| Issue |
61544
|
| Summary |
clangsa alpha.cplusplus.IteratorRange unsound on trivial example
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
peckto
|
The [alpha.cplusplus.IteratorRange](https://clang.llvm.org/docs/analyzer/checkers.html#alpha-cplusplus-iteratorrange-c) checker is missing the following trivial example:
```c++
#include <vector>
int main() {
std::vector<int> v;
v.erase(v.begin(), v.begin() + 5);
return 0;
}
```
` v.begin() + 5` is clearly past-the-end iterator.
Whereas, in the following example the bug is reported:
```c++
#include <vector>
int main() {
std::vector<int> v;
for (auto &c : v) {
}
v.erase(v.begin(), v.begin() + 5);
return 0;
}
```
```
$ clang++-16 --analyze -Xclang -analyzer-config -Xclang aggressive-binary-operation-simplification=true -Xanalyzer -analyzer-checker=alpha.cplusplus main.cpp
main.cpp:7:24: warning: Iterator incremented behind the past-the-end iterator [alpha.cplusplus.IteratorRange]
v.erase(v.begin(), v.begin() + 5);
^~~~~~~~~~~~~
```
(Same behavior when running via CodeChecker)
I have no clue why for loop is necessary to find the bug.
Maybe it's too trivial and clangsa thinks, the variable is not used and cut by the optimizer?
When executing, both example crash as expected with `Segmentation fault`.
Tested with clang-14 and clang-16:
```
Debian clang version 14.0.6
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
```
```
Debian clang version 16.0.0 (++20230317013132+08d094a0e457-1~exp1~20230317133238.60)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
```
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
