[cfe-dev] [Analyzer] ArrayBoundCheckerV2: Why the analyzer add the constraint `Idx < ArraySize` after element access?
Henry Wong via cfe-dev
cfe-dev at lists.llvm.org
Wed Jul 11 03:27:58 PDT 2018
Hi all,
For the code below, the `ArrayBoundCheckerV2` will add the constraint `x < 100` after the `buf[x] = 1`, see https://reviews.llvm.org/D23112.
```
void test_assume_after_access(unsigned long x) {
int buf[100];
buf[x] = 1;
clang_analyzer_eval(x <= 99); // expected-warning{{TRUE}}
}
```
1. What is the purpose for doing this?
2. why not add `x >= 0` as well?
I used `checkLocation()`, same as `ArrayBoundCheckerV2`, in my own checker too. Due to the uncertain calling order, I got the wrong constraints on `x` in my own checker. That's why I pay attention to this problem.
Thanks in advance!
Henry Wong
Qihoo 360 Codesafe Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20180711/69f4feec/attachment.html>
More information about the cfe-dev
mailing list