[clang] bd42582 - [analyzer] Ignore calculated indices of <= 0 in VLASizeChecker

via cfe-commits cfe-commits at lists.llvm.org
Thu Jun 4 05:26:07 PDT 2020 

Author: Vince Bridgers
Date: 2020-06-04T07:25:35-05:00
New Revision: bd425825411af1b340134b0e8c9c03733ee87d66

URL: https://github.com/llvm/llvm-project/commit/bd425825411af1b340134b0e8c9c03733ee87d66
DIFF: https://github.com/llvm/llvm-project/commit/bd425825411af1b340134b0e8c9c03733ee87d66.diff

LOG: [analyzer] Ignore calculated indices of <= 0 in VLASizeChecker

Summary:
See https://bugs.llvm.org/show_bug.cgi?id=46128. The checker does not
yet comprehend constraints involving multiple symbols, so it's possible
to calculate a VLA size that's negative or 0. A LIT is added to catch
regressions, and this change simply bails if a VLA size of 0 or less is
calculated.

Reviewers: balazske, NoQ, martong, baloghadamsoftware, Szelethus, gamesh411

Reviewed By: balazske, NoQ, Szelethus

Subscribers: xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, Charusso, ASDenysPetrov, cfe-commits, dkrupp

Tags: #clang

Differential Revision: https://reviews.llvm.org/D80903

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
    clang/test/Analysis/vla.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
index de487042fb8a..d76b2a06aba5 100644
--- a/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
@@ -126,7 +126,12 @@ ProgramStateRef VLASizeChecker::checkVLA(CheckerContext &C,
       // Size overflow check does not work with symbolic expressions because a
       // overflow situation can not be detected easily.
       uint64_t IndexL = IndexLVal->getZExtValue();
-      assert(IndexL > 0 && "Index length should have been checked for zero.");
+      // FIXME: See https://reviews.llvm.org/D80903 for discussion of
+      // some 
diff erence in assume and getKnownValue that leads to
+      // unexpected behavior. Just bail on IndexL == 0 at this point.
+      if (IndexL == 0)
+        return nullptr;
+
       if (KnownSize <= SizeMax / IndexL) {
         KnownSize *= IndexL;
       } else {

diff  --git a/clang/test/Analysis/vla.c b/clang/test/Analysis/vla.c
index a269ef334c32..457c14172310 100644
--- a/clang/test/Analysis/vla.c
+++ b/clang/test/Analysis/vla.c
@@ -137,3 +137,17 @@ void check_VLA_extent() {
   clang_analyzer_eval(clang_analyzer_getExtent(&vla3m) == 2 * x * 4 * sizeof(int));
   // expected-warning at -1{{TRUE}}
 }
+
+// https://bugs.llvm.org/show_bug.cgi?id=46128
+// analyzer doesn't handle more than simple symbolic expressions.
+// Just don't crash.
+extern void foo(void);
+int a;
+void b() {
+  int c = a + 1;
+  for (;;) {
+    int d[c];
+    for (; 0 < c;)
+      foo();
+  }
+} // no-crash

More information about the cfe-commits mailing list