[clang] [nfc][analyzer] Add MemSpace trait to program state (PR #123003)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Fri Jan 17 05:28:27 PST 2025
NagyDonat wrote:
> The only spot I thought was questionable to change is this lower bound check in `ArrayBoundCheckerV2`; I think it is fine to leave unchanged for now, thoughts?
>
> https://github.com/llvm/llvm-project/blob/7e0758d2ead53bd4288989b8b2eda218cd6dc34a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp#L577-L579
I forgot to answer this earlier, but this location in ArrayBoundCheckerV2 is indeed a place where it's better to leave the code unchanged. In fact, if we consider a somewhat contrived example like
```c
int globalArray[64];
void foo(int *p) {
if (p == globalArray + 32) {
p[-16] = 42
}
}
```
then (1) `p` is initially a symbolic pointer in unknown space (we don't know anything about it) and then (2) within the `if` we can deduce that `p` is in the global memory space, but (3) we don't want to report `p[-16] = 42` as an underflow error, because `p` is not _the beginning of_ a memory area within the global space.
If the planned follow-up changes erase the distinction between "region constructed in a non-unknown space" and "initially unknown region whose memory space was deduced later", then we'll get regions (i.e. pointer values) that appear to be top-level regions (i.e. not an element or a field of something else) but point into the middle of an allocation. This would complicate the diagnosis of underflow errors in theory -- but in practice I think false positives from this source would be rare. Still, it would be nice to have a better solution than "just eat a few false positives".
https://github.com/llvm/llvm-project/pull/123003
More information about the cfe-commits
mailing list