[clang] c184072 - [analyzer] Fix StringChecker for Unknown params

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Tue Oct 26 09:15:17 PDT 2021 

Author: Balazs Benics
Date: 2021-10-26T18:15:00+02:00
New Revision: c18407217e91abea73555e07956d7132dd093bd2

URL: https://github.com/llvm/llvm-project/commit/c18407217e91abea73555e07956d7132dd093bd2
DIFF: https://github.com/llvm/llvm-project/commit/c18407217e91abea73555e07956d7132dd093bd2.diff

LOG: [analyzer] Fix StringChecker for Unknown params

It seems like protobuf crashed the `std::string` checker.
Somehow it acquired `UnknownVal` as the sole `std::string` constructor
parameter, causing a crash in the `castAs<Loc>()`.

This patch addresses this.

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D112551

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/StringChecker.cpp
    clang/test/Analysis/std-string.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/StringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StringChecker.cpp
index 56b9cdb95c384..9c9680b96a46c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StringChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StringChecker.cpp
@@ -67,15 +67,18 @@ void StringChecker::checkPreCall(const CallEvent &Call,
                                  CheckerContext &C) const {
   if (!isCharToStringCtor(Call, C.getASTContext()))
     return;
-  const Loc Param = Call.getArgSVal(0).castAs<Loc>();
+  const auto Param = Call.getArgSVal(0).getAs<Loc>();
+  if (!Param.hasValue())
+    return;
 
   // We managed to constrain the parameter to non-null.
   ProgramStateRef NotNull, Null;
-  std::tie(NotNull, Null) = C.getState()->assume(Param);
+  std::tie(NotNull, Null) = C.getState()->assume(*Param);
 
   if (NotNull) {
     const auto Callback = [Param](PathSensitiveBugReport &BR) -> std::string {
-      return BR.isInteresting(Param) ? "Assuming the pointer is not null." : "";
+      return BR.isInteresting(*Param) ? "Assuming the pointer is not null."
+                                      : "";
     };
 
     // Emit note only if this operation constrained the pointer to be null.

diff  --git a/clang/test/Analysis/std-string.cpp b/clang/test/Analysis/std-string.cpp
index 4755018b9546a..ee6dc02f066fe 100644
--- a/clang/test/Analysis/std-string.cpp
+++ b/clang/test/Analysis/std-string.cpp
@@ -8,6 +8,7 @@
 
 void clang_analyzer_eval(bool);
 void clang_analyzer_warnIfReached();
+template <typename T> void clang_analyzer_dump(T);
 
 void free(void *ptr);
 
@@ -43,6 +44,12 @@ void null_constant_parameter() {
   // expected-note at -2    {{The parameter must not be null}}
 }
 
+void unknown_ctor_param(const char *p) {
+  // Pass 'UnknownVal' to the std::string constructor.
+  clang_analyzer_dump((char *)(p == 0)); // expected-warning {{Unknown}} expected-note {{Unknown}}
+  std::string x((char *)(p == 0));       // no-crash, no-warning
+}
+
 void ctor_notetag_on_constraining_symbol(const char *p) {
   clang_analyzer_eval(p == 0); // expected-warning {{UNKNOWN}} expected-note {{UNKNOWN}}
   std::string x(p);            // expected-note {{Assuming the pointer is not null}}

More information about the cfe-commits mailing list