[PATCH] D44934: [analyzer] Improve the modeling of `memset()`.

Henry Wong via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Mar 27 07:39:36 PDT 2018 

MTC created this revision.
MTC added reviewers: dcoughlin, NoQ, xazax.hun, a.sidorin.
Herald added subscribers: cfe-commits, rnkovacs, szepet.
Herald added a reviewer: george.karpenkov.

This patch originates from https://reviews.llvm.org/D31868. There are two key points in this 
patch:

- Add `OverwriteRegion()`, this method used to model `memset()` or something like that.
- Improve the modeling of `memset`.

For `OverwriteRegion()`, is basically invalidate region and bind default. But I think this 
method requires more in-depth thinking and more extensive testing.

For `evalMemset()`, this patch only considers the case where the buffer's offset is zero. And
if the whole region is `memset`ed, bind a default value. According to the value for 
overwriting, decide how to update the string length.

For `void *memset(void *dest, int ch, size_t count)`:

1). offset is 0, `ch` is `'\0'` and `count` < dest-buffer's length. 
Invalidate the buffer and set the string length to 0.

2). offset is 0, `ch` is `'\0'` and `count` == dest-buffer's length.
Bind `\0` to the buffer with default binding and set the string length to 0.

3). offset is 0, `ch` is not `'\0'` and `count` < dest-buffer's length.
Invalidate the buffer and set the string length >= `count`.

4). offset is 0, `ch` is not `'\0'` and `count` == dest-buffer's length.
Bind `ch` to the buffer and set the string length >= `count`.

I have tested this patch on `sqlite`, but there's no difference int the warnings.

Thanks in advance for the review!


Repository:
  rC Clang

https://reviews.llvm.org/D44934

Files:
  include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
  include/clang/StaticAnalyzer/Core/PathSensitive/Store.h
  lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  lib/StaticAnalyzer/Core/ProgramState.cpp
  lib/StaticAnalyzer/Core/RegionStore.cpp
  lib/StaticAnalyzer/Core/Store.cpp
  test/Analysis/bstring.cpp
  test/Analysis/null-deref-ps-region.c
  test/Analysis/string.c

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D44934.139927.patch
Type: text/x-patch
Size: 25986 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180327/4874022a/attachment-0001.bin>

More information about the cfe-commits mailing list