NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2110
+ if (const auto *SR = MR->getBaseRegion()->getAs<SymbolicRegion>()) {
+ State = State->BindExpr(CE, LCtx, SrcV);
+ C.addTransition(State);
----------------
Charusso wrote:
> NoQ wrote:
> > Mmm, that's not a correct return value for these functions. These functions
> > don't simply pass through their first argument.
> Yes, but we need some index here. It requires a `NonLoc`, so I just randomly
> picked the first index, but I like the idea of an unknown index. Would we
> like to introduce `UnknownVal` for indices?
Use the correct region but //conjure the index//.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2122
+
+ SVal ConjuredV = SVB.getConjuredHeapSymbolVal(CE, LCtx, C.blockCount());
+ SVal ResultV = loc::MemRegionVal(SVB.getRegionManager().getElementRegion(
----------------
Charusso wrote:
> NoQ wrote:
> > Why "heap"?
> Well, a string which length is at least 16 characters long is going to be
> allocated on the heap. I have to conjure the string here to create its
> element.
o.o
```lang=c++
void foo() {
// This string is 20 characters long
// but it's clearly on the stack.
char str[] = "12345678901234567890";
// This one is therefore also on the stack.
char *ptr = strchr(str, '0');
}
```
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71155/new/
https://reviews.llvm.org/D71155
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
