Iterator as SVal

Hello,

I created a simple checker that tries to check whether an iterator is possibly used outside of its valid range (it equals to end()). However, it does not work, of course, since it turned out that iterators are not symbolic but value objects. I read this information in the archive of this list. There I read two suggestions: either to implement tracking of value objects in the Clang infrastructure (very much effort needed) or to do some hacking.

However, I am curious why iterators are handled as value objects unlike other complex types. Is there a specific reason for that? Is it not possible to change this behavior? Would it break something in Clang? Where are iterators recognized and distinguished from other C++ complex types? In Clang or LLVM? What types are considered as iterators: only std:: iterators, types having suffix “iterator” in their names or types having the usual member types (the types defined in std::iterator_traits)?

Regards,

Ádám

Anna Zaks started work on something similar several years ago. The basic approach was to create a callback which gets triggered on object copy(copy or move constructor). The idea is that we start tracking an iterator when it gets returned by begin() and monitor each time a copy is created. I’ve attached a very old patch of Anna’s that modifies the core and the beginnings of a new checker that she started working on, if you are interested in pursuing this.

One thing to note is that we’re not entirely sure whether this is right approach — it was just an initial exploration.

Devin

iterators_infrastructure.diff (9.6 KB)

IteratorsChecker.cpp (4.04 KB)