gerazo marked an inline comment as done. gerazo added inline comments.
================ Comment at: lib/StaticAnalyzer/Checkers/DirtyScalarChecker.cpp:184 + Ty = Ctx.IntTy; + if (!Ty->isIntegerType() || Ctx.getIntWidth(Ty) <= TooNarrowForBoundCheck) + return false; ---------------- a.sidorin wrote: > Does the second check means that we exclude boolean and char values? I cannot > find any reason to do it for chars. Yes, we exclude them. Using lookup tables especially in cryptography sometimes involve reading a value from disk and than using this value immediately with a table lookup. This way, you use a dirty value directly in array indexing. Reading a byte and using it on a prepared 256 element table is common. As the read value gets bigger it is less performant and hence less common to do it. I've found exactly 1 false positive in openssl without this exclusion. https://reviews.llvm.org/D27753 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
