[clang] [llvm] Adapted MemRegion::getDescriptiveName to handle ElementRegions (PR #85104)
via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 18 07:17:46 PDT 2024
NagyDonat wrote:
Since suggesting that "matrix" testcase I realized that it won't work, because `ArrayBoundV2` doesn't perform bounds checking for the lower-dimensional sub-arrays of a multidimensional array (it only checks that the accessed memory location is within the full array). For example in `int matrix[10][10];` it reports that `matrix[1][200]` overflows the bounds of "matrix", but doesn't report `matrix[1][50]`. I tried to eliminate this limitation, but that patch had to be reverted because the meaning of `ElementRegion` is ambiguous.
Due to this limitation, it's a bit difficult to ensure that `ArrayBoundV2` calls `getDescriptiveName()` on an `ElementRegion`, but I think adding a `FieldRegion` layer should work:
```
struct {
int numbers[10];
} table[100];
int func(int x, int y) {
int tmp = x;
x = y;
y = tmp;
return table[x].numbers[-1];
}
```
Here I expect that the checker would (incorrectly) report something like `Access of 'table[y].numbers' at negative byte offset`.
https://github.com/llvm/llvm-project/pull/85104
More information about the cfe-commits
mailing list