<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/89264>89264</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[analyzer] Dereference checker should check binds on label locations
</td>
</tr>
<tr>
<th>Labels</th>
<td>
enhancement,
good first issue,
clang:static analyzer
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
steakhal
</td>
</tr>
</table>
<pre>
Consider the following input:
```c++
// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
void clang_analyzer_dump(char);
void clang_analyzer_dump_ptr(char*);
// https://github.com/llvm/llvm-project/issues/89185
void binding_to_label_loc() {
char *b = &&MyLabel;
MyLabel:
*b = 0; // no-crash
clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
clang_analyzer_dump(*b); // expected-warning {{Unknown}}
// FIXME: We should never get here, as the dereference checker should have caught the binding operation to the label location.
}
```
One should never store values to the addresses of labels.
I think the closest checker is the Dereference checker, which could check for label locs after it checked for undefined locations.
Like this:
```diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -287,6 +287,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs<loc::GotoLabel>()) {
+ llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+ // TODO: report a fatal issue like: "Dereference of the address of a label"
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null<TypedValueRegion>(MR);
if (!TVR)
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysVl1v4jgX_jXm5giUOAHCBRcByqgSnUptp_PeIWOfJH6b2pHttMP--pWdj1K6s1ppV4ogsc85Ph_P8yTMWlkqxDWZb8h8N2Gtq7RZW4fspWL15KTFeb3VykqBBlyFUOi61u9SlSBV0zqS5CTakWj4XUTdxQnd-KtbpXtC9_Dw4ztJciB0zmumyiNTrD7_gUfOY5j2D2bKK-QvaEiy49ogoVuBp7ac3fxqzK2yDXIntYLpGxpZnH0we5nAm5YCPoU3R9G-NoRmvGKG0BVJNn9vemycGc3zS49P1VTONdaXHx5L6ar2NOP6ldB9Xb8Nf9PG6P8jd4TupbUtWkL32SrO5hc5nKQSUpVHp481O2F9rDUnNCN0BWTZHw3g8wFC8xOQZAeELghd3J0P3mFMcHzOB6_RISLJBvrUlZ5yw2w1hv5tE05d-YMj_vL9RzF9Z0Z5DPj8lpvPySx3_vp96FBa_s8i_1AvSr-rzzF7l_3t_-5uPKB-IthKt7UAhW9ooEQHFQbsALMBtQINFmhQcYQeYINPxd4QOGvLygXTfhqgGzQsYM3psBFmA7XmYXXWg2FIa0T-JVTu1VVq1mmD8MbqFu0Qlwlh0Fq0oIvuENsHvwVXSfUSrHitLVo3Zi-7wnZfC_Nlv1eSV8DDyWEZCm0-KrDACueDDPFE2G-VwEIqFGOVQyYH-YI-GfvB96FeIYuiW_J3MJ2W0gEjdB9G72kgT4TuHx1zkuc9EAjdb7tsPSEuiuhXZ7xp4PQfBOmTTSOSRjCl2ZLQ7QII3XS3MYV-LzDxawxfb5KHJm2kEoRmj8-shoNvcrh79ndcK-vg0b06T7hHQrcDVkEWQGj2PJP2h-9ux2t_DQYABl1r1EhiGGRmM0L9C47ejXToAdSNdITQ7MK3O5m1TkMgZpCBw6xEl1uSbL3IhOK-aad72bgZ0_tQnhALIGhasEfj-93JU7IlyRYIpT8fbp9uv3-Dp3s45JubQyf0dLA4XJiS-Vb5v-TzAX2pT_e7e-9ssNHGAYOCOVZDEE-o5Qv2kS-Br4tLIvlH1jXGH3PRzJGrdFTVfnR3-PqApSc7ofndw2WruvW-Mcm149O5QfHs-fzh__TcBRBndeTMuqM2R9XWNUm21-Zdy-8ermJ3oyM0fnp-GLFypTATsU7EKlmxCa7jZZyk81WSZpNqXSSLbBlH2TJasfS0jMUc40hEC2QZR47ZRK5pRNMojbN4MZ-n2SxiiShiKlgRz9OMr0ga4SuT9cwPfaZNOQntX2crukgnnUSFLwZKUVVMcXxF5Xyz6ZZQWmotoJDGum5s40ZH5iS3gcbARh5T_-1h1uGFeWpLS9KoltbZjwScdHX4Shmd5ru_Er-BJp3oeS23oNWVdttJa-r1v3mB00X6ZwAAAP__bpfRpA">