- User Since
- Jul 19 2017, 4:18 AM (44 w, 2 d)
Mon, May 21
Tue, May 15
- According to NoQ's suggestion, use assumeZero() instead of isZeroConstant() to determine whether the value is 0.
- Add test memset26_upper_UCHAR_MAX() and memset27_symbol()
- Since void *memset( void *dest, int ch, size_t count ); will converts the value ch to unsigned char, we call evalCast() accordingly.
Thu, May 10
Sat, May 5
- Since there is no perfect way to handle the default binding of non-zero character, remove the default binding of non-zero character. Use bindDefaulrZero() instead of overwriteRegion() to bind the zero character.
- Reuse assume() instead of isZeroConstant() to determine whether it is zero character. The purpose of this is to be able to set the string length when dealing with non-zero symbol character.
Fri, May 4
Thank you, Artem! I did not consider this common situation. This patch does not really support this situation, in this patch the value of x will be 1, it's not correct!
Thu, May 3
- fix typos
- code refactoring, add auxiliary method memsetAux()
- according to a.sidorin's suggestions, remove the useless state splitting.
- make StoreManager::overwriteRegion() pure virtual
Wed, May 2
Sorry for the long delay, I have just finished my holiday.
Fri, Apr 27
Apr 25 2018
Since BugReport::addVisitor() has checks for the null Visitor, remove the checks before BugReport->addVisitor().
Apr 24 2018
Apr 22 2018
Thanks for your review, george! TaintBugVisitor is an utility to add extra information to illustrate where the taint information originated from. There are several checkers use taint information, e.g. ArrayBoundCheckerV2.cpp, in some cases it will report a warning, like warning: Out of bound memory access (index is tainted). If TaintBugVisitor moves to BugReporterVisitors.h, ArrayBoundCheckerV2 can add extra notes like Taint originated here to the report by adding TaintBugVisitor.
Apr 18 2018
Test files for initialization missing? : )
Apr 17 2018
Apr 16 2018
Apr 14 2018
Apr 13 2018
Apr 11 2018
- Move the CXXThisRegion's check to LoopWidening.cpp
- Use isa<CXXThisRegion>(R) instead of CXXThisRegion::classof(R).
Apr 10 2018
Apr 2 2018
Thank you for your reminding, I overlooked this point. However for non-concrete character, the symbol value, if we just invalidate the region, the constraint information of the non-concrete character will be lost. Do we need to consider this?
Mar 30 2018
Fix typo, unsinged -> unsigned
According to @NoQ's suggestion, remove the duplicated code.
Thanks for your review, NoQ!
Mar 27 2018
Mar 22 2018
Mar 21 2018
Thank you for taking the time to pay attention to this problem, @NoQ. The reason for the test regression is that CheckBufferAccess() does not guarantee that CheckNonNull() must be called for the second buffer, see https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/CStringChecker.cpp#L385.
Mar 19 2018
Add the comments as suggested by @szepet .
Just in case: we indeed do not guarantee that SymbolConjured corresponds to a statement; it is, however, not intended, but rather a bug.
Thank you for your explanation and the reasonable example, NoQ.
One small nit for future debugging people: Could you insert a comment line in the test case where you explain what is this all about? E.g what you just have written in the description: "invalidateRegions() will construct the SymbolConjured with null Stmt" or something like this.
Mar 18 2018
Mar 16 2018
Mar 6 2018
Remove the default configuration -analyzer-store=region in the test file.
Mar 4 2018
Mar 3 2018
@NoQ, Very sorry, I've forgotten about this patch, it has now been updated.
Update the taint-generic.c to test both stdin declaration variants.
Thank you for your review, @NoQ!
- If the operand of the ++ operator is of type _Bool, also set to true.
- Add test file _Bool-increment-decement.c.
Mar 2 2018
Feb 25 2018
Feb 8 2018
@NoQ Sorry to bother you again. It seems that this patch is useless to analyzer temporarily, if you think so, I will abandon it : ).
Feb 1 2018
You are right, that's why I don't know how to add test for this change.
Jan 20 2018
- Use C++11 range-based for loop to traverse ExplodedNodeSet.
- Define the macro offsetof in system-header-simulator.h.
Jan 19 2018
Jan 17 2018
Jan 16 2018
Dec 12 2017
Dec 8 2017
Thank you for your constant attention to this problem, Artem. I've updated the diff. As you said, this is a complex problem and look forward to your work on this issue.
Use 'return State' instead of 'return nullptr'.
Nov 28 2017
Update the llvm_unreachable's description of the BlockEntrance-branch from "Unexpected ProgramPoint" to "Unexpected CFG element at front of block".
Nov 25 2017
1.Use the getAs<> in the if condition.
2.Add an "Unexpected ProgramPoint" assertion to make this patch more complete.
Nov 21 2017
Update diff, use the SourceLocation of the first element of the entered block as the argument of PathDiagnosticLocation.
Nov 7 2017
Nov 1 2017
Oct 31 2017
Oct 27 2017
I do not have commit access and hope someone can commit it on my behalf. Thanks a lot!
Oct 26 2017
Split the long "expected" line into multiple lines.
Oct 25 2017
The message about invalidate variable values is temporarily not printed. This work can be done with separate patch.
Oct 24 2017
One of the possible improvements for future work here would be to actually bind the second argument value to the buffer instead of just invalidating it. Like, after memset(buf, 0, sizeof(buf)) the analyzer should know that all values in the buf array are 0. In the analyzer we have the notion of *default bindings* to handle that (see documentation in docs/analyzer/RegionStore.txt for more details).
Oct 22 2017
Oct 21 2017
- taint-tester.c has some tests about stdin, so I only modified the parts of stdin in Inputs/system-header-simulator.h.
- The C standard does not specify the implementation of FILE, so I continue to use typedef _FILE FILEto define the FILE type.
Aug 31 2017
(1) Modify the description of the bug report
(2) Update loop-widening-notes.c
(3) PathDiagnosticLocation::create() - Use the location of TerminatorCondition.
Aug 30 2017
Aug 28 2017
Add the test file and modify the description in the analyzer output.
Update the 'assert' condition and the code comment.
Sorry, remove irrelevant code updates.
Aug 27 2017
Because the way I submit the diff is not reasonable, the same diff corresponds to multiple purposes. This diff is primarily to address Bug34144.