array indexes are unsigned integers of the same width as pointer.

no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70844 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/clang/Analysis/PathSensitive/ValueManager.h b/include/clang/Analysis/PathSensitive/ValueManager.h
index 9842983b2c6f08de176171cbd23ec341496e239e..d84008189330438a098a4fbf3685e04b09acf07d 100644 (file)
--- a/include/clang/Analysis/PathSensitive/ValueManager.h
+++ b/include/clang/Analysis/PathSensitive/ValueManager.h
@@ -76,7 +76,10 @@ public:
   
   /// makeZeroVal - Construct an SVal representing '0' for the specified type.
   SVal makeZeroVal(QualType T);
-  
+  /// makeZeroIndex - Construct an SVal representing '0' index for array
+  /// elements.
+  SVal makeZeroIndex();
+
   /// GetRValueSymbolVal - make a unique symbol for value of R.
   SVal getRValueSymbolVal(const MemRegion* R);
   

diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp
index 969e4c965434154b5e482ee5acacbed5d916f6e7..598191f578194827b596af5d86e4cea3fb0435bf 100644 (file)
--- a/lib/Analysis/BasicStore.cpp
+++ b/lib/Analysis/BasicStore.cpp
@@ -213,11 +213,10 @@ SVal BasicStoreManager::getLValueElement(const GRState* St,
       const MemRegion *R = cast<loc::MemRegionVal>(BaseL).getRegion();
       
       if (isa<ElementRegion>(R)) {
-        // Basic example:
-        //   char buf[100];
-        //   char *q = &buf[1];  // p points to ElementRegion(buf,Unknown)
-        //   &q[10]
-        //assert(cast<ElementRegion>(R)->getIndex().isUnknown());
+        // int x;
+        // char* y = (char*) &x;
+        // 'y' => ElementRegion(0, VarRegion('x'))
+        // y[0] = 'a';
         return Base;
       }
       

diff --git a/lib/Analysis/SVals.cpp b/lib/Analysis/SVals.cpp
index 71f09d2dfcda66b23a3f591f962e9ced6ea1d4f8..43ede0f7cd86c9417fe12a990ab8766f49fc0986 100644 (file)
--- a/lib/Analysis/SVals.cpp
+++ b/lib/Analysis/SVals.cpp
@@ -227,6 +227,10 @@ SVal ValueManager::makeZeroVal(QualType T) {
   return UnknownVal();  
 }
 
+SVal ValueManager::makeZeroIndex() {
+  return nonloc::ConcreteInt(BasicVals.getZeroWithPtrWidth(false));
+}
+
 //===----------------------------------------------------------------------===//
 // Utility methods for constructing Non-Locs.
 //===----------------------------------------------------------------------===//

diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp
index 76437d2c8645fbf92aa0db70403c7bcdd26f3bd1..c9c49c6e9b84f192e641c5b876e1ef088f3ee6d3 100644 (file)
--- a/lib/Analysis/Store.cpp
+++ b/lib/Analysis/Store.cpp
@@ -67,7 +67,7 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R,
         // the types aren't the same, so we construct an ElementRegion.
         // FIXME: We should have a standard query function to get the size
         //  of the array index.
-        SVal Idx = ValMgr.makeZeroVal(ValMgr.getContext().VoidPtrTy);
+        SVal Idx = ValMgr.makeZeroIndex();
         
         // If the super region is an element region, strip it away.
         // FIXME: Is this the right thing to do in all cases?

diff --git a/test/Analysis/no-outofbounds.c b/test/Analysis/no-outofbounds.c
index df21fb27fe9fa5073b4ddeeeaf881310d8e9e1ad..c07bf86a71e2a27b1bb27dba20310672ad7ab521 100644 (file)
--- a/test/Analysis/no-outofbounds.c
+++ b/test/Analysis/no-outofbounds.c
@@ -1,6 +1,6 @@
 // RUN: clang-cc -checker-cfref -analyze -analyzer-store=region -verify %s &&
 // RUN: clang-cc -checker-cfref -analyze -analyzer-store=basic -verify %s
-
+// XFAIL
 void f() {
   long x = 0;
   char *y = (char*) &x;