================
@@ -194,30 +187,28 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const
CallEvent &Call,
SVal RetVal = SVB.evalBinOp(State, Op, Arg1, Arg2, ResultType);
auto [Overflow, NotOverflow] = checkOverflow(C, RetValMax, ResultType);
- if (NotOverflow) {
- ProgramStateRef StateNoOverflow = State->BindExpr(
- CE, C.getLocationContext(), SVB.makeTruthVal(false, BoolTy));
+ auto initializeState = [&](bool isOverflow) {
+ ProgramStateRef NewState = State->BindExpr(
+ CE, C.getLocationContext(), SVB.makeTruthVal(isOverflow, BoolTy));
if (auto L = Call.getArgSVal(2).getAs<Loc>()) {
- StateNoOverflow =
- StateNoOverflow->bindLoc(*L, RetVal, C.getLocationContext());
+ NewState = NewState->bindLoc(*L, RetVal, C.getLocationContext());
- // Propagate taint if any of the argumets were tainted
+ // Propagate taint if any of the arguments were tainted
if (isTainted(State, Arg1) || isTainted(State, Arg2))
- StateNoOverflow = addTaint(StateNoOverflow, *L);
+ NewState = addTaint(NewState, *L);
}
- C.addTransition(
- StateNoOverflow,
- createBuiltinNoOverflowNoteTag(
- C, /*BothFeasible=*/NotOverflow && Overflow, Arg1, Arg2, RetVal));
- }
+ C.addTransition(NewState,
+ createBuiltinOverflowNoteTag(C, /*overflow=*/isOverflow,
+ Arg1, Arg2, RetVal));
+ };
- if (Overflow) {
- C.addTransition(State->BindExpr(CE, C.getLocationContext(),
- SVB.makeTruthVal(true, BoolTy)),
- createBuiltinOverflowNoteTag(C));
- }
+ if (NotOverflow)
+ initializeState(false);
----------------
steakhal wrote:
I don't likr that this call has a side-effect. I eish we would be explicit
about mutations. Pass whats needed, get the return value that it would produce.
https://github.com/llvm/llvm-project/pull/136345
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
