[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/NagyDonat closed https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
Rajveer100 wrote: Thanks for the approval, could you land this for me? https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/NagyDonat approved this pull request. LGTM. My only significant observation is that `BugReporterVisitors.cpp` must be cleaned up eventually, as it is currently a heap of ad-hoc special cases. However, it would be unreasonable to wait for that difficult cleanup with this simple improvement, so it's reasonable that you add yet another special case that ensures that your example works as intended. https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/steakhal approved this pull request. https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
steakhal wrote: This one looks good to me. I wanna hear your opinion @NagyDonat https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/91119
>From 78a2afab67eef9a8a05ced89df0aadb56a2ec2b8 Mon Sep 17 00:00:00 2001
From: Rajveer
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH 1/2] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../Checkers/DereferenceChecker.cpp | 15 ++-
clang/test/Analysis/gh-issue-89185.c | 7 +++
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77da..0355eede75eae 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -31,11 +31,13 @@ class DereferenceChecker
: public Checker< check::Location,
check::Bind,
EventDispatcher > {
- enum DerefKind { NullPointer, UndefinedPointerValue };
+ enum DerefKind { NullPointer, UndefinedPointerValue, AddressOfLabel };
BugType BT_Null{this, "Dereference of null pointer", categories::LogicError};
BugType BT_Undef{this, "Dereference of undefined pointer value",
categories::LogicError};
+ BugType BT_Label{this, "Dereference of the address of a label",
+ categories::LogicError};
void reportBug(DerefKind K, ProgramStateRef State, const Stmt *S,
CheckerContext &C) const;
@@ -167,6 +169,11 @@ void DereferenceChecker::reportBug(DerefKind K,
ProgramStateRef State,
DerefStr1 = " results in an undefined pointer dereference";
DerefStr2 = " results in a dereference of an undefined pointer value";
break;
+ case DerefKind::AddressOfLabel:
+BT = &BT_Label;
+DerefStr1 = " results in an undefined pointer dereference";
+DerefStr2 = " results in a dereference of an address of a label";
+break;
};
// Generate an error node.
@@ -287,6 +294,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+reportBug(DerefKind::AddressOfLabel, C.getState(), S, C);
+return;
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
if (!TVR)
diff --git a/clang/test/Analysis/gh-issue-89185.c
b/clang/test/Analysis/gh-issue-89185.c
index 8a907f198a5fd..27456e7efe885 100644
--- a/clang/test/Analysis/gh-issue-89185.c
+++ b/clang/test/Analysis/gh-issue-89185.c
@@ -7,8 +7,7 @@ void clang_analyzer_dump_ptr(char*);
void binding_to_label_loc() {
char *b = &&MyLabel;
MyLabel:
- *b = 0; // no-crash
- clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
- clang_analyzer_dump(*b); // expected-warning {{Unknown}}
- // FIXME: We should never reach here, as storing to a label is invalid.
+ *b = 0; // expected-warning {{Dereference of the address of a label}}
+ clang_analyzer_dump_ptr(b);
+ clang_analyzer_dump(*b);
}
>From 68b541906c5238b9165702c5623a00c877b53cbf Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Mon, 13 May 2024 09:17:13 +0200
Subject: [PATCH 2/2] Track the LHS of assignments for deref bugs
This adds notes for the "definition" lines for the dereferenced
variables that are raised for assignment expressions.
---
.../StaticAnalyzer/Core/BugReporterVisitors.cpp| 3 +++
clang/test/Analysis/gh-issue-89185.c | 14 +++---
2 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
index 984755fa7e502..487a3bd16b674 100644
--- a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -113,6 +113,9 @@ const Expr *bugreporter::getDerefExpr(const Stmt *S) {
// Pointer arithmetic: '*(x + 2)' -> 'x') etc.
if (const Expr *Inner = peelOffPointerArithmetic(B)) {
E = Inner;
+ } else if (B->isAssignmentOp()) {
+// Follow LHS of assignments: '*p = 404' -> 'p'.
+E = B->getLHS();
} else {
// Probably more arithmetic can be pattern-matched here,
// but for now give up.
diff --git a/clang/test/Analysis/gh-issue-89185.c
b/clang/test/Analysis/gh-issue-89185.c
index 27456e7efe885..49526d2daa866 100644
--- a/clang/test/Analysis/gh-issue-89185.c
+++ b/clang/test/Analysis/gh-issue-89185.c
@@ -1,13 +1,13 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify
%s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection
-analyzer-output text -verify %s
-void clang_analyzer_dump(char);
-void clang_analyzer_dump_ptr(char*);
+void clang_analyzer_warnIfReached(void);
// https://github.com/llvm/llvm-project/issues/89185
void binding_to_label_loc() {
- char *b =
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
Rajveer100 wrote: I am not sure what causes the build failure here. https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/Rajveer100 updated
https://github.com/llvm/llvm-project/pull/91119
>From 78a2afab67eef9a8a05ced89df0aadb56a2ec2b8 Mon Sep 17 00:00:00 2001
From: Rajveer
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../Checkers/DereferenceChecker.cpp | 15 ++-
clang/test/Analysis/gh-issue-89185.c | 7 +++
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77da..0355eede75eae 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -31,11 +31,13 @@ class DereferenceChecker
: public Checker< check::Location,
check::Bind,
EventDispatcher > {
- enum DerefKind { NullPointer, UndefinedPointerValue };
+ enum DerefKind { NullPointer, UndefinedPointerValue, AddressOfLabel };
BugType BT_Null{this, "Dereference of null pointer", categories::LogicError};
BugType BT_Undef{this, "Dereference of undefined pointer value",
categories::LogicError};
+ BugType BT_Label{this, "Dereference of the address of a label",
+ categories::LogicError};
void reportBug(DerefKind K, ProgramStateRef State, const Stmt *S,
CheckerContext &C) const;
@@ -167,6 +169,11 @@ void DereferenceChecker::reportBug(DerefKind K,
ProgramStateRef State,
DerefStr1 = " results in an undefined pointer dereference";
DerefStr2 = " results in a dereference of an undefined pointer value";
break;
+ case DerefKind::AddressOfLabel:
+BT = &BT_Label;
+DerefStr1 = " results in an undefined pointer dereference";
+DerefStr2 = " results in a dereference of an address of a label";
+break;
};
// Generate an error node.
@@ -287,6 +294,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+reportBug(DerefKind::AddressOfLabel, C.getState(), S, C);
+return;
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
if (!TVR)
diff --git a/clang/test/Analysis/gh-issue-89185.c
b/clang/test/Analysis/gh-issue-89185.c
index 8a907f198a5fd..27456e7efe885 100644
--- a/clang/test/Analysis/gh-issue-89185.c
+++ b/clang/test/Analysis/gh-issue-89185.c
@@ -7,8 +7,7 @@ void clang_analyzer_dump_ptr(char*);
void binding_to_label_loc() {
char *b = &&MyLabel;
MyLabel:
- *b = 0; // no-crash
- clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
- clang_analyzer_dump(*b); // expected-warning {{Unknown}}
- // FIXME: We should never reach here, as storing to a label is invalid.
+ *b = 0; // expected-warning {{Dereference of the address of a label}}
+ clang_analyzer_dump_ptr(b);
+ clang_analyzer_dump(*b);
}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/Rajveer100 updated
https://github.com/llvm/llvm-project/pull/91119
>From 5c7712d1841664a9424b98abdd22d7967d00913f Mon Sep 17 00:00:00 2001
From: Rajveer
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../StaticAnalyzer/Checkers/DereferenceChecker.cpp | 14 +-
clang/test/Analysis/gh-issue-89185.c | 7 +++
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77da..b335cb511546b 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -31,11 +31,12 @@ class DereferenceChecker
: public Checker< check::Location,
check::Bind,
EventDispatcher > {
- enum DerefKind { NullPointer, UndefinedPointerValue };
+ enum DerefKind { NullPointer, UndefinedPointerValue, AddressOfLabel };
BugType BT_Null{this, "Dereference of null pointer", categories::LogicError};
BugType BT_Undef{this, "Dereference of undefined pointer value",
categories::LogicError};
+ BugType BT_Label{this, "Dereference of the address of a label",
categories::LogicError};
void reportBug(DerefKind K, ProgramStateRef State, const Stmt *S,
CheckerContext &C) const;
@@ -167,6 +168,11 @@ void DereferenceChecker::reportBug(DerefKind K,
ProgramStateRef State,
DerefStr1 = " results in an undefined pointer dereference";
DerefStr2 = " results in a dereference of an undefined pointer value";
break;
+ case DerefKind::AddressOfLabel:
+BT = &BT_Label;
+DerefStr1 = " results in an undefined pointer dereference";
+DerefStr2 = " results in a dereference of an address of a label";
+break;
};
// Generate an error node.
@@ -287,6 +293,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+reportBug(DerefKind::AddressOfLabel, C.getState(), S, C);
+return;
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
if (!TVR)
diff --git a/clang/test/Analysis/gh-issue-89185.c
b/clang/test/Analysis/gh-issue-89185.c
index 8a907f198a5fd..27456e7efe885 100644
--- a/clang/test/Analysis/gh-issue-89185.c
+++ b/clang/test/Analysis/gh-issue-89185.c
@@ -7,8 +7,7 @@ void clang_analyzer_dump_ptr(char*);
void binding_to_label_loc() {
char *b = &&MyLabel;
MyLabel:
- *b = 0; // no-crash
- clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
- clang_analyzer_dump(*b); // expected-warning {{Unknown}}
- // FIXME: We should never reach here, as storing to a label is invalid.
+ *b = 0; // expected-warning {{Dereference of the address of a label}}
+ clang_analyzer_dump_ptr(b);
+ clang_analyzer_dump(*b);
}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
steakhal wrote:
> Should we introduce a new Kind in `DerefKind` (in reference to
> `DereferenceChecker::reportBug`) ?
Yes. Something like this should work:
```c++
BugType BT_Label{this, "Dereference of the address of a label",
categories::LogicError};
```
https://github.com/llvm/llvm-project/pull/91119
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
Rajveer100 wrote: Should we introduce a new Kind in `DerefKind`? https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/steakhal requested changes to this pull request. The `llvm::errs()` are for only debugging stuff. The print to the stderr. However, to form a bug report you need to use the `reportBug` here, and you also need to define a new `BugType` for representing this bug kind. Once that's done, you should have a fatal bug report at the dereference location, causing the path to sink and never reach the next statement where we would dump the value associated with that variable. The test is already present in the tree, as `clang/test/Analysis/gh-issue-89185.c`. If you implementation is correct, that test should fail because we report a new bug there. https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
Rajveer100 wrote: @steakhal https://github.com/llvm/llvm-project/pull/91119 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/Rajveer100 updated
https://github.com/llvm/llvm-project/pull/91119
>From dcc23f7751ba2ceb281a9b027907dbf849ba65c6 Mon Sep 17 00:00:00 2001
From: Rajveer
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../StaticAnalyzer/Checkers/DereferenceChecker.cpp | 8
clang/test/Analysis/Issue89264.c| 13 +
2 files changed, 21 insertions(+)
create mode 100644 clang/test/Analysis/Issue89264.c
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..2d23d23c6c82ba 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -287,6 +287,14 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+llvm::errs() << "Fatal Error: " << "Dereference of the address of a label"
+ << "\n";
+return;
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
if (!TVR)
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify
%s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+ char *b = &&MyLabel;
+MyLabel:
+ *b = 0; // no-crash
+ clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+ clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
github-actions[bot] wrote:
:warning: C/C++ code formatter, clang-format found issues in your code.
:warning:
You can test this locally with the following command:
``bash
git-clang-format --diff 72eaa0ed9934bfaa2449091bbc6e45648d1396d6
c1d62262d2545e4999f08f2ba28a12c71789926f -- clang/test/Analysis/Issue89264.c
clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
``
View the diff from clang-format here.
``diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 36593d84da..2d23d23c6c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -290,8 +290,7 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
// One should never write to label addresses.
if (auto Label = L.getAs()) {
llvm::errs() << "WRITING TO LABEL: " << L << "\n";
-llvm::errs() << "Fatal Error: "
- << "Dereference of the address of a label"
+llvm::errs() << "Fatal Error: " << "Dereference of the address of a label"
<< "\n";
return;
}
``
https://github.com/llvm/llvm-project/pull/91119
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/Rajveer100 updated
https://github.com/llvm/llvm-project/pull/91119
>From c1d62262d2545e4999f08f2ba28a12c71789926f Mon Sep 17 00:00:00 2001
From: Rajveer
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../StaticAnalyzer/Checkers/DereferenceChecker.cpp | 9 +
clang/test/Analysis/Issue89264.c| 13 +
2 files changed, 22 insertions(+)
create mode 100644 clang/test/Analysis/Issue89264.c
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..36593d84dac583 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -287,6 +287,15 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+llvm::errs() << "Fatal Error: "
+ << "Dereference of the address of a label"
+ << "\n";
+return;
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
if (!TVR)
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify
%s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+ char *b = &&MyLabel;
+MyLabel:
+ *b = 0; // no-crash
+ clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+ clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
llvmbot wrote:
@llvm/pr-subscribers-clang
Author: Rajveer Singh Bharadwaj (Rajveer100)
Changes
Resolves #89264
Values should not be stored in addresses of labels, this throws a fatal error
when this happens.
---
Full diff: https://github.com/llvm/llvm-project/pull/91119.diff
2 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp (+7)
- (added) clang/test/Analysis/Issue89264.c (+13)
``diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..a1770e15ad7d52 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -286,6 +286,13 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
// If we're binding to a reference, check if the value is known to be null.
if (V.isUndef())
return;
+
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+llvm::errs() << "Fatal Error: " << "Dereference of the address of a label"
<< "\n";
+return;
+ }
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify
%s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+ char *b = &&MyLabel;
+MyLabel:
+ *b = 0; // no-crash
+ clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+ clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}
``
https://github.com/llvm/llvm-project/pull/91119
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
https://github.com/Rajveer100 created
https://github.com/llvm/llvm-project/pull/91119
Resolves #89264
Values should not be stored in addresses of labels, this throws a fatal error
when this happens.
>From 36b1ee31d8d740cdbee6a1787d7ef81d6abeb8ad Mon Sep 17 00:00:00 2001
From: Rajveer
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../StaticAnalyzer/Checkers/DereferenceChecker.cpp | 7 +++
clang/test/Analysis/Issue89264.c| 13 +
2 files changed, 20 insertions(+)
create mode 100644 clang/test/Analysis/Issue89264.c
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..a1770e15ad7d52 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -286,6 +286,13 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const
Stmt *S,
// If we're binding to a reference, check if the value is known to be null.
if (V.isUndef())
return;
+
+ // One should never write to label addresses.
+ if (auto Label = L.getAs()) {
+llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+llvm::errs() << "Fatal Error: " << "Dereference of the address of a label"
<< "\n";
+return;
+ }
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null(MR);
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify
%s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+ char *b = &&MyLabel;
+MyLabel:
+ *b = 0; // no-crash
+ clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+ clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
