diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2017-04-24 20:55:07 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2017-04-24 20:55:07 +0000 |
| commit | cbd7cd8360d9bd6c5a083acbf8e63dbc9690e975 (patch) | |
| tree | 904be8d7f31954126189b28e0dd2b9effc8147a3 /clang/test | |
| parent | 9e32aa2587b540592c2a32f7f4885b9278ef6ba4 (diff) | |
| download | bcm5719-llvm-cbd7cd8360d9bd6c5a083acbf8e63dbc9690e975.tar.gz bcm5719-llvm-cbd7cd8360d9bd6c5a083acbf8e63dbc9690e975.zip | |
[analyzer] Improve subscripting null arrays for catching null dereferences.
Array-to-pointer cast now works correctly when the pointer to the array
is concrete, eg. null, which allows further symbolic calculations involving
such values.
Inlined defensive checks are now detected correctly when the resulting null
symbol is being array-subscripted before dereference.
Differential Revision: https://reviews.llvm.org/D32291
llvm-svn: 301251
Diffstat (limited to 'clang/test')
| -rw-r--r-- | clang/test/Analysis/null-deref-offsets.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/clang/test/Analysis/null-deref-offsets.c b/clang/test/Analysis/null-deref-offsets.c index 567c47952b9..988cec4985d 100644 --- a/clang/test/Analysis/null-deref-offsets.c +++ b/clang/test/Analysis/null-deref-offsets.c @@ -7,7 +7,7 @@ struct S { int z[2]; }; -void testOffsets(struct S *s) { +void testOffsets(struct S *s, int coin) { if (s != 0) return; @@ -21,14 +21,17 @@ void testOffsets(struct S *s) { // FIXME: These should ideally be true. clang_analyzer_eval(&(s->y) == 4); // expected-warning{{FALSE}} - clang_analyzer_eval(&(s->z[0]) == 8); // expected-warning{{UNKNOWN}} - clang_analyzer_eval(&(s->z[1]) == 12); // expected-warning{{UNKNOWN}} + clang_analyzer_eval(&(s->z[0]) == 8); // expected-warning{{FALSE}} + clang_analyzer_eval(&(s->z[1]) == 12); // expected-warning{{FALSE}} // FIXME: These should ideally be false. clang_analyzer_eval(&(s->y) == 0); // expected-warning{{TRUE}} - clang_analyzer_eval(&(s->z[0]) == 0); // expected-warning{{UNKNOWN}} - clang_analyzer_eval(&(s->z[1]) == 0); // expected-warning{{UNKNOWN}} - - // But this should still be a null dereference. - s->y = 5; // expected-warning{{Access to field 'y' results in a dereference of a null pointer (loaded from variable 's')}} + clang_analyzer_eval(&(s->z[0]) == 0); // expected-warning{{TRUE}} + clang_analyzer_eval(&(s->z[1]) == 0); // expected-warning{{TRUE}} + + // But these should still be reported as null dereferences. + if (coin) + s->y = 5; // expected-warning{{Access to field 'y' results in a dereference of a null pointer (loaded from variable 's')}} + else + s->z[1] = 6; // expected-warning{{Array access (via field 'z') results in a null pointer dereference}} } |
