[cfe-commits] r62130 - in /cfe/trunk: include/clang/Analysis/PathSensitive/GRExprEngine.h lib/Analysis/GRExprEngine.cpp test/Analysis/null-deref-ps.c
Ted Kremenek
kremenek at apple.com
Mon Jan 12 17:04:21 PST 2009
Author: kremenek
Date: Mon Jan 12 19:04:21 2009
New Revision: 62130
URL: http://llvm.org/viewvc/llvm-project?rev=62130&view=rev
Log:
static analyzer: Handle casts from arrays to integers. This fixes PR 3297.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
cfe/trunk/lib/Analysis/GRExprEngine.cpp
cfe/trunk/test/Analysis/null-deref-ps.c
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=62130&r1=62129&r2=62130&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Mon Jan 12 19:04:21 2009
@@ -542,6 +542,11 @@
/// VisitCast - Transfer function logic for all casts (implicit and explicit).
void VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst);
+
+ /// VisitCastPointerToInteger - Transfer function (called by VisitCast) that
+ /// handles pointer to integer casts and array to integer casts.
+ void VisitCastPointerToInteger(SVal V, const GRState* state, QualType PtrTy,
+ Expr* CastE, NodeTy* Pred, NodeSet& Dst);
/// VisitCompoundLiteralExpr - Transfer function logic for compound literals.
void VisitCompoundLiteralExpr(CompoundLiteralExpr* CL, NodeTy* Pred,
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=62130&r1=62129&r2=62130&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Mon Jan 12 19:04:21 2009
@@ -1668,6 +1668,22 @@
// Transfer functions: Miscellaneous statements.
//===----------------------------------------------------------------------===//
+void GRExprEngine::VisitCastPointerToInteger(SVal V, const GRState* state,
+ QualType PtrTy,
+ Expr* CastE, NodeTy* Pred,
+ NodeSet& Dst) {
+ if (!V.isUnknownOrUndef()) {
+ // FIXME: Determine if the number of bits of the target type is
+ // equal or exceeds the number of bits to store the pointer value.
+ // If not, flag an error.
+ unsigned bits = getContext().getTypeSize(PtrTy);
+ V = nonloc::LocAsInteger::Make(getBasicVals(), cast<Loc>(V), bits);
+ }
+
+ MakeNode(Dst, CastE, Pred, BindExpr(state, CastE, V));
+}
+
+
void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){
NodeSet S1;
QualType T = CastE->getType();
@@ -1724,14 +1740,7 @@
// Check for casts from pointers to integers.
if (T->isIntegerType() && Loc::IsLocType(ExTy)) {
- unsigned bits = getContext().getTypeSize(ExTy);
-
- // FIXME: Determine if the number of bits of the target type is
- // equal or exceeds the number of bits to store the pointer value.
- // If not, flag an error.
-
- V = nonloc::LocAsInteger::Make(getBasicVals(), cast<Loc>(V), bits);
- MakeNode(Dst, CastE, N, BindExpr(St, CastE, V));
+ VisitCastPointerToInteger(V, St, ExTy, CastE, N, Dst);
continue;
}
@@ -1744,11 +1753,24 @@
continue;
}
- // Check for casts from array type to pointer type.
+ // Check for casts from array type to another type.
if (ExTy->isArrayType()) {
- assert(T->isPointerType());
+ // We will always decay to a pointer.
V = StateMgr.ArrayToPointer(V);
- MakeNode(Dst, CastE, N, BindExpr(St, CastE, V));
+
+ // Are we casting from an array to a pointer? If so just pass on
+ // the decayed value.
+ if (T->isPointerType()) {
+ MakeNode(Dst, CastE, N, BindExpr(St, CastE, V));
+ continue;
+ }
+
+ // Are we casting from an array to an integer? If so, cast the decayed
+ // pointer value to an integer.
+ assert(T->isIntegerType());
+ QualType ElemTy = cast<ArrayType>(ExTy)->getElementType();
+ QualType PointerTy = getContext().getPointerType(ElemTy);
+ VisitCastPointerToInteger(V, St, PointerTy, CastE, N, Dst);
continue;
}
Modified: cfe/trunk/test/Analysis/null-deref-ps.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/null-deref-ps.c?rev=62130&r1=62129&r2=62130&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/null-deref-ps.c (original)
+++ cfe/trunk/test/Analysis/null-deref-ps.c Mon Jan 12 19:04:21 2009
@@ -52,6 +52,27 @@
return *q; // expected-warning{{Dereference of null pointer.}}
}
+int f4_b() {
+ short array[2];
+ uintptr_t x = array; // expected-warning{{incompatible pointer to integer conversion initializing}}
+ short *p = x; // expected-warning{{incompatible integer to pointer conversion initializing}}
+
+ // The following branch should be infeasible.
+ if (!(p = &array[0])) {
+ p = 0;
+ *p = 1; // no-warning
+ }
+
+ if (p) {
+ *p = 5; // no-warning
+ p = 0;
+ }
+ else return;
+
+ *p += 10; // expected-warning{{Dereference of null pointer}}
+}
+
+
int f5() {
char *s = "hello world";
More information about the cfe-commits
mailing list