NoQ accepted this revision.
NoQ added a comment.
This revision is now accepted and ready to land.
This looks like a good check to ultimately have but we probably won't be able
to move it out of alpha until the extents issue is fixed (which is going to be
a fairly intrusive fix).
================
Comment at: clang/test/Analysis/bstring.c:300-311
void mempcpy14() {
int src[] = {1, 2, 3, 4};
int dst[5] = {0};
int *p;
- p = mempcpy(dst, src, 4 * sizeof(int));
+ p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string
function accesses uninitialized/garbage values}}
+ // FIXME: This behaviour is actually Unexpected and needs to be fix,
----------------
steakhal wrote:
> Basically, the store has 4 direct bindings for the `src` cluster.
> At bit offset 0, 32, 64, 96, the values `1`, `2`, `3`, `4` (ints)
> respectively.
> However, in the `memcopy` modeling, we calculate the byte offset of the very
> last touched **byte**, which is `byte 15`.
> Consequently, we will do a lookup in the store for acquiring a binding
> starting at bit offset `15*8, aka. 120`.
> However, there is no binding for that offset. What we have instead, is a
> binding starting at offset 96, associating an integer, which is 4 bytes long,
> thus this entry actually refers to the bits [96-128], so it overlaps with the
> byte at [120-128].
> From this, we should be able to prove that the given bits must have been
> initialized to //some value//.
>
> What I cannot remember off the top of my head, what was the type of the `ER`.
> I hope it was `char`, but I cannot recall.
> If that was `char`, then we have a bug in the `store`.
Yes, this is correct. It looks like we can't have this check until we address
[[ https://github.com/llvm/llvm-project/issues/43459 | 43459 ]].
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D120489/new/
https://reviews.llvm.org/D120489
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
