[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

Gábor Horváth via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Jul 23 09:01:33 PDT 2018 

xazax.hun requested changes to this revision.
xazax.hun added a comment.
This revision now requires changes to proceed.

Some comments, mostly nits inline.



================
Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:149
+    C.addTransition(State);
     return;
+  }
----------------
Nit: This return is redundant.


================
Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:202
+      markPtrSymbolsReleased(Call, State, ObjRegion, C);
     }
   }
----------------
Nit: no need for braces here.


================
Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:204
   }
+  return;
+}
----------------
Nit: redundant return.


================
Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:212
+  // Check [string.require] / first point.
+  if (const auto *FC = dyn_cast<AnyFunctionCall>(&Call)) {
+    const FunctionDecl *FD = FC->getDecl();
----------------
Shouldn't we also check if the function is a standard library function? Or do we assume that user functions also invalidate the strings?


================
Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:213
+  if (const auto *FC = dyn_cast<AnyFunctionCall>(&Call)) {
+    const FunctionDecl *FD = FC->getDecl();
+    for (unsigned I = 0, E = FD->getNumParams(); I != E; ++I) {
----------------
I am not sure if we always have a `Decl` here, I am afraid this might return null sometimes. Please add a test case with a function pointer (received as an argument in a top level function).


================
Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:227
   }
+  return;
 }
----------------
Nit: redundant return.


================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:2934
+            } else if (const auto *CallE = dyn_cast<CallExpr>(S)) {
+              OS << CallE->getDirectCallee()->getNameAsString();
             }
----------------
I think `getDirectCallee` might fail and return `nullptr`. One more reason to test function pointers :)


Repository:
  rC Clang

https://reviews.llvm.org/D49656

More information about the cfe-commits mailing list