summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Kremenek <kremenek@apple.com>2010-09-01 23:27:26 +0000
committerTed Kremenek <kremenek@apple.com>2010-09-01 23:27:26 +0000
commit0e12f9cc7bef10704a981e08cd9e29792115ba4e (patch)
tree913d39f87bdd761938cc20544c215528ba4d0acd
parent1b87c9a646526641da7f084b5e8d796800a59f9f (diff)
downloadbcm5719-llvm-0e12f9cc7bef10704a981e08cd9e29792115ba4e.tar.gz
bcm5719-llvm-0e12f9cc7bef10704a981e08cd9e29792115ba4e.zip
Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work). This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values.
llvm-svn: 112766
Diffstat
-rw-r--r--clang/lib/Checker/RegionStore.cpp7
-rw-r--r--clang/test/Analysis/misc-ps-region-store.m26
2 files changed, 32 insertions, 1 deletions
diff --git a/clang/lib/Checker/RegionStore.cpp b/clang/lib/Checker/RegionStore.cpp
index 19945a7b3c8..a2019d7a3c2 100644
--- a/clang/lib/Checker/RegionStore.cpp
+++ b/clang/lib/Checker/RegionStore.cpp
@@ -1193,13 +1193,18 @@ SVal RegionStoreManager::RetrieveFieldOrElementCommon(Store store,
}
if (R->hasStackNonParametersStorage()) {
- if (isa<ElementRegion>(R)) {
+ if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
// Currently we don't reason specially about Clang-style vectors. Check
// if superR is a vector and if so return Unknown.
if (const TypedRegion *typedSuperR = dyn_cast<TypedRegion>(superR)) {
if (typedSuperR->getValueType()->isVectorType())
return UnknownVal();
}
+
+ // FIXME: We also need to take ElementRegions with symbolic indexes into
+ // account.
+ if (!ER->getIndex().isConstant())
+ return UnknownVal();
}
return UndefinedVal();
diff --git a/clang/test/Analysis/misc-ps-region-store.m b/clang/test/Analysis/misc-ps-region-store.m
index 8e84de1768f..5b6a7c7bfa6 100644
--- a/clang/test/Analysis/misc-ps-region-store.m
+++ b/clang/test/Analysis/misc-ps-region-store.m
@@ -1090,3 +1090,29 @@ pr8052(u_int boot_addr)
*dst++ = *src++;
}
+// PR 8015 - don't return undefined values for arrays when using a valid
+// symbolic index
+int pr8015_A();
+void pr8015_B(const char *);
+
+void pr8015_C() {
+ int number = pr8015_A();
+ const char *numbers[] = { "zero" };
+ if (number == 0) {
+ pr8015_B(numbers[number]); // no-warning
+ }
+}
+
+// FIXME: This is a false positive due to not reasoning about symbolic
+// array indices correctly. Discussion in PR 8015.
+void pr8015_D_FIXME() {
+ int number = pr8015_A();
+ const char *numbers[] = { "zero" };
+ if (number == 0) {
+ if (numbers[number] == numbers[0])
+ return;
+ int *p = 0;
+ *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer}}
+ }
+}
+
OpenPOWER on IntegriCloud