[PATCH] D12725: [analyzer] A fix for substraction of an integer from a pointer.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Wed Sep 9 05:00:12 PDT 2015
NoQ updated this revision to Diff 34320.
http://reviews.llvm.org/D12725
Files:
lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
test/Analysis/ptr-arith.c
Index: test/Analysis/ptr-arith.c
===================================================================
--- test/Analysis/ptr-arith.c
+++ test/Analysis/ptr-arith.c
@@ -296,3 +296,16 @@
clang_analyzer_eval(&points[i].x < &points[i].y);// expected-warning{{TRUE}}
}
+void negativeIndex(char *str) {
+ char *ptr = str + 1;
+ *ptr = 'a';
+ ptr = str - 1;
+ clang_analyzer_eval(*ptr); // expected-warning{{UNKNOWN}}
+ ptr = str;
+ ptr -= 1;
+ clang_analyzer_eval(*ptr); // expected-warning{{UNKNOWN}}
+ ptr = str;
+ --ptr;
+ clang_analyzer_eval(*ptr); // expected-warning{{UNKNOWN}}
+}
+
Index: lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
===================================================================
--- lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -911,8 +911,9 @@
elementType = elemReg->getElementType();
}
else if (isa<SubRegion>(region)) {
+ assert(op == BO_Add || op == BO_Sub);
+ index = (op == BO_Add) ? rhs : evalMinus(rhs);
superR = region;
- index = rhs;
if (resultTy->isAnyPointerType())
elementType = resultTy->getPointeeType();
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D12725.34320.patch
Type: text/x-patch
Size: 1174 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150909/529767ef/attachment-0001.bin>
More information about the cfe-commits
mailing list