[cfe-commits] PATCH: Enhance array bounds checking

Kaelyn Uhrain rikka at google.com
Thu Jul 21 14:30:25 PDT 2011 

On Thu, Jul 21, 2011 at 1:33 PM, Eli Friedman <eli.friedman at gmail.com>wrote:

> On Wed, Jul 20, 2011 at 11:39 AM, Kaelyn Uhrain <rikka at google.com> wrote:
> > I've attached an updated version of my patch that better handles cases
> where
> > pointer arithmetic is done after casting a constant-size array to a
> pointer
> > for a smaller base type (e.g. casting an int array to char*). Of the
> pointer
> > arithmetic warnings, about 24% could be considered false positives;
> however,
> > the actual number of false positives is quite small and 2/3 of them stem
> > from the use of a single macro--if you count those as a single warning &
> > false positive, the rate drops to 17%. Of the false positives most are
> from
> > semi-questionable pointer arithmetic where a constant greater than the
> > length of the array/pointer is being added to the pointer and some int >
> 1
> > being subtracted from it, e.g.:
> >
> > void foo(int n) {
> >   char x[5];
> >   if (n > 0) bar(x + 6 - n);
> > }
>
> Strictly speaking, that isn't a false positive... I can't think of how
> we would actually produce anything other than the expected result, but
> it has undefined behavior, and the IR we generate for it has undefined
> behavior.
>

I oversimplified my example, as the main case of the above form that is a
false positive is:

char buffer[5]; buffer + sizeof("Hello")-1

where you have pointer arith done with multiple constants that can be folded
together. I'm trying to figure out a way to deal with it given that adding
parens--buffer + (sizeof("Hello")-1)--silences the warning as it changes the
AST so that the "-" binop is the right expr of the "+" binop instead of the
"+" binop being the left expr of the "-" binop.

In the case I originally gave I agree that it isn't strictly a false
positive even if n <= 6 is guaranteed, and it is a warning that can be
silenced by judicious use of parens: x + (6 - n) won't trigger the warning
since (6 - n) isn't a constant integer expr.

Cheers,
Kaelyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20110721/d16ac8d0/attachment.html>

More information about the cfe-commits mailing list