Skip to content

Commit 33b46a6

Browse files
SzelethusSzelethus
committedJun 16, 2019
[analyzer] Track indices of arrays
Often times, when an ArraySubscriptExpr was reported as null or undefined, the bug report was difficult to understand, because the analyzer explained why arr[i] has that value, but didn't realize that in fact i's value is very important as well. This patch fixes this by tracking the indices of arrays. Differential Revision: https://reviews.llvm.org/D63080 llvm-svn: 363510
·
llvmorg-21-initllvmorg-9.0.0-rc1
1 parent 9ff09d4 commit 33b46a6

File tree

2 files changed

+29
-0
lines changed

2 files changed

+29
-0
lines changed
 

Diff for: ‎clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp

+4
Original file line numberDiff line numberDiff line change
@@ -1740,6 +1740,10 @@ bool bugreporter::trackExpressionValue(const ExplodedNode *InputNode,
17401740
if (const Expr *Receiver = NilReceiverBRVisitor::getNilReceiver(Inner, LVNode))
17411741
trackExpressionValue(LVNode, Receiver, report, EnableNullFPSuppression);
17421742

1743+
if (const auto *Arr = dyn_cast<ArraySubscriptExpr>(Inner))
1744+
trackExpressionValue(
1745+
LVNode, Arr->getIdx(), report, EnableNullFPSuppression);
1746+
17431747
// See if the expression we're interested refers to a variable.
17441748
// If so, we can track both its contents and constraints on its value.
17451749
if (ExplodedGraph::isInterestingLValueExpr(Inner)) {

Diff for: ‎clang/test/Analysis/diagnostics/track_subexpressions.cpp

+25
Original file line numberDiff line numberDiff line change
@@ -17,3 +17,28 @@ void shift_by_undefined_value() {
1717
(void)(TCP_MAXWIN << shift_amount); // expected-warning{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
1818
// expected-note@-1{{The result of the left shift is undefined due to shifting by '255', which is greater or equal to the width of type 'int'}}
1919
}
20+
21+
namespace array_index_tracking {
22+
void consume(int);
23+
24+
int getIndex(int x) {
25+
int a;
26+
if (x > 0)
27+
a = 3;
28+
else
29+
a = 2;
30+
return a;
31+
}
32+
33+
int getInt();
34+
35+
void testArrayIndexTracking() {
36+
int arr[10];
37+
38+
for (int i = 0; i < 3; ++i)
39+
arr[i] = 0;
40+
int x = getInt();
41+
int n = getIndex(x);
42+
consume(arr[n]);
43+
}
44+
} // end of namespace array_index_tracking

0 commit comments

Comments
 (0)
Please sign in to comment.