[PATCH] D31868: [analyzer] Check NULL pointer dereference issue for memset function

Henry Wong via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Oct 24 02:01:21 PDT 2017

MTC added a comment.

> One of the possible improvements for future work here would be to actually bind the second argument value to the buffer instead of just invalidating it. Like, after `memset(buf, 0, sizeof(buf))` the analyzer should know that all values in the `buf` array are `0`. In the analyzer we have the notion of *default bindings* to handle that (see documentation in docs/analyzer/RegionStore.txt for more details).

`BindDefault()` is the only function that can make the default binding, is it? If so, `evalMemset()` uses `bindDefault()`, the binding may not take effect. Because the current `BindDefault()` logic is that if the memory area has been initialized, then the default binding will no longer be done, see https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Core/RegionStore.cpp#L429. Before `evalMemset()`, `MallocMemAux()` in MallocChecker.cpp may have already made the default binding. Am I right?

Thank you!



More information about the cfe-commits mailing list