[analyzer] Fix handling of labels in getLValueElement

alexander-shaposhnikov · alexander-shaposhnikov · commit 9a21d28b5da0 · 2017-10-23T23:46:06.000Z
In getLValueElement Base may represent the address of a label (as in the newly-added test case), in this case it's not a loc::MemRegionVal and Base.castAs<loc::MemRegionVal>() triggers an assert, this diff makes getLValueElement return UnknownVal instead. Differential revision: https://reviews.llvm.org/D39174 llvm-svn: 316399
diff --git a/clang/lib/StaticAnalyzer/Core/Store.cpp b/clang/lib/StaticAnalyzer/Core/Store.cpp
@@ -440,7 +440,10 @@ SVal StoreManager::getLValueElement(QualType elementType, NonLoc Offset,
   //  value. See also the similar FIXME in getLValueFieldOrIvar().
   if (Base.isUnknownOrUndef() || Base.getAs<loc::ConcreteInt>())
     return Base;
-
+  
+  if (Base.getAs<loc::GotoLabel>())
+    return UnknownVal();
+  
   const SubRegion *BaseRegion =
       Base.castAs<loc::MemRegionVal>().getRegionAs<SubRegion>();
 
diff --git a/clang/test/Analysis/ptr-arith.c b/clang/test/Analysis/ptr-arith.c
@@ -342,3 +342,8 @@ void negativeIndex(char *str) {
   clang_analyzer_eval(*ptr3 == 'a'); // expected-warning{{UNKNOWN}}
 }
 
+void test_no_crash_on_pointer_to_label() {
+  char *a = &&label;
+  a[0] = 0;
+label:;
+}

Original file line number	Diff line number	Diff line change
`@@ -342,3 +342,8 @@ void negativeIndex(char *str) {`
`342`	`342`	`clang_analyzer_eval(*ptr3 == 'a'); // expected-warning{{UNKNOWN}}`
`343`	`343`	`}`
`344`	`344`
	`345`	`+void test_no_crash_on_pointer_to_label() {`
	`346`	`+ char *a = &&label;`
	`347`	`+ a[0] = 0;`
	`348`	`+label:;`
	`349`	`+}`