't get a pointer, but the value type.
> That's why I was asking how I can construct an example when this current
> implementation fails.
>
> > Hmm that's actually a good separate question. How do you know if a region
> > represents a prvalue of pointer type or a glvalue of pointee type
> > (including, but not limited to, references)? This can't be figured out
> > without more context just by looking at the SVal.
> Value categories are orthogonal to types, so I don't see why we should care
> for those in `getType`. How do you think it should affect this particular
> functionality?
> `TestUnion d = {.c=b};`
```
(lldb) p D.dump()
compoundVal{ lazyCompoundVal{0x1110b3950,temp_object{struct TestStruct, S1276}}}
```
It's an eager compound value that contains a lazy compound value as the
initializer for field `.c`.
You're still testing an eager compound value. You never visit the lazy compound
value recursively.
`MemRegion::getLocationType()` is always a pointer type.
> Value categories are orthogonal to types, so I don't see why we should care
> for those in `getType`. How do you think it should affect this particular
> functionality?
The static analyzer basically models operators `*` and `&` as no-op but from
the perspective of the standard's formalism they jump across objects.
For example, a load from parameter `int *p` would produce a value
`&SymRegion{reg_$0<p>}` that represents both the rvalue of `p` (which has the
type `int *`) and the lvalue of `*p` (which is an entirely different object of
type `int`).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D104550/new/
https://reviews.llvm.org/D104550
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
