Skip to content

Expresions on RHS of binary operator after CallExpr ignored by CheckedRegionFinder #383

New issue
New issue
Open
Open
Expresions on RHS of binary operator after CallExpr ignored by CheckedRegionFinder#383
Labels
-addcr
@john-h-kastner

Description

@john-h-kastner
john-h-kastner
opened on Jan 19, 2021

CheckedRegionFinder seems to stop early after encountering a CallExpr. This is a problem when an unsafe expression appears on the RHS of a binary operator with a CallExpr on the LHS.

Example:

int foo(void) { return 0; }
int *x = 1;
int bar() {
  return foo() + *x;
}

Converts to (-addcr):

int foo(void) _Checked { return 0; }
int *x = 1;
int bar() _Checked {
  return foo() + *x;
}

Dereferencing the unchecked pointer x should stop the function from being _Checked. Notably, this is the behavior we see if bar is instead defined with return *x + foo();

Metadata

Metadata

Assignees

No one assigned

    Labels

    -addcr

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions