[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Mar 22 06:13:07 PDT 2024
================
@@ -2515,6 +2517,53 @@ void CStringChecker::evalSprintfCommon(CheckerContext &C, const CallEvent &Call,
C.addTransition(State);
}
+void CStringChecker::evalGetentropy(CheckerContext &C, const CallEvent &Call) const {
+ DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+ SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+ ProgramStateRef State = C.getState();
+ SValBuilder &SVB = C.getSValBuilder();
+ SVal MaxLength = SVB.makeIntVal(256, C.getASTContext().IntTy);
+
+ SVal SizeVal = C.getSVal(Size.Expression);
+ QualType SizeTy = Size.Expression->getType();
+
+ ProgramStateRef StateZeroSize, StateNonZeroSize;
+ std::tie(StateZeroSize, StateNonZeroSize) =
+ assumeZero(C, State, SizeVal, SizeTy);
+
+ if (StateZeroSize) {
+ StateZeroSize = State->BindExpr(Call.getOriginExpr(), C.getLocationContext(),
----------------
NagyDonat wrote:
```suggestion
StateZeroSize = StateZeroSize->BindExpr(Call.getOriginExpr(), C.getLocationContext(),
```
For the sake of consistency always avoid using "stale" state values, because this leads to loss of information and inconsistencies.
The only situation where this is not important is the case when you perform a dual assumption (an assume call that returns two state references, e.g. the `assumeZero` above this) _and_ you checked that one of the two state references is NULL. In that case the other returned state reference will be practically equivalent to the state before the assumption (but even then there are some little arcane details that may differ).
https://github.com/llvm/llvm-project/pull/83675
More information about the cfe-commits
mailing list