[clang] [clang][analyzer] Split NullDereferenceChecker into a modeling and checker part (PR #122139)
Balázs Kéri via cfe-commits
cfe-commits at lists.llvm.org
Thu Jan 9 00:00:09 PST 2025
================
@@ -155,22 +155,27 @@ static bool isDeclRefExprToReference(const Expr *E) {
void DereferenceChecker::reportBug(DerefKind K, ProgramStateRef State,
const Stmt *S, CheckerContext &C) const {
+ if (!CheckNullDereference) {
+ C.addSink();
----------------
balazske wrote:
It will have no tag. Even if a `Tag` is passed to `addSink` it is ignored by the implementation: https://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#ab85fa7cc6b81e482f2565ff4cdb0a728
This code looks incorrect, the tag argument is not used and `addTransition` is not needed (`generateSink` does it already).
https://github.com/llvm/llvm-project/pull/122139
More information about the cfe-commits
mailing list