[PATCH] D72035: [analyzer][NFC] Use CallEvent checker callback in GenericTaintChecker
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Dec 31 07:05:43 PST 2019
NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:385
+unsigned getNumArgs(const CallEvent &Call) {
+ return Call.getNumArgs() + static_cast<unsigned>(isa<CXXInstanceCall>(Call));
}
----------------
steakhal wrote:
> I'm not sure why should we adjust (//workaround//) the number of arguments of `CXXInstanceCall`s calls, can someone explain it to me?
>
> The same question raised for `getArg` too.
Remove this :)
I think this is about this inconsistency with operator calls where one of {decl, expr} treats `this` as an argument, but the other doesn't. `CallEvent` automatically accounts for that (see `getAdjustedParameterIndex()` and `getASTArgumentIndex()` as they're overridden in various sub-classes of `CallEvent`).
================
Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:459
// TODO: Add support for vfscanf & family.
- .Case("fdopen", TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("fopen", TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("freopen", TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("getch", TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("getchar", TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("getchar_unlocked",
- TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("getenv", TaintPropagationRule({}, {ReturnValueIndex}))
- .Case("gets", TaintPropagationRule({}, {0, ReturnValueIndex}))
- .Case("scanf", TaintPropagationRule({}, {}, VariadicType::Dst, 1))
- .Case("socket",
- TaintPropagationRule({}, {ReturnValueIndex}, VariadicType::None,
- InvalidArgIndex,
- &TaintPropagationRule::postSocket))
- .Case("wgetch", TaintPropagationRule({}, {ReturnValueIndex}))
+ .Case("fdopen", {{}, {ReturnValueIndex}})
+ .Case("fopen", {{}, {ReturnValueIndex}})
----------------
Pls eventually transform this into `CallDescriptionMap` ^.^
================
Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:590
+ CheckerContext &C) {
+ const auto *OCE = dyn_cast<CXXOperatorCallExpr>(Call.getOriginExpr());
if (OCE) {
----------------
steakhal wrote:
> I'm not sure if this is the right way.
You might want to cast `Call` to `CXXMemberOperatorCall` but i'm not sure it saves you anything.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D72035/new/
https://reviews.llvm.org/D72035
More information about the cfe-commits
mailing list