- User Since
- Sep 17 2012, 3:16 AM (447 w, 2 d)
Feb 27 2021
Feb 26 2021
Feb 23 2021
It would be nice, if you could also open a PR for the github version: https://github.com/rizsotto/scan-build
Jan 14 2021
Jan 13 2021
Jan 12 2021
Dec 16 2020
Dec 15 2020
Yay! Deleting code is always nice.
Overall looks good to me, I have some minor nits and questions inline.
Dec 2 2020
Nov 26 2020
Thanks for working on this check! Please add the [analyzer] tag to the title of these patches.
Nov 21 2020
Nov 19 2020
Overall looks good, but please resolve the two nits before commiting.
I think I might have an idea of what is going on. The handles are released in a PostCall. This is intended, as the handles are in the released state AFTER the call. When you call an unknown function with a pointer, that function is free to modify the contents of the pointer. Since the analyzer has no knowledge about the body of the function, it will do a conservative evaluation, escape the symbols in the struct, and create new symbols. This is why new symbols might be introduced. I think you could subscribe to escapes and check if you access the old symbols there. If that is the case and the escape is the result of calling an annotated function, maybe you can correctly mark those symbols as deleted.
Nov 18 2020
Nov 16 2020
Nov 13 2020
I have a question about pointer members and I'd like to see some tests added. Otherwise, I like the direction.
Nov 2 2020
Oct 29 2020
I know that the current situation is a mess, but there is an alternative version of scan-build-py on Github, which is also distributed on pypi. Could you check if that version is also susceptible to this problem and open a pull request for the author in case it is?
Sep 11 2020
LGTM! Looks a lot cleaner this way.
So now all of the dependencies are landed and this should be ready for its prime time, right?
Aug 31 2020
Aug 24 2020
LGTM with a nit.
Is this related to https://bugs.llvm.org/show_bug.cgi?id=44493?
Aug 22 2020
Please add a test case, where the unique_ptr is initialized from a pointer parameter that has no assumptions. I think that case is not handled correctly.
This is what I had in mind, thanks!
Aug 21 2020
Aug 20 2020
MemRegion is a popular class to instantiate in the analyzer so it looks good to me.
But unless you add a comment one will probably replace the offset with an optional as the part of a refactoring.
Aug 19 2020
Exactly, but you could return a StringRef to static storage.
I wonder whether having a virtual method for symbols to get the prefix would be cleaner (something like getKindCStr), but I do not insist.
Aug 17 2020
Thanks! Sorry for not noticing this earlier. The fix looks good to me and indeed the original intention was to report dead functions with ORE.
Aug 11 2020
Aug 10 2020
Aug 9 2020
Looks reasonable to me, but I am not very familiar with the impacts of the additional casts. Do we lose some modeling power when we are using the regular constraint solver?
Aug 7 2020
I think all the problems that left should be solved in a separate patch or even out of the scope for the GSoC.
Aug 4 2020
Jul 28 2020
I think adding code snippets that are affected by this patch would make it much easier to evaluate the changes and whether this is a good idea or not.
Jul 23 2020
Jul 21 2020
Jul 20 2020
Jul 15 2020
Jul 14 2020
Jul 7 2020
Jun 30 2020
Yay! This looks good to me and I love statistics, so a huge +1.
I have one question though. Isn't this counting all the reports in an equivalence class? I.e. if the analyzer finds something multiple times it will only be displayed once but here it will be counted multiple times. I think it might be worth to have two statistics, one for all bug reports and one for equivalence classes. What do you think?
Jun 29 2020
The patch looks good to me and I find it a welcome change that should make things easier to understand and maybe even a bit more efficient, I hope this won't break ObjC :) My discussion with Artem is orthogonal to this change.
Jun 26 2020
Jun 25 2020
I always wondered if we actually need to track the liveness of exprs at all. We could just kill all subexpr at the end of the full expression without precomputing anything. But I might miss something.
The analyzer inlines small functions within a TU regardless of the thresholds. I think it would be sensible to do the same across TUs in the case we don't do this already.
Jun 24 2020
I only checked the test cases and the comments so far and it looks very useful and promising. I really hope that the performance will be ok :) I'll look at the actual code changes later.
Jun 14 2020
Jun 12 2020
I would not call the results of the measurement within the margin of error but the results do not look bad. Unless there is some objection from someone else I am ok with committing this but please change the title of revision before committing. When one says optimization we often think about performance. It should say something like reasoning about more comparison operations.
Jun 10 2020
Jun 6 2020
Please add the [analyzer] tag in front of your patches as some folks have automated scripts based on that tag to add themselves as subscriber/reviewer.
Jun 2 2020
May 29 2020
A high level comment.
May 26 2020
May 19 2020
Thanks for finding this bug! Adding some reviewers.
May 13 2020
May 8 2020
I still have some nits inline, but overall the implementation looks good to me.
I think, however, that we should not only focus on the implementation but on the high-level questions.
Is this the way forward we want? Can we do it more efficiently? What is the performance penalty of this solution?
Overall looks good to me some questions and nits inline.
May 7 2020
May 6 2020
I do agree that the warning message is not the best but it is not horrible either :)