[cfe-dev] [analyzer] What do I need to pay attention to when I convert 'CastToStructChecker' from AST-based check to path-sensitive check?
Henry Wong via cfe-dev
cfe-dev at lists.llvm.org
Tue May 8 22:31:15 PDT 2018
Hi all,
I plan to reimplement 'CastToStructChecker' with path-sensitive manner in my own codebase. Current AST-based 'CastToStructChecker' is very clean and can handle the vast majority issues except the 'void*' or 'char*' related cases. NoQ and danielmarjamaki once mentioned these cases in https://reviews.llvm.org/D23508.
Improve alpha.core.CastToStruct warn about widening casts ...<https://reviews.llvm.org/D23508>
The alpha.core.CastToStruct warns when for instance casting a int pointer to a struct pointer. As accessing a field can lead to memory access errors.
reviews.llvm.org
Path-sensitive analysis can:
1. find 'non-struct *' -> 'void*', 'void*' -> 'struct*' bug.
2. suppress 'struct*' -> 'char*', 'char*' -> 'struct*' warnings.
The intuitive idea in my mind is to use 'checkLocation()' API, and strip off the cast to check the actual region type. Is it resonable to reimplement 'CastToStructChecker' in path-sensitive manner? What needs to be noticed in the implementation?
Thanks in advance!
Henry Wong
Qihoo 360 Codesafe Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20180509/e856b6b6/attachment.html>
More information about the cfe-dev
mailing list