[PATCH] D30312: Fix unix.Malloc analysis crasher when allocating dynamic arrays w/unbound statements (fix PR32050)
Nico Weber via cfe-commits
cfe-commits at lists.llvm.org
Thu Feb 23 15:48:54 PST 2017
This looks pretty similar to https://reviews.llvm.org/D27849 – are you
synced to trunk?
On Thu, Feb 23, 2017 at 5:42 PM, Kevin Marshall via Phabricator via
cfe-commits <cfe-commits at lists.llvm.org> wrote:
> kmarshall created this revision.
>
> The extent calculation function had a bug which caused it to ignore if the
> size value was defined prior to casting it. As a result, size expressions
> with free variables would trigger assertion failures during the cast
> operation.
>
> This patch adds that missing check, and replaces the redundant call to
> castAs<>() with the SVar that is returned by the checked cast.
>
> Added a regression test "Malloc+NewDynamicArray" that exercises the fix.
>
>
> https://reviews.llvm.org/D30312
>
> Files:
> lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> test/Analysis/Malloc+NewDynamicArray.cpp
>
>
> Index: test/Analysis/Malloc+NewDynamicArray.cpp
> ===================================================================
> --- test/Analysis/Malloc+NewDynamicArray.cpp
> +++ test/Analysis/Malloc+NewDynamicArray.cpp
> @@ -0,0 +1,17 @@
> +// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -verify %s
> +
> +//-----------------------------------------------------------------------
> +// Check that arrays sized using expressions with free variables
> +// do not cause the unix.Malloc checker to crash.
> +//
> +// The function should not actually be called from anywhere, otherwise
> +// the compiler will optimize the length expression and replace it with
> +// with precomputed literals.
> +//-----------------------------------------------------------------------
> +
> +void AllocateExpr(int lhs, int rhs) {
> + new int[lhs + rhs];
> +}
> +
> +// expected-no-diagnostics
> +
> Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> ===================================================================
> --- lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> +++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> @@ -1026,12 +1026,11 @@
> ASTContext &AstContext = C.getASTContext();
> CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
>
> - if (Optional<DefinedOrUnknownSVal> DefinedSize =
> - ElementCount.getAs<DefinedOrUnknownSVal>()) {
> + if (Optional<NonLoc> DefinedSize = ElementCount.getAs<NonLoc>()) {
> DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
> // size in Bytes = ElementCount*TypeSize
> SVal SizeInBytes = svalBuilder.evalBinOpNN(
> - State, BO_Mul, ElementCount.castAs<NonLoc>(),
> + State, BO_Mul, *DefinedSize,
> svalBuilder.makeArrayIndex(TypeSize.getQuantity()),
> svalBuilder.getArrayIndexType());
> DefinedOrUnknownSVal extentMatchesSize = svalBuilder.evalEQ(
>
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170223/0e24deb1/attachment-0001.html>
More information about the cfe-commits
mailing list