[PATCH] D23963: [analyzer] pr28449 - Move literal rvalue construction away from RegionStore.

Artem Dergachev via Phabricator via cfe-commits Wed, 11 Oct 2017 08:25:42 -0700

NoQ updated this revision to Diff 118625.
NoQ added a comment.
Herald added a subscriber: szepet.


Because i didn't get back to this in a while, and similar crashes keep coming, 
i decided to leave this refactoring as a FIXME.


https://reviews.llvm.org/D23963

Files:
  lib/StaticAnalyzer/Core/RegionStore.cpp
  test/Analysis/compound-literals.c
  test/Analysis/objc-encode.m


Index: test/Analysis/objc-encode.m
===================================================================
--- /dev/null
+++ test/Analysis/objc-encode.m
@@ -0,0 +1,9 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=debug.ExprInspection -verify %s
+// expected-no-diagnostics
+
+void clang_analyzer_eval(int);
+
+// rdar://problem/34831581: Used to crash.
+void foo(void) {
+  char buf1[] = @encode(int **);
+}
Index: test/Analysis/compound-literals.c
===================================================================
--- /dev/null
+++ test/Analysis/compound-literals.c
@@ -0,0 +1,9 @@
+// RUN: %clang_cc1 -triple=i386-apple-darwin10 -analyze 
-analyzer-checker=debug.ExprInspection -verify %s
+void clang_analyzer_eval(int);
+
+// pr28449: Used to crash.
+void foo(void) {
+  static const unsigned short array[] = (const unsigned short[]){0x0F00};
+  // FIXME: Should be true.
+  clang_analyzer_eval(array[0] == 0x0F00); // expected-warning{{UNKNOWN}}
+}
Index: lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- lib/StaticAnalyzer/Core/RegionStore.cpp
+++ lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -2085,15 +2085,12 @@
   if (const ConstantArrayType* CAT = dyn_cast<ConstantArrayType>(AT))
     Size = CAT->getSize().getZExtValue();
 
-  // Check if the init expr is a string literal.
+  // Check if the init expr is a literal. If so, bind the rvalue instead.
+  // FIXME: It's not responsibility of the Store to transform this lvalue
+  // to rvalue. ExprEngine or maybe even CFG should do this before binding.
   if (Optional<loc::MemRegionVal> MRV = Init.getAs<loc::MemRegionVal>()) {
-    const StringRegion *S = cast<StringRegion>(MRV->getRegion());
-
-    // Treat the string as a lazy compound value.
-    StoreRef store(B.asStore(), *this);
-    nonloc::LazyCompoundVal LCV = svalBuilder.makeLazyCompoundVal(store, S)
-        .castAs<nonloc::LazyCompoundVal>();
-    return bindAggregate(B, R, LCV);
+    SVal V = getBinding(B.asStore(), *MRV, R->getValueType());
+    return bindAggregate(B, R, V);
   }
 
   // Handle lazy compound values.

Index: test/Analysis/objc-encode.m
===================================================================
--- /dev/null
+++ test/Analysis/objc-encode.m
@@ -0,0 +1,9 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=debug.ExprInspection -verify %s
+// expected-no-diagnostics
+
+void clang_analyzer_eval(int);
+
+// rdar://problem/34831581: Used to crash.
+void foo(void) {
+  char buf1[] = @encode(int **);
+}
Index: test/Analysis/compound-literals.c
===================================================================
--- /dev/null
+++ test/Analysis/compound-literals.c
@@ -0,0 +1,9 @@
+// RUN: %clang_cc1 -triple=i386-apple-darwin10 -analyze -analyzer-checker=debug.ExprInspection -verify %s
+void clang_analyzer_eval(int);
+
+// pr28449: Used to crash.
+void foo(void) {
+  static const unsigned short array[] = (const unsigned short[]){0x0F00};
+  // FIXME: Should be true.
+  clang_analyzer_eval(array[0] == 0x0F00); // expected-warning{{UNKNOWN}}
+}
Index: lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- lib/StaticAnalyzer/Core/RegionStore.cpp
+++ lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -2085,15 +2085,12 @@
   if (const ConstantArrayType* CAT = dyn_cast<ConstantArrayType>(AT))
     Size = CAT->getSize().getZExtValue();
 
-  // Check if the init expr is a string literal.
+  // Check if the init expr is a literal. If so, bind the rvalue instead.
+  // FIXME: It's not responsibility of the Store to transform this lvalue
+  // to rvalue. ExprEngine or maybe even CFG should do this before binding.
   if (Optional<loc::MemRegionVal> MRV = Init.getAs<loc::MemRegionVal>()) {
-    const StringRegion *S = cast<StringRegion>(MRV->getRegion());
-
-    // Treat the string as a lazy compound value.
-    StoreRef store(B.asStore(), *this);
-    nonloc::LazyCompoundVal LCV = svalBuilder.makeLazyCompoundVal(store, S)
-        .castAs<nonloc::LazyCompoundVal>();
-    return bindAggregate(B, R, LCV);
+    SVal V = getBinding(B.asStore(), *MRV, R->getValueType());
+    return bindAggregate(B, R, V);
   }
 
   // Handle lazy compound values.

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D23963: [analyzer] pr28449 - Move literal rvalue construction away from RegionStore.

Reply via email to