[PATCH] D39049: [analyzer] Fix wrong calculation of offset in ArrayBoundsV2

Daniel Marjamäki via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Oct 18 06:03:41 PDT 2017 

danielmarjamaki created this revision.
Herald added a subscriber: szepet.

Example code:

  void test3_simplified_offset(int x, unsigned long long y) {
    int buf[100];
    if (x < 0)
      x = 0;
    for (int i = y - x; i > 0 && i < 100; i++)
      buf[i] = 0; // no-warning
  }

Without this patch Clang will wrongly report this FP:

  File out-of-bounds.c Line 144: Out of bound memory access (accessed memory precedes memory block)

There is some bug in the getSimplifiedOffsets() calculations. I removed the wrong calculations and this does not break any existing tests so either no tests were written in the first place or these calculations got redundant sometime. If somebody wants to readd the calculations that I remove.. I am not against that if some tests are added and it does not break my test.


Repository:
  rL LLVM

https://reviews.llvm.org/D39049

Files:
  lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
  test/Analysis/out-of-bounds.c


Index: test/Analysis/out-of-bounds.c
===================================================================
--- test/Analysis/out-of-bounds.c
+++ test/Analysis/out-of-bounds.c
@@ -136,6 +136,14 @@
     buf[x] = 1; // expected-warning{{Out of bound memory access}}
 }
 
+void test3_simplified_offset(int x, unsigned long long y) {
+  int buf[100];
+  if (x < 0)
+    x = 0;
+  for (int i = y - x; i > 0 && i < 100; i++)
+    buf[i] = 0; // no-warning
+}
+
 void test4(int x) {
   int buf[100];
   if (x > 99)
Index: lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
+++ lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
@@ -98,10 +98,6 @@
               nonloc::SymbolVal(SIE->getLHS()),
               svalBuilder.makeIntVal(extent.getValue() / constant),
               svalBuilder);
-      case BO_Add:
-        return getSimplifiedOffsets(
-            nonloc::SymbolVal(SIE->getLHS()),
-            svalBuilder.makeIntVal(extent.getValue() - constant), svalBuilder);
       default:
         break;
       }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D39049.119467.patch
Type: text/x-patch
Size: 1137 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20171018/537cdb3c/attachment.bin>

More information about the cfe-commits mailing list