[PATCH] D120489: [analyzer][NFCi] Done some changes to detect Uninitialized read by the char array manipulation functions

Thu, 24 Feb 2022 10:51:37 -0800 

NoQ accepted this revision.
NoQ added a comment.
This revision is now accepted and ready to land.

This looks like a good check to ultimately have but we probably won't be able 
to move it out of alpha until the extents issue is fixed (which is going to be 
a fairly intrusive fix).



================
Comment at: clang/test/Analysis/bstring.c:300-311
 void mempcpy14() {
   int src[] = {1, 2, 3, 4};
   int dst[5] = {0};
   int *p;
 
-  p = mempcpy(dst, src, 4 * sizeof(int));
+  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string 
function accesses uninitialized/garbage values}}
+  // FIXME: This behaviour is actually Unexpected and needs to be fix, 
----------------
steakhal wrote:
> Basically, the store has 4 direct bindings for the `src` cluster.
> At bit offset 0, 32, 64, 96, the values `1`, `2`, `3`, `4` (ints) 
> respectively.
> However, in the `memcopy` modeling, we calculate the byte offset of the very 
> last touched **byte**, which is `byte 15`.
> Consequently, we will do a lookup in the store for acquiring a binding 
> starting at bit offset `15*8, aka. 120`.
> However, there is no binding for that offset. What we have instead, is a 
> binding starting at offset 96, associating an integer, which is 4 bytes long, 
> thus this entry actually refers to the bits [96-128], so it overlaps with the 
> byte at [120-128].
> From this, we should be able to prove that the given bits must have been 
> initialized to //some value//.
> 
> What I cannot remember off the top of my head, what was the type of the `ER`. 
> I hope it was `char`, but I cannot recall.
> If that was `char`, then we have a bug in the `store`.
Yes, this is correct. It looks like we can't have this check until we address 
[[ https://github.com/llvm/llvm-project/issues/43459 | 43459 ]].


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D120489/new/

https://reviews.llvm.org/D120489

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
  • [PATCH] D120489: [analyzer... Balázs Benics via Phabricator via cfe-commits
    • [PATCH] D120489: [ana... Artem Dergachev via Phabricator via cfe-commits

Reply via email to