[all-commits] [llvm/llvm-project] fa8a21: [analyzer] Improve handling of unsigned values in ...

NagyDonat via All-commits all-commits at lists.llvm.org
Thu Feb 22 05:19:34 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: fa8a21144ec9a6836e9bf1e3bf5cd0b2f058209e
      https://github.com/llvm/llvm-project/commit/fa8a21144ec9a6836e9bf1e3bf5cd0b2f058209e
  Author: NagyDonat <donat.nagy at ericsson.com>
  Date:   2024-02-22 (Thu, 22 Feb 2024)

  Changed paths:
    M clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
    M clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
    M clang/test/Analysis/out-of-bounds.c

  Log Message:
  -----------
  [analyzer] Improve handling of unsigned values in ArrayBoundCheckerV2 (#81034)

A memory access is an out of bounds error if the offset is < the extent
of the memory region. Notice that here "<" is a _mathematical_
comparison between two numbers and NOT a C/C++ operator that compares
two typed C++ values: for example -1 < 1000 is true in mathematics, but
if the `-1` is an `int` and the `1000` is a `size_t` value, then
evaluating the C/C++ operator `<` will return false because the `-1`
will be converted to `SIZE_MAX` by the automatic type conversions.

This means that it's incorrect to perform a bounds check with
`evalBinOpNN(State, BO_LT, ...)` which performs automatic conversions
and can produce wildly incorrect results.

ArrayBoundsCheckerV2 already had a special case where it avoided calling
`evalBinOpNN` in a situation where it would have performed an automatic
conversion; this commit replaces that code with a more general one that
covers more situations. (It's still not perfect, but it's better than
the previous version and I think it will cover practically all
real-world code.)

Note that this is not a limitation/bug of the simplification algorithm
defined in `getSimplifedOffsets()`: the simplification is not applied in
the test case `test_comparison_with_extent_symbol` (because the `Extent`
is not a concrete int), but without the new code it would still run into
a `-1 < UNSIGNED` comparison that evaluates to false because
`evalBinOpNN` performs an automatic type conversion.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list