dcoughlin added a comment.
You should consider what should happen when the memcpy may write past the end
of the fixed-size array and add tests that specify correct behavior for these
cases. An important example is:
struct Foo {
char data[4];
int i;
};
Foo f;
f.i = 10;
memcpy(f.data, someBuf, 100);
clang_analyzer_eval(f.i == 10); // What should this yield?
I think it is also important to add tests for regions at symbolic offsets, for
bindings in the super region having keys with symbolic offsets, and for cases
where there is potential aliasing and casting between regions with symbolic
offsets.
Also, Jordan wrote up a description of the region store in
docs/analyzer/RegionStore.txt that you might find helpful if you haven't
already seen it.
http://reviews.llvm.org/D11832
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
