MTC updated this revision to Diff 139075.
MTC added a comment.
Add the comments as suggested by @szepet .
Repository:
rC Clang
https://reviews.llvm.org/D44606
Files:
lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
test/Analysis/loop-widening.c
Index: test/Analysis/loop-widening.c
===================================================================
--- test/Analysis/loop-widening.c
+++ test/Analysis/loop-widening.c
@@ -1,4 +1,5 @@
// RUN: %clang_analyze_cc1
-analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-max-loop 4
-analyzer-config widen-loops=true -verify %s
+// RUN: %clang_analyze_cc1 -DTEST_NULL_TERM
-analyzer-checker=core,unix.Malloc,debug.ExprInspection,alpha.cplusplus.IteratorRange
-analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s
void clang_analyzer_eval(int);
void clang_analyzer_warnIfReached();
@@ -188,3 +189,16 @@
}
clang_analyzer_eval(i >= 2); // expected-warning {{TRUE}}
}
+
+#ifdef TEST_NULL_TERM
+void null_terminator_loop_widen(int *a) {
+ int c;
+ // Loop widening will call 'invalidateRegions()' and 'invalidateRegions()'
+ // will construct the SymbolConjured with null Stmt because of the null
+ // terminator statement. Accessing the null Stmt will cause a crash.
+ for (;;) {
+ c = *a; // no-crash
+ a++;
+ }
+}
+#endif
Index: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
+++ lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
@@ -604,7 +604,7 @@
if (const auto *BSE = dyn_cast<BinarySymExpr>(SE)) {
return BSE->getOpcode();
} else if (const auto *SC = dyn_cast<SymbolConjured>(SE)) {
- const auto *COE = dyn_cast<CXXOperatorCallExpr>(SC->getStmt());
+ const auto *COE = dyn_cast_or_null<CXXOperatorCallExpr>(SC->getStmt());
if (!COE)
return BO_Comma; // Extremal value, neither EQ nor NE
if (COE->getOperator() == OO_EqualEqual) {
Index: test/Analysis/loop-widening.c
===================================================================
--- test/Analysis/loop-widening.c
+++ test/Analysis/loop-widening.c
@@ -1,4 +1,5 @@
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s
+// RUN: %clang_analyze_cc1 -DTEST_NULL_TERM -analyzer-checker=core,unix.Malloc,debug.ExprInspection,alpha.cplusplus.IteratorRange -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s
void clang_analyzer_eval(int);
void clang_analyzer_warnIfReached();
@@ -188,3 +189,16 @@
}
clang_analyzer_eval(i >= 2); // expected-warning {{TRUE}}
}
+
+#ifdef TEST_NULL_TERM
+void null_terminator_loop_widen(int *a) {
+ int c;
+ // Loop widening will call 'invalidateRegions()' and 'invalidateRegions()'
+ // will construct the SymbolConjured with null Stmt because of the null
+ // terminator statement. Accessing the null Stmt will cause a crash.
+ for (;;) {
+ c = *a; // no-crash
+ a++;
+ }
+}
+#endif
Index: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
+++ lib/StaticAnalyzer/Checkers/IteratorChecker.cpp
@@ -604,7 +604,7 @@
if (const auto *BSE = dyn_cast<BinarySymExpr>(SE)) {
return BSE->getOpcode();
} else if (const auto *SC = dyn_cast<SymbolConjured>(SE)) {
- const auto *COE = dyn_cast<CXXOperatorCallExpr>(SC->getStmt());
+ const auto *COE = dyn_cast_or_null<CXXOperatorCallExpr>(SC->getStmt());
if (!COE)
return BO_Comma; // Extremal value, neither EQ nor NE
if (COE->getOperator() == OO_EqualEqual) {
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
