[PATCH] D77062: [analyzer] Improve zero assumption in CStringChecke::assumeZero
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 25 02:53:16 PDT 2020
steakhal added a comment.
In D77062#2294516 <https://reviews.llvm.org/D77062#2294516>, @martong wrote:
> Though, the fix probably will not be simple, because the issue itself always requires a 3x indirection. The code that is presented by @steakhal is the least minimal example to get this crash. The reason why we cannot have a crash with a `**` is a mystic at the moment.
I think probably the representation of casts is behind this.
Eg. if you reinterpret cast `b` to `int**`, and make the type pun that way, we don't crash.
template <typename T> void clang_analyzer_dump(T);
void test(int *a, char ***b) {
*(int **)b = a; // only this line changed!
clang_analyzer_dump(**b); // &SymRegion{reg_$2<char * Element{SymRegion{reg_$0<int * a>},0 S64b,char *}>}
if (**b == nullptr) // will-not-crash
;
}
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D77062/new/
https://reviews.llvm.org/D77062
More information about the cfe-commits
mailing list