[cfe-dev] [analyzer] RFC, garbage value => out of bounds
Joachim Durchholz via cfe-dev
cfe-dev at lists.llvm.org
Mon Mar 14 04:13:48 PDT 2016
> I would like to change the analyzer so the a[i] value is not undefined when i is out of bounds.. to improve the Clang warnings.
>
> Code example:
>
> void dostuff(int);
>
> void f(int nr) {
> int a[2] = {1,1};
> for (int i = 0; i < nr; i++)
> dostuff(a[i]);
> }
>
>
> Output from Clang analyzer:
>
> /home/danielm/ossa/uninit.c:7:5: warning: Function call argument is an uninitialized value
> dostuff(a[i]);
> ^~~~~~~~~~~~~
>
> The array a is fully initialized. So imho the message is a FP.
I think the message is misworded, it should be "is an undefined expression".
Actually a "potentially undefined expression", assuming the parameter is
never passed a value >1.
> It is better to write "array index out of bounds". Like this:
>
> /home/danielm/ossa/uninit.c:7:13: warning: Access out-of-bound array element (buffer overflow)
> dostuff(a[i]);
> ^~~~
It would be relevant what happens if the expression is more complicated.
E.g. what happens for cases like
a[a[i]]
ptr[i-2]
a[i > 4 ? i / 2 : i]
or if it is not directly fed to a function, as in
a[i] + 5
Regards,
Jo
More information about the cfe-dev
mailing list