[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
Balázs Benics via cfe-commits
cfe-commits at lists.llvm.org
Wed Jan 24 07:16:52 PST 2024
================
@@ -926,6 +932,49 @@ void StreamChecker::evalFputx(const FnDescription *Desc, const CallEvent &Call,
C.addTransition(StateFailed);
}
+void StreamChecker::evalFprintf(const FnDescription *Desc,
+ const CallEvent &Call,
+ CheckerContext &C) const {
+ ProgramStateRef State = C.getState();
+ if (Call.getNumArgs() < 2)
+ return;
+ SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
+ if (!StreamSym)
+ return;
+
+ const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
+ if (!CE)
+ return;
+
+ const StreamState *OldSS = State->get<StreamMap>(StreamSym);
+ if (!OldSS)
+ return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs<NonLoc>();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder &SVB = C.getSValBuilder();
+ auto &ACtx = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+ SVB.getConditionType())
+ .getAs<DefinedOrUnknownSVal>();
+ if (!Cond)
+ return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
----------------
balazs-benics-sonarsource wrote:
In addition to this, we should also invalidate any buffers passed to such calls. This also sounds like a regression compared to default eval calling "fpintf". (Look at the format string specifier `%n`)
https://github.com/llvm/llvm-project/pull/77613
More information about the cfe-commits
mailing list