ASDenysPetrov created this revision.
ASDenysPetrov added reviewers: dcoughlin, NoQ, alexfh.
ASDenysPetrov added a project: clang.
Herald added subscribers: cfe-commits, martong, Charusso, dkrupp, donat.nagy,
Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun.
Problem:
The issue is that UnknownVal is produced for an array element when it is used
in expressions with unknown bounds and unknown index. Thus it doesn't bind in
the list of Expressions and never be used twice then.
Solution:
Produce symbolic values for array elements instead of UnknownVal. This also
enables to bind these values and use them later in the next expressions.
This fixes https://bugs.llvm.org/show_bug.cgi?id=9289
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D81254
Files:
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
clang/test/Analysis/PR9289.cpp
Index: clang/test/Analysis/PR9289.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/PR9289.cpp
@@ -0,0 +1,32 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+
+int fun(const int *a, int index) {
+ int var;
+ int ret = 0;
+ if (a[index] < 2)
+ var = 1;
+ if (a[index] < 2)
+ ret = var; // no warning about garbage value
+ return ret;
+}
+
+int fun2(const int **a, int index, int index2) {
+ int var;
+ int ret = 0;
+ if (a[index][index2] < 2)
+ var = 1;
+ if (a[index][index2] < 2)
+ ret = var; // no warning about garbage value
+ return ret;
+}
+
+int fun3(const int *a, int index, int index2) {
+ int var;
+ int ret = 0;
+ if (a[index] < 2)
+ var = 1;
+ index = index2;
+ if (a[index] < 2)
+ ret = var; // expected-warning{{Assigned value is garbage or undefined
[core.uninitialized.Assign]}}
+ return ret;
+}
Index: clang/lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1704,9 +1704,9 @@
// FIXME: This is a hack, and doesn't do anything really intelligent yet.
const RegionRawOffset &O = R->getAsArrayOffset();
- // If we cannot reason about the offset, return an unknown value.
+ // If we cannot reason about the offset, return a symbolic value.
if (!O.getRegion())
- return UnknownVal();
+ return svalBuilder.getRegionValueSymbolVal(R);
if (const TypedValueRegion *baseR =
dyn_cast_or_null<TypedValueRegion>(O.getRegion())) {
Index: clang/test/Analysis/PR9289.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/PR9289.cpp
@@ -0,0 +1,32 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+
+int fun(const int *a, int index) {
+ int var;
+ int ret = 0;
+ if (a[index] < 2)
+ var = 1;
+ if (a[index] < 2)
+ ret = var; // no warning about garbage value
+ return ret;
+}
+
+int fun2(const int **a, int index, int index2) {
+ int var;
+ int ret = 0;
+ if (a[index][index2] < 2)
+ var = 1;
+ if (a[index][index2] < 2)
+ ret = var; // no warning about garbage value
+ return ret;
+}
+
+int fun3(const int *a, int index, int index2) {
+ int var;
+ int ret = 0;
+ if (a[index] < 2)
+ var = 1;
+ index = index2;
+ if (a[index] < 2)
+ ret = var; // expected-warning{{Assigned value is garbage or undefined [core.uninitialized.Assign]}}
+ return ret;
+}
Index: clang/lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1704,9 +1704,9 @@
// FIXME: This is a hack, and doesn't do anything really intelligent yet.
const RegionRawOffset &O = R->getAsArrayOffset();
- // If we cannot reason about the offset, return an unknown value.
+ // If we cannot reason about the offset, return a symbolic value.
if (!O.getRegion())
- return UnknownVal();
+ return svalBuilder.getRegionValueSymbolVal(R);
if (const TypedValueRegion *baseR =
dyn_cast_or_null<TypedValueRegion>(O.getRegion())) {
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
