[clang] [clang][analyzer] PointerSubChecker should not warn on pointers converted to numerical value (PR #111846)
Balázs Kéri via cfe-commits
cfe-commits at lists.llvm.org
Thu Oct 10 08:55:45 PDT 2024
https://github.com/balazske updated https://github.com/llvm/llvm-project/pull/111846
>From a9e1790691e01892f7e1b17523cd43421445f3ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?= <balazs.keri at ericsson.com>
Date: Thu, 10 Oct 2024 16:28:50 +0200
Subject: [PATCH 1/2] [clang][analyzer] PointerSubChecker should not warn on
pointers converted to numerical value
Pointer values casted to integer (non-pointer) type should be able to be
subtracted as usual.
---
clang/lib/StaticAnalyzer/Checkers/PointerSubChecker.cpp | 4 ++++
clang/test/Analysis/pointer-sub.c | 7 +++++++
2 files changed, 11 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Checkers/PointerSubChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/PointerSubChecker.cpp
index f0dc5efd75f7d6..7a85d9e2073068 100644
--- a/clang/lib/StaticAnalyzer/Checkers/PointerSubChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/PointerSubChecker.cpp
@@ -61,6 +61,10 @@ void PointerSubChecker::checkPreStmt(const BinaryOperator *B,
if (LR->getSymbolicBase() || RR->getSymbolicBase())
return;
+ if (!B->getLHS()->getType()->isPointerType() ||
+ !B->getRHS()->getType()->isPointerType())
+ return;
+
const auto *ElemLR = dyn_cast<ElementRegion>(LR);
const auto *ElemRR = dyn_cast<ElementRegion>(RR);
diff --git a/clang/test/Analysis/pointer-sub.c b/clang/test/Analysis/pointer-sub.c
index 1c9d676ebb8f24..7a1dcb653a28c4 100644
--- a/clang/test/Analysis/pointer-sub.c
+++ b/clang/test/Analysis/pointer-sub.c
@@ -10,6 +10,9 @@ void f1(void) {
d = &x - (&x + 1); // no-warning
d = (&x + 0) - &x; // no-warning
d = (z + 10) - z; // no-warning
+ d = (unsigned long)&y - (unsigned long)&x; // no-warning
+ unsigned long l = 1;
+ d = l - (unsigned long)&y; // no-warning
}
void f2(void) {
@@ -28,6 +31,10 @@ void f2(void) {
d = (int *)((char *)(&a[4]) + sizeof(int)) - &a[4]; // no-warning (pointers into the same array data)
d = (int *)((char *)(&a[4]) + 1) - &a[4]; // expected-warning{{Subtraction of two pointers that}}
+
+ long a1 = (long)&a[1];
+ long b1 = (long)&b[1];
+ d = a1 - b1;
}
void f3(void) {
>From 92fa6a06789a4e3cb4ce9ee552e760f521419bd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?= <balazs.keri at ericsson.com>
Date: Thu, 10 Oct 2024 17:55:21 +0200
Subject: [PATCH 2/2] added test for typedef type
---
clang/test/Analysis/pointer-sub.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/clang/test/Analysis/pointer-sub.c b/clang/test/Analysis/pointer-sub.c
index 7a1dcb653a28c4..8f9d7cb4a2148f 100644
--- a/clang/test/Analysis/pointer-sub.c
+++ b/clang/test/Analysis/pointer-sub.c
@@ -1,5 +1,7 @@
// RUN: %clang_analyze_cc1 -analyzer-checker=security.PointerSub -analyzer-output=text-minimal -verify %s
+typedef int * Ptr;
+
void f1(void) {
int x, y, z[10];
int d = &y - &x; // expected-warning{{Subtraction of two pointers that do not point into the same array is undefined behavior}}
@@ -13,6 +15,9 @@ void f1(void) {
d = (unsigned long)&y - (unsigned long)&x; // no-warning
unsigned long l = 1;
d = l - (unsigned long)&y; // no-warning
+ Ptr p1 = &x;
+ Ptr p2 = &y;
+ d = p1 - p2; // expected-warning{{Subtraction of two pointers that do not point into the same array is undefined behavior}}
}
void f2(void) {
More information about the cfe-commits
mailing list