diff options
| author | Zhongxing Xu <xuzhongxing@gmail.com> | 2010-04-01 08:20:27 +0000 |
|---|---|---|
| committer | Zhongxing Xu <xuzhongxing@gmail.com> | 2010-04-01 08:20:27 +0000 |
| commit | 9618b858e2b4f79aa2b8b0291e9c833cee0435f8 (patch) | |
| tree | 4f7671f66b71c5fe739549b966ef7f56b26b5865 | |
| parent | 950db87e5efe2ff0c7234116929f8637aaf7ae7a (diff) | |
Use the element type to compute the array size when the base region is a VarRegion.
Patch by Jordy Rose.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100099 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Checker/RegionStore.cpp | 9 | ||||
| -rw-r--r-- | test/Analysis/no-outofbounds.c | 3 | ||||
| -rw-r--r-- | test/Analysis/outofbound.c | 23 |
3 files changed, 31 insertions, 4 deletions
diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp index b333a5d283..c97da33aaa 100644 --- a/lib/Checker/RegionStore.cpp +++ b/lib/Checker/RegionStore.cpp @@ -787,9 +787,12 @@ DefinedOrUnknownSVal RegionStoreManager::getSizeInElements(const GRState *state, return ValMgr.makeIntVal(CAT->getSize(), false); } - // Clients can use ordinary variables as if they were arrays. These - // essentially are arrays of size 1. - return ValMgr.makeIntVal(1, false); + // Clients can reinterpret ordinary variables as arrays, possibly of + // another type. The width is rounded down to ensure that an access is + // entirely within bounds. + CharUnits VarSize = getContext().getTypeSizeInChars(T); + CharUnits EleSize = getContext().getTypeSizeInChars(EleTy); + return ValMgr.makeIntVal(VarSize / EleSize, false); } } diff --git a/test/Analysis/no-outofbounds.c b/test/Analysis/no-outofbounds.c index f9ac589797..771323b811 100644 --- a/test/Analysis/no-outofbounds.c +++ b/test/Analysis/no-outofbounds.c @@ -1,6 +1,5 @@ // RUN: %clang_cc1 -analyzer-check-objc-mem -analyze -analyzer-experimental-internal-checks -analyzer-store=basic -verify %s // RUN: %clang_cc1 -analyzer-check-objc-mem -analyze -analyzer-experimental-internal-checks -analyzer-store=region -verify %s -// XFAIL: * //===----------------------------------------------------------------------===// // This file tests cases where we should not flag out-of-bounds warnings. @@ -10,4 +9,6 @@ void f() { long x = 0; char *y = (char*) &x; char c = y[0] + y[1] + y[2]; // no-warning + short *z = (short*) &x; + short s = z[0] + z[1]; // no-warning } diff --git a/test/Analysis/outofbound.c b/test/Analysis/outofbound.c index 45325e92f3..e1ff66ccf4 100644 --- a/test/Analysis/outofbound.c +++ b/test/Analysis/outofbound.c @@ -13,3 +13,26 @@ void f2() { int *p = malloc(12); p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}} } + +struct three_words { + int c[3]; +}; + +struct seven_words { + int c[7]; +}; + +void f3() { + struct three_words a, *p; + p = &a; + p[0] = a; // no-warning + p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} +} + +void f4() { + struct seven_words c; + struct three_words a, *p = (struct three_words *)&c; + p[0] = a; // no-warning + p[1] = a; // no-warning + p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} +} |