https://llvm.org/bugs/show_bug.cgi?id=27923
Bug ID: 27923
Summary: static analyzer not deal with VLA checking well...
Product: clang
Version: 3.8
Hardware: PC
OS: All
Status: NEW
Severity: release blocker
Priority: P
Component: Static Analyzer
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
clang -cc1 -analyze -analyzer-checker=alpha
llvm/tools/clang/test/Analysis/outofbound-notwork.c
no expected warnings emmited, after investigation the VLA tracking is not well
dealt with.
void sizeof_vla(int a) {
if (a == 5) {
char x[a];
int y[sizeof(x)];
y[4] = 4; // no-warning
y[5] = 5; // expected-warning{{out-of-bound}}
}
}
to get x's extent, I use
static SVal getExtentVal(const SubRegion* R, SValBuilder& SB, CheckerContext
&checkerContext) {
if(auto TR = dyn_cast<const TypedValueRegion>(R)) {
if (isa<VariableArrayType>(TR->getValueType())) {
Expr* ext = cast<VariableArrayType>(TR->getValueType())->getSizeExpr();
ext->dump();
return checkerContext.getSVal(ext);
}
}
return R->getExtent(SB);
}
to get the symbolic extent of a, but not succeed, am I wrong or it's a defect
of the SA engine?
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
