[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

Pavel Skripkin via cfe-commits Wed, 28 Aug 2024 01:42:48 -0700

================
@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, 
const CallEvent &Call,
   return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family);
 }
 
+ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C,
+                                                const CallEvent &Call,
+                                                ProgramStateRef State,
+                                                bool isAlloca) const {
+  const Expr *CE = Call.getOriginExpr();
+
+  // We expect the allocation functions to return a pointer.
+  if (!Loc::isLocType(CE->getType()))
+    return nullptr;
+
+  unsigned Count = C.blockCount();
+  SValBuilder &SVB = C.getSValBuilder();
+  const LocationContext *LCtx = C.getPredecessor()->getLocationContext();
+  DefinedSVal RetVal = (isAlloca ? SVB.getAllocaRegionVal(CE, LCtx, Count)
+                                 : SVB.getConjuredHeapSymbolVal(CE, LCtx, 
Count)
+                                       .castAs<DefinedSVal>());
----------------
pskrgag wrote:


`getConjuredHeapSymbolVal` always returns `DefinedSVal` as far as I can see, 
but there is a problem with `SValBuilder::makeZeroVal` which may return 
`UnknownVal` in case of fp numbers.

So, I guess, it could be fixed on type level if we add API like 
`makeZeroValNoFP`

https://github.com/llvm/llvm-project/pull/106081
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

Reply via email to