[cfe-commits] r112766 - in /cfe/trunk: lib/Checker/RegionStore.cpp test/Analysis/misc-ps-region-store.m
Ted Kremenek
kremenek at apple.com
Wed Sep 1 16:27:26 PDT 2010
Author: kremenek
Date: Wed Sep 1 18:27:26 2010
New Revision: 112766
URL: http://llvm.org/viewvc/llvm-project?rev=112766&view=rev
Log:
Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work). This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values.
Modified:
cfe/trunk/lib/Checker/RegionStore.cpp
cfe/trunk/test/Analysis/misc-ps-region-store.m
Modified: cfe/trunk/lib/Checker/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/RegionStore.cpp?rev=112766&r1=112765&r2=112766&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/RegionStore.cpp (original)
+++ cfe/trunk/lib/Checker/RegionStore.cpp Wed Sep 1 18:27:26 2010
@@ -1193,13 +1193,18 @@
}
if (R->hasStackNonParametersStorage()) {
- if (isa<ElementRegion>(R)) {
+ if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
// Currently we don't reason specially about Clang-style vectors. Check
// if superR is a vector and if so return Unknown.
if (const TypedRegion *typedSuperR = dyn_cast<TypedRegion>(superR)) {
if (typedSuperR->getValueType()->isVectorType())
return UnknownVal();
}
+
+ // FIXME: We also need to take ElementRegions with symbolic indexes into
+ // account.
+ if (!ER->getIndex().isConstant())
+ return UnknownVal();
}
return UndefinedVal();
Modified: cfe/trunk/test/Analysis/misc-ps-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.m?rev=112766&r1=112765&r2=112766&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.m (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.m Wed Sep 1 18:27:26 2010
@@ -1090,3 +1090,29 @@
*dst++ = *src++;
}
+// PR 8015 - don't return undefined values for arrays when using a valid
+// symbolic index
+int pr8015_A();
+void pr8015_B(const char *);
+
+void pr8015_C() {
+ int number = pr8015_A();
+ const char *numbers[] = { "zero" };
+ if (number == 0) {
+ pr8015_B(numbers[number]); // no-warning
+ }
+}
+
+// FIXME: This is a false positive due to not reasoning about symbolic
+// array indices correctly. Discussion in PR 8015.
+void pr8015_D_FIXME() {
+ int number = pr8015_A();
+ const char *numbers[] = { "zero" };
+ if (number == 0) {
+ if (numbers[number] == numbers[0])
+ return;
+ int *p = 0;
+ *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer}}
+ }
+}
+
More information about the cfe-commits
mailing list