Charusso marked 3 inline comments as done. Charusso added a comment. In order to bypass the `CK_LValueToRValue` `evalCast()` we have to create en `ElementRegion` as a return-value of the problematic function call. In that case for a mythical reason we miss the fact the pointer is nullable. I have not figured out yet why, but tried to create an appropriate return-value.
================ Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2122 + + SVal ConjuredV = SVB.getConjuredHeapSymbolVal(CE, LCtx, C.blockCount()); + SVal ResultV = loc::MemRegionVal(SVB.getRegionManager().getElementRegion( ---------------- NoQ wrote: > Charusso wrote: > > NoQ wrote: > > > Why "heap"? > > Well, a string which length is at least 16 characters long is going to be > > allocated on the heap. I have to conjure the string here to create its > > element. > o.o > ```lang=c++ > void foo() { > // This string is 20 characters long > // but it's clearly on the stack. > char str[] = "12345678901234567890"; > // This one is therefore also on the stack. > char *ptr = strchr(str, '0'); > } > ``` > Well, a string which length is at least 16 characters long is going to be > allocated on the heap. I have to conjure the string here to create its > element. I really felt that the `std::string` should behave like the C-strings, but C-strings are on the stack whatever it takes, yes, my bad. Thanks for pointing that out! ================ Comment at: clang/test/Analysis/cert/str30-c-notes.cpp:29 + if (slash) { + // expected-note@-1 {{'slash' is non-null}} + // expected-note@-2 {{Taking true branch}} ---------------- Needs to be an assumption. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71155/new/ https://reviews.llvm.org/D71155 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits