[clang] [clang][analyzer] Support `fgets` in the SteamChecker (PR #73638)

Balazs Benics via cfe-commits Wed, 24 Jan 2024 07:44:42 -0800

================
@@ -778,42 +781,61 @@ void StreamChecker::evalFgetc(const FnDescription *Desc, 
const CallEvent &Call,
   assertStreamStateOpened(OldSS);
 
----------------
steakhal wrote:

At first glance you should be right. However, when I tried it, it didn't break 
any tests but this one.
I presume there must be something else going on that prevents escaping the 
stream pointer.
I've not checked.

Alternatively what I did was this:
```c++
[[nodiscard]] static ProgramStateRef
escapeArgsAfterIndex(ProgramStateRef State, CheckerContext &C,
                     const CallEvent &Call, unsigned FirstEscapingArgIndex) {
  const auto *CE = Call.getOriginExpr();
  assert(CE);

  if (Call.getNumArgs() <= FirstEscapingArgIndex)
    return State;

  SmallVector<SVal> EscapingArgs;
  EscapingArgs.reserve(Call.getNumArgs() - FirstEscapingArgIndex);
  for (auto EscArgIdx :
       llvm::seq<int>(FirstEscapingArgIndex, Call.getNumArgs()))
    EscapingArgs.push_back(Call.getArgSVal(EscArgIdx));
  State = State->invalidateRegions(EscapingArgs, CE, C.blockCount(),
                                   C.getLocationContext(),
                                   /*CausesPointerEscape=*/false);
  return State;
}

// at the callsite:
State = escapeArgsAfterIndex(State, C, Call, /*FirstEscapingArgIndex=*/2);
```

https://github.com/llvm/llvm-project/pull/73638
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Support `fgets` in the SteamChecker (PR #73638)

Reply via email to