[llvm-bugs] [Bug 40625] New: Crash in FindLastStoreBRVisitor after false positive found by alpha.core.CallAndMessageUnInitRefArg
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Feb 6 02:14:26 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=40625
Bug ID: 40625
Summary: Crash in FindLastStoreBRVisitor after false positive
found by alpha.core.CallAndMessageUnInitRefArg
Product: clang
Version: 7.0
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: adam.balogh at ericsson.com
CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org
The checker alpha.core.CallAndMessageUnInitRefArg finds a false positive in the
following code, thereafter there is an assertion in FindLastStoreBRVisitor. If
assertions are disabled, the code sometimes segfaults.
```
const int arr[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
void f(const int *begin, const int *end) {
int sum = 0;
for (const int *p = begin; p != end; ++p) {
sum += *p;
}
}
typedef const int intarray[10];
void g(const intarray &arrr) {
f(arrr, arrr+sizeof(arrr));
}
void h() {
g(arr);
}
```
The checker considers the second argument to the call for `f()` in `g()` as
unitialized (false positive), then the visitor tries to cast the declaration of
`arr` to parameter declaration which fails, because it is not a parameter,
`arrr` is a parameter passed by reference and in the actual call from `h()` the
parameter `arrr` is a reference to `arr`.
The bug is also present in 8.0 release candidate and the current trunk.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190206/6fc2881f/attachment.html>
More information about the llvm-bugs
mailing list