[PATCH] D150446: [analyzer] Check ArraySubscriptExprs in ArrayBoundCheckerV2

DonĂ¡t Nagy via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 4 08:41:20 PDT 2023 

donat.nagy abandoned this revision.
donat.nagy added a comment.
Herald added a subscriber: wangpc.

I'm abandoning this commit because it amalgamates several unrelated changes and I think it'd be better to handle them separately:

1. First, there is a very simple, independent improvement related to underflows and UnknownSpaces. I already created the separate commit D157104 <https://reviews.llvm.org/D157104> for this (reviews are welcome ;) ).
2. As the title of this commit says, I wanted to turn this checker into a `Checker<check::PreStmt<ArraySubscriptExpr>>` instead of a `Checker<check::Location>`. I'm still planning to do this transition in a separate commit because I feel that this will be needed to compose good warning messages and there are a few situations like the testcase `test_field` where the `check::Location` model produces counter-intuitive results. (When I implement this, I'll also ensure that `*p` and `p->field` are handled analogously to `p[0]`, but perhaps these will be in a separate commit.)
3. Finally there is the "simplify `RegionRawOffsetV2::computeOffset` and fix multidimensional array handling" change. This is the modification that was responsible for the multitude of false positives caused by this commit; and I don't have a quick fix for it (the engine abuses `ElementRegion` to record pointer arithmetic and I didn't find a clear way to distinguish it from real element access). On the short-term I think I'll need to accept that this checker will produce false negatives in situations when one element of a multi-dimensional array is over-indexed without overflowing the whole array (e.g. if `arr` is declared as `int arr[5][5]`, then `arr[1][10]` over-indexes `arr[1]`, but points inside the full area of the matrix); but fortunately this is not a fatal limitation (it only produces false negatives, multi-dimensional arrays are not too common).


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D150446/new/

https://reviews.llvm.org/D150446

More information about the cfe-commits mailing list