[cfe-dev] static analyzer invalidating entire structs
Max Schrötter via cfe-dev
cfe-dev at lists.llvm.org
Sun Oct 3 00:16:52 PDT 2021
Hi,
I noticed that conservativeEvallCall invalidates all items in a
cluster(struct) in the example below instead of invalidating
only the item passed as argument.
I think the following Code should report a NonNullParamChecker warning.
However t.mem is invalidated in the conservativeEvallCall of the scanf
call.
Example:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
struct test{
int* mem;
int value;
};
int main(int argc, char** argv, char** envp)
{
struct test t;
t.value=8;
t.mem = NULL;
scanf("%d",&t.value);
memcpy(t.mem,&t.value,sizeof(int));
free(t.mem);
}
Is this a known limitation?
I'm trying to debug this, but haven't fully understood the RegionStore
yet. Is there more documentation besides the RegionStore.rst?
Thanks
Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 902 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211003/231d3914/attachment.sig>
More information about the cfe-dev
mailing list