[analyzer] Improve diagnostics from ArrayBoundCheckerV2 #70056
Merged
Commits on Oct 24, 2023
-
[analyzer] Improve reports from ArrayBoundCheckerV2
Previously alpha.security.ArrayBoundV2 produced very spartan bug reports; this commit ensures that the relevant (and known) details are reported to the user. The logic for detecting bugs is not changed, after this commit the checker will report the same set of issues, but with better messages. To test the details of the message generation this commit adds a new test file 'out-of-bounds-diagnostics.c'. Three of the testcases are added with FIXME notes because they reveal shortcomings of the existing modeling and bounds checking code. I will try to fix them in separate follow-up commits.
Commits on Oct 25, 2023
Commits on Oct 31, 2023
Commits on Nov 7, 2023
-
-
Revert "Make the message for tainted offsets more general"
I thought for a moment that there are some corner cases where the more specific "may be too large" message is inaccurate, but I realized that there are no such cases, so we can use the specific message (which is slightly more helpful for the user). This reverts commit 979a387.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.