[clang] [clang][analyzer] Fix argument invalidations in StreamChecker. (PR #79470)

Balázs Kéri via cfe-commits cfe-commits at lists.llvm.org
Fri Jan 26 07:52:10 PST 2024


================
@@ -544,6 +545,21 @@ const ExplodedNode *StreamChecker::getAcquisitionSite(const ExplodedNode *N,
   return nullptr;
 }
 
+static ProgramStateRef
+escapeArgs(ProgramStateRef State, CheckerContext &C, const CallEvent &Call,
+           const SmallVector<unsigned int> &EscapingArgs) {
+  const auto *CE = Call.getOriginExpr();
+
+  SmallVector<SVal> EscapingVals;
+  EscapingVals.reserve(EscapingArgs.size());
+  for (auto EscArgIdx : EscapingArgs)
+    EscapingVals.push_back(Call.getArgSVal(EscArgIdx));
+  State = State->invalidateRegions(EscapingVals, CE, C.blockCount(),
+                                   C.getLocationContext(),
+                                   /*CausesPointerEscape=*/false);
----------------
balazske wrote:

If this change is made, a error shows up in **stream-errno.c** line 190 (unexpected warning: FALSE).
```
  int Ret = fgetpos(F, &Pos);
  if (Ret)
    clang_analyzer_eval(errno != 0); // expected-warning{{TRUE}}
  else
    clang_analyzer_eval(errno == 0); // expected-warning{{TRUE}} we get FALSE too
```
Probably the `errno` is invalidated somehow, this is likely to be caused by the `Call` argument. Without these additional arguments to `invalidateRegions` the test passes.

https://github.com/llvm/llvm-project/pull/79470


More information about the cfe-commits mailing list