[cfe-commits] r158587 - in /cfe/trunk: lib/StaticAnalyzer/Core/RegionStore.cpp test/Analysis/cxx-crashes.cpp
Jordan Rose
jordan_rose at apple.com
Fri Jun 15 18:28:00 PDT 2012
Author: jrose
Date: Fri Jun 15 20:28:00 2012
New Revision: 158587
URL: http://llvm.org/viewvc/llvm-project?rev=158587&view=rev
Log:
[analyzer] Return an UnknownVal when we try to get the binding for a VLA.
This happens in C++ mode right at the declaration of a struct VLA;
MallocChecker sees a bind and tries to get see if it's an escaping bind.
It's likely that our handling of this is still incomplete, but it fixes a
crash on valid without disturbing anything else for now.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
cfe/trunk/test/Analysis/cxx-crashes.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=158587&r1=158586&r2=158587&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Fri Jun 15 20:28:00 2012
@@ -1055,8 +1055,12 @@
if (RTy->isUnionType())
return UnknownVal();
- if (RTy->isArrayType())
- return getBindingForArray(store, R);
+ if (RTy->isArrayType()) {
+ if (RTy->isConstantArrayType())
+ return getBindingForArray(store, R);
+ else
+ return UnknownVal();
+ }
// FIXME: handle Vector types.
if (RTy->isVectorType())
Modified: cfe/trunk/test/Analysis/cxx-crashes.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-crashes.cpp?rev=158587&r1=158586&r2=158587&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/cxx-crashes.cpp (original)
+++ cfe/trunk/test/Analysis/cxx-crashes.cpp Fri Jun 15 20:28:00 2012
@@ -1,4 +1,6 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -verify %s
+
+void clang_analyzer_eval(bool);
int f1(char *dst) {
char *p = dst + 4;
@@ -54,3 +56,17 @@
void C::f() { }
}
+
+
+void vla(int n) {
+ int nums[n];
+ nums[0] = 1;
+ clang_analyzer_eval(nums[0] == 1); // expected-warning{{TRUE}}
+
+ // This used to fail with MallocChecker on, and /only/ in C++ mode.
+ // This struct is POD, though, so it should be fine to put it in a VLA.
+ struct { int x; } structs[n];
+ structs[0].x = 1;
+ clang_analyzer_eval(structs[0].x == 1); // expected-warning{{TRUE}}
+}
+
More information about the cfe-commits
mailing list