Author: Vince Bridgers Date: 2020-06-04T07:25:35-05:00 New Revision: bd425825411af1b340134b0e8c9c03733ee87d66
URL: https://github.com/llvm/llvm-project/commit/bd425825411af1b340134b0e8c9c03733ee87d66 DIFF: https://github.com/llvm/llvm-project/commit/bd425825411af1b340134b0e8c9c03733ee87d66.diff LOG: [analyzer] Ignore calculated indices of <= 0 in VLASizeChecker Summary: See https://bugs.llvm.org/show_bug.cgi?id=46128. The checker does not yet comprehend constraints involving multiple symbols, so it's possible to calculate a VLA size that's negative or 0. A LIT is added to catch regressions, and this change simply bails if a VLA size of 0 or less is calculated. Reviewers: balazske, NoQ, martong, baloghadamsoftware, Szelethus, gamesh411 Reviewed By: balazske, NoQ, Szelethus Subscribers: xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, Charusso, ASDenysPetrov, cfe-commits, dkrupp Tags: #clang Differential Revision: https://reviews.llvm.org/D80903 Added: Modified: clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp clang/test/Analysis/vla.c Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp index de487042fb8a..d76b2a06aba5 100644 --- a/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp @@ -126,7 +126,12 @@ ProgramStateRef VLASizeChecker::checkVLA(CheckerContext &C, // Size overflow check does not work with symbolic expressions because a // overflow situation can not be detected easily. uint64_t IndexL = IndexLVal->getZExtValue(); - assert(IndexL > 0 && "Index length should have been checked for zero."); + // FIXME: See https://reviews.llvm.org/D80903 for discussion of + // some diff erence in assume and getKnownValue that leads to + // unexpected behavior. Just bail on IndexL == 0 at this point. + if (IndexL == 0) + return nullptr; + if (KnownSize <= SizeMax / IndexL) { KnownSize *= IndexL; } else { diff --git a/clang/test/Analysis/vla.c b/clang/test/Analysis/vla.c index a269ef334c32..457c14172310 100644 --- a/clang/test/Analysis/vla.c +++ b/clang/test/Analysis/vla.c @@ -137,3 +137,17 @@ void check_VLA_extent() { clang_analyzer_eval(clang_analyzer_getExtent(&vla3m) == 2 * x * 4 * sizeof(int)); // expected-warning@-1{{TRUE}} } + +// https://bugs.llvm.org/show_bug.cgi?id=46128 +// analyzer doesn't handle more than simple symbolic expressions. +// Just don't crash. +extern void foo(void); +int a; +void b() { + int c = a + 1; + for (;;) { + int d[c]; + for (; 0 < c;) + foo(); + } +} // no-crash _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits