[clang] [clang] [Static analyzer]: add initial support for builtin overflow (PR #102602)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 9 12:53:52 PDT 2024
https://github.com/steakhal requested changes to this pull request.
Looks pretty good!
However, for this to land, we need to try harder to prevent state-splits.
We must prove in more cases (at least in simple symbolic cases) that no overflow can happen.
But in principle, I like that we do a split - as the user expects this to overflow sometimes - given the use of the builtin.
Speaking of that, do we even propagate taint across such builtin calls? I think it would make sense to taint the result if any of the inputs are tainted. I'd expect such builtins used around user inputs, and critical code - so probably it worth propagating taint.
https://github.com/llvm/llvm-project/pull/102602
More information about the cfe-commits
mailing list