[PATCH] D72705: [analyzer] Added new checker 'alpha.unix.ErrorReturn'.

[Kristóf Umann via Phabricator via cfe-commits]

Szelethus added a comment.

In D72705#2143405 <https://reviews.llvm.org/D72705#2143405>, @balazske wrote:

> We must check on every execution path that a specific condition on a value is satisfied (or: find one where the condition is not satisfied). This would be the most simple form of this checker. This can be done with the path sensitive check and `checkDeadSymbols`. If the symbol becomes dead with unsatisfied condition a warning is emitted. The "condition" is a syntactic-like check that looks for code like "`X != EOF`". This is probably done best by using `StmtVisitor` if a value is evaluated (at assignment or condition in `if` or other statements), different than the current form.


Pathsensitivity is about checking **one** specific path of execution with rather great precision, we really need dataflow to argue about **all** paths. Syntactic checking and pathsensitive analysis fundamentally lacks a lot of information that dataflow by design has. With that said, asking whether a symbol is dead is a part of liveness analysis which is a dataflow algorithm, but what that interface lacks is //why// a symbol is live/dead. I think what you need here is a set of reads reachable from the return value point. For this example, you are interested in which reads are reachable from b9, and you could analyze them one-by-one (which could be done syntactically at that point):

  c = fgetc(fd); // [b9]
  if (c == '+' || c == '*' || c == '|' || c == '>' || c == '@' || c == EOF || c == '\n') { [b1] }
  //    [b8]        [b7]        [b6]        [b5]        [b4]       [b3]         [b2] 
  // [b0 (EXIT)]


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D72705/new/

https://reviews.llvm.org/D72705