Type conversion problem in Clang Static Analyzer

Hello everyone,

Recently I am using the Clang Static Analyzer in my research work, and basically writing my own checker. However I come across a problem on the type conversion.

I wanted to convert SVal type to SymbolRef type or SymExpr type in some callback function, and I tried several methods, like:

const SymExpr* symexpr = Sval.getAsSymExpr()

const SymbolRef symbolref = Sval.getAsSymbol()

const SymExpr* symexpr2 = Sval.getAsSymbolicExpression()

const SymbolRef symbolref2 = Sval.getAsLocSymbol()

but none of them worked, and all I got was a NULL pointer.

Do I made any mistake when using them? or should these functions be used under some special situation? Actually the value of SVal can be dumped to print, but I just can not make these conversions.

Need your help and looking forward for your reply, thank you!

Kind regards
Pengfei

Hello,

There are, roughly speaking, three kinds of SVal's:
- "concrete" values, such as "32-bit 1" or the whole structure of known values, such as "{1, 2}",
- "symbols" (with which the analyzer denotes values it cannot instantly reason about for future reference - they are stored inside nonloc::SymbolVal-class SVal's),
- "regions" (segments of memory - they are usually stored inside loc::MemRegionVal).

There are also special values, like "Unknown" or "Undefined". You can see the doxygen for the SVal class for more info on its sub-classes.

The getAsSymbol() methods are for obtaining symbols whenever the value actually is a symbol or something closely related to it (eg. SymbolicRegion is a region pointed to by a pointer-type symbol, so it works for those as well).

These methods return nullptr if there's no symbol inside the value. So you can think of it as some kind of advanced dynamic_cast - it returns a symbol if there's a symbol, and NULL if there's no symbol to return.

What you need to do next depends on why did you want specifically a symbol, rather than a generic SVal.