//===----------------------------------------------------------------------===//
// Random notes for the static analysis module.
//===----------------------------------------------------------------------===//

Currently the analyzer with basic store will report false alarm for such code:

p[0] = "/bin/sh";
p[1] = NULL;

execv(p[0], argv);

This is because BasicStore "collapses" all elements of an array into their base
region. BasicStore should return UnknownVal() when getLValueElement. But that
way will break current test in null-deref-ps.c.

//===----------------------------------------------------------------------===//

Investigate what classes of exprs are passed silently in GRExprEngine::Visit().

One is PredefinedExpr.

//===----------------------------------------------------------------------===//

Remove PersistentSValPairs and PersistentSVals?

//===----------------------------------------------------------------------===//

If the pointer is symbolic, we should expand it to a full region with symbolic
values. This can eliminate the following false warning.

struct file {
  int lineno;
};

struct file *fileinfo;

void f10() {
  int i;
  int *p = 0;
  
  if (fileinfo->lineno)
    p = &i;
  
  if (fileinfo->lineno)
    *p = 3; // false warning
}

Now we return a symbolic region for fileinfo->lineno in RegionStore. Loading
from it returns an UnknownVal. Therefore the path condition is not recorded.

Where should we call this ExpandSymbolicPointer method? Perhaps in
GRExprEngine::VisitMemberExpr().

Problem: The base expr of MemberExpr can be in various form. How do we get the 
pointer varregion(or other kind of region) to be changed?