From: Ted Kremenek Date: Tue, 27 Jan 2009 18:29:03 +0000 (+0000) Subject: Fix bug in BasicStore::getLValueElement where if the base of an array subscript expre... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d76d47eb5f5afffcf25fe8c42521867ccad4073b;p=clang Fix bug in BasicStore::getLValueElement where if the base of an array subscript expression was an ElementRegion we stacked another ElementRegion on top of that. This fixes PR 3422. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63110 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Analysis/BasicStore.cpp b/lib/Analysis/BasicStore.cpp index a36a239e0d..2feea594b8 100644 --- a/lib/Analysis/BasicStore.cpp +++ b/lib/Analysis/BasicStore.cpp @@ -203,7 +203,6 @@ SVal BasicStoreManager::getLValueField(const GRState* St, SVal Base, SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base, SVal Offset) { - if (Base.isUnknownOrUndef()) return Base; @@ -233,6 +232,17 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base, case loc::MemRegionKind: { const MemRegion *R = cast(BaseL).getRegion(); + + if (isa(R)) { + // Basic example: + // char buf[100]; + // char *q = &buf[1]; // p points to ElementRegion(buf,Unknown) + // &q[10] + assert(cast(R)->getIndex().isUnknown()); + return Base; + } + + if (const TypedRegion *TR = dyn_cast(R)) { BaseR = TR; break; @@ -244,7 +254,7 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base, break; } - + case loc::ConcreteIntKind: // While these seem funny, this can happen through casts. // FIXME: What we should return is the field offset. For example, diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m index f221f8b989..4e7f0ad5b3 100644 --- a/test/Analysis/misc-ps.m +++ b/test/Analysis/misc-ps.m @@ -100,3 +100,11 @@ void handle_sizeof_void(unsigned flag) { *p = 1; // no-warning } +// PR 3422 +void pr3422_helper(char *p); +void pr3422() { + char buf[100]; + char *q = &buf[10]; + pr3422_helper(&q[1]); +} +