Author: dergachev Date: Wed Aug 28 11:44:38 2019 New Revision: 370246 URL: http://llvm.org/viewvc/llvm-project?rev=370246&view=rev Log: [analyzer] Fix analyzer warnings on analyzer.
Write tests for the actual crash that was found. Write comments and refactor code around 17 style bugs and suppress 3 false positives. Differential Revision: https://reviews.llvm.org/D66847 Added: cfe/trunk/test/Analysis/cstring-syntax-weird.c cfe/trunk/test/Analysis/cstring-syntax-weird2.c Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/IteratorChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/LocalizationChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/PointerArithChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp cfe/trunk/lib/StaticAnalyzer/Checkers/VirtualCallChecker.cpp cfe/trunk/lib/StaticAnalyzer/Core/CheckerHelpers.cpp cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h (original) +++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h Wed Aug 28 11:44:38 2019 @@ -169,6 +169,7 @@ public: Kind getKind() const { return kind; } template<typename RegionTy> const RegionTy* getAs() const; + template<typename RegionTy> const RegionTy* castAs() const; virtual bool isBoundable() const { return false; } @@ -1231,6 +1232,11 @@ const RegionTy* MemRegion::getAs() const return nullptr; } +template<typename RegionTy> +const RegionTy* MemRegion::castAs() const { + return cast<RegionTy>(this); +} + //===----------------------------------------------------------------------===// // MemRegionManager - Factory object for creating regions. //===----------------------------------------------------------------------===// Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Wed Aug 28 11:44:38 2019 @@ -156,14 +156,21 @@ bool WalkAST::containsBadStrlcpyStrlcatP const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); - const auto *DstArgDecl = dyn_cast<DeclRefExpr>(DstArg->IgnoreParenImpCasts()); - const auto *LenArgDecl = dyn_cast<DeclRefExpr>(LenArg->IgnoreParenLValueCasts()); + const auto *DstArgDRE = dyn_cast<DeclRefExpr>(DstArg->IgnoreParenImpCasts()); + const auto *LenArgDRE = + dyn_cast<DeclRefExpr>(LenArg->IgnoreParenLValueCasts()); uint64_t DstOff = 0; if (isSizeof(LenArg, DstArg)) return false; + // - size_t dstlen = sizeof(dst) - if (LenArgDecl) { - const auto *LenArgVal = dyn_cast<VarDecl>(LenArgDecl->getDecl()); + if (LenArgDRE) { + const auto *LenArgVal = dyn_cast<VarDecl>(LenArgDRE->getDecl()); + // If it's an EnumConstantDecl instead, then we're missing out on something. + if (!LenArgVal) { + assert(isa<EnumConstantDecl>(LenArgDRE->getDecl())); + return false; + } if (LenArgVal->getInit()) LenArg = LenArgVal->getInit(); } @@ -177,9 +184,10 @@ bool WalkAST::containsBadStrlcpyStrlcatP // Case when there is pointer arithmetic on the destination buffer // especially when we offset from the base decreasing the // buffer length accordingly. - if (!DstArgDecl) { - if (const auto *BE = dyn_cast<BinaryOperator>(DstArg->IgnoreParenImpCasts())) { - DstArgDecl = dyn_cast<DeclRefExpr>(BE->getLHS()->IgnoreParenImpCasts()); + if (!DstArgDRE) { + if (const auto *BE = + dyn_cast<BinaryOperator>(DstArg->IgnoreParenImpCasts())) { + DstArgDRE = dyn_cast<DeclRefExpr>(BE->getLHS()->IgnoreParenImpCasts()); if (BE->getOpcode() == BO_Add) { if ((IL = dyn_cast<IntegerLiteral>(BE->getRHS()->IgnoreParenImpCasts()))) { DstOff = IL->getValue().getZExtValue(); @@ -187,8 +195,9 @@ bool WalkAST::containsBadStrlcpyStrlcatP } } } - if (DstArgDecl) { - if (const auto *Buffer = dyn_cast<ConstantArrayType>(DstArgDecl->getType())) { + if (DstArgDRE) { + if (const auto *Buffer = + dyn_cast<ConstantArrayType>(DstArgDRE->getType())) { ASTContext &C = BR.getContext(); uint64_t BufferLen = C.getTypeSize(Buffer) / 8; auto RemainingBufferLen = BufferLen - DstOff; Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp Wed Aug 28 11:44:38 2019 @@ -204,6 +204,8 @@ void WalkAST::VisitForStmt(ForStmt *FS) // Implements: CERT security coding advisory FLP-30. //===----------------------------------------------------------------------===// +// Returns either 'x' or 'y', depending on which one of them is incremented +// in 'expr', or nullptr if none of them is incremented. static const DeclRefExpr* getIncrementedVar(const Expr *expr, const VarDecl *x, const VarDecl *y) { expr = expr->IgnoreParenCasts(); @@ -289,14 +291,15 @@ void WalkAST::checkLoopConditionForFloat // Does either variable appear in increment? const DeclRefExpr *drInc = getIncrementedVar(increment, vdLHS, vdRHS); - if (!drInc) return; + const VarDecl *vdInc = cast<VarDecl>(drInc->getDecl()); + assert(vdInc && (vdInc == vdLHS || vdInc == vdRHS)); + // Emit the error. First figure out which DeclRefExpr in the condition // referenced the compared variable. - assert(drInc->getDecl()); - const DeclRefExpr *drCond = vdLHS == drInc->getDecl() ? drLHS : drRHS; + const DeclRefExpr *drCond = vdLHS == vdInc ? drLHS : drRHS; SmallVector<SourceRange, 2> ranges; SmallString<256> sbuf; Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp Wed Aug 28 11:44:38 2019 @@ -394,11 +394,11 @@ static const ObjCObjectPointerType *getM } const auto *SuperOfTo = - To->getObjectType()->getSuperClassType()->getAs<ObjCObjectType>(); + To->getObjectType()->getSuperClassType()->castAs<ObjCObjectType>(); assert(SuperOfTo); QualType SuperPtrOfToQual = C.getObjCObjectPointerType(QualType(SuperOfTo, 0)); - const auto *SuperPtrOfTo = SuperPtrOfToQual->getAs<ObjCObjectPointerType>(); + const auto *SuperPtrOfTo = SuperPtrOfToQual->castAs<ObjCObjectPointerType>(); if (To->isUnspecialized()) return getMostInformativeDerivedClassImpl(From, SuperPtrOfTo, SuperPtrOfTo, C); @@ -827,16 +827,15 @@ void DynamicTypePropagation::checkPostOb if (MessageExpr->getReceiverKind() == ObjCMessageExpr::Class && Sel.getAsString() == "class") { QualType ReceiverType = MessageExpr->getClassReceiver(); - const auto *ReceiverClassType = ReceiverType->getAs<ObjCObjectType>(); + const auto *ReceiverClassType = ReceiverType->castAs<ObjCObjectType>(); + if (!ReceiverClassType->isSpecialized()) + return; + QualType ReceiverClassPointerType = C.getASTContext().getObjCObjectPointerType( QualType(ReceiverClassType, 0)); - - if (!ReceiverClassType->isSpecialized()) - return; const auto *InferredType = - ReceiverClassPointerType->getAs<ObjCObjectPointerType>(); - assert(InferredType); + ReceiverClassPointerType->castAs<ObjCObjectPointerType>(); State = State->set<MostSpecializedTypeArgsMap>(RetSym, InferredType); C.addTransition(State); Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/IteratorChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/IteratorChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/IteratorChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/IteratorChecker.cpp Wed Aug 28 11:44:38 2019 @@ -567,7 +567,8 @@ void IteratorChecker::checkPostCall(cons if (Func->isOverloadedOperator()) { const auto Op = Func->getOverloadedOperator(); if (isAssignmentOperator(Op)) { - const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call); + // Overloaded 'operator=' must be a non-static member function. + const auto *InstCall = cast<CXXInstanceCall>(&Call); if (cast<CXXMethodDecl>(Func)->isMoveAssignmentOperator()) { handleAssign(C, InstCall->getCXXThisVal(), Call.getOriginExpr(), Call.getArgSVal(0)); Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/LocalizationChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/LocalizationChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/LocalizationChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/LocalizationChecker.cpp Wed Aug 28 11:44:38 2019 @@ -882,18 +882,17 @@ void NonLocalizedStringChecker::checkPre void NonLocalizedStringChecker::checkPreCall(const CallEvent &Call, CheckerContext &C) const { - const Decl *D = Call.getDecl(); - if (D && isa<FunctionDecl>(D)) { - const FunctionDecl *FD = dyn_cast<FunctionDecl>(D); - auto formals = FD->parameters(); - for (unsigned i = 0, - ei = std::min(unsigned(formals.size()), Call.getNumArgs()); - i != ei; ++i) { - if (isAnnotatedAsTakingLocalized(formals[i])) { - auto actual = Call.getArgSVal(i); - if (hasNonLocalizedState(actual, C)) { - reportLocalizationError(actual, Call, C, i + 1); - } + const auto *FD = dyn_cast_or_null<FunctionDecl>(Call.getDecl()); + if (!FD) + return; + + auto formals = FD->parameters(); + for (unsigned i = 0, ei = std::min(static_cast<unsigned>(formals.size()), + Call.getNumArgs()); i != ei; ++i) { + if (isAnnotatedAsTakingLocalized(formals[i])) { + auto actual = Call.getArgSVal(i); + if (hasNonLocalizedState(actual, C)) { + reportLocalizationError(actual, Call, C, i + 1); } } } Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp Wed Aug 28 11:44:38 2019 @@ -91,11 +91,13 @@ PathDiagnosticPieceRef MPIBugReporter::R return nullptr; const Request *const Req = N->getState()->get<RequestMap>(RequestRegion); + assert(Req && "The region must be tracked and alive, given that we've " + "just emitted a report against it"); const Request *const PrevReq = N->getFirstPred()->getState()->get<RequestMap>(RequestRegion); // Check if request was previously unused or in a different state. - if ((Req && !PrevReq) || (Req->CurrentState != PrevReq->CurrentState)) { + if (!PrevReq || (Req->CurrentState != PrevReq->CurrentState)) { IsNodeFound = true; ProgramPoint P = N->getFirstPred()->getLocation(); Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Wed Aug 28 11:44:38 2019 @@ -1132,14 +1132,13 @@ ProgramStateRef MallocChecker::addExtent // Store the extent size for the (symbolic)region // containing the elements. Region = Target.getAsRegion() - ->getAs<SubRegion>() + ->castAs<SubRegion>() ->StripCasts() - ->getAs<SubRegion>(); + ->castAs<SubRegion>(); } else { ElementCount = svalBuilder.makeIntVal(1, true); - Region = Target.getAsRegion()->getAs<SubRegion>(); + Region = Target.getAsRegion()->castAs<SubRegion>(); } - assert(Region); // Set the region's extent equal to the Size in Bytes. QualType ElementType = NE->getAllocatedType(); @@ -3066,8 +3065,12 @@ PathDiagnosticPieceRef MallocChecker::Ma } } - if (Msg.empty()) + if (Msg.empty()) { + // Silence a memory leak warning by MallocChecker in MallocChecker.cpp :) + assert(!StackHint && "Memory leak!"); return nullptr; + } + assert(StackHint); // Generate the extra diagnostic. Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp Wed Aug 28 11:44:38 2019 @@ -183,7 +183,7 @@ public: QualType CastedType = i->CastedExpr->getType(); if (!CastedType->isPointerType()) continue; - QualType PointeeType = CastedType->getAs<PointerType>()->getPointeeType(); + QualType PointeeType = CastedType->getPointeeType(); if (PointeeType->isVoidType()) continue; Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/PointerArithChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/PointerArithChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/PointerArithChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/PointerArithChecker.cpp Wed Aug 28 11:44:38 2019 @@ -119,12 +119,12 @@ const MemRegion *PointerArithChecker::ge AllocKind &AKind, CheckerContext &C) const { assert(Region); - while (Region->getKind() == MemRegion::Kind::CXXBaseObjectRegionKind) { - Region = Region->getAs<CXXBaseObjectRegion>()->getSuperRegion(); + while (const auto *BaseRegion = dyn_cast<CXXBaseObjectRegion>(Region)) { + Region = BaseRegion->getSuperRegion(); Polymorphic = true; } - if (Region->getKind() == MemRegion::Kind::ElementRegionKind) { - Region = Region->getAs<ElementRegion>()->getSuperRegion(); + if (const auto *ElemRegion = dyn_cast<ElementRegion>(Region)) { + Region = ElemRegion->getSuperRegion(); } ProgramStateRef State = C.getState(); @@ -137,7 +137,7 @@ const MemRegion *PointerArithChecker::ge } // When the region is symbolic and we do not have any information about it, // assume that this is an array to avoid false positives. - if (Region->getKind() == MemRegion::Kind::SymbolicRegionKind) + if (isa<SymbolicRegion>(Region)) return Region; // No AllocKind stored and not symbolic, assume that it points to a single Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp Wed Aug 28 11:44:38 2019 @@ -85,7 +85,7 @@ void UndefinedAssignmentChecker::checkBi } if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) { - const VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); + const VarDecl *VD = cast<VarDecl>(DS->getSingleDecl()); ex = VD->getInit(); } Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp Wed Aug 28 11:44:38 2019 @@ -260,12 +260,13 @@ static llvm::Optional<DereferenceInfo> d break; } - while (R->getAs<CXXBaseObjectRegion>()) { + while (isa<CXXBaseObjectRegion>(R)) { NeedsCastBack = true; - - if (!isa<TypedValueRegion>(R->getSuperRegion())) + const auto *SuperR = dyn_cast<TypedValueRegion>(R->getSuperRegion()); + if (!SuperR) break; - R = R->getSuperRegion()->getAs<TypedValueRegion>(); + + R = SuperR; } return DereferenceInfo{R, NeedsCastBack, /*IsCyclic*/ false}; Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/VirtualCallChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/VirtualCallChecker.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/VirtualCallChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/VirtualCallChecker.cpp Wed Aug 28 11:44:38 2019 @@ -104,7 +104,8 @@ void VirtualCallChecker::checkPreCall(co return; ProgramStateRef State = C.getState(); - const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); + // Member calls are always represented by a call-expression. + const auto *CE = cast<CallExpr>(Call.getOriginExpr()); if (!isVirtualCall(CE)) return; Modified: cfe/trunk/lib/StaticAnalyzer/Core/CheckerHelpers.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/CheckerHelpers.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/CheckerHelpers.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/CheckerHelpers.cpp Wed Aug 28 11:44:38 2019 @@ -91,7 +91,7 @@ parseAssignment(const Stmt *S) { } else if (auto PD = dyn_cast_or_null<DeclStmt>(S)) { // Initialization assert(PD->isSingleDecl() && "We process decls one by one"); - VD = dyn_cast_or_null<VarDecl>(PD->getSingleDecl()); + VD = cast<VarDecl>(PD->getSingleDecl()); RHS = VD->getAnyInitializer(); } Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp Wed Aug 28 11:44:38 2019 @@ -850,8 +850,7 @@ VisitOffsetOfExpr(const OffsetOfExpr *OO if (OOE->EvaluateAsInt(Result, getContext())) { APSInt IV = Result.Val.getInt(); assert(IV.getBitWidth() == getContext().getTypeSize(OOE->getType())); - assert(OOE->getType()->isBuiltinType()); - assert(OOE->getType()->getAs<BuiltinType>()->isInteger()); + assert(OOE->getType()->castAs<BuiltinType>()->isInteger()); assert(IV.isSigned() == OOE->getType()->isSignedIntegerType()); SVal X = svalBuilder.makeIntVal(IV); B.generateNode(OOE, Pred, Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Wed Aug 28 11:44:38 2019 @@ -803,9 +803,8 @@ void ExprEngine::VisitCXXNewExpr(const C if (CNE->isArray()) { // FIXME: allocating an array requires simulating the constructors. // For now, just return a symbolicated region. - if (const SubRegion *NewReg = - dyn_cast_or_null<SubRegion>(symVal.getAsRegion())) { - QualType ObjTy = CNE->getType()->getAs<PointerType>()->getPointeeType(); + if (const auto *NewReg = cast_or_null<SubRegion>(symVal.getAsRegion())) { + QualType ObjTy = CNE->getType()->getPointeeType(); const ElementRegion *EleReg = getStoreManager().GetElementZeroRegion(NewReg, ObjTy); Result = loc::MemRegionVal(EleReg); Modified: cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp Wed Aug 28 11:44:38 2019 @@ -1075,7 +1075,7 @@ MemRegionManager::getCXXBaseObjectRegion const SubRegion *Super, bool IsVirtual) { if (isa<TypedValueRegion>(Super)) { - assert(isValidBaseClass(RD, dyn_cast<TypedValueRegion>(Super), IsVirtual)); + assert(isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual)); (void)&isValidBaseClass; if (IsVirtual) { @@ -1426,6 +1426,7 @@ static RegionOffset calculateOffset(cons case MemRegion::FieldRegionKind: { const auto *FR = cast<FieldRegion>(R); R = FR->getSuperRegion(); + assert(R); const RecordDecl *RD = FR->getDecl()->getParent(); if (RD->isUnion() || !RD->isCompleteDefinition()) { Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Wed Aug 28 11:44:38 2019 @@ -2291,8 +2291,7 @@ RegionBindingsRef RegionStoreManager::bi const TypedValueRegion* R, SVal V) { QualType T = R->getValueType(); - assert(T->isVectorType()); - const VectorType *VT = T->getAs<VectorType>(); // Use getAs for typedefs. + const VectorType *VT = T->castAs<VectorType>(); // Use castAs for typedefs. // Handle lazy compound values and symbolic values. if (V.getAs<nonloc::LazyCompoundVal>() || V.getAs<nonloc::SymbolVal>()) @@ -2377,7 +2376,7 @@ RegionBindingsRef RegionStoreManager::bi QualType T = R->getValueType(); assert(T->isStructureOrClassType()); - const RecordType* RT = T->getAs<RecordType>(); + const RecordType* RT = T->castAs<RecordType>(); const RecordDecl *RD = RT->getDecl(); if (!RD->isCompleteDefinition()) Added: cfe/trunk/test/Analysis/cstring-syntax-weird.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax-weird.c?rev=370246&view=auto ============================================================================== --- cfe/trunk/test/Analysis/cstring-syntax-weird.c (added) +++ cfe/trunk/test/Analysis/cstring-syntax-weird.c Wed Aug 28 11:44:38 2019 @@ -0,0 +1,19 @@ +// RUN: %clang_analyze_cc1 -w -analyzer-checker=unix.cstring.BadSizeArg \ +// RUN: -verify %s + +// expected-no-diagnostics + +typedef __SIZE_TYPE__ size_t; +// The last parameter is normally size_t but the test is about the abnormal +// situation when it's not a size_t. +size_t strlcpy(char *, const char *, int); + +enum WeirdDecl { + AStrangeWayToSpecifyStringLengthCorrectly = 10UL, + AStrangeWayToSpecifyStringLengthIncorrectly = 5UL +}; +void testWeirdDecls(const char *src) { + char dst[10]; + strlcpy(dst, src, AStrangeWayToSpecifyStringLengthCorrectly); // no-crash + strlcpy(dst, src, AStrangeWayToSpecifyStringLengthIncorrectly); // no-crash // no-warning +} Added: cfe/trunk/test/Analysis/cstring-syntax-weird2.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax-weird2.c?rev=370246&view=auto ============================================================================== --- cfe/trunk/test/Analysis/cstring-syntax-weird2.c (added) +++ cfe/trunk/test/Analysis/cstring-syntax-weird2.c Wed Aug 28 11:44:38 2019 @@ -0,0 +1,17 @@ +// RUN: %clang_analyze_cc1 -w -analyzer-checker=unix.cstring.BadSizeArg \ +// RUN: -verify %s + +// expected-no-diagnostics + +typedef __SIZE_TYPE__ size_t; +// The last parameter is normally size_t but the test is about the abnormal +// situation when it's not a size_t. +size_t strlcpy(char *, const char *, void (*)()); + +void foo(); + +void testWeirdDecls(const char *src) { + char dst[10]; + strlcpy(dst, src, foo); // no-crash + strlcpy(dst, src, &foo); // no-crash +} Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=370246&r1=370245&r2=370246&view=diff ============================================================================== --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Wed Aug 28 11:44:38 2019 @@ -1,7 +1,18 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s -// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s -// RUN: %clang_analyze_cc1 -triple aarch64_be-none-linux-gnu -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s -// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\ +// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \ +// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument +// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\ +// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \ +// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\ +// RUN: -triple armv7-a15-linux +// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\ +// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \ +// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\ +// RUN: -triple aarch64_be-none-linux-gnu +// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\ +// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \ +// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\ +// RUN: -triple i386-apple-darwin10 typedef __SIZE_TYPE__ size_t; char *strncat(char *, const char *, size_t); _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
