diff options
| author | Jordy Rose <jediknil@belkadan.com> | 2010-07-05 00:50:15 +0000 |
|---|---|---|
| committer | Jordy Rose <jediknil@belkadan.com> | 2010-07-05 00:50:15 +0000 |
| commit | 52e04c537633377fb14cfa4fa3c95e3e510fc942 (patch) | |
| tree | 472147ac0856bf4cabfbd895624cebceb02c0433 /lib/Checker/VLASizeChecker.cpp | |
| parent | 400f5125e2432d648f2c8a31b36a7f318a880c47 (diff) | |
Track extents for VLAs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107603 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Checker/VLASizeChecker.cpp')
| -rw-r--r-- | lib/Checker/VLASizeChecker.cpp | 40 |
1 files changed, 35 insertions, 5 deletions
diff --git a/lib/Checker/VLASizeChecker.cpp b/lib/Checker/VLASizeChecker.cpp index cea9d191aa..dfb606b8b8 100644 --- a/lib/Checker/VLASizeChecker.cpp +++ b/lib/Checker/VLASizeChecker.cpp @@ -13,6 +13,7 @@ //===----------------------------------------------------------------------===// #include "GRExprEngineInternalChecks.h" +#include "clang/AST/CharUnits.h" #include "clang/Checker/BugReporter/BugType.h" #include "clang/Checker/PathSensitive/CheckerVisitor.h" #include "clang/Checker/PathSensitive/GRExprEngine.h" @@ -42,9 +43,9 @@ void VLASizeChecker::PreVisitDeclStmt(CheckerContext &C, const DeclStmt *DS) { const VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); if (!VD) return; - - const VariableArrayType *VLA - = C.getASTContext().getAsVariableArrayType(VD->getType()); + + ASTContext &Ctx = C.getASTContext(); + const VariableArrayType *VLA = Ctx.getAsVariableArrayType(VD->getType()); if (!VLA) return; @@ -70,9 +71,14 @@ void VLASizeChecker::PreVisitDeclStmt(CheckerContext &C, const DeclStmt *DS) { C.EmitReport(report); return; } + + // See if the size value is known. It can't be undefined because we would have + // warned about that already. + if (sizeV.isUnknown()) + return; // Check if the size is zero. - DefinedOrUnknownSVal sizeD = cast<DefinedOrUnknownSVal>(sizeV); + DefinedSVal sizeD = cast<DefinedSVal>(sizeV); const GRState *stateNotZero, *stateZero; llvm::tie(stateNotZero, stateZero) = state->Assume(sizeD); @@ -92,5 +98,29 @@ void VLASizeChecker::PreVisitDeclStmt(CheckerContext &C, const DeclStmt *DS) { } // From this point on, assume that the size is not zero. - C.addTransition(stateNotZero); + state = stateNotZero; + + // Convert the array length to size_t. + ValueManager &ValMgr = C.getValueManager(); + SValuator &SV = ValMgr.getSValuator(); + QualType SizeTy = Ctx.getSizeType(); + NonLoc ArrayLength = cast<NonLoc>(SV.EvalCast(sizeD, SizeTy, SE->getType())); + + // Get the element size. + CharUnits EleSize = Ctx.getTypeSizeInChars(VLA->getElementType()); + SVal EleSizeVal = ValMgr.makeIntVal(EleSize.getQuantity(), SizeTy); + + // Multiply the array length by the element size. + SVal ArraySizeVal = SV.EvalBinOpNN(state, BinaryOperator::Mul, ArrayLength, + cast<NonLoc>(EleSizeVal), SizeTy); + + // Finally, Assume that the array's extent matches the given size. + const LocationContext *LC = C.getPredecessor()->getLocationContext(); + DefinedOrUnknownSVal Extent = state->getRegion(VD, LC)->getExtent(ValMgr); + DefinedOrUnknownSVal ArraySize = cast<DefinedOrUnknownSVal>(ArraySizeVal); + DefinedOrUnknownSVal SizeIsKnown = SV.EvalEQ(state, Extent, ArraySize); + state = state->Assume(SizeIsKnown, true); + + // Remember our assumptions! + C.addTransition(state); } |