This is an archive of the discontinued LLVM Phabricator instance.

Differential D111542

[analyzer] Retrieve incomplete array extent from its redeclaration.
ClosedPublic

Authored by ASDenysPetrov on Oct 11 2021, 6:28 AM.

Details

Reviewers
NoQ
martong
steakhal
Commits
rG3b1165ba3d15: [analyzer] Retrieve incomplete array extent from its redeclaration.
Summary

Fix a case when the extent can not be retrieved correctly from incomplete array declaration. Use redeclaration to get the array extent.

Diff Detail

Event Timeline

ASDenysPetrov created this revision.Oct 11 2021, 6:28 AM
Herald added subscribers: steakhal, manas, dkrupp and 8 others. · View Herald TranscriptOct 11 2021, 6:28 AM
ASDenysPetrov requested review of this revision.Oct 11 2021, 6:28 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 11 2021, 6:28 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
ASDenysPetrov added a parent revision: D104285: [analyzer] Retrieve a value from list initialization of constant array declaration in a global scope..Oct 11 2021, 6:29 AM
ASDenysPetrov added a comment.EditedOct 11 2021, 6:34 AM

@NoQ @martong
Guys, I've patched the bug (mentioned in D104285). Could you check it? It works, but I have doubts using VR->getDecl()->getMostRecentDecl(); as a correct way to get a right declaration.

Harbormaster completed remote builds in B128092: Diff 378644.Oct 11 2021, 7:00 AM
steakhal added inline comments.Oct 11 2021, 7:39 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

I think you supposed to use the getCanonicalDecl() instead.

1764

What does the function return if this branch is not taken?
Shouldn't you handle IncompleteArrayType as well?

1766

I would favor not adding another level of indentation xD

clang/test/Analysis/initialization.c
101

Why is this a VLA? I thought it's just an IncompleteArrayType.
Could you please make sure that this is actually a VLA?

ASDenysPetrov added a comment.Oct 11 2021, 8:06 AM

@steakhal
Thank you for your comments.

clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

Using getCanonicalDecl does not fix the issue. I've checked.

1764

What does the function return if this branch is not taken?

In case of a false branch it goes down the code to getBindingForFieldOrElementCommon.

Shouldn't you handle IncompleteArrayType as well?

Only ConstantArrayType has getSize() method. And getMostRecentDecl give us an ConstantArrayType even if it is declared as IncompleteArrayType, but getCanonicalDecl does not.

1766

It annoys me as well. I could use goto but I suppose you won't like it even more. :-)

clang/test/Analysis/initialization.c
101

I mixed up in terminilogy. I'll fix it.

ASDenysPetrov updated this revision to Diff 378684.Oct 11 2021, 8:38 AM
ASDenysPetrov retitled this revision from [analyzer] Retrieve VLA extent from its redeclaration. to [analyzer] Retrieve incomplete array extent from its redeclaration..
ASDenysPetrov edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B128119: Diff 378684.Oct 11 2021, 9:16 AM
balazske added a subscriber: balazske.Oct 11 2021, 9:35 AM
balazske added inline comments.
clang/test/Analysis/initialization.c
102

It is possible to add a line const int glob_arr3[]; again and then it may not work?

NoQ added inline comments.Oct 11 2021, 7:56 PM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

Aha ok, can you try iterating over redecls()?

Separately, I suspect that this should be performed before the VarRegion is constructed in the first place. Maybe in its constructor we should assert(VD->isThisDeclarationADefinition()) or something like that.

ASDenysPetrov added inline comments.Oct 12 2021, 4:39 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

Aha ok, can you try iterating over redecls()?

Do you assume that in a list {redecl1, redecl2, redecl3} redecl2 may be our guy but 1 and 3 may not?

Separately, I suspect that this should be performed before the VarRegion is constructed in the first place.

I'm not sure I got what you mean, but as I undestood that it is not be a part of this fix, right?

clang/test/Analysis/initialization.c
102

Yes. I tryed. It works. Thanks! But I'll add a test case.

martong added inline comments.Oct 12 2021, 9:09 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

I think this should be part of this fix, but you don't have to do that iteration, there is a better thing for the job: getAnyInitializer.

What we need is to find that Decl that has the InitExpr attached. This may not be the canonical nor the most recent redecl.
Please see my code change suggestion below.

1763–1764
clang/test/Analysis/initialization.c
101–102

I'd like to see some more elaborate test cases. Notably

const int glob_arr3[];              // Incomplete array declaration
const int glob_arr3[4] = {1, 2, 3}; // Incomplete Array redeclaration
const int glob_arr3[];              // Incomplete array redeclaration

here neither the canonical nor the most recent decl have the initexpr.
And I think this is what @balazske tried to point out.

ASDenysPetrov mentioned this in D111654: [analyzer] Retrieve a value from list initialization of multi-dimensional array declaration..Oct 12 2021, 9:15 AM
ASDenysPetrov added inline comments.Oct 12 2021, 9:55 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

Thnx, I'll try this approach.

clang/test/Analysis/initialization.c
101–102

Exactly. I'll add this particular case, but I should mention that AST surprisingly shows the third redeclaration as ConstantArrayType with the extent. Thus, it works for the current fix.

|-VarDecl 0xc0725b0 <line:6:1, col:21> col:11 glob_arr3 'const int []'
|-VarDecl 0xc072700 prev 0xc0725b0 <line:7:1, col:34> col:11 glob_arr3 'const int [4]' cinit
| `-InitListExpr 0xc072830 <col:26, col:34> 'const int [4]'
|   |-array_filler: ImplicitValueInitExpr 0xc0728a8 <<invalid sloc>> 'const int'
|   |-IntegerLiteral 0xc072768 <col:27> 'int' 1
|   |-IntegerLiteral 0xc072788 <col:30> 'int' 2
|   `-IntegerLiteral 0xc0727a8 <col:33> 'int' 3
`-VarDecl 0xc0728e0 prev 0xc072700 <line:8:1, col:21> col:11 glob_arr3 'const int [4]'
steakhal added inline comments.Oct 12 2021, 10:24 AM
clang/test/Analysis/initialization.c
101–102

So, the redeclaration actually changed the type to ConstantArrayType. If so, you should probably mention this in the comment.

martong added inline comments.Oct 13 2021, 3:01 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

Denys, I suppose we could replace the whole inner block with a function? Similarly to getSValFromStringLiteralByIndex from D107339 . That could greatly increase readability.

martong mentioned this in D107339: [analyzer] Retrieve a character from StringLiteral as an initializer for constant arrays..Oct 13 2021, 3:10 AM
ASDenysPetrov added inline comments.Oct 15 2021, 6:02 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1763–1764

Make sense. I'll carry this block out.

clang/test/Analysis/initialization.c
101–102

OK, I'll mention.

ASDenysPetrov mentioned this in D106681: [analyzer][NFCI] Move a block from `getBindingForElement` to separate functions.Oct 18 2021, 9:24 AM
ASDenysPetrov updated this revision to Diff 380518.Oct 18 2021, 2:11 PM

Rebased on top of D106681.

ASDenysPetrov added a parent revision: D106681: [analyzer][NFCI] Move a block from `getBindingForElement` to separate functions.Oct 18 2021, 2:11 PM
Harbormaster completed remote builds in B129425: Diff 380518.Oct 18 2021, 2:43 PM
NoQ accepted this revision.Oct 19 2021, 2:13 PM

Amazing, thanks a lot!

This revision is now accepted and ready to land.Oct 19 2021, 2:13 PM
ASDenysPetrov updated this revision to Diff 380910.Oct 20 2021, 5:32 AM

Updated according to the latest suggestions.
@martong I think now this patch is way more simple and clear than before.

ASDenysPetrov added a comment.Oct 20 2021, 5:34 AM
In D111542#3073709, @NoQ wrote:

Amazing, thanks a lot!

Thank you, @NoQ, for the acceptance. I got some fresher update. And, of course in order to load it, we should accept a parent revision D106681 as well.

Harbormaster completed remote builds in B129704: Diff 380910.Oct 20 2021, 6:13 AM
ASDenysPetrov updated this revision to Diff 380936.EditedOct 20 2021, 6:46 AM

Fixed redefinition in test file initialization.c.

Harbormaster completed remote builds in B129720: Diff 380936.Oct 20 2021, 7:18 AM
steakhal added inline comments.Oct 20 2021, 9:10 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1649–1653

Wait. But if VD is null, you get a null-dereference.
But you already dereferenced VD multiple times, so it cannot be null.

Oh, but the getAnyInitializer() will overwrite it! That's a surprise.
TBH I would rather pass a fresh uninitialized pointer if you really need the exact decl which actually provided the initialized expression to make this behavior explicit.

That way, with a properly chosen name you could spare the NOTE comment as well.

martong accepted this revision.Oct 20 2021, 9:25 AM
In D111542#3074926, @ASDenysPetrov wrote:

Updated according to the latest suggestions.
@martong I think now this patch is way more simple and clear than before.

Thanks, indeed! LGTM (with nits about VD)!

clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1649–1653

Yes I agree, probably it is easier to follow the code if you make it explicit that VD is overwritten here.

ASDenysPetrov added inline comments.Oct 21 2021, 6:53 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1649–1653

Wait. But if VD is null, you get a null-dereference.

We have an assertion above.

Oh, but the getAnyInitializer() will overwrite it! That's a surprise.

So was for me :) I'll add a NOTE in the comment.

ASDenysPetrov updated this revision to Diff 381252.Oct 21 2021, 7:17 AM

Rebased. Updated comment for obscure behaviour of getAnyInitializer function.

Harbormaster completed remote builds in B129936: Diff 381252.Oct 21 2021, 7:48 AM
ASDenysPetrov added a child revision: D107339: [analyzer] Retrieve a character from StringLiteral as an initializer for constant arrays..Oct 21 2021, 8:25 AM
ASDenysPetrov removed a parent revision: D104285: [analyzer] Retrieve a value from list initialization of constant array declaration in a global scope..
steakhal accepted this revision.Oct 25 2021, 1:38 AM

Minor nits. Aside from that just land it.
Thanks for the fix.

clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1654

If the return value of getAnyInitializer() is null, then the value of VD will be actually preserved.

ASDenysPetrov added inline comments.Oct 25 2021, 4:52 AM
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1654

I'll add the comment before the load.

Closed by commit rG3b1165ba3d15: [analyzer] Retrieve incomplete array extent from its redeclaration. (authored by ASDenysPetrov). · Explain WhyOct 25 2021, 5:14 AM
This revision was automatically updated to reflect the committed changes.
ASDenysPetrov added a commit: rG3b1165ba3d15: [analyzer] Retrieve incomplete array extent from its redeclaration..

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
14 lines
test/
Analysis/
39 lines

Diff 381944

clang/lib/StaticAnalyzer/Core/RegionStore.cpp

Show First 20 LinesShow All 1,635 Lines▼ Show 20 LinesOptional<SVal> RegionStoreManager::getConstantValFromConstArrayInitializer(
// Check if the containing array has an initialized value that we can trust. // Check if the containing array has an initialized value that we can trust.
// We can trust a const value or a value of a global initializer in main(). // We can trust a const value or a value of a global initializer in main().
const VarDecl *VD = VR->getDecl(); const VarDecl *VD = VR->getDecl();
if (!VD->getType().isConstQualified() && if (!VD->getType().isConstQualified() &&
!R->getElementType().isConstQualified() && !R->getElementType().isConstQualified() &&
(!B.isMainAnalysis() || !VD->hasGlobalStorage())) (!B.isMainAnalysis() || !VD->hasGlobalStorage()))
return None; return None;
// Array's declaration should have an initializer. // Array's declaration should have `ConstantArrayType` type, because only this
const Expr *Init = VD->getAnyInitializer(); // type contains an array extent. It may happen that array type can be of
// `IncompleteArrayType` type. To get the declaration of `ConstantArrayType`
// type, we should find the declaration in the redeclarations chain that has
// the initialization expression.
// NOTE: `getAnyInitializer` has an out-parameter, which returns a new `VD`
// from which an initializer is obtained. We replace current `VD` with the new
// `VD`. If the return value of the function is null than `VD` won't be
// replaced.
const Expr *Init = VD->getAnyInitializer(VD);
steakhalUnsubmitted
Not Done
ReplyInline Actions

Wait. But if VD is null, you get a null-dereference.
But you already dereferenced VD multiple times, so it cannot be null.

Oh, but the getAnyInitializer() will overwrite it! That's a surprise.
TBH I would rather pass a fresh uninitialized pointer if you really need the exact decl which actually provided the initialized expression to make this behavior explicit.

That way, with a properly chosen name you could spare the NOTE comment as well.

steakhal: Wait. But if `VD` is null, you get a null-dereference. But you already dereferenced `VD`…
martongUnsubmitted
Not Done
ReplyInline Actions

Yes I agree, probably it is easier to follow the code if you make it explicit that VD is overwritten here.

martong: Yes I agree, probably it is easier to follow the code if you make it explicit that `VD` is…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Wait. But if VD is null, you get a null-dereference.

We have an assertion above.

Oh, but the getAnyInitializer() will overwrite it! That's a surprise.

So was for me :) I'll add a NOTE in the comment.

ASDenysPetrov: > Wait. But if VD is null, you get a null-dereference. We have an assertion above. > Oh, but…
// NOTE: If `Init` is non-null, then a new `VD` is non-null for sure. So check
steakhalUnsubmitted
Not Done
ReplyInline Actions

If the return value of getAnyInitializer() is null, then the value of VD will be actually preserved.

steakhal: If the return value of `getAnyInitializer()` is null, then the value of `VD` will be actually…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

I'll add the comment before the load.

ASDenysPetrov: I'll add the comment before the load.
// `Init` for null only and don't worry about the replaced `VD`.
if (!Init) if (!Init)
return None; return None;
// Array's declaration should have ConstantArrayType type, because only this // Array's declaration should have ConstantArrayType type, because only this
// type contains an array extent. // type contains an array extent.
const ConstantArrayType *CAT = Ctx.getAsConstantArrayType(VD->getType()); const ConstantArrayType *CAT = Ctx.getAsConstantArrayType(VD->getType());
if (!CAT) if (!CAT)
return None; return None;
▲ Show 20 LinesShow All 91 Lines▼ Show 20 Lines if (Optional<nonloc::ConcreteInt> CI = Idx.getAs<nonloc::ConcreteInt>()) {
int64_t length = Str->getLength(); int64_t length = Str->getLength();
// Technically, only i == length is guaranteed to be null. // Technically, only i == length is guaranteed to be null.
// However, such overflows should be caught before reaching this point; // However, such overflows should be caught before reaching this point;
// the only time such an access would be made is if a string literal was // the only time such an access would be made is if a string literal was
// used to initialize a larger array. // used to initialize a larger array.
char c = (i >= length) ? '\0' : Str->getCodeUnit(i); char c = (i >= length) ? '\0' : Str->getCodeUnit(i);
return svalBuilder.makeIntVal(c, T); return svalBuilder.makeIntVal(c, T);
} }
} else if (const VarRegion *VR = dyn_cast<VarRegion>(superR)) { } else if (const VarRegion *VR = dyn_cast<VarRegion>(superR)) {
if (Optional<SVal> V = getConstantValFromConstArrayInitializer(B, VR, R)) if (Optional<SVal> V = getConstantValFromConstArrayInitializer(B, VR, R))
steakhalUnsubmitted
Not Done
ReplyInline Actions

I think you supposed to use the getCanonicalDecl() instead.

steakhal: I think you supposed to use the `getCanonicalDecl()` instead.
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Using getCanonicalDecl does not fix the issue. I've checked.

ASDenysPetrov: Using `getCanonicalDecl` does not fix the issue. I've checked.
NoQUnsubmitted
Not Done
ReplyInline Actions

Aha ok, can you try iterating over redecls()?

Separately, I suspect that this should be performed before the VarRegion is constructed in the first place. Maybe in its constructor we should assert(VD->isThisDeclarationADefinition()) or something like that.

NoQ: Aha ok, can you try iterating over `redecls()`? Separately, I suspect that this should be…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Aha ok, can you try iterating over redecls()?

Do you assume that in a list {redecl1, redecl2, redecl3} redecl2 may be our guy but 1 and 3 may not?

Separately, I suspect that this should be performed before the VarRegion is constructed in the first place.

I'm not sure I got what you mean, but as I undestood that it is not be a part of this fix, right?

ASDenysPetrov: > Aha ok, can you try iterating over redecls()? Do you assume that in a list `{redecl1, redecl2…
martongUnsubmitted
Not Done
ReplyInline Actions

I think this should be part of this fix, but you don't have to do that iteration, there is a better thing for the job: getAnyInitializer.

What we need is to find that Decl that has the InitExpr attached. This may not be the canonical nor the most recent redecl.
Please see my code change suggestion below.

martong: I think this should be part of this fix, but you don't have to do that iteration, there is a…
steakhalUnsubmitted
Not Done
ReplyInline Actions

What does the function return if this branch is not taken?
Shouldn't you handle IncompleteArrayType as well?

steakhal: What does the function return if this branch is not taken? Shouldn't you handle…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

What does the function return if this branch is not taken?

In case of a false branch it goes down the code to getBindingForFieldOrElementCommon.

Shouldn't you handle IncompleteArrayType as well?

Only ConstantArrayType has getSize() method. And getMostRecentDecl give us an ConstantArrayType even if it is declared as IncompleteArrayType, but getCanonicalDecl does not.

ASDenysPetrov: > What does the function return if this branch is not taken? In case of a //false// branch it…
martongUnsubmitted
Not Done
ReplyInline Actions
} else if (const VarRegion *VR = dyn_cast<VarRegion>(superR)) {
// Check if the containing array has an initialized value that we can trust.
// We can trust a const value or a value of a global initializer in main().
- const VarDecl *VD = VR->getDecl()->getMostRecentDecl();
+ const VarDecl *VD = VR->getDecl();
+
+ // Find that Decl in the redecl chain that has the InitExpr and work with
+ // that from now on.
+ const VarDecl *VDWithInit = nullptr;
+ VD->getAnyInitializer(VDWithInit);
+ VD = VDWithInit ? VDWithInit : VD;
if (VD->getType().isConstQualified() ||
martong:
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Thnx, I'll try this approach.

ASDenysPetrov: Thnx, I'll try this approach.
martongUnsubmitted
Not Done
ReplyInline Actions

Denys, I suppose we could replace the whole inner block with a function? Similarly to getSValFromStringLiteralByIndex from D107339 . That could greatly increase readability.

martong: Denys, I suppose we could replace the whole inner block with a function? Similarly to…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Make sense. I'll carry this block out.

ASDenysPetrov: Make sense. I'll carry this block out.
return *V; return *V;
} }
steakhalUnsubmitted
Not Done
ReplyInline Actions

I would favor not adding another level of indentation xD

steakhal: I would favor not adding another level of indentation xD
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

It annoys me as well. I could use goto but I suppose you won't like it even more. :-)

ASDenysPetrov: It annoys me as well. I could use `goto` but I suppose you won't like it even more. :-)
// Check for loads from a code text region. For such loads, just give up. // Check for loads from a code text region. For such loads, just give up.
if (isa<CodeTextRegion>(superR)) if (isa<CodeTextRegion>(superR))
return UnknownVal(); return UnknownVal();
// Handle the case where we are indexing into a larger scalar object. // Handle the case where we are indexing into a larger scalar object.
// For example, this handles: // For example, this handles:
// int x = ... // int x = ...
▲ Show 20 LinesShow All 946 LinesShow Last 20 Lines

clang/test/Analysis/initialization.c

Show First 20 LinesShow All 92 Lines▼ Show 20 Lines
// TODO: Support multidimensional array. // TODO: Support multidimensional array.
void glob_invalid_index4() { void glob_invalid_index4() {
int x = 3, y = 2; int x = 3, y = 2;
// FIXME: Should warn {{garbage or undefined}}. // FIXME: Should warn {{garbage or undefined}}.
int res = glob_arr2[x][y]; // no-warning int res = glob_arr2[x][y]; // no-warning
} }
const int glob_arr_no_init[10]; const int glob_arr_no_init[10];
steakhalUnsubmitted
Not Done
ReplyInline Actions

Why is this a VLA? I thought it's just an IncompleteArrayType.
Could you please make sure that this is actually a VLA?

steakhal: Why is this a VLA? I thought it's just an `IncompleteArrayType`. Could you please make sure…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

I mixed up in terminilogy. I'll fix it.

ASDenysPetrov: I mixed up in terminilogy. I'll fix it.
void glob_arr_index4() { void glob_arr_index4() {
balazskeUnsubmitted
Not Done
ReplyInline Actions

It is possible to add a line const int glob_arr3[]; again and then it may not work?

balazske: It is possible to add a line `const int glob_arr3[];` again and then it may not work?
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Yes. I tryed. It works. Thanks! But I'll add a test case.

ASDenysPetrov: Yes. I tryed. It works. Thanks! But I'll add a test case.
martongUnsubmitted
Not Done
ReplyInline Actions

I'd like to see some more elaborate test cases. Notably

const int glob_arr3[];              // Incomplete array declaration
const int glob_arr3[4] = {1, 2, 3}; // Incomplete Array redeclaration
const int glob_arr3[];              // Incomplete array redeclaration

here neither the canonical nor the most recent decl have the initexpr.
And I think this is what @balazske tried to point out.

martong: I'd like to see some more elaborate test cases. Notably ``` const int glob_arr3[]…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

Exactly. I'll add this particular case, but I should mention that AST surprisingly shows the third redeclaration as ConstantArrayType with the extent. Thus, it works for the current fix.

|-VarDecl 0xc0725b0 <line:6:1, col:21> col:11 glob_arr3 'const int []'
|-VarDecl 0xc072700 prev 0xc0725b0 <line:7:1, col:34> col:11 glob_arr3 'const int [4]' cinit
| `-InitListExpr 0xc072830 <col:26, col:34> 'const int [4]'
|   |-array_filler: ImplicitValueInitExpr 0xc0728a8 <<invalid sloc>> 'const int'
|   |-IntegerLiteral 0xc072768 <col:27> 'int' 1
|   |-IntegerLiteral 0xc072788 <col:30> 'int' 2
|   `-IntegerLiteral 0xc0727a8 <col:33> 'int' 3
`-VarDecl 0xc0728e0 prev 0xc072700 <line:8:1, col:21> col:11 glob_arr3 'const int [4]'
ASDenysPetrov: Exactly. I'll add this particular case, but I should mention that **AST** surprisingly shows…
steakhalUnsubmitted
Not Done
ReplyInline Actions

So, the redeclaration actually changed the type to ConstantArrayType. If so, you should probably mention this in the comment.

steakhal: So, the redeclaration actually changed the type to `ConstantArrayType`. If so, you should…
ASDenysPetrovAuthorUnsubmitted
Done
ReplyInline Actions

OK, I'll mention.

ASDenysPetrov: OK, I'll mention.
// FIXME: Should warn {{FALSE}}, since the array has a static storage. // FIXME: Should warn {{FALSE}}, since the array has a static storage.
clang_analyzer_eval(glob_arr_no_init[2]); // expected-warning{{UNKNOWN}} clang_analyzer_eval(glob_arr_no_init[2]); // expected-warning{{UNKNOWN}}
} }
const int glob_arr3[]; // IncompleteArrayType
const int glob_arr3[4] = {1, 2, 3}; // ConstantArrayType
void glob_arr_index5() {
clang_analyzer_eval(glob_arr3[0] == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr3[1] == 2); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr3[2] == 3); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr3[3] == 0); // expected-warning{{TRUE}}
}
void glob_invalid_index5() {
int x = 42;
int res = glob_arr3[x]; // expected-warning{{garbage or undefined}}
}
void glob_invalid_index6() {
int x = -42;
int res = glob_arr3[x]; // expected-warning{{garbage or undefined}}
}
const int glob_arr4[]; // IncompleteArrayType
const int glob_arr4[4] = {1, 2, 3}; // ConstantArrayType
const int glob_arr4[]; // ConstantArrayType (according to AST)
void glob_arr_index6() {
clang_analyzer_eval(glob_arr4[0] == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr4[1] == 2); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr4[2] == 3); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr4[3] == 0); // expected-warning{{TRUE}}
}
void glob_invalid_index7() {
int x = 42;
int res = glob_arr4[x]; // expected-warning{{garbage or undefined}}
}
void glob_invalid_index8() {
int x = -42;
int res = glob_arr4[x]; // expected-warning{{garbage or undefined}}
}