[PATCH] D37478: [analyzer] Implement pointer arithmetic on constants

Phabricator via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Oct 10 04:01:55 PDT 2017 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL315296: [analyzer] Implement pointer arithmetic on constants (authored by xazax).

Changed prior to commit:
  https://reviews.llvm.org/D37478?vs=118182&id=118342#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D37478

Files:
  cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
  cfe/trunk/test/Analysis/pointer-arithmetic.c


Index: cfe/trunk/test/Analysis/pointer-arithmetic.c
===================================================================
--- cfe/trunk/test/Analysis/pointer-arithmetic.c
+++ cfe/trunk/test/Analysis/pointer-arithmetic.c
@@ -0,0 +1,30 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+
+int test1() {
+  int *p = (int *)sizeof(int);
+  p -= 1;
+  return *p; // expected-warning {{Dereference of null pointer}}
+}
+
+int test2() {
+  int *p = (int *)sizeof(int);
+  p -= 2;
+  p += 1;
+  return *p; // expected-warning {{Dereference of null pointer}}
+}
+
+int test3() {
+  int *p = (int *)sizeof(int);
+  p++;
+  p--;
+  p--;
+  return *p; // expected-warning {{Dereference of null pointer}}
+}
+
+int test4() {
+  // This is a special case where pointer arithmetic is not calculated to
+  // preserve useful warnings on dereferences of null pointers.
+  int *p = 0;
+  p += 1;
+  return *p; // expected-warning {{Dereference of null pointer}}
+}
Index: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -922,6 +922,10 @@
   if (rhs.isZeroConstant())
     return lhs;
 
+  // Perserve the null pointer so that it can be found by the DerefChecker.
+  if (lhs.isZeroConstant())
+    return lhs;
+
   // We are dealing with pointer arithmetic.
 
   // Handle pointer arithmetic on constant values.
@@ -937,6 +941,8 @@
 
       // Offset the increment by the pointer size.
       llvm::APSInt Multiplicand(rightI.getBitWidth(), /* isUnsigned */ true);
+      QualType pointeeType = resultTy->getPointeeType();
+      Multiplicand = getContext().getTypeSizeInChars(pointeeType).getQuantity();
       rightI *= Multiplicand;
 
       // Compute the adjusted pointer.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D37478.118342.patch
Type: text/x-patch
Size: 1871 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20171010/bfbccc9a/attachment-0001.bin>

More information about the cfe-commits mailing list