[PATCH] D71224: [analyzer][WIP] Escape symbols stored into specific region after a conservative evalcall.

Gábor Horváth via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Dec 9 13:30:51 PST 2019 

xazax.hun created this revision.
xazax.hun added reviewers: NoQ, dcoughlin, Szelethus, baloghadamsoftware, haowei.
xazax.hun added a project: clang.
Herald added subscribers: Charusso, gamesh411, dkrupp, donat.nagy, mikhail.ramalho, a.sidorin, rnkovacs, szepet.
xazax.hun marked an inline comment as done.
xazax.hun added inline comments.
xazax.hun marked an inline comment as done.


================
Comment at: clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:402
+                         InvalidatedSymbols *IS,
+                         RegionAndSymbolInvalidationTraits *ETraits,
+                         StoreManager::InvalidatedRegions *TopLevelInvalidated);
----------------
Actually, it is possible I went too far with plumbing `RegionAndSymbolInvalidationTraits`.


================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:696
   // And make the result node.
   Bldr.generateNode(Call.getProgramPoint(), State, Pred);
 }
----------------
After some offline conversation it is very likely that we want to move the `runCheckersForPointerEscape` here. 

The main question is, how should we get all the data?

We should know about:
* What regions are output params.
* What regions are considered escaped.
* What regions have traits that prevents escaping.

Is there anything else?


The main purpose of this patch is to discuss the approach. It is not near to be production ready yet.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D71224

Files:
  clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
  clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h
  clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
  clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
  clang/include/clang/StaticAnalyzer/Core/PathSensitive/Store.h
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/lib/StaticAnalyzer/Core/CallEvent.cpp
  clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
  clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
  clang/lib/StaticAnalyzer/Core/LoopWidening.cpp
  clang/lib/StaticAnalyzer/Core/ProgramState.cpp
  clang/lib/StaticAnalyzer/Core/RegionStore.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D71224.232923.patch
Type: text/x-patch
Size: 31508 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20191209/c6a271f5/attachment-0001.bin>

More information about the cfe-commits mailing list