[cfe-dev] Newcomer! (with patch for XFAIL no-outofbounds.c)

Wed Mar 31 23:51:15 PDT 2010

Hello, all! I'm a Mac OS X programmer, a UC Berkeley CS undergrad, and a
newcomer to Clang, though much indebted to its faster and lower-memory
compilations and easy static analysis. I'm very interested in programming
languages and by extension compilers and analysis tools, but haven't yet
gotten the chance to work on any real projects in that area.

I come bearing a small patch for the XFAIL test no-outofbounds.c (allow
treating single variables as arrays); the idea is to just use the size of
the atomic type to figure out the length of the "array". Not too hard. All
tests pass.

I'm interested in doing Google Summer of Code this summer, and I'd love to
do a project for Clang. The catch is I don't yet have a solid project idea
in mind; one of my ideas was a customization scheme similar to what Sam
Harrington described a week ago.
(http://lists.cs.uiuc.edu/pipermail/cfe-dev/2010-March/008482.html)

Hoping to pin down a full proposal by the weekend; yes, I know I'm running
behind! Anyway, I'm glad to be here and glad to be making a (small)
contribution to the project.

Jordy Rose
-------------- next part --------------
Index: test/Analysis/no-outofbounds.c
===================================================================

--- test/Analysis/no-outofbounds.c	(revision 100088)
+++ test/Analysis/no-outofbounds.c	(working copy)
@@ -1,6 +1,5 @@
 // RUN: %clang_cc1 -analyzer-check-objc-mem -analyze -analyzer-experimental-internal-checks -analyzer-store=basic -verify %s
 // RUN: %clang_cc1 -analyzer-check-objc-mem -analyze -analyzer-experimental-internal-checks -analyzer-store=region -verify %s
-// XFAIL: *
 
 //===----------------------------------------------------------------------===//
 // This file tests cases where we should not flag out-of-bounds warnings.
@@ -10,4 +9,6 @@
   long x = 0;
   char *y = (char*) &x;
   char c = y[0] + y[1] + y[2]; // no-warning
+  short *z = (short*) &x;
+  short s = z[0] + z[1]; // no-warning
 }
Index: test/Analysis/outofbound.c
===================================================================
--- test/Analysis/outofbound.c	(revision 100088)
+++ test/Analysis/outofbound.c	(working copy)
@@ -13,3 +13,26 @@
   int *p = malloc(12);
   p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
 }
+
+struct three_words {
+  int c[3];
+};
+
+struct seven_words {
+  int c[7];
+};
+
+void f3() {
+  struct three_words a, *p;
+  p = &a;
+  p[0] = a; // no-warning
+  p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
+}
+
+void f4() {
+  struct seven_words c;
+  struct three_words a, *p = (struct three_words *)&c;
+  p[0] = a; // no-warning
+  p[1] = a; // no-warning
+  p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
+}
Index: lib/Checker/RegionStore.cpp
===================================================================
--- lib/Checker/RegionStore.cpp	(revision 100088)
+++ lib/Checker/RegionStore.cpp	(working copy)
@@ -787,9 +787,12 @@
         return ValMgr.makeIntVal(CAT->getSize(), false);
       }
 
-      // Clients can use ordinary variables as if they were arrays.  These
-      // essentially are arrays of size 1.
-      return ValMgr.makeIntVal(1, false);
+      // Clients can reinterpret ordinary variables as arrays, possibly of
+      // another type. The width is rounded down to ensure that an access is
+      // entirely within bounds.
+      CharUnits VarSize = getContext().getTypeSizeInChars(T);
+      CharUnits EleSize = getContext().getTypeSizeInChars(EleTy);
+      return ValMgr.makeIntVal(VarSize / EleSize, false);
     }
   }
 
