balazske added a comment.
This checker can have two purposes, one is to verify that all paths have the
error check, other is to find at least one path without error check. The first
is the one that can be done with dataflow based analysis but looks like a
difficult problem. For example is it possible to handle this case (`X` does not
change)?
int Ret;
if (X)
Ret = fgetc(fd);
else
Ret = strtol(SomeString);
...
bool IsError;
if (X)
IsError = (Ret == EOF);
else
IsError = (Ret < -100 || Ret > 100);
The other "purpose" is to find one path with missing error check, the current
code should do something like that. The path sensitivity is used here to store
for a symbol from which function call it comes from, and probably to determine
value of other symbols in the program if they appear in a comparison.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D72705/new/
https://reviews.llvm.org/D72705
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
