ASDenysPetrov updated this revision to Diff 254225.
ASDenysPetrov edited the summary of this revision.
ASDenysPetrov added a comment.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
Reworked solution. Simplified CStringChecker::assumeZero.
Added test (taken from the bug).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D77062/new/
https://reviews.llvm.org/D77062
Files:
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
clang/test/Analysis/string.c
Index: clang/test/Analysis/string.c
===================================================================
--- clang/test/Analysis/string.c
+++ clang/test/Analysis/string.c
@@ -363,6 +363,14 @@
strcpy(x, y); // no-warning
}
+void* func_strcpy_no_assertion();
+char*** ptr_strcpy_no_assertion;
+void strcpy_no_assertion() {
+ *(unsigned char **)ptr_strcpy_no_assertion = (unsigned
char*)(func_strcpy_no_assertion());
+ char c;
+ strcpy(**ptr_strcpy_no_assertion, &c); // no-assertion
+}
+
//===----------------------------------------------------------------------===
// stpcpy()
//===----------------------------------------------------------------------===
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -266,13 +266,16 @@
std::pair<ProgramStateRef , ProgramStateRef >
CStringChecker::assumeZero(CheckerContext &C, ProgramStateRef state, SVal V,
QualType Ty) {
+ auto states = std::make_pair(state, state);
+
+ // LazyCompoundVal cannot be handled by assume
Optional<DefinedSVal> val = V.getAs<DefinedSVal>();
- if (!val)
- return std::pair<ProgramStateRef , ProgramStateRef >(state, state);
+ if (val && !V.getAs<nonloc::LazyCompoundVal>()) {
+ // return pair shall be {null, non-null} so reorder states
+ std::tie(states.second, states.first) = state->assume(*val);
+ }
- SValBuilder &svalBuilder = C.getSValBuilder();
- DefinedOrUnknownSVal zero = svalBuilder.makeZeroVal(Ty);
- return state->assume(svalBuilder.evalEQ(state, *val, zero));
+ return states;
}
ProgramStateRef CStringChecker::checkNonNull(CheckerContext &C,
Index: clang/test/Analysis/string.c
===================================================================
--- clang/test/Analysis/string.c
+++ clang/test/Analysis/string.c
@@ -363,6 +363,14 @@
strcpy(x, y); // no-warning
}
+void* func_strcpy_no_assertion();
+char*** ptr_strcpy_no_assertion;
+void strcpy_no_assertion() {
+ *(unsigned char **)ptr_strcpy_no_assertion = (unsigned char*)(func_strcpy_no_assertion());
+ char c;
+ strcpy(**ptr_strcpy_no_assertion, &c); // no-assertion
+}
+
//===----------------------------------------------------------------------===
// stpcpy()
//===----------------------------------------------------------------------===
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -266,13 +266,16 @@
std::pair<ProgramStateRef , ProgramStateRef >
CStringChecker::assumeZero(CheckerContext &C, ProgramStateRef state, SVal V,
QualType Ty) {
+ auto states = std::make_pair(state, state);
+
+ // LazyCompoundVal cannot be handled by assume
Optional<DefinedSVal> val = V.getAs<DefinedSVal>();
- if (!val)
- return std::pair<ProgramStateRef , ProgramStateRef >(state, state);
+ if (val && !V.getAs<nonloc::LazyCompoundVal>()) {
+ // return pair shall be {null, non-null} so reorder states
+ std::tie(states.second, states.first) = state->assume(*val);
+ }
- SValBuilder &svalBuilder = C.getSValBuilder();
- DefinedOrUnknownSVal zero = svalBuilder.makeZeroVal(Ty);
- return state->assume(svalBuilder.evalEQ(state, *val, zero));
+ return states;
}
ProgramStateRef CStringChecker::checkNonNull(CheckerContext &C,
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
