[clang] [analyzer] Switch to PostStmt callbacks in ArrayBoundV2 (PR #72107)
Balázs Kéri via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 27 09:15:37 PST 2023
================
@@ -350,17 +383,38 @@ void ArrayBoundCheckerV2::checkLocation(SVal Location, bool IsLoad,
if (ExceedsUpperBound) {
if (!WithinUpperBound) {
// We know that the index definitely exceeds the upper bound.
- std::string RegName = getRegionName(Reg);
- std::string Msg = getExceedsMsg(C.getASTContext(), RegName, ByteOffset,
- *KnownSize, Location);
- reportOOB(C, ExceedsUpperBound, OOB_Exceeds, ByteOffset, RegName, Msg);
+ if (isa<ArraySubscriptExpr>(E) && isInAddressOf(E, C.getASTContext())) {
+ // ...but this is within an addressof expression, so we need to check
+ // for the exceptional case that `&array[size]` is valid.
+ auto [EqualsToThreshold, NotEqualToThreshold] =
+ compareValueToThreshold(ExceedsUpperBound, ByteOffset, *KnownSize,
+ SVB, /*CheckEquality=*/true);
+ if (EqualsToThreshold && !NotEqualToThreshold) {
+ // We are definitely in the exceptional case, so return early
+ // instead of reporting a bug.
+ C.addTransition(EqualsToThreshold);
----------------
balazske wrote:
Is this transition needed? This checker should not add assumptions to the state, only check for conditions and add only error transitions. `EqualsToThreshold` probably does not contain new information compared to `State`.
https://github.com/llvm/llvm-project/pull/72107
More information about the cfe-commits
mailing list