[PATCH] D73536: [analyzer][taint] Remove taint from symbolic expressions if used in comparisons
Gábor Horváth via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Feb 6 16:05:49 PST 2020
xazax.hun added a comment.
I think a crucial part of the design is what would we do for the following case:
if (x < y || x > z)
return;
// Here we might not have ranges for x when y and z were symbolic.
mySink(x); // requires x to be in [0, 255]
So would we warn for the code above? X is certainly in SOME bounds but we were not smart enough to figure out what. And these symbolic constraints are not recorded in the range based constraint manager.
If we want to avoid potential false positives on the code above we do need to somehow record symbolic constraints somewhere.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D73536/new/
https://reviews.llvm.org/D73536
More information about the cfe-commits
mailing list