- User Since
- Jul 19 2017, 4:18 AM (56 w, 22 m)
Mon, Aug 13
Tue, Aug 7
Thu, Jul 26
@xazax.hun Thanks for your tips! After some investigation, MatchFinder::match just traverse one ASTNode, that means match(namedDecl(HasNameMatcher())) and match(namedDecl(matchesName())) both not traverse children. So there are three ways to match the specified AST node.
Jul 4 2018
Thanks for your review, NoQ!
Jun 29 2018
Jun 25 2018
Sorry for the long long delay, I was on the Dragon Boat Festival a few days ago.
Jun 13 2018
- Use hasName matcher to match the qualified name.
Jun 12 2018
Jun 11 2018
Remove useless header files for testing.
The implementation is not complicated, the difficulty is that there is no good way to get the qualified name without template arguments. For std::basic_string::c_str(), its qualified name may be std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::c_str, it is almost impossible for users to provide such a name. So one possible implementation is to use std, basic_string and c_str to match in the std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::c_str sequentially.
Jun 9 2018
Jun 8 2018
LGTM, @NoQ May have further feedback. Thanks!
I didn't test the code, but the code seems correct. Thanks!
Jun 7 2018
This update consists of two parts
- Make rsplit(char) reuse rsplit(StringRef).
- Make split(char) reuse split(StringRef).
Jun 4 2018
Jun 3 2018
May 28 2018
May 27 2018
May 26 2018
May 21 2018
May 15 2018
- According to NoQ's suggestion, use assumeZero() instead of isZeroConstant() to determine whether the value is 0.
- Add test memset26_upper_UCHAR_MAX() and memset27_symbol()
- Since memset( void *dest, int ch, size_t count) will converts the value ch to unsigned char, we call evalCast() accordingly.
May 10 2018
May 5 2018
- Since there is no perfect way to handle the default binding of non-zero character, remove the default binding of non-zero character. Use bindDefaulrZero() instead of overwriteRegion() to bind the zero character.
- Reuse assume() instead of isZeroConstant() to determine whether it is zero character. The purpose of this is to be able to set the string length when dealing with non-zero symbol character.
May 4 2018
Thank you, Artem! I did not consider this common situation. This patch does not really support this situation, in this patch the value of x will be 1, it's not correct!
May 3 2018
- fix typos
- code refactoring, add auxiliary method memsetAux()
- according to a.sidorin's suggestions, remove the useless state splitting.
- make StoreManager::overwriteRegion() pure virtual
May 2 2018
Sorry for the long delay, I have just finished my holiday.
Apr 27 2018
Apr 25 2018
Since BugReport::addVisitor() has checks for the null Visitor, remove the checks before BugReport->addVisitor().
Apr 24 2018
Apr 22 2018
Thanks for your review, george! TaintBugVisitor is an utility to add extra information to illustrate where the taint information originated from. There are several checkers use taint information, e.g. ArrayBoundCheckerV2.cpp, in some cases it will report a warning, like warning: Out of bound memory access (index is tainted). If TaintBugVisitor moves to BugReporterVisitors.h, ArrayBoundCheckerV2 can add extra notes like Taint originated here to the report by adding TaintBugVisitor.
Apr 18 2018
Test files for initialization missing? : )
Apr 17 2018
Apr 16 2018
Apr 14 2018
Apr 13 2018
Apr 11 2018
- Move the CXXThisRegion's check to LoopWidening.cpp
- Use isa<CXXThisRegion>(R) instead of CXXThisRegion::classof(R).
Apr 10 2018
Apr 2 2018
Thank you for your reminding, I overlooked this point. However for non-concrete character, the symbol value, if we just invalidate the region, the constraint information of the non-concrete character will be lost. Do we need to consider this?
Mar 30 2018
Fix typo, unsinged -> unsigned
According to @NoQ's suggestion, remove the duplicated code.
Thanks for your review, NoQ!
Mar 27 2018
Mar 22 2018
Mar 21 2018
Thank you for taking the time to pay attention to this problem, @NoQ. The reason for the test regression is that CheckBufferAccess() does not guarantee that CheckNonNull() must be called for the second buffer, see https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/CStringChecker.cpp#L385.
Mar 19 2018
Add the comments as suggested by @szepet .
Just in case: we indeed do not guarantee that SymbolConjured corresponds to a statement; it is, however, not intended, but rather a bug.
Thank you for your explanation and the reasonable example, NoQ.
One small nit for future debugging people: Could you insert a comment line in the test case where you explain what is this all about? E.g what you just have written in the description: "invalidateRegions() will construct the SymbolConjured with null Stmt" or something like this.
Mar 18 2018
Mar 16 2018
Mar 6 2018
Remove the default configuration -analyzer-store=region in the test file.
Mar 4 2018
Mar 3 2018
@NoQ, Very sorry, I've forgotten about this patch, it has now been updated.
Update the taint-generic.c to test both stdin declaration variants.
Thank you for your review, @NoQ!
- If the operand of the ++ operator is of type _Bool, also set to true.
- Add test file _Bool-increment-decement.c.
Mar 2 2018
Feb 25 2018
Feb 8 2018
@NoQ Sorry to bother you again. It seems that this patch is useless to analyzer temporarily, if you think so, I will abandon it : ).
Feb 1 2018
You are right, that's why I don't know how to add test for this change.
Jan 20 2018
- Use C++11 range-based for loop to traverse ExplodedNodeSet.
- Define the macro offsetof in system-header-simulator.h.
Jan 19 2018
Jan 17 2018
Jan 16 2018
Dec 12 2017
Dec 8 2017
Thank you for your constant attention to this problem, Artem. I've updated the diff. As you said, this is a complex problem and look forward to your work on this issue.