On Jun 15, 2012, at 6:28 PM, Jordan Rose wrote: > Author: jrose > Date: Fri Jun 15 20:28:00 2012 > New Revision: 158587 > > URL: http://llvm.org/viewvc/llvm-project?rev=158587&view=rev > Log: > [analyzer] Return an UnknownVal when we try to get the binding for a VLA. > > This happens in C++ mode right at the declaration of a struct VLA; > MallocChecker sees a bind and tries to get see if it's an escaping bind. > It's likely that our handling of this is still incomplete,
Might be worth filing a bug to track this. > but it fixes a > crash on valid without disturbing anything else for now. > > Modified: > cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp > cfe/trunk/test/Analysis/cxx-crashes.cpp > > Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=158587&r1=158586&r2=158587&view=diff > ============================================================================== > --- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original) > +++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Fri Jun 15 20:28:00 2012 > @@ -1055,8 +1055,12 @@ > if (RTy->isUnionType()) > return UnknownVal(); > > - if (RTy->isArrayType()) > - return getBindingForArray(store, R); > + if (RTy->isArrayType()) { > + if (RTy->isConstantArrayType()) There seems to be no need for a nested 'if' here. > + return getBindingForArray(store, R); > + else > + return UnknownVal(); > + } > > // FIXME: handle Vector types. > if (RTy->isVectorType()) > > Modified: cfe/trunk/test/Analysis/cxx-crashes.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-crashes.cpp?rev=158587&r1=158586&r2=158587&view=diff > ============================================================================== > --- cfe/trunk/test/Analysis/cxx-crashes.cpp (original) > +++ cfe/trunk/test/Analysis/cxx-crashes.cpp Fri Jun 15 20:28:00 2012 > @@ -1,4 +1,6 @@ > -// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s > +// RUN: %clang_cc1 -analyze > -analyzer-checker=core,unix.Malloc,debug.ExprInspection -verify %s > + > +void clang_analyzer_eval(bool); > > int f1(char *dst) { > char *p = dst + 4; > @@ -54,3 +56,17 @@ > void C::f() { } > > } > + > + > +void vla(int n) { > + int nums[n]; > + nums[0] = 1; > + clang_analyzer_eval(nums[0] == 1); // expected-warning{{TRUE}} > + > + // This used to fail with MallocChecker on, and /only/ in C++ mode. > + // This struct is POD, though, so it should be fine to put it in a VLA. > + struct { int x; } structs[n]; > + structs[0].x = 1; > + clang_analyzer_eval(structs[0].x == 1); // expected-warning{{TRUE}} > +} > + > > > _______________________________________________ > cfe-commits mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
