@@ -1779,18 +1797,76 @@ ProgramStateRef
MallocChecker::MallocMemAux(CheckerContext &C,
const CallEvent &Call,
const Expr *SizeEx, SVal Init,
Prog
https://github.com/NagyDonat approved this pull request.
LGTM, thanks for the update!
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/93676
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -44,24 +44,30 @@ void PointerSubChecker::checkPreStmt(const BinaryOperator
*B,
const MemRegion *LR = LV.getAsRegion();
const MemRegion *RR = RV.getAsRegion();
-
- if (!(LR && RR))
-return;
-
- const MemRegion *BaseLR = LR->getBaseRegion();
- const MemRegion *Bas
https://github.com/NagyDonat commented:
It's nice to see that you're working on this checker; but unfortunately the
language standard is very complicated in this area, so you'll need more complex
code to cover it properly.
https://github.com/llvm/llvm-project/pull/93676
___
@@ -0,0 +1,74 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.PointerSub -verify %s
+
+void f1(void) {
+ int x, y, z[10];
+ int d = &y - &x; // expected-warning{{Subtraction of two pointers that do
not point into the same array is undefined behavior}}
+ d = z - &y;
https://github.com/NagyDonat approved this pull request.
It's good to document this, the commit LGTM. Are you planning to fix this soon?
https://github.com/llvm/llvm-project/pull/93799
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lis
@@ -44,24 +44,30 @@ void PointerSubChecker::checkPreStmt(const BinaryOperator
*B,
const MemRegion *LR = LV.getAsRegion();
const MemRegion *RR = RV.getAsRegion();
-
- if (!(LR && RR))
-return;
-
- const MemRegion *BaseLR = LR->getBaseRegion();
- const MemRegion *Bas
@@ -0,0 +1,74 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.PointerSub -verify %s
+
+void f1(void) {
+ int x, y, z[10];
+ int d = &y - &x; // expected-warning{{Subtraction of two pointers that do
not point into the same array is undefined behavior}}
+ d = z - &y;
https://github.com/NagyDonat approved this pull request.
What's the relationship between this PR and
https://github.com/llvm/llvm-project/pull/93799 ?
Otherwise, the change LGTM, but you might want to either unify these two NFC
changes into a single commit or ensure that they're independent.
NagyDonat wrote:
> My intention was to ease the review as much as possible by cutting them into
> atomic parts.
This is a good idea in general, but I feel that these two changes are so
trivial, that they'd be very easy to review even together. Feel free to merge
them both in whatever combinat
https://github.com/NagyDonat commented:
This change follows both the letter and the spirit of PEP8. (Note that `True`
and `False` are not "singletons like `None`" because the type `bool` has two
possible values -- but different rules still claim that the original code was
bad and the new code
@@ -0,0 +1,74 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.PointerSub -verify %s
+
+void f1(void) {
+ int x, y, z[10];
+ int d = &y - &x; // expected-warning{{Subtraction of two pointers that do
not point into the same array is undefined behavior}}
+ d = z - &y;
NagyDonat wrote:
> With the current version I have the following observations:
>
> * There is a warning for `(&x + 1) - &x` and `(&x - 1) - &x`. Should this
> be fixed?
The expression `(&x + 1) - &x` is valid and should not produce a warning. It
could appear e.g. in code that's structured
https://github.com/NagyDonat approved this pull request.
The change LGTM. I agree with @steakhal that `TaintedAlloc` would be a slightly
better name, but the current one is also acceptable.
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commi
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/94356
This commit reimplements the functionality of the Clang Static Analyzer checker
`alpha.core.SizeofPointer` within clang-tidy by adding a new (off-by-default)
option to bugprone-sizeof-expression which activate
@@ -124,8 +124,6 @@ int Test1(const char* ptr) {
// CHECK-MESSAGES: :[[@LINE-1]]:22: warning: suspicious usage of sizeof
pointer 'sizeof(P*)/sizeof(Q*)'
sum += sizeof(ptr) / sizeof(char);
// CHECK-MESSAGES: :[[@LINE-1]]:22: warning: suspicious usage of sizeof
pointer 's
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/94356
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
LGTM.
https://github.com/llvm/llvm-project/pull/99886
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -570,13 +570,8 @@ void differentBranchesTest(int i) {
{
A a;
a.foo() > 0 ? a.foo() : A(std::move(a)).foo();
-#ifdef DFS
-// peaceful-note@-2 {{Assuming the condition is false}}
-// peaceful-note@-3 {{'?' condition is false}}
-#else
-// peaceful-note@-5
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/100085
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
LGTM, this is a nice improvement. I vaguely recall that a few months ago
somebody else on our team had trouble with false positives similar false
positives, so it's good to see that these will be fixed.
https://github.com/llvm/llvm-proje
@@ -451,6 +462,10 @@ class StreamChecker : public Checker`
In your code the three standard streams have exactly identical roles (as far as
I see), and I think it would be good to emphasize this by storing them in a
three-element array instead of three separate independently name
https://github.com/NagyDonat approved this pull request.
LGTM, I'm very grateful that you can understand and resolve these tricky
`ASTImporter` issues.
https://github.com/llvm/llvm-project/pull/100100
___
cfe-commits mailing list
cfe-commits@lists.llv
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/100100
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -359,6 +359,31 @@ namespace clang {
Params, Importer.getToContext().getTranslationUnitDecl());
}
+template
+void tryUpdateTemplateParmDeclInheritedFrom(NamedDecl *RecentParm,
+NamedDecl *NewParm) {
+
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/100100
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
LGTM, nice improvement.
https://github.com/llvm/llvm-project/pull/100405
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/100405
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -923,12 +923,31 @@ SVal AnyCXXConstructorCall::getCXXThisVal() const {
return UnknownVal();
}
+static bool isWithinStdNamespace(const Decl *D) {
NagyDonat wrote:
I think this function could be useful for other checkers as well; consider
moving this to a
@@ -923,12 +923,31 @@ SVal AnyCXXConstructorCall::getCXXThisVal() const {
return UnknownVal();
}
+static bool isWithinStdNamespace(const Decl *D) {
NagyDonat wrote:
Of course, feel free to leave it for a followup patch.
https://github.com/llvm/llvm-project
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/100570
This commit contains two unrelated trivial changes:
(1) Three unused variables are removed from `ctor.mm`.
(2) A FIXME block is removed from `ctor-array.cpp` because it described
an issue that was resolved
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/100570
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
In my opinion the "put unrelated things into separate commits" guideline is
just a corollary of the "don't create commits that are too complex" rule. If a
change is extremely trivial, I'm actively trying to aggregate it with other
tangentially related changes, because one simp
https://github.com/NagyDonat approved this pull request.
https://github.com/llvm/llvm-project/pull/100719
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
https://github.com/llvm/llvm-project/pull/100100
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -359,6 +359,31 @@ namespace clang {
Params, Importer.getToContext().getTranslationUnitDecl());
}
+template
+void tryUpdateTemplateParmDeclInheritedFrom(NamedDecl *RecentParm,
+NamedDecl *NewParm) {
+
https://github.com/NagyDonat approved this pull request.
Nice fix, thanks for upstreaming this!
https://github.com/llvm/llvm-project/pull/100745
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe
https://github.com/NagyDonat approved this pull request.
LGTM.
https://github.com/llvm/llvm-project/pull/100990
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/100990
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1766,13 +1770,6 @@ are assumed to succeed.)
fclose(p);
}
-**Limitations**
-
-The checker does not track the correspondence between integer file descriptors
-and ``FILE *`` pointers. Operations on standard streams like ``stdin`` are not
-treated specially and are theref
@@ -1703,7 +1703,11 @@ are detected:
* Invalid 3rd ("``whence``") argument to ``fseek``.
The stream operations are by this checker usually split into two cases, a
success
-and a failure case. However, in the case of write operations (like ``fwrite``,
+and a failure case.
+On
NagyDonat wrote:
> I decided to put the fixup NFC changes along with this PR (the ones were
> submitted after I merged the original commit), but on hindsight probably it
> would be better to merge those NFC changes separately. If you request, I'll
> split the PR.
Feel free to keep the NFC cha
@@ -1703,7 +1703,11 @@ are detected:
* Invalid 3rd ("``whence``") argument to ``fseek``.
The stream operations are by this checker usually split into two cases, a
success
-and a failure case. However, in the case of write operations (like ``fwrite``,
+and a failure case.
+On
@@ -1766,13 +1770,6 @@ are assumed to succeed.)
fclose(p);
}
-**Limitations**
-
-The checker does not track the correspondence between integer file descriptors
-and ``FILE *`` pointers. Operations on standard streams like ``stdin`` are not
-treated specially and are theref
https://github.com/NagyDonat approved this pull request.
LGTM as far as I can judge this tricky situation.
https://github.com/llvm/llvm-project/pull/99281
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/li
NagyDonat wrote:
I'm back from the vacation, so I would like to restart and conclude this review
process. @steakhal or anybody else please review when it's convenient for you.
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing lis
https://github.com/NagyDonat unassigned
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat unassigned
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat unassigned
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
(Btw it seems that I accidentally added everyone as an "assignee" instead of a
reviewer...)
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman
@@ -2213,7 +2213,7 @@ void BasicBugReport::Profile(llvm::FoldingSetNodeID&
hash) const {
void PathSensitiveBugReport::Profile(llvm::FoldingSetNodeID &hash) const {
hash.AddInteger(static_cast(getKind()));
hash.AddPointer(&BT);
- hash.AddString(Description);
+ hash.AddStr
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/98621
From 2765bc97d3242d50fd73aedb9e9d38dfdcef814c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Fri, 12 Jul 2024 13:57:53 +0200
Subject: [PATCH 1/3] [analyzer] Don't display the offset value in
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -95,22 +94,23 @@ void testReadStdIn(){
}
void multipleTaintSources(void) {
- int x,y,z;
- scanf("%d", &x); // expected-note {{Taint originated here}}
+ char cmd[2048], file[1024];
+ scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}}
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/68607
From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/6] [analyzer] Removing untrusted buffer size taint warning
alpha
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106048
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
Thanks for the updates!
https://github.com/llvm/llvm-project/pull/106048
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -588,8 +588,8 @@ Warns when a null pointer is passed to a pointer which has
a _Nonnull type.
.. _nullability-NullReturnedFromNonnull:
-nullability.NullReturnedFromNonnull (ObjC)
-""
+nullability.NullReturnedFromNonnull
+
@@ -51,3 +54,15 @@ int *cannot_return_null() {
__attribute__((returns_nonnull)) int *passthrough(int *p) {
return p; // no-warning: we have no evidence that `p` is null, i.e.,
violating the contract
}
+
+__attribute__((noreturn))
+void exit(int);
NagyDonat w
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/105648
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
Thanks for the clarification, the change LGTM now.
https://github.com/llvm/llvm-project/pull/105648
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/
@@ -305,6 +305,14 @@ static const MemSpaceRegion
*getStackOrGlobalSpaceRegion(const MemRegion *R) {
return nullptr;
}
+const MemRegion *getOriginBaseRegion(const MemRegion *Referrer) {
+ Referrer = Referrer->getBaseRegion();
+ while (const auto *SymReg = dyn_cast(Referrer
@@ -424,6 +481,9 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
for (const auto &P : Cb.V) {
const MemRegion *Referrer = P.first->getBaseRegion();
const MemRegion *Referred = P.second;
+if (Cb.ExcludedRegions.contains(getOriginBaseRegion(R
@@ -369,24 +393,48 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
const auto *ReferrerStackSpace =
ReferrerMemSpace->getAs();
+
if (!ReferrerStackSpace)
return false;
- if (ReferredMemSpace->getStackFrame() == Pop
@@ -692,6 +692,14 @@ void NullabilityChecker::checkPreStmt(const ReturnStmt *S,
NullConstraint Nullness = getNullConstraint(*RetSVal, State);
Nullability RequiredNullability = getNullabilityAnnotation(RequiredRetType);
+ if (const auto *FunDecl = C.getLocationContext()->g
@@ -10,3 +12,42 @@ void block_arity_mismatch() {
void(^b)() = ^(int a, int b) { };
b(1); // no-crash expected-warning {{Block taking 2 arguments is called
with fewer (1)}}
}
+
+int *nonnull_return_annotation_indirect() __attribute__((returns_nonnull));
+int *nonnull_retur
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106048
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
Looks good to me now, thanks :smile:. Feel free to merge this / I can help with
merging if you don't have commit access yet.
https://github.com/llvm/llvm-project/pull/106048
___
cfe-commits mail
@@ -374,13 +395,13 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
// Generate a report for this bug.
const StringRef CommonSuffix =
-"upon returning to the caller. This will be a dangling reference";
+" upon returning to the ca
@@ -1487,56 +1545,78 @@ void MallocChecker::checkOwnershipAttr(const CallEvent
&Call,
C.addTransition(State);
}
-void MallocChecker::checkPostCall(const CallEvent &Call,
- CheckerContext &C) const {
- if (C.wasInlined)
-return;
+bool Ma
@@ -1052,6 +1103,12 @@ static bool isStandardNewDelete(const FunctionDecl *FD) {
// Methods of MallocChecker and MallocBugVisitor.
//===--===//
+bool MallocChecker::isFreeingOwnershipAttrCall(const CallEvent
@@ -67,19 +67,6 @@ void testGlobalNoThrowPlacementExprNewBeforeOverload() {
int *p = new(std::nothrow) int;
} // leak-warning{{Potential leak of memory pointed to by 'p'}}
-//- Standard pointer placement operators
-void testGlobalPointerPlacementNew() {
@@ -1067,15 +1124,27 @@ bool MallocChecker::isFreeingCall(const CallEvent
&Call) const {
if (FreeingMemFnMap.lookup(Call) || ReallocatingMemFnMap.lookup(Call))
return true;
- if (const auto *Func = dyn_cast_or_null(Call.getDecl()))
-return isFreeingOwnershipAttrCal
https://github.com/NagyDonat commented:
The commit looks very promising :smile: I added several minor remarks, but
overall I'm very satisfied with the quality of your changes and I'm relieved
that I won't have to perform this refactoring.
> I have only 2 failing tests now:
>
> Clang :: Analys
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106081
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1854,28 +1945,27 @@ static ProgramStateRef
MallocUpdateRefState(CheckerContext &C, const Expr *E,
// Get the return value.
if (!RetVal)
-RetVal = C.getSVal(E);
+RetVal = State->getSVal(E, C.getLocationContext());
// We expect the malloc functions to retur
@@ -1854,28 +1945,27 @@ static ProgramStateRef
MallocUpdateRefState(CheckerContext &C, const Expr *E,
// Get the return value.
if (!RetVal)
-RetVal = C.getSVal(E);
+RetVal = State->getSVal(E, C.getLocationContext());
// We expect the malloc functions to retur
@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C,
const CallEvent &Call,
return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family);
}
+ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C,
NagyDonat w
@@ -554,6 +579,17 @@ class MallocChecker
[[nodiscard]] ProgramStateRef
MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
const OwnershipAttr *Att, ProgramStateRef State) const;
+ /// Models memory allocation.
+ ///
+ /// \param [in] C
@@ -2815,7 +2906,7 @@ MallocChecker::ReallocMemAux(CheckerContext &C, const
CallEvent &Call,
// Get the from and to pointer symbols as in toPtr = realloc(fromPtr,
size).
SymbolRef FromPtr = arg0Val.getLocSymbolInBase();
-SVal RetVal = C.getSVal(CE);
+SVal Ret
@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C,
const CallEvent &Call,
return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family);
}
+ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C,
+
https://github.com/NagyDonat approved this pull request.
LGTM, nice catch!
https://github.com/llvm/llvm-project/pull/106240
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
Thanks for the updates!
https://github.com/llvm/llvm-project/pull/105648
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -241,10 +241,14 @@ BlockInCriticalSectionChecker::checkDescriptorMatch(const
CallEvent &Call,
return std::nullopt;
}
-static const MemRegion *skipBaseClassRegion(const MemRegion *Reg) {
- while (const auto *BaseClassRegion = dyn_cast(Reg)) {
+static const MemRegion *ski
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106240
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106061
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -285,6 +288,50 @@ void SizeofExpressionCheck::registerMatchers(MatchFinder
*Finder) {
hasRHS(ignoringParenImpCasts(SizeOfExpr.bind("sizeof-ptr-div-expr"
.bind("sizeof-in-ptr-arithmetic-div"),
this);
+
+ // SEI CERT ARR39-C. Do not add or subt
https://github.com/NagyDonat approved this pull request.
LGTM, I didn't spot anything problematic.
https://github.com/llvm/llvm-project/pull/106061
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106061
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -48,8 +52,14 @@ static const Expr *getDenomExpr(const ExplodedNode *N) {
void DivZeroChecker::reportBug(StringRef Msg, ProgramStateRef StateZero,
CheckerContext &C) const {
+ if (!ChecksEnabled[CK_DivZeroChecker])
+return;
+ if (!BugType
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106389
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
LGTM overall, I added some minor inline remarks.
Also consider adding a few simple testcases to distinguish the effects of
DivideZero and TaintedDiv. It would also be interesting to highlight what
happens in situations like
```c
int test(void) {
int x
@@ -113,9 +130,28 @@ void DivZeroChecker::checkPreStmt(const BinaryOperator *B,
}
void ento::registerDivZeroChecker(CheckerManager &mgr) {
- mgr.registerChecker();
+ DivZeroChecker *checker = mgr.registerChecker();
+ ;
NagyDonat wrote:
Delete this empty st
@@ -25,16 +25,20 @@ using namespace ento;
using namespace taint;
namespace {
-class DivZeroChecker : public Checker< check::PreStmt > {
- const BugType BT{this, "Division by zero"};
- const BugType TaintBT{this, "Division by zero", categories::TaintedData};
+class DivZeroChe
@@ -58,8 +68,15 @@ void DivZeroChecker::reportBug(StringRef Msg,
ProgramStateRef StateZero,
void DivZeroChecker::reportTaintBug(
StringRef Msg, ProgramStateRef StateZero, CheckerContext &C,
llvm::ArrayRef TaintedSyms) const {
+ if (!ChecksEnabled[CK_TaintedDivChecker]
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
@@ -3558,8 +3558,8 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const
ExplodedNode *N,
// original reference count is positive, we should not report use-after-frees
NagyDonat wrote:
Update the comment lines above this to be a bit more general. (Lines
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
201 - 300 of 1140 matches
Mail list logo
