[all-commits] [llvm/llvm-project] dfdeda: [analyzer] Switch to PostStmt callbacks in ArrayBo...

DonatNagyE via All-commits all-commits at lists.llvm.org
Tue Dec 5 07:17:49 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: dfdedaf6dae0b4e54c64c740f8d22567447e0f8d
      https://github.com/llvm/llvm-project/commit/dfdedaf6dae0b4e54c64c740f8d22567447e0f8d
  Author: DonatNagyE <donat.nagy at ericsson.com>
  Date:   2023-12-05 (Tue, 05 Dec 2023)

  Changed paths:
    M clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
    M clang/test/Analysis/out-of-bounds-diagnostics.c
    M clang/test/Analysis/out-of-bounds-new.cpp
    M clang/test/Analysis/taint-diagnostic-visitor.c

  Log Message:
  -----------
  [analyzer] Switch to PostStmt callbacks in ArrayBoundV2 (#72107)

...instead of the currently used, more abstract Location callback. The
main advantage of this change is that after it the checker will check
`array[index].field` while the previous implementation ignored this
situation (because here the ElementRegion is wrapped in a FieldRegion
object). This improvement fixes PR #70187.

Note that after this change `&array[idx]` will be handled as an access
to the `idx`th element of `array`, which is technically incorrect but
matches the programmer intuitions. In my opinion it's more helpful if
the report points to the source location where the indexing happens
(instead of the location where a pointer is finally dereferenced).

As a special case, this change allows code that forms the past-the-end
pointer of an array as `&arr[size]` (but still rejects code like
`if (idx >= size) return &array[idx];` and code that dereferences a
past-the-end pointer).

In addition to this primary improvement, this change tweaks the message
for the tainted index/offset case (using the more concrete information
that's available now) and clarifies/improves a few testcases.

The main change of this commit (replacing `check::Location` with
`check::PostStmt<...>` callbacks) was already proposed in my change
https://reviews.llvm.org/D150446 and https://reviews.llvm.org/D159107 by
steakhal. Those reviews were both abandoned, but the problems that led
to abandonment were unrelated to the change that is introduced in this
PR.

More information about the All-commits mailing list