[PATCH] D30691: [analyzer] Support for naive cross translational unit analysis

dkrupp requested changes to this revision. dkrupp added a comment. This revision now requires changes to proceed. Please fix the incompatibility between analyze-build and lib/CrossTU in the format of externalFnMap.txt mappfing file. Comment at: tools/scan-build-py/libscanbuild

[PATCH] D30691: [analyzer] Support for naive cross translational unit analysis

dkrupp added a comment. Thanks for the reviews so far. I think we have addressed all major concerns regarding this patch: -(Anna) Scan-build-py integration of the functionality is nearly finished (see https://github.com/rizsotto/scan-build/issues/83) (--ctu switch performs both analysis phases

[PATCH] D30691: [analyzer] Support for naive cross translational unit analysis

dkrupp added a comment. Thanks. > It would be best to just add the scan-build-py support to the tree, > especially, since the new scrips are not tested. OK. We will update this patch with the scan-build-py changes and remove the ctu-build.py and ctu-analyze.py scripts. > I am curious which op

[PATCH] D41150: [CFG] Adding new CFGStmt LoopEntrance for the StaticAnalyzer

dkrupp added inline comments. Comment at: include/clang/Analysis/CFG.h:179 /// entered. +class CFGLoopEntrance : public CFGElement { +public: This comment refers to the CFGLoopExit class. Please add a separate explaining comment to the CFGLoopEntrance. https

[PATCH] D53024: [analyzer][www] Add more open projects

dkrupp added inline comments. Comment at: www/analyzer/open_projects.html:198 + or using a dataflow framework. + (Difficulty: Hard) + Probably it is worth mentioning here, that there is a macro language already for describing summaries of standard

[PATCH] D54429: Creating standard shpinx documentation for Clang Static Analyzer

dkrupp created this revision. dkrupp added reviewers: Szelethus, NoQ, george.karpenkov. dkrupp added a project: clang. Herald added subscribers: cfe-commits, donat.nagy, jfb, arphaman, a.sidorin, rnkovacs, baloghadamsoftware, whisperity. Standard Clang tools (ThreadSanitizer, MemorySanitizer, Dat

[PATCH] D54429: [analyzer] Creating standard shpinx documentation

dkrupp updated this revision to Diff 173679. dkrupp added a comment. making the diff full context. Repository: rC Clang https://reviews.llvm.org/D54429 Files: docs/ClangStaticAnalyzer.rst docs/analyzer/DesignDiscussions/IPA.rst docs/analyzer/DesignDiscussions/InitializerLists.rst doc

[PATCH] D54429: [analyzer] Creating standard Sphinx documentation

dkrupp updated this revision to Diff 173846. dkrupp added a comment. -scanbuild and xcode pictures are included now -intro text ("What is Static Analysis?" etc.) are put under the Introduction section -Download section is created, but I am not sure how well was the this Mac OSX binary release se

[PATCH] D54429: [analyzer] Creating standard Sphinx documentation

dkrupp added a comment. Herald added a subscriber: gamesh411. @dcoughlin could you please look into this? https://reviews.llvm.org/D54429 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-comm

[PATCH] D55125: Fix a false positive in misc-redundant-expression check

dkrupp created this revision. dkrupp added reviewers: alexfh, aaron.ballman, gamesh411. dkrupp added a project: clang-tools-extra. Herald added subscribers: cfe-commits, Szelethus, rnkovacs. Do not warn for redundant conditional expressions when the true and false branches are expanded from differ

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 176247. dkrupp added a comment. -clang-format applied -clang:: namespace qualifiers removed CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 Files: clang-tidy/misc/RedundantExpressionCheck.cpp test/clang-t

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp marked 3 inline comments as done. dkrupp added a comment. In D55125#1314788 , @JonasToth wrote: > In D55125#1314741 , @Szelethus wrote: > > > @JonasToth this is the `Lexer` based expression equality check I t

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp added a comment. In D55125#1315335 , @Szelethus wrote: > I see your point, but here's why I think it isn't a bug: I like to see macros > as `constexpr` variables, and if I used those instead, I personally wouldn't > like to get a warning just beca

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 176372. dkrupp added a comment. new undef/defined testcase added CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 Files: clang-tidy/misc/RedundantExpressionCheck.cpp test/clang-tidy/misc-redundant-expressi

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp marked 2 inline comments as done. dkrupp added inline comments. Comment at: test/clang-tidy/misc-redundant-expression.cpp:109 #define COND_OP_OTHER_MACRO 9 +#define COND_OP_THIRD_MACRO COND_OP_MACRO int TestConditional(int x, int y) { JonasToth wrote: >

[PATCH] D55255: Fix a false positive in misplaced-widening-cast

dkrupp created this revision. dkrupp added reviewers: JonasToth, alexfh. dkrupp added a project: clang-tools-extra. Herald added subscribers: cfe-commits, gamesh411, Szelethus, rnkovacs. bugprone-misplaced-widening-cast check used to give a false warning to the following example. enum Day

[PATCH] D55255: Fix a false positive in misplaced-widening-cast

dkrupp updated this revision to Diff 176604. dkrupp added a comment. Comments addressed. Please commit if looks good, I don't have commit rights. Thanks. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55255/new/ https://reviews.llvm.org/D55255 Files: clang-tidy/bugprone/MisplacedWiden

[PATCH] D55255: Fix a false positive in misplaced-widening-cast

dkrupp added a comment. In D55255#1319784 , @JonasToth wrote: > Committed, Thank you for the patch! Was there a bug-report for this issue? If > yes can you please close it/reference? There was not bug report for this. Thanks for committing! Repository

[PATCH] D54429: [analyzer] Creating standard Sphinx documentation

dkrupp added a comment. @dcoughlin @NoQ ping... CHANGES SINCE LAST ACTION https://reviews.llvm.org/D54429/new/ https://reviews.llvm.org/D54429 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/

[PATCH] D57858: [analyzer] Add a new frontend flag to display all checker options

dkrupp added a comment. @dcoughlin I don't necessarily agree with you. Let me explain why we think this feature is important. We should give the users the possibility to list all possibly configurable checker options and their meaning. Many of these options should be possible to be set by the e

[PATCH] D60281: [analyzer] Add docs for cplusplus.InnerPointer

dkrupp added inline comments. Comment at: docs/analyzer/checkers.rst:225-226 +``std::string``s, by recognizing member functions that may re/deallocate the buffer +before use. In the future, it would be great to add support for other STL and +non-STL containers, and most notably,

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 198041. dkrupp marked 6 inline comments as done. dkrupp added a comment. I have fixed all your comments and rebased the patch to the latest master. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 Files: cla

[PATCH] D64801: [analyzer] Add CTU user docs

dkrupp requested changes to this revision. dkrupp added a comment. This revision now requires changes to proceed. Thanks Gabor for writing this. I suggested some minor changes to the txt. Otherwise LGTM. Comment at: clang/docs/analyzer/user-docs/CrossTranslationUnit.rst:98 + +

[PATCH] D66049: Fixes Bug 41729 and improves strlcat and strlcpy modeling

dkrupp created this revision. dkrupp added reviewers: NoQ, Szelethus, gamesh411. Herald added subscribers: cfe-commits, rnkovacs. Herald added a project: clang. Fixes Bug 41729 (https://bugs.llvm.org/show_bug.cgi?id=41729) and the following errors: -Fixes false positive reports of strlcat -T

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 214529. dkrupp added a comment. @aaron.ballman 's comments are fixed. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 Files: clang-tidy/misc/RedundantExpressionCheck.cpp test/clang-tidy/misc-redundant-exp

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp marked 3 inline comments as done. dkrupp added a comment. Thanks for the comments @NoQ , all of them addressed. Repository: rC Clang CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 ___ cfe-

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp updated this revision to Diff 214817. dkrupp added a comment. Fix comments from @NoQ Repository: rC Clang CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 Files: lib/StaticAnalyzer/Checkers/CStringChecker.cpp test/Analysis/bsd-strin

[PATCH] D64494: [analyzer]Add user docs rst

dkrupp accepted this revision. dkrupp added a comment. This revision is now accepted and ready to land. I guess this is a placeholder for the subpages of "User Manual" @ https://clang-analyzer.llvm.org, which will be ported in follow-up patches. Repository: rG LLVM Github Monorepo CHANGES SI

[PATCH] D57858: [analyzer] Add a new frontend flag to display all checker options

dkrupp added a comment. In D57858#1499414 , @Szelethus wrote: > In D57858#1498640 , @NoQ wrote: > > > So, like, the global picture is as follows. In our case the Driver (i.e., > > --analyze) is not much more user f

[PATCH] D57858: [analyzer] Add a new frontend flag to display all checker options

dkrupp added a comment. In D57858#1500635 , @NoQ wrote: > In D57858#146 , @dkrupp wrote: > > > Some alpha checkers are considerably more mature than others and are quite > > usable. In our experience, there are

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 179277. dkrupp marked an inline comment as done. dkrupp added a comment. All comments fixed. I also added the handling of redundancy comparison of sizeof(..), alignof() operators. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://rev

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp marked 13 inline comments as done. dkrupp added a comment. Thanks for your comments. I fixed them all. I also added the handling of redundant sizeof() and alignof() operators on the way. Please check if OK now... Comment at: clang-tidy/misc/RedundantExpressionCheck.cpp:

[PATCH] D45532: [StaticAnalyzer] Checker to find uninitialized fields after a constructor call

dkrupp added a comment. Would be interesting to extend this checker (maybe in an upcoming patch) to report on uninitialized members not only in constructors, but also copy constructors and move constructors. See related https://bugs.llvm.org/show_bug.cgi?id=37086 This bug report also mentions

[PATCH] D48831: alpha.unix.cstring.OutOfBounds checker enable/disable fix

dkrupp updated this revision to Diff 153905. dkrupp added a comment. The patch has been updated. Changes: -The analysis path is cut if overvlow is detected even if CStringOutOfBounds is disabled The assert(Filter.CheckCStringOutOfBounds || Filter.CheckCStringNullArg); cannot be put back, becau

[PATCH] D48831: alpha.unix.cstring.OutOfBounds checker enable/disable fix

dkrupp marked 2 inline comments as done. dkrupp added inline comments. Comment at: lib/StaticAnalyzer/Checkers/CStringChecker.cpp:311 +if (!Filter.CheckCStringOutOfBounds) + return StOutBound; NoQ wrote: > Could we preserve the other portion of the ass

[PATCH] D48831: alpha.unix.cstring.OutOfBounds checker enable/disable fix

dkrupp marked an inline comment as done. dkrupp added a comment. @NoQ do we need any more update to this patch? Thanks. https://reviews.llvm.org/D48831 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/lis

[PATCH] D30691: [analyzer] Support for naive cross translational unit analysis

dkrupp added a comment. > Which means that for some calls we aren't even trying to make a CTU lookup. Thanks @NoQ, we will take a look at it! Repository: rC Clang https://reviews.llvm.org/D30691 ___ cfe-commits mailing list cfe-commits@lists.llv

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 223501. dkrupp marked 5 inline comments as done. dkrupp added a comment. Thanks @aaron.ballman and @alexfh for your review. I fixed your findings. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 Files: clan

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp updated this revision to Diff 224088. dkrupp marked 9 inline comments as done. dkrupp added a comment. @Szelethus thanks for your review. I fixed your suggestions. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 Files: clang/lib/StaticA

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp added a comment. I also analyzed openssl with the baseline and this version, but did not find any new warnings. See: http://codechecker-demo.eastus.cloudapp.azure.com/Default/#run=D66049_baseline&newcheck=D66049_improved&review-status=Unreviewed&review-status=Confirmed&detection-status=New

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp updated this revision to Diff 224090. dkrupp added a comment. Fixing minor capitalization issue and removing an extra newline. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 Files: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp added a comment. @aaron.ballman could you please commit? I don't have commit access. Thx. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 ___ cfe-commits mailing list cfe-commits@lists.llvm.o

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp added a comment. Thanks for the reviews! Could you pls commit this for me? CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp added a comment. @aaron.ballman could you please check now? Thanks! CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.

[PATCH] D55125: [clang-tidy] Fix a false positive in misc-redundant-expression check

dkrupp updated this revision to Diff 226037. dkrupp added a comment. The patch is rebased to the latest master. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D55125/new/ https://reviews.llvm.org/D55125 Files: clang-tools-extra/clang-tidy/misc/RedundantExpressionCheck.cpp clang-tools

[PATCH] D69308: [analyzer] Test cases for the unsupported features for Clang Static Analyzer

dkrupp created this revision. dkrupp added reviewers: NoQ, Szelethus. dkrupp added a project: clang. Herald added subscribers: cfe-commits, Charusso, gamesh411, donat.nagy, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, xazax.hun, whisperity. These test cases demonstrate some

[PATCH] D77150: [Analyzer] New Option for ContainerModeling: AggressiveEraseModeling

dkrupp requested changes to this revision. dkrupp added a comment. This revision now requires changes to proceed. Since the analyzer cannot cannot model the size of the containers just yet (as I believe this is the case now), what we are saying with this checker is to "always check the return va

[PATCH] D34512: Add preliminary Cross Translation Unit support library

dkrupp added a subscriber: zaks.anna. dkrupp added a comment. The creation of this library (libCrossTU) is approved for importing function definitions. @zaks.anna, @NoQ , @klimek could you please help us reviewing the code itself? Then, when this is approved, we could progress with the review

[PATCH] D91948: [WIP][analyzer][doc] Add Container- and IteratorModeling developer docs

dkrupp added a comment. In D91948#2411058 , @whisperity wrote: > Actually, while the explanation is understandable for me with additional > knowledge about the representation... I think it would be useful to add the > most simple example from the iterato

[PATCH] D133698: [clang][dataflow] SignAnalysis, edgeTransfer, branchTransfer

dkrupp added inline comments. Comment at: clang/unittests/Analysis/FlowSensitive/SignAnalysisTest.cpp:241 +? SignLattice(R.Val.getInt().getExtValue()) +: SignLattice::bottom(); + } else { Isn't this SignLattice

[PATCH] D155848: [clang][analyzer]Fix non-effective taint sanitation

This revision was landed with ongoing or failed builds. This revision was automatically updated to reflect the committed changes. dkrupp marked an inline comment as done. Closed by commit rG26b19a67e5c3: [clang][analyzer]Fix non-effective taint sanitation (authored by dkrupp). Herald added a proje

[PATCH] D155848: [clang][analyzer]Fix non-effective taint sanitation

dkrupp updated this revision to Diff 542903. dkrupp added a comment. -formatting issues fixed -sanitizecCmd changed to void CHANGES SINCE LAST ACTION https://reviews.llvm.org/D155848/new/ https://reviews.llvm.org/D155848 Files: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp cl

[PATCH] D155848: [clang][analyzer]Fix non-effective taint sanitation

dkrupp added inline comments. Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:970 - ForEachCallArg( - [&](ArgIdxTy I, const Expr *E, SVal V) { -if (PropDstArgs.contains(I)) { steakhal wrote: > dkrupp wrote: > > dkrupp wrote: >

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

dkrupp updated this revision to Diff 543586. dkrupp marked 6 inline comments as done. dkrupp added a comment. Herald added a subscriber: wangpc. - changed the main example to a data sanitation example (sanitizeFileName()) instead of a data verification example - fixed typos - fixed sphinx warnin

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

dkrupp added a comment. Thanks @donat.nagy for your review. I addressed your remarks. After patch https://reviews.llvm.org/D155848 these sanitizing examples work properly. Comment at: clang/docs/analyzer/checkers.rst:78-80 +The ``SuppressAddressSpaces`` option suppresses warn

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

dkrupp updated this revision to Diff 543862. dkrupp added a comment. -lines wrapped to 80 characters CHANGES SINCE LAST ACTION https://reviews.llvm.org/D145229/new/ https://reviews.llvm.org/D145229 Files: clang/docs/analyzer/checkers.rst Index: clang/docs/analyzer/checkers.rst ===

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

This revision was landed with ongoing or failed builds. This revision was automatically updated to reflect the committed changes. Closed by commit rG4dbe2db02d03: [clang][analyzer] Improved documentation for TaintPropagation Checker (authored by dkrupp). Repository: rG LLVM Github Monorepo CHA

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

dkrupp added inline comments. Comment at: clang/docs/analyzer/checkers.rst:2471 + #ifdef __clang_analyzer__ +void csa_mark_sanitized(const void *); + #endif steakhal wrote: > Have you considered unconditionally having this function with an empty body? > Tha

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

dkrupp added inline comments. Comment at: clang/docs/analyzer/checkers.rst:2469-2472 + // User csa_mark_sanitize function is for the analyzer only + #ifdef __clang_analyzer__ +void csa_mark_sanitized(const void *); + #endif steakhal wrote: > I was thinking

[PATCH] D138777: [clang-tidy] Add check bugprone-multiple-new-in-one-expression.

dkrupp added a comment. Thanks for this new check. Could you please link here results of this checker on som relevant open source projects? Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D138777/new/ https://reviews.llvm.org/D138777 ___

[PATCH] D69308: [analyzer] Test cases for the unsupported features for Clang Static Analyzer

dkrupp updated this revision to Diff 227714. dkrupp marked 2 inline comments as done. dkrupp added a comment. Thanks for your comments @NoQ I fixed them. Also added your implementation hints to the open projects page. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D69308/new/ https://rev

[PATCH] D69308: [analyzer] Test cases for the unsupported features for Clang Static Analyzer

dkrupp added a comment. In D69308#1727587 , @NoQ wrote: > In D69308#1727108 , @Szelethus wrote: > > > Would love to see this comment in its entirety on the open projects page :^) > > > I'd rather have a mention that

[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling

dkrupp added a comment. If this is good to go, could you please commit this? Thanks! CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://li

[PATCH] D69308: [analyzer] Test cases for the unsupported features for Clang Static Analyzer

dkrupp added a comment. In D69308#1727625 , @NoQ wrote: > Another interesting problem that we forgot to mention on the open projects > page is the modeling of C++17 bindings and decompositions: > https://bugs.llvm.org/show_bug.cgi?id=43042 > > Also, in m

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp planned changes to this revision. dkrupp added a comment. @steakhal , @NoQ thanks for the reviews. I will try to implement an alternative solution based on your suggestions. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D144269/new/ https://reviews.llvm.org/D144269

[PATCH] D145229: [analyzer] Improve the documentation of the alpha.security.taint.TaintPropagation checker

dkrupp created this revision. dkrupp added a project: clang. Herald added subscribers: steakhal, manas, ASDenysPetrov, martong, gamesh411, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, xazax.hun. Herald added a project: All. dkrupp requested review of th

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 510108. dkrupp added a comment. This is a totally rewritten version of the patch which solely relies on the existing "interestingness" utility to track back the taint propagation. (And does not introduce a new FlowID in the ProgramState as requested in the

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 511078. dkrupp marked 21 inline comments as done. dkrupp added a comment. @steakhal thanks for your review. I tried to address all your concerns. I added an extra test case too (multipleTaintSources(..)) which highlights the limitation of the current patch: If

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. All comments addressed. Thanks for the review @steakhal . Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:162 + const CallEvent& Call) { + const LocationContext* LC = Call.getCalleeStackFrame(0); +

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 513556. dkrupp marked 11 inline comments as done. dkrupp edited the summary of this revision. dkrupp added a comment. -All remarks from @steakhal was fixed. Thanks for the review! -Now we can generate diagnostics for all tainted values when they reach a sink.

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. All remarks from @steakhal has been fixed. Thanks for the review. This new version now can handle the tracking back of multiple symbols! Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:129-130 /// Given a pointer/reference argument

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. You can find the improved reports on tmux, postgres, twin, openssl here: here

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp created this revision. dkrupp added a reviewer: Szelethus. dkrupp added a project: clang. Herald added subscribers: steakhal, manas, ASDenysPetrov, martong, gamesh411, donat.nagy, mikhail.ramalho, a.sidorin, JDevlieghere, rnkovacs, szepet, baloghadamsoftware, xazax.hun. Herald added a revi

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 498795. dkrupp added a comment. Added documentation to the newly introduced types: TaintData, TaintBugReport. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D144269/new/ https://reviews.llvm.org/D144269 Files: clang/include/clang/StaticAnalyzer/Chec

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. @steakhal, @NoQ thanks for your reviews. Please note that I am not extending `TaintBugVisitor`. On the contrary I removed it. Instead I use NoteTag to generate the "Taint Originated here" text (see GenericTaintChecker.cpp:156). I can also add additional NoteTags for ge

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. > TaintBugReport is brilliant and we already have a precedent for subclassing > BugReport in another checker. However I'm somewhat worried that once we start > doing more of this, we'll eventually end up with multiple inheritance > situations when the report needs multip

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 514973. dkrupp marked an inline comment as done. dkrupp added a comment. - Implemented early return in getTaintedSymbols() when it is called by isTainted() for efficiency - Fixed test incompatibility on Windows CHANGES SINCE LAST ACTION https://reviews.llv

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp marked an inline comment as done. dkrupp added a comment. @steakhal thanks for your review. All your remarks have been fixed. Comment at: clang/lib/StaticAnalyzer/Checkers/Taint.cpp:147-150 bool taint::isTainted(ProgramStateRef State, const Stmt *S,

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp marked an inline comment as done. dkrupp added a comment. @steakhal is there anything else to do before we merge this? Thanks. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D144269/new/ https://reviews.llvm.org/D144269 ___ cfe-commits m

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 516077. dkrupp marked 13 inline comments as done. dkrupp added a comment. -getTaintedSymbols(.) -> getTaintedSymbolsImpl() proxy function introduced for interface safety -Other minor fixes based on comments from @steakhal CHANGES SINCE LAST ACTION https://

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. @steakhal your comments are fixed. Thanks for the review. Comment at: clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp:108-109 + if ((stateNotZero && stateZero)) { +std::vector taintedSyms = getTaintedSymbols(C.getState(), *DV); +if (!tainte

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 516380. dkrupp marked 10 inline comments as done. dkrupp added a comment. -append_range(..) used instead of std::vector.insert(...) to improve readability -minor updates based on @steakhal comments CHANGES SINCE LAST ACTION https://reviews.llvm.org/D144269/

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp updated this revision to Diff 516389. dkrupp marked an inline comment as done. dkrupp added a comment. -using llvm::ArrayRef in the reportTaintBug(..) function in the DivZero Checker CHANGES SINCE LAST ACTION https://reviews.llvm.org/D144269/new/ https://reviews.llvm.org/D144269 File

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp added a comment. @steakhal thanks for the review. I fixed all outstanding remarks. I left the test taint-diagnostic-visitor.c formatting as is to remain consistent with the rest of the file. I think we should keep it as is, or reformat the whole file. Comment at: clan

[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place

dkrupp closed this revision. dkrupp added a comment. Committed in 343bdb10940cb2387c0b9bd3caccee7bb56c937b . CHANGES SINCE LAST ACTION https://reviews.llvm.org/D144269/new/ https://reviews.llvm.org/D144269

[PATCH] D117568: [Analyzer] Add docs to StdCLibraryFunctionArgsChecker

dkrupp added inline comments. Comment at: clang/docs/analyzer/checkers.rst:2371 +diagnostics) for functions that are defined in the POSIX standard. This option +is disabled by default. + I think it would be useful for the user to see one example per constraint ty