Author: xazax Date: Mon Mar 13 07:48:26 2017 New Revision: 297619 URL: http://llvm.org/viewvc/llvm-project?rev=297619&view=rev Log: [analyzer] Fix a rare crash for valist check.
It looks like on some host-triples the result of a valist related expr can be a LazyCompoundVal. Handle that case in the check. Patch by Abramo Bagnara! Added: cfe/trunk/test/Analysis/valist-as-lazycompound.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp?rev=297619&r1=297618&r2=297619&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/ValistChecker.cpp Mon Mar 13 07:48:26 2017 @@ -165,11 +165,8 @@ void ValistChecker::checkPreCall(const C const MemRegion *ValistChecker::getVAListAsRegion(SVal SV, const Expr *E, bool &IsSymbolic, CheckerContext &C) const { - // FIXME: on some platforms CallAndMessage checker finds some instances of - // the uninitialized va_list usages. CallAndMessage checker is disabled in - // the tests so they can verify platform independently those issues. As a - // side effect, this check is required here. - if (SV.isUnknownOrUndef()) + const MemRegion *Reg = SV.getAsRegion(); + if (!Reg) return nullptr; // TODO: In the future this should be abstracted away by the analyzer. bool VaListModelledAsArray = false; @@ -178,7 +175,6 @@ const MemRegion *ValistChecker::getVALis VaListModelledAsArray = Ty->isPointerType() && Ty->getPointeeType()->isRecordType(); } - const MemRegion *Reg = SV.getAsRegion(); if (const auto *DeclReg = Reg->getAs<DeclRegion>()) { if (isa<ParmVarDecl>(DeclReg->getDecl())) Reg = C.getState()->getSVal(SV.castAs<Loc>()).getAsRegion(); Added: cfe/trunk/test/Analysis/valist-as-lazycompound.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/valist-as-lazycompound.c?rev=297619&view=auto ============================================================================== --- cfe/trunk/test/Analysis/valist-as-lazycompound.c (added) +++ cfe/trunk/test/Analysis/valist-as-lazycompound.c Mon Mar 13 07:48:26 2017 @@ -0,0 +1,21 @@ +// RUN: %clang_analyze_cc1 -triple gcc-linaro-arm-linux-gnueabihf -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s +// expected-no-diagnostics + +typedef unsigned int size_t; +typedef __builtin_va_list __gnuc_va_list; +typedef __gnuc_va_list va_list; + +extern int vsprintf(char *__restrict __s, + const char *__restrict __format, __gnuc_va_list + __arg); + +void _dprintf(const char *function, int flen, int line, int level, + const char *prefix, const char *fmt, ...) { + char raw[10]; + int err; + va_list ap; + + __builtin_va_start(ap, fmt); + err = vsprintf(raw, fmt, ap); + __builtin_va_end(ap); +} Modified: cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c?rev=297619&r1=297618&r2=297619&view=diff ============================================================================== --- cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c (original) +++ cfe/trunk/test/Analysis/valist-uninitialized-no-undef.c Mon Mar 13 07:48:26 2017 @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -triple x86_64-pc-linux-gnu -analyze -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s +// RUN: %clang_analyze_cc1 -triple x86_64-pc-linux-gnu -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s #include "Inputs/system-header-simulator-for-valist.h" _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits