Author: Balazs Benics Date: 2023-08-28T12:02:48+02:00 New Revision: 985e399647d591d6130ba6fe08c5b5f6cb87d9f6
URL: https://github.com/llvm/llvm-project/commit/985e399647d591d6130ba6fe08c5b5f6cb87d9f6 DIFF: https://github.com/llvm/llvm-project/commit/985e399647d591d6130ba6fe08c5b5f6cb87d9f6.diff LOG: [analyzer] Fix assertion on casting SVal to NonLoc inside the IteratorRange checker The checker assumed that it could safely cast an SVal to Nonloc. This surfaced because, with std::ranges, we can unintentionally match on other APIs as well, thus increasing the likelihood of violating checker assumptions about the context it's invoked. https://godbolt.org/z/13vEb3K76 See the discourse post on CallDescriptions and std::ranges here. https://discourse.llvm.org/t/calldescriptions-should-not-skip-the-ranges-part-in-std-names-when-matching/73076 Fixes https://github.com/llvm/llvm-project/issues/65009 Differential Revision: https://reviews.llvm.org/D158968 Added: Modified: clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp clang/test/Analysis/iterator-range.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp index c682449921acc6..7740c3d4da1ec2 100644 --- a/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp @@ -228,7 +228,7 @@ void IteratorRangeChecker::verifyRandomIncrOrDecr(CheckerContext &C, Value = State->getRawSVal(*ValAsLoc); } - if (Value.isUnknownOrUndef()) + if (Value.isUnknownOrUndef() || !isa<NonLoc>(Value)) return; // Incremention or decremention by 0 is never a bug. diff --git a/clang/test/Analysis/iterator-range.cpp b/clang/test/Analysis/iterator-range.cpp index 849a1e9814ae39..ba5d0144775e92 100644 --- a/clang/test/Analysis/iterator-range.cpp +++ b/clang/test/Analysis/iterator-range.cpp @@ -946,3 +946,14 @@ int uninit_var(int n) { // expected-warning@-1 {{The right operand of '-' is a garbage value}} // expected-note@-2 {{The right operand of '-' is a garbage value}} } + +namespace std { +namespace ranges { + template <class InOutIter, class Sentinel> + InOutIter next(InOutIter, Sentinel); +} // namespace ranges +} // namespace std + +void gh65009__no_crash_on_ranges_next(int **begin, int **end) { + (void)std::ranges::next(begin, end); // no-crash +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
