[cfe-commits] r125775 - in /cfe/trunk: lib/Sema/SemaChecking.cpp lib/Sema/SemaExprCXX.cpp test/Analysis/outofbound.c test/Parser/encode.m test/SemaCXX/array-bounds.cpp

Chandler Carruth chandlerc at gmail.com
Thu Feb 17 13:10:52 PST 2011 

Author: chandlerc
Date: Thu Feb 17 15:10:52 2011
New Revision: 125775

URL: http://llvm.org/viewvc/llvm-project?rev=125775&view=rev
Log:
Enhance the array bounds checking to work for several other constructs,
especially C++ code, and generally expand the test coverage.

Logic adapted from a patch by Kaelyn Uhrain <rikka at google.com> and
another Googler.

Modified:
    cfe/trunk/lib/Sema/SemaChecking.cpp
    cfe/trunk/lib/Sema/SemaExprCXX.cpp
    cfe/trunk/test/Analysis/outofbound.c
    cfe/trunk/test/Parser/encode.m
    cfe/trunk/test/SemaCXX/array-bounds.cpp

Modified: cfe/trunk/lib/Sema/SemaChecking.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaChecking.cpp?rev=125775&r1=125774&r2=125775&view=diff
==============================================================================
--- cfe/trunk/lib/Sema/SemaChecking.cpp (original)
+++ cfe/trunk/lib/Sema/SemaChecking.cpp Thu Feb 17 15:10:52 2011
@@ -3095,17 +3095,12 @@
 }
 
 void Sema::CheckArrayAccess(const clang::ArraySubscriptExpr *E) {
-  const DeclRefExpr *DRE =
-    dyn_cast<DeclRefExpr>(E->getBase()->IgnoreParenImpCasts());
-  if (!DRE)
-    return;
-  const VarDecl *Variable = dyn_cast<VarDecl>(DRE->getDecl());
-  if (!Variable)
-    return;
+  const Expr *BaseExpr = E->getBase()->IgnoreParenImpCasts();
   const ConstantArrayType *ArrayTy =
-    Context.getAsConstantArrayType(Variable->getType());
+    Context.getAsConstantArrayType(BaseExpr->getType());
   if (!ArrayTy)
     return;
+
   const Expr *IndexExpr = E->getIdx();
   if (IndexExpr->isValueDependent())
     return;
@@ -3115,6 +3110,8 @@
 
   if (!index.isNegative()) {
     const llvm::APInt &size = ArrayTy->getSize();
+    if (!size.isStrictlyPositive())
+      return;
     if (size.getBitWidth() > index.getBitWidth())
       index = index.sext(size.getBitWidth());
     if (index.slt(size))
@@ -3127,7 +3124,14 @@
     Diag(E->getBase()->getLocStart(), diag::warn_array_index_precedes_bounds)
       << index.toString(10, true) << IndexExpr->getSourceRange();
   }
-  Diag(Variable->getLocStart(), diag::note_array_index_out_of_bounds)
-    << Variable->getDeclName();
+
+  const NamedDecl *ND = NULL;
+  if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(BaseExpr))
+    ND = dyn_cast<NamedDecl>(DRE->getDecl());
+  if (const MemberExpr *ME = dyn_cast<MemberExpr>(BaseExpr))
+    ND = dyn_cast<NamedDecl>(ME->getMemberDecl());
+  if (ND)
+    Diag(ND->getLocStart(), diag::note_array_index_out_of_bounds)
+      << ND->getDeclName();
 }
 

Modified: cfe/trunk/lib/Sema/SemaExprCXX.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaExprCXX.cpp?rev=125775&r1=125774&r2=125775&view=diff
==============================================================================
--- cfe/trunk/lib/Sema/SemaExprCXX.cpp (original)
+++ cfe/trunk/lib/Sema/SemaExprCXX.cpp Thu Feb 17 15:10:52 2011
@@ -2005,6 +2005,10 @@
       if (!From->isGLValue()) break;
     }
 
+    // Check for trivial buffer overflows.
+    if (const ArraySubscriptExpr *AE = dyn_cast<ArraySubscriptExpr>(From))
+      CheckArrayAccess(AE);
+
     FromType = FromType.getUnqualifiedType();
     From = ImplicitCastExpr::Create(Context, FromType, CK_LValueToRValue,
                                     From, 0, VK_RValue);

Modified: cfe/trunk/test/Analysis/outofbound.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/outofbound.c?rev=125775&r1=125774&r2=125775&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/outofbound.c (original)
+++ cfe/trunk/test/Analysis/outofbound.c Thu Feb 17 15:10:52 2011
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-experimental-checks -analyzer-check-objc-mem -analyzer-store=region -verify %s
+// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-experimental-internal-checks -analyzer-experimental-checks -analyzer-check-objc-mem -analyzer-store=region -verify %s
 
 typedef __typeof(sizeof(int)) size_t;
 void *malloc(size_t);

Modified: cfe/trunk/test/Parser/encode.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Parser/encode.m?rev=125775&r1=125774&r2=125775&view=diff
==============================================================================
--- cfe/trunk/test/Parser/encode.m (original)
+++ cfe/trunk/test/Parser/encode.m Thu Feb 17 15:10:52 2011
@@ -1,8 +1,8 @@
 // RUN: %clang_cc1 -fsyntax-only -verify %s
 
 int main(void) {
-  const char ch = @encode(char *)[2];
-  char c = @encode(char *)[2] + 4;
+  const char ch = @encode(char *)[0];
+  char c = @encode(char *)[0] + 4;
   return c;
 }
 

Modified: cfe/trunk/test/SemaCXX/array-bounds.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/SemaCXX/array-bounds.cpp?rev=125775&r1=125774&r2=125775&view=diff
==============================================================================
--- cfe/trunk/test/SemaCXX/array-bounds.cpp (original)
+++ cfe/trunk/test/SemaCXX/array-bounds.cpp Thu Feb 17 15:10:52 2011
@@ -5,17 +5,72 @@
   int y[2]; // expected-note 2 {{array 'y' declared here}}
   int *p = &y[2]; // no-warning
   (void) sizeof(x[2]); // no-warning
-  y[2] = 2; // expected-warning{{array index of '2' indexes past the end of an array (that contains 2 elements)}}
-  return x[2] +  // expected-warning{{array index of '2' indexes past the end of an array (that contains 2 elements)}}
-         y[-1] + // expected-warning{{array index of '-1' indexes before the beginning of the array}}
-         x[sizeof(x)] +  // expected-warning{{array index of '8' indexes past the end of an array (that contains 2 elements)}}
-         x[sizeof(x) / sizeof(x[0])] +  // expected-warning{{array index of '2' indexes past the end of an array (that contains 2 elements)}}
+  y[2] = 2; // expected-warning {{array index of '2' indexes past the end of an array (that contains 2 elements)}}
+  return x[2] +  // expected-warning {{array index of '2' indexes past the end of an array (that contains 2 elements)}}
+         y[-1] + // expected-warning {{array index of '-1' indexes before the beginning of the array}}
+         x[sizeof(x)] +  // expected-warning {{array index of '8' indexes past the end of an array (that contains 2 elements)}}
+         x[sizeof(x) / sizeof(x[0])] +  // expected-warning {{array index of '2' indexes past the end of an array (that contains 2 elements)}}
          x[sizeof(x) / sizeof(x[0]) - 1] + // no-warning
-         x[sizeof(x[2])]; // expected-warning{{array index of '4' indexes past the end of an array (that contains 2 elements)}}
+         x[sizeof(x[2])]; // expected-warning {{array index of '4' indexes past the end of an array (that contains 2 elements)}}
 }
 
 // This code example tests that -Warray-bounds works with arrays that
 // are template parameters.
 template <char *sz> class Qux {
   bool test() { return sz[0] == 'a'; }
-};
\ No newline at end of file
+};
+
+void f1(int a[1]) {
+  int val = a[3]; // no warning for function argumnet
+}
+
+void f2(const int (&a)[1]) { // expected-note {{declared here}}
+  int val = a[3];  // expected-warning {{array index of '3' indexes past the end of an array (that contains 1 elements)}}
+}
+
+void test() {
+  struct {
+    int a[0];
+  } s2;
+  s2.a[3] = 0; // no warning for 0-sized array
+
+  union {
+    short a[2]; // expected-note {{declared here}}
+    char c[4];
+  } u;
+  u.a[3] = 1; // expected-warning {{array index of '3' indexes past the end of an array (that contains 2 elements)}}
+  u.c[3] = 1; // no warning
+
+  const int const_subscript = 3;
+  int array[1]; // expected-note {{declared here}}
+  array[const_subscript] = 0;  // expected-warning {{array index of '3' indexes past the end of an array (that contains 1 elements)}}
+
+  int *ptr;
+  ptr[3] = 0; // no warning for pointer references
+  int array2[] = { 0, 1, 2 }; // expected-note 2 {{declared here}}
+
+  array2[3] = 0; // expected-warning {{array index of '3' indexes past the end of an array (that contains 3 elements)}}
+  array2[2+2] = 0; // expected-warning {{array index of '4' indexes past the end of an array (that contains 3 elements)}}
+
+  const char *str1 = "foo";
+  char c1 = str1[5]; // no warning for pointers
+
+  const char str2[] = "foo"; // expected-note {{declared here}}
+  char c2 = str2[5]; // expected-warning {{array index of '5' indexes past the end of an array (that contains 4 elements)}}
+
+  int (*array_ptr)[1];
+  (*array_ptr)[3] = 1; // expected-warning {{array index of '3' indexes past the end of an array (that contains 1 elements)}}
+}
+
+template <int I> struct S {
+  char arr[I]; // expected-note 3 {{declared here}}
+};
+template <int I> void f() {
+  S<3> s;
+  s.arr[4] = 0; // expected-warning 2 {{array index of '4' indexes past the end of an array (that contains 3 elements)}}
+  s.arr[I] = 0; // expected-warning {{array index of '5' indexes past the end of an array (that contains 3 elements)}}
+}
+
+void test_templates() {
+  f<5>(); // expected-note {{in instantiation}}
+}

More information about the cfe-commits mailing list