[PATCH] D63080: [analyzer] Track indices of arrays
Kristóf Umann via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Jun 10 08:35:52 PDT 2019
Szelethus created this revision.
Szelethus added reviewers: NoQ, dcoughlin, xazax.hun, rnkovacs, baloghadamsoftware, Charusso.
Szelethus added a project: clang.
Herald added subscribers: cfe-commits, gamesh411, dkrupp, donat.nagy, mikhail.ramalho, a.sidorin, szepet, whisperity.
Observe the test file before this patch:
F9155603: image.png <https://reviews.llvm.org/F9155603>
I think this patch really improves on this case. The problem however, that some subexpressions of expressions should be tracked (like `n` in `arr[n]` here) is a broader one, and there may be other some cases I could add.
Repository:
rC Clang
https://reviews.llvm.org/D63080
Files:
clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
clang/test/Analysis/diagnostics/track_subexpressions.cpp
Index: clang/test/Analysis/diagnostics/track_subexpressions.cpp
===================================================================
--- clang/test/Analysis/diagnostics/track_subexpressions.cpp
+++ clang/test/Analysis/diagnostics/track_subexpressions.cpp
@@ -17,3 +17,35 @@
(void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
// expected-note at -1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
}
+
+namespace array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+ int a;
+ if (x > 0) // expected-note {{Assuming 'x' is > 0}}
+ // expected-note at -1 {{Taking true branch}}
+ a = 3; // expected-note {{The value 3 is assigned to 'a'}}
+ else
+ a = 2;
+ return a; // expected-note {{Returning the value 3 (loaded from 'a')}}
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+ int arr[10];
+
+ for (int i = 0; i < 3; ++i)
+ // expected-note at -1 3{{Loop condition is true. Entering loop body}}
+ // expected-note at -2 {{Loop condition is false. Execution continues on line 43}}
+ arr[i] = 0;
+ int x = getInt();
+ int n = getIndex(x); // expected-note {{Calling 'getIndex'}}
+ // expected-note at -1 {{Returning from 'getIndex'}}
+ // expected-note at -2 {{'n' initialized to 3}}
+ consume(arr[n]);
+ // expected-note at -1 {{1st function call argument is an uninitialized value}}
+ // expected-warning at -2{{1st function call argument is an uninitialized value}}
+}
+} // end of namespace array_index_tracking
Index: clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -1676,6 +1676,10 @@
if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode))
trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
+ if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
+ trackExpressionValue(
+ LVNode, Arr->getIdx(), report, EnableNullFPSuppression);
+
// See if the expression we're interested refers to a variable.
// If so, we can track both its contents and constraints on its value.
if (ExplodedGraph::isInterestingLValueExpr(Inner)) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D63080.203830.patch
Type: text/x-patch
Size: 2525 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190610/44cdcb16/attachment-0001.bin>
More information about the cfe-commits
mailing list