[PATCH] D99658: [analyzer] Fix clang_analyzer_getExtent for heap regions
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Mar 31 06:02:11 PDT 2021
steakhal created this revision.
steakhal added reviewers: NoQ, vsavchenko, martong, xazax.hun, balazske, Szelethus.
Herald added subscribers: ASDenysPetrov, Charusso, dkrupp, donat.nagy, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, whisperity.
steakhal requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
This patch fixes an interesting case with the clang_analyzer_getExtent analyzer debug intrinsic.
Previously, one could not query the extent for a heap-allocated object.
I'm resolving this issue, by querying the extent of the base region of the given region.
This way, we will be able to query the extent of a new/malloced region in tests.
This should not change any meaningful behavior inside the analyzer.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D99658
Files:
clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
clang/test/Analysis/explain-svals.cpp
Index: clang/test/Analysis/explain-svals.cpp
===================================================================
--- clang/test/Analysis/explain-svals.cpp
+++ clang/test/Analysis/explain-svals.cpp
@@ -54,7 +54,7 @@
int *x = new int[ext];
clang_analyzer_explain(x); // expected-warning-re{{{{^pointer to element of type 'int' with index 0 of heap segment that starts at symbol of type 'int \*' conjured at statement 'new int \[ext\]'$}}}}
// Sic! What gets computed is the extent of the element-region.
- clang_analyzer_explain(clang_analyzer_getExtent(x)); // expected-warning-re{{{{^signed 32-bit integer '4'$}}}}
+ clang_analyzer_explain(clang_analyzer_getExtent(x)); // expected-warning-re{{{{^extent of heap segment that starts at symbol of type 'int \*' conjured at statement 'new int \[ext\]'$}}}}
delete[] x;
}
Index: clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
@@ -254,7 +254,8 @@
}
ProgramStateRef State = C.getState();
- DefinedOrUnknownSVal Size = getDynamicSize(State, MR, C.getSValBuilder());
+ DefinedOrUnknownSVal Size =
+ getDynamicSize(State, MR->getBaseRegion(), C.getSValBuilder());
State = State->BindExpr(CE, C.getLocationContext(), Size);
C.addTransition(State);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D99658.334421.patch
Type: text/x-patch
Size: 1437 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210331/9109c588/attachment.bin>
More information about the cfe-commits
mailing list