[PATCH] D71155: [analyzer] CERT: StrChecker: 30.c
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Dec 9 19:54:01 PST 2019
NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2110
+ if (const auto *SR = MR->getBaseRegion()->getAs<SymbolicRegion>()) {
+ State = State->BindExpr(CE, LCtx, SrcV);
+ C.addTransition(State);
----------------
Charusso wrote:
> NoQ wrote:
> > Mmm, that's not a correct return value for these functions. These functions don't simply pass through their first argument.
> Yes, but we need some index here. It requires a `NonLoc`, so I just randomly picked the first index, but I like the idea of an unknown index. Would we like to introduce `UnknownVal` for indices?
Use the correct region but //conjure the index//.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2122
+
+ SVal ConjuredV = SVB.getConjuredHeapSymbolVal(CE, LCtx, C.blockCount());
+ SVal ResultV = loc::MemRegionVal(SVB.getRegionManager().getElementRegion(
----------------
Charusso wrote:
> NoQ wrote:
> > Why "heap"?
> Well, a string which length is at least 16 characters long is going to be allocated on the heap. I have to conjure the string here to create its element.
o.o
```lang=c++
void foo() {
// This string is 20 characters long
// but it's clearly on the stack.
char str[] = "12345678901234567890";
// This one is therefore also on the stack.
char *ptr = strchr(str, '0');
}
```
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71155/new/
https://reviews.llvm.org/D71155
More information about the cfe-commits
mailing list