diff options
| author | Kristof Umann <dkszelethus@gmail.com> | 2019-06-16 14:52:56 +0000 |
|---|---|---|
| committer | Kristof Umann <dkszelethus@gmail.com> | 2019-06-16 14:52:56 +0000 |
| commit | 33b46a6df0b0c781eb8c6b93b0aac55680a26eff (patch) | |
| tree | 88bfd1444b840420a1bd1fd4069e1fff842e1143 /clang | |
| parent | 9ff09d49daea74afafa78ddd9af8b3b28c6743e4 (diff) | |
| download | bcm5719-llvm-33b46a6df0b0c781eb8c6b93b0aac55680a26eff.tar.gz bcm5719-llvm-33b46a6df0b0c781eb8c6b93b0aac55680a26eff.zip | |
[analyzer] Track indices of arrays
Often times, when an ArraySubscriptExpr was reported as null or
undefined, the bug report was difficult to understand, because the
analyzer explained why arr[i] has that value, but didn't realize that in
fact i's value is very important as well. This patch fixes this by
tracking the indices of arrays.
Differential Revision: https://reviews.llvm.org/D63080
llvm-svn: 363510
Diffstat (limited to 'clang')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp | 4 | ||||
| -rw-r--r-- | clang/test/Analysis/diagnostics/track_subexpressions.cpp | 25 |
2 files changed, 29 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp index 6ed25470681..be6e2334586 100644 --- a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -1740,6 +1740,10 @@ bool bugreporter::trackExpressionValue(const ExplodedNode *InputNode, if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode)) trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression); + if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner)) + trackExpressionValue( + LVNode, Arr->getIdx(), report, EnableNullFPSuppression); + // See if the expression we're interested refers to a variable. // If so, we can track both its contents and constraints on its value. if (ExplodedGraph::isInterestingLValueExpr(Inner)) { diff --git a/clang/test/Analysis/diagnostics/track_subexpressions.cpp b/clang/test/Analysis/diagnostics/track_subexpressions.cpp index e5a6b8ff115..9097a05a490 100644 --- a/clang/test/Analysis/diagnostics/track_subexpressions.cpp +++ b/clang/test/Analysis/diagnostics/track_subexpressions.cpp @@ -17,3 +17,28 @@ void shift_by_undefined_value() { (void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}} // expected-note@-1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}} } + +namespace array_index_tracking { +void consume(int); + +int getIndex(int x) { + int a; + if (x > 0) + a = 3; + else + a = 2; + return a; +} + +int getInt(); + +void testArrayIndexTracking() { + int arr[10]; + + for (int i = 0; i < 3; ++i) + arr[i] = 0; + int x = getInt(); + int n = getIndex(x); + consume(arr[n]); +} +} // end of namespace array_index_tracking |
