aaronpuchert added a comment. In D152246#4484366 <https://reviews.llvm.org/D152246#4484366>, @tbaeder wrote:
> So, the problem with this (type of) analysis is that we don't have a perfect > view of the (global) program state, right? The CFG is per-function, and any > other function (etc.) might change a function pointer. And we don't even know > its initial value. Correct? The CFG-based anaylsis is just not enough to > reliably diagnose this sort of problem. Exactly, the analysis is strictly intraprocedural. So we'll only see any value if initialization/assignment and call are in the same function. And if the value is uniquely determined, the question is why does the function do an indirect call at all? I could imagine this in something like a unit test, but these are not so interesting for static analysis. So basically the code would need to look like this: void f() __attribute__((requires_capability(mu))); void g() { void (*pf)() = f; pf(); } But why would someone write this instead of a direct call to `f`? CHANGES SINCE LAST ACTION https://reviews.llvm.org/D152246/new/ https://reviews.llvm.org/D152246 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits