[PATCH] D71224: [analyzer] Escape symbols stored into specific region after a conservative evalcall.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Dec 9 18:59:05 PST 2019
NoQ added inline comments.
================
Comment at: clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:632
+ /// of some values.
+ ProgramStateRef escapeValue(ProgramStateRef State, ArrayRef<SVal> Vs,
PointerEscapeKind K) const;
----------------
Dunno, should we rename to `escapeValues()`?
================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:614-616
+ if (Arg >= FuncDecl->getNumParams())
+ break;
+ QualType ParamTy = FuncDecl->getParamDecl(Arg)->getType();
----------------
I encourage `Call.parameters()`. This way you won't need to obtain a `FuncDecl`. In fact you won't even need it to be a `FunctionDecl`.
================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:624
+ if (const MemRegion *MR = Call.getArgSVal(Arg).getAsRegion())
+ if (!MR->hasStackStorage())
+ Escaped.push_back(State->getSVal(MR, Pointee));
----------------
Ok, so this patch interacts with D71152 in a non-trivial manner. We should re-use the logic that decides whether an escape on bind occurs.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71224/new/
https://reviews.llvm.org/D71224
More information about the cfe-commits
mailing list