[PATCH] D28955: [analyzer] Enable support for symbolic extension/truncation
Dominic Chen via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sat Jan 21 13:57:29 PST 2017
ddcc added a comment.
> We should have expected-warning on 64-bit targets (where `size_t` easily overflows `int`) and no-warning on 32-bit targets (where they are of the same size and the fix for the original issue https://llvm.org/bugs/show_bug.cgi?id=16558 applies). I think we should have two run-lines for this test, with two concrete targets specified; it'd be great to actually have other tests in this file undergo such trial.
To clarify, you're asking for something like the following, instead of changing from `int` to `size_t`?
diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c
index 42deb9f..80e4184 100644
--- a/test/Analysis/malloc.c
+++ b/test/Analysis/malloc.c
@@ -1,4 +1,5 @@
-// RUN: %clang_cc1 %z3_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
+// RUN: %clang_cc1 %z3_cc1 -triple i386-unknown-linux -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
+// RUN: %clang_cc1 %z3_cc1 -triple x86_64-unknown-linux -Dx86_64 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
#include "Inputs/system-header-simulator.h"
@@ -1705,9 +1706,13 @@ void *smallocNoWarn(size_t size) {
}
char *dupstrNoWarn(const char *s) {
- const size_t len = strlen(s);
+ const int len = strlen(s);
char *p = (char*) smallocNoWarn(len + 1);
- strcpy(p, s); // no-warning
+#ifdef x86_64
+ strcpy(p, s); // expected-warning{{String copy function overflows destination buffer}}
+#else
+ strcpy(p, s); // no warning
+#endif
return p;
}
https://reviews.llvm.org/D28955
More information about the cfe-commits
mailing list