Often times, when an ArraySubscriptExpr was reported as null or
undefined, the bug report was difficult to understand, because the
analyzer explained why arr[i] has that value, but didn't realize that in
fact i's value is very important as well. This patch fixes this by
tracking the indices of arrays.
Differential Revision: https://reviews.llvm.org/D63080
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@363510
91177308-0d34-0410-b5e6-
96231b3b80d8
if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode))
trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
+ if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
+ trackExpressionValue(
+ LVNode, Arr->getIdx(), report, EnableNullFPSuppression);
+
// See if the expression we're interested refers to a variable.
// If so, we can track both its contents and constraints on its value.
if (ExplodedGraph::isInterestingLValueExpr(Inner)) {
(void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
// expected-note@-1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
}
+
+namespace array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+ int a;
+ if (x > 0)
+ a = 3;
+ else
+ a = 2;
+ return a;
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+ int arr[10];
+
+ for (int i = 0; i < 3; ++i)
+ arr[i] = 0;
+ int x = getInt();
+ int n = getIndex(x);
+ consume(arr[n]);
+}
+} // end of namespace array_index_tracking
projects / clang / commitdiff