Currently pointerescapes tracks a single boolean value across the callgraph. It marks each pointer argument it finds as 'escapes' or not.
There are several other properties of these pointers we want to track to handle other bad pointer usage like pointer comparisons. To be able to do so without a lot of duplication, we need to extend the boolean value being tracked to an n-tuple of boolean values. The API design should be extensible enough to allow us to add extra flags to track as needed.
Once this is in place, we can tie that n-tuple into analyzers that are focused on the function declarations only, and trust the callgraph analyzer to perform whatever induction is needed for us.
Once this is done, pointerescapes will be a misnomer, so maybe it should be refactored into an induction analyzer under the callgraph package.
Currently
pointerescapes
tracks a single boolean value across the callgraph. It marks each pointer argument it finds as 'escapes' or not.There are several other properties of these pointers we want to track to handle other bad pointer usage like pointer comparisons. To be able to do so without a lot of duplication, we need to extend the boolean value being tracked to an n-tuple of boolean values. The API design should be extensible enough to allow us to add extra flags to track as needed.
Once this is in place, we can tie that n-tuple into analyzers that are focused on the function declarations only, and trust the callgraph analyzer to perform whatever induction is needed for us.
Once this is done,
pointerescapes
will be a misnomer, so maybe it should be refactored into aninduction
analyzer under thecallgraph
package.