> I should add that I'm originally the one who added the code that did the
> wrong thing:
>
> http://llvm.org/viewvc/llvm-project?view=rev&revision=91501
Yes, I was curious about why it was being treated as it was. Binding to
both pointer and reference arguments go through the block labeled "Binding
directly to a symbolic region should be treated as binding to element 0."
> As for the code snippet in PR 7218:
> char broken (char a) {
> char buf[2];
> buf[0] = a;
> return buf[1]; // should warn but does not
> }
> This should be fixed by detecting if we are going outside the bounds of
> the memory block. I don't think this requires changing the binding
model
> in RegionStoreManager.
It's not an out-of-bounds issue, it's about garbage being returned. The
region bounds checking works fine (outofbound.c).
_______________________________________________
cfe-commits mailing list
cfe-commits@cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
