[clang] bcc6624 - [analyzer] Crash fix for alpha.cplusplus.IteratorRange

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 10 03:36:13 PST 2021 

Author: Adam Balogh
Date: 2021-03-10T12:42:24+01:00
New Revision: bcc662484a95c95f7d193e6a791fc5d1c4a2c74f

URL: https://github.com/llvm/llvm-project/commit/bcc662484a95c95f7d193e6a791fc5d1c4a2c74f
DIFF: https://github.com/llvm/llvm-project/commit/bcc662484a95c95f7d193e6a791fc5d1c4a2c74f.diff

LOG: [analyzer] Crash fix for alpha.cplusplus.IteratorRange

If the non-iterator side of an iterator operation
`+`, `+=`, `-` or `-=` is `UndefinedVal` an assertions happens.
This small fix prevents this.

Patch by Adam Balogh.

Reviewed By: NoQ

Differential Revision: https://reviews.llvm.org/D85424

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
    clang/test/Analysis/iterator-range.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
index dd014648eb6f..a47484497771 100644
--- a/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
@@ -228,7 +228,7 @@ void IteratorRangeChecker::verifyRandomIncrOrDecr(CheckerContext &C,
     Value = State->getRawSVal(*ValAsLoc);
   }
 
-  if (Value.isUnknown())
+  if (Value.isUnknownOrUndef())
     return;
 
   // Incremention or decremention by 0 is never a bug.

diff  --git a/clang/test/Analysis/iterator-range.cpp b/clang/test/Analysis/iterator-range.cpp
index 8d7103929047..849a1e9814ae 100644
--- a/clang/test/Analysis/iterator-range.cpp
+++ b/clang/test/Analysis/iterator-range.cpp
@@ -939,3 +939,10 @@ void ptr_iter_
diff (cont_with_ptr_iterator<S> &c) {
   auto i0 = c.begin(), i1 = c.end();
   ptr
diff _t len = i1 - i0; // no-crash
 }
+
+int uninit_var(int n) {
+  int uninit; // expected-note{{'uninit' declared without an initial value}}
+  return n - uninit; // no-crash
+  // expected-warning at -1 {{The right operand of '-' is a garbage value}}
+  // expected-note at -2 {{The right operand of '-' is a garbage value}}
+}

More information about the cfe-commits mailing list