[PATCH] D71224: [analyzer][WIP] Escape symbols stored into specific region after a conservative evalcall.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Dec 9 13:49:52 PST 2019
NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:696
// And make the result node.
Bldr.generateNode(Call.getProgramPoint(), State, Pred);
}
----------------
xazax.hun wrote:
> After some offline conversation it is very likely that we want to move the `runCheckersForPointerEscape` here.
>
> The main question is, how should we get all the data?
>
> We should know about:
> * What regions are output params.
> * What regions are considered escaped.
> * What regions have traits that prevents escaping.
>
> Is there anything else?
> What regions are output params.
That should be obvious from the AST. Like, parameters of non-const pointer/reference types.
> What regions are considered escaped.
Output parameter regions (as `TopLevelInvalidated`) and whatever's reachable from them.
> What regions have traits that prevents escaping.
Currently the only trait that affects escaping (as opposed to invalidation) is `TK_SuppressEscape` and it is never applied to out-parameters.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71224/new/
https://reviews.llvm.org/D71224
More information about the cfe-commits
mailing list