[clang] [analyzer] Mention possibility of underflow in array overflow errors (PR #84201)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy <donat.nagy at ericsson.com>
Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/84201 at github.com>


================
@@ -109,6 +136,33 @@ int *potentialAfterTheEndPtr(int idx) {
   // &TenElements[idx].
 }
 
+int overflowOrUnderflow(int arg) {
+  // expected-note at +2 {{Assuming 'arg' is < 0}}
+  // expected-note at +1 {{Taking false branch}}
+  if (arg >= 0)
+    return 0;
+
+  return TenElements[arg - 1];
+  // expected-warning at -1 {{Out of bound access to memory around 'TenElements'}}
+  // expected-note at -2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
+}
+
+char TwoElements[2] = {11, 22};
+char overflowOrUnderflowConcrete(int arg) {
+  // expected-note at +6 {{Assuming 'arg' is < 3}}
+  // expected-note at +5 {{Left side of '||' is false}}
+  // expected-note at +4 {{Assuming 'arg' is not equal to 0}}
+  // expected-note at +3 {{Left side of '||' is false}}
+  // expected-note at +2 {{Assuming 'arg' is not equal to 1}}
+  // expected-note at +1 {{Taking false branch}}
+  if (arg >= 3 || arg == 0 || arg == 1)
----------------
steakhal wrote:

```suggestion
  // expected-note@#cond {{Assuming 'arg' is < 3}}
  // expected-note@#cond {{Left side of '||' is false}}
  // expected-note@#cond {{Assuming 'arg' is not equal to 0}}
  // expected-note@#cond {{Left side of '||' is false}}
  // expected-note@#cond {{Assuming 'arg' is not equal to 1}}
  // expected-note@#cond {{Taking false branch}}
  if (arg >= 3 || arg == 0 || arg == 1) // #cond
```

https://github.com/llvm/llvm-project/pull/84201