[Gsoc 22] Draft Proposal, Review needed

phyBrackets · April 17, 2022, 7:00am

This is one interesting ambiguous example, try to look at their store ,
Here is first e.g.

void clang_analyzer_eval(bool);

struct AA
{int x{};
int  y{};
int   z{};
};

 void foo(AA obj){
const auto& [a,b,c] = obj;
 int arr[3] = {a,b,c};
//const auto& [p,q,r] = arr;
clang_analyzer_eval(a==obj.x);
 }

The store for binding arr to a,b,c , look like this

"program_state": {
  "store": { "pointer": "0xed96d70", "items": [
    { "cluster": "NonParamVarRegion{D871}", "pointer": "0xed96510", "items": [
      { "kind": "Direct", "offset": 0, "value": "&obj" }
    ]},
    { "cluster": "arr", "pointer": "0xed96c60", "items": [
      { "kind": "Direct", "offset": 0, "value": "Unknown" },
      { "kind": "Direct", "offset": 32, "value": "Unknown" },
      { "kind": "Direct", "offset": 64, "value": "Unknown" }
    ]},
    { "cluster": "NonParamVarRegion{D1119}", "pointer": "0xed9b968", "items": [
      { "kind": "Direct", "offset": 0, "value": "&arr" }
    ]}
  ]},
  "environment": { "pointer": "0xed8cb80", "items": [
    { "lctx_id": 1, "location_context": "#0 Call", "calling": "foo", "location": null, "items": [
      { "stmt_id": 1193, "pretty": "arr", "value": "&arr" },
      { "stmt_id": 1288, "pretty": "clang_analyzer_eval", "value": "&code{clang_analyzer_eval}" },
      { "stmt_id": 1297, "pretty": "clang_analyzer_eval", "value": "&code{clang_analyzer_eval}" }
    ]}
  ]},

Again it seems like when it try to calculate the value through the offset , the memory not able to bind perfectly, atleast with a conjured value . why this was ambiguous ? this was an example of initializing the array with initializer list . But what happens when we assign each symbolic name one by one by specifying the each location of array that needs to bind with that symbolic name ?
Here is the code snippet

struct AA
{int x{};
int y{};
int  z{};
}; 


 void foo(AA obj){
const auto& [a,b,c] = obj;
 char ap[3];
 ap[0]  =a;
 ap[1] = b;
 ap[2] = c;
clang_analyzer_eval(a==obj.x);
 }

okay so for this , the store looks very fine and binds each value very well to particular conjured value

"program_state": {
  "store": { "pointer": "0xdc17f70", "items": [
    { "cluster": "NonParamVarRegion{D871}", "pointer": "0xdc12540", "items": [
      { "kind": "Direct", "offset": 0, "value": "&obj" }
    ]},
    { "cluster": "ap", "pointer": "0xdc12978", "items": [
      { "kind": "Direct", "offset": 0, "value": "conj_$0{char, LC1, S1062, #1}" },
      { "kind": "Direct", "offset": 8, "value": "conj_$1{char, LC1, S1091, #1}" },
      { "kind": "Direct", "offset": 16, "value": "conj_$2{char, LC1, S1120, #1}" }
    ]}
  ]},
  "environment": { "pointer": "0xdc08bb0", "items": [
    { "lctx_id": 1, "location_context": "#0 Call", "calling": "foo", "location": null, "items": [
      { "stmt_id": 1109, "pretty": "ap[2]", "value": "&Element{ap,2 S64b,char}" },
      { "stmt_id": 1123, "pretty": "ap[2] = c", "value": "&Element{ap,2 S64b,char}" },
      { "stmt_id": 1160, "pretty": "clang_analyzer_eval", "value": "&code{clang_analyzer_eval}" },
      { "stmt_id": 1169, "pretty": "clang_analyzer_eval", "value": "&code{clang_analyzer_eval}" }
    ]}
  ]}

This is kinda surprising for me , that what actually happens here? One thing I noticed here as well, look at their offset values in the first example we have 0 then 32 and then 62 and in the second example we have 0 then 8 then 16 , well I’m not surprised if this too happens because of the size of the offset that accessible to the memory.
There are still lot of ambiguous examples that we should pay attention, that will surely help us in the future prospects while testing the BindingDecl Model on different snippets . Or If I’ll able to find any other reason of this ambigiouty , I’ll post it here or If someone knows any specific reason about these ambigiouty,I would love to know and work on that.

NoQ · April 18, 2022, 6:18am

I’ll get to this thread in a moment, just wanted to say that because the deadline approaches at April 19, 18:00 UTC, please make sure you submit your latest/best proposal PDF to the GSoC website before the deadline. There’s definitely a lot more to discuss there, so please don’t wait for our full approval of everything, submit the proposal in any case.

phyBrackets · April 18, 2022, 10:00am

I’d been looking into the memory model more deeply for the BindingDecl, I think the SVal should be KnownVal or defined or Undefined , if there would be the case of UnknownVal there is a bug out there. If the SVal is DefinedVal then we have two cases either it belongs to Loc or NonLoc . As far as I execute some test examples and looked at their store and values , it seems like they more fits into the NonLoc . It might be possible that I missed some cases where it also belongs to Loc.

steakhal · April 19, 2022, 7:50am

I haven’t read the discussion of the last few days, I just want to clarify some things.
Generally, we don’t bind unknown to a location AFAIK. But we don’t model floating-point numbers at all, thus we still represent them as unknown - making this an exception. This artifact/weird behavior that confused you has nothing to do with structured bindings AFAICT.

Topic		Replies	Views
[GSoC 2022] Draf proposal Static Analyzer	8	485	April 18, 2022
Implement support for C++17 structured bindings in the Clang Static Analyzer GSoC clang	35	2838	May 31, 2022
GSOC Static Analyzer Proposal Clang Frontend	19	71	April 15, 2013
Getting DecompositionDecl from BindingDecl Clang Frontend	13	100	April 3, 2018
[analyzer][GSoC] Implementing a dataflow framework for the Clang Static Analyzer Static Analyzer	4	129	March 14, 2019

[Gsoc 22] Draft Proposal, Review needed

Related Topics