Szelethus created this revision.
Szelethus added reviewers: NoQ, dcoughlin, xazax.hun, rnkovacs,
baloghadamsoftware, Charusso.
Szelethus added a project: clang.
Herald added subscribers: cfe-commits, gamesh411, dkrupp, donat.nagy,
mikhail.ramalho, a.sidorin, szepet, whisperity.
Observe the test file before this patch:
F9155603: image.png <https://reviews.llvm.org/F9155603>
I think this patch really improves on this case. The problem however, that some
subexpressions of expressions should be tracked (like `n` in `arr[n]` here) is
a broader one, and there may be other some cases I could add.
Repository:
rC Clang
https://reviews.llvm.org/D63080
Files:
clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
clang/test/Analysis/diagnostics/track_subexpressions.cpp
Index: clang/test/Analysis/diagnostics/track_subexpressions.cpp
===================================================================
--- clang/test/Analysis/diagnostics/track_subexpressions.cpp
+++ clang/test/Analysis/diagnostics/track_subexpressions.cpp
@@ -17,3 +17,35 @@
(void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the
left shift is undefined due to shifting by '255', which is greater or equal to
the width of type 'int'}}
// expected-note@-1{{The result of the
left shift is undefined due to shifting by '255', which is greater or equal to
the width of type 'int'}}
}
+
+namespace array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+ int a;
+ if (x > 0) // expected-note {{Assuming 'x' is > 0}}
+ // expected-note@-1 {{Taking true branch}}
+ a = 3; // expected-note {{The value 3 is assigned to 'a'}}
+ else
+ a = 2;
+ return a; // expected-note {{Returning the value 3 (loaded from 'a')}}
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+ int arr[10];
+
+ for (int i = 0; i < 3; ++i)
+ // expected-note@-1 3{{Loop condition is true. Entering loop body}}
+ // expected-note@-2 {{Loop condition is false. Execution continues on line
43}}
+ arr[i] = 0;
+ int x = getInt();
+ int n = getIndex(x); // expected-note {{Calling 'getIndex'}}
+ // expected-note@-1 {{Returning from 'getIndex'}}
+ // expected-note@-2 {{'n' initialized to 3}}
+ consume(arr[n]);
+ // expected-note@-1 {{1st function call argument is an uninitialized value}}
+ // expected-warning@-2{{1st function call argument is an uninitialized
value}}
+}
+} // end of namespace array_index_tracking
Index: clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -1676,6 +1676,10 @@
if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner,
LVNode))
trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
+ if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
+ trackExpressionValue(
+ LVNode, Arr->getIdx(), report, EnableNullFPSuppression);
+
// See if the expression we're interested refers to a variable.
// If so, we can track both its contents and constraints on its value.
if (ExplodedGraph::isInterestingLValueExpr(Inner)) {
Index: clang/test/Analysis/diagnostics/track_subexpressions.cpp
===================================================================
--- clang/test/Analysis/diagnostics/track_subexpressions.cpp
+++ clang/test/Analysis/diagnostics/track_subexpressions.cpp
@@ -17,3 +17,35 @@
(void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
// expected-note@-1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
}
+
+namespace array_index_tracking {
+void consume(int);
+
+int getIndex(int x) {
+ int a;
+ if (x > 0) // expected-note {{Assuming 'x' is > 0}}
+ // expected-note@-1 {{Taking true branch}}
+ a = 3; // expected-note {{The value 3 is assigned to 'a'}}
+ else
+ a = 2;
+ return a; // expected-note {{Returning the value 3 (loaded from 'a')}}
+}
+
+int getInt();
+
+void testArrayIndexTracking() {
+ int arr[10];
+
+ for (int i = 0; i < 3; ++i)
+ // expected-note@-1 3{{Loop condition is true. Entering loop body}}
+ // expected-note@-2 {{Loop condition is false. Execution continues on line 43}}
+ arr[i] = 0;
+ int x = getInt();
+ int n = getIndex(x); // expected-note {{Calling 'getIndex'}}
+ // expected-note@-1 {{Returning from 'getIndex'}}
+ // expected-note@-2 {{'n' initialized to 3}}
+ consume(arr[n]);
+ // expected-note@-1 {{1st function call argument is an uninitialized value}}
+ // expected-warning@-2{{1st function call argument is an uninitialized value}}
+}
+} // end of namespace array_index_tracking
Index: clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -1676,6 +1676,10 @@
if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode))
trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
+ if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
+ trackExpressionValue(
+ LVNode, Arr->getIdx(), report, EnableNullFPSuppression);
+
// See if the expression we're interested refers to a variable.
// If so, we can track both its contents and constraints on its value.
if (ExplodedGraph::isInterestingLValueExpr(Inner)) {
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
