aaron.ballman accepted this revision. aaron.ballman added a comment. This revision is now accepted and ready to land.
Thank you for this! Mostly just bikeshedding on names (allowlist as a verb sounds weird to me), feel free to take or leave the suggestions. LG aside from the formatting nits. ================ Comment at: clang/lib/StaticAnalyzer/Checkers/EnumCastOutOfRangeChecker.cpp:97 // all other cast kinds (where enum range checks are unnecessary or invalid), - // just return immediately. TODO: The set of casts whitelisted for enum + // just return immediately. TODO: The set of casts allowlisted for enum // range checking may be incomplete. Better to add a missing cast kind to ---------------- ================ Comment at: clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp:1191-1199 + llvm::SmallPtrSet<SymbolRef, 8> AllowlistedSymbols; for (const MemRegion *I : ExplicitRegions) if (const SymbolicRegion *SR = I->StripCasts()->getAs<SymbolicRegion>()) - WhitelistedSymbols.insert(SR->getSymbol()); + AllowlistedSymbols.insert(SR->getSymbol()); for (SymbolRef sym : *invalidated) { ---------------- ================ Comment at: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp:12 // range of actions is significantly limited: can't write variables, -// can't call functions not in whitelist, etc. For more details, see +// can't call functions not in allowed list, etc. For more details, see // http://man7.org/linux/man-pages/man2/vfork.2.html ---------------- ================ Comment at: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp:53 bool isVforkCall(const Decl *D, CheckerContext &C) const; - bool isCallWhitelisted(const IdentifierInfo *II, CheckerContext &C) const; + bool isCallAllowlisted(const IdentifierInfo *II, CheckerContext &C) const; ---------------- ================ Comment at: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp:96 // Returns true iff ok to call function after successful vfork. -bool VforkChecker::isCallWhitelisted(const IdentifierInfo *II, +bool VforkChecker::isCallAllowlisted(const IdentifierInfo *II, CheckerContext &C) const { ---------------- Also, should fix the clang-format issue. ================ Comment at: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp:182 -// Prohibit calls to non-whitelist functions in child process. +// Prohibit calls to non-allowlisted functions in child process. void VforkChecker::checkPreCall(const CallEvent &Call, ---------------- ================ Comment at: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp:187 if (isChildProcess(State) - && !isCallWhitelisted(Call.getCalleeIdentifier(), C)) + && !isCallAllowlisted(Call.getCalleeIdentifier(), C)) reportBug("This function call", C); ---------------- Might as well handle this formatting issue. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D112642/new/ https://reviews.llvm.org/D112642 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits