Use a LazyCompoundVal to handle initialization with a string literal, rather than...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109734 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp
index 7d708f887727af873135b18b63adf21914b3ca58..5dd824e772045c69f5b8ffbc27f9d1d282cc7475 100644 (file)
--- a/lib/Checker/RegionStore.cpp
+++ b/lib/Checker/RegionStore.cpp
@@ -1131,13 +1131,11 @@ SVal RegionStoreManager::RetrieveElement(Store store,
     if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
       int64_t i = CI->getValue().getSExtValue();
       int64_t byteLength = Str->getByteLength();
-      if (i > byteLength) {
-        // Buffer overflow checking in GRExprEngine should handle this case,
-        // but we shouldn't rely on it to not overflow here if that checking
-        // is disabled.
-        return UnknownVal();
-      }
-      char c = (i == byteLength) ? '\0' : Str->getStrData()[i];
+      // Technically, only i == byteLength is guaranteed to be null.
+      // However, such overflows should be caught before reaching this point;
+      // the only time such an access would be made is if a string literal was
+      // used to initialize a larger array.
+      char c = (i >= byteLength) ? '\0' : Str->getStrData()[i];
       return ValMgr.makeIntVal(c, T);
     }
   }
@@ -1475,35 +1473,14 @@ Store RegionStoreManager::BindArray(Store store, const TypedRegion* R,
   if (const ConstantArrayType* CAT = dyn_cast<ConstantArrayType>(AT))
     Size = CAT->getSize().getZExtValue();
 
-  // Check if the init expr is a StringLiteral.
-  if (isa<loc::MemRegionVal>(Init)) {
-    const MemRegion* InitR = cast<loc::MemRegionVal>(Init).getRegion();
-    const StringLiteral* S = cast<StringRegion>(InitR)->getStringLiteral();
-    const char* str = S->getStrData();
-    unsigned len = S->getByteLength();
-    unsigned j = 0;
-
-    // Copy bytes from the string literal into the target array. Trailing bytes
-    // in the array that are not covered by the string literal are initialized
-    // to zero.
-
-    // We assume that string constants are bound to
-    // constant arrays.
-    uint64_t size = Size.getValue();
-
-    for (uint64_t i = 0; i < size; ++i, ++j) {
-      if (j >= len)
-        break;
+  // Check if the init expr is a string literal.
+  if (loc::MemRegionVal *MRV = dyn_cast<loc::MemRegionVal>(&Init)) {
+    const StringRegion *S = cast<StringRegion>(MRV->getRegion());
 
-      SVal Idx = ValMgr.makeArrayIndex(i);
-      const ElementRegion* ER = MRMgr.getElementRegion(ElementTy, Idx, R,
-                                                       getContext());
-
-      SVal V = ValMgr.makeIntVal(str[j], sizeof(char)*8, true);
-      store = Bind(store, loc::MemRegionVal(ER), V);
-    }
-
-    return store;
+    // Treat the string as a lazy compound value.
+    nonloc::LazyCompoundVal LCV =
+      cast<nonloc::LazyCompoundVal>(ValMgr.makeLazyCompoundVal(store, S));
+    return CopyLazyBindings(LCV, store, R);
   }
 
   // Handle lazy compound values.

diff --git a/test/Analysis/array-struct.c b/test/Analysis/array-struct.c
index 3e46a0a62235f148da1629618becb290d1f780ed..ef9907bb579da1063c8c648e4a8b85a1169c19d6 100644 (file)
--- a/test/Analysis/array-struct.c
+++ b/test/Analysis/array-struct.c
@@ -178,3 +178,26 @@ void f18() {
   if (*q) { // no-warning
   }
 }
+
+int f19() {
+  char a[] = "abc";
+  char b[2] = "abc"; // expected-warning{{too long}}
+  char c[5] = "abc";
+
+  if (a[1] != 'b')
+    return 5; // expected-warning{{never executed}}
+  if (b[1] != 'b')
+    return 5; // expected-warning{{never executed}}
+  if (c[1] != 'b')
+    return 5; // expected-warning{{never executed}}
+
+  if (a[3] != 0)
+    return 5; // expected-warning{{never executed}}
+  if (c[3] != 0)
+    return 5; // expected-warning{{never executed}}
+
+  if (c[4] != 0)
+    return 5; // expected-warning{{never executed}}
+
+  return 0;
+}