MTC updated this revision to Diff 139075. MTC added a comment. Add the comments as suggested by @szepet .
Repository: rC Clang https://reviews.llvm.org/D44606 Files: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp test/Analysis/loop-widening.c Index: test/Analysis/loop-widening.c =================================================================== --- test/Analysis/loop-widening.c +++ test/Analysis/loop-widening.c @@ -1,4 +1,5 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s +// RUN: %clang_analyze_cc1 -DTEST_NULL_TERM -analyzer-checker=core,unix.Malloc,debug.ExprInspection,alpha.cplusplus.IteratorRange -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s void clang_analyzer_eval(int); void clang_analyzer_warnIfReached(); @@ -188,3 +189,16 @@ } clang_analyzer_eval(i >= 2); // expected-warning {{TRUE}} } + +#ifdef TEST_NULL_TERM +void null_terminator_loop_widen(int *a) { + int c; + // Loop widening will call 'invalidateRegions()' and 'invalidateRegions()' + // will construct the SymbolConjured with null Stmt because of the null + // terminator statement. Accessing the null Stmt will cause a crash. + for (;;) { + c = *a; // no-crash + a++; + } +} +#endif Index: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/IteratorChecker.cpp +++ lib/StaticAnalyzer/Checkers/IteratorChecker.cpp @@ -604,7 +604,7 @@ if (const auto *BSE = dyn_cast<BinarySymExpr>(SE)) { return BSE->getOpcode(); } else if (const auto *SC = dyn_cast<SymbolConjured>(SE)) { - const auto *COE = dyn_cast<CXXOperatorCallExpr>(SC->getStmt()); + const auto *COE = dyn_cast_or_null<CXXOperatorCallExpr>(SC->getStmt()); if (!COE) return BO_Comma; // Extremal value, neither EQ nor NE if (COE->getOperator() == OO_EqualEqual) {
Index: test/Analysis/loop-widening.c =================================================================== --- test/Analysis/loop-widening.c +++ test/Analysis/loop-widening.c @@ -1,4 +1,5 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s +// RUN: %clang_analyze_cc1 -DTEST_NULL_TERM -analyzer-checker=core,unix.Malloc,debug.ExprInspection,alpha.cplusplus.IteratorRange -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s void clang_analyzer_eval(int); void clang_analyzer_warnIfReached(); @@ -188,3 +189,16 @@ } clang_analyzer_eval(i >= 2); // expected-warning {{TRUE}} } + +#ifdef TEST_NULL_TERM +void null_terminator_loop_widen(int *a) { + int c; + // Loop widening will call 'invalidateRegions()' and 'invalidateRegions()' + // will construct the SymbolConjured with null Stmt because of the null + // terminator statement. Accessing the null Stmt will cause a crash. + for (;;) { + c = *a; // no-crash + a++; + } +} +#endif Index: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/IteratorChecker.cpp +++ lib/StaticAnalyzer/Checkers/IteratorChecker.cpp @@ -604,7 +604,7 @@ if (const auto *BSE = dyn_cast<BinarySymExpr>(SE)) { return BSE->getOpcode(); } else if (const auto *SC = dyn_cast<SymbolConjured>(SE)) { - const auto *COE = dyn_cast<CXXOperatorCallExpr>(SC->getStmt()); + const auto *COE = dyn_cast_or_null<CXXOperatorCallExpr>(SC->getStmt()); if (!COE) return BO_Comma; // Extremal value, neither EQ nor NE if (COE->getOperator() == OO_EqualEqual) {
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits