[clang] [clang][analyzer] Support non-default address spaces in the cstring checker (PR #153498)

via cfe-commits cfe-commits at lists.llvm.org
Wed Aug 13 14:31:13 PDT 2025 

llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-clang-static-analyzer-1

Author: Isaac Nudelman (nuudlman)

<details>
<summary>Changes</summary>

Prevent an assertion failure in the cstring checker when library functions like memcpy are defined with non-default address spaces.

Adds a test for this case.

---
Full diff: https://github.com/llvm/llvm-project/pull/153498.diff


2 Files Affected:

- (modified) clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp (+3-3) 
- (modified) clang/test/Analysis/element-region-address-space.c (+16-1) 


``````````diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
index 0e5fc0a074938..b16118e86c0c1 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -1129,9 +1129,9 @@ bool CStringChecker::isFirstBufInBound(CheckerContext &C, ProgramStateRef State,
   if (!ER)
     return true; // cf top comment.
 
-  // FIXME: Does this crash when a non-standard definition
-  // of a library function is encountered?
-  assert(ER->getValueType() == C.getASTContext().CharTy &&
+  // Support library functions defined with non-default address spaces
+  assert(ER->getValueType().getCanonicalType().getUnqualifiedType() ==
+             C.getASTContext().CharTy &&
          "isFirstBufInBound should only be called with char* ElementRegions");
 
   // Get the size of the array.
diff --git a/clang/test/Analysis/element-region-address-space.c b/clang/test/Analysis/element-region-address-space.c
index dd7066240fef6..6d657eeedca30 100644
--- a/clang/test/Analysis/element-region-address-space.c
+++ b/clang/test/Analysis/element-region-address-space.c
@@ -1,11 +1,26 @@
 // RUN: %clang_analyze_cc1 -triple amdgcn-unknown-unknown \
-// RUN:   -analyzer-checker=core -verify %s
+// RUN:   -analyzer-checker=core,unix -verify %s
 
 // expected-no-diagnostics
 //
 // By default, pointers are 64-bits.
+#define ADDRESS_SPACE_64BITS __attribute__((address_space(0)))
 #define ADDRESS_SPACE_32BITS __attribute__((address_space(3)))
 
 int test(ADDRESS_SPACE_32BITS int *p, ADDRESS_SPACE_32BITS void *q) {
   return p == q; // no-crash
 }
+
+// Make sure that the cstring checker handles non-default address spaces
+ADDRESS_SPACE_64BITS void *
+memcpy(ADDRESS_SPACE_64BITS void *,
+       ADDRESS_SPACE_32BITS const void *,
+       long unsigned int);
+
+typedef struct {
+  char m[1];
+} k;
+
+void l(ADDRESS_SPACE_32BITS char *p, ADDRESS_SPACE_64BITS k *n) {
+  memcpy(&n->m[0], p, 4);
+}
\ No newline at end of file

``````````

</details>


https://github.com/llvm/llvm-project/pull/153498

More information about the cfe-commits mailing list