https://github.com/NagyDonat requested changes to this pull request.
(The "approve mark" was accidental, this should not be merged without fixing
the trivial mistake that hardcodes addition.)
https://github.com/llvm/llvm-project/pull/112583
___
cfe-co
@@ -2883,22 +2883,16 @@ const llvm::APSInt
*RangeConstraintManager::getSymVal(ProgramStateRef St,
const llvm::APSInt *RangeConstraintManager::getSymMinVal(ProgramStateRef St,
SymbolRef Sym) const {
- // TODO: Use `getR
https://github.com/NagyDonat approved this pull request.
The change itself LGTM, but I'm a bit confused by the commit message.
Do I understand it correctly that the import was crashing (more precisely
running into an assertion failure) on some input? If yes, then this is not an
NFC change (but
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/112688
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1485,6 +1487,18 @@ class SymbolicRangeInferrer
Sym->getType());
}
+ std::optional getRangeCommutativeSymSym(const SymSymExpr *SSE) {
+bool IsCommutative = llvm::is_contained({BO_Add, BO_Mul},
SSE->getOpcode());
+if (!IsCommutative)
+ return std::nu
@@ -2866,12 +2877,14 @@ ConditionTruthVal
RangeConstraintManager::checkNull(ProgramStateRef State,
const llvm::APSInt *RangeConstraintManager::getSymVal(ProgramStateRef St,
SymbolRef Sym) const {
- const RangeSet *T = get
https://github.com/NagyDonat approved this pull request.
LGTM, thanks for the updates!
I have an optional suggestion/question in the only inline discussion that's
left unresolved, but feel free to merge this without handling that.
https://github.com/llvm/llvm-project/pull/112583
__
@@ -177,7 +177,8 @@ BugReportPtr BitwiseShiftValidator::checkOvershift() {
RightOpStr = formatv(" '{0}'", ConcreteRight->getValue());
else {
SValBuilder &SVB = Ctx.getSValBuilder();
-if (const llvm::APSInt *MinRight = SVB.getMinValue(FoldedState, Right)) {
+if
@@ -0,0 +1,208 @@
+FAQ and How to Deal with Common False Positives
+===
+
+.. contents::
+ :local:
+
+Custom Assertions
+-
+
+Q: How do I tell the analyzer that I do not want the bug being reported here
since my custom
https://github.com/NagyDonat commented:
Overall LGTM, with some minor bikeshedding on the redirect page.
I also added several inline comments about the _content_ of the page, but the
content changes should be left for a separate follow-up commit to separate
migrating the text and changing it.
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/112831
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,208 @@
+FAQ and How to Deal with Common False Positives
+===
+
+.. contents::
+ :local:
+
+Custom Assertions
+-
+
+Q: How do I tell the analyzer that I do not want the bug being reported here
since my custom
@@ -0,0 +1,208 @@
+FAQ and How to Deal with Common False Positives
+===
+
+.. contents::
+ :local:
+
+Custom Assertions
+-
+
+Q: How do I tell the analyzer that I do not want the bug being reported here
since my custom
@@ -0,0 +1,208 @@
+FAQ and How to Deal with Common False Positives
+===
+
+.. contents::
+ :local:
+
+Custom Assertions
+-
+
+Q: How do I tell the analyzer that I do not want the bug being reported here
since my custom
@@ -18,242 +17,11 @@
FAQ and How to Deal with Common False Positives
+This page is deprecated and will be
removed in release 21.0
+https://clang.llvm.org/docs/analyzer/user-docs/FAQ.html";>The new
site
NagyDonat wrote:
```suggestion
Its content was migrate
@@ -2883,22 +2883,16 @@ const llvm::APSInt
*RangeConstraintManager::getSymVal(ProgramStateRef St,
const llvm::APSInt *RangeConstraintManager::getSymMinVal(ProgramStateRef St,
SymbolRef Sym) const {
- // TODO: Use `getR
NagyDonat wrote:
Thanks for the explanation, I agree with your POV and I don't think that we
need a drastic change like renaming or reordering everything.
However, in this case I think it would be good to remove the type based section
headers, which are no longer accurate. When someone adds a
NagyDonat wrote:
@steakhal As I was browsing the list of analyzer options, I was surprised to
see that the numerical `unsigned` options added by this commit are placed in
the "Boolean analyzer options" section of `AnalyzerOptions.def`.
I understand that it's natural to group them together with
NagyDonat wrote:
> Is it a possible way forward dropping that assert?
The function that performs the assertion is not part of the static analyzer,
it's a generic graph algorithm from an LLVM support library and the assertion
seems to be a really obvious sanity check. I don't think that it's re
https://github.com/NagyDonat approved this pull request.
Looks good to me as well.
https://github.com/llvm/llvm-project/pull/110099
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
Thanks for the update, I think you can merge this now.
https://github.com/llvm/llvm-project/pull/110458
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mail
https://github.com/NagyDonat approved this pull request.
LGTM, this clarifiction is useful. I feel that these tests are very slightly
too verbose, but if you already wrote them, then we might as well keep them.
https://github.com/llvm/llvm-project/pull/112019
___
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/112209
This commit is a collection of several very minor code quality improvements.
The main goal is removing the misleading "Bin" substring from the names of
several methods and variables (like `evalEagerlyAssumedB
@@ -3742,20 +3742,18 @@ void ExprEngine::evalLocation(ExplodedNodeSet &Dst,
BldrTop.addNodes(Tmp);
}
-std::pair
-ExprEngine::geteagerlyAssumeBinOpBifurcationTags() {
- static SimpleProgramPointTag
- eagerlyAssumeBinOpBifurcationTrue(TagProviderName,
-
@@ -583,14 +583,14 @@ class ExprEngine {
ExplodedNode *Pred,
ExplodedNodeSet &Dst);
- /// evalEagerlyAssumeBinOpBifurcation - Given the nodes in 'Src', eagerly
assume symbolic
- /// expressions of the form 'x
@@ -3767,28 +3765,27 @@ void
ExprEngine::evalEagerlyAssumeBinOpBifurcation(ExplodedNodeSet &Dst,
continue;
}
-ProgramStateRef state = Pred->getState();
-SVal V = state->getSVal(Ex, Pred->getLocationContext());
+ProgramStateRef State = Pred->getState();
+
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/112209
From ea6ab3fe84e5ac89f82def877c37c8409889d01d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Mon, 14 Oct 2024 15:34:55 +0200
Subject: [PATCH 1/4] [analyzer][clang-tidy][NFC] Clean up eagerl
@@ -3742,23 +3742,20 @@ void ExprEngine::evalLocation(ExplodedNodeSet &Dst,
BldrTop.addNodes(Tmp);
}
-std::pair
-ExprEngine::geteagerlyAssumeBinOpBifurcationTags() {
- static SimpleProgramPointTag
- eagerlyAssumeBinOpBifurcationTrue(TagProviderName,
-
https://github.com/NagyDonat approved this pull request.
LGTM, thanks for fixing this crash!
I also happy to see that you simplify the logic and clean up the variable
names. (I was a bit curious about the original reason that led to introduce
this pattern matching, but I see that you're the or
https://github.com/NagyDonat approved this pull request.
https://github.com/llvm/llvm-project/pull/112833
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
Looks good to me, this is an important improvement of report quality.
If the analysis is performed in a cloud-based environment (which is common),
the full path name of the analyzed file may contain e.g. directory names that
are unpredic
NagyDonat wrote:
> I did take the cases one by one from identical-expressions.cpp to the tidy
> checks and noticed one pattern. It looks to me like identical expressions
> utilizing floats were excluded in the tidy checks but found in the static
> analysis check. Do you want to retain that thr
https://github.com/NagyDonat commented:
Thanks for implementing this cleanup commit!
I like that you ported the tests from the old checker to the tidy checks.
However, as these test files are very large, perhaps it would be better to put
these moved tests into stand-alone files instead of addi
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/113906
This commit removes the `check::BranchCondition` callback of the debug checker
`debug.DumpTraversal` (in `TraversalChecker.cpp`) and the single broken
testcase that was referring to it.
The testcase `travers
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/113906
From 003236dd68aee99a0b53b93a4c3406a44fec0085 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Mon, 28 Oct 2024 13:54:57 +0100
Subject: [PATCH 1/2] [analyzer][NFC] Remove check::BranchConditi
NagyDonat wrote:
This PR takes a conservative approach and only removes the `BranchCondition`
callback from `TraversalChecker.cpp`.
However I don't think that `TraversalChecker.cpp` is useful for manual
debugging and it's only used in two very simple testcases
[[1]](https://github.com/llvm/l
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/85224
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
It seems that we forgot about this issue :sweat:
The change looks good to me at first glance, although I didn't investigate the
context and the the possible indirect effects.
https://github.com/llvm/llvm-project/pull/85224
__
@@ -53,3 +53,7 @@ struct TestNotNullTerm {
strlen((char *)&x); // expected-warning{{Argument to string length
function is not a null-terminated string}}
}
};
+
+void test_notcstring_tempobject() {
+ strlen((char[]){'a', 0}); // expected-warning{{Argument to string lengt
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/113899
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
Overall I support moving this checker out of alpha, because its narrow
functionality indeed seems to be stable enough for general use.
However, eventually it would be good to extend this checker to get a "real"
NonNullTerminated checker that can deduce t
https://github.com/NagyDonat approved this pull request.
LGTM overall, feel free to add these NFC improvements.
My only comment is a suggestion to define the comparison logic with a
higher-level approach -- but the existing code is also OK if you prefer that.
https://github.com/llvm/llvm-proje
@@ -232,27 +233,86 @@ class RegionBindingsRef : public
llvm::ImmutableMapRef StringifyCache;
+auto ToString = [&StringifyCache](const MemRegion *R) {
+ auto [Place, Inserted] = StringifyCache.try_emplace(R);
+ if (!Inserted)
+return Place->second;
+ std
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/115615
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -23,7 +23,14 @@ RangedConstraintManager::~RangedConstraintManager() {}
ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State,
SymbolRef Sym,
bool Assumpti
https://github.com/NagyDonat commented:
Thanks for the commit, I'm satisfied with it :)
I actually like that these two related changes (the checker change and the
constraint manager improvement) are handled together in a single commit -- this
way somebody who browses the commit log can directl
@@ -23,7 +23,14 @@ RangedConstraintManager::~RangedConstraintManager() {}
ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State,
SymbolRef Sym,
bool Assumpti
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/115579
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/115579
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -39,6 +39,10 @@ enum class StructuralEquivalenceKind {
};
struct StructuralEquivalenceContext {
+ /// Store declaration pairs already found to be non-equivalent.
+ /// key: (from, to, IgnoreTemplateParmDepth)
+ using NonEquivalentDeclSet = llvm::DenseSet>;
--
@@ -2511,7 +2512,8 @@ bool StructuralEquivalenceContext::Finish() {
if (!Equivalent) {
// Note that these two declarations are not equivalent (and we already
// know about it).
- NonEquivalentDecls.insert(P);
+ NonEquivalentDecls.insert(
+ std
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/115518
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/115518
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -67,9 +67,10 @@ class BindingKey {
isa(r)) &&
"Not a base");
}
-public:
+public:
bool isDirect() const { return P.getInt() & Direct; }
+ bool isDefault() const { return !isDirect(); }
NagyDonat wrote:
```suggestion
```
This is
https://github.com/NagyDonat commented:
> Another possible solution: Use two `NonEquivalentDecls` sets, one for
> `IgnoreTemplateParmDepth = true` and one for `false`. This may use less
> memory (no rarely used third value in the key) but requires more code changes.
I like this idea, and I thi
@@ -1804,8 +1804,10 @@ struct StructuralEquivalenceCacheTest : public
StructuralEquivalenceTest {
}
template
- bool isInNonEqCache(std::pair D) {
-return NonEquivalentDecls.count(D) > 0;
+ bool isInNonEqCache(std::pair D,
+ bool IgnoreTemplateP
@@ -62,7 +62,8 @@ class TypeSourceInfo;
class ASTImporter {
friend class ASTNodeImporter;
public:
-using NonEquivalentDeclSet = llvm::DenseSet>;
+using NonEquivalentDeclSet =
+llvm::DenseSet>;
NagyDonat wrote:
```suggestion
using No
@@ -2303,7 +2303,8 @@ static bool
IsStructurallyEquivalent(StructuralEquivalenceContext &Context,
// Check whether we already know that these two declarations are not
// structurally equivalent.
- if (Context.NonEquivalentDecls.count(P))
+ if (Context.NonEquivalentDecls
@@ -232,27 +233,86 @@ class RegionBindingsRef : public
llvm::ImmutableMapRef StringifyCache;
+auto ToString = [&StringifyCache](const MemRegion *R) {
+ auto [Place, Inserted] = StringifyCache.try_emplace(R);
+ if (!Inserted)
+return Place->second;
+ std
https://github.com/NagyDonat approved this pull request.
https://github.com/llvm/llvm-project/pull/115518
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat approved this pull request.
LGTM, and sorry for delaying this commit with the tuple-based suggestion!
https://github.com/llvm/llvm-project/pull/115884
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.ll
NagyDonat wrote:
Offtopic @Xazax-hun
> there are many ways to get to undef during constant folding (signed overflows
> ...
I was surprised to read this because as far as I know (knew) the analyzer
models signed operations as if overflow was completely natural for them. (See
e.g. the method `a
NagyDonat wrote:
The array-based solution can be extended to cover more than two separate cache
sets by replacing the `bool` with a suitable enum (or a bitfield where
independent flags are combined by bitwise or). It will stay more effective than
the "use a single set and store 3-tuples instea
@@ -1,4 +1,9 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify
%s -Wno-undefined-bool-conversion
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=core,debug.ExprInspection,unix.Malloc \
+// RUN: -verify %s \
+// RUN: -Wno-undefined-b
NagyDonat wrote:
Instead of the loop widening plans that I discussed earlier (e.g. on discourse)
I ended up implementing this suppression heuristic, which is currently in a
"minimal stable product" state: it is working and ready to be merged IMO, but
I'm also open to suggestions about technica
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/109804
The checker alpha.security.ArrayBoundV2 produced lots of false positives in
situations where loop modeling of the engine fed it with unfounded assumptions.
This commit introduces a heuristic that discards Arr
https://github.com/NagyDonat approved this pull request.
Good catch, thanks for the fix.
https://github.com/llvm/llvm-project/pull/110115
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commit
@@ -1849,11 +1889,12 @@ ProgramStateRef StreamChecker::ensureStreamOpened(SVal
StreamVal,
if (SS->isClosed()) {
// Using a stream pointer after 'fclose' causes undefined behavior
// according to cppreference.com .
-ExplodedNode *N = C.generateErrorNode();
-if
https://github.com/NagyDonat approved this pull request.
I like this improvement :smile:, thanks for implementing it!
The code that you added LGTM, my only concern is the awkward warning message
which was inherited from the earlier state of the codebase. I think it would be
nice to slip in an
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/109112
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
StaticAnalyzer changes LGTM.
https://github.com/llvm/llvm-project/pull/109399
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/109804
From 23b27377e556085054621f27d97059618b416695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Mon, 23 Sep 2024 15:42:20 +0200
Subject: [PATCH 1/3] [analyzer] Suppress out of bounds reports a
@@ -441,10 +441,33 @@ void CoreEngine::HandleCallEnter(const CallEnter &CE,
ExplodedNode *Pred) {
void CoreEngine::HandleBranch(const Stmt *Cond, const Stmt *Term,
const CFGBlock * B, ExplodedNode *Pred) {
assert(B->succ_size() == 2);
+
+ con
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/109804
From 23b27377e556085054621f27d97059618b416695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Mon, 23 Sep 2024 15:42:20 +0200
Subject: [PATCH 1/4] [analyzer] Suppress out of bounds reports a
@@ -0,0 +1,1450 @@
+// Like the compiler, the static analyzer treats some functions differently if
NagyDonat wrote:
Quick nit: this comment refers to the "static analyzer", you should probably
change it to a reference to "Clang Tidy".
https://github.com/llvm/ll
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106389
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,30 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-output text \
+// RUN: -verify %s
+
+void test_no_overflow_note(int a, int b)
+{
+ int res;
+
+ if (__builtin_add_overflow(a, b, &res)) // expected-note {{Assuming
overflow does not happen}}
-
@@ -16,21 +16,93 @@
#include "clang/Basic/Builtins.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
+#include "clang/StaticAnalyzer/Checkers/Taint.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/102602
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -20,6 +22,7 @@
// RUN: not %clang_analyze_cc1 -Wno-pointer-to-int-cast \
// RUN: -Wno-incompatible-library-redeclaration -verify %s \
// RUN: -analyzer-checker=optin.taint.GenericTaint \
+// RUN: -analyzer-checker=optin.taint.TaintedDiv \
NagyDonat wr
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze
-analyzer-checker=optin.taint,core,alpha.security.ArrayBoundV2,optin.taint.TaintedAlloc
-analyzer-output=text -verify %s
+// RUN: %clang_cc1 -analyze
-analyzer-checker=optin.taint,core,alpha.security.ArrayBoundV2,optin.taint.TaintedA
@@ -25,16 +25,20 @@ using namespace ento;
using namespace taint;
namespace {
-class DivZeroChecker : public Checker< check::PreStmt > {
- const BugType BT{this, "Division by zero"};
- const BugType TaintBT{this, "Division by zero", categories::TaintedData};
+class DivZeroChe
@@ -1288,6 +1288,34 @@ by explicitly marking the ``size`` parameter as
sanitized. See the
delete[] ptr;
}
+.. _optin-taint-TaintedDiv:
+
+optin.taint.TaintedDiv (C, C++, ObjC)
+"
+This checker warns when the denominator in a division
@@ -1288,6 +1288,34 @@ by explicitly marking the ``size`` parameter as
sanitized. See the
delete[] ptr;
}
+.. _optin-taint-TaintedDiv:
+
+optin.taint.TaintedDiv (C, C++, ObjC)
+"
+This checker warns when the denominator in a division
@@ -1703,6 +1703,12 @@ def TaintedAllocChecker: Checker<"TaintedAlloc">,
Dependencies<[DynamicMemoryModeling, TaintPropagationChecker]>,
Documentation;
+def TaintedDivChecker: Checker<"TaintedDiv">,
+ HelpText<"Check for divisions, where the denominator "
+ "mig
https://github.com/NagyDonat commented:
Looks good overall, I added several suggestions but they mostly tweak the
documentation and the comments.
Moreover, I don't see any tests where the separation between
`optin.taint.TaintedDiv` and `core.DivideZero` is tested by enabling one of
them and
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106389
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1288,6 +1288,34 @@ by explicitly marking the ``size`` parameter as
sanitized. See the
delete[] ptr;
}
+.. _optin-taint-TaintedDiv:
+
+optin.taint.TaintedDiv (C, C++, ObjC)
+"
+This checker warns when the denominator in a division
@@ -1288,6 +1288,34 @@ by explicitly marking the ``size`` parameter as
sanitized. See the
delete[] ptr;
}
+.. _optin-taint-TaintedDiv:
+
+optin.taint.TaintedDiv (C, C++, ObjC)
+"
+This checker warns when the denominator in a division
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/109804
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -2808,27 +2825,63 @@ void ExprEngine::processBranch(const Stmt *Condition,
std::tie(StTrue, StFalse) = *KnownCondValueAssumption;
else {
assert(!isa(Condition));
+ // TODO: instead of this shortcut perhaps it would be better to "rejoin"
+ // the com
https://github.com/NagyDonat approved this pull request.
Also LGTM, sorry for not responding earlier. I agree with the minor suggestions
of @steakhal .
https://github.com/llvm/llvm-project/pull/102602
___
cfe-commits mailing list
cfe-commits@lists.llv
@@ -194,3 +199,99 @@ char test_comparison_with_extent_symbol(struct incomplete
*p) {
return ((char *)p)[-1]; // no-warning
}
+// WeakLoopAssumption suppression
+///
+
+int GlobalArray[100];
+int loop_suppre
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/109804
From 23b27377e556085054621f27d97059618b416695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Mon, 23 Sep 2024 15:42:20 +0200
Subject: [PATCH 1/6] [analyzer] Suppress out of bounds reports a
NagyDonat wrote:
> We can always have a map, mapping ForStmts to finished iterations. Basically,
> from the ErrorNode, we could walk backwards (as usual in a visitor like
> that), and check if the current ProgramPoint is PostStmt. We would then grab
> the wrapped Stmt to see if it's the termin
https://github.com/NagyDonat approved this pull request.
LGTM with some additional bikeshedding in a comment that could be shorter IMO.
https://github.com/llvm/llvm-project/pull/108900
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lis
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/108900
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -278,6 +278,13 @@ class SMTConstraintManager : public
clang::ento::SimpleConstraintManager {
if (const SymbolCast *SC = dyn_cast(Sym))
return canReasonAbout(SVB.makeSymbolVal(SC->getOperand()));
+// If a UnarySymExpr is encountered, the Z3
+// wrapper doe
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/109804
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -194,3 +199,99 @@ char test_comparison_with_extent_symbol(struct incomplete
*p) {
return ((char *)p)[-1]; // no-warning
}
+// WeakLoopAssumption suppression
+///
+
+int GlobalArray[100];
+int loop_suppre
601 - 700 of 1507 matches
Mail list logo
