Closed Bug 1534421 Opened 1 year ago Closed 1 year ago

Make the CAN_RUN_SCRIPT analysis treat dereferences of pointer-typed args of CAN_RUN_SCRIPT functions as live

Categories

(Firefox Build System :: Source Code Analysis, enhancement)

enhancement
Not set
normal

Tracking

(firefox67 fixed)

RESOLVED FIXED
mozilla67
Tracking Status
firefox67 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

Attachments

(2 files)

Attached patch Attempted fix.Splinter Review

Consider this case:

  MOZ_CAN_RUN_SCRIPT
  void foo(Arg& arg) {}

  MOZ_CAN_RUN_SCRIPT
  void bar(Arg* arg) {
    foo(*arg);
  }

ideally this would pass the analysis. Right now it doesn't, and my attempt to fix the analysis to allow it doesn't seem to work: the unaryDereferenceOperator() does match, but the hasUnaryOperand(declRefExpr()) bit does not (even if I take out the to(...) bits).

Flags: needinfo?(bpostelnicu)

I found the clang analysis docs. This all makes a lot more sense now. ;)

Assignee: nobody → bzbarsky
Flags: needinfo?(bpostelnicu)
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f65aaa2a97bb
Fix the CAN_RUN_SCRIPT analysis to treat a deref of an arg as live if it would treat the arg as live.  r=andi
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.