From: Kristof Umann <dkszelethus@gmail.com>
Date: Sun, 16 Jun 2019 14:52:56 +0000 (+0000)
Subject: [analyzer] Track indices of arrays
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=79bbbd4575947357e5a6dc31ac413927f8922ea8;p=clang

[analyzer] Track indices of arrays

Often times, when an ArraySubscriptExpr was reported as null or
undefined, the bug report was difficult to understand, because the
analyzer explained why arr[i] has that value, but didn't realize that in
fact i's value is very important as well. This patch fixes this by
tracking the indices of arrays.

Differential Revision: https://reviews.llvm.org/D63080

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@363510 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
index 6ed2547068..be6e233458 100644
--- a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -1740,6 +1740,10 @@ bool bugreporter::trackExpressionValue(const ExplodedNode *InputNode,
   if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode))
     trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
 
+  if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
+    trackExpressionValue(
+        LVNode, Arr->getIdx(), report, EnableNullFPSuppression);
+
   // See if the expression we're interested refers to a variable.
   // If so, we can track both its contents and constraints on its value.
   if (ExplodedGraph::isInterestingLValueExpr(Inner)) {
diff --git a/test/Analysis/diagnostics/track_subexpressions.cpp b/test/Analysis/diagnostics/track_subexpressions.cpp
index e5a6b8ff11..9097a05a49 100644
--- a/test/Analysis/diagnostics/track_subexpressions.cpp
+++ b/test/Analysis/diagnostics/track_subexpressions.cpp
@@ -17,3 +17,28 @@ void shift_by_undefined_value() {
   (void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
                                       // expected-note@-1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
 }
+
+namespace array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+  int a;
+  if (x > 0)
+    a = 3;
+  else
+    a = 2;
+  return a;
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+  int arr[10];
+
+  for (int i = 0; i < 3; ++i)
+    arr[i] = 0;
+  int x = getInt();
+  int n = getIndex(x);
+  consume(arr[n]);
+}
+} // end of namespace array_index_tracking