[PATCH] D63720: [analyzer] ExprEngine: Escape pointers in bitwise operations

Csaba Dabis via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Jun 24 16:49:19 PDT 2019 

Charusso updated this revision to Diff 206332.
Charusso marked 11 inline comments as done.
Charusso added a comment.

- Fix.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D63720/new/

https://reviews.llvm.org/D63720

Files:
  clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
  clang/test/Analysis/symbol-escape.cpp


Index: clang/test/Analysis/symbol-escape.cpp
===================================================================
--- clang/test/Analysis/symbol-escape.cpp
+++ clang/test/Analysis/symbol-escape.cpp
@@ -2,6 +2,9 @@
 // RUN:  -analyzer-checker=core,cplusplus.NewDeleteLeaks \
 // RUN:  -verify %s
 
+// expected-no-diagnostics: Whenever we cannot evaluate an operation we escape
+//                          the operands.
+
 #include <stdint.h>
 
 class C {};
@@ -12,7 +15,7 @@
                                ~static_cast<uintptr_t>(0x1)) |
                               (reinterpret_cast<uintptr_t>(Bar) & 0x1));
   (void)Bar;
-  // expected-warning at -1 {{Potential leak of memory pointed to by 'Bar'}}
+  // no-warning: "Potential leak of memory pointed to by 'Bar'" was here.
 
   return Bar;
 }
@@ -23,7 +26,7 @@
   Baz = reinterpret_cast<C **>(reinterpret_cast<uintptr_t>(Baz) | 0x1);
   Baz = reinterpret_cast<C **>(reinterpret_cast<uintptr_t>(Baz) &
 		               ~static_cast<uintptr_t>(0x1));
-  // expected-warning at -2 {{Potential leak of memory pointed to by 'Qux'}}
+  // no-warning: "Potential leak of memory pointed to by 'Qux'" was here.
 
   delete *Baz;
   return Baz;
Index: clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -100,6 +100,11 @@
       SVal Result = evalBinOp(state, Op, LeftV, RightV, B->getType());
       if (!Result.isUnknown()) {
         state = state->BindExpr(B, LCtx, Result);
+
+      // If we cannot evaluate the operation escape the operands.
+      } else {
+        state = escapeValue(state, LeftV, PSK_EscapeOther);
+        state = escapeValue(state, RightV, PSK_EscapeOther);
       }
 
       Bldr.generateNode(B, *it, state);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D63720.206332.patch
Type: text/x-patch
Size: 1846 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190624/db1d1a0d/attachment.bin>

More information about the cfe-commits mailing list