[PATCH] D28955: [analyzer] Enable support for symbolic extension/truncation

Dominic Chen via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Sat Jan 21 13:57:29 PST 2017

ddcc added a comment.

> We should have expected-warning on 64-bit targets (where `size_t` easily overflows `int`) and no-warning on 32-bit targets (where they are of the same size and the fix for the original issue https://llvm.org/bugs/show_bug.cgi?id=16558 applies). I think we should have two run-lines for this test, with two concrete targets specified; it'd be great to actually have other tests in this file undergo such trial.

To clarify, you're asking for something like the following, instead of changing from `int` to `size_t`?

  diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c
  index 42deb9f..80e4184 100644
  --- a/test/Analysis/malloc.c
  +++ b/test/Analysis/malloc.c
  @@ -1,4 +1,5 @@
  -// RUN: %clang_cc1 %z3_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
  +// RUN: %clang_cc1 %z3_cc1 -triple i386-unknown-linux -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
  +// RUN: %clang_cc1 %z3_cc1 -triple x86_64-unknown-linux -Dx86_64 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
   #include "Inputs/system-header-simulator.h"
  @@ -1705,9 +1706,13 @@ void *smallocNoWarn(size_t size) {
   char *dupstrNoWarn(const char *s) {
  -  const size_t len = strlen(s);
  +  const int len = strlen(s);
     char *p = (char*) smallocNoWarn(len + 1);
  -  strcpy(p, s); // no-warning
  +#ifdef x86_64
  +  strcpy(p, s); // expected-warning{{String copy function overflows destination buffer}}
  +  strcpy(p, s); // no warning
     return p;


More information about the cfe-commits mailing list