<table border="1" cellspacing="0" cellpadding="8">

    <tr>

        <th>Issue</th>

        <td>

            <a href=https://github.com/llvm/llvm-project/issues/89264>89264</a>

        </td>

    </tr>

    <tr>

        <th>Summary</th>

        <td>

            [analyzer] Dereference checker should check binds on label locations

        </td>

    </tr>

    <tr>

      <th>Labels</th>

      <td>

            enhancement,

            good first issue,

            clang:static analyzer

      </td>

    </tr>

    <tr>

      <th>Assignees</th>

      <td>

      </td>

    </tr>

    <tr>

      <th>Reporter</th>

      <td>

          steakhal

      </td>

    </tr>

</table>

<pre>

    Consider the following input:

```c++

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s

void clang_analyzer_dump(char);

void clang_analyzer_dump_ptr(char*);

// https://github.com/llvm/llvm-project/issues/89185

void binding_to_label_loc() {

  char *b = &&MyLabel;

MyLabel:

  *b = 0; // no-crash

  clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}

  clang_analyzer_dump(*b); // expected-warning {{Unknown}}

  // FIXME: We should never get here, as the dereference checker should have caught the binding operation to the label location.

}

```

One should never store values to the addresses of labels.

I think the closest checker is the Dereference checker, which could check for label locs after it checked for undefined locations.

Like this:

```diff

diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp

@@ -287,6 +287,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S,

   if (V.isUndef())

     return;

+  // One should never write to label addresses.

+  if (auto Label = L.getAs<loc::GotoLabel>()) {

+    llvm::errs() << "WRITING TO LABEL: " << L << "\n";

+    // TODO: report a fatal issue like: "Dereference of the address of a label"

+  }

+

   const MemRegion *MR = L.getAsRegion();

   const TypedValueRegion *TVR = dyn_cast_or_null<TypedValueRegion>(MR);

   if (!TVR)

```

</pre>

<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysVl1v4jgX_jXm5giUOAHCBRcByqgSnUptp_PeIWOfJH6b2pHttMP--pWdj1K6s1ppV4ogsc85Ph_P8yTMWlkqxDWZb8h8N2Gtq7RZW4fspWL15KTFeb3VykqBBlyFUOi61u9SlSBV0zqS5CTakWj4XUTdxQnd-KtbpXtC9_Dw4ztJciB0zmumyiNTrD7_gUfOY5j2D2bKK-QvaEiy49ogoVuBp7ac3fxqzK2yDXIntYLpGxpZnH0we5nAm5YCPoU3R9G-NoRmvGKG0BVJNn9vemycGc3zS49P1VTONdaXHx5L6ar2NOP6ldB9Xb8Nf9PG6P8jd4TupbUtWkL32SrO5hc5nKQSUpVHp481O2F9rDUnNCN0BWTZHw3g8wFC8xOQZAeELghd3J0P3mFMcHzOB6_RISLJBvrUlZ5yw2w1hv5tE05d-YMj_vL9RzF9Z0Z5DPj8lpvPySx3_vp96FBa_s8i_1AvSr-rzzF7l_3t_-5uPKB-IthKt7UAhW9ooEQHFQbsALMBtQINFmhQcYQeYINPxd4QOGvLygXTfhqgGzQsYM3psBFmA7XmYXXWg2FIa0T-JVTu1VVq1mmD8MbqFu0Qlwlh0Fq0oIvuENsHvwVXSfUSrHitLVo3Zi-7wnZfC_Nlv1eSV8DDyWEZCm0-KrDACueDDPFE2G-VwEIqFGOVQyYH-YI-GfvB96FeIYuiW_J3MJ2W0gEjdB9G72kgT4TuHx1zkuc9EAjdb7tsPSEuiuhXZ7xp4PQfBOmTTSOSRjCl2ZLQ7QII3XS3MYV-LzDxawxfb5KHJm2kEoRmj8-shoNvcrh79ndcK-vg0b06T7hHQrcDVkEWQGj2PJP2h-9ux2t_DQYABl1r1EhiGGRmM0L9C47ejXToAdSNdITQ7MK3O5m1TkMgZpCBw6xEl1uSbL3IhOK-aad72bgZ0_tQnhALIGhasEfj-93JU7IlyRYIpT8fbp9uv3-Dp3s45JubQyf0dLA4XJiS-Vb5v-TzAX2pT_e7e-9ssNHGAYOCOVZDEE-o5Qv2kS-Br4tLIvlH1jXGH3PRzJGrdFTVfnR3-PqApSc7ofndw2WruvW-Mcm149O5QfHs-fzh__TcBRBndeTMuqM2R9XWNUm21-Zdy-8ermJ3oyM0fnp-GLFypTATsU7EKlmxCa7jZZyk81WSZpNqXSSLbBlH2TJasfS0jMUc40hEC2QZR47ZRK5pRNMojbN4MZ-n2SxiiShiKlgRz9OMr0ga4SuT9cwPfaZNOQntX2crukgnnUSFLwZKUVVMcXxF5Xyz6ZZQWmotoJDGum5s40ZH5iS3gcbARh5T_-1h1uGFeWpLS9KoltbZjwScdHX4Shmd5ru_Er-BJp3oeS23oNWVdttJa-r1v3mB00X6ZwAAAP__bpfRpA">