[cfe-commits] r149579 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp test/Analysis/CFContainers.mm
Anna Zaks
ganna at apple.com
Wed Feb 1 17:30:08 PST 2012
Author: zaks
Date: Wed Feb 1 19:30:08 2012
New Revision: 149579
URL: http://llvm.org/viewvc/llvm-project?rev=149579&view=rev
Log:
[analyzer] Fix a false positive in the CFArrayCreate check that surfaces
the the code like this (due to x and &x being the same value but
different size):
void* x[] = { ptr1, ptr2, ptr3 };
CFArrayCreate(NULL, (const void **) &x, count, NULL);
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
cfe/trunk/test/Analysis/CFContainers.mm
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp?rev=149579&r1=149578&r2=149579&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp Wed Feb 1 19:30:08 2012
@@ -48,8 +48,17 @@
// The type could be either a pointer or array.
const Type *TP = T.getTypePtr();
QualType PointeeT = TP->getPointeeType();
- if (!PointeeT.isNull())
+ if (!PointeeT.isNull()) {
+ // If the type is a pointer to an array, check the size of the array
+ // elements. To avoid false positives coming from assumption that the
+ // values x and &x are equal when x is an array.
+ if (const Type *TElem = PointeeT->getArrayElementTypeNoTypeQual())
+ if (isPointerSize(TElem))
+ return true;
+
+ // Else, check the pointee size.
return isPointerSize(PointeeT.getTypePtr());
+ }
if (const Type *TElem = TP->getArrayElementTypeNoTypeQual())
return isPointerSize(TElem);
Modified: cfe/trunk/test/Analysis/CFContainers.mm
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/CFContainers.mm?rev=149579&r1=149578&r2=149579&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/CFContainers.mm (original)
+++ cfe/trunk/test/Analysis/CFContainers.mm Wed Feb 1 19:30:08 2012
@@ -164,3 +164,22 @@
const void *s1 = CFArrayGetValueAtIndex(A, sIndex);
const void *s2 = CFArrayGetValueAtIndex(A, sCount);// expected-warning {{Index is out of bounds}}
}
+
+typedef void* XX[3];
+void TestPointerToArray(int *elems, void *p1, void *p2, void *p3, unsigned count, void* fn[], char cp[]) {
+ void* x[] = { p1, p2, p3 };
+ CFArrayCreate(0, (const void **) &x, count, 0); // no warning
+
+ void* y[] = { p1, p2, p3 };
+ CFArrayCreate(0, (const void **) y, count, 0); // no warning
+ XX *z = &x;
+ CFArrayCreate(0, (const void **) z, count, 0); // no warning
+
+ CFArrayCreate(0, (const void **) &fn, count, 0); // false negative
+ CFArrayCreate(0, (const void **) fn, count, 0); // no warning
+ CFArrayCreate(0, (const void **) cp, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+
+ char cc[] = { 0, 2, 3 };
+ CFArrayCreate(0, (const void **) &cc, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+ CFArrayCreate(0, (const void **) cc, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+}
More information about the cfe-commits
mailing list