Charusso marked 3 inline comments as done.
Charusso added a comment.
In order to bypass the `CK_LValueToRValue` `evalCast()` we have to create en
`ElementRegion` as a return-value of the problematic function call. In that
case for a mythical reason we miss the fact the pointer is nullable. I have not
figured out yet why, but tried to create an appropriate return-value.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2122
+
+ SVal ConjuredV = SVB.getConjuredHeapSymbolVal(CE, LCtx, C.blockCount());
+ SVal ResultV = loc::MemRegionVal(SVB.getRegionManager().getElementRegion(
----------------
NoQ wrote:
> Charusso wrote:
> > NoQ wrote:
> > > Why "heap"?
> > Well, a string which length is at least 16 characters long is going to be
> > allocated on the heap. I have to conjure the string here to create its
> > element.
> o.o
> ```lang=c++
> void foo() {
> // This string is 20 characters long
> // but it's clearly on the stack.
> char str[] = "12345678901234567890";
> // This one is therefore also on the stack.
> char *ptr = strchr(str, '0');
> }
> ```
> Well, a string which length is at least 16 characters long is going to be
> allocated on the heap. I have to conjure the string here to create its
> element.
I really felt that the `std::string` should behave like the C-strings, but
C-strings are on the stack whatever it takes, yes, my bad. Thanks for pointing
that out!
================
Comment at: clang/test/Analysis/cert/str30-c-notes.cpp:29
+ if (slash) {
+ // expected-note@-1 {{'slash' is non-null}}
+ // expected-note@-2 {{Taking true branch}}
----------------
Needs to be an assumption.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71155/new/
https://reviews.llvm.org/D71155
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
