Author: xazax Date: Tue Oct 10 04:01:49 2017 New Revision: 315296 URL: http://llvm.org/viewvc/llvm-project?rev=315296&view=rev Log: [analyzer] Implement pointer arithmetic on constants
Patch by: Rafael Stahl! Differential Revision: https://reviews.llvm.org/D37478 Added: cfe/trunk/test/Analysis/pointer-arithmetic.c Modified: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp?rev=315296&r1=315295&r2=315296&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp Tue Oct 10 04:01:49 2017 @@ -922,6 +922,10 @@ SVal SimpleSValBuilder::evalBinOpLN(Prog if (rhs.isZeroConstant()) return lhs; + // Perserve the null pointer so that it can be found by the DerefChecker. + if (lhs.isZeroConstant()) + return lhs; + // We are dealing with pointer arithmetic. // Handle pointer arithmetic on constant values. @@ -937,6 +941,8 @@ SVal SimpleSValBuilder::evalBinOpLN(Prog // Offset the increment by the pointer size. llvm::APSInt Multiplicand(rightI.getBitWidth(), /* isUnsigned */ true); + QualType pointeeType = resultTy->getPointeeType(); + Multiplicand = getContext().getTypeSizeInChars(pointeeType).getQuantity(); rightI *= Multiplicand; // Compute the adjusted pointer. Added: cfe/trunk/test/Analysis/pointer-arithmetic.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/pointer-arithmetic.c?rev=315296&view=auto ============================================================================== --- cfe/trunk/test/Analysis/pointer-arithmetic.c (added) +++ cfe/trunk/test/Analysis/pointer-arithmetic.c Tue Oct 10 04:01:49 2017 @@ -0,0 +1,30 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s + +int test1() { + int *p = (int *)sizeof(int); + p -= 1; + return *p; // expected-warning {{Dereference of null pointer}} +} + +int test2() { + int *p = (int *)sizeof(int); + p -= 2; + p += 1; + return *p; // expected-warning {{Dereference of null pointer}} +} + +int test3() { + int *p = (int *)sizeof(int); + p++; + p--; + p--; + return *p; // expected-warning {{Dereference of null pointer}} +} + +int test4() { + // This is a special case where pointer arithmetic is not calculated to + // preserve useful warnings on dereferences of null pointers. + int *p = 0; + p += 1; + return *p; // expected-warning {{Dereference of null pointer}} +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
