[PATCH] D71224: [analyzer] Escape symbols stored into specific region after a conservative evalcall.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Dec 10 15:14:20 PST 2019
NoQ added a comment.
In D71224#1778332 <https://reviews.llvm.org/D71224#1778332>, @xazax.hun wrote:
> So basically what I am wonder/worrying about is the following:
> The analyzer core will decide that the stack region is escaped and the checkers has no word about this.
Yup, you got me. Pre-escaped locals are indeed material and beyond the checker's control. I don't seem to have any immediate solutions. I think we could postpone the work on pre-escaped locals (until we figure out how to do them correctly) if they're not immediately necessary to you (after all i was the one who suggested it). Or ignore the problem (depending on how we do our FP vs. FN trade-off).
In D71224#1778357 <https://reviews.llvm.org/D71224#1778357>, @xazax.hun wrote:
> Consider the following two snippets:
Mm, these snippets don't have pre-escaped locals. Like, they accidentally do, but above i proposed to work around this by removing the first escape invocation (that happens during the call) and only doing it after the call. This way these locals don't have time to become pre-escaped. I think these are not a problem.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71224/new/
https://reviews.llvm.org/D71224
More information about the cfe-commits
mailing list