[PATCH] D30157: [analyzer] Improve valist check
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 20 05:47:00 PST 2017
NoQ added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/ValistChecker.cpp:178
+ VaListModelledAsArray = Cast->getCastKind() == CK_ArrayToPointerDecay;
+ const MemRegion *Reg = SV.getAsRegion();
+ if (const auto *DeclReg = Reg->getAs<DeclRegion>()) {
----------------
I suspect that UnknownVal should also be handled before that, otherwise we'd have null dereference on the next line.
================
Comment at: test/Analysis/valist-uninitialized-no-undef.c:5
+
+// This is the same function as the previous one, but it is called in call_inlined_uses_arg(),
+// and the warning is generated during the analysis of call_inlined_uses_arg().
----------------
Hmm, where's the previous one?
================
Comment at: test/Analysis/valist-uninitialized-no-undef.c:19
+ // FIXME: There should be no warning for this.
+ (void)va_arg(*fst, int); // expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+ va_end(*fst);
----------------
As the patch tries to handle symbolic va_list regions, i wonder what's so particularly hard about this false positive (apart from its being obviously rare, by the way did you actually see such code?).
https://reviews.llvm.org/D30157
More information about the cfe-commits
mailing list