From: Anna Zaks <ganna@apple.com>
Date: Thu, 2 Feb 2012 01:30:08 +0000 (+0000)
Subject: [analyzer] Fix a false positive in the CFArrayCreate check that surfaces
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f196a90b26479a2c67959c6715491763cbc8ade1;p=clang

[analyzer] Fix a false positive in the CFArrayCreate check that surfaces
the the code like this (due to x and &x being the same value but
different size):

void* x[] = { ptr1, ptr2, ptr3 };
CFArrayCreate(NULL, (const void **) &x, count, NULL);

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149579 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
index e5c133427f..fc24c1888b 100644
--- a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
@@ -48,8 +48,17 @@ class WalkAST : public StmtVisitor<WalkAST> {
     // The type could be either a pointer or array.
     const Type *TP = T.getTypePtr();
     QualType PointeeT = TP->getPointeeType();
-    if (!PointeeT.isNull())
+    if (!PointeeT.isNull()) {
+      // If the type is a pointer to an array, check the size of the array
+      // elements. To avoid false positives coming from assumption that the
+      // values x and &x are equal when x is an array.
+      if (const Type *TElem = PointeeT->getArrayElementTypeNoTypeQual())
+        if (isPointerSize(TElem))
+          return true;
+
+      // Else, check the pointee size.
       return isPointerSize(PointeeT.getTypePtr());
+    }
 
     if (const Type *TElem = TP->getArrayElementTypeNoTypeQual())
       return isPointerSize(TElem);
diff --git a/test/Analysis/CFContainers.mm b/test/Analysis/CFContainers.mm
index 5243c15817..ec6746bb72 100644
--- a/test/Analysis/CFContainers.mm
+++ b/test/Analysis/CFContainers.mm
@@ -164,3 +164,22 @@ void TestGetCount(CFArrayRef A, CFIndex sIndex, CFIndex badIndex) {
     const void *s1 = CFArrayGetValueAtIndex(A, sIndex);
   const void *s2 = CFArrayGetValueAtIndex(A, sCount);// expected-warning {{Index is out of bounds}}
 }
+
+typedef void* XX[3];
+void TestPointerToArray(int *elems, void *p1, void *p2, void *p3, unsigned count, void* fn[], char cp[]) {
+  void* x[] = { p1, p2, p3 };
+  CFArrayCreate(0, (const void **) &x, count, 0); // no warning
+
+  void* y[] = { p1, p2, p3 };
+  CFArrayCreate(0, (const void **) y, count, 0); // no warning
+  XX *z = &x;
+  CFArrayCreate(0, (const void **) z, count, 0); // no warning
+
+  CFArrayCreate(0, (const void **) &fn, count, 0); // false negative
+  CFArrayCreate(0, (const void **) fn, count, 0); // no warning
+  CFArrayCreate(0, (const void **) cp, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+
+  char cc[] = { 0, 2, 3 };
+  CFArrayCreate(0, (const void **) &cc, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+  CFArrayCreate(0, (const void **) cc, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+}