<br><br><div class="gmail_quote">Le 20 janvier 2012 02:04, Eli Friedman <span dir="ltr"><<a href="mailto:eli.friedman@gmail.com">eli.friedman@gmail.com</a>></span> a écrit :<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Aug 23, 2011 at 1:30 PM, Ted Kremenek <<a href="mailto:kremenek@apple.com">kremenek@apple.com</a>> wrote:<br>
> Author: kremenek<br>
> Date: Tue Aug 23 15:30:50 2011<br>
> New Revision: 138372<br>
><br>
> URL: <a href="http://llvm.org/viewvc/llvm-project?rev=138372&view=rev" target="_blank">http://llvm.org/viewvc/llvm-project?rev=138372&view=rev</a><br>
> Log:<br>
> Fix regression in -Wuninitialized involving VLAs. It turns out that we were modeling sizeof(VLAs)<br>
> incorrectly in the CFG, and also the static analyzer. This patch regresses the analyzer a bit, but<br>
> that needs to be followed up with a better solution.<br>
><br>
> Fixes <rdar://problem/10008112>.<br>
><br>
> Added:<br>
> cfe/trunk/test/Analysis/outofbound-notwork.c<br>
> Modified:<br>
> cfe/trunk/lib/Analysis/CFG.cpp<br>
> cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp<br>
> cfe/trunk/test/Analysis/outofbound.c<br>
> cfe/trunk/test/Sema/uninit-variables.c<br>
><br>
> Modified: cfe/trunk/lib/Analysis/CFG.cpp<br>
> URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFG.cpp?rev=138372&r1=138371&r2=138372&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CFG.cpp?rev=138372&r1=138371&r2=138372&view=diff</a><br>
> ==============================================================================<br>
> --- cfe/trunk/lib/Analysis/CFG.cpp (original)<br>
> +++ cfe/trunk/lib/Analysis/CFG.cpp Tue Aug 23 15:30:50 2011<br>
> @@ -2203,16 +2203,7 @@<br>
> for (const VariableArrayType *VA =FindVA(E->getArgumentType().getTypePtr());<br>
> VA != 0; VA = FindVA(VA->getElementType().getTypePtr()))<br>
> lastBlock = addStmt(VA->getSizeExpr());<br>
> - } else {<br>
> - // For sizeof(x), where 'x' is a VLA, we should include the computation<br>
> - // of the lvalue of 'x'.<br>
> - Expr *subEx = E->getArgumentExpr();<br>
> - if (subEx->getType()->isVariableArrayType()) {<br>
> - assert(subEx->isLValue());<br>
> - lastBlock = addStmt(subEx);<br>
> - }<br>
> }<br>
> -<br>
> return lastBlock;<br>
> }<br>
<br>
A bit late, but I think this commit is wrong. The subexpression of a<br>
sizeof() expression is in fact evaluated per C99 6.5.3.4p2. So<br>
strictly speaking, this code has undefined behavior. The fact that<br>
we're getting this wrong is leading to a crash in a patch I'm working<br>
on to model the evaluated-ness of sizeof() correctly in Sema.<br>
<br>
(That said, we can use the following reasoning to suppress the warning<br>
for the given testcase: in "sizeof(*memory)", the code doesn't<br>
actually use the loaded value, so it doesn't matter that it's an<br>
uninitialized load.)<br>
<br>
-Eli<br>
<br>
<br></blockquote><div>Ah interesting, we had a discussion about the unevaluated contexts and the presence of null pointers yesterday on stackoverflow and the conclusion was that also not so clear, the intent of the Standard seemed to be that values were of no important in unevaluated contexts, except for `typeid(x)` where `x` points to a polymorphic class.<br>
<br>And in fact, the C++11 Standard says in 5.3.3p1 [expr.sizeof]:<br><br><div style="margin-left:40px">The sizeof operator yields the number of bytes in the object representation of its operand. The operand is either an expression, which is an **unevaluated operand** (Clause 5), or a parenthesized type-id.<br>
</div></div></div><br>(I know, VLA are not part of the C++ Standard)<br><br>It seems that the Standards are at odd was it revised in C11 ?<br><br>-- Matthieu<br>