diff options
| -rw-r--r-- | clang/lib/Analysis/CFRefCount.cpp | 13 | ||||
| -rw-r--r-- | clang/test/Analysis/array-struct.c | 12 |
2 files changed, 23 insertions, 2 deletions
diff --git a/clang/lib/Analysis/CFRefCount.cpp b/clang/lib/Analysis/CFRefCount.cpp index 1010b65209f..618214e1c57 100644 --- a/clang/lib/Analysis/CFRefCount.cpp +++ b/clang/lib/Analysis/CFRefCount.cpp @@ -2796,7 +2796,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst, // to identify conjured symbols by an expression pair: the enclosing // expression (the context) and the expression itself. This should // disambiguate conjured symbols. - + unsigned Count = Builder.getCurrentBlockCount(); const TypedRegion* R = dyn_cast<TypedRegion>(MR->getRegion()); if (R) { @@ -2833,7 +2833,7 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst, if (R->isBoundable()) { // Set the value of the variable to be a conjured symbol. - unsigned Count = Builder.getCurrentBlockCount(); + QualType T = R->getValueType(Ctx); if (Loc::IsLocType(T) || (T->isIntegerType() && T->isScalarType())){ @@ -2895,6 +2895,15 @@ void CFRefCount::EvalSummary(ExplodedNodeSet<GRState>& Dst, } } } + else if (isa<AllocaRegion>(MR->getRegion())) { + // Invalidate the alloca region by setting its default value to + // conjured symbol. The type of the symbol is irrelavant. + SVal V = ValMgr.getConjuredSymbolVal(*I, Eng.getContext().IntTy, + Count); + StoreManager& StoreMgr = + Eng.getStateManager().getStoreManager(); + state = StoreMgr.setDefaultValue(state, MR->getRegion(), V); + } else state = state->bindLoc(*MR, UnknownVal()); } diff --git a/clang/test/Analysis/array-struct.c b/clang/test/Analysis/array-struct.c index 13035760fa8..da7df4b28e3 100644 --- a/clang/test/Analysis/array-struct.c +++ b/clang/test/Analysis/array-struct.c @@ -168,3 +168,15 @@ void f17() { if (t.e.d) x = 1; } + +void read(char*); + +void f18() { + char *q; + char *p = (char *) __builtin_alloca(10); + read(p); + q = p; + q++; + if (*q) { // no-warning + } +} |
