[cfe-commits] r61147 - in /cfe/trunk: lib/Analysis/CFRefCount.cpp test/Analysis/uninit-vals-ps.c

Zhongxing Xu xuzhongxing at gmail.com
Mon Mar 9 02:41:38 PDT 2009 

Hi Ted,

This patch report false warning on this test case:

#include <sys/socket.h>
void f(int sock) {
  struct sockaddr_storage storage;
  struct sockaddr* sockaddr = (struct sockaddr*)&storage;
  socklen_t addrlen = sizeof(storage);
  getsockname(sock, sockaddr, &addrlen);
  switch (sockaddr->sa_family) {
  default:
    ;
  }
}

$ clang -analyze -analyzer-store=region -checker-cfref 1.c
1.c:7:3: warning: Branch condition evaluates to an uninitialized value.
  switch (sockaddr->sa_family) {
  ^       ~~~~~~~~~~~~~~~~~~~
1 diagnostic generated.

Perhaps we should not 'blast through' TypedViewRegion?

On Thu, Dec 18, 2008 at 3:42 AM, Ted Kremenek <kremenek at apple.com> wrote:

> Author: kremenek
> Date: Wed Dec 17 13:42:34 2008
> New Revision: 61147
>
> URL: http://llvm.org/viewvc/llvm-project?rev=61147&view=rev
> Log:
> Fix <rdar://problem/6451816>:
> - Because of the introduction of AnonTypedRegions when reasoning about
> casts, we
>  had a regression in the "symbolication" of variable values
> passed-by-reference
>  to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
>  blasting through the layer of AnonTypedRegions when symbolicating the
> value of
>  the variable. This logic may get moved elsewhere. Note that this change
>  affects only -checker-cfref and not -checker-simple; eventually this logic
>  should get pulled out of CFRefCount.cpp into a more common place. All
> users
>  use -checker-cfref by default, and -checker-simple should probably just be
>  removed.
> - Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and
> added
>  a test case for this regression.
>
> Modified:
>    cfe/trunk/lib/Analysis/CFRefCount.cpp
>    cfe/trunk/test/Analysis/uninit-vals-ps.c
>
> Modified: cfe/trunk/lib/Analysis/CFRefCount.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFRefCount.cpp?rev=61147&r1=61146&r2=61147&view=diff
>
>
> ==============================================================================
> --- cfe/trunk/lib/Analysis/CFRefCount.cpp (original)
> +++ cfe/trunk/lib/Analysis/CFRefCount.cpp Wed Dec 17 13:42:34 2008
> @@ -1599,6 +1599,14 @@
>         }
>
>         const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion());
> +
> +        // Blast through AnonTypedRegions to get the original region type.
> +        while (R) {
> +          const AnonTypedRegion* ATR = dyn_cast<AnonTypedRegion>(R);
> +          if (!ATR) break;
> +          R = dyn_cast<TypedRegion>(ATR->getSuperRegion());
> +        }
> +
>         if (R) {
>           // Set the value of the variable to be a conjured symbol.
>           unsigned Count = Builder.getCurrentBlockCount();
> @@ -1609,7 +1617,7 @@
>             SymbolRef NewSym =
>               Eng.getSymbolManager().getConjuredSymbol(*I, T, Count);
>
> -            state = state.BindLoc(*MR,
> +            state = state.BindLoc(Loc::MakeVal(R),
>                                   Loc::IsLocType(T)
>                                   ? cast<SVal>(loc::SymbolVal(NewSym))
>                                   : cast<SVal>(nonloc::SymbolVal(NewSym)));
>
> Modified: cfe/trunk/test/Analysis/uninit-vals-ps.c
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/uninit-vals-ps.c?rev=61147&r1=61146&r2=61147&view=diff
>
>
> ==============================================================================
> --- cfe/trunk/test/Analysis/uninit-vals-ps.c (original)
> +++ cfe/trunk/test/Analysis/uninit-vals-ps.c Wed Dec 17 13:42:34 2008
> @@ -1,5 +1,5 @@
> -// RUN: clang -checker-simple -verify %s &&
> -// RUN: clang -checker-simple -analyzer-store-region -verify %s
> +// RUN: clang -checker-cfref -verify %s &&
> +// RUN: clang -checker-cfref -analyzer-store-region -verify %s
>
>  struct FPRec {
>   void (*my_func)(int * x);
> @@ -49,4 +49,22 @@
>   return *p;  // expected-warning{{Uninitialized or undefined return value
> returned to caller.}}
>  }
>
> +// <rdar://problem/6451816>
> +typedef unsigned char Boolean;
> +typedef const struct __CFNumber * CFNumberRef;
> +typedef signed long CFIndex;
> +typedef CFIndex CFNumberType;
> +typedef unsigned long UInt32;
> +typedef UInt32 CFStringEncoding;
> +typedef const struct __CFString * CFStringRef;
> +extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType,
> void *valuePtr);
> +extern CFStringRef
> CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding);
> +
> +CFStringRef rdar_6451816(CFNumberRef nr) {
> +  CFStringEncoding encoding;
> +  // &encoding is casted to void*.  This test case tests whether or not
> +  // we properly invalidate the value of 'encoding'.
> +  CFNumberGetValue(nr, 9, &encoding);
> +  return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning
> +}
>
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20090309/5114e856/attachment.html>

More information about the cfe-commits mailing list