steakhal wrote:
Speaking of testing, we should probably not overdo it. Clang format is a
different component. They likely want to remain flexible. If we pin their
output too hard, they would become unhappy long term.
Consequently, having a couple is desired, but other than that if we want to pi
https://github.com/steakhal commented:
Looks great. This should be tested in the unittests, somehwere the sibling APIs
are tested.
https://github.com/llvm/llvm-project/pull/156046
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.l
steakhal wrote:
> > > > I don't think I have the time to do a proper focused review, so I'd at
> > > > this point forward you to @NagyDonat to finish the reviews.
> > >
> > >
> > > @steakhal The "Requested change" review status is still active from your
> > > old review. Is it just a github g
steakhal wrote:
> > I don't think I have the time to do a proper focused review, so I'd at this
> > point forward you to @NagyDonat to finish the reviews.
>
> @steakhal The "Requested change" review status is still active from your old
> review. Is it just a github glitch?
Im on vacation. I
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
@@ -165,3 +165,124 @@ void LValueToRValueBitCast_dumps(void *p, char
(*array)[8]) {
unsigned long ptr_arithmetic(void *p) {
return __builtin_bit_cast(unsigned long, p) + 1; // no-crash
}
+
+
+void escape(int*);
+
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
@@ -74,6 +74,26 @@ class PointerArithChecker
REGISTER_MAP_WITH_PROGRAMSTATE(RegionState, const MemRegion *, AllocKind)
+namespace {
steakhal wrote:
We follow the LLVM style guide, which promotes t
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
@@ -165,3 +165,124 @@ void LValueToRValueBitCast_dumps(void *p, char
(*array)[8]) {
unsigned long ptr_arithmetic(void *p) {
return __builtin_bit_cast(unsigned long, p) + 1; // no-crash
}
+
+
+void escape(int*);
+
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
@@ -165,3 +165,124 @@ void LValueToRValueBitCast_dumps(void *p, char
(*array)[8]) {
unsigned long ptr_arithmetic(void *p) {
return __builtin_bit_cast(unsigned long, p) + 1; // no-crash
}
+
+
+void escape(int*);
+
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
@@ -165,3 +165,124 @@ void LValueToRValueBitCast_dumps(void *p, char
(*array)[8]) {
unsigned long ptr_arithmetic(void *p) {
return __builtin_bit_cast(unsigned long, p) + 1; // no-crash
}
+
+
+void escape(int*);
+
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
https://github.com/steakhal requested changes to this pull request.
Looks sweet. I did the first round, I'll let others to finish the rest while
I'm on vacation
https://github.com/llvm/llvm-project/pull/155855
___
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/155855
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe
@@ -14,6 +14,8 @@
#include "Inputs/system-header-simulator-for-malloc.h"
+#include
steakhal wrote:
Yes, that should largely work.
https://github.com/llvm/llvm-project/pull/155131
___
cfe-commits mailing list
cfe-
steakhal wrote:
/cherry-pick 0a1eff2ecedcb11acb3e9d4b75ee1e1bebd69a70
6c9f1ce429809e5a91683ed6cef9a435047bebd1
https://github.com/llvm/llvm-project/pull/151908
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mail
steakhal wrote:
One more comment. Please don't use force-pushes on GitHub. That ruins the
review experience. Use merges instead, and never break your commit history
chain.
Another remark would be to add the commit hash to the reply comment where you
say that something was fixed. That way the
@@ -3068,12 +3124,240 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Helper function to check if a name is a recognized smart pointer name
+static bool isSmartPtrName(StringRef Name) {
+ return Name == "unique_ptr
@@ -3068,12 +3124,240 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Helper function to check if a name is a recognized smart pointer name
+static bool isSmartPtrName(StringRef Name) {
+ return Name == "unique_ptr
@@ -1096,6 +1104,54 @@ class StopTrackingCallback final : public SymbolVisitor {
return true;
}
};
+
+/// EscapeTrackedCallback - A SymbolVisitor that marks allocated symbols as
+/// escaped.
+///
+/// This visitor is used to suppress false positive leak reports when smar
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152751
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -3068,12 +3124,240 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Helper function to check if a name is a recognized smart pointer name
+static bool isSmartPtrName(StringRef Name) {
+ return Name == "unique_ptr
@@ -3068,12 +3124,240 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Helper function to check if a name is a recognized smart pointer name
+static bool isSmartPtrName(StringRef Name) {
+ return Name == "unique_ptr
https://github.com/steakhal commented:
I think it looks pretty good. A lot of improvements!
I don't think I have the time to do a proper focused review, so I'd at this
point forward you to @NagyDonat to finish the reviews.
https://github.com/llvm/llvm-project/pull/152751
_
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -verify -analyzer-output=text %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=cplusplus \
+// RUN: -analyzer-checker=unix
+// expected-no-diagnostics
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+/
steakhal wrote:
I was initially surprised that the clang CFG was not changed in the PR.
This made me suspicious. Later realized that since this change was implemented
in terms of the `BreakStmt`, everything should work out of the box.
I started playing with it and everything looked correct to me
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/154741
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
@tru I have this
(https://github.com/llvm/llvm-project/commit/0a1eff2ecedcb11acb3e9d4b75ee1e1bebd69a70)
simple patch that I want to backport to clang-21, however, it broke the CI
build on main, so there was a followup patch
(https://github.com/llvm/llvm-project/commit/6c9f1ce4
https://github.com/steakhal milestoned
https://github.com/llvm/llvm-project/pull/151908
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
The clang-21 backport PR is #154738.
https://github.com/llvm/llvm-project/pull/151719
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/148576
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1191,6 +1189,9 @@ New features
so frequent 'not yet implemented' diagnostics should be expected. Also, the
ACC MLIR dialect does not currently implement any lowering to LLVM-IR, so no
code generation is possible for OpenACC.
+- Implemented `P2719R5 Type-aware allocat
steakhal wrote:
Hi, I was about to update the Static Analyzer release notes, and I noticed that
it had this entry.
Could you please move it somewhere more appropriate?
I don't think the content right now relates to the Clang Static Analyzer.
https://github.com/llvm/llvm-project/pull/145938
steakhal wrote:
/cherry-pick 17327482f045b7119e116320db3e9c12fcf250ae
https://github.com/llvm/llvm-project/pull/151719
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal milestoned
https://github.com/llvm/llvm-project/pull/151719
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
steakhal wrote:
/cherry-pick 17327482f045b7119e116320db3e9c12fcf250ae
https://github.com/llvm/llvm-project/pull/151719
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/153498
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
@@ -0,0 +1,33 @@
+// RUN: %check_clang_tidy %s bugprone-cast-to-struct %t -- \
+// RUN: -config="{CheckOptions: {bugprone-cast-to-struct.IgnoredCasts:
'char;S1;int;Other*'}}"
steakhal
=?utf-8?q?Bal=C3=A1zs_K=C3=A9ri?= ,
=?utf-8?q?Bal=C3=A1zs_K=C3=A9ri?=
Message-ID:
In-Reply-To:
https://github.com/steakhal requested changes to this pull request.
https://github.com/llvm/llvm-project/pull/153428
___
cfe-commits mailing list
cfe-comm
=?utf-8?q?Balázs_Kéri?= ,
=?utf-8?q?Balázs_Kéri?=
Message-ID:
In-Reply-To:
@@ -0,0 +1,82 @@
+//===--- CastToStructCheck.cpp - clang-tidy
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://
https://github.com/steakhal approved this pull request.
Thanks
https://github.com/llvm/llvm-project/pull/154262
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/152850
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -3068,11 +3111,174 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Use isWithinStdNamespace from CheckerHelpers.h instead of custom
+// implementation
+
+// Allowlist of owning smart pointers we want to recognize
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152751
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,80 @@
+// RUN: %clang_analyze_cc1 -verify -analyzer-output=text %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=cplusplus \
+// RUN: -analyzer-checker=unix
+// expected-no-diagnostics
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+/
@@ -3068,11 +3111,174 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Use isWithinStdNamespace from CheckerHelpers.h instead of custom
+// implementation
+
+// Allowlist of owning smart pointers we want to recognize
@@ -0,0 +1,80 @@
+// RUN: %clang_analyze_cc1 -verify -analyzer-output=text %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=cplusplus \
+// RUN: -analyzer-checker=unix
+// expected-no-diagnostics
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+/
@@ -3068,11 +3111,174 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Use isWithinStdNamespace from CheckerHelpers.h instead of custom
+// implementation
+
+// Allowlist of owning smart pointers we want to recognize
@@ -3107,24 +3111,13 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
-static QualType canonicalStrip(QualType QT) {
- return QT.getCanonicalType().getUnqualifiedType();
-}
-
-static bool isInStdNamespace(const DeclCont
https://github.com/steakhal requested changes to this pull request.
I like the progress. It's definitely going in the right direction.
Keep it up!
https://github.com/llvm/llvm-project/pull/152751
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
@@ -1096,6 +1098,47 @@ class StopTrackingCallback final : public SymbolVisitor {
return true;
}
};
+
+/// EscapeTrackedCallback - A SymbolVisitor that marks allocated symbols as
+/// escaped.
+///
+/// This visitor is used to suppress false positive leak reports when smar
@@ -52,6 +52,7 @@
#include "clang/AST/DeclTemplate.h"
#include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"
+
steakhal wrote:
```suggestion
```
https://github.com/llvm/llvm-project/pull/152751
___
cfe-commits m
@@ -1096,6 +1098,47 @@ class StopTrackingCallback final : public SymbolVisitor {
return true;
}
};
+
+/// EscapeTrackedCallback - A SymbolVisitor that marks allocated symbols as
+/// escaped.
+///
+/// This visitor is used to suppress false positive leak reports when smar
@@ -1096,6 +1098,47 @@ class StopTrackingCallback final : public SymbolVisitor {
return true;
}
};
+
+/// EscapeTrackedCallback - A SymbolVisitor that marks allocated symbols as
+/// escaped.
+///
+/// This visitor is used to suppress false positive leak reports when smar
@@ -3068,11 +3111,174 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+// Use isWithinStdNamespace from CheckerHelpers.h instead of custom
+// implementation
+
+// Allowlist of owning smart pointers we want to recognize
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
@@ -52,6 +52,9 @@
#include "clang/AST/DeclTemplate.h"
#include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"
+#include "clang/AST/TemplateBase.h"
+#include "clang/AST/Type.h"
+
steakhal wrote:
```suggestion
```
https://github.com/llvm/llvm-project/pull/15
@@ -1096,6 +1100,41 @@ class StopTrackingCallback final : public SymbolVisitor {
return true;
}
};
+
+/// EscapeTrackedCallback - A SymbolVisitor that marks allocated symbols as
+/// escaped.
+///
+/// This visitor is used to suppress false positive leak reports when smar
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -verify -analyzer-output=text %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=cplusplus \
+// RUN: -analyzer-checker=unix
+// expected-no-diagnostics
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+/
https://github.com/steakhal requested changes to this pull request.
Hey, thanks for the PR. I can see that you spent some time thinking about this
issue.
I see no fundamental issues with the proposed changes, except that we could
improve the implementation a bit.
Thanks again!
https://github.c
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
steakhal wrote:
Whats the d
@@ -3068,11 +3107,217 @@ void MallocChecker::checkDeadSymbols(SymbolReaper
&SymReaper,
C.addTransition(state->set(RS), N);
}
+static QualType canonicalStrip(QualType QT) {
+ return QT.getCanonicalType().getUnqualifiedType();
+}
+
+static bool isInStdNamespace(const DeclCon
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152751
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
steakhal wrote:
> Also why was the PR closed, it looks like it was landed.
I merged the PR, but I wanted a rebase merge to preserve both commits so I did
it manually.
Check the last couple comments and committers of:
a62441d4bb6bd0c
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To:
@@ -95,6 +110,30 @@ class UnixAPIPortabilityChecker : public Checker<
check::PreStmt > {
} // end anonymous namespace
+ProgramStateRef UnixAPIMisuseChecker::EnsurePtrNotNull(
+SVal PtrVal, const Expr *PtrExpr,
https://github.com/steakhal created
https://github.com/llvm/llvm-project/pull/152850
Addresses https://github.com/llvm/llvm-project/pull/83027#discussion_r2264102109
We can only reach this part by a non-null `Ptr`, which also implies a
dereference of `PtrExpr`. Consequently, `PtrExpr` cannot b
https://github.com/steakhal approved this pull request.
Thanks for the ping. Looks good!
https://github.com/llvm/llvm-project/pull/151035
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commit
steakhal wrote:
Hmm, I removed myself and it says I also removed MikeWeller. - which is really
weird.
Please disregard that, and also my past "requests changes".
https://github.com/llvm/llvm-project/pull/146355
___
cfe-commits mailing list
cfe-commits
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?=
Message-ID:
In-Reply-To:
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-proje
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/152462
>From 909f0bce1aec9939eeecdaa8c3f0a028f89d96f4 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 16:52:39 +0800
Subject: [PATCH 1/4] [StaticAnalyzer] [MallocChecker] Detect use-after-free
for field
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/152462
>From 909f0bce1aec9939eeecdaa8c3f0a028f89d96f4 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 16:52:39 +0800
Subject: [PATCH 1/5] [StaticAnalyzer] [MallocChecker] Detect use-after-free
for field
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
steakhal wrote:
I don't think I'll any time to contribute to this PR: doing reviews or upstream
an alternative implementation.
To be transparent, I didn't ask for permission no matter if it would be
approved, I'd not be able to commit myself.
I resign from the review. Sorry that I incidentally
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
+ fr
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/152462
>From 909f0bce1aec9939eeecdaa8c3f0a028f89d96f4 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 16:52:39 +0800
Subject: [PATCH 1/4] [StaticAnalyzer] [MallocChecker] Detect use-after-free
for field
@@ -0,0 +1,295 @@
+//=== MissingTerminatingZeroChecker.cpp -*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal approved this pull request.
Thank you for your finding. It will be automatically merged once the CI bots
are happy.
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
ht
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
+ fr
@@ -3156,8 +3156,8 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ Symbol
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
steakhal wrote:
```suggestion
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
```
https://github.com/llvm/llvm-project/pull/152462
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?=
Message-ID:
In-Reply-To:
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/152137
___
cfe-commi
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?=
Message-ID:
In-Reply-To:
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152137
___
cfe-commi
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?=
Message-ID:
In-Reply-To:
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/152137
___
cfe-commi
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?= ,
Endre =?utf-8?q?Fülöp?=
Message-ID:
In-Reply-To:
steakhal wrote:
> With the above proposed fix, I think it may no longer be NFC technically.
> Please feel free to remove the tag if you see fit.
> Or this fixing of the ExprEngine could become
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?=
Message-ID:
In-Reply-To:
@@ -150,4 +152,23 @@ TEST(ExprEngineVisitTest, checkLocationAndBind) {
EXPECT_TRUE(LocPos > BindPos);
}
+TEST(ExprEngineVisitTest, checkLocat
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?= ,
Endre =?utf-8?q?F=C3=BCl=C3=B6p?=
Message-ID:
In-Reply-To:
@@ -152,4 +152,23 @@ TEST(ExprEngineVisitTest, checkLocationAndBind) {
EXPECT_TRUE(LocPos > BindPos);
}
+TEST(ExprEngineVisitTest, checkLocat
steakhal wrote:
Hey, thanks for contributing!
I usually look at the tests before looking at the actual change. Could you
demonstrate the improvement?
You can grep for files containing similar diagnostics under the
`clang/test/Analysis` folder if you look for the report messages. Pick one file
Endre =?utf-8?q?Fülöp?=
Message-ID:
In-Reply-To:
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/152137
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
Endre =?utf-8?q?F=C3=BCl=C3=B6p?=
Message-ID:
In-Reply-To:
https://github.com/steakhal requested changes to this pull request.
Ah, just to avoid confusion. Fix the unittests first; then I'll approve :D
https://github.com/llvm/llvm-project/pull/152137
__
Endre =?utf-8?q?F=C3=BCl=C3=B6p?=
Message-ID:
In-Reply-To:
https://github.com/steakhal approved this pull request.
https://github.com/llvm/llvm-project/pull/152137
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bi
Endre =?utf-8?q?Fülöp?=
Message-ID:
In-Reply-To:
steakhal wrote:
There is a relevant test failure in CI:
```
2025-08-05T13:49:04.5020375Z Failed Tests (1):
2025-08-05T13:49:04.5020697Z Clang-Unit ::
./AllClangUnitTests/ExprEngineVisitTest/checkLocationAndBind
```
https://github.com/llvm/ll
1 - 100 of 2172 matches
Mail list logo
