[clang] [analyzer] TaintPropagation checker strlen() should not propagate (PR #66086)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Wed Sep 13 13:39:45 PDT 2023
steakhal wrote:
I can understand the frustration of the FPs. However, propagating taint there is the right thing to do.
To me, the fault is on the diagnostic on the malloc. Those are the cause of the FPs, thus that needs to be removed instead of the propagation.
I have this opinion even if the empirical results suggest that this would improve the perceived accuracy of the analysis. But to me, we would just mask the root cause.
I haven't looked the the content of the patch (yet), neither the diff's. I'll try to have a deeper look tomorrow.
I just wanted to share my concerns, after seeing an approval.
https://github.com/llvm/llvm-project/pull/66086
More information about the cfe-commits
mailing list