[cfe-commits] r163407 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp test/Analysis/malloc-sizeof.c

John McCall rjmccall at apple.com
Fri Sep 7 16:00:12 PDT 2012 

On Sep 7, 2012, at 12:20 PM, Anna Zaks wrote:
> Author: zaks
> Date: Fri Sep  7 14:20:13 2012
> New Revision: 163407
> 
> URL: http://llvm.org/viewvc/llvm-project?rev=163407&view=rev
> Log:
> [analyzer] Fix a false positive in sizeof malloc checker.
> 
> Don't warn when the sizeof argument is an array with the same element
> type as the pointee of the return type.
> 
> Modified:
>    cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp
>    cfe/trunk/test/Analysis/malloc-sizeof.c
> 
> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp?rev=163407&r1=163406&r2=163407&view=diff
> ==============================================================================
> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp (original)
> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp Fri Sep  7 14:20:13 2012
> @@ -184,42 +184,58 @@
>           continue;
> 
>         QualType SizeofType = SFinder.Sizeofs[0]->getTypeOfArgument();
> -        if (!typesCompatible(BR.getContext(), PointeeType, SizeofType)) {
> -          const TypeSourceInfo *TSI = 0;
> -          if (i->CastedExprParent.is<const VarDecl *>()) {
> -            TSI =
> +
> +        if (typesCompatible(BR.getContext(), PointeeType, SizeofType))
> +          continue;
> +
> +        // If the argument to sizeof is an array, the result could be a
> +        // pointer to the array element.
> +        if (const ArrayType *AT = dyn_cast<ArrayType>(SizeofType)) {

This should use Context.getAsArrayType.

> +          QualType ElemType = AT->getElementType();
> +          if (typesCompatible(BR.getContext(), PointeeType,
> +                                               AT->getElementType()))
> +            continue;
> +            
> +          // For now, let's only reason about arrays of built in types.
> +          if (!ElemType->isBuiltinType())
> +            continue;
> +        }

I think the rule you're looking for is that the result type needs to be a pointer
to a type that's compatible with the type whose size is taken, or one of its
elements.  So you might need to walk into an array multiple times, but
otherwise I don't see why you need to restrict the element type.

John.

More information about the cfe-commits mailing list