Paul Cochrane wrote:
I've had a chance to look at this and the implementation looks quite
good to me.
There's one thing that still bothers me. The snipped output is:
> Event alias: aliasing "(ins)->next" with "ins2"
> Also see events: [freed_arg][use_after_free]
> At conditional (1): "ins2 != 0" taking true path
>
> 512 for (ins2 = ins->next; ins2; ins2 = ins2->next) {
...
> Event freed_arg: Pointer "ins2" freed by function "subst_ins" [model]
> Also see events: [alias][use_after_free]
>
> 536 subst_ins(unit, ins2, tmp, 1);
There's "Also see events: [freed_arg][use_after_free]" and there's a
line saying "Event freed_arg: ..."
Then there's "Also see events: [alias][use_after_free]" and a line
saying "Event alias: ..."
This makes we wonder if there's any line saying "Event use_after_free:
..." in the report?
Thanks,
Ron
