r297619 - [analyzer] Fix a rare crash for valist check.
Gabor Horvath via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 13 05:48:26 PDT 2017
Author: xazax
Date: Mon Mar 13 07:48:26 2017
New Revision: 297619
URL: http://llvm.org/viewvc/llvm-project?rev=297619&view=rev
Log:
[analyzer] Fix a rare crash for valist check.
It looks like on some host-triples the result of a valist related expr can be
a LazyCompoundVal. Handle that case in the check.
Patch by Abramo Bagnara!
Added:
cfe/trunk/test/Analysis/valist-as-lazycompound.c
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp?rev=297619&r1=297618&r2=297619&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp Mon Mar 13 07:48:26 2017
@@ -165,11 +165,8 @@ void ValistChecker::checkPreCall(const C
const MemRegion *ValistChecker::getVAListAsRegion(SVal SV, const Expr *E,
bool &IsSymbolic,
CheckerContext &C) const {
- // FIXME: on some platforms CallAndMessage checker finds some instances of
- // the uninitialized va_list usages. CallAndMessage checker is disabled in
- // the tests so they can verify platform independently those issues. As a
- // side effect, this check is required here.
- if (SV.isUnknownOrUndef())
+ const MemRegion *Reg = SV.getAsRegion();
+ if (!Reg)
return nullptr;
// TODO: In the future this should be abstracted away by the analyzer.
bool VaListModelledAsArray = false;
@@ -178,7 +175,6 @@ const MemRegion *ValistChecker::getVALis
VaListModelledAsArray =
Ty->isPointerType() && Ty->getPointeeType()->isRecordType();
}
- const MemRegion *Reg = SV.getAsRegion();
if (const auto *DeclReg = Reg->getAs<DeclRegion>()) {
if (isa<ParmVarDecl>(DeclReg->getDecl()))
Reg = C.getState()->getSVal(SV.castAs<Loc>()).getAsRegion();
Added: cfe/trunk/test/Analysis/valist-as-lazycompound.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/valist-as-lazycompound.c?rev=297619&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/valist-as-lazycompound.c (added)
+++ cfe/trunk/test/Analysis/valist-as-lazycompound.c Mon Mar 13 07:48:26 2017
@@ -0,0 +1,21 @@
+// RUN: %clang_analyze_cc1 -triple gcc-linaro-arm-linux-gnueabihf -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s
+// expected-no-diagnostics
+
+typedef unsigned int size_t;
+typedef __builtin_va_list __gnuc_va_list;
+typedef __gnuc_va_list va_list;
+
+extern int vsprintf(char *__restrict __s,
+ const char *__restrict __format, __gnuc_va_list
+ __arg);
+
+void _dprintf(const char *function, int flen, int line, int level,
+ const char *prefix, const char *fmt, ...) {
+ char raw[10];
+ int err;
+ va_list ap;
+
+ __builtin_va_start(ap, fmt);
+ err = vsprintf(raw, fmt, ap);
+ __builtin_va_end(ap);
+}
Modified: cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c?rev=297619&r1=297618&r2=297619&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c (original)
+++ cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c Mon Mar 13 07:48:26 2017
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -triple x86_64-pc-linux-gnu -analyze -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s
+// RUN: %clang_analyze_cc1 -triple x86_64-pc-linux-gnu -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s
#include "Inputs/system-header-simulator-for-valist.h"
More information about the cfe-commits
mailing list