This reverts commit r352473.
The overall idea is great, but it seems to cause unintented consequences
when not only Region Store invalidation but also pointer escape mechanism
was accidentally affected.
Based on discussions in https://reviews.llvm.org/D58121#
1452483
and https://reviews.llvm.org/D57230#
1434161
Differential Revision: https://reviews.llvm.org/D57230
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@357620
91177308-0d34-0410-b5e6-
96231b3b80d8
for (unsigned Idx = 0, Count = getNumArgs(); Idx != Count; ++Idx) {
// Mark this region for invalidation. We batch invalidate regions
// below for efficiency.
- if (const MemRegion *MR = getArgSVal(Idx).getAsRegion()) {
- bool UseBaseRegion = true;
- if (const auto *FR = MR->getAs<FieldRegion>()) {
- if (const auto *TVR = FR->getSuperRegion()->getAs<TypedValueRegion>()) {
- if (!TVR->getValueType()->isUnionType()) {
- ETraits.setTrait(MR, RegionAndSymbolInvalidationTraits::
- TK_DoNotInvalidateSuperRegion);
- UseBaseRegion = false;
- }
- }
- }
- // todo: factor this out + handle the lower level const pointers.
- if (PreserveArgs.count(Idx))
- ETraits.setTrait(
- UseBaseRegion ? MR->getBaseRegion() : MR,
- RegionAndSymbolInvalidationTraits::TK_PreserveContents);
- }
+ if (PreserveArgs.count(Idx))
+ if (const MemRegion *MR = getArgSVal(Idx).getAsRegion())
+ ETraits.setTrait(MR->getBaseRegion(),
+ RegionAndSymbolInvalidationTraits::TK_PreserveContents);
+ // TODO: Factor this out + handle the lower level const pointers.
ValuesToInvalidate.push_back(getArgSVal(Idx));
PlainStruct s1;
s1.x = 1;
s1.z = 1;
- s1.y = 1;
clang_analyzer_eval(s1.x == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(s1.z == 1); // expected-warning{{TRUE}}
// Not only passing a structure pointer through const pointer parameter,
// but also passing a field pointer through const pointer parameter
// should preserve the contents of the structure.
useAnythingConst(&(s1.y));
- clang_analyzer_eval(s1.y == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(s1.x == 1); // expected-warning{{TRUE}}
// FIXME: Should say "UNKNOWN", because it is not uncommon to
// modify a mutable member variable through const pointer.
clang_analyzer_eval(s1.z == 1); // expected-warning{{TRUE}}
useAnything(&(s1.y));
- clang_analyzer_eval(s1.x == 1); // expected-warning{{TRUE}}
- clang_analyzer_eval(s1.y == 1); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(s1.x == 1); // expected-warning{{UNKNOWN}}
}
void wontInitialize(const T &);
class PassingToUnknownFunctionTest1 {
- int a, b; // expected-note{{uninitialized field 'this->b'}}
+ int a, b;
public:
PassingToUnknownFunctionTest1() {
}
PassingToUnknownFunctionTest1(int) {
- mayInitialize(a); // expected-warning{{1 uninitialized field at the end of the constructor call}}
+ mayInitialize(a);
+ // All good!
}
PassingToUnknownFunctionTest1(int, int) {
void testConstEscapeThroughAnotherField() {
struct IntAndPtr s;
s.p = malloc(sizeof(int));
- constEscape(&(s.x));
-} // expected-warning {{Potential leak of memory pointed to by 's.p'}}
+ constEscape(&(s.x)); // could free s->p!
+} // no-warning
// PR15623
int testNoCheckerDataPropogationFromLogicalOpOperandToOpResult(void) {
livenessBugRealloc(b->a);
}
+struct ListInfo {
+ struct ListInfo *next;
+};
+
+struct ConcreteListItem {
+ struct ListInfo li;
+ int i;
+};
+
+void list_add(struct ListInfo *list, struct ListInfo *item);
+
+void testCStyleListItems(struct ListInfo *list) {
+ struct ConcreteListItem *x = malloc(sizeof(struct ConcreteListItem));
+ list_add(list, &x->li); // will free 'x'.
+}
+
// ----------------------------------------------------------------------------
// False negatives.
int sock = socket(AF_INET, SOCK_STREAM, 0);
read(sock, &tainted.y, sizeof(tainted.y));
- tainted.x = 0;
// FIXME: overlapping regions aren't detected by isTainted yet
__builtin_memcpy(buffer, tainted.y, tainted.x);
}
scanf("%d", &xy.y);
scanf("%d", &xy.x);
int tx = xy.x; // expected-warning + {{tainted}}
- int ty = xy.y; // expected-warning + {{tainted}}
+ int ty = xy.y; // FIXME: This should be tainted as well.
char ntz = xy.z;// no warning
// Now, scanf scans both.
scanf("%d %d", &xy.y, &xy.x);
projects / clang / commitdiff