analyzer icon indicating copy to clipboard operation
analyzer copied to clipboard
verified publisher icon goblint

Audit for domain-unsafe global code

Open sim642 opened this issue 1 year ago • 1 comments

Initial list from #1708 reviews, but could be extended over time:

  • [ ] Top-level lazy values:
    • [ ] Offset.Index.Exp.all
    • [ ] Cilfacade.any_index_exp
    • [ ] LibraryFunctions.intmax_t
  • [ ] Top-level ref values.
  • [ ] ResettableLazy and its usages.
  • [ ] LazyEval and its usages.
  • [ ] Output streams:
    • [ ] Logs
    • [ ] Messages

sim642 avatar Apr 17 '25 08:04 sim642

In addition, we can consider marking features/analysis as domain-safe or note.

AFAIK, not all analyses consist only of pure functions, and it might be tricky to change this everywhere. In such cases, it should be marked and we should check for inconsistent configs at startup.

arkocal avatar Apr 17 '25 09:04 arkocal