steakhal wrote:
> In addition to the above-mentioned issues there is also a conceptual problem
> with using `getOriginRegion()` to describe a symbol: it names the region
> where the symbol _originated_ (if it originated as the unknown initial value
> of a symbol), which is not necessarily the region where the symbol is stored
> _now_.
>
> For example consider the (somewhat contrived) code
>
> ```
> int matrix[10][10];
> int func(int x, int y) {
> int tmp = x;
> x = y;
> y = tmp;
> return matrix[x][-999];
> }
> ```
>
> Here the checker alpha.security.ArrayBoundV2 (which uses
> `getDescriptiveName`) would report that
>
> ```
> Access of 'matrix[y]' at negative byte offset
> ```
>
> because the symbolic value of the index _originated from_ the parameter `y`
> (i.e. the symbol is identified as "this is the initial value of `y`).
I agree, but I don't see how this relates to this patch.
I think the original author of this code probably wanted to something what we
propose here.
We can argue if that's a good thing or not, but that feels like a different
topic to me.
https://github.com/llvm/llvm-project/pull/85104
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
