[clang] [Analyzer] No longer crash with VLA operands to unary type traits (PR #151719)

Aaron Ballman via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 1 09:13:39 PDT 2025 

https://github.com/AaronBallman updated https://github.com/llvm/llvm-project/pull/151719

>From 0333c6cb12f86c389638768dc0319a23621c148c Mon Sep 17 00:00:00 2001
From: Aaron Ballman <aaron at aaronballman.com>
Date: Fri, 1 Aug 2025 11:51:13 -0400
Subject: [PATCH 1/3] [Analyzer] No longer crash with VLA operands to unary
 type traits

sizeof was handled correctly, but __datasizeof and _Countof were
not.

Fixes #151711
---
 clang/docs/ReleaseNotes.rst                   | 2 ++
 clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 4a2edae7509de..69b5605df52d6 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -241,6 +241,8 @@ Static Analyzer
 ---------------
 - The Clang Static Analyzer now handles parenthesized initialization.
   (#GH148875)
+- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion
+  when given an operand of VLA type. (#GH151711)
 
 New features
 ^^^^^^^^^^^^
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index f1a25a750dd0d..4ddf8fd5b4b0f 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -868,7 +868,8 @@ VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex,
   QualType T = Ex->getTypeOfArgument();
 
   for (ExplodedNode *N : CheckedSet) {
-    if (Ex->getKind() == UETT_SizeOf) {
+    if (Ex->getKind() == UETT_SizeOf || Ex->getKind() == UETT_DataSizeOf ||
+        Ex->getKind() == UETT_CountOf) {
       if (!T->isIncompleteType() && !T->isConstantSizeType()) {
         assert(T->isVariableArrayType() && "Unknown non-constant-sized type.");
 

>From e9899c34dfbf7df2682fb92f061eb916b7804434 Mon Sep 17 00:00:00 2001
From: Aaron Ballman <aaron at aaronballman.com>
Date: Fri, 1 Aug 2025 11:54:01 -0400
Subject: [PATCH 2/3] Add test file

---
 clang/test/Analysis/engine/gh151711.cpp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 clang/test/Analysis/engine/gh151711.cpp

diff --git a/clang/test/Analysis/engine/gh151711.cpp b/clang/test/Analysis/engine/gh151711.cpp
new file mode 100644
index 0000000000000..8d8488e3bc1f8
--- /dev/null
+++ b/clang/test/Analysis/engine/gh151711.cpp
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify -x c -std=c2y %s
+// expected-no-diagnostics
+
+// Ensure that VLA types are correctly handled by unary type traits in the
+// expression engine. Previously, __datasizeof and _Countof both caused failed
+// assertions.
+void gh151711(int i) {
+  (void)sizeof(int[i++]);
+
+#ifdef __cplusplus
+  // __datasizeof is only available in C++.
+  (void)__datasizeof(int[i++]);
+#else
+  // _Countof is only available in C.
+  (void)_Countof(int[i++]);
+#endif
+}

>From 16215b1f398e8ecfb9ca14a4def55a454e5bca13 Mon Sep 17 00:00:00 2001
From: Aaron Ballman <aaron at aaronballman.com>
Date: Fri, 1 Aug 2025 12:12:52 -0400
Subject: [PATCH 3/3] Update based on review feedback

---
 clang/test/Analysis/engine/gh151711.cpp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/clang/test/Analysis/engine/gh151711.cpp b/clang/test/Analysis/engine/gh151711.cpp
index 8d8488e3bc1f8..a9950a7a3b9d0 100644
--- a/clang/test/Analysis/engine/gh151711.cpp
+++ b/clang/test/Analysis/engine/gh151711.cpp
@@ -1,18 +1,18 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify -x c -std=c2y %s
-// expected-no-diagnostics
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -x c %s
+
+void clang_analyzer_dump(int);
 
 // Ensure that VLA types are correctly handled by unary type traits in the
 // expression engine. Previously, __datasizeof and _Countof both caused failed
 // assertions.
 void gh151711(int i) {
-  (void)sizeof(int[i++]);
-
+  clang_analyzer_dump(sizeof(int[i++]));       // expected-warning {{Unknown}}
 #ifdef __cplusplus
   // __datasizeof is only available in C++.
-  (void)__datasizeof(int[i++]);
+  clang_analyzer_dump(__datasizeof(int[i++])); // expected-warning {{Unknown}}
 #else
   // _Countof is only available in C.
-  (void)_Countof(int[i++]);
+  clang_analyzer_dump(_Countof(int[i++]));     // expected-warning {{Unknown}}
 #endif
 }

More information about the cfe-commits mailing list