steakhal added a comment. In D97183#2597099 <https://reviews.llvm.org/D97183#2597099>, @RedDocMD wrote:
> The InnerPointerVal memory region is not marked as interesting as of now, I > have tried that out. The branch condition constraint is set by the > ConstraintManager and it is queried via in the State in the method > `smartptr::isNullSmartPtr` at `SmartPtrModelling.cpp:104`. I have to see if > the `ConstraintManager` can mark the memory region as important. Hm, I don't think you can make this work. The deref bug is reported only if the smartptr::isNullSmartPtr(State, ThisRegion) <https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/SmartPtrChecker.cpp#L74-L75> is `true`. Which is only true if the InnerPointVal <https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp#L104-L108> is known to be `null`. So the information on how we get to know that the smart pointer is null is already lost. From this perspective, I don't think you have any other choice than to walk back from the bug to the root using a bugreport visitor - and check whether or not the inner pointer is used in a branch condition. I might be wrong about this, since this was the first time I had a deeper look at the SmartPtrChecker. The TaintBugVisitor <https://github.com/llvm/llvm-project/blob/62ec4ac90738a5f2d209ed28c822223e58aaaeb7/clang/lib/StaticAnalyzer/Checkers/Taint.cpp#L232> could give you a hint on how to implement this. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D97183/new/ https://reviews.llvm.org/D97183 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
