[all-commits] [llvm/llvm-project] 2d336e: [analyzer] Avoid contradicting assumption in taint...
Arseniy Zaostrovnykh via All-commits
all-commits at lists.llvm.org
Tue Jun 17 04:08:06 PDT 2025
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 2d336e7c5e821383816a9dca080f713747cc9e1e
https://github.com/llvm/llvm-project/commit/2d336e7c5e821383816a9dca080f713747cc9e1e
Author: Arseniy Zaostrovnykh <necto.ne at gmail.com>
Date: 2025-06-17 (Tue, 17 Jun 2025)
Changed paths:
M clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
M clang/test/Analysis/taint-generic.c
Log Message:
-----------
[analyzer] Avoid contradicting assumption in tainted div-by-0 error node (#144491)
This patch corrects the state of the error node generated by the
core.DivideZero checker when it detects potential division by zero
involving a tainted denominator.
The checker split in
https://github.com/llvm/llvm-project/pull/106389/commits/91ac5ed10a154410c246d985752c1bbfcf23b105
started to introduce a conflicting assumption about the denominator into
the error node:
Node with the Bug Report "Division by a tainted value, possibly zero"
has an assumption "denominator != 0".
This has been done as a shortcut to continue analysis with the correct
assumption *after* the division - if we proceed, we can only assume the
denominator was not zero. However, this assumption is introduced
one-node too soon, leading to a self-contradictory error node.
In this patch, I make the error node with assumption of zero denominator
fatal, but allow analysis to continue on the second half of the state
split with the assumption of non-zero denominator.
---
CPP-6376
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list