[cfe-dev] ConstraintManager reports different constraints if the checker is run as Plugin
Max Schrötter via cfe-dev
cfe-dev at lists.llvm.org
Fri Sep 3 13:33:19 PDT 2021
Hi,
I'm currently trying to write a static analyzer using llvm and started
with a simple example, that checks if the return value of malloc/calloc
was checked to be non-null before accessing it.
While testing I noticed, that the ConstraintManager shows inconsistent
behaviors. If the checker is compiled in-tree everything works as
expected. But if the checker is compiled as Plugin and run with
-analyzer-checker=core.NonNullParamChecker and -fgnuc-version=4.2.1
enabled, the ConstraintManager returns different constraints.
Example:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char ** argv, char ** envp){
int z=8;
int *p = malloc(sizeof(int));
memcpy(p,&z,sizeof(int));
free(p);
}
If compiled with llvm the ConstraintManager.isNull reports isUnderconstrained for the symbol p pre memcpy.
If compiled as Plugin it returns true for isConstrainedFalse and isConstrained, but p can be null here.
I have posted my code on Github if anyone wants to look at it: https://github.com/schrc3b6/simple-static-analyzer
Is this a bug in my Code or am I misunderstanding something?
Thanks
Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 919 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210903/e2f7c175/attachment.sig>
More information about the cfe-dev
mailing list