[llvm-bugs] [Bug 27923] New: static analyzer not deal with VLA checking well...
via llvm-bugs
llvm-bugs at lists.llvm.org
Sat May 28 09:49:40 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=27923
Bug ID: 27923
Summary: static analyzer not deal with VLA checking well...
Product: clang
Version: 3.8
Hardware: PC
OS: All
Status: NEW
Severity: release blocker
Priority: P
Component: Static Analyzer
Assignee: kremenek at apple.com
Reporter: humeafo at gmail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
clang -cc1 -analyze -analyzer-checker=alpha
llvm/tools/clang/test/Analysis/outofbound-notwork.c
no expected warnings emmited, after investigation the VLA tracking is not well
dealt with.
void sizeof_vla(int a) {
if (a == 5) {
char x[a];
int y[sizeof(x)];
y[4] = 4; // no-warning
y[5] = 5; // expected-warning{{out-of-bound}}
}
}
to get x's extent, I use
static SVal getExtentVal(const SubRegion* R, SValBuilder& SB, CheckerContext
&checkerContext) {
if(auto TR = dyn_cast<const TypedValueRegion>(R)) {
if (isa<VariableArrayType>(TR->getValueType())) {
Expr* ext = cast<VariableArrayType>(TR->getValueType())->getSizeExpr();
ext->dump();
return checkerContext.getSVal(ext);
}
}
return R->getExtent(SB);
}
to get the symbolic extent of a, but not succeed, am I wrong or it's a defect
of the SA engine?
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160528/f18d9d46/attachment.html>
More information about the llvm-bugs
mailing list