[PATCH] D127306: [analyzer] Treat system globals as mutable if they are not const

Gabor Marton via Phabricator via cfe-commits Tue, 14 Jun 2022 08:07:39 -0700

martong added a comment.

In D127306#3580981 <https://reviews.llvm.org/D127306#3580981>, @steakhal wrote:


> - Modify the `GenericTaintChecker::isStdin()` to look through //derived 
> symbols//, to mitigate the effect of invalidations.

So, the taint property is still not propagated by the engine after the 
invalidation. BUT, since we have the

  static bool isTaintedOrPointsToTainted(const Expr *E, .... {
    if (isTainted(State, E, C.getLocationContext()) || isStdin(E, C))
      return true;

condition and the modified `isStdin`, now we consider the `Expr*` associated to 
stdin as tainted. Please confirm my understanding is correct.



================
Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:98-101
+  const auto *DeclReg = dyn_cast_or_null<DeclRegion>(
+      isa<SymbolDerived>(Sym)       ? cast<SymbolDerived>(Sym)->getRegion()
+      : isa<SymbolRegionValue>(Sym) ? cast<SymbolRegionValue>(Sym)->getRegion()
+                                    : nullptr);
----------------
This code yields to a virtual function call. And we fortunately have that 
virtual function in the base class.
Use `SymExpr::getOriginRegion()` and `dyn_cast_or_null` to `DeclRegion`.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D127306/new/

https://reviews.llvm.org/D127306

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D127306: [analyzer] Treat system globals as mutable if they are not const

Reply via email to