[PATCH] D154603: [analyzer][clangsa] Add new option to alpha.security.cert.InvalidPtrChecker

[Endre Fülöp via Phabricator via cfe-commits]

gamesh411 added a comment.

In D154603#4609809 <https://reviews.llvm.org/D154603#4609809>, @gamesh411 wrote:

> In D154603#4580609 <https://reviews.llvm.org/D154603#4580609>, @steakhal wrote:
>
>> I'm sorry starting the review of this one only now, but I'm quite booked.
>> Is it still relevant? If so, I'll continue.
>
> Yes, thanks for the effort!

I would like to go through with this option, and then I would like to fix the following issues with this checker as well:

- the previous function call notes could be more streamlined
- the notes of this checker are also shown when another checker hits those nodes with its report
  - for example taint checker giving a warning to `getenv` usage would also trigger the display of the 'previous function call was here' note here), this I would like to filter with bug category filters
  - code examples for this filtering are below
- try to consolidate the multiple warnings coming from this checker's `checkLocation` callback

category based filtering ( example from lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:167 ):

  If (!BR.isInteresting(CallLocation) ||
    BR.getBugType().getCategory() != categories::TaintedData) { //but this would be InvalidPtr BugType's category, namely memory_error
    return "";
  }

or checker based filtering ( example from lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:397 )

  if (&BR.getBugType() != smartptr::getNullDereferenceBugType() || // this is a comparison of the address of a static bugtype
      !BR.isInteresting(ThisRegion))

This second one gives a more precise filtering, but the implementation-specific detail of storing the bugtype by reference is what seems to make this work, which I find hacky.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D154603/new/

https://reviews.llvm.org/D154603