aaronpuchert added a comment.
In D152246#4484366 <https://reviews.llvm.org/D152246#4484366>, @tbaeder wrote:
> So, the problem with this (type of) analysis is that we don't have a perfect
> view of the (global) program state, right? The CFG is per-function, and any
> other function (etc.) might change a function pointer. And we don't even know
> its initial value. Correct? The CFG-based anaylsis is just not enough to
> reliably diagnose this sort of problem.
Exactly, the analysis is strictly intraprocedural. So we'll only see any value
if initialization/assignment and call are in the same function. And if the
value is uniquely determined, the question is why does the function do an
indirect call at all? I could imagine this in something like a unit test, but
these are not so interesting for static analysis.
So basically the code would need to look like this:
void f() __attribute__((requires_capability(mu)));
void g() {
void (*pf)() = f;
pf();
}
But why would someone write this instead of a direct call to `f`?
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D152246/new/
https://reviews.llvm.org/D152246
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
