[clang] [analyzer] Add optin.taint.TaintedDiv checker (PR #106389)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Mon Sep 30 04:57:51 PDT 2024
https://github.com/NagyDonat commented:
Looks good overall, I added several suggestions but they mostly tweak the documentation and the comments.
Moreover, I don't see any tests where the separation between `optin.taint.TaintedDiv` and `core.DivideZero` is tested by enabling one of them and disabling the other. You should probably add a new short test file for this where:
- taint modeling is active;
- there are two RUN lines (with different `-verify=...` tags): one that enables `optin.taint.TaintedDiv` and one that enables `core.DivideZero`;
- there are testcases that perform division by:
- a value that comes from a tainted source and is known to be zero at the point of division (I know that e.g. in an `if (x == 0)` block `getSVal()` will return a `ConcreteInt` as the value of `x` instead of the (potentially tainted) symbol that was used to represent it earlier -- but it would be still nice to see this situation.)
- a value that comes from a tainted source and may be either zero or nonzero;
- a value that comes from a tainted source and is known to be nonzero.
https://github.com/llvm/llvm-project/pull/106389
More information about the cfe-commits
mailing list