<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
I suspect that you're still running different sets of checks in
different invocations. Typically you don't want to use direct/manual
-cc1 invocations as they're completely unrepresentative of the
actual behavior.<br>
<br>
One way or another, you should dump the exploded graph to see where
constraints originate and how they propagate
(<a class="moz-txt-link-freetext" href="https://www.youtube.com/watch?v=g0Mqx1niUi0">https://www.youtube.com/watch?v=g0Mqx1niUi0</a>,
<a class="moz-txt-link-freetext" href="https://clang-analyzer.llvm.org/checker_dev_manual.html#visualizing">https://clang-analyzer.llvm.org/checker_dev_manual.html#visualizing</a>)<br>
<br>
<div class="moz-cite-prefix">On 03.09.2021 13:33, Max Schrötter via
cfe-dev wrote:<br>
</div>
<blockquote type="cite" cite="mid:YTKGj5OszYUfl0ZQ@thinky">
<pre class="moz-quote-pre" wrap="">Hi,
I'm currently trying to write a static analyzer using llvm and started
with a simple example, that checks if the return value of malloc/calloc
was checked to be non-null before accessing it.
While testing I noticed, that the ConstraintManager shows inconsistent
behaviors. If the checker is compiled in-tree everything works as
expected. But if the checker is compiled as Plugin and run with
-analyzer-checker=core.NonNullParamChecker and -fgnuc-version=4.2.1
enabled, the ConstraintManager returns different constraints.
Example:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char ** argv, char ** envp){
int z=8;
int *p = malloc(sizeof(int));
memcpy(p,&z,sizeof(int));
free(p);
}
If compiled with llvm the ConstraintManager.isNull reports isUnderconstrained for the symbol p pre memcpy.
If compiled as Plugin it returns true for isConstrainedFalse and isConstrained, but p can be null here.
I have posted my code on Github if anyone wants to look at it: <a class="moz-txt-link-freetext" href="https://github.com/schrc3b6/simple-static-analyzer">https://github.com/schrc3b6/simple-static-analyzer</a>
Is this a bug in my Code or am I misunderstanding something?
Thanks
Max
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>