This is an archive of the discontinued LLVM Phabricator instance.

Differential D159412

[analyzer]FieldRegion in getStaticSize should return size of pointee type
AbandonedPublic

Authored by jcsxky on Sep 3 2023, 7:45 PM.

Details

Reviewers
steakhal
balazske
aaron.ballman
NoQ
Summary

In getStaticSize, case of FieldRegionKind should return size of pointee type of the member. In the following example:

struct B {
	int x;
	int y;
	int z;
};

class A{
public:
	void foo(){
		m++;
	}
private:
	B *m;
};

getDynamicElementCount of m region, if getDynamicExtent return the pointer size, getDynamicElementCount returns 0 in 64bit architecture(since pointer size is 8 while size of pointee type is 12). Use pointee type instead, it will return 1.

Diff Detail

Event Timeline

jcsxky created this revision.Sep 3 2023, 7:45 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 3 2023, 7:45 PM
Herald added subscribers: manas, ASDenysPetrov, martong and 8 others. · View Herald Transcript
jcsxky requested review of this revision.Sep 3 2023, 7:45 PM
Herald added a subscriber: cfe-commits. · View Herald TranscriptSep 3 2023, 7:45 PM
Harbormaster completed remote builds in B256466: Diff 555645.Sep 3 2023, 8:15 PM
donat.nagy added a comment.Sep 4 2023, 2:40 AM

Please add a testcase that demonstrates this issue (fails when your change in MemRegion.cpp isn't added) and shows that your commit fixes it.

jcsxky added a comment.Sep 4 2023, 9:50 PM
In D159412#4636813, @donat.nagy wrote:

Please add a testcase that demonstrates this issue (fails when your change in MemRegion.cpp isn't added) and shows that your commit fixes it.

Thanks for your advice. We use this api in our own project and miss some cases which leads the incorrect result. I will abandon this patch later.

jcsxky abandoned this revision.Sep 4 2023, 9:52 PM

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
6 lines

Diff 555645

clang/lib/StaticAnalyzer/Core/MemRegion.cpp

Show First 20 LinesShow All 794 Lines▼ Show 20 Lines case MemRegion::ObjCStringRegionKind: {
return getElementExtent(Ty, SVB); return getElementExtent(Ty, SVB);
} }
case MemRegion::FieldRegionKind: { case MemRegion::FieldRegionKind: {
// Force callers to deal with bitfields explicitly. // Force callers to deal with bitfields explicitly.
if (cast<FieldRegion>(SR)->getDecl()->isBitField()) if (cast<FieldRegion>(SR)->getDecl()->isBitField())
return UnknownVal(); return UnknownVal();
QualType Ty = cast<TypedValueRegion>(SR)->getDesugaredValueType(Ctx); QualType Ty = cast<TypedValueRegion>(SR)->getDesugaredValueType(Ctx);
if (Ty->isPointerType()) {
QualType PointeeTy = Ty->getPointeeType();
if(!PointeeTy->isIncompleteType() && PointeeTy->isObjectType()){
Ty = PointeeTy;
}
}
const DefinedOrUnknownSVal Size = getElementExtent(Ty, SVB); const DefinedOrUnknownSVal Size = getElementExtent(Ty, SVB);
// We currently don't model flexible array members (FAMs), which are: // We currently don't model flexible array members (FAMs), which are:
// - int array[]; of IncompleteArrayType // - int array[]; of IncompleteArrayType
// - int array[0]; of ConstantArrayType with size 0 // - int array[0]; of ConstantArrayType with size 0
// - int array[1]; of ConstantArrayType with size 1 // - int array[1]; of ConstantArrayType with size 1
// https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html // https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
const auto isFlexibleArrayMemberCandidate = const auto isFlexibleArrayMemberCandidate =
▲ Show 20 LinesShow All 988 LinesShow Last 20 Lines