r228249 - [analyzer] Relax an assertion in VisitLvalArraySubscriptExpr
Anna Zaks
ganna at apple.com
Wed Feb 4 17:03:00 PST 2015
Author: zaks
Date: Wed Feb 4 19:02:59 2015
New Revision: 228249
URL: http://llvm.org/viewvc/llvm-project?rev=228249&view=rev
Log:
[analyzer] Relax an assertion in VisitLvalArraySubscriptExpr
The analyzer thinks that ArraySubscriptExpr cannot be an r-value (ever).
However, it can be in some corner cases. Specifically, C forbids expressions
of unqualified void type from being l-values.
Note, the analyzer will keep modeling the subscript expr as an l-value. The
analyzer should be treating void* as a char array
(https://gcc.gnu.org/onlinedocs/gcc-4.3.0/gcc/Pointer-Arith.html).
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
cfe/trunk/test/Analysis/array-struct.c
Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp?rev=228249&r1=228248&r2=228249&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp Wed Feb 4 19:02:59 2015
@@ -1901,6 +1901,9 @@ void ExprEngine::VisitLvalArraySubscript
getCheckerManager().runCheckersForPreStmt(checkerPreStmt, Pred, A, *this);
StmtNodeBuilder Bldr(checkerPreStmt, Dst, *currBldrCtx);
+ assert(A->isGLValue() ||
+ (!AMgr.getLangOpts().CPlusPlus &&
+ A->getType().isCForbiddenLValueType()));
for (ExplodedNodeSet::iterator it = checkerPreStmt.begin(),
ei = checkerPreStmt.end(); it != ei; ++it) {
@@ -1909,7 +1912,6 @@ void ExprEngine::VisitLvalArraySubscript
SVal V = state->getLValue(A->getType(),
state->getSVal(Idx, LCtx),
state->getSVal(Base, LCtx));
- assert(A->isGLValue());
Bldr.generateNode(A, *it, state->BindExpr(A, LCtx, V), nullptr,
ProgramPoint::PostLValueKind);
}
Modified: cfe/trunk/test/Analysis/array-struct.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/array-struct.c?rev=228249&r1=228248&r2=228249&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/array-struct.c (original)
+++ cfe/trunk/test/Analysis/array-struct.c Wed Feb 4 19:02:59 2015
@@ -183,3 +183,19 @@ int offset_of_data_array(void)
return ((char *)&(((struct s*)0)->data_array)) - ((char *)0); // no-warning
}
+int testPointerArithmeticOnVoid(void *bytes) {
+ int p = 0;
+ if (&bytes[0] == &bytes[1])
+ return 6/p; // no-warning
+ return 0;
+}
+
+int testRValueArraySubscriptExpr(void *bytes) {
+ int *p = (int*)&bytes[0];
+ *p = 0;
+ if (*(int*)&bytes[0] == 0)
+ return 0;
+ return 5/(*p); // no-warning
+}
+
+
More information about the cfe-commits
mailing list