[all-commits] [llvm/llvm-project] 1c8add: [analyzer] Add hack in ArrayBound to cover up miss...
Donát Nagy via All-commits
all-commits at lists.llvm.org
Tue Feb 18 02:20:06 PST 2025
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 1c8add1ec70d8d730572029ac11a70f4dfac8ed5
https://github.com/llvm/llvm-project/commit/1c8add1ec70d8d730572029ac11a70f4dfac8ed5
Author: Donát Nagy <donat.nagy at ericsson.com>
Date: 2025-02-18 (Tue, 18 Feb 2025)
Changed paths:
M clang/lib/StaticAnalyzer/Checkers/ArrayBoundChecker.cpp
M clang/test/Analysis/out-of-bounds.c
Log Message:
-----------
[analyzer] Add hack in ArrayBound to cover up missing casts (#127117)
Currently there are many casts that are not modeled (i.e. ignored) by
the analyzer, which can cause paradox states (e.g. negative value stored
in `unsigned` variable) and false positive reports from various
checkers, e.g. from `security.ArrayBound`.
Unfortunately this issue is deeply rooted in the architectural
limitations of the analyzer (if we started to model the casts, it would
break other things). For details see the umbrella ticket
https://github.com/llvm/llvm-project/issues/39492
This commit adds an ugly hack in `security.ArrayBound` to silence most
of the false positives caused by this shortcoming of the engine.
Fixes #126884
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list