@@ -48,17 +48,26 @@ class ConstructionContextItem {
LLVM_DUMP_METHOD static StringRef getKindAsString(ItemKind K) {
switch (K) {
- case VariableKind:return "construct into local variable";
- case NewAllocatorKind:return "construct into
@@ -145,7 +146,8 @@ class CallDescription {
return CD1.matchesAsWritten(CE);
}
- /// \copydoc clang::ento::CallDescription::matchesAnyAsWritten(const
CallExpr &, const CallDescription &)
+ /// \copydoc clang::ento::CallDescription::matchesAnyAsWritten(const CallExpr
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/82599
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -898,18 +867,18 @@ class CFGBlock {
size_t getIndexInCFG() const;
- CFGElement front() const { return Elements.front(); }
- CFGElement back()const { return Elements.back();}
+ CFGElement front() const { return
@@ -1481,22 +1449,24 @@ class Return : public Terminator {
return Vs.reduceReturn(*this, Ne);
}
- template
- typename C::CType compare(const Return *E, C ) const {
+ template typename C::CType compare(const Return *E, C ) const {
return Cmp.compare(Retval,
@@ -441,48 +419,79 @@ class PrettyPrinter {
// Return the precedence of a given node, for use in pretty printing.
unsigned precedence(const SExpr *E) {
switch (E->opcode()) {
- case COP_Future: return Prec_Atom;
- case COP_Undefined: return Prec_Atom;
-
@@ -107,7 +107,8 @@ class CallDescription {
return CD1.matches(Call);
}
- /// \copydoc clang::ento::CallDescription::matchesAny(const CallEvent &,
const CallDescription &)
+ /// \copydoc clang::ento::CallDescription::matchesAny(const CallEvent &,
const
+ ///
@@ -188,88 +187,79 @@ struct ValueType {
inline ValueType::SizeType ValueType::getSizeType(unsigned nbytes) {
switch (nbytes) {
-case 1: return ST_8;
-case 2: return ST_16;
-case 4: return ST_32;
-case 8: return ST_64;
-case 16: return ST_128;
-
@@ -1,15 +1,16 @@
-//ProgramStateTrait.h - Partial implementations of ProgramStateTrait -*- C++
-*-
+// ProgramStateTrait.h - Partial implementations of ProgramStateTrait -*- C++
+// -*-
//
-// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
-//
https://github.com/steakhal commented:
Right now I don't have more time for this. I reached this part:
https://github.com/llvm/llvm-project/pull/82599/files#diff-e06d50a75016837f80877b3aae594298eeead1f2260da82167e74289beca116dL2563
So far I haven't found anything critical. Only a handful of
@@ -226,6 +226,21 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
steakhal wrote:
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config
unroll-loops=true -verify %s
+
+void test_escaping_on_var_before_switch_case_no_crash(int c) {
+ switch (c) {
+int i; // expected error{{Reached root without finding the declaration of
https://github.com/steakhal requested changes to this pull request.
Thanks for working on this.
I think iterating the direct child nodes of the switch is fine. I can't think
of a better way.
https://github.com/llvm/llvm-project/pull/82089
___
@@ -226,6 +226,21 @@ static bool isPossiblyEscaped(ExplodedNode *N, const
DeclRefExpr *DR) {
return false;
}
}
+
+if (const SwitchStmt *SS = dyn_cast(S)) {
+ if (const CompoundStmt *CST = dyn_cast(SS->getBody())) {
+for (const Stmt *CB :
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/82089
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
https://github.com/steakhal approved this pull request.
Thanks for resolving my comments.
FYI if I forget about a PR (that I promise to come back on the next day) - feel
free to ping it or explicitly push the "request review" button.
Wait for
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/81855
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
steakhal wrote:
I'm excited to see this change.
I've not reviewed this yet.
https://github.com/llvm/llvm-project/pull/80457
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/80456
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
Pushed manually to preserve the patch author.
(I believe, "squash" would overwrite it.)
Merged as ae354c5a45d319b3117c2822b8f6988461f3cb33.
https://github.com/llvm/llvm-project/pull/80456
___
cfe-commits mailing list
Author: Loïc Joly
Date: 2024-02-05T17:02:24+01:00
New Revision: ae354c5a45d319b3117c2822b8f6988461f3cb33
URL:
https://github.com/llvm/llvm-project/commit/ae354c5a45d319b3117c2822b8f6988461f3cb33
DIFF:
https://github.com/llvm/llvm-project/commit/ae354c5a45d319b3117c2822b8f6988461f3cb33.diff
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
steakhal wrote:
Thanks Donát!
I'll wait for @Xazax-hun explicit approval to be sure everyone on board (who
left remarks) are okay with the current content.
https://github.com/llvm/llvm-project/pull/80456
___
cfe-commits mailing list
steakhal wrote:
It turns out we already had a downstream patch, so I'll drop this one in favor
of what we already had.
Sorry about the confusion.
This version is already in production for many years now.
https://github.com/llvm/llvm-project/pull/80456
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/80456
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/80456
>From 3a11db7ce1e91daacb86e183e7137db7a6101c9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Joly?=
Date: Tue, 9 Aug 2022 23:21:18 +0200
Subject: [PATCH] [analyzer] Model Microsoft "__assume" in the same
steakhal wrote:
> The code LGTM with some minor remarks. (Disclaimer: I'm not familiar with
> these MS functions.)
>
> I'm not sure whether these "builtin by Microsoft" functions are in scope for
> "our" BuiltinFunctionChecker which previously only checked functions that are
> recognized as
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/80456
>From 9065aec18b5b9c4d922b0650e709e71ed31b5a45 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Fri, 2 Feb 2024 16:24:21 +0100
Subject: [PATCH 1/2] [analyzer] Teach analzer about ms __analyzer_assume(bool)
steakhal wrote:
Let me know if this is correct @Xazax-hun. You probably have more insights on
these APIs than me ;)
https://github.com/llvm/llvm-project/pull/80456
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://github.com/steakhal created
https://github.com/llvm/llvm-project/pull/80456
See the MS docs:
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/using-the--analysis-assume-function-to-suppress-false-defects
steakhal wrote:
> Thanks!
Thanks for the quick workaround!
FYI Backport proposed in issue #79992, that refers to PR #79997 actually doing
the backport.
https://github.com/llvm/llvm-project/pull/79764
___
cfe-commits mailing list
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/79764
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
> Thanks! It would be great to get this landed as soon as possible to unbreak
> trunk. (I believe we need it for the 18.x branch too?)
I'll take care of the backport, after this PR is merged by @bolshakov-a
https://github.com/llvm/llvm-project/pull/79764
steakhal wrote:
> LGTM for the Static Analyzer.
Actually, the other hunk also makes sense. LGTM.
https://github.com/llvm/llvm-project/pull/79764
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
@@ -40,8 +40,12 @@ static const Expr *ignoreTransparentExprs(const Expr *E) {
switch (E->getStmtClass()) {
case Stmt::OpaqueValueExprClass:
-E = cast(E)->getSourceExpr();
-break;
+if (const clang::Expr *SE = cast(E)->getSourceExpr()) {
+ E = SE;
+
https://github.com/steakhal approved this pull request.
LGTM for the Static Analyzer.
Thanks for fixing this crash.
https://github.com/llvm/llvm-project/pull/79764
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://github.com/steakhal approved this pull request.
Approved with nits. This works around the crash.
https://github.com/llvm/llvm-project/pull/79764
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
@@ -40,8 +40,12 @@ static const Expr *ignoreTransparentExprs(const Expr *E) {
switch (E->getStmtClass()) {
case Stmt::OpaqueValueExprClass:
-E = cast(E)->getSourceExpr();
-break;
+if (const clang::Expr *SE = cast(E)->getSourceExpr()) {
+ E = SE;
+
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/79764
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -544,6 +545,21 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+static ProgramStateRef
+escapeArgs(ProgramStateRef State, CheckerContext , const CallEvent ,
+ const SmallVector ) {
+ const auto *CE =
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/79398
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
Thank you all participating, and especially for @Endilll committing the fix as
cc3fd1974696a792ba70ba670ed761937cd0735c.
Consider my
[issue](https://github.com/llvm/llvm-project/pull/71417#issuecomment-1897925793)
resolved. :)
https://github.com/llvm/llvm-project/pull/71417
steakhal wrote:
FYI this caused a crash in the Static Analyzer, tracked here: #79575
We will (well, probably I will) look into this to see what could be done about
it to workaround/fix the crash for clang-18.
https://github.com/llvm/llvm-project/pull/78041
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
@@ -1385,14 +1385,16 @@ Improvements
- Improved the ``unix.StdCLibraryFunctions`` checker by modeling more
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
Message-ID:
In-Reply-To:
@@ -245,10 +265,15 @@ int *nothingIsCertain(int x, int y) {
if (x >= 2)
return 0;
int *mem =
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
Message-ID:
In-Reply-To:
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/78315
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
Message-ID:
In-Reply-To:
@@ -221,18 +221,38 @@ int allocaRegion(void) {
return *mem;
}
-int *unknownExtent(int arg) {
- if
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
Message-ID:
In-Reply-To:
https://github.com/steakhal commented:
> Ouch, that seems to be a nasty issue. Thanks for doing the review and I hope
>
@@ -0,0 +1,133 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=alpha.unix.Stream \
+// RUN: -analyzer-checker=debug.StreamTester \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include
@@ -544,6 +545,21 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+static ProgramStateRef
+escapeArgs(ProgramStateRef State, CheckerContext , const CallEvent ,
+ const SmallVector ) {
+ const auto *CE =
@@ -0,0 +1,133 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=alpha.unix.Stream \
+// RUN: -analyzer-checker=debug.StreamTester \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include
@@ -0,0 +1,133 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=alpha.unix.Stream \
+// RUN: -analyzer-checker=debug.StreamTester \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include
@@ -544,6 +545,21 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+static ProgramStateRef
+escapeArgs(ProgramStateRef State, CheckerContext , const CallEvent ,
+ const SmallVector ) {
steakhal
@@ -0,0 +1,133 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=alpha.unix.Stream \
+// RUN: -analyzer-checker=debug.StreamTester \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include
https://github.com/steakhal commented:
I like what you do in this patch.
I only have a couple nits. That's it.
Tomorrow, I'll check if there are any other APIs that we should test; but seems
complete at first glance.
https://github.com/llvm/llvm-project/pull/79470
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/79470
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/79446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal requested changes to this pull request.
https://github.com/llvm/llvm-project/pull/79446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -3270,8 +3270,12 @@ void RangeConstraintManager::printJson(raw_ostream ,
ProgramStateRef State,
void RangeConstraintManager::printValue(raw_ostream , ProgramStateRef
State,
SymbolRef Sym) {
const RangeSet RS = getRange(State,
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/79446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
When is it possible to have an empty range set as a constraint?
https://github.com/llvm/llvm-project/pull/79446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
> I'm seconding the suggestions of @steakhal, and in particular I agree with
>
> > I'd also advise against using more callables bundled with CallDescriptions.
> > They make debugging code more difficult, as the control-flow would become
> > also data-dependent. I'd suggest
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/79398
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -44,7 +47,9 @@ class BugSuppression {
using CachedRanges =
llvm::SmallVector;
- llvm::DenseMap CachedSuppressionLocations;
+ llvm::DenseMap CachedSuppressionLocations{};
+
+ ASTContext
steakhal wrote:
```suggestion
llvm::DenseMap
@@ -27,6 +28,8 @@ class PathDiagnosticLocation;
class BugSuppression {
public:
+ BugSuppression(ASTContext ) : ACtx(ACtx) {}
steakhal wrote:
```suggestion
explicit BugSuppression(const ASTContext ) : ACtx(ACtx) {}
```
https://github.com/steakhal commented:
I only have minor nits. No objections.
https://github.com/llvm/llvm-project/pull/79398
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/78895
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -2211,6 +2221,15 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0;
+// int pclose(FILE *stream);
+addToFunctionSummaryMap(
+"pclose",
@@ -2211,6 +2221,15 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0;
+// int pclose(FILE *stream);
+addToFunctionSummaryMap(
+"pclose",
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/78895
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal requested changes to this pull request.
https://github.com/llvm/llvm-project/pull/78895
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal approved this pull request.
LGTM
https://github.com/llvm/llvm-project/pull/78930
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
I'm yet to review the PR, but I would express my opinion on the ergonomics of
the StreamChecker, as I've spent the last couple of days around it.
I find code duplication less harmful than unnatural generalization over small
set of functions (I know, it's a hot take :D).
@@ -778,42 +781,61 @@ void StreamChecker::evalFgetc(const FnDescription *Desc,
const CallEvent ,
assertStreamStateOpened(OldSS);
steakhal wrote:
The problem should apply to all APIs that potentially write to the passed
buffer; including `fread` too.
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/73638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -778,42 +781,61 @@ void StreamChecker::evalFgetc(const FnDescription *Desc,
const CallEvent ,
assertStreamStateOpened(OldSS);
steakhal wrote:
At first glance you should be right. However, when I tried it, it didn't break
any tests but this one.
I
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/77613
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
steakhal wrote:
> This patch breaks a downstream test, like this:
>
> ```c++
> void test_fscanf_2() {
> FILE *F1 = tmpfile();
> if (!F1)
> return;
>
> int a;
> unsigned b;
> fscanf(F1, "%d %u", , );
>
@@ -926,6 +932,49 @@ void StreamChecker::evalFputx(const FnDescription *Desc,
const CallEvent ,
C.addTransition(StateFailed);
}
+void StreamChecker::evalFprintf(const FnDescription *Desc,
+const CallEvent ,
+
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/73638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -778,42 +781,61 @@ void StreamChecker::evalFgetc(const FnDescription *Desc,
const CallEvent ,
assertStreamStateOpened(OldSS);
steakhal wrote:
This patch caused a downstream test failure.
Here is the fix:
```suggestion
// We don't model the buffer,
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
@@ -916,6 +922,45 @@ void StreamChecker::evalFputx(const FnDescription *Desc,
const CallEvent ,
C.addTransition(StateFailed);
}
+void StreamChecker::evalUngetc(const FnDescription *Desc, const
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
@@ -916,6 +922,45 @@ void StreamChecker::evalFputx(const FnDescription *Desc,
const CallEvent ,
C.addTransition(StateFailed);
}
+void StreamChecker::evalUngetc(const FnDescription *Desc, const
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy
Message-ID:
In-Reply-To:
steakhal wrote:
> @steakhal I handled all the suggestions from the first review round (either
> by updating the PR, or by replying / asking
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/78930
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
steakhal wrote:
This patch breaks a downstream test, like this:
```c++
void test_fscanf_2() {
FILE *F1 = tmpfile();
if (!F1)
return;
int a;
unsigned b;
fscanf(F1, "%d %u", , );
clang_analyzer_dump_int(a); // FP warning: 1st
https://github.com/steakhal approved this pull request.
LGTM
https://github.com/llvm/llvm-project/pull/78886
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -318,17 +396,87 @@ static Messages getTaintMsgs(const SubRegion *Region,
const char *OffsetName) {
RegName, OffsetName)};
}
-void ArrayBoundCheckerV2::performCheck(const Expr *E, CheckerContext ) const
{
- // NOTE: Instead of using
@@ -133,12 +195,19 @@ computeOffset(ProgramStateRef State, SValBuilder ,
SVal Location) {
return std::nullopt;
}
-// TODO: once the constraint manager is smart enough to handle non simplified
-// symbolic expressions remove this function. Note that this can not be used in
@@ -381,66 +542,98 @@ void ArrayBoundCheckerV2::performCheck(const Expr *E,
CheckerContext ) const {
compareValueToThreshold(State, ByteOffset, *KnownSize, SVB);
if (ExceedsUpperBound) {
+ // The offset may be invalid (>= Size)...
if
@@ -33,7 +33,66 @@ using namespace taint;
using llvm::formatv;
namespace {
-enum OOB_Kind { OOB_Precedes, OOB_Exceeds, OOB_Taint };
+class StateUpdateReporter {
+ const SubRegion *Reg;
+ NonLoc ByteOffsetVal;
+ std::optional ElementType = std::nullopt;
+ std::optional
@@ -318,17 +396,87 @@ static Messages getTaintMsgs(const SubRegion *Region,
const char *OffsetName) {
RegName, OffsetName)};
}
-void ArrayBoundCheckerV2::performCheck(const Expr *E, CheckerContext ) const
{
- // NOTE: Instead of using
@@ -255,7 +319,28 @@ static Messages getPrecedesMsgs(const SubRegion *Region,
NonLoc Offset) {
Out << "Access of " << RegName << " at negative byte offset";
if (auto ConcreteIdx = Offset.getAs())
Out << ' ' << ConcreteIdx->getValue();
- return
@@ -350,6 +498,10 @@ void ArrayBoundCheckerV2::performCheck(const Expr *E,
CheckerContext ) const {
auto [Reg, ByteOffset] = *RawOffset;
+ // The state updates will be reported as a single note tag, which will be
+ // composed by this helper class.
+
@@ -33,7 +33,66 @@ using namespace taint;
using llvm::formatv;
namespace {
-enum OOB_Kind { OOB_Precedes, OOB_Exceeds, OOB_Taint };
+class StateUpdateReporter {
+ const SubRegion *Reg;
+ NonLoc ByteOffsetVal;
+ std::optional ElementType = std::nullopt;
+ std::optional
401 - 500 of 1050 matches
Mail list logo
