This revision was automatically updated to reflect the committed changes.
Closed by commit rGbe744da01f9d: [analyzer] Fix ValistChecker false-positive
involving symbolic pointers (authored by steakhal).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D124239/new/
https://reviews.llvm.org/D124239
Files:
clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
clang/test/Analysis/valist-uninitialized-no-undef.c
Index: clang/test/Analysis/valist-uninitialized-no-undef.c
===================================================================
--- clang/test/Analysis/valist-uninitialized-no-undef.c
+++ clang/test/Analysis/valist-uninitialized-no-undef.c
@@ -16,11 +16,20 @@
void f6(va_list *fst, ...) {
va_start(*fst, fst);
- // FIXME: There should be no warning for this.
- (void)va_arg(*fst, int); // expected-warning{{va_arg() is called on an
uninitialized va_list}}
- // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
+ (void)va_arg(*fst, int);
va_end(*fst);
-}
+}
+
+int va_list_get_int(va_list *va) {
+ return va_arg(*va, int); // no-warning
+}
+
+struct MyVaList {
+ va_list l;
+};
+int va_list_get_int2(struct MyVaList *va) {
+ return va_arg(va->l, int); // no-warning
+}
void call_vprintf_bad(int isstring, ...) {
va_list va;
Index: clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
@@ -178,7 +178,7 @@
if (isa<ParmVarDecl>(DeclReg->getDecl()))
Reg = C.getState()->getSVal(SV.castAs<Loc>()).getAsRegion();
}
- IsSymbolic = Reg && Reg->getAs<SymbolicRegion>();
+ IsSymbolic = Reg && Reg->getBaseRegion()->getAs<SymbolicRegion>();
// Some VarRegion based VA lists reach here as ElementRegions.
const auto *EReg = dyn_cast_or_null<ElementRegion>(Reg);
return (EReg && VaListModelledAsArray) ? EReg->getSuperRegion() : Reg;
Index: clang/test/Analysis/valist-uninitialized-no-undef.c
===================================================================
--- clang/test/Analysis/valist-uninitialized-no-undef.c
+++ clang/test/Analysis/valist-uninitialized-no-undef.c
@@ -16,11 +16,20 @@
void f6(va_list *fst, ...) {
va_start(*fst, fst);
- // FIXME: There should be no warning for this.
- (void)va_arg(*fst, int); // expected-warning{{va_arg() is called on an uninitialized va_list}}
- // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
+ (void)va_arg(*fst, int);
va_end(*fst);
-}
+}
+
+int va_list_get_int(va_list *va) {
+ return va_arg(*va, int); // no-warning
+}
+
+struct MyVaList {
+ va_list l;
+};
+int va_list_get_int2(struct MyVaList *va) {
+ return va_arg(va->l, int); // no-warning
+}
void call_vprintf_bad(int isstring, ...) {
va_list va;
Index: clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/ValistChecker.cpp
@@ -178,7 +178,7 @@
if (isa<ParmVarDecl>(DeclReg->getDecl()))
Reg = C.getState()->getSVal(SV.castAs<Loc>()).getAsRegion();
}
- IsSymbolic = Reg && Reg->getAs<SymbolicRegion>();
+ IsSymbolic = Reg && Reg->getBaseRegion()->getAs<SymbolicRegion>();
// Some VarRegion based VA lists reach here as ElementRegions.
const auto *EReg = dyn_cast_or_null<ElementRegion>(Reg);
return (EReg && VaListModelledAsArray) ? EReg->getSuperRegion() : Reg;
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
