[PATCH] D71224: [analyzer] Escape symbols stored into specific region after a conservative evalcall.
Gábor Horváth via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Dec 9 17:38:05 PST 2019
xazax.hun marked an inline comment as done.
xazax.hun added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:648
+ continue;
+ State->scanReachableSymbols(Call.getArgSVal(Arg), Scanner);
+ }
----------------
NoQ wrote:
> I guess technically, for our own sanity, it's worth it to-rescan the symbols for every node in `dstPostCall`. But i'll be very surprised if they are //actually// going to yield different results for every predecessor node.
I think it is possible. We use the state to get the pointee of some pointers, so in case the PostCall splits the state on the value of the outputs it would be reasonable to get different results.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71224/new/
https://reviews.llvm.org/D71224
More information about the cfe-commits
mailing list