[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added a comment.

In D120489#3493313 , @martong wrote:

> Maybe it is not too late to update the clang/docs/ReleaseNotes.rst? A new 
> checker is certainly important for the users. Many thanks!

Yeah done! Thanks.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Gabor Marton via Phabricator via cfe-commits]

martong added a comment.

Maybe it is not too late to update the clang/docs/ReleaseNotes.rst? A new 
checker is certainly important for the users. Many thanks!


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added a comment.

I would recommend committing changes in the morning, to give some time for the 
bots to chew through your commit. This way you could react to breakages and 
revert if needed.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Douglas Yung via Phabricator via cfe-commits]

dyung added a comment.

Thanks for fixing the problem with the original commit, but in the future, if 
you make follow-up commits, can you change the commit message to reflect what 
the commit contains? Having three different commits with the exact same commit 
message can be very confusing.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shafik Yaghmour via Phabricator via cfe-commits]

shafik added a comment.

Looks like it also broke lldb green dragon incremental as well: 
https://green.lab.llvm.org/green/view/LLDB/job/lldb-cmake/41865/consoleFull#-27141295349ba4694-19c4-4d7e-bec5-911270d8a58c


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Yitzhak Mandelbaum via Phabricator via cfe-commits]

ymandel added a comment.

Can you rollback until a fix is found?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Douglas Yung via Phabricator via cfe-commits]

dyung added a comment.

And the PS4 build bots:

https://lab.llvm.org/buildbot/#/builders/139/builds/18001
https://lab.llvm.org/buildbot/#/builders/216/builds/801


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Ron Lieberman via Phabricator via cfe-commits]

ronlieb added a comment.

broke our hip buildbot as well.

https://lab.llvm.org/buildbot/#/builders/165/builds/17076


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Yitzhak Mandelbaum via Phabricator via cfe-commits]

ymandel added a comment.

Looks like this broke the build. I'm getting:

  FAILED: 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o
  /usr/bin/clang++-11 ... -std=c++14 -MD -MT 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o
 -MF 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o.d
 -o 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o
 -c 
/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  
/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:376:7:
 error: use of undeclared identifier 'emitUninitializedReadBug'
emitUninitializedReadBug(C, StInBound, Buffer.Expression);
^
  
/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:592:22:
 error: out-of-line definition of 'emitUninitializedReadBug' does not match any 
declaration in '(anonymous namespace)::CStringChecker'
  void CStringChecker::emitUninitializedReadBug(CheckerContext ,
   ^~~~
  2 errors generated.FAILED: 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o
  /usr/bin/clang++-11 -DGTEST_HAS_RTTI=0 -D_DEBUG -D_GNU_SOURCE 
-D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS 
-I/usr/local/google/home/yitzhakm/remote-build/llvm-git/build/tools/clang/lib/StaticAnalyzer/Checkers
 
-I/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers
 
-I/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/include
 
-I/usr/local/google/home/yitzhakm/remote-build/llvm-git/build/tools/clang/include
 -I/usr/local/google/home/yitzhakm/remote-build/llvm-git/build/include 
-I/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/llvm/include
 -gmlt -Wall -fPIC -fvisibility-inlines-hidden -Werror=date-time 
-Werror=unguarded-availability-new -Wall -Wextra -Wno-unused-parameter 
-Wwrite-strings -Wcast-qual -Wmissing-field-initializers -pedantic 
-Wno-long-long -Wc++98-compat-extra-semi -Wimplicit-fallthrough 
-Wcovered-switch-default -Wno-noexcept-type -Wnon-virtual-dtor 
-Wdelete-non-virtual-dtor -Wsuggest-override -Wstring-conversion 
-Wmisleading-indentation -fdiagnostics-color -ffunction-sections 
-fdata-sections -fno-common -Woverloaded-virtual -Wno-nested-anon-types -O3 
-DNDEBUG  -fno-exceptions -fno-rtti -UNDEBUG -std=c++14 -MD -MT 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o
 -MF 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o.d
 -o 
tools/clang/lib/StaticAnalyzer/Checkers/CMakeFiles/obj.clangStaticAnalyzerCheckers.dir/CStringChecker.cpp.o
 -c 
/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  
/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:376:7:
 error: use of undeclared identifier 'emitUninitializedReadBug'
emitUninitializedReadBug(C, StInBound, Buffer.Expression);
^
  
/usr/local/google/home/yitzhakm/remote-build/llvm-git/llvm-project/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:592:22:
 error: out-of-line definition of 'emitUninitializedReadBug' does not match any 
declaration in '(anonymous namespace)::CStringChecker'
  void CStringChecker::emitUninitializedReadBug(CheckerContext ,
   ^~~~
  2 errors generated.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added a comment.

https://github.com/llvm/llvm-project/commit/bd1917c88a32c0930864d04f4e71155dcc3fa592
 , Hey @steakhal , I land it but why it is not showing the

void emitUninitializedReadBug(CheckerContext , ProgramStateRef State,
   const Expr *E) const;
  ``` ?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rGbd1917c88a32: [analyzer] Done some changes to detect 
Uninitialized read by the char array… (authored by Shivam 
75530356+phybrack...@users.noreply.github.com, committed by 
phyBrackets).

Changed prior to commit:
  https://reviews.llvm.org/D120489?vs=412464=412750#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c
  clang/test/Analysis/bstring_UninitRead.c

Index: clang/test/Analysis/bstring_UninitRead.c
===
--- /dev/null
+++ clang/test/Analysis/bstring_UninitRead.c
@@ -0,0 +1,59 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,alpha.unix.cstring
+
+
+// This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
+// the separate file because the checker is break the some existing test cases in bstring.c file , so we don't 
+// wanna mess up with some existing test case so it's better to create separate file for it, this file also include 
+// the broken test for the reference in future about the broken tests.
+
+
+typedef typeof(sizeof(int)) size_t;
+
+void clang_analyzer_eval(int);
+
+void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
+
+//===--===
+// mempcpy()
+//===--===
+
+void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+void mempcpy14() {
+  int src[] = {1, 2, 3, 4};
+  int dst[5] = {0};
+  int *p;
+
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+   // FIXME: This behaviour is actually surprising and needs to be fixed, 
+   // mempcpy seems to consider the very last byte of the src buffer uninitialized
+   // and returning undef unfortunately. It should have returned unknown or a conjured value instead.
+
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
+}
+
+struct st {
+  int i;
+  int j;
+};
+
+
+void mempcpy15() {
+  struct st s1 = {0};
+  struct st s2;
+  struct st *p1;
+  struct st *p2;
+
+  p1 = () + 1;
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
+}
Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -2,13 +2,15 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
-// RUN:   -analyzer-config eagerly-assume=false
+// RUN:   -analyzer-config eagerly-assume=false  
 //
 // RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS \
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 //
@@ -16,6 +18,7 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 //
@@ -23,6 +26,7 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 
@@ -315,7 +319,7 @@
 
   p1 = () + 1;
   p2 = mempcpy(, , sizeof(struct st));
-
+  
   clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
 }
 
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added a comment.

Yup, land it!


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added a comment.

@steakhal , if everything looks fine, can i land this ?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added inline comments.



Comment at: clang/test/Analysis/bstring_UninitRead.c:2
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=alpha.unix.cstring 
+

steakhal wrote:
> 
Yeah done! Thanks


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 412464.
phyBrackets added a comment.

enabled the core checker


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c
  clang/test/Analysis/bstring_UninitRead.c

Index: clang/test/Analysis/bstring_UninitRead.c
===
--- /dev/null
+++ clang/test/Analysis/bstring_UninitRead.c
@@ -0,0 +1,59 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,alpha.unix.cstring
+
+
+// This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
+// the separate file because the checker is break the some existing test cases in bstring.c file , so we don't 
+// wanna mess up with some existing test case so it's better to create separate file for it, this file also include 
+// the broken test for the reference in future about the broken tests.
+
+
+typedef typeof(sizeof(int)) size_t;
+
+void clang_analyzer_eval(int);
+
+void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
+
+//===--===
+// mempcpy()
+//===--===
+
+void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+void mempcpy14() {
+  int src[] = {1, 2, 3, 4};
+  int dst[5] = {0};
+  int *p;
+
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+   // FIXME: This behaviour is actually surprising and needs to be fixed, 
+   // mempcpy seems to consider the very last byte of the src buffer uninitialized
+   // and returning undef unfortunately. It should have returned unknown or a conjured value instead.
+
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
+}
+
+struct st {
+  int i;
+  int j;
+};
+
+
+void mempcpy15() {
+  struct st s1 = {0};
+  struct st s2;
+  struct st *p1;
+  struct st *p2;
+
+  p1 = () + 1;
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
+}
Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -2,13 +2,15 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
-// RUN:   -analyzer-config eagerly-assume=false
+// RUN:   -analyzer-config eagerly-assume=false  
 //
 // RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS \
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 //
@@ -16,6 +18,7 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 //
@@ -23,6 +26,7 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 
@@ -70,7 +74,6 @@
 
 #endif /* VARIANT */
 
-
 void memcpy0 () {
   char src[] = {1, 2, 3, 4};
   char dst[4] = {0};
@@ -315,7 +318,7 @@
 
   p1 = () + 1;
   p2 = mempcpy(, , sizeof(struct st));
-
+  
   clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
 }
 
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  > {
   mutable std::unique_ptr BT_Null, BT_Bounds, BT_Overlap,
-  BT_NotCString, 

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal accepted this revision.
steakhal added a comment.

The `core` checkers should be always enabled.




Comment at: clang/test/Analysis/bstring_UninitRead.c:2
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=alpha.unix.cstring 
+




Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 412452.
phyBrackets added a comment.

Remove unneccesary RUN and some macros definitions


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c
  clang/test/Analysis/bstring_UninitRead.c

Index: clang/test/Analysis/bstring_UninitRead.c
===
--- /dev/null
+++ clang/test/Analysis/bstring_UninitRead.c
@@ -0,0 +1,59 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=alpha.unix.cstring 
+
+
+// This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
+// the separate file because the checker is break the some existing test cases in bstring.c file , so we don't 
+// wanna mess up with some existing test case so it's better to create separate file for it, this file also include 
+// the broken test for the reference in future about the broken tests.
+
+
+typedef typeof(sizeof(int)) size_t;
+
+void clang_analyzer_eval(int);
+
+void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
+
+//===--===
+// mempcpy()
+//===--===
+
+void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+void mempcpy14() {
+  int src[] = {1, 2, 3, 4};
+  int dst[5] = {0};
+  int *p;
+
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+   // FIXME: This behaviour is actually surprising and needs to be fixed, 
+   // mempcpy seems to consider the very last byte of the src buffer uninitialized
+   // and returning undef unfortunately. It should have returned unknown or a conjured value instead.
+
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
+}
+
+struct st {
+  int i;
+  int j;
+};
+
+
+void mempcpy15() {
+  struct st s1 = {0};
+  struct st s2;
+  struct st *p1;
+  struct st *p2;
+
+  p1 = () + 1;
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
+}
Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -2,13 +2,15 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
-// RUN:   -analyzer-config eagerly-assume=false
+// RUN:   -analyzer-config eagerly-assume=false  
 //
 // RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS \
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 //
@@ -16,6 +18,7 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 //
@@ -23,6 +26,7 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   -analyzer-checker=debug.ExprInspection \
 // RUN:   -analyzer-config eagerly-assume=false
 
@@ -70,7 +74,6 @@
 
 #endif /* VARIANT */
 
-
 void memcpy0 () {
   char src[] = {1, 2, 3, 4};
   char dst[4] = {0};
@@ -315,7 +318,7 @@
 
   p1 = () + 1;
   p2 = mempcpy(, , sizeof(struct st));
-
+  
   clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
 }
 
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  > {
   mutable std::unique_ptr BT_Null, BT_Bounds, BT_Overlap,
-  

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added inline comments.



Comment at: clang/test/Analysis/bstring_UninitRead.c:67-85
+//===--===
+// mempcpy()
+//===--===
+
+#ifdef VARIANT
+
+#define __mempcpy_chk BUILTIN(__mempcpy_chk)

phyBrackets wrote:
> steakhal wrote:
> > I don't think you should copy these as well.
> > The matching logic is already tested in `bstring.c`.
> > 
> > That being said, a single `RUN` line should be enough in this file.
> I'm not able to run test successfully with single RUN , 
> ```
> // RUN: -analyzer-checker=alpha.unix.cstring.UninitializedRead
> 
> ```
wait , I think I got this! Thanks


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added inline comments.



Comment at: clang/test/Analysis/bstring_UninitRead.c:1-84
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix.cstring \
+// RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-checker=debug.ExprInspection \
+// RUN:   -analyzer-config eagerly-assume=false  
+//

I was thinking about something like this.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added inline comments.



Comment at: clang/test/Analysis/bstring_UninitRead.c:67-85
+//===--===
+// mempcpy()
+//===--===
+
+#ifdef VARIANT
+
+#define __mempcpy_chk BUILTIN(__mempcpy_chk)

steakhal wrote:
> I don't think you should copy these as well.
> The matching logic is already tested in `bstring.c`.
> 
> That being said, a single `RUN` line should be enough in this file.
I'm not able to run test successfully with single RUN , 
```
// RUN: -analyzer-checker=alpha.unix.cstring.UninitializedRead

```


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added a comment.

Please mark the done comments as "done" with the corresponding button prior to 
submitting an update.




Comment at: clang/test/Analysis/bstring_UninitRead.c:67-85
+//===--===
+// mempcpy()
+//===--===
+
+#ifdef VARIANT
+
+#define __mempcpy_chk BUILTIN(__mempcpy_chk)

I don't think you should copy these as well.
The matching logic is already tested in `bstring.c`.

That being said, a single `RUN` line should be enough in this file.



Comment at: clang/test/Analysis/bstring_UninitRead.c:91-94
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string 
function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
+  // mempcpy seems to consider the src buffered byte as uninitialized
+  // and returning undef which is actually not the case It should return 
something like Unknown .




Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added a comment.

Hey @NoQ and @steakhal , will you just check , if everything looks fine or not! 
The test cases run successfully tho now!


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 412391.
phyBrackets added a comment.
Herald added a project: All.

Created the separate test file for UninitializedRead checker


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c
  clang/test/Analysis/bstring_UninitRead.c

Index: clang/test/Analysis/bstring_UninitRead.c
===
--- /dev/null
+++ clang/test/Analysis/bstring_UninitRead.c
@@ -0,0 +1,116 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix.cstring \
+// RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-checker=debug.ExprInspection \
+// RUN:   -analyzer-config eagerly-assume=false  
+//
+// RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix.cstring \
+// RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-checker=debug.ExprInspection \
+// RUN:   -analyzer-config eagerly-assume=false
+//
+// RUN: %clang_analyze_cc1 -verify %s -DVARIANT \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix.cstring \
+// RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-checker=debug.ExprInspection \
+// RUN:   -analyzer-config eagerly-assume=false
+//
+// RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS -DVARIANT \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix.cstring \
+// RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-checker=debug.ExprInspection \
+// RUN:   -analyzer-config eagerly-assume=false
+
+// This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
+// the separate file because the checker is break the some existing test cases in bstring.c file , so we don't 
+// wanna mess up with some existing test case so it's better to create separate file for it, this file also include 
+// the broken test for the reference in future about the broken tests.
+
+#ifdef USE_BUILTINS
+# define BUILTIN(f) __builtin_ ## f
+#else /* USE_BUILTINS */
+# define BUILTIN(f) f
+#endif /* USE_BUILTINS */
+
+typedef typeof(sizeof(int)) size_t;
+
+void clang_analyzer_eval(int);
+
+
+
+#ifdef VARIANT
+
+#define __memcpy_chk BUILTIN(__memcpy_chk)
+void *__memcpy_chk(void *restrict s1, const void *restrict s2, size_t n,
+   size_t destlen);
+
+#define memcpy(a,b,c) __memcpy_chk(a,b,c,(size_t)-1)
+
+#else /* VARIANT */
+
+#define memcpy BUILTIN(memcpy)
+void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+#endif /* VARIANT */
+
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
+
+//===--===
+// mempcpy()
+//===--===
+
+#ifdef VARIANT
+
+#define __mempcpy_chk BUILTIN(__mempcpy_chk)
+void *__mempcpy_chk(void *restrict s1, const void *restrict s2, size_t n,
+   size_t destlen);
+
+#define mempcpy(a,b,c) __mempcpy_chk(a,b,c,(size_t)-1)
+
+#else /* VARIANT */
+
+#define mempcpy BUILTIN(mempcpy)
+void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
+
+#endif /* VARIANT */
+
+void mempcpy14() {
+  int src[] = {1, 2, 3, 4};
+  int dst[5] = {0};
+  int *p;
+
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
+  // mempcpy seems to consider the src buffered byte as uninitialized
+  // and returning undef which is actually not the case It should return something like Unknown .
+
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
+}
+
+struct st {
+  int i;
+  int j;
+};
+
+
+void mempcpy15() {
+  struct st s1 = {0};
+  struct st s2;
+  struct st *p1;
+  struct st *p2;
+
+  p1 = () + 1;
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
+}
Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -2,13 +2,15 @@
 // RUN:   -analyzer-checker=core \
 // RUN:   -analyzer-checker=unix.cstring \
 // RUN:   -analyzer-checker=alpha.unix.cstring \
+// RUN:   -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
 // RUN:   

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added inline comments.



Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:377
+  if (Access == AccessKind::read) {
+if (StInBound->getSVal(ER).isUndef()) {
+  emitUninitializedReadBug(C, StInBound, Buffer.Expression);

You should make this check optional, only if the 'checker' was enabled.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added a comment.

You should copy the `mempcpy14`, `mempcpy15` test cases into a separate file, 
and cut the `top`; while disabling this `alpha.unix.cstring.UninitializedRead` 
checker in the existing test file(s) and explicitly enable in the new separated 
file.
This way it wouldn't interfere with the existing test cases, since it would 
halt the analyzer (emits a sink node).
After that, you could land it.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added a comment.

Hey @NoQ and @steakhal , can i land this patch ?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added inline comments.



Comment at: clang/test/Analysis/bstring.c:310
 
-  clang_analyzer_eval(p == [4]); // expected-warning{{TRUE}}
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
 }

NoQ wrote:
> Hmm, given that your change suppresses some existing tests, maybe disable 
> your checker on this file and copy the updated tests to a new file that would 
> have the checker enabled?
I don't know how will it affect that but still that's an exception and from 
these exceptions test cases, we are updated about how it gonna fail on some 
tests cases and try to work on those exceptions.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Artem Dergachev via Phabricator via cfe-commits]

NoQ added inline comments.



Comment at: clang/test/Analysis/bstring.c:310
 
-  clang_analyzer_eval(p == [4]); // expected-warning{{TRUE}}
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
 }

Hmm, given that your change suppresses some existing tests, maybe disable your 
checker on this file and copy the updated tests to a new file that would have 
the checker enabled?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal accepted this revision.
steakhal added a comment.
This revision is now accepted and ready to land.
Herald added a subscriber: manas.

Approved, given that it looks and compiles fine with oxygen.
Thank you.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 411652.
phyBrackets added a comment.

fix some alignment issue


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c

Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -70,6 +70,11 @@
 
 #endif /* VARIANT */
 
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
 
 void memcpy0 () {
   char src[] = {1, 2, 3, 4};
@@ -297,9 +302,12 @@
   int dst[5] = {0};
   int *p;
 
-  p = mempcpy(dst, src, 4 * sizeof(int));
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
+  // mempcpy seems to consider the src buffered byte as uninitialized
+  // and returning undef which is actually not the case It should return something like Unknown .
 
-  clang_analyzer_eval(p == [4]); // expected-warning{{TRUE}}
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
 }
 
 struct st {
@@ -314,9 +322,10 @@
   struct st *p2;
 
   p1 = () + 1;
-  p2 = mempcpy(, , sizeof(struct st));
-
-  clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
 }
 
 void mempcpy16() {
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  > {
   mutable std::unique_ptr BT_Null, BT_Bounds, BT_Overlap,
-  BT_NotCString, BT_AdditionOverflow;
+  BT_NotCString, BT_AdditionOverflow, BT_UninitRead;
 
   mutable const char *CurrentFunctionDescription;
 
@@ -92,11 +92,13 @@
 DefaultBool CheckCStringOutOfBounds;
 DefaultBool CheckCStringBufferOverlap;
 DefaultBool CheckCStringNotNullTerm;
+DefaultBool CheckCStringUninitializedRead;
 
 CheckerNameRef CheckNameCStringNullArg;
 CheckerNameRef CheckNameCStringOutOfBounds;
 CheckerNameRef CheckNameCStringBufferOverlap;
 CheckerNameRef CheckNameCStringNotNullTerm;
+CheckerNameRef CheckNameCStringUninitializedRead;
   };
 
   CStringChecksFilter Filter;
@@ -257,6 +259,8 @@
   void emitNotCStringBug(CheckerContext , ProgramStateRef State,
  const Stmt *S, StringRef WarningMsg) const;
   void emitAdditionOverflowBug(CheckerContext , ProgramStateRef State) const;
+  void emitUninitializedReadBug(CheckerContext , ProgramStateRef State,
+const Expr *E) const;
 
   ProgramStateRef checkAdditionOverflow(CheckerContext ,
 ProgramStateRef state,
@@ -368,6 +372,14 @@
 return nullptr;
   }
 
+  // Ensure that we wouldn't read uninitialized value.
+  if (Access == AccessKind::read) {
+if (StInBound->getSVal(ER).isUndef()) {
+  emitUninitializedReadBug(C, StInBound, Buffer.Expression);
+  return nullptr;
+}
+  }
+
   // Array bound check succeeded.  From this point forward the array bound
   // should always succeed.
   return StInBound;
@@ -421,6 +433,7 @@
 SVal BufEnd =
 svalBuilder.evalBinOpLN(State, BO_Add, *BufLoc, LastOffset, PtrTy);
 
+State = CheckLocation(C, State, Buffer, BufStart, Access);
 State = CheckLocation(C, State, Buffer, BufEnd, Access);
 
 // If the buffer isn't large enough, abort.
@@ -580,6 +593,26 @@
   }
 }
 
+void CStringChecker::emitUninitializedReadBug(CheckerContext ,
+  ProgramStateRef State,
+  const Expr *E) const {
+  if (ExplodedNode *N = C.generateErrorNode(State)) {
+const char *Msg =
+"Bytes string function accesses uninitialized/garbage values";
+if (!BT_UninitRead)
+  BT_UninitRead.reset(
+  new BuiltinBug(Filter.CheckNameCStringUninitializedRead,
+ "Accessing unitialized/garbage values", Msg));
+
+BuiltinBug *BT = static_cast(BT_UninitRead.get());
+
+auto Report = std::make_unique(*BT, Msg, N);
+Report->addRange(E->getSourceRange());
+bugreporter::trackExpressionValue(N, E, *Report);
+

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 411601.
phyBrackets added a comment.

aligned the indentation


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c

Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -70,6 +70,11 @@
 
 #endif /* VARIANT */
 
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
 
 void memcpy0 () {
   char src[] = {1, 2, 3, 4};
@@ -297,9 +302,12 @@
   int dst[5] = {0};
   int *p;
 
-  p = mempcpy(dst, src, 4 * sizeof(int));
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
+  // mempcpy seems to consider the src buffered byte as uninitialized
+  // and returning undef which is actually not the case It should return something like Unknown .
 
-  clang_analyzer_eval(p == [4]); // expected-warning{{TRUE}}
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
 }
 
 struct st {
@@ -314,9 +322,10 @@
   struct st *p2;
 
   p1 = () + 1;
-  p2 = mempcpy(, , sizeof(struct st));
-
-  clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
 }
 
 void mempcpy16() {
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  > {
   mutable std::unique_ptr BT_Null, BT_Bounds, BT_Overlap,
-  BT_NotCString, BT_AdditionOverflow;
+  BT_NotCString, BT_AdditionOverflow, BT_UninitRead;
 
   mutable const char *CurrentFunctionDescription;
 
@@ -92,11 +92,13 @@
 DefaultBool CheckCStringOutOfBounds;
 DefaultBool CheckCStringBufferOverlap;
 DefaultBool CheckCStringNotNullTerm;
+DefaultBool CheckCStringUninitializedRead;
 
 CheckerNameRef CheckNameCStringNullArg;
 CheckerNameRef CheckNameCStringOutOfBounds;
 CheckerNameRef CheckNameCStringBufferOverlap;
 CheckerNameRef CheckNameCStringNotNullTerm;
+CheckerNameRef CheckNameCStringUninitializedRead;
   };
 
   CStringChecksFilter Filter;
@@ -257,6 +259,8 @@
   void emitNotCStringBug(CheckerContext , ProgramStateRef State,
  const Stmt *S, StringRef WarningMsg) const;
   void emitAdditionOverflowBug(CheckerContext , ProgramStateRef State) const;
+  void emitUninitializedReadBug(CheckerContext , ProgramStateRef State,
+const Expr *E) const;
 
   ProgramStateRef checkAdditionOverflow(CheckerContext ,
 ProgramStateRef state,
@@ -368,6 +372,14 @@
 return nullptr;
   }
 
+  // Ensure that we wouldn't read uninitialized value.
+  if (Access == AccessKind::read) {
+if (StInBound->getSVal(ER).isUndef()) {
+  emitUninitializedReadBug(C, StInBound, Buffer.Expression);
+  return nullptr;
+}
+  }
+
   // Array bound check succeeded.  From this point forward the array bound
   // should always succeed.
   return StInBound;
@@ -421,6 +433,7 @@
 SVal BufEnd =
 svalBuilder.evalBinOpLN(State, BO_Add, *BufLoc, LastOffset, PtrTy);
 
+State = CheckLocation(C, State, Buffer, BufStart, Access);
 State = CheckLocation(C, State, Buffer, BufEnd, Access);
 
 // If the buffer isn't large enough, abort.
@@ -580,6 +593,26 @@
   }
 }
 
+void CStringChecker::emitUninitializedReadBug(CheckerContext ,
+  ProgramStateRef State,
+  const Expr *E) const {
+  if (ExplodedNode *N = C.generateErrorNode(State)) {
+const char *Msg =
+"Bytes string function accesses uninitialized/garbage values";
+if (!BT_UninitRead)
+  BT_UninitRead.reset(
+  new BuiltinBug(Filter.CheckNameCStringUninitializedRead,
+ "Accessing unitialized/garbage values", Msg));
+
+BuiltinBug *BT = static_cast(BT_UninitRead.get());
+
+auto Report = std::make_unique(*BT, Msg, N);
+Report->addRange(E->getSourceRange());
+bugreporter::trackExpressionValue(N, E, *Report);
+

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 411447.
phyBrackets added a comment.

update the documentation for the uninitialized read checker


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c

Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -70,6 +70,11 @@
 
 #endif /* VARIANT */
 
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
 
 void memcpy0 () {
   char src[] = {1, 2, 3, 4};
@@ -297,9 +302,12 @@
   int dst[5] = {0};
   int *p;
 
-  p = mempcpy(dst, src, 4 * sizeof(int));
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
+  // mempcpy seems to consider the src buffered byte as uninitialized
+  // and returning undef which is actually not the case It should return something like Unknown .
 
-  clang_analyzer_eval(p == [4]); // expected-warning{{TRUE}}
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
 }
 
 struct st {
@@ -314,9 +322,10 @@
   struct st *p2;
 
   p1 = () + 1;
-  p2 = mempcpy(, , sizeof(struct st));
-
-  clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
 }
 
 void mempcpy16() {
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  > {
   mutable std::unique_ptr BT_Null, BT_Bounds, BT_Overlap,
-  BT_NotCString, BT_AdditionOverflow;
+  BT_NotCString, BT_AdditionOverflow, BT_UninitRead;
 
   mutable const char *CurrentFunctionDescription;
 
@@ -92,11 +92,13 @@
 DefaultBool CheckCStringOutOfBounds;
 DefaultBool CheckCStringBufferOverlap;
 DefaultBool CheckCStringNotNullTerm;
+DefaultBool CheckCStringUninitializedRead;
 
 CheckerNameRef CheckNameCStringNullArg;
 CheckerNameRef CheckNameCStringOutOfBounds;
 CheckerNameRef CheckNameCStringBufferOverlap;
 CheckerNameRef CheckNameCStringNotNullTerm;
+CheckerNameRef CheckNameCStringUninitializedRead;
   };
 
   CStringChecksFilter Filter;
@@ -257,6 +259,8 @@
   void emitNotCStringBug(CheckerContext , ProgramStateRef State,
  const Stmt *S, StringRef WarningMsg) const;
   void emitAdditionOverflowBug(CheckerContext , ProgramStateRef State) const;
+  void emitUninitializedReadBug(CheckerContext , ProgramStateRef State,
+const Expr *E) const;
 
   ProgramStateRef checkAdditionOverflow(CheckerContext ,
 ProgramStateRef state,
@@ -368,6 +372,14 @@
 return nullptr;
   }
 
+  // Ensure that we wouldn't read uninitialized value.
+  if (Access == AccessKind::read) {
+if (StInBound->getSVal(ER).isUndef()) {
+  emitUninitializedReadBug(C, StInBound, Buffer.Expression);
+  return nullptr;
+}
+  }
+
   // Array bound check succeeded.  From this point forward the array bound
   // should always succeed.
   return StInBound;
@@ -421,6 +433,7 @@
 SVal BufEnd =
 svalBuilder.evalBinOpLN(State, BO_Add, *BufLoc, LastOffset, PtrTy);
 
+State = CheckLocation(C, State, Buffer, BufStart, Access);
 State = CheckLocation(C, State, Buffer, BufEnd, Access);
 
 // If the buffer isn't large enough, abort.
@@ -580,6 +593,26 @@
   }
 }
 
+void CStringChecker::emitUninitializedReadBug(CheckerContext ,
+  ProgramStateRef State,
+  const Expr *E) const {
+  if (ExplodedNode *N = C.generateErrorNode(State)) {
+const char *Msg =
+"Bytes string function accesses uninitialized/garbage values";
+if (!BT_UninitRead)
+  BT_UninitRead.reset(
+  new BuiltinBug(Filter.CheckNameCStringUninitializedRead,
+ "Accessing unitialized/garbage values", Msg));
+
+BuiltinBug *BT = static_cast(BT_UninitRead.get());
+
+auto Report = std::make_unique(*BT, Msg, N);
+Report->addRange(E->getSourceRange());
+bugreporter::trackExpressionValue(N, E, 

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal added inline comments.



Comment at: clang/docs/analyzer/checkers.rst:2634-2647
+.. _alpha-unix-cstring-UninitializedRead:
+
+alpha.unix.cstring.UninitializedRead (C)
+""
+Check for uninitialized read from source in memory copy function: 
``memcpy,mempcpy``.
+
+.. code-block:: c 

I was thinking about something like this.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets updated this revision to Diff 411286.
phyBrackets added a comment.

Revised the changes


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

Files:
  clang/docs/analyzer/checkers.rst
  clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/bstring.c

Index: clang/test/Analysis/bstring.c
===
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -70,6 +70,11 @@
 
 #endif /* VARIANT */
 
+void top(char *dst) {
+  char buf[10];
+  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  (void)buf;
+}
 
 void memcpy0 () {
   char src[] = {1, 2, 3, 4};
@@ -297,9 +302,12 @@
   int dst[5] = {0};
   int *p;
 
-  p = mempcpy(dst, src, 4 * sizeof(int));
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
+  // mempcpy seems to consider the src buffered byte as uninitialized
+  // and returning undef which is actually not the case It should return something like Unknown .
 
-  clang_analyzer_eval(p == [4]); // expected-warning{{TRUE}}
+  clang_analyzer_eval(p == [4]); // no-warning (above is fatal)
 }
 
 struct st {
@@ -314,9 +322,10 @@
   struct st *p2;
 
   p1 = () + 1;
-  p2 = mempcpy(, , sizeof(struct st));
-
-  clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
+  p2 = mempcpy(, , sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
+  // FIXME: It seems same as mempcpy14() case.
+  
+  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
 }
 
 void mempcpy16() {
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -80,7 +80,7 @@
  check::RegionChanges
  > {
   mutable std::unique_ptr BT_Null, BT_Bounds, BT_Overlap,
-  BT_NotCString, BT_AdditionOverflow;
+  BT_NotCString, BT_AdditionOverflow, BT_UninitRead;
 
   mutable const char *CurrentFunctionDescription;
 
@@ -92,11 +92,13 @@
 DefaultBool CheckCStringOutOfBounds;
 DefaultBool CheckCStringBufferOverlap;
 DefaultBool CheckCStringNotNullTerm;
+DefaultBool CheckCStringUninitializedRead;
 
 CheckerNameRef CheckNameCStringNullArg;
 CheckerNameRef CheckNameCStringOutOfBounds;
 CheckerNameRef CheckNameCStringBufferOverlap;
 CheckerNameRef CheckNameCStringNotNullTerm;
+CheckerNameRef CheckNameCStringUninitializedRead;
   };
 
   CStringChecksFilter Filter;
@@ -257,6 +259,8 @@
   void emitNotCStringBug(CheckerContext , ProgramStateRef State,
  const Stmt *S, StringRef WarningMsg) const;
   void emitAdditionOverflowBug(CheckerContext , ProgramStateRef State) const;
+  void emitUninitializedReadBug(CheckerContext , ProgramStateRef State,
+const Expr *E) const;
 
   ProgramStateRef checkAdditionOverflow(CheckerContext ,
 ProgramStateRef state,
@@ -368,6 +372,14 @@
 return nullptr;
   }
 
+  // Ensure that we wouldn't read uninitialized value.
+  if (Access == AccessKind::read) {
+if (StInBound->getSVal(ER).isUndef()) {
+  emitUninitializedReadBug(C, StInBound, Buffer.Expression);
+  return nullptr;
+}
+  }
+
   // Array bound check succeeded.  From this point forward the array bound
   // should always succeed.
   return StInBound;
@@ -421,6 +433,7 @@
 SVal BufEnd =
 svalBuilder.evalBinOpLN(State, BO_Add, *BufLoc, LastOffset, PtrTy);
 
+State = CheckLocation(C, State, Buffer, BufStart, Access);
 State = CheckLocation(C, State, Buffer, BufEnd, Access);
 
 // If the buffer isn't large enough, abort.
@@ -580,6 +593,26 @@
   }
 }
 
+void CStringChecker::emitUninitializedReadBug(CheckerContext ,
+  ProgramStateRef State,
+  const Expr *E) const {
+  if (ExplodedNode *N = C.generateErrorNode(State)) {
+const char *Msg =
+"Bytes string function accesses uninitialized/garbage values";
+if (!BT_UninitRead)
+  BT_UninitRead.reset(
+  new BuiltinBug(Filter.CheckNameCStringUninitializedRead,
+ "Accessing unitialized/garbage values", Msg));
+
+BuiltinBug *BT = static_cast(BT_UninitRead.get());
+
+auto Report = std::make_unique(*BT, Msg, N);
+Report->addRange(E->getSourceRange());
+bugreporter::trackExpressionValue(N, E, *Report);
+

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Artem Dergachev via Phabricator via cfe-commits]

NoQ added a comment.

> Oh wait, should we accept this given this serious limitation?

This check lands as alpha so it's fine. We know what to do to move it out of 
alpha; it's somewhat difficult but definitely not impossible, so there's a way 
forward with this, and the code added by this patch is ultimately correct.




Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:601
+  if (ExplodedNode *N = C.generateErrorNode(State)) {
+State->dump();
+const char *Msg =

Yeah, dumps need to be removed from the final code.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Shivam Rajput via Phabricator via cfe-commits]

phyBrackets added a comment.

@steakhal would you just help, where in the file and what exactly write to in 
the documentation?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Balázs Benics via Phabricator via cfe-commits]

steakhal requested changes to this revision.
steakhal added a comment.
This revision now requires changes to proceed.

Oh wait, should we accept this given this serious limitation?




Comment at: clang/include/clang/StaticAnalyzer/Checkers/Checkers.td:475-479
+def CStringUninitializedRead : Checker<"UninitializedRead">,
+  HelpText<"Checks if the string manipulation function would read 
uninitialized bytes">,
+  Dependencies<[CStringModeling]>,
+  Documentation;
+  

We also need documentation in the `clang/docs/analyzer/checkers.rst`.
Please also note the limitation we experienced and described here.
Also refer back to the Umbrella GitHub issue in that section.



Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:262
   void emitAdditionOverflowBug(CheckerContext , ProgramStateRef State) const;
+  void emitUninitializedRead(CheckerContext , ProgramStateRef State,
+ const Expr *E) const;





Comment at: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:378
+if (StInBound->getSVal(ER).isUndef()) {
+  llvm::errs() << "Reading from " << ER << "\n";
+  emitUninitializedRead(C, StInBound, Buffer.Expression);

Remove this line.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Artem Dergachev via Phabricator via cfe-commits]

NoQ added a comment.

Also I think we might be able to enable this checker for the situation when the 
buffer is *completely* uninitialized. It is relatively easy for `RegionStore` 
to answer whether there are any bindings in a top-level region.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D120489: [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions

[Artem Dergachev via Phabricator via cfe-commits]

NoQ added a comment.

I removed the [NFCi] marker because this commit does introduce functional 
change (a new checker).


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits