C++: Positively phrased sanitizer in cpp/non-constant-format#12003
Merged
MathiasVP merged 1 commit intogithub:mathiasvp/replace-ast-with-ir-use-usedataflowfrom Jan 27, 2023
Conversation
…o longer incorrectly sanitize indirect nodes for which there is no result for 'asIndirectExpr'.
Contributor
Author
|
DCA showed nothing exciting (🎉 I guess!) |
MathiasVP
merged commit e48c93a
into
github:mathiasvp/replace-ast-with-ir-use-usedataflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The sanitizer in the
cpp/non-constant-formatquery was very fragile: it's supposed to look at the type of the node, and mark it as a sanitizer if the type reveals that the node could not possible hold a string.This was easy to do before we introduced indirect dataflow nodes: we could just mark all non-pointer nodes as sanitizers because we were tracking a value of type
char*. However, when we track indirect nodes as well, those nodes can have typechar(since we're tracking the indirection of thechar).So when we introduced indirect nodes, we modified the sanitizer to not sanitize indirect nodes (for instance, by saying that
node.asIndirectExpr()shouldn't exist). However, this relies on all indirect nodes having a result forasIndirectExpr()which doesn't have to be true (since plenty of dataflow nodes do not map to an expression).Instead, this PR rephrases the sanitizer to only sanitize nodes for which
node.asExpr()holds. This predicate never has a result for indirect nodes, so the effect should be the same, but it won't depend on each indirect dataflow node having a result forasIndirectExpr().