[PATCH] D77062: [analyzer] Added check for unacceptable equality operation between Loc and NonLoc types
Denys Petrov via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Apr 13 04:48:32 PDT 2020
ASDenysPetrov added a comment.
@Szelethus, @NoQ
I've investigated graph.dot of the sample. F11723129: t37503.dot <https://reviews.llvm.org/F11723129>
Here is a simplification:
1. SA thinks that `ptr` is a pointer with a structure `MemRegion->MemRegion->MemRegion->Element`
2. Then `*(unsigned char **)ptr = (unsigned char *)(func());` occures. Symbolic substitution happens to `ptr`.
3. After that SA thinks that `ptr` holds a symbolic value `MemRegion->MemRegion->Element` because of casts.
4. `**ptr` should lead us to `MemRegion->MemRegion->MemRegion` from C++ point of view, but dereferencing applies to substituted symbolic value from SA point of view and we finally get `MemRegion->MemRegion->Element`
As I see, this is not //treating the symptom//. This is exactly handling this particular case which is legal and may take place.
Another solution could be to check the first argument of `strcpy` for being actially a `char*` and show a warning otherwise.
Please, explain, what I could miss in my suggestions, because I'm less expertise than you, guys.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D77062/new/
https://reviews.llvm.org/D77062
More information about the cfe-commits
mailing list