[clang] [analyzer] Model constructor initializer for an array member (PR #107537)
Arseniy Zaostrovnykh via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 6 05:52:40 PDT 2024
https://github.com/necto updated https://github.com/llvm/llvm-project/pull/107537
>From 63c856732aeda977786534d66597d0aba12cb0d4 Mon Sep 17 00:00:00 2001
From: Arseniy Zaostrovnykh <necto.ne at gmail.com>
Date: Tue, 3 Sep 2024 18:01:02 +0200
Subject: [PATCH 1/2] [analyzer] Model constructor initializer for an array
member
Bind the array member to the compound region associated with the
initializer list
CPP-5647
---
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | 9 ++-
clang/test/Analysis/ctor-array.cpp | 66 ++++++++++++++++----
clang/test/Analysis/nullptr.cpp | 16 +++++
3 files changed, 77 insertions(+), 14 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
index dfb7111b512552..a577c0b02c83f0 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1207,9 +1207,14 @@ void ExprEngine::ProcessInitializer(const CFGInitializer CFGInit,
Init = ASE->getBase()->IgnoreImplicit();
SVal LValue = State->getSVal(Init, stackFrame);
- if (!Field->getType()->isReferenceType())
- if (std::optional<Loc> LValueLoc = LValue.getAs<Loc>())
+ if (!Field->getType()->isReferenceType()) {
+ if (std::optional<Loc> LValueLoc = LValue.getAs<Loc>()) {
InitVal = State->getSVal(*LValueLoc);
+ } else if (auto CV = LValue.getAs<nonloc::CompoundVal>()) {
+ // initializer list for an array
+ InitVal = *CV;
+ }
+ }
// If we fail to get the value for some reason, use a symbolic value.
if (InitVal.isUnknownOrUndef()) {
diff --git a/clang/test/Analysis/ctor-array.cpp b/clang/test/Analysis/ctor-array.cpp
index 49412ee5a68c70..40c479cd39e31e 100644
--- a/clang/test/Analysis/ctor-array.cpp
+++ b/clang/test/Analysis/ctor-array.cpp
@@ -234,16 +234,58 @@ struct Parent {
void member() {
Parent arr[2];
- // FIXME: Ideally these are TRUE, but at the moment InitListExpr has no
- // knowledge about where the initializer list is used, so we can't bind
- // the initializer list to the required region.
- clang_analyzer_eval(arr[0].arr[0].x == 1); // expected-warning{{UNKNOWN}}
- clang_analyzer_eval(arr[0].arr[0].y == 2); // expected-warning{{UNKNOWN}}
- clang_analyzer_eval(arr[0].arr[1].x == 3); // expected-warning{{UNKNOWN}}
- clang_analyzer_eval(arr[0].arr[1].y == 4); // expected-warning{{UNKNOWN}}
-
- clang_analyzer_eval(arr[1].arr[0].x == 1); // expected-warning{{UNKNOWN}}
- clang_analyzer_eval(arr[1].arr[0].y == 2); // expected-warning{{UNKNOWN}}
- clang_analyzer_eval(arr[1].arr[1].x == 3); // expected-warning{{UNKNOWN}}
- clang_analyzer_eval(arr[1].arr[1].y == 4); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(arr[0].arr[0].x == 1); // expected-warning{{TRUE}}
+ clang_analyzer_eval(arr[0].arr[0].y == 2); // expected-warning{{TRUE}}
+ clang_analyzer_eval(arr[0].arr[1].x == 3); // expected-warning{{TRUE}}
+ clang_analyzer_eval(arr[0].arr[1].y == 4); // expected-warning{{TRUE}}
+
+ clang_analyzer_eval(arr[1].arr[0].x == 1); // expected-warning{{TRUE}}
+ clang_analyzer_eval(arr[1].arr[0].y == 2); // expected-warning{{TRUE}}
+ clang_analyzer_eval(arr[1].arr[1].x == 3); // expected-warning{{TRUE}}
+ clang_analyzer_eval(arr[1].arr[1].y == 4); // expected-warning{{TRUE}}
+}
+
+struct HasArr {
+ int arrDefault[2] = {1, 2};
+ int arr[2];
+ HasArr(int x, int y) : arr{x, y} {}
+};
+
+struct ArrCombination : public HasArr {
+ HasArr membDefault = {5, 6};
+ HasArr memb;
+ ArrCombination(int x) : HasArr(3, 4), memb{7, x} {}
+};
+
+void derived_and_member() {
+ ArrCombination a{8};
+ // FIXME: default initializers for array members are not modelled
+ clang_analyzer_eval(a.arrDefault[0] == 1); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.arrDefault[1] == 2); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.arr[0] == 3); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.arr[1] == 4); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.membDefault.arrDefault[0] == 1); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.membDefault.arrDefault[1] == 2); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.membDefault.arr[0] == 5); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.membDefault.arr[1] == 6); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.memb.arrDefault[0] == 1); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.memb.arrDefault[1] == 2); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(a.memb.arr[0] == 7); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.memb.arr[1] == 8); // expected-warning{{TRUE}}
+
+}
+
+struct IncompleteArrInit {
+ int arr[2];
+ int arrDefault[3] = {1, 2, 3};
+ IncompleteArrInit() : arr{1}, arrDefault{2, 3} {}
+};
+
+void incomplete_array_init() {
+ IncompleteArrInit a;
+ clang_analyzer_eval(a.arr[0] == 1); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.arr[1] == 0); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.arrDefault[0] == 2); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.arrDefault[1] == 3); // expected-warning{{TRUE}}
+ clang_analyzer_eval(a.arrDefault[2] == 0); // expected-warning{{TRUE}}
}
diff --git a/clang/test/Analysis/nullptr.cpp b/clang/test/Analysis/nullptr.cpp
index 825f6570af591d..73f10a08d96c89 100644
--- a/clang/test/Analysis/nullptr.cpp
+++ b/clang/test/Analysis/nullptr.cpp
@@ -173,3 +173,19 @@ void test_address_space_bind() {
AS1 AS_ATTRIBUTE &r = *pa;
r.x = 0; // no-warning
}
+
+namespace ArrMemWithCtorInitializer {
+struct ArrayMem {
+ int* ptrArr[1];
+ int* memPtr;
+ ArrayMem() : ptrArr{nullptr}, memPtr{nullptr} {}
+ // expected-note at -1{{Storing null pointer value}}
+};
+
+void tp() {
+ ArrayMem obj; // expected-note{{Calling default constructor for 'ArrayMem'}}
+ // expected-note at -1{{Returning from default constructor for 'ArrayMem'}}
+ *obj.ptrArr[0] = 0; // expected-warning{{Dereference of null pointer}}
+ // expected-note at -1{{Dereference of null pointer}}
+}
+} // namespace ArrMemWithCtorInitializer
>From eecf42ac8fc418a73a64c97d5665048ebeeb8fa2 Mon Sep 17 00:00:00 2001
From: Arseniy Zaostrovnykh <necto.ne at gmail.com>
Date: Fri, 6 Sep 2024 14:52:20 +0200
Subject: [PATCH 2/2] [NFC] comment fixes
---
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | 2 +-
clang/test/Analysis/ctor-array.cpp | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
index a577c0b02c83f0..315d85319a85a9 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1211,7 +1211,7 @@ void ExprEngine::ProcessInitializer(const CFGInitializer CFGInit,
if (std::optional<Loc> LValueLoc = LValue.getAs<Loc>()) {
InitVal = State->getSVal(*LValueLoc);
} else if (auto CV = LValue.getAs<nonloc::CompoundVal>()) {
- // initializer list for an array
+ // Initializer list for an array.
InitVal = *CV;
}
}
diff --git a/clang/test/Analysis/ctor-array.cpp b/clang/test/Analysis/ctor-array.cpp
index 40c479cd39e31e..52600b314b010f 100644
--- a/clang/test/Analysis/ctor-array.cpp
+++ b/clang/test/Analysis/ctor-array.cpp
@@ -259,7 +259,7 @@ struct ArrCombination : public HasArr {
void derived_and_member() {
ArrCombination a{8};
- // FIXME: default initializers for array members are not modelled
+ // FIXME: Default initializers for array members are not modeled.
clang_analyzer_eval(a.arrDefault[0] == 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(a.arrDefault[1] == 2); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(a.arr[0] == 3); // expected-warning{{TRUE}}
More information about the cfe-commits
mailing list