[clang] [clang][Analyzer] Fix error path of builtin overflow (PR #136345)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Sun Apr 20 05:23:00 PDT 2025
================
@@ -194,30 +187,28 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
SVal RetVal = SVB.evalBinOp(State, Op, Arg1, Arg2, ResultType);
auto [Overflow, NotOverflow] = checkOverflow(C, RetValMax, ResultType);
- if (NotOverflow) {
- ProgramStateRef StateNoOverflow = State->BindExpr(
- CE, C.getLocationContext(), SVB.makeTruthVal(false, BoolTy));
+ auto initializeState = [&](bool isOverflow) {
+ ProgramStateRef NewState = State->BindExpr(
+ CE, C.getLocationContext(), SVB.makeTruthVal(isOverflow, BoolTy));
if (auto L = Call.getArgSVal(2).getAs<Loc>()) {
- StateNoOverflow =
- StateNoOverflow->bindLoc(*L, RetVal, C.getLocationContext());
+ NewState = NewState->bindLoc(*L, RetVal, C.getLocationContext());
- // Propagate taint if any of the argumets were tainted
+ // Propagate taint if any of the arguments were tainted
if (isTainted(State, Arg1) || isTainted(State, Arg2))
- StateNoOverflow = addTaint(StateNoOverflow, *L);
+ NewState = addTaint(NewState, *L);
}
- C.addTransition(
- StateNoOverflow,
- createBuiltinNoOverflowNoteTag(
- C, /*BothFeasible=*/NotOverflow && Overflow, Arg1, Arg2, RetVal));
- }
+ C.addTransition(NewState,
+ createBuiltinOverflowNoteTag(C, /*overflow=*/isOverflow,
+ Arg1, Arg2, RetVal));
+ };
- if (Overflow) {
- C.addTransition(State->BindExpr(CE, C.getLocationContext(),
- SVB.makeTruthVal(true, BoolTy)),
- createBuiltinOverflowNoteTag(C));
- }
+ if (NotOverflow)
+ initializeState(false);
----------------
steakhal wrote:
I don't likr that this call has a side-effect. I eish we would be explicit about mutations. Pass whats needed, get the return value that it would produce.
https://github.com/llvm/llvm-project/pull/136345
More information about the cfe-commits
mailing list