[PATCH] D30312: Fix unix.Malloc analysis crasher when allocating dynamic arrays w/unbound statements (fix PR32050)
Kevin Marshall via cfe-commits
cfe-commits at lists.llvm.org
Thu Feb 23 16:22:47 PST 2017
Apparently not - I'm at 289944 locally. Sigh. Oh well, it was an
interesting investigation.
On Thu, Feb 23, 2017 at 3:48 PM, Nico Weber <thakis at chromium.org> wrote:
> This looks pretty similar to https://reviews.llvm.org/D27849 – are you
> synced to trunk?
>
> On Thu, Feb 23, 2017 at 5:42 PM, Kevin Marshall via Phabricator via
> cfe-commits <cfe-commits at lists.llvm.org> wrote:
>
>> kmarshall created this revision.
>>
>> The extent calculation function had a bug which caused it to ignore if
>> the size value was defined prior to casting it. As a result, size
>> expressions with free variables would trigger assertion failures during the
>> cast operation.
>>
>> This patch adds that missing check, and replaces the redundant call to
>> castAs<>() with the SVar that is returned by the checked cast.
>>
>> Added a regression test "Malloc+NewDynamicArray" that exercises the fix.
>>
>>
>> https://reviews.llvm.org/D30312
>>
>> Files:
>> lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> test/Analysis/Malloc+NewDynamicArray.cpp
>>
>>
>> Index: test/Analysis/Malloc+NewDynamicArray.cpp
>> ===================================================================
>> --- test/Analysis/Malloc+NewDynamicArray.cpp
>> +++ test/Analysis/Malloc+NewDynamicArray.cpp
>> @@ -0,0 +1,17 @@
>> +// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -verify %s
>> +
>> +//---------------------------------------------------------
>> --------------
>> +// Check that arrays sized using expressions with free variables
>> +// do not cause the unix.Malloc checker to crash.
>> +//
>> +// The function should not actually be called from anywhere, otherwise
>> +// the compiler will optimize the length expression and replace it with
>> +// with precomputed literals.
>> +//---------------------------------------------------------
>> --------------
>> +
>> +void AllocateExpr(int lhs, int rhs) {
>> + new int[lhs + rhs];
>> +}
>> +
>> +// expected-no-diagnostics
>> +
>> Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> ===================================================================
>> --- lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> +++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> @@ -1026,12 +1026,11 @@
>> ASTContext &AstContext = C.getASTContext();
>> CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
>>
>> - if (Optional<DefinedOrUnknownSVal> DefinedSize =
>> - ElementCount.getAs<DefinedOrUnknownSVal>()) {
>> + if (Optional<NonLoc> DefinedSize = ElementCount.getAs<NonLoc>()) {
>> DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
>> // size in Bytes = ElementCount*TypeSize
>> SVal SizeInBytes = svalBuilder.evalBinOpNN(
>> - State, BO_Mul, ElementCount.castAs<NonLoc>(),
>> + State, BO_Mul, *DefinedSize,
>> svalBuilder.makeArrayIndex(TypeSize.getQuantity()),
>> svalBuilder.getArrayIndexType());
>> DefinedOrUnknownSVal extentMatchesSize = svalBuilder.evalEQ(
>>
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170223/975b3ded/attachment-0001.html>
More information about the cfe-commits
mailing list