[llvm-branch-commits] [clang] [Analyzer] No longer crash with VLA operands to unary type traits (PR #154738)

Balazs Benics via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Thu Aug 21 04:52:50 PDT 2025 

https://github.com/steakhal created https://github.com/llvm/llvm-project/pull/154738

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

(cherry picked from commit 17327482f045b7119e116320db3e9c12fcf250ae with adjustments)
Dropping the ReleaseNotes part of the original patch.

The Static Analyzer release notes section will mention this patch in #154600

>From 656763c898bff7783d87ed7d17c3050c631fe06d Mon Sep 17 00:00:00 2001
From: Aaron Ballman <aaron at aaronballman.com>
Date: Fri, 1 Aug 2025 12:31:56 -0400
Subject: [PATCH] [Analyzer] No longer crash with VLA operands to unary type
 traits (#151719)

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

(cherry picked from commit 17327482f045b7119e116320db3e9c12fcf250ae with adjustments)
Dropping the ReleaseNotes part of the original patch.
---
 clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp |  3 ++-
 clang/test/Analysis/engine/gh151711.cpp       | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 clang/test/Analysis/engine/gh151711.cpp

diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index fa8e669b6bb2f..ab29f86cec326 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -916,7 +916,8 @@ VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex,
   QualType T = Ex->getTypeOfArgument();
 
   for (ExplodedNode *N : CheckedSet) {
-    if (Ex->getKind() == UETT_SizeOf) {
+    if (Ex->getKind() == UETT_SizeOf || Ex->getKind() == UETT_DataSizeOf ||
+        Ex->getKind() == UETT_CountOf) {
       if (!T->isIncompleteType() && !T->isConstantSizeType()) {
         assert(T->isVariableArrayType() && "Unknown non-constant-sized type.");
 
diff --git a/clang/test/Analysis/engine/gh151711.cpp b/clang/test/Analysis/engine/gh151711.cpp
new file mode 100644
index 0000000000000..a9950a7a3b9d0
--- /dev/null
+++ b/clang/test/Analysis/engine/gh151711.cpp
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -x c %s
+
+void clang_analyzer_dump(int);
+
+// Ensure that VLA types are correctly handled by unary type traits in the
+// expression engine. Previously, __datasizeof and _Countof both caused failed
+// assertions.
+void gh151711(int i) {
+  clang_analyzer_dump(sizeof(int[i++]));       // expected-warning {{Unknown}}
+#ifdef __cplusplus
+  // __datasizeof is only available in C++.
+  clang_analyzer_dump(__datasizeof(int[i++])); // expected-warning {{Unknown}}
+#else
+  // _Countof is only available in C.
+  clang_analyzer_dump(_Countof(int[i++]));     // expected-warning {{Unknown}}
+#endif
+}

More information about the llvm-branch-commits mailing list