From: Ted Kremenek Date: Wed, 1 Sep 2010 23:27:26 +0000 (+0000) Subject: Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=41be967969b060d7192411665138de539d59d93b;p=clang Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work). This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112766 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp index 19945a7b3c..a2019d7a3c 100644 --- a/lib/Checker/RegionStore.cpp +++ b/lib/Checker/RegionStore.cpp @@ -1193,13 +1193,18 @@ SVal RegionStoreManager::RetrieveFieldOrElementCommon(Store store, } if (R->hasStackNonParametersStorage()) { - if (isa(R)) { + if (const ElementRegion *ER = dyn_cast(R)) { // Currently we don't reason specially about Clang-style vectors. Check // if superR is a vector and if so return Unknown. if (const TypedRegion *typedSuperR = dyn_cast(superR)) { if (typedSuperR->getValueType()->isVectorType()) return UnknownVal(); } + + // FIXME: We also need to take ElementRegions with symbolic indexes into + // account. + if (!ER->getIndex().isConstant()) + return UnknownVal(); } return UndefinedVal(); diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 8e84de1768..5b6a7c7bfa 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -1090,3 +1090,29 @@ pr8052(u_int boot_addr) *dst++ = *src++; } +// PR 8015 - don't return undefined values for arrays when using a valid +// symbolic index +int pr8015_A(); +void pr8015_B(const char *); + +void pr8015_C() { + int number = pr8015_A(); + const char *numbers[] = { "zero" }; + if (number == 0) { + pr8015_B(numbers[number]); // no-warning + } +} + +// FIXME: This is a false positive due to not reasoning about symbolic +// array indices correctly. Discussion in PR 8015. +void pr8015_D_FIXME() { + int number = pr8015_A(); + const char *numbers[] = { "zero" }; + if (number == 0) { + if (numbers[number] == numbers[0]) + return; + int *p = 0; + *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer}} + } +} +