https://github.com/NagyDonat commented:
Looks good overall, I added several suggestions but they mostly tweak the documentation and the comments. Moreover, I don't see any tests where the separation between `optin.taint.TaintedDiv` and `core.DivideZero` is tested by enabling one of them and disabling the other. You should probably add a new short test file for this where: - taint modeling is active; - there are two RUN lines (with different `-verify=...` tags): one that enables `optin.taint.TaintedDiv` and one that enables `core.DivideZero`; - there are testcases that perform division by: - a value that comes from a tainted source and is known to be zero at the point of division (I know that e.g. in an `if (x == 0)` block `getSVal()` will return a `ConcreteInt` as the value of `x` instead of the (potentially tainted) symbol that was used to represent it earlier -- but it would be still nice to see this situation.) - a value that comes from a tainted source and may be either zero or nonzero; - a value that comes from a tainted source and is known to be nonzero. https://github.com/llvm/llvm-project/pull/106389 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
