<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    I suspect that you're still running different sets of checks in
    different invocations. Typically you don't want to use direct/manual
    -cc1 invocations as they're completely unrepresentative of the
    actual behavior.<br>
    <br>
    One way or another, you should dump the exploded graph to see where
    constraints originate and how they propagate
    (<a class="moz-txt-link-freetext" href="https://www.youtube.com/watch?v=g0Mqx1niUi0">https://www.youtube.com/watch?v=g0Mqx1niUi0</a>,
    <a class="moz-txt-link-freetext" href="https://clang-analyzer.llvm.org/checker_dev_manual.html#visualizing">https://clang-analyzer.llvm.org/checker_dev_manual.html#visualizing</a>)<br>
    <br>
    <div class="moz-cite-prefix">On 03.09.2021 13:33, Max Schrötter via
      cfe-dev wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:YTKGj5OszYUfl0ZQ@thinky">
      <pre class="moz-quote-pre" wrap="">Hi,

I'm currently trying to write a static analyzer using llvm and started
with a simple example, that checks if the return value of malloc/calloc
was checked to be non-null before accessing it.

While testing I noticed, that the ConstraintManager shows inconsistent
behaviors. If the checker is compiled in-tree everything works as
expected. But if the checker is compiled as Plugin and run with
-analyzer-checker=core.NonNullParamChecker and -fgnuc-version=4.2.1
enabled, the ConstraintManager returns different constraints.

Example:

    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    
    int main(int argc, char ** argv, char ** envp){
        int z=8;
        int *p = malloc(sizeof(int));
        memcpy(p,&z,sizeof(int)); 
        free(p);
    }

If compiled with llvm the ConstraintManager.isNull reports isUnderconstrained for the symbol p pre memcpy.
If compiled as Plugin it returns true for isConstrainedFalse and isConstrained, but p can be null here.

I have posted my code on Github if anyone wants to look at it: <a class="moz-txt-link-freetext" href="https://github.com/schrc3b6/simple-static-analyzer">https://github.com/schrc3b6/simple-static-analyzer</a>

Is this a bug in my Code or am I misunderstanding something?

Thanks
Max
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>