[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Mon Sep 9 07:06:28 PDT 2024
================
@@ -40,3 +40,12 @@ void testInlineAsmMemcpyUninit(void)
MyMemcpy(&a[1], &b[1], sizeof(b) - sizeof(b[1]));
c = a[0]; // expected-warning{{Assigned value is garbage or undefined}}
}
+
+void *globalPtr;
+
+void testNoCrash()
+{
+ // Use global pointer to make it symbolic. Then engine will try to bind
+ // value to first element of type void * and should not crash.
+ asm ("" : : "a"(globalPtr)); // no crash
+}
----------------
steakhal wrote:
```suggestion
void testAsmWithVoidPtrArgument()
{
extern void *globalVoidPtr;
clang_analyzer_dump(*(int *)globalVoidPtr); // expected-warning-re {{reg_${{[0-9]+}}<int Element{SymRegion{reg_${{[0-9]+}}<void * globalVoidPtr>},0 S64b,int}>}}
clang_analyzer_dump_ptr(globalVoidPtr); // expected-warning-re {{&SymRegion{reg_${{[0-9]+}}<void * globalVoidPtr>}}}
asm ("" : : "a"(globalVoidPtr)); // no crash
clang_analyzer_dump(*(int *)globalVoidPtr); // expected-warning {{Unknown}}
clang_analyzer_dump_ptr(globalVoidPtr); // expected-warning-re {{&SymRegion{reg_${{[0-9]+}}<void * globalVoidPtr>}}}
}
```
https://github.com/llvm/llvm-project/pull/107572
More information about the cfe-commits
mailing list