[PATCH] D63080: [analyzer] Track indices of arrays

Kristóf Umann via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Jun 14 17:55:30 PDT 2019


Szelethus updated this revision to Diff 204888.
Szelethus added a comment.

One more test just for good measure, don't enable null fp suppression.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D63080/new/

https://reviews.llvm.org/D63080

Files:
  clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
  clang/test/Analysis/diagnostics/track_subexpressions.cpp


Index: clang/test/Analysis/diagnostics/track_subexpressions.cpp
===================================================================
--- clang/test/Analysis/diagnostics/track_subexpressions.cpp
+++ clang/test/Analysis/diagnostics/track_subexpressions.cpp
@@ -17,3 +17,67 @@
   (void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
                                       // expected-note at -1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
 }
+
+namespace array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+  int a;
+  if (x > 0) // expected-note {{Assuming 'x' is > 0}}
+             // expected-note at -1 {{Taking true branch}}
+    a = 3; // expected-note {{The value 3 is assigned to 'a'}}
+  else
+    a = 2;
+  return a; // expected-note {{Returning the value 3 (loaded from 'a')}}
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+  int arr[10];
+
+  for (int i = 0; i < 3; ++i)
+    // expected-note at -1 3{{Loop condition is true.  Entering loop body}}
+    // expected-note at -2 {{Loop condition is false. Execution continues on line 43}}
+    arr[i] = 0;
+  int x = getInt();
+  int n = getIndex(x); // expected-note {{Calling 'getIndex'}}
+                       // expected-note at -1 {{Returning from 'getIndex'}}
+                       // expected-note at -2 {{'n' initialized to 3}}
+  consume(arr[n]);
+  // expected-note at -1 {{1st function call argument is an uninitialized value}}
+  // expected-warning at -2{{1st function call argument is an uninitialized value}}
+}
+} // end of namespace array_index_tracking
+
+namespace multi_array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+  int a;
+  if (x > 0) // expected-note {{Assuming 'x' is > 0}}
+             // expected-note at -1 {{Taking true branch}}
+    a = 3; // expected-note {{The value 3 is assigned to 'a'}}
+  else
+    a = 2;
+  return a; // expected-note {{Returning the value 3 (loaded from 'a')}}
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+  int arr[2][10];
+
+  for (int i = 0; i < 3; ++i)
+    // expected-note at -1 3{{Loop condition is true.  Entering loop body}}
+    // expected-note at -2 {{Loop condition is false. Execution continues on line 75}}
+    arr[1][i] = 0;
+  int x = getInt();
+  int n = getIndex(x); // expected-note {{Calling 'getIndex'}}
+                       // expected-note at -1 {{Returning from 'getIndex'}}
+                       // expected-note at -2 {{'n' initialized to 3}}
+  consume(arr[1][n]);
+  // expected-note at -1 {{1st function call argument is an uninitialized value}}
+  // expected-warning at -2{{1st function call argument is an uninitialized value}}
+}
+} // end of namespace mulit_array_index_tracking
Index: clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -1676,6 +1676,11 @@
   if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode))
     trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
 
+  // Track the index if this is an array subscript.
+  if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
+    trackExpressionValue(
+        LVNode, Arr->getIdx(), report, /*EnableNullFPSuppression*/ false);
+
   // See if the expression we're interested refers to a variable.
   // If so, we can track both its contents and constraints on its value.
   if (ExplodedGraph::isInterestingLValueExpr(Inner)) {


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D63080.204888.patch
Type: text/x-patch
Size: 3707 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190615/e961f20b/attachment-0001.bin>


More information about the cfe-commits mailing list