[PATCH] D71224: [analyzer][WIP] Escape symbols stored into specific region after a conservative evalcall.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Dec 9 15:21:31 PST 2019
NoQ added a comment.
I think you don't need to smuggle `WasConservative` all the way up. It's implied that if the evaluation was not conservative, then the respective `ExplodedNodeSet` is going to be empty, as all nodes will be put directly into the worklist instead. Eg., `checkPostCall` isn't going to be invoked immediately after `inlineCall`, but only after `enqueueEndOfFunction`.
================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:650
+
+ // TODO: the PSK is a lie.
+ State = getCheckerManager().runCheckersForPointerEscape(
----------------
xazax.hun wrote:
> How much do we care about the escape kind? For each symbol we need to check if it was directly passed to the callee. It is not too bad I guess, but I was wondering.
Dunno, just introduce a new `PSK_` item and use it here. It isn't supposed to be per-symbol, it's just to notify checkers that we're in this new post-call invocation for out-parameters, so that they could opt out of the whole callback.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71224/new/
https://reviews.llvm.org/D71224
More information about the cfe-commits
mailing list