[PATCH] D69813: [analyzer] CERTStrChecker: Model gets()

Csaba Dabis via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Nov 11 05:20:12 PST 2019 

Charusso updated this revision to Diff 228675.
Charusso added a comment.

- The packaging have not been addressed yet.
- Inject the "zombie" size expression to the new function call (`fgets`) if none of the size expression's regions have been modified.

The idea is that: When we set up a variable `size = 13;` it modifies the region, but the size expression is not stored yet, so we do not invalidate anything. We store the `malloc(size + 1)`'s `size`, after that the dead-symbol-purging kick in and it either invalidate the region or makes it keep alive.

- If the region of `size` is alive after the purge point we cannot inject the "zombie" `size + 1` as an expression, we need to obtain its concrete value: `14`. (When the redefinition happen I wanted to create a `NoteTag`, but I have not seen a simple way to do so.)

- If the region of `size` has been purged out, it is safe to copy-and-paste the "zombie" `size + 1` as an expression.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D69813/new/

https://reviews.llvm.org/D69813

Files:
  clang/include/clang/Lex/Preprocessor.h
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/include/clang/StaticAnalyzer/Core/BugReporter/CommonBugCategories.h
  clang/include/clang/StaticAnalyzer/Core/PathSensitive/DynamicSize.h
  clang/include/clang/StaticAnalyzer/Core/PathSensitive/DynamicSizeInfo.h
  clang/lib/StaticAnalyzer/Checkers/AllocationState.h
  clang/lib/StaticAnalyzer/Checkers/CMakeLists.txt
  clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
  clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp
  clang/lib/StaticAnalyzer/Core/CommonBugCategories.cpp
  clang/lib/StaticAnalyzer/Core/DynamicSize.cpp
  clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
  clang/test/Analysis/Inputs/system-header-simulator.h
  clang/test/Analysis/analyzer-config.c
  clang/test/Analysis/cert/str31-alloc.cpp
  clang/test/Analysis/cert/str31-notes.cpp
  clang/test/Analysis/cert/str31-safe.cpp
  clang/test/Analysis/cert/str31-unsafe.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D69813.228675.patch
Type: text/x-patch
Size: 34401 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20191111/d623985e/attachment-0001.bin>

More information about the cfe-commits mailing list