[clang] [analyzer] Add hack in ArrayBound to cover up missing casts (PR #127117)
Endre Fülöp via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 17 07:22:29 PST 2025
================
@@ -588,20 +603,48 @@ void ArrayBoundChecker::performCheck(const Expr *E, CheckerContext &C) const {
State, ByteOffset, SVB.makeZeroArrayIndex(), SVB);
if (PrecedesLowerBound) {
- // The offset may be invalid (negative)...
- if (!WithinLowerBound) {
- // ...and it cannot be valid (>= 0), so report an error.
- Messages Msgs = getPrecedesMsgs(Reg, ByteOffset);
- reportOOB(C, PrecedesLowerBound, Msgs, ByteOffset, std::nullopt);
- return;
+ // The analyzer thinks that the offset may be invalid (negative)...
+
+ if (isOffsetObviouslyNonnegative(E, C)) {
+ // ...but the offset is obviously non-negative (clear array subscript
+ // with an unsigned index), so we're in a buggy situation.
+
+ // TODO: Currently the analyzer ignores many casts (e.g. signed ->
+ // unsigned casts), so it can easily reach states where it will load a
+ // signed (and negative) value from an unsigned variable. This sanity
+ // check is a duct tape "solution" that silences most of the ugly false
+ // positives that are caused by this buggy behavior. Note that this is
+ // not a complete solution: this cannot silence reports where pointer
+ // arithmetic complicates the picture and cannot ensure modeling of the
+ // "unsigned index is positive with highest bit set" cases which are
+ // "usurped" by the nonsense "unsigned index is negative" case.
+ // For more information about this topic, see the umbrella ticket
+ // https://github.com/llvm/llvm-project/issues/39492
+ // TODO: Remove this hack once 'SymbolCast's are modeled properly.
+
+ if (!WithinLowerBound) {
+ // The state is completely nonsense -- let's just sink it!
----------------
gamesh411 wrote:
I think this would be the place to track the number of times we resort to suppression.
https://github.com/llvm/llvm-project/pull/127117
More information about the cfe-commits
mailing list