[PATCH] D99658: [analyzer] Fix clang_analyzer_getExtent for heap regions

Balázs Benics via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 31 09:50:58 PDT 2021 

steakhal updated this revision to Diff 334470.
steakhal marked 3 inline comments as done.
steakhal added a comment.
This revision is now accepted and ready to land.

Fix comments.
I could not manage to create an `unknown` extent, where the behavior would diverge.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D99658/new/

https://reviews.llvm.org/D99658

Files:
  clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
  clang/test/Analysis/explain-svals.cpp


Index: clang/test/Analysis/explain-svals.cpp
===================================================================
--- clang/test/Analysis/explain-svals.cpp
+++ clang/test/Analysis/explain-svals.cpp
@@ -53,8 +53,8 @@
   clang_analyzer_explain(clang_analyzer_getExtent(ptr)); // expected-warning-re{{{{^extent of pointee of argument 'ptr'$}}}}
   int *x = new int[ext];
   clang_analyzer_explain(x); // expected-warning-re{{{{^pointer to element of type 'int' with index 0 of heap segment that starts at symbol of type 'int \*' conjured at statement 'new int \[ext\]'$}}}}
-  // Sic! What gets computed is the extent of the element-region.
-  clang_analyzer_explain(clang_analyzer_getExtent(x)); // expected-warning-re{{{{^signed 32-bit integer '4'$}}}}
+  clang_analyzer_explain(clang_analyzer_getExtent(x)); // expected-warning-re{{{{^extent of heap segment that starts at symbol of type 'int \*' conjured at statement 'new int \[ext\]'$}}}}
+  clang_analyzer_explain(clang_analyzer_getExtent(x + 2)); // expected-warning-re{{{{^\(extent of heap segment that starts at symbol of type 'int \*' conjured at statement 'new int \[ext\]'\) - 8$}}}}
   delete[] x;
 }
 
Index: clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
@@ -254,8 +254,7 @@
   }
 
   ProgramStateRef State = C.getState();
-  DefinedOrUnknownSVal Size = getDynamicSize(State, MR, C.getSValBuilder());
-
+  SVal Size = getDynamicSizeWithOffset(State, C.getSVal(CE->getArg(0)));
   State = State->BindExpr(CE, C.getLocationContext(), Size);
   C.addTransition(State);
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D99658.334470.patch
Type: text/x-patch
Size: 1740 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210331/5fcb36aa/attachment-0001.bin>

More information about the cfe-commits mailing list