Charusso added a comment. In D69599#1730707 <https://reviews.llvm.org/D69599#1730707>, @NoQ wrote:
> > This is the first step to mitigate that issue. > > What's the issue? Well, after I mentioned an issue I have realized the somewhat path-insensitive `getSizeInElements()` does not touch the (void *) return value. Basically the expression `int *foo = malloc()` could not compile, and I had felt that the assumptions about the overflow are wrong. Now I see that none of the overflow tests would compile, so I think we just bypass a cast here-and-there. Therefore there is no issue, just I was surprised. ================ Comment at: clang/lib/StaticAnalyzer/Core/DynamicSize.cpp:37-39 + const llvm::APSInt *SizeInt = SVB.getKnownValue(State, Size); + if (!SizeInt) + return UnknownVal(); ---------------- NoQ wrote: > Even if the size is not concrete, you can ask `SValBuilder` to perform the > division. It's going to be a symbolic expression which we won't be able to > work with anyway, but these days we believe that it's still worth it, in hope > that our constraint solver eventually gets better. Good idea, thanks! CHANGES SINCE LAST ACTION https://reviews.llvm.org/D69599/new/ https://reviews.llvm.org/D69599 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits