Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for...

author Ted Kremenek <kremenek@apple.com>

Wed, 1 Sep 2010 23:27:26 +0000 (23:27 +0000)

committer Ted Kremenek <kremenek@apple.com>

Wed, 1 Sep 2010 23:27:26 +0000 (23:27 +0000)
author Ted Kremenek <kremenek@apple.com>
Wed, 1 Sep 2010 23:27:26 +0000 (23:27 +0000)
committer Ted Kremenek <kremenek@apple.com>
Wed, 1 Sep 2010 23:27:26 +0000 (23:27 +0000)
diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp

index 19945a7b3c8f1b198003b971dea2270788346d26..a2019d7a3c2c3017fe938ba4b64e3b496e65cb92 100644 (file)
--- a/lib/Checker/RegionStore.cpp
+++ b/lib/Checker/RegionStore.cpp
@@ -1193,13 +1193,18 @@ SVal RegionStoreManager::RetrieveFieldOrElementCommon(Store store,
    }
  
    if (R->hasStackNonParametersStorage()) {
-    if (isa<ElementRegion>(R)) {
+    if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
        // Currently we don't reason specially about Clang-style vectors.  Check
        // if superR is a vector and if so return Unknown.
        if (const TypedRegion *typedSuperR = dyn_cast<TypedRegion>(superR)) {
          if (typedSuperR->getValueType()->isVectorType())
            return UnknownVal();
        }
+      
+      // FIXME: We also need to take ElementRegions with symbolic indexes into
+      // account.
+      if (!ER->getIndex().isConstant())
+        return UnknownVal();
      }
  
      return UndefinedVal();
diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m

index 8e84de1768f7595aee21cc4994d0d2451d2f244d..5b6a7c7bfa6606705d3628a8abbdcd251e203d39 100644 (file)
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -1090,3 +1090,29 @@ pr8052(u_int boot_addr)
          *dst++ = *src++;
  }
  
+// PR 8015 - don't return undefined values for arrays when using a valid
+// symbolic index
+int pr8015_A();
+void pr8015_B(const char *);
+
+void pr8015_C() {
+  int number = pr8015_A();
+  const char *numbers[] = { "zero" };    
+  if (number == 0) {
+      pr8015_B(numbers[number]); // no-warning
+  }
+}
+
+// FIXME: This is a false positive due to not reasoning about symbolic
+// array indices correctly.  Discussion in PR 8015.
+void pr8015_D_FIXME() {
+  int number = pr8015_A();
+  const char *numbers[] = { "zero" };
+  if (number == 0) {
+    if (numbers[number] == numbers[0])
+      return;
+    int *p = 0;
+    *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer}}
+  }
+}
+
author	Ted Kremenek <kremenek@apple.com>
	Wed, 1 Sep 2010 23:27:26 +0000 (23:27 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Wed, 1 Sep 2010 23:27:26 +0000 (23:27 +0000)
lib/Checker/RegionStore.cpp		patch \| blob \| history
test/Analysis/misc-ps-region-store.m		patch \| blob \| history