[clang] [analyzer] Limit `isTainted()` by skipping complicated symbols (PR #105493)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 21 04:51:45 PDT 2024
================
@@ -256,6 +257,12 @@ std::vector<SymbolRef> taint::getTaintedSymbolsImpl(ProgramStateRef State,
if (!Sym)
return TaintedSymbols;
+ // HACK:https://discourse.llvm.org/t/rfc-make-istainted-and-complex-symbols-friends/79570
+ if (const auto &Opts = State->getAnalysisManager().getAnalyzerOptions();
+ Sym->computeComplexity() >= Opts.MaxTaintedSymbolComplexity) {
----------------
NagyDonat wrote:
```suggestion
Sym->computeComplexity() > Opts.MaxTaintedSymbolComplexity) {
```
I know that this is pedantic bikeshedding, but if the name and documentation claims that "this is the maximal possible complexity of a tainted symbol", then make it actually possible to have a tainted symbol with that complexity.
(Feel free to change the default value to 9 to compensate for this change. Alternatively you could keep the `>=` and rename the analyzer option to discard-taint-at-complexity or something similar.)
https://github.com/llvm/llvm-project/pull/105493
More information about the cfe-commits
mailing list