steakhal created this revision.
steakhal added reviewers: NoQ, donat.nagy, xazax.hun, Szelethus.
Herald added subscribers: manas, ASDenysPetrov, martong, dkrupp,
mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware.
Herald added a project: All.
steakhal requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
The checker assumed that it could safely cast an SVal to Nonloc.
This surfaced because, with std::ranges, we can unintentionally match
on other APIs as well, thus increasing the likelihood of violating
checker assumptions about the context it's invoked.
See the discourse post on CallDescriptions and std::ranges here.
https://discourse.llvm.org/t/calldescriptions-should-not-skip-the-ranges-part-in-std-names-when-matching/73076
Fixes https://github.com/llvm/llvm-project/issues/65009
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D158968
Files:
clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
clang/test/Analysis/iterator-range.cpp
Index: clang/test/Analysis/iterator-range.cpp
===================================================================
--- clang/test/Analysis/iterator-range.cpp
+++ clang/test/Analysis/iterator-range.cpp
@@ -946,3 +946,14 @@
// expected-warning@-1 {{The right operand of '-' is a garbage value}}
// expected-note@-2 {{The right operand of '-' is a garbage value}}
}
+
+namespace std {
+namespace ranges {
+ template <class InOutIter, class Sentinel>
+ InOutIter next(InOutIter, Sentinel);
+} // namespace ranges
+} // namespace std
+
+void gh65009__no_crash_on_ranges_next(int **begin, int **end) {
+ (void)std::ranges::next(begin, end); // no-crash
+}
Index: clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
@@ -228,7 +228,7 @@
Value = State->getRawSVal(*ValAsLoc);
}
- if (Value.isUnknownOrUndef())
+ if (Value.isUnknownOrUndef() || !isa<NonLoc>(Value))
return;
// Incremention or decremention by 0 is never a bug.
Index: clang/test/Analysis/iterator-range.cpp
===================================================================
--- clang/test/Analysis/iterator-range.cpp
+++ clang/test/Analysis/iterator-range.cpp
@@ -946,3 +946,14 @@
// expected-warning@-1 {{The right operand of '-' is a garbage value}}
// expected-note@-2 {{The right operand of '-' is a garbage value}}
}
+
+namespace std {
+namespace ranges {
+ template <class InOutIter, class Sentinel>
+ InOutIter next(InOutIter, Sentinel);
+} // namespace ranges
+} // namespace std
+
+void gh65009__no_crash_on_ranges_next(int **begin, int **end) {
+ (void)std::ranges::next(begin, end); // no-crash
+}
Index: clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
@@ -228,7 +228,7 @@
Value = State->getRawSVal(*ValAsLoc);
}
- if (Value.isUnknownOrUndef())
+ if (Value.isUnknownOrUndef() || !isa<NonLoc>(Value))
return;
// Incremention or decremention by 0 is never a bug.
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
