[cfe-dev] Issue understanding static analyzer output

Balázs Benics via cfe-dev cfe-dev at lists.llvm.org
Thu Mar 5 04:56:09 PST 2020


Hi,
I'm pretty confident that this is a bug.
Btw we can minimize the example even more:

> typedef unsigned long long size_t;
> const char a[] = "aabbcc";
>
> char f1(size_t len) {
>   return a[len+1];
> }
> char f2(size_t len) {
>   return a[len];
> }
> char f3(int len) {
>   return a[len+1];
> }
>

After some investigation, I narrowed down to the
`ArrayBoundCheckerV2::checkLocation` function, so your guess was right.
I will dig deeper and create a patch if I'm done.

Regards Balazs.

Loïc Joly via cfe-dev <cfe-dev at lists.llvm.org> ezt írta (időpont: 2020.
márc. 3., K, 15:58):

> Hello, I have the following code (you can see it live here:
> https://godbolt.org/z/iiki_w)
>
> typedefunsignedlonglong size_t;
>
> char f1(size_t len) {
> char a[] = "Hello world!";
> auto p = a+len+1;
> return *p;
> }
>
> char f2(size_t len) {
> char a[] = "Hello world!";
> auto p = a+len;
> return *p;
> }
>
> char f3(int len) {
> char a[] = "Hello world!";
> auto p = a+len+1;
> return *p;
> }
>
> For f1, the static analyzer reports an  of bounds memory access, not for
> the other 2 cases, that look quite similar (one is removing adding 1 to
> an unknown SVal, the other one is working with int instead of size_t).
>
> I tried to look into the exploded graph, and I got the following
> constraint appearing right on the last node of the graph:
>    "constraints": ["symbol": "reg_$0<size_t len>", "range": "{
> [18446744073709551615, 18446744073709551615] }
>
> I fail to see where this constraint on "len" come from. I know I4m using
> an alpha checker, but I'm not sure this is meaningful in this case?
>
>
> Do you have any idea?
>
>
> Thank you!
>
>
> ---
>
> Loïc Joly
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200305/194ce10f/attachment.html>


More information about the cfe-dev mailing list