diff options
| author | Anna Zaks <ganna@apple.com> | 2012-01-04 23:54:01 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-01-04 23:54:01 +0000 |
| commit | 8158ef0dec7e940c4e8dbe59ee688d1a044c7b95 (patch) | |
| tree | cd66cdd5b2201760c07cfc7a2e08ea8fe4d714f0 /clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | |
| parent | 5acd9603da41e54d3d1a3a8f46cc196a7383eee5 (diff) | |
| download | bcm5719-llvm-8158ef0dec7e940c4e8dbe59ee688d1a044c7b95.tar.gz bcm5719-llvm-8158ef0dec7e940c4e8dbe59ee688d1a044c7b95.zip | |
[analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.
Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.
Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:
* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars
* invalidated by functions defined in system headers:
B: errno
* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)
llvm-svn: 147569
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp index 4134b352bed..99752e5408d 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp @@ -294,15 +294,17 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, if (ObjTy->isRecordType()) { regionsToInvalidate.push_back(EleReg); // Invalidate the regions. + // TODO: Pass the call to new information as the last argument, to limit + // the globals which will get invalidated. state = state->invalidateRegions(regionsToInvalidate, - CNE, blockCount, 0, - /* invalidateGlobals = */ true); + CNE, blockCount, 0, 0); } else { // Invalidate the regions. + // TODO: Pass the call to new information as the last argument, to limit + // the globals which will get invalidated. state = state->invalidateRegions(regionsToInvalidate, - CNE, blockCount, 0, - /* invalidateGlobals = */ true); + CNE, blockCount, 0, 0); if (CNE->hasInitializer()) { SVal V = state->getSVal(*CNE->constructor_arg_begin()); |
