SVal and complex argument expression

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

SVal and complex argument expression

Paul Bert
This post has NOT been accepted by the mailing list yet.

I am new to clang and I try to write a Static Analyser checker  that check if the a struct field is in a valid range. This field can be manipulated by a function. Everything is written in C and the function is defined externally:

typedef int tag_t;

typedef struct record_t {
    tag_t  tag;
extern void tag_update(tag_t *p_tag);

// test
int main(void) {
   recort_t rec = {.tag = 1};
   record_t  *p_tag = &rec.tag;
   record_t *p_tag2;

  return 0;    

I use the checkPostCall to reason on the value of record_t::tag given the semantic of tag_update that is known. I am trying to find a proper key to update the state of the checker and try to use the MemRegion of the argument of tag_update. It always resolve to nullptr. The same thing as a SymbolRef.
1) Does someone know why?
2) What is the proper way to get a unique key to update the state in those various cases?

Thanks for any help!

      checkPostCall(const CallEvent &Call, CheckerContext &C) {
        const Expr *e = Call.getArgExp(0)  
        ProgramStateRef state = C.getState();
        SVal ArgVal = state->getSVal(e, C.getLocationContext());
        SValBuilder &svalBuilder = C.getSValBuilder();
        const MemRegion *R;

        if (!ArgVal.getAs<DefinedOrUnknownSVal>()) {
                OS << "cannot get ArgVal as DefinedOrUnkownSVal\n";

        R = ArgVal.castAs<DefinedOrUnknownSVal>().getAsRegion(); ==> Always null.