User Details
- User Since
- Jun 8 2015, 1:45 AM (416 w, 3 d)
Apr 26 2023
Committed in 343bdb10940cb2387c0b9bd3caccee7bb56c937b.
Apr 24 2023
@steakhal thanks for the review. I fixed all outstanding remarks.
I left the test taint-diagnostic-visitor.c formatting as is to remain consistent with the rest of the file. I think we should keep it as is, or reformat the whole file.
-using llvm::ArrayRef<SymbolRef> in the reportTaintBug(..) function in the DivZero Checker
-append_range(..) used instead of std::vector.insert(...) to improve readability
-minor updates based on @steakhal comments
Apr 22 2023
@steakhal your comments are fixed. Thanks for the review.
-getTaintedSymbols(.) -> getTaintedSymbolsImpl() proxy function introduced for interface safety
-Other minor fixes based on comments from @steakhal
Apr 21 2023
@steakhal is there anything else to do before we merge this? Thanks.
Apr 19 2023
@steakhal thanks for your review. All your remarks have been fixed.
- Implemented early return in getTaintedSymbols() when it is called by isTainted() for efficiency
- Fixed test incompatibility on Windows
Apr 15 2023
You can find the improved reports on tmux, postgres, twin, openssl here:
Apr 14 2023
All remarks from @steakhal has been fixed. Thanks for the review.
This new version now can handle the tracking back of multiple symbols!
-All remarks from @steakhal was fixed. Thanks for the review!
-Now we can generate diagnostics for all tainted values when they reach a sink.
Apr 5 2023
All comments addressed. Thanks for the review @steakhal .
@steakhal thanks for your review. I tried to address all your concerns.
I added an extra test case too (multipleTaintSources(..)) which highlights the limitation of the current patch: If multiple tainted "variables" reach a sink, we only generate diagnostics for one of them. The main reason is that the isTainted() function returns a single tainted Symbolref instead of a vector of Symbolrefs if there are multiple instances.
I highlighted this in the test and the implementation.
Mar 31 2023
This is a totally rewritten version of the patch which solely relies on the existing "interestingness" utility to track back the taint propagation. (And does not introduce a new FlowID in the ProgramState as requested in the reviews.)
Mar 3 2023
Feb 27 2023
Feb 24 2023
TaintBugReport is brilliant and we already have a precedent for subclassing BugReport in another checker. However I'm somewhat worried that once we start doing more of this, we'll eventually end up with multiple inheritance situations when the report needs multiple kinds of information. So at a glance my approach with a "generic data map" in bugreport objects looks a bit more future-proof to me. Also a bit easier to set up, no need to deal with custom RTTI.
Feb 23 2023
thanks for your reviews.
Feb 20 2023
Added documentation to the newly introduced types: TaintData, TaintBugReport.
Feb 17 2023
Nov 28 2022
Thanks for this new check. Could you please link here results of this checker on som relevant open source projects?
Sep 16 2022
Jan 19 2022
Nov 18 2021
I think we should document all clang analyzer options on this page (which is listed by clang -cc1 -analyzer-config-help"), where the section header should be the analyzer option name (e.g. consider-single-element-arrays-as-flexible-array-members).
I agree with @whisperity, that options, which affect the analysis should be described with code examples highlighting the changes the option causes in the analysis behaviour. (such as in case of consider-single-element-arrays-as-flexible-array-members, or widen-loops, unroll-loops etc.)
Nov 23 2020
Jul 14 2020
Since the analyzer cannot cannot model the size of the containers just yet (or precisely enough), what we are saying with this checker is to "always check the return value of the erase() function before use (for increment/decrement etc.) whether it is not past-end" .
Nov 4 2019
If this is good to go, could you please commit this? Thanks!
Thanks for your comments @NoQ
I fixed them. Also added your implementation hints to the open projects page.
Oct 25 2019
Oct 22 2019
@aaron.ballman could you please check now? Thanks!
The patch is rebased to the latest master.
Oct 11 2019
Thanks for the reviews!
Could you pls commit this for me?
Oct 10 2019
@aaron.ballman could you please commit?
I don't have commit access. Thx.
Oct 9 2019
Fixing minor capitalization issue and removing an extra newline.
I also analyzed openssl with the baseline and this version, but did not find any new warnings.
See:
http://codechecker-demo.eastus.cloudapp.azure.com/Default/#run=D66049_baseline&newcheck=D66049_improved&review-status=Unreviewed&review-status=Confirmed&detection-status=New&detection-status=Reopened&detection-status=Unresolved&tab=D66049_baseline_diff_D66049_improved
@Szelethus thanks for your review.
I fixed your suggestions.
Oct 7 2019
Thanks @aaron.ballman and @alexfh for your review.
I fixed your findings.
Aug 13 2019
Thanks for the comments @NoQ , all of them addressed.
Fix comments from @NoQ
Aug 10 2019
@aaron.ballman 's comments are fixed.
Jul 18 2019
Jul 17 2019
Thanks Gabor for writing this.
I suggested some minor changes to the txt. Otherwise LGTM.
Jul 10 2019
I guess this is a placeholder for the subpages of "User Manual" @ https://clang-analyzer.llvm.org, which will be ported in follow-up patches.
May 14 2019
May 13 2019
May 3 2019
Thanks for your reviews!
I have fixed all your comments and rebased the patch to the latest master.
Apr 8 2019
Mar 26 2019
@dcoughlin I don't necessarily agree with you.
Let me explain why we think this feature is important.
Jan 4 2019
Thanks @NoQ .
So I created a very simple main page with the table of contents only http://cc.elte.hu/clang-docs/docs/html/ClangStaticAnalyzer.html
Dec 21 2018
Thanks for your comments. I fixed them all. I also added the handling of redundant sizeof() and alignof() operators on the way. Please check if OK now...
All comments fixed.
Dec 10 2018
@dcoughlin @NoQ ping...
Dec 5 2018
Dec 4 2018
Comments addressed. Please commit if looks good, I don't have commit rights.
Thanks.
Dec 3 2018
new undef/defined testcase added
Dec 1 2018
-clang-format applied
-clang:: namespace qualifiers removed
Nov 30 2018
Nov 23 2018
@dcoughlin could you please look into this?
Nov 13 2018
-scanbuild and xcode pictures are included now
-intro text ("What is Static Analysis?" etc.) are put under the Introduction section
-Download section is created, but I am not sure how well was the this Mac OSX binary release section was maintained. Should users really download from this site or through a package manager instead?
Nov 12 2018
making the diff full context.
Oct 17 2018
Jul 18 2018
Which means that for some calls we aren't even trying to make a CTU lookup.
Thanks @NoQ, we will take a look at it!
Jul 13 2018
@NoQ do we need any more update to this patch? Thanks.
Jul 3 2018
The patch has been updated.
Changes:
Jul 2 2018
Apr 16 2018
Would be interesting to extend this checker (maybe in an upcoming patch) to report on uninitialized members not only in constructors, but also copy constructors and move constructors.