https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/91531
From 07dc4dd5c60c8a04637cce686b379e195deb5b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Wed, 8 May 2024 20:01:57 +0200
Subject: [PATCH 1/3] [analyzer] Refactor recognition of the errno
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/91531
From 07dc4dd5c60c8a04637cce686b379e195deb5b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Wed, 8 May 2024 20:01:57 +0200
Subject: [PATCH 1/4] [analyzer] Refactor recognition of the errno
@@ -136,53 +100,48 @@ void ErrnoModeling::checkBeginFunction(CheckerContext &C)
const {
ASTContext &ACtx = C.getASTContext();
ProgramStateRef State = C.getState();
- if (const auto *ErrnoVar = dyn_cast_or_null(ErrnoDecl)) {
-// There is an external 'errno' variable.
https://github.com/NagyDonat approved this pull request.
LGTM.
My only significant observation is that `BugReporterVisitors.cpp` must be
cleaned up eventually, as it is currently a heap of ad-hoc special cases.
However, it would be unreasonable to wait for that difficult cleanup with this
sim
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,170 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder
-verify %s
+
+#include "Inputs/system-header-simulator-setgid-setuid.h"
+
+void correct_order() {
+ if (setgid(getgid()) == -1)
+return;
+ if (setuid(getuid()) == -1)
+return
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91445
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,196 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
https://github.com/NagyDonat commented:
Thanks for updating your commit! Now there are only two remaining issues and
they are both very minor (marked by inline comments: renaming `CallExpr *CE`
and explaining the reason why "trying to set the gid again" appears as a
special case in the SEI-CER
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/91119
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/91531
From 07dc4dd5c60c8a04637cce686b379e195deb5b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Wed, 8 May 2024 20:01:57 +0200
Subject: [PATCH 1/5] [analyzer] Refactor recognition of the errno
@@ -136,53 +100,48 @@ void ErrnoModeling::checkBeginFunction(CheckerContext &C)
const {
ASTContext &ACtx = C.getASTContext();
ProgramStateRef State = C.getState();
- if (const auto *ErrnoVar = dyn_cast_or_null(ErrnoDecl)) {
-// There is an external 'errno' variable.
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/91531
From 07dc4dd5c60c8a04637cce686b379e195deb5b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Wed, 8 May 2024 20:01:57 +0200
Subject: [PATCH 1/6] [analyzer] Refactor recognition of the errno
@@ -572,196 +570,236 @@ void GenericTaintChecker::initTaintRules(CheckerContext
&C) const {
std::vector>;
using TR = GenericTaintRule;
- const Builtin::Context &BI = C.getASTContext().BuiltinInfo;
-
RulesConstructionTy GlobalCRules{
// Sources
- {{{"fd
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/91635
From 57ad704c30866a7d85f43b016583675e70de8531 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Thu, 9 May 2024 18:32:57 +0200
Subject: [PATCH 1/2] [analyzer] Clean up list of taint propagation
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91635
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
Some additional remarks.
https://github.com/llvm/llvm-project/pull/87886
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/87886
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -206,23 +221,42 @@ class StdVariantChecker : public Checker {
if (!ThisMemRegion)
return;
+// Get the first type alternative of the std::variant instance.
+assert((ThisSVal.getType(C.getASTContext())->isPointerType() ||
+ThisSVal.getType(C.getA
@@ -37,6 +43,19 @@ static SVal conjureOffsetSymbolOnLocation(
return Symbol;
}
+// Update the SVal bound to the Cast expression with the SVal
+// bound to the casted expression
+static ProgramStateRef updateStateAfterSimpleCast(StmtNodeBuilder& Bldr,
NagyDon
@@ -355,4 +356,38 @@ void nonInlineFunctionCallPtr() {
char c = std::get (v); // no-warning
(void)a;
(void)c;
-}
\ No newline at end of file
+}
+
+////
+// std::swap for std::variant
+//--
@@ -681,6 +681,37 @@ ExprEngine::processRegionChanges(ProgramStateRef state,
LCtx, Call);
}
+ProgramStateRef
+ExprEngine::handleCastingBeforeEvalCall(ExplodedNode *Pred, const Expr *Ex,
+
@@ -602,6 +619,37 @@ void ExprEngine::VisitDeclStmt(const DeclStmt *DS,
ExplodedNode *Pred,
ExplodedNode *UpdatedN = N;
SVal InitVal = state->getSVal(InitEx, LC);
+ // The call expression to which we have bound something is hidden behind
+ // an implicit
@@ -51,27 +47,29 @@ removeInformationStoredForDeadInstances(const CallEvent
&Call,
}
template
-void handleConstructorAndAssignment(const CallEvent &Call, CheckerContext &C,
+bool handleConstructorAndAssignment(const CallEvent &Call, CheckerContext &C,
@@ -37,6 +43,19 @@ static SVal conjureOffsetSymbolOnLocation(
return Symbol;
}
+// Update the SVal bound to the Cast expression with the SVal
+// bound to the casted expression
+static ProgramStateRef updateStateAfterSimpleCast(StmtNodeBuilder& Bldr,
+
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/91531
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
The main problem with comparison to `True`/`False` is that it's completely
redundant when the variable is _guaranteed to be boolean_. However, if a
variable may contain either a boolean or something else, it's reasonable to
compare it with `True` or `False`.
For the operator
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/91635
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/92454
This commit deletes the "simple" constructor of `CallDescription` which did not
require a `CallDescription::Mode` argument and always used the "wildcard" mode
`CDM::Unspecified`.
A few months ago, this vague
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/92454
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
> I think the error node needs to be non-fatal.
Good point, I completely agree.
> For these applications it's more important to catch cases where malloc size
> and index used for access are coming from "different sources", eg. one is
> tainted and another isn't, doesn't matter
@@ -1032,11 +1037,6 @@ let ParentPackage = ENV in {
let ParentPackage = POSAlpha in {
NagyDonat wrote:
Please delete the packages that will no longer contain any checkers after this
change. (As it's a bad naming scheme, they shouldn't be repopulated later.)
@@ -1179,6 +1179,54 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)
strncpy(buf, "a", 1); // warn
}
+.. _security-putenv-with-auto:
+
+security.PutenvWithAuto
+"""
+Finds calls to the ``putenv`` function which pass a pointer to an automatic
https://github.com/NagyDonat commented:
Thanks for bringing this checker out of alpha! I like the new name and I agree
that the old `Limitations` section was incorrect; and I have some minor
suggestions in inline comments.
I'd also ask for running this checker on some open source projects; but
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/92424
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1179,6 +1179,54 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)
strncpy(buf, "a", 1); // warn
}
+.. _security-putenv-with-auto:
+
+security.PutenvWithAuto
+"""
+Finds calls to the ``putenv`` function which pass a pointer to an automatic
@@ -0,0 +1,66 @@
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=security.PutenvWithAuto \
+// RUN: -verify %s
+
+#include "Inputs/system-header-simulator.h"
+void free(void *);
+void *malloc(size_t);
+int putenv(char *);
+int snprintf(char *, size_t, const char *, ...)
https://github.com/NagyDonat approved this pull request.
LGTM, feel free to merge this. As @steakhal said, ensure that the PR
title/description and the commit message all reflect the actual changes that
you're commiting.
https://github.com/llvm/llvm-project/pull/92424
_
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/93024
This commit eliminates a redundant matcher subexpression from the
implementation of the "sizeof-pointer-to-aggregate" part of the clang-tidy
check `bugprone-sizeof-expression`.
I'm fairly certain that anythin
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/93024
From b7fb1707601c73bd53b6ac810cd39a94f5b3cd53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Wed, 22 May 2024 13:45:13 +0200
Subject: [PATCH 1/3] [clang-tidy][NFCI] Simplify bugprone-sizeof-
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/93024
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
This seems to be a reasonable and straightforward improvement which rules out a
hard-to test corner case. I think it's acceptable to merge this as it is now,
because crafting a testcase would require a disproportionate amount of work.
ht
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -599,7 +599,47 @@ Warns when a nullable pointer is returned from a function
that has _Nonnull retu
optin
^
-Checkers for portability, performance or coding style specific rules.
+Checkers for portability, performance, optional security and coding style
specific rules.
https://github.com/NagyDonat commented:
Oops, I noticed that I had some minor review commits that were left in a
"Pending" state for at least a week. Anyway, I'm publishing them now.
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mail
@@ -36,6 +36,8 @@ def CoreAlpha : Package<"core">, ParentPackage;
// Note: OptIn is *not* intended for checkers that are too noisy to be on by
// default. Such checkers belong in the alpha package.
def OptIn : Package<"optin">;
+def TaintOptIn : Package<"taint">, ParentPackage;
@@ -452,6 +454,7 @@ def EnumCastOutOfRangeChecker :
Checker<"EnumCastOutOfRange">,
} // end "optin.core"
+
NagyDonat wrote:
Remove this irrelevant empty line.
https://github.com/llvm/llvm-project/pull/92420
___
c
@@ -625,6 +628,16 @@ def BlockInCriticalSectionChecker :
Checker<"BlockInCriticalSection">,
} // end "alpha.unix"
+let ParentPackage = TaintOptIn in {
NagyDonat wrote:
Is this the right place for this? I'd guess that this should be placed next to
other `op
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
Thanks for publishing this commit, it's a nice refinement of the modelling
capabilities, and mostly LGTM.
In the inline comments I added some very minor remarks and one question about
the handling of a `fread` that reads into the beginning of an array re
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -0,0 +1,328 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#define EOF (-1)
+
+extern "C" {
+typedef __typeof(sizeof(int)) size_t;
+typedef struct _FILE FILE;
@@ -937,8 +990,21 @@ void StreamChecker::evalFreadFwrite(const FnDescription
*Desc,
// At read, invalidate the buffer in any case of error or success,
// except if EOF was already present.
- if (IsFread && !E.isStreamEof())
-State = escapeArgs(State, C, Call, {0});
+
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -0,0 +1,328 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#define EOF (-1)
+
+extern "C" {
+typedef __typeof(sizeof(int)) size_t;
+typedef struct _FILE FILE;
@@ -0,0 +1,328 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#define EOF (-1)
+
+extern "C" {
+typedef __typeof(sizeof(int)) size_t;
+typedef struct _FILE FILE;
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -1730,6 +1721,21 @@ def UnixAPIPortabilityChecker : Checker<"UnixAPI">,
} // end optin.portability
+
+//===--===//
+// Taint checkers.
+//===
NagyDonat wrote:
> Have you considered applying the same heuristic to C++ array new allocations?
Actually, I'm almost certain that this patch already affects the C++ array new
allocations, because `MallocMemAux` is called from the callback which handles
the array new operator.
@dkrupp Please
https://github.com/NagyDonat approved this pull request.
LGTM, thanks for the updates!
https://github.com/llvm/llvm-project/pull/96501
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/101511
Before commit 705788c the checker alpha.unix.BlockInCriticalSection
"recognized" the methods `std::mutex::lock` and `std::mutex::unlock` with an
extremely trivial check that accepted any function (or method)
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/101511
From 8700f803c5191e5bb266797e0d130ea27776101f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Thu, 1 Aug 2024 18:07:53 +0200
Subject: [PATCH 1/2] [analyzer] Restore recognition of mutex meth
NagyDonat wrote:
> Let's merge this, and backport it into clang-19. I'll deal with that.
Thanks!
https://github.com/llvm/llvm-project/pull/101511
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/c
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/101173
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
The change LGTM, it makes these reports somewhat easier to understand.
However, note that I'll delete all array bounds checking logic from this
checker when I'll bring `alpha.security.ArrayBoundsV2` out of alpha, because
there is no reas
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/102432
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/102432
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/102432
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
> If the `ArrayBoundsV2` checker is finished it should find all of the cases in
> the test of `PointerSubChecker` that have out-of-bound indexing, and
> including the cases where a single variable is handled like an 1-element
> array?
Yes, `ArrayBoundV2` will handle the cases
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/102456
This commit removes `invalidateRegionsImpl()`, moving its body to
`invalidateRegions(ValueList Values, ...)`, because it was a completely useless
layer of indirection.
Moreover I'm fixing some strange indent
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/102477
... within the classes `StoreManager` and `ProgramState` and describe the
connection between the two methods.
From 4faf523b8f7dc6e343082649867664b1439789de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/105493
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -459,7 +460,53 @@ unsigned radar11369570_hanging(const unsigned char *arr,
int l) {
longcmp(a, t, c);
l -= 12;
}
- return 5/a; // expected-warning {{Division by a tainted value, possibly
zero}}
+ return 5/a; // FIXME: Should be a "div by tainted" warning here.
https://github.com/NagyDonat approved this pull request.
The change LGTM overall, I support this kind of mitigation.
I added several cosmetic bikeshedding remarks as inline comments, but they are
not important enough to block this PR.
https://github.com/llvm/llvm-project/pull/105493
__
@@ -256,6 +257,12 @@ std::vector
taint::getTaintedSymbolsImpl(ProgramStateRef State,
if (!Sym)
return TaintedSymbols;
+ //
HACK:https://discourse.llvm.org/t/rfc-make-istainted-and-complex-symbols-friends/79570
+ if (const auto &Opts = State->getAnalysisManager().getA
@@ -407,6 +407,11 @@ ANALYZER_OPTION(
ANALYZER_OPTION(unsigned, MaxSymbolComplexity, "max-symbol-complexity",
"The maximum complexity of symbolic constraint.", 35)
+//
HACK:https://discourse.llvm.org/t/rfc-make-istainted-and-complex-symbols-friends/79570
+// I
https://github.com/NagyDonat approved this pull request.
Nice cleanup, I especially like the through testing.
https://github.com/llvm/llvm-project/pull/105652
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailma
@@ -297,20 +314,29 @@ std::optional printReferrer(const MemRegion
*Referrer) {
return "global";
assert(isa(Space));
return "stack";
- }(Referrer->getMemorySpace());
-
- // We should really only have VarRegions here.
- // Anything else is really surprising, and
https://github.com/NagyDonat requested changes to this pull request.
Looks good overall, but `getOriginRegion()` is a troublesome function (see
inline comment for details).
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
@@ -297,20 +314,29 @@ std::optional printReferrer(const MemRegion
*Referrer) {
return "global";
assert(isa(Space));
return "stack";
- }(Referrer->getMemorySpace());
-
- // We should really only have VarRegions here.
- // Anything else is really surprising, and
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -297,20 +314,29 @@ std::optional printReferrer(const MemRegion
*Referrer) {
return "global";
assert(isa(Space));
return "stack";
- }(Referrer->getMemorySpace());
-
- // We should really only have VarRegions here.
- // Anything else is really surprising, and
@@ -297,20 +314,29 @@ std::optional printReferrer(const MemRegion
*Referrer) {
return "global";
assert(isa(Space));
return "stack";
- }(Referrer->getMemorySpace());
-
- // We should really only have VarRegions here.
- // Anything else is really surprising, and
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -297,20 +314,29 @@ std::optional printReferrer(const MemRegion
*Referrer) {
return "global";
assert(isa(Space));
return "stack";
- }(Referrer->getMemorySpace());
-
- // We should really only have VarRegions here.
- // Anything else is really surprising, and
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -161,3 +164,619 @@ C make1() {
void test_copy_elision() {
C c1 = make1();
}
+
+namespace leaking_via_direct_pointer {
+void* returned_direct_pointer_top() {
+ int local = 42;
+ int* p = &local;
+ return p; // expected-warning{{associated with local variable 'local'
ret
https://github.com/NagyDonat commented:
Mostly LGTM and thanks for adding the "`origin_region_limitation`" test. (I
added one minor remark as inline comment.)
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
cfe-commits@li
https://github.com/NagyDonat approved this pull request.
Thanks for the update, I'm satisfied with this commit now.
https://github.com/llvm/llvm-project/pull/105653
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/
NagyDonat wrote:
Please ping me when this commit is in a clean state that can be reviewed (e.g.
updates on earlier commits are incorporated). Thanks!
https://github.com/llvm/llvm-project/pull/105648
___
cfe-commits mailing list
cfe-commits@lists.llvm.
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106048
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
Thanks for this improvement, I'm really happy to see this! (I added some inline
comments, but they are all minor and tangential.)
Right now all the `nullability.*` checkers are marked as (ObjC) in [the
documentation](https://clang.llvm.org/docs/analyz
@@ -10,3 +12,42 @@ void block_arity_mismatch() {
void(^b)() = ^(int a, int b) { };
b(1); // no-crash expected-warning {{Block taking 2 arguments is called
with fewer (1)}}
}
+
+int *nonnull_return_annotation_indirect() __attribute__((returns_nonnull));
+int *nonnull_retur
@@ -1,4 +1,6 @@
-// RUN: %clang_analyze_cc1 -fblocks -analyzer-checker=core,nullability
-Wno-deprecated-non-prototype -verify %s
+// RUN: %clang_analyze_cc1 -fblocks
-analyzer-checker=core,nullability,debug.ExprInspection
-Wno-deprecated-non-prototype -verify %s
---
@@ -10,3 +12,42 @@ void block_arity_mismatch() {
void(^b)() = ^(int a, int b) { };
b(1); // no-crash expected-warning {{Block taking 2 arguments is called
with fewer (1)}}
}
+
+int *nonnull_return_annotation_indirect() __attribute__((returns_nonnull));
+int *nonnull_retur
@@ -692,6 +692,14 @@ void NullabilityChecker::checkPreStmt(const ReturnStmt *S,
NullConstraint Nullness = getNullConstraint(*RetSVal, State);
Nullability RequiredNullability = getNullabilityAnnotation(RequiredRetType);
+ if (const auto *FunDecl = C.getLocationContext()->g
@@ -369,24 +393,48 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
const auto *ReferrerStackSpace =
ReferrerMemSpace->getAs();
+
if (!ReferrerStackSpace)
return false;
- if (ReferredMemSpace->getStackFrame() == Pop
401 - 500 of 1140 matches
Mail list logo
