[PATCH] D155445: [analyzer][docs] Add CSA release notes
Ella Ma via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Jul 17 10:43:10 PDT 2023
OikawaKirie added a comment.
The key idea of my commit 1bd2d335b649 <https://reviews.llvm.org/rG1bd2d335b649f2e09d7e4bdd0b92c78489ded022>:
- For string APIs that will not provide the copy length (`strcpy`), we will use the buffer decl and literal length to infer whether it overflows. If the copy operation does not overflow, we will now only invalidate the buffer string being copied to.
- For string APIs that never overflow (`strsep`), we will always invalidate the target buffer only.
- For those that we cannot correctly handle now (`std::copy`), we will also invalidate the base region and make all pointers in the base region escape.
Hence,
For `strcpy`s, we infer through buffer size and string literals.
For `strsep`, we believe it never overflows through its functionality specification. It is also an inference.
Whereas for `memcpy` where the copy length is given in arguments, the non-inferring circumstances, it was implemented previously in patch D12571 <https://reviews.llvm.org/D12571>, not a part of my changes.
================
Comment at: clang/docs/ReleaseNotes.rst:920-922
+- The ``CStringChecker`` will invalidate less if the copy operation is bounded.
+ (`1bd2d335b649 <https://github.com/llvm/llvm-project/commit/1bd2d335b649>`_)
+ (`#55019 <https://github.com/llvm/llvm-project/issues/55019>`_)
----------------
One tiny change to the abstraction.
The ``CStringChecker`` will invalidate less if the copy operation is **inferable to be** bounded.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D155445/new/
https://reviews.llvm.org/D155445
More information about the cfe-commits
mailing list