[PATCH] D97183: [analyzer] Add NoteTag for smart-ptr get()
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Mar 2 07:41:32 PST 2021
steakhal added a comment.
In D97183#2597099 <https://reviews.llvm.org/D97183#2597099>, @RedDocMD wrote:
> The InnerPointerVal memory region is not marked as interesting as of now, I have tried that out. The branch condition constraint is set by the ConstraintManager and it is queried via in the State in the method `smartptr::isNullSmartPtr` at `SmartPtrModelling.cpp:104`. I have to see if the `ConstraintManager` can mark the memory region as important.
Hm, I don't think you can make this work.
The deref bug is reported only if the smartptr::isNullSmartPtr(State, ThisRegion) <https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/SmartPtrChecker.cpp#L74-L75> is `true`. Which is only true if the InnerPointVal <https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp#L104-L108> is known to be `null`. So the information on how we get to know that the smart pointer is null is already lost.
>From this perspective, I don't think you have any other choice than to walk back from the bug to the root using a bugreport visitor - and check whether or not the inner pointer is used in a branch condition.
I might be wrong about this, since this was the first time I had a deeper look at the SmartPtrChecker.
The TaintBugVisitor <https://github.com/llvm/llvm-project/blob/62ec4ac90738a5f2d209ed28c822223e58aaaeb7/clang/lib/StaticAnalyzer/Checkers/Taint.cpp#L232> could give you a hint on how to implement this.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D97183/new/
https://reviews.llvm.org/D97183
More information about the cfe-commits
mailing list