[clang] [clang][analyzer] Improve checker 'unix.cstring.NotNullTerminated' (PR #149106)

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Thu Jul 17 11:11:43 PDT 2025 

=?utf-8?q?Balázs_Kéri?= <balazs.keri at ericsson.com>
Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/149106 at github.com>


================
@@ -959,6 +959,68 @@ ProgramStateRef CStringChecker::checkAdditionOverflow(CheckerContext &C,
   return state;
 }
 
+ProgramStateRef CStringChecker::checkNullTerminated(CheckerContext &C,
+                                                    ProgramStateRef State,
+                                                    AnyArgExpr Arg,
+                                                    SVal ArgVal) const {
+  if (!State)
+    return nullptr;
+
+  if (!Filter.CheckCStringNotNullTerm)
+    return State;
+
+  SValBuilder &SVB = C.getSValBuilder();
+
+  auto TryGetTypedValueR = [](const MemRegion *R) -> const TypedValueRegion * {
+    if (!R)
+      return nullptr;
+    return R->StripCasts()->getAs<TypedValueRegion>();
+  };
+
+  const TypedValueRegion *StrReg = TryGetTypedValueR(ArgVal.getAsRegion());
+  if (!StrReg)
+    return State;
+  int Offset = 0;
+  if (const auto *ElemReg = StrReg->getAs<ElementRegion>()) {
+    RegionRawOffset ROffset = ElemReg->getAsArrayOffset();
+    StrReg = TryGetTypedValueR(ROffset.getRegion());
+    if (!StrReg)
+      return State;
+    Offset = ROffset.getOffset().getQuantity();
+  }
+
+  DefinedOrUnknownSVal Extent = getDynamicExtent(State, StrReg, SVB);
+  if (Extent.isUnknown())
+    return State;
+  const llvm::APSInt *KnownExtent = SVB.getKnownValue(State, Extent);
+  if (!KnownExtent)
+    return State;
+  MemRegionManager &RegionM = SVB.getRegionManager();
+  int RegionExtent = KnownExtent->getExtValue();
+  if (Offset >= RegionExtent)
+    return State;
+  for (int I = Offset; I < RegionExtent; ++I) {
+    const ElementRegion *ElemR = RegionM.getElementRegion(
+        C.getASTContext().CharTy, SVB.makeArrayIndex(I), StrReg,
+        C.getASTContext());
+    SVal ElemVal = State->getSValAsScalarOrLoc(ElemR);
+    if (!State->isNonNull(ElemVal).isConstrainedTrue())
+      // We have here a lower bound for the string length.
+      // Try to update the CStringLength value?
+      return State;
+  }
----------------
steakhal wrote:

I can see the code now for the approach discussed at https://github.com/llvm/llvm-project/pull/146664#discussion_r2213959260. Let's continue the discussion there.

https://github.com/llvm/llvm-project/pull/149106

More information about the cfe-commits mailing list