[cfe-commits] r163438 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp test/Analysis/malloc-sizeof.c

Anna Zaks ganna at apple.com
Fri Sep 7 17:09:02 PDT 2012 

Author: zaks
Date: Fri Sep  7 19:09:02 2012
New Revision: 163438

URL: http://llvm.org/viewvc/llvm-project?rev=163438&view=rev
Log:
[analyzer] Address John's code review for r163407.

Teach malloc sizeof checker to find type inconsistencies in multi-
dimensional arrays.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp
    cfe/trunk/test/Analysis/malloc-sizeof.c

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp?rev=163438&r1=163437&r2=163438&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp Fri Sep  7 19:09:02 2012
@@ -157,6 +157,18 @@
   return false;
 }
 
+static bool compatibleWithArrayType(ASTContext &C, QualType PT, QualType T) {
+  // Ex: 'int a[10][2]' is compatible with 'int', 'int[2]', 'int[10][2]'.
+  while (const ArrayType *AT = T->getAsArrayTypeUnsafe()) {
+    QualType ElemType = AT->getElementType();
+    if (typesCompatible(C, PT, AT->getElementType()))
+      return true;
+    T = ElemType;
+  }
+
+  return false;
+}
+
 class MallocSizeofChecker : public Checker<check::ASTCodeBody> {
 public:
   void checkASTCodeBody(const Decl *D, AnalysisManager& mgr,
@@ -189,18 +201,9 @@
           continue;
 
         // If the argument to sizeof is an array, the result could be a
-        // pointer to the array element.
-        if (const ArrayType *AT = dyn_cast<ArrayType>(SizeofType)) {
-          QualType ElemType = AT->getElementType();
-          if (typesCompatible(BR.getContext(), PointeeType,
-                                               AT->getElementType()))
-            continue;
-            
-          // For now, let's only reason about arrays of built in types.
-          if (!ElemType->isBuiltinType())
-            continue;
-        }
-
+        // pointer to any array element.
+        if (compatibleWithArrayType(BR.getContext(), PointeeType, SizeofType))
+          continue;
 
         const TypeSourceInfo *TSI = 0;
         if (i->CastedExprParent.is<const VarDecl *>()) {

Modified: cfe/trunk/test/Analysis/malloc-sizeof.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc-sizeof.c?rev=163438&r1=163437&r2=163438&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc-sizeof.c (original)
+++ cfe/trunk/test/Analysis/malloc-sizeof.c Fri Sep  7 19:09:02 2012
@@ -37,9 +37,11 @@
 
 int *mallocArraySize() {
   static const int sTable[10];
-  static const int nestedTable[10][10];
+  static const int nestedTable[10][2];
   int *table = malloc(sizeof sTable);
   int *table1 = malloc(sizeof nestedTable);
+  int (*table2)[2] = malloc(sizeof nestedTable);
+  int (*table3)[10][2] = malloc(sizeof nestedTable);
   return table;
 }

More information about the cfe-commits mailing list