[PATCH] D71155: [analyzer] CERT: STR30-C
Csaba Dabis via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Dec 13 19:04:46 PST 2019
Charusso marked 3 inline comments as done.
Charusso added a comment.
In order to bypass the `CK_LValueToRValue` `evalCast()` we have to create en `ElementRegion` as a return-value of the problematic function call. In that case for a mythical reason we miss the fact the pointer is nullable. I have not figured out yet why, but tried to create an appropriate return-value.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2122
+
+ SVal ConjuredV = SVB.getConjuredHeapSymbolVal(CE, LCtx, C.blockCount());
+ SVal ResultV = loc::MemRegionVal(SVB.getRegionManager().getElementRegion(
----------------
NoQ wrote:
> Charusso wrote:
> > NoQ wrote:
> > > Why "heap"?
> > Well, a string which length is at least 16 characters long is going to be allocated on the heap. I have to conjure the string here to create its element.
> o.o
> ```lang=c++
> void foo() {
> // This string is 20 characters long
> // but it's clearly on the stack.
> char str[] = "12345678901234567890";
> // This one is therefore also on the stack.
> char *ptr = strchr(str, '0');
> }
> ```
> Well, a string which length is at least 16 characters long is going to be allocated on the heap. I have to conjure the string here to create its element.
I really felt that the `std::string` should behave like the C-strings, but C-strings are on the stack whatever it takes, yes, my bad. Thanks for pointing that out!
================
Comment at: clang/test/Analysis/cert/str30-c-notes.cpp:29
+ if (slash) {
+ // expected-note at -1 {{'slash' is non-null}}
+ // expected-note at -2 {{Taking true branch}}
----------------
Needs to be an assumption.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71155/new/
https://reviews.llvm.org/D71155
More information about the cfe-commits
mailing list